Patents by Inventor Dagmawi Mulugeta
Dagmawi Mulugeta has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11947682Abstract: The disclosed technology teaches facilitate User and Entity Behavior Analytics (UEBA) by classifying a file being transferred as encrypted or not. The technology involves monitoring movement of a files by a user over a wide area network, detecting file encryption for the files using a trained classifier, wherein the detecting includes processing by the classifier some or all of the following features extracted from each of the files: a chi-square randomness test; an arithmetic mean test; a serial correlation coefficient test; a Monte Carlo-Pi test; and a Shannon entropy test, counting a number of the encrypted files moved by the user in a predetermined period, comparing a predetermined maximum number of encrypted files allowed in the predetermined period to the count of the encrypted files moved by the user and detecting that the user has moved more encrypted files than the predetermined maximum number, and generating an alert.Type: GrantFiled: July 7, 2022Date of Patent: April 2, 2024Assignee: Netskope, Inc.Inventors: Yi Zhang, Siying Yang, Yihua Liao, Dagmawi Mulugeta, Raymond Joseph Canzanese, Jr., Ari Azarafrooz
-
Publication number: 20240031389Abstract: The technology disclosed relates to a method, system, and non-transitory computer-readable media that trains a cloud traffic classifier to classify cross-application communications as malicious command and control (C2) traffic or benign cloud traffic. The training uses blocks of malicious Hypertext Transfer Protocol (HTTP) transactions targeted at a plurality of cloud applications by a plurality of clients prequalified as malicious command and control (C2) cloud traffic, and also blocks of benign HTTP transactions targeted at the plurality of cloud applications by the plurality of clients prequalified as benign cloud traffic. A cloud traffic classifier is trained on the cross-application malicious training example set and on the cross-application benign training example set by processing the blocks of the malicious and benign HTTP transactions as inputs, and generating outputs that classify the training examples as respectively malicious C2 cloud traffic or benign cloud traffic.Type: ApplicationFiled: January 24, 2023Publication date: January 25, 2024Applicant: Netskope, Inc.Inventors: Raymond Joseph Canzanese, JR., Colin Estep, Siying Yang, Jenko Hwong, Gustavo Palazolo Eiras, Yongxing Wang, Dagmawi Mulugeta
-
Publication number: 20240022594Abstract: The technology disclosed relates to a method, system, and non-transitory computer-readable media that detects malicious communication between a command and control (C2) cloud resource on a cloud application and malware on an infected host, using a network security system. The network security system reroutes the cloud traffic to the network security system. The incoming requests of the cloud traffic are directed to a cloud application in the plurality of cloud applications, and wherein the cloud application has a plurality of resources. The network security system analyzes the incoming requests, determines that the incoming requests are targeted at one or more malicious resources in the plurality of resources.Type: ApplicationFiled: June 23, 2023Publication date: January 18, 2024Inventors: Dagmawi Mulugeta, Raymond Jospeh Canzanese, JR., Colin Estep, Siying Yang, Jenko Hwong, Gustavo Palazolo Eiras, Yongxing Wang
-
Publication number: 20240013067Abstract: The disclosed technology teaches training a classifier that classifies a file being transferred as encrypted or not. The technology involves accessing a plurality of training sample files, each of which is accompanied by a label of encrypted or not encrypted, sampling a configurable number of bytes of each respective file, generating features from the sampled bytes, including generating at least three of the following features: a chi-square randomness test; an arithmetic mean test; a serial correlation coefficient test; a Monte Carlo-Pi test; a Shannon entropy test; applying the generated features to train coefficients of a classifier algorithm to classify the sample files as encrypted or not encrypted; and saving the trained coefficients and classifier, whereby the classifier is trained to classify the sample files as encrypted or not encrypted.Type: ApplicationFiled: July 7, 2022Publication date: January 11, 2024Applicant: Netskope, Inc.Inventors: Ari AZARAFROOZ, Yi ZHANG, Siying YANG, Yihua LIAO, Dagmawi MULUGETA, Raymond Joseph CANZANESE, JR.
-
Publication number: 20240012912Abstract: The disclosed technology teaches facilitate User and Entity Behavior Analytics (UEBA) by classifying a file being transferred as encrypted or not. The technology involves monitoring movement of a files by a user over a wide area network, detecting file encryption for the files using a trained classifier, wherein the detecting includes processing by the classifier some or all of the following features extracted from each of the files: a chi-square randomness test; an arithmetic mean test; a serial correlation coefficient test; a Monte Carlo-Pi test; and a Shannon entropy test, counting a number of the encrypted files moved by the user in a predetermined period, comparing a predetermined maximum number of encrypted files allowed in the predetermined period to the count of the encrypted files moved by the user and detecting that the user has moved more encrypted files than the predetermined maximum number, and generating an alert.Type: ApplicationFiled: July 7, 2022Publication date: January 11, 2024Applicant: Netskope, Inc.Inventors: Yi ZHANG, Siying YANG, Yihua LIAO, Dagmawi MULUGETA, Raymond Joseph CANZANESE, JR., Ari AZARAFROOZ
-
Patent number: 11843624Abstract: The technology disclosed relates to a method, system, and non-transitory computer-readable media that classifies cloud traffic between a client and cloud application as malicious command and control (C2) cloud traffic or benign cloud traffic. A cloud traffic classifier, in communication with a network security system, is provided intercepted cloud traffic as an input, and generate an output that classifies the cloud traffic as malicious command and control (C2) cloud traffic or benign cloud traffic. The classifier may use signals such as beaconing behavior, anomalous entity, anomalous agent, anomalous username, anomalous username, anomalous agent, cat's paw behavior of the client, anomalous hostname access patterns, and/or malicious task sequence execution.Type: GrantFiled: July 12, 2022Date of Patent: December 12, 2023Assignee: Netskope, Inc.Inventors: Colin Estep, Siying Yang, Jenko Hwong, Gustavo Palazolo Eiras, Yongxing Wang, Dagmawi Mulugeta, Raymond Joseph Canzanese, Jr.
-
Patent number: 11736513Abstract: The technology disclosed relates to a method, system, and non-transitory computer-readable media that detects malicious communication between a command and control (C2) cloud resource on a cloud application and malware on an infected host, using a network security system. The network security system reroutes the cloud traffic to the network security system. The incoming requests of the cloud traffic are directed to a cloud application in the plurality of cloud applications, and wherein the cloud application has a plurality of resources. The network security system analyzes the incoming requests, determines that the incoming requests are targeted at one or more malicious resources in the plurality of resources.Type: GrantFiled: July 12, 2022Date of Patent: August 22, 2023Assignee: Netskope, Inc.Inventors: Dagmawi Mulugeta, Raymond Joseph Canzanese, Jr., Colin Estep, Siying Yang, Jenko Hwong, Gustavo Palazolo Eiras, Yongxing Wang
-
Patent number: 11616799Abstract: The technology disclosed relates to a method, system, and non-transitory computer-readable media that trains a cloud traffic classifier to classify cross-application communications as malicious command and control (C2) traffic or benign cloud traffic. The training uses blocks of malicious Hypertext Transfer Protocol (HTTP) transactions targeted at a plurality of cloud applications by a plurality of clients prequalified as malicious command and control (C2) cloud traffic, and also blocks of benign HTTP transactions targeted at the plurality of cloud applications by the plurality of clients prequalified as benign cloud traffic. A cloud traffic classifier is trained on the cross-application malicious training example set and on the cross-application benign training example set by processing the blocks of the malicious and benign HTTP transactions as inputs, and generating outputs that classify the training examples as respectively malicious C2 cloud traffic or benign cloud traffic.Type: GrantFiled: July 12, 2022Date of Patent: March 28, 2023Assignee: Netskope, Inc.Inventors: Raymond Joseph Canzanese, Jr., Colin Estep, Siying Yang, Jenko Hwong, Gustavo Palazolo Eiras, Yongxing Wang, Dagmawi Mulugeta