Patents by Inventor Salvatore J. Stolfo

Salvatore J. Stolfo has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11288090
    Abstract: Methods, systems, and media for injecting code into embedded devices are provided. In accordance with some embodiments, methods for injecting code into embedded devices are provided, the methods comprising: embedding payload execution code into an embedded device; identifying program instructions in code of the embedded device into which jump instructions can be placed; inserting at least one jump instruction at an identified program instruction; allocating memory for storing an execution context of an injected payload; saving a context of the code of the embedded device to memory; loading and executing a payload context into a processor of the embedded device; determining when execution of the payload context is to be interrupted; and in response to determining that the execution of the payload context is to be interrupted, saving the payload context, restoring the context of the code of the embedded device, and continuing execution of the code of the embedded device.
    Type: Grant
    Filed: August 20, 2018
    Date of Patent: March 29, 2022
    Assignee: The Trustees of Columbia University in the City of New York
    Inventors: Ang Cui, Salvatore J. Stolfo
  • Publication number: 20220070215
    Abstract: Enhanced attribution of phishers and assessment of the danger level posed by phishing campaigns by applying machine learning techniques to analyze the contents of phishing websites. The danger level may be determined as a function of the amount and kind of sensitive personal information the site attempts to steal. Profiling phisher behavior may be used as advanced threat intelligence to help predict targeted website for spoofing and/or phishing campaigns. Profiling phisher behavior may be accomplished by a focused analysis of the displayed items or words generated by the code with which the phisher labels webform input fields across different websites. The model of phisher behavior may reveal a phisher's motive and intent and may be used to investigate organized phishing teams. Rating phishing sites may inform response strategies and provide more informed critical browser messaging to the user.
    Type: Application
    Filed: August 31, 2021
    Publication date: March 3, 2022
    Inventors: Salvatore J. Stolfo, Shlomo Hershkop
  • Publication number: 20220058077
    Abstract: Methods, media, and systems for detecting anomalous program executions are provided. In some embodiments, methods for detecting anomalous program executions are provided, comprising: executing at least a part of a program in an emulator; comparing a function call made in the emulator to a model of function calls for the at least a part of the program; and identifying the function call as anomalous based on the comparison. In some embodiments, methods for detecting anomalous program executions are provided, comprising: modifying a program to include indicators of program-level function calls being made during execution of the program; comparing at least one of the indicators of program-level function calls made in the emulator to a model of function calls for the at least a part of the program; and identifying a function call corresponding to the at least one of the indicators as anomalous based on the comparison.
    Type: Application
    Filed: March 16, 2021
    Publication date: February 24, 2022
    Inventors: Salvatore J. Stolfo, Angelos D. Keromytis, Stylianos Sidiroglou
  • Patent number: 11194915
    Abstract: Methods, systems, and media for testing insider threat detection systems are provided.
    Type: Grant
    Filed: April 16, 2018
    Date of Patent: December 7, 2021
    Assignee: The Trustees of Columbia University in the City of New York
    Inventors: Salvatore J. Stolfo, Preetam Kumar Dutta
  • Patent number: 11106799
    Abstract: Methods, media, and systems for detecting an anomalous sequence of function calls are provided. The methods can include compressing a sequence of function calls made by the execution of a program using a compression model; and determining the presence of an anomalous sequence of function calls in the sequence of function calls based on the extent to which the sequence of function calls is compressed. The methods can further include executing at least one known program; observing at least one sequence of function calls made by the execution of the at least one known program; assigning each type of function call in the at least one sequence of function calls made by the at least one known program a unique identifier; and creating at least part of the compression model by recording at least one sequence of unique identifiers.
    Type: Grant
    Filed: September 23, 2019
    Date of Patent: August 31, 2021
    Assignee: The Trustees of Columbia University in the City of New York
    Inventors: Angelos D. Keromytis, Salvatore J. Stolfo
  • Publication number: 20210096941
    Abstract: Methods, media, and systems for detecting anomalous program executions are provided. In some embodiments, methods for detecting anomalous program executions are provided, comprising: executing at least a part of a program in an emulator; comparing a function call made in the emulator to a model of function calls for the at least a part of the program; and identifying the function call as anomalous based on the comparison. In some embodiments, methods for detecting anomalous program executions are provided, comprising: modifying a program to include indicators of program-level function calls being made during execution of the program; comparing at least one of the indicators of program-level function calls made in the emulator to a model of function calls for the at least a part of the program; and identifying a function call corresponding to the at least one of the indicators as anomalous based on the comparison.
    Type: Application
    Filed: May 13, 2020
    Publication date: April 1, 2021
    Inventors: Salvatore J. Stolfo, Angelos D. Keromytis, Stylianos Sidiroglou
  • Publication number: 20210067540
    Abstract: Methods, systems and media for evaluating layered computer security products are provided. In some embodiments, the method comprises: (a) identifying portions of attack data associated with an attack; (b) linking the portions of attack data; (c) testing security products using the linked attack data, at least two of the security products using different portions of the linked attack data; (d) storing the results of the testing; (e) repeating (a)-(d) for multiple attacks; receiving information identifying a subset of the security products from a remote computing device; identifying a first set of detected attacks for each of the plurality of security product using the stored results; determining a number of attacks in a union of each of the first sets of identified attacks; determining a detection rate for the identified security products based on the union and the number of tested attacks; and causing the detection rate to be presented.
    Type: Application
    Filed: March 13, 2020
    Publication date: March 4, 2021
    Inventors: Nathaniel Gordon Boggs, Salvatore J. Stolfo
  • Publication number: 20210051176
    Abstract: Systems and methods used to thwart attackers' attempts to steal digital credentials from computer network users and protect users from credential and identity theft via website spoofing and phishing campaigns.
    Type: Application
    Filed: August 17, 2020
    Publication date: February 18, 2021
    Inventors: Salvatore J. Stolfo, Shlomo Hershkop
  • Patent number: 10902111
    Abstract: Methods, media, and systems for detecting attack are provided. In some embodiments, the methods include: comparing at least part of a document to a static detection model; determining whether attacking code is included in the document based on the comparison of the document to the static detection model; executing at least part of the document; determining whether attacking code is included in the document based on the execution of the at least part of the document; and if attacking code is determined to be included in the document based on at least one of the comparison of the document to the static detection model and the execution of the at least part of the document, reporting the presence of an attack.
    Type: Grant
    Filed: December 11, 2018
    Date of Patent: January 26, 2021
    Assignee: The Trustees of Columbia University in the City of New York
    Inventors: Salvatore J. Stolfo, Wei-Jen Li, Angelos D. Keromytis, Elli Androulaki
  • Patent number: 10891375
    Abstract: Systems and methods for efficiently detecting and monitoring transmitted documents. The invention provides efficient, scalable, and accurate means to identify anomalous or suspicious access patterns, and related and similar documents based upon their content and their structural characteristics. Transmitted documents that are encrypted may be monitored without revealing the encrypted information.
    Type: Grant
    Filed: September 27, 2018
    Date of Patent: January 12, 2021
    Assignee: Allure Security Technology Inc.
    Inventor: Salvatore J Stolfo
  • Patent number: 10887340
    Abstract: Methods, systems, and media for inhibiting attacks on embedded devices are provided. In some embodiments, a system for inhibiting on embedded devices is provided, the system comprises a processor that is configured to: identify an embedded device that is configured to provide one or more services to one or more digital processing devices within a communications network; receive a first firmware associated with the embedded device; generate a second firmware that is functionally equivalent to the first firmware by: determining unused code within the first firmware; removing the unused code within the second firmware; and restructuring remaining code portions of the first firmware into memory positions within the second firmware; and inject the second firmware into the embedded device.
    Type: Grant
    Filed: July 1, 2019
    Date of Patent: January 5, 2021
    Assignee: The Trustees of Columbia University in the City of New York
    Inventors: Ang Cui, Salvatore J. Stolfo
  • Patent number: 10819726
    Abstract: Systems, methods, and media for detecting network anomalies are provided. In some embodiments, a training dataset of communication protocol messages having argument strings is received. The content and structure associated with each of the argument strings is determined and a probabilistic model is trained using the determined content and structure of each of the argument strings. A communication protocol message having an argument string that is transmitted from a first processor to a second processor across a computer network is received. The received communication protocol message is compared to the probabilistic model and then it is determined whether the communication protocol message is anomalous.
    Type: Grant
    Filed: July 26, 2018
    Date of Patent: October 27, 2020
    Assignee: The Trustees of Columbia University in the City of New York
    Inventors: Yingbo Song, Angelos D. Keromytis, Salvatore J. Stolfo
  • Patent number: 10686836
    Abstract: Systems and methods for generating and deploying decoy files and decoy applications that appear to be authentic files and applications. The content of the decoy files may be configurable, and the decoy files may be beaconized. The extent to which decoy files are and decoy applications are deployed may depend on the authentication level or change in authentication level of a user.
    Type: Grant
    Filed: October 30, 2018
    Date of Patent: June 16, 2020
    Assignee: Allure Security Technology Inc.
    Inventor: Salvatore J Stolfo
  • Patent number: 10673884
    Abstract: A method, apparatus, and medium are provided for tracing the origin of network transmissions. Connection records are maintained at computer system for storing source and destination addresses. The connection records also maintain a statistical distribution of data corresponding to the data payload being transmitted. The statistical distribution can be compared to that of the connection records in order to identify the sender. The location of the sender can subsequently be determined from the source address stored in the connection record. The process can be repeated multiple times until the location of the original sender has been traced.
    Type: Grant
    Filed: July 23, 2018
    Date of Patent: June 2, 2020
    Assignee: The Trustees of Columbia University in the City of New York
    Inventor: Salvatore J. Stolfo
  • Patent number: 10657262
    Abstract: Systems and methods for securing embedded devices via both online and offline defensive strategies. One or more security software components may be injected into firmware binary to create a modified firmware binary, which is functionally- and size-equivalent to the original firmware binary. The security software components may retrieve live forensic information related to embedded devices for use in live hardening of the modified firmware binary while the embedded device is online, dynamically patching the firmware. In addition, the live forensic information may be aggregated with other analytical data identifying firmware vulnerabilities. A vulnerability identification and mitigation system can then identify and inject modifications to the original firmware binary to develop secure firmware binary, which may be imaged and loaded onto one or more embedded devices within a network.
    Type: Grant
    Filed: September 28, 2015
    Date of Patent: May 19, 2020
    Assignee: RED BALLOON SECURITY, INC.
    Inventors: Ang Cui, Salvatore J. Stolfo
  • Patent number: 10650087
    Abstract: Systems and methods are presented for content extraction from markup language text. The content extraction process may parse markup language text into a hierarchical data model and then apply one or more filters. Output filters may be used to make the process more versatile. The operation of the content extraction process and the one or more filters may be controlled by one or more settings set by a user, or automatically by a classifier. The classifier may automatically enter settings by classifying markup language text and entering settings based on this classification. Automatic classification may be performed by clustering unclassified markup language texts with previously classified markup language texts.
    Type: Grant
    Filed: August 24, 2018
    Date of Patent: May 12, 2020
    Assignee: The Trustees of Columbia University in the City of New York
    Inventors: Suhit Gupta, Gail Kaiser, Salvatore J. Stolfo
  • Publication number: 20200104511
    Abstract: Methods, systems, and media for testing insider threat detection systems are provided.
    Type: Application
    Filed: April 16, 2018
    Publication date: April 2, 2020
    Inventors: Salvatore J. Stolfo, Preetam Kumar Dutta
  • Patent number: 10594722
    Abstract: Methods, systems and media for evaluating layered computer security products are provided. In some embodiments, the method comprises: (a) identifying portions of attack data associated with an attack; (b) linking the portions of attack data; (c) testing security products using the linked attack data, at least two of the security products using different portions of the linked attack data; (d) storing the results of the testing; (e) repeating (a)-(d) for multiple attacks; receiving information identifying a subset of the security products from a remote computing device; identifying a first set of detected attacks for each of the plurality of security product using the stored results; determining a number of attacks in a union of each of the first sets of identified attacks; determining a detection rate for the identified security products based on the union and the number of tested attacks; and causing the detection rate to be presented.
    Type: Grant
    Filed: July 27, 2018
    Date of Patent: March 17, 2020
    Assignee: The Trustees of Columbia University in the City of New York
    Inventors: Nathaniel Gordon Boggs, Salvatore J. Stolfo
  • Publication number: 20200084238
    Abstract: A system that generates decoy emails and documents by automatically detecting concepts such as dates, times, people, and locations in e-mails and documents, and shifting those concepts. The system may also generate an email or document reciting a URL associated with a fake website and purported login credentials for the fake website. The system may send an alert to a user of the system when someone seeks to access the fake website.
    Type: Application
    Filed: November 12, 2019
    Publication date: March 12, 2020
    Inventors: Salvatore J. Stolfo, Carl Sable
  • Publication number: 20200019705
    Abstract: Methods, media, and systems for detecting an anomalous sequence of function calls are provided. The methods can include compressing a sequence of function calls made by the execution of a program using a compression model; and determining the presence of an anomalous sequence of function calls in the sequence of function calls based on the extent to which the sequence of function calls is compressed. The methods can further include executing at least one known program; observing at least one sequence of function calls made by the execution of the at least one known program; assigning each type of function call in the at least one sequence of function calls made by the at least one known program a unique identifier; and creating at least part of the compression model by recording at least one sequence of unique identifiers.
    Type: Application
    Filed: September 23, 2019
    Publication date: January 16, 2020
    Applicant: The Trustees of Columbia University in the City of New York
    Inventors: Angelos D. Keromytis, Salvatore J. Stolfo