Patents by Inventor Zhenxin Zhan
Zhenxin Zhan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20250260716Abstract: A cloud-based network security system (NSS) is described. The NSS uses a sandbox to safely detonate and extract information about a document and uses machine learning algorithms to analyze the information to predict whether the document contains malicious software. Specifically, during the detonation, static and dynamic information about the document is captured in the sandbox as well as character strings from images in the document. The dynamic information (and sometimes the static information) is input to an AI or machine learning model trained to provide an output indicating a prediction of whether the document contains malware. The character strings are compared with a batch of phishing keywords to generate a heuristic score. A validation engine combines the output from the AI or machine learning model and the heuristic score to classify the document as malicious or clean. Security policies can then be applied based on the classification.Type: ApplicationFiled: February 6, 2025Publication date: August 14, 2025Inventors: Xinjun Zhang, Ari Azarafrooz, Zhenxin Zhan, Ghanashyam Satpathy, Hung-Ming Chen
-
Patent number: 12244637Abstract: A cloud-based network security system (NSS) is described. The NSS uses a sandbox to safely detonate and extract information about a document and uses machine learning algorithms to analyze the information to predict whether the document contains malicious software. Specifically, during the detonation, static and dynamic information about the document is captured in the sandbox as well as character strings from images in the document. The dynamic information (and sometimes the static information) is input to an AI or machine learning model trained to provide an output indicating a prediction of whether the document contains malware. The character strings are compared with a batch of phishing keywords to generate a heuristic score. A validation engine combines the output from the AI or machine learning model and the heuristic score to classify the document as malicious or clean. Security policies can then be applied based on the classification.Type: GrantFiled: February 9, 2024Date of Patent: March 4, 2025Assignee: Netskope, Inc.Inventors: Xinjun Zhang, Ari Azarafrooz, Zhenxin Zhan, Ghanashyam Satpathy, Hung-Ming Chen
-
Patent number: 11531748Abstract: A computer-implemented method, a device, and a non-transitory computer-readable storage medium of automatically determining an interactive GUI element in a graphic user interface (GUI) to be interacted. The method includes: detecting, by the processor, one or more candidate interactive GUI elements in the GUI based on a plurality of algorithms; determining, by the processor, a likelihood indicator for each of the one or more candidate interactive GUI elements, a likelihood indicator indicating the likelihood that a candidate interactive GUI element associated with the likelihood indicator is an interactive GUI element to be interacted; and determining, by the processor, an interactive GUI element to be interacted from the one or more candidate interactive GUI elements based on the likelihood indicators.Type: GrantFiled: January 11, 2019Date of Patent: December 20, 2022Assignees: BEIJING JINGDONG SHANGKE INFORMATION TECHNOLOGY CO., LTD., JD.COM AMERICAN TECHNOLOGIES CORPORATIONInventors: Zhenxin Zhan, Junyuan Zeng, Jimmy Su
-
Patent number: 10949532Abstract: A system for monitoring file integrity in a host computing device having a process and a storage device storing computer executable code. The computer executable code is configured to: provide containers, an agent external to the containers, and a policy file configuring policy for the containers; intercept a system call indicating mounting, and construct a first correspondence between a container file path and a host file path having mounting correspondence; intercept a system call of the container indicating opening of the policy file, and construct a second correspondence between the container file path and the violation of the container file path; aggregate the first and second correspondences to obtain a correspondence between the host file path and the violation; and monitor file integrity of the container by detecting violation of the host file path.Type: GrantFiled: December 13, 2018Date of Patent: March 16, 2021Assignees: Beijing Jingdong Shangke Information Technology Co., Ltd., JD.com American Technologies CorporationInventors: Junyuan Zeng, Zhenxin Zhan, Yuan Chen, Jimmy Su
-
Publication number: 20200226249Abstract: A computer-implemented method, a device, and a non-transitory computer-readable storage medium of automatically determining an interactive GUI element in a graphic user interface (GUI) to be interacted. The method includes: detecting, by the processor, one or more candidate interactive GUI elements in the GUI based on a plurality of algorithms; determining, by the processor, a likelihood indicator for each of the one or more candidate interactive GUI elements, a likelihood indicator indicating the likelihood that a candidate interactive GUI element associated with the likelihood indicator is an interactive GUI element to be interacted; and determining, by the processor, an interactive GUI element to be interacted from the one or more candidate interactive GUI elements based on the likelihood indicators.Type: ApplicationFiled: January 11, 2019Publication date: July 16, 2020Inventors: Zhenxin Zhan, Junyuan Zeng, Jimmy Su
-
Publication number: 20200193016Abstract: A system for monitoring file integrity in a host computing device having a process and a storage device storing computer executable code. The computer executable code is configured to: provide containers, an agent external to the containers, and a policy file configuring policy for the containers; intercept a system call indicating mounting, and construct a first correspondence between a container file path and a host file path having mounting correspondence; intercept a system call of the container indicating opening of the policy file, and construct a second correspondence between the container file path and the violation of the container file path; aggregate the first and second correspondences to obtain a correspondence between the host file path and the violation; and monitor file integrity of the container by detecting violation of the host file path.Type: ApplicationFiled: December 13, 2018Publication date: June 18, 2020Inventors: Junyuan Zeng, Zhenxin Zhan, Yuan Chen, Jimmy Su
-
Patent number: 10380337Abstract: A device may receive a file to be analyzed in a sandbox environment, and may determine configuration information for configuring the sandbox environment. The configuration information may be determined based on at least one of: file information associated with the file to be analyzed, or client device information associated with a client device for which the file is intended. The device may configure the sandbox environment using the configuration information. The configuration information may identify a system configuration for the sandbox environment. The device may analyze the file in the sandbox environment based on configuring the sandbox environment using the configuration information.Type: GrantFiled: August 21, 2017Date of Patent: August 13, 2019Assignee: Juniper Networks, Inc.Inventors: Jacob Asher Langton, Kyle Adams, Daniel J. Quinlan, Zhenxin Zhan
-
Publication number: 20190036955Abstract: A device may identify exfiltration information to be used to detect data exfiltration. The exfiltration information may be associated with a file being tested to determine whether the file exfiltrates data. The exfiltration information may include a resource identifier that identifies a resource to be used to detect the data exfiltration. The device may determine that the resource, to be used to detect the data exfiltration, has been accessed. The device may identify, based on determining that the resource has been accessed, the file associated with the exfiltration information. The device may perform an action, associated with the file, to counteract the data exfiltration based on determining that the resource has been accessed and based on identifying the file.Type: ApplicationFiled: September 28, 2018Publication date: January 31, 2019Inventors: Jacob Asher LANGTON, Kyle ADAMS, Zhenxin ZHAN, Daniel J. QUINLAN
-
Patent number: 10104106Abstract: A device may receive an object. The device may determine object information for the object. The device may cause an internet search, based on the object information, to be performed to determine Internet search results. The object information may be provided as one or more Internet search queries for the Internet search. The device may receive the Internet search results based on causing the Internet search to be performed. The Internet search results may be related to the object information. The device may analyze the Internet search results to determine Internet-based object information. The device may store or provide the Internet-based object information to permit a determination as to whether the object is malicious.Type: GrantFiled: March 31, 2015Date of Patent: October 16, 2018Assignee: Juniper Networks, Inc.Inventors: Jacob Asher Langton, Zhenxin Zhan, Daniel J. Quinlan, Kyle Adams
-
Patent number: 10091222Abstract: A device may identify exfiltration information to be used to detect data exfiltration. The exfiltration information may be associated with a file being tested to determine whether the file exfiltrates data. The exfiltration information may include a resource identifier that identifies a resource to be used to detect the data exfiltration. The device may determine that the resource, to be used to detect the data exfiltration, has been accessed. The device may identify, based on determining that the resource has been accessed, the file associated with the exfiltration information. The device may perform an action, associated with the file, to counteract the data exfiltration based on determining that the resource has been accessed and based on identifying the file.Type: GrantFiled: March 31, 2015Date of Patent: October 2, 2018Assignee: Juniper Networks, Inc.Inventors: Jacob Asher Langton, Kyle Adams, Zhenxin Zhan, Daniel J. Quinlan
-
Publication number: 20170344740Abstract: A device may receive a file to be analyzed in a sandbox environment, and may determine configuration information for configuring the sandbox environment. The configuration information may be determined based on at least one of: file information associated with the file to be analyzed, or client device information associated with a client device for which the file is intended. The device may configure the sandbox environment using the configuration information. The configuration information may identify a system configuration for the sandbox environment. The device may analyze the file in the sandbox environment based on configuring the sandbox environment using the configuration information.Type: ApplicationFiled: August 21, 2017Publication date: November 30, 2017Inventors: Jacob Asher LANGTON, Kyle ADAMS, Daniel J. QUINLAN, Zhenxin ZHAN
-
Publication number: 20170250995Abstract: A device may detect a suspicious activity. The device may automatically obtain a suspect object from a client device that is associated with the suspicious activity and based on detecting the suspicious activity. The suspect object may be an object that is possibly associated with the suspicious activity. The device may determine that the suspect object is malicious. The device may perform an action based on determining that the suspect object is malicious.Type: ApplicationFiled: May 15, 2017Publication date: August 31, 2017Inventors: Jacob Asher Langton, Daniel J. Quinlan, Kyle Adams, Zhenxin Zhan
-
Patent number: 9740853Abstract: A device may receive a file to be analyzed in a sandbox environment, and may determine configuration information for configuring the sandbox environment. The configuration information may be determined based on at least one of: file information associated with the file to be analyzed, or client device information associated with a client device for which the file is intended. The device may configure the sandbox environment using the configuration information. The configuration information may identify a system configuration for the sandbox environment. The device may analyze the file in the sandbox environment based on configuring the sandbox environment using the configuration information.Type: GrantFiled: October 21, 2016Date of Patent: August 22, 2017Assignee: Juniper Networks, Inc.Inventors: Jacob Asher Langton, Kyle Adams, Daniel J. Quinlan, Zhenxin Zhan
-
Patent number: 9654496Abstract: A device may detect a suspicious activity. The device may automatically obtain a suspect object from a client device that is associated with the suspicious activity and based on detecting the suspicious activity. The suspect object may be an object that is possibly associated with the suspicious activity. The device may determine that the suspect object is malicious. The device may perform an action based on determining that the suspect object is malicious.Type: GrantFiled: March 31, 2015Date of Patent: May 16, 2017Assignee: Juniper Networks, Inc.Inventors: Jacob Asher Langton, Daniel J. Quinlan, Kyle Adams, Zhenxin Zhan
-
Publication number: 20170039369Abstract: A device may receive a file to be analyzed in a sandbox environment, and may determine configuration information for configuring the sandbox environment. The configuration information may be determined based on at least one of: file information associated with the file to be analyzed, or client device information associated with a client device for which the file is intended. The device may configure the sandbox environment using the configuration information. The configuration information may identify a system configuration for the sandbox environment. The device may analyze the file in the sandbox environment based on configuring the sandbox environment using the configuration information.Type: ApplicationFiled: October 21, 2016Publication date: February 9, 2017Inventors: Jacob Asher LANGTON, Kyle Adams, Daniel J. Quinlan, Zhenxin Zhan
-
Patent number: 9477837Abstract: A device may receive a file to be analyzed in a sandbox environment, and may determine configuration information for configuring the sandbox environment. The configuration information may be determined based on at least one of: file information associated with the file to be analyzed, or client device information associated with a client device for which the file is intended. The device may configure the sandbox environment using the configuration information. The configuration information may identify a system configuration for the sandbox environment. The device may analyze the file in the sandbox environment based on configuring the sandbox environment using the configuration information.Type: GrantFiled: March 31, 2015Date of Patent: October 25, 2016Assignee: Juniper Networks, Inc.Inventors: Jacob Asher Langton, Kyle Adams, Daniel J. Quinlan, Zhenxin Zhan
-
Publication number: 20160294857Abstract: A device may receive an object. The device may determine object information for the object. The device may cause an internet search, based on the object information, to be performed to determine Internet search results. The object information may be provided as one or more Internet search queries for the Internet search. The device may receive the Internet search results based on causing the Internet search to be performed. The Internet search results may be related to the object information. The device may analyze the Internet search results to determine Internet-based object information. The device may store or provide the Internet-based object information to permit a determination as to whether the object is malicious.Type: ApplicationFiled: March 31, 2015Publication date: October 6, 2016Inventors: Jacob Asher LANGTON, Zhenxin ZHAN, Daniel J. QUINLAN, Kyle ADAMS
-
Publication number: 20160292420Abstract: A device may receive a file to be analyzed in a sandbox environment, and may determine configuration information for configuring the sandbox environment. The configuration information may be determined based on at least one of: file information associated with the file to be analyzed, or client device information associated with a client device for which the file is intended. The device may configure the sandbox environment using the configuration information. The configuration information may identify a system configuration for the sandbox environment. The device may analyze the file in the sandbox environment based on configuring the sandbox environment using the configuration information.Type: ApplicationFiled: March 31, 2015Publication date: October 6, 2016Inventors: Jacob Asher LANGTON, Kyle ADAMS, Daniel J. QUINLAN, Zhenxin ZHAN
-
Publication number: 20150200962Abstract: A computer-implemented method for detecting malicious websites includes collecting data from a website. The collected data includes application-layer data of a URL, wherein the application-layer data is in the form of feature vectors; and network-layer data of a URL, wherein the network-layer data is in the form of feature vectors. Determining if a website is malicious based on the collected application-layer data vectors and the collected network-layer data vectors.Type: ApplicationFiled: June 4, 2013Publication date: July 16, 2015Inventors: Shouhuai Xu, Li Xu, Zhenxin Zhan, Keying Ye, Keesook Han, Frank Born