Patents by Inventor Mohamed Nabeel
Mohamed Nabeel has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240095361Abstract: An execution environment has been designed that detects likely data exfiltration by using taint tracking and abstract execution. The execution environment is instrumented to monitor for use of functions identified as having functionality for transferring data out of an execution environment. In addition, heuristics-based rules are defined to mark or “taint” objects (e.g., variables) that are likely targets for exfiltration. With taint tracking and control flow analysis, the execution environment tracks the tainted objects through multiple execution paths of a code sample. After comprehensive code coverage, logged use of the monitored functions are examined to determine whether any tainted objects were passed to the monitored functions. If so, the logged use will indicate a destination or sink for the tainted source. Each tainted source-sink association can be examined to verify whether the exfiltration was malicious.Type: ApplicationFiled: November 20, 2023Publication date: March 21, 2024Inventors: William Russell Melicher, Mohamed Yoosuf Mohamed Nabeel, Oleksii Starov
-
Patent number: 11784953Abstract: The present disclosure provides new and innovative systems and methods for filtering encrypted messages. In an example, a computer-implemented method includes obtaining a message, determining sender profiling features of the message, determining enterprise graph features of the message, determining header features of the message, determining a message flag based on the sender profiling features, the enterprise graph features, and the header features, and processing the message based on the message flag.Type: GrantFiled: January 30, 2023Date of Patent: October 10, 2023Assignees: QATAR FOUNDATION FOR EDUCATION, SCIENCE AND COMMUNITY DEVELOPMENT, STEVENS INSTITUTE OF TECHNOLOGYInventors: Mohamed Nabeel, Issa Khalil, Ting Yu, Haipei Sun, Hui Wang
-
Publication number: 20230205884Abstract: Generating high-quality threat intelligence from aggregated threat reports is provided via developing a generative model that identifies relationships between a plurality of threat assessment scanners; pre-training a plurality of individual encoders based on a corresponding plurality of pretext tasks and the generative model; combining the individual encoders into a pre-trained encoder; fine-tuning the pre-trained encoder using threat data; and marking a candidate threat, as evaluated via the pre-trained encoder as fine-tuned, as one of benign or malicious.Type: ApplicationFiled: December 22, 2022Publication date: June 29, 2023Inventors: Mohamed Nabeel, Saravanan Thirumuruganathan, Euijin Choo, Issa M. Khalil, Ting Yu
-
Publication number: 20230171214Abstract: The present disclosure provides new and innovative systems and methods for filtering encrypted messages. In an example, a computer-implemented method includes obtaining a message, determining sender profiling features of the message, determining enterprise graph features of the message, determining header features of the message, determining a message flag based on the sender profiling features, the enterprise graph features, and the header features, and processing the message based on the message flag.Type: ApplicationFiled: January 30, 2023Publication date: June 1, 2023Inventors: Mohamed Nabeel, Issa Khalil, Ting Yu, Haipei Sun, Hui Wang
-
Patent number: 11570132Abstract: The present disclosure provides new and innovative systems and methods for filtering encrypted messages. In an example, a computer-implemented method includes obtaining a message, determining sender profiling features of the message, determining enterprise graph features of the message, determining header features of the message, determining a message flag based on the sender profiling features, the enterprise graph features, and the header features, and processing the message based on the message flag.Type: GrantFiled: September 30, 2021Date of Patent: January 31, 2023Assignees: QATAR FOUNDATION FOREDUCATION, SCIENCE AND COMMUNITY DEVELOPMENT, STEVENS INSTITUTE OF TECHNOLOGYInventors: Mohamed Nabeel, Issa Khalil, Ting Yu, Haipei Sun, Hui Wang
-
Patent number: 11546377Abstract: The main objective of Certificate Transparency (CT) is to detect mis-issued certificates or rouge certificate authorities. It has been observed that phishing sites have been increasingly acquiring certificates to look more legitimate and reach more victims, thus providing an opportunity to predict phishing domains early. The present disclosure provides systems and methods for early detection of phishing and benign domain traces in CT logs. The provided system may predict phishing domains early even before content is available via time-, issuer-, and certificate-based characteristics that are used to identify sets of CT-based inexpensive and novel features. The CT-features are augmented with other features including passive DNS (pDNS) and domain-based lexical features.Type: GrantFiled: April 13, 2021Date of Patent: January 3, 2023Assignee: QATAR FOUNDATION FOR EDUCATION, SCIENCE AND COMMUNITY DEVELOPMENTInventors: Yazan Boshmaf, Mashael Al Sabah, Mohamed Nabeel
-
Publication number: 20220201036Abstract: The present application provides a system for detecting brand squatting domains with a three-stage detection pipeline having three different classifiers. The provided system helps predict whether an unknown domain will be malicious. The first classifier detects abusive brand squatting domains, such as those that impersonate exact popular brand names, as soon as the domains are registered. The second classifier detects abusive brand squatting domains when hosting information becomes available, in combination with the information available for the first classifier. The third classifier detects abusive brand squatting domains when certificate information associated with domains is available, in combination with the information available for the first and second classifiers. The performance of each classifier improves from the first to the second to the third with the first classifier making determinations with the least information and the third classifier making determinations with the most information.Type: ApplicationFiled: December 22, 2021Publication date: June 23, 2022Inventors: Mohamed Nabeel, Issa M. Khalil, Ting Yu
-
Publication number: 20220116782Abstract: A system is provided for identifying compromised mobile devices from a network administrator's point of view. The provided system utilizes a graph-based inference approach that leverages an assumed correlation that devices sharing a similar set of installed applications will have a similar probability of being compromised. Stated differently, the provided system determines whether a given unknown device is compromised or not by analyzing its connections to known devices. Such connections are generated from a small set of known compromised mobile devices and the network traffic data of mobile devices collected by a service provider or network administrator. The proposed system is accordingly able to reliably detect unknown compromised devices without relying on device-specific features.Type: ApplicationFiled: October 6, 2021Publication date: April 14, 2022Inventors: Mashael Al Sabah, Mohamed Nabeel, Euijin Choo, Issa M Khalil, Ting Yu, Wei Wang
-
Publication number: 20220103498Abstract: The present disclosure provides new and innovative systems and methods for filtering encrypted messages. In an example, a computer-implemented method includes obtaining a message, determining sender profiling features of the message, determining enterprise graph features of the message, determining header features of the message, determining a message flag based on the sender profiling features, the enterprise graph features, and the header features, and processing the message based on the message flag.Type: ApplicationFiled: September 30, 2021Publication date: March 31, 2022Inventors: Mohamed Nabeel, Issa Khalil, Ting Yu, Haipei Sun, Hui Wang
-
Patent number: 11206275Abstract: The presently disclosed method and system exploits information and traces contained in DNS data to determine the maliciousness of a domain based on the relationship it has with other domains. A method may comprise providing data to a machine learning module that was previously trained on domain and IP address attributes or classifiers. The method then may comprise classifying apex domains and IP addresses based on the IP address and domain attributes or classifiers. Additionally, the method may comprise associated each of the domains and IP addresses based on the corresponding classification. The method may further comprise building a weighted domain graph at real-time utilizing the DNS data based on the aforementioned associations among domains. The method may then comprise assessing the maliciousness of a domain based on the weighted domain graph that was built.Type: GrantFiled: May 30, 2019Date of Patent: December 21, 2021Assignee: QATAR FOUNDATION FOR EDUCATION, SCIENCE AND COMMUNITY DEVELOPMENTInventors: Mohamed Nabeel, Issa M. Khalil, Ting Yu, Euijin Choo
-
Publication number: 20210320946Abstract: The main objective of Certificate Transparency (CT) is to detect mis-issued certificates or rouge certificate authorities. It has been observed that phishing sites have been increasingly acquiring certificates to look more legitimate and reach more victims, thus providing an opportunity to predict phishing domains early. The present disclosure provides systems and methods for early detection of phishing and benign domain traces in CT logs. The provided system may predict phishing domains early even before content is available via time-, issuer-, and certificate-based characteristics that are used to identify sets of CT-based inexpensive and novel features. The CT-features are augmented with other features including passive DNS (pDNS) and domain-based lexical features.Type: ApplicationFiled: April 13, 2021Publication date: October 14, 2021Inventors: Yazan Boshmaf, Mashael Al Sabah, Mohamed Nabeel
-
Publication number: 20200382533Abstract: The presently disclosed method and system exploits information and traces contained in DNS data to determine the maliciousness of a domain based on the relationship it has with other domains. A method may comprise providing data to a machine learning module that was previously trained on domain and IP address attributes or classifiers. The method then may comprise classifying apex domains and IP addresses based on the IP address and domain attributes or classifiers. Additionally, the method may comprise associated each of the domains and IP addresses based on the corresponding classification. The method may further comprise building a weighted domain graph at real-time utilizing the DNS data based on the aforementioned associations among domains. The method may then comprise assessing the maliciousness of a domain based on the weighted domain graph that was built.Type: ApplicationFiled: May 30, 2019Publication date: December 3, 2020Inventors: Mohamed Nabeel, Issa M. Khalil, Ting Yu, Eui J. Choo
-
Patent number: 9680649Abstract: Methods of providing policy based access to master keys, enabling keys to be distributed to groups of users in a secure manner while minimizing disruptions to the user in the event of changes to group membership or changes to user attributes. User attributes are identified. Policies are rewritten in terms of user attributes. New unique user attribute keys are generated for each attribute for each user. An access tree is constructed with user attribute keys as leaf nodes and Boolean algebra operations as internal nodes. Shamir polynomials are used for AND nodes, and broadcast polynomials are used for OR nodes. Master keys are accessible by traversing the access tree from the leaf nodes to the root node constructing the polynomials attached to all the nodes along the access path.Type: GrantFiled: March 19, 2015Date of Patent: June 13, 2017Assignee: Oracle International CorporationInventor: Mohamed Nabeel
-
Publication number: 20160277187Abstract: Methods of providing policy based access to master keys, enabling keys to be distributed to groups of users in a secure manner while minimizing disruptions to the user in the event of changes to group membership or changes to user attributes. User attributes are identified. Policies are rewritten in terms of user attributes. New unique user attribute keys are generated for each attribute for each user. An access tree is constructed with user attribute keys as leaf nodes and Boolean algebra operations as internal nodes. Shamir polynomials are used for AND nodes, and broadcast polynomials are used for OR nodes. Master keys are accessible by traversing the access tree from the leaf nodes to the root node constructing the polynomials attached to all the nodes along the access path.Type: ApplicationFiled: March 19, 2015Publication date: September 22, 2016Inventor: Mohamed Nabeel
-
Patent number: 9002007Abstract: A method and apparatus are disclosed herein for classification. In one embodiment, the method comprises performing tree-based classification of a user input by a classifier with a classification tree at a first location, including exchanging data with a second location, different from the first location, to obtain the user input and provide results of classification to a user using singly homomorphic encryption so that the user input is not revealed to the classifier, the classification tree is not revealed to the user and the classifier's output is not revealed to the classifier.Type: GrantFiled: February 3, 2011Date of Patent: April 7, 2015Assignee: Ricoh Co., Ltd.Inventors: Mohamed Nabeel, David G. Stork
-
Publication number: 20120201378Abstract: A method and apparatus are disclosed herein for classification. In one embodiment, the method comprises performing tree-based classification of a user input by a classifier with a classification tree at a first location, including exchanging data with a second location, different from the first location, to obtain the user input and provide results of classification to a user using singly homomorphic encryption so that the user input is not revealed to the classifier, the classification tree is not revealed to the user and the classifier's output is not revealed to the classifier.Type: ApplicationFiled: February 3, 2011Publication date: August 9, 2012Inventors: Mohamed Nabeel, David G. Stork