Patents by Inventor Craig BOTKIN
Craig BOTKIN has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11102132Abstract: Examples relate to extracting data from network communications. In one example, a programmable hardware processor may: receive a first set of network packets; store each network packet included in the first set in a first storage device; identify, from each network packet included in a subset of the first set of network packets, data included in the network packet, the data meeting at least one condition defined by first programmable logic of the programmable hardware processor; and for each network packet included in the subset: extract, from the network packet, data of interest; and store, in a second storage device, i) the extracted data of interest, and ii) an identifier associated with the network packet.Type: GrantFiled: October 12, 2017Date of Patent: August 24, 2021Assignee: Trend Micro IncorporatedInventors: Leslie Zsohar, Wei Lu, Craig Botkin, Randal Mullin, Edward A. Wartha
-
Patent number: 11044265Abstract: In one embodiment, local begin and end tags are detected by a network security device to determine a local context of a network traffic flow, and a local feature vector is obtained for that local context. At least one triggering machine learning model is applied by the network security device to the local feature vector, and the result determines whether or not deeper analysis is warranted. In most cases, very substantial resources are not required because deeper analysis is not indicated. If deeper analysis is indicated, one or more deeper machine learning model may then be applied to global and local feature vectors, and regular expressions may be applied to packet data, which may include the triggering data packet and one or more subsequent data packets. Other embodiments, aspects and features are also disclosed.Type: GrantFiled: June 11, 2020Date of Patent: June 22, 2021Assignee: Trend Micro IncorporatedInventors: Josiah Dede Hagen, Jonathan Edward Andersson, Shoufu Luo, Brandon Niemczyk, Leslie Zsohar, Craig Botkin, Peter Andriukaitis
-
Patent number: 10965560Abstract: Examples relate to organizing and storing network communications. In one example, a programmable hardware processor may: receive a first set of network packets; identify, for each network packet included in the first set, a network flow, each network flow including at least one related packet; store each network packet included in a subset of the first set in a first data storage device; for each network packet included in the subset, organize the network packet according to the network flow identified for the network packet; identify, from the network flows, a set of network flows that each have at least one characteristic of interest; and store, in a second data storage device, each network packet included in each network flow of the set of network flows.Type: GrantFiled: February 18, 2020Date of Patent: March 30, 2021Assignee: Trend Micro IncorporatedInventors: Wei Lu, Leslie Zsohar, Edward A. Wartha, Randal Mullin, Craig Botkin
-
Patent number: 10965600Abstract: Examples of implementations relate to metadata extraction. For example, a system of privacy preservation comprises a physical processor that executes machine-readable instructions that cause the system to normalize a network traffic payload with a hardware-based normalization engine controlled by a microcode program; parse the normalized network traffic payload, as the network traffic payload passes through a network, by performing a parsing operation of a portion of the normalized network traffic payload with a hardware-based function engine of a plurality of parallel-distributed hardware-based function engines controlled by the microcode program; and provide the hardware-based function engine with a different portion of the normalized network traffic payload responsive to an indication, communicated through a common status interface, that the different portion of the normalized network traffic payload is needed to complete the parsing operation.Type: GrantFiled: April 29, 2020Date of Patent: March 30, 2021Assignee: Trend Micro IncorporatedInventors: Leslie Zsohar, Wei Lu, Randal Mullin, Craig Botkin
-
Publication number: 20200259751Abstract: Examples of implementations relate to metadata extraction. For example, a system of privacy preservation comprises a physical processor that executes machine-readable instructions that cause the system to normalize a network traffic payload with a hardware-based normalization engine controlled by a microcode program; parse the normalized network traffic payload, as the network traffic payload passes through a network, by performing a parsing operation of a portion of the normalized network traffic payload with a hardware-based function engine of a plurality of parallel-distributed hardware-based function engines controlled by the microcode program; and provide the hardware-based function engine with a different portion of the normalized network traffic payload responsive to an indication, communicated through a common status interface, that the different portion of the normalized network traffic payload is needed to complete the parsing operation.Type: ApplicationFiled: April 29, 2020Publication date: August 13, 2020Applicant: Trend Micro IncorporatedInventors: Leslie ZSOHAR, Wei LU, Randal MULLIN, Craig BOTKIN
-
Patent number: 10728268Abstract: In one embodiment, local begin and end tags are detected by a network security device to determine a local context of a network traffic flow, and a local feature vector is obtained for that local context. At least one triggering machine learning model is applied by the network security device to the local feature vector, and the result determines whether or not deeper analysis is warranted. In most cases, very substantial resources are not required because deeper analysis is not indicated. If deeper analysis is indicated, one or more deeper machine learning model may then be applied to global and local feature vectors, and regular expressions may be applied to packet data, which may include the triggering data packet and one or more subsequent data packets. Other embodiments, aspects and features are also disclosed.Type: GrantFiled: April 10, 2018Date of Patent: July 28, 2020Assignee: Trend Micro IncorporatedInventors: Josiah Dede Hagen, Jonathan Edward Andersson, Shoufu Luo, Brandon Niemczyk, Leslie Zsohar, Craig Botkin, Peter Andriukaitis
-
Publication number: 20200186451Abstract: Examples relate to organizing and storing network communications. In one example, a programmable hardware processor may: receive a first set of network packets; identify, for each network packet included in the first set, a network flow, each network flow including at least one related packet; store each network packet included in a subset of the first set in a first data storage device; for each network packet included in the subset, organize the network packet according to the network flow identified for the network packet; identify, from the network flows, a set of network flows that each have at least one characteristic of interest; and store, in a second data storage device, each network packet included in each network flow of the set of network flows.Type: ApplicationFiled: February 18, 2020Publication date: June 11, 2020Applicant: Trend Micro IncorporatedInventors: Wei LU, Leslie ZSOHAR, Edward A. WARTHA, Randal MULLIN, Craig BOTKIN
-
Patent number: 10680959Abstract: Examples of implementations relate to metadata extraction. For example, a system of privacy preservation comprises a physical processor that executes machine-readable instructions that cause the system to normalize a network traffic payload with a hardware-based normalization engine controlled by a microcode program; parse the normalized network traffic payload, as the network traffic payload passes through a network, by performing a parsing operation of a portion of the normalized network traffic payload with a hardware-based function engine of a plurality of parallel-distributed hardware-based function engines controlled by the microcode program; and provide the hardware-based function engine with a different portion of the normalized network traffic payload responsive to an indication, communicated through a common status interface, that the different portion of the normalized network traffic payload is needed to complete the parsing operation.Type: GrantFiled: June 5, 2018Date of Patent: June 9, 2020Assignee: Trend Micro IncorporatedInventors: Leslie Zsohar, Wei Lu, Randal Mullin, Craig Botkin
-
Patent number: 10608902Abstract: Examples relate to organizing and storing network communications. In one example, a programmable hardware processor may: receive a first set of network packets; identify, for each network packet included in the first set, a network flow, each network flow including at least one related packet; store each network packet included in a subset of the first set in a first data storage device; for each network packet included in the subset, organize the network packet according to the network flow identified for the network packet; identify, from the network flows, a set of network flows that each have at least one characteristic of interest; and store, in a second data storage device, each network packet included in each network flow of the set of network flows.Type: GrantFiled: October 10, 2017Date of Patent: March 31, 2020Assignee: Trend Micro IncorporatedInventors: Wei Lu, Leslie Zsohar, Edward A. Wartha, Randal Mullin, Craig Botkin
-
Publication number: 20180287947Abstract: Examples of implementations relate to metadata extraction. For example, a system of privacy preservation comprises a physical processor that executes machine-readable instructions that cause the system to normalize a network traffic payload with a hardware-based normalization engine controlled by a microcode program; parse the normalized network traffic payload, as the network traffic payload passes through a network, by performing a parsing operation of a portion of the normalized network traffic payload with a hardware-based function engine of a plurality of parallel-distributed hardware-based function engines controlled by the microcode program; and provide the hardware-based function engine with a different portion of the normalized network traffic payload responsive to an indication, communicated through a common status interface, that the different portion of the normalized network traffic payload is needed to complete the parsing operation.Type: ApplicationFiled: June 5, 2018Publication date: October 4, 2018Applicant: Trend Micro IncorporatedInventors: Leslie ZSOHAR, Wei LU, Randal MULLIN, Craig BOTKIN
-
Publication number: 20180034717Abstract: Examples relate to organizing and storing network communications. In one example, a programmable hardware processor may: receive a first set of network packets; identify, for each network packet included in the first set, a network flow, each network flow including at least one related packet; store each network packet included in a subset of the first set in a first data storage device; for each network packet included in the subset, organize the network packet according to the network flow identified for the network packet; identify, from the network flows, a set of network flows that each have at least one characteristic of interest; and store, in a second data storage device, each network packet included in each network flow of the set of network flows.Type: ApplicationFiled: October 10, 2017Publication date: February 1, 2018Applicant: Trend Micro IncorporatedInventors: Wei LU, Leslie ZSOHAR, Edward A. WARTHA, Randal MULLIN, Craig BOTKIN
-
Publication number: 20180034738Abstract: Examples relate to extracting data from network communications. In one example, a programmable hardware processor may: receive a first set of network packets; store each network packet included in the first set in a first storage device; identify, from each network packet included in a subset of the first set of network packets, data included in the network packet, the data meeting at least one condition defined by first programmable logic of the programmable hardware processor; and for each network packet included in the subset: extract, from the network packet, data of interest; and store, in a second storage device, i) the extracted data of interest, and ii) an identifier associated with the network packet.Type: ApplicationFiled: October 12, 2017Publication date: February 1, 2018Applicant: Trend Micro IncorporatedInventors: Leslie ZSOHAR, Wei LU, Craig BOTKIN, Randal MULLIN, Edward A. WARTHA