Patents by Inventor Matthew Wolff
Matthew Wolff has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11945609Abstract: An apparatus for controlling docking with a spacecraft includes at least one camera for generating at least one image pixel stream of the spacecraft. A field programmable gate array (FPGA) receives the at least one image pixel stream from the at least one camera. The FPGA texture processes the at least one pixel stream to generate at least one texture map for the at least one image pixel stream. A processor receives the at least one texture map from the FPGA and calculates texture map statistics responsive to the generated at least one texture map, generates thresholding results for the at least one pixel image stream responsive to the generated at least one texture map, determines a bus centroid of the spacecraft responsive to the generated thresholding results and outputs the determined bus centroid of the spacecraft. A docking controller controls docking of with the spacecraft responsive to the determined bus centroid of the spacecraft.Type: GrantFiled: August 16, 2023Date of Patent: April 2, 2024Assignee: FALCON EXODYNAMICS, INC.Inventors: Michael Klug, Joseph Vermeersch, Matthew Banfield, Adriel Bustamante, Jonathan Wolff
-
Patent number: 11928213Abstract: In one respect, there is provided a system for training a neural network adapted for classifying one or more scripts. The system may include at least one processor and at least one memory. The memory may include program code which when executed by the at least one memory provides operations including: receiving a disassembled binary file that includes a plurality of instructions; processing the disassembled binary file with a convolutional neural network configured to detect a presence of one or more sequences of instructions amongst the plurality of instructions and determine a classification for the disassembled binary file based at least in part on the presence of the one or more sequences of instructions; and providing, as an output, the classification of the disassembled binary file. Related computer-implemented methods are also disclosed.Type: GrantFiled: March 20, 2020Date of Patent: March 12, 2024Assignee: Cylance Inc.Inventors: Andrew Davis, Matthew Wolff, Derek A. Soeder, Glenn Chisholm, Ryan Permeh
-
Patent number: 11797826Abstract: A system is provided for classifying an instruction sequence with a machine learning model. The system may include at least one processor and at least one memory. The memory may include program code that provides operations when executed by the at least one processor. The operations may include: processing an instruction sequence with a trained machine learning model configured to detect one or more interdependencies amongst a plurality of tokens in the instruction sequence and determine a classification for the instruction sequence based on the one or more interdependencies amongst the plurality of tokens; and providing, as an output, the classification of the instruction sequence. Related methods and articles of manufacture, including computer program products, are also provided.Type: GrantFiled: December 18, 2020Date of Patent: October 24, 2023Assignee: Cylance Inc.Inventors: Xuan Zhao, Matthew Wolff, John Brock, Brian Wallace, Andy Wortman, Jian Luan, Mahdi Azarafrooz, Andrew Davis, Michael Wojnowicz, Derek Soeder, David Beveridge, Eric Petersen, Ming Jin, Ryan Permeh
-
Patent number: 11657317Abstract: Under one aspect, a computer-implemented method includes receiving a query at a query interface about whether a computer file comprises malicious code. It is determined, using at least one machine learning sub model corresponding to a type of the computer file, whether the computer file comprises malicious code. Data characterizing the determination are provided to the query interface. Generating the sub model includes receiving computer files at a collection interface. Multiple sub populations of the computer files are generated based on respective types of the computer files, and random training and testing sets are generated from each of the sub populations. At least one sub model for each random training set is generated.Type: GrantFiled: October 20, 2017Date of Patent: May 23, 2023Assignee: Cylance Inc.Inventors: Ryan Permeh, Stuart McClure, Matthew Wolff, Gary Golomb, Derek A. Soeder, Seagen Levites, Michael O'Dea, Gabriel Acevedo, Glenn Chisholm
-
Patent number: 11568185Abstract: Centroids are used for improving machine learning classification and information retrieval. A plurality of files are classified as malicious or not malicious based on a function dividing a coordinate space into at least a first portion and a second portion such that the first portion includes a first subset of the plurality of files classified as malicious. One or more first centroids are defined in the first portion that classify files from the first subset as not malicious. A file is determined to be malicious based on whether the file is located within the one or more first centroids.Type: GrantFiled: September 17, 2020Date of Patent: January 31, 2023Assignee: Cylance Inc.Inventors: Jian Luan, Matthew Wolff, Brian Michael Wallace
-
Patent number: 11556648Abstract: In some implementations there may be provided a system. The system may include a processor and a memory. The memory may include program code which causes operations when executed by the processor. The operations may include analyzing a series of events contained in received data. The series of events may include events that occur during the execution of a data object. The series of events may be analyzed to at least extract, from the series of events, subsequences of events. A machine learning model may determine a classification for the received data. The machine learning model may classify the received data based at least on whether the subsequences of events are malicious. The classification indicative of whether the received data is malicious may be provided. Related methods and articles of manufacture, including computer program products, are also disclosed.Type: GrantFiled: May 5, 2020Date of Patent: January 17, 2023Assignee: Cylance Inc.Inventors: Xuan Zhao, Aditya Kapoor, Matthew Wolff, Andrew Davis, Derek A. Soeder, Ryan Permeh
-
Patent number: 11501120Abstract: An artifact is received and features are extracted therefrom to form a feature vector. Thereafter, a determination is made to alter a malware processing workflow based on a distance of one or more features in the feature vector relative to one or more indicator centroids. Each indicator centroid specifying a threshold distance to trigger an action. Based on such a determination, the malware processing workflow is altered.Type: GrantFiled: February 20, 2020Date of Patent: November 15, 2022Assignee: Cylance Inc.Inventors: Eric Glen Petersen, Michael Alan Hohimer, Jian Luan, Matthew Wolff, Brian Michael Wallace
-
Patent number: 11283818Abstract: A system is provided for training a machine learning model to detect malicious container files. The system may include at least one processor and at least one memory. The memory may include program code which when executed by the at least one processor provides operations including: processing a container file with a trained machine learning model, wherein the trained machine learning is trained to determine a classification for the container file indicative of whether the container file includes at least one file rendering the container file malicious; and providing, as an output by the trained machine learning model, an indication of whether the container file includes the at least one file rendering the container file malicious. Related methods and articles of manufacture, including computer program products, are also disclosed.Type: GrantFiled: April 28, 2020Date of Patent: March 22, 2022Assignee: Cylance Inc.Inventors: Xuan Zhao, Matthew Wolff, John Brock, Brian Michael Wallace, Andy Wortman, Jian Luan, Mahdi Azarafrooz, Andrew Davis, Michael Thomas Wojnowicz, Derek A. Soeder, David N. Beveridge, Yaroslav Oliinyk, Ryan Permeh
-
Patent number: 11210394Abstract: In one respect, there is provided a system for training a neural network adapted for classifying one or more scripts. The system may include at least one processor and at least one memory. The memory may include program code that provides operations when executed by the at least one processor. The operations may include: reducing a dimensionality of a plurality of features representative of a file set; determining, based at least on a reduced dimensional representation of the file set, a distance between a file and the file set; and determining, based at least on the distance between the file and the file set, a classification for the file. Related methods and articles of manufacture, including computer program products, are also provided.Type: GrantFiled: October 23, 2019Date of Patent: December 28, 2021Assignee: Cylance Inc.Inventors: Michael Wojnowicz, Matthew Wolff, Aditya Kapoor
-
Patent number: 11204996Abstract: An endpoint computer system can harvest data relating to a plurality of events occurring within an operating environment of the endpoint computer system and can add the harvested data to a local data store maintained on the endpoint computer system. In some examples, the local data store can be an audit log and/or can include one or more tamper resistant features. Systems, methods, and computer program products are described.Type: GrantFiled: May 29, 2019Date of Patent: December 21, 2021Assignee: Cylance Inc.Inventors: Ryan Permeh, Matthew Wolff, Samuel John Oswald, Xuan Zhao, Mark Culley, Steve Polson
-
Patent number: 11204997Abstract: An endpoint computer system can harvest data relating to a plurality of events occurring within an operating environment of the endpoint computer system and can add the harvested data to a local data store maintained on the endpoint computer system. A query response can be generated, for example by identifying and retrieving responsive data from the local data store. The responsive data are related to an artifact on the endpoint computer system and/or to an event of the plurality of events. In some examples, the local data store can be an audit log and/or can include one or more tamper resistant features. Systems, methods, and computer program products are described.Type: GrantFiled: May 30, 2019Date of Patent: December 21, 2021Assignee: Cylance, Inc.Inventors: Ryan Permeh, Matthew Wolff, Samuel John Oswald, Xuan Zhao, Mark Culley, Steven Polson
-
Patent number: 11188646Abstract: In one respect, there is provided a system for training a machine learning model to detect malicious container files. The system may include at least one processor and at least one memory. The at least one memory may include program code that provides operations when executed by the at least one processor. The operations may include: training, based on a training data, a machine learning model to enable the machine learning model to determine whether at least one container file includes at least one file rendering the at least one container file malicious; and providing the trained machine learning model to enable the determination of whether the at least one container file includes at least one file rendering the at least one container file malicious. Related methods and articles of manufacture, including computer program products, are also disclosed.Type: GrantFiled: October 24, 2019Date of Patent: November 30, 2021Assignee: Cylance Inc.Inventors: Xuan Zhao, Matthew Wolff, John Brock, Brian Wallace, Andy Wortman, Jian Luan, Mahdi Azarafrooz, Andrew Davis, Michael Wojnowicz, Derek Soeder, David Beveridge, Yaroslav Oliinyk, Ryan Permeh
-
Patent number: 11182471Abstract: Determining, by a machine learning model in an isolated operating environment, whether a file is safe for processing by a primary operating environment. The file is provided, when the determining indicates the file is safe for processing, to the primary operating environment for processing by the primary operating environment. When the determining indicates the file is unsafe for processing, the file is prevented from being processed by the primary operating environment. The isolated operating environment can be maintained on an isolated computing system remote from a primary computing system maintaining the primary operating system. The isolating computing system and the primary operating system can communicate over a cloud network.Type: GrantFiled: February 1, 2018Date of Patent: November 23, 2021Assignee: Cylance Inc.Inventors: Ryan Permeh, Derek A. Soeder, Matthew Wolff, Ming Jin, Xuan Zhao
-
Patent number: 11126719Abstract: In one respect, there is provided a system for classifying malware. The system may include a data processor and a memory. The memory may include program code that provides operations when executed by the processor. The operations may include: providing, to a display, contextual information associated with a file to at least enable a classification of the file, when a malware classifier is unable to classify the file; receiving, in response to the providing of the contextual information, the classification of the file; and updating, based at least on the received classification of the file, the malware classifier to enable the malware classifier to classify the file. Methods and articles of manufacture, including computer program products, are also provided.Type: GrantFiled: May 31, 2019Date of Patent: September 21, 2021Assignee: Cylance Inc.Inventors: Matthew Maisel, Ryan Permeh, Matthew Wolff, Gabriel Acevedo, Andrew Davis, John Brock, Homer Valentine Strong, Michael Wojnowicz, Kevin Beets
-
Patent number: 11106790Abstract: In one aspect, a computer-implemented method is disclosed. The computer-implemented method may include determining a sketch matrix that approximates a matrix representative of a reference dataset. The reference dataset may include at least one computer program having a predetermined classification. A reduced dimension representation of the reference dataset may be generated based at least on the sketch matrix. The reduced dimension representation may have a fewer quantity of features than the reference dataset. A target computer program may be classified based on the reduced dimension representation. The target computer program may be classified to determine whether the target computer program is malicious. Related systems and articles of manufacture, including computer program products, are also disclosed.Type: GrantFiled: April 21, 2017Date of Patent: August 31, 2021Assignee: Cylance Inc.Inventors: Michael Wojnowicz, Dinh Huu Nguyen, Andrew Davis, Glenn Chisholm, Matthew Wolff
-
Publication number: 20210256350Abstract: A system is provided for classifying an instruction sequence with a machine learning model. The system may include at least one processor and at least one memory. The memory may include program code that provides operations when executed by the at least one processor. The operations may include: processing an instruction sequence with a trained machine learning model configured to detect one or more interdependencies amongst a plurality of tokens in the instruction sequence and determine a classification for the instruction sequence based on the one or more interdependencies amongst the plurality of tokens; and providing, as an output, the classification of the instruction sequence. Related methods and articles of manufacture, including computer program products, are also provided.Type: ApplicationFiled: December 18, 2020Publication date: August 19, 2021Inventors: Xuan Zhao, Matthew Wolff, John Brock, Brian Wallace, Andy Wortman, Jian Luan, Mahdi Azarafrooz, Andrew Davis, Michael Wojnowicz, Derek Soeder, David Beveridge, Eric Petersen, Ming Jin, Ryan Permeh
-
Patent number: 11074494Abstract: In one respect, there is provided a system for classifying an instruction sequence with a machine learning model. The system may include at least one processor and at least one memory. The memory may include program code that provides operations when executed by the at least one processor. The operations may include: processing an instruction sequence with a trained machine learning model configured to detect one or more interdependencies amongst a plurality of tokens in the instruction sequence and determine a classification for the instruction sequence based on the one or more interdependencies amongst the plurality of tokens; and providing, as an output, the classification of the instruction sequence. Related methods and articles of manufacture, including computer program products, are also provided.Type: GrantFiled: November 7, 2016Date of Patent: July 27, 2021Assignee: Cylance Inc.Inventors: Xuan Zhao, Matthew Wolff, John Brock, Brian Wallace, Andy Wortman, Jian Luan, Mahdi Azarafrooz, Andrew Davis, Michael Wojnowicz, Derek Soeder, David Beveridge, Eric Petersen, Ming Jin, Ryan Permeh
-
Patent number: 10922604Abstract: In one respect, there is provided a system for training a neural network adapted for classifying one or more instruction sequences. The system may include at least one processor and at least one memory. The memory may include program code which when executed by the at least one processor provides operations including: training, based at least on training data, a machine learning model to detect one or more predetermined interdependencies amongst a plurality of tokens in the training data; and providing the trained machine learning model to enable classification of one or more instruction sequences. Related methods and articles of manufacture, including computer program products, are also provided.Type: GrantFiled: November 7, 2016Date of Patent: February 16, 2021Assignee: Cylance Inc.Inventors: Xuan Zhao, Matthew Wolff, John Brock, Brian Wallace, Andy Wortman, Jian Luan, Mahdi Azarafrooz, Andrew Davis, Michael Wojnowicz, Derek Soeder, David Beveridge, Eric Petersen, Ming Jin, Ryan Permeh
-
Publication number: 20210004649Abstract: Centroids are used for improving machine learning classification and information retrieval. A plurality of files are classified as malicious or not malicious based on a function dividing a coordinate space into at least a first portion and a second portion such that the first portion includes a first subset of the plurality of files classified as malicious. One or more first centroids are defined in the first portion that classify files from the first subset as not malicious. A file is determined to be malicious based on whether the file is located within the one or more first centroids.Type: ApplicationFiled: September 17, 2020Publication date: January 7, 2021Inventors: Jian Luan, Matthew Wolff, Brian Michael Wallace
-
Patent number: 10885401Abstract: In one respect, there is provided a system for training a neural network adapted for classifying one or more scripts. The system may include at least one processor and at least one memory. The memory may include program code that provides operations when executed by the at least one memory. The operations may include: extracting, from an icon associated with a file, one or more features; assigning, based at least on the one or more features, the icon to one of a plurality of clusters; and generating, based at least on the cluster to which the icon is assigned, a classification for the file associated with the icon. Related methods and articles of manufacture, including computer program products, are also provided.Type: GrantFiled: May 31, 2019Date of Patent: January 5, 2021Assignee: Cylance Inc.Inventors: Matthew Wolff, Pedro Silva do Nascimento Neto, Xuan Zhao, John Brock, Jian Luan