Patents by Inventor Ashar Aziz

Ashar Aziz has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10757120
    Abstract: An electronic message is analyzed for malware contained in the message. Text of an electronic message may be analyzed to detect and process malware content in the electronic message itself. The present technology may analyze an electronic message and attachments to electronic messages to detect a uniform resource location (URL), identify whether the URL is suspicious, and analyze all suspicious URLs to determine if they are malware. The analysis may include re-playing the suspicious URL in a virtual environment which simulates the intended computing device to receive the electronic message. If the re-played URL is determined to be malicious, the malicious URL is added to a black list which is updated throughout the computer system.
    Type: Grant
    Filed: July 16, 2018
    Date of Patent: August 25, 2020
    Assignee: FireEye, Inc.
    Inventors: Ashar Aziz, Henry Uyeno, Jay Manni, Amin Sukhera, Stuart Staniford
  • Patent number: 10740456
    Abstract: An architecture deployed to facilitate real-time security analysis, including exploit detection and threat intelligence, of operating system (OS) processes executed by a central processing unit (CPU). The architecture features memory configured to store a process, an OS kernel, a VMM and a virtualization module. The virtualization module is configured to communicate with the VMM and execute, at a privilege level of the CPU, to control access permissions to kernel resources accessible by the process. The VMM is configured to execute at a first privilege level of the virtualization module to expose the kernel resources to the OS kernel. The OS kernel is configured to execute at a second privilege level lower than the first privilege level of the virtualization module. The VMM is further configured to instantiate a virtual machine containing the OS kernel, where access to the kernel resources is controlled by the VMM and the virtual machine.
    Type: Grant
    Filed: April 16, 2018
    Date of Patent: August 11, 2020
    Assignee: FireEye, Inc.
    Inventors: Osman Abdoul Ismael, Ashar Aziz
  • Patent number: 10623434
    Abstract: A system is provided with one or more virtual machines and a replayer. The virtual machine(s) are configured to mimic operations of a first device. The replayer is configured to mimic operations of a second device. Herein, the replayer receives a portion of network data under analysis, dynamically modifies the portion of the network data, and transmits the modified portion of the network data to at least one virtual machine of the one or more virtual machines in accordance with a protocol sequence utilized between the first device and the second device.
    Type: Grant
    Filed: March 5, 2018
    Date of Patent: April 14, 2020
    Assignee: FireEye, Inc.
    Inventors: Ashar Aziz, Ramesh Radhakrishnan, Osman Ismael
  • Patent number: 10587636
    Abstract: Exemplary systems and methods for detecting a communication channel of a bot. In exemplary embodiments, presence of a communication channel between a first network device and a second network device is detected. Data from the communication channel is scanned and used to determine if a suspected bot communication exists. If a bot communication is detected, then a recovery process may be initiated.
    Type: Grant
    Filed: April 17, 2017
    Date of Patent: March 10, 2020
    Assignee: FireEye, Inc.
    Inventors: Ashar Aziz, Wei-Lung Lai, Jayaraman Manni
  • Patent number: 10567405
    Abstract: A system for detecting malware is described. The system features a traffic analysis device and a network device. The traffic analysis device is configured to receive data over a communication network, selectively filter the data, and output a first portion of the data to the network device. The network device is communicatively coupled with and remotely located from the traffic analysis device. The network device features software that, upon execution, (i) monitors behaviors of one or more virtual machines processing the first portion of the data received as output from the traffic analysis device, and (ii) detects, based on the monitored behaviors, a presence of malware in the first virtual machine.
    Type: Grant
    Filed: August 1, 2016
    Date of Patent: February 18, 2020
    Assignee: FireEye, Inc.
    Inventor: Ashar Aziz
  • Patent number: 10511614
    Abstract: A method establishing communications between a management system and a malware detection system that collectively provide a distributed malware detection scheme. The malware detection system is configured to analyze network traffic to determine whether the network traffic includes malware. The management system is configured to set the malware detection system to a first level of malware detection based on a first subscription level purchased by a subscriber and control operability of the malware detection system.
    Type: Grant
    Filed: March 6, 2017
    Date of Patent: December 17, 2019
    Assignee: FireEye, Inc.
    Inventor: Ashar Aziz
  • Patent number: 10476909
    Abstract: According to one embodiment, a threat detection system comprising an intrusion protection system (IPS) logic, a virtual execution logic and a reporting logic is shown. The IPS logic is configured to receive a first plurality of objects and analyze the first plurality of objects to identify a second plurality of objects as potential exploits, the second plurality of objects being a subset of the first plurality of objects and being lesser or equal in number to the first plurality of objects. The virtual execution logic including at least one virtual machine configured to process content within each of the second plurality of objects and monitor for anomalous behaviors during the processing that are indicative of exploits to classify that a first subset of the second plurality of objects includes one or more verified exploits. The reporting logic configured to provide a display of exploit information associated with the one or more verified exploits.
    Type: Grant
    Filed: October 19, 2016
    Date of Patent: November 12, 2019
    Assignee: FireEye, Inc.
    Inventors: Ashar Aziz, Muhammad Amin, Osman Abdoul Ismael, Zheng Bu
  • Patent number: 10467411
    Abstract: One embodiment of the disclosure is directed to a method for generating an identifier for use in malware detection. Herein, a first plurality of indicators of compromise are obtained. These indicators of compromise correspond to a plurality of anomalous behaviors. Thereafter, a filtering operation is performed on the first plurality of indicators of compromise by removing one or more indicators of compromise from the first plurality of indicators of compromise to create a second plurality of indicators of compromise. The identifier represented by the second plurality of indicators of compromise is created.
    Type: Grant
    Filed: August 28, 2017
    Date of Patent: November 5, 2019
    Assignee: FireEye, Inc.
    Inventors: Vinay K. Pidathala, Zheng Bu, Ashar Aziz
  • Patent number: 10462173
    Abstract: Computerized techniques to determine and verify maliciousness of an object are described. An endpoint device, during normal processing of an object, identifies the object as suspicious in response to detected features of the object and coordinates further analysis with a malware detection system. The malware detection system processes the object, collects features related to processing, and analyzes the features of the suspicious object to classify as malicious or benign. Correlation of the features captured by the endpoint device and the malware detection system may verify a classification by the malware detection system of maliciousness of the content. The malware detection system may communicate with the one or more endpoint devices to influence detection and reporting of behaviors by those device(s).
    Type: Grant
    Filed: June 26, 2017
    Date of Patent: October 29, 2019
    Assignee: FireEye, Inc.
    Inventors: Ashar Aziz, Osman Abdoul Ismael
  • Patent number: 10454950
    Abstract: A centralized aggregation technique detects lateral movement of a stealthy (i.e., covert) cyber-attack in an enterprise network. A data center security (DCS) appliance may be located at a data center of the enterprise network, while a malware detection system (MDS) appliance may be located at a periphery of the network, an endpoint may be internally located within the enterprise network and an attack analyzer may be centrally located in the network. The appliances and endpoint may provide results of heuristics to an attack analyzer, wherein the heuristic results may be used to detect one or more tools downloaded to the endpoint, as well as resulting actions of the endpoint to determine whether the tools and actions manifest observable behaviors of the lateral movement of the SC-attack.
    Type: Grant
    Filed: March 31, 2016
    Date of Patent: October 22, 2019
    Assignee: FireEye, Inc.
    Inventor: Ashar Aziz
  • Patent number: 10296437
    Abstract: A method is described that includes receiving an application and generating a representation of the application that describes specific states of the application and specific state transitions of the application. The method further includes identifying a region of interest of the application based on rules and observations of the application's execution. The method further includes determining specific stimuli that will cause one or more state transitions within the application to reach the region of interest. The method further includes enabling one or more monitors within the application's run time environment and applying the stimuli. The method further includes generating monitoring information from the one or more monitors. The method further includes applying rules to the monitoring information to determine a next set of stimuli to be applied to the application in pursuit of determining whether the region of interest corresponds to improperly behaving code.
    Type: Grant
    Filed: October 16, 2017
    Date of Patent: May 21, 2019
    Assignee: FireEye, Inc.
    Inventors: Osman Abdoul Ismael, Dawn Song, Ashar Aziz, Noah Johnson, Prashanth Mohan, Hui Xue
  • Patent number: 10282548
    Abstract: Systems and methods for detecting malicious content are provided. In an exemplary embodiment, a method for detecting malicious content is described that detects when a client device has access to a remote network server of a communication network. The client device includes one or more processors. Thereafter, a controller being a device separate from the client device, activates one or more security programs within the remote network server. The security programs enable the controller to analyze data stored within or transmitted from the remote network server. Lastly, the controller analyzing the data to determine whether the data includes malware.
    Type: Grant
    Filed: December 12, 2016
    Date of Patent: May 7, 2019
    Assignee: FireEye, Inc.
    Inventors: Ashar Aziz, Stuart Staniford, Muhammad Amin, Henry Uyeno, Samuel Yie
  • Patent number: 10284574
    Abstract: Exemplary systems and methods for malware attack detection and identification are provided. A malware detection and identification system a controller that features an analysis environment including a virtual machine. The analysis environment to (1) receive data by the virtual machine of the analysis environment and identify a portion of the data that have been received from one or more untrusted, (2) monitor state information associated with the identified portion of the data during execution by the virtual machine, (3) identify an outcome of the state information by tracking the state information during execution of the identified portion of the data by the virtual machine, and (4) determine whether the identified outcome comprises a redirection in control flow during execution by the virtual machine of the portion of the data, the redirection in the control flow constituting an unauthorized activity.
    Type: Grant
    Filed: October 31, 2014
    Date of Patent: May 7, 2019
    Assignee: FireEye, Inc.
    Inventors: Ashar Aziz, Wei-Lung Lai, Jayaraman Manni
  • Patent number: 10200384
    Abstract: A system and method for detecting malicious activity through one or more local analyzers and a central analyzer. The local analyzer captures packets that are part of communications over a network, generates a signature from information obtained from one or more of the captured packets, and determines whether the signature matches any signature of a first plurality of signatures stored in a first storage device that is accessible to the first local analyzer. The central analyzer remotely receives a portion of the information and the signature from the first local analyzer in response to the signature failing to match any of the signatures stored in the first storage device. The central analyzer determines whether the signature matches any global signature stored within a second storage device that is accessible to the central analyzer.
    Type: Grant
    Filed: August 29, 2016
    Date of Patent: February 5, 2019
    Assignee: FireEye, Inc.
    Inventors: Atif Mushtaq, Todd Rosenberry, Ashar Aziz, Ali Islam
  • Patent number: 10181029
    Abstract: A method for hardening in the field code of mobile software applications is described that includes receiving, by a cloud service framework, an application via a user interface over a network. The method also includes generating, by the cloud service framework, a representation of the code of the application and determining, by the cloud service framework, changes to code of the application based at least in part on the representation, wherein the changes to the code preclude the application from performing one or more unwanted behaviors. The method also includes instrumenting, by a static instrumentation unit within the cloud service framework, the application with the changes to the code to create an instrumented application that does not perform the one or more unwanted behaviors.
    Type: Grant
    Filed: November 17, 2017
    Date of Patent: January 15, 2019
    Assignee: FireEye, Inc.
    Inventors: Osman Abdoul Ismael, Dawn Song, Ashar Aziz, Noah Johnson, Adrian Matthew Mettler
  • Patent number: 10165000
    Abstract: Systems and methods for malware attack prevention are provided. The malware attack prevention system features a heuristic module, an analysis environment and an interception module. The heuristic module is configured to (i) receive incoming data from a particular source over a first communication path and (ii) analyze the incoming data to determine whether the incoming data is suspicious, where the suspicious incoming data represents a prescribed likelihood that the incoming data is associated with a malware attack. The analysis environment is configured to analyze the suspicious incoming data to identify whether the suspicious incoming data is associated with a malware attack. Lastly, the interception module is configured to redirect a subsequent flow of data from the particular source to the malware attack prevention system in response to determining, by at least the heuristic module, that the incoming data is suspicious.
    Type: Grant
    Filed: November 24, 2014
    Date of Patent: December 25, 2018
    Assignee: FireEye, Inc.
    Inventors: Ashar Aziz, Wei-Lung Lai, Jayaraman Manni
  • Patent number: 10097573
    Abstract: One embodiment of the invention is directed to a method for defending against a cyberattack. The method involves filtering communications traffic propagating over a communication network and analyzing the filtered communications traffic within an alternate computer network, which is communicatively coupled to the communication network. Upon detection of malware within the filtered communications traffic, a malware identifier is generated based on anomalous behavior caused within the alternate computer network by the malware. The generating of the malware identifier includes (i) generating a sequence of network activities within the alternate computer network based on an orchestrated pattern and (ii) determining the malware identifier by comparing observed behavior in the alternate computer network with orchestrated behavior expected from the orchestrated pattern. Thereafter, the propagation of the malware over the communication network is blocked.
    Type: Grant
    Filed: December 4, 2017
    Date of Patent: October 9, 2018
    Assignee: FireEye, Inc.
    Inventor: Ashar Aziz
  • Patent number: 10068091
    Abstract: Systems and methods for malware containment on connection is provided. In exemplary embodiments, a malware containment method is described that performs a number of operations. The method involves redirecting network data received over a communication network to a virtual machine. The virtual machine is configured to simulate functionality of a digital device. Furthermore, the method involves analyzing of the redirected network data that including analyzing a response of the virtual machine to processing of the network data within the virtual machine to identify a malware attack. Thereafter, the method involves continuing to redirect the network data for processing by the virtual machine until expiration of a predetermined period of time without detection of malware, or continuing to redirect the network data for processing by the virtual machine beyond the predetermined period of time when malware is detected.
    Type: Grant
    Filed: November 23, 2015
    Date of Patent: September 4, 2018
    Assignee: FireEye, Inc.
    Inventors: Ashar Aziz, Wei-Lung Lai, Jayaraman Manni
  • Patent number: 10025691
    Abstract: A technique verifies a compound software code using a modularized architecture. The compound software code may be divided into smaller components or modules that provide various functions (e.g., services) of the code. A set of properties may be defined for the modules, such that the verification technique may be used to verify that the modules manifest those properties, wherein at least one property may be security related and the remaining properties may be related to the services of the modules. The compound software code is divided into smaller modules to facilitate verification of the properties related to the services provided by the modules. Properties of the modules may be verified in accordance with an enhanced verification procedure to demonstrate that the modules manifest those properties and transform those modules into verified code bases (VCBs).
    Type: Grant
    Filed: September 9, 2016
    Date of Patent: July 17, 2018
    Assignee: FireEye, Inc.
    Inventors: Osman Abdoul Ismael, Hendrik Tews, Ashar Aziz
  • Patent number: 10027690
    Abstract: An electronic message is analyzed for malware contained in the message. Text of an electronic message may be analyzed to detect and process malware content in the electronic message itself. The present technology may analyze an electronic message and attachments to electronic messages to detect a uniform resource location (URL), identify whether the URL is suspicious, and analyze all suspicious URLs to determine if they are malware. The analysis may include re-playing the suspicious URL in a virtual environment which simulates the intended computing device to receive the electronic message. If the re-played URL is determined to be malicious, the malicious URL is added to a black list which is updated throughout the computer system.
    Type: Grant
    Filed: June 22, 2015
    Date of Patent: July 17, 2018
    Assignee: FireEye, Inc.
    Inventors: Ashar Aziz, Henry Uyeno, Jay Manni, Amin Sukhera, Stuart Staniford