Patents by Inventor Mihai Costea
Mihai Costea has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11902299Abstract: Methods, systems, and computer storage media for providing a multi-attribute cluster-identifier that supports identifying malicious activity in computing environments. An instance of an activity having an attribute set can be assessed. The attribute set of the instance of the activity is analyzed to determine whether the instance of the activity is a malicious activity. The attribute set of the instance of the activity is compared to a plurality of multi-attribute cluster-identifiers of previous instances of the activity, such that, a determination that the instance of the activity is a malicious activity is made when the attribute set of the instance of the activity corresponds to an identified multi-attribute cluster-identifier. The identified multi-attribute cluster-identifier has a risk score and an attribute set that indicate a likelihood that the instance of the activity is a malicious activity. A visualization that identifies the instance of the activity as a malicious activity is generated.Type: GrantFiled: November 3, 2020Date of Patent: February 13, 2024Assignee: Microsoft Technology Licensing, LLCInventors: Mihai Costea, Michael Abraham Betser, Ravi Kiran Reddy Poluri, Hua Ding, Weisheng Li, Phanindra Pampati, David Nicholas Yost
-
Patent number: 11057334Abstract: Message management and classification techniques are described. In one or more implementations, a message received from a sender for delivery via a user account is examined to extract one or more features of the message. A determination is then made as to whether the message corresponds to one or more categories based on the extracted features, the categories usable to enable features to be applied to the message in a user interface.Type: GrantFiled: February 18, 2016Date of Patent: July 6, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Paul M. Midgen, Vasantha K. Vemula, Krishna Vitaldevara, Jason D. Walter, Eliot C. Gillum, Mihai Costea, Douglas J. Hines, Wei Jiang, Malcolm H. Davis, Samuel J. L. Albert, Michael James Ahiakpor
-
Publication number: 20210136089Abstract: Methods, systems, and computer storage media for providing a multi-attribute cluster-identifier that supports identifying malicious activity in computing environments. An instance of an activity having an attribute set can be assessed. The attribute set of the instance of the activity is analyzed to determine whether the instance of the activity is a malicious activity. The attribute set of the instance of the activity is compared to a plurality of multi-attribute cluster-identifiers of previous instances of the activity, such that, a determination that the instance of the activity is a malicious activity is made when the attribute set of the instance of the activity corresponds to an identified multi-attribute cluster-identifier. The identified multi-attribute cluster-identifier has a risk score and an attribute set that indicate a likelihood that the instance of the activity is a malicious activity. A visualization that identifies the instance of the activity as a malicious activity is generated.Type: ApplicationFiled: November 3, 2020Publication date: May 6, 2021Inventors: Mihai COSTEA, Michael Abraham BETSER, Ravi Kiran Reddy POLURI, Hua DING, Weisheng LI, Phanindra PAMPATI, David Nicholas YOST
-
Patent number: 10699011Abstract: A system and method for efficiently determining that a received file is not malware is presented. In operation, when a file is received at a computing device, an evaluation is made as to whether the file includes user-modifiable, or superficial, data areas, i.e., areas of the file that by their nature do not typically carry or embed malware. If the file includes superficial data areas, those superficial data areas are filtered out and a file signature is generated based on the remaining portions of the received file. The file can then be compared to a list of know malware to determine if the file is malware. Alternatively, the file can be compared to a list of known, trusted files to determine whether the file is trustworthy.Type: GrantFiled: June 28, 2018Date of Patent: June 30, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Mihai Costea, Scott Field, Damodharan Ulagaratchagan
-
Publication number: 20180307836Abstract: A system and method for efficiently determining that a received file is not malware is presented. In operation, when a file is received at a computing device, an evaluation is made as to whether the file includes user-modifiable, or superficial, data areas, i.e., areas of the file that by their nature do not typically carry or embed malware. If the file includes superficial data areas, those superficial data areas are filtered out and a file signature is generated based on the remaining portions of the received file. The file can then be compared to a list of know malware to determine if the file is malware. Alternatively, the file can be compared to a list of known, trusted files to determine whether the file is trustworthy.Type: ApplicationFiled: June 28, 2018Publication date: October 25, 2018Inventors: Mihai COSTEA, Scott FIELD, Damodharan ULAGARATCHAGAN
-
Patent number: 10043008Abstract: A system and method for efficiently determining that a received file is not malware is presented. In operation, when a file is received at a computing device, an evaluation is made as to whether the file includes user-modifiable, or superficial, data areas, i.e., areas of the file that by their nature do not typically carry or embed malware. If the file includes superficial data areas, those superficial data areas are filtered out and a file signature is generated based on the remaining portions of the received file. The file can then be compared to a list of know malware to determine if the file is malware. Alternatively, the file can be compared to a list of known, trusted files to determine whether the file is trustworthy.Type: GrantFiled: October 29, 2004Date of Patent: August 7, 2018Assignee: Microsoft Technology Licensing, LLCInventors: Mihai Costea, Scott Field, Damodharan Ulagaratchagan
-
Publication number: 20160173434Abstract: Message management and classification techniques are described. In one or more implementations, a message received from a sender for delivery via a user account is examined to extract one or more features of the message. A determination is then made as to whether the message corresponds to one or more categories based on the extracted features, the categories usable to enable features to be applied to the message in a user interface.Type: ApplicationFiled: February 18, 2016Publication date: June 16, 2016Inventors: Paul M. Midgen, Vasantha K. Vemula, Krishna Vitaldevara, Jason D. Walter, Eliot C. Gillum, Mihai Costea, Douglas J. Hines, Wei Jiang, Malcolm H. Davis, Samuel J. L. Albert, Michael James Ahiakpor
-
Patent number: 9292600Abstract: Message management and classification techniques are described. In one or more implementations, a message received from a sender for delivery via a user account is examined to extract one or more features of the message. A determination is then made as to whether the message corresponds to one or more categories based on the extracted features, the categories usable to enable features to be applied to the message in a user interface.Type: GrantFiled: September 30, 2011Date of Patent: March 22, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Paul M. Midgen, Vasantha K. Vemula, Krishna Vitaldevara, Jason D. Walter, Eliot C. Gillum, Mihai Costea, Douglas J. Hines, Wei Jiang, Malcolm H. Davis, Samuel J. L. Albert, Michael James Ahiakpor
-
Publication number: 20150358353Abstract: Systems, methods, and software are disclosed herein that enhance selective wipe technology and operations. In an implementation, an application initiates a request to authenticate a user with respect to the application. In some scenarios, the application receives a response to the request that includes a selective wipe instruction. Then the application receives such a response, the application selectively wipes data associated with the application.Type: ApplicationFiled: October 30, 2014Publication date: December 10, 2015Inventors: Mihai Costea, Mahesh K. Unnikrishnan, Uday S. Hegde
-
Patent number: 9043869Abstract: Techniques for aggregating a knowledge base of a plurality of security services or other event collection systems to protect a computer from malware are provided. In embodiments, a computer is protected from malware by using anti-malware services or other event collection systems to observe suspicious events that are potentially indicative of malware. A determination is made as to whether a combination of the suspicious events is indicative of malware. If the combination of suspicious events is indicative of malware, a restrictive security policy designed to prevent the spread of malware is implemented.Type: GrantFiled: August 14, 2013Date of Patent: May 26, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Anil Francis Thomas, Michael Kramer, Mihai Costea, Efim Hudis, Pradeep Bahl, Rajesh K. Dadhia, Yigal Edery
-
Patent number: 8966620Abstract: Campaign detection techniques are described. In implementations, a signature is computed for each of a plurality of emails to be communicated by a service provider to respective intended recipients. A determination is made that two or more of the plurality of emails is similar based on the respective signatures. Responsive to a finding that a number of similar emails exceeds a threshold, an indication is output that the similar emails have a likelihood of being involved in a spam campaign.Type: GrantFiled: May 27, 2010Date of Patent: February 24, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Douglas J. Hines, Mihai Costea, Yuxiang Xu, Harsh S. Dangayach, Krishna Vitaldevara, Eliot C. Gillum, Jason D. Walter, Aleksander R. Kolcz
-
Publication number: 20130332988Abstract: Techniques for aggregating a knowledge base of a plurality of security services or other event collection systems to protect a computer from malware are provided. In embodiments, a computer is protected from malware by using anti-malware services or other event collection systems to observe suspicious events that are potentially indicative of malware. A determination is made as to whether a combination of the suspicious events is indicative of malware. If the combination of suspicious events is indicative of malware, a restrictive security policy designed to prevent the spread of malware is implemented.Type: ApplicationFiled: August 14, 2013Publication date: December 12, 2013Inventors: Anil Francis Thomas, Michael Kramer, Mihai Costea, Efim Hudis, Pradeep Bahl, Rajesh K. Dadhia, Yigal Edery
-
Patent number: 8566406Abstract: A perimeter network may be utilized to filter electronic mail messages destined for an internal network. A computer may be utilized to monitor an electronic mail mailbox for changes to a safe recipients list and/or a blocked senders list. The computer may further be utilized to automatically copy the safe recipients list and/or the blocked senders list to a network directory in the internal network. The computer may further be utilized to automatically send the safe recipients list and/or the blocked senders list to a network directory in the perimeter network for utilization by one or more agents executing on a computer in the perimeter network. The one or more agents may be configured to utilize the safe recipients list and/or the blocked senders list to filter electronic mail messages received by the perimeter network which are destined for delivery to the internal network.Type: GrantFiled: January 14, 2010Date of Patent: October 22, 2013Assignee: Microsoft CorporationInventors: Mayerber L. Carvalho Neto, Chandresh K. Jain, Mayank Mehta, Mihai Costea
-
Patent number: 8516583Abstract: In accordance with the present invention, a system, method, and computer-readable medium for aggregating the knowledge base of a plurality of security services or other event collection systems to protect a computer from malware is provided. One aspect of the present invention is a method that proactively protects a computer from malware by using anti-malware services or other event collection systems to observe suspicious events that are potentially indicative of malware; determining if the suspicious events satisfy a predetermined threshold; and if the suspicious events satisfy the predetermined threshold, implementing a restrictive security policy designed to prevent the spread of malware.Type: GrantFiled: March 31, 2005Date of Patent: August 20, 2013Assignee: Microsoft CorporationInventors: Anil Francis Thomas, Michael Kramer, Mihai Costea, Efim Hudis, Pradeep Bahl, Rajesh K Dadhia, Yigal Edery
-
Publication number: 20130086180Abstract: Message management and classification techniques are described. In one or more implementations, a message received from a sender for delivery via a user account is examined to extract one or more features of the message. A determination is then made as to whether the message corresponds to one or more categories based on the extracted features, the categories usable to enable features to be applied to the message in a user interface.Type: ApplicationFiled: September 30, 2011Publication date: April 4, 2013Inventors: Paul M. Midgen, Vasantha K. Vemula, Krishna Vitaldevara, Jason D. Walter, Eliot C. Gillum, Mihai Costea, Douglas J. Hines, Wei Jiang, Malcolm H. Davis, Samuel J. L. Albert, Michael James Ahiakpor
-
Publication number: 20130018965Abstract: One or more techniques and/or systems are provided for identifying abusive message objects (e.g., URLs, email addresses, etc.), abusive infrastructure components and/or abusive users of a message communication medium(s). In particular, abusive message objects may be identified by aggregating abuse reports to assign abuse values to message objects used within messages by reported users identified within the abuse reports. Abusive users may be identified based upon (e.g., unreported) users that have sent messages comprising message objects identified as abusive. Users may also be identified as abusive users based upon account usage patterns within the message communication medium(s) (e.g., a broadcast usage pattern where a user sends a large number of messages, but receives few responses). Additionally, infrastructure components associated with abusive users may be identified as abusive infrastructure components.Type: ApplicationFiled: July 12, 2011Publication date: January 17, 2013Applicant: Microsoft CorporationInventors: Aravind K. Ramachandran, Malcolm Hollis Davis, Mihai Costea
-
Publication number: 20120154434Abstract: Human interactive proofs that leverage virtual techniques are described. In one or more implementations, an object is inserted to be displayed as part of a virtual scene and the virtual scene having the object is exposed as a human interactive proof that includes a question that relates to the inserted object.Type: ApplicationFiled: December 21, 2010Publication date: June 21, 2012Applicant: Microsoft CorporationInventor: Mihai Costea
-
Patent number: 8166113Abstract: An electronic mail message (EMM) addressed to a distribution list of an enterprise is received at a server of the enterprise from a sending address outside of the enterprise. If the distribution list has no external addresses, then the EMM is blocked from being delivered to the distribution list. In an embodiment, if the distribution list has an external address and the sending address is identified in a safe sender list corresponding to the distribution list, then the EMM is delivered to the distribution list. In an embodiment, if the distribution list has an external address, the sending address is not in a safe sender list corresponding to the distribution list, and the content of the message is approved, then the EMM is delivered to the distribution list.Type: GrantFiled: August 2, 2006Date of Patent: April 24, 2012Assignee: Microsoft CorporationInventors: Mihai Costea, Konstantin Ryvkin, Malcolm E. Pearson, Roy Williams
-
Patent number: 8161557Abstract: In accordance with this invention, a system, method, and computer-readable medium that selectively scans files stored on a computing device for malware is provided. One aspect of the present invention includes identifying files that need to be scanned for malware when a software update that includes a malware signature is received. More specifically, attributes of the new malware are identified by searching metadata associated with the malware. Then, the method searches a scan cache and determines whether each file with an entry in the scan cache is the type that may be infected by the malware. If a file is the type that may be infected by the malware, the file is scanned for malware when a scanning event such as an I/O request occurs. Conversely, if the file is not the type that may be infected by the malware, the file may be accessed without a scan being performed.Type: GrantFiled: November 18, 2010Date of Patent: April 17, 2012Assignee: Microsoft CorporationInventors: Mihai Costea, Adrian M. Marinescu, Anil Francis Thomas
-
Publication number: 20110296524Abstract: Campaign detection techniques are described. In implementations, a signature is computed for each of a plurality of emails to be communicated by a service provider to respective intended recipients. A determination is made that two or more of the plurality of emails is similar based on the respective signatures. Responsive to a finding that a number of similar emails exceeds a threshold, an indication is output that the similar emails have a likelihood of being involved in a spam campaign.Type: ApplicationFiled: May 27, 2010Publication date: December 1, 2011Applicant: Microsoft CorporationInventors: Douglas J. Hines, Mihai Costea, Yuxiang Xu, Harsh S. Dangayach, Krishna Vitaldevara, Eliot C. Gillum, Jason D. Walter, Aleksander R. Kolcz