Patents by Inventor Fred Krenson
Fred Krenson has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230359734Abstract: Examples of the present disclosure describe systems and methods for a behavioral threat detection engine. In examples, the behavioral threat detection engine manages execution of one or more virtual machines, wherein each virtual machine processes a rule in relation to a context. The behavioral threat detection engine uses any of a variety of techniques to identify when events occur. Accordingly, the behavioral threat detection engine provides event indications, in the form of event packets, to one or more virtual machines, such that corresponding rules are able to process the events accordingly. Eventually, a rule may make a determination as to the presence or absence of a behavior. As a result, execution of the associated virtual machine may be halted, thereby indicating to the behavioral threat detection engine that a determination has been made. Thus a behavioral threat detection engine employs a behavior-based approach to detecting malicious or potentially malicious behaviors.Type: ApplicationFiled: July 17, 2023Publication date: November 9, 2023Inventors: Eric Klonowski, Fred Krenson
-
Patent number: 11755730Abstract: Examples of the present disclosure describe systems and methods for a behavioral threat detection engine. In examples, the behavioral threat detection engine manages execution of one or more virtual machines, wherein each virtual machine processes a rule in relation to a context. The behavioral threat detection engine uses any of a variety of techniques to identify when events occur. Accordingly, the behavioral threat detection engine provides event indications, in the form of event packets, to one or more virtual machines, such that corresponding rules are able to process the events accordingly. Eventually, a rule may make a determination as to the presence or absence of a behavior. As a result, execution of the associated virtual machine may be halted, thereby indicating to the behavioral threat detection engine that a determination has been made. Thus a behavioral threat detection engine employs a behavior-based approach to detecting malicious or potentially malicious behaviors.Type: GrantFiled: September 14, 2022Date of Patent: September 12, 2023Assignee: CARBONITE LLCInventors: Eric Klonowski, Fred Krenson
-
Publication number: 20230252135Abstract: Examples of the present disclosure describe systems and methods for behavioral threat detection definition. In an example, a behavior rule comprising a set of rule instructions is used to define one or more events indicative of a behavior. For example, a set of events from which one event must be matched may be defined or a set of events from which all events must be matched may be defined. In some examples, events are matched based on an event name or type, or may be matched based on one or more parameters. Exact and/or inexact matching may be used. The set of rule instructions ultimately specifies one or more halt instructions, thereby indicating that a determination as to the presence of the behavior has been made. Example determinations include, but are not limited to, a match determination, a non-match determination, or an indication that additional monitoring should be performed.Type: ApplicationFiled: April 19, 2023Publication date: August 10, 2023Inventors: Eric Klonowski, Fred Krenson
-
Publication number: 20230252141Abstract: Examples of the present disclosure describe systems and methods for a behavioral threat detection virtual machine. In examples, the virtual machine executes a rule comprising rule instructions. A rule may comprise one or more wait rule instructions that causes the virtual machine to pause execution. As events are added to an event queue for the rule virtual machine, the behavioral threat detection virtual machine evaluates such events in order to identify a positive or, in some instances, a negative match. When a matching event is identified, rule execution resumes. Eventually, a determination is made as a result of processing events and wait packets, thereby indicating the presence or absence of a malicious or potentially malicious behavior, among other examples. Thus, among other things, the behavioral threat detection virtual machine maintains a state associated with rule execution and processes events to identify behaviors accordingly.Type: ApplicationFiled: April 17, 2023Publication date: August 10, 2023Inventors: Eric Klonowski, Fred Krenson
-
Patent number: 11663326Abstract: Examples of the present disclosure describe systems and methods for behavioral threat detection definition. In an example, a behavior rule comprising a set of rule instructions is used to define one or more events indicative of a behavior. For example, a set of events from which one event must be matched may be defined or a set of events from which all events must be matched may be defined. In some examples, events are matched based on an event name or type, or may be matched based on one or more parameters. Exact and/or inexact matching may be used. The set of rule instructions ultimately specifies one or more halt instructions, thereby indicating that a determination as to the presence of the behavior has been made. Example determinations include, but are not limited to, a match determination, a non-match determination, or an indication that additional monitoring should be performed.Type: GrantFiled: June 29, 2021Date of Patent: May 30, 2023Assignee: Webroot Inc.Inventors: Eric Klonowski, Fred Krenson
-
Patent number: 11657149Abstract: Examples of the present disclosure describe systems and methods for a behavioral threat detection virtual machine. In examples, the virtual machine executes a rule comprising rule instructions. A rule may comprise one or more wait rule instructions that causes the virtual machine to pause execution. As events are added to an event queue for the rule virtual machine, the behavioral threat detection virtual machine evaluates such events in order to identify a positive or, in some instances, a negative match. When a matching event is identified, rule execution resumes. Eventually, a determination is made as a result of processing events and wait packets, thereby indicating the presence or absence of a malicious or potentially malicious behavior, among other examples. Thus, among other things, the behavioral threat detection virtual machine maintains a state associated with rule execution and processes events to identify behaviors accordingly.Type: GrantFiled: June 11, 2021Date of Patent: May 23, 2023Assignee: WEBROOT INC.Inventors: Eric Klonowski, Fred Krenson
-
Publication number: 20230004643Abstract: Examples of the present disclosure describe systems and methods for a behavioral threat detection engine. In examples, the behavioral threat detection engine manages execution of one or more virtual machines, wherein each virtual machine processes a rule in relation to a context. The behavioral threat detection engine uses any of a variety of techniques to identify when events occur. Accordingly, the behavioral threat detection engine provides event indications, in the form of event packets, to one or more virtual machines, such that corresponding rules are able to process the events accordingly. Eventually, a rule may make a determination as to the presence or absence of a behavior. As a result, execution of the associated virtual machine may be halted, thereby indicating to the behavioral threat detection engine that a determination has been made. Thus a behavioral threat detection engine employs a behavior-based approach to detecting malicious or potentially malicious behaviors.Type: ApplicationFiled: September 14, 2022Publication date: January 5, 2023Applicant: Webroot Inc.Inventors: Eric Klonowski, Fred Krenson
-
Patent number: 11481486Abstract: Examples of the present disclosure describe systems and methods for a behavioral threat detection engine. In examples, the behavioral threat detection engine manages execution of one or more virtual machines, wherein each virtual machine processes a rule in relation to a context. The behavioral threat detection engine uses any of a variety of techniques to identify when events occur. Accordingly, the behavioral threat detection engine provides event indications, in the form of event packets, to one or more virtual machines, such that corresponding rules are able to process the events accordingly. Eventually, a rule may make a determination as to the presence or absence of a behavior. As a result, execution of the associated virtual machine may be halted, thereby indicating to the behavioral threat detection engine that a determination has been made. Thus a behavioral threat detection engine employs a behavior-based approach to detecting malicious or potentially malicious behaviors.Type: GrantFiled: March 27, 2019Date of Patent: October 25, 2022Assignee: Webroot Inc.Inventors: Eric Klonowski, Fred Krenson
-
Publication number: 20220207144Abstract: Examples of the present disclosure describe systems and methods for behavioral threat detection definition compilation. In an example, one or more sets of rule instructions may be packaged for distribution and/or use by a behavioral threat detection engine. As an example, a set of rule instructions is compiled into an intermediate language and assembled in to a compiled behavior rule binary. Event linking is performed, wherein other rules launched by the rule and/or events that launch the rule or are processed by the rule are identified, and such information may be stored accordingly. The behavior rule binary may be packaged with other rules associated with identifying a specific behavior. The packaged behavior rule is distributed to one or more computing devices for use with a behavioral threat detection engine. For example, the threat detection engine may execute the behavior rule using a rule virtual machine.Type: ApplicationFiled: March 18, 2022Publication date: June 30, 2022Inventors: Eric Klonowski, Fred Krenson
-
Patent number: 11314863Abstract: Examples of the present disclosure describe systems and methods for behavioral threat detection definition compilation. In an example, one or more sets of rule instructions may be packaged for distribution and/or use by a behavioral threat detection engine. As an example, a set of rule instructions is compiled into an intermediate language and assembled in to a compiled behavior rule binary. Event linking is performed, wherein other rules launched by the rule and/or events that launch the rule or are processed by the rule are identified, and such information may be stored accordingly. The behavior rule binary may be packaged with other rules associated with identifying a specific behavior. The packaged behavior rule is distributed to one or more computing devices for use with a behavioral threat detection engine. For example, the threat detection engine may execute the behavior rule using a rule virtual machine.Type: GrantFiled: March 27, 2019Date of Patent: April 26, 2022Assignee: WEBROOT, INC.Inventors: Eric Klonowski, Fred Krenson
-
Publication number: 20210326435Abstract: Examples of the present disclosure describe systems and methods for behavioral threat detection definition. In an example, a behavior rule comprising a set of rule instructions is used to define one or more events indicative of a behavior. For example, a set of events from which one event must be matched may be defined or a set of events from which all events must be matched may be defined. In some examples, events are matched based on an event name or type, or may be matched based on one or more parameters. Exact and/or inexact matching may be used. The set of rule instructions ultimately specifies one or more halt instructions, thereby indicating that a determination as to the presence of the behavior has been made. Example determinations include, but are not limited to, a match determination, a non-match determination, or an indication that additional monitoring should be performed.Type: ApplicationFiled: June 29, 2021Publication date: October 21, 2021Inventors: Eric Klonowski, Fred Krenson
-
Publication number: 20210303685Abstract: Examples of the present disclosure describe systems and methods for a behavioral threat detection virtual machine. In examples, the virtual machine executes a rule comprising rule instructions. A rule may comprise one or more wait rule instructions that causes the virtual machine to pause execution. As events are added to an event queue for the rule virtual machine, the behavioral threat detection virtual machine evaluates such events in order to identify a positive or, in some instances, a negative match. When a matching event is identified, rule execution resumes. Eventually, a determination is made as a result of processing events and wait packets, thereby indicating the presence or absence of a malicious or potentially malicious behavior, among other examples. Thus, among other things, the behavioral threat detection virtual machine maintains a state associated with rule execution and processes events to identify behaviors accordingly.Type: ApplicationFiled: June 11, 2021Publication date: September 30, 2021Inventors: Eric Klonowski, Fred Krenson
-
Patent number: 11080391Abstract: Examples of the present disclosure describe systems and methods for behavioral threat detection definition. In an example, a behavior rule comprising a set of rule instructions is used to define one or more events indicative of a behavior. For example, a set of events from which one event must be matched may be defined or a set of events from which all events must be matched may be defined. In some examples, events are matched based on an event name or type, or may be matched based on one or more parameters. Exact and/or inexact matching may be used. The set of rule instructions ultimately specifies one or more halt instructions, thereby indicating that a determination as to the presence of the behavior has been made. Example determinations include, but are not limited to, a match determination, a non-match determination, or an indication that additional monitoring should be performed.Type: GrantFiled: March 27, 2019Date of Patent: August 3, 2021Assignee: Webroot Inc.Inventors: Eric Klonowski, Fred Krenson
-
Patent number: 11080394Abstract: Examples of the present disclosure describe systems and methods for a behavioral threat detection virtual machine. In examples, the virtual machine executes a rule comprising rule instructions. A rule may comprise one or more wait rule instructions that causes the virtual machine to pause execution. As events are added to an event queue for the rule virtual machine, the behavioral threat detection virtual machine evaluates such events in order to identify a positive or, in some instances, a negative match. When a matching event is identified, rule execution resumes. Eventually, a determination is made as a result of processing events and wait packets, thereby indicating the presence or absence of a malicious or potentially malicious behavior, among other examples. Thus, among other things, the behavioral threat detection virtual machine maintains a state associated with rule execution and processes events to identify behaviors accordingly.Type: GrantFiled: March 27, 2019Date of Patent: August 3, 2021Assignee: Webroot Inc.Inventors: Eric Klonowski, Fred Krenson
-
Publication number: 20200311258Abstract: Examples of the present disclosure describe systems and methods for behavioral threat detection definition. In an example, a behavior rule comprising a set of rule instructions is used to define one or more events indicative of a behavior. For example, a set of events from which one event must be matched may be defined or a set of events from which all events must be matched may be defined. In some examples, events are matched based on an event name or type, or may be matched based on one or more parameters. Exact and/or inexact matching may be used. The set of rule instructions ultimately specifies one or more halt instructions, thereby indicating that a determination as to the presence of the behavior has been made. Example determinations include, but are not limited to, a match determination, a non-match determination, or an indication that additional monitoring should be performed.Type: ApplicationFiled: March 27, 2019Publication date: October 1, 2020Applicant: Webroot Inc.Inventors: Eric Klonowski, Fred Krenson
-
Publication number: 20200311267Abstract: Examples of the present disclosure describe systems and methods for behavioral threat detection definition compilation. In an example, one or more sets of rule instructions may be packaged for distribution and/or use by a behavioral threat detection engine. As an example, a set of rule instructions is compiled into an intermediate language and assembled in to a compiled behavior rule binary. Event linking is performed, wherein other rules launched by the rule and/or events that launch the rule or are processed by the rule are identified, and such information may be stored accordingly. The behavior rule binary may be packaged with other rules associated with identifying a specific behavior. The packaged behavior rule is distributed to one or more computing devices for use with a behavioral threat detection engine. For example, the threat detection engine may execute the behavior rule using a rule virtual machine.Type: ApplicationFiled: March 27, 2019Publication date: October 1, 2020Applicant: Webroot Inc.Inventors: Eric Klonowski, Fred Krenson
-
Publication number: 20200311260Abstract: Examples of the present disclosure describe systems and methods for a behavioral threat detection engine. In examples, the behavioral threat detection engine manages execution of one or more virtual machines, wherein each virtual machine processes a rule in relation to a context. The behavioral threat detection engine uses any of a variety of techniques to identify when events occur. Accordingly, the behavioral threat detection engine provides event indications, in the form of event packets, to one or more virtual machines, such that corresponding rules are able to process the events accordingly. Eventually, a rule may make a determination as to the presence or absence of a behavior. As a result, execution of the associated virtual machine may be halted, thereby indicating to the behavioral threat detection engine that a determination has been made. Thus a behavioral threat detection engine employs a behavior-based approach to detecting malicious or potentially malicious behaviors.Type: ApplicationFiled: March 27, 2019Publication date: October 1, 2020Applicant: Webroot Inc.Inventors: Eric Klonowski, Fred Krenson
-
Publication number: 20200311261Abstract: Examples of the present disclosure describe systems and methods for a behavioral threat detection virtual machine. In examples, the virtual machine executes a rule comprising rule instructions. A rule may comprise one or more wait rule instructions that causes the virtual machine to pause execution. As events are added to an event queue for the rule virtual machine, the behavioral threat detection virtual machine evaluates such events in order to identify a positive or, in some instances, a negative match. When a matching event is identified, rule execution resumes. Eventually, a determination is made as a result of processing events and wait packets, thereby indicating the presence or absence of a malicious or potentially malicious behavior, among other examples. Thus, among other things, the behavioral threat detection virtual machine maintains a state associated with rule execution and processes events to identify behaviors accordingly.Type: ApplicationFiled: March 27, 2019Publication date: October 1, 2020Applicant: Webroot Inc.Inventors: Eric Klonowski, Fred Krenson