Patents by Inventor Chiung-Ying Huang
Chiung-Ying Huang has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11956261Abstract: A detection method for a malicious domain name in a domain name system (DNS) and a detection device are provided. The method includes: obtaining network connection data of an electronic device; capturing log data related to at least one domain name from the network connection data; analyzing the log data to generate at least one numerical feature related to the at least one domain name; inputting the at least one numerical feature into a multi-type prediction model, which includes a first data model and a second data model; and predicting whether a malicious domain name related to a malware or a phishing website exists in the at least one domain name by the multi-type prediction model according to the at least one numerical feature.Type: GrantFiled: May 12, 2021Date of Patent: April 9, 2024Assignee: Acer Cyber Security IncorporatedInventors: Chiung-Ying Huang, Yi-Chung Tseng, Ming-Kung Sun, Tung-Lin Tsai
-
Patent number: 11916939Abstract: An abnormal traffic detection method is provided according to an embodiment of the disclosure. The method includes: obtaining network traffic data of a target device; sampling the network traffic data by a sampling window with a time length to obtain sampling data; generating, according to the sampling data, an image which presents a traffic feature of the network traffic data corresponding to the time length; and analyzing the image to generate evaluation information corresponding to an abnormal traffic. In addition, an abnormal traffic detection device is also provided according to an embodiment of the disclosure to improve a detection ability and/or an analysis ability for the abnormal traffic and/or a malware.Type: GrantFiled: September 8, 2020Date of Patent: February 27, 2024Assignee: Acer Cyber Security IncorporatedInventors: Ming-Kung Sun, Tsung-Yu Ho, Zong-Cyuan Jhang, Chiung-Ying Huang
-
Publication number: 20220400133Abstract: An information leakage detection method and a device using the same are disclosed. The method includes the following steps. Network connection data of an electronic device is obtained. Log data related to a (domain name system) DNS is extracted from the network connection data. A DNS request in the log data is analyzed to obtain multiple character distribution feature values according to an analysis result. The character distribution feature values reflect a character distribution status of a domain name in the DNS request under different classification rules. A machine learning model determines whether the DNS request is a malicious DNS request according to the character distribution feature values, and the malicious DNS request is used to carry leaked data to a remote host.Type: ApplicationFiled: June 8, 2022Publication date: December 15, 2022Applicant: Acer Cyber Security IncorporatedInventors: Chiung-Ying Huang, Huei-Tang Li, Yi-Chung Tseng, Wei-An Chen
-
Patent number: 11386352Abstract: A system of training behavior labeling model is provided. Specifically, a processing unit inputs each data of a training data set into a plurality of learning modules to establish a plurality of labeling models. The processing unit obtains a plurality of second labeling information corresponding to each data of a verification data set and generates a behavior labeling result according to the second labeling information corresponding to each data of the verification data set. The processing unit obtains a labeling change value according to the behavior labeling result and first labeling information corresponding to each data of the verification data set. The processing unit, if determining that the labeling change value is greater than a change threshold, updates the first labeling information according to the behavior labeling results, exchanges the training data set and the verification data set and reestablishes the labeling models.Type: GrantFiled: February 26, 2019Date of Patent: July 12, 2022Assignee: Acer Cyber Security IncorporatedInventors: Chun-Hsien Li, Yin-Hsong Hsu, Chien-Hung Li, Tsung-Hsien Tsai, Chiung-Ying Huang, Ming-Kung Sun, Zong-Cyuan Jhang
-
Patent number: 11341018Abstract: A method for detecting abnormality adapted to detect abnormal operations of an operating system is provided. The method includes: calculating a safe range of usage of the operating system during one or more time periods according to a historical data stream; calculating abnormal ratios corresponding to the one or more time periods according to a current data stream and the safe range of usage; selecting one or more abnormal time periods from the one or more time periods according to a threshold and the abnormal ratios; calculating an abnormal indicator for each of the one or more abnormal time periods according to the historical data stream and the current data stream; and ranking the one or more abnormal time periods according to the abnormal indicator(s).Type: GrantFiled: February 21, 2019Date of Patent: May 24, 2022Assignee: Acer Cyber Security IncorporatedInventors: Chun-Hsien Li, Chien-Hung Li, Jun-Mein Wu, Ming-Kung Sun, Zong-Cyuan Jhang, Yin-Hsong Hsu, Chiung-Ying Huang, Tsung-Hsien Tsai
-
Publication number: 20210360013Abstract: A detection method for a malicious domain name in a domain name system (DNS) and a detection device are provided. The method includes: obtaining network connection data of an electronic device; capturing log data related to at least one domain name from the network connection data; analyzing the log data to generate at least one numerical feature related to the at least one domain name; inputting the at least one numerical feature into a multi-type prediction model, which includes a first data model and a second data model; and predicting whether a malicious domain name related to a malware or a phishing website exists in the at least one domain name by the multi-type prediction model according to the at least one numerical feature.Type: ApplicationFiled: May 12, 2021Publication date: November 18, 2021Applicant: Acer Cyber Security IncorporatedInventors: Chiung-Ying Huang, Yi-Chung Tseng, Ming-Kung Sun, Tung-Lin Tsai
-
Patent number: 11095672Abstract: The disclosure provides a method for evaluating domain name and a server using the same method. The method includes: retrieving a raw domain name and dividing the raw domain name into a plurality of parts; retrieving a specific part of the parts, wherein the specific part include characters; encoding the characters into encoded data; padding the encoded data to a specific length; projecting the encoded data being padded as embedded vectors; sequentially inputting the embedded vectors to a plurality cells of a long short term memory model to generate a result vector; and converting the result vector to a prediction probability via a fully-connected layer and a specific function.Type: GrantFiled: January 8, 2019Date of Patent: August 17, 2021Assignee: Acer Cyber Security IncorporatedInventors: Pin-Cyuan Lin, Jun-Mein Wu, Yu-Chun Wu, Ming-Kung Sun, Zong-Cyuan Jhang, Yi-Chung Tseng, Chiung-Ying Huang
-
Publication number: 20210136099Abstract: An abnormal traffic detection method is provided according to an embodiment of the disclosure. The method includes: obtaining network traffic data of a target device; sampling the network traffic data by a sampling window with a time length to obtain sampling data; generating, according to the sampling data, an image which presents a traffic feature of the network traffic data corresponding to the time length; and analyzing the image to generate evaluation information corresponding to an abnormal traffic. In addition, an abnormal traffic detection device is also provided according to an embodiment of the disclosure to improve a detection ability and/or an analysis ability for the abnormal traffic and/or a malware.Type: ApplicationFiled: September 8, 2020Publication date: May 6, 2021Applicant: Acer Cyber Security IncorporatedInventors: Ming-Kung Sun, Tsung-Yu Ho, Zong-Cyuan Jhang, Chiung-Ying Huang
-
Patent number: 10931714Abstract: The disclosure provides a domain name recognition method and a domain name recognition device. The domain name recognition method includes the following steps. A first string of a first domain name and a second string of a second domain name are obtained. Multiple characters of the first string and the second string are classified into multiple clusters. Multiple vectors corresponding to the clusters are generated, wherein each of the characters corresponds to one of the vectors. A first vector set corresponding to the first string and a second vector set corresponding to the second string are generated. A similarity of the first vector set and the second vector set is calculated.Type: GrantFiled: May 14, 2019Date of Patent: February 23, 2021Assignee: Acer Cyber Security IncorporatedInventors: Pin-Cyuan Lin, Yu-Chun Wu, Ming-Kung Sun, Zong-Cyuan Jhang, Yi-Chung Tseng, Chiung-Ying Huang
-
Publication number: 20200220897Abstract: The disclosure provides a domain name recognition method and a domain name recognition device. The domain name recognition method includes the following steps. A first string of a first domain name and a second string of a second domain name are obtained. Multiple characters of the first string and the second string are classified into multiple clusters. Multiple vectors corresponding to the clusters are generated, wherein each of the characters corresponds to one of the vectors. A first vector set corresponding to the first string and a second vector set corresponding to the second string are generated. A similarity of the first vector set and the second vector set is calculated.Type: ApplicationFiled: May 14, 2019Publication date: July 9, 2020Applicant: Acer Cyber Security IncorporatedInventors: Pin-Cyuan Lin, Yu-Chun Wu, Ming-Kung Sun, Zong-Cyuan Jhang, Yi-Chung Tseng, Chiung-Ying Huang
-
Publication number: 20200134504Abstract: A system of training behavior labeling model is provided. Specifically, a processing unit inputs each data of a training data set into a plurality of learning modules to establish a plurality of labeling models. The processing unit obtains a plurality of second labeling information corresponding to each data of a verification data set and generates a behavior labeling result according to the second labeling information corresponding to each data of the verification data set. The processing unit obtains a labeling change value according to the behavior labeling result and first labeling information corresponding to each data of the verification data set. The processing unit, if determining that the labeling change value is greater than a change threshold, updates the first labeling information according to the behavior labeling results, exchanges the training data set and the verification data set and reestablishes the labeling models.Type: ApplicationFiled: February 26, 2019Publication date: April 30, 2020Applicant: Acer Cyber Security IncorporatedInventors: Chun-Hsien Li, Yin-Hsong Hsu, Chien-Hung Li, Tsung-Hsien Tsai, Chiung-Ying Huang, Ming-Kung Sun, Zong-Cyuan Jhang
-
Publication number: 20200110689Abstract: A method for detecting abnormality adapted to detect abnormal operations of an operating system is provided. The method includes: calculating a safe range of usage of the operating system during one or more time periods according to a historical data stream; calculating abnormal ratios corresponding to the one or more time periods according to a current data stream and the safe range of usage; selecting one or more abnormal time periods from the one or more time periods according to a threshold and the abnormal ratios; calculating an abnormal indicator for each of the one or more abnormal time periods according to the historical data stream and the current data stream; and ranking the one or more abnormal time periods according to the abnormal indicator(s).Type: ApplicationFiled: February 21, 2019Publication date: April 9, 2020Applicant: Acer Cyber Security IncorporatedInventors: Chun-Hsien Li, Chien-Hung Li, Jun-Mein Wu, Ming-Kung Sun, Zong-Cyuan Jhang, Yin-Hsong Hsu, Chiung-Ying Huang, Tsung-Hsien Tsai
-
Publication number: 20200112575Abstract: The disclosure provides a method for evaluating domain name and a server using the same method. The method includes: retrieving a raw domain name and dividing the raw domain name into a plurality of parts; retrieving a specific part of the parts, wherein the specific part include characters; encoding the characters into encoded data; padding the encoded data to a specific length; projecting the encoded data being padded as embedded vectors; sequentially inputting the embedded vectors to a plurality cells of a long short term memory model to generate a result vector; and converting the result vector to a prediction probability via a fully-connected layer and a specific function.Type: ApplicationFiled: January 8, 2019Publication date: April 9, 2020Applicant: Acer Cyber Security IncorporatedInventors: Pin-Cyuan Lin, Jun-Mein Wu, Yu-Chun Wu, Ming-Kung Sun, Zong-Cyuan Jhang, Yi-Chung Tseng, Chiung-Ying Huang
-
Patent number: 10579798Abstract: An electronic device and a method for detecting a malicious file are provided. The method includes the following steps: An executable file is searched, and an import table is extracted from the executable file. The import table includes at least a name of a first DDL and a name of a second DDL. A distance between the first DLL and the second DLL is calculated. Whether the distance exceeds a threshold is determined. If the distance exceeds the threshold, then whether a duplicate content of the import table exists in the executable file is checked. The executable file is regarded as a malicious file if the duplicate content of the import table exists in the executable file.Type: GrantFiled: August 15, 2017Date of Patent: March 3, 2020Assignee: ACER CYBER SECURITY INCORPORATEDInventors: Ming-Kung Sun, Chiung-Ying Huang, Tung-Lin Tsai, Gu-Hsin Lai, Chia-Mei Chen, Tzu-Ching Chang
-
Patent number: 10294026Abstract: An automated warehouse storage and retrieval system may comprise at least an aisle, and each of two sides of the aisle has a shelf. A rail is laid along the aisle to enable at least an automated vehicle to move thereon. The automated vehicle has a platform, and a top surface thereof comprises at least a working station and at least a pick-and-place unit. Each of two lateral sides of the platform has two openings separated by a desired distance, and each of the openings has a climbing unit installed therein. The climbing units are configured to synchronously protrude from or move back in the openings. A side of the shelf faced to the rail has a plurality of vertical supporting members arranged in parallel, and each two adjacent supporting members are separated by the distance same as the two climbing units on the same lateral side of the platform.Type: GrantFiled: March 29, 2018Date of Patent: May 21, 2019Assignees: Tera Autotech Corporation, Department of Electrical Engineering, National Changhua Univ. of EducationInventors: Yi-Lung Lee, Tsair-Rong Chen, Chiung-Ying Huang, Shu-Ming Chen, Po-Hsuan Chen
-
Patent number: 10122738Abstract: A botnet detection system and method are provided. The method includes the steps of: retrieving a network log file of a computer device; refining the network log file according to a device alive-time record of the computer device and a network white list to obtain a plurality of individual network log files, wherein each individual network log file records time information, a source IP address of the computer device, and an individual destination IP address; and analyzing a plurality of connection intervals of the source IP address connecting to the individual destination IP address in each individual network log file to determine whether the computer device exhibits connection behavior that indicates infection by a botnet malware.Type: GrantFiled: July 20, 2016Date of Patent: November 6, 2018Assignee: ACER INCORPORATEDInventors: Ming-Kung Sun, Chiung-Ying Huang, Zong-Cyuan Jhang
-
Publication number: 20180165452Abstract: An electronic device and a method for detecting a malicious file are provided. The method includes the following steps: An executable file is searched, and an import table is extracted from the executable file. The import table includes at least a name of a first DDL and a name of a second DDL. A distance between the first DLL and the second DLL is calculated. Whether the distance exceeds a threshold is determined. If the distance exceeds the threshold, then whether a duplicate content of the import table exists in the executable file is checked. The executable file is regarded as a malicious file if the duplicate content of the import table exists in the executable file.Type: ApplicationFiled: August 15, 2017Publication date: June 14, 2018Inventors: Ming-Kung Sun, Chiung-Ying Huang, Tung-Lin Tsai, Gu-Hsin Lai, Chia-Mei Chen, Tzu-Ching Chang
-
Publication number: 20170310687Abstract: A botnet detection system and method are provided. The method includes the steps of: retrieving a network log file of a computer device; refining the network log file according to a device alive-time record of the computer device and a network white list to obtain a plurality of individual network log files, wherein each individual network log file records time information, a source IP address of the computer device, and an individual destination IP address; and analyzing a plurality of connection intervals of the source IP address connecting to the individual destination IP address in each individual network log file to determine whether the computer device exhibits connection behavior that indicates infection by a botnet malware.Type: ApplicationFiled: July 20, 2016Publication date: October 26, 2017Inventors: Ming-Kung SUN, Chiung-Ying HUANG, Zong-Cyuan JHANG
-
Patent number: 8955123Abstract: A system for preventing malicious communication includes a safe module set with a specific Internet Protocol address and a Time to Live threshold value of the specific IP address to determine whether a malicious communication exists. If the malicious communication exists, the safe module can re-direct the malicious communication to a recording module of the system for recording the content of the malicious communication.Type: GrantFiled: August 27, 2008Date of Patent: February 10, 2015Assignee: Acer Inc.Inventor: Chiung-Ying Huang
-
Publication number: 20090320131Abstract: A method and a system for preventing malicious communication are disclosed. The system comprises a safe module set with a specific Internet Protocol address and a Time to Live threshold value of the specific IP address to determine whether a malicious communication exists. If the malicious communication exists, the safe module can re-direct the malicious communication to a recording module of the system for recording the content of the malicious communication.Type: ApplicationFiled: August 27, 2008Publication date: December 24, 2009Inventor: Chiung-Ying Huang