Patents by Inventor Zhaoyan Xu

Zhaoyan Xu has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12206692
    Abstract: Techniques for malware detection using watermark cookies are disclosed. In some embodiments, a system, process, and/or computer program product for malware detection using watermark cookies includes receiving a sample at a cloud security service; injecting a watermark cookie in a virtual environment to provide a modified virtual environment; detonating the sample in the modified virtual environment, wherein the modified virtual environment is instrumented for monitoring activities associated with the sample during automated malware analysis of the sample; detecting whether the watermark cookie was accessed in the modified virtual environment during the automated malware analysis of the sample; and determining whether the sample is malware based on whether the watermark cookie was accessed in the modified virtual environment.
    Type: Grant
    Filed: March 31, 2022
    Date of Patent: January 21, 2025
    Assignee: Palo Alto Networks, Inc.
    Inventors: Zhaoyan Xu, Wei Xu, Kyle Sanders
  • Patent number: 11861008
    Abstract: The use of browser context in detecting malware is disclosed. A client device requests content from a remote server. Data received by the client device from the remote server is transmitted to an external scanner for analysis by the external scanner. The external scanner is configured to use a browser executed in an instrumented virtual machine environment to analyze the data provided by the client device. The client device is configured to request the content from the remote server using a browser extension configured to retrieve data and provide the retrieved data to the external scanner without rendering the retrieved data.
    Type: Grant
    Filed: July 21, 2022
    Date of Patent: January 2, 2024
    Assignee: Palo Alto Networks, Inc.
    Inventors: Tongbo Luo, Xin Ouyang, Zhaoyan Xu, Xing Jin
  • Patent number: 11627160
    Abstract: Techniques for providing an intelligent-interaction honeypot for IoT devices in accordance with some embodiments. In some embodiments, a system/process/computer program product for providing an intelligent-interaction honeypot for IoT devices includes receiving a request from an attacker sent to an IP address that is associated with a honeypot instance for Internet of Things (IoT) devices; determining a response to the request using a data store that stores a plurality of responses and associated IoT device information, wherein the plurality of responses and associated IoT device information is generated based on automated machine learning of active probing of physical IoT devices on the Internet; and sending the response from the honeypot instance for IoT devices to the attacker, wherein the attacker is unable to detect that the response is associated with an emulated IoT device.
    Type: Grant
    Filed: February 28, 2021
    Date of Patent: April 11, 2023
    Assignee: Palo Alto Networks, Inc.
    Inventors: Tongbo Luo, Zhaoyan Xu, Xing Jin, Yanhui Jia, Xin Ouyang
  • Publication number: 20220358217
    Abstract: The use of browser context in detecting malware is disclosed. A client device requests content from a remote server. Data received by the client device from the remote server is transmitted to an external scanner for analysis by the external scanner. The external scanner is configured to use a browser executed in an instrumented virtual machine environment to analyze the data provided by the client device. The client device is configured to request the content from the remote server using a browser extension configured to retrieve data and provide the retrieved data to the external scanner without rendering the retrieved data.
    Type: Application
    Filed: July 21, 2022
    Publication date: November 10, 2022
    Inventors: Tongbo Luo, Xin Ouyang, Zhaoyan Xu, Xing Jin
  • Patent number: 11436329
    Abstract: The use of browser context in detecting malware is disclosed. A client device requests content from a remote server. Data received by the client device from the remote server is transmitted to an external scanner for analysis by the external scanner. The external scanner is configured to use a browser executed in an instrumented virtual machine environment to analyze the data provided by the client device. The client device is configured to act as a proxy on behalf of the external scanner.
    Type: Grant
    Filed: July 13, 2020
    Date of Patent: September 6, 2022
    Assignee: Palo Alto Networks, Inc.
    Inventors: Tongbo Luo, Xin Ouyang, Zhaoyan Xu, Xing Jin
  • Publication number: 20220224708
    Abstract: Techniques for malware detection using watermark cookies are disclosed. In some embodiments, a system, process, and/or computer program product for malware detection using watermark cookies includes receiving a sample at a cloud security service; injecting a watermark cookie in a virtual environment to provide a modified virtual environment; detonating the sample in the modified virtual environment, wherein the modified virtual environment is instrumented for monitoring activities associated with the sample during automated malware analysis of the sample; detecting whether the watermark cookie was accessed in the modified virtual environment during the automated malware analysis of the sample; and determining whether the sample is malware based on whether the watermark cookie was accessed in the modified virtual environment.
    Type: Application
    Filed: March 31, 2022
    Publication date: July 14, 2022
    Inventors: Zhaoyan Xu, Wei Xu, Kyle Sanders
  • Patent number: 11323466
    Abstract: Techniques for malicious HTTP cookies detection and clustering are disclosed. In some embodiments, a system, process, and/or computer program product for malicious HTTP cookies detection and clustering includes receiving a sample at a cloud security service; extracting a cookie from network traffic associated with the sample; determining that the cookie is associated with malware; and generating a signature based on the cookie.
    Type: Grant
    Filed: December 6, 2019
    Date of Patent: May 3, 2022
    Assignee: Palo Alto Networks, Inc.
    Inventors: Zhaoyan Xu, Wei Xu, Kyle Sanders
  • Publication number: 20210194926
    Abstract: Techniques for providing an intelligent-interaction honeypot for IoT devices in accordance with some embodiments. In some embodiments, a system/process/computer program product for providing an intelligent-interaction honeypot for IoT devices includes receiving a request from an attacker sent to an IP address that is associated with a honeypot instance for Internet of Things (IoT) devices; determining a response to the request using a data store that stores a plurality of responses and associated IoT device information, wherein the plurality of responses and associated IoT device information is generated based on automated machine learning of active probing of physical IoT devices on the Internet; and sending the response from the honeypot instance for IoT devices to the attacker, wherein the attacker is unable to detect that the response is associated with an emulated IoT device.
    Type: Application
    Filed: February 28, 2021
    Publication date: June 24, 2021
    Inventors: Tongbo Luo, Zhaoyan Xu, Xing Jin, Yanhui Jia, Xin Ouyang
  • Patent number: 10986126
    Abstract: Techniques for providing an intelligent-interaction honeypot for IoT devices in accordance with some embodiments. In some embodiments, a system/process/computer program product for providing an intelligent-interaction honeypot for IoT devices includes receiving a request from an attacker sent to an IP address that is associated with a honeypot instance for Internet of Things (IoT) devices; determining a response to the request using a data store that stores a plurality of responses and associated IoT device information, wherein the plurality of responses and associated IoT device information is generated based on automated machine learning of active probing of physical IoT devices on the Internet; and sending the response from the honeypot instance for IoT devices to the attacker, wherein the attacker is unable to detect that the response is associated with an emulated IoT device.
    Type: Grant
    Filed: July 24, 2018
    Date of Patent: April 20, 2021
    Assignee: Palo Alto Networks, Inc.
    Inventors: Tongbo Luo, Zhaoyan Xu, Xing Jin, Yanhui Jia, Xin Ouyang
  • Patent number: 10853484
    Abstract: Techniques for cookies watermarking in malware analysis are disclosed. In some embodiments, a system, process, and/or computer program product for cookies watermarking in malware analysis includes receiving a sample at a cloud security service; detonating the sample in an instrumented virtual environment; and determining that the sample is malware based on detecting an attempt to access a watermark cookie during an automated malware analysis using the instrumented virtual environment.
    Type: Grant
    Filed: August 30, 2019
    Date of Patent: December 1, 2020
    Assignee: Palo Alto Networks, Inc.
    Inventors: Zhaoyan Xu, Wei Xu, Kyle Sanders
  • Publication number: 20200342103
    Abstract: The use of browser context in detecting malware is disclosed. A client device requests content from a remote server. Data received by the client device from the remote server is transmitted to an external scanner for analysis by the external scanner. The external scanner is configured to use a browser executed in an instrumented virtual machine environment to analyze the data provided by the client device. The client device is configured to act as a proxy on behalf of the external scanner.
    Type: Application
    Filed: July 13, 2020
    Publication date: October 29, 2020
    Inventors: Tongbo Luo, Xin Ouyang, Zhaoyan Xu, Xing Jin
  • Patent number: 10785236
    Abstract: The technology disclosed herein enables the generation of malware traffic signatures by performing natural language processing on known malware traffic using a neural network. In a particular embodiment, a method provides generating sentences comprising first information obtained from a plurality of fields in each of a plurality of known malware data packets in a first malware family. The method further provides inputting the sentences into a first neural network for natural language processing of the sentences and generating one or more signatures for the first malware family from results of the natural language processing of the sentences.
    Type: Grant
    Filed: January 31, 2018
    Date of Patent: September 22, 2020
    Assignee: Palo Alto Networks, Inc.
    Inventors: Zhaoyan Xu, Tongbo Luo
  • Patent number: 10747881
    Abstract: The use of browser context in detecting malware is disclosed. A Uniform Resource Locator (URL) is received from a user and at a client device. The URL is used to request, at the client device, and from a remote server, content. At least a portion of data received from the remote server is provided by the client device to an external scanner. The external scanner is configured to use a browser executed in an instrumented virtual machine environment to analyze the data provided by the client device. A maliciousness verdict is received from the external scanner.
    Type: Grant
    Filed: September 15, 2017
    Date of Patent: August 18, 2020
    Assignee: Palo Alto Networks, Inc.
    Inventors: Tongbo Luo, Xin Ouyang, Zhaoyan Xu, Xing Jin
  • Publication number: 20200112580
    Abstract: Techniques for malicious HTTP cookies detection and clustering are disclosed. In some embodiments, a system, process, and/or computer program product for malicious HTTP cookies detection and clustering includes receiving a sample at a cloud security service; extracting a cookie from network traffic associated with the sample; determining that the cookie is associated with malware; and generating a signature based on the cookie.
    Type: Application
    Filed: December 6, 2019
    Publication date: April 9, 2020
    Inventors: Zhaoyan Xu, Wei Xu, Kyle Sanders
  • Patent number: 10547627
    Abstract: Techniques for malicious HTTP cookies detection and clustering are disclosed. In some embodiments, a system, process, and/or computer program product for malicious HTTP cookies detection and clustering includes receiving a sample at a cloud security service; extracting a cookie from network traffic associated with the sample; determining that the cookie is associated with malware; and generating a signature based on the cookie.
    Type: Grant
    Filed: April 28, 2016
    Date of Patent: January 28, 2020
    Assignee: Palo Alto Networks, Inc.
    Inventors: Zhaoyan Xu, Wei Xu, Kyle Sanders
  • Publication number: 20190384907
    Abstract: Techniques for cookies watermarking in malware analysis are disclosed. In some embodiments, a system, process, and/or computer program product for cookies watermarking in malware analysis includes receiving a sample at a cloud security service; detonating the sample in an instrumented virtual environment; and determining that the sample is malware based on detecting an attempt to access a watermark cookie during an automated malware analysis using the instrumented virtual environment.
    Type: Application
    Filed: August 30, 2019
    Publication date: December 19, 2019
    Inventors: Zhaoyan Xu, Wei Xu, Kyle Sanders
  • Patent number: 10489581
    Abstract: Techniques for cookies watermarking in malware analysis are disclosed. In some embodiments, a system, process, and/or computer program product for cookies watermarking in malware analysis includes receiving a sample at a cloud security service; detonating the sample in an instrumented virtual environment; and determining that the sample is malware based on detecting an attempt to access a watermark cookie during an automated malware analysis using the instrumented virtual environment.
    Type: Grant
    Filed: April 28, 2016
    Date of Patent: November 26, 2019
    Assignee: Palo Alto Networks, Inc.
    Inventors: Zhaoyan Xu, Wei Xu, Kyle Sanders
  • Publication number: 20190104139
    Abstract: The technology disclosed herein enables the generation of malware traffic signatures by performing natural language processing on known malware traffic using a neural network. In a particular embodiment, a method provides generating sentences comprising first information obtained from a plurality of fields in each of a plurality of known malware data packets in a first malware family. The method further provides inputting the sentences into a first neural network for natural language processing of the sentences and generating one or more signatures for the first malware family from results of the natural language processing of the sentences.
    Type: Application
    Filed: January 31, 2018
    Publication date: April 4, 2019
    Inventors: Zhaoyan Xu, Tongbo Luo
  • Publication number: 20190081980
    Abstract: Techniques for providing an intelligent-interaction honeypot for IoT devices in accordance with some embodiments. In some embodiments, a system/process/computer program product for providing an intelligent-interaction honeypot for IoT devices includes receiving a request from an attacker sent to an IP address that is associated with a honeypot instance for Internet of Things (IoT) devices; determining a response to the request using a data store that stores a plurality of responses and associated IoT device information, wherein the plurality of responses and associated IoT device information is generated based on automated machine learning of active probing of physical IoT devices on the Internet; and sending the response from the honeypot instance for IoT devices to the attacker, wherein the attacker is unable to detect that the response is associated with an emulated IoT device.
    Type: Application
    Filed: July 24, 2018
    Publication date: March 14, 2019
    Inventors: Tongbo Luo, Zhaoyan Xu, Xing Jin, Yanhui Jia, Xin Ouyang
  • Publication number: 20170262629
    Abstract: Techniques for cookies watermarking in malware analysis are disclosed. In some embodiments, a system, process, and/or computer program product for cookies watermarking in malware analysis includes receiving a sample at a cloud security service; detonating the sample in an instrumented virtual environment; and determining that the sample is malware based on detecting an attempt to access a watermark cookie during an automated malware analysis using the instrumented virtual environment.
    Type: Application
    Filed: April 28, 2016
    Publication date: September 14, 2017
    Inventors: Zhaoyan Xu, Wei Xu, Kyle Sanders