Patents by Inventor Somesh Jha

Somesh Jha has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11314862
    Abstract: Disclosed herein are enhancements for operating a communication network to detect malware in scripts of web applications. In one implementation, a method for modeling the structure of embedded unclassified scripts to compare the abstract dynamism of similar scripts. The method may determine structure of unclassified end user browser script by building abstract structure using code from unclassified end user browser script; compare determined structure of unclassified end user browser script with a plurality of generalized abstract structures; if the determined structure of unclassified end user browser script matches within a predetermined threshold of any of the plurality of generalized abstract structures, then the unclassified end user browser script is classified as benign, otherwise the determined structure is classified as malicious. This, in turn, provides a scalable and efficient way of identifying benign, malicious, known and unknown scripts from a script available in full or in part.
    Type: Grant
    Filed: April 16, 2018
    Date of Patent: April 26, 2022
    Assignee: Tala Security, Inc.
    Inventors: Sanjay Sawhney, Swapnil Bhalode, Andrew Joseph Davidson, Somesh Jha, Vaibhav Rastogi
  • Patent number: 11270105
    Abstract: A method and system for extracting information from a drawing. The method includes classifying nodes in the drawing, extracting attributes from the nodes, determining whether there are errors in the node attributes, and removing the nodes from the drawing. The method also includes identifying edges in the drawing, extracting attributes from the edges, and determining whether there are errors in the edge attributes. The system includes at least one processing component, at least one memory component, an identification component, an extraction component, and a correction component. The identification component is configured to classify nodes in the drawing, remove the nodes from the drawing, and identify edges in the drawing. The extraction component is configured to extract attributes from the nodes and edges. The correction component is configured to determine whether there are errors in the extracted attributes.
    Type: Grant
    Filed: September 24, 2019
    Date of Patent: March 8, 2022
    Assignee: International Business Machines Corporation
    Inventors: Mahmood Saajan Ashek, Raghu Kiran Ganti, Shreeranjani Srirangamsridharan, Mudhakar Srivatsa, Asif Sharif, Ramey Ghabros, Somesh Jha, Mojdeh Sayari Nejad, Mohammad Siddiqui, Yusuf Mai
  • Publication number: 20210089767
    Abstract: A method and system for extracting information from a drawing. The method includes classifying nodes in the drawing, extracting attributes from the nodes, determining whether there are errors in the node attributes, and removing the nodes from the drawing. The method also includes identifying edges in the drawing, extracting attributes from the edges, and determining whether there are errors in the edge attributes. The system includes at least one processing component, at least one memory component, an identification component, an extraction component, and a correction component. The identification component is configured to classify nodes in the drawing, remove the nodes from the drawing, and identify edges in the drawing. The extraction component is configured to extract attributes from the nodes and edges. The correction component is configured to determine whether there are errors in the extracted attributes.
    Type: Application
    Filed: September 24, 2019
    Publication date: March 25, 2021
    Inventors: Mahmood Saajan Ashek, Raghu Kiran Ganti, Shreeranjani Srirangamsridharan, Mudhakar Srivatsa, Asif Sharif, Ramey Ghabros, Somesh Jha, Mojdeh Sayari Nejad, Mohammad Siddiqui, Yusuf Mai
  • Publication number: 20200264061
    Abstract: A system and method for monitoring one or more objects that have been restrainedly secured to a vehicle by one or more restraint members. The system includes a plurality of sensors each configured for monitoring one or more of a compressive or tensile stress or strain in one of the one or more restraint members, and a controller for periodically interrogating each of the plurality of sensors to ascertain a value of stress or strain detected by the respective sensor. When a change in the value of stress or strain is indicative of loosened or overtightened restraint members, a mitigation event is triggered.
    Type: Application
    Filed: January 29, 2020
    Publication date: August 20, 2020
    Inventors: Somesh Jha, Piyush Raj
  • Publication number: 20200240787
    Abstract: A system and method for predicting, forecasting and suggesting voyage plans for a vessel by considering design parameters, weather in sailing routes and a user's preference for best weather or best economy or fastest way to reach the destination. Voyage plans are optimized using the above parameters, and directions are continuously provided in the form of heading and speeds to be maintained by the vessel during the course of the voyage.
    Type: Application
    Filed: January 29, 2020
    Publication date: July 30, 2020
    Inventors: Somesh Jha, Piyush Raj
  • Patent number: 10592676
    Abstract: Techniques to facilitate security for a software application are disclosed herein. In at least one implementation, static analysis is performed on code resources associated with the software application to generate static analysis results. Dynamic analysis is performed on a running instance of the software application to generate dynamic analysis results. An application information model of the software application is generated based on the static analysis results and the dynamic analysis results. Security policies for the software application are determined based on the application information model.
    Type: Grant
    Filed: October 27, 2017
    Date of Patent: March 17, 2020
    Assignee: Tala Security, Inc.
    Inventors: Sanjay Sawhney, Aanand Mahadevan Krishnan, Somesh Jha, Andrew Joseph Davidson, Swapnil Bhalode
  • Publication number: 20180300480
    Abstract: Disclosed herein are enhancements for operating a communication network to detect malware in scripts of web applications. In one implementation, a method for modeling the structure of embedded unclassified scripts to compare the abstract dynamism of similar scripts. The method may determine structure of unclassified end user browser script by building abstract structure using code from unclassified end user browser script; compare determined structure of unclassified end user browser script with a plurality of generalized abstract structures; if the determined structure of unclassified end user browser script matches within a predetermined threshold of any of the plurality of generalized abstract structures, then the unclassified end user browser script is classified as benign, otherwise the determined structure is classified as malicious. This, in turn, provides a scalable and efficient way of identifying benign, malicious, known and unknown scripts from a script available in full or in part.
    Type: Application
    Filed: April 16, 2018
    Publication date: October 18, 2018
    Inventors: Sanjay Sawhney, Swapnil Bhalode, Andrew Joseph Davidson, Somesh Jha, Vaibhav Rastogi
  • Patent number: 10050982
    Abstract: The disclosed computer-implemented method for reverse-engineering malware protocols may include (1) decrypting encrypted network traffic generated by a malware program, (2) identifying at least one message type field in the decrypted network traffic, (3) identifying at least one message in the decrypted network traffic with the identified message type, and (4) inferring at least a portion of a protocol used by the malware program by analyzing the identified message to identify a field type for at least one data field of the identified message of the identified message type. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: May 19, 2016
    Date of Patent: August 14, 2018
    Assignee: Symantec Corporation
    Inventors: Ruben Torres Guerra, Gaspar Modelo-Howard, Alok Tongaonkar, Lorenzo De Carli, Somesh Jha
  • Publication number: 20180121659
    Abstract: Techniques to facilitate security for a software application are disclosed herein. In at least one implementation, static analysis is performed on code resources associated with the software application to generate static analysis results. Dynamic analysis is performed on a running instance of the software application to generate dynamic analysis results. An application information model of the software application is generated based on the static analysis results and the dynamic analysis results. Security policies for the software application are determined based on the application information model.
    Type: Application
    Filed: October 27, 2017
    Publication date: May 3, 2018
    Inventors: Sanjay Sawhney, Aanand Mahadevan Krishnan, Somesh Jha, Andrew Joseph Davidson, Swapnil Bhalode
  • Patent number: 8220048
    Abstract: A network intrusion detection system combines the normally sequential steps of protocol analysis, normalization, and signature matching through the use of a regular expression to speed the monitoring of network data. The regular expression also allows the creation of a superset matcher, permitting multiple stages of matching of increased accuracy to produce additional throughput gains.
    Type: Grant
    Filed: August 21, 2006
    Date of Patent: July 10, 2012
    Assignee: Wisconsin Alumni Research Foundation
    Inventors: Shai Aharon Rubin, Somesh Jha, Barton Paul Miller
  • Patent number: 8065728
    Abstract: A malware prevention system monitors kernel level events of the operating system and applies user programmable or preprepared policies to those events to detect and block malware.
    Type: Grant
    Filed: September 10, 2007
    Date of Patent: November 22, 2011
    Assignee: Wisconsin Alumni Research Foundation
    Inventors: Hao Wang, Somesh Jha
  • Patent number: 8065722
    Abstract: An automatic technique for generating signatures for malicious network traffic performs a cluster analysis of known malicious traffic to create a signature in the form of a state machine. The cluster analysis may operate on semantically tagged data collected by connection or session and normalized to eliminate protocol specific features. The signature extractor may generalize the finite-state machine signatures to match network traffic not previously observed.
    Type: Grant
    Filed: March 21, 2005
    Date of Patent: November 22, 2011
    Assignee: Wisconsin Alumni Research Foundation
    Inventors: Paul Robert Barford, Jonathon Thomas Giffin, Somesh Jha, Vinod Trivandrum Yegneswaran
  • Patent number: 7962434
    Abstract: Deterministic finite automata (DFAs) are popular solutions to deep packet inspection because they are fast and DFAs corresponding to multiple signatures are combinable into a single DFA. Combining such DFAs causes an explosive increase in memory usage. Extended finite automata (XFAs) are an alternative to DFAs that avoids state-space explosion problems. XFAs extend DFAs with a few bytes of “scratch memory” used to store bits and other data structures that record progress. Simple programs associated with automaton states and/or transitions manipulate this scratch memory. XFAs are deterministic in their operation, are equivalent to DFAs in expressiveness, and require no custom hardware support. Fully functional prototype XFA implementations show that, for most signature sets, XFAs are at least 10,000 times smaller than the DFA matching all signatures. XFAs are 10 times smaller and 5 times faster or 5 times smaller and 20 times faster than systems using multiple DFAs.
    Type: Grant
    Filed: February 15, 2008
    Date of Patent: June 14, 2011
    Assignee: Wisconsin Alumni Research Foundation
    Inventors: Cristian Estan, Randy David Smith, Somesh Jha
  • Patent number: 7941856
    Abstract: Systems, methods and devices according to this invention include a plurality of defined modification rules for modifying a sequence of packets that form an attack on an intrusion detection system. These modification rules include both rules that expand the number of packets and rules that reduce the number of packets. The reducing rules can be applied to a given attack instance to identify one or more root attack instances. The expanding rules can then be applied to each root attack instance to generate a corpus of modified attack instances. The modification rules can preserve the semantics of the attack, so that any modified attack instance generated from the given attack instance remains a true attack. To test an intrusion detection system, the corpus of modified attack instances can be used to determine whether an intrusion detection system detects every modified attack instance.
    Type: Grant
    Filed: December 5, 2005
    Date of Patent: May 10, 2011
    Assignee: Wisconsin Alumni Research Foundation
    Inventors: Shai A. Rubin, Somesh Jha, Barton P. Miller
  • Patent number: 7739737
    Abstract: A technique for finding malicious code such as viruses in an executable binary file converts the executable binary to a function unique form to which function unique forms of virus code may be compared. By avoiding direct comparison of the expression of the viral code but looking instead at its function, obfuscation techniques intended to hide the virus code are substantially reduced in effectiveness.
    Type: Grant
    Filed: July 29, 2003
    Date of Patent: June 15, 2010
    Assignee: Wisconsin Alumni Research Foundation
    Inventors: Mihai Christodorescu, Somesh Jha
  • Publication number: 20100071063
    Abstract: An automatic system for spyware detection and signature generation compares packets of output from a computer in response to standard user inputs, to packets of a standard output set derived from a known clean machine. Differences between these two packet sets are analyzed with respect to whether they relate to unknown web servers and whether they incorporate user-derived information. This analysis is used to provide an automatic detection of and signature generation for spyware infecting the machine.
    Type: Application
    Filed: November 28, 2007
    Publication date: March 18, 2010
    Applicant: WISCONSIN ALUMNI RESEARCH FOUNDATION
    Inventors: Hao Wang, Somesh Jha, Vinod Ganapathy
  • Publication number: 20100011441
    Abstract: Computer programs are preprocessed to produce normalized or standard versions to remove obfuscation that might prevent the detection of embedded malware through comparison with standard malware signatures. The normalization process can provide an unpacking of compressed or encrypted malware, a reordering of the malware into a standard form, and the detection and removal of semantically identified nonfunctional code added to disguise the malware.
    Type: Application
    Filed: April 23, 2008
    Publication date: January 14, 2010
    Inventors: Mihai Christodorescu, Somesh Jha, Stefan Katzenbeisser, Johannes Kinder, Helmut Veith
  • Publication number: 20090106183
    Abstract: Deterministic finite automata (DFAs) are popular solutions to deep packet inspection because they are fast and DFAs corresponding to multiple signatures are combinable into a single DFA. Combining such DFAs causes an explosive increase in memory usage. Extended finite automata (XFAs) are an alternative to DFAs that avoids state-space explosion problems. XFAs extend DFAs with a few bytes of “scratch memory” used to store bits and other data structures that record progress. Simple programs associated with automaton states and/or transitions manipulate this scratch memory. XFAs are deterministic in their operation, are equivalent to DFAs in expressiveness, and require no custom hardware support. Fully functional prototype XFA implementations show that, for most signature sets, XFAs are at least 10,000 times smaller than the DFA matching all signatures. XFAs are 10 times smaller and 5 times faster or 5 times smaller and 20 times faster than systems using multiple DFAs.
    Type: Application
    Filed: February 15, 2008
    Publication date: April 23, 2009
    Inventors: Cristian Estan, Randy D. Smith, Somesh Jha
  • Publication number: 20090070878
    Abstract: A malware prevention system monitors kernel level events of the operating system and applies user programmable or preprepared policies to those events to detect and block malware.
    Type: Application
    Filed: September 10, 2007
    Publication date: March 12, 2009
    Inventors: Hao Wang, Somesh Jha
  • Publication number: 20080047012
    Abstract: A network intrusion detection system combines the normally sequential steps of protocol analysis, normalization, and signature matching through the use of a regular expression to speed the monitoring of network data. The regular expression also allows the creation of a superset matcher, permitting multiple stages of matching of increased accuracy to produce additional throughput gains.
    Type: Application
    Filed: August 21, 2006
    Publication date: February 21, 2008
    Inventors: Shai Aharon Rubin, Somesh Jha, Barton Paul Miller