Computer Program Modification Detection By Cryptography Patents (Class 713/187)
  • Patent number: 10785244
    Abstract: An anomaly detection method includes: extracting, for each of a plurality of learning packets obtained, all possible combinations of N-grams in the payload included in the learning packet; counting a first number which is the number of occurrences of each combination in the payloads of the learning packets; calculating, as anomaly detection models, first probabilities by performing smoothing processing based on a plurality of the first numbers; and when the score calculated for each of a plurality of packets exceeds a predetermined threshold that is based on the anomaly detection models stored in a memory, outputting information indicating that the packet having the score has an anomaly.
    Type: Grant
    Filed: December 13, 2018
    Date of Patent: September 22, 2020
    Assignee: PANASONIC INTELLECTUAL PROPERTY CORPORATION OF AMERICA
    Inventors: Tatsumi Oba, Iku Ohama
  • Patent number: 10776179
    Abstract: Disclosed in the present invention are a multi-application-oriented user data management method and system. The method comprises a first application module receives an access instruction input by a first user, the first application module generates an authority request information according to the access instruction, wherein the authority request information includes information of the first application corresponding to the first application module, a platform server or an authority data storage server calls a user authority data of the first application according to the authority request information, and return the user authority data to the first application module, and the first application module obtains user data orienting to the first user of the first application according to the user authority data and user information of the first user.
    Type: Grant
    Filed: July 24, 2017
    Date of Patent: September 15, 2020
    Assignee: INTELLIGENT BUSINESS SOFTWARE (BEIJING) CO., LTD
    Inventor: Haining Wang
  • Patent number: 10771477
    Abstract: The profiling and fingerprinting of communication and control (C&C) infrastructure is disclosed herein. An initial C&C profile is transmitted to a first network monitoring system. The initial C&C profile includes a domain corresponding to a C&C channel, and a pattern corresponding to the C&C channel. At least in part in response to information received from a second network monitoring system, the initial C&C profile is revised. An updated C&C profile is transmitted to the first network monitoring system.
    Type: Grant
    Filed: April 16, 2019
    Date of Patent: September 8, 2020
    Assignee: Palo Alto Networks, Inc.
    Inventors: Zhi Xu, Cong Zheng
  • Patent number: 10769591
    Abstract: Systems, methods, and software are described herein for enhancing features within program applications. In an implementation, a user associated with a productivity application is identified and a service application associated with the user is identified. A service feature that corresponds to the service is enabled within the productivity application. The service feature allows the user to perform a function on content generated with the productivity application that is related to the service.
    Type: Grant
    Filed: January 28, 2019
    Date of Patent: September 8, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Jennifer Hui-ni Hwang, Matthew Eckstein, Sam Franklin Williams, III
  • Patent number: 10769272
    Abstract: Systems, apparatuses and methods may provide for technology that associates a key domain of a plurality of key domains with a customer boot image, receives the customer boot image from the customer, and verifies the integrity of the customer boot image that is to be securely installed at memory locations determined from an untrusted privileged entity (e.g., a virtual machine manager).
    Type: Grant
    Filed: September 29, 2017
    Date of Patent: September 8, 2020
    Assignee: Intel Corporation
    Inventors: David M. Durham, Karanvir S. Grewal, Sergej Deutsch, Michael Lemay
  • Patent number: 10764309
    Abstract: Analysis of samples for maliciousness is disclosed. A sample is executed and one or more network activities associated with executing the sample are recorded. The recorded network activities are compared to a malware profile. The malware profile comprises a set of network activities taken by a known malicious application during execution of the known malicious application. A verdict of “malicious” is assigned to the sample based at least in part on a determination that the recorded network activities match the malware profile.
    Type: Grant
    Filed: January 31, 2018
    Date of Patent: September 1, 2020
    Assignee: Palo Alto Networks, Inc.
    Inventors: Jun Wang, Wei Xu
  • Patent number: 10762179
    Abstract: Systems, methods, and storage media implemented by a computer for enabling tracking of software are disclosed. Exemplary implementations may: receive marking input code corresponding to a computer program; identify locations of the marking input code that can be modified in ways that preserve functionality of the computer program; choose at least one code transformation with associated intrinsic constants; derive derived constants from the specific intrinsic constants; apply the at least one chosen code transformation, including injecting the derived constants into the marking input code; saving the results of the above steps on computer readable media as marked code; and save metadata including a list of the derived constants on computer readable media in a file that is separate from the marked code.
    Type: Grant
    Filed: August 8, 2018
    Date of Patent: September 1, 2020
    Assignee: IRDETO B.V.
    Inventors: Catherine Chambers, Philip Allan Eisen, Robert Durand, Grant Goodes
  • Patent number: 10757223
    Abstract: A processor of a client device attempts to load a service using a first application that is pre-configured to communicate with a provider of the service during an initial loading of the first application. The processor determines that the first application has failed to load the service and responsively re-attempts to load the service using the first application. In response to determining that the first application has again failed to load the service during the re-attempt, the processor launches a second application that is not pre-configured to communicate with the provider during an initial loading of the second application. The processor retrieves, using the second application, from the provider, parameters for loading the service, and loads the service, using the second application, based on the parameters.
    Type: Grant
    Filed: September 13, 2018
    Date of Patent: August 25, 2020
    Assignee: Uber Technologies, Inc.
    Inventors: Benjamin Andrew Hjerrild, Naveen Pilanku Narayanan, Bruce McLaren Stanley, Jr.
  • Patent number: 10754951
    Abstract: Executable files are evaluated for malware in one or more lightweight executors, such as lightweight executor processes. An executable file is loaded and executed in a lightweight executor. Instructions in an execution path of the executable file are executed. Instructions in another execution path of the executable file are executed in another lightweight executor when a conditional branch instruction in an execution path has a suspicious condition. A fake kernel that mimics a real operating system kernel receives system calls, and responds to the system calls without servicing them in a way the real operating system kernel would. Runtime behavior of the executable file is observed for malware behavior. A response action, such as preventing the executable file from subsequently executing in a computer, is performed when the executable file is detected to be malware.
    Type: Grant
    Filed: June 15, 2018
    Date of Patent: August 25, 2020
    Assignee: Trend Micro Incorporated
    Inventors: Jie Tang, Weimin Wu, Kai Yu, Chengguo Zhang
  • Patent number: 10742678
    Abstract: In one embodiment, a security device maintains a plurality of security enclaves for a computer network, each associated with a given level of security policies. After detecting a given device joining the computer network, the security device places the given device in a strictest security enclave of the plurality of security enclaves in response to joining the computer network. The security device then subjects the given device to joint adversarial training, where a control agent representing behavior of the given device is trained against an inciting agent, and where the inciting agent attempts to force the control agent to misbehave by applying destabilizing policies. Accordingly, the security device may determine control agent behavior during the joint adversarial training, and promotes the given device to a less strict security enclave of the plurality of enclaves in response to the control agent being robust against the attempts by the inciting agent.
    Type: Grant
    Filed: February 8, 2018
    Date of Patent: August 11, 2020
    Assignee: Cisco Technology, Inc.
    Inventors: Manikandan Kesavan, Plamen Nedeltchev, Hugo Latapie, Enzo Fenoglio
  • Patent number: 10728275
    Abstract: A system and method are disclosed wherein a risk score is generated by interrogating multiple sources of information across a network. The information is aggregated, such that every network action for individuals and organizations are turned into a unique behavioral model, which can be used as a unique identifier (“fingerprint”). This fingerprint is in turn used by a personalized Trust Guardian System to block, modify and/or allow network actions.
    Type: Grant
    Filed: March 15, 2018
    Date of Patent: July 28, 2020
    Assignee: Lyft Inc.
    Inventors: Mark Adams, Daniel Meacham, Simon Meacham
  • Patent number: 10719600
    Abstract: Techniques are provided for client application authentication and include receiving a request to authenticate an application and, based on the received request to authenticate the application, sending a request to perform a push communication, including a short-term shared key, to a digital distribution system, wherein the digital distribution system is a distribution source of the application. The digital distribution system attempts to send the push communication including the short-term shared key to the application. The techniques may proceed by receiving a request for resources from the provider client application and determining whether the application has the short-term shared key. When it is determined that the application has provided the short-term shared key, the requested resources to the application may be provided, otherwise, the requested resources may be denied.
    Type: Grant
    Filed: June 21, 2018
    Date of Patent: July 21, 2020
    Assignee: ATLASSIAN PTY LTD
    Inventor: Jerry Cheng
  • Patent number: 10713030
    Abstract: Systems and methods are disclosed for provisioning software in computing networks. For example, methods may include invoking one or more discovery probes; retrieving software usage data based at least on the one or more discovery probes; determining software usage predictions based on the software usage data; allocating, based on the software usage predictions, per user software entitlements and per device software entitlements to obtain an allocation of software entitlements; and invoking installation or uninstallation of software responsive to the allocation of software entitlements.
    Type: Grant
    Filed: November 16, 2018
    Date of Patent: July 14, 2020
    Assignee: ServiceNow, Inc.
    Inventors: Apolak Borthakur, Manish Srivastava, Yu Xia
  • Patent number: 10686819
    Abstract: Mobile device security techniques are described. For a specific computing device, for each of a plurality of distinct security categories, a risk score is determined. The determined risk scores are aggregated to obtain an overall risk score.
    Type: Grant
    Filed: October 22, 2013
    Date of Patent: June 16, 2020
    Assignee: PROOFPOINT, INC.
    Inventors: Ramana M. Mylavarapu, Ajay Nigam, Vipin Balkatta Hegde
  • Patent number: 10678923
    Abstract: At an advertising server: adding tracking code to advertisements served by the advertising server, wherein the tracking code is configured to cause web browsers displaying the served advertisements to transmit their contents to a security server. At the security server: scanning the received advertisements to detect presence of malicious code, and storing results of the scanning in a database. At the advertising server: prior to serving a new advertisement that has won in RTB, querying the database for scan results associated with the new advertisement. When the scan results indicate a malicious advertisement, preventing a serving of the new advertisement. When the scan results indicate a safe advertisement, allowing a serving the new advertisement. When no scan results are available for the new advertisement, adding the tracking code to the new advertisement and serving it, such that its contents are scanned by the security server.
    Type: Grant
    Filed: July 10, 2019
    Date of Patent: June 9, 2020
    Assignee: FIVE MEDIA MARKETING LIMITED
    Inventors: Amnon Sem Siev, Guy Books, Sharon Abu
  • Patent number: 10664414
    Abstract: A controller for a data storage device is disclosed. The controller includes an encryptor and electronic fuses. The electronic fuses is provided for storage of a key which is supposed to be used by the encryptor to encrypt user data before storing the user data in the data storage device. When a user deletes the user data, the controller changes at least one bit of the key stored in the electronic fuses from ‘0’ to ‘1’. Due to the change of the key stored in the electronic fuses for the encryptor, the deleted user data is fully prevented from leaking from the data storage device. A data storage device with a high confidential level is achieved.
    Type: Grant
    Filed: January 11, 2018
    Date of Patent: May 26, 2020
    Assignee: SILICON MOTION, INC.
    Inventor: Sheng-Liu Lin
  • Patent number: 10664179
    Abstract: An integrated circuit includes protected container access control logic to perform a set of access control checks and to determine whether to allow a device protected container module (DPCM) and an input and/or output (I/O) device to communicate securely through one of direct memory access (DMA) and memory-mapped input/output (MMIO). The DPCM and the I/O device are allowed to communicate securely if it is determined that at least the DPCM and the I/O device are mapped to one another, an access address associated with the communication resolves into a protected container memory, and a page of the protected container memory into which the access address resolves allows for the aforementioned one of DMA and MMIO. In some cases, a Security Attributes of Initiator (SAI) or security identifier may be used to obtain a DPCM identifier or attest that access is from a DPCM mapped to the I/O device.
    Type: Grant
    Filed: September 25, 2015
    Date of Patent: May 26, 2020
    Assignee: Intel Corporation
    Inventors: Ilya Alexandrovich, Vladimir Beker, Gideon Gerzon, Vincent R. Scarlata
  • Patent number: 10666686
    Abstract: According to one embodiment, a virtualized malware detection system is integrated with a virtual machine host including a plurality of virtual machines and a security virtual machine. Logic within the virtual machines are configured to perform a dynamic analysis of an object and monitor for the occurrence of a triggering event. Upon detection of a triggering event within a virtual machine, the logic within the virtual machine provides the security virtual machine with information associated with the triggering event for further analysis. Based on the further analysis, the object may then be classified as “non-malicious,” or “malicious.
    Type: Grant
    Filed: December 3, 2018
    Date of Patent: May 26, 2020
    Assignee: FireEye, Inc.
    Inventors: Japneet Singh, Harinath Ramchetty, Anil Gupta
  • Patent number: 10645073
    Abstract: The disclosed computer-implemented method for authenticating applications installed on computing devices may include (i) requesting to download, onto an endpoint device, an application from a host server, (ii) receiving the application from the host server after the host server has (a) generated an authentication token to be used to authenticate the application on the endpoint device and (b) embedded the authentication token within a filename of the application, (iii) installing the application onto the endpoint device, (iv) identifying the authentication token within the filename of the application, and (v) using the authentication token to authenticate the endpoint device to the application such that a user of the endpoint device is provided access to the application. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: June 12, 2017
    Date of Patent: May 5, 2020
    Assignee: CA, Inc.
    Inventors: Prasad Agarmore, Karan Khanna
  • Patent number: 10637884
    Abstract: According to various embodiments, a system for, and method of, predicting and remediating malware threats in an electronic computer network, is provided. The disclosed techniques include storing in an electronic persistent storage library data representing a plurality of malware threats, randomizing, by a computer-implemented evolution engine communicatively coupled to the electronic persistent storage library, data representing malware threats to generate data representing randomized malware threats, and evaluating, by a computer-implemented evaluation engine communicatively coupled to an output of the evolution engine and to the electronic persistent storage library, the data representing the randomized malware threats, where the evaluation engine adds data representing positively evaluated randomized malware threats to the library for proactive detection of future malware threats in the electronic computer network.
    Type: Grant
    Filed: January 12, 2018
    Date of Patent: April 28, 2020
    Assignee: THE BOEING COMPANY
    Inventors: Martin A. Apple, John A. Craig, Jadranka Mead, James Vasatka
  • Patent number: 10637881
    Abstract: In one example in accordance with the present disclosure, a method may include receiving an initial document object model (DOM) corresponding to an HTML page structure including a plurality of executable JavaScript code and simulating user interaction with an executable JavaScript code belonging to the plurality in the HTML page structure. The method may include adjusting the initial DOM based on the simulated user interaction, generating byte code corresponding to the adjust DOM and analyzing the byte code using a set of static rules.
    Type: Grant
    Filed: August 16, 2017
    Date of Patent: April 28, 2020
    Assignee: MICRO FOCUS LLC
    Inventors: Kevin Allen Williams, Brian Charles King, Steve Alan Millar
  • Patent number: 10630711
    Abstract: Systems and methods may provide for detecting a browser request for web content. Additionally, interaction information associated with a plurality of sources may be determined in response to the browser request, and a risk profile may be generated based on the interaction. The risk profile may include at least a portion of the interaction information as well as recommended control actions to mitigate the identified risk. In one example, the risk profile is presented to a user associated with the browser request as well as to a security control module associated with the platform.
    Type: Grant
    Filed: December 14, 2015
    Date of Patent: April 21, 2020
    Assignee: Intel Corporation
    Inventors: Hong Li, Alan D. Ross, Rita H. Wouhaybi, Tobias M. Kohlenberg
  • Patent number: 10630484
    Abstract: Methods, systems, and computer program products are included for loading a code module. A method includes verifying, by a guest, a digital signature of a code module stored in an initial guest memory buffer. The guest copies the verified code module stored at the initial guest memory buffer into a target guest memory buffer and applies, using one or more symbol entries, one or more relocations to the verified code module stored at the target guest memory buffer. The guest sends a request to a hypervisor to set the target guest memory buffer to a write-protect mode. In response to a determination that first content stored in the initial guest memory buffer corresponds to second content stored in the target guest memory buffer, the guest sends a request to the hypervisor to set the target guest memory buffer to an executable mode.
    Type: Grant
    Filed: August 20, 2018
    Date of Patent: April 21, 2020
    Assignee: Red Hat Israel, Ltd.
    Inventors: Paolo Bonzini, Michael Tsirkin
  • Patent number: 10615973
    Abstract: Systems and methods of detecting an unauthorized data insertion into a stream of data segments extending between electronic modules or between electronic components within a module, wherein a data stream is encrypted with a secure encryption key for transmission, then decrypted upon receipt using a corresponding secure decryption key to confirm data transmission integrity.
    Type: Grant
    Filed: December 8, 2017
    Date of Patent: April 7, 2020
    Assignee: FotoNation Limited
    Inventors: Peter Corcoran, Alexandru Drimbarean
  • Patent number: 10614213
    Abstract: There are disclosed devices, system and methods for detecting malicious code existing in an internet advertisement (ad) requested by a published webpage viewed by a user. First, receipt of malicious code of the ad is detected, where that code may be malicious code that causes a browser unwanted action without user action. If the internet ad is an SCR type document, the malicious code may be wrapped in a java script (JS) closure to detect an unwanted action requested by the malicious code. The malicious code is executed a browser sandbox that activates the unwanted action, that displays execution of the internet ad and that allows execution of the unwanted action. When a security error resulting from the unwanted action is detected, executing the malicious code in the browser sandbox is discontinued, displaying of the internet ad on the display is discontinued, and execution of the unwanted action is stopped.
    Type: Grant
    Filed: November 18, 2019
    Date of Patent: April 7, 2020
    Assignee: CLEAN.IO, INC.
    Inventors: Seth Demsey, Alexey Stoletny, Iván Soroka
  • Patent number: 10614728
    Abstract: A scoring server for assessing technical skills in a practical environment. A client application acts as a middle man between a terminal and an operating system to capture and forward all input from and output to students to the scoring server. The scoring server compares recorded student activity against a list of tasks deemed capable of accomplishing course objectives assigned to students. As objectives are met by a student, the students' grade is updated in real-time. Each student passes or fails an exam based on tasks performed and skills employed. The client application exists for two operating system types: WINDOWS® and LINUX®. A LINUX® client employs a pseudoterminal to permit access to terminal input/output and communication through stdin, stdout, and stderr channels. A windows client (WC) comprises a WC command line activity logger and a WC monitor process to intercept all communication through stdin, stdout, and stderr communication channels.
    Type: Grant
    Filed: December 27, 2016
    Date of Patent: April 7, 2020
    Assignee: TELECOMMUNICATION SYSTEMS, INC.
    Inventors: Jeremy Willingham, Brendan Watters, Anthony Hendricks, Brian Reider, Rob Odom, Robert Ledesma
  • Patent number: 10609048
    Abstract: There is provided a method for detecting a malicious attempt to access a service providing server using credentials of a client terminal in a network, the method performed by a malicious event detection server analyzing packets transmitted over the network, comprising: analyzing at least one login-credential associated with an attempt to obtain authentication to access the service providing server to determine whether the login-credential matches an invalid login-credential included in a set of honeytoken-credentials, wherein the set of honeytoken-credentials is stored on a local memory of the client terminal, wherein the set of honeytoken-credentials includes the invalid login-credential and a valid login-credential, wherein the invalid login-credential is invalid for authentication of the client terminal to access the service providing server and the valid login-credential is valid for authentication of the client terminal to access the service providing server; and identifying a malicious event when the lo
    Type: Grant
    Filed: August 27, 2018
    Date of Patent: March 31, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Tal Arieh Be'ery, Itai Grady
  • Patent number: 10607032
    Abstract: A cryptographic ASIC and method for enforcing a derivative key hierarchy for managing an information stream. A programming user provides a user passphrase that is used to generate a transform key and is then deleted. The transform key is inaccessibly, invisibly, and indelibly generated and stored in a one-time programmable memory with externally generated programming pulses during or after manufacture, without being reported out to the user who provided the user passphrase. A transform-enabled cryptographic circuit or method customized with the transform key processes a predetermined input message to obtain a predetermined output message indicating an identity of a particular information stream. Other input messages may also be processed, such as for verifying a blockchain, but replication requires knowledge of the transform key. Only a programming user with knowledge of the user passphrase is capable of creating an information stream, such as a blockchain.
    Type: Grant
    Filed: March 4, 2019
    Date of Patent: March 31, 2020
    Assignee: Blockchain ASICs LLC
    Inventor: Edward L. Rodriguez De Castro
  • Patent number: 10599842
    Abstract: Endpoints in a network execute a sensor module that intercepts commands. The sensor module compares a source of commands to a sanctioned list of applications received from a management server. If the source does not match a sanctioned application and the command is a write or delete command, the command is ignored and a simulated acknowledgment is sent. If the command is a read command, deception data is returned instead. In some embodiments, certain data is protected such that commands will be ignored or modified to refer to deception data where the source is not a sanctioned application. The source may be verified to be a sanctioned application by evaluating a certificate, hash, or path of the source.
    Type: Grant
    Filed: December 19, 2016
    Date of Patent: March 24, 2020
    Assignee: ATTIVO NETWORKS INC.
    Inventors: Venu Vissametty, Muthukumar Lakshmanan, Harinath Vishwanath Ramchetty, Vinod Kumar A. Porwal
  • Patent number: 10586048
    Abstract: A computer system is rebooted upon crash without running platform firmware and without retrieving all of the modules included in a boot image from an external source and reloading them into system memory. The reboot process includes the steps of stopping and resetting all of the processing units, except one of the processing units that detected the crash event, selecting the one processing unit to execute a reboot operation, and executing the reboot operation to reboot the computer system.
    Type: Grant
    Filed: June 23, 2016
    Date of Patent: March 10, 2020
    Assignee: VMWARE, INC.
    Inventors: Xunjia Lu, Xavier Deguillard, Mukund Gunti, Vishnu Sekhar
  • Patent number: 10572668
    Abstract: Example implementations relate to operational verification. In an example, operational verification includes a processor, a shared non-volatile memory storing updated system, and an embedded controller (EC) to operationally verify the updated system instructions based on comparison of a length of time associated with a BIOS boot of the computing system using the updated system instructions to a boot time threshold.
    Type: Grant
    Filed: January 27, 2016
    Date of Patent: February 25, 2020
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Valiuddin Y. Ali, Lan Wang, Boris Balacheff
  • Patent number: 10572663
    Abstract: The disclosed computer-implemented method for identifying malicious file droppers may include (1) detecting a malicious file on the computing device, (2) constructing an ordered list of files that resulted in the malicious file being on the computing device where the malicious file is the last file in the ordered list of files and each file in the ordered list of files placed the next file in the ordered list of files on the computing device, (3) determining that at least one file prior to the malicious file in the ordered list of files comprises a malicious file dropper, and (4) performing a security action in response to determining that the file prior to the malicious file in the ordered list of files comprises the malicious file dropper. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: March 9, 2016
    Date of Patent: February 25, 2020
    Assignee: Symantec Corporation
    Inventors: Yun Shen, Azzedine Benameur, Nathan Evans
  • Patent number: 10572666
    Abstract: Systems and methods for the mitigation of return-oriented programming are disclosed. A return address for a function is encrypted to generate an encrypted return address. The encrypted return address is stored as the return address for the function. The encrypted return address can be decrypted prior to a return instruction of the function.
    Type: Grant
    Filed: April 20, 2017
    Date of Patent: February 25, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Shishir Sharma, Ten Tzen
  • Patent number: 10558469
    Abstract: A device may receive a digital voucher, a customer certificate, and configuration information for automatically configuring the device. The digital voucher may include a first customer identifier that identifies a customer associated with the device and a device identifier that identifies the device. The customer certificate may include a second customer identifier that identifies the customer and a customer public key associated with the customer. The configuration information may include information that identifies a configuration for automatically configuring the device. The device may validate at least one of the digital voucher, the customer certificate, or the configuration information. The device may configure the device, using the configuration, based on validating at least one of the digital voucher, the customer certificate, or the configuration information.
    Type: Grant
    Filed: February 22, 2017
    Date of Patent: February 11, 2020
    Assignee: Juniper Networks, Inc.
    Inventor: Kent A. Watsen
  • Patent number: 10558805
    Abstract: A method of detecting malware in Linux platform through the following steps: use objdump-D command to disassemble ELF format benign software and malware samples to generate assembly files; traverse the generated assembly files one by one, read the ELF files' code segment and meanwhile identify whether the code segment contains main( ) function; analyze the code segment read. Divide assembly code into different basic blocks. Each basic block is marked by its lowest address. Add control flow graph's vertex to the adjacency linked list; establish the relation between basic blocks, add control flow graph's edges to the adjacency linked list and generate a basic control flow graph; extract control flow graph's features and write them into ARFF files; take ARFF files as the data set of a machine learning tool named weka to carry out data mining and construct classifier; classify the ELF samples to be tested by using the classifier.
    Type: Grant
    Filed: July 10, 2017
    Date of Patent: February 11, 2020
    Assignees: SICHUAN UNIVERSITY, Beijing Tongtech Co., LTD.
    Inventors: Junfeng Wang, Baoxin Xu, Dong Liu, Fan Li, Xiaosong Zhang
  • Patent number: 10560472
    Abstract: A method includes receiving a first file attribute from a computing device. The method also includes determining whether a classification for a file is available from a first cache of the server based on the first file attribute. The method includes sending the first file attribute from the server to a second server to determine whether the classification for the file is available at a base prediction cache of the second server. The method includes receiving a notification at the server from the second server that the classification for the file is unavailable at the base prediction cache. The method includes, in response to receiving the notification, determining the classification for the file by performing an analysis of a second file attribute based on a trained file classification model. The method includes sending the classification to the computing device and sending at least the classification to the base prediction cache.
    Type: Grant
    Filed: May 8, 2019
    Date of Patent: February 11, 2020
    Assignee: SPARKCOGNITION, INC.
    Inventors: Lucas McLane, Jarred Capellman
  • Patent number: 10530816
    Abstract: Embodiments of the present disclosure monitor certificates or other credentials loaded to various components and systems of a vehicle. A set of information identifying credentials that are expected to be present and/or in use can be saved. Periodically, on request, or upon the occurrence of an event or condition, checks can be performed on the credentials individually or in the aggregate using the saved information to determine whether the certificates present and/or in use are those expected or if a change has occurred. If a change is detected, i.e., a difference between the current set of certificates and the saved set of information, the network security system can take some action. The action, depending on the nature of the change detected, can vary from recording and/or reporting the condition up to and including isolating or even disabling a particular component or system on which the changed certificate is used.
    Type: Grant
    Filed: May 18, 2017
    Date of Patent: January 7, 2020
    Assignee: NIO USA, Inc.
    Inventor: Abraham T. Chen
  • Patent number: 10515214
    Abstract: According to one embodiment, a system of detecting malware in a specimen of computer content or network traffic comprises a processor and a memory. The memory includes a first analysis logic and a second analysis logic that may be executed by the processor. Upon execution, the first analysis logic performs a static analysis in accordance with an analysis plan to identify one or more suspicious indicators associated with malware and one or more characteristics related to processing of the specimen. The second analysis logic performs a second analysis in accordance with the analysis plan by processing of the specimen in a virtual machine and monitoring for one or more unexpected behaviors during virtual processing of the specimen in the virtual machine. The analysis plan may be altered based on the results of one of the analyzes.
    Type: Grant
    Filed: October 23, 2015
    Date of Patent: December 24, 2019
    Assignee: FireEye, Inc.
    Inventors: Michael Vincent, Ali Mesdaq, Emmanuel Thioux, Abhishek Singh, Sal Vashisht
  • Patent number: 10511574
    Abstract: Embodiments are disclosed for managing interactions between a server application and an external environment while limiting an attack surface of the server application. An example method includes receiving, by communications circuitry of a gateway integration server (GIS) and from a source device in the external environment, a message including an application programming interface (API) call. The example method further includes evaluating, by authentication circuitry of the GIS, whether the API call is authorized. If so, the example method further includes generating, by response circuitry of the GIS, a response to the API call, and transmitting, by the communications circuitry of the GIS and to the source device, the response to the API call. However, if not, the example method includes transmitting, by the communications circuitry of the GIS, an error message to the source device. Corresponding apparatuses and computer program products are also provided.
    Type: Grant
    Filed: March 31, 2017
    Date of Patent: December 17, 2019
    Assignee: HYLAND SOFTWARE, INC.
    Inventors: Yana Poliashenko, Latonia M Howard
  • Patent number: 10503909
    Abstract: In remediating a computer vulnerability, operations to be performed to correct the vulnerability are identified. Remediation processors are scheduled to perform the operations. Whether the vulnerability has been corrected is determined by: determining whether the operations have been performed successfully; and determining whether the operations have been performed by authorized remediation processors.
    Type: Grant
    Filed: October 31, 2014
    Date of Patent: December 10, 2019
    Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
    Inventors: Peter Schmidt, Jeff Kalibjian
  • Patent number: 10503904
    Abstract: A computerized method for detecting and mitigating a ransomware attack is described. The method features (i) a kernel mode agent that intercepts an initiation of a process, intercepts one or more system calls made by the process when the process is determined to be suspicious and copies at least a portion of a protected file to a secure storage location when a request to open a protected file by the process is intercepted when the process is determined to be suspicious, and (ii) a user mode agent that determines whether the process is a suspicious process, monitors processing of the suspicious process and determines whether the suspicious process is associated with a ransomware attack. Additionally, in order to mitigate effects of a ransomware attack, the kernel mode agent may restore the protected file with a copy stored in the secure storage location when a ransomware attack is detected.
    Type: Grant
    Filed: July 24, 2017
    Date of Patent: December 10, 2019
    Assignee: FireEye, Inc.
    Inventors: Japneet Singh, Anil Gupta
  • Patent number: 10498744
    Abstract: This application is directed to an integrity monitoring method performed at a computational machine in a linear communication orbit. The computational machine receives a watch list through the linear communication orbit. The watch list identifies objects for which events are to be monitored at the computational machine. While a plurality of events are occurring locally at the computational machine, the computational machine identifies the plurality of events in real-time. The identified events include events for the objects identified by the watch list, and event information for these identified events is stored in a local database of the computational machine. In response to an integrity reporting request received through the linear communication orbit, the computational machine identifies event information for at least some of the objects identified by the watch list in the local database, and returns the identified event information to a server system through the linear communication orbit.
    Type: Grant
    Filed: September 22, 2017
    Date of Patent: December 3, 2019
    Assignee: TANIUM INC.
    Inventors: Christian L. Hunt, Thomas R. Gissel, Aaron Tarter, Daniel Floyd, Benjamin Hobbs, Michael Smith
  • Patent number: 10490291
    Abstract: A memory check ASIC for fuzes and safety and arming (S&A) devices. The memory check ASIC may comprise: an ASIC, data line, clock line, shutdown line, and reset line. The ASIC may operatively couple to a microcontroller having a flash-based memory and may comprise: a digital logic for verifying a calculated checksum based on contents of the flash-based memory. A clock signal along with the calculated checksum may be transmitted to the ASIC via the clock line and data line, respectively. A shutdown signal may be transmitted from the ASIC to the microcontroller via the shutdown line in response to the verification of the calculated checksum by the digital logic. A reset signal may synchronize sampling of the calculated checksum and may be latched by flip-flop circuits of the digital logic for a predetermined number of clock cycles.
    Type: Grant
    Filed: April 24, 2018
    Date of Patent: November 26, 2019
    Assignee: The United States of America, as Represented by the Secretary of the Navy
    Inventors: Michael Haddon, Jonathan Duncan
  • Patent number: 10467408
    Abstract: A method, system, and computer program product for security scanning of advertisements displayed inside software applications. First, it is automatically detected that the software application has received from a server, over a network, advertising code that is configured to display an advertisement within the software application. Then, the received advertising code is intercepted, and is wrapped with program code that is configured to: scan the advertising code for malicious content, and allow or prevent the display of the advertisement within the software application based on the scanning. Finally, the wrapped advertising code is delivered to the software application as if the wrapped advertising code was received directly from the server, such that, when the wrapped advertising code is executed in the software application: the advertising code is scanned, and the display of the advertisement is allowed or prevented based on the scanning.
    Type: Grant
    Filed: March 19, 2019
    Date of Patent: November 5, 2019
    Assignee: FIVE MEDIA MARKETING LIMITED
    Inventors: Amnon Sem Siev, Yehuda Sapir, Ido Peled, Itamar Mula, Eliyahu Babila
  • Patent number: 10459711
    Abstract: In general, in one aspect, an installation file digitally signed with a first package signature is received. It is determined whether the received installation file includes a migration signature that covers the first package signature and that matches a second signature associated with an installed software application, to confirm that the received installation file includes a valid update related to the installed software application. The installed software application is updated from the received installation file when the migration signature is included.
    Type: Grant
    Filed: August 12, 2008
    Date of Patent: October 29, 2019
    Assignee: ADOBE INC.
    Inventor: Oliver Goldman
  • Patent number: 10460106
    Abstract: A method and apparatus for identifying computer virus variants are disclosed to improve the accuracy of virus identification and removal, and may relate to the field of internet technology. The method includes running a virus sample to be tested and recording an API call sequence produced during running of the virus sample. The method further includes obtaining a characteristic API call sequence for each one of a plurality of virus families, matching the API call sequence produced during running of the virus sample to be tested with the characteristic API call sequences of the virus families, and obtaining a matching result. The method also includes determining the virus sample to be tested is a virus variant by extent of a match between the API call sequence produced by the virus sample and any characteristic API call sequence of any one of the virus families.
    Type: Grant
    Filed: February 4, 2016
    Date of Patent: October 29, 2019
    Assignee: ALIBABA GROUP HOLDING LIMITED
    Inventors: Yuehua Guo, Honggang Tang
  • Patent number: 10432665
    Abstract: A system for managing attacker incidents, including a mobile device manager (MDM) receiving instructions to deploy deceptions on a mobile device used by an employee of an organization in conjunction with a network of the organization and, in response to the instructions, running a dedicated agent on the mobile device, wherein the dedicated agent is configured to register the mobile device and its current deceptions state, and install deceptions in the mobile device, a trap server triggering an incident in response to an attacker attempting to use deceptive data that was installed in the mobile device, and a deception management server sending instructions to the MDM to deploy deceptions on the mobile device, registering the mobile device and its deceptions state, receiving the notification from the trap server that an incident has occurred, and in response thereto instructing the MDM to run forensics on the mobile device.
    Type: Grant
    Filed: September 3, 2018
    Date of Patent: October 1, 2019
    Assignee: ILLUSIVE NETWORKS LTD.
    Inventors: Tal Yohai, Ofir Lauber, Yoav Epelman
  • Patent number: 10432814
    Abstract: A hardware processor of an image forming apparatus is able to obtain saving target information from a time of a power-off operation to a time of power supply interruption and to save the saving target information, in a nonvolatile storage of the image forming apparatus, as first snapshot data (for restoring a state at a predetermined time after firmware is activated). When a power-on operation is performed after the time of the power-off operation, the hardware processor determines whether to perform a first high-speed startup process using the first snapshot data as an apparatus startup process with respect to the image forming apparatus.
    Type: Grant
    Filed: May 3, 2018
    Date of Patent: October 1, 2019
    Assignee: KONICA MINOLTA, INC.
    Inventor: Hiroyasu Ito
  • Patent number: 10423786
    Abstract: In accordance with one embodiment of the present disclosure, a method for determining the similarity between a first data set and a second data set is provided. The method includes performing an entropy analysis on the first and second data sets to produce a first entropy result, wherein the first data set comprises data representative of a first one or more computer files of known content and the second data set comprises data representative of a one or more computer files of unknown content; analyzing the first entropy result; and if the first entropy result is within a predetermined threshold, identifying the second data set as substantially related to the first data set.
    Type: Grant
    Filed: November 15, 2016
    Date of Patent: September 24, 2019
    Assignee: McAfee, LLC
    Inventors: David Neill Beveridge, Abhishek Ajay Karnik, Kevin A. Beets, Tad M. Heppner, Karthik Raman
  • Patent number: 10423715
    Abstract: A method for sharing documents between on-demand services is provided. In an embodiment, a user of a first on-demand service may be able to view a list of content that includes content stored at the first on-demand service and content stored at a second on-demand service. The content of the second on-demand service may be associated with information about the content, allowing the content to be shared among multiple users of the first on-demand service. The user wanting to view the content, select or click on an indicator identifying the content, a connection to the second on-demand service is established, and images of the content are sent from the second on-demand service to the first on-demand service.
    Type: Grant
    Filed: March 6, 2017
    Date of Patent: September 24, 2019
    Assignee: salesforce.com, inc.
    Inventors: Timothy J. Barker, Jonathan Levine, James Johnson