Patents by Inventor Angelos Stavrou
Angelos Stavrou has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11916933Abstract: A transparent proxy for malware detection includes a monitor module, a protocol determination module, a challenge generation module, a response determination module, and a data control module. The monitor module examines data originating from an application towards a remote server. The protocol determination module identifies the protocol type used for the data. The challenge generation module produces a challenge for the application based upon the protocol type, sends the challenge to the application, and maintains a state related to the data and the challenge. The response determination module makes a determination if an automatic non-interactive application response is received in response to the challenge from the application. The data control module allows the first data to continue to the remote server when the determination is valid. The data control module reports malware detection and blocks the data to continue to the remote server when the determination is invalid.Type: GrantFiled: May 4, 2022Date of Patent: February 27, 2024Assignee: George Mason Research Foundation, Inc.Inventors: Angelos Stavrou, Sushil Jajodia, Anup K. Ghosh, Rhandi Martin, Charalampos Andrianakis
-
Publication number: 20230400482Abstract: A voltage monitoring system and a method for harvesting energy is disclosed. A system includes a ring oscillator circuit, which incorporates delay line circuit composed of series of inverting logic gates. The final inverting logic gate forms self-oscillating feedback loop by connecting its output to the input of the first logic gate. To interface with ring oscillator circuit, transistor-based voltage divider circuit is implemented. The transistor-based voltage divider circuit utilizes multiple diode-connected transistor devices, with bulk terminals interconnected to the respective source terminals. Enable signal controls final diode-connected transistor device at its gate terminal. Furthermore, a voltage-level shifter circuit is connected to output of inverting logic gates, enabling seamless integration with ring oscillator circuit. Finally, a counter circuit is linked to voltage-level shifter circuit, utilizing its output terminal.Type: ApplicationFiled: June 14, 2023Publication date: December 14, 2023Applicant: KRYPTOWIRE LLCInventors: Harrison Ridgway WILLIAMS, Matthew David Hicks, Angelos Stavrou, Michael Antoine Moukarzel
-
Publication number: 20220278998Abstract: A transparent proxy for malware detection includes a monitor module, a protocol determination module, a challenge generation module, a response determination module, and a data control module. The monitor module examines data originating from an application towards a remote server. The protocol determination module identifies the protocol type used for the data. The challenge generation module produces a challenge for the application based upon the protocol type, sends the challenge to the application, and maintains a state related to the data and the challenge. The response determination module makes a determination if an automatic non-interactive application response is received in response to the challenge from the application. The data control module allows the first data to continue to the remote server when the determination is valid. The data control module reports malware detection and blocks the data to continue to the remote server when the determination is invalid.Type: ApplicationFiled: May 4, 2022Publication date: September 1, 2022Applicant: George Mason Research Foundation, Inc.Inventors: Angelos STAVROU, Sushil JAJODIA, Anup K. GHOSH, Rhandi MARTIN, Charalampos ANDRIANAKIS
-
Patent number: 11330000Abstract: A transparent proxy for malware detection includes a monitor module, a protocol determination module, a challenge generation module, a response determination module, and a data control module. The monitor module examines data originating from an application towards a remote server. The protocol determination module identifies the protocol type used for the data. The challenge generation module produces a challenge for the application based upon the protocol type, sends the challenge to the application, and maintains a state related to the data and the challenge. The response determination module makes a determination if an automatic non-interactive application response is received in response to the challenge from the application. The data control module allows the first data to continue to the remote server when the determination is valid. The data control module reports malware detection and blocks the data to continue to the remote server when the determination is invalid.Type: GrantFiled: March 7, 2019Date of Patent: May 10, 2022Assignee: George Mason Research Foundation, Inc.Inventors: Angelos Stavrou, Sushil Jajodia, Anup K. Ghosh, Rhandi Martin, Charalampos Andrianakis
-
Patent number: 11310252Abstract: Processor(s) for detecting malicious software. A hardware virtual machine monitor (HVMM) operates under a host OS. Container(s) initialized with network application template(s) operate under a guest OS VM. A detection module operates under the guest OS VM includes a trigger detection module, a logging module and a container command module. The trigger detection module monitors activity on container(s) for a trigger event. The logging module writes activity report(s) in response to trigger event(s). The container command module issues command(s) in response to trigger event(s). The command(s) include a container start, stop and revert commands. A virtual machine control console operates under the host OS and starts/stops the HVMM. A container control module operates under the guest OSVM and controls container(s) in response to the command(s). The server communication module sends activity report(s) to a central collection network appliance that maintains a repository of activities for infected devices.Type: GrantFiled: February 13, 2020Date of Patent: April 19, 2022Assignee: George Mason Research Foundation, Inc.Inventors: Anup Ghosh, Yih Huang, Jiang Wang, Angelos Stavrou
-
Patent number: 10776463Abstract: Embodiments herein disclose a method and system for authenticating users of an electronic device. In an example, data pertaining to a user of the electronic device is collected for authentication. The data is data indicative of an interaction behavior of the user with the electronic device. A deviation of the collected data from a behavior model of the user is checked. To generate the behavior model, data from multiple users is collected to create the behavior model corresponding to each of the users, each behavior model is indicative of data uncommon between the user corresponding to the behavior model and other users in the plurality of users to separate the user corresponding to the behavior model from other users in the multiple users. Further, an access control policy is enforced on the electronic device, based on the deviation of the collected data from the behavior model of the user.Type: GrantFiled: March 11, 2019Date of Patent: September 15, 2020Assignee: KRYPTOWIRE LLCInventors: Angelos Stavrou, Rahul Murmuria, Ryan Johnson, Daniel Barbara
-
Publication number: 20200267173Abstract: Processor(s) for detecting malicious software. A hardware virtual machine monitor (HVMM) operates under a host OS. Container(s) initialized with network application template(s) operate under a guest OS VM. A detection module operates under the guest OS VM includes a trigger detection module, a logging module and a container command module. The trigger detection module monitors activity on container(s) for a trigger event. The logging module writes activity report(s) in response to trigger event(s). The container command module issues command(s) in response to trigger event(s). The command(s) include a container start, stop and revert commands. A virtual machine control console operates under the host OS and starts/stops the HVMM. A container control module operates under the guest OSVM and controls container(s) in response to the command(s). The server communication module sends activity report(s) to a central collection network appliance that maintains a repository of activities for infected devices.Type: ApplicationFiled: February 13, 2020Publication date: August 20, 2020Applicant: George Mason Research Foundation, Inc.Inventors: Anup GHOSH, Yih HUANG, Jiang WANG, Angelos STAVROU
-
Patent number: 10567414Abstract: Processor(s) for detecting malicious software. A hardware virtual machine monitor (HVMM) operates under a host OS. Container(s) initialized with network application template(s) operate under a guest OS VM. A detection module operates under the guest OS VM includes a trigger detection module, a logging module and a container command module. The trigger detection module monitors activity on container(s) for a trigger event. The logging module writes activity report(s) in response to trigger event(s). The container command module issues command(s) in response to trigger event(s). The command(s) include a container start, stop and revert commands. A virtual machine control console operates under the host OS and starts/stops the HVMM. A container control module operates under the guest OSVM and controls container(s) in response to the command(s). The server communication module sends activity report(s) to a central collection network appliance that maintains a repository of activities for infected devices.Type: GrantFiled: January 17, 2019Date of Patent: February 18, 2020Assignee: George Mason Research Foundation, Inc.Inventors: Anup Ghosh, Yih Huang, Jiang Wang, Angelos Stavrou
-
Patent number: 10387627Abstract: Disclosures herein describe methods and systems for detecting unlicensed content that can be accessed by electronic devices using an automated framework for analyzing applications present on the electronic device that allow a user of the electronic device to access unlicensed content.Type: GrantFiled: September 28, 2016Date of Patent: August 20, 2019Assignee: KRYPTOWIRE LLCInventors: Ryan Johnson, Nikolaos Kiourtis, Angelos Stavrou
-
Publication number: 20190205514Abstract: Embodiments herein disclose a method and system for authenticating users of an electronic device. In an example, data pertaining to a user of the electronic device is collected for authentication. The data is data indicative of an interaction behavior of the user with the electronic device. A deviation of the collected data from a behavior model of the user is checked. To generate the behavior model, data from multiple users is collected to create the behavior model corresponding to each of the users, each behavior model is indicative of data uncommon between the user corresponding to the behavior model and other users in the plurality of users to separate the user corresponding to the behavior model from other users in the multiple users. Further, an access control policy is enforced on the electronic device, based on the deviation of the collected data from the behavior model of the user.Type: ApplicationFiled: March 11, 2019Publication date: July 4, 2019Applicant: KRYPTOWIRE LLCInventors: Angelos STAVROU, Rahul MURMURIA, Ryan JOHNSON, Daniel BARBARA
-
Publication number: 20190207961Abstract: A transparent proxy for malware detection includes a monitor module, a protocol determination module, a challenge generation module, a response determination module, and a data control module. The monitor module examines data originating from an application towards a remote server. The protocol determination module identifies the protocol type used for the data. The challenge generation module produces a challenge for the application based upon the protocol type, sends the challenge to the application, and maintains a state related to the data and the challenge. The response determination module makes a determination if an automatic non-interactive application response is received in response to the challenge from the application. The data control module allows the first data to continue to the remote server when the determination is valid. The data control module reports malware detection and blocks the data to continue to the remote server when the determination is invalid.Type: ApplicationFiled: March 7, 2019Publication date: July 4, 2019Applicant: George Mason Research Foundation, Inc.Inventors: Angelos STAVROU, Sushil JAJODIA, Anup K. GHOSH, Rhandi MARTIN, Charalampos ANDRIANAKIS
-
Publication number: 20190158523Abstract: Processor(s) for detecting malicious software. A hardware virtual machine monitor (HVMM) operates under a host OS. Container(s) initialized with network application template(s) operate under a guest OS VM. A detection module operates under the guest OS VM includes a trigger detection module, a logging module and a container command module. The trigger detection module monitors activity on container(s) for a trigger event. The logging module writes activity report(s) in response to trigger event(s). The container command module issues command(s) in response to trigger event(s). The command(s) include a container start, stop and revert commands. A virtual machine control console operates under the host OS and starts/stops the HVMM. A container control module operates under the guest OSVM and controls container(s) in response to the command(s). The server communication module sends activity report(s) to a central collection network appliance that maintains a repository of activities for infected devices.Type: ApplicationFiled: January 17, 2019Publication date: May 23, 2019Applicant: George Mason Research Foundation, Inc.Inventors: Anup GHOSH, Yih HUANG, Jiang WANG, Angelos STAVROU
-
Patent number: 10289819Abstract: Embodiments herein disclose a method and system for actively authenticating users of an electronic device in a continuous manner using a plurality of factors comprising of biometric modalities, power consumption, application usage, user interactions, user movement, and user location/travel.Type: GrantFiled: August 12, 2016Date of Patent: May 14, 2019Assignee: KRYPTOWIRE LLCInventors: Angelos Stavrou, Rahul Murmuria, Ryan Johnson, Daniel Barbara
-
Patent number: 10243975Abstract: A transparent proxy for malware detection includes a monitor module, a protocol determination module, a challenge generation module, a response determination module, and a data control module. The monitor module examines data originating from an application towards a remote server. The protocol determination module identifies the protocol type used for the data. The challenge generation module produces a challenge for the application based upon the protocol type, sends the challenge to the application, and maintains a state related to the data and the challenge. The response determination module makes a determination if an automatic non-interactive application response is received in response to the challenge from the application. The data control module allows the first data to continue to the remote server when the determination is valid. The data control module reports malware detection and blocks the data to continue to the remote server when the determination is invalid.Type: GrantFiled: November 22, 2016Date of Patent: March 26, 2019Assignee: George Mason Research Foundation, Inc.Inventors: Angelos Stavrou, Sushil Jajodia, Anup K. Ghosh, Rhandi Martin, Charalampos Andrianakis
-
Patent number: 10187417Abstract: Processor(s) for detecting malicious software. A hardware virtual machine monitor (HVMM) operates under a host OS. Container(s) initialized with network application template(s) operate under a guest OS VM. A detection module operates under the guest OS VM includes a trigger detection module, a logging module and a container command module. The trigger detection module monitors activity on container(s) for a trigger event. The logging module writes activity report(s) in response to trigger event(s). The container command module issues command(s) in response to trigger event(s). The command(s) include a container start, stop and revert commands. A virtual machine control console operates under the host OS and starts/stops the HVMM. A container control module operates under the guest OSVM and controls container(s) in response to the command(s). The server communication module sends activity report(s) to a central collection network appliance that maintains a repository of activities for infected devices.Type: GrantFiled: December 14, 2017Date of Patent: January 22, 2019Assignee: George Mason Research Foundation, Inc.Inventors: Anup Ghosh, Yih Huang, Jiang Wang, Angelos Stavrou
-
Patent number: 10178113Abstract: Systems, methods, and media for generating sanitized data, sanitizing anomaly detection models, and generating anomaly detection models are provided. In some embodiments, methods for sanitizing anomaly detection models are provided. The methods including: receiving at least one abnormal anomaly detection model from at least one remote location; comparing at least one of the at least one abnormal anomaly detection model to a local normal detection model to produce a common set of features common to both the at least one abnormal anomaly detection model and the local normal detection model; and generating a sanitized normal anomaly detection model by removing the common set of features from the local normal detection model.Type: GrantFiled: July 13, 2015Date of Patent: January 8, 2019Assignee: The Trustees of Columbia University in the City of New YorkInventors: Gabriela F. Ciocarlie, Angelos Stavrou, Salvatore J. Stolfo, Angelos D. Keromytis
-
Patent number: 10127137Abstract: Embodiments herein disclose a debugging framework that employs a mode in the processor (for example, a processor using x86 architecture), to transparently study armored malware. Embodiments herein perform stealthy debugging by leveraging System Management Mode (SMM) to transparently debug software on bare-metal.Type: GrantFiled: June 3, 2016Date of Patent: November 13, 2018Inventors: Fengwei Zhang, Kevin Leach, Angelos Stavrou, Haining Wang
-
Patent number: 9992222Abstract: Systems and methods for inhibiting attacks with a network are provided. In some embodiments, methods for inhibiting attacks by forwarding packets through a plurality of intermediate nodes when being transmitted from a source node to a destination node are provided, the methods comprising: receiving a packet at one of the plurality of intermediate nodes; determining at the selected intermediate node whether the packet has been sent to the correct one of the plurality of intermediate nodes based on a pseudo random function; and forwarding the packet to the destination node, based on the determining. In some embodiments an intermediate node is selected based on a pseudo random function. In some embodiments, systems and methods for establishing access to a multi-path network are provided.Type: GrantFiled: May 5, 2016Date of Patent: June 5, 2018Assignee: The Trustees of Columbia University in the City of New YorkInventors: Angelos Stavrou, Angelos D. Keromytis
-
Publication number: 20180103053Abstract: Processor(s) for detecting malicious software. A hardware virtual machine monitor (HVMM) operates under a host OS. Container(s) initialized with network application template(s) operate under a guest OSVM. A detection module operates under the guest OSVM includes a trigger detection module, a logging module and a container command module. The trigger detection module monitors activity on container(s) for a trigger event. The logging module writes activity report(s) in response to trigger event(s). The container command module issues command(s) in response to trigger event(s). The command(s) include a container start, stop and revert commands. A virtual machine control console operates under the host OS and starts/stops the HVMM. A container control module operates under the guest OSVM and controls container(s) in response to the command(s). The server communication module sends activity report(s) to a central collection network appliance that maintains a repository of activities for infected devices.Type: ApplicationFiled: December 14, 2017Publication date: April 12, 2018Applicant: George Mason Research Foundation, Inc.Inventors: Anup GHOSH, Yih HUANG, Jiang WANG, Angelos STAVROU
-
Patent number: 9871812Abstract: Processor(s) for detecting malicious software. A hardware virtual machine monitor (HVMM) operates under a host OS. Container(s) initialized with network application template(s) operate under a guest OS VM. A detection module operates under the guest OS VM includes a trigger detection module, a logging module and a container command module. The trigger detection module monitors activity on container(s) for a trigger event. The logging module writes activity report(s) in response to trigger event(s). The container command module issues command(s) in response to trigger event(s). The command(s) include a container start, stop and revert commands. A virtual machine control console operates under the host OS and starts/stops the HVMM. A container control module operates under the guest OS VM and controls container(s) in response to the command(s). The server communication module sends activity report(s) to a central collection network appliance that maintains a repository of activities for infected devices.Type: GrantFiled: March 15, 2017Date of Patent: January 16, 2018Assignee: George Mason Research Foundation, Inc.Inventors: Anup Ghosh, Yih Huang, Jiang Wang, Angelos Stavrou