Patents by Inventor Nayeem Islam

Nayeem Islam has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10333965
    Abstract: Methods, and computing devices implementing the methods, that enable client computing devises to work in conjunction with a server device to identify and temporarily defend against non-benign applications (e.g., malware, etc.) and other threats before a more permanent solution or defense (e.g., a patch or software upgrade) becomes available and installed on the client computing device. The server device may be configured to receive reports from the client computing devices, receive threat feeds from third-party servers (e.g., threat intelligence servers, etc.), and use information included in the received threat feed and information included in the received reports to analyze, in the server computing device, a software application that is operating on a client device in multiple passes. The server may generate threat scores (e.g., one for each pass, etc.), and the threat scores to the client computing device for use in devising a customized security response.
    Type: Grant
    Filed: September 12, 2016
    Date of Patent: June 25, 2019
    Assignee: QUALCOMM Incorporated
    Inventors: Sudha Anil Kumar Gathala, Saumitra Mohan Das, Nayeem Islam, Dallas James Wiener, Hugo Romero, Harold Gilkey, Giridhar Mandyam
  • Patent number: 10255434
    Abstract: Various embodiments include methods for detecting software attacks on a process executing on a computing device. Various embodiment methods may include monitoring structural attributes of a plurality of virtual memory regions utilized by the process, and comparing the monitored structural attributes to the expected structural attributes of the plurality of VMRs. Various embodiment methods may further include determining whether the monitored structural attributes represent anomalous behavior of the process based on the comparison between the monitored structural attributes and the expected structural attributes.
    Type: Grant
    Filed: March 1, 2016
    Date of Patent: April 9, 2019
    Assignee: QUALCOMM Incorporated
    Inventors: Sudha Anil Kumar Gathala, Rajarshi Gupta, Nayeem Islam
  • Patent number: 10101196
    Abstract: Apparatuses and methods are described herein for identifying a Unmanned Aerial Vehicle (UAV), including, but not limited to, determining a first maneuver type, determining a first acoustic signature of sound captured by a plurality of audio sensors while the UAV performs the first maneuver type, determining a second acoustic signature of sound captured by the plurality of audio sensors while the UAV performs a second maneuver type different from the first maneuver type, determining an acoustic signature delta based on the first acoustic signature and the second acoustic signature, and determining an identity of the UAV based on the acoustic signature delta.
    Type: Grant
    Filed: February 17, 2016
    Date of Patent: October 16, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Ayman Naguib, Nayeem Islam
  • Patent number: 10049327
    Abstract: Methods, devices, systems, and non-transitory process-readable storage media for a computing device to use machine learning to dynamically configure an application and/or complex algorithms associated with the application. An aspect method performed by a processor of the computing device may include operations for performing an application that calls a library function associated with a complex algorithm, obtaining signals indicating user responses to performance of the application, determining whether a user tolerates the performance of the application based on the obtained signals indicating the user responses, adjusting a configuration of the application to improve a subsequent performance of the application in response to determining the user does not tolerate the performance of the application, and storing data indicating the user responses to the performance of the application and other external variables for use in subsequent evaluations of user inputs.
    Type: Grant
    Filed: April 7, 2015
    Date of Patent: August 14, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Faraz Mohammad Mirzaei, Vinay Sridhara, Nayeem Islam
  • Publication number: 20180203996
    Abstract: Various embodiments include systems, methods and devices for reducing the burden on mobile devices of memory data collection for memory forensics. Various embodiments may include monitoring for changes sections or portions of memory within the computing device that been identified by a network device based on a prior memory snapshot. When changes are detected, the computing device may determine whether data changes in the monitored sections or portions of memory satisfy a criterion for transmitting an incremental snapshot of memory. Such criteria may be defined in information received from the network device. When the criteria are satisfied, the computing device may transmit an incremental memory snapshot to the network device. The computing device may transmit to the network device results of analysis of the data changes observed in the memory. Various embodiments may be performed in a secure environment or in a memory collection processor within the computing device.
    Type: Application
    Filed: January 17, 2017
    Publication date: July 19, 2018
    Inventors: Sudha Anil Kumar Gathala, Mastooreh Salajegheh, Saumitra Mohan Das, Nayeem Islam
  • Publication number: 20180198812
    Abstract: Various embodiments provide methods, devices, and non-transitory processor-readable storage media for detecting anomalies in network traffic patterns with a network device by analyzing patterns in network traffic packets traversing the network. Various embodiments include clustering received network traffic packets into groups. The network device receives data packets originating from an endpoint device and analyzes the packets for patterns. The network device may apply a traffic analysis model to the clusters to obtain context classes. The network device may select a behavior classifier model based, at least in part, on the determined context class, and may apply the selected behavior classifier model to determine whether the packet behavior is benign or non-benign.
    Type: Application
    Filed: January 11, 2017
    Publication date: July 12, 2018
    Inventors: Mihai Christodorescu, Shuhua Ge, Nayeem Islam, Hilmi Gunes Kayacik
  • Patent number: 10019569
    Abstract: Methods, devices, and non-transitory storage media for dynamic patching of diversity-based software executing on a computing device. One of many variations of various module utilized by software may be selected from a list of available module variations to be used when software is executed. An embodiment method for updating software may include obtaining or receiving a notification indicating a particular module variation that should not be used as a module for the software, and removing the module variation from the list of available module variations for the module in response to the notification. In some embodiments, the notification may be received by the mobile device from a remote server, and further the notification does not include data capable of being used as a module by the software during runtime. In some embodiments, the module variation may be one of flawed, outdated, and identified as exploited by malware.
    Type: Grant
    Filed: June 27, 2014
    Date of Patent: July 10, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Nayeem Islam, Rajarshi Gupta
  • Patent number: 9984231
    Abstract: Various embodiments include methods implemented on a computing device for analyzing a program executing within a virtual environment on the computing device. The methods may include determining whether the program is attempting to detect whether it is being executed within the virtual environment, and analyzing the program within a protected mode of the computing device in response to determining that the program is attempting to detect whether it is being executed within the virtual environment.
    Type: Grant
    Filed: November 11, 2015
    Date of Patent: May 29, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Mastooreh Salajegheh, Rajarshi Gupta, Nayeem Islam
  • Publication number: 20180131705
    Abstract: Embodiments provide methods of protecting computing devices from malicious activity. A processor of a network device may receive a first network traffic flow of a monitoring computing device and a malicious activity tag identifying a malicious behavior of the first network traffic flow. The processor may determine a characteristic of the first network traffic flow based at least in part on information in the first network traffic flow and the malicious activity tag. The processor may receive a second network traffic flow from a non-monitoring computing device, and may associate the malicious activity tag and the second network traffic flow based on a characteristic of the second network traffic flow based at least in part on information in the second network traffic flow and the characteristic of the first network traffic flow.
    Type: Application
    Filed: February 9, 2017
    Publication date: May 10, 2018
    Inventors: Ramin Samadani, Yin Chen, Keen Yuun Sung, Nayeem Islam
  • Publication number: 20180124080
    Abstract: Various embodiments include methods of protecting a computing device within a network from malware or other non-benign behaviors. A computing device may monitor inputs and outputs to a server, derive a functional specification from the monitored inputs and outputs, and use the functional specification for anomaly detection. Use of the derived functional specification for anomaly detection may include determining whether a behavior, activity, web application, process or software application program is non-benign. The computing device may be the server, and the functional specification may be used to determine whether the server is under attack.
    Type: Application
    Filed: March 10, 2017
    Publication date: May 3, 2018
    Inventors: Mihai Christodorescu, Nayeem Islam, Arun Raman, Shuhua Ge
  • Publication number: 20180107823
    Abstract: Embodiments include computing devices and methods implemented by computing devices for using programmable hardware security counters for detecting malicious behavior. Various embodiments may include tracking the value of hardware instruction pointers, such as pointers tracking the memory address of each executing instruction. The computing device may identify a start and end of contiguous instruction segments using the tracked instruction pointer. For example, the computing device may analyze changes in value of the instruction pointer to detect “jumps” or large changes in the memory address of executing instructions. Based, at least in part, on the identified instruction segments, the computing device may determine whether the instruction segments represent malicious behavior. If the instruction segments represent malicious behavior, the computing device may terminate the requesting software application.
    Type: Application
    Filed: February 14, 2017
    Publication date: April 19, 2018
    Inventors: Ramin Samadani, Yin Chen, Joel Galenson, Nayeem Islam
  • Publication number: 20180077195
    Abstract: Methods, and computing devices implementing the methods, that enable client computing devises to work in conjunction with a server device to identify and temporarily defend against non-benign applications (e.g., malware, etc.) and other threats before a more permanent solution or defense (e.g., a patch or software upgrade) becomes available and installed on the client computing device. The server device may be configured to receive reports from the client computing devices, receive threat feeds from third-party servers (e.g., threat intelligence servers, etc.), and use information included in the received threat feed and information included in the received reports to analyze, in the server computing device, a software application that is operating on a client device in multiple passes. The server may generate threat scores (e.g., one for each pass, etc.), and the threat scores to the client computing device for use in devising a customized security response.
    Type: Application
    Filed: September 12, 2016
    Publication date: March 15, 2018
    Inventors: Sudha Anil Kumar Gathala, Saumitra Mohan Das, Nayeem Islam, Dallas James Wiener, Hugo Romero, Harold Gilkey, Giridhar Mandyam
  • Publication number: 20180077188
    Abstract: Methods, and computing devices implementing the methods, that enable client computing devises to work in conjunction with a server device to identify and temporarily defend against non-benign applications (e.g., malware, etc.) and other threats before a more permanent solution or defense (e.g., a patch or software upgrade) becomes available and installed on the client computing device. The server device may be configured to receive reports from the client computing devices, receive threat feeds from a third-party server (e.g., threat intelligence servers, etc.), and use information included in the received threat feed and information included in the received reports to analyze, in the server computing device, a software application that is operating on a client device in multiple passes. The server may generate one or more threat scores and send the one or more threat scores to the client computing device for use in devising a customized security response.
    Type: Application
    Filed: September 12, 2016
    Publication date: March 15, 2018
    Inventors: Giridhar Mandyam, Sudha Anil Kumar Gathala, Saumitra Mohan Das, Nayeem Islam, Dallas James Wiener, Hugo Romero, Harold Gilkey
  • Patent number: 9912695
    Abstract: Techniques for operating a security system are provided. An example method for operating a security system according to the disclosure includes monitoring interactions of an unauthorized party with a computing environment configured to simulate the server, generating synthetic content based on the unauthorized party's interactions with the computing environment, and configuring the security system to permit the unauthorized party to access the synthetic content responsive to the unauthorized party's interactions with the security system.
    Type: Grant
    Filed: April 6, 2017
    Date of Patent: March 6, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Hui Chao, Nayeem Islam, Seyed Ali Ahmadzadeh
  • Publication number: 20180063179
    Abstract: Various embodiments include methods and a memory data collection processor for performing online memory data collection for memory forensics. Various embodiments may include determining whether an operating system executing in a computing device is trustworthy. In response to determining that the operating system is not trustworthy, the memory data collection processor may collect memory data directly from volatile memory. Otherwise, the operating system to collect memory data from volatile memory. Memory data may be collected at a variable memory data collection rate determined by the memory data collection processor. The memory data collection rate may depend upon whether an available power level of the computing device exceeds a threshold power level, whether an activity state of the processor of the computing device equals a sleep state whether a security risk exists on the computing device, and whether a volume of memory traffic in the volatile memory exceeds a threshold volume.
    Type: Application
    Filed: August 26, 2016
    Publication date: March 1, 2018
    Inventors: Mastooreh Salajegheh, Sudha Anil Kumar Gathala, Saumitra Mohan Das, Nayeem Islam
  • Publication number: 20180054449
    Abstract: A network and its devices may be protected from non-benign behavior, malware, and cyber attacks by configuring a server computing device to work in conjunction with a multitude of client computing devices in the network. The server computing device may be configured to receive data that was collected from independent executions of different instances of the same software application on different client computing devices. The server computing device may combine the received data, and use the combined data to identify unexplored code space or potential code paths for evaluation. The server computing device may then exercise the software application through the identified unexplored code space or identified potential code paths in a client computing device emulator to generate analysis results, and use the generated analysis results to determine whether the software application is non-benign.
    Type: Application
    Filed: August 18, 2016
    Publication date: February 22, 2018
    Inventors: Sriram Nandha Premnath, Yin Chen, Saumitra Mohan Das, Nayeem Islam
  • Publication number: 20180020024
    Abstract: Various embodiments include methods for protecting a web application server from non-benign web application usage. Embodiment methods may include receiving from a client device a service request message that includes information suitable for causing a web application operating on the web application server to perform one or more operations. In response, a processor, such as within the web application server or another network device, may analyze usage of the web application by the client device via a combination of a honeypot component, a sandboxed detonator component, and a Web Application Firewall (WAF) component. Analysis results may be generated by analyzing the received service request message or a server response message sent by the web application server. The analysis results may be used to identify non-benign web application usage. Actions may be taken to protect the web application server and/or the client device from the identified non-benign web application usage.
    Type: Application
    Filed: January 27, 2017
    Publication date: January 18, 2018
    Inventors: Hui Chao, Nayeem Islam, Gheorghe Calin Cascaval
  • Publication number: 20170277903
    Abstract: Embodiments include computing devices, systems, and methods for protecting data using virtual views of resource contents. A virtualization interface monitor may monitor a request to access a computing device resource by a first requesting entity and determine whether the first requesting entity is an owner of the computing device resource. A data protection system may provide, to the first requesting entity, an unobscured virtual view of resource contents of the computing device resource in response to determining that the first requesting entity is the owner of the computing device resource. A resource content cryptographic device may obscure a virtual view of the resource contents of the computing device resource in response to determining that the first requesting entity is a non-owner of the computing device resource. The data protection system may provide, to the first requesting entity, the obscured virtual view of resource contents of the computing device resource.
    Type: Application
    Filed: March 22, 2016
    Publication date: September 28, 2017
    Inventors: Mihai Christodorescu, Dinakar Dhurjati, Nayeem Islam
  • Publication number: 20170234724
    Abstract: Apparatuses and methods are described herein for identifying a Unmanned Aerial Vehicle (UAV), including, but not limited to, determining a first maneuver type, determining a first acoustic signature of sound captured by a plurality of audio sensors while the UAV performs the first maneuver type, determining a second acoustic signature of sound captured by the plurality of audio sensors while the UAV performs a second maneuver type different from the first maneuver type, determining an acoustic signature delta based on the first acoustic signature and the second acoustic signature, and determining an identity of the UAV based on the acoustic signature delta.
    Type: Application
    Filed: February 17, 2016
    Publication date: August 17, 2017
    Inventors: Ayman Naguib, Nayeem Islam
  • Publication number: 20170234966
    Abstract: Apparatuses and methods are described herein for identifying an Unmanned Aerial Vehicle (UAV) by a central server connected to a first detection device and a plurality of detection devices, including, but not limited to, receiving, by the central server, information related to the UAV from the first detection device, selecting, by the central server, a second detection device from a plurality of detection devices connected to the central server, and sending, by the central server, the information to the second detection device.
    Type: Application
    Filed: September 30, 2016
    Publication date: August 17, 2017
    Inventors: Ayman Naguib, Michael Taveira, Nayeem Islam