Patents by Inventor Anup Ghosh
Anup Ghosh has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9602524Abstract: Processor(s) for detecting malicious software. A hardware virtual machine monitor (HVMM) operates under a host OS. Container(s) initialized with network application template(s) operate under a guest OS VM. A detection module operates under the guest OS VM includes a trigger detection module, a logging module and a container command module. The trigger detection module monitors activity on container(s) for a trigger event. The logging module writes activity report(s) in response to trigger event(s). The container command module issues command(s) in response to trigger event(s). The command(s) include a container start, stop and revert commands. A virtual machine control console operates under the host OS and starts/stops the HVMM. A container control module operates under the guest OSVM and controls container(s) in response to the command(s). The server communication module sends activity report(s) to a central collection network appliance that maintains a repository of activities for infected devices.Type: GrantFiled: July 24, 2015Date of Patent: March 21, 2017Assignee: George Mason Research Foundation, Inc.Inventors: Anup Ghosh, Yih Huang, Jiang Wang, Angelos Stavrou
-
Patent number: 9519779Abstract: A non-transitory processor-readable medium storing code representing instructions to cause a processor to perform a process includes code to cause the processor to receive a set of indications of allowed behavior associated with an application. The processor is also caused to initiate an instance of the application within a sandbox environment. The processor is further caused to receive, from a monitor module associated with the sandbox environment, a set of indications of actual behavior of the instance of the application in response to initiating the instance of the application within the sandbox environment. The processor is also caused to send an indication associated with an anomalous behavior if at least one indication from the set of indications of actual behavior does not correspond to an indication from the set of indications of allowed behavior.Type: GrantFiled: July 13, 2015Date of Patent: December 13, 2016Assignee: Invincea, Inc.Inventors: Anup Ghosh, Scott Cosby, Alan Keister, Benjamin Bryant, Stephen Taylor
-
Publication number: 20160182540Abstract: Processor(s) for detecting malicious software. A hardware virtual machine monitor (HVMM) operates under a host OS. Container(s) initialized with network application template(s) operate under a guest OS VM. A detection module operates under the guest OS VM includes a trigger detection module, a logging module and a container command module. The trigger detection module monitors activity on container(s) for a trigger event. The logging module writes activity report(s) in response to trigger event(s). The container command module issues command(s) in response to trigger event(s). The command(s) include a container start, stop and revert commands. A virtual machine control console operates under the host OS and starts/stops the HVMM. A container control module operates under the guest OSVM and controls container(s) in response to the command(s). The server communication module sends activity report(s) to a central collection network appliance that maintains a repository of activities for infected devices.Type: ApplicationFiled: July 24, 2015Publication date: June 23, 2016Applicant: GEORGE MASON RESEARCH FOUNDATION, INC.Inventors: Anup GHOSH, Yih HUANG, Jiang WANG, Angelos STAVROU
-
Patent number: 9190080Abstract: A method and system for providing a magnetic transducer is described. The method and system include providing an underlayer, a seed structure, and a magnetically hard layer. The underlayer has a surface. The seed structure resides on the surface and includes an amorphous layer and a seed layer. The amorphous layer wets the surface of the underlayer. The seed layer having a natural growth texture. The magnetically hard layer resides on the seed structure. The seed layer resides between the magnetically hard layer and the amorphous layer. The magnetically hard layer has a desired crystal orientation corresponding to the natural growth texture of the seed layer.Type: GrantFiled: August 16, 2007Date of Patent: November 17, 2015Assignee: Western Digital (Fremont), LLCInventors: Anup Ghosh Roy, Xiaozhong Dang
-
Publication number: 20150324586Abstract: A non-transitory processor-readable medium storing code representing instructions to cause a processor to perform a process includes code to cause the processor to receive a set of indications of allowed behavior associated with an application. The processor is also caused to initiate an instance of the application within a sandbox environment. The processor is further caused to receive, from a monitor module associated with the sandbox environment, a set of indications of actual behavior of the instance of the application in response to initiating the instance of the application within the sandbox environment. The processor is also caused to send an indication associated with an anomalous behavior if at least one indication from the set of indications of actual behavior does not correspond to an indication from the set of indications of allowed behavior.Type: ApplicationFiled: July 13, 2015Publication date: November 12, 2015Applicant: Invincea, Inc.Inventors: Anup GHOSH, Scott COSBY, Alan KEISTER, Benjamin BRYANT, Stephen TAYLOR
-
Patent number: 9098698Abstract: Processor(s) for detecting malicious software. A hardware virtual machine monitor (HVMM) operates under a host OS. Container(s) initialized with network application template(s) operate under a guest OS VM. A detection module operates under the guest OS VM includes a trigger detection module, a logging module and a container command module. The trigger detection module monitors activity on container(s) for a trigger event. The logging module writes activity report(s) in response to trigger event(s). The container command module issues command(s) in response to trigger event(s). The command(s) include a container start, stop and revert commands. A virtual machine control console operates under the host OS and starts/stops the HVMM. A container control module operates under the guest OSVM and controls container(s) in response to the command(s). The server communication module sends activity report(s) to a central collection network appliance that maintains a repository of activities for infected devices.Type: GrantFiled: September 14, 2009Date of Patent: August 4, 2015Assignee: George Mason Research Foundation, Inc.Inventors: Anup Ghosh, Yih Huang, Jiang Wang, Angelos Stavrou
-
Patent number: 9081959Abstract: A non-transitory processor-readable medium storing code representing instructions to cause a processor to perform a process includes code to cause the processor to receive a set of indications of allowed behavior associated with an application. The processor is also caused to initiate an instance of the application within a sandbox environment. The processor is further caused to receive, from a monitor module associated with the sandbox environment, a set of indications of actual behavior of the instance of the application in response to initiating the instance of the application within the sandbox environment. The processor is also caused to send an indication associated with an anomalous behavior if at least one indication from the set of indications of actual behavior does not correspond to an indication from the set of indications of allowed behavior.Type: GrantFiled: November 30, 2012Date of Patent: July 14, 2015Assignee: Invincea, Inc.Inventors: Anup Ghosh, Scott Cosby, Alan Keister, Benjamin Bryant, Stephen Taylor
-
Patent number: 8935773Abstract: A transparent proxy for malware detection includes a monitor module, a protocol determination module, a challenge generation module, a response determination module, and a data control module. The monitor module examines data originating from an application towards a remote server. The protocol determination module identifies the protocol type used for the data. The challenge generation module produces a challenge for the application based upon the protocol type, sends the challenge to the application, and maintains a state related to the data and the challenge. The response determination module makes a determination if an automatic non-interactive application response is received in response to the challenge from the application. The data control module allows the first data to continue to the remote server when the determination is valid. The data control module reports malware detection and blocks the data to continue to the remote server when the determination is invalid.Type: GrantFiled: April 9, 2010Date of Patent: January 13, 2015Assignee: George Mason Research Foundation, Inc.Inventors: Angelos Stavrou, Sushil Jajodia, Anup Ghosh, Rhandi Martin, Charalampos Andrianakis
-
Patent number: 8819225Abstract: A hardware-assisted integrity monitor may include one or more target machines and/or monitor machines. A target machine may include one or more processors, which may include one or more system management modes (SMM). A SMM may include one or more register checking modules, which may be configured to determine one or more current CPU register states. A SMM may include one or more acquiring modules, which may be configured to determine one or more current memory states. A SMM may include one or more network modules, which may be configured to direct one or more communications, for example of one or more current CPU register states and/or current memory states, to a monitor machine. A monitor machine may include one or more network modules and/or analysis modules. An analysis module may be configured to determine memory state differences and/or determine CPU register states differences.Type: GrantFiled: November 15, 2011Date of Patent: August 26, 2014Assignee: George Mason Research Foundation, Inc.Inventors: Jiang Wang, Angelos Stavrou, Anup Ghosh, Kun Sun
-
Patent number: 8547667Abstract: A method and system for providing a magnetic transducer is described. The method and system include providing a seed layer and providing at least one adjustment layer on the seed layer. The method and system also include providing a hard bias structure on the at least one adjustment layer. The seed layer has a first template including a first template dimension and a first texture. The at least one adjustment layer has a second template including a second template dimension and a second texture. The hard bias structure has a third template including a third template dimension and a third texture. The second template is between the first template and the third template.Type: GrantFiled: November 26, 2008Date of Patent: October 1, 2013Assignee: Western Digital (Fremont), LLCInventors: Anup Ghosh Roy, Ming Mao, Mahendra Pakala
-
Publication number: 20110099620Abstract: A transparent proxy for malware detection includes a monitor module, a protocol determination module, a challenge generation module, a response determination module, and a data control module. The monitor module examines data originating from an application towards a remote server. The protocol determination module identifies the protocol type used for the data. The challenge generation module produces a challenge for the application based upon the protocol type, sends the challenge to the application, and maintains a state related to the data and the challenge. The response determination module makes a determination if an automatic non-interactive application response is received in response to the challenge from the application. The data control module allows the first data to continue to the remote server when the determination is valid. The data control module reports malware detection and blocks the data to continue to the remote server when the determination is invalid.Type: ApplicationFiled: April 9, 2010Publication date: April 28, 2011Inventors: Angelos Stavrou, Sushil Jajodia, Anup Ghosh, Rhandi Martin, Charalampos Andrianakis
-
Publication number: 20100122343Abstract: Processor(s) for detecting malicious software. A hardware virtual machine monitor (HVMM) operates under a host OS. Container(s) initialized with network application template(s)operate under a guest OS VM. A detection module operates under the guest OS VM includes a trigger detection module, a logging module and a container command module. The trigger detection module monitors activity on container(s) for a trigger event. The logging module writes activity report(s) in response to trigger event(s). The container command module issues command(s) in response to trigger event(s). The command(s) include a container start, stop and revert commands. A virtual machine control console operates under the host OS and starts/stops the HVMM. A container control module operates under the guest OSVM and controls container(s) in response to the command(s). The server communication module sends activity report(s) to a central collection network appliance that maintains a repository of activities for infected devices.Type: ApplicationFiled: September 14, 2009Publication date: May 13, 2010Inventors: Anup Ghosh, Yih Huang, Jiang Wang, Angelos Stavrou