Patents by Inventor Brandon Niemczyk
Brandon Niemczyk has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11128664Abstract: An intrusion prevention system includes a machine learning model for inspecting network traffic. The intrusion prevention system receives and scans the network traffic for data that match an anchor pattern. A data stream that follows the data that match the anchor pattern is extracted from the network traffic. Model features of the machine learning model are identified in the data stream. The intrusion prevention system classifies the network traffic based at least on model coefficients of the machine learning model that are identified in the data stream. The intrusion prevention system apples a network policy on the network traffic (e.g., block the network traffic) when the network traffic is classified as malicious.Type: GrantFiled: April 18, 2017Date of Patent: September 21, 2021Assignee: Trend Micro IncorporatedInventors: Jonathan Andersson, Josiah Hagen, Brandon Niemczyk
-
Patent number: 11044265Abstract: In one embodiment, local begin and end tags are detected by a network security device to determine a local context of a network traffic flow, and a local feature vector is obtained for that local context. At least one triggering machine learning model is applied by the network security device to the local feature vector, and the result determines whether or not deeper analysis is warranted. In most cases, very substantial resources are not required because deeper analysis is not indicated. If deeper analysis is indicated, one or more deeper machine learning model may then be applied to global and local feature vectors, and regular expressions may be applied to packet data, which may include the triggering data packet and one or more subsequent data packets. Other embodiments, aspects and features are also disclosed.Type: GrantFiled: June 11, 2020Date of Patent: June 22, 2021Assignee: Trend Micro IncorporatedInventors: Josiah Dede Hagen, Jonathan Edward Andersson, Shoufu Luo, Brandon Niemczyk, Leslie Zsohar, Craig Botkin, Peter Andriukaitis
-
Patent number: 11042815Abstract: Examples relate to providing hierarchical classifiers. In some examples, a superclass classifier of a hierarchy of classifiers is trained with a first type of prediction threshold, where the superclass classifier classifies data into one of a number of subclasses. At this stage, a subclass classifier is trained with a second type of prediction threshold, where the subclass classifier classifies the data into one of a number of classes. The first type of prediction threshold of the superclass classifier and the second type of prediction threshold of the subclass classifier are alternatively applied to classify data segments.Type: GrantFiled: October 10, 2017Date of Patent: June 22, 2021Assignee: Trend Micro IncorporatedInventors: Josiah Dede Hagen, Brandon Niemczyk
-
Patent number: 10757029Abstract: According to an example, network traffic pattern based identification may include analyzing each packet of a plurality of packets that are outgoing from and/or incoming to an entity to respectively determine features within a sequence of outgoing packets and/or a sequence of incoming packets of the plurality of packets. Network traffic pattern based identification may further include analyzing the determined features by respectively using an outgoing packet classification model and/or an incoming packet classification model, and classifying, based on the analysis of the features.Type: GrantFiled: January 12, 2018Date of Patent: August 25, 2020Assignee: Trend Micro IncorporatedInventors: Vaibhav Chhabra, Josiah Dede Hagen, Brandon Niemczyk
-
Patent number: 10728268Abstract: In one embodiment, local begin and end tags are detected by a network security device to determine a local context of a network traffic flow, and a local feature vector is obtained for that local context. At least one triggering machine learning model is applied by the network security device to the local feature vector, and the result determines whether or not deeper analysis is warranted. In most cases, very substantial resources are not required because deeper analysis is not indicated. If deeper analysis is indicated, one or more deeper machine learning model may then be applied to global and local feature vectors, and regular expressions may be applied to packet data, which may include the triggering data packet and one or more subsequent data packets. Other embodiments, aspects and features are also disclosed.Type: GrantFiled: April 10, 2018Date of Patent: July 28, 2020Assignee: Trend Micro IncorporatedInventors: Josiah Dede Hagen, Jonathan Edward Andersson, Shoufu Luo, Brandon Niemczyk, Leslie Zsohar, Craig Botkin, Peter Andriukaitis
-
Patent number: 10701031Abstract: Examples relate to identifying algorithmically generated domains. In one example, a computing device may: receive a query domain name; split the query domain name into an ordered plurality of portions of the query domain name, the ordered plurality of portions beginning with a first portion and ending with a last portion, the last portion including a top level domain of the query domain name; provide, in reverse order beginning with the last portion, the portions of the query domain name as input to a predictive model that has been trained to determine whether the query domain name is an algorithmically generated domain name, the determination being based on syntactic features of the query domain name; and receive, as output from the predictive model, data indicating whether the query domain name is algorithmically generated.Type: GrantFiled: November 16, 2017Date of Patent: June 30, 2020Assignee: Trend Micro IncorporatedInventors: Josiah Dede Hagen, Richard Lawshae, Brandon Niemczyk
-
Publication number: 20180139142Abstract: According to an example, network traffic pattern based identification may include analyzing each packet of a plurality of packets that are outgoing from and/or incoming to an entity to respectively determine features within a sequence of outgoing packets and/or a sequence of incoming packets of the plurality of packets. Network traffic pattern based identification may further include analyzing the determined features by respectively using an outgoing packet classification model and/or an incoming packet classification model, and classifying, based on the analysis of the features.Type: ApplicationFiled: January 12, 2018Publication date: May 17, 2018Applicant: Trend Micro IncorporatedInventors: Vaibhav CHHABRA, Josiah Dede HAGEN, Brandon NIEMCZYK
-
Publication number: 20180124010Abstract: Examples relate to identifying algorithmically generated domains. In one example, a computing device may: receive a query domain name; provide the query domain name as input to a predictive model that has been trained to determine whether the query domain name is an algorithmically generated domain name, the determination being based on syntactic features of the query domain name, the syntactic features including a count of particular character n-grams included in at least a portion of the query domain name, where n is a positive integer greater than one; and receive, as output from the predictive model, data indicating whether the query domain name is algorithmically generated.Type: ApplicationFiled: December 19, 2017Publication date: May 3, 2018Inventors: Josiah Hagen, Brandon Niemczyk, Richard Lawshae
-
Publication number: 20180077117Abstract: Examples relate to identifying algorithmically generated domains. In one example, a computing device may: receive a query domain name; split the query domain name into an ordered plurality of portions of the query domain name, the ordered plurality of portions beginning with a first portion and ending with a last portion, the last portion including a top level domain of the query domain name; provide, in reverse order beginning with the last portion, the portions of the query domain name as input to a predictive model that has been trained to determine whether the query domain name is an algorithmically generated domain name, the determination being based on syntactic features of the query domain name; and receive, as output from the predictive model, data indicating whether the query domain name is algorithmically generated.Type: ApplicationFiled: November 16, 2017Publication date: March 15, 2018Applicant: Trend Micro IncorporatedInventors: Josiah Dede HAGEN, Richard LAWSHAE, Brandon NIEMCZYK
-
Publication number: 20180032917Abstract: Examples relate to providing hierarchical classifiers. In some examples, a superclass classifier of a hierarchy of classifiers is trained with a first type of prediction threshold, where the superclass classifier classifies data into one of a number of subclasses. At this stage, a subclass classifier is trained with a second type of prediction threshold, where the subclass classifier classifies the data into one of a number of classes. The first type of prediction threshold of the superclass classifier and the second type of prediction threshold of the subclass classifier are alternatively applied to classify data segments.Type: ApplicationFiled: October 10, 2017Publication date: February 1, 2018Applicant: Trend Micro IncorporatedInventors: Josiah Dede HAGEN, Brandon NIEMCZYK
-
Patent number: 9876755Abstract: Examples relate to identifying algorithmically generated domains. In one example, a computing device may: receive a query domain name; provide the query domain name as input to a predictive model that has been trained to determine whether the query domain name is an algorithmically generated domain name, the determination being based on syntactic features of the query domain name, the syntactic features including a count of particular character n-grams included in at least a portion of the query domain name, where n is a positive integer greater than one; and receive, as output from the predictive model, data indicating whether the query domain name is algorithmically generated.Type: GrantFiled: May 27, 2015Date of Patent: January 23, 2018Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LPInventors: Josiah Hagen, Brandon Niemczyk, Richard Lawshae
-
Publication number: 20170041136Abstract: Examples herein disclose packet size information collected over an encrypted tunnel. The examples identify an application communicated via the encrypted tunnel based on the packet size information.Type: ApplicationFiled: August 6, 2015Publication date: February 9, 2017Inventors: Brandon Niemczyk, Josiah Dede Hagen, Prasad V. Rao
-
Publication number: 20170039484Abstract: Examples relate to generating negative classifier data based on positive classifier data. In one example, a computing device may: obtain positive classifier data for a first class, the positive classifier data including at least one correlated feature set and, for each correlated feature set, a measure of likelihood that data matching the correlated feature set belongs to the first class; determine, for each feature included in the at least one correlated feature set, a de-correlated measure of likelihood that data including the feature belongs to the first class; and generate, based on each de-correlated measure of likelihood, negative classifier data for classifying data as belonging to a second class.Type: ApplicationFiled: August 7, 2015Publication date: February 9, 2017Inventors: Brandon Niemczyk, Josiah Hagen
-
Publication number: 20160352679Abstract: Examples relate to identifying algorithmically generated domains. In one example, a computing device may: receive a query domain name; provide the query domain name as input to a predictive model that has been trained to determine whether the query domain name is an algorithmically generated domain name, the determination being based on syntactic features of the query domain name, the syntactic features including a count of particular character n-grams included in at least a portion of the query domain name, where n is a positive integer greater than one; and receive, as output from the predictive model, data indicating whether the query domain name is algorithmically generated.Type: ApplicationFiled: May 27, 2015Publication date: December 1, 2016Inventors: Josiah Hagen, Brandon Niemczyk, Richard Lawshae