Computer Virus Detection By Cryptography Patents (Class 713/188)
  • Patent number: 12153890
    Abstract: A method and system for generating anomaly-detection rules for communication protocols are provided. The method includes receiving communication data; constructing at least one N-gram from the received communication data; analyzing the at least one N-gram by comparing the constructed at least one N-gram with a repository of N-gram analyses to identify conditional probabilities of certain characteristics; and generating anomaly-detection rules based on the N-gram analysis.
    Type: Grant
    Filed: November 21, 2019
    Date of Patent: November 26, 2024
    Assignee: Intuit Inc.
    Inventors: Keren Cohavi, Liora Braunstin, Kiril Lashchiver, Yoav Spector
  • Patent number: 12149503
    Abstract: Provided is a gateway device capable of reducing influence on intra-vehicle network communication from a cyber security attack that infringes availability represented by a DoS attack from an extra-vehicle network.
    Type: Grant
    Filed: July 7, 2020
    Date of Patent: November 19, 2024
    Assignee: HITACHI ASTEMO, LTD.
    Inventors: Shuhei Kaneko, Hiroki Yamazaki, Teruaki Nomura
  • Patent number: 12147330
    Abstract: In an approach for smart test data workload generation, a processor receives a plurality of expected image frames for a user interface application to be tested. The plurality of expected image frames is pre-defined and represents a series of workflows and operations of the user interface application to be expected based on a design requirement. A processor calculates a first set of hash-values for each corresponding expected image frame. A processor samples the user interface application with a frequency to a plurality of testing image frames during a test run on the user interface application. A processor calculates a second set of hash-values for each sampled testing image frame. A processor compares the first set of hash-values to the second set of hash-values. A processor verifies that the second set of hash-values matches the first set of hash-values.
    Type: Grant
    Filed: September 22, 2021
    Date of Patent: November 19, 2024
    Assignee: International Business Machines Corporation
    Inventors: Xue Rui Hu, Wang Liu, Meng Wan, Mei Qin Si, Li Na Guo, Hong Yan Zhang
  • Patent number: 12147447
    Abstract: Systems and methods for formatting data are disclosed. For example, a system may include at least one memory storing instructions and one or more processors configured to execute the instructions to perform operations. The operations may include receiving data comprising a plurality of sequences of data values and training a recurrent neural network model to output conditional probabilities of subsequent data values based on preceding data values in the data value sequences. The operations may include generating conditional probabilities using the trained recurrent neural network model and the received data. The operations may include determining a data format of a subset of the data value sequences, based on the generated conditional probabilities, and reformatting at least one of the data value sequences according to the determined data format.
    Type: Grant
    Filed: June 23, 2023
    Date of Patent: November 19, 2024
    Assignee: Capital One Services, LLC
    Inventors: Anh Truong, Reza Farivar, Austin Walters, Jeremy Goodsitt
  • Patent number: 12143360
    Abstract: The communication control apparatus (10) performs a receiving process, a counting process, and a determination process. The receiving process is a process for receiving a request packet to query a predetermined server. The counting process is a process for counting, based on a source address of the request packet, in multiple stages corresponding to different ranges of address areas that include the source address. The determination process is a process for determining an address area corresponding to a stage, from the multiple stage, in which a count value by the counting process exceeds a predetermined threshold value as an unauthorized access address area.
    Type: Grant
    Filed: April 6, 2022
    Date of Patent: November 12, 2024
    Assignee: RAKUTEN MOBILE, INC.
    Inventor: Yoshimi Okada
  • Patent number: 12141277
    Abstract: A behavioral monitor executing in user space generates a plurality of filters corresponding to a plurality of processes executing in the user space. A first process transmits a system call to a corresponding filter of the plurality of filters in kernel space. The first process receives a signal from the corresponding filter. The first process analyzes the arguments submitted in the system call. The first process determines that the arguments may be associated with malicious activity. The first process generates an event and transmitting the event to the behavioral monitor. The behavioral monitor analyzes the event to determine whether the event is associated with malicious activity. The behavioral monitor causes a process group associated with the first process to cease executing and restores a previous version of the at least one file modified by the process group.
    Type: Grant
    Filed: February 7, 2022
    Date of Patent: November 12, 2024
    Assignee: Vali Cyber, Inc.
    Inventors: Austin James Gadient, Donald Benson Reaves, Anthony James Gadient
  • Patent number: 12135793
    Abstract: A computer-implemented method of managing computer vulnerabilities is disclosed. The method comprises detecting one or more processes running on a particular computing system during a particular period of time including now; and determining a set of active vulnerabilities that are associated with the one or more processes from a plurality of vulnerabilities. The method also comprises determining, for each vulnerability of the set of active vulnerabilities, context metadata related to a process or an application associated with the vulnerability, including how often the application has been executed, for how long the process has run, or when in the particular period of time the process was, is, or will be running. The method further comprises ranking the set of active vulnerabilities based on the context metadata for each active vulnerability to obtain a ranked order; and transmitting information related to the ranking to a device.
    Type: Grant
    Filed: October 28, 2022
    Date of Patent: November 5, 2024
    Assignee: Sysdig, Inc.
    Inventors: Mattia Pagnozzi, Luca Guerra, Guido Bonomi
  • Patent number: 12132757
    Abstract: The technology disclosed prevents phishing attacks where a malicious attacker creates a malicious file in a cloud-based store and shares it with endpoint users. A user, opening the shared document, is redirected to a malicious website where a corporation's critical data may be compromised. The cloud-based method applies a set of rules and policies to allow the shared document or block the shared document from the network, based on identifying the ownership or originator of the shared document. Documents from blacklisted websites are blocked. Documents from trusted sources are allowed access to the network. Unknown documents are blocked and threat-scanned to determine if they contain malicious content. If analysis proves a blocked document to be safe, it may be released into the network along with subsequent documents having the same ownership or originator.
    Type: Grant
    Filed: July 30, 2021
    Date of Patent: October 29, 2024
    Assignee: NetSkope, Inc.
    Inventors: Anupam Kumar, Prasenna Ravi, Muhammed Shafeek, Venkataswamy Pathapati
  • Patent number: 12132755
    Abstract: An embodiment includes a method of application vulnerability assessment and prioritization. The method includes ingesting modelling data from data sources for application vulnerabilities. The method includes transforming at least a portion of the modelling data to covariate vectors. The method includes extracting keywords and phrases from the modelling data and statistically measuring relevance of files of the modelling data based on the extracted keywords and phrases. The method includes generating threat levels of the application vulnerabilities based on the covariate vectors and the measured relevance. The method includes outputting the threat levels to a network management system. The method includes implementing, at a first endpoint device of the network, a first patch to address one of the application vulnerabilities.
    Type: Grant
    Filed: June 3, 2022
    Date of Patent: October 29, 2024
    Assignee: Ivanti, Inc.
    Inventors: Srinivas Mukkamala, Taylor Wong
  • Patent number: 12111941
    Abstract: Aspects of the disclosure relate to dynamically controlling access to linked content in electronic communications. A computing platform may receive, from a user computing device, a request for a uniform resource locator associated with an email message and may evaluate the request using one or more isolation criteria. Based on evaluating the request, the computing platform may identify that the request meets at least one isolation condition associated with the one or more isolation criteria. In response to identifying that the request meets the at least one isolation condition associated with the one or more isolation criteria, the computing platform may initiate a browser mirroring session with the user computing device to provide the user computing device with limited access to a resource corresponding to the uniform resource locator associated with the email message.
    Type: Grant
    Filed: August 30, 2022
    Date of Patent: October 8, 2024
    Assignee: Proofpoint, Inc.
    Inventors: Conor Brian Hayes, Michael Edward Jones, Alina V. Khayms, Kenny Lee, David Jonathan Melnick, Adrian Knox Roston
  • Patent number: 12113763
    Abstract: Disclosed are a message sending method and apparatus. The method includes: a front-end device receiving a message preview instruction and sending the message preview instruction to a server; the server determining, on the basis of the message preview instruction, whether a message currently corresponding to a message type satisfies a sending rule, and if so, making an electronic message correspond to the message type, and sending the electronic message to the front-end device; the front-end device outputting and displaying the electronic message for a user to view; and the user triggering a message sending instruction after confirming same, so as to complete the sending of the electronic message.
    Type: Grant
    Filed: January 10, 2022
    Date of Patent: October 8, 2024
    Assignee: TravelSky Technology Limited
    Inventor: Yue Han
  • Patent number: 12111938
    Abstract: The described technology is generally directed towards secure collaborative processing of private inputs. A secure execution engine can process encrypted data contributed by multiple parties, without revealing the encrypted data to any of the parties. The encrypted data can be processed according to any program written in a high-level programming language, while the secure execution engine handles cryptographic processing.
    Type: Grant
    Filed: April 11, 2022
    Date of Patent: October 8, 2024
    Assignee: CipherMode Labs, Inc.
    Inventors: Mohammad Sadegh Riazi, Ilya Razenshteyn
  • Patent number: 12099596
    Abstract: In general, in one aspect, a method includes receiving software code with an invalid characteristic, repeatedly attempting to execute the software code with the invalid characteristic on a device, and in response to successful execution of the software code with the invalid characteristic, taking an action. The action may include an action to remediate the device.
    Type: Grant
    Filed: July 9, 2021
    Date of Patent: September 24, 2024
    Assignee: Sophos Limited
    Inventor: Michael Shannon
  • Patent number: 12093380
    Abstract: Examples of the present disclosure describe systems and methods for a behavioral threat detection virtual machine. In examples, the virtual machine executes a rule comprising rule instructions. A rule may comprise one or more wait rule instructions that causes the virtual machine to pause execution. As events are added to an event queue for the rule virtual machine, the behavioral threat detection virtual machine evaluates such events in order to identify a positive or, in some instances, a negative match. When a matching event is identified, rule execution resumes. Eventually, a determination is made as a result of processing events and wait packets, thereby indicating the presence or absence of a malicious or potentially malicious behavior, among other examples. Thus, among other things, the behavioral threat detection virtual machine maintains a state associated with rule execution and processes events to identify behaviors accordingly.
    Type: Grant
    Filed: April 17, 2023
    Date of Patent: September 17, 2024
    Assignee: OPEN TEXT INC.
    Inventors: Eric Klonowski, Fred Krenson
  • Patent number: 12088625
    Abstract: A method and network are provided for monitoring a network during a DDoS attack. The method includes establishing a flow record for flows designated for tarpitting and a state machine, each state of multiple states of the state machine having an associated handler function. The handler function associated with a current state of a state machine associated with a flow is invoked to perform one or more actions associated with the flow or the flow record for applying at least one tarpitting technique of one or more candidate tarpitting techniques associated with the flow record, and return a next state, which is used to update the current state of the state machine. The handler function associated with the current state of the state machine is repeatedly invoked, wherein each invocation of the handler function potentially applies different tarpitting techniques.
    Type: Grant
    Filed: June 17, 2022
    Date of Patent: September 10, 2024
    Assignee: ARBOR NETWORKS, INC.
    Inventor: Brian St. Pierre
  • Patent number: 12088630
    Abstract: A method including receiving, by a security device from a network device, an initial security instruction set including a plurality of initial security instructions associated with operation of the security device; receiving, by the security device from the network device, an event signal associated with the security device carrying out a network-facing operation; transmitting, by the security device to the network device based on receiving the event signal, a security instruction associated with the security device carrying out the network-facing operation, the security instruction being from among the plurality of initial security instructions; receiving, by the security device from the network device based on transmitting the security instruction, communication information to enable the security device to carry out the network-facing operation; and carrying out, by the security device, the network-facing operation based on utilizing the communication information is disclosed.
    Type: Grant
    Filed: August 9, 2022
    Date of Patent: September 10, 2024
    Assignee: UAB 360 IT
    Inventors: Aleksandr {hacek over (S)}ev{hacek over (c)}enko, Justas Rafanavi{hacek over (c)}ius
  • Patent number: 12072980
    Abstract: Method of detecting malware in a computer storage medium is described. The method involves connecting the computer storage medium to an air-gapped anti-malware device. Scanning the computer storage medium for malware.
    Type: Grant
    Filed: April 17, 2019
    Date of Patent: August 27, 2024
    Assignee: CONOCOPHILLIPS COMPANY
    Inventor: Mark Jaques
  • Patent number: 12074908
    Abstract: This application discloses a cyber threat deception method and system, and a forwarding device. The forwarding device obtains a deception target set, where the deception target set includes a deception target, and the deception target includes an unused internet protocol (IP) address or an unopened port number on a used IP address. The forwarding device receives an IP packet from a host, and determines whether a destination party that the IP packet requests to access belongs to the deception target set. If the destination party that the IP packet requests to access belongs to the deception target set, the forwarding device sends the IP packet to a honeypot management server. The forwarding device receives a response packet, returned by the honeypot management server, of the corresponding IP packet. The forwarding device sends the response packet to the host.
    Type: Grant
    Filed: July 7, 2021
    Date of Patent: August 27, 2024
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Huazhi Yang, Donghui Wang
  • Patent number: 12067115
    Abstract: A system and method for detecting malware using hierarchical clustering analysis. Unknown files classified by clustering and in view of known malicious and known safe files. Machine learning models and detection rules are used to enhance classification accuracy.
    Type: Grant
    Filed: September 30, 2021
    Date of Patent: August 20, 2024
    Assignee: Acronis International GmbH
    Inventors: Andrey Kulaga, Nikolay Balakin, Maxim Davydov, Nikolay Grebennikov, Serguei Beloussov, Stanislav Protasov
  • Patent number: 12063244
    Abstract: An endpoint computer is protected from malicious distributed configuration profiles. The endpoint computer receives a distributed configuration profile over a computer network. Before installation of the distributed configuration profile in the endpoint computer, features of the distributed configuration profile are used to traverse a supervised decision tree. A rating score is generated based on weights of nodes of the supervised decision tree that are traversed using the features of the distributed configuration profile. The distributed configuration profile is detected to be malicious based at least on the rating score.
    Type: Grant
    Filed: July 18, 2022
    Date of Patent: August 13, 2024
    Assignee: Trend Micro Incorporated
    Inventors: Yilu Ou, Changxi Cao, Liangzhi Zhang
  • Patent number: 12056237
    Abstract: Methods and apparatus consistent with the present disclosure may be used after a computer network has been successfully attacked by new malicious program code. Such methods may include collecting data from computers that have been affected by the new malicious program code and this data may be used to identify a type of damage performed by the new malicious code. The collected data may also include a copy of the new malicious program code. Methods consistent with the present disclosure may also include allowing the new malicious program code to execute at an isolated computer while actions and instructions that cause the damage are identified. Signatures may be generated from the identified instructions after which the signatures or data that describes the damaging actions are provided to computing resources such that those resources can detect the new malware program code.
    Type: Grant
    Filed: June 29, 2023
    Date of Patent: August 6, 2024
    Assignee: SonicWALL Inc.
    Inventors: Zhuangzhi Duo, Atul Dhablania
  • Patent number: 12051255
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for machine learning. One of the methods includes receiving a message including an attachment document; determining one or more first features from content of the attachment document; providing the first features to one or more classification models, the one or more classification models including a machine learning model, wherein the machine learning model is trained to generate a prediction of one or more classifications of attachment documents based on input features; generating one or more predicted classifications of the attachment document; and associating the one or more predicted classifications with the attachment document.
    Type: Grant
    Filed: May 7, 2021
    Date of Patent: July 30, 2024
    Assignee: States Title, LLC
    Inventors: Apoorv Sharma, Brian Holligan
  • Patent number: 12039035
    Abstract: Disclosed herein are an apparatus and method for detecting violation of control flow integrity. The apparatus includes memory for storing a program and a processor for executing the program, wherein the processor multiple branch identifier registers to which identifiers of branch targets are written, a set branch identifier instruction configured to command an identifier of a branch target to be written to a branch identifier register at a predetermined sequence number, among the multiple branch identifier registers, and a check branch identifier instruction configured to command a signal indicating detection of a control flow hijacking attack to be issued based on whether a value written to the branch identifier register at the predetermined sequence number is identical to a value of an identifier of a branch target at the predetermined sequence number, wherein the program detects whether a control flow is hijacked based on the multiple branch identifier registers.
    Type: Grant
    Filed: November 3, 2021
    Date of Patent: July 16, 2024
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Dong-Wook Kang, Dae-Won Kim, Ik-Kyun Kim, Sang-Su Lee, Jin-Yong Lee, Byeong-Cheol Choi, Yong-Je Choi
  • Patent number: 12032493
    Abstract: Methods and systems disclosed herein describe obfuscating plaintext cryptographic material stored in memory. A random location in an obfuscation buffer may be selected for each byte of the plaintext cryptographic material. The location of each byte of the plaintext cryptographic material may be stored in a position tracking buffer. To recover the scrambled plaintext cryptographic material, the location of each byte of the plaintext cryptographic material may be read from the position tracking buffer. Each byte of the plaintext cryptographic material may then be read from the obfuscation buffer and written to a temporary buffer. When each byte of the plaintext cryptographic material is recovered, the plaintext cryptographic material may be used to perform one or more cryptographic operations. The scrambling techniques described herein reduce the likelihood of a malicious user recovering plaintext cryptographic material while stored in memory.
    Type: Grant
    Filed: January 26, 2023
    Date of Patent: July 9, 2024
    Assignee: Capital One Services, LLC
    Inventors: Hao Cheng, Rohit Joshi, Lan Xie
  • Patent number: 12028323
    Abstract: The present disclosure relates generally to systems and methods for providing dynamic access levels based upon permitted provision of client system data. In particular, proactive blocking of access to protected systems/services may be implemented when client system electronic data provision requirements of the protected systems/services are not met.
    Type: Grant
    Filed: June 29, 2021
    Date of Patent: July 2, 2024
    Assignee: United Services Automobile Association (USAA)
    Inventors: Bradly Jay Billman, Jennifer Hunt Erickson
  • Patent number: 12021881
    Abstract: Examples of the present disclosure describe systems and methods of automatic inline detection based on static data. In aspects, a file being received by a recipient device may be analyzed using an inline parser. The inline parser may identify sections of the file and feature vectors may be created for the identified sections. The feature vectors may be used to calculate a score corresponding to the malicious status of the file as the information is being analyzed. If a score is determined to exceed a predetermined threshold, the file download process may be terminated. In aspects, the received files, file fragments, feature vectors and/or additional data may be collected and analyzed to build a probabilistic model used to identify potentially malicious files.
    Type: Grant
    Filed: March 3, 2021
    Date of Patent: June 25, 2024
    Assignee: OPEN TEXT INC.
    Inventors: Mauritius Schmidtler, Reza M. Yoosoofmiya, Kristina Theroux
  • Patent number: 12019734
    Abstract: A non-transitory processor-readable medium storing code representing instructions to cause a processor to perform a process includes code to cause the processor to receive a set of indications of allowed behavior associated with an application. The processor is also caused to initiate an instance of the application within a sandbox environment. The processor is further caused to receive, from a monitor module associated with the sandbox environment, a set of indications of actual behavior of the instance of the application in response to initiating the instance of the application within the sandbox environment. The processor is also caused to send an indication associated with an anomalous behavior if at least one indication from the set of indications of actual behavior does not correspond to an indication from the set of indications of allowed behavior.
    Type: Grant
    Filed: March 24, 2021
    Date of Patent: June 25, 2024
    Assignee: Invincea, Inc.
    Inventors: Anup Ghosh, Scott Cosby, Alan Keister, Benjamin Bryant, Stephen Taylor
  • Patent number: 12001596
    Abstract: The technology of this application relates to a transaction security processing method and apparatus, and a terminal device. The method includes receiving, in a rich execution environment (REE), a screen jump instruction triggered by a user in a first screen, where the screen jump instruction is used for jumping to a second screen, and the second screen can be displayed in a trusted execution environment (TEE), and entering the TEE and loading a trusted application (TA) in the TEE. The method further includes obtaining a first audio file from storage space on an REE side and playing the first audio file by using the TA, where the first audio file is used to represent that the terminal device is currently running in a trusted environment, and displaying the second screen generated by using the TA.
    Type: Grant
    Filed: June 28, 2021
    Date of Patent: June 4, 2024
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Xiaochu Wang, Peng Zhang, Gaosheng Yin
  • Patent number: 11989670
    Abstract: A system and method that allow an institution's customer's anticipated data to be stored in a cache in advance of a request for that data, using predictive models based upon analyses of each specific customer's historical patterns. For example, when a customer logs on to an institution's server, a machine learning application on that server may predict the type or category of data that the customer may intend to retrieve, based upon his or her previous patterns when logging on. Typical categories of data may include, for example, account balances, status of outstanding loans, credit card data, and insurance information. By populating the cache with such anticipated data, that data may be more quickly accessed by the customer.
    Type: Grant
    Filed: November 8, 2021
    Date of Patent: May 21, 2024
    Assignee: United Services Automobile Association (USAA)
    Inventors: Gunjan C. Vijayvergia, Anand Shah, Alan David Chase, Anil Sanghubattla, Andrew P. Jamison
  • Patent number: 11977655
    Abstract: A computer-implemented method, a computer system, and computer program product for associating security events. The method includes obtaining a result of implementation of one or more Locality-Sensitive Hashing (LSH) functions to feature data of a first event detected by a first device. The method also includes mapping the result to one or more positions in a data structure. In response to data elements of the one or more positions indicating first information associating with the one or more positions exists in a storage, the method includes obtaining the first information from the storage. The method further includes sending the first information to the first device.
    Type: Grant
    Filed: August 25, 2020
    Date of Patent: May 7, 2024
    Assignee: International Business Machines Corporation
    Inventors: Jia-Sian Jhang, Chen-Yu Kuo, Hsiao-Yung Chen, Lu Cheng Lin, Chien Wen Jung
  • Patent number: 11971994
    Abstract: A system for securing electronic devices includes a processor, a storage medium communicatively coupled to the processor, and a monitoring application comprising computer-executable instructions on the medium. The instructions are readable by the processor. The monitoring application is configured to receive an indication that a client has been affected by malware, cause the client to boot from a trusted operating system image, cause a launch of a secured security application on the client from a trusted application image, and analyze a malware status of the client through the secured security application.
    Type: Grant
    Filed: December 30, 2022
    Date of Patent: April 30, 2024
    Assignee: Musarubra US LLC
    Inventors: Dmitri Rubakha, Francisco M. Cuenca-Acuna, Hector R. Juarez, Leandro I. Costantino
  • Patent number: 11960606
    Abstract: A system, method, and device are provided for detecting and mitigating a storage attack at the block level by generating canary blocks by marking blocks of data (referred to as memory blocks) such that other programs do not modify these canary blocks that are monitored to detect data storage attacks that attempt to modify the canary blocks and/or by monitoring statistical and behavioral features of activities over blocks, whether they can be modified by other programs or not. The system and method also backup the memory blocks by backing up memory blocks as they are modified. When a data storage attack is detected, the attack is stopped, and the files are remediated using the backup of the affected memory blocks.
    Type: Grant
    Filed: March 24, 2022
    Date of Patent: April 16, 2024
    Assignee: Check Point Software Technologies Ltd.
    Inventors: Liran Orevi, Haggai David
  • Patent number: 11956253
    Abstract: The present disclosure relates to a machine-learning system, method, and computer program for ranking security alerts from multiple sources. The system self-learns risk levels associated with alerts by calculating risk probabilities for the alerts based on characteristics of the alerts and historical alert data. In response to receiving a security alert from one of a plurality of alert-generation sources, the alert-ranking system evaluates the security alert with respect to a plurality of feature indicators. The system creates a feature vector for the security alert based on the feature indicator values identified for the alert. The system then calculates a probability that the security alert relates to a cybersecurity risk in the computer network based on the created feature vector and historical alert data in the network. The system ranks alerts from a plurality of different sources based on the calculated cybersecurity risk probabilities.
    Type: Grant
    Filed: April 23, 2021
    Date of Patent: April 9, 2024
    Assignee: Exabeam, Inc.
    Inventors: Derek Lin, Domingo Mihovilovic, Sylvain Gil
  • Patent number: 11947682
    Abstract: The disclosed technology teaches facilitate User and Entity Behavior Analytics (UEBA) by classifying a file being transferred as encrypted or not. The technology involves monitoring movement of a files by a user over a wide area network, detecting file encryption for the files using a trained classifier, wherein the detecting includes processing by the classifier some or all of the following features extracted from each of the files: a chi-square randomness test; an arithmetic mean test; a serial correlation coefficient test; a Monte Carlo-Pi test; and a Shannon entropy test, counting a number of the encrypted files moved by the user in a predetermined period, comparing a predetermined maximum number of encrypted files allowed in the predetermined period to the count of the encrypted files moved by the user and detecting that the user has moved more encrypted files than the predetermined maximum number, and generating an alert.
    Type: Grant
    Filed: July 7, 2022
    Date of Patent: April 2, 2024
    Assignee: Netskope, Inc.
    Inventors: Yi Zhang, Siying Yang, Yihua Liao, Dagmawi Mulugeta, Raymond Joseph Canzanese, Jr., Ari Azarafrooz
  • Patent number: 11947775
    Abstract: A widget management service may analyze messages (e.g., email messages or other electronic messages) to determine clusters of similar messages, such as messages based on a common template or otherwise having high levels of similarity to one another. Within these message clusters, the widget management service may analyze messages to determine unique content (e.g., content that differs across messages) for extraction and presentation in widgets in the graphical user interface.
    Type: Grant
    Filed: June 25, 2021
    Date of Patent: April 2, 2024
    Assignees: ATLASSIAN PTY LTD., ATLASSIAN US, INC.
    Inventor: Noam Bar-on
  • Patent number: 11941124
    Abstract: In an embodiment, systems and methods for detecting malware are provided. A server trains a static malware model and a dynamic malware model to detect malware in files. The models are distributed to a plurality of user devices for use by antimalware software executing on the user devices. When a user device receives a file, the static malware model is used to determine whether the file contains malware. If the static malware model is unable to make the determination, when the file is later executed, the dynamic malware model is used to determine whether the file contains malware. The file along with the determination made by the dynamic malware model are then provided to the server. The server then retrains the static malware model using the received files and the received determinations. The server then distributes the updated static malware model to each of the devices.
    Type: Grant
    Filed: December 29, 2021
    Date of Patent: March 26, 2024
    Assignee: UAB 360 IT
    Inventors: Mantas Briliauskas, Aleksandr {hacek over (S)}ev{hacek over (c)}enko
  • Patent number: 11943246
    Abstract: Methods, systems, apparatuses, and computer program products are provided for reconstructing network activity. A network activity monitor is configured to monitor network activity for various network entities. Based on the monitoring, a set of features may be obtained for each network entity. A determination may be made for a number of vertices suitable for describing the sets of features in a multidimensional space. In some implementations, the vertices may define a convex hull in the multidimensional space. Each of the vertices may be assigned a different usage pattern that represents a certain type of network usage types. Reconstructed network activity for a particular network entity may be represented as a weighted combination of the usage patterns. Based on the reconstruction, a network anomaly may be detected, a network may be modified, and/or an alert may be generated.
    Type: Grant
    Filed: May 6, 2022
    Date of Patent: March 26, 2024
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventor: Omer Karin
  • Patent number: 11936676
    Abstract: A system includes a memory to store network-related security policies and procedures associated with an enterprise, a display and at least one device. The device is configured to monitor enterprise activity associated the enterprise's networked and determine, based on the enterprise activity, whether the enterprise is complying with the security policies and procedures. The device is also configured to calculate a risk exposure metric for an asset of the enterprise based on the enterprise activity and whether the enterprise is complying with the security policies and procedures, and output, to the display, a graphical user interface (GUI) identifying the risk exposure metric. The device may also be configured to receive, via the GUI, an input to initiate a change with respect to at least one of the enterprise's networked devices or initiate the generation of a plan to make a change to at least one of the networked devices.
    Type: Grant
    Filed: July 1, 2021
    Date of Patent: March 19, 2024
    Assignee: CISOTERIA LTD.
    Inventor: Ido Ganor
  • Patent number: 11936665
    Abstract: A method for monitoring data transiting via a user equipment is described, as well as a cyber attack detection device, The method includes obtaining a first decision from a first cyber attack detection technique and a second decision from a second cyber attack detection technique, indicating whether the data are associated with attack traffic, obtaining a third decision from a third cyber attack detection technique indicating whether the data are associated with attack traffic, the third technique the first and second decisions and confidence levels assigned to the first and second detection techniques, updating the confidence levels on the basis of the first, second and third decisions, and adapting, triggered on the basis of the obtained first, second and third decisions and of the updated confidence levels, at least one rule applied by the first and/or the second technique.
    Type: Grant
    Filed: December 10, 2020
    Date of Patent: March 19, 2024
    Assignee: ORANGE
    Inventor: Hichem Sedjelmaci
  • Patent number: 11930035
    Abstract: An information processing apparatus detects an unauthorized attack and transmits attack detection information concerning the detected attack to a communication control device. The communication control device selects an attack countermeasure instruction associated with an attack detection content that matches the attack detection information and an attack countermeasure function of the information processing apparatus by using the transmitted attack detection information and the attack countermeasure information stored in advance, decides a countermeasure method to be executed against the attack, and transmits the attack countermeasure instruction information including the decided countermeasure method to the information processing apparatus. The information processing apparatus is characterized to decide the countermeasure method to be executed against the attack from the received attack countermeasure instruction information and to execute the decided countermeasure method against the attack.
    Type: Grant
    Filed: August 31, 2021
    Date of Patent: March 12, 2024
    Assignee: SHARP KABUSHIKI KAISHA
    Inventors: Harunobu Mori, Kenji Tanaka
  • Patent number: 11921854
    Abstract: A method of continuous development of an internal threat scan engine based on an iterative quality assessment includes iteratively performing a dynamic assessment of a quality of a threat detection with a frequency defined for each of objects in an object collection, wherein a result of the dynamic assessment includes internal and external scan results of the objects and a consistency verdict of the internal and external scan results of the objects, changing a frequency of scanning iteration of the objects based on the consistency verdict of the external and internal scan results of the objects, classifying the objects based on the result of the dynamic assessment, and creating a development task including the internal and external scan results of the objects, meta-data of the objects, and automated test results to provide details for developing a software to fix inconsistency of the internal and external scan results.
    Type: Grant
    Filed: June 29, 2021
    Date of Patent: March 5, 2024
    Assignee: Acronis International GmbH
    Inventors: Andrey Kulaga, Nikolay Balakin, Nikolay Grebennikov, Serguei Beloussov, Stanislav Protasov
  • Patent number: 11907370
    Abstract: A security agent implemented on a monitored computing device is described herein. The security agent has access to parametric behavioral pattern definitions that, in combination with canonical patterns of behavior, configure the security agent to match observed behavior with known computing behavior that is benign or malignant. This arrangement of the definitions and the pattern of behavior allow the security agent's behavior to be updated by a remote security service without updating a configuration of the security agent. The remote security service can create, modify, and disseminate these definitions and patterns of behavior, giving the security agent real-time ability to respond to new behaviors exhibited by the monitored computing device.
    Type: Grant
    Filed: September 11, 2020
    Date of Patent: February 20, 2024
    Assignee: CROWDSTRIKE, INC.
    Inventors: David F. Diehl, Daniel W. Brown, Aaron Javan Marks, Kirby J. Koster, Daniel T. Martin
  • Patent number: 11899782
    Abstract: DLL hooks are protected by mapping the starting address of the new executable to a sample of the former executable. Attempts to read the starting address are responded to with the sample of the former executable. Attempts to write to the starting address are responded to with confirmation of success without actually writing data. Debuggers are detected upon launch or by evaluating an operating system. A component executing in the kernel denies debugging privileges to prevent inspection and modification of DLL hooks.
    Type: Grant
    Filed: July 13, 2021
    Date of Patent: February 13, 2024
    Assignee: SentinelOne, Inc.
    Inventors: Anil Gupta, Harinath Vishwanath Ramchetty
  • Patent number: 11895230
    Abstract: An information processing apparatus comprises a partial modular exponentiation calculating part and a partial modular exponentiation synthesizing part. The partial modular exponentiation calculating part is given a base in plaintext and a modulo in plaintext and shared exponents and calculates a partial modular exponentiation that equals a set of shared values according to a modular exponentiation of the base raised by the shared exponent. The partial modular exponentiation synthesizing part calculates shared values of the modular exponentiation from the partial modular exponentiation that equals shared values relating to the modular exponentiation of a sum of shared exponents.
    Type: Grant
    Filed: January 24, 2019
    Date of Patent: February 6, 2024
    Assignee: NEC CORPORATION
    Inventors: Kazuma Ohara, Toshinori Araki
  • Patent number: 11892897
    Abstract: Various embodiments for predicting which software vulnerabilities will be exploited by malicious hackers and hence prioritized by patching are disclosed.
    Type: Grant
    Filed: October 26, 2018
    Date of Patent: February 6, 2024
    Assignee: Arizona Board of Regents on Behalf of Arizona State University
    Inventors: Paulo Shakarian, Mohammed Almukaynizi, Jana Shakarian, Eric Nunes, Krishna Dharaiya, Manoj Balasubramaniam Senguttuvan, Alexander Grimm
  • Patent number: 11888941
    Abstract: The present disclosure relates generally to systems and methods for facilitating two-way communication sessions using serverless cloud-based functions configured in a function-as-a-service (FaaS) system. One example includes accessing a template configured to execute a response based on an event, facilitating a two-way communication session with a user device, and processing data of the two-way communication session to identify an event trigger corresponding to the template. Execution of a serverless cloud-based function associated with the event trigger is requested, and one or more outputs of the serverless cloud-based function associated with the event trigger are integrated into the two-way communication session.
    Type: Grant
    Filed: January 25, 2022
    Date of Patent: January 30, 2024
    Assignee: LIVEPERSON, INC.
    Inventors: Christian Thum, Robert Reiz, Alan Gilchrest, Andreas Rotaru, Simon Pelczer
  • Patent number: 11888890
    Abstract: Certain edge networking devices such as application gateways may report status to a cloud-based threat management platform using a persistent network connection between the gateway and the cloud platform. Where a cloud computing platform for an edge networking device or the treat management platform imposes periodic timeouts, the threat management platform may monitor connects and disconnects for edge devices and asynchronously evaluate connection status of edge devices independently of a heartbeat or other signal through the persistent connection in order to distinguish periodic timeouts imposed by the cloud computing platform from networking devices that are compromised or malfunctioning.
    Type: Grant
    Filed: October 24, 2022
    Date of Patent: January 30, 2024
    Assignee: Sophos Limited
    Inventors: Sanjeev Kumar Maheve, Biju Ramachandra Kaimal, Venkata Suresh Reddy Obulareddy, Neha Parshottam Patel
  • Patent number: 11882147
    Abstract: A system and method are disclosed wherein a risk score is generated by interrogating multiple sources of information across a network. The information is aggregated, such that every network action for individuals and organizations are turned into a unique behavioral model, which can be used as a unique identifier (“fingerprint”). This fingerprint is in turn used by a personalized Trust Guardian System to block, modify and/or allow network actions.
    Type: Grant
    Filed: June 26, 2020
    Date of Patent: January 23, 2024
    Assignee: Lyft, Inc.
    Inventors: Mark Adams, Daniel Meacham, Simon Meacham
  • Patent number: 11880455
    Abstract: Disclosed herein are methods and systems for selecting a detection model for detection of a malicious file. An exemplary method includes: monitoring a file during execution of the file within a computer system by intercepting commands of the file being executed and determining one or more parameters of the intercepted commands. A behavior log of the file being executed containing behavioral data is formed based on the intercepted commands and based on the one or more parameters of the intercepted commands. The behavior log is analyzed to form a feature vector. The feature vector characterizes the behavioral data. One or more detection models are selected from a database of detection models based on the feature vector. Each of the one or more detection models includes a decision-making rule for determining a degree of maliciousness of the file being executed.
    Type: Grant
    Filed: October 12, 2021
    Date of Patent: January 23, 2024
    Assignee: AO Kaspersky Lab
    Inventors: Alexander S. Chistyakov, Alexey M. Romanenko, Alexander S. Shevelev
  • Patent number: 11882148
    Abstract: Systems and methods are presented for mitigating cyber threats. Cybersecurity-related data are stored in a semantic cybersecurity database. A user interface converts a user input to a command utterance. A command node that corresponds to the command utterance is identified in the cybersecurity database. The command node is resolved to one or more action nodes that are connected to the command node, and each action node is resolved to one or more parameter nodes that are connected to the action node. The command node has a command that implements actions indicated in the action nodes. Each action can have one or more required parameters indicated in the parameter nodes. The values of the required parameters are obtained from the command utterance, prompted from the user, or obtained from the cybersecurity database. Actions with their parameter values are executed to mitigate a cyber threat in accordance with the user input.
    Type: Grant
    Filed: April 13, 2021
    Date of Patent: January 23, 2024
    Assignee: Trend Micro Incorporated
    Inventors: Josiah Dede Hagen, David Girard, Jonathan Edward Andersson, Vincenzo Ciancaglini, Jannis Weigend, Ahmed M. Ibrahim, Mikhail Gorbulev