Patents by Inventor Wah-Kwan Lin
Wah-Kwan Lin has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11356463Abstract: Methods and systems for detecting malicious processes. Methods described herein gather data regarding process locations and calculate one or more inequality indicators related to the process paths based on economic principles. Instances of inequality with respect to process paths may indicate a path is uncommon and therefore the associated binary is used for malicious purposes.Type: GrantFiled: September 18, 2019Date of Patent: June 7, 2022Assignee: Rapid7, Inc.Inventors: Roy Hodgman, Oliver Keyes, Wah-Kwan Lin, Michael Scutt, Timothy Stiller
-
Patent number: 11301494Abstract: Methods, systems, and processes to optimize role level identification for computing resource allocation to perform security operations in networked computing environments. A role level classifier to process a training dataset that corresponds to a clean title is generated from a subset of entities associated with the clean title. An initial effective title determined by the role level classifier based on processing the training dataset is assigned to an entity. A new effective title based on feature differences between the initial effective title and the clean title is re-assigned to the entity. Performance of the generating, the assigning, and the re-assigning is repeated using the new effective title instead of the clean title.Type: GrantFiled: October 8, 2018Date of Patent: April 12, 2022Assignee: Rapid7, Inc.Inventors: Vasudha Shivamoggi, Wah-Kwan Lin, Roy Hodgman
-
Patent number: 11290479Abstract: Approaches provide for securing an electronic environment. A threat analysis service can obtain data for devices, users, and threats from disparate sources and can correlate users to devices and threats to build an understanding of an electronic environment's operational, organizational, and security concerns in order to provide customized security strategies and remediations. Additionally, the threat analysis service can develop a model of an electronic environment's behavior by monitoring and analyzing various the data from the data sources. The model can be updated such that the threat analysis service can tailor its orchestration to complement existing operational processes.Type: GrantFiled: August 11, 2018Date of Patent: March 29, 2022Assignee: Rapid7, Inc.Inventors: Roy Hodgman, Wah-Kwan Lin, Vasudha Shivamoggi
-
Publication number: 20210385253Abstract: Disclosed herein are methods, systems, and processes to detect valid clusters and eliminate spurious clusters in cybersecurity-based computing environments. A cluster detection and elimination model is trained by accessing a dataset with raw data that includes data points associated with computing devices in a network and applying two or more different clustering methodologies independently to the dataset. The resulting cluster detection and elimination model is used to compare two or more clusters to determine whether a cluster from one clustering methodology matches another cluster from another clustering methodology based on centroid locations and shared data points.Type: ApplicationFiled: August 24, 2021Publication date: December 9, 2021Applicant: Rapid7, Inc.Inventors: Vasudha Shivamoggi, Roy Hodgman, Wah-Kwan Lin
-
Publication number: 20210360406Abstract: Methods and systems for classifying a device on a network. The systems and methods may receive network activity data associated with an unknown device. A classifier executing one or more machine learning models may then classify the device as an internet of things (IoT) device or a non-IoT device.Type: ApplicationFiled: August 2, 2021Publication date: November 18, 2021Applicant: Rapid7, Inc.Inventors: Deral Heiland, Dustin Myers, Wah-Kwan Lin
-
Patent number: 11128667Abstract: Disclosed herein are methods, systems, and processes to detect valid clusters and eliminate spurious clusters in cybersecurity-based computing environments. A cluster detection and elimination model is trained by accessing a dataset with raw data that includes data points associated with computing devices in a network and applying two or more different clustering methodologies independently to the dataset. The resulting cluster detection and elimination model is used to compare two or more clusters to determine whether a cluster from one clustering methodology matches another cluster from another clustering methodology based on centroid locations and shared data points.Type: GrantFiled: November 29, 2018Date of Patent: September 21, 2021Assignee: Rapid7, Inc.Inventors: Vasudha Shivamoggi, Roy Hodgman, Wah-Kwan Lin
-
Patent number: 11115823Abstract: Methods and systems for classifying a device on a network. The systems and methods may receive network activity data associated with an unknown device. A classifier executing one or more machine learning models may then classify the device as an internet of things (IoT) device or a non-IoT device.Type: GrantFiled: April 30, 2019Date of Patent: September 7, 2021Assignee: Rapid7, Inc.Inventors: Deral Heiland, Dustin Myers, Wah-Kwan Lin
-
Patent number: 10848516Abstract: Disclosed herein are methods, systems, and processes for utilizing computing entity resolution for network asset correlation. A generated canonical dataset that includes the identities of existing computing devices is accessed and a scanned dataset generated by a security server that includes an identity of a scanned computing device is received. Paired records that include the identities of the existing computing devices and the identity of the scanned computing device are generated from the canonical dataset and the scanned dataset and user input applicable to the paired records that indicates whether the identity of the scanned computing device matches an identity of an existing computing device is received. A network asset correlator that indicates a disparate correlation between each of the existing computing devices and a newly-scanned computing device that is part of a newly-scanned dataset generated by the security server without requiring a subsequent user input is generated.Type: GrantFiled: October 2, 2018Date of Patent: November 24, 2020Assignee: Rapid7, Inc.Inventor: Wah-Kwan Lin
-
Publication number: 20200184367Abstract: Disclosed herein are methods, systems, and processes to automate cluster interpretation in computing environments to develop targeted remediation security actions. To interpret clusters that are generated by a clustering methodology without subjecting clustered data to classifier-based processing, separation quantifiers that indicate a spread in feature values across clusters are determined and used to discover relative feature importances of features that drive the formation of clusters, permitting a security server to identify features that discriminate between clusters.Type: ApplicationFiled: December 10, 2018Publication date: June 11, 2020Inventors: Vasudha Shivamoggi, Roy Hodgman, Wah-Kwan Lin
-
Publication number: 20200177633Abstract: Disclosed herein are methods, systems, and processes to detect valid clusters and eliminate spurious clusters in cybersecurity-based computing environments. A cluster detection and elimination model is trained by accessing a dataset with raw data that includes data points associated with computing devices in a network and applying two or more different clustering methodologies independently to the dataset. The resulting cluster detection and elimination model is used to compare two or more clusters to determine whether a cluster from one clustering methodology matches another cluster from another clustering methodology based on centroid locations and shared data points.Type: ApplicationFiled: November 29, 2018Publication date: June 4, 2020Applicant: Rapid7, Inc.Inventors: Vasudha Shivamoggi, Roy Hodgman, Wah-Kwan Lin
-
Publication number: 20200110833Abstract: Disclosed herein are methods, systems, and processes to optimize role level identification for computing resource allocation to perform security operations in networked computing environments. A role level classifier to process a training dataset that corresponds to a clean title is generated from a subset of entities associated with the clean title. An initial effective title determined by the role level classifier based on processing the training dataset is assigned to an entity. A new effective title based on feature differences between the initial effective title and the clean title is re-assigned to the entity. Performance of the generating, the assigning, and the re-assigning is repeated using the new effective title instead of the clean title.Type: ApplicationFiled: October 8, 2018Publication date: April 9, 2020Applicant: Rapid7, Inc.Inventors: Vasudha Shivamoggi, Wah-Kwan Lin, Roy Hodgman
-
Publication number: 20200106798Abstract: Disclosed herein are methods, systems, and processes for utilizing computing entity resolution for network asset correlation. A generated canonical dataset that includes the identities of existing computing devices is accessed and a scanned dataset generated by a security server that includes an identity of a scanned computing device is received. Paired records that include the identities of the existing computing devices and the identity of the scanned computing device are generated from the canonical dataset and the scanned dataset and user input applicable to the paired records that indicates whether the identity of the scanned computing device matches an identity of an existing computing device is received. A network asset correlator that indicates a disparate correlation between each of the existing computing devices and a newly-scanned computing device that is part of a newly-scanned dataset generated by the security server without requiring a subsequent user input is generated.Type: ApplicationFiled: October 2, 2018Publication date: April 2, 2020Inventor: Wah-Kwan Lin
-
Publication number: 20200053115Abstract: Approaches provide for securing an electronic environment. A threat analysis service can obtain data for devices, users, and threats from disparate sources and can correlate users to devices and threats to build an understanding of an electronic environment's operational, organizational, and security concerns in order to provide customized security strategies and remediations. Additionally, the threat analysis service can develop a model of an electronic environment's behavior by monitoring and analyzing various the data from the data sources. The model can be updated such that the threat analysis service can tailor its orchestration to complement existing operational processes.Type: ApplicationFiled: August 11, 2018Publication date: February 13, 2020Inventors: Roy Hodgman, Wah-Kwan Lin, Vasudha Shivamoggi
-
Patent number: 10462162Abstract: Methods and systems for detecting malicious processes. Methods described herein gather data regarding process locations and calculate one or more inequality indicators related to the process paths based on economic principles. Instances of inequality with respect to process paths may indicate a path is uncommon and therefore the associated binary is used for malicious purposes.Type: GrantFiled: July 24, 2017Date of Patent: October 29, 2019Assignee: Rapid7, Inc.Inventors: Roy Hodgman, Oliver Keyes, Wah-Kwan Lin, Michael Scutt, Timothy Stiller
-
Publication number: 20190230105Abstract: Analyzing and reporting anomalous internet traffic data by accepting a request for a connection to a virtual security appliance, collecting attribute data about the connection, applying an alert module to the data, and automatically generating an alert concerning an identified incident. An alert system for analyzing and reporting the anomalous internet traffic data. A processor to analyze and report anomalous internet traffic data.Type: ApplicationFiled: April 10, 2018Publication date: July 25, 2019Inventors: Roy Hodgman, Wah-Kwan Lin, Vasudha Shivamoggi
-
Publication number: 20190028491Abstract: Methods and systems for detecting malicious processes. Methods described herein gather data regarding process locations and calculate one or more inequality indicators related to the process paths based on economic principles. Instances of inequality with respect to process paths may indicate a path is uncommon and therefore the associated binary is used for malicious purposes.Type: ApplicationFiled: July 24, 2017Publication date: January 24, 2019Inventors: Roy Hodgman, Oliver Keyes, Wah-Kwan Lin, Michael Scutt, Timothy Stiller