Patents by Inventor Roberto PERDISCI
Roberto PERDISCI has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10057279Abstract: A system for protecting computers against remote malware downloads includes a malware download detection system and participating client computers that provide download event information to the malware download detection system. A download event information identifies a file, a network address (e.g., uniform resource locator) from which the file was downloaded, and an identifier of the client computer that downloaded the file. The malware download detection system uses the download event information to build and update a tripartite download graph, and uses the download graph to train one or more classifiers. The malware download detection system consults the one or more classifiers to classify a download event. The download event is classified as malicious if either the file or the network address is classified as malicious.Type: GrantFiled: January 5, 2016Date of Patent: August 21, 2018Assignee: Trend Micro IncorporatedInventors: Marco Balduzzi, Babak Rahbarinia, Roberto Perdisci
-
Patent number: 10027688Abstract: A method and system of detecting a malicious and/or botnet-related domain name, comprising: reviewing a domain name used in Domain Name System (DNS) traffic in a network; searching for information about the domain name, the information related to: information about the domain name in a domain name white list and/or a domain name suspicious list; and information about the domain name using an Internet search engine, wherein the Internet search engine determines if there are no search results or search results with a link to at least one malware analysis site; and designating the domain name as malicious and/or botnet-related based on the information.Type: GrantFiled: August 10, 2009Date of Patent: July 17, 2018Assignee: Damballa, Inc.Inventors: Roberto Perdisci, Wenke Lee
-
Patent number: 9948671Abstract: A computerized system and method for performing behavioral clustering of malware samples, comprising: executing malware samples in a controlled computer environment for a predetermined time to obtain Hypertext Transfer Protocol. HTTP traffic; clustering the malware samples into at least one cluster based on network behavioral information from the HTTP traffic; and extracting, using the at least one processor, network signatures from the HTTP traffic information for each cluster, the network signatures being indicative of malware infection.Type: GrantFiled: June 27, 2014Date of Patent: April 17, 2018Assignee: Damballa, Inc.Inventors: Roberto Perdisci, Wenke Lee, Gunter Ollmann
-
Patent number: 9930065Abstract: Systems and methods for event path traceback may utilize a processor and a path traceback and categorization (ATC) module in communication with the processor. The processor may be configured to perform processing associated with receiving network traffic from a network. The ATC module may be configured to perform processing associated with identifying an event within the network traffic, tracing a sequence of network transactions related to the event, and outputting an annotated event path (AMP) including data about the event and the sequence of network transactions related to the event. Performing processing associated with tracing the sequence of network transactions may comprise reconstructing a sequence of transactions within the network traffic that led to the event while filtering out unrelated traffic within the network traffic.Type: GrantFiled: March 25, 2015Date of Patent: March 27, 2018Assignees: University of Georgia Research Foundation, Inc., Dambala, Inc.Inventors: Terry Lee Nelms, Roberto Perdisci
-
Patent number: 9922190Abstract: System and method for detecting a domain generation algorithm (DGA), comprising: performing processing associated with clustering, utilizing a name-based features clustering module accessing information from an electronic database of NX domain information, the randomly generated domain names based on the similarity in the make-up of the randomly generated domain names; performing processing associated with clustering, utilizing a graph clustering module, the randomly generated domain names based on the groups of assets that queried the randomly generated domain names; performing processing associated with determining, utilizing a daily clustering correlation module and a temporal clustering correlation module, which clustered randomly generated domain names are highly correlated in daily use and in time; and performing processing associated with determining the DGA that generated the clustered randomly generated domain names.Type: GrantFiled: January 24, 2013Date of Patent: March 20, 2018Assignee: Damballa, Inc.Inventors: Manos Antonakakis, Roberto Perdisci, Wenke Lee, Nikolaos Vasiloglou, II
-
Patent number: 9686291Abstract: A method and system for detecting a malicious domain name, comprising: collecting domain name statistical information from a non-recursive domain name system name server (RDNS NS); and utilizing the collected domain name statistical information to determine if a domain name is malicious or benign.Type: GrantFiled: December 4, 2013Date of Patent: June 20, 2017Assignee: Damballa, Inc.Inventors: Manos Antonakakis, Roberto Perdisci, Wenke Lee, Nikolaos Vasiloglou, II
-
Patent number: 9516058Abstract: A system and method for determining whether at least one domain is legitimate or malicious by obtaining passive DNS query information, using the passive DNS query information to measure statistical features of known malicious domain names and known legitimate domain names, and using the statistical features to determine at least one reputation for at least one new domain, where the reputation indicates whether the at least one new domain is likely to be for malicious or legitimate uses.Type: GrantFiled: August 9, 2011Date of Patent: December 6, 2016Assignee: Damballa, Inc.Inventors: Manos Antonakakis, Roberto Perdisci, David Dagon, Wenke Lee
-
Publication number: 20160285894Abstract: Systems and methods for event path traceback may utilize a processor and a path traceback and categorization (ATC) module in communication with the processor. The processor may be configured to perform processing associated with receiving network traffic from a network. The ATC module may be configured to perform processing associated with identifying an event within the network traffic, tracing a sequence of network transactions related to the event, and outputting an annotated event path (AMP) including data about the event and the sequence of network transactions related to the event. Performing processing associated with tracing the sequence of network transactions may comprise reconstructing a sequence of transactions within the network traffic that led to the event while filtering out unrelated traffic within the network traffic.Type: ApplicationFiled: March 25, 2015Publication date: September 29, 2016Inventors: Terry Lee NELMS, Roberto PERDISCI
-
Publication number: 20150026808Abstract: A computerized system and method for performing behavioral clustering of malware samples, comprising: executing malware samples in a controlled computer environment for a predetermined time to obtain HTTP traffic; clustering the malware samples into at least one cluster based on network behavioral information from the HTTP traffic; and extracting, using the at least one processor, network signatures from the HTTP traffic information for each cluster, the network signatures being indicative of malware infection.Type: ApplicationFiled: June 27, 2014Publication date: January 22, 2015Inventors: Roberto PERDISCI, Wenke LEE, Gunter OLLMANN
-
Patent number: 8826438Abstract: A computerized system and method for performing behavioral clustering of malware samples, comprising: executing malware samples in a controlled computer environment for a predetermined time to obtain HTTP traffic; clustering the malware samples into at least one cluster based on network behavioral information from the HTTP traffic; and extracting, using the at least one processor, network signatures from the HTTP traffic information for each cluster, the network signatures being indicative of malware infection.Type: GrantFiled: January 18, 2011Date of Patent: September 2, 2014Assignee: Damballa, Inc.Inventors: Roberto Perdisci, Wenke Lee, Gunter Ollmann
-
Publication number: 20140157414Abstract: A method and system for detecting a malicious domain name, comprising: collecting domain name statistical information from a non-recursive domain name system name server (RDNS NS); and utilizing the collected domain name statistical information to determine if a domain name is malicious or benign.Type: ApplicationFiled: December 4, 2013Publication date: June 5, 2014Applicant: DAMBALLA, INC.Inventors: Manos ANTONAKAKIS, Roberto PERDISCI, Wenke LEE, Nikolaos VASILOGLOU, II
-
Patent number: 8631489Abstract: A method and system for detecting a malicious domain name, comprising: collecting domain name statistical information from a non-recursive domain name system name server (RDNS NS); and utilizing the collected domain name statistical information to determine if a domain name is malicious or benign.Type: GrantFiled: January 25, 2012Date of Patent: January 14, 2014Assignee: Damballa, Inc.Inventors: Manos Antonakakis, Roberto Perdisci, Wenke Lee, Nikolaos Vasiloglou
-
Patent number: 8578497Abstract: A system and method of analysis. NX domain names are collected from an asset in a real network. The NX domain names are domain names that are not registered. The real network NX domain names are utilized to create testing vectors. The testing vectors are classified as benign vectors or malicious vectors based on training vectors. The asset is then classified as infected if the NX testing vector created from the real network NX domain names is classified as a malicious vector.Type: GrantFiled: January 5, 2011Date of Patent: November 5, 2013Assignee: Damballa, Inc.Inventors: Emmanouil Antonakakis, Roberto Perdisci, Wenke Lee, Gunter Ollmann
-
Publication number: 20120198549Abstract: A method and system for detecting a malicious domain name, comprising: collecting domain name statistical information from a non-recursive domain name system name server (RDNS NS); and utilizing the collected domain name statistical information to determine if a domain name is malicious or benign.Type: ApplicationFiled: January 25, 2012Publication date: August 2, 2012Inventors: Manos ANTONAKAKIS, Roberto Perdisci, Wenke Lee, Nikolaos Vasiloglou
-
Publication number: 20120042381Abstract: A system and method for determining whether at least one domain is legitimate or malicious by obtaining passive DNS query information, using the passive DNS query information to measure statistical features of known malicious domain names and known legitimate domain names, and using the statistical features to determine at least one reputation for at least one new domain, where the reputation indicates whether the at least one new domain is likely to be for malicious or legitimate uses.Type: ApplicationFiled: August 9, 2011Publication date: February 16, 2012Inventors: Manos Antonakakis, Roberto Perdisci, David Dagon, Wenke Lee
-
Publication number: 20110283361Abstract: A computerized system and method for performing behavioral clustering of malware samples, comprising: executing malware samples in a controlled computer environment fbr a predetermined time to obtain HTTP traffic; clustering the malware samples into at least one cluster based on network behavioral information from the HTTP traffic; and extracting, using the at least one processor, network signatures from the HTTP traffic information for each cluster, the network signatures being indicative of malware infection.Type: ApplicationFiled: January 18, 2011Publication date: November 17, 2011Applicant: DAMBALLA, INC.Inventors: Roberto Perdisci, Wenke Lee, Gunter Ollmann
-
Publication number: 20110167495Abstract: A system and method of analysis. NX domain names are collected from an asset in a real network. The NX domain names are domain names that are not registered. The real network NX domain names are utilized to create testing vectors. The testing vectors are classified as benign vectors or malicious vectors based on training vectors. The asset is then classified as infected if the NX testing vector created from the real network NX domain names is classified as a malicious vector.Type: ApplicationFiled: January 5, 2011Publication date: July 7, 2011Inventors: Emmanouil ANTONAKAKIS, Roberto PERDISCI, Wenke LEE, Gunter OLLMANN
-
Publication number: 20100037314Abstract: A method and system of detecting a malicious and/or botnet-related domain name, comprising: reviewing a domain name used in Domain Name System (DNS) traffic in a network; searching for information about the domain name, the information related to: information about the domain name in a domain name white list and/or a domain name suspicious list; and information about the domain name using an Internet search engine, wherein the Internet search engine determines if there are no search results or search results with a link to at least one malware analysis site; and designating the domain name as malicious and/or botnet-related based on the information.Type: ApplicationFiled: August 10, 2009Publication date: February 11, 2010Inventors: Roberto PERDISCI, Wenke LEE