Patents by Inventor Pierre-Antoine Vervier

Pierre-Antoine Vervier has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11683692
    Abstract: Protecting against potentially harmful app (PHA) installation on a mobile device. In some embodiments, a method may include identifying apps already installed on multiple mobile devices, identifying PHAs in the apps already installed on the multiple mobile devices, training a machine learning classifier, based on the apps already installed on multiple mobile devices, to predict a likelihood that each of the PHAs will be installed on any mobile device, identifying one or more apps already installed on a particular mobile device, predicting, using the machine learning classifier, a likelihood that a target PHA of the PHAs will be installed on the particular mobile device based on the one or more apps already installed on the particular mobile device, and in response to the likelihood being higher than a threshold, performing a remedial action to protect the particular mobile device from the target PHA.
    Type: Grant
    Filed: August 17, 2020
    Date of Patent: June 20, 2023
    Assignee: NORTONLIFELOCK INC.
    Inventors: Yun Shen, Pierre-Antoine Vervier
  • Patent number: 11449637
    Abstract: The disclosed computer-implemented method for providing web tracking transparency to protect user data privacy may include (i) receiving a browser request for target websites during a browsing session, (ii) identifying a tracking type for website trackers utilized by the target websites, the tracking type including a direct tracking type or a tracking sharing type, (iii) extracting an information category for the target websites, (iv) detecting text patterns shared between the target websites in a common information category, (v) determining information collected about a user by the website trackers by combining the tracking type for the website trackers, the information category for the target websites, and the detected text patterns, and (v) performing a security action that protects against unsolicited website tracking in future browsing sessions by providing the information collected by the website trackers to the user. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: June 15, 2020
    Date of Patent: September 20, 2022
    Assignee: NortonLifeLock Inc.
    Inventors: Iskander Sanchez Rola, Leyla Bilge, Pierre-Antoine Vervier, David Luz Silva
  • Publication number: 20210350006
    Abstract: The disclosed computer-implemented method for identifying software vulnerabilities in embedded device firmware may include (i) collecting a firmware image for an Internet-of-Things device, (ii) extracting library dependencies from the firmware image for the Internet-of-Things device, (iii) identifying a true version of a library specified in the firmware image by checking a ground truth database that records confirmed values for true versions for previously encountered libraries, and (iv) performing a security action to protect a user from a security risk based on identifying the true version of the library specified in the firmware image. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Application
    Filed: May 8, 2020
    Publication date: November 11, 2021
    Inventors: Johannes Krupp, Pierre-Antoine Vervier, Yun Shen
  • Patent number: 11122040
    Abstract: The disclosed computer-implemented method for fingerprinting devices may include (i) detecting that a new device has attempted to connect to a network gateway, (ii) attempting to fingerprint the new device as an instance of a known candidate device type by (a) transmitting to the new device, from a security application, a set of network messages that mimic network messages that a second application is configured to transmit to instances of the known candidate device type and (b) confirming, by the security application based on a response from the new device to the set of network messages, that the new device is the instance of the known candidate device type, and (iii) performing a security action to protect a network corresponding to the network gateway based on confirming that the new device is the instance of the known candidate device type. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: December 27, 2018
    Date of Patent: September 14, 2021
    Assignee: NortonLifeLock Inc.
    Inventors: Yuqiong Sun, Xueqiang Wang, Susanta Nanda, Yun Shen, Pierre-Antoine Vervier, Petros Efstathopoulos
  • Patent number: 11108787
    Abstract: Securing a network device by forecasting an attack event using a recurrent neural network. In one embodiment, a method may include collecting event sequences of events that occurred on multiple network devices, generating training sequences, validation sequences, and test sequences from the event sequences, training a recurrent neural network using the training sequences, the validation sequences, and the test sequences, collecting an event sequence of the most recent events that occurred on a target network device, forecasting, using the recurrent neural network and based on the event sequence of the most recent events that occurred on the target network device, the next event that will occur on the target network device, and in response to the forecasted next event being an attack event, performing a security action to prevent harm to the target network device from the attack event.
    Type: Grant
    Filed: March 29, 2018
    Date of Patent: August 31, 2021
    Assignee: NORTONLIFELOCK INC.
    Inventors: Yun Shen, Pierre-Antoine Vervier
  • Patent number: 10977374
    Abstract: Methods and systems are provided for generating a security profile for a new computing system. One example method generally includes obtaining, over a network, information associated with a plurality of existing computing systems and generating, by a clustering algorithm, a set of clusters based on the information associated with the plurality of existing computing systems. The method further includes obtaining external data associated with the computing system and classifying the computing system into a cluster in the set of clusters based on the external data associated with the computing system. The method further includes determining the security profile based on statistics associated with the cluster and transmitting, over the network, an indication of the security profile.
    Type: Grant
    Filed: June 15, 2018
    Date of Patent: April 13, 2021
    Assignee: CA, Inc.
    Inventors: Aditya Kuppa, Pierre-Antoine Vervier, Slawomir Grzonkowski, Yun Shen
  • Patent number: 10944781
    Abstract: Disclosed computer-implemented methods for identifying malicious domain names from a passive domain name system server log (DNS log) may include, in some examples, (1) creating a pool of domain names from the DNS log, (2) identifying respective features of each name in the pool, (3) preparing a list of known benign names and respective features of each known benign name, (4) preparing a list of known malicious names and features of each known malicious name, (5) computing a classification model based on (A) the features of each benign name on the list of benign names and (B) the features of each malicious name on the list of malicious names, (6) identifying respective features of an unclassified domain name, and (7) classifying, using the classification model, the unclassified domain name as malicious, based on the respective features of the unclassified domain name. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: June 25, 2018
    Date of Patent: March 9, 2021
    Assignee: NortonLifeLock Inc.
    Inventors: Leyla Bilge, Pierre-Antoine Vervier
  • Patent number: 10547633
    Abstract: The disclosed computer-implemented method for mapping services utilized by network domains may include (i) receiving a request to perform a risk assessment on a domain, (ii) querying a database for records associated with the domain, where each record links to a network resource that enables functionality of the domain, (iii) generating a service map that matches each network resource to a corresponding service type and service provider, (v) performing the risk assessment of the domain, and (vi) facilitating a security measure for the domain based on a result of the risk assessment. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: November 7, 2017
    Date of Patent: January 28, 2020
    Assignee: Symantec Corporation
    Inventors: Matteo Dell'Amico, Pierre-Antoine Vervier, Leylya Yumer
  • Patent number: 10547623
    Abstract: Securing network devices by forecasting future security incidents for a network based on past security incidents. In one embodiment, a method may include constructing past inside-in security features for a network, constructing past outside-in security features for the network, and employing dynamic time warping to generate a similarity score for each security feature pair in the past inside-in security features, in the past outside-in security features, and between the past inside-in security features and the past outside-in security features. The method may further include generating a Coupled Gaussian Latent Variable (CGLV) model based on the similarity scores, forecasting future inside-in security features for the network using the CGLV model, and performing a security action on one or more network devices of the network based on the forecasted future inside-in security features for the network.
    Type: Grant
    Filed: July 31, 2017
    Date of Patent: January 28, 2020
    Assignee: SYMANTEC CORPORATION
    Inventors: Yufei Han, Yun Shen, Leylya Yumer, Pierre-Antoine Vervier, Petros Efstathopoulos
  • Patent number: 10516680
    Abstract: A computer-implemented method for assessing cyber risks using incident-origin information may include (1) receiving a request for a cyber-risk assessment of an entity of interest, (2) using an Internet-address data source that maps identifiers of entities to public Internet addresses of the entities to translate an identifier of the entity into a set of Internet addresses of the entity, (3) using an incident-origin data source that maps externally-detected security incidents to public Internet addresses from which the security incidents originated to translate the set of Internet addresses into a set of security incidents that originated from the entity, and (4) using the set of security incidents to generate the cyber-risk assessment of the entity. Various other methods, systems, and computer-readable media may have similar features.
    Type: Grant
    Filed: June 22, 2016
    Date of Patent: December 24, 2019
    Assignee: NortonLifeLock Inc.
    Inventors: Pierre-Antoine Vervier, Leylya Bilge, Yufei Han, Matteo Dell'Amico
  • Patent number: 10440047
    Abstract: The disclosed computer-implemented method for mapping Internet Protocol addresses for an organization may include (1) receiving information for an organization from an organizational server, (2) extracting data from a plurality of server data sources associated with the information, (3) mapping the data from the plurality of sever data sources to the information, and (4) determining, based at least in part on the mapped data, a list of IP addresses identifying one or more relationships associated with the organization thereby facilitating performing a security posture analysis against a malicious attack. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: June 22, 2017
    Date of Patent: October 8, 2019
    Assignee: Symantec Corporation
    Inventors: Pierre-Antoine Vervier, Yun Shen
  • Patent number: 10437994
    Abstract: The disclosed computer-implemented method for determining the reputations of unknown files may include (1) identifying a file that was downloaded by the computing device from an external file host, (2) creating a node that represents the file in a dynamic file relationship graph, (3) connecting the node in the dynamic file relationship graph with at least one other node that represents an attribute of the external file host, and (4) labeling the node with a reputation score calculated based at least in part on a reputation score of the at least one other node that represents the attribute of the external file host. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: May 25, 2016
    Date of Patent: October 8, 2019
    Assignee: Symantec Corporation
    Inventors: Yun Shen, Yufei Han, Pierre-Antoine Vervier
  • Patent number: 10367845
    Abstract: The disclosed computer-implemented method for evaluating infection risks based on profiled user behaviors may include (1) collecting user-behavior profiles that may include labeled profiles (e.g., infected profiles and/or clean profiles) and/or unlabeled profiles, (2) training a classification model to distinguish infected profiles from clean profiles using features and labels of the user-behavior profiles, and (3) using the classification model to predict (a) a likelihood that a computing system of a user will become infected based on a profile of user behaviors of the user and/or (b) a likelihood that a user behavior in the user-behavior profiles will result in a computing-system infection. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: August 30, 2018
    Date of Patent: July 30, 2019
    Assignee: Symantec Corporation
    Inventors: Yufei Han, Leylya Yumer, Pierre-Antoine Vervier, Matteo Dell'Amico
  • Patent number: 10277621
    Abstract: The disclosed computer-implemented method for detecting vulnerabilities on servers may include (i) sending requests to servers for information about services potentially executing on the servers, (ii) receiving, in response to requests, messages from the servers that comprise the information about the services, wherein the set of messages use different formats for transmitting the information, (iii) creating, by analyzing the set of the messages, at least one heuristic that is capable of automatically extracting, from a message, an identifier of a service that executes on a server that sent the message, (iv) extracting, from the message, via the heuristic, the identifier of the service executes on the server that sent the message, and (v) determining, based on the identifier of the service, that the service contributes to a vulnerability on the server that sent the message. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: July 12, 2017
    Date of Patent: April 30, 2019
    Assignee: Symantec Corporation
    Inventors: Pierre-Antoine Vervier, Yun Shen
  • Publication number: 20190020674
    Abstract: The disclosed computer-implemented method for detecting vulnerabilities on servers may include (i) sending requests to servers for information about services potentially executing on the servers, (ii) receiving, in response to requests, messages from the servers that comprise the information about the services, wherein the set of messages use different formats for transmitting the information, (iii) creating, by analyzing the set of the messages, at least one heuristic that is capable of automatically extracting, from a message, an identifier of a service that executes on a server that sent the message, (iv) extracting, from the message, via the heuristic, the identifier of the service executes on the server that sent the message, and (v) determining, based on the identifier of the service, that the service contributes to a vulnerability on the server that sent the message. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Application
    Filed: July 12, 2017
    Publication date: January 17, 2019
    Inventors: Pierre-Antoine Vervier, Yun Shen
  • Publication number: 20180375894
    Abstract: The disclosed computer-implemented method for mapping Internet Protocol addresses for an organization may include (1) receiving information for an organization from an organizational server, (2) extracting data from a plurality of server data sources associated with the information, (3) mapping the data from the plurality of sever data sources to the information, and (4) determining, based at least in part on the mapped data, a list of IP addresses identifying one or more relationships associated with the organization thereby facilitating performing a security posture analysis against a malicious attack. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Application
    Filed: June 22, 2017
    Publication date: December 27, 2018
    Inventors: Pierre-Antoine Vervier, Yun Shen
  • Patent number: 10148690
    Abstract: A system and method for detecting malicious hijack events in real-time is provided. The method may include receiving routing data associated with a Border Gateway Protocol (BGP) event from at least one BGP router. The method may further include generating a hijack detection model using a machine learning technique, such as Positive Unlabeled learning. The machine learning technique may include at least one data input and a probability output; wherein, the data input couples to receive a set of historically confirmed BGP hijacking data and the routing data, while the probability output transmits a probability value for the malicious event which may be calculated based upon the data input. Finally, the method may include classifying the BGP event as a malicious event or a benign event using the BGP hijack model and correcting routing tables that have been corrupted by a malicious event.
    Type: Grant
    Filed: December 21, 2015
    Date of Patent: December 4, 2018
    Assignee: SYMANTEC CORPORATION
    Inventors: Yun Shen, Yufei Han, Pierre-Antoine Vervier
  • Patent number: 10116680
    Abstract: The disclosed computer-implemented method for evaluating infection risks based on profiled user behaviors may include (1) collecting user-behavior profiles that may include labeled profiles (e.g., infected profiles and/or clean profiles) and/or unlabeled profiles, (2) training a classification model to distinguish infected profiles from clean profiles using features and labels of the user-behavior profiles, and (3) using the classification model to predict (a) a likelihood that a computing system of a user will become infected based on a profile of user behaviors of the user and/or (b) a likelihood that a user behavior in the user-behavior profiles will result in a computing-system infection. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: June 21, 2016
    Date of Patent: October 30, 2018
    Assignee: Symantec Corporation
    Inventors: Yufei Han, Leylya Yumer, Pierre-Antoine Vervier, Matteo Dell'Amico
  • Publication number: 20170180418
    Abstract: A system and method for detecting malicious hijack events in real-time is provided. The method may include receiving routing data associated with a Border Gateway Protocol (BGP) event from at least one BGP router. The method may further include processing the routing data to generate a list of features representing ownership and various other details relating to origin and upstream equipment. The method may further include generating a hijack detection model using the routing data and the list of features, where a machine learning technique, such as Positive Unlabeled learning technique is employed. The machine learning technique may include at least one data input and a probability output; wherein, the data input couples to receive a set of historically confirmed BGP hijacking data and the routing data, while the probability output transmits a probability value for the malicious event which may be calculated based upon the data input.
    Type: Application
    Filed: December 21, 2015
    Publication date: June 22, 2017
    Inventors: Yun Shen, Yufei Han, Pierre-Antoine Vervier
  • Patent number: D930495
    Type: Grant
    Filed: April 30, 2019
    Date of Patent: September 14, 2021
    Assignee: NortonLifeLock Inc.
    Inventors: Yun Shen, Pierre-Antoine Vervier, Petros Efstathopoulos