Patents by Inventor Angelos Stavrou
Angelos Stavrou has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8935773Abstract: A transparent proxy for malware detection includes a monitor module, a protocol determination module, a challenge generation module, a response determination module, and a data control module. The monitor module examines data originating from an application towards a remote server. The protocol determination module identifies the protocol type used for the data. The challenge generation module produces a challenge for the application based upon the protocol type, sends the challenge to the application, and maintains a state related to the data and the challenge. The response determination module makes a determination if an automatic non-interactive application response is received in response to the challenge from the application. The data control module allows the first data to continue to the remote server when the determination is valid. The data control module reports malware detection and blocks the data to continue to the remote server when the determination is invalid.Type: GrantFiled: April 9, 2010Date of Patent: January 13, 2015Assignee: George Mason Research Foundation, Inc.Inventors: Angelos Stavrou, Sushil Jajodia, Anup Ghosh, Rhandi Martin, Charalampos Andrianakis
-
Patent number: 8924782Abstract: Systems, methods, and media for recovering an application from a fault or an attack are disclosed herein. In some embodiments, a method is provided for enabling a software application to recover from a fault condition. The method includes specifying constrained data items and assigning a set of repair procedures to the constrained data items. The method further includes detecting a fault condition on the constrained data items during execution of the software application, which triggers at least one repair procedure. The triggered repair procedures are executed and the execution of the software application is restored. In some embodiments, the restoring comprises providing memory rollback to a point of execution of the software application before the fault condition was detected.Type: GrantFiled: January 28, 2008Date of Patent: December 30, 2014Assignee: The Trustees of Columbia University in the City of New YorkInventors: Michael E. Locasto, Angelos D. Keromytis, Angelos Stavrou, Gabriela F. Ciocarlie
-
Patent number: 8819225Abstract: A hardware-assisted integrity monitor may include one or more target machines and/or monitor machines. A target machine may include one or more processors, which may include one or more system management modes (SMM). A SMM may include one or more register checking modules, which may be configured to determine one or more current CPU register states. A SMM may include one or more acquiring modules, which may be configured to determine one or more current memory states. A SMM may include one or more network modules, which may be configured to direct one or more communications, for example of one or more current CPU register states and/or current memory states, to a monitor machine. A monitor machine may include one or more network modules and/or analysis modules. An analysis module may be configured to determine memory state differences and/or determine CPU register states differences.Type: GrantFiled: November 15, 2011Date of Patent: August 26, 2014Assignee: George Mason Research Foundation, Inc.Inventors: Jiang Wang, Angelos Stavrou, Anup Ghosh, Kun Sun
-
Patent number: 8726005Abstract: A website fingerprint is generated that characterizes network traffic associated with a website as a website traffic fingerprint that includes size description(s), order description(s), and timing description(s) of packet traffic for the website. A website monitor generates website trace(s) of packet statistics. A correlation processor correlates a sequence of packet statistics from the website trace(s) with the size description, the order description, and timing description found in the website traffic fingerprint(s).Type: GrantFiled: December 10, 2010Date of Patent: May 13, 2014Assignee: George Mason Intellectual Properties, Inc.Inventors: Angelos Stavrou, Mohammed A. Alhussein, Brian Sanders
-
Publication number: 20140101746Abstract: Systems and methods for inhibiting attacks with a network are provided. In some embodiments, methods for inhibiting attacks by forwarding packets through a plurality of intermediate nodes when being transmitted from a source node to a destination node are provided, the methods comprising: receiving a packet at one of the plurality of intermediate nodes; determining at the selected intermediate node whether the packet has been sent to the correct one of the plurality of intermediate nodes based on a pseudo random function; and forwarding the packet to the destination node, based on the determining. In some embodiments an intermediate node is selected based on a pseudo random function. In some embodiments, systems and methods for establishing access to a multi-path network are provided.Type: ApplicationFiled: December 11, 2013Publication date: April 10, 2014Applicant: The Trustees of Columbia University in the City of New YorkInventors: Angelos Stavrou, Angelos D. Keromytis
-
Patent number: 8631484Abstract: Systems and methods for inhibiting attacks with a network are provided. In some embodiments, methods for inhibiting attacks by forwarding packets through a plurality of intermediate nodes when being transmitted from a source node to a destination node are provided, the methods comprising: receiving a packet at one of the plurality of intermediate nodes; determining at the selected intermediate node whether the packet has been sent to the correct one of the plurality of intermediate nodes based on a pseudo random function; and forwarding the packet to the destination node, based on the determining. In some embodiments an intermediate node is selected based on a pseudo random function. In some embodiments, systems and methods for establishing access to a multi-path network are provided.Type: GrantFiled: March 14, 2008Date of Patent: January 14, 2014Assignee: The Trustees of Columbia University in the City of New YorkInventors: Angelos Stavrou, Angelos D. Keromytis
-
Publication number: 20130318547Abstract: A system or method for inferring and selective display of visual and sound media content based on a pet(s)'s level of engagement or reactions to content displayed on any number of content display devices including, but not limited to, television screens, computer monitors, tablets, and cell phones and measured by a sensor. A content selection algorithm takes as input the sensor measurements and historical or pre-computed data to infer the pet(s)'s preference for content. A content modification algorithm interposes algorithmically computed shapes and sounds overlaid on top of the existing content to attract the attention of the pet(s) observing the display.Type: ApplicationFiled: May 23, 2013Publication date: November 28, 2013Applicant: Fur Entertainment, Inc.Inventors: Angelos STAVROU, Margaret Lee Perry-Flippin
-
Patent number: 8549646Abstract: Methods, media and systems for responding to a Denial of Service (DoS) attack are provided. In some embodiments, a method includes detecting a DoS attack, migrating one or more processes that provide a service to an unaffected system; authenticating users that are authorized to use the service; and routing traffic generated by authenticated users to the unaffected system.Type: GrantFiled: October 20, 2006Date of Patent: October 1, 2013Assignee: The Trustees of Columbia University in the City of New YorkInventors: Angelos Stavrou, Angelos D. Keromytis, Jason Nieh, Vishal Misra, Daniel Rubenstein
-
Patent number: 8407160Abstract: Systems, methods, and media for generating sanitized data, sanitizing anomaly detection models, and generating anomaly detection models are provided. In some embodiments, methods for generating sanitized data are provided. The methods including: dividing a first training dataset comprised of a plurality of training data items into a plurality of data subsets each including at least one training data item of the plurality of training data items of the first training dataset; based on the plurality of data subsets, generating a plurality of distinct anomaly detection micro-models; testing at least one data item of the plurality of data items of a second training dataset of training data items against each of the plurality of micro-models to produce a score for the at least one tested data item; and generating at least one output dataset based on the score for the at least one tested data item.Type: GrantFiled: November 15, 2007Date of Patent: March 26, 2013Assignee: The Trustees of Columbia University in the City of New YorkInventors: Gabriela Cretu, Angelos Stavrou, Salvatore J. Stolfo, Angelos D. Keromytis, Michael E. Locasto
-
Publication number: 20120297457Abstract: An interactive detector that includes a challenger and authorizer. The challenger may send a challenge to a source application in response to an intercepted request intended for a destination application from the source application. The challenge may be configured to invoke an expected challenge response from component(s) of the source application. The authorizer may allow the request to proceed to the destination application if a received challenge response generated by the source application satisfies the expected challenge response.Type: ApplicationFiled: November 15, 2011Publication date: November 22, 2012Inventors: Brian Schulte, Angelos Stavrou, Anup K. Ghosh, Rhandi Martin, Charalampos Andrianakis
-
Publication number: 20120297177Abstract: An interoperable firmware memory containing a Basic Input Output System (BIOS) and a trusted platform module (TPSM). The BIOS includes CPU System Management Mode (SMM) firmware configured as read-only at boot. The SMM firmware configured to control switching subsequent to boot between at least: a first memory and second isolated memory; and a first and second isolated non-volatile storage device. The first memory including a first operating system and the second memory including a second operating system. The first non-volatile storage device configured to be used by the first operating system and the second non-volatile storage device configured to be used by the second operating system. The trusted platform module (TPSM) configured to check the integrity of the CPU system Management Mode (SMM) during the boot process.Type: ApplicationFiled: November 15, 2011Publication date: November 22, 2012Inventors: Anup K. Ghosh, Kun Sun, Jiang Wang, Angelos Stavrou
-
Publication number: 20120297057Abstract: A hardware-assisted integrity monitor may include one or more target machines and/or monitor machines. A target machine may include one or more processors, which may include one or more system management modes (SMM). A SMM may include one or more register checking modules, which may be configured to determine one or more current CPU register states. A SMM may include one or more acquiring modules, which may be configured to determine one or more current memory states. A SMM may include one or more network modules, which may be configured to direct one or more communications, for example of one or more current CPU register states and/or current memory states, to a monitor machine. A monitor machine may include one or more network modules and/or analysis modules. An analysis module may be configured to determine memory state differences and/or determine CPU register states differences.Type: ApplicationFiled: November 15, 2011Publication date: November 22, 2012Inventors: Anup K. Ghosh, Kun Sun, Jiang Wang, Angelos Stavrou
-
Patent number: 8228815Abstract: Systems and methods for computing data transmission characteristics of a network path are disclosed. In some embodiments, the network path has a sending host, at least one intermediate host, and a receiving host, and the data transmission characteristics are computed based on single-ended measurements performed at the sending host.Type: GrantFiled: December 28, 2009Date of Patent: July 24, 2012Assignee: The Trustees of Columbia University in the City of New YorkInventors: Angelos D. Keromytis, Sambuddho Chakravarty, Angelos Stavrou
-
Publication number: 20110314269Abstract: A website fingerprint is generated that characterizes network traffic associated with a website as a website traffic fingerprint that includes size description(s), order description(s), and timing description(s) of packet traffic for the website. A website monitor generates website trace(s) of packet statistics. A correlation processor correlates a sequence of packet statistics from the website trace(s) with the size description, the order description, and timing description found in the website traffic fingerprint(s).Type: ApplicationFiled: December 10, 2010Publication date: December 22, 2011Inventors: Angelos Stavrou, Mohammed A. Alhussein, Brian Sanders
-
Publication number: 20110164506Abstract: Embodiments of the present invention include a system or method for inferring packet management rules of a packet management device. A probing device is used to extract at least one of port number and IP address from a packet management configuration file. The probing device classifies extracted numbers and selectively transmits packets to a packet management device. A packet analyzer notifies the probing device when a packet passes through the packet management device. Based on the notification, the probing device is able to transmit packets to the packet management device in a non-exhaustive manner and determine a port range corresponding to a packet management rule.Type: ApplicationFiled: July 13, 2010Publication date: July 7, 2011Inventors: Angelos Stavrou, Sushil Jajodia, Charalampos Andrianakis
-
Patent number: 7962798Abstract: Methods, systems, and media for enabling a software application to recover from a fault condition, and for protecting a software application from a fault condition, are provided. In some embodiments, methods include detecting a fault condition during execution of the software application, restoring execution of the software application to a previous point of execution, the previous point of execution occurring during execution of a first subroutine in the software application, and forcing the first subroutine to forego further execution and return to a caller of the first subroutine.Type: GrantFiled: April 17, 2007Date of Patent: June 14, 2011Assignee: The Trustees of Columbia University in the City of New YorkInventors: Michael E. Locasto, Angelos D. Keromytis, Salvatore J. Stolfo, Angelos Stavrou, Gabriela Cretu, Stylianos Sidiroglou, Jason Nieh, Oren Laadan
-
Publication number: 20110099620Abstract: A transparent proxy for malware detection includes a monitor module, a protocol determination module, a challenge generation module, a response determination module, and a data control module. The monitor module examines data originating from an application towards a remote server. The protocol determination module identifies the protocol type used for the data. The challenge generation module produces a challenge for the application based upon the protocol type, sends the challenge to the application, and maintains a state related to the data and the challenge. The response determination module makes a determination if an automatic non-interactive application response is received in response to the challenge from the application. The data control module allows the first data to continue to the remote server when the determination is valid. The data control module reports malware detection and blocks the data to continue to the remote server when the determination is invalid.Type: ApplicationFiled: April 9, 2010Publication date: April 28, 2011Inventors: Angelos Stavrou, Sushil Jajodia, Anup Ghosh, Rhandi Martin, Charalampos Andrianakis
-
Publication number: 20100293407Abstract: Systems, methods, and media for recovering an application from a fault or an attack are disclosed herein. In some embodiments, a method is provided for enabling a software application to recover from a fault condition. The method includes specifying constrained data items and assigning a set of repair procedures to the constrained data items. The method further includes detecting a fault condition on the constrained data items during execution of the software application, which triggers at least one repair procedure. The triggered repair procedures are executed and the execution of the software application is restored. In some embodiments, the restoring comprises providing memory rollback to a point of execution of the software application before the fault condition was detected.Type: ApplicationFiled: January 28, 2008Publication date: November 18, 2010Applicant: THE TRUSTEES OF COLUMBIA UNIVERSITY IN THE CITY OFInventors: Michael E. Locasto, Angelos D. Keromytis, Angelos Stavrou, Gabriela F. Ciocarlie
-
Publication number: 20100186074Abstract: An authenticator may include graphical passwords. An authenticator may include a password image, which may include one or more clickable areas, and/or a key image, which may include click point data. An authenticator may include a mobile computing resource, a terminal computing resource and/or a challenger, which may be configured to communicate with each other. A mobile computing resource may be configured to receive and/or display a key image, such that click point data may be presented, determined, and/or input to a password image. A challenger may be configured to compare input click point data and a key image.Type: ApplicationFiled: January 15, 2010Publication date: July 22, 2010Inventors: Angelos Stavrou, Alireza P. Sabzevar
-
Publication number: 20100157834Abstract: Systems and methods for computing data transmission characteristics of a network path are disclosed. In some embodiments, the network path has a sending host, at least one intermediate host, and a receiving host, and the data transmission characteristics are computed based on single-ended measurements performed at the sending host.Type: ApplicationFiled: December 28, 2009Publication date: June 24, 2010Applicant: The Trustees of Columbia University in the City of New YorkInventors: Angelos D. Keromytis, Sambuddho Chakravarty, Angelos Stavrou