Patents by Inventor Weidong Cui
Weidong Cui has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20180367548Abstract: Graph-based detection systems and techniques are provided to identify potential malicious lateral movement paths. System and security events may be used to generate a network connection graph and detect remote file executions and/or other detections, for use in tracking malicious lateral movement across a computer network, such as a compromised computer network. Lateral movement determination across a computer network may be divided into two subproblems: forensic analysis and general detection. With forensic analysis, given a malicious node, possible lateral movement leading into or out of the node is identified. General detection identifies previously unknown malicious lateral movement on a network using a remote file execution detector, and/or other detectors, and a rare path anomaly detection algorithm.Type: ApplicationFiled: June 14, 2017Publication date: December 20, 2018Inventors: Jack Wilson STOKES, III, Robert James MEAD, Tim William BURRELL, Ian HELLEN, John Joseph LAMBERT, Weidong CUI, Andrey MAROCHKO, Qingyun LIU
-
Patent number: 9619654Abstract: Methods and systems for application monitoring through collective record and replay are disclosed herein. The method includes recording a number of execution traces for an application from a number of user devices at a runtime library, wherein the number of execution traces relates to non-deterministic data. The method also includes replaying the number of execution traces to determine whether a behavior of the application creates a security risk.Type: GrantFiled: January 30, 2015Date of Patent: April 11, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Brendan Dolan-Gavitt, David Alexander Molnar, Weidong Cui
-
Patent number: 9329845Abstract: A system described herein includes a receiver component that receives source code from a computer-readable medium of a computing device and a static analysis component that executes a points-to analysis algorithm over the source code to cause generation of a points-to graph, wherein the points-to graph is a directed graph that comprises a plurality of nodes and a plurality of edges, wherein nodes of the points-to graph represent pointers in the source code and edges represent inclusion relationships in the source code. The system also includes an inference component that infers target types for generic pointers in the source code based at least in part upon known type definitions and global variables in the source code.Type: GrantFiled: June 4, 2009Date of Patent: May 3, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Weidong Cui, Marcus Peinado
-
Publication number: 20160051660Abstract: Methods and compositions for the optimization of production of influenza viruses suitable as influenza vaccines are provided.Type: ApplicationFiled: March 4, 2015Publication date: February 25, 2016Inventors: George Robert TRAGER, Richard M. Schwartz, Vu Truong-Le, Luisa Yee, John Michael Berry, Weidong Cui
-
Publication number: 20160026782Abstract: Described is a technology by which the identity of a person (e.g., a customer in a commercial transaction) is determinable without active identification effort, via biometric data is obtained without action by the person. Machine processing of the biometric data over a set of possible persons, determined from secondary proximity sensing, is used to determine or assist in determining the identity of the person.Type: ApplicationFiled: September 4, 2015Publication date: January 28, 2016Applicant: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Christopher Stephen Frederick Smowton, Ronnie Chaiken, Weidong Cui, Oliver H. Foehr, Jacob Rubin Lorch, David Molnar, Bryan Jeffrey Parno, Stefan Saroiu, Alastair Wolman
-
Patent number: 9152868Abstract: Described is a technology by which the identity of a person (e.g., a customer in a commercial transaction) is determinable without active identification effort, via biometric data is obtained without action by the person. Machine processing of the biometric data over a set of possible persons, determined from secondary proximity sensing, is used to determine or assist in determining the identity of the person.Type: GrantFiled: March 23, 2012Date of Patent: October 6, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Christopher Stephen Frederick Smowton, Ronnie Chaiken, Weidong Cui, Oliver H. Foehr, Jacob Rubin Lorch, David Molnar, Bryan Jeffrey Parno, Stefan Saroiu, Alastair Wolman
-
Patent number: 9129058Abstract: A method, system, and computer-readable storage medium for application monitoring through continuous record and replay are described herein. The method includes continuously recording execution traces including external non-deterministic input data for an application at a user device and analyzing the recorded execution traces to identify relevant execution traces for determining a behavior of the application. The method also includes reporting the relevant execution traces to a server, wherein the server is configured to replay the relevant execution traces to determine whether the behavior of the application is as expected.Type: GrantFiled: February 19, 2013Date of Patent: September 8, 2015Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Weidong Cui, Brendan Dolan-Gavitt, David Molnar
-
Publication number: 20150150138Abstract: Methods and systems for application monitoring through collective record and replay are disclosed herein. The method includes recording a number of execution traces for an application from a number of user devices at a runtime library, wherein the number of execution traces relates to non-deterministic data. The method also includes replaying the number of execution traces to determine whether a behavior of the application creates a security risk.Type: ApplicationFiled: January 30, 2015Publication date: May 28, 2015Inventors: Brendan Dolan-Gavitt, David Alexander Molnar, Weidong Cui
-
Patent number: 8955114Abstract: Methods and systems for application monitoring through collective record and replay are disclosed herein. The method includes recording a number of execution traces for an application from a number of user devices at a runtime library, wherein the number of execution traces relates to non-deterministic data. The method also includes replaying the number of execution traces to determine whether a behavior of the application creates a security risk.Type: GrantFiled: December 14, 2011Date of Patent: February 10, 2015Assignee: Microsoft CorporationInventors: Brendan Dolan-Gavitt, David Alexander Molnar, Weidong Cui
-
Patent number: 8935677Abstract: Systems and methods for automatically reverse engineering an input data format using dynamic data flow analysis. Combining input data with a simulated execution of the binary program using the input data and analyzing the use of the data by the program to generate a BNL-like grammar representing the input data format. The input data can be application level protocols, network protocols or formatted files.Type: GrantFiled: April 7, 2008Date of Patent: January 13, 2015Assignee: Microsoft CorporationInventors: Weidong Cui, Marcus Peinado, Karl Chen, Jiahe Helen Wang, Luis Irun-Briz
-
Publication number: 20140237293Abstract: A method, system, and computer-readable storage medium for application monitoring through continuous record and replay are described herein. The method includes continuously recording execution traces including external non-deterministic input data for an application at a user device and analyzing the recorded execution traces to identify relevant execution traces for determining a behavior of the application. The method also includes reporting the relevant execution traces to a server, wherein the server is configured to replay the relevant execution traces to determine whether the behavior of the application is as expected.Type: ApplicationFiled: February 19, 2013Publication date: August 21, 2014Applicant: Microsoft CorporationInventors: Weidong Cui, Brendan Dolan-Gavitt, David Molnar
-
Patent number: 8613096Abstract: The claimed subject matter provides a system and/or method that generates data patches for vulnerabilities. The system can include devices and components that examine exploits received or obtained from data streams, constructs probes and determines whether the probes take advantage of vulnerabilities. Based at least in part on such determinations data patches are dynamically generated to remedy the hitherto vulnerabilities.Type: GrantFiled: November 30, 2007Date of Patent: December 17, 2013Assignee: Microsoft CorporationInventors: Marcus Peinado, Weidong Cui, Jiahe Helen Wang, Michael E. Locasto
-
Patent number: 8589888Abstract: A “Demand-Driven Pointer Analyzer” (DDPA) provides a “demand-driven” field-sensitive pointer analysis process. This process rapidly and accurately identifies alias sets for selected pointers in software modules or programs of any size, including large-scale C/C++ programs such as a complete operating system (OS). The DDPA formulates the pointer analysis task as a Context-Free Language (CFL) reachability problem that operates using a Program Expression Graph (PEG) automatically constructed from the program code. The PEG provides a node and edge-based graph representation of all expressions and assignments in the program and allows the DDPA to rapidly identify aliases for pointers in the program by traversing the graph as a CFL reachability problem to determine pointer alias sets. In various embodiments, the DDPA is also context-sensitive.Type: GrantFiled: August 29, 2011Date of Patent: November 19, 2013Assignee: Microsoft CorporationInventors: Weidong Cui, Marcus Peinado, Zhilei Xu
-
Patent number: 8584254Abstract: Technologies pertaining to detecting accesses to monitored regions of memory and transmitting data to a protection system responsive to the detecting are described herein. A region of memory that includes objects in an object graph utilized by an operating system to determine which processes to execute and an order to execute such processes is monitored. If a process executing on a processor attempts to write to an object in the object graph, a field that is being written to is identified, and a determination is made regarding whether the field includes a pointer. Based upon whether the field includes a pointer, a type of write desirably undertaken by the object is ascertained, and an object event is transmitted to the protection system that informs the protection system of the type of write.Type: GrantFiled: December 8, 2011Date of Patent: November 12, 2013Assignee: Microsoft CorporationInventors: Weidong Cui, Marcus Peinado, Martim Carbone
-
Patent number: 8566944Abstract: Technology is described for malware investigation by analyzing computer memory in a computing device. The method can include performing static analysis on code for a software environment to form an extended type graph. A raw memory snapshot of the computer memory can be obtained at runtime. The raw memory snapshot may include the software environment executing on the computing device. Dynamic data structures can be found in the raw memory snapshot using the extended type graph to form an object graph. An authorized memory area can be defined having executable code, static data structures, and dynamic data structures. Implicit and explicit function pointers can be identified. The function pointers can be checked to validate that the function pointers reference a valid memory location in the authorized memory area and whether the computer memory is uncompromised.Type: GrantFiled: April 27, 2010Date of Patent: October 22, 2013Assignee: Microsoft CorporationInventors: Marcus Peinado, Weidong Cui
-
Publication number: 20130251216Abstract: Described is a technology by which the identity of a person (e.g., a customer in a commercial transaction) is determinable without active identification effort, via biometric data is obtained without action by the person. Machine processing of the biometric data over a set of possible persons, determined from secondary proximity sensing, is used to determine or assist in determining the identity of the person.Type: ApplicationFiled: March 23, 2012Publication date: September 26, 2013Applicant: MICROSOFT CORPORATIONInventors: Christopher Stephen Frederick Smowton, Ronnie Chaiken, Weidong Cui, Oliver H. Foehr, Jacob Rubin Lorch, David Molnar, Bryan Jeffrey Parno, Stefan Saroiu, Alastair Wolman
-
Publication number: 20130160128Abstract: Methods and systems for application monitoring through collective record and replay are disclosed herein. The method includes recording a number of execution traces for an application from a number of user devices at a runtime library, wherein the number of execution traces relates to non-deterministic data. The method also includes replaying the number of execution traces to determine whether a behavior of the application creates a security risk.Type: ApplicationFiled: December 14, 2011Publication date: June 20, 2013Applicant: Microsoft CorporationInventors: Brendan Dolan-Gavitt, David Alexander Molnar, Weidong Cui
-
Publication number: 20130152053Abstract: Computer memory access monitoring and error checking systems and processes are disclosed herein. In one embodiment, a computer implemented method includes executing a computer program having a first object in a first memory location and having a value corresponding to a second memory location holding a second object. The method also includes, during a memory read from the second memory location, performing a comparison of a first version of the first memory location and a second version of the second memory location. The method further includes determining if an error exists in the computer program based on the comparison between the first version and the second version.Type: ApplicationFiled: December 12, 2011Publication date: June 13, 2013Applicant: Microsoft CorporationInventors: Weidong Cui, David Molnar, Sang Kil Cha
-
Publication number: 20130152207Abstract: Technologies pertaining to detecting accesses to monitored regions of memory and transmitting data to a protection system responsive to the detecting are described herein. A region of memory that includes objects in an object graph utilized by an operating system to determine which processes to execute and an order to execute such processes is monitored. If a process executing on a processor attempts to write to an object in the object graph, a field that is being written to is identified, and a determination is made regarding whether the field includes a pointer. Based upon whether the field includes a pointer, a type of write desirably undertaken by the object is ascertained, and an object event is transmitted to the protection system that informs the protection system of the type of write.Type: ApplicationFiled: December 8, 2011Publication date: June 13, 2013Applicant: Microsoft CorporationInventors: Weidong Cui, Marcus Peinado, Martim Carbone
-
Publication number: 20130055207Abstract: A “Demand-Driven Pointer Analyzer” (DDPA) provides a “demand-driven” field-sensitive pointer analysis process. This process rapidly and accurately identifies alias sets for selected pointers in software modules or programs of any size, including large-scale C/C++ programs such as a complete operating system (OS). The DDPA formulates the pointer analysis task as a Context-Free Language (CFL) reachability problem that operates using a Program Expression Graph (PEG) automatically constructed from the program code. The PEG provides a node and edge-based graph representation of all expressions and assignments in the program and allows the DDPA to rapidly identify aliases for pointers in the program by traversing the graph as a CFL reachability problem to determine pointer alias sets. In various embodiments, the DDPA is also context-sensitive.Type: ApplicationFiled: August 29, 2011Publication date: February 28, 2013Applicant: MICROSOFT CORPORATIONInventors: Weidong Cui, Marcus Peinado, Zhilei Xu