Patents by Inventor Anoop Wilbur SALDANHA
Anoop Wilbur SALDANHA has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240104205Abstract: A device may receive a file that has been downloaded, or is to be downloaded, to a user device, and that is to be subject to a malware detection procedure. The device may obtain, based on one or more file identification properties of the file, metadata identifying user interactions associated with the file. The metadata may include a first group of user interactions performed when the file was accessed on the user device or a second group of user interactions performed when the file was accessed on one or more other user devices. The device may test the file in a sandbox environment to obtain a result by performing the user interactions identified by the metadata and executing the malware detection procedure to determine whether the file is malware. The device may provide a notification to cause the user device to perform actions when the file is malware.Type: ApplicationFiled: December 5, 2023Publication date: March 28, 2024Inventors: Krishna SATHYANARAYANA, Anoop Wilbur SALDANHA, Abhijit MOHANTA
-
Patent number: 11880458Abstract: A device may receive a file that has been downloaded, or is to be downloaded, to a user device, and that is to be subject to a malware detection procedure. The device may obtain, based on one or more file identification properties of the file, metadata identifying user interactions associated with the file. The metadata may include a first group of user interactions performed when the file was accessed on the user device or a second group of user interactions performed when the file was accessed on one or more other user devices. The device may test the file in a sandbox environment to obtain a result by performing the user interactions identified by the metadata and executing the malware detection procedure to determine whether the file is malware. The device may provide a notification to cause the user device to perform actions when the file is malware.Type: GrantFiled: September 22, 2021Date of Patent: January 23, 2024Assignee: Juniper Networks, Inc.Inventors: Krishna Sathyanarayana, Anoop Wilbur Saldanha, Abhijit Mohanta
-
Publication number: 20230127205Abstract: A device may load a process under test into virtual memory associated with the device. The virtual memory may include a plurality of memory pages. The device may insert a malware inspection element and a memory tracking element into the process under test and may provide a notification of an event associated with the process under test to a memory tracking element. The device may identify, using the memory tracking element, one or more memory pages of the plurality of memory pages. The one or more memory pages may be assigned to, and used by, the process under test. The device may generate, based on identifying the one or more memory pages, a memory map, associated with the process under test, that may include information identifying the one or more memory pages as being assigned to, and used by, the process under test.Type: ApplicationFiled: December 14, 2022Publication date: April 27, 2023Inventors: Anoop Wilbur SALDANHA, Abhijit MOHANTA, Sudhir R. DHANKHAR
-
Patent number: 11562066Abstract: A device may load a process under test into virtual memory associated with the device. The virtual memory may include a plurality of memory pages. The device may insert a malware inspection element and a memory tracking element into the process under test and may provide a notification of an event associated with the process under test to a memory tracking element. The device may identify, using the memory tracking element, one or more memory pages of the plurality of memory pages. The one or more memory pages may be assigned to, and used by, the process under test. The device may generate, based on identifying the one or more memory pages, a memory map, associated with the process under test, that may include information identifying the one or more memory pages as being assigned to, and used by, the process under test.Type: GrantFiled: September 29, 2020Date of Patent: January 24, 2023Assignee: Juniper Networks, Inc.Inventors: Anoop Wilbur Saldanha, Abhijit Mohanta, Sudhir R. Dhankhar
-
Publication number: 20220159023Abstract: A network device may include a memory and one or more processors configured to analyze execution of suspicious data; detect one or more states of execution of the suspicious data; determine that the one or more states of execution are to be assigned a priority level; and extract at least a portion of the suspicious data from one or more locations based on determining that the one or more states of execution are to be assigned a priority level.Type: ApplicationFiled: January 28, 2022Publication date: May 19, 2022Inventors: Abhijit MOHANTA, Anoop Wilbur SALDANHA
-
Patent number: 11252167Abstract: A network device may include a memory and one or more processors configured to analyze execution of suspicious data; detect one or more states of execution of the suspicious data; determine that the one or more states of execution are to be assigned a priority level; and extract at least a portion of the suspicious data from one or more locations based on determining that the one or more states of execution are to be assigned a priority level.Type: GrantFiled: May 4, 2020Date of Patent: February 15, 2022Assignee: Cyphort Inc.Inventors: Abhijit Mohanta, Anoop Wilbur Saldanha
-
Publication number: 20220004632Abstract: A device may receive a file that has been downloaded, or is to be downloaded, to a user device, and that is to be subject to a malware detection procedure. The device may obtain, based on one or more file identification properties of the file, metadata identifying user interactions associated with the file. The metadata may include a first group of user interactions performed when the file was accessed on the user device or a second group of user interactions performed when the file was accessed on one or more other user devices. The device may test the file in a sandbox environment to obtain a result by performing the user interactions identified by the metadata and executing the malware detection procedure to determine whether the file is malware. The device may provide a notification to cause the user device to perform actions when the file is malware.Type: ApplicationFiled: September 22, 2021Publication date: January 6, 2022Inventors: Krishna SATHYANARAYANA, Anoop Wilbur SALDANHA, Abhijit MOHANTA
-
Patent number: 11138313Abstract: A device may receive a file that has been downloaded, or is to be downloaded, to a user device, and that is to be subject to a malware detection procedure. The device may obtain, based on one or more file identification properties of the file, metadata identifying user interactions associated with the file. The metadata may include a first group of user interactions performed when the file was accessed on the user device or a second group of user interactions performed when the file was accessed on one or more other user devices. The device may test the file in a sandbox environment to obtain a result by performing the user interactions identified by the metadata and executing the malware detection procedure to determine whether the file is malware. The device may provide a notification to cause the user device to perform actions when the file is malware.Type: GrantFiled: August 13, 2018Date of Patent: October 5, 2021Assignee: Juniper Networks, Inc.Inventors: Krishna Sathyanarayana, Anoop Wilbur Saldanha, Abhijit Mohanta
-
Patent number: 11005806Abstract: A method of identifying intermediate devices within a communications network includes intercepting a network data packet originating from a second compute device, and parsing the network data packet to identify a client hardware MAC address of the at least one network data packet. The identified client hardware MAC address is compared with a source MAC address stored in a memory operably coupled to the processor, and no match is found. The second compute device is classified as an intermediate device based on the lack of a match between the identified client hardware MAC address and the source MAC address.Type: GrantFiled: April 30, 2020Date of Patent: May 11, 2021Assignee: Cylera, Inc.Inventors: Anoop Wilbur Saldanha, Apostolos Bakoyiannis, James Edwards
-
Patent number: 10997291Abstract: A device receives a software program, performs a dynamic malware analysis of the software program to generate dynamic malware analysis results, and generates a call graph based on the dynamic malware analysis of the software program. The device utilizes, during the dynamic malware analysis of the software program, the call graph to identify an exit of the software program and/or a forced kill of the software program, and performs a static malware analysis of the software program based on identifying the exit of the software program and/or the forced kill of the software program. The device generates static malware analysis results based on performing the static malware analysis of the software program, and combines the dynamic malware analysis results and the static malware analysis results to generate combined malware analysis results. The device performs one or more actions based on the combined malware analysis results.Type: GrantFiled: September 13, 2018Date of Patent: May 4, 2021Assignee: Juniper Networks, Inc.Inventors: Sudhir R. Dhankhar, Anoop Wilbur Saldanha, Abhijit Mohanta
-
Publication number: 20210012004Abstract: A device may load a process under test into virtual memory associated with the device. The virtual memory may include a plurality of memory pages. The device may insert a malware inspection element and a memory tracking element into the process under test and may provide a notification of an event associated with the process under test to a memory tracking element. The device may identify, using the memory tracking element, one or more memory pages of the plurality of memory pages. The one or more memory pages may be assigned to, and used by, the process under test. The device may generate, based on identifying the one or more memory pages, a memory map, associated with the process under test, that may include information identifying the one or more memory pages as being assigned to, and used by, the process under test.Type: ApplicationFiled: September 29, 2020Publication date: January 14, 2021Inventors: Anoop Wilbur SALDANHA, Abhijit MOHANTA, Sudhir R. DHANKHAR
-
Patent number: 10860716Abstract: A device receives a software program with potential malware and a loop to conceal the potential malware, and processes the software program, with a loop identification technique, to identify the loop in the software program. The device modifies, with a loop exit technique and based on data from the loop identification technique, the software program to exit the loop, and processes the software program, with a malware detection technique and after modifying the software program to exit the loop, to determine whether the software program contains malware. The device causes one or more actions to be performed based on a result of processing the software program with the malware detection technique.Type: GrantFiled: March 23, 2018Date of Patent: December 8, 2020Assignee: Juniper Networks, Inc.Inventors: Anoop Wilbur Saldanha, Paul Randee Dilim Kimayong, Abhijit Mohanta
-
Patent number: 10795993Abstract: A device may load a process under test into virtual memory associated with the device. The virtual memory may include a plurality of memory pages. The device may insert a malware inspection element and a memory tracking element into the process under test and may provide a notification of an event associated with the process under test to a memory tracking element. The device may identify, using the memory tracking element, one or more memory pages of the plurality of memory pages. The one or more memory pages may be assigned to, and used by, the process under test. The device may generate, based on identifying the one or more memory pages, a memory map, associated with the process under test, that may include information identifying the one or more memory pages as being assigned to, and used by, the process under test.Type: GrantFiled: August 31, 2018Date of Patent: October 6, 2020Assignee: Juniper Networks, Inc.Inventors: Anoop Wilbur Saldanha, Abhijit Mohanta, Sudhir R. Dhankhar
-
Publication number: 20200267170Abstract: A network device may include a memory and one or more processors configured to analyze execution of suspicious data; detect one or more states of execution of the suspicious data; determine that the one or more states of execution are to be assigned a priority level; and extract at least a portion of the suspicious data from one or more locations based on determining that the one or more states of execution are to be assigned a priority level.Type: ApplicationFiled: May 4, 2020Publication date: August 20, 2020Inventors: Abhijit MOHANTA, Anoop Wilbur SALDANHA
-
Patent number: 10733297Abstract: A device may generate versions of a first executable process that is associated with deterministically defined parameters. The device may run the versions of the first executable process, and may monitor device parameters of the device or the first executable process when running the versions of the first executable process. The device may determine, based on monitoring the device parameters of the device or the first executable process, a variance to a parameter of the deterministically defined parameters relative to an expected value for the parameter, and may provide information indicating a presence of malware in connection with the device based on determining the variance to the parameter.Type: GrantFiled: August 30, 2018Date of Patent: August 4, 2020Assignee: Juniper Networks, Inc.Inventors: Anoop Wilbur Saldanha, Abhijit Mohanta
-
Patent number: 10645107Abstract: A network device may include a memory and one or more processors configured to analyze execution of suspicious data; detect one or more states of execution of the suspicious data; determine that the one or more states of execution are to be assigned a priority level; and extract at least a portion of the suspicious data from one or more locations based on determining that the one or more states of execution are to be assigned a priority level.Type: GrantFiled: January 16, 2018Date of Patent: May 5, 2020Assignee: Cyphort Inc.Inventors: Abhijit Mohanta, Anoop Wilbur Saldanha
-
Patent number: 10645176Abstract: A device may include one or more memories and one or more processors communicatively coupled to the one or more memories to: receive a plurality of data packets of a Transmission Control Protocol (TCP) session; determine that a particular TCP segment, of the TCP session that includes a synchronization acknowledgment (SYN-ACK) flag, has been received before a corresponding TCP segment of the TCP session that includes a synchronization (SYN) flag; store a sequence number of the particular TCP segment as an initial sequence number for a stream of the TCP session; and reassemble or rearrange a set of data packets of the TCP session based on the initial sequence number for the stream and based on one or more sequence numbers of the set of data packets.Type: GrantFiled: December 21, 2017Date of Patent: May 5, 2020Assignee: Cyphort Inc.Inventors: Anoop Wilbur Saldanha, Marshall Ha
-
Publication number: 20200050762Abstract: A device may receive a file that has been downloaded, or is to be downloaded, to a user device, and that is to be subject to a malware detection procedure. The device may obtain, based on one or more file identification properties of the file, metadata identifying user interactions associated with the file. The metadata may include a first group of user interactions performed when the file was accessed on the user device or a second group of user interactions performed when the file was accessed on one or more other user devices. The device may test the file in a sandbox environment to obtain a result by performing the user interactions identified by the metadata and executing the malware detection procedure to determine whether the file is malware. The device may provide a notification to cause the user device to perform actions when the file is malware.Type: ApplicationFiled: August 13, 2018Publication date: February 13, 2020Inventors: Krishna SATHYANARAYANA, Anoop Wilbur SALDANHA, Abhijit MOHANTA
-
Publication number: 20200026851Abstract: A device receives a software program, performs a dynamic malware analysis of the software program to generate dynamic malware analysis results, and generates a call graph based on the dynamic malware analysis of the software program. The device utilizes, during the dynamic malware analysis of the software program, the call graph to identify an exit of the software program and/or a forced kill of the software program, and performs a static malware analysis of the software program based on identifying the exit of the software program and/or the forced kill of the software program. The device generates static malware analysis results based on performing the static malware analysis of the software program, and combines the dynamic malware analysis results and the static malware analysis results to generate combined malware analysis results. The device performs one or more actions based on the combined malware analysis results.Type: ApplicationFiled: September 13, 2018Publication date: January 23, 2020Inventors: Sudhir R. DHANKHA, Anoop Wilbur SALDANHA, Abhijit MOHANTA
-
Publication number: 20200019703Abstract: A device may load a process under test into virtual memory associated with the device. The virtual memory may include a plurality of memory pages. The device may insert a malware inspection element and a memory tracking element into the process under test and may provide a notification of an event associated with the process under test to a memory tracking element. The device may identify, using the memory tracking element, one or more memory pages of the plurality of memory pages. The one or more memory pages may be assigned to, and used by, the process under test. The device may generate, based on identifying the one or more memory pages, a memory map, associated with the process under test, that may include information identifying the one or more memory pages as being assigned to, and used by, the process under test.Type: ApplicationFiled: August 31, 2018Publication date: January 16, 2020Inventors: Anoop Wilbur SALDANHA, Abhijit MOHANTA, Sudhir R. DHANKHAR