Patents by Inventor Zhenxin Zhan

Zhenxin Zhan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20250260716
    Abstract: A cloud-based network security system (NSS) is described. The NSS uses a sandbox to safely detonate and extract information about a document and uses machine learning algorithms to analyze the information to predict whether the document contains malicious software. Specifically, during the detonation, static and dynamic information about the document is captured in the sandbox as well as character strings from images in the document. The dynamic information (and sometimes the static information) is input to an AI or machine learning model trained to provide an output indicating a prediction of whether the document contains malware. The character strings are compared with a batch of phishing keywords to generate a heuristic score. A validation engine combines the output from the AI or machine learning model and the heuristic score to classify the document as malicious or clean. Security policies can then be applied based on the classification.
    Type: Application
    Filed: February 6, 2025
    Publication date: August 14, 2025
    Inventors: Xinjun Zhang, Ari Azarafrooz, Zhenxin Zhan, Ghanashyam Satpathy, Hung-Ming Chen
  • Patent number: 12244637
    Abstract: A cloud-based network security system (NSS) is described. The NSS uses a sandbox to safely detonate and extract information about a document and uses machine learning algorithms to analyze the information to predict whether the document contains malicious software. Specifically, during the detonation, static and dynamic information about the document is captured in the sandbox as well as character strings from images in the document. The dynamic information (and sometimes the static information) is input to an AI or machine learning model trained to provide an output indicating a prediction of whether the document contains malware. The character strings are compared with a batch of phishing keywords to generate a heuristic score. A validation engine combines the output from the AI or machine learning model and the heuristic score to classify the document as malicious or clean. Security policies can then be applied based on the classification.
    Type: Grant
    Filed: February 9, 2024
    Date of Patent: March 4, 2025
    Assignee: Netskope, Inc.
    Inventors: Xinjun Zhang, Ari Azarafrooz, Zhenxin Zhan, Ghanashyam Satpathy, Hung-Ming Chen
  • Patent number: 11531748
    Abstract: A computer-implemented method, a device, and a non-transitory computer-readable storage medium of automatically determining an interactive GUI element in a graphic user interface (GUI) to be interacted. The method includes: detecting, by the processor, one or more candidate interactive GUI elements in the GUI based on a plurality of algorithms; determining, by the processor, a likelihood indicator for each of the one or more candidate interactive GUI elements, a likelihood indicator indicating the likelihood that a candidate interactive GUI element associated with the likelihood indicator is an interactive GUI element to be interacted; and determining, by the processor, an interactive GUI element to be interacted from the one or more candidate interactive GUI elements based on the likelihood indicators.
    Type: Grant
    Filed: January 11, 2019
    Date of Patent: December 20, 2022
    Assignees: BEIJING JINGDONG SHANGKE INFORMATION TECHNOLOGY CO., LTD., JD.COM AMERICAN TECHNOLOGIES CORPORATION
    Inventors: Zhenxin Zhan, Junyuan Zeng, Jimmy Su
  • Patent number: 10949532
    Abstract: A system for monitoring file integrity in a host computing device having a process and a storage device storing computer executable code. The computer executable code is configured to: provide containers, an agent external to the containers, and a policy file configuring policy for the containers; intercept a system call indicating mounting, and construct a first correspondence between a container file path and a host file path having mounting correspondence; intercept a system call of the container indicating opening of the policy file, and construct a second correspondence between the container file path and the violation of the container file path; aggregate the first and second correspondences to obtain a correspondence between the host file path and the violation; and monitor file integrity of the container by detecting violation of the host file path.
    Type: Grant
    Filed: December 13, 2018
    Date of Patent: March 16, 2021
    Assignees: Beijing Jingdong Shangke Information Technology Co., Ltd., JD.com American Technologies Corporation
    Inventors: Junyuan Zeng, Zhenxin Zhan, Yuan Chen, Jimmy Su
  • Publication number: 20200226249
    Abstract: A computer-implemented method, a device, and a non-transitory computer-readable storage medium of automatically determining an interactive GUI element in a graphic user interface (GUI) to be interacted. The method includes: detecting, by the processor, one or more candidate interactive GUI elements in the GUI based on a plurality of algorithms; determining, by the processor, a likelihood indicator for each of the one or more candidate interactive GUI elements, a likelihood indicator indicating the likelihood that a candidate interactive GUI element associated with the likelihood indicator is an interactive GUI element to be interacted; and determining, by the processor, an interactive GUI element to be interacted from the one or more candidate interactive GUI elements based on the likelihood indicators.
    Type: Application
    Filed: January 11, 2019
    Publication date: July 16, 2020
    Inventors: Zhenxin Zhan, Junyuan Zeng, Jimmy Su
  • Publication number: 20200193016
    Abstract: A system for monitoring file integrity in a host computing device having a process and a storage device storing computer executable code. The computer executable code is configured to: provide containers, an agent external to the containers, and a policy file configuring policy for the containers; intercept a system call indicating mounting, and construct a first correspondence between a container file path and a host file path having mounting correspondence; intercept a system call of the container indicating opening of the policy file, and construct a second correspondence between the container file path and the violation of the container file path; aggregate the first and second correspondences to obtain a correspondence between the host file path and the violation; and monitor file integrity of the container by detecting violation of the host file path.
    Type: Application
    Filed: December 13, 2018
    Publication date: June 18, 2020
    Inventors: Junyuan Zeng, Zhenxin Zhan, Yuan Chen, Jimmy Su
  • Patent number: 10380337
    Abstract: A device may receive a file to be analyzed in a sandbox environment, and may determine configuration information for configuring the sandbox environment. The configuration information may be determined based on at least one of: file information associated with the file to be analyzed, or client device information associated with a client device for which the file is intended. The device may configure the sandbox environment using the configuration information. The configuration information may identify a system configuration for the sandbox environment. The device may analyze the file in the sandbox environment based on configuring the sandbox environment using the configuration information.
    Type: Grant
    Filed: August 21, 2017
    Date of Patent: August 13, 2019
    Assignee: Juniper Networks, Inc.
    Inventors: Jacob Asher Langton, Kyle Adams, Daniel J. Quinlan, Zhenxin Zhan
  • Publication number: 20190036955
    Abstract: A device may identify exfiltration information to be used to detect data exfiltration. The exfiltration information may be associated with a file being tested to determine whether the file exfiltrates data. The exfiltration information may include a resource identifier that identifies a resource to be used to detect the data exfiltration. The device may determine that the resource, to be used to detect the data exfiltration, has been accessed. The device may identify, based on determining that the resource has been accessed, the file associated with the exfiltration information. The device may perform an action, associated with the file, to counteract the data exfiltration based on determining that the resource has been accessed and based on identifying the file.
    Type: Application
    Filed: September 28, 2018
    Publication date: January 31, 2019
    Inventors: Jacob Asher LANGTON, Kyle ADAMS, Zhenxin ZHAN, Daniel J. QUINLAN
  • Patent number: 10104106
    Abstract: A device may receive an object. The device may determine object information for the object. The device may cause an internet search, based on the object information, to be performed to determine Internet search results. The object information may be provided as one or more Internet search queries for the Internet search. The device may receive the Internet search results based on causing the Internet search to be performed. The Internet search results may be related to the object information. The device may analyze the Internet search results to determine Internet-based object information. The device may store or provide the Internet-based object information to permit a determination as to whether the object is malicious.
    Type: Grant
    Filed: March 31, 2015
    Date of Patent: October 16, 2018
    Assignee: Juniper Networks, Inc.
    Inventors: Jacob Asher Langton, Zhenxin Zhan, Daniel J. Quinlan, Kyle Adams
  • Patent number: 10091222
    Abstract: A device may identify exfiltration information to be used to detect data exfiltration. The exfiltration information may be associated with a file being tested to determine whether the file exfiltrates data. The exfiltration information may include a resource identifier that identifies a resource to be used to detect the data exfiltration. The device may determine that the resource, to be used to detect the data exfiltration, has been accessed. The device may identify, based on determining that the resource has been accessed, the file associated with the exfiltration information. The device may perform an action, associated with the file, to counteract the data exfiltration based on determining that the resource has been accessed and based on identifying the file.
    Type: Grant
    Filed: March 31, 2015
    Date of Patent: October 2, 2018
    Assignee: Juniper Networks, Inc.
    Inventors: Jacob Asher Langton, Kyle Adams, Zhenxin Zhan, Daniel J. Quinlan
  • Publication number: 20170344740
    Abstract: A device may receive a file to be analyzed in a sandbox environment, and may determine configuration information for configuring the sandbox environment. The configuration information may be determined based on at least one of: file information associated with the file to be analyzed, or client device information associated with a client device for which the file is intended. The device may configure the sandbox environment using the configuration information. The configuration information may identify a system configuration for the sandbox environment. The device may analyze the file in the sandbox environment based on configuring the sandbox environment using the configuration information.
    Type: Application
    Filed: August 21, 2017
    Publication date: November 30, 2017
    Inventors: Jacob Asher LANGTON, Kyle ADAMS, Daniel J. QUINLAN, Zhenxin ZHAN
  • Publication number: 20170250995
    Abstract: A device may detect a suspicious activity. The device may automatically obtain a suspect object from a client device that is associated with the suspicious activity and based on detecting the suspicious activity. The suspect object may be an object that is possibly associated with the suspicious activity. The device may determine that the suspect object is malicious. The device may perform an action based on determining that the suspect object is malicious.
    Type: Application
    Filed: May 15, 2017
    Publication date: August 31, 2017
    Inventors: Jacob Asher Langton, Daniel J. Quinlan, Kyle Adams, Zhenxin Zhan
  • Patent number: 9740853
    Abstract: A device may receive a file to be analyzed in a sandbox environment, and may determine configuration information for configuring the sandbox environment. The configuration information may be determined based on at least one of: file information associated with the file to be analyzed, or client device information associated with a client device for which the file is intended. The device may configure the sandbox environment using the configuration information. The configuration information may identify a system configuration for the sandbox environment. The device may analyze the file in the sandbox environment based on configuring the sandbox environment using the configuration information.
    Type: Grant
    Filed: October 21, 2016
    Date of Patent: August 22, 2017
    Assignee: Juniper Networks, Inc.
    Inventors: Jacob Asher Langton, Kyle Adams, Daniel J. Quinlan, Zhenxin Zhan
  • Patent number: 9654496
    Abstract: A device may detect a suspicious activity. The device may automatically obtain a suspect object from a client device that is associated with the suspicious activity and based on detecting the suspicious activity. The suspect object may be an object that is possibly associated with the suspicious activity. The device may determine that the suspect object is malicious. The device may perform an action based on determining that the suspect object is malicious.
    Type: Grant
    Filed: March 31, 2015
    Date of Patent: May 16, 2017
    Assignee: Juniper Networks, Inc.
    Inventors: Jacob Asher Langton, Daniel J. Quinlan, Kyle Adams, Zhenxin Zhan
  • Publication number: 20170039369
    Abstract: A device may receive a file to be analyzed in a sandbox environment, and may determine configuration information for configuring the sandbox environment. The configuration information may be determined based on at least one of: file information associated with the file to be analyzed, or client device information associated with a client device for which the file is intended. The device may configure the sandbox environment using the configuration information. The configuration information may identify a system configuration for the sandbox environment. The device may analyze the file in the sandbox environment based on configuring the sandbox environment using the configuration information.
    Type: Application
    Filed: October 21, 2016
    Publication date: February 9, 2017
    Inventors: Jacob Asher LANGTON, Kyle Adams, Daniel J. Quinlan, Zhenxin Zhan
  • Patent number: 9477837
    Abstract: A device may receive a file to be analyzed in a sandbox environment, and may determine configuration information for configuring the sandbox environment. The configuration information may be determined based on at least one of: file information associated with the file to be analyzed, or client device information associated with a client device for which the file is intended. The device may configure the sandbox environment using the configuration information. The configuration information may identify a system configuration for the sandbox environment. The device may analyze the file in the sandbox environment based on configuring the sandbox environment using the configuration information.
    Type: Grant
    Filed: March 31, 2015
    Date of Patent: October 25, 2016
    Assignee: Juniper Networks, Inc.
    Inventors: Jacob Asher Langton, Kyle Adams, Daniel J. Quinlan, Zhenxin Zhan
  • Publication number: 20160294857
    Abstract: A device may receive an object. The device may determine object information for the object. The device may cause an internet search, based on the object information, to be performed to determine Internet search results. The object information may be provided as one or more Internet search queries for the Internet search. The device may receive the Internet search results based on causing the Internet search to be performed. The Internet search results may be related to the object information. The device may analyze the Internet search results to determine Internet-based object information. The device may store or provide the Internet-based object information to permit a determination as to whether the object is malicious.
    Type: Application
    Filed: March 31, 2015
    Publication date: October 6, 2016
    Inventors: Jacob Asher LANGTON, Zhenxin ZHAN, Daniel J. QUINLAN, Kyle ADAMS
  • Publication number: 20160292420
    Abstract: A device may receive a file to be analyzed in a sandbox environment, and may determine configuration information for configuring the sandbox environment. The configuration information may be determined based on at least one of: file information associated with the file to be analyzed, or client device information associated with a client device for which the file is intended. The device may configure the sandbox environment using the configuration information. The configuration information may identify a system configuration for the sandbox environment. The device may analyze the file in the sandbox environment based on configuring the sandbox environment using the configuration information.
    Type: Application
    Filed: March 31, 2015
    Publication date: October 6, 2016
    Inventors: Jacob Asher LANGTON, Kyle ADAMS, Daniel J. QUINLAN, Zhenxin ZHAN
  • Publication number: 20150200962
    Abstract: A computer-implemented method for detecting malicious websites includes collecting data from a website. The collected data includes application-layer data of a URL, wherein the application-layer data is in the form of feature vectors; and network-layer data of a URL, wherein the network-layer data is in the form of feature vectors. Determining if a website is malicious based on the collected application-layer data vectors and the collected network-layer data vectors.
    Type: Application
    Filed: June 4, 2013
    Publication date: July 16, 2015
    Inventors: Shouhuai Xu, Li Xu, Zhenxin Zhan, Keying Ye, Keesook Han, Frank Born