Patents by Inventor Fadi El-Moussa

Fadi El-Moussa has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10853141
    Abstract: A computer implemented method to provide a resource to a virtualized software installation in a distributed computing environment, the method including: receiving a functional requirement for the software installation; determining an extent of the resource required to implement the functional requirement; identifying one or more resource providers in the distributed computing environment having availability of the required resource to the determined extent; and communicating an indication of the identified resource providers to the software installation in order that the resource can be provided to the software installation to the determined extent to provide the functional requirement.
    Type: Grant
    Filed: May 23, 2016
    Date of Patent: December 1, 2020
    Assignee: British Telecommunications Public Limited Company
    Inventors: Fadi El-Moussa, Joshua Daniel
  • Patent number: 10839077
    Abstract: A computer implemented method of detecting malicious code in a software application executing with a runtime environment in a computer system, the method including: parsing software code corresponding to at least a subset of the runtime environment to identify one or more occurrences of a programmatic dispatch of a software exception; recording, for each identified occurrence, execution state information leading to the exception as a runtime exception trigger condition for the exception; and defining, for each identified occurrence, a resulting state based on the software code for recording in association with the execution state information, wherein the execution state information and associated resulting state definition permit the detection of anomalies in the execution of the runtime environment to detect malicious applications executing with the runtime environment.
    Type: Grant
    Filed: December 22, 2016
    Date of Patent: November 17, 2020
    Assignee: British Telecommunications Public Limited Company
    Inventor: Fadi El-Moussa
  • Publication number: 20200302052
    Abstract: A computer implemented method to identify a computer security threat based on communication via a computer network includes receiving a definition of acceptable network communication characteristics for each of a plurality of communication protocols; receiving a first set of security events for the communication, each security event including network communication characteristics for the communication; for each security event in the first set of security events: a) identifying a communication protocol associated with the event; b) detecting deviations of network communication characteristics of the event from the acceptable network communication characteristics for the identified communication protocol; and c) generating a record of each deviation identifying a communication characteristic for which the deviation is detected, so as to generate a set of one or more records of deviation for the first set of security events; and storing the set of records of deviation as a security threat identifier for identify
    Type: Application
    Filed: March 3, 2017
    Publication date: September 24, 2020
    Applicant: British Telecommunications Public Limited Company
    Inventors: Fadi EL-MOUSSA, Ian HERWONO
  • Publication number: 20200296120
    Abstract: A computer implemented method to identify a computer security threat based on communication of a network connected device via a computer network including receiving a plurality of blocks of network traffic from the device, each block including a sequence of network traffic data items being identifiable by a position in the sequence of the block; identifying a subset of positions occurring in every block for which a degree of variability of values of data items in each position of the subset meets a predetermined threshold; and generating executable code for performing a plurality of processing operations based on the identified subset of positions, the executable code consuming a determinate quantity of computing resources when executed for the received network traffic.
    Type: Application
    Filed: March 3, 2017
    Publication date: September 17, 2020
    Applicant: British Telecommunications Public Limited Company
    Inventors: Karl SMITH, Fadi EL-MOUSSA
  • Publication number: 20200296121
    Abstract: A computer implemented method to identify a computer security threat based on communication via a computer network including receiving a definition of acceptable network communication characteristics for each of a plurality of communication protocols; receiving a set of security events for the communication, each security event including network communication characteristics for the communication; for each security event in the set of security events: a) identifying a communication protocol associated with the event; b) detecting deviations of network communication characteristics of the event from the acceptable network communication characteristics for the identified communication protocol; and c) generating a record of each deviation identifying a communication characteristic for which the deviation is detected, and identifying a computer security threat for the communication based on the records generated for the set of security events.
    Type: Application
    Filed: March 3, 2017
    Publication date: September 17, 2020
    Applicant: British Telecommunications Public Limited Company
    Inventors: Fadi EL-MOUSSA, Ian HERWONO
  • Patent number: 10778700
    Abstract: A method for identifying malicious encrypted network traffic communicated via a network between a first and second computer system, the method including: monitoring network traffic over the network to detect a network connection as a new network connection; identifying characteristics of the network connection to determine a protocol of the network connection; retrieving a definition of a portion of network traffic for a network connection based on the determined protocol; evaluating Fourier transform coefficient values for each of a plurality of bytes in a portion of network traffic of the new network connection based on the retrieved definition; and comparing the evaluated coefficient values with a dictionary of one or more reference sets of coefficients, each of the one or more reference sets of coefficients being associated with a portion of network traffic of a malicious encrypted network connection, so as to determine if malicious encrypted network traffic is communicated over the network connection.
    Type: Grant
    Filed: March 15, 2016
    Date of Patent: September 15, 2020
    Assignee: British Telecommunications Public Limited Company
    Inventors: Ben Azvine, Fadi El-Moussa, George Kallos
  • Patent number: 10771483
    Abstract: A computer implemented method to identify an attacked computing device in a system of network-connected computing devices providing a plurality of computing services, the method including receiving a first data structure including data modeling relationships between vulnerabilities of computing services in a first proper subset of the plurality of computing services and exploitation of such vulnerabilities to identify one or more series of exploits involved in a network attack; receiving a second data structure including data modeling the computing devices in the system including the network connections of each computing device; and comparing the first and second data structures to identify the attacked computing device as an intermediate device in communications between at least two computer services in any of the one or more series of exploits.
    Type: Grant
    Filed: December 28, 2017
    Date of Patent: September 8, 2020
    Assignee: British Telecommunications Public Limited Company
    Inventors: Fadi El-Moussa, Theo Dimitrakos
  • Patent number: 10754680
    Abstract: A computer implemented method of instantiating an encrypted disk image for a virtualized computer system includes providing a software component executing in a first virtual machine for instantiation in a first hypervisor, the software component invoking a second hypervisor within the first virtual machine; and providing a basic input output system (BIOS) for the second hypervisor, the BIOS being configured to decrypt and load the encrypted disk image to instantiate the virtualized computer system as a second virtual machine in the second hypervisor, and wherein the software component is further configured to migrate the second virtual machine at a runtime of the second virtual machine to the first hypervisor so as to provide a wholly encrypted disk image for the second virtual machine executing in the first hypervisor.
    Type: Grant
    Filed: January 23, 2017
    Date of Patent: August 25, 2020
    Assignee: British Telecommunications Public Limited Company
    Inventors: Fadi El-Moussa, Theo Dimitrakos
  • Publication number: 20200265134
    Abstract: A containerisation orchestrator (26) is controlled by an analysis system (20, 21, 22) which assesses an application and a device for compatibility to have a candidate application installed on the device using the orchestrator. The analysis includes an assessment of the vulnerability of the installed application to failure or malicious attack, and a risk assessment of the consequences of such an event. The candidate containerised configuration (20) for the application is also assessed for compatibilities and vulnerabilities.
    Type: Application
    Filed: October 25, 2018
    Publication date: August 20, 2020
    Inventors: Claudia CRISTINA, Simon BEDDUS, Fadi EL-MOUSSA
  • Patent number: 10747886
    Abstract: A computer implemented method to determine whether a target virtual machine (VM) in a virtualized computing environment is susceptible to a security attack, the method comprising: training a machine learning algorithm as a classifier based on a plurality of training data items, each training data item corresponding to a training VM and including a representation of parameters for a configuration of the training VM and a representation of characteristics of security attacks for the training VM; generating a data structure for storing one or more relationships between VM configuration parameters and attack characteristics, wherein the data structure is generated by sampling the trained machine learning algorithm to identify the relationships; determining a set of configuration parameters for the target VM; and identifying attack characteristics in the data structure associated with configuration parameters of the target VM as characteristics of attacks to which the target VM is susceptible.
    Type: Grant
    Filed: August 15, 2017
    Date of Patent: August 18, 2020
    Assignee: British Telecommunication Public Limited Company
    Inventors: Fadi El-Moussa, Ian Herwono
  • Publication number: 20200257814
    Abstract: A computer implemented method of providing whole disk encryption for a virtualized computer system including providing a hypervisor having a data store and instantiating a disk image of the virtualized computer system as a first virtual machine (VM) having a virtual disk from which an operating system of the first VM can be booted; instantiating a second VM in the hypervisor including a software component executing therein, wherein the data store is a shared data store accessible by both the first and second VMs, the method further comprising: the software component accessing the first VM using privileged credentials to install a software agent in the first VM and to replicate the virtual disk of the first VM in the hypervisor data store as a duplicate disk, wherein the software agent is adapted to encrypt data written to, and decrypt data read from, the disk of the first VM at a runtime of the first VM; and the software component encrypting the duplicate disk and unmounting the copied disk and mounting the e
    Type: Application
    Filed: January 26, 2017
    Publication date: August 13, 2020
    Applicant: British Telecommunications Public Limited Company
    Inventors: Fadi EL-MOUSSA, Theo DIMITRAKOS
  • Patent number: 10733295
    Abstract: A malware detection system to detect malware in a virtual machine (VM), the system including a profile generator adapted to generate a profile of a deployment of the VM, the profile including execution characteristics of the deployment; a VM package generator to generate a VM package including: a VM descriptor describing a particular deployment of the VM; and an image of the particular deployment, the image including a representation of data stored for the particular deployment of the VM; and a malware identifier adapted to identify malware in a deployment of the VM responsive to the identification of a difference between profiles of multiple different deployments of the VM.
    Type: Grant
    Filed: December 17, 2015
    Date of Patent: August 4, 2020
    Assignee: British Telecommunications Public Limited Company
    Inventors: Fadi El-Moussa, Andreas Mauthe, Angelos Marnerides, Michael Watson
  • Patent number: 10733296
    Abstract: A computer implemented method of detecting malicious code in a software application executing with a runtime environment in a computer system, the method including: receiving a definition of one or more runtime exception trigger conditions, each trigger condition defining criteria for the runtime environment to enter a software exception state and having associated a definition of a resulting state of the runtime environment having entered the exception state; monitoring the runtime environment to detect the satisfaction of a detected trigger condition by the runtime environment and, in response to a determination that the runtime environment fails to enter a resulting state associated with the detected trigger condition, identifying the software application as including malicious code.
    Type: Grant
    Filed: December 22, 2016
    Date of Patent: August 4, 2020
    Assignee: British Telecommunications Public Limited Company
    Inventor: Fadi El-Moussa
  • Patent number: 10728841
    Abstract: A mobile device having a processor, a memory and a wireless network interface, the processor executing an operating system including a network communication library for providing networking services via the wireless network interface and being further arranged to: receive capability information associated with each of plurality of wireless network access points accessible to the mobile device; identify, for a set of networked applications in execution on the mobile device, one or more applications having associated a wireless network capability requirement; and select an access point from the plurality of access points to provide network communication for the mobile device, the access point being selected based on the identified one or more applications and the received capability information, wherein network communication for applications executed by the mobile device having associated a wireless network capability requirement that is incompatible with a network capability of the selected access point are pr
    Type: Grant
    Filed: June 5, 2015
    Date of Patent: July 28, 2020
    Assignee: British Telecommunications Public Limited Company
    Inventors: Fadi El-Moussa, Ali Sajjad
  • Patent number: 10719346
    Abstract: A computer implemented method of providing whole disk encryption for a virtualized computer system including providing a software component executing in a first virtual machine for instantiation in a first hypervisor, the software component invoking a second hypervisor within the first virtual machine for instantiating a disk image of the virtualized computer system as a second virtual machine, and the software component being configured to install a software agent in the second virtual machine, the software agent being adapted to: a) encrypt the instantiated disk image; b) encrypt data written, by the second virtual machine, to the instantiated disk image at a runtime of the second virtual machine; and c) decrypt data read, by the second virtual machine, from the instantiated disk image at a runtime of the second virtual machine, wherein the software component is configured to migrate the second virtual machine at a runtime of the second virtual machine to the first hypervisor so as to provide a wholly encry
    Type: Grant
    Filed: January 26, 2017
    Date of Patent: July 21, 2020
    Assignee: British Telecommunications Public Limited Company
    Inventors: Fadi El-Moussa, Theo Dimitrakos
  • Publication number: 20200228569
    Abstract: A computer implemented method to detect an anomalous change to a web application, the web application executing with a web server, the method including receiving a first set of records for the web application operating in a training mode of operation, each record including characteristics of a content of a web page for the web application; generating a sparse distributed representation of the set of records to form a training set for a hierarchical temporal memory (HTM); training the HTM based on the training set in order that the trained HTM provides a model of the operation of the web application in the training mode of operation; receiving a second set of records for the web application, each record including characteristics of content of the web page; generating a sparse distributed representation of the second set of records to form an input set for the trained HTM; executing the trained HTM based on the input set to determine a degree of recognition of the records of the input set; and responsive to a d
    Type: Application
    Filed: July 30, 2018
    Publication date: July 16, 2020
    Inventors: Fadi EL-MOUSSA, Xiaofeng DU
  • Publication number: 20200228544
    Abstract: A method for detecting malware software in a computer system includes accessing a plurality of hostnames for a malware server from a computer system infected with malware and attempting to communicate with the malware server, each hostname including a plurality of symbols in each of a plurality of symbol positions; training an autoencoder based on each of the plurality of hostnames, wherein the autoencoder includes: a set of input units for each possible symbol and symbol position in a hostname; output units each for storing an output of the autoencoder; and a set of hidden units smaller in number than the set of input units and each interconnecting all input and all output units with weighted interconnections, such that the autoencoder is trainable to provide an approximated reconstruction of values of the input units at the output units; selecting a set of one or more symbol and symbol position tuples based on weights of interconnections in the trained autoencoder; and identifying infected computer systems
    Type: Application
    Filed: July 30, 2018
    Publication date: July 16, 2020
    Inventors: Fadi EL-MOUSSA, George KALLOS
  • Publication number: 20200220714
    Abstract: A computer implemented method of protecting data in a message for communication from a sender to a receiver, the sender and receiver sharing a secret, the method including splitting the message into a plurality of ordered message blocks, the order being a proper order such that an aggregation of the blocks in the proper order constitutes the message; generating a hash value for each message block, each hash value being generated on the basis of at least a content of the block and the secret; generating, for each block, an encoded indication of a position of the block in the proper order of blocks, the encoding being reversible and based on at least the hash value for the block and a position of the block in the proper order; communicating the blocks to the receiver in an order different to the proper order so as to obfuscate the message; and communicating the encoded indications to the receiver such that the blocks can be reassembled by the receiver in the proper order on the basis of the shared secret.
    Type: Application
    Filed: January 9, 2020
    Publication date: July 9, 2020
    Applicant: British Telecommunications Public Limited Company
    Inventors: Fadi El-Moussa, Fabio Giubilo
  • Publication number: 20200195665
    Abstract: A web server operating in a container has resource and network limits applied to add an extra layer of security to the web server. If a monitor detects that the container's resource usage is approaching one or more of these limits, which may be indicative of a DDoS attack, (step 210) or identifies traffic sources exhibiting suspicious behaviour, such as frequently repeated requests from the same address, or from a related set of addresses, a restrictor function caps the resources allowed by the original Webserver container to allow it to recover from buffer overflow and protect servers running in other containers from overwhelming any shared resources. A duplicator function starts up replica containers with the same resource limits to take overflow traffic, and a load balancing function then directs incoming traffic to these overflow containers etc.
    Type: Application
    Filed: May 11, 2018
    Publication date: June 18, 2020
    Inventors: Simon BEDDUS, Claudia CRISTINA, Fadi EL-MOUSSA
  • Publication number: 20200183716
    Abstract: Containerised computing processes are generated by an orchestration processor interpreting user commands and user profile data to build a deployment specification specifying functions to be run by a containerised process, using a shell script run on a host virtualisation container. External events such as security threats and computing resource overloads can be used to generate the virtualised process, allowing vulnerability detection, and apply countermeasures such as deployment or migration of containers during attacks to lesser prone infrastructure, and allows the orchestration of non-container tools to provide security and resilience.
    Type: Application
    Filed: May 11, 2018
    Publication date: June 11, 2020
    Inventors: Simon BEDDUS, Claudia CRISTINA, Fadi EL-MOUSSA