Patents by Inventor Zhaoyan Xu
Zhaoyan Xu has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 12206692Abstract: Techniques for malware detection using watermark cookies are disclosed. In some embodiments, a system, process, and/or computer program product for malware detection using watermark cookies includes receiving a sample at a cloud security service; injecting a watermark cookie in a virtual environment to provide a modified virtual environment; detonating the sample in the modified virtual environment, wherein the modified virtual environment is instrumented for monitoring activities associated with the sample during automated malware analysis of the sample; detecting whether the watermark cookie was accessed in the modified virtual environment during the automated malware analysis of the sample; and determining whether the sample is malware based on whether the watermark cookie was accessed in the modified virtual environment.Type: GrantFiled: March 31, 2022Date of Patent: January 21, 2025Assignee: Palo Alto Networks, Inc.Inventors: Zhaoyan Xu, Wei Xu, Kyle Sanders
-
Patent number: 11861008Abstract: The use of browser context in detecting malware is disclosed. A client device requests content from a remote server. Data received by the client device from the remote server is transmitted to an external scanner for analysis by the external scanner. The external scanner is configured to use a browser executed in an instrumented virtual machine environment to analyze the data provided by the client device. The client device is configured to request the content from the remote server using a browser extension configured to retrieve data and provide the retrieved data to the external scanner without rendering the retrieved data.Type: GrantFiled: July 21, 2022Date of Patent: January 2, 2024Assignee: Palo Alto Networks, Inc.Inventors: Tongbo Luo, Xin Ouyang, Zhaoyan Xu, Xing Jin
-
Patent number: 11627160Abstract: Techniques for providing an intelligent-interaction honeypot for IoT devices in accordance with some embodiments. In some embodiments, a system/process/computer program product for providing an intelligent-interaction honeypot for IoT devices includes receiving a request from an attacker sent to an IP address that is associated with a honeypot instance for Internet of Things (IoT) devices; determining a response to the request using a data store that stores a plurality of responses and associated IoT device information, wherein the plurality of responses and associated IoT device information is generated based on automated machine learning of active probing of physical IoT devices on the Internet; and sending the response from the honeypot instance for IoT devices to the attacker, wherein the attacker is unable to detect that the response is associated with an emulated IoT device.Type: GrantFiled: February 28, 2021Date of Patent: April 11, 2023Assignee: Palo Alto Networks, Inc.Inventors: Tongbo Luo, Zhaoyan Xu, Xing Jin, Yanhui Jia, Xin Ouyang
-
Publication number: 20220358217Abstract: The use of browser context in detecting malware is disclosed. A client device requests content from a remote server. Data received by the client device from the remote server is transmitted to an external scanner for analysis by the external scanner. The external scanner is configured to use a browser executed in an instrumented virtual machine environment to analyze the data provided by the client device. The client device is configured to request the content from the remote server using a browser extension configured to retrieve data and provide the retrieved data to the external scanner without rendering the retrieved data.Type: ApplicationFiled: July 21, 2022Publication date: November 10, 2022Inventors: Tongbo Luo, Xin Ouyang, Zhaoyan Xu, Xing Jin
-
Patent number: 11436329Abstract: The use of browser context in detecting malware is disclosed. A client device requests content from a remote server. Data received by the client device from the remote server is transmitted to an external scanner for analysis by the external scanner. The external scanner is configured to use a browser executed in an instrumented virtual machine environment to analyze the data provided by the client device. The client device is configured to act as a proxy on behalf of the external scanner.Type: GrantFiled: July 13, 2020Date of Patent: September 6, 2022Assignee: Palo Alto Networks, Inc.Inventors: Tongbo Luo, Xin Ouyang, Zhaoyan Xu, Xing Jin
-
Publication number: 20220224708Abstract: Techniques for malware detection using watermark cookies are disclosed. In some embodiments, a system, process, and/or computer program product for malware detection using watermark cookies includes receiving a sample at a cloud security service; injecting a watermark cookie in a virtual environment to provide a modified virtual environment; detonating the sample in the modified virtual environment, wherein the modified virtual environment is instrumented for monitoring activities associated with the sample during automated malware analysis of the sample; detecting whether the watermark cookie was accessed in the modified virtual environment during the automated malware analysis of the sample; and determining whether the sample is malware based on whether the watermark cookie was accessed in the modified virtual environment.Type: ApplicationFiled: March 31, 2022Publication date: July 14, 2022Inventors: Zhaoyan Xu, Wei Xu, Kyle Sanders
-
Patent number: 11323466Abstract: Techniques for malicious HTTP cookies detection and clustering are disclosed. In some embodiments, a system, process, and/or computer program product for malicious HTTP cookies detection and clustering includes receiving a sample at a cloud security service; extracting a cookie from network traffic associated with the sample; determining that the cookie is associated with malware; and generating a signature based on the cookie.Type: GrantFiled: December 6, 2019Date of Patent: May 3, 2022Assignee: Palo Alto Networks, Inc.Inventors: Zhaoyan Xu, Wei Xu, Kyle Sanders
-
Publication number: 20210194926Abstract: Techniques for providing an intelligent-interaction honeypot for IoT devices in accordance with some embodiments. In some embodiments, a system/process/computer program product for providing an intelligent-interaction honeypot for IoT devices includes receiving a request from an attacker sent to an IP address that is associated with a honeypot instance for Internet of Things (IoT) devices; determining a response to the request using a data store that stores a plurality of responses and associated IoT device information, wherein the plurality of responses and associated IoT device information is generated based on automated machine learning of active probing of physical IoT devices on the Internet; and sending the response from the honeypot instance for IoT devices to the attacker, wherein the attacker is unable to detect that the response is associated with an emulated IoT device.Type: ApplicationFiled: February 28, 2021Publication date: June 24, 2021Inventors: Tongbo Luo, Zhaoyan Xu, Xing Jin, Yanhui Jia, Xin Ouyang
-
Patent number: 10986126Abstract: Techniques for providing an intelligent-interaction honeypot for IoT devices in accordance with some embodiments. In some embodiments, a system/process/computer program product for providing an intelligent-interaction honeypot for IoT devices includes receiving a request from an attacker sent to an IP address that is associated with a honeypot instance for Internet of Things (IoT) devices; determining a response to the request using a data store that stores a plurality of responses and associated IoT device information, wherein the plurality of responses and associated IoT device information is generated based on automated machine learning of active probing of physical IoT devices on the Internet; and sending the response from the honeypot instance for IoT devices to the attacker, wherein the attacker is unable to detect that the response is associated with an emulated IoT device.Type: GrantFiled: July 24, 2018Date of Patent: April 20, 2021Assignee: Palo Alto Networks, Inc.Inventors: Tongbo Luo, Zhaoyan Xu, Xing Jin, Yanhui Jia, Xin Ouyang
-
Patent number: 10853484Abstract: Techniques for cookies watermarking in malware analysis are disclosed. In some embodiments, a system, process, and/or computer program product for cookies watermarking in malware analysis includes receiving a sample at a cloud security service; detonating the sample in an instrumented virtual environment; and determining that the sample is malware based on detecting an attempt to access a watermark cookie during an automated malware analysis using the instrumented virtual environment.Type: GrantFiled: August 30, 2019Date of Patent: December 1, 2020Assignee: Palo Alto Networks, Inc.Inventors: Zhaoyan Xu, Wei Xu, Kyle Sanders
-
Publication number: 20200342103Abstract: The use of browser context in detecting malware is disclosed. A client device requests content from a remote server. Data received by the client device from the remote server is transmitted to an external scanner for analysis by the external scanner. The external scanner is configured to use a browser executed in an instrumented virtual machine environment to analyze the data provided by the client device. The client device is configured to act as a proxy on behalf of the external scanner.Type: ApplicationFiled: July 13, 2020Publication date: October 29, 2020Inventors: Tongbo Luo, Xin Ouyang, Zhaoyan Xu, Xing Jin
-
Patent number: 10785236Abstract: The technology disclosed herein enables the generation of malware traffic signatures by performing natural language processing on known malware traffic using a neural network. In a particular embodiment, a method provides generating sentences comprising first information obtained from a plurality of fields in each of a plurality of known malware data packets in a first malware family. The method further provides inputting the sentences into a first neural network for natural language processing of the sentences and generating one or more signatures for the first malware family from results of the natural language processing of the sentences.Type: GrantFiled: January 31, 2018Date of Patent: September 22, 2020Assignee: Palo Alto Networks, Inc.Inventors: Zhaoyan Xu, Tongbo Luo
-
Patent number: 10747881Abstract: The use of browser context in detecting malware is disclosed. A Uniform Resource Locator (URL) is received from a user and at a client device. The URL is used to request, at the client device, and from a remote server, content. At least a portion of data received from the remote server is provided by the client device to an external scanner. The external scanner is configured to use a browser executed in an instrumented virtual machine environment to analyze the data provided by the client device. A maliciousness verdict is received from the external scanner.Type: GrantFiled: September 15, 2017Date of Patent: August 18, 2020Assignee: Palo Alto Networks, Inc.Inventors: Tongbo Luo, Xin Ouyang, Zhaoyan Xu, Xing Jin
-
Publication number: 20200112580Abstract: Techniques for malicious HTTP cookies detection and clustering are disclosed. In some embodiments, a system, process, and/or computer program product for malicious HTTP cookies detection and clustering includes receiving a sample at a cloud security service; extracting a cookie from network traffic associated with the sample; determining that the cookie is associated with malware; and generating a signature based on the cookie.Type: ApplicationFiled: December 6, 2019Publication date: April 9, 2020Inventors: Zhaoyan Xu, Wei Xu, Kyle Sanders
-
Patent number: 10547627Abstract: Techniques for malicious HTTP cookies detection and clustering are disclosed. In some embodiments, a system, process, and/or computer program product for malicious HTTP cookies detection and clustering includes receiving a sample at a cloud security service; extracting a cookie from network traffic associated with the sample; determining that the cookie is associated with malware; and generating a signature based on the cookie.Type: GrantFiled: April 28, 2016Date of Patent: January 28, 2020Assignee: Palo Alto Networks, Inc.Inventors: Zhaoyan Xu, Wei Xu, Kyle Sanders
-
Publication number: 20190384907Abstract: Techniques for cookies watermarking in malware analysis are disclosed. In some embodiments, a system, process, and/or computer program product for cookies watermarking in malware analysis includes receiving a sample at a cloud security service; detonating the sample in an instrumented virtual environment; and determining that the sample is malware based on detecting an attempt to access a watermark cookie during an automated malware analysis using the instrumented virtual environment.Type: ApplicationFiled: August 30, 2019Publication date: December 19, 2019Inventors: Zhaoyan Xu, Wei Xu, Kyle Sanders
-
Patent number: 10489581Abstract: Techniques for cookies watermarking in malware analysis are disclosed. In some embodiments, a system, process, and/or computer program product for cookies watermarking in malware analysis includes receiving a sample at a cloud security service; detonating the sample in an instrumented virtual environment; and determining that the sample is malware based on detecting an attempt to access a watermark cookie during an automated malware analysis using the instrumented virtual environment.Type: GrantFiled: April 28, 2016Date of Patent: November 26, 2019Assignee: Palo Alto Networks, Inc.Inventors: Zhaoyan Xu, Wei Xu, Kyle Sanders
-
Publication number: 20190104139Abstract: The technology disclosed herein enables the generation of malware traffic signatures by performing natural language processing on known malware traffic using a neural network. In a particular embodiment, a method provides generating sentences comprising first information obtained from a plurality of fields in each of a plurality of known malware data packets in a first malware family. The method further provides inputting the sentences into a first neural network for natural language processing of the sentences and generating one or more signatures for the first malware family from results of the natural language processing of the sentences.Type: ApplicationFiled: January 31, 2018Publication date: April 4, 2019Inventors: Zhaoyan Xu, Tongbo Luo
-
Publication number: 20190081980Abstract: Techniques for providing an intelligent-interaction honeypot for IoT devices in accordance with some embodiments. In some embodiments, a system/process/computer program product for providing an intelligent-interaction honeypot for IoT devices includes receiving a request from an attacker sent to an IP address that is associated with a honeypot instance for Internet of Things (IoT) devices; determining a response to the request using a data store that stores a plurality of responses and associated IoT device information, wherein the plurality of responses and associated IoT device information is generated based on automated machine learning of active probing of physical IoT devices on the Internet; and sending the response from the honeypot instance for IoT devices to the attacker, wherein the attacker is unable to detect that the response is associated with an emulated IoT device.Type: ApplicationFiled: July 24, 2018Publication date: March 14, 2019Inventors: Tongbo Luo, Zhaoyan Xu, Xing Jin, Yanhui Jia, Xin Ouyang
-
Publication number: 20170262629Abstract: Techniques for cookies watermarking in malware analysis are disclosed. In some embodiments, a system, process, and/or computer program product for cookies watermarking in malware analysis includes receiving a sample at a cloud security service; detonating the sample in an instrumented virtual environment; and determining that the sample is malware based on detecting an attempt to access a watermark cookie during an automated malware analysis using the instrumented virtual environment.Type: ApplicationFiled: April 28, 2016Publication date: September 14, 2017Inventors: Zhaoyan Xu, Wei Xu, Kyle Sanders