Patents by Inventor Douglas Lee Schales
Douglas Lee Schales has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240119347Abstract: A computer-implemented method according to one embodiment includes training a bidirectional encoder representations from transformers (BERT) model to generate a software representation. An intermediate representation (IR) of a software package is input to the trained BERT model, and a software representation corresponding to the software package is received as output from the trained BERT model. A computer program product according to another embodiment includes a computer readable storage medium having program instructions embodied therewith. The program instructions are readable and/or executable by a computer to cause the computer to perform the foregoing method. A system according to another embodiment includes a processor, and logic integrated with the processor, executable by the processor, or integrated with and executable by the processor. The logic is configured to perform the foregoing method.Type: ApplicationFiled: October 7, 2022Publication date: April 11, 2024Inventors: Soyeon Park, Dhilung Kirat, Sanjeev Das, Douglas Lee Schales, Taesung Lee, Jiyong Jang
-
Patent number: 11936661Abstract: A cloud based implemented method (and apparatus) includes receiving input data including bipartite graph data in a format of source MAC (Media Access Control) address data versus destination IP (Internet Protocol) data and timestamp information, and providing the input bipartite graph data into a first processing to detect malicious beaconing activities using a lockstep detection module on the input bipartite graph data, as executed in a cloud environment, to detect possible synchronized attacks against a targeted infrastructure.Type: GrantFiled: December 30, 2020Date of Patent: March 19, 2024Assignee: Kyndryl, Inc.Inventors: Jiyong Jang, Dhilung Hang Kirat, Bum Jun Kwon, Douglas Lee Schales, Marc Philippe Stoecklin
-
Publication number: 20230169176Abstract: A processor-implemented method generates adversarial example objects. One or more processors represent an adversarial input generation process as a graph. The processor(s) explore the graph, such that a sequence of edges on the graph are explored. The processor(s) create, based on the exploring, an adversarial example object, and utilize the created adversarial example object to harden an existing process model against vulnerabilities.Type: ApplicationFiled: November 28, 2021Publication date: June 1, 2023Inventors: TAESUNG LEE, KEVIN EYKHOLT, DOUGLAS LEE SCHALES, JIYONG JANG, IAN MICHAEL MOLLOY
-
Patent number: 11533325Abstract: Unknown and reference signatures are accessed. The unknown and reference signatures indicate patterns that correspond to known threats to resources (such as computer systems and/or computer networks) in a computer environment and comprise a multitude of descriptive elements having information describing different aspects of a corresponding signature. A set of similarity measures is created of the unknown and reference signatures from different perspectives, each perspective corresponding to a descriptive element. The set of similarity measures are integrated to generate an overall similarity metric. The overall similarity metric is used to find appropriate categories in the reference signatures into which the unknown signatures should be placed. The unknown signatures are placed into the appropriate categories to create a mapping from the unknown signatures to the reference signatures.Type: GrantFiled: February 4, 2021Date of Patent: December 20, 2022Assignee: International Business Machines CorporationInventors: Xin Hu, Jiyong Jang, Douglas Lee Schales, Marc Philippe Stoecklin, Ting Wang
-
Patent number: 11368470Abstract: Advanced Persistent Threat (APT) defense leverages priority-based tracking around alerts, together with priority-based alert reasoning task scheduling. In one embodiment, individual alert reasoning tasks are managed by an alert scheduler, which effectively allocates available computation resources to prioritize the alert reasoning tasks, which each execute within processing workers that are controlled by the alert scheduler. An alert reasoning task typically is prioritized (relative to other such tasks) according to one or more factors, such as severity levels, elapsed time, and other tracking results. By implementing priority-based task scheduling, the task scheduler provides for alert reasoning tasks that are interruptible. In this approach, and once an alert is assigned to a task and the task assigned a worker, priority-based connectivity tracker around each alert is carried out to provide further computational efficiency.Type: GrantFiled: June 13, 2019Date of Patent: June 21, 2022Assignee: International Business Machines CorporationInventors: Yushan Liu, Xiaokui Shu, Douglas Lee Schales, Marc Philippe Stoecklin
-
Patent number: 11163878Abstract: A decoy filesystem that curtails data theft and ensures file integrity protection through deception is described. To protect a base filesystem, the approach herein involves transparently creating multiple levels of stacking to enable various protection features, namely, monitoring file accesses, hiding and redacting sensitive files with baits, and injecting decoys onto fake system views that are purveyed to untrusted subjects, all while maintaining a pristine state to legitimate processes. In one implementation, a kernel hot-patch is used to seamlessly integrate the new filesystem module into live and existing environments.Type: GrantFiled: December 18, 2019Date of Patent: November 2, 2021Assignee: International Business Machines CorporationInventors: Frederico Araujo, Douglas Lee Schales, Marc Philippe Stoecklin, Teryl Paul Taylor
-
Patent number: 11025656Abstract: Unknown and reference signatures are accessed. The unknown and reference signatures indicate patterns that correspond to known threats to resources (such as computer systems and/or computer networks) in a computer environment and comprise a multitude of descriptive elements having information describing different aspects of a corresponding signature. A set of similarity measures is created of the unknown and reference signatures from different perspectives, each perspective corresponding to a descriptive element. The set of similarity measures are integrated to generate an overall similarity metric. The overall similarity metric is used to find appropriate categories in the reference signatures into which the unknown signatures should be placed. The unknown signatures are placed into the appropriate categories to create a mapping from the unknown signatures to the reference signatures.Type: GrantFiled: November 1, 2019Date of Patent: June 1, 2021Assignee: International Business Machines CorporationInventors: Xin Hu, Jiyong Jang, Douglas Lee Schales, Marc Philippe Stoecklin, Ting Wang
-
Publication number: 20210160260Abstract: Unknown and reference signatures are accessed. The unknown and reference signatures indicate patterns that correspond to known threats to resources (such as computer systems and/or computer networks) in a computer environment and comprise a multitude of descriptive elements having information describing different aspects of a corresponding signature. A set of similarity measures is created of the unknown and reference signatures from different perspectives, each perspective corresponding to a descriptive element. The set of similarity measures are integrated to generate an overall similarity metric. The overall similarity metric is used to find appropriate categories in the reference signatures into which the unknown signatures should be placed. The unknown signatures are placed into the appropriate categories to create a mapping from the unknown signatures to the reference signatures.Type: ApplicationFiled: February 4, 2021Publication date: May 27, 2021Inventors: Xin HU, Jiyong JANG, Douglas Lee SCHALES, Marc Philippe STOECKLIN, Ting WANG
-
Publication number: 20210120012Abstract: A cloud based implemented method (and apparatus) includes receiving input data including bipartite graph data in a format of source MAC (Media Access Control) address data versus destination IP (Internet Protocol) data and timestamp information, and providing the input bipartite graph data into a first processing to detect malicious beaconing activities using a lockstep detection module on the input bipartite graph data, as executed in a cloud environment, to detect possible synchronized attacks against a targeted infrastructure.Type: ApplicationFiled: December 30, 2020Publication date: April 22, 2021Inventors: Jiyong JANG, Dhilung Hang KIRAT, Bum Jun KWON, Douglas Lee SCHALES, Marc Philippe STOECKLIN
-
Publication number: 20210117543Abstract: A decoy filesystem that curtails data theft and ensures file integrity protection through deception is described. To protect a base filesystem, the approach herein involves transparently creating multiple levels of stacking to enable various protection features, namely, monitoring file accesses, hiding and redacting sensitive files with baits, and injecting decoys onto fake system views that are purveyed to untrusted subjects, all while maintaining a pristine state to legitimate processes. In one implementation, a kernel hot-patch is used to seamlessly integrate the new filesystem module into live and existing environments.Type: ApplicationFiled: December 18, 2019Publication date: April 22, 2021Inventors: Frederico Araujo, Douglas Lee Schales, Marc Philippe Stoecklin, Teryl Paul Taylor
-
Patent number: 10979453Abstract: Decoy network ports and services are projected onto existing production workloads to facilitate cyber deception, without the need to modify production machines. The approach may be implemented in a production network that includes two segments. A production machine is reachable via the first segment, while a decoy machine that offers the network service expected from the production machine is reachable via the second segment. A deception router is configured in front of the two segments, and it is not visible on the link and network layers. The router inspects network traffic destined for the production machine. Based on a set of one or more conditions being met, the router determines whether to relay network packets to the production machine, or to redirect the packet to the decoy machine.Type: GrantFiled: August 31, 2017Date of Patent: April 13, 2021Assignee: International Business Machines CorporationInventors: Frederico Araujo, Douglas Lee Schales, Marc Philippe Stoecklin, Teryl Paul Taylor
-
Patent number: 10887346Abstract: Rapid deployments of application-level deceptions (i.e., booby traps) implant cyber deceptions into running legacy applications both on production and decoy systems. Once a booby trap is tripped, the affected code is moved into a decoy sandbox for further monitoring and forensics. To this end, this disclosure provides for unprivileged, lightweight application sandboxing to facilitate monitoring and analysis of attacks as they occur, all without the overhead of current state-of-the-art approaches. Preferably, the approach transparently moves the suspicious process to an embedded decoy sandbox, with no disruption of the application workflow (i.e., no process restart or reload). Further, the action of switching execution from the original operating environment to the sandbox preferably is triggered from within the running process.Type: GrantFiled: August 31, 2017Date of Patent: January 5, 2021Assignee: International Business Machines CorporationInventors: Frederico Araujo, Douglas Lee Schales, Marc Philippe Stoecklin, Teryl Paul Taylor
-
Patent number: 10887323Abstract: A computer-implemented method (and apparatus) includes receiving input data comprising bipartite graph data in a format of source MAC (Machine Access Code) data versus destination IP (Internet Protocol) data and timestamp information. The input bipartite graph data is provided into a first processing to detect malicious beaconing activities using a lockstep detection method on the input bipartite graph data to detect possible synchronized attacks against a targeted infrastructure. The input bipartite graph data is also provided into a second processing, the second processing initially converting the bipartite graph data into a co-occurrence graph format that indicates in a graph format how devices in the targeted infrastructure communicate with different external destination servers over time. The second processing detects malicious beaconing activities by analyzing data exchanges with the external destination servers to detect anomalies.Type: GrantFiled: June 19, 2017Date of Patent: January 5, 2021Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Jiyong Jang, Dhilung Hang Kirat, Bum Jun Kwon, Douglas Lee Schales, Marc Philippe Stoecklin
-
Publication number: 20200396230Abstract: Advanced Persistent Threat (APT) defense leverages priority-based tracking around alerts, together with priority-based alert reasoning task scheduling. In one embodiment, individual alert reasoning tasks are managed by an alert scheduler, which effectively allocates available computation resources to prioritize the alert reasoning tasks, which each execute within processing workers that are controlled by the alert scheduler. An alert reasoning task typically is prioritized (relative to other such tasks) according to one or more factors, such as severity levels, elapsed time, and other tracking results. By implementing priority-based task scheduling, the task scheduler provides for alert reasoning tasks that are interruptible. In this approach, and once an alert is assigned to a task and the task assigned a worker, priority-based connectivity tracker around each alert is carried out to provide further computational efficiency.Type: ApplicationFiled: June 13, 2019Publication date: December 17, 2020Applicant: International Business Machines CorporationInventors: Yushan Liu, Xiaokui Shu, Douglas Lee Schales, Marc Philippe Stoecklin
-
Patent number: 10841320Abstract: A command endpoint used by Domain Generation Algorithm (DGA) malware is identified using machine learning-based clustering. According to this technique, at least one attribute associated with a candidate resolved DNS name is identified. The candidate resolved DNS name has associated therewith a set of names that are failed DNS lookups but that cluster with the candidate resolved DNS name. A set of additional names that share the at least one attribute with the candidate resolved DNS name are then identified. For the set of additional names, an extent to which the set of additional names also clusters with the set of names that are failed DNS lookups is then determined. The candidate resolved DNS name is characterized as associated with the command endpoint when the set of additional names cluster with the set of names that are failed DNS lookups to a configurable degree.Type: GrantFiled: July 23, 2019Date of Patent: November 17, 2020Assignee: International Business Machines CorporationInventors: Xin Hu, Jiyong Jang, Douglas Lee Schales, Marc Philippe Stoecklin, Ting Wang
-
Publication number: 20200067950Abstract: Unknown and reference signatures are accessed. The unknown and reference signatures indicate patterns that correspond to known threats to resources (such as computer systems and/or computer networks) in a computer environment and comprise a multitude of descriptive elements having information describing different aspects of a corresponding signature. A set of similarity measures is created of the unknown and reference signatures from different perspectives, each perspective corresponding to a descriptive element. The set of similarity measures are integrated to generate an overall similarity metric. The overall similarity metric is used to find appropriate categories in the reference signatures into which the unknown signatures should be placed. The unknown signatures are placed into the appropriate categories to create a mapping from the unknown signatures to the reference signatures.Type: ApplicationFiled: November 1, 2019Publication date: February 27, 2020Inventors: Xin HU, Jiyong JANG, Douglas Lee SCHALES, Marc Philippe STOECKLIN, Ting WANG
-
Patent number: 10542014Abstract: Unknown and reference signatures are accessed. The unknown and reference signatures indicate patterns that correspond to known threats to resources (such as computer systems and/or computer networks) in a computer environment and comprise a multitude of descriptive elements having information describing different aspects of a corresponding signature. A set of similarity measures is created of the unknown and reference signatures from different perspectives, each perspective corresponding to a descriptive element. The set of similarity measures are integrated to generate an overall similarity metric. The overall similarity metric is used to find appropriate categories in the reference signatures into which the unknown signatures should be placed. The unknown signatures are placed into the appropriate categories to create a mapping from the unknown signatures to the reference signatures.Type: GrantFiled: May 11, 2016Date of Patent: January 21, 2020Assignee: International Business Machines CorporationInventors: Xin Hu, Jiyong Jang, Douglas Lee Schales, Marc Philippe Stoecklin, Ting Wang
-
Patent number: 10528733Abstract: A decoy filesystem that curtails data theft and ensures file integrity protection through deception is described. To protect a base filesystem, the approach herein involves transparently creating multiple levels of stacking to enable various protection features, namely, monitoring file accesses, hiding and redacting sensitive files with baits, and injecting decoys onto fake system views that are purveyed to untrusted subjects, all while maintaining a pristine state to legitimate processes. In one implementation, a kernel hot-patch is used to seamlessly integrate the new filesystem module into live and existing environments.Type: GrantFiled: August 31, 2017Date of Patent: January 7, 2020Assignee: International Business Machines CorporationInventors: Frederico Araujo, Douglas Lee Schales, Marc Philippe Stoecklin, Teryl Paul Taylor
-
Patent number: 10498763Abstract: This disclosure provides for rapid deployments of application-level deceptions (i.e., booby traps) to implant cyber deceptions into running legacy applications both on production and decoy systems, with no downtime and minimal performance overhead compared with the original application. An application-level booby trap is a piece of code injected into an application, and which provides an active defense or deception in response to an attack. A booby trap does not influence program execution under normal operation, and preferably elicits a response that can be defined by a security analyst. In operation, a booby trap is compiled into a bitcode using a patch synthesis process, and it is then injected into a running application, where it is compiled further into machine code, and linked directly with the existing application constructs. The original function also is modified with a function trampoline, and subsequent calls to the original function are then directed to the new function.Type: GrantFiled: August 31, 2017Date of Patent: December 3, 2019Assignee: International Business Machines CorporationInventors: Frederico Araujo, Douglas Lee Schales, Marc Philippe Stoecklin, Teryl Paul Taylor
-
Publication number: 20190364059Abstract: A command endpoint used by Domain Generation Algorithm (DGA) malware is identified using machine learning-based clustering. According to this technique, at least one attribute associated with a candidate resolved DNS name is identified. The candidate resolved DNS name has associated therewith a set of names that are failed DNS lookups but that cluster with the candidate resolved DNS name. A set of additional names that share the at least one attribute with the candidate resolved DNS name are then identified. For the set of additional names, an extent to which the set of additional names also clusters with the set of names that are failed DNS lookups is then determined. The candidate resolved DNS name is characterized as associated with the command endpoint when the set of additional names cluster with the set of names that are failed DNS lookups to a configurable degree.Type: ApplicationFiled: July 23, 2019Publication date: November 28, 2019Applicant: International Business Machines CorporationInventors: Xin Hu, Jiyong Jang, Douglas Lee Schales, Marc Philippe Stoecklin, Ting Wang