Patents by Inventor Jian L. Zhen
Jian L. Zhen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240045963Abstract: The methods described herein include receiving a plurality of packets associated with a file, each of the plurality of packets comprising content, and a source domain; extracting one or more features from content of a first packet of the plurality of packets; applying a trained machine learning model to the extracted one or more features to determine a probability of maliciousness associated with the first packet; responsive to determining that the probability maliciousness of the first packet is between a first threshold value and a second threshold value, labeling the first packet as having an uncertain maliciousness; extracting one or more features from content of a second packet of the plurality of packets; and applying the trained machine learning model to the extracted one or more features of the first packet and the second packet to determine a probability of maliciousness associated with the second packet.Type: ApplicationFiled: October 17, 2023Publication date: February 8, 2024Applicant: Zscaler, Inc.Inventors: Huihsin Tseng, Hao Xu, Jian L. Zhen
-
Patent number: 11822657Abstract: Disclosed is a computer implemented method for malware detection that analyses a file on a per packet basis. The method receives a packet of one or more packets associated a file, and converting a binary content associated with the packet into a digital representation and tokenizing plain text content associated with the packet. The method extracts one or more n-gram features, an entropy feature, and a domain feature from the converted content of the packet and applies a trained machine learning model to the one or more features extracted from the packet. The output of the machine learning method is a probability of maliciousness associated with the received packet. If the probability of maliciousness is above a threshold value, the method determines that the file associated with the received packet is malicious.Type: GrantFiled: April 20, 2022Date of Patent: November 21, 2023Assignee: Zscaler, Inc.Inventors: Huihsin Tseng, Hao Xu, Jian L Zhen
-
Publication number: 20220245248Abstract: Disclosed is a computer implemented method for malware detection that analyses a file on a per packet basis. The method receives a packet of one or more packets associated a file, and converting a binary content associated with the packet into a digital representation and tokenizing plain text content associated with the packet. The method extracts one or more n-gram features, an entropy feature, and a domain feature from the converted content of the packet and applies a trained machine learning model to the one or more features extracted from the packet. The output of the machine learning method is a probability of maliciousness associated with the received packet. If the probability of maliciousness is above a threshold value, the method determines that the file associated with the received packet is malicious.Type: ApplicationFiled: April 20, 2022Publication date: August 4, 2022Inventors: Huihsin Tseng, Hao Xu, Jian L. Zhen
-
Patent number: 11341242Abstract: Disclosed is a computer implemented method for malware detection that analyses a file on a per packet basis. The method receives a packet of one or more packets associated a file, and converting a binary content associated with the packet into a digital representation and tokenizing plain text content associated with the packet. The method extracts one or more n-gram features, an entropy feature, and a domain feature from the converted content of the packet and applies a trained machine learning model to the one or more features extracted from the packet. The output of the machine learning method is a probability of maliciousness associated with the received packet. If the probability of maliciousness is above a threshold value, the method determines that the file associated with the received packet is malicious.Type: GrantFiled: October 12, 2020Date of Patent: May 24, 2022Assignee: Zscaler, Inc.Inventors: Huihsin Tseng, Hao Xu, Jian L. Zhen
-
Publication number: 20210026962Abstract: Disclosed is a computer implemented method for malware detection that analyses a file on a per packet basis. The method receives a packet of one or more packets associated a file, and converting a binary content associated with the packet into a digital representation and tokenizing plain text content associated with the packet. The method extracts one or more n-gram features, an entropy feature, and a domain feature from the converted content of the packet and applies a trained machine learning model to the one or more features extracted from the packet. The output of the machine learning method is a probability of maliciousness associated with the received packet. If the probability of maliciousness is above a threshold value, the method determines that the file associated with the received packet is malicious.Type: ApplicationFiled: October 12, 2020Publication date: January 28, 2021Inventors: Huihsin Tseng, Hao Xu, Jian L. Zhen
-
Patent number: 10817608Abstract: Disclosed is a computer implemented method for malware detection that analyses a file on a per packet basis. The method receives a packet of one or more packets associated a file, and converting a binary content associated with the packet into a digital representation and tokenizing plain text content associated with the packet. The method extracts one or more n-gram features, an entropy feature, and a domain feature from the converted content of the packet and applies a trained machine learning model to the one or more features extracted from the packet. The output of the machine learning method is a probability of maliciousness associated with the received packet. If the probability of maliciousness is above a threshold value, the method determines that the file associated with the received packet is malicious.Type: GrantFiled: April 5, 2018Date of Patent: October 27, 2020Assignee: Zscaler, Inc.Inventors: Huihsin Tseng, Hao Xu, Jian L. Zhen
-
Patent number: 10505824Abstract: Methods, systems, and apparatus for network monitoring and analytics are disclosed. The methods, systems, and apparatus for network monitoring and analytics perform highly probable identification of related messages using one or more sparse hash function sets. Highly probable identification of related messages enables a network monitoring and analytics system to trace the trajectory of a message traversing the network and measure the delay for the message between observation points. The sparse hash function value, or identity, enables a network monitoring and analytics system to identify the transit path, transit time, entry point, exit point, and/or other information about individual packets and to identify bottlenecks, broken paths, lost data, and other network analytics by aggregating individual message data.Type: GrantFiled: March 17, 2016Date of Patent: December 10, 2019Assignee: LUMINOUS CYBER CORPORATIONInventor: Jian L. Zhen
-
Publication number: 20180293381Abstract: Disclosed is a computer implemented method for malware detection that analyses a file on a per packet basis. The method receives a packet of one or more packets associated a file, and converting a binary content associated with the packet into a digital representation and tokenizing plain text content associated with the packet. The method extracts one or more n-gram features, an entropy feature, and a domain feature from the converted content of the packet and applies a trained machine learning model to the one or more features extracted from the packet. The output of the machine learning method is a probability of maliciousness associated with the received packet. If the probability of maliciousness is above a threshold value, the method determines that the file associated with the received packet is malicious.Type: ApplicationFiled: April 5, 2018Publication date: October 11, 2018Inventors: Huihsin Tseng, Hao Xu, Jian L. Zhen
-
Publication number: 20160205000Abstract: Methods, systems, and apparatus for network monitoring and analytics are disclosed. The methods, systems, and apparatus for network monitoring and analytics perform highly probable identification of related messages using one or more sparse hash function sets. Highly probable identification of related messages enables a network monitoring and analytics system to trace the trajectory of a message traversing the network and measure the delay for the message between observation points. The sparse hash function value, or identity, enables a network monitoring and analytics system to identify the transit path, transit time, entry point, exit point, and/or other information about individual packets and to identify bottlenecks, broken paths, lost data, and other network analytics by aggregating individual message data.Type: ApplicationFiled: March 17, 2016Publication date: July 14, 2016Inventor: Jian L. Zhen
-
Patent number: 8380752Abstract: Event data (e.g., log messages) are represented as sets of attribute/value pairs. An index maps each attribute/value pair or attribute/value tuple to a pointer that points to event data which contains the attribute/value pair or attribute/value tuple. An attribute co-occurrence map or matrix can be generated that includes attribute names that co-occur together. Queries and custom reports can be generated by projecting event data into one or more attributes or attribute/value pairs, and then determining statistics on other attributes using a combination of the inverted index, the attribute co-occurrence map or matrix, operations on sets and/or math and statistical functions.Type: GrantFiled: April 11, 2011Date of Patent: February 19, 2013Assignee: LogLogic, Inc.Inventors: Sherif Botros, Jian L. Zhen, Minjun Liu, Boris Galitsky
-
Publication number: 20110191373Abstract: Event data (e.g., log messages) are represented as sets of attribute/value pairs. An index maps each attribute/value pair or attribute/value tuple to a pointer that points to event data which contains the attribute/value pair or attribute/value tuple. An attribute co-occurrence map or matrix can be generated that includes attribute names that co-occur together. Queries and custom reports can be generated by projecting event data into one or more attributes or attribute/value pairs, and then determining statistics on other attributes using a combination of the inverted index, the attribute co-occurrence map or matrix, operations on sets and/or math and statistical functions.Type: ApplicationFiled: April 11, 2011Publication date: August 4, 2011Applicant: LOGLOGIC, INC.Inventors: Sherif Botros, Jian L. Zhen, Minjun Liu, Boris Galitsky
-
Patent number: 7925678Abstract: Event data (e.g., log messages) are represented as sets of attribute/value pairs. An index maps each attribute/value pair or attribute/value tuple to a pointer that points to event data which contains the attribute/value pair or attribute/value tuple. An attribute co-occurrence map or matrix can be generated that includes attribute names that co-occur together. Queries and custom reports can be generated by projecting event data into one or more attributes or attribute/value pairs, and then determining statistics on other attributes using a combination of the inverted index, the attribute co-occurrence map or matrix, operations on sets and/or math and statistical functions.Type: GrantFiled: January 12, 2007Date of Patent: April 12, 2011Assignee: LogLogic, Inc.Inventors: Sherif Botros, Jian L. Zhen, Minjun Liu, Boris Galitsky
-
Publication number: 20080172409Abstract: Event data (e.g., log messages) are represented as sets of attribute/value pairs. An index maps each attribute/value pair or attribute/value tuple to a pointer that points to event data which contains the attribute/value pair or attribute/value tuple. An attribute co-occurrence map or matrix can be generated that includes attribute names that co-occur together. Queries and custom reports can be generated by projecting event data into one or more attributes or attribute/value pairs, and then determining statistics on other attributes using a combination of the inverted index, the attribute co-occurrence map or matrix, operations on sets and/or math and statistical functions.Type: ApplicationFiled: January 12, 2007Publication date: July 17, 2008Inventors: Sherif Botros, Jian L. Zhen, Minjun Liu, Boris Galitsky