Patents by Inventor Fadi El-Moussa
Fadi El-Moussa has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20220092177Abstract: A computer implemented method of computer security for a host computer system in communication with remote computer systems, the method including generating an attack map as a directed graph data structure modelling individual events leading to an exploitation of the host computer system, the attack map being generated in a training phase of the host computer system in which the host is subjected to attacks by one or more attacking remote computer systems, and generating the attack map includes collecting a log of each of a plurality of attack events occurring at the host including network packets involved in each attack event; using stacked autoencoders to extract features from the log event in each attack; generating a directed graph representation based on each of the extracted features based on a temporal relationship between events for each extracted feature and a predefined definition of each of a plurality of attack patterns defining events and temporal relationships between events, responsive to an ocType: ApplicationFiled: March 18, 2020Publication date: March 24, 2022Applicant: BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANYInventors: Ian HERWONO, Fadi EL-MOUSSA
-
Patent number: 11283607Abstract: Actuators and sensors in an intelligent system are controlled by setting encryption types and key lengths to individual applications based on the type of device and application being run. A server system (1) running in a communications gateway, selects an encryption policy for one or more devices under its control. This selection is controlled by an analysis function (11) using data relating to the type of device (13), and the applications to be run on the device (14), to generate an appropriate encryption policy (12) which can be deployed to the device (37). Controlling the analysis and deployment in a gateway device allows co-ordination between devices, and reduces processor time in the devices. An agent is sent to the device alongside the encryption policy data, to control the device according to the encryption policy.Type: GrantFiled: April 25, 2019Date of Patent: March 22, 2022Assignee: BRITISH TELECOMMUNICATIONS public limited companyInventors: Claudia Cristina, Fadi El-Moussa, Simon Beddus
-
Publication number: 20220060316Abstract: Systems and methods of protecting data in a message for communication from a sender to a receiver, the sender and receiver sharing a secret including splitting the message into a number of ordered message blocks, the order being a proper order such that an aggregation of the blocks in the proper order constitutes the message; generating an encoded indication of a position of the block in the proper order of blocks, the encoding being reversible and based on at least a hash value for the block, a secret shared between the sender and the receiver, and a position of the block in the proper order; communicating the blocks and the encoded indications to the receiver, the blocks being communicated in an order different to the proper order so as to obfuscate the message, such that the blocks can be reassembled by the receiver in the proper order on the basis of the shared secret.Type: ApplicationFiled: December 18, 2019Publication date: February 24, 2022Inventors: Fadi El-MOUSSA, Fabio GIUBILO
-
Publication number: 20220035915Abstract: A computer implemented method for determining a plurality of data sources providing seed parameters for generation of an encryption key by a ransomware algorithm, the method including exposing a target computer system to the ransomware algorithm; monitoring application programming interface (API) calls made to an operating system of the target computer system to identify a set of API calls for retrieving data about one or more hardware components of the target computer system, the data about the hardware components being determined to constitute the seed parameters.Type: ApplicationFiled: September 11, 2019Publication date: February 3, 2022Inventors: Fadi EL-MOUSSA, George KALLOS
-
Patent number: 11201876Abstract: A computer implemented method to identify malicious software in a computer system includes receiving an indication of a detection of malicious network traffic communicated via a computer network accessed by the computer system; identifying a software component involved in the malicious network traffic at the computer system; evaluating a measure of a correlation fractal dimension (CFD) for at least a portion of the software component; and storing the measure of CFD for subsequent comparison with a second measure of CFD for a corresponding portion of a second software component in the computer system to identify the second software component as a software component involved in malicious network communication.Type: GrantFiled: December 15, 2016Date of Patent: December 14, 2021Assignee: British Telecommunications Public Limited CompanyInventors: George Kallos, Fadi El-Moussa
-
Patent number: 11194901Abstract: Systems and methods for identifying a computer security threat based on communication via a computer network.Type: GrantFiled: March 3, 2017Date of Patent: December 7, 2021Assignee: British Telecommunications Public Limited CompanyInventors: Fadi El-Moussa, Ian Herwono
-
Patent number: 11159549Abstract: A computer implemented method to identify a computer security threat based on communication via a computer network including receiving a definition of acceptable network communication characteristics for each of a plurality of communication protocols; receiving a set of security events for the communication, each security event including network communication characteristics for the communication; for each security event in the set of security events: a) identifying a communication protocol associated with the event; b) detecting deviations of network communication characteristics of the event from the acceptable network communication characteristics for the identified communication protocol; and c) generating a record of each deviation identifying a communication characteristic for which the deviation is detected, and identifying a computer security threat for the communication based on the records generated for the set of security events.Type: GrantFiled: March 3, 2017Date of Patent: October 26, 2021Assignee: British Telecommunications Public Limited CompanyInventors: Fadi El-Moussa, Ian Herwono
-
Patent number: 11151244Abstract: A method in a computer system having an operating system providing isolation between software processes executable in the operating system such that a first process executing in the operating system is prevented from accessing resources of a second process executing in the operating system, the method including receiving a software component for execution as an isolated process in the operating system; receiving a baseline profile for the software component defining one or more characteristics of the software component at a runtime for identifying performance of the software component; generating a runtime profile of the software component in execution in the operating system defining characteristics of the component in execution; and flagging the software component in execution based on a comparison of the baseline profile and the runtime profile so as to identify an undesirable performance of the software component.Type: GrantFiled: May 10, 2017Date of Patent: October 19, 2021Assignee: British Telecommunications Public Limited CompanyInventors: Joshua Daniel, Fadi El-Moussa
-
Patent number: 11151268Abstract: An access control method for a restricted resource in a computer system having an operating system providing isolation between software processes executable in the operating system such that a first process executing in the operating system is prevented from accessing resources of a second process executing in the operating system, the method including receiving a software component for execution as an isolated process in the operating system; receiving a baseline profile for the software component defining characteristics of the software component at a runtime for identifying performance of the software component; generating a runtime profile of the software component in execution in the operating system defining characteristics of the component in execution; and permitting access by the software component to the restricted resource based on a comparison of the baseline profile and the runtime profile such that the software component exhibiting undesirable performance is precluded from accessing the restrictType: GrantFiled: May 10, 2017Date of Patent: October 19, 2021Assignee: British Telecommunications Public Limited CompanyInventors: Joshua Daniel, Fadi El-Moussa
-
Patent number: 11128647Abstract: A computer implemented method to identify a computer security threat based on communication of a network connected device via a computer network including receiving a plurality of blocks of network traffic from the device, each block including a sequence of network traffic data items being identifiable by a position in the sequence of the block; identifying a subset of positions occurring in every block for which a degree of variability of values of data items in each position of the subset meets a predetermined threshold; and generating executable code for performing a plurality of processing operations based on the identified subset of positions, the executable code consuming a determinate quantity of computing resources when executed for the received network traffic.Type: GrantFiled: March 3, 2017Date of Patent: September 21, 2021Assignee: British Telecommunications Public Limited CompanyInventors: Karl Smith, Fadi El-Moussa
-
Publication number: 20210286873Abstract: A computer implemented method to mitigate a security attack against a target virtual machine (VM) in a virtualized computing environment, the target VM having a target VM configuration including configuration parameters, and the security attack exhibiting a particular attack characteristic, is disclosed.Type: ApplicationFiled: July 31, 2017Publication date: September 16, 2021Applicant: British Telecommunications Public Limited CompanyInventors: Fadi EL-MOUSSA, Ian HERWONO
-
Publication number: 20210258151Abstract: Actuators and sensors in an intelligent system are controlled by setting encryption types and key lengths to individual applications based on the type of device and application being run. A server system 1 running in a communications gateway, selects an encryption policy for one or more devices under its control. This selection is controlled by an analysis function 11 using data relating to the type of device 13, and the applications to be run on the device 14, to generate an appropriate encryption policy 12 which can be deployed to the device (37). Controlling the analysis and deployment in a gateway device allows co-ordination between devices, and reduces processor time in the devices. An agent is sent to the device alongside the encryption policy data, to control the device according to the encryption policy.Type: ApplicationFiled: April 25, 2019Publication date: August 19, 2021Inventors: Claudia CRISTINA, Fadi EL-MOUSSA, Simon BEDDUS
-
Publication number: 20210248266Abstract: A computer implemented method of sharing a data message containing multiple data fields between a provider computer system and a consumer computer system, wherein the provider and consumer computer systems have mutual mistrust, is disclosed.Type: ApplicationFiled: March 19, 2019Publication date: August 12, 2021Inventors: Fabio GIUBILO, Fadi EL-MOUSSA, Mark SHACKLETON
-
Publication number: 20210182403Abstract: A computer implemented method to determine a security configuration for a target virtual machine (VM) in a virtualized computing environment, the method including training a machine learning algorithm to determine a vector of security vulnerabilities for the target VM based on a vector of configuration characteristics for the target VM, the machine learning algorithm being trained using training examples each including a configuration for a training VM and an associated vulnerability vector based on an observed security occurrence at the training VM, wherein each training example further includes an identification of one of set of security configurations for the training VM; selecting at least a subset of the set of security configurations and, for each security configuration in the subset, executing the machine learning algorithm with the vector of configuration characteristics for the target VM and an identification of the security configuration, so as to generate a set of vulnerability vectors including aType: ApplicationFiled: October 11, 2018Publication date: June 17, 2021Inventors: Mark SHACKLETON, Fadi EL-MOUSSA
-
Publication number: 20210182404Abstract: A computer implemented method to generate training data for a machine learning algorithm for determining security vulnerabilities of a virtual machine (VM) in a virtualized computing environment is disclosed. The machine learning algorithm determines the vulnerabilities based on a vector of configuration characteristics for the VM.Type: ApplicationFiled: October 11, 2018Publication date: June 17, 2021Inventors: Mark SHACKLETON, Fadi EL-MOUSSA
-
Publication number: 20210168164Abstract: A computer implemented method to detect an anomalous change to a web application configuration, the web application executing with a web server, the method including receiving a first set of records for the web application operating in a training mode of operation, each record including characteristics of the web application; generating a sparse distributed representation of the set of records to form a training set for a hierarchical temporal memory (HTM); training the HTM based on the training set in order that the trained HTM provides a model of the operation of the web application in the training mode of operation; receiving a second set of records for the web application, each record including characteristics of the web application; generating a sparse distributed representation of the second set of records to form an input set for the trained HTM; executing the trained HTM based on the input set to determine a degree of recognition of the records of the input set; and responsive to a determination thatType: ApplicationFiled: July 30, 2018Publication date: June 3, 2021Inventors: Fadi EL-MOUSSA, Xiaofeng DU
-
Publication number: 20210157927Abstract: Network-based applications and virtualized components are deployed according to a security analysis of the infrastructure to be used and applications to be run on it. A specification of requirements (201) is analysed (211), together with potential devices (212) and network nodes (213), to determine an appropriate level of security to be applied, and a deployment specification of applications, services, security countermeasures, and networks is prepared that will satisfy the customer requirement and with known characteristics and vulnerabilities of the services. This analysis is used to generate a deployment specification (22), and finally the actual control of an orchestrator (23) to deliver the service. The deployed system can be continually monitored to ensure that the service continues to operate within requirements. Should an incident such as a network attack or failure occur the system is re-analysed against the original requirements and re-configured or repaired.Type: ApplicationFiled: April 25, 2019Publication date: May 27, 2021Inventors: Simon BEDDUS, Claudia CRISTINA, Fadi EL-MOUSSA
-
Patent number: 10990690Abstract: A computer implemented method of providing whole disk encryption for a virtualized computer system including providing a hypervisor having a data store and instantiating a disk image of the virtualized computer system as a first virtual machine (VM) having a virtual disk from which an operating system of the first VM can be booted; instantiating a second VM in the hypervisor including a software component executing therein, wherein the data store is a shared data store accessible by both the first and second VMs, the method further comprising: the software component accessing the first VM using privileged credentials to install a software agent in the first VM and to replicate the virtual disk of the first VM in the hypervisor data store as a duplicate disk, wherein the software agent is adapted to encrypt data written to, and decrypt data read from, the disk of the first VM at a runtime of the first VM; and the software component encrypting the duplicate disk and unmounting the copied disk and mounting the eType: GrantFiled: January 26, 2017Date of Patent: April 27, 2021Assignee: British Telecommunications Public Limited CompanyInventors: Fadi El-Moussa, Theo Dimitrakos
-
Patent number: 10931689Abstract: A method for identifying malicious network traffic communicated via a computer network, the method including: evaluating a measure of a correlation fractal dimension for a portion of network traffic over a monitored network connection; comparing the measure of correlation fractal dimension with a reference measure of correlation fractal dimension for a corresponding portion of network traffic of a malicious network connection so as to determine if malicious network traffic is communicated over the monitored network connection.Type: GrantFiled: December 22, 2016Date of Patent: February 23, 2021Assignee: British Telecommunications Public Limited CompanyInventors: Fadi El-Moussa, George Kallos
-
Patent number: 10897359Abstract: A method for securely accessing a hardware storage device connected to a computer system, the hardware storage device having a unique hardware identifier and the computer system including a processor, the method comprising: an agent software component receiving the identifier of the storage device to authenticate the storage device, wherein the agent executes in an unrestricted mode of operation of the processor such that the agent is a trusted software component; in response to the authentication, the agent accessing a secure data key for encrypting and decrypting data on the storage device, wherein the data key is accessible only to trusted agents executing in the unrestricted mode of the processor such that software executing in a user mode of the processor stores and retrieves data on the storage device only via the agent.Type: GrantFiled: November 13, 2014Date of Patent: January 19, 2021Assignee: BRITISH TELECOMMUNICATIONS public limited companyInventors: Fadi El-Moussa, Theo Dimitrakos, Georgios Vafiadis