Patents by Inventor Christoph Alme
Christoph Alme has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11301564Abstract: There is disclosed in one example a computing apparatus, including: a processor; and a memory having encoded therein executable instructions to instruct the processor to: divide a file-under-analysis into a plurality of features; build a plurality of categories from the plurality of features, including a category of unrelated features; construct a first decision tree from a first category of the plurality of features, the first category including related features; construct a second decision tree from a second category of the plurality of features, the second decision tree including unrelated features; and determine, based at least partly on the first decision tree and the second decision tree, that the file under analysis has malware content.Type: GrantFiled: March 28, 2019Date of Patent: April 12, 2022Assignee: McAfee, LLCInventors: Christoph Alme, Joachim Gehweiler, Oliver Helge Marquardt
-
Patent number: 10482247Abstract: Systems and methods are provided in example embodiments for mitigating malicious calls. The system can be configured to determine a series of checksums for a file, compare the series of checksums to a checksum tree, where the checksum tree includes a plurality of nodes that each include a fuzzy checksum of known malware, and assign one or more classifications to the file, where each of the one or more classifications is based on each node of the checksum tree that matches a checksum in the series of checksums and includes whether the file includes malware or benign checksums.Type: GrantFiled: March 28, 2019Date of Patent: November 19, 2019Assignee: McAfee, LLCInventors: Christoph Alme, Slawa Hahn, Sebastian Thoene
-
Publication number: 20190228152Abstract: Systems and methods are provided in example embodiments for mitigating malicious calls. The system can be configured to determine a series of checksums for a file, compare the series of checksums to a checksum tree, where the checksum tree includes a plurality of nodes that each include a fuzzy checksum of known malware, and assign one or more classifications to the file, where each of the one or more classifications is based on each node of the checksum tree that matches a checksum in the series of checksums and includes whether the file includes malware or benign checksums.Type: ApplicationFiled: March 28, 2019Publication date: July 25, 2019Applicant: McAfee, LLCInventors: Christoph Alme, Slawa Hahn, Sebastian Thoene
-
Publication number: 20190220595Abstract: There is disclosed in one example a computing apparatus, including: a processor; and a memory having encoded therein executable instructions to instruct the processor to: divide a file-under-analysis into a plurality of features; build a plurality of categories from the plurality of features, including a category of unrelated features; construct a first decision tree from a first category of the plurality of features, the first category including related features; construct a second decision tree from a second category of the plurality of features, the second decision tree including unrelated features; and determine, based at least partly on the first decision tree and the second decision tree, that the file under analysis has malware content.Type: ApplicationFiled: March 28, 2019Publication date: July 18, 2019Inventors: Joachim Gehweiler, Oliver Helge Marquardt, Christoph Alme
-
Patent number: 10296742Abstract: Embodiments of the present disclosure include methods, devices, and computer program products for detecting malware in a file. Embodiments include identifying a plurality of features of the file, categorizing each of the plurality of features to define a plurality of categories of features, building a first decision tree based on a first category from the plurality of categories, the first category comprising a first set of features of the file, and building a second decision tree based on a second category from the plurality of categories, the second decision tree comprising a second set of features of the file, the second set different from the first set. Some embodiments include comparing results from each decision tree to determine the presence or absence of malware.Type: GrantFiled: October 31, 2015Date of Patent: May 21, 2019Assignee: McAfee, LLCInventors: Christoph Alme, Joachim Gehweiler, Oliver Helge Marquardt
-
Patent number: 10275594Abstract: Systems and methods are provided in example embodiments for mitigating malicious calls. The system can be configured to determine a series of checksums for a file, compare the series of checksums to a checksum tree, where the checksum tree includes a plurality of nodes that each include a fuzzy checksum of known malware, and assign one or more classifications to the file, where each of the one or more classifications is based on each node of the checksum tree that matches a checksum in the series of checksums and includes whether the file includes malware or benign checksums.Type: GrantFiled: October 11, 2016Date of Patent: April 30, 2019Assignee: McAfee, LLCInventors: Christoph Alme, Slawa Hahn, Sebastian Thoene
-
Patent number: 10127380Abstract: Particular embodiments described herein provide for an electronic device that can be configured to receive script data, determine a checksum tree for the script data, compare each checksum of the checksum tree to one or more subtree checksums, and assign one or more classifications to the script data. In one example, the checksum tree is an abstract syntax tree.Type: GrantFiled: June 2, 2017Date of Patent: November 13, 2018Assignee: McAfee, LLCInventors: Christoph Alme, Slawa Hahn, Stefan Finke
-
Patent number: 9846774Abstract: Particular embodiments described herein provide for an electronic device that can be configured to identify an application, run the application, log the parameters for each function call of the application, and store the logged parameters in an emulation table. The logged parameters can include a function call, input parameters, and output parameters. The emulation table can be used to simulate execution of an application without having to actually run the application.Type: GrantFiled: June 27, 2015Date of Patent: December 19, 2017Assignee: McAfee, LLCInventors: Christoph Alme, Slawa Hahn, Stefan Finke
-
Publication number: 20170270298Abstract: Particular embodiments described herein provide for an electronic device that can be configured to receive script data, determine a checksum tree for the script data, compare each checksum of the checksum tree to one or more subtree checksums, and assign one or more classifications to the script data. In one example, the checksum tree is an abstract syntax tree.Type: ApplicationFiled: June 2, 2017Publication date: September 21, 2017Applicant: McAfee, Inc.Inventors: Christoph Alme, Slawa Hahn, Stefan Finke
-
Patent number: 9727710Abstract: A system and method of detecting and limiting unsolicited data uploads. Downloaded content such as web pages and emails are scanned for web forms and/or links. A watermark is added where appropriate and the modified downloaded content is forwarded to the person who requested the content. A check is made to determine whether information received from a user includes appropriate watermarks. If so, the watermark is removed and the information is forwarded to its destination.Type: GrantFiled: August 6, 2015Date of Patent: August 8, 2017Assignee: McAfee, Inc.Inventor: Christoph Alme
-
Patent number: 9680847Abstract: Various embodiments include an apparatus comprising a detection database including a tree structure of descriptor parts including one or more root nodes and one or more child nodes linked to from one or more parent descriptor parts chains, each of the root nodes representing a descriptor part, and each root node linked to at least one of the child nodes, each root node and each child node linked to any possible additional child nodes, wherein the possible additional child nodes include any possible successor child nodes and a descriptor comparator coupled to the detection database, the descriptor comparator operable to receive data including a plurality of logic entities, once or successively, and to continuously compare logic entities provided to the tree structure of descriptor parts stored in detection database, and to provide an output based on the comparison.Type: GrantFiled: October 16, 2015Date of Patent: June 13, 2017Assignee: McAfee, Inc.Inventor: Christoph Alme
-
Patent number: 9672357Abstract: Particular embodiments described herein provide for an electronic device that can be configured to receive script data, determine a checksum tree for the script data, compare each checksum of the checksum tree to one or more subtree checksums, and assign one or more classifications to the script data. In one example, the checksum tree is an abstract syntax tree.Type: GrantFiled: June 26, 2015Date of Patent: June 6, 2017Assignee: McAfee, Inc.Inventors: Christoph Alme, Slawa Hahn, Stefan Finke
-
Publication number: 20170124325Abstract: Embodiments of the present disclosure include methods, devices, and computer program products for detecting malware in a file. Embodiments include identifying a plurality of features of the file, categorizing each of the plurality of features to define a plurality of categories of features, building a first decision tree based on a first category from the plurality of categories, the first category comprising a first set of features of the file, and building a second decision tree based on a second category from the plurality of categories, the second decision tree comprising a second set of features of the file, the second set different from the first set. Some embodiments include comparing results from each decision tree to determine the presence or absence of malware.Type: ApplicationFiled: October 31, 2015Publication date: May 4, 2017Applicant: McAfee, Inc.Inventors: Christoph Alme, Joachim Gehweiler, Oliver Helge Marquardt
-
Publication number: 20170046511Abstract: Systems and methods are provided in example embodiments for mitigating malicious calls. The system can be configured to determine a series of checksums for a file, compare the series of checksums to a checksum tree, where the checksum tree includes a plurality of nodes that each include a fuzzy checksum of known malware, and assign one or more classifications to the file, where each of the one or more classifications is based on each node of the checksum tree that matches a checksum in the series of checksums and includes whether the file includes malware or benign checksums.Type: ApplicationFiled: October 11, 2016Publication date: February 16, 2017Applicant: McAfee, Inc.Inventors: Christoph Alme, Slawa Hahn, Sebastian Thoene
-
Publication number: 20160378977Abstract: Particular embodiments described herein provide for an electronic device that can be configured to identify an application, run the application, log the parameters for each function call of the application, and store the logged parameters in an emulation table. The logged parameters can include a function call, input parameters, and output parameters. The emulation table can be used to simulate execution of an application without having to actually run the application.Type: ApplicationFiled: June 27, 2015Publication date: December 29, 2016Applicant: MCAFEE, INC.Inventors: Christoph Alme, Slawa Hahn, Stefan Finke
-
Patent number: 9465939Abstract: Systems and methods are provided in example embodiments for mitigating malicious calls. The system can be configured to determine a series of checksums for a file, compare the series of checksums to a checksum tree, where the checksum tree includes a plurality of nodes that each include a fuzzy checksum of known malware, and assign one or more classifications to the file, where each of the one or more classifications is based on each node of the checksum tree that matches a checksum in the series of checksums and includes whether the file includes malware or benign checksums.Type: GrantFiled: June 27, 2014Date of Patent: October 11, 2016Assignee: McAfee, Inc.Inventors: Christoph Alme, Slawa Hahn, Sebastian Thoene
-
Publication number: 20160253500Abstract: Particular embodiments described herein provide for an electronic device that can be configured to receive script data, determine a checksum tree for the script data, compare each checksum of the checksum tree to one or more subtree checksums, and assign one or more classifications to the script data. In one example, the checksum tree is an abstract syntax tree.Type: ApplicationFiled: June 26, 2015Publication date: September 1, 2016Applicant: MCAFEE, INC.Inventors: Christoph Alme, Slawa Hahn, Stefan Finke
-
Publication number: 20160119366Abstract: Various embodiments include an apparatus comprising a detection database including a tree structure of descriptor parts including one or more root nodes and one or more child nodes linked to from one or more parent descriptor parts chains, each of the root nodes representing a descriptor part, and each root node linked to at least one of the child nodes, each root node and each child node linked to any possible additional child nodes, wherein the possible additional child nodes include any possible successor child nodes and a descriptor comparator coupled to the detection database, the descriptor comparator operable to receive data including a plurality of logic entities, once or successively, and to continuously compare logic entities provided to the tree structure of descriptor parts stored in detection database, and to provide an output based on the comparison.Type: ApplicationFiled: October 16, 2015Publication date: April 28, 2016Inventor: Christoph Alme
-
Patent number: 9246938Abstract: A system and method of detecting malware. A program file is received and analysis performed to identify URLs embedded in the program file. The URLs are categorized as a function of a URL filter database and a malware probability is assigned to each URL identified. A decision is made on how to dispose of the program file as a function of the malware probability of one or more of the URLs identified. In one example approach, a malware type is also assigned to the program file as a function of one or more of the URLs identified.Type: GrantFiled: April 23, 2007Date of Patent: January 26, 2016Assignee: McAfee, Inc.Inventor: Christoph Alme
-
Publication number: 20150379246Abstract: A system and method of detecting and limiting unsolicited data uploads. Downloaded content such as web pages and emails are scanned for web forms and/or links. A watermark is added where appropriate and the modified downloaded content is forwarded to the person who requested the content. A check is made to determine whether information received from a user includes appropriate watermarks. If so, the watermark is removed and the information is forwarded to its destination.Type: ApplicationFiled: August 6, 2015Publication date: December 31, 2015Inventor: Christoph Alme