Patents by Inventor Stanislav Miskovic

Stanislav Miskovic has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20200014718
    Abstract: A lateral movement application identifies lateral movement (LM) candidates that potentially represent a security threat. Security platforms generate event data when performing security-related functions, such as authenticating a user account. The disclosed technology enables greatly increased accuracy identification of lateral movement (LM) candidates by, for example, refining a population of LM candidates based on an analysis of a time constrained graph in which nodes represent entities, and edges between nodes represent a time sequence of login or other association activities between the entities. The graph is created based on an analysis of the event data, including time sequences of the event data.
    Type: Application
    Filed: September 17, 2019
    Publication date: January 9, 2020
    Inventors: Satheesh Kumar JOSEPH DURAIRAJ, Stanislav MISKOVIC, Georgios APOSTOLOPOULOS
  • Patent number: 10462169
    Abstract: A lateral movement application identifies lateral movement (LM) candidates that potentially represent a security threat. Security platforms generate event data when performing security-related functions, such as authenticating a user account. The disclosed technology enables greatly increased accuracy identification of lateral movement (LM) candidates by, for example, refining a population of LM candidates based on an analysis of a time constrained graph in which nodes represent entities, and edges between nodes represent a time sequence of login or other association activities between the entities. The graph is created based on an analysis of the event data, including time sequences of the event data.
    Type: Grant
    Filed: April 29, 2017
    Date of Patent: October 29, 2019
    Assignee: SPLUNK INC.
    Inventors: Satheesh Kumar Joseph Durairaj, Stanislav Miskovic, Georgios Apostolopoulos
  • Patent number: 10419351
    Abstract: A method for classifying network traffic in a network. The method includes obtaining, from an application distribution source, an application distribution data set of comprising information associated with distributing an application from the pre-determined application distribution source, extracting, based on a pre-determined extraction criterion, a token from the application distribution data set of the application, obtaining, from the network traffic, a plurality of flows generated by the application, extracting, in response to detecting the token in a flow of the plurality of flows, context information associated with the token in the flow, and generating an identification rule of the application based on the token and the context information, wherein the identification rule describes one or more rule steps to locate the token in the flow, wherein the network traffic is classified using at least the identification rule.
    Type: Grant
    Filed: April 4, 2013
    Date of Patent: September 17, 2019
    Assignee: Narus, Inc.
    Inventors: Mario Baldi, Yong Liao, Stanislav Miskovic, Antonio Nucci
  • Patent number: 10332005
    Abstract: Embodiments of the invention provide a method, system, and computer readable medium for classifying network traffic based on application signatures generated during a training phase. The application signatures are generated based on tokens extracted from a training set that is generated by a particular application during the training phase. Accordingly, a new token extracted in real-time from current network data is compared to the application signatures to determine if the current network data is generated by the particular application.
    Type: Grant
    Filed: September 25, 2012
    Date of Patent: June 25, 2019
    Assignee: Narus, Inc.
    Inventors: Yong Liao, Mario Baldi, Stanislav Miskovic, Antonio Nucci, Qiang Xu
  • Patent number: 10263868
    Abstract: A method for applying a user-specific policy in a network. The method includes identifying a historical portion of network traffic of the network as associated with a user, analyzing, by a computer processor, the historical portion of network traffic to generate a fingerprint of the user, wherein the fingerprint represents characteristics of user activity in the network, identifying, by the computer processor, an ongoing portion of network traffic of the network as associated with the user, analyzing, by the computer processor and based on the fingerprint, the ongoing portion of network traffic to determine a match, wherein the match is determined at a time point within the ongoing portion of network traffic, and applying, in response to determining the match, the user-specific policy to the ongoing portion of network traffic subsequent to the time point.
    Type: Grant
    Filed: July 17, 2014
    Date of Patent: April 16, 2019
    Assignee: Narus, Inc.
    Inventors: Mario Baldi, Yong Liao, Stanislav Miskovic, Antonio Nucci, Han Hee Song
  • Patent number: 10242187
    Abstract: The disclosed computer-implemented method for providing integrated security management may include (1) identifying a computing environment protected by security systems and monitored by a security management system that receives event signatures from the security systems, where a first security system uses a first event signature naming scheme that differs from a second event signature naming scheme used by a second security system, (2) observing a first event signature that originates from the first security system and uses the first event signature naming scheme, (3) determine that the first event signature is equivalent to a second event signature that uses the second event signature naming scheme, and (4) performing, in connection with observing the first event signature, a security action associated with the second event signature and directed to the computing environment. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: September 14, 2016
    Date of Patent: March 26, 2019
    Assignee: Symantec Corporation
    Inventors: Kevin Roundy, Matteo Dell'Amico, Chris Gates, Michael Hart, Stanislav Miskovic
  • Patent number: 10178109
    Abstract: Alerts generated by triggering signatures on endpoints are identified in samples of security telemetry. The sources of alerts are filtered. Alert tuples identifying multipart attacks are discovered. An iterative multi-pass search of alert types generated by filtered sources can be conducted. During each pass, groups of successively larger numbers of alert types generated by common sources are identified. A list of alert types can be sorted according to the number of filtered sources that generated each alert type, from most to least. Pairs of alert types with multiple common sources can be identified by traversing the sorted list of alerts types. The sorted list can be iteratively traversed, identifying successive additional alert types to add to previously identified groupings, which are used as seed groups for successive identifications. Only the portion of the sorted list appearing after the last added alert type need be examined for successive identifications.
    Type: Grant
    Filed: March 31, 2016
    Date of Patent: January 8, 2019
    Assignee: Symantec Corporation
    Inventor: Stanislav Miskovic
  • Publication number: 20180316704
    Abstract: A lateral movement application identifies lateral movement (LM) candidates that potentially represent a security threat. Security platforms generate event data when performing security-related functions, such as authenticating a user account. The disclosed technology enables greatly increased accuracy identification of lateral movement (LM) candidates by, for example, refining a population of LM candidates based on an analysis of a time constrained graph in which nodes represent entities, and edges between nodes represent a time sequence of login or other association activities between the entities. The graph is created based on an analysis of the event data, including time sequences of the event data.
    Type: Application
    Filed: April 29, 2017
    Publication date: November 1, 2018
    Inventors: Satheesh Kumar JOSEPH DURAIRAJ, Stanislav MISKOVIC, Georgios APOSTOLOPOULOS
  • Publication number: 20180285776
    Abstract: A system and method of obtaining and utilizing an activity signature that is representative of a specific category of network activities based on directory service (DS) log data. The activity signature may be determining by a learning process, including segmenting and pruning a training dataset into a plurality of event segments and matching them with activities based on DS log data of known activities. Once obtained, the activity signature can advantageously be utilized to analyze any DS log data and activities in actual deployment. Using activity signatures to analyze DS event log can reveal roles of event-collection machines, aggregate information dispersed across their component events to reveal actors involved in particular AD activities, augment visibility of DS by enabling various vantage points to better infer activities at other domain machines, and reveal macro activities so that logged information becomes easily interpretable to human analysts.
    Type: Application
    Filed: April 3, 2017
    Publication date: October 4, 2018
    Inventors: Stanislav Miskovic, Satheesh Kumar Joseph Durairaj, George Apostolopulous, Dimitrios Terzis
  • Patent number: 10091231
    Abstract: The disclosed computer-implemented method for detecting security blind spots may include (i) detecting, via an endpoint security program, a threat incident at a set of client machines associated with a security vendor server, (ii) obtaining an indication of how the set of client machines will respond to the detecting of the threat incident, (iii) predicting how a model set of client machines would respond to the threat incident, (iv) determining that a delta exceeds a security threshold, and (v) performing a security action by the security vendor server, in response to determining that the delta exceeds the security threshold, to protect the set of client machines at least in part by electronically notifying the set of client machines of information about the prediction of how the model set of client machines would respond to the threat incident. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: September 15, 2016
    Date of Patent: October 2, 2018
    Assignee: Symantec Corporation
    Inventors: Chris Gates, Stanislav Miskovic, Michael Hart, Kevin Roundy
  • Patent number: 9871810
    Abstract: Tunable metrics are used for iterative discovery of groups of security alerts that identify complex, multipart attacks with different properties. Alerts generated by triggering signatures on originating computing devices are iteratively traversed, and different metrics corresponding to alerts and alert groups are calculated. The calculated metrics quantify the feasibility of the evaluation components (alerts and/or alert groups) for inclusion in tuples identifying multipart attacks with specific properties. Alerts and successively larger alert groups are iteratively joined into tuples, responsive to evaluation components meeting thresholds based on corresponding calculated metrics. Only those evaluation components that meet specific thresholds based on the calculated metrics are added to alert groups. Metrics are only calculated for those components that have met corresponding metric-based thresholds during prior iterations.
    Type: Grant
    Filed: April 25, 2016
    Date of Patent: January 16, 2018
    Assignee: Symantec Corporation
    Inventor: Stanislav Miskovic
  • Patent number: 8959643
    Abstract: A method for detecting a malicious activity in a network. The method includes obtaining file download flows from the network, analyzing, the file download flows to generate malicious indications using a pre-determined malicious behavior detection algorithm, extracting a file download attribute from a suspicious file download flow of a malicious indication, wherein the file download attribute represents one or more of the URL, the FQDN, the top-level domain name, the URL path, the URL file name, and the payload of the suspicious file download flow, determining the file download attribute as being shared by at least two suspicious file download flows, identifying related suspicious file download flows and determining a level of association between based at least on the file download attribute, computing a malicious score of the suspicious file download flow based on the level of association, and presenting the malicious score to an analyst user of the network.
    Type: Grant
    Filed: August 9, 2013
    Date of Patent: February 17, 2015
    Assignee: Narus, Inc.
    Inventors: Luca Invernizzi, Stanislav Miskovic, Ruben Torres, Sabyasachi Saha, Christopher Kruegel, Antonio Nucci, Sung-Ju Lee, Giovanni Vigna
  • Patent number: 8843627
    Abstract: Embodiments of the invention provide a method, system, and computer readable medium for classifying network traffic based on application signatures generated during a training phase. The application signatures are generated using (a) seeding flows obtained from a network trace based on a pre-determined selection criterion, and (b) for each seeding flow, a seeded flow group that is obtained from the network trace based on a pre-determined seeding criterion associated with the seeding flow. Specifically, persistent data patterns frequently occurring across multiple seeded flow groups are analyzed to generate the signatures.
    Type: Grant
    Filed: October 19, 2012
    Date of Patent: September 23, 2014
    Assignee: Narus, Inc.
    Inventors: Mario Baldi, Yong Liao, Stanislav Miskovic, Qiang Xu