Patents by Inventor Marcus Maloof
Marcus Maloof has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8707431Abstract: Methods, systems, and computer program products for insider threat detection are provided. Embodiments detect insiders who act on documents and/or files to which they have access but whose activity is inappropriate or uncharacteristic of them based on their identity, past activity, and/or organizational context. Embodiments work by monitoring the network to detect network activity associated with a set of network protocols; processing the detected activity to generate information-use events; generating contextual information associated with users of the network; and processing the information-use events based on the generated contextual information to generate alerts and threat scores for users of the network. Embodiments provide several information-misuse detectors that are used to examine generated information-use events in view of collected contextual information to detect volumetric anomalies, suspicious and/or evasive behavior.Type: GrantFiled: April 24, 2007Date of Patent: April 22, 2014Assignee: The MITRE CorporationInventors: Gregory D. Stephens, Marcus A. Maloof
-
Patent number: 8438174Abstract: Methods and systems are provided for a proactive approach for computer forensic investigations. The invention allows organizations anticipating the need for forensic analysis to prepare in advance. Forensic signatures are created including a digital fingerprint and other information associated with a file. In one aspect, informational signatures are created, which may assist in determining what information is included in a file. In another aspect, the digital fingerprint may represent contents of the file and is resistant to minor modification of the file. In another aspect, fingerprints can be compared in parallel on different computers.Type: GrantFiled: June 24, 2010Date of Patent: May 7, 2013Assignee: Georgetown UniversityInventors: Thomas Clay Shields, Ophir Frieder, Marcus A. Maloof
-
Patent number: 8312023Abstract: Methods and systems are provided for a proactive approach for computer forensic investigations. The invention allows organizations anticipating the need for forensic analysis to prepare in advance. Digital representations are generated proactively for a specified target. A digital representation is a digest of the content of the target. Digital representations of a collection of targets indexed and organized in a data structure, such as an inverted index. The searching and comparison of digital representations of a collection of targets allows quick and accurate identification of targets having identical or similar content. Computational and storage costs are expended in advance, which allows more efficient computer forensic investigations. The present invention can be applied to numerous applications, such as computer forensic evidence gathering, misuse detection, network intrusion detection, and unauthorized network traffic detection and prevention.Type: GrantFiled: May 12, 2008Date of Patent: November 13, 2012Assignee: Georgetown UniversityInventors: Thomas Clay Shields, Ophir Frieder, Marcus A. Maloof
-
Patent number: 8280905Abstract: Methods and systems are provided for a proactive approach for computer forensic investigations. The invention allows organizations anticipating the need for forensic analysis to prepare in advance. Digital signatures are generated proactively for a specified target. The digital signature represents a digest of the content of the target, and can be readily stored. Searching and comparing digital signatures allows quick and accurate identification of targets having identical or similar content. Computational and storage costs are expended in advance, which allow more efficient computer forensic investigations. The present invention can be applied to numerous applications, such as computer forensic evidence gathering, misuse detection, network intrusion detection, and unauthorized network traffic detection and prevention.Type: GrantFiled: December 21, 2007Date of Patent: October 2, 2012Assignee: Georgetown UniversityInventors: Thomas Clay Shields, Ophir Frieder, Marcus A. Maloof
-
Patent number: 8037535Abstract: A system and method for detecting malicious executable software code. Benign and malicious executables are gathered; and each are encoded as a training example using n-grams of byte codes as features. After selecting the most relevant n-grams for prediction, a plurality of inductive methods, including naive Bayes, decision trees, support vector machines, and boosting, are evaluated.Type: GrantFiled: August 12, 2005Date of Patent: October 11, 2011Assignee: Georgetown UniversityInventor: Marcus A. Maloof
-
Publication number: 20100287196Abstract: Methods and systems are provided for a proactive approach for computer forensic investigations. The invention allows organizations anticipating the need for forensic analysis to prepare in advance. Forensic signatures are created including a digital fingerprint and other information associated with a file. In one aspect, informational signatures are created, which may assist in determining what information is included in a file. In another aspect, the digital fingerprint may represent contents of the file and is resistant to minor modification of the file. In another aspect, fingerprints can be compared in parallel on different computers.Type: ApplicationFiled: June 24, 2010Publication date: November 11, 2010Inventors: Thomas Clay SHIELDS, Ophir Frieder, Marcus A. Maloof
-
Publication number: 20090164517Abstract: Methods and systems are provided for a proactive approach for computer forensic investigations. The invention allows organizations anticipating the need for forensic analysis to prepare in advance. Digital signatures are generated proactively for a specified target. The digital signature represents a digest of the content of the target, and can be readily stored. Searching and comparing digital signatures allows quick and accurate identification of targets having identical or similar content. Computational and storage costs are expended in advance, which allow more efficient computer forensic investigations. The present invention can be applied to numerous applications, such as computer forensic evidence gathering, misuse detection, network intrusion detection, and unauthorized network traffic detection and prevention.Type: ApplicationFiled: December 21, 2007Publication date: June 25, 2009Inventors: Thomas Clay SHIELDS, Ophir Frieder, Marcus A. Maloof
-
Publication number: 20090164427Abstract: Methods and systems are provided for a proactive approach for computer forensic investigations. The invention allows organizations anticipating the need for forensic analysis to prepare in advance. Digital representations are generated proactively for a specified target. A digital representation is a digest of the content of the target. Digital representations of a collection of targets indexed and organized in a data structure, such as an inverted index. The searching and comparison of digital representations of a collection of targets allows quick and accurate identification of targets having identical or similar content. Computational and storage costs are expended in advance, which allows more efficient computer forensic investigations. The present invention can be applied to numerous applications, such as computer forensic evidence gathering, misuse detection, network intrusion detection, and unauthorized network traffic detection and prevention.Type: ApplicationFiled: May 12, 2008Publication date: June 25, 2009Inventors: Thomas Clay Shields, Ophir Frieder, Marcus A. Maloof
-
Publication number: 20080271143Abstract: Methods, systems, and computer program products for insider threat detection are provided. Embodiments detect insiders who act on documents and/or files to which they have access but whose activity is inappropriate or uncharacteristic of them based on their identity, past activity, and/or organizational context. Embodiments work by monitoring the network to detect network activity associated with a set of network protocols; processing the detected activity to generate information-use events; generating contextual information associated with users of the network; and processing the information-use events based on the generated contextual information to generate alerts and threat scores for users of the network. Embodiments provide several information-misuse detectors that are used to examine generated information-use events in view of collected contextual information to detect volumetric anomalies, suspicious and/or evasive behavior.Type: ApplicationFiled: April 24, 2007Publication date: October 30, 2008Applicant: The MITRE CorporationInventors: Gregory D. Stephens, Marcus A. Maloof
-
Publication number: 20060037080Abstract: A system and method for detecting malicious executable software code. Benign and malicious executables are gathered; and each are encoded as a training example using n-grams of byte codes as features. After selecting the most relevant n-grams for prediction, a plurality of inductive methods, including naive Bayes, decision trees, support vector machines, and boosting, are evaluated.Type: ApplicationFiled: August 12, 2005Publication date: February 16, 2006Applicant: GEORGETOWN UNIVERSITYInventor: Marcus Maloof