Patents by Inventor Zihang Xiao
Zihang Xiao has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240073244Abstract: Inline package name based supply chain attack detection and prevention is disclosed. An indication that a client device has made a request to a remote server for a package is received. A data appliance then performs an action responsive to the received indication. In an example implementation, the data appliance makes a determination of whether the request for the package is associated with a nonexisting package.Type: ApplicationFiled: November 2, 2023Publication date: February 29, 2024Inventors: Ruian Duan, Daiping Liu, Jun Wang, Zihang Xiao
-
Patent number: 11880465Abstract: A sample is received for analysis. A determination is made that the sample was compiled for a CPU architecture that is different from a host CPU architecture. The sample is executed in an emulated user space corresponding to the CPU architecture for which the sample was compiled. The emulated user space is provided by executing a user space emulation utility in a virtual machine that shares the host CPU architecture.Type: GrantFiled: June 10, 2022Date of Patent: January 23, 2024Assignee: Palo Alto Networks, Inc.Inventors: Zihang Xiao, Cong Zheng, ChienHua Lu
-
Patent number: 11863586Abstract: Inline package name based supply chain attack detection and prevention is disclosed. An indication that a client device has made a request to a remote server for a package is received. A data appliance then performs an action responsive to the received indication. In an example implementation, the data appliance makes a determination of whether the request for the package is associated with a nonexisting package.Type: GrantFiled: September 30, 2022Date of Patent: January 2, 2024Assignee: Palo Alto Networks, Inc.Inventors: Ruian Duan, Daiping Liu, Jun Wang, Zihang Xiao
-
Publication number: 20230336572Abstract: Domain Name System (DNS) security using process information is provided. An application accessing an internet service using a domain name is determined. Process information associated with the application along with an associated DNS query to identify an IP address associated with the domain name are identified. The process information and the associated DNS query to a DNS security service are sent. An action based on a response from the DNS security service is performed.Type: ApplicationFiled: December 8, 2022Publication date: October 19, 2023Inventors: Zihang Xiao, Zhanhao Chen
-
Publication number: 20230306114Abstract: Automatic generation of a malware signature is disclosed. Code of a sample including packages and function names is parsed. Standard type packages and vendor type packages are filtered from the code of the sample to obtain main type packages. A signature using a fuzzy hash for the sample is generated based on the main type packages. A determination of whether the sample is malware is performed using the signature and a similarity score threshold.Type: ApplicationFiled: February 7, 2022Publication date: September 28, 2023Inventors: Yang Ji, Tyler Pals Halfpop, Zihang Xiao, Wenjun Hu
-
Patent number: 11757844Abstract: Techniques for providing a smart proxy for a large scale high-interaction honeypot farm are disclosed. In some embodiments, a system/method/computer program product for providing a smart proxy for a large scale high-interaction honeypot farm includes receiving tunneled traffic at a smart proxy from a sensor for a honeypot farm that is executed in a honeypot cloud, wherein the tunneled traffic is forwarded attack traffic, and wherein the honeypot farm includes a plurality of container images of distinct types of vulnerable services; selecting a matching type of vulnerable service from the plurality of container images of distinct types of vulnerable services based on a profile of the attack traffic; and forwarding the tunneled traffic to an instance of the matching type of vulnerable service.Type: GrantFiled: January 13, 2022Date of Patent: September 12, 2023Assignee: Palo Alto Networks, Inc.Inventors: Zihang Xiao, Cong Zheng, Jiangxia Liu
-
Patent number: 11757936Abstract: Techniques for providing a large scale high-interaction honeypot farm are disclosed. In some embodiments, a system/method/computer program product for providing a large scale high-interaction honeypot farm includes sending traffic detected at a sensor to a smart proxy for a honeypot farm that is executed in a honeypot cloud, wherein the traffic is forwarded attack traffic that is sent using a tunneling protocol, and wherein the honeypot farm includes a plurality of container images of distinct types of vulnerable services; selecting a matching type of vulnerable service from the plurality of container images of distinct types of vulnerable services based on a profile of the attack traffic; forwarding the traffic to an instance of the matching type of vulnerable service; and executing a security agent associated with the instance of the matching type of vulnerable service to identify a threat by monitoring behaviors and detecting anomalies or post exploitation activities.Type: GrantFiled: January 13, 2022Date of Patent: September 12, 2023Assignee: Palo Alto Networks, Inc.Inventors: Zihang Xiao, Cong Zheng, Jiangxia Liu
-
Patent number: 11582247Abstract: Domain Name System (DNS) security using process information is provided. An application accessing an internet service using a domain name is determined. Process information associated with the application along with an associated DNS query to identify an IP address associated with the domain name are identified. The process information and the associated DNS query to a DNS security service are sent. An action based on a response from the DNS security service is performed.Type: GrantFiled: April 19, 2022Date of Patent: February 14, 2023Assignee: Palo Alto Networks, Inc.Inventors: Zihang Xiao, Zhanhao Chen
-
Patent number: 11550916Abstract: A sample is received for analysis by a virtualized environment. A determination is made that the sample was compiled for a CPU architecture that is different from a host CPU architecture. The sample is executed in an emulated user space corresponding to the CPU architecture for which the sample was compiled. The emulated user space is provided by executing a user space emulation utility in a virtual machine that shares the host CPU architecture.Type: GrantFiled: June 21, 2021Date of Patent: January 10, 2023Assignee: Palo Alto Networks, Inc.Inventors: Zihang Xiao, Cong Zheng, ChienHua Lu
-
Publication number: 20220309160Abstract: A sample is received for analysis. A determination is made that the sample was compiled for a CPU architecture that is different from a host CPU architecture. The sample is executed in an emulated user space corresponding to the CPU architecture for which the sample was compiled. The emulated user space is provided by executing a user space emulation utility in a virtual machine that shares the host CPU architecture.Type: ApplicationFiled: June 10, 2022Publication date: September 29, 2022Inventors: Zihang Xiao, Cong Zheng, ChienHua Lu
-
Publication number: 20220141253Abstract: Techniques for providing a large scale high-interaction honeypot farm are disclosed. In some embodiments, a system/method/computer program product for providing a large scale high-interaction honeypot farm includes sending traffic detected at a sensor to a smart proxy for a honeypot farm that is executed in a honeypot cloud, wherein the traffic is forwarded attack traffic that is sent using a tunneling protocol, and wherein the honeypot farm includes a plurality of container images of distinct types of vulnerable services; selecting a matching type of vulnerable service from the plurality of container images of distinct types of vulnerable services based on a profile of the attack traffic; forwarding the traffic to an instance of the matching type of vulnerable service; and executing a security agent associated with the instance of the matching type of vulnerable service to identify a threat by monitoring behaviors and detecting anomalies or post exploitation activities.Type: ApplicationFiled: January 13, 2022Publication date: May 5, 2022Inventors: Zihang Xiao, Cong Zheng, Jiangxia Liu
-
Publication number: 20220141194Abstract: Techniques for providing a smart proxy for a large scale high-interaction honeypot farm are disclosed. In some embodiments, a system/method/computer program product for providing a smart proxy for a large scale high-interaction honeypot farm includes receiving tunneled traffic at a smart proxy from a sensor for a honeypot farm that is executed in a honeypot cloud, wherein the tunneled traffic is forwarded attack traffic, and wherein the honeypot farm includes a plurality of container images of distinct types of vulnerable services; selecting a matching type of vulnerable service from the plurality of container images of distinct types of vulnerable services based on a profile of the attack traffic; and forwarding the tunneled traffic to an instance of the matching type of vulnerable service.Type: ApplicationFiled: January 13, 2022Publication date: May 5, 2022Inventors: Zihang Xiao, Cong Zheng, Jiangxia Liu
-
Patent number: 11271907Abstract: Techniques for providing a smart proxy for a large scale high-interaction honeypot farm are disclosed. In some embodiments, a system/method/computer program product for providing a smart proxy for a large scale high-interaction honeypot farm includes receiving tunneled traffic at a smart proxy from a sensor for a honeypot farm that is executed in a honeypot cloud, wherein the tunneled traffic is forwarded attack traffic, and wherein the honeypot farm includes a plurality of container images of distinct types of vulnerable services; selecting a matching type of vulnerable service from the plurality of container images of distinct types of vulnerable services based on a profile of the attack traffic; and forwarding the tunneled traffic to an instance of the matching type of vulnerable service.Type: GrantFiled: December 19, 2019Date of Patent: March 8, 2022Assignee: Palo Alto Networks, Inc.Inventors: Zihang Xiao, Cong Zheng, Jiangxia Liu
-
Patent number: 11265346Abstract: Techniques for providing a large scale high-interaction honeypot farm are disclosed. In some embodiments, a system/method/computer program product for providing a large scale high-interaction honeypot farm includes sending traffic detected at a sensor to a smart proxy for a honeypot farm that is executed in a honeypot cloud, wherein the traffic is forwarded attack traffic that is sent using a tunneling protocol, and wherein the honeypot farm includes a plurality of container images of distinct types of vulnerable services; selecting a matching type of vulnerable service from the plurality of container images of distinct types of vulnerable services based on a profile of the attack traffic; forwarding the traffic to an instance of the matching type of vulnerable service; and executing a security agent associated with the instance of the matching type of vulnerable service to identify a threat by monitoring behaviors and detecting anomalies or post exploitation activities.Type: GrantFiled: December 19, 2019Date of Patent: March 1, 2022Assignee: Palo Alto Networks, Inc.Inventors: Zihang Xiao, Cong Zheng, Jiangxia Liu
-
Publication number: 20210312048Abstract: A sample is received for analysis by a virtualized environment. A determination is made that the sample was compiled for a CPU architecture that is different from a host CPU architecture. The sample is executed in an emulated user space corresponding to the CPU architecture for which the sample was compiled. The emulated user space is provided by executing a user space emulation utility in a virtual machine that shares the host CPU architecture.Type: ApplicationFiled: June 21, 2021Publication date: October 7, 2021Inventors: Zihang Xiao, Cong Zheng, ChienHua Lu
-
Patent number: 11080400Abstract: A sample is received for analysis by a virtualized environment. A determination is made that the sample was compiled for a CPU architecture that is different from a host CPU architecture. The sample is executed in an emulated user space corresponding to the CPU architecture for which the sample was compiled.Type: GrantFiled: August 28, 2019Date of Patent: August 3, 2021Assignee: Palo Alto Networks, Inc.Inventors: Zihang Xiao, Cong Zheng, ChienHua Lu
-
Publication number: 20210194853Abstract: Techniques for providing a smart proxy for a large scale high-interaction honeypot farm are disclosed. In some embodiments, a system/method/computer program product for providing a smart proxy for a large scale high-interaction honeypot farm includes receiving tunneled traffic at a smart proxy from a sensor for a honeypot farm that is executed in a honeypot cloud, wherein the tunneled traffic is forwarded attack traffic, and wherein the honeypot farm includes a plurality of container images of distinct types of vulnerable services; selecting a matching type of vulnerable service from the plurality of container images of distinct types of vulnerable services based on a profile of the attack traffic; and forwarding the tunneled traffic to an instance of the matching type of vulnerable service.Type: ApplicationFiled: December 19, 2019Publication date: June 24, 2021Inventors: Zihang Xiao, Cong Zheng, Jiangxia Liu
-
Publication number: 20210194925Abstract: Techniques for providing a large scale high-interaction honeypot farm are disclosed. In some embodiments, a system/method/computer program product for providing a large scale high-interaction honeypot farm includes sending traffic detected at a sensor to a smart proxy for a honeypot farm that is executed in a honeypot cloud, wherein the traffic is forwarded attack traffic that is sent using a tunneling protocol, and wherein the honeypot farm includes a plurality of container images of distinct types of vulnerable services; selecting a matching type of vulnerable service from the plurality of container images of distinct types of vulnerable services based on a profile of the attack traffic; forwarding the traffic to an instance of the matching type of vulnerable service; and executing a security agent associated with the instance of the matching type of vulnerable service to identify a threat by monitoring behaviors and detecting anomalies or post exploitation activities.Type: ApplicationFiled: December 19, 2019Publication date: June 24, 2021Inventors: Zihang Xiao, Cong Zheng, Jiangxia Liu
-
Patent number: 10970392Abstract: A first mobile application is received. A reversing operation is performed on the first mobile application. A static analysis engine is used to determine a plurality of libraries included in the mobile application. Each library included in the plurality of libraries is categorized. A determination that the first mobile application is similar to a second mobile application based at least in part on a comparison of the respective categorizations of the respective libraries included in the respective first and second mobile applications. Commonality in the libraries of the two mobile applications can be used for a variety of purposes including detecting repackaging and also common authorship.Type: GrantFiled: August 26, 2019Date of Patent: April 6, 2021Assignee: Palo Alto Networks, Inc.Inventors: Zhi Xu, Zihang Xiao
-
Publication number: 20210064753Abstract: A sample is received for analysis by a virtualized environment. A determination is made that the sample was compiled for a CPU architecture that is different from a host CPU architecture. The sample is executed in an emulated user space corresponding to the CPU architecture for which the sample was compiled.Type: ApplicationFiled: August 28, 2019Publication date: March 4, 2021Inventors: Zihang Xiao, Cong Zheng, ChienHua Lu