Patents by Inventor Phillip Andrew Porras
Phillip Andrew Porras has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240430685Abstract: An example method for identifying one or more potential malicious activities in a software-defined open radio access network includes detecting, by a trusted monitoring device, a communication flow from a sender component to a receiver component via an intermediate component. The method also includes, in response to the detecting of the communication flow, generating, by the trusted monitoring device and utilizing an intermediate identifier associated with the intermediate component, a flow record based on one or more parameters associated with the communication flow. The method further includes providing, by the trusted monitoring device and based on the flow record, an indication of the one or more potential malicious activities in the software-defined open radio access network.Type: ApplicationFiled: June 20, 2024Publication date: December 26, 2024Inventors: Ashish Gehani, Vinod Trivandrum Yegneswaran, Phillip Andrew Porras
-
Publication number: 20240251248Abstract: A computer-implemented method for defending, preventing, and/or mitigating short message service (SMS) based activities is provided. The method includes monitoring, by a security component in a radio interface layer (RIL) of a computing device configured to access a radio network, data related to SMS interactions over the radio network. The method also includes, based on the monitoring, detecting a potential activity associated with an SMS interaction. The method additionally includes providing an indication of the potential activity.Type: ApplicationFiled: December 15, 2023Publication date: July 25, 2024Applicant: SRI InternationalInventors: Phillip Andrew Porras, Vinod Trivandrum Yegneswaran, Haohuang Wen, Zhiqiang Lin
-
Publication number: 20240179577Abstract: An example method for monitoring a software-defined radio access network (SD-RAN) includes receiving, by a computing device, data indicative of communications between a base station configured to provide radio access and one or more network devices. The method also includes generating, by the computing device and based on the data, a telemetry stream indicative of potential anomalous activity in the SD-RAN. The method further includes providing, by the computing device and based on the telemetry stream, an indication of the potential anomalous activity.Type: ApplicationFiled: November 21, 2023Publication date: May 30, 2024Inventors: Phillip Andrew Porras, Vinod Trivandrum Yegneswaran, Haohuang Wen
-
Patent number: 9973473Abstract: Methods, systems, and computer readable media for rapid filtering of opaque data traffic are disclosed. According to one method, the method includes receiving a packet containing a payload. The method also includes analyzing a portion of the payload for determining whether the packet contains compressed or encrypted data. The method further includes performing, if the packet contains compressed or encrypted data, at least one of sending the packet to an opaque traffic analysis engine for analysis, discarding the packet, logging the packet, or marking the packet.Type: GrantFiled: March 13, 2013Date of Patent: May 15, 2018Assignee: THE UNIVERSITY OF NORTH CAROLINA AT CHAPEL HILLInventors: Andrew Maxwell White, Fabian Monrose, Srinivas Krishnan, Phillip Andrew Porras, Michael Donald Bailey
-
Patent number: 9407509Abstract: A method of network surveillance includes receiving network packets handled by a network entity and building at least one long-term and at least one short-term statistical profile from a measure of the network packets that monitors data transfers, errors, or network connections. A comparison of the statistical profiles is used to determine whether the difference between the statistical profiles indicates suspicious network activity.Type: GrantFiled: September 21, 2009Date of Patent: August 2, 2016Assignee: SRI InternationalInventors: Phillip Andrew Porras, Alfonso De Jesus Valdes
-
Patent number: 9083712Abstract: In one embodiment, the present invention is a method and apparatus for generating highly predictive blacklists. One embodiment of a method for generating a blacklist of network addresses for a user of a network includes collecting security log data from users of the network, the security log data identifying observed attacks by attack sources, assigning the attack sources to the blacklist based on a combination of the relevance each attack source to the user and the maliciousness of the attack source, and outputting the blacklist.Type: GrantFiled: April 4, 2008Date of Patent: July 14, 2015Assignee: SRI InternationalInventors: Phillip Andrew Porras, Jian Zhang
-
Publication number: 20150052601Abstract: Methods, systems, and computer readable media for rapid filtering of opaque data traffic are disclosed. According to one method, the method includes receiving a packet containing a payload. The method also includes analyzing a portion of the payload for determining whether the packet contains compressed or encrypted data. The method further includes performing, if the packet contains compressed or encrypted data, at least one of sending the packet to an opaque traffic analysis engine for analysis, discarding the packet, logging the packet, or marking the packet.Type: ApplicationFiled: March 13, 2013Publication date: February 19, 2015Inventors: Andrew Maxwell White, Fabian Monrose, Srinivas Krishnan, Phillip Andrew Porras, Michael Donald Bailey
-
Patent number: 8955122Abstract: In one embodiment, the present invention is a method and apparatus for detecting malware infection. One embodiment of a method for detecting a malware infection at a local host in a network, includes monitoring communications between the local host and one or more entities external to the network, generating a dialog warning if the communications include a transaction indicative of a malware infection, declaring a malware infection if, within a predefined period of time, the dialog warnings includes at least one dialog warning indicating a transaction initiated at the local host and at least one dialog warning indicating an additional transaction indicative of a malware infection, and outputting an infection profile for the local host.Type: GrantFiled: April 4, 2008Date of Patent: February 10, 2015Assignee: SRI InternationalInventors: Guofei Gu, Phillip Andrew Porras, Martin Fong
-
Patent number: 8249028Abstract: In one embodiment, the present invention is a method and apparatus for identifying wireless transmitters. In one embodiment, a method for identifying a transmitter in a wireless computing network includes extracting one or more radio frequency signal characteristics from a communication from the transmitter and generating a fingerprint of the transmitter in accordance at least one of the extracted radio frequency signal characteristics.Type: GrantFiled: July 24, 2006Date of Patent: August 21, 2012Assignee: SRI InternationalInventors: Phillip Andrew Porras, Michael G. Corr, Steven Mark Dawson, David Watt, David Manseau, John Peter Marcotullio
-
Publication number: 20120210425Abstract: A method of network surveillance includes receiving network packets handled by a network entity and building at least one long-term and at least one short-term statistical profile from a measure of the network packets that monitors data transfers, errors, or network connections. A comparison of the statistical profiles is used to determine whether the difference between the statistical profiles indicates suspicious network activity.Type: ApplicationFiled: April 20, 2012Publication date: August 16, 2012Applicant: SRI INTERNATIONALInventors: Phillip Andrew Porras, Alfonso de Jesus Valdes
-
Patent number: 7724717Abstract: In one embodiment, the present invention is a method and apparatus for wireless network security. In one embodiment, a method for securing a wireless computing network includes receiving a communication from an unidentified transmitter, identifying the transmitter in accordance with a fingerprint generated from one or more radio frequency signal characteristics extracted from the communication, and taking action in response to an identity of the transmitter.Type: GrantFiled: July 24, 2006Date of Patent: May 25, 2010Assignee: SRI InternationalInventors: Phillip Andrew Porras, Michael G. Corr, Steven Mark Dawson, David Watt, David Manseau, John Peter Marcotullio
-
Patent number: 7694115Abstract: A system for managing network alerts including data connections adapted to receive alerts from network sensors, alert processing logic coupled to the data connections and further including alert integration logic operable to integrate the alerts, report generation logic coupled to the alert integration logic, distribution logic coupled to the report generation logic and a remote management unit coupled to the alert processing logic and being operable to dynamically modify the alert processing logic.Type: GrantFiled: August 1, 2000Date of Patent: April 6, 2010Assignee: SRI InternationalInventors: Phillip Andrew Porras, Martin Wayne Fong
-
Publication number: 20100050248Abstract: A method of network surveillance includes receiving network packets handled by a network entity and building at least one long-term and at least one short-term statistical profile from a measure of the network packets that monitors data transfers, errors, or network connections. A comparison of the statistical profiles is used to determine whether the difference between the statistical profiles indicates suspicious network activity.Type: ApplicationFiled: September 21, 2009Publication date: February 25, 2010Applicant: SRI InternationalInventors: Phillip Andrew Porras, Alfonso De Jesus Valdes
-
Patent number: 7594260Abstract: A method of network surveillance includes receiving network packets handled by a network entity and building at least one long-term and a least one short-term statistical profile from a measure of the network packets that monitors data transfers, errors, or network connections. A comparison of the statistical profiles is used to determine whether the difference between the statistical profiles indicates suspicious network activity.Type: GrantFiled: May 5, 2003Date of Patent: September 22, 2009Assignee: SRI InternationalInventors: Phillip Andrew Porras, Alfonso Valdes
-
Publication number: 20090172815Abstract: In one embodiment, the present invention is a method and apparatus for detecting malware infection. One embodiment of a method for detecting a malware infection at a local host in a network, includes monitoring communications between the local host and one or more entities external to the network, generating a dialog warning if the communications include a transaction indicative of a malware infection, declaring a malware infection if, within a predefined period of time, the dialog warnings includes at least one dialog warning indicating a transaction initiated at the local host and at least one dialog warning indicating an additional transaction indicative of a malware infection, and outputting an infection profile for the local host.Type: ApplicationFiled: April 4, 2008Publication date: July 2, 2009Inventors: Guofei Gu, Phillip Andrew Porras, Martin Fong
-
Publication number: 20090064332Abstract: In one embodiment, the present invention is a method and apparatus for generating highly predictive blacklists. One embodiment of a method for generating a blacklist of network addresses for a user of a network includes collecting security log data from users of the network, the security log data identifying observed attacks by attack sources, assigning the attack sources to the blacklist based on a combination of the relevance each attack source to the user and the maliciousness of the attack source, and outputting the blacklist.Type: ApplicationFiled: April 4, 2008Publication date: March 5, 2009Inventors: Phillip Andrew Porras, Jian Zhang
-
Patent number: 7379993Abstract: This invention uses Bayesian techniques to prioritize alerts or alert groups generated by intrusion detection systems and other information security devices, such as network analyzers, network monitors, firewalls, antivirus software, authentication services, host and application security services, etc. In a preferred embodiment, alerts are examined for the presence of one or more relevant features, such as the type of an attack, the target of an attack, the outcome of an attack, etc. At least a subset of the features is then provided to a real-time Bayes network, which assigns relevance scores to the received alerts or alert groups. In another embodiment, a network manager (a person) can disagree with the relevance score assigned by the Bayes network, and give an alert or alert group a different relevance score. The Bayes network is then modified so that similar future alerts or alert groups will be assigned a relevance score that more closely matches the score given by the network manager.Type: GrantFiled: September 13, 2001Date of Patent: May 27, 2008Assignee: SRI InternationalInventors: Alfonso De Jesus Valdes, Martin Wayne Fong, Phillip Andrew Porras
-
Patent number: 7143444Abstract: A method includes passing a request for data received by a first server process executing in a first server to a detection process that includes packing a subset of the data into an analysis format and passing the subset to an analysis process.Type: GrantFiled: November 28, 2001Date of Patent: November 28, 2006Assignee: SRI InternationalInventors: Phillip Andrew Porras, Magnus Almgren, Ulf E. Lindqvist, Steven Mark Dawson
-
Publication number: 20040221191Abstract: A method of network surveillance includes receiving network packets handled by a network entity and building at least one long-term and a least one short-term statistical profile from a measure of the network packets that monitors data transfers, errors, or network connections. A comparison of the statistical profiles is used to determine whether the difference between the statistical profiles indicates suspicious network activity.Type: ApplicationFiled: March 22, 2004Publication date: November 4, 2004Inventors: Phillip Andrew Porras, Alfonso Valdes
-
Patent number: 6711615Abstract: A method of network surveillance includes receiving network packets handled by a network entity and building at least one long-term and a least one short-term statistical profile from a measure of the network packets that monitors data transfers, errors, or network connections. A comparison of the statistical profiles is used to determine whether the difference between the statistical profiles indicates suspicious network activity.Type: GrantFiled: September 25, 2002Date of Patent: March 23, 2004Assignee: SRI InternationalInventors: Phillip Andrew Porras, Alfonso Valdes