Patents by Inventor Leylya Yumer

Leylya Yumer has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11381596
    Abstract: Analyzing and mitigating website privacy issues by automatically classifying cookies.
    Type: Grant
    Filed: December 12, 2019
    Date of Patent: July 5, 2022
    Assignee: NORTONLIFELOCK INC.
    Inventors: Iskander Sanchez, Leylya Yumer
  • Patent number: 11354440
    Abstract: Analyzing and mitigating privacy issues on a computing device using cookie generation flows. The method includes initiating a headless web browser, monitoring a request made of a website accessed by the headless web browser, monitoring scripts created on the website, instrumenting a function used to create a cookie on the computing device, tracing an initial generation of a call used to create the cookie on the computing device, obtaining a cookie generation flow related to the creation of the cookie, and initiating a security action based on obtaining the cookie generation flow.
    Type: Grant
    Filed: June 21, 2019
    Date of Patent: June 7, 2022
    Assignee: NORTONLIFELOCK INC.
    Inventors: Iskander Sanchez, Leylya Yumer
  • Patent number: 10623426
    Abstract: Building a ground truth dataset for a machine learning-based security application. In one embodiment, a method may include identifying a set of network devices to add to a ground truth dataset. The method may also include, for each network device in the set of network devices, identifying a potentially malicious application stored on the network device, analyzing behavior of the potentially malicious application to determine whether the potentially malicious application has behaved maliciously, and if so, adding the network device to the ground truth dataset as an infected device or, if not, adding the network device to the ground truth dataset as a clean device. The method may further include training a machine learning classifier of a security application using the ground truth dataset, making a security action decision using the machine learning classifier, and performing a security action on a computer system based on the security action decision.
    Type: Grant
    Filed: July 14, 2017
    Date of Patent: April 14, 2020
    Assignee: NortonLifeLock Inc.
    Inventors: Leylya Yumer, Petros Efstathopoulos
  • Patent number: 10547623
    Abstract: Securing network devices by forecasting future security incidents for a network based on past security incidents. In one embodiment, a method may include constructing past inside-in security features for a network, constructing past outside-in security features for the network, and employing dynamic time warping to generate a similarity score for each security feature pair in the past inside-in security features, in the past outside-in security features, and between the past inside-in security features and the past outside-in security features. The method may further include generating a Coupled Gaussian Latent Variable (CGLV) model based on the similarity scores, forecasting future inside-in security features for the network using the CGLV model, and performing a security action on one or more network devices of the network based on the forecasted future inside-in security features for the network.
    Type: Grant
    Filed: July 31, 2017
    Date of Patent: January 28, 2020
    Assignee: SYMANTEC CORPORATION
    Inventors: Yufei Han, Yun Shen, Leylya Yumer, Pierre-Antoine Vervier, Petros Efstathopoulos
  • Patent number: 10547633
    Abstract: The disclosed computer-implemented method for mapping services utilized by network domains may include (i) receiving a request to perform a risk assessment on a domain, (ii) querying a database for records associated with the domain, where each record links to a network resource that enables functionality of the domain, (iii) generating a service map that matches each network resource to a corresponding service type and service provider, (v) performing the risk assessment of the domain, and (vi) facilitating a security measure for the domain based on a result of the risk assessment. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: November 7, 2017
    Date of Patent: January 28, 2020
    Assignee: Symantec Corporation
    Inventors: Matteo Dell'Amico, Pierre-Antoine Vervier, Leylya Yumer
  • Patent number: 10410158
    Abstract: A computer-implemented method for evaluating cybersecurity risk may include (i) identifying telemetry data collected from endpoints of an entity, (ii) calculating a cybersecurity risk score for the entity by searching the telemetry data for information indicative of cybersecurity risk exposure of the entity and performing an actuarial analysis on the information indicative of the cybersecurity risk exposure to quantize a potential consequence of the cybersecurity risk exposure, and (iii) performing, based on the cybersecurity risk score, a security action to protect the entity from the potential consequence of the cybersecurity risk exposure. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: July 29, 2016
    Date of Patent: September 10, 2019
    Assignee: Symantec Corporation
    Inventors: Leylya Yumer, Laurent Heslault, Roxane Divol
  • Patent number: 10367845
    Abstract: The disclosed computer-implemented method for evaluating infection risks based on profiled user behaviors may include (1) collecting user-behavior profiles that may include labeled profiles (e.g., infected profiles and/or clean profiles) and/or unlabeled profiles, (2) training a classification model to distinguish infected profiles from clean profiles using features and labels of the user-behavior profiles, and (3) using the classification model to predict (a) a likelihood that a computing system of a user will become infected based on a profile of user behaviors of the user and/or (b) a likelihood that a user behavior in the user-behavior profiles will result in a computing-system infection. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: August 30, 2018
    Date of Patent: July 30, 2019
    Assignee: Symantec Corporation
    Inventors: Yufei Han, Leylya Yumer, Pierre-Antoine Vervier, Matteo Dell'Amico
  • Patent number: 10169584
    Abstract: The disclosed computer-implemented method for identifying non-malicious files on computing devices within organizations may include (1) identifying a file on at least one computing device within multiple computing devices managed by an organization, (2) identifying a source of the file based on examining a relationship between the file and the organization, (3) determining that the source of the file is trusted within the organization, and then (4) concluding, based on the source of the file being trusted within the organization, that the file is not malicious. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: June 25, 2015
    Date of Patent: January 1, 2019
    Assignee: Symantec Corporation
    Inventors: Kevin Roundy, Sandeep Bhatkar, Aleatha Parker-Wood, Yin Liu, Anand Kashyap, Leylya Yumer, Christopher Gates
  • Patent number: 10116680
    Abstract: The disclosed computer-implemented method for evaluating infection risks based on profiled user behaviors may include (1) collecting user-behavior profiles that may include labeled profiles (e.g., infected profiles and/or clean profiles) and/or unlabeled profiles, (2) training a classification model to distinguish infected profiles from clean profiles using features and labels of the user-behavior profiles, and (3) using the classification model to predict (a) a likelihood that a computing system of a user will become infected based on a profile of user behaviors of the user and/or (b) a likelihood that a user behavior in the user-behavior profiles will result in a computing-system infection. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: June 21, 2016
    Date of Patent: October 30, 2018
    Assignee: Symantec Corporation
    Inventors: Yufei Han, Leylya Yumer, Pierre-Antoine Vervier, Matteo Dell'Amico
  • Patent number: 10104097
    Abstract: The disclosed computer-implemented method for preventing targeted malware attacks may include (1) identifying at least one candidate risk factor for targets of previous targeted malware attacks that were directed to the targets based on characteristics of the targets, (2) calculating a degree of association between the candidate risk factor and the previous targeted malware attacks by comparing rates of targeted malware attacks between a group that possesses the risk factor and a group that does not possess the risk factor, (3) identifying a candidate target of a targeted malware attack that possesses the candidate risk factor, and (4) adjusting a security policy assigned to the candidate target of the targeted malware attack based on the calculated degree of association between the candidate risk factor and the previous targeted malware attacks. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: December 12, 2014
    Date of Patent: October 16, 2018
    Assignee: Symantec Corporation
    Inventors: Leylya Yumer, Olivier Thonnard, Anand Kashyap
  • Patent number: 10055586
    Abstract: The disclosed computer-implemented method for determining the trustworthiness of files within organizations may include (1) identifying a file on a computing device within multiple computing devices managed by an organization, (2) in response to identifying the file, identifying at least one additional computing device within the multiple computing devices that is potentially associated with the file, (3) distributing at least a portion of the file to a user of the additional computing device with a request to receive an indication of the trustworthiness of the file, and then (4) receiving, from the additional computing device, a response that indicates the trustworthiness of the file. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: June 29, 2015
    Date of Patent: August 21, 2018
    Assignee: Symantec Corporation
    Inventors: Kevin Roundy, Sandeep Bhatkar, Christopher Gates, Anand Kashyap, Yin Liu, Aleatha Parker-Wood, Leylya Yumer
  • Patent number: 10025937
    Abstract: Techniques are disclosed for dynamically managing hardening policies in a client computer (e.g., of an enterprise network). A hardening management application monitors activity on the client computer that is associated with a first hardening policy. The monitored activity is evaluated based on one or more metrics. Upon determining that at least one of the metrics is outside of a tolerance specified in the first hardening policy, the client computer is associated with a second hardening policy. The client computer is reconfigured based on the second hardening policy.
    Type: Grant
    Filed: June 26, 2015
    Date of Patent: July 17, 2018
    Assignee: Symantec Corporation
    Inventors: Anand Kashyap, Kevin A. Roundy, Sandeep Bhatkar, Aleatha Parker-Wood, Christopher Gates, Yin Liu, Leylya Yumer
  • Patent number: 9813437
    Abstract: The disclosed computer-implemented method for determining malicious-download risk based on user behavior may include (1) identifying a set of users that are at high risk for malicious downloads and a set of users that are at low risk for malicious downloads, (2) determining a high-risk pattern of download behavior that is shared by the set of high-risk users and that is not shared by the set of low-risk users, (3) analyzing download behavior of an uncategorized user over a predefined time period in order to categorize the download behavior as high-risk or low-risk, and (4) categorizing the uncategorized user as a high-risk user in response to determining that the download behavior of the uncategorized user falls within a predefined similarity threshold of the high-risk pattern of download behavior. Various other methods, systems, and computer-readable media are also disclosed. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: June 15, 2015
    Date of Patent: November 7, 2017
    Assignee: Symantec Corporation
    Inventor: Leylya Yumer
  • Patent number: 9807094
    Abstract: The disclosed computer-implemented method for dynamic access control over shared resources may include (1) detecting an attempt by a user to access a resource via a computing environment, (2) identifying a risk level of the user attempting to access the resource, (3) identifying a sensitivity level of the resource, (4) identifying a risk level of the computing environment through which the user is attempting to access the resource, (5) determining an overall risk level for the attempt to access the resource based at least in part on (A) the risk level of the user, (B) the sensitivity level of the resource, and (C) the risk level of the computing environment, and then (6) determining, based at least in part on the overall risk level, whether to grant the user access to the resource via the computing environment. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: June 25, 2015
    Date of Patent: October 31, 2017
    Assignee: Symantec Corporation
    Inventors: Yin Liu, Sandeep Bhatkar, Kevin Roundy, Leylya Yumer, Anand Kashyap, Aleatha Parker-Wood, Christopher Gates
  • Patent number: 9798876
    Abstract: A computer-implemented method for creating security profiles may include (1) identifying, within a computing environment, a new actor as a target for creating a new security behavior profile that defines expected behavior for the new actor, (2) identifying a weighted graph that connects the new actor as a node to other actors, (3) creating, by analyzing the weighted graph, the new security behavior profile based on the new actor's specific position within the weighted graph, (4) detecting a security anomaly by comparing actual behavior of the new actor within the computing environment with the new security behavior profile that defines expected behavior for the new actor, and (5) performing, by a computer security system, a remedial action in response to detecting the security anomaly. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: August 19, 2015
    Date of Patent: October 24, 2017
    Assignee: Symantec Corporation
    Inventors: Aleatha Parker-Wood, Anand Kashyap, Christopher Gates, Kevin Roundy, Leylya Yumer, Sandeep Bhatkar, Yin Liu
  • Patent number: 9800590
    Abstract: The disclosed computer-implemented method for threat detection using a software program update profile may include (1) building an update behavioral model that identifies legitimate update behavior for a software application by (a) monitoring client devices for update events associated with the software application and (b) analyzing the update events to identify the legitimate update behavior of the software application, (2) using the update behavioral model to identify suspicious behavior on a computing system by (a) detecting an update instance on the computing system, (b) comparing the update instance with the legitimate update behavior identified in the update behavioral model, and (c) determining, based on the comparison of the update instance with the legitimate update behavior, that the update instance is suspicious, and (3) in response to determining that the update instance is suspicious, performing a security action. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: June 25, 2015
    Date of Patent: October 24, 2017
    Assignee: Symantec Corporation
    Inventors: Christopher Gates, Kevin Roundy, Sandeep Bhatkar, Anand Kashyap, Yin Liu, Aleatha Parker-Wood, Leylya Yumer
  • Patent number: 9800606
    Abstract: A computer-implemented method for evaluating network security may include (1) receiving, by a security server, a request to report a network risk score for an organization based on telemetry data describing file downloads at computers managed by the organization over a specified period of time, (2) identifying the telemetry data describing file downloads at the computers managed by the organization over the specified period of time, (3) searching the telemetry data to match file downloads over the specified period of time to at least one file that was previously categorized, prior to the request, as a hacking tool, (4) calculating the network risk score based on the telemetry data, and (5) reporting, automatically by the security server in response to the request, the calculated network risk score. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: November 25, 2015
    Date of Patent: October 24, 2017
    Assignee: Symantec Corporation
    Inventor: Leylya Yumer
  • Publication number: 20160366167
    Abstract: The disclosed computer-implemented method for determining malicious-download risk based on user behavior may include (1) identifying a set of users that are at high risk for malicious downloads and a set of users that are at low risk for malicious downloads, (2) determining a high-risk pattern of download behavior that is shared by the set of high-risk users and that is not shared by the set of low-risk users, (3) analyzing download behavior of an uncategorized user over a predefined time period in order to categorize the download behavior as high-risk or low-risk, and (4) categorizing the uncategorized user as a high-risk user in response to determining that the download behavior of the uncategorized user falls within a predefined similarity threshold of the high-risk pattern of download behavior. Various other methods, systems, and computer-readable media are also disclosed. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Application
    Filed: June 15, 2015
    Publication date: December 15, 2016
    Inventor: Leylya Yumer
  • Patent number: 9158915
    Abstract: A computer-implemented method for analyzing zero-day attacks may include 1) identifying, within a database of known security vulnerabilities, disclosure timing information that indicates when a security vulnerability was publicly disclosed, 2) correlating a file with the security vulnerability by searching a database of file activity for at least one file that is associated with an attack that exploits the security vulnerability, 3) identifying, within the database of file activity, activity timing information indicating timing of one or more activities that involve the file and that occurred on endpoint computing devices before the security vulnerability was publicly disclosed, and 4) comparing the disclosure timing information with the activity timing information to investigate a potential zero-day attack that exploits the security vulnerability. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: May 24, 2013
    Date of Patent: October 13, 2015
    Assignee: Symantec Corporation
    Inventors: Leylya Yumer, Tudor Dumitras