Patents by Inventor Sherin M. Mathews
Sherin M. Mathews has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11847215Abstract: A method for halting malware includes: monitoring plural file system events with a system driver to detect an occurrence of a file system event having a predetermined file type and log event type; triggering a listening engine for file system event stream data of a file associated with the detection of the file system event, the file system event stream data indicating data manipulation associated with the file due to execution of a process; obtaining one or more feature values for each of plural different feature combinations of plural features of the file based on the file system event stream data; inputting one or more feature values into a data analytics model to predict a target label value based on the one or more feature values of the plural different feature combinations and agnostic to the process; and performing a predetermined operation based on the target label value.Type: GrantFiled: December 23, 2020Date of Patent: December 19, 2023Assignee: McAfee, LLCInventors: Celeste R. Fralick, Jonathan King, Carl D. Woodward, Andrew V. Holtzmann, Kunal Mehta, Sherin M. Mathews
-
Publication number: 20230334906Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to detect deepfake content. An example apparatus to determine whether input media is authentic includes a classifier to generate a first probability based on a first output of a local binary model manager, a second probability based on a second output of a filter model manager, and a third probability based on a third output of an image quality assessor, a score analyzer to obtain the first, second, and third probabilities from the classifier, and in response to obtaining a first result and a second result, generate a score indicative of whether the input media is authentic based on the first result, the second result, the first probability, the second probability, and the third probability.Type: ApplicationFiled: June 22, 2023Publication date: October 19, 2023Inventors: Utkarsh Verma, Sherin M. Mathews, Amanda House, Carl Woodward, Celeste Fralick, Jonathan King
-
Patent number: 11790237Abstract: Methods, apparatus, systems and articles of manufacture to defend against adversarial machine learning are disclosed. An example apparatus includes memory; computer readable instructions; and processor circuitry to execute the computer readable instructions to: generate a first output indicating a feature that contributed to the generation of a classification by a machine learning model; compare the first output with a second output generated by a server that trained the machine learning model; and flag the machine learning model as corresponding to at least one of model drift or an adversarial attack when first output differs from the second output by more than a threshold.Type: GrantFiled: January 30, 2023Date of Patent: October 17, 2023Assignee: McAfee, LLCInventors: Sherin M. Mathews, Celeste R. Fralick
-
Patent number: 11727721Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to detect deepfake content. An example apparatus to determine whether input media is authentic includes a classifier to generate a first probability based on a first output of a local binary model manager, a second probability based on a second output of a filter model manager, and a third probability based on a third output of an image quality assessor, a score analyzer to obtain the first, second, and third probabilities from the classifier, and in response to obtaining a first result and a second result, generate a score indicative of whether the input media is authentic based on the first result, the second result, the first probability, the second probability, and the third probability.Type: GrantFiled: September 29, 2020Date of Patent: August 15, 2023Assignee: MCAFEE, LLCInventors: Utkarsh Verma, Sherin M Mathews, Amanda House, Carl Woodward, Celeste Fralick, Jonathan King
-
Publication number: 20230186097Abstract: Methods, apparatus, systems and articles of manufacture to defend against adversarial machine learning are disclosed. An example apparatus includes memory; computer readable instructions; and processor circuitry to execute the computer readable instructions to: generate a first output indicating a feature that contributed to the generation of a classification by a machine learning model; compare the first output with a second output generated by a server that trained the machine learning model; and flag the machine learning model as corresponding to at least one of model drift or an adversarial attack when first output differs from the second output by more than a threshold.Type: ApplicationFiled: January 30, 2023Publication date: June 15, 2023Inventors: Sherin M. Mathews, Celeste R. Fralick
-
Patent number: 11568049Abstract: Methods, apparatus, systems and articles of manufacture to defend against adversarial machine learning are disclosed. An example apparatus includes a model trainer to train a classification model based on files with expected classifications; and a model modifier to select a convolution layer of the trained classification model based on an analysis of the convolution layers of the trained classification model; and replace the convolution layer with a tree-based structure to generate a modified classification model.Type: GrantFiled: September 27, 2019Date of Patent: January 31, 2023Assignee: McAfee, LLCInventors: Sherin M. Mathews, Celeste R. Fralick
-
Publication number: 20220269922Abstract: Methods, apparatus, systems and articles of manufacture to improve deepfake detection with explainability are disclosed. An example apparatus includes a deepfake classification model trainer to train a classification model based on a first portion of a dataset of media with known classification information, the classification model to output a classification for input media from a second portion of the dataset of media with known classification information; an explainability map generator to generate an explainability map based on the output of the classification model; a classification analyzer to compare the classification of the input media from the classification model with a known classification of the input media to determine if a misclassification occurred; and a model modifier to, when the misclassification occurred, modify the classification model based on the explainability map.Type: ApplicationFiled: February 23, 2021Publication date: August 25, 2022Inventor: Sherin M. Mathews
-
Publication number: 20210226975Abstract: Methods, systems, and media for detecting anomalous network activity are provided. In some embodiments, a method for detecting anomalous network activity is provided, the method comprising: receiving information indicating network activity, wherein the information includes IP addresses corresponding to devices participating in the network activity; generating a graph representing the network activity, wherein each node of the graph indicates an IP address of a device; generating a representation of the graph, wherein the representation of the graph reduces a dimensionality of information indicated in the graph; identifying a plurality of clusters of network activity based on the representation of the graph; determining that at least one cluster corresponds to anomalous network activity; and in response to determining that the at least one cluster corresponds to anomalous network activity, causing a network connection of at least one device included in the at least one cluster to be blocked.Type: ApplicationFiled: April 6, 2021Publication date: July 22, 2021Inventors: Sherin M. Mathews, Vaisakh Shaj, Sriranga Seetharamaiah, Carl D. Woodward, Kantheti VVSMB Kumar
-
Publication number: 20210157913Abstract: A method for halting malware includes: monitoring plural file system events with a system driver to detect an occurrence of a file system event having a predetermined file type and log event type; triggering a listening engine for file system event stream data of a file associated with the detection of the file system event, the file system event stream data indicating data manipulation associated with the file due to execution of a process; obtaining one or more feature values for each of plural different feature combinations of plural features of the file based on the file system event stream data; inputting one or more feature values into a data analytics model to predict a target label value based on the one or more feature values of the plural different feature combinations and agnostic to the process; and performing a predetermined operation based on the target label value.Type: ApplicationFiled: December 23, 2020Publication date: May 27, 2021Inventors: CELESTE R. FRALICK, JONATHAN KING, CARL D. WOODWARD, ANDREW V. HOLTZMANN, KUNAL MEHTA, SHERIN M. MATHEWS
-
Patent number: 11005868Abstract: Methods, systems, and media for detecting anomalous network activity are provided. In some embodiments, a method for detecting anomalous network activity is provided, the method comprising: receiving information indicating network activity, wherein the information includes IP addresses corresponding to devices participating in the network activity; generating a graph representing the network activity, wherein each node of the graph indicates an IP address of a device; generating a representation of the graph, wherein the representation of the graph reduces a dimensionality of information indicated in the graph; identifying a plurality of clusters of network activity based on the representation of the graph; determining that at least one cluster corresponds to anomalous network activity; and in response to determining that the at least one cluster corresponds to anomalous network activity, causing a network connection of at least one device included in the at least one cluster to be blocked.Type: GrantFiled: September 21, 2018Date of Patent: May 11, 2021Assignee: McAfee, LLCInventors: Sherin M. Mathews, Vaisakh Shaj, Sriranga Seetharamaiah, Carl D. Woodward, Kantheti VVSMB Kumar
-
Publication number: 20210097260Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to detect deepfake content. An example apparatus to determine whether input media is authentic includes a classifier to generate a first probability based on a first output of a local binary model manager, a second probability based on a second output of a filter model manager, and a third probability based on a third output of an image quality assessor, a score analyzer to obtain the first, second, and third probabilities from the classifier, and in response to obtaining a first result and a second result, generate a score indicative of whether the input media is authentic based on the first result, the second result, the first probability, the second probability, and the third probability.Type: ApplicationFiled: September 29, 2020Publication date: April 1, 2021Inventors: Utkarsh Verma, Sherin M. Mathews, Amanda House, Carl Woodward, Celeste Fralick, Jonathan King
-
Publication number: 20210097176Abstract: Methods, apparatus, systems and articles of manufacture to defend against adversarial machine learning are disclosed. An example apparatus includes a model trainer to train a classification model based on files with expected classifications; and a model modifier to select a convolution layer of the trained classification model based on an analysis of the convolution layers of the trained classification model; and replace the convolution layer with a tree-based structure to generate a modified classification model.Type: ApplicationFiled: September 27, 2019Publication date: April 1, 2021Inventors: Sherin M. Mathews, Celeste R. Fralick
-
Publication number: 20210097382Abstract: Methods, apparatus, systems and articles of manufacture to improve deepfake detection with explainability are disclosed. An example apparatus includes a deepfake classification model trainer to train a classification model based on a first portion of a dataset of media with known classification information, the classification model to output a classification for input media from a second portion of the dataset of media with known classification information; an explainability map generator to generate an explainability map based on the output of the classification model; a classification analyzer to compare the classification of the input media from the classification model with a known classification of the input media to determine if a misclassification occurred; and a model modifier to, when the misclassification occurred, modify the classification model based on the explainability map.Type: ApplicationFiled: September 27, 2019Publication date: April 1, 2021Inventors: Sherin M. Mathews, Shivangee Trivedi, Amanda House, Celeste R. Fralick, Steve Povolny, Steve Grobman
-
Patent number: 10956568Abstract: A method for halting malware includes: monitoring plural file system events with a system driver to detect an occurrence of a file system event having a predetermined file type and log event type; triggering a listening engine for file system event stream data of a file associated with the detection of the file system event, the file system event stream data indicating data manipulation associated with the file due to execution of a process; obtaining one or more feature values for each of plural different feature combinations of plural features of the file based on the file system event stream data; inputting one or more feature values into a data analytics model to predict a target label value based on the one or more feature values of the plural different feature combinations and agnostic to the process; and performing a predetermined operation based on the target label value.Type: GrantFiled: April 30, 2018Date of Patent: March 23, 2021Assignee: Mcafee, LLCInventors: Celeste R. Fralick, Jonathan King, Carl D. Woodward, Andrew V. Holtzmann, Kunal Mehta, Sherin M. Mathews
-
Patent number: 10699358Abstract: A hidden information detector for image files extracts N least significant bits from each of a first set of pixels of an image file, wherein N is an integer greater than or equal to 1. The detector then applies a mask to each of the extracted N least significant bits to form a second set of pixel values and determines a first probability as to whether the second set of pixels encodes a hidden image. Responsive to the first probability exceeding a first threshold, the detector determines a second probability as to whether the second set of pixels matches an image encoded in the first set of pixels. Responsive to a determination that the second probability is less than a second threshold, the detector performs a non-image classifier on the second set of pixels.Type: GrantFiled: February 22, 2018Date of Patent: June 30, 2020Assignee: MCAFEE, LLCInventors: German Lancioni, Sherin M. Mathews
-
Publication number: 20200099708Abstract: Methods, systems, and media for detecting anomalous network activity are provided. In some embodiments, a method for detecting anomalous network activity is provided, the method comprising: receiving information indicating network activity, wherein the information includes IP addresses corresponding to devices participating in the network activity; generating a graph representing the network activity, wherein each node of the graph indicates an IP address of a device; generating a representation of the graph, wherein the representation of the graph reduces a dimensionality of information indicated in the graph; identifying a plurality of clusters of network activity based on the representation of the graph; determining that at least one cluster corresponds to anomalous network activity; and in response to determining that the at least one cluster corresponds to anomalous network activity, causing a network connection of at least one device included in the at least one cluster to be blocked.Type: ApplicationFiled: September 21, 2018Publication date: March 26, 2020Inventors: Sherin M. Mathews, Vaisakh Shaj, Sriranga Seetharamaiah, Carl D. Woodward, Kantheti VVSMB Kumar
-
Publication number: 20190259126Abstract: A hidden information detector for image files extracts N least significant bits from each of a first set of pixels of an image file, wherein N is an integer greater than or equal to 1. The detector then applies a mask to each of the extracted N least significant bits to form a second set of pixel values and determines a first probability as to whether the second set of pixels encodes a hidden image. Responsive to the first probability exceeding a first threshold, the detector determines a second probability as to whether the second set of pixels matches an image encoded in the first set of pixels. Responsive to a determination that the second probability is less than a second threshold, the detector performs a non-image classifier on the second set of pixels.Type: ApplicationFiled: February 22, 2018Publication date: August 22, 2019Inventors: GERMAN LANCIONI, SHERIN M. MATHEWS