Patents by Inventor Anup Ghosh

Anup Ghosh has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 9602524
    Abstract: Processor(s) for detecting malicious software. A hardware virtual machine monitor (HVMM) operates under a host OS. Container(s) initialized with network application template(s) operate under a guest OS VM. A detection module operates under the guest OS VM includes a trigger detection module, a logging module and a container command module. The trigger detection module monitors activity on container(s) for a trigger event. The logging module writes activity report(s) in response to trigger event(s). The container command module issues command(s) in response to trigger event(s). The command(s) include a container start, stop and revert commands. A virtual machine control console operates under the host OS and starts/stops the HVMM. A container control module operates under the guest OSVM and controls container(s) in response to the command(s). The server communication module sends activity report(s) to a central collection network appliance that maintains a repository of activities for infected devices.
    Type: Grant
    Filed: July 24, 2015
    Date of Patent: March 21, 2017
    Assignee: George Mason Research Foundation, Inc.
    Inventors: Anup Ghosh, Yih Huang, Jiang Wang, Angelos Stavrou
  • Patent number: 9519779
    Abstract: A non-transitory processor-readable medium storing code representing instructions to cause a processor to perform a process includes code to cause the processor to receive a set of indications of allowed behavior associated with an application. The processor is also caused to initiate an instance of the application within a sandbox environment. The processor is further caused to receive, from a monitor module associated with the sandbox environment, a set of indications of actual behavior of the instance of the application in response to initiating the instance of the application within the sandbox environment. The processor is also caused to send an indication associated with an anomalous behavior if at least one indication from the set of indications of actual behavior does not correspond to an indication from the set of indications of allowed behavior.
    Type: Grant
    Filed: July 13, 2015
    Date of Patent: December 13, 2016
    Assignee: Invincea, Inc.
    Inventors: Anup Ghosh, Scott Cosby, Alan Keister, Benjamin Bryant, Stephen Taylor
  • Publication number: 20160182540
    Abstract: Processor(s) for detecting malicious software. A hardware virtual machine monitor (HVMM) operates under a host OS. Container(s) initialized with network application template(s) operate under a guest OS VM. A detection module operates under the guest OS VM includes a trigger detection module, a logging module and a container command module. The trigger detection module monitors activity on container(s) for a trigger event. The logging module writes activity report(s) in response to trigger event(s). The container command module issues command(s) in response to trigger event(s). The command(s) include a container start, stop and revert commands. A virtual machine control console operates under the host OS and starts/stops the HVMM. A container control module operates under the guest OSVM and controls container(s) in response to the command(s). The server communication module sends activity report(s) to a central collection network appliance that maintains a repository of activities for infected devices.
    Type: Application
    Filed: July 24, 2015
    Publication date: June 23, 2016
    Applicant: GEORGE MASON RESEARCH FOUNDATION, INC.
    Inventors: Anup GHOSH, Yih HUANG, Jiang WANG, Angelos STAVROU
  • Patent number: 9190080
    Abstract: A method and system for providing a magnetic transducer is described. The method and system include providing an underlayer, a seed structure, and a magnetically hard layer. The underlayer has a surface. The seed structure resides on the surface and includes an amorphous layer and a seed layer. The amorphous layer wets the surface of the underlayer. The seed layer having a natural growth texture. The magnetically hard layer resides on the seed structure. The seed layer resides between the magnetically hard layer and the amorphous layer. The magnetically hard layer has a desired crystal orientation corresponding to the natural growth texture of the seed layer.
    Type: Grant
    Filed: August 16, 2007
    Date of Patent: November 17, 2015
    Assignee: Western Digital (Fremont), LLC
    Inventors: Anup Ghosh Roy, Xiaozhong Dang
  • Publication number: 20150324586
    Abstract: A non-transitory processor-readable medium storing code representing instructions to cause a processor to perform a process includes code to cause the processor to receive a set of indications of allowed behavior associated with an application. The processor is also caused to initiate an instance of the application within a sandbox environment. The processor is further caused to receive, from a monitor module associated with the sandbox environment, a set of indications of actual behavior of the instance of the application in response to initiating the instance of the application within the sandbox environment. The processor is also caused to send an indication associated with an anomalous behavior if at least one indication from the set of indications of actual behavior does not correspond to an indication from the set of indications of allowed behavior.
    Type: Application
    Filed: July 13, 2015
    Publication date: November 12, 2015
    Applicant: Invincea, Inc.
    Inventors: Anup GHOSH, Scott COSBY, Alan KEISTER, Benjamin BRYANT, Stephen TAYLOR
  • Patent number: 9098698
    Abstract: Processor(s) for detecting malicious software. A hardware virtual machine monitor (HVMM) operates under a host OS. Container(s) initialized with network application template(s) operate under a guest OS VM. A detection module operates under the guest OS VM includes a trigger detection module, a logging module and a container command module. The trigger detection module monitors activity on container(s) for a trigger event. The logging module writes activity report(s) in response to trigger event(s). The container command module issues command(s) in response to trigger event(s). The command(s) include a container start, stop and revert commands. A virtual machine control console operates under the host OS and starts/stops the HVMM. A container control module operates under the guest OSVM and controls container(s) in response to the command(s). The server communication module sends activity report(s) to a central collection network appliance that maintains a repository of activities for infected devices.
    Type: Grant
    Filed: September 14, 2009
    Date of Patent: August 4, 2015
    Assignee: George Mason Research Foundation, Inc.
    Inventors: Anup Ghosh, Yih Huang, Jiang Wang, Angelos Stavrou
  • Patent number: 9081959
    Abstract: A non-transitory processor-readable medium storing code representing instructions to cause a processor to perform a process includes code to cause the processor to receive a set of indications of allowed behavior associated with an application. The processor is also caused to initiate an instance of the application within a sandbox environment. The processor is further caused to receive, from a monitor module associated with the sandbox environment, a set of indications of actual behavior of the instance of the application in response to initiating the instance of the application within the sandbox environment. The processor is also caused to send an indication associated with an anomalous behavior if at least one indication from the set of indications of actual behavior does not correspond to an indication from the set of indications of allowed behavior.
    Type: Grant
    Filed: November 30, 2012
    Date of Patent: July 14, 2015
    Assignee: Invincea, Inc.
    Inventors: Anup Ghosh, Scott Cosby, Alan Keister, Benjamin Bryant, Stephen Taylor
  • Patent number: 8935773
    Abstract: A transparent proxy for malware detection includes a monitor module, a protocol determination module, a challenge generation module, a response determination module, and a data control module. The monitor module examines data originating from an application towards a remote server. The protocol determination module identifies the protocol type used for the data. The challenge generation module produces a challenge for the application based upon the protocol type, sends the challenge to the application, and maintains a state related to the data and the challenge. The response determination module makes a determination if an automatic non-interactive application response is received in response to the challenge from the application. The data control module allows the first data to continue to the remote server when the determination is valid. The data control module reports malware detection and blocks the data to continue to the remote server when the determination is invalid.
    Type: Grant
    Filed: April 9, 2010
    Date of Patent: January 13, 2015
    Assignee: George Mason Research Foundation, Inc.
    Inventors: Angelos Stavrou, Sushil Jajodia, Anup Ghosh, Rhandi Martin, Charalampos Andrianakis
  • Patent number: 8819225
    Abstract: A hardware-assisted integrity monitor may include one or more target machines and/or monitor machines. A target machine may include one or more processors, which may include one or more system management modes (SMM). A SMM may include one or more register checking modules, which may be configured to determine one or more current CPU register states. A SMM may include one or more acquiring modules, which may be configured to determine one or more current memory states. A SMM may include one or more network modules, which may be configured to direct one or more communications, for example of one or more current CPU register states and/or current memory states, to a monitor machine. A monitor machine may include one or more network modules and/or analysis modules. An analysis module may be configured to determine memory state differences and/or determine CPU register states differences.
    Type: Grant
    Filed: November 15, 2011
    Date of Patent: August 26, 2014
    Assignee: George Mason Research Foundation, Inc.
    Inventors: Jiang Wang, Angelos Stavrou, Anup Ghosh, Kun Sun
  • Patent number: 8547667
    Abstract: A method and system for providing a magnetic transducer is described. The method and system include providing a seed layer and providing at least one adjustment layer on the seed layer. The method and system also include providing a hard bias structure on the at least one adjustment layer. The seed layer has a first template including a first template dimension and a first texture. The at least one adjustment layer has a second template including a second template dimension and a second texture. The hard bias structure has a third template including a third template dimension and a third texture. The second template is between the first template and the third template.
    Type: Grant
    Filed: November 26, 2008
    Date of Patent: October 1, 2013
    Assignee: Western Digital (Fremont), LLC
    Inventors: Anup Ghosh Roy, Ming Mao, Mahendra Pakala
  • Publication number: 20110099620
    Abstract: A transparent proxy for malware detection includes a monitor module, a protocol determination module, a challenge generation module, a response determination module, and a data control module. The monitor module examines data originating from an application towards a remote server. The protocol determination module identifies the protocol type used for the data. The challenge generation module produces a challenge for the application based upon the protocol type, sends the challenge to the application, and maintains a state related to the data and the challenge. The response determination module makes a determination if an automatic non-interactive application response is received in response to the challenge from the application. The data control module allows the first data to continue to the remote server when the determination is valid. The data control module reports malware detection and blocks the data to continue to the remote server when the determination is invalid.
    Type: Application
    Filed: April 9, 2010
    Publication date: April 28, 2011
    Inventors: Angelos Stavrou, Sushil Jajodia, Anup Ghosh, Rhandi Martin, Charalampos Andrianakis
  • Publication number: 20100122343
    Abstract: Processor(s) for detecting malicious software. A hardware virtual machine monitor (HVMM) operates under a host OS. Container(s) initialized with network application template(s)operate under a guest OS VM. A detection module operates under the guest OS VM includes a trigger detection module, a logging module and a container command module. The trigger detection module monitors activity on container(s) for a trigger event. The logging module writes activity report(s) in response to trigger event(s). The container command module issues command(s) in response to trigger event(s). The command(s) include a container start, stop and revert commands. A virtual machine control console operates under the host OS and starts/stops the HVMM. A container control module operates under the guest OSVM and controls container(s) in response to the command(s). The server communication module sends activity report(s) to a central collection network appliance that maintains a repository of activities for infected devices.
    Type: Application
    Filed: September 14, 2009
    Publication date: May 13, 2010
    Inventors: Anup Ghosh, Yih Huang, Jiang Wang, Angelos Stavrou