Patents by Inventor Martin Rosa

Martin Rosa has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11386207
    Abstract: A method comprises detecting a plurality of floating code instances associated with one or more endpoint devices of a computer network, obtaining metadata of each of the floating code instances, and generating floating code signatures for respective ones of the floating code instances based at least in part on their respective metadata. The floating code signatures are utilized to categorize one or more of the floating code instances as at least potentially malicious floating code instances. A given one of the floating code instances illustratively comprises an executable code block dynamically allocated in a memory of a corresponding one of the endpoint devices and does not include any file structure counterpart. The metadata utilized to generate the floating code signature of a given one of the floating code instances illustratively comprises at least one of image hook metadata and thread metadata of the given floating code instance.
    Type: Grant
    Filed: January 30, 2019
    Date of Patent: July 12, 2022
    Assignee: EMC IP Holding Company LLC
    Inventors: Martin Rosa, Etienne Boucher
  • Patent number: 11151246
    Abstract: A method in an illustrative embodiment comprises receiving a plurality of indicators relating to an entity of a computer network, arranging the indicators in a plurality of categories of increasing risk, assigning weights to the indicators in the categories as a function of the number of categories and the number of indicators in each category, generating a risk score for the indicators based at least in part on the assigned weights, and initiating at least one automated action relating to the entity of the computer network based at least in part on the risk score. The risk score generation is configured such that a weighted contribution to the risk score of indicators in a relatively low one of the categories decreases as a number of indicators in a relatively high one of the categories increases. Similarly, a weighted contribution to the risk score of indicators in a relatively low one of the categories increases as a number of indicators in a relatively high one of the categories decreases.
    Type: Grant
    Filed: January 8, 2019
    Date of Patent: October 19, 2021
    Assignee: EMC IP Holding Company LLC
    Inventors: Sashka T. Davis, Martin Rosa
  • Patent number: 11036855
    Abstract: A method includes obtaining a given web page, parsing the given web page to identify one or more frame tags for one or more inline frames of the given web page, and extracting a set of features of a given inline frame from a given one of the identified frame tags in the given web page, the extracted set of features comprising one or more style features, one or more destination features and one or more context features of the given identified frame tag. The method also includes classifying the given inline frame as one of a malicious frame type and a benign frame type utilizing at least one model and at least a portion of the extracted set of features, and controlling access by one or more client devices associated with an enterprise to the given web page responsive to classifying the given inline frame as the malicious frame type.
    Type: Grant
    Filed: September 28, 2018
    Date of Patent: June 15, 2021
    Assignee: EMC IP Holding Company LLC
    Inventors: Zhou Li, Kevin Bowers, Martin Rosa, Raymond Carney, Ke Tian
  • Patent number: 11027704
    Abstract: Disclosed herein is a wiper blade assembly including: a contact member; an elastic member for supporting the contact member; a cover member for covering the elastic member; and a coupling cover to be fastened to the elastic member. The cover member includes: a spoiler; an extended plate extended from one end of the spoiler; a first coupling protrusion located in a first predetermined position of the extended plate; and a first coupling hole located in a second predetermined position of the extended plate adjacent to the first coupling protrusion. The coupling cover includes: a second coupling hole located in an inner space thereunder and receiving the first coupling protrusion of the cover member; and a second coupling protrusion located adjacent to the second coupling hole and inserted into the first coupling hole of the cover member. The cover member can be reliably fixed to the wiper blade assembly.
    Type: Grant
    Filed: March 23, 2018
    Date of Patent: June 8, 2021
    Assignees: CAP CORPORATION, ILLINOIS TOOL WORKS INC.
    Inventors: Sang Cheol Lee, Young Hun Lim, Subramaniam Shanmugham, Martin Rosas
  • Publication number: 20200351285
    Abstract: Methods, apparatus, and processor-readable storage media for evaluating cyber attacker behavior using machine learning to identify anomalies are provided herein. An example method includes obtaining, based on events associated with changes in one or more of a registry and a computer process, baseline models comprising a user context representing normal behavior for a first subset of features associated with the events with respect to a given user, an inverse context that represents normal behavior for at least one feature with respect to a particular value of one or more features in the first subset, and a global context representing a behavior of the features across the plurality of users; detecting a new event attributable to the given user; calculating a score for the new event using one or more of the baseline models; and determining that the new event is an anomaly in response to the score satisfying a threshold.
    Type: Application
    Filed: May 3, 2019
    Publication date: November 5, 2020
    Inventors: Guy Eisenkot, Martin Rosa, Lior Govrin, Yaron De Levie, Maria Oks, Miri Weissler, Barak Schoster, Shay Menaia, Yuval Shachak, Ana Paskal
  • Publication number: 20200242245
    Abstract: A method comprises detecting a plurality of floating code instances associated with one or more endpoint devices of a computer network, obtaining metadata of each of the floating code instances, and generating floating code signatures for respective ones of the floating code instances based at least in part on their respective metadata. The floating code signatures are utilized to categorize one or more of the floating code instances as at least potentially malicious floating code instances. A given one of the floating code instances illustratively comprises an executable code block dynamically allocated in a memory of a corresponding one of the endpoint devices and does not include any file structure counterpart. The metadata utilized to generate the floating code signature of a given one of the floating code instances illustratively comprises at least one of image hook metadata and thread metadata of the given floating code instance.
    Type: Application
    Filed: January 30, 2019
    Publication date: July 30, 2020
    Inventors: Martin Rosa, Etienne Boucher
  • Publication number: 20200218802
    Abstract: A method in an illustrative embodiment comprises receiving a plurality of indicators relating to an entity of a computer network, arranging the indicators in a plurality of categories of increasing risk, assigning weights to the indicators in the categories as a function of the number of categories and the number of indicators in each category, generating a risk score for the indicators based at least in part on the assigned weights, and initiating at least one automated action relating to the entity of the computer network based at least in part on the risk score. The risk score generation is configured such that a weighted contribution to the risk score of indicators in a relatively low one of the categories decreases as a number of indicators in a relatively high one of the categories increases. Similarly, a weighted contribution to the risk score of indicators in a relatively low one of the categories increases as a number of indicators in a relatively high one of the categories decreases.
    Type: Application
    Filed: January 8, 2019
    Publication date: July 9, 2020
    Inventors: Sashka T. Davis, Martin Rosa
  • Publication number: 20200104488
    Abstract: A method includes obtaining a given web page, parsing the given web page to identify one or more frame tags for one or more inline frames of the given web page, and extracting a set of features of a given inline frame from a given one of the identified frame tags in the given web page, the extracted set of features comprising one or more style features, one or more destination features and one or more context features of the given identified frame tag. The method also includes classifying the given inline frame as one of a malicious frame type and a benign frame type utilizing at least one model and at least a portion of the extracted set of features, and controlling access by one or more client devices associated with an enterprise to the given web page responsive to classifying the given inline frame as the malicious frame type.
    Type: Application
    Filed: September 28, 2018
    Publication date: April 2, 2020
    Inventors: Zhou Li, Kevin Bowers, Martin Rosa, Raymond Carney, Ke Tian
  • Patent number: 10437996
    Abstract: A method includes preparing a representation of data associated with a plurality of software modules, the representation comprising similarity-based hashing of signatures constructed from a first subset of features of the plurality of software modules. The method also includes performing a similarity-based query utilizing the similarity-based hashing of signatures to identify one or more of the plurality of software modules as candidate software modules matching a received seed software module. The method further includes computing distances between the candidate software modules and the seed software module utilizing a second subset of features of the plurality of software modules, classifying one or more of the candidate software modules as a designated type based on the computed distances, generating a notification comprising a list of the classified candidate software modules, and controlling access by one or more client devices associated with an enterprise to the candidate software modules in the list.
    Type: Grant
    Filed: July 24, 2017
    Date of Patent: October 8, 2019
    Assignee: EMC IP Holding Company LLC
    Inventors: Zhou Li, Martin Rosa, Zohar Duchin
  • Publication number: 20190135234
    Abstract: Disclosed herein is a wiper blade assembly including: a contact member; an elastic member for supporting the contact member; a cover member for covering the elastic member; and a coupling cover to be fastened to the elastic member. The cover member includes: a spoiler; an extended plate extended from one end of the spoiler; a first coupling protrusion located in a first predetermined position of the extended plate; and a first coupling hole located in a second predetermined position of the extended plate adjacent to the first coupling protrusion. The coupling cover includes: a second coupling hole located in an inner space thereunder and receiving the first coupling protrusion of the cover member; and a second coupling protrusion located adjacent to the second coupling hole and inserted into the first coupling hole of the cover member. The cover member can be reliably fixed to the wiper blade assembly.
    Type: Application
    Filed: March 23, 2018
    Publication date: May 9, 2019
    Applicants: CAP Corporation, Illinois Tool Works Inc.
    Inventors: Sang Cheol LEE, Young Hun LIM, Subramaniam SHANMUGHAM, Martin ROSAS
  • Patent number: 9998484
    Abstract: A method comprises obtaining at least a first software module not classified as benign or potentially malicious, extracting a set of features associated with the first software module including static, behavior and context features, computing distance metrics between the extracted feature set and feature sets of a plurality of clusters including one or more clusters of software modules previously classified as benign and exhibiting a first threshold level of similarity relative to one another and one or more clusters of software modules previously classified as potentially malicious and exhibiting a second threshold level of similarity relative to one another, classifying the first software module as belonging to a given cluster based at least in part on the computed distance metrics, and modifying access by a given client device to the first software module responsive to the given cluster being a cluster of software modules previously classified as potentially malicious.
    Type: Grant
    Filed: March 28, 2016
    Date of Patent: June 12, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Ahmet Buyukkayhan, Zhou Li, Alina M. Oprea, Martin Rosa
  • Patent number: 9690937
    Abstract: A computer-implemented technique provides rules for use in a malicious activity detection system. The technique involves performing evaluation operations on a plurality of malicious activity detection rules. The technique further involves ranking the plurality of malicious activity detection rules in an order based on results of the evaluation operations (e.g., sorting the rules systematically in an order based on measures such as precision, recall, correlation to other rules already in use, etc.). The technique further involves, based on the order of the plurality of malicious activity detection rules, providing a malicious activity detection rule report which recommends a set of malicious activity detection rules of the plurality of malicious activity detection rules for use in the malicious activity detection system.
    Type: Grant
    Filed: March 30, 2015
    Date of Patent: June 27, 2017
    Assignee: EMC IP Holding Company LLC
    Inventors: Zohar Duchin, Alon Kaufman, Alex Zaslavsky, Martin Rosa, Luan Nguyen