Patents by Inventor CELESTE R. FRALICK

CELESTE R. FRALICK has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20210097176
    Abstract: Methods, apparatus, systems and articles of manufacture to defend against adversarial machine learning are disclosed. An example apparatus includes a model trainer to train a classification model based on files with expected classifications; and a model modifier to select a convolution layer of the trained classification model based on an analysis of the convolution layers of the trained classification model; and replace the convolution layer with a tree-based structure to generate a modified classification model.
    Type: Application
    Filed: September 27, 2019
    Publication date: April 1, 2021
    Inventors: Sherin M. Mathews, Celeste R. Fralick
  • Publication number: 20210097382
    Abstract: Methods, apparatus, systems and articles of manufacture to improve deepfake detection with explainability are disclosed. An example apparatus includes a deepfake classification model trainer to train a classification model based on a first portion of a dataset of media with known classification information, the classification model to output a classification for input media from a second portion of the dataset of media with known classification information; an explainability map generator to generate an explainability map based on the output of the classification model; a classification analyzer to compare the classification of the input media from the classification model with a known classification of the input media to determine if a misclassification occurred; and a model modifier to, when the misclassification occurred, modify the classification model based on the explainability map.
    Type: Application
    Filed: September 27, 2019
    Publication date: April 1, 2021
    Inventors: Sherin M. Mathews, Shivangee Trivedi, Amanda House, Celeste R. Fralick, Steve Povolny, Steve Grobman
  • Patent number: 10956568
    Abstract: A method for halting malware includes: monitoring plural file system events with a system driver to detect an occurrence of a file system event having a predetermined file type and log event type; triggering a listening engine for file system event stream data of a file associated with the detection of the file system event, the file system event stream data indicating data manipulation associated with the file due to execution of a process; obtaining one or more feature values for each of plural different feature combinations of plural features of the file based on the file system event stream data; inputting one or more feature values into a data analytics model to predict a target label value based on the one or more feature values of the plural different feature combinations and agnostic to the process; and performing a predetermined operation based on the target label value.
    Type: Grant
    Filed: April 30, 2018
    Date of Patent: March 23, 2021
    Assignee: Mcafee, LLC
    Inventors: Celeste R. Fralick, Jonathan King, Carl D. Woodward, Andrew V. Holtzmann, Kunal Mehta, Sherin M. Mathews
  • Publication number: 20210034986
    Abstract: Example apparatus disclosed herein generate blocks of a blockchain, the blockchain to store a neural network that has input nodes, hidden nodes and output nodes, with respective ones of the blocks of the blockchain including respective code and respective data to represent corresponding ones of the output nodes of the neural network, a first one of the blocks including first code and first data to implement operations to be performed by a first one of the output nodes, the hidden nodes and the input nodes on input data applied to the neural network to determine an output of the first one of the output nodes. Disclosed example apparatus also train the neural network to determine at least portions of the respective data to include in the respective ones of the blocks of the blockchain, and forward the blockchain to a server that is to distribute the neural network to client(s).
    Type: Application
    Filed: July 30, 2019
    Publication date: February 4, 2021
    Inventors: Amanda House, Celeste R. Fralick, Eric Wuehler, Sherin Mathews
  • Publication number: 20210019403
    Abstract: There is disclosed in one example a computer-implemented anti-ransomware method, including: selecting a file for inspection; assigning the file to a type class according to a file type identifier; receiving an expected byte correlation for the type class; computing, according to a byte distribution of the file, a byte correlation for the file; comparing, via statistical analysis, the byte correlation to the expected byte correlation; and determining that the file has been compromised, including determining that the file has a byte correlation that deviates from the expected byte correlation by more than a threshold, taking a ransomware remediation action for the file.
    Type: Application
    Filed: October 5, 2020
    Publication date: January 21, 2021
    Applicant: McAfee, LLC
    Inventors: Kunal Mehta, Sherin Mary Mathews, Carl D. Woodward, Celeste R. Fralick, Jonathan B. King
  • Patent number: 10860893
    Abstract: A method for automated assessment of a model includes: training a model to perform a prediction, diagnostic, or classification operation based on a training dataset; deploying the model in production to perform the operation on field data; monitoring signal data associated with the model automatically, the signal data including specific or derived signal data representing characteristics of an ecosystem in which the model is deployed and new observations in incoming field data; monitoring accuracy of the model by applying a statistical tool to a plurality of data points of the signal data; determining whether the signal data represents an unstable process by identifying outlier data points from among the plurality of data points of the signal data; generating an indication that a corrective action should be taken on the model based on a result of the determination; and displaying the indication on a display.
    Type: Grant
    Filed: March 29, 2018
    Date of Patent: December 8, 2020
    Assignee: McAfee, LLC
    Inventors: Lynda M. Grindstaff, Celeste R. Fralick
  • Patent number: 10795994
    Abstract: There is disclosed in one example a ransomware mitigation engine, including: a processor; a convolutional neural network configured to provide file type identification (FTI) services including: identifying an access operation of a file as a write to the file or newly creating the file; computing a byte correlation factor for the file; classifying the file as belonging to a file type; determining with a screening confidence that the file type is correct for the file; determining that the screening confidence is below a screening confidence threshold; and circuitry and logic to provide heuristic analysis including: receiving notification that the confidence is below the confidence threshold; performing a statistical analysis of the file to determine a difference between an expected value and a computed value; determining from the difference, with a detection confidence, that the file has been compromised; and identifying the file as having been compromised by a ransomware attack.
    Type: Grant
    Filed: September 26, 2018
    Date of Patent: October 6, 2020
    Assignee: McAfee, LLC
    Inventors: Kunal Mehta, Sherin Mary Mathews, Carl D. Woodward, Celeste R. Fralick, Jonathan B. King
  • Publication number: 20200210575
    Abstract: Methods and apparatus to detect adversarial malware are disclosed. An example adversarial malware detector includes a machine learning engine to classify a first feature representation representing features of a program as benign or malware, a feature perturber to, when the first feature representation is classified as benign, remove a first one of the features to form a second feature representation, and a decider to classify the program as adversarial malware when the machine learning engine classifies the second feature representation as malware.
    Type: Application
    Filed: December 28, 2018
    Publication date: July 2, 2020
    Inventors: Yonghong Huang, Raj Vardhan, Celeste R. Fralick, Gabriel G. Infante-Lopez, Dattatraya Kulkarni, Srikanth Nalluri, Sonam Bothra
  • Publication number: 20200097653
    Abstract: There is disclosed in one example a ransomware mitigation engine, including: a processor; a convolutional neural network configured to provide file type identification (FTI) services including: identifying an access operation of a file as a write to the file or newly creating the file; computing a byte correlation factor for the file; classifying the file as belonging to a file type; determining with a screening confidence that the file type is correct for the file; determining that the screening confidence is below a screening confidence threshold; and circuitry and logic to provide heuristic analysis including: receiving notification that the confidence is below the confidence threshold; performing a statistical analysis of the file to determine a difference between an expected value and a computed value; determining from the difference, with a detection confidence, that the file has been compromised; and identifying the file as having been compromised by a ransomware attack.
    Type: Application
    Filed: September 26, 2018
    Publication date: March 26, 2020
    Inventors: Kunal Mehta, Sherin Mary Mathews, Carl D. Woodward, Celeste R. Fralick, Jonathan B. King
  • Publication number: 20190332769
    Abstract: A method for halting malware includes: monitoring plural file system events with a system driver to detect an occurrence of a file system event having a predetermined file type and log event type; triggering a listening engine for file system event stream data of a file associated with the detection of the file system event, the file system event stream data indicating data manipulation associated with the file due to execution of a process; obtaining one or more feature values for each of plural different feature combinations of plural features of the file based on the file system event stream data; inputting one or more feature values into a data analytics model to predict a target label value based on the one or more feature values of the plural different feature combinations and agnostic to the process; and performing a predetermined operation based on the target label value.
    Type: Application
    Filed: April 30, 2018
    Publication date: October 31, 2019
    Inventors: CELESTE R. FRALICK, JONATHAN KING, CARL D. WOODWARD, ANDREW V. HOLTZMANN
  • Publication number: 20180285691
    Abstract: A method for automated assessment of a model includes: training a model to perform a prediction, diagnostic, or classification operation based on a training dataset; deploying the model in production to perform the operation on field data; monitoring signal data associated with the model automatically, the signal data including specific or derived signal data representing characteristics of an ecosystem in which the model is deployed and new observations in incoming field data; monitoring accuracy of the model by applying a statistical tool to a plurality of data points of the signal data; determining whether the signal data represents an unstable process by identifying outlier data points from among the plurality of data points of the signal data; generating an indication that a corrective action should be taken on the model based on a result of the determination; and displaying the indication on a display.
    Type: Application
    Filed: March 29, 2018
    Publication date: October 4, 2018
    Inventors: LYNDA M. GRINDSTAFF, CELESTE R. FRALICK