Patents by Inventor Stuart Gresley Staniford
Stuart Gresley Staniford has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9954890Abstract: A system and method for detecting malicious activity within a Portable Document Format (PDF) document. The system includes a parser and one or more virtual machines. The parser that, when executed by a hardware processor, examines one or more portions of the PDF document to determine if one or more suspicious characteristics indicative of malicious network content are included in the one or more examined portions of the PDF document. The examined portion(s) in total are less than an entirety of the PDF document. The virtual machine(s) are adapted to receive the PDF document in response to the one or more examined portions of the PDF document being determined to include one or more suspicious characteristics indicative of malicious network content. The virtual machine(s) to process at least the one or more examined portions of the PDF document so as to determine whether the PDF document includes malicious network content.Type: GrantFiled: September 2, 2016Date of Patent: April 24, 2018Assignee: FireEye, Inc.Inventors: Stuart Gresley Staniford, Ashar Aziz
-
Patent number: 9519782Abstract: Systems and methods for detecting malicious content on portable data storage devices or remote network servers are provided. In an exemplary embodiment, a system comprises a quarantine module configured to detect one or more portable data storage devices upon insertion of the devices into a security appliance, wherein the security appliance is configured to receive the portable data storage devices, a controller configured to receive from the security appliance, via a communication network, data associated with the portable data storage devices, an analysis module configured to analyze the data to determine whether the data includes malware, and a security module to selectively identify, based on the determination, the one or more portable data storage devices storing the malware.Type: GrantFiled: February 24, 2012Date of Patent: December 13, 2016Assignee: FireEye, Inc.Inventors: Ashar Aziz, Stuart Gresley Staniford, Muhammad Amin, Henry Uyeno, Samuel Yie
-
Patent number: 9438622Abstract: Systems and methods for analyzing malicious PDF network content are provided herein. According to some embodiments, a PDF parser examines a body portion of a PDF document received over a network and intended for a digital device and determines if one or more suspicious characteristics indicative of malicious network content are included in the examined body portion of the PDF document. The examined body portion of the PDF document is lesser in size than an entirety of the body portion of the PDF document. When the portion of the body section of the PDF document is determined to include one or more suspicious characteristics indicative of malicious network content, the PDF document is provided to one or more virtual machines associated with the digital device to verify the inclusion of malicious network content in the portion of the body section of the PDF document.Type: GrantFiled: March 30, 2015Date of Patent: September 6, 2016Assignee: FireEye, Inc.Inventors: Stuart Gresley Staniford, Ashar Aziz
-
Patent number: 9118715Abstract: Systems and methods for detecting malicious PDF network content are provided herein. According to some embodiments, the methods may include at least the steps of examining received PDF network content to determine if one or more suspicious characteristics indicative of malicious network content are included in the PDF network content, providing PDF network content determined to include at least one suspicious characteristic to one or more virtual machines, and analyzing responses received from the one or more virtual machines to verify the inclusion of malicious network content in the PDF network content determined to include at least one suspicious characteristic.Type: GrantFiled: May 10, 2012Date of Patent: August 25, 2015Assignee: FireEye, Inc.Inventors: Stuart Gresley Staniford, Ashar Aziz
-
Publication number: 20150180886Abstract: A method for detecting malicious network content comprises inspecting one or more packets of network content, identifying a suspicious characteristic of the network content, determining a score related to a probability that the network content includes malicious network content based on at least the suspicious characteristic, identifying the network content as suspicious if the score satisfies a threshold value, executing a virtual machine to process the suspicious network content, and analyzing a response of the virtual machine to detect malicious network content.Type: ApplicationFiled: February 11, 2015Publication date: June 25, 2015Inventors: Stuart Gresley Staniford, Ashar Aziz
-
Patent number: 8997219Abstract: Systems and methods for detecting malicious PDF network content are provided herein. According to some embodiments, the methods may include at least the steps of examining received PDF network content to determine if one or more suspicious characteristics indicative of malicious network content are included in the PDF network content, providing PDF network content determined to include at least one suspicious characteristic to one or more virtual machines, and analyzing responses received from the one or more virtual machines to verify the inclusion of malicious network content in the PDF network content determined to include at least one suspicious characteristic.Type: GrantFiled: January 21, 2011Date of Patent: March 31, 2015Assignee: FireEye, Inc.Inventors: Stuart Gresley Staniford, Ashar Aziz
-
Patent number: 8990939Abstract: A system is described for scheduling the processing of items of suspicious network content to determine whether these items contain malicious network content. The system features a memory and an analyzer that may comprise a processor-based digital device in which at least one virtual machine (VM) and a scheduler operates. The scheduler is configured to generate an order of processing of a plurality of items of network content by the processor based on a plurality of probability scores, each corresponding to an item of network content. The analyzer is configured to process the items of network content in at least the virtual machine by replaying these items in accordance with the order of processing. The virtual machine is configured with a software profile corresponding to each of the processed items and being adapted to monitor behavior of each of the items during processing, thereby to detect malicious network content.Type: GrantFiled: June 24, 2013Date of Patent: March 24, 2015Assignee: FireEye, Inc.Inventors: Stuart Gresley Staniford, Ashar Aziz
-
Patent number: 8850571Abstract: A method for detecting malicious network content comprises inspecting one or more packets of network content, identifying a suspicious characteristic of the network content, determining a score related to a probability that the network content includes malicious network content based on at least the suspicious characteristic, identifying the network content as suspicious if the score satisfies a threshold value, executing a virtual machine to process the suspicious network content, and analyzing a response of the virtual machine to detect malicious network content.Type: GrantFiled: November 3, 2008Date of Patent: September 30, 2014Assignee: FireEye, Inc.Inventors: Stuart Gresley Staniford, Ashar Aziz
-
Publication number: 20130291109Abstract: A method for detecting malicious network content comprises inspecting one or more packets of network content, identifying a suspicious characteristic of the network content, determining a score related to a probability that the network content includes malicious network content based on at least the suspicious characteristic, identifying the network content as suspicious if the score satisfies a threshold value, executing a virtual machine to process the suspicious network content, and analyzing a response of the virtual machine to detect malicious network content.Type: ApplicationFiled: June 24, 2013Publication date: October 31, 2013Inventors: Stuart Gresley Staniford, Ashar Aziz
-
Publication number: 20130227691Abstract: Systems and methods for detecting malicious content on portable data storage devices or remote network servers are provided. In an exemplary embodiment, a system comprises a quarantine module configured to detect one or more portable data storage devices upon insertion of the devices into a security appliance, wherein the security appliance is configured to receive the portable data storage devices, a controller configured to receive from the security appliance, via a communication network, data associated with the portable data storage devices, an analysis module configured to analyze the data to determine whether the data includes malware, and a security module to selectively identify, based on the determination, the one or more portable data storage devices storing the malware.Type: ApplicationFiled: February 24, 2012Publication date: August 29, 2013Inventors: Ashar Aziz, Stuart Gresley Staniford, Muhammad Amin, Henry Uyeno, Samuel Yie
-
Publication number: 20120222121Abstract: Systems and methods for detecting malicious PDF network content are provided herein. According to some embodiments, the methods may include at least the steps of examining received PDF network content to determine if one or more suspicious characteristics indicative of malicious network content are included in the PDF network content, providing PDF network content determined to include at least one suspicious characteristic to one or more virtual machines, and analyzing responses received from the one or more virtual machines to verify the inclusion of malicious network content in the PDF network content determined to include at least one suspicious characteristic.Type: ApplicationFiled: May 10, 2012Publication date: August 30, 2012Inventors: Stuart Gresley Staniford, Ashar Aziz
-
Publication number: 20110247072Abstract: Systems and methods for detecting malicious PDF network content are provided herein. According to some embodiments, the methods may include at least the steps of examining received PDF network content to determine if one or more suspicious characteristics indicative of malicious network content are included in the PDF network content, providing PDF network content determined to include at least one suspicious characteristic to one or more virtual machines, and analyzing responses received from the one or more virtual machines to verify the inclusion of malicious network content in the PDF network content determined to include at least one suspicious characteristic.Type: ApplicationFiled: January 21, 2011Publication date: October 6, 2011Inventors: Stuart Gresley Staniford, Ashar Aziz
-
Publication number: 20100115621Abstract: A method for detecting malicious network content comprises inspecting one or more packets of network content, identifying a suspicious characteristic of the network content, determining a score related to a probability that the network content includes malicious network content based on at least the suspicious characteristic, identifying the network content as suspicious if the score satisfies a threshold value, executing a virtual machine to process the suspicious network content, and analyzing a response of the virtual machine to detect malicious network content.Type: ApplicationFiled: November 3, 2008Publication date: May 6, 2010Inventors: Stuart Gresley Staniford, Ashar Aziz