Patents by Inventor Yizheng Zhou
Yizheng Zhou has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230344848Abstract: A method for managing an attack surface is provided. The method comprises obtaining network traffic logs for the domain, correlating the logs to threats, mapping a flow of network traffic between malicious indicators and host identifiers, determining an exposed set of host identifiers, determining host attributes and indicator attributes of hosts identified in the exposed set, providing the exposed set and the attributes as input to a prioritization model, receiving prioritization scores as output from the prioritization model, and generating a prioritized attack surface data structure based on the scores. An interface is configured to modify a display based on the prioritized attack surface data structure.Type: ApplicationFiled: November 14, 2022Publication date: October 26, 2023Inventors: Wei Huang, Mohsen Imani, Yizheng Zhou
-
Patent number: 11509669Abstract: A system and a method are disclosed for describing a mechanism for tracking malicious activity detected on a network. For example, based on network data collected from a server, the disclosed system may detect malicious activity originating from a client device directed to the server. To detect the malicious activity, network data may be captured by the server and analyzed. When malicious activity is detected, the system may track the malicious activity, using the network data, to an earliest connection date of a client device from where the malicious activity potentially originated. The earliest connection date may indicate a potential start date of the malicious activity.Type: GrantFiled: January 5, 2022Date of Patent: November 22, 2022Assignee: Anomali Inc.Inventors: Wei Huang, Yizheng Zhou, Peizhou Guo, Mohsen Imani
-
Publication number: 20220131881Abstract: A system and a method are disclosed for describing a mechanism for tracking malicious activity detected on a network. For example, based on network data collected from a server, the disclosed system may detect malicious activity originating from a client device directed to the server. To detect the malicious activity, network data may be captured by the server and analyzed. When malicious activity is detected, the system may track the malicious activity, using the network data, to an earliest connection date of a client device from where the malicious activity potentially originated.Type: ApplicationFiled: January 5, 2022Publication date: April 28, 2022Inventors: Wei Huang, Yizheng Zhou, Peizhou Guo, Mohsen Imani
-
Patent number: 11245711Abstract: A system and a method are disclosed for describing a mechanism for tracking malicious activity detected on a network. For example, based on network data collected from a server, the disclosed system may detect malicious activity originating from a client device directed to the server. To detect the malicious activity, network data may be captured by the server and analyzed. When malicious activity is detected, the system may track the malicious activity, using the network data, to an earliest connection date of a client device from where the malicious activity potentially originated. The earliest connection date may indicate a potential start date of the malicious activity.Type: GrantFiled: April 2, 2020Date of Patent: February 8, 2022Assignee: Anomali Inc.Inventors: Wei Huang, Yizheng Zhou, Peizhou Guo, Mohsen Imani
-
Publication number: 20200322363Abstract: A system and a method are disclosed for describing a mechanism for tracking malicious activity detected on a network. For example, based on network data collected from a server, the disclosed system may detect malicious activity originating from a client device directed to the server. To detect the malicious activity, network data may be captured by the server and analyzed. When malicious activity is detected, the system may track the malicious activity, using the network data, to an earliest connection date of a client device from where the malicious activity potentially originated.Type: ApplicationFiled: April 2, 2020Publication date: October 8, 2020Inventors: Wei Huang, Yizheng Zhou, Peizhou Guo, Mohsen Imani
-
Patent number: 10659486Abstract: A universal link to extract and classify log data is disclosed. In various embodiments, a set of candidate data values that match a top level pattern that is common to two or more types of data value of interest is identified. The candidate data values are processed through a plurality of successive filtering stages, each stage of which includes determining which, if any, of said candidates match a more specific pattern associated more specifically with a specific data value type. Candidates, if any, which match the more specific pattern are classified as being of a corresponding specific data type and are removed from the set of candidate data values. A structured data record that associates each candidate data value determined to be of a corresponding one of said types of data value of interest with said corresponding one of said types of data value of interest is generated and stored.Type: GrantFiled: April 17, 2019Date of Patent: May 19, 2020Assignee: Anomali IncorporatedInventors: Wei Huang, Yizheng Zhou, Hugh Seretse Njemanze, Zhong Deng
-
Patent number: 10616248Abstract: A security monitoring system operated by a downstream client continually collects event information indicating events that have occurred within the computing environment of the downstream client. The monitoring system, using software provided by a threat analytics system, aggregates the event information into a secure and space efficient data structure. The monitoring system transmits the data structures storing event information to the threat analytics system for further processing. The threat analytics system also receives threat indicators from intelligence feed data sources. The threat analytics system compares the event information received from each security monitoring system against the threat indicators collected from the intelligence feed data sources to identify red flag events. The threat analytics system processes the event information to synthesize all information related to the red flag event and reports the red flag event to the downstream client.Type: GrantFiled: January 23, 2019Date of Patent: April 7, 2020Assignee: Anomali IncorporatedInventors: Wei Huang, Yizheng Zhou, Hugh Njemanze
-
Publication number: 20190319975Abstract: A universal link to extract and classify log data is disclosed. In various embodiments, a set of candidate data values that match a top level pattern that is common to two or more types of data value of interest is identified. The candidate data values are processed through a plurality of successive filtering stages, each stage of which includes determining which, if any, of said candidates match a more specific pattern associated more specifically with a specific data value type. Candidates, if any, which match the more specific pattern are classified as being of a corresponding specific data type and are removed from the set of candidate data values. A structured data record that associates each candidate data value determined to be of a corresponding one of said types of data value of interest with said corresponding one of said types of data value of interest is generated and stored.Type: ApplicationFiled: April 17, 2019Publication date: October 17, 2019Inventors: Wei Huang, Yizheng Zhou, Hugh Seretse Njemanze, Zhong Deng
-
Patent number: 10367829Abstract: A threat analytics system expends significant resources to acquire, structure, and filter the threat indicators provided to the client-side monitoring systems. To protect the threat indicators from misuse, the threat analytics system only provides enough information about the threat indicators to the client-side systems to allow the client-side systems to detect past and ongoing threats. Specifically, the threat analytics system provides obfuscated threat indicators to the client-side monitoring systems. The obfuscated threat indicators enable the client-side systems to detect threats while protecting the threat indicators from misuse or malicious actors.Type: GrantFiled: November 19, 2015Date of Patent: July 30, 2019Assignee: Anomali IncorporatedInventors: Wei Huang, Yizheng Zhou, Hugh Njemanze
-
Patent number: 10313377Abstract: A universal link to extract and classify log data is disclosed. In various embodiments, a set of candidate data values that match a top level pattern that is common to two or more types of data value of interest is identified. The candidate data values are processed through a plurality of successive filtering stages, each stage of which includes determining which, if any, of said candidates match a more specific pattern associated more specifically with a specific data value type. Candidates, if any, which match the more specific pattern are classified as being of a corresponding specific data type and are removed from the set of candidate data values. A structured data record that associates each candidate data value determined to be of a corresponding one of said types of data value of interest with said corresponding one of said types of data value of interest is generated and stored.Type: GrantFiled: October 19, 2016Date of Patent: June 4, 2019Assignee: Anomali IncorporatedInventors: Wei Huang, Yizheng Zhou, Hugh Seretse Njemanze, Zhong Deng
-
Publication number: 20190158514Abstract: A security monitoring system operated by a downstream client continually collects event information indicating events that have occurred within the computing environment of the downstream client. The monitoring system, using software provided by a threat analytics system, aggregates the event information into a secure and space efficient data structure. The monitoring system transmits the data structures storing event information to the threat analytics system for further processing. The threat analytics system also receives threat indicators from intelligence feed data sources. The threat analytics system compares the event information received from each security monitoring system against the threat indicators collected from the intelligence feed data sources to identify red flag events. The threat analytics system processes the event information to synthesize all information related to the red flag event and reports the red flag event to the downstream client.Type: ApplicationFiled: January 23, 2019Publication date: May 23, 2019Inventors: Wei Huang, Yizheng Zhou, Hugh Njemanze
-
Patent number: 10230742Abstract: A security monitoring system operated by a downstream client continually collects event information indicating events that have occurred within the computing environment of the downstream client. The monitoring system, using software provided by a threat analytics system, aggregates the event information into a secure and space efficient data structure. The monitoring system transmits the data structures storing event information to the threat analytics system for further processing. The threat analytics system also receives threat indicators from intelligence feed data sources. The threat analytics system compares the event information received from each security monitoring system against the threat indicators collected from the intelligence feed data sources to identify red flag events. The threat analytics system processes the event information to synthesize all information related to the red flag event and reports the red flag event to the downstream client.Type: GrantFiled: January 26, 2016Date of Patent: March 12, 2019Assignee: ANOMALI INCORPORATEDInventors: Wei Huang, Yizheng Zhou, Hugh Njemanze
-
Patent number: 10108564Abstract: Techniques are described in which to determine as separate values the active time and the stall time of a processing unit at different operating frequencies of the processing unit and bus bandwidths of a bus that interconnects the processing unit to system memory. The techniques may adjust the operating frequency of the processing unit and/or bus bandwidth based on the determined active times and stall times.Type: GrantFiled: March 28, 2016Date of Patent: October 23, 2018Assignee: QUALCOMM IncorporatedInventor: Yizheng Zhou
-
Publication number: 20180109550Abstract: A universal link to extract and classify log data is disclosed. In various embodiments, a set of candidate data values that match a top level pattern that is common to two or more types of data value of interest is identified. The candidate data values are processed through a plurality of successive filtering stages, each stage of which includes determining which, if any, of said candidates match a more specific pattern associated more specifically with a specific data value type. Candidates, if any, which match the more specific pattern are classified as being of a corresponding specific data type and are removed from the set of candidate data values. A structured data record that associates each candidate data value determined to be of a corresponding one of said types of data value of interest with said corresponding one of said types of data value of interest is generated and stored.Type: ApplicationFiled: October 19, 2016Publication date: April 19, 2018Inventors: Wei Huang, Yizheng Zhou, Hugh Seretse Njemanze, Zhong Deng
-
Publication number: 20170277643Abstract: Techniques are described in which to determine as separate values the active time and the stall time of a processing unit at different operating frequencies of the processing unit and bus bandwidths of a bus that interconnects the processing unit to system memory. The techniques may adjust the operating frequency of the processing unit and/or bus bandwidth based on the determined active times and stall times.Type: ApplicationFiled: March 28, 2016Publication date: September 28, 2017Inventor: Yizheng Zhou
-
Patent number: 9762602Abstract: In some examples, a set of events is received. A row-based chunk includes the set of events and metadata about the set of events is generated, and a column-based chunk that includes metadata about the set of events and, for each event in the set of events, a value of a first field of the multiple fields. The metadata about the set of events includes at least one of a minimum value or a maximum value of the first field over the events in the set of events.Type: GrantFiled: September 4, 2015Date of Patent: September 12, 2017Assignee: EntIT Software LLCInventors: Wei Huang, Yizheng Zhou, Bin Yu, Wenting Tang, Christian F. Beedgen
-
Publication number: 20170149802Abstract: A threat analytics system expends significant resources to acquire, structure, and filter the threat indicators provided to the client-side monitoring systems. To protect the threat indicators from misuse, the threat analytics system only provides enough information about the threat indicators to the client-side systems to allow the client-side systems to detect past and ongoing threats. Specifically, the threat analytics system provides obfuscated threat indicators to the client-side monitoring systems. The obfuscated threat indicators enable the client-side systems to detect threats while protecting the threat indicators from misuse or malicious actors.Type: ApplicationFiled: November 19, 2015Publication date: May 25, 2017Inventors: Wei Huang, Yizheng Zhou, Hugh Njemanze
-
Publication number: 20160226895Abstract: A security monitoring system operated by a downstream client continually collects event information indicating events that have occurred within the computing environment of the downstream client. The monitoring system, using software provided by a threat analytics system, aggregates the event information into a secure and space efficient data structure. The monitoring system transmits the data structures storing event information to the threat analytics system for further processing. The threat analytics system also receives threat indicators from intelligence feed data sources. The threat analytics system compares the event information received from each security monitoring system against the threat indicators collected from the intelligence feed data sources to identify red flag events. The threat analytics system processes the event information to synthesize all information related to the red flag event and reports the red flag event to the downstream client.Type: ApplicationFiled: January 26, 2016Publication date: August 4, 2016Inventors: WEI HUANG, YIZHENG ZHOU, HUGH NJEMANZE
-
Publication number: 20150381647Abstract: In some examples, a set of events is received. A row-based chunk includes the set of events and metadata about the set of events is generated, and a column-based chunk that includes metadata about the set of events and, for each event in the set of events, a value of a first field of the multiple fields. The metadata about the set of events includes at least one of a minimum value or a maximum value of the first field over the events in the set of events.Type: ApplicationFiled: September 4, 2015Publication date: December 31, 2015Inventors: Wei Huang, Yizheng Zhou, Bin Yu, Wenting Tang, Christian F. Beedgen
-
Patent number: 9166989Abstract: A logging system includes an event receiver and a storage manager. The receiver receives log data, processes it, and outputs a column-based data “chunk.” The manager receives and stores chunks. The receiver includes buffers that store events and a metadata structure that stores metadata about the contents of the buffers. Each buffer is associated with a particular event field and includes values from that field from one or more events. The metadata includes, for each “field of interest,” a minimum value and a maximum value that reflect the range of values of that field over all of the events in the buffers. A chunk is generated for each buffer and includes the metadata structure and a compressed version of the buffer contents. The metadata structure acts as a search index when querying event data. The logging system can be used in conjunction with a security information/event management (SIEM) system.Type: GrantFiled: September 4, 2009Date of Patent: October 20, 2015Assignee: Hewlett-Packard Development Company, L.P.Inventors: Wei Huang, Yizheng Zhou, Bin Yu, Wenting Tang, Christian F. Beedgen