Patents by Inventor Ashar Aziz

Ashar Aziz has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12166786
    Abstract: A system and non-transitory computer-readable medium including security logic engine (SLE) to detect malicious objects based on operations conducted by an endpoint device and/or a malware detection system. The SLE includes formatting logic and a correlation engine. The formatting logic is configured to receive data from an endpoint device and a malware detection system via a network interface and to convert the data into a format used by logic within the SLE. The correlation engine is configured to (i) correlate a plurality of features included as part of the data with known behaviors and characteristics of at least malicious objects and (ii) correlate a first set of features of the plurality of features received from the endpoint device with a second set of features of the plurality of features received from the malware detection system to verify a determination of maliciousness by the endpoint device and/or the malware detection system.
    Type: Grant
    Filed: January 28, 2022
    Date of Patent: December 10, 2024
    Assignee: Musarubra US LLC
    Inventors: Ashar Aziz, Osman Abdoul Ismael
  • Patent number: 12099864
    Abstract: A formally verified trusted computing base with active security and policy enforcement is described. The formally verified trusted computing base includes a formally verified microkernel and multiple formally verified hyper-processes including a virtual machine monitor (VMM), virtual machine introspection (VMI), policy enforcers including an active security policy enforcer (ASPE), and a virtual switch. The active security and policy enforcement continuously monitors for semantic behavior detection or policy violations and enforces the policies at the virtualization layer. Further, policies can be attached to the network layer to provide granular control of the communication of the computing device.
    Type: Grant
    Filed: September 12, 2022
    Date of Patent: September 24, 2024
    Assignee: BlueRock Security, Inc.
    Inventors: Osman Abdoul Ismael, Ashar Aziz, Jonas Pfoh
  • Patent number: 11979428
    Abstract: A technique verifies a determination of an exploit or malware in an object at a malware detection system (MDS) appliance through correlation of behavior activity of the object running on endpoints of a network. The appliance may analyze the object to render a determination that the object is suspicious and may contain the exploit or malware. In response, the MDS appliance may poll the endpoints (or receive messages pushed from the endpoints) to determine as to whether any of the endpoints may have analyzed the suspect object and observed its behaviors. If the object was analyzed, the endpoints may provide the observed behavior information to the appliance, which may then correlate that information, e.g., against correlation rules, to verify its determination of the exploit or malware. In addition, the appliance may task the endpoints to analyze the object, e.g., during run time, to determine whether it contains the exploit and provide the results to the appliance for correlation.
    Type: Grant
    Filed: November 2, 2020
    Date of Patent: May 7, 2024
    Assignee: Musarubra US LLC
    Inventors: Osman Abdoul Ismael, Ashar Aziz
  • Patent number: 11936666
    Abstract: Computerized techniques to determine and verify maliciousness of an object are described. A malware detection system intercepts in-bound network traffic at a periphery of a network to capture and analyze behaviors of content of network traffic monitored during execution in a virtual machine. One or more endpoint devices on the network also monitor for behaviors during normal processing. Correlation of the behaviors captured by the malware detection system and the one or more endpoint devices may verify a classification by the malware detection system of maliciousness of the content. The malware detection system may communicate with the one or more endpoint devices to influence detection and reporting of behaviors by those device(s).
    Type: Grant
    Filed: January 11, 2021
    Date of Patent: March 19, 2024
    Assignee: Musarubra US LLC
    Inventors: Ashar Aziz, Osman Abdoul Ismael
  • Patent number: 11637857
    Abstract: A system for detecting malware is described. The system features a traffic analysis device and a network device. The traffic analysis device is configured to receive data over a communication network, selectively filter the data, and output a first portion of the data to the network device. The network device is communicatively coupled with and remotely located from the traffic analysis device. The network device features software that, upon execution, (i) monitors behaviors of one or more virtual machines processing the first portion of the data received as output from the traffic analysis device, and (ii) detects, based on the monitored behaviors, a presence of malware in the first virtual machine.
    Type: Grant
    Filed: February 14, 2020
    Date of Patent: April 25, 2023
    Assignee: FireEye Security Holdings US LLC
    Inventor: Ashar Aziz
  • Publication number: 20230004418
    Abstract: A formally verified trusted computing base with active security and policy enforcement is described. The formally verified trusted computing base includes a formally verified microkernel and multiple formally verified hyper-processes including a virtual machine monitor (VMM), virtual machine introspection (VMI), policy enforcers including an active security policy enforcer (ASPE), and a virtual switch. The active security and policy enforcement continuously monitors for semantic behavior detection or policy violations and enforces the policies at the virtualization layer. Further, policies can be attached to the network layer to provide granular control of the communication of the computing device.
    Type: Application
    Filed: September 12, 2022
    Publication date: January 5, 2023
    Inventors: Osman Abdoul Ismael, Ashar Aziz, Jonas Pfoh
  • Patent number: 11442770
    Abstract: A formally verified trusted computing base with active security and policy enforcement is described. The formally verified trusted computing base includes a formally verified microkernel and multiple formally verified hyper-processes including a virtual machine monitor (VMM), virtual machine introspection (VMI), policy enforcers including an active security policy enforcer (ASPE), and a virtual switch. The active security and policy enforcement continuously monitors for semantic behavior detection or policy violations and enforces the policies at the virtualization layer. Further, policies can be attached to the network layer to provide granular control of the communication of the computing device.
    Type: Grant
    Filed: October 13, 2021
    Date of Patent: September 13, 2022
    Assignee: BedRock Systems, Inc.
    Inventors: Osman Abdoul Ismael, Ashar Aziz, Jonas Pfoh
  • Patent number: 11381578
    Abstract: A system and method are disclosed for network-based file analysis for malware detection. Network content is received from a network tap. A binary packet is identified in the network content. A binary file, including the binary packet, is extracted from the network content. It is determined whether the extracted binary file is detected to be malware.
    Type: Grant
    Filed: September 9, 2014
    Date of Patent: July 5, 2022
    Assignee: FireEye Security Holdings US LLC
    Inventors: Jayaraman Manni, Ashar Aziz, Fengmin Gong, Upendran Loganathan, Muhammad Amin
  • Publication number: 20220114009
    Abstract: A formally verified trusted computing base with active security and policy enforcement is described. The formally verified trusted computing base includes a formally verified microkernel and multiple formally verified hyper-processes including a virtual machine monitor (VMM), virtual machine introspection (VMI), policy enforcers including an active security policy enforcer (ASPE), and a virtual switch. The active security and policy enforcement continuously monitors for semantic behavior detection or policy violations and enforces the policies at the virtualization layer. Further, policies can be attached to the network layer to provide granular control of the communication of the computing device.
    Type: Application
    Filed: October 13, 2021
    Publication date: April 14, 2022
    Inventors: Osman Abdoul Ismael, Ashar Aziz, Jonas Pfoh
  • Patent number: 11240262
    Abstract: Computerized techniques to determine and verify maliciousness of an object by a security logic engine are described. A method features receiving information pertaining to a first set of events associated with a first object (first information) from an endpoint and information pertaining to a second set of events associated with a second object (second information) from an analysis system. Thereafter, the likelihood of the cyber-attack being conducted on the network is determined by at least correlating the first information and the second information with at least events associated with known malicious objects. Any endpoint vulnerable to the cyber-attack are identified based on a configuration of each of the plurality of endpoints and requesting the analysis system to conduct one or more further analyses in accordance with at least a software profile identified in a configuration of the first endpoint of the plurality of endpoints identified as vulnerable.
    Type: Grant
    Filed: October 28, 2019
    Date of Patent: February 1, 2022
    Assignee: FireEye Security Holdings US LLC
    Inventors: Ashar Aziz, Osman Abdoul Ismael
  • Patent number: 11089057
    Abstract: According to one embodiment, a threat detection system comprising an intrusion protection system (IPS) logic, a virtual execution logic and a reporting logic is shown. The IPS logic is configured to receive a first plurality of objects and analyze the first plurality of objects to identify a second plurality of objects as potential exploits, the second plurality of objects being a subset of the first plurality of objects and being lesser or equal in number to the first plurality of objects. The virtual execution logic including at least one virtual machine configured to process content within each of the second plurality of objects and monitor for anomalous behaviors during the processing that are indicative of exploits to classify that a first subset of the second plurality of objects includes one or more verified exploits. The reporting logic configured to provide a display of exploit information associated with the one or more verified exploits.
    Type: Grant
    Filed: November 8, 2019
    Date of Patent: August 10, 2021
    Assignee: FireEye, Inc.
    Inventors: Ashar Aziz, Muhammad Amin, Osman Abdoul Ismael, Zheng Bu
  • Patent number: 11082435
    Abstract: Exemplary systems and methods for malware attack detection and identification are provided. A malware detection and identification system a controller that features an analysis environment including a virtual machine. The analysis environment to (1) receive data by the virtual machine of the analysis environment and identify a portion of the data that have been received from one or more untrusted, (2) monitor state information associated with the identified portion of the data during execution by the virtual machine, (3) identify an outcome of the state information by tracking the state information during execution of the identified portion of the data by the virtual machine, and (4) determine whether the identified outcome comprises a redirection in control flow during execution by the virtual machine of the portion of the data, the redirection in the control flow constituting an unauthorized activity.
    Type: Grant
    Filed: May 6, 2019
    Date of Patent: August 3, 2021
    Assignee: FireEye, Inc.
    Inventors: Ashar Aziz, Wei-Lung Lai, Jayaraman Manni
  • Patent number: 10929266
    Abstract: In one embodiment, a method for detecting one or more behaviors by software under test that indicate a presence of malware is described. First, an analysis of operations conducted by the software being processed by a virtual machine is performed. The analysis includes monitoring one or more behaviors conducted by the software during processing within the virtual machine. Next, a video corresponding to at least the one or more monitored behaviors, which are conducted by the software during processing of the software within the virtual machine, is generated. Also, text information associated with each of the one or more monitored behaviors is generated, where the text information being displayed on an electronic device contemporaneously with the video corresponding to the one or more monitored behaviors.
    Type: Grant
    Filed: July 9, 2018
    Date of Patent: February 23, 2021
    Assignee: FireEye, Inc.
    Inventors: Harnish Goradia, Osman Abdoul Ismael, Noah M. Johnson, Adrian Mettler, Ashar Aziz
  • Patent number: 10893059
    Abstract: Computerized techniques to determine and verify maliciousness of an object are described. A malware detection system intercepts in-bound network traffic at a periphery of a network to capture and analyze behaviors of content of network traffic monitored during execution in a virtual machine. One or more endpoint devices on the network also monitor for behaviors during normal processing. Correlation of the behaviors captured by the malware detection system and the one or more endpoint devices may verify a classification by the malware detection system of maliciousness of the content. The malware detection system may communicate with the one or more endpoint devices to influence detection and reporting of behaviors by those device(s).
    Type: Grant
    Filed: March 29, 2017
    Date of Patent: January 12, 2021
    Assignee: FireEye, Inc.
    Inventors: Ashar Aziz, Osman Abdoul Ismael
  • Patent number: 10826933
    Abstract: A technique verifies a determination of an exploit or malware in an object at a malware detection system (MDS) appliance through correlation of behavior activity of the object running on endpoints of a network. The appliance may analyze the object to render a determination that the object is suspicious and may contain the exploit or malware. In response, the MDS appliance may poll the endpoints (or receive messages pushed from the endpoints) to determine as to whether any of the endpoints may have analyzed the suspect object and observed its behaviors. If the object was analyzed, the endpoints may provide the observed behavior information to the appliance, which may then correlate that information, e.g., against correlation rules, to verify its determination of the exploit or malware. In addition, the appliance may task the endpoints to analyze the object, e.g., during run time, to determine whether it contains the exploit and provide the results to the appliance for correlation.
    Type: Grant
    Filed: September 7, 2016
    Date of Patent: November 3, 2020
    Assignee: FireEye, Inc.
    Inventors: Osman Abdoul Ismael, Ashar Aziz
  • Patent number: 10757120
    Abstract: An electronic message is analyzed for malware contained in the message. Text of an electronic message may be analyzed to detect and process malware content in the electronic message itself. The present technology may analyze an electronic message and attachments to electronic messages to detect a uniform resource location (URL), identify whether the URL is suspicious, and analyze all suspicious URLs to determine if they are malware. The analysis may include re-playing the suspicious URL in a virtual environment which simulates the intended computing device to receive the electronic message. If the re-played URL is determined to be malicious, the malicious URL is added to a black list which is updated throughout the computer system.
    Type: Grant
    Filed: July 16, 2018
    Date of Patent: August 25, 2020
    Assignee: FireEye, Inc.
    Inventors: Ashar Aziz, Henry Uyeno, Jay Manni, Amin Sukhera, Stuart Staniford
  • Patent number: 10740456
    Abstract: An architecture deployed to facilitate real-time security analysis, including exploit detection and threat intelligence, of operating system (OS) processes executed by a central processing unit (CPU). The architecture features memory configured to store a process, an OS kernel, a VMM and a virtualization module. The virtualization module is configured to communicate with the VMM and execute, at a privilege level of the CPU, to control access permissions to kernel resources accessible by the process. The VMM is configured to execute at a first privilege level of the virtualization module to expose the kernel resources to the OS kernel. The OS kernel is configured to execute at a second privilege level lower than the first privilege level of the virtualization module. The VMM is further configured to instantiate a virtual machine containing the OS kernel, where access to the kernel resources is controlled by the VMM and the virtual machine.
    Type: Grant
    Filed: April 16, 2018
    Date of Patent: August 11, 2020
    Assignee: FireEye, Inc.
    Inventors: Osman Abdoul Ismael, Ashar Aziz
  • Patent number: 10623434
    Abstract: A system is provided with one or more virtual machines and a replayer. The virtual machine(s) are configured to mimic operations of a first device. The replayer is configured to mimic operations of a second device. Herein, the replayer receives a portion of network data under analysis, dynamically modifies the portion of the network data, and transmits the modified portion of the network data to at least one virtual machine of the one or more virtual machines in accordance with a protocol sequence utilized between the first device and the second device.
    Type: Grant
    Filed: March 5, 2018
    Date of Patent: April 14, 2020
    Assignee: FireEye, Inc.
    Inventors: Ashar Aziz, Ramesh Radhakrishnan, Osman Ismael
  • Patent number: 10587636
    Abstract: Exemplary systems and methods for detecting a communication channel of a bot. In exemplary embodiments, presence of a communication channel between a first network device and a second network device is detected. Data from the communication channel is scanned and used to determine if a suspected bot communication exists. If a bot communication is detected, then a recovery process may be initiated.
    Type: Grant
    Filed: April 17, 2017
    Date of Patent: March 10, 2020
    Assignee: FireEye, Inc.
    Inventors: Ashar Aziz, Wei-Lung Lai, Jayaraman Manni
  • Patent number: 10567405
    Abstract: A system for detecting malware is described. The system features a traffic analysis device and a network device. The traffic analysis device is configured to receive data over a communication network, selectively filter the data, and output a first portion of the data to the network device. The network device is communicatively coupled with and remotely located from the traffic analysis device. The network device features software that, upon execution, (i) monitors behaviors of one or more virtual machines processing the first portion of the data received as output from the traffic analysis device, and (ii) detects, based on the monitored behaviors, a presence of malware in the first virtual machine.
    Type: Grant
    Filed: August 1, 2016
    Date of Patent: February 18, 2020
    Assignee: FireEye, Inc.
    Inventor: Ashar Aziz