Patents by Inventor Chun-Shuo Lin
Chun-Shuo Lin has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 12147846Abstract: One or more computer processors determine a runtime feature set for a first container, wherein the runtime feature set includes aggregated temporally collocated container behavior. The one or more computer processors cluster the first container with one or more peer containers or peer pods based on a shared container purpose, similar container behaviors, and similar container file structure. The one or more computer processors determine an additional runtime feature set for each peer container. The one or more computer processors calculate a variance between the first container and each peer container. The one or more computer processors, responsive to the calculated variance exceeding a variance threshold, identify the first container as anomalous.Type: GrantFiled: December 13, 2021Date of Patent: November 19, 2024Assignee: International Business Machines CorporationInventors: Yun-Chang Lo, Chun-Shuo Lin, Chih-Wei Hsiao, Wei-Hsiang Hsiung, Wei-Jie Liau
-
Patent number: 11968293Abstract: Context information of a handshake between a source entity and a target entity is obtained at a security proxy. The context information is transmitted from the security proxy to a key manager. The key manager maintains a first private key of the security proxy. A first handshake message is received from the key manager. The first handshake message is generated at least based on the context information and signed with the first private key. The first handshake message is then transmitted to the target entity.Type: GrantFiled: November 18, 2020Date of Patent: April 23, 2024Assignee: International Business Machines CorporationInventors: Wei-Hsiang Hsiung, Chun-Shuo Lin, Wei-Jie Liau, Cheng-Ta Lee
-
Patent number: 11947694Abstract: A method, a computer program product, and a system for implementing a dynamic virtual database honeypot. The method includes relaying a query request received from a database client to a database and receiving, from the database, a response relating to the query request. The method also includes determining the query request is an attack on the database based on session information relating to the database and the database client, generating a honey token based on information contained within the response, generating an alternate response formatted in a same format as the response and containing artificial information that masks the information contained within the response. The method further includes inserting the honey token into the alternate response and transmitting the alternate response to the database client.Type: GrantFiled: June 29, 2021Date of Patent: April 2, 2024Assignee: International Business Machines CorporationInventors: Galia Diamant, Richard Ory Jerrell, Chun-Shuo Lin, Wei-Hsiang Hsiung, Cheng-Ta Lee, Wei-Jie Liau
-
Patent number: 11847122Abstract: An example operation may include one or more of receiving a set of structured query language (SQL) queries from one or more software applications, generating a set of SQL syntax trees that correspond to the set of SQL queries, identifying a unique subset of SQL syntax trees among the generated set of SQL syntax trees based on previously obtained SQL syntax trees, and transmitting the unique subset of SQL syntax trees to a computing system.Type: GrantFiled: April 1, 2022Date of Patent: December 19, 2023Assignee: International Business Machines CorporationInventors: Cheng-Ta Lee, Chun-Shuo Lin, Galia Diamant, Richard Ory Jerrell, Leonid Rodniansky
-
Publication number: 20230185628Abstract: One or more computer processors determine a runtime feature set for a first container, wherein the runtime feature set includes aggregated temporally collocated container behavior. The one or more computer processors cluster the first container with one or more peer containers or peer pods based on a shared container purpose, similar container behaviors, and similar container file structure. The one or more computer processors determine an additional runtime feature set for each peer container. The one or more computer processors calculate a variance between the first container and each peer container. The one or more computer processors, responsive to the calculated variance exceeding a variance threshold, identify the first container as anomalous.Type: ApplicationFiled: December 13, 2021Publication date: June 15, 2023Inventors: Yun-Chang Lo, Chun-Shuo Lin, Chih-Wei Hsiao, Wei-Hsiang Hsiung, WEI-JIE LIAU
-
Patent number: 11562095Abstract: A database protection system (DPS) mitigates injection attacks. DPS receives an unrestricted database query, extract a syntax tree, and evaluates whether it recognizes the query. To this end, DPS applies a hash function over the extracted syntax tree, and then determines whether the resulting hash has been seen by DPS before. If so, DPS retrieves a previously-generated prepared statement associated with the syntax tree, and that prepared statement is then forward to the database server in lieu of sending the original query. If the syntax tree is not recognized, DPS creates a new prepared statement, generates a hash of the syntax tree, and stores the hash and the new prepared statement, and forwards the new prepared statement. The prepared statements are configured based on the native wire protocol used by the database server, and DPS includes additional functionality by which it can learn the semantics of this protocol if necessary.Type: GrantFiled: January 28, 2021Date of Patent: January 24, 2023Assignee: International Business Machines CorporationInventors: Galia Diamant, Leonid Rodniansky, Cheng-Ta Lee, Chun-Shuo Lin, Richard Ory Jerrell
-
Publication number: 20220414245Abstract: A method, a computer program product, and a system for implementing a dynamic virtual database honeypot. The method includes relaying a query request received from a database client to a database and receiving, from the database, a response relating to the query request. The method also includes determining the query request is an attack on the database based on session information relating to the database and the database client, generating a honey token based on information contained within the response, generating an alternate response formatted in a same format as the response and containing artificial information that masks the information contained within the response. The method further includes inserting the honey token into the alternate response and transmitting the alternate response to the database client.Type: ApplicationFiled: June 29, 2021Publication date: December 29, 2022Inventors: Galia Diamant, Richard Ory Jerrell, Chun-Shuo Lin, Wei-Hsiang Hsiung, Cheng-Ta Lee, WEI-JIE LIAU
-
Publication number: 20220237314Abstract: A database protection system (DPS) mitigates injection attacks. DPS receives an unrestricted database query, extract a syntax tree, and evaluates whether it recognizes the query. To this end, DPS applies a hash function over the extracted syntax tree, and then determines whether the resulting hash has been seen by DPS before. If so, DPS retrieves a previously-generated prepared statement associated with the syntax tree, and that prepared statement is then forward to the database server in lieu of sending the original query. If the syntax tree is not recognized, DPS creates a new prepared statement, generates a hash of the syntax tree, and stores the hash and the new prepared statement, and forwards the new prepared statement. The prepared statements are configured based on the native wire protocol used by the database server, and DPS includes additional functionality by which it can learn the semantics of this protocol if necessary.Type: ApplicationFiled: January 28, 2021Publication date: July 28, 2022Applicant: International Business Machines CorporationInventors: Galia Diamant, Leonid Rodniansky, Cheng-Ta Lee, Chun-Shuo Lin, Richard Ory Jerrell
-
Publication number: 20220222259Abstract: An example operation may include one or more of receiving a set of structured query language (SQL) queries from one or more software applications, generating a set of SQL syntax trees that correspond to the set of SQL queries, identifying a unique subset of SQL syntax trees among the generated set of SQL syntax trees based on previously obtained SQL syntax trees, and transmitting the unique subset of SQL syntax trees to a computing system.Type: ApplicationFiled: April 1, 2022Publication date: July 14, 2022Inventors: Cheng-Ta Lee, Chun-Shuo Lin, Galia Diamant, Richard Ory Jerrell, Leonid Rodniansky
-
Publication number: 20220158824Abstract: Context information of a handshake between a source entity and a target entity is obtained at a security proxy. The context information is transmitted from the security proxy to a key manager. The key manager maintains a first private key of the security proxy. A first handshake message is received from the key manager. The first handshake message is generated at least based on the context information and signed with the first private key. The first handshake message is then transmitted to the target entity.Type: ApplicationFiled: November 18, 2020Publication date: May 19, 2022Inventors: Wei-Hsiang Hsiung, Chun-Shuo Lin, Wei-Jie Liau, Cheng-Ta Lee
-
Patent number: 11334569Abstract: An example operation may include one or more of receiving a set of structured query language (SQL) queries from one or more software applications, generating a set of SQL syntax trees that correspond to the set of SQL queries, identifying a unique subset of SQL syntax trees among the generated set of SQL syntax trees based on previously obtained SQL syntax trees, and transmitting the unique subset of SQL syntax trees to a computing system.Type: GrantFiled: January 21, 2020Date of Patent: May 17, 2022Assignee: International Business Machines CorporationInventors: Cheng-Ta Lee, Chun-Shuo Lin, Galia Diamant, Richard Ory Jerrell, Leonid Rodniansky
-
Patent number: 11288376Abstract: A source code analysis tool is augmented to support rule-based analysis of code to attempt to identify certain lexical information indicative of hard-coded secret (e.g., password) support in the code. The tool takes the source code as input, parses the content with a lexical analyzer based on language grammar, and processes the resulting data through preferably a pair of rule-based engines. Preferably, one engine is configured to identify variables explicitly intended to be used as a hard-coded secret, and the other engine is configured to identify data strings that could potentially support such a secret. The outputs of these rules engines are consolidated and evaluated to identify a likelihood that the code under examination includes support for a hard-coded secret. The result is then provided to the developer for further action to address any potential security vulnerability identified by the analysis.Type: GrantFiled: May 2, 2019Date of Patent: March 29, 2022Assignee: International Business Machines CorporationInventors: Ya-Hsuan Tsai, Chun-Shuo Lin, Chuang Hsin-Yu
-
Patent number: 11283880Abstract: Embodiments provide a computer implemented method in a data processing comprising a processor and a memory including instructions, which are executed by the processor to cause the processor to implement the method of terminating a connection between a database server and a database client through an enforcement point, the method including: continuously monitoring, by the enforcement point, information related to a connection to a database, and parsing one or more queries; continuously comparing, by the enforcement point, the information with a predefined plurality of rules, and checking whether there is a rule violation; if there is a rule violation, assembling, by the enforcement point, a termination packet including an error message indicative of the rule violation; sending, by the enforcement point, the termination packet to the database client; and terminating, by the enforcement point, a connection between the enforcement point and the database client.Type: GrantFiled: April 15, 2019Date of Patent: March 22, 2022Assignee: International Business Machines CorporationInventors: Galia Diamant, Richard O. Jerrell, Chun-Shuo Lin, Cheng-Ta Lee
-
Patent number: 11146588Abstract: A network-based appliance includes a mechanism to set-up and selectively use an “out-of-band” encryption channel. The mechanism comprises a packet parser, and a packet dispatcher, and it is integrated with an existing network layer stack that typically is not visible to host applications. In lieu of simply encrypting all data it receives, the mechanism instead analyzes one or more attributes, e.g., protocol type, application type, current encryption strength, content payload, etc., associated with a packet transmission to determine whether further encryption is required. The evaluation may include a deep packet inspection (DPI) when the information at the network layer (e.g., IP address, port number, etc.) is not sufficient to determine if the payload in the packet needs to be further encrypted. Based on the result of the analysis, packets are dispatched to the encryption channel as and when necessary.Type: GrantFiled: June 29, 2019Date of Patent: October 12, 2021Assignee: International Business Machines CorporationInventors: Cheng-Ta Lee, Chun-Shuo Lin, Wei-Shiau Suen, Ming-Hsun Wu
-
Patent number: 11122077Abstract: Embodiments can provide a computer implemented method in a data processing system comprising a processor and a memory comprising instructions, which are executed by the processor to cause the processor to implement a system for network protection, the method comprising determining, by the processor, if an incoming connection comprising one or more packets has a false latency larger than a trigger latency; determining, by the processor, if an attack is currently in progress; and if the attack is in progress, injecting, by the processor, at least one of the one or more packets of the incoming connection or one or more packets of an outgoing connection with a false latency.Type: GrantFiled: January 14, 2020Date of Patent: September 14, 2021Assignee: International Business Machines CorporationInventors: Chih-Hung Chou, Cheng-ta Lee, Yin Lee, Chun-Shuo Lin
-
Patent number: 11089058Abstract: A network-based appliance includes a mechanism to set-up and selectively use an “out-of-band” encryption channel. The mechanism comprises a packet parser, and a packet dispatcher, and it is integrated with an existing network layer stack that typically is not visible to host applications. In lieu of simply encrypting all data it receives, the mechanism instead analyzes one or more attributes, e.g., protocol type, application type, current encryption strength, content payload, etc., associated with a packet transmission to determine whether further encryption is required. The evaluation may include a deep packet inspection (DPI) when the information at the network layer (e.g., IP address, port number, etc.) is not sufficient to determine if the payload in the packet needs to be further encrypted. Based on the result of the analysis, packets are dispatched to the encryption channel as and when necessary.Type: GrantFiled: January 25, 2018Date of Patent: August 10, 2021Assignee: International Business Machines CorporationInventors: Cheng-Ta Lee, Chun-Shuo Lin, Wei-Shiau Suen, Ming-Hsun Wu
-
Publication number: 20210224281Abstract: An example operation may include one or more of receiving a set of structured query language (SQL) queries from one or more software applications, generating a set of SQL syntax trees that correspond to the set of SQL queries, identifying a unique subset of SQL syntax trees among the generated set of SQL syntax trees based on previously obtained SQL syntax trees, and transmitting the unique subset of SQL syntax trees to a computing system.Type: ApplicationFiled: January 21, 2020Publication date: July 22, 2021Inventors: Cheng-Ta Lee, Chun-Shuo Lin, Galia Diamant, Richard Ory Jerrell, Leonid Rodniansky
-
Publication number: 20200349259Abstract: A source code analysis tool is augmented to support rule-based analysis of code to attempt to identify certain lexical information indicative of hard-coded secret (e.g., password) support in the code. The tool takes the source code as input, parses the content with a lexical analyzer based on language grammar, and processes the resulting data through preferably a pair of rule-based engines. Preferably, one engine is configured to identify variables explicitly intended to be used as a hard-coded secret, and the other engine is configured to identify data strings that could potentially support such a secret. The outputs of these rules engines are consolidated and evaluated to identify a likelihood that the code under examination includes support for a hard-coded secret. The result is then provided to the developer for further action to address any potential security vulnerability identified by the analysis.Type: ApplicationFiled: May 2, 2019Publication date: November 5, 2020Applicant: International Business Machines CorporationInventors: Ya-Hsuan Tsai, Chun-Shuo Lin, Chuang Hsin-Yu
-
Publication number: 20200329107Abstract: Embodiments provide a computer implemented method in a data processing comprising a processor and a memory including instructions, which are executed by the processor to cause the processor to implement the method of terminating a connection between a database server and a database client through an enforcement point, the method including: continuously monitoring, by the enforcement point, information related to a connection to a database, and parsing one or more queries; continuously comparing, by the enforcement point, the information with a predefined plurality of rules, and checking whether there is a rule violation; if there is a rule violation, assembling, by the enforcement point, a termination packet including an error message indicative of the rule violation; sending, by the enforcement point, the termination packet to the database client; and terminating, by the enforcement point, a connection between the enforcement point and the database client.Type: ApplicationFiled: April 15, 2019Publication date: October 15, 2020Inventors: Galia Diamant, Richard O. Jerrell, Chun-Shuo Lin, Cheng-Ta Lee
-
Publication number: 20200296089Abstract: A method, computer system, and a computer program product for verification and authentication in a microservice framework is provided. The present invention may include configuring a container within a microservice framework. The present invention may also include receiving a generated salt file. The present invention may then include injecting the salt file into the container. The present invention may further include hashing the container image and the salt file.Type: ApplicationFiled: March 15, 2019Publication date: September 17, 2020Inventors: Wei-Hsiang Hsiung, Cheng-Ta Lee, Wei-Jie Liau, Chun-Shuo Lin