Patents by Inventor Joseph H. Levy
Joseph H. Levy has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20210144154Abstract: Synthetic training sets for machine learning are created by identifying and modifying functional features of code in an existing malware training set. By filtering the resulting synthetic code to measure malware impact and novelty, training sets can be created that predict novel malware and to seek to preemptively exhaust the space of new malware. These synthesized training sets can be used in turn to improve training of machine learning models. Furthermore, by repeating the process of new code generation, filtering and training, an iterative machine learning process may be created that continuously narrows the window of vulnerabilities to new malicious actions.Type: ApplicationFiled: November 13, 2020Publication date: May 13, 2021Inventor: Joseph H. Levy
-
Patent number: 10938838Abstract: An automated system attempts to characterize code as safe or unsafe. For intermediate code samples not placed with sufficient confidence in either category, human-readable analysis is automatically generated to assist a human reviewer in reaching a final disposition. For example, a random forest over human-interpretable features may be created and used to identify suspicious features in a manner that is understandable to, and actionable by, a human reviewer. Similarly, a k-nearest neighbor algorithm may be used to identify similar samples of known safe and unsafe code based on a model for, e.g., a file path, a URL, an executable, and so forth. Similar code may then be displayed (with other information) to a user for evaluation in a user interface. This comparative information can improve the speed and accuracy of human interventions by providing richer context for human review of potential threats.Type: GrantFiled: September 12, 2018Date of Patent: March 2, 2021Assignee: Sophos LimitedInventors: Joshua Daniel Saxe, Andrew J. Thomas, Russell Humphries, Simon Neil Reed, Kenneth D. Ray, Joseph H. Levy
-
Patent number: 10938781Abstract: An enterprise security system is improved by instrumenting endpoints to explicitly label network flows with cryptographically secure labels that identify an application or other source of each network flow. Cryptographic techniques may be used, for example, to protect the encoded information in the label from interception by third parties or to support cryptographic authentication of a source of each label. A label may provide health, status, or other heartbeat information for the endpoint, and may be used to identify compromised endpoints, to make routing decisions for network traffic (e.g., allowing, blocking, rerouting, etc.), to more generally evaluate the health of an endpoint that is sourcing network traffic, or for any other useful purpose.Type: GrantFiled: April 22, 2016Date of Patent: March 2, 2021Assignee: Sophos LimitedInventors: Daniel Salvatore Schiappa, Andrew J. Thomas, Kenneth D. Ray, Joseph H. Levy
-
Patent number: 10880269Abstract: An enterprise security system is improved by instrumenting endpoints to explicitly label network flows with cryptographically secure labels that identify an application or other source of each network flow. Cryptographic techniques may be used, for example, to protect the encoded information in the label from interception by third parties or to support cryptographic authentication of a source of each label. A label may provide health, status, or other heartbeat information for the endpoint, and may be used to identify compromised endpoints, to make routing decisions for network traffic (e.g., allowing, blocking, rerouting, etc.), to more generally evaluate the health of an endpoint that is sourcing network traffic, or for any other useful purpose.Type: GrantFiled: April 22, 2016Date of Patent: December 29, 2020Assignee: Sophos LimitedInventors: Daniel Salvatore Schiappa, Andrew J. Thomas, Kenneth D. Ray, Joseph H. Levy
-
Patent number: 10841333Abstract: Synthetic training sets for machine learning are created by identifying and modifying functional features of code in an existing malware training set. By filtering the resulting synthetic code to measure malware impact and novelty, training sets can be created that predict novel malware and to seek to preemptively exhaust the space of new malware. These synthesized training sets can be used in turn to improve training of machine learning models. Furthermore, by repeating the process of new code generation, filtering and training, an iterative machine learning process may be created that continuously narrows the window of vulnerabilities to new malicious actions.Type: GrantFiled: January 8, 2018Date of Patent: November 17, 2020Assignee: Sophos LimitedInventor: Joseph H. Levy
-
Patent number: 10721210Abstract: An enterprise security system is improved by instrumenting endpoints to explicitly label network flows with cryptographically secure labels that identify an application or other source of each network flow. Cryptographic techniques may be used, for example, to protect the encoded information in the label from interception by third parties or to support cryptographic authentication of a source of each label. A label may provide health, status, or other heartbeat information for the endpoint, and may be used to identify compromised endpoints, to make routing decisions for network traffic (e.g., allowing, blocking, rerouting, etc.), to more generally evaluate the health of an endpoint that is sourcing network traffic, or for any other useful purpose.Type: GrantFiled: May 8, 2019Date of Patent: July 21, 2020Assignee: Sophos LimitedInventors: Daniel Salvatore Schiappa, Andrew J. Thomas, Kenneth D. Ray, Joseph H. Levy
-
Publication number: 20200074336Abstract: An ensemble of detection techniques are used to identify code that presents intermediate levels of threat. For example, an ensemble of machine learning techniques may be used to evaluate suspiciousness based on binaries, file paths, behaviors, reputations, and so forth, and code may be sorted into safe, unsafe, intermediate, or any similar categories. By filtering and prioritizing intermediate threats with these tools, human threat intervention can advantageously be directed toward code samples and associated contexts most appropriate for non-automated responses.Type: ApplicationFiled: September 12, 2018Publication date: March 5, 2020Inventors: Joshua Daniel Saxe, Andrew J. Thomas, Russell Humphries, Simon Neil Reed, Kenneth D. Ray, Joseph H. Levy
-
Publication number: 20200074078Abstract: An automated system attempts to characterize code as safe or unsafe. For intermediate code samples not placed with sufficient confidence in either category, human-readable analysis is automatically generated to assist a human reviewer in reaching a final disposition. For example, a random forest over human-interpretable features may be created and used to identify suspicious features in a manner that is understandable to, and actionable by, a human reviewer. Similarly, a k-nearest neighbor algorithm may be used to identify similar samples of known safe and unsafe code based on a model for, e.g., a file path, a URL, an executable, and so forth. Similar code may then be displayed (with other information) to a user for evaluation in a user interface. This comparative information can improve the speed and accuracy of human interventions by providing richer context for human review of potential threats.Type: ApplicationFiled: September 12, 2018Publication date: March 5, 2020Inventors: Joshua Daniel Saxe, Andrew J. Thomas, Russell Humphries, Simon Neil Reed, Kenneth D. Ray, Joseph H. Levy
-
Patent number: 10454792Abstract: A non-transitory computer readable storage medium, comprising executable instructions to collect network traffic data, produce a Fourier signature from the network traffic data, associate the Fourier signature with a known pattern, collect new network traffic data, produce a new Fourier signature from the new network traffic data, compare the new Fourier signature with the Fourier signature to selectively identify a match and associate the new network traffic data with the known pattern upon a match.Type: GrantFiled: November 3, 2016Date of Patent: October 22, 2019Assignee: SYMANTEC CORPORATIONInventors: Matthew S. Wood, Joseph H. Levy
-
Publication number: 20190319987Abstract: An interface for a threat management facility of an enterprise network supports the use of third-party security products within the enterprise network by providing access to relevant internal instrumentation and/or a programmatic interface for direct or indirect access to local security agents on compute instances within the enterprise network.Type: ApplicationFiled: April 12, 2019Publication date: October 17, 2019Inventors: Joseph H. Levy, Andrew J. Thomas, Daniel Salvatore Schiappa, Kenneth D. Ray
-
Publication number: 20190319971Abstract: A threat management facility stores a number of entity models that characterize reportable events from one or more entities. A stream of events from compute instances within an enterprise network can then be analyzed using these entity models to detect behavior that is inconsistent or anomalous for one or more of the entities that are currently active within the enterprise network.Type: ApplicationFiled: April 12, 2019Publication date: October 17, 2019Inventors: Joseph H. Levy, Andrew J. Thomas, Daniel Salvatore Schiappa, Kenneth D. Ray
-
Publication number: 20190319945Abstract: An authentication model dynamically adjusts authentication factors required for access to a remote resource based on changes to a risk score for a user, a device, or some combination of these. For example, the authentication model may conditionally specify the number and type of authentication factors required by a user/device pair, and may dynamically alter authentication requirements based on changes to a current risk assessment for the user/device while the remote resource is in use.Type: ApplicationFiled: April 12, 2019Publication date: October 17, 2019Inventors: Joseph H. Levy, Andrew J. Thomas, Daniel Salvatore Schiappa, Kenneth D. Ray
-
Publication number: 20190319980Abstract: A security platform uses a sensor-event-analysis-response methodology to iteratively adapt to a changing security environment by continuously creating and updating entity models based on observed activities and detecting patterns of events that deviate from these entity models.Type: ApplicationFiled: April 12, 2019Publication date: October 17, 2019Inventors: Joseph H. Levy, Andrew J. Thomas, Daniel Salvatore Schiappa, Kenneth D. Ray
-
Publication number: 20190319961Abstract: Entity models are used to evaluate potential risk of entities, either individually or in groups, in order to evaluate suspiciousness within an enterprise network. These individual or aggregated risk assessments can be used to adjust the security policy for compute instances within the enterprise network. A security policy may specify security settings such as network speed, filtering levels, network isolation, levels of privilege, and the like.Type: ApplicationFiled: April 12, 2019Publication date: October 17, 2019Inventors: Joseph H. Levy, Andrew J. Thomas, Daniel Salvatore Schiappa, Kenneth D. Ray
-
Patent number: 10419398Abstract: A method and apparatus for resource locator identifier rewrite have been presented. A security device receives from a resource host over a non-secure hypertext transfer protocol (HTTP) session a response to a request received from a client over a secure HTTP session. The response includes a uniform resource locator (URL) that is supposed to be for a resource host, but the URL does not designate a secure resource access protocol and the resource host requires the secure resource access protocol. The URL is located in the response and modified to designate the secure resource access protocol. After modification, the response is transmitted via the secure resource access protocol session to the client.Type: GrantFiled: July 28, 2015Date of Patent: September 17, 2019Assignee: SONICWALL INC.Inventors: John E. Gmuender, Huy Minh Nguyen, Joseph H. Levy, Michael B. Massing, Zhong Chen, David M. Telehowski
-
Publication number: 20190268303Abstract: An enterprise security system is improved by instrumenting endpoints to explicitly label network flows with cryptographically secure labels that identify an application or other source of each network flow. Cryptographic techniques may be used, for example, to protect the encoded information in the label from interception by third parties or to support cryptographic authentication of a source of each label. A label may provide health, status, or other heartbeat information for the endpoint, and may be used to identify compromised endpoints, to make routing decisions for network traffic (e.g., allowing, blocking, rerouting, etc.), to more generally evaluate the health of an endpoint that is sourcing network traffic, or for any other useful purpose.Type: ApplicationFiled: May 8, 2019Publication date: August 29, 2019Inventors: Daniel Salvatore Schiappa, Andrew J. Thomas, Kenneth D. Ray, Joseph H. Levy
-
Publication number: 20190215329Abstract: Synthetic training sets for machine learning are created by identifying and modifying functional features of code in an existing malware training set. By filtering the resulting synthetic code to measure malware impact and novelty, training sets can be created that predict novel malware and to seek to preemptively exhaust the space of new malware. These synthesized training sets can be used in turn to improve training of machine learning models. Furthermore, by repeating the process of new code generation, filtering and training, an iterative machine learning process may be created that continuously narrows the window of vulnerabilities to new malicious actions.Type: ApplicationFiled: January 8, 2018Publication date: July 11, 2019Inventor: Joseph H. Levy
-
Patent number: 9961091Abstract: A non-transitory computer readable storage medium includes executable instructions to identify specified network interactions initiated by a client machine. The specified network interactions are compared to normative values to produce a promiscuity score indicative of the risk of the client machine contracting malicious software. Depending upon the promiscuity score, prophylactic actions are optionally applied to the client machine.Type: GrantFiled: August 3, 2016Date of Patent: May 1, 2018Assignee: SYMANTEC CORPORATIONInventors: Joseph H. Levy, Matthew S. Wood
-
Patent number: 9807121Abstract: An apparatus includes a processor and a memory storing instructions executed by the processor to receive a first communication session using a first key, where the first communication session is between a client and a server. A second communication session is initiated using a second key, where the second communication session is between the apparatus and the server. An active communication session is negotiated between the client and the server using the first key and the second key. The active communication session is decrypted using the first key and the second key. The active communication session is re-encrypted using a third key to form re-encrypted data.Type: GrantFiled: November 25, 2014Date of Patent: October 31, 2017Assignee: Symantec CorporationInventors: Joseph H. Levy, David Wells, Paul Kraus
-
Publication number: 20170310708Abstract: An enterprise security system is improved by instrumenting endpoints to explicitly label network flows with cryptographically secure labels that identify an application or other source of each network flow. Cryptographic techniques may be used, for example, to protect the encoded information in the label from interception by third parties or to support cryptographic authentication of a source of each label. A label may provide health, status, or other heartbeat information for the endpoint, and may be used to identify compromised endpoints, to make routing decisions for network traffic (e.g., allowing, blocking, rerouting, etc.), to more generally evaluate the health of an endpoint that is sourcing network traffic, or for any other useful purpose.Type: ApplicationFiled: April 22, 2016Publication date: October 26, 2017Inventors: Daniel Salvatore Schiappa, Andrew J. Thomas, Kenneth D. Ray, Joseph H. Levy