Patents by Inventor Carl D. Woodward

Carl D. Woodward has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10956568
    Abstract: A method for halting malware includes: monitoring plural file system events with a system driver to detect an occurrence of a file system event having a predetermined file type and log event type; triggering a listening engine for file system event stream data of a file associated with the detection of the file system event, the file system event stream data indicating data manipulation associated with the file due to execution of a process; obtaining one or more feature values for each of plural different feature combinations of plural features of the file based on the file system event stream data; inputting one or more feature values into a data analytics model to predict a target label value based on the one or more feature values of the plural different feature combinations and agnostic to the process; and performing a predetermined operation based on the target label value.
    Type: Grant
    Filed: April 30, 2018
    Date of Patent: March 23, 2021
    Assignee: Mcafee, LLC
    Inventors: Celeste R. Fralick, Jonathan King, Carl D. Woodward, Andrew V. Holtzmann, Kunal Mehta, Sherin M. Mathews
  • Patent number: 10909638
    Abstract: In an example, there is a disclosed a computing apparatus, including: a psychological state data interface to receive psychological state data; one or more logic elements, including at least one hardware element, including a verification engine to: receive a requested user action; receive a psychological state input via the psychological state data interface; analyze the psychological state input; and bar the requested user action at least partly responsive to the analyzing.
    Type: Grant
    Filed: December 28, 2018
    Date of Patent: February 2, 2021
    Assignee: McAfee, LLC
    Inventors: Kunal Mehta, Carl D. Woodward, Steven Grobman, Ryan Durand, Simon Hunt
  • Patent number: 10902123
    Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a performance monitoring unit (PMU); and one or more tangible, non-transitory computer-readable mediums having stored thereon executable instructions to provide a kernel space threat detection engine to: receive a PMU event; correlate the PMU event to a computer security threat including extracting artifacts from the PMU event, and correlating the artifacts to an artifact profile for a known attack; and identify a process associated with the PMU event as a potential attack.
    Type: Grant
    Filed: July 30, 2018
    Date of Patent: January 26, 2021
    Assignee: McAfee, LLC
    Inventors: Carl D. Woodward, Kunal Mehta
  • Publication number: 20210019411
    Abstract: Particular embodiments described herein provide for an electronic device that can be configured to allow for the mitigation of ransomware. For example, the system can determine that an application begins to execute, determine that the application attempts to modify a file, determine a file type for the file, and create a security event if the application is not authorized to modify the file type. In another example, the system determines an entropy value between the file and the attempted modification of the file, and create a security event if the entropy value satisfies a threshold or determine a system entropy value that includes a rate at which other files on the system are being modified by the application, and create a security event if the system entropy value satisfies a threshold.
    Type: Application
    Filed: October 6, 2020
    Publication date: January 21, 2021
    Applicant: McAfee, LLC
    Inventors: Craig D. Schmugar, Cedric Cochin, Andrew Furtak, Adam James Carrivick, Yury Bulygin, John J. Loucaides, Oleksander Bazhaniuk, Christiaan Beek, Carl D. Woodward, Ronald Gallella, Gregory Michael Heitzmann, Joel R. Spurlock
  • Publication number: 20210019403
    Abstract: There is disclosed in one example a computer-implemented anti-ransomware method, including: selecting a file for inspection; assigning the file to a type class according to a file type identifier; receiving an expected byte correlation for the type class; computing, according to a byte distribution of the file, a byte correlation for the file; comparing, via statistical analysis, the byte correlation to the expected byte correlation; and determining that the file has been compromised, including determining that the file has a byte correlation that deviates from the expected byte correlation by more than a threshold, taking a ransomware remediation action for the file.
    Type: Application
    Filed: October 5, 2020
    Publication date: January 21, 2021
    Applicant: McAfee, LLC
    Inventors: Kunal Mehta, Sherin Mary Mathews, Carl D. Woodward, Celeste R. Fralick, Jonathan B. King
  • Patent number: 10860718
    Abstract: Techniques for protecting a computer system against fileless malware are described. One technique includes a virtual machine (VM) locker logic/module implemented by one or more processors receiving information about input/output (I/O) requests associated with injection of data into a process. The logic/module can generate or update an information log to reflect that the process includes data from an external source. The data from the external source can include fileless malware. The technique also includes the logic/module intercepting an execution request by a process (e.g., the process that includes data from an external source, another process, etc.), where an execute privilege located in an operating system mediated access control mechanism approves the request. Next, the logic/module determines that the process requesting execution is included in the log and removes an execute privilege located in a hypervisor mediated access control mechanism to deny the request.
    Type: Grant
    Filed: September 19, 2017
    Date of Patent: December 8, 2020
    Assignee: McAfee, LLC
    Inventors: Sriranga Seetharamaiah, Carl D. Woodward
  • Patent number: 10831893
    Abstract: Particular embodiments described herein provide for an electronic device that can be configured to allow for the mitigation of ransomware. For example, the system can determine that an application begins to execute, determine that the application attempts to modify a file, determine a file type for the file, and create a security event if the application is not authorized to modify the file type. In another example, the system determines an entropy value between the file and the attempted modification of the file, and create a security event if the entropy value satisfies a threshold or determine a system entropy value that includes a rate at which other files on the system are being modified by the application, and create a security event if the system entropy value satisfies a threshold.
    Type: Grant
    Filed: July 14, 2016
    Date of Patent: November 10, 2020
    Assignee: McAfee, LLC
    Inventors: Craig D. Schmugar, Cedric Cochin, Andrew Furtak, Adam James Carrivick, Yury Bulygin, John J. Loucaides, Oleksander Bazhaniuk, Christiaan Beek, Carl D. Woodward, Ronald Gallella, Gregory Michael Heitzmann, Joel R. Spurlock
  • Patent number: 10825111
    Abstract: There is disclosed in one example a social media server, including: a processor; a trusted input/output (IO) interface to communicatively couple to a consumer device; a network interface to communicatively couple to an enterprise; and a memory having stored thereon executable instructions to instruct the processor to provide a data loss prevention (DLP) engine to: receive via the trusted IO interface a signed and encrypted user posting for the social media service, the user posting including a signed user state report verifying that the user has passed a biometric screening; transmit content of the user posting to the enterprise via the network interface for DLP analysis; receive from the enterprise a notification that the user posting has passed DLP analysis; and accept the user posting.
    Type: Grant
    Filed: December 28, 2018
    Date of Patent: November 3, 2020
    Assignee: McAfee, LLC
    Inventors: Kunal Mehta, Carl D. Woodward, Steven Grobman, Ryan Durand, Simon Hunt
  • Patent number: 10795994
    Abstract: There is disclosed in one example a ransomware mitigation engine, including: a processor; a convolutional neural network configured to provide file type identification (FTI) services including: identifying an access operation of a file as a write to the file or newly creating the file; computing a byte correlation factor for the file; classifying the file as belonging to a file type; determining with a screening confidence that the file type is correct for the file; determining that the screening confidence is below a screening confidence threshold; and circuitry and logic to provide heuristic analysis including: receiving notification that the confidence is below the confidence threshold; performing a statistical analysis of the file to determine a difference between an expected value and a computed value; determining from the difference, with a detection confidence, that the file has been compromised; and identifying the file as having been compromised by a ransomware attack.
    Type: Grant
    Filed: September 26, 2018
    Date of Patent: October 6, 2020
    Assignee: McAfee, LLC
    Inventors: Kunal Mehta, Sherin Mary Mathews, Carl D. Woodward, Celeste R. Fralick, Jonathan B. King
  • Publication number: 20200226253
    Abstract: Particular embodiments described herein provide for an electronic device that can be configured to identify a file, determine a polyglotness score for the file, where the polyglotness score is an indicator of whether or not the file is a polyglot file, and analyze the file for the presence of malware if the polyglotness score satisfies threshold.
    Type: Application
    Filed: January 14, 2019
    Publication date: July 16, 2020
    Applicant: McAfee, LLC
    Inventors: German Lancioni, Carl D. Woodward
  • Publication number: 20200228545
    Abstract: A first storage device or first storage disk including first executable instructions that, when executed, cause a processor to at least: in response to determining a variable associated with a memory page that (1) has been loaded into local memory from a second storage device and (2) has been accessed from the local memory, has a first state, identify the memory page as a modified memory page, the memory page including second executable instructions. The first instructions also cause the processor to, in response to determining the second executable instructions of the modified memory page have been changed since a previous analysis of the modified memory page, perform anti-malware analysis of at least a portion of the modified memory page.
    Type: Application
    Filed: March 23, 2020
    Publication date: July 16, 2020
    Inventors: Venkata Ramanan Sambandam, Carl D. Woodward, Dmitri Rubakha, Steven L. Grobman
  • Patent number: 10652218
    Abstract: There is disclosed in an example a computing apparatus, comprising: a network interface; a messaging application to communicate via the network interface; and one or more logic elements comprising a security layer, discrete from the messaging application, to: generate a message; secure the message; and send the message via the messaging application.
    Type: Grant
    Filed: December 28, 2016
    Date of Patent: May 12, 2020
    Assignee: McAfee, LLC
    Inventors: German Lancioni, Carl D. Woodward, Mario Leandro Bertogna
  • Patent number: 10623438
    Abstract: A technique for detecting malware uses hardware capabilities of the processing element of a programmable device to detect modification of executable code during execution. By monitoring a dirty bit in page tables, pages that have been modified can be detected, allowing analysis of those pages during execution. An indication may then be passed to an anti-malware software to analyze the executable further.
    Type: Grant
    Filed: December 28, 2016
    Date of Patent: April 14, 2020
    Assignee: McAfee, LLC
    Inventors: Venkata Ramanan Sambandam, Carl D. Woodward, Dmitri Rubakha, Steven L. Grobman
  • Publication number: 20200097653
    Abstract: There is disclosed in one example a ransomware mitigation engine, including: a processor; a convolutional neural network configured to provide file type identification (FTI) services including: identifying an access operation of a file as a write to the file or newly creating the file; computing a byte correlation factor for the file; classifying the file as belonging to a file type; determining with a screening confidence that the file type is correct for the file; determining that the screening confidence is below a screening confidence threshold; and circuitry and logic to provide heuristic analysis including: receiving notification that the confidence is below the confidence threshold; performing a statistical analysis of the file to determine a difference between an expected value and a computed value; determining from the difference, with a detection confidence, that the file has been compromised; and identifying the file as having been compromised by a ransomware attack.
    Type: Application
    Filed: September 26, 2018
    Publication date: March 26, 2020
    Inventors: Kunal Mehta, Sherin Mary Mathews, Carl D. Woodward, Celeste R. Fralick, Jonathan B. King
  • Publication number: 20200099708
    Abstract: Methods, systems, and media for detecting anomalous network activity are provided. In some embodiments, a method for detecting anomalous network activity is provided, the method comprising: receiving information indicating network activity, wherein the information includes IP addresses corresponding to devices participating in the network activity; generating a graph representing the network activity, wherein each node of the graph indicates an IP address of a device; generating a representation of the graph, wherein the representation of the graph reduces a dimensionality of information indicated in the graph; identifying a plurality of clusters of network activity based on the representation of the graph; determining that at least one cluster corresponds to anomalous network activity; and in response to determining that the at least one cluster corresponds to anomalous network activity, causing a network connection of at least one device included in the at least one cluster to be blocked.
    Type: Application
    Filed: September 21, 2018
    Publication date: March 26, 2020
    Inventors: Sherin M. Mathews, Vaisakh Shaj, Sriranga Seetharamaiah, Carl D. Woodward, Kantheti VVSMB Kumar
  • Publication number: 20200065490
    Abstract: A combination of hardware monitoring and binary translation software allow detection of return-oriented programming (ROP) exploits with low overhead and low false positive rates. Embodiments may use various forms of hardware to detect ROP exploits and indicate the presence of an anomaly to a device driver, which may collect data and pass the indication of the anomaly to the binary translation software to instrument the application code and determine whether an ROP exploit has been detected. Upon detection of the ROP exploit, the binary translation software may indicate the ROP exploit to an anti-malware software, which may take further remedial action as desired.
    Type: Application
    Filed: September 16, 2019
    Publication date: February 27, 2020
    Inventors: Palanivelrajan Rajan Shanmugavelayutham, Koichi Yamada, Vadim Sukhomlinov, Igor Muttik, Oleksandr Bazhaniuk, Yuriy Bulygin, Dmitri Dima Rubakha, Jennifer Eligius Mankin, Carl D. Woodward, Sevin F. Varoglu, Dima Mirkin, Alex Nayshtut
  • Publication number: 20190332769
    Abstract: A method for halting malware includes: monitoring plural file system events with a system driver to detect an occurrence of a file system event having a predetermined file type and log event type; triggering a listening engine for file system event stream data of a file associated with the detection of the file system event, the file system event stream data indicating data manipulation associated with the file due to execution of a process; obtaining one or more feature values for each of plural different feature combinations of plural features of the file based on the file system event stream data; inputting one or more feature values into a data analytics model to predict a target label value based on the one or more feature values of the plural different feature combinations and agnostic to the process; and performing a predetermined operation based on the target label value.
    Type: Application
    Filed: April 30, 2018
    Publication date: October 31, 2019
    Inventors: CELESTE R. FRALICK, JONATHAN KING, CARL D. WOODWARD, ANDREW V. HOLTZMANN
  • Publication number: 20190319982
    Abstract: An example system to obscure personally identifiable information of a user of an electronic device is disclosed. The example system includes a first processor to select a set of instructions from a plurality of sets of instructions. The first processor also is to transmit the set of instructions to a second processor, the second processor disposed in an electronic device, the electronic device remote from the first processor, the set of instructions to cause the second processor to obtain non-personally identifiable data from the personally identifiable information gathered by the electronic device. The example system also includes a remote data reader to read the non-personally identifiable data from the electronic device.
    Type: Application
    Filed: June 26, 2019
    Publication date: October 17, 2019
    Inventors: Ryan M. Durand, Carl D. Woodward, Kunal Mehta, Lynda M. Grindstaff
  • Patent number: 10437998
    Abstract: A combination of hardware monitoring and binary translation software allow detection of return-oriented programming (ROP) exploits with low overhead and low false positive rates. Embodiments may use various forms of hardware to detect ROP exploits and indicate the presence of an anomaly to a device driver, which may collect data and pass the indication of the anomaly to the binary translation software to instrument the application code and determine whether an ROP exploit has been detected. Upon detection of the ROP exploit, the binary translation software may indicate the ROP exploit to an anti-malware software, which may take further remedial action as desired.
    Type: Grant
    Filed: October 26, 2015
    Date of Patent: October 8, 2019
    Assignee: McAfee, LLC
    Inventors: Palanivelrajan Rajan Shanmugavelayutham, Koichi Yamada, Vadim Sukhomlinov, Igor Muttik, Oleksandr Bazhaniuk, Yuriy Bulygin, Dmitri Dima Rubakha, Jennifer Eligius Mankin, Carl D. Woodward, Sevin F. Varoglu, Dima Mirkin, Alex Nayshtut
  • Patent number: 10375109
    Abstract: Protecting personally identifiable information data collected and/or stored in physical objects with embedded electronic devices by performing at least the following: obtaining a plurality of personally identifiable information algorithms for a plurality of electronic user devices, determining a relevant personally identifiable information algorithm from the plurality of personally identifiable information algorithms, executing the relevant personally identifiable information algorithm over the relevant personally identifiable information from one of the electronic user devices to construct a personally identifiable information data result, and transmitting the personally identifiable information data result without transmitting the relevant personally identifiable information to a remote computing system.
    Type: Grant
    Filed: December 23, 2015
    Date of Patent: August 6, 2019
    Assignee: McAfee, LLC
    Inventors: Ryan M. Durand, Carl D. Woodward, Kunal Mehta, Lynda M. Grindstaff