Patents by Inventor Shengming Xu
Shengming Xu has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11975985Abstract: Disclosed are a functional material for synchronously stabilizing multiple metals and a preparation method thereof, and a method for rehabilitating soil or wastewater contaminated by heavy metals (metalloids). The preparation method includes: mixing a ferrous salt, a ferric salt, a manganous salt, water, a dispersing material, and a phosphate to obtain a first mixture, and subjecting the first mixture to a first precipitation reaction to obtain a first reaction mixture containing the phosphate; adjusting a pH value of the first reaction mixture containing the phosphate to 10-12 by adding an alkali thereto to obtain a second mixture, subjecting the second mixture to a second precipitation reaction to obtain a second reaction mixture; and subjecting the second reaction mixture to a solid-liquid separation to obtain a solid, washing the solid, and drying to obtain the functional material for synchronously stabilizing multiple metals.Type: GrantFiled: April 25, 2022Date of Patent: May 7, 2024Assignee: CENTRAL SOUTH UNIVERSITYInventors: Qian Li, Rui Xu, Shengming Jin, Tao Jiang
-
Patent number: 11949658Abstract: A cloud-based traffic classification engine maintains a catalog of application-based traffic classes which have been developed based on known applications, and a local traffic classification engine maintains a subset of these classes. Network traffic intercepted by the firewall which cannot be classified by the local engine is forwarded to the cloud-based engine for classification. Upon determination of a class of the traffic, the cloud-based engine forwards the determined class and corresponding signature to the local engine. The firewall maintains a cache which is updated with the signatures corresponding to the class communicated by the cloud-based engine. Subsequent network traffic sent from the application can be determined to correspond to the application and classified according locally at the firewall based on the cached signatures. Localization of the cache to the firewall reduces latency of traffic classification operations as the catalog of classification information stored in the cloud scales.Type: GrantFiled: February 27, 2023Date of Patent: April 2, 2024Assignee: Palo Alto Networks, Inc.Inventors: Mengying Jiang, Shengming Xu, Menglan Fang, Ho Yu Lam
-
Publication number: 20240039893Abstract: Techniques for beacon and threat intelligence based Advanced Persistent Threat (APT) detection are disclosed. In some embodiments, a system/process/computer program product for beacon and threat intelligence based APT detection includes collecting firewall log data from monitored network traffic; analyzing the firewall log data at a cloud security service to identify beacon traffic based on a plurality of heuristics; performing a risk evaluation of the beacon traffic to detect malicious beacon traffic; and performing an action in response to detecting the malicious beacon traffic.Type: ApplicationFiled: July 29, 2022Publication date: February 1, 2024Inventors: Yanhui Jia, Qi Zhang, Shengming Xu
-
Publication number: 20240039889Abstract: Techniques for Cobalt Strike Beacon HTTP C2 heuristic detection are disclosed. In some embodiments, a system/process/computer program product for Cobalt Strike Beacon HTTP C2 heuristic detection includes monitoring HyperText Transfer Protocol (HTTP) network traffic at a firewall; prefiltering the monitored HTTP network traffic at the firewall to select a subset of the HTTP network traffic to forward to a cloud security service; determining whether the subset of the HTTP network traffic is associated with Cobalt Strike Beacon HTTP C2 traffic activity based on a plurality of heuristics; and performing an action in response to detecting the Cobalt Strike Beacon HTTP C2 traffic activity.Type: ApplicationFiled: August 7, 2023Publication date: February 1, 2024Inventors: Yanhui Jia, Christian Elihu Navarrete Discua, Durgesh Madhavrao Sangvikar, Ajaya Neupane, Yu Fu, Shengming Xu
-
Publication number: 20240039952Abstract: Techniques for Cobalt Strike Beacon HTTPS C2 heuristic detection are disclosed. In some embodiments, a system/process/computer program product for Cobalt Strike Beacon HTTPS C2 heuristic detection includes monitoring HyperText Transfer Protocol Secure (HTTPS) network traffic at a firewall; prefiltering the monitored HTTPS network traffic at the firewall to select a subset of the HTTPS network traffic to forward to a cloud security service; determining whether the subset of the HTTPS network traffic is associated with Cobalt Strike Beacon HTTPS C2 traffic activity based on a plurality of heuristics; and performing an action in response to detecting the Cobalt Strike Beacon HTTPS C2 traffic activity.Type: ApplicationFiled: July 29, 2022Publication date: February 1, 2024Inventors: Yanhui Jia, Shengming Xu
-
Publication number: 20240037231Abstract: Techniques for sample traffic based self-learning malware detection are disclosed. In some embodiments, a system/process/computer program product for sample traffic based self-learning malware detection includes receiving a plurality of samples for malware detection analysis using a sandbox; executing each of the plurality of samples in the sandbox and monitoring network traffic during execution of each of the plurality of samples in the sandbox; detecting that one or more of the plurality of samples is malware based on automated analysis of the monitored network traffic using a command and control (C2) machine learning (ML) model if there is not a prior match with an intrusion prevention system (LPS) signature; and performing an action in response to detecting that the one or more of the plurality of samples is malware based on the automated analysis of the monitored network traffic using the C2 ML model. In some embodiments, the IPS signatures and C2 ML model are automatically generated and trained.Type: ApplicationFiled: June 9, 2023Publication date: February 1, 2024Inventors: Yanhui Jia, Matthew W. Tennis, Stefan Achleitner, Taojie Wang, Hui Gao, Shengming Xu
-
Publication number: 20240039951Abstract: Techniques for probing for Cobalt Strike TeamServer detection are disclosed. In some embodiments, a system/process/computer program product for probing for Cobalt Strike TeamServer detection includes monitoring HyperText Transfer Protocol (HTTP), HTTPS, and/or Domain Name System (DNS) network traffic at a firewall; prefiltering the monitored HTTP, HTTPS, and/or DNS network traffic at the firewall to select a subset of the HTTP, HTTPS, and/or DNS network traffic to forward to a cloud security service; performing HTTP, HTTPS, and/or DNS probing of a target to detect whether the target is a Cobalt Strike TeamServer; and performing an action in response to detecting that the target is the Cobalt Strike TeamServer.Type: ApplicationFiled: July 29, 2022Publication date: February 1, 2024Inventors: Yanhui Jia, Shengming Xu
-
Publication number: 20230344866Abstract: Techniques for application identification for phishing detection are disclosed. In some embodiments, a system/process/computer program product for application identification for phishing detection includes monitoring network activity associated with a session to detect a request to access a site; determining advanced application identification associated with the site; and identifying the site as a phishing site based on the advanced application identification.Type: ApplicationFiled: April 26, 2022Publication date: October 26, 2023Inventors: Rongbo Shao, Bo Qu, Zhanglin He, Shengming Xu, Amy Lee
-
Patent number: 11770361Abstract: Techniques for Cobalt Strike Beacon HTTP C2 heuristic detection are disclosed. In some embodiments, a system/process/computer program product for Cobalt Strike Beacon HTTP C2 heuristic detection includes monitoring HyperText Transfer Protocol (HTTP) network traffic at a firewall; prefiltering the monitored HTTP network traffic at the firewall to select a subset of the HTTP network traffic to forward to a cloud security service; determining whether the subset of the HTTP network traffic is associated with Cobalt Strike Beacon HTTP C2 traffic activity based on a plurality of heuristics; and performing an action in response to detecting the Cobalt Strike Beacon HTTP C2 traffic activity.Type: GrantFiled: July 29, 2022Date of Patent: September 26, 2023Assignee: Palo Alto Networks, Inc.Inventors: Yanhui Jia, Christian Elihu Navarrete Discua, Durgesh Madhavrao Sangvikar, Ajaya Neupane, Yu Fu, Shengming Xu
-
Patent number: 11714903Abstract: Techniques for sample traffic based self-learning malware detection are disclosed. In some embodiments, a system/process/computer program product for sample traffic based self-learning malware detection includes receiving a plurality of samples for malware detection analysis using a sandbox; executing each of the plurality of samples in the sandbox and monitoring network traffic during execution of each of the plurality of samples in the sandbox; detecting that one or more of the plurality of samples is malware based on automated analysis of the monitored network traffic using a command and control (C2) machine learning (ML) model if there is not a prior match with an intrusion prevention system (IPS) signature; and performing an action in response to detecting that the one or more of the plurality of samples is malware based on the automated analysis of the monitored network traffic using the C2 ML model. In some embodiments, the IPS signatures and C2 ML model are automatically generated and trained.Type: GrantFiled: July 29, 2022Date of Patent: August 1, 2023Assignee: Palo Alto Networks, Inc.Inventors: Yanhui Jia, Matthew W. Tennis, Stefan Achleitner, Taojie Wang, Hui Gao, Shengming Xu
-
Publication number: 20230231829Abstract: A cloud-based traffic classification engine maintains a catalog of application-based traffic classes which have been developed based on known applications, and a local traffic classification engine maintains a subset of these classes. Network traffic intercepted by the firewall which cannot be classified by the local engine is forwarded to the cloud-based engine for classification. Upon determination of a class of the traffic, the cloud-based engine forwards the determined class and corresponding signature to the local engine. The firewall maintains a cache which is updated with the signatures corresponding to the class communicated by the cloud-based engine. Subsequent network traffic sent from the application can be determined to correspond to the application and classified according locally at the firewall based on the cached signatures. Localization of the cache to the firewall reduces latency of traffic classification operations as the catalog of classification information stored in the cloud scales.Type: ApplicationFiled: February 27, 2023Publication date: July 20, 2023Inventors: Mengying Jiang, Shengming Xu, Menglan Fang, Ho Yu Lam
-
Publication number: 20230231857Abstract: Detection of command and control malware is disclosed. A network traffic session is monitored. Automatic feature identification for real-time malicious command and control traffic detection based on a request header of the monitored network traffic session using a deep learning model is performed.Type: ApplicationFiled: January 18, 2022Publication date: July 20, 2023Inventors: Ajaya Neupane, Yuwen Dai, Stefan Achleitner, Yu Fu, Shengming Xu
-
Publication number: 20230188540Abstract: IoT adaptive threat prevention is disclosed. Network traffic received at a security platform is monitored to detect a plurality of IoT device profiles based on the monitored network traffic. A set of signatures for the security platform is received based on the detected plurality of IoT device profiles.Type: ApplicationFiled: December 10, 2021Publication date: June 15, 2023Inventors: Vamsidhar Valluri, Jialiang Zhang, Shengming Xu, Arun Athrey Chandrasekaran
-
Patent number: 11616759Abstract: A cloud-based traffic classification engine maintains a catalog of application-based traffic classes which have been developed based on known applications, and a local traffic classification engine maintains a subset of these classes. Network traffic intercepted by the firewall which cannot be classified by the local engine is forwarded to the cloud-based engine for classification. Upon determination of a class of the traffic, the cloud-based engine forwards the determined class and corresponding signature to the local engine. The firewall maintains a cache which is updated with the signatures corresponding to the class communicated by the cloud-based engine. Subsequent network traffic sent from the application can be determined to correspond to the application and classified according locally at the firewall based on the cached signatures. Localization of the cache to the firewall reduces latency of traffic classification operations as the catalog of classification information stored in the cloud scales.Type: GrantFiled: August 26, 2021Date of Patent: March 28, 2023Assignee: Palo Alto Networks, Inc.Inventors: Mengying Jiang, Shengming Xu, Menglan Fang, Ho Yu Lam
-
Publication number: 20230075094Abstract: An inline malicious traffic detector captures handshake messages in a session with a security protocol. The inline malicious traffic detector comprises a classifier that generates a verdict for the session indicating malicious or benign. The classifier is trained on labelled sessions using custom features generated from handshake messages. Based on determining that the session is malicious using features of the handshake messages, the inline malicious traffic detector blocks the session.Type: ApplicationFiled: September 7, 2021Publication date: March 9, 2023Inventors: Lei Xu, Stefan Achleitner, Yu Fu, Shengming Xu
-
Publication number: 20220329565Abstract: A cloud-based traffic classification engine maintains a catalog of application-based traffic classes which have been developed based on known applications, and a local traffic classification engine maintains a subset of these classes. Network traffic intercepted by the firewall which cannot be classified by the local engine is forwarded to the cloud-based engine for classification. Upon determination of a class of the traffic, the cloud-based engine forwards the determined class and corresponding signature to the local engine. The firewall maintains a cache which is updated with the signatures corresponding to the class communicated by the cloud-based engine. Subsequent network traffic sent from the application can be determined to correspond to the application and classified according locally at the firewall based on the cached signatures. Localization of the cache to the firewall reduces latency of traffic classification operations as the catalog of classification information stored in the cloud scales.Type: ApplicationFiled: August 26, 2021Publication date: October 13, 2022Inventors: Mengying Jiang, Shengming Xu, Menglan Fang, Ho Yu Lam