Patents by Inventor Jiyong Jang
Jiyong Jang has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10652217Abstract: A decoder deployed in one or more terminals, includes a computer readable storage medium storing program instructions, and a processor executing the program instructions, the processor configured to receiving a noisy message and a noisy hash from the network, searching for a pair of matching candidates for the hash and message from two row spaces of noisy message vectors using a shared secret with an encoder, and outputting, by the decoder, a decoded message if the searching is successful.Type: GrantFiled: April 28, 2016Date of Patent: May 12, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Xin Hu, Wentao Huang, Jiyong Jang, Theodoros Salonidis, Marc Ph Stoecklin, Ting Wang
-
Publication number: 20200145442Abstract: This disclosure provides for a signal flow analysis-based exploration of security knowledge represented in a graph structure comprising nodes and edges. “Conductance” values are associated to each of a set of edges. Each node has an associated “toxicity” value representing a degree of maliciousness associated with the node. The conductance value associated with an edge is a function of at least the toxicity values of the nodes to which the edge is incident. A signal flow analysis is conducted with respect to an input node representing an observable associated with an offense. The flow analysis seeks to identify a subset of the nodes that, based on their conductance values, are reached by flow of a signal representing a threat, wherein signal flow over a path in the graph continues until a signal threshold is met. Based on the analysis, nodes within the subset are designated as hypothesis nodes for further examination.Type: ApplicationFiled: December 27, 2019Publication date: May 7, 2020Inventors: Jiyong Jang, Dhilung Hang Kirat, Youngja Park, Marc Philippe Stoecklin
-
Publication number: 20200120115Abstract: An automated method for processing security events in association with a cybersecurity knowledge graph. The method begins upon receipt of information from a security system representing an offense. An initial offense context graph is built based in part on context data about the offense. The graph also activity nodes connected to a root node; at least one activity node includes an observable. The root node and its one or more activity nodes represent a context for the offense. The knowledge graph, and potentially other data sources, are then explored to further refine the initial graph to generate a refined graph that is then provided to an analyst for further review and analysis. Knowledge graph exploration involves locating the observables and their connections in the knowledge graph, determining that they are associated with known malicious entities, and then building subgraphs that are then merged into the initial graph.Type: ApplicationFiled: December 12, 2019Publication date: April 16, 2020Inventors: William Alexander Bird, Suzanne Carol Deffeyes, Jiyong Jang, Dhilung Kirat, Youngja Park, Josyula R. Rao, Marc Philippe Stoecklin
-
Publication number: 20200089879Abstract: A computer-implemented method, a computer program product, and a computer system. The computer system installs and configures a virtual imitating resource in the computer system, wherein the virtual imitating resource imitates a set of resources in the computer system. Installing and configuring the virtual imitating resource includes modifying respective values of an installed version of the virtual imitating resource for an environment of the computer system, determining whether the virtual imitating resource is a static imitating resource or a dynamic imitating resource, and comparing a call graph of the evasive malware with patterns of dynamic imitating resources on a database. The computer system returns a response from an appropriate element of the virtual imitating resource, in response to a call from the evasive malware to a real computing resource, return, by the computer system.Type: ApplicationFiled: November 25, 2019Publication date: March 19, 2020Inventors: ZHONGSHU GU, HEQING HUANG, JIYONG JANG, DHILUNG HANG KIRAT, XIAOKUI SHU, MARC P. STOECKLIN, JIALONG ZHANG
-
Publication number: 20200067950Abstract: Unknown and reference signatures are accessed. The unknown and reference signatures indicate patterns that correspond to known threats to resources (such as computer systems and/or computer networks) in a computer environment and comprise a multitude of descriptive elements having information describing different aspects of a corresponding signature. A set of similarity measures is created of the unknown and reference signatures from different perspectives, each perspective corresponding to a descriptive element. The set of similarity measures are integrated to generate an overall similarity metric. The overall similarity metric is used to find appropriate categories in the reference signatures into which the unknown signatures should be placed. The unknown signatures are placed into the appropriate categories to create a mapping from the unknown signatures to the reference signatures.Type: ApplicationFiled: November 1, 2019Publication date: February 27, 2020Inventors: Xin HU, Jiyong JANG, Douglas Lee SCHALES, Marc Philippe STOECKLIN, Ting WANG
-
Patent number: 10560471Abstract: A method includes receiving, at an input port of a computer, indication of HTTP (Hypertext Transfer Protocol) traffic and clustering, using a processor on the computer, the HTTP traffic according to a client IP (Internet Protocol) into a web session tree. A client tree structure of the web session tree is generated and the client tree structure is compared with tree structures of exploit kit samples.Type: GrantFiled: November 7, 2016Date of Patent: February 11, 2020Assignee: HCL Technologies LimitedInventors: Xin Hu, Jiyong Jang, Fabian Monrose, Marc Philippe Stoecklin, Teryl Taylor, Ting Wang
-
Patent number: 10546128Abstract: Approaches to deactivating evasive malware. In an approach, a computer system installs an imitating resource in the computer system and the imitating resource creates an imitating environment of malware analysis, wherein the imitating resource causes the evasive malware to respond to the imitating environment of the malware analysis as to a real environment of the malware analysis. In the imitating environment of malware analysis, the evasive malware determines not to perform malicious behavior. In another approach, a computer system intercepts a call from the evasive malware to a resource on the computer system and returns a virtual resource to the call, wherein in the virtual resource one or more values of the resource on the computer system are modified.Type: GrantFiled: October 6, 2017Date of Patent: January 28, 2020Assignee: International Business Machines CorporationInventors: Zhongshu Gu, Heqing Huang, Jiyong Jang, Dhilung Hang Kirat, Xiaokui Shu, Marc P. Stoecklin, Jialong Zhang
-
Publication number: 20200028670Abstract: An encoder includes a computer readable storage medium storing program instructions, and a processor executing the program instructions, the processor configured to generate a key, estimate a network capacity, and encode each bit of the key using a random matrix of a selected rank and the estimated network capacity for secure transmission of the key through a network.Type: ApplicationFiled: September 27, 2019Publication date: January 23, 2020Inventors: Xin HU, Wentao Huang, Jiyong Jang, Theodoros Salonidis, Marc Ph Stoecklin, Ting Wang
-
Publication number: 20200028669Abstract: An encoder including a computer readable storage medium storing program instructions, and a processor executing the program instructions, the processor configured to construct an encoded message using a message and a random element, construct a hash using a shared secret, and transmit the encoded message and the hash to a destination, through a network.Type: ApplicationFiled: September 27, 2019Publication date: January 23, 2020Inventors: Xin HU, Wentao Huang, Jiyong Jang, Theodoras Salonidis, Marc Ph Stoecklin, Ting Wang
-
Patent number: 10542014Abstract: Unknown and reference signatures are accessed. The unknown and reference signatures indicate patterns that correspond to known threats to resources (such as computer systems and/or computer networks) in a computer environment and comprise a multitude of descriptive elements having information describing different aspects of a corresponding signature. A set of similarity measures is created of the unknown and reference signatures from different perspectives, each perspective corresponding to a descriptive element. The set of similarity measures are integrated to generate an overall similarity metric. The overall similarity metric is used to find appropriate categories in the reference signatures into which the unknown signatures should be placed. The unknown signatures are placed into the appropriate categories to create a mapping from the unknown signatures to the reference signatures.Type: GrantFiled: May 11, 2016Date of Patent: January 21, 2020Assignee: International Business Machines CorporationInventors: Xin Hu, Jiyong Jang, Douglas Lee Schales, Marc Philippe Stoecklin, Ting Wang
-
Patent number: 10542015Abstract: An automated method for processing security events in association with a cybersecurity knowledge graph. The method begins upon receipt of information from a security system representing an offense. An initial offense context graph is built based in part on context data about the offense. The graph also activity nodes connected to a root node; at least one activity node includes an observable. The root node and its one or more activity nodes represent a context for the offense. The knowledge graph, and potentially other data sources, are then explored to further refine the initial graph to generate a refined graph that is then provided to an analyst for further review and analysis. Knowledge graph exploration involves locating the observables and their connections in the knowledge graph, determining that they are associated with known malicious entities, and then building subgraphs that are then merged into the initial graph.Type: GrantFiled: August 15, 2016Date of Patent: January 21, 2020Assignee: International Business Machines CorporationInventors: William Alexander Bird, Suzanne Carol Deffeyes, Jiyong Jang, Dhilung Kirat, Youngja Park, Josyula R. Rao, Marc Philippe Stoecklin
-
Patent number: 10536472Abstract: This disclosure provides for a signal flow analysis-based exploration of security knowledge represented in a graph structure comprising nodes and edges. “Conductance” values are associated to each of a set of edges. Each node has an associated “toxicity” value representing a degree of maliciousness associated with the node. The conductance value associated with an edge is a function of at least the toxicity values of the nodes to which the edge is incident. A signal flow analysis is conducted with respect to an input node representing an observable associated with an offense. The flow analysis seeks to identify a subset of the nodes that, based on their conductance values, are reached by flow of a signal representing a threat, wherein signal flow over a path in the graph continues until a signal threshold is met. Based on the analysis, nodes within the subset are designated as hypothesis nodes for further examination.Type: GrantFiled: August 15, 2016Date of Patent: January 14, 2020Assignee: International Business Machines CorporationInventors: Jiyong Jang, Dhilung Hang Kirat, Youngja Park, Marc Philippe Stoecklin
-
Publication number: 20200007512Abstract: A computer system trains an AI model to generate a key generated as a same key based on multiple different feature vectors, which are based on specified target environment attributes of a target environment domain. The computer system uses the key to encrypt concealed information as an encrypted payload and distributes the encrypted payload and the trained AI model to another computer system. The other computer system extracts environment attributes based on an environment domain accessible by the other computer system and decodes a candidate key by using the trained AI model that uses the extracted environment attributes of the domain environment as input. The trained AI model is trained to generate a key that is generated as a same key from multiple different feature vectors corresponding to specified target environment attributes of a target environment domain. The other computer system determines whether the candidate key is a correct key.Type: ApplicationFiled: June 29, 2018Publication date: January 2, 2020Inventors: Dhilung Hang Kirat, Jiyong Jang, Marc Philippe Stoecklin
-
Patent number: 10505719Abstract: An encoder including a computer readable storage medium storing program instructions, and a processor executing the program instructions, the processor configured to generating a message by aggregating a plurality of incoming packets, constructing an encoded message using the message and a random matrix, constructing of a hash using a shared secret, and transmitting the encoded message and the hash to a destination, through a network that performs network coding operations.Type: GrantFiled: April 28, 2016Date of Patent: December 10, 2019Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Xin Hu, Wentao Huang, Jiyong Jang, Theodoros Salonidis, Marc Ph Stoecklin, Ting Wang
-
Publication number: 20190364059Abstract: A command endpoint used by Domain Generation Algorithm (DGA) malware is identified using machine learning-based clustering. According to this technique, at least one attribute associated with a candidate resolved DNS name is identified. The candidate resolved DNS name has associated therewith a set of names that are failed DNS lookups but that cluster with the candidate resolved DNS name. A set of additional names that share the at least one attribute with the candidate resolved DNS name are then identified. For the set of additional names, an extent to which the set of additional names also clusters with the set of names that are failed DNS lookups is then determined. The candidate resolved DNS name is characterized as associated with the command endpoint when the set of additional names cluster with the set of names that are failed DNS lookups to a configurable degree.Type: ApplicationFiled: July 23, 2019Publication date: November 28, 2019Applicant: International Business Machines CorporationInventors: Xin Hu, Jiyong Jang, Douglas Lee Schales, Marc Philippe Stoecklin, Ting Wang
-
Patent number: 10484171Abstract: An encoder including a computer readable storage medium storing program instructions, and a processor executing the program instructions, the processor configured to generate a k-bit key, where k is a positive integer, estimate an upper bound of a number of eavesdropped links, encode each bit of the k-bit key using a random matrix of a selected rank, and transmit the encoded k-bit key through a network that performs linear operations on packets.Type: GrantFiled: June 17, 2016Date of Patent: November 19, 2019Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Xin Hu, Wentao Huang, Jiyong Jang, Theodoros Salonidis, Marc Ph Stoecklin, Ting Wang
-
Publication number: 20190230109Abstract: A method for improving a detection of beaconing activity includes receiving input data into a computer-implemented processing procedure at least one listing of at least one of time series data and candidate periods of potential beaconing activity. The input data is processed, to detect candidates of potential beaconing activity. By further evaluating the time series data using techniques used for evaluating an analog signal, the performance of detecting of potential beaconing activity is improved to eliminate false positive indications of beaconing activity and/or to provide indication of multiple interleaved periodicities of beaconing.Type: ApplicationFiled: March 28, 2019Publication date: July 25, 2019Inventors: Xin Hu, Jiyong Jang, Douglas Schales, Marc Stoecklin, Ting Wang
-
Patent number: 10362044Abstract: A command endpoint used by Domain Generation Algorithm (DGA) malware is identified using machine learning-based clustering. According to this technique, at least one attribute associated with a candidate resolved DNS name is identified. The candidate resolved DNS name has associated therewith a set of names that are failed DNS lookups but that cluster with the candidate resolved DNS name. A set of additional names that share the at least one attribute with the candidate resolved DNS name are then identified. For the set of additional names, an extent to which the set of additional names also clusters with the set of names that are failed DNS lookups is then determined. The candidate resolved DNS name is characterized as associated with the command endpoint when the set of additional names cluster with the set of names that are failed DNS lookups to a configurable degree.Type: GrantFiled: August 8, 2017Date of Patent: July 23, 2019Assignee: International Business Machines CorporationInventors: Xin Hu, Jiyong Jang, Douglas Lee Schales, Marc Philippe Stoecklin, Ting Wang
-
Corroborating threat assertions by consolidating security and threat intelligence with kinetics data
Publication number: 20190190945Abstract: A cognitive security analytics platform is enhanced by providing a computationally- and storage-efficient data mining technique to improve the confidence and support for one or more hypotheses presented to a security analyst. The approach herein enables the security analyst to more readily validate a hypothesis and thereby corroborate threat assertions to identify the true causes of a security offense or alert. The data mining technique is entirely automated but involves an efficient search strategy that significantly reduces the number of data queries to be made against a data store of historical data. To this end, the algorithm makes use of maliciousness information attached to each hypothesis, and it uses a confidence schema to sequentially test indicators of a given hypothesis to generate a rank-ordered (by confidence) list of hypotheses to be presented for analysis and response by the security analyst.Type: ApplicationFiled: December 20, 2017Publication date: June 20, 2019Inventors: Jiyong Jang, Dhilung Hang Kirat, Youngja Park, Marc Philippe Stoecklin -
Patent number: 10313365Abstract: An automated method for processing security events begins upon receipt of information representing an offense. Based in part on context data extracted from the offense, an offense context graph is built. The offense context graph comprises nodes and edges, with an edge therein representing a relationship between a pair of nodes, at least one of the nodes being a root node representing an entity associated with the offense. The method then continues by mining information about other events that are determined to share a local contextual relationship with the offense represented by the offense context graph. This operation generates an enriched offense context graph. The enriched offense context graph is then pruned to identify an offense context for further examination. Pruning may involve applying a metric to events associated with the offense and removing nodes that, based on evaluation of the metric, do not contribute to the offense.Type: GrantFiled: August 15, 2016Date of Patent: June 4, 2019Assignee: International Business Machines CorporationInventors: Jiyong Jang, Dhilung Hang Kirat, Youngja Park, Marc Philippe Stoecklin