Computer Virus Detection By Cryptography Patents (Class 713/188)
  • Patent number: 11367022
    Abstract: Methods of evaluating and deploying machine learning models for anomaly detection of a monitored system and related systems. Candidate machine learning algorithms are configured for anomaly detection of the monitored system. For each combination of candidate machine learning algorithm with type of anomalous activity, training and cross-validation sets are drawn from a benchmarking dataset. Using each of the training and cross-validation sets, a machine-learning model is trained and validated using the cross-validation set with average precision as a performance metric. A mean average precision value is then computed across these average precision performance metrics. A ranking value is computed for each candidate machine learning algorithm, and a machine learning algorithm is selected from the candidate machine learning algorithms based upon the computed ranking values.
    Type: Grant
    Filed: June 4, 2019
    Date of Patent: June 21, 2022
    Assignee: Amadeus S.A.S.
    Inventors: Maria Zuluaga, David Renaudie, Rodrigo Acuna Agost
  • Patent number: 11368472
    Abstract: The present invention is provided with: a command acquisition unit that acquires a command related to operation of electronic data; a remote control unit that establishes a remotely controllable communication path with an execution environment in which the operation of the electronic data is to be executed, and transmits an execution instruction for executing the operation of the electronic data on the execution environment to the execution environment via the remotely controllable communication path; a data transmission unit that transmits the electronic data or the electronic data converted based on a predetermined algorithm to the execution environment; an execution history storage unit that stores the electronic data or the electronic data converted based on the predetermined algorithm for a predetermined period; and a malware detection unit that scans the electronic data stored or the electronic data converted based on the predetermined algorithm in the execution history storing unit to detect malware.
    Type: Grant
    Filed: December 28, 2016
    Date of Patent: June 21, 2022
    Assignee: DIGITAL ARTS INC.
    Inventors: Toshio Dogu, Noriyuki Takahashi, Shigeki Kimura, Takuya Matsumoto
  • Patent number: 11354414
    Abstract: A multi-engine malicious code scanning method for scanning data sets from a storage device is provided. The method includes, among other steps obtaining at least one data set from a storage device and generating a single forensic image of the data set and also applying a recover data application to the data set to generate a single recovered data set. A scanning is initiated of the single forensic image and the single recovered data set using the selected plurality of malware engines, where each of the malware engines, installed on the independent operating systems of the virtual operating system may be run concurrently on the single forensic image and the single recovered data set. A report is generated combining each of the malware engines reporting the results of the scans.
    Type: Grant
    Filed: December 30, 2019
    Date of Patent: June 7, 2022
    Assignee: Forensic Scan, LLC
    Inventors: William R. Spernow, Daniel Garrie
  • Patent number: 11328058
    Abstract: A system for performing code security scan includes a non-transitory computer readable medium and a processor. The non-transitory computer readable medium stores a plurality of identifiers each identifying a software security analysis tool of one of several categories, including SAST, DAST and OSA tools. The processor receives an identification of code to be scanned. The processor selects at least two identifiers from the plurality of identifiers. The at least two identifiers identify at least two select software security analysis tools for execution on the identified code. The processor receives an execution result from each select software security analysis tool after performing execution on the identified code. The processor aggregates the execution result from each select software security analysis tool. A user interface displays an aggregation of the execution result from each select software security analysis tool.
    Type: Grant
    Filed: December 18, 2019
    Date of Patent: May 10, 2022
    Assignee: CAPITAL ONE SERVICES, LLC
    Inventor: Adam James Youngberg
  • Patent number: 11323270
    Abstract: The present disclosure relates to security risk warning system that a recipient may acknowledge and act accordingly. Security insights may be provided explicitly in a security insight panel that may clearly identify vulnerabilities specific to a particular authenticable communication. This may limit risk that a recipient would ignore or not understand the risk. Security insights may be provided for a combination of indicated source, recipients, and content, such as links, text, attachments, and images. Security insights may be provided on site, such as on or proximate to the reviewed portions of the authenticable communication.
    Type: Grant
    Filed: July 15, 2021
    Date of Patent: May 3, 2022
    Inventors: Benjamin Finke, Christopher Freedman
  • Patent number: 11308227
    Abstract: The SECURE DYNAMIC PAGE CONTENT AND LAYOUTS APPARATUSES, METHODS AND SYSTEMS (“DPCL”) transform dynamic layout template requests, device, user, and surroundings security profiles, and layout usage monitor packages using DPCL components into customized secure dynamic layouts. In some implementations, the disclosure provides a processor-implemented method of transforming the content of an electronically generated user facing page for displaying on a user display.
    Type: Grant
    Filed: February 25, 2019
    Date of Patent: April 19, 2022
    Assignee: VISA INTERNATIONAL SERVICE ASSOCIATION
    Inventor: Stephen W. Cote
  • Patent number: 11308059
    Abstract: A computer implemented method for storing and retrieving data elements in a computer memory comprises configuring, by a processor, the computer memory according to a data structure, the data structure including: a data element array including a plurality of sorted data elements, each data element associated with a position in the data element array; and a cluster element array including one or more cluster elements, each cluster element defined by one of one data element from the data element array or a plurality of continuous data elements from the data element array, wherein each cluster element is associated with a cluster code for determining the position of one or more data elements in the data element array, the cluster code correlating each data element defining the cluster element with the position of the data element in the data element array.
    Type: Grant
    Filed: June 12, 2018
    Date of Patent: April 19, 2022
    Assignee: Chicago Mercantile Exchange Inc.
    Inventors: Priteshkumar Soni, Sandeep Sreekumar
  • Patent number: 11240262
    Abstract: Computerized techniques to determine and verify maliciousness of an object by a security logic engine are described. A method features receiving information pertaining to a first set of events associated with a first object (first information) from an endpoint and information pertaining to a second set of events associated with a second object (second information) from an analysis system. Thereafter, the likelihood of the cyber-attack being conducted on the network is determined by at least correlating the first information and the second information with at least events associated with known malicious objects. Any endpoint vulnerable to the cyber-attack are identified based on a configuration of each of the plurality of endpoints and requesting the analysis system to conduct one or more further analyses in accordance with at least a software profile identified in a configuration of the first endpoint of the plurality of endpoints identified as vulnerable.
    Type: Grant
    Filed: October 28, 2019
    Date of Patent: February 1, 2022
    Assignee: FireEye Security Holdings US LLC
    Inventors: Ashar Aziz, Osman Abdoul Ismael
  • Patent number: 11222113
    Abstract: Methods and systems are provided for automatically generating malware definitions and using generated malware definitions. One example method generally includes receiving information associated with a malicious application and extracting malware strings from the malicious application. The method further includes filtering the malware strings using a set of safe strings to produce filtered strings and scoring the filtered strings to produce string scores by evaluating words of the filtered strings based on word statistics of a set of known malicious words. The method further includes selecting a set of candidate strings from the filtered strings based on the string scores and generating a malware definition for the malicious application based on the set of candidate strings. The method also includes performing one or more security actions to protect against the malicious application, using the malware definition.
    Type: Grant
    Filed: March 25, 2019
    Date of Patent: January 11, 2022
    Assignee: CA, INC.
    Inventors: Weiliang Li, Zhicheng Zeng
  • Patent number: 11222111
    Abstract: This disclosure provides techniques for pooling and searching network security events reported by multiple sources. As information representing a security event is received from one source, it is searched against a central or distributed database representing events reported from multiple, diverse sources (e.g., different client networks). Either the search or correlated results can be filtered and/or routed according at least one characteristic associated with the networks, for example, to limit correlation to events reported by what are presumed to be similarly situated networks. The disclosed techniques facilitate faster identification of high-relevancy security event information, and thereby help facilitate faster threat identification and mitigation. Various techniques can be implemented as standalone software (e.g., for use by a private network) or for a central pooling and/or query service. This disclosure also provides different examples of actions that can be taken in response to search results.
    Type: Grant
    Filed: March 23, 2020
    Date of Patent: January 11, 2022
    Assignee: ServiceNow, Inc.
    Inventors: Richard Reybok, Andreas Seip Haugsnes, Kurt Joseph Zettel, II, Jeffrey Rhines, Henry Geddes, Volodymyr Osypov, Scott Lewis, Sean Brady, Mark Manning
  • Patent number: 11216558
    Abstract: Detecting malwares in data streams of interest. In an embodiment, for each malware signature of interest, a malware sub-pattern that is likely to occur at low frequencies in clean data streams is identified. When scanning a data stream for malwares, each portion of the data stream is examined for match with a malware sub-pattern of a malware signature. If there is no match with any portion of the data stream, it is concluded that the data stream is free of a first malware corresponding to the malware signature. If there is a match with a first portion of the data stream, the data stream is examined around the first portion for the malware signature, wherein the data stream is concluded to contain the first malware if the data stream around the first portion is found to match the malware signature.
    Type: Grant
    Filed: November 6, 2019
    Date of Patent: January 4, 2022
    Assignee: Quick Heal Technologies Limited
    Inventors: Yogesh Khedkar, Harshad Bhujbal
  • Patent number: 11218495
    Abstract: A method for resisting spread of unwanted code and data without scanning incoming electronic files for unwanted code and data, the method comprising the steps, performed by a computer system, includes receiving, at the computer system, an incoming electronic file containing content data encoded and arranged in accordance with a predetermined file type corresponding to a set of rules, determining a purported predetermined file type of the incoming electronic file by analysing the encoded and arranged content data, the purported predetermined file type and the associated set of rules specifying allowable content data for the purported predetermined file type, parsing the content data by dividing the content data into separate parts in accordance with a predetermined data format identified by the associated set of rules corresponding to the purported predetermined file type and determining nonconforming data in the content data by identifying content data that does not conform to the purported predetermined file
    Type: Grant
    Filed: August 13, 2019
    Date of Patent: January 4, 2022
    Assignee: Glasswall (IP) Limited
    Inventor: Nicholas John Scales
  • Patent number: 11210396
    Abstract: A behavioral malware detection involves extracting features from prefetch files, wherein prefetch files; classifying and detecting benign applications from malicious applications using the features of the prefetch files; and quarantining malicious applications based on the detection.
    Type: Grant
    Filed: August 27, 2018
    Date of Patent: December 28, 2021
    Assignees: Drexel University, Temple University
    Inventors: Bander Mohamed Alsulami, Spiros Mancoridis, Avinash Srinivasan
  • Patent number: 11204952
    Abstract: Various technologies described herein pertain to detecting contextual anomalies in a behavioral network. Label propagation can be performed to construct contexts and assign respective context membership scores to users. Each context can be a respective subset of the users expected to have similar resource usages. The contexts can be constructed and the context membership scores can be assigned by combining behavioral information and contextual side information. The behavioral information can specify respective resource usages by the users within the behavioral network. Moreover, respective contextual anomaly scores for the users can be computed based on the respective context membership scores assigned to the users and the contextual side information. Further, the contextual anomalies can be detected from the contextual anomaly scores.
    Type: Grant
    Filed: April 13, 2017
    Date of Patent: December 21, 2021
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Xiang Wang, Bo Thiesson, Jack Wilson Stokes, III, Edward Wilkins Hardy, Jonathan Andreas Espenschied
  • Patent number: 11196758
    Abstract: Systems and methods for enabling automated log analysis with controllable resource requirements are provided. A training set for log pattern learning is generated based on heterogeneous logs generated by a computer system. An incremental learning process is implemented to generate a set of log patterns from the training set. The heterogeneous logs are parsed using the set of log patterns. A set of applications is applied to the parsed logs.
    Type: Grant
    Filed: February 6, 2018
    Date of Patent: December 7, 2021
    Inventors: Hui Zhang, Jianwu Xu, Biplob Debnath
  • Patent number: 11196759
    Abstract: Embodiments provide for a security information and event management (SIEM) system utilizing distributed agents that can intelligently traverse a network to exfiltrate data in an efficient and secure manner. A plurality of agent devices can dynamically learn behavioral patterns and/or service capabilities of other agent devices in the networking environment, and select optimal routes for exfiltrating event data from within the network. The agent devices can independently, selectively, or collectively pre-process event data for purposes of detecting a suspect event from within the network. When a suspect event is detected, agent devices can select a target device based on the learned service capabilities and networking environment, and communicate the pre-processed event data to the target device. The pre-processed event data is thus traversed through the network along an optimal route until it is exfiltrated from the network and stored on a remote server device for storage and further analysis.
    Type: Grant
    Filed: June 26, 2019
    Date of Patent: December 7, 2021
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Peter A. Thayer, Jagannathan Deepak Manohar, Jason Matthew Conradt, Karthik Selvaraj, Donald J. Ankney
  • Patent number: 11188635
    Abstract: A file authentication method and apparatus are provided in the embodiments of this application. File digest data is extracted from a file that includes an installation package of an application. The file digest data identifies file information of the file. A feature character string of the file is generated based on the file digest data. File information of a target file is determined from a feature database based on the feature character string of the file. The target file matches the feature character string of the file, the feature database stores at least file information and feature character strings of a plurality of genuine files, and the file information of the target file and the file information of the plurality of genuine files include at least a certificate feature value. The file is authenticated according to the file information of the target file and the file information of the file.
    Type: Grant
    Filed: May 8, 2018
    Date of Patent: November 30, 2021
    Assignee: Tencent Technology (Shenzhen) Company Limited
    Inventor: Wu Huang
  • Patent number: 11190536
    Abstract: A method of scanning website vulnerability comprising: reading a vulnerability scan task in a scan task pool; finding a website corresponding to the vulnerability scan task, acquiring access data of the website, and obtaining a popularity coefficient of the website according to the access data; acquiring historical vulnerability scan data and a vulnerability risk level table, and obtaining a security risk coefficient of the vulnerability scan task according to the historical vulnerability scan data and the vulnerability risk level table; acquiring update time data of the vulnerability scan task, and calculating a time coefficient of the vulnerability scan task according to the update time data; inputting the popularity coefficient, the security risk coefficient, and the time coefficient into a preset priority evaluation model for processing, and obtaining an execution priority weight of the vulnerability scan task; and executing vulnerability scan tasks in the scan task pool in descending order according to t
    Type: Grant
    Filed: October 30, 2017
    Date of Patent: November 30, 2021
    Assignee: PING AN TECHNOLOGY (SHENZHEN) CO., LTD.
    Inventor: Shuangning He
  • Patent number: 11176467
    Abstract: Various embodiments are provided for providing data security in a computing environment are provided. Data may be inspected during a write operation or a read operation and selected data from the data may be filtered according to one or more data security policies or rules prior to sending the plurality of data to or receiving the plurality of data from a shared computing file system.
    Type: Grant
    Filed: April 2, 2019
    Date of Patent: November 16, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Spyridon Antonatos, Stefano Braghin, Konstantinos Katrinis, Andrea Reale
  • Patent number: 11170105
    Abstract: Verifying authenticity of software updates is provided. An update executable and an update behavior profile corresponding to a software update are hashed using a cryptographic hash function. A hash of the update executable and the update behavior profile is signed using a private key to form a hashed update digital signature.
    Type: Grant
    Filed: February 28, 2019
    Date of Patent: November 9, 2021
    Assignee: International Business Machines Corporation
    Inventors: Jia Jun Brandon Lum, Alaa S. Youssef
  • Patent number: 11159485
    Abstract: A communication system includes a communication control apparatus, and one or more communication processing apparatuses, which reside on a network.
    Type: Grant
    Filed: March 6, 2019
    Date of Patent: October 26, 2021
    Assignee: RICOH COMPANY, LTD.
    Inventor: Ryusuke Mayuzumi
  • Patent number: 11159945
    Abstract: Systems and methods are described herein for providing a telecommunications network, such as a wireless network, LTE (Long Term Evolution) network, and so on, with blockchain nodes, agents, or sub-nodes. The blockchain nodes enable network components to access and maintain a blockchain for the network, such as a distributed ledger that tracks actions, activities, or other transaction associated with the telecommunications network.
    Type: Grant
    Filed: December 31, 2018
    Date of Patent: October 26, 2021
    Assignee: T-Mobile USA, Inc.
    Inventor: Ahmad Arash Obaidi
  • Patent number: 11146583
    Abstract: The presently disclosed technology provides a threat-specific network risk evaluation tailored to a client's security objectives. The present technology may include identifying a plurality of threats to a first component of a networked system and assigning a plurality of weighting values to the plurality of threats according to the client's security objectives. The present technology may include identifying a plurality of vulnerabilities of the first component and determining a set of relevant threats for the first vulnerability based on the nature of the vulnerability and the weighting values assigned to the plurality of threats. The set of relevant threats includes one or more of the plurality of threats. The present technology may include determining a set of relevant threats for each of the identified vulnerabilities of the first component and calculating a risk of the first component based on the sets of the relevant threats.
    Type: Grant
    Filed: May 1, 2019
    Date of Patent: October 12, 2021
    Assignees: QATAR FOUNDATION FOR EDUCATION, SCIENCE AND COMMUNITY DEVELOPMENT, QATAR UNIVERSITY
    Inventors: Armstrong Nhlabatsi, Jin Hong, Dong Seong Kim, Rachael Fernandez, Alaa Hussein, Noora Fetais, Khaled M. Khan
  • Patent number: 11120169
    Abstract: The disclosed computer-implemented method for identifying malware locations based on analyses of backup files may include (i) identifying a presence of a backup file set and (ii) performing a security action that may include (a) detecting, based on a scan of the backup file set, malware in the backup file set, (b) determining, based on a location of the malware in a system file structure of the backup file set, a subgraph of the system file structure of the backup file set that includes the malware, (c) identifying a string prefix for the subgraph of the system file structure of the backup file set, (d) using an index to cross-reference the string prefix to a pointer identifying a subgraph of an original file set, and (e) scanning a file in the subgraph of the original file set for the malware. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: December 19, 2019
    Date of Patent: September 14, 2021
    Assignee: NortonLifeLock Inc.
    Inventor: Bruce McCorkendale
  • Patent number: 11122014
    Abstract: A user device stores a messaging application and an encrypted database, processor and has a key store storing an authorisation token to be used by the messaging application. The messaging application is configured, in the unlaunched state, to retrieve the authorisation token from the key store to perform communication with the messaging server on receipt of an incoming call from the messaging server and to display a notification without contact information, and is configured, in the launched state, on receipt of an incoming call from the messaging server to retrieve the authorisation token from volatile memory to perform communication with the messaging server, and to display a notification of the incoming call with contact information for a calling party, on the display of the user device. The encryption key for the database is generated based on a user passcode, and the user device stores neither the user's passcode nor a hash of the passcode.
    Type: Grant
    Filed: January 25, 2019
    Date of Patent: September 14, 2021
    Assignee: V440 SPÓŁKA AKCYJNA
    Inventors: Kamil Kaczyński, Michał Glet
  • Patent number: 11102010
    Abstract: The present disclosure relates to security risk warning system that a recipient may acknowledge and act accordingly. Security insights may be provided explicitly in a security insight panel that may clearly identify vulnerabilities specific to a particular authenticable communication. This may limit risk that a recipient would ignore or not understand the risk. Security insights may be provided for a combination of indicated source, recipients, and content, such as links, text, attachments, and images. Security insights may be provided on site, such as on or proximate to the reviewed portions of the authenticable communication.
    Type: Grant
    Filed: December 4, 2020
    Date of Patent: August 24, 2021
    Inventors: Benjamin Finke, Christopher Freedman
  • Patent number: 11095690
    Abstract: Techniques and mechanisms are disclosed enabling efficient collection of forensic data from client devices, also referred to herein as endpoint devices, of a networked computer system. Embodiments described herein further enable correlating forensic data with other types of non-forensic data from other data sources. A network security application described herein further enables generating various dashboards, visualizations, and other interfaces for managing forensic data collection, and displaying information related to collected forensic data and information related to identified correlations between items of forensic data and other items of non-forensic data.
    Type: Grant
    Filed: July 23, 2019
    Date of Patent: August 17, 2021
    Assignee: Splunk Inc.
    Inventor: Brian Luger
  • Patent number: 11086994
    Abstract: Priority scanning of files written by malicious users in a data storage system is described herein. A data storage system as described herein can include a user lookup component that obtains identities of users that have made at least one modification to a first file stored on the data storage system, resulting in a set of modifying users; a comparison component that compares respective modifying users of the set of modifying users to respective malicious users of a set of malicious users; and a scan priority component that, in response to the comparison component identifying at least one match between a modifying user of the set of modifying users and a malicious user of the set of malicious users, assigns a first scan priority to the first file that is higher than a second scan priority assigned to a second, different file stored on the data storage system.
    Type: Grant
    Filed: December 19, 2018
    Date of Patent: August 10, 2021
    Assignee: EMC IP HOLDING COMPANY LLC
    Inventors: Jai Prakash Gahlot, Amit Kumar Chauhan, Shiv Shankar Kumar
  • Patent number: 11080399
    Abstract: A system and method for implementing a software emulation environment is provided. In one example, a mobile application can interface with an emulation environment that can be used to test whether the mobile application includes malware that can compromise the security and integrity of an enterprise's computing infrastructure. When the mobile application issues a call for data, a device mimic module can intercept the call and determine if the call includes a call for one or more checkable artifacts that can reveal the existence of the emulation environment. If such a call for data occurs, the device mimic module can provide one or more spoofed checkable artifacts that have been recorded from a real-world mobile device. In this way, the existence of the emulation environment can be concealed so as to allow for a more thorough analysis of a mobile application for potential hidden malware.
    Type: Grant
    Filed: December 19, 2019
    Date of Patent: August 3, 2021
    Assignee: The MITRE Corporation
    Inventors: David Keppler, Ivan Lozano, Joseph Portner, Andrew Pyles, Christina L. Johns, David Bryson
  • Patent number: 11074043
    Abstract: Methods, systems and computer program products for providing automated script review utilizing crowdsourced inputs are provided. Aspects include receiving a new script including a script text and a script description. Aspects include comparing the new script to each of a plurality of previously classified scripts to determine a degree of similarity. Each of the previously classified scripts and the new script have an associated set of attributes. Responsive to determining that the degree of similarity is below a predetermined threshold, aspects include mapping the new script to a crowdsourcing platform to identify a similar script. Aspects also include receiving information indicative of one or more features from the crowdsourcing platform. Responsive to inputting the one or more features into an acceptance model, aspects include generating an acceptance recommendation associated with the new script.
    Type: Grant
    Filed: July 18, 2019
    Date of Patent: July 27, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Muhammed Fatih Bulut, Anup Kalia, Maja Vukovic, Raghav Batta, Jinho Hwang, Jin Xiao, Rohit Madhukar Khandekar
  • Patent number: 11057420
    Abstract: A method comprises receiving, at a network infrastructure device, a flow of packets, determining, using the network infrastructure device and for a first subset of the packets, that the first subset corresponds to a first datagram and determining a first length of the first datagram, determining, using the network infrastructure device and for a second subset of the packets, that the second subset corresponds to a second datagram that was received after the first datagram, and determining a second length of the second datagram, determining, using the network infrastructure device, a duration value between a first arrival time of the first datagram and a second arrival time of the second datagram, sending, to a collector device that is separate from the network infrastructure device, the first length, the second length, and the duration value for analysis.
    Type: Grant
    Filed: March 29, 2019
    Date of Patent: July 6, 2021
    Assignee: Cisco Technology, Inc.
    Inventors: David McGrew, Andrew Zawadowskiy, Donovan O'Hara, Saravanan Radhakrishnan, Tomas Pevny, Daniel G. Wing
  • Patent number: 11017884
    Abstract: The inventive subject matter provides apparatus, systems, and methods that improve on the pace of discovering new practical information based on large amounts of datasets collected. In most cases, anomalies from the datasets are automatically identified, flagged, and validated by a cross-validation engine. Only validated anomalies are then associated with a subject matter expert who is qualified to take action on the anomaly. In other words, the inventive subject matter bridges the gap between the overwhelming amount of scientific data which can now be harvested and the comparatively limited amount analytical resources available to extract practical information from the data. Practical information can be in the form of trends, patterns, maps, hypotheses, or predictions, for example, and such practical information has implications in medicine, in environmental sciences, entertainment, travel, shopping, social interactions, or other areas.
    Type: Grant
    Filed: June 24, 2019
    Date of Patent: May 25, 2021
    Assignee: Nant Holdings IP, LLC
    Inventor: Patrick Soon-Shiong
  • Patent number: 11005879
    Abstract: Peer device protection enables a first device comprising a digital security agent to remedy security issues on (or associated with) a set of devices visible to the first device. The first device may comprise a digital security agent may identify a set of devices visible to the first device. The first device may monitor the set of devices to collect data, such as types of communications and data points of interest. The digital security agent may apply threat detection to the collected data to identify anomalous network behavior. When anomalous network behavior is detected, the first device may cause an indicator of compromise (IOC) to be generated. Based on the IOC, the first device may facilitate remediation of the anomalous network behavior and/or apply security to one or more devices in the set of devices.
    Type: Grant
    Filed: June 26, 2018
    Date of Patent: May 11, 2021
    Assignee: Webroot Inc.
    Inventor: Paul Barnes
  • Patent number: 10999467
    Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for context-adaptive scanning of digital components. In one aspect, a method comprises: selecting a given digital component from among a plurality of digital components based on a current scanning priority of the given digital component; scanning the given digital component, comprising determining a current state of the given digital component; determining a current context of the given digital component based on one or more of: (i) the current state of the given digital component, or (ii) a current scan index of the given digital component that specifies a number of times the given digital component has been scanned; determining an updated scanning priority of the given digital component based on the current context of the given digital component; and re-scanning the given digital component according to the updated scanning priority.
    Type: Grant
    Filed: May 28, 2020
    Date of Patent: May 4, 2021
    Assignee: Google LLC
    Inventors: Oleg Golubitsky, Dake He
  • Patent number: 10992703
    Abstract: A security server receives a full hash and a set of subhashes from a client. The security server determines that the full hash is whitelisted. The security server updates, for each subhash in the set of subhashes, an associated clean count. The security server adds a subhash to a subhash whitelist responsive to an associated clean count exceeding a threshold. The security server receives a second set of subhashes. The security server determines whether at least one of the subhashes in the second set of subhashes is included in the subhash whitelist. The security server reports to the client based on the determination.
    Type: Grant
    Filed: March 4, 2019
    Date of Patent: April 27, 2021
    Assignee: Malwarebytes Inc.
    Inventors: Douglas Stuart Swanson, Mina Yousseif, Jon-Paul Lussier, Jr.
  • Patent number: 10984103
    Abstract: An example implementation of the present techniques determines, in response to a request to download a resource, whether the resource has previously been determined to comprise malware. Additionally, it is determined, if the resource has previously been determined to comprise malware, whether the resource has changed since the previous determination. Further the request to download the resource is terminated if the resource has not changed.
    Type: Grant
    Filed: January 26, 2016
    Date of Patent: April 20, 2021
    Assignee: Hewlett Packard Enterprise Development LP
    Inventor: Ramesh Ardeli
  • Patent number: 10972495
    Abstract: In some embodiments, an apparatus includes a memory and a processor operatively coupled to the memory. The processor is configured to identify a feature vector for a potentially malicious file and provide the feature vector as an input to a trained neural network autoencoder to produce a modified feature vector. The processor is configured to generate an output vector by introducing Gaussian noise into the modified feature vector to ensure a Gaussian distribution for the output vector within a set of modified feature vectors. The processor is configured to provide the output vector as an input to a trained neural network decoder associated with the trained neural network autoencoder to produce an identifier of a class associated with the set of modified feature vectors. The processor is configured to perform a remedial action on the potentially malicious file based on the potentially malicious file being associated with the class.
    Type: Grant
    Filed: August 2, 2017
    Date of Patent: April 6, 2021
    Assignee: Invincea, Inc.
    Inventor: Konstantin Berlin
  • Patent number: 10965703
    Abstract: A computer-implemented method, computer program product and computing system for: utilizing artificial intelligence/machine learning to define a training routine for a specific attack of a computing platform; and generating a simulation of the specific attack by executing the training routine within a controlled test environment.
    Type: Grant
    Filed: June 5, 2019
    Date of Patent: March 30, 2021
    Assignee: ReliaQuest Holdings, LLC
    Inventors: Brian P. Murphy, Joe Partlow, Colin O'Connor, Jason Pfeiffer
  • Patent number: 10963566
    Abstract: Implementations described herein disclose a malware sequence detection system for detecting presence of malware in a plurality of events. An implementation of the malware sequence detection includes receiving a sequence of a plurality of events, and detecting presence of a sequence of malware commands within the sequence of a plurality of events by dividing the sequence of plurality of events into a plurality of subsequences, performing sequential subsequence learning on one or more of the plurality of subsequences, and generating a probability of one or more of the plurality of subsequences being a malware based on the output of the sequential subsequence.
    Type: Grant
    Filed: January 25, 2018
    Date of Patent: March 30, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Rakshit Agrawal, Jack Wilson Stokes, III, Karthik Selvaraj, Adrian M. Marinescu
  • Patent number: 10956151
    Abstract: An example method for determining a software classification is provided. The example method may include determining a plurality of substream boundaries including a first substream boundary within a representation of a software binary, and segmenting the representation of the software binary into a plurality of substreams. The example method may further include generating a first count string for a first substream based on operational class token counts in a tokenization of the first substream, where the tokenization of the first substream may be based on a mapping of commands within the first substream to operational classes. The example method may further include performing a first count string comparison with a reference database to determine a first count string match, where the first count string comparison being based on the first count string, and classifying the software binary based on the first count string match.
    Type: Grant
    Filed: February 12, 2019
    Date of Patent: March 23, 2021
    Assignee: The Johns Hopkins University
    Inventors: Margaret F. Lospinuso, Sakunthala Harshavardhana, Laura J. Glendenning, Kathleen N. McGill, Robert M. Seng, Tzuhsiu Chiou, Sterling E. Vinson
  • Patent number: 10944768
    Abstract: Systems and methods are provided for generating samples of network traffic and characterizing the samples to easily identify exploits. A first embodiment of the present disclosure can generate traffic between a sample generator and the target computing device based on a particular exploit. The traffic can be a plurality of samples of the exploit using an exploit script. The method can provide for collecting and storing the plurality of samples. These samples can then be used to characterize the exploit by identifying invariant portions and variable portions of the samples. The method can further provide for removing any artifacts from the samples. Regular expressions can be constructed based on the samples. Each regular expression can be tested and ranked according to metrics of efficiency and accuracy.
    Type: Grant
    Filed: September 17, 2018
    Date of Patent: March 9, 2021
    Assignee: PETABI, INC.
    Inventors: Victor C. Valgenti, Ya-Wen Lin, Atsuhiro Suzuki, Min Sik Kim
  • Patent number: 10931706
    Abstract: A method for detecting and/or identifying a cyber-attack on a network can include segmenting the network using a segmentation method with machine learning to generate one or more network segments; assigning a score to a data point within each network segment based on a presence or absence of an identified anomalous behavior of the data point; analyzing network data flow, via behavioral modeling, to provide a context for characterizing the anomalous behavior; combining, via a reinforcement learning agent, outputs of the segmentation method with behavioral modelling and assigned score to detect and/or identify a cyber-attack; providing one or more alerts to an analyst; receiving an analyst assessment of an effectiveness of the detection and/or identification; and providing the analyst assessment as feedback to the reinforcement learning agent.
    Type: Grant
    Filed: March 10, 2020
    Date of Patent: February 23, 2021
    Assignee: BOOZ ALLEN HAMILTON INC.
    Inventors: Aaron Sant-Miller, Andre Tai Nguyen, William Hall Badart, Sarah Olson, Jesse Shanahan
  • Patent number: 10922405
    Abstract: A system includes identification of a data source of a production environment, the data source storing authentic data, generation of simulated data of the data source, reception of a request for data of the data source from a requesting system in the production environment and, in response to the received request, providing of the simulated data to the requesting system. In some aspects, the simulated data is provided to the requesting system if it is determined that the request is related to an electronic attack, and the authentic data of the data source is provided to the requesting system if it is not determined that the request is related to an electronic attack.
    Type: Grant
    Filed: November 1, 2017
    Date of Patent: February 16, 2021
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Elad Yom-Tov, Hani Hana Neuvirth, Ron Matchoro, Nir Rosenfeld
  • Patent number: 10909243
    Abstract: Systems and methods for normalizing entry point instructions include receiving a scope of instructions starting at an entry point of executable code. For each instruction in the scope of instructions, a determination is made if the instruction performs an ineffective operation or if the instruction, in combination with another instruction, renders either or both instructions ineffective. Ineffective instructions are filtered such that they do not appear in an output buffer.
    Type: Grant
    Filed: June 28, 2018
    Date of Patent: February 2, 2021
    Assignee: Avast Software s.r.o.
    Inventor: Zden{hacek over (e)}k Breitenbacher
  • Patent number: 10896256
    Abstract: Apparatus and methods describe herein, for example, a process that can include receiving a potentially malicious file, and dividing the potentially malicious file into a set of byte windows. The process can include calculating at least one attribute associated with each byte window from the set of byte windows for the potentially malicious file. In such an instance, the at least one attribute is not dependent on an order of bytes in the potentially malicious file. The process can further include identifying a probability that the potentially malicious file is malicious, based at least in part on the at least one attribute and a trained threat model.
    Type: Grant
    Filed: May 17, 2019
    Date of Patent: January 19, 2021
    Assignee: Invincea, Inc.
    Inventors: Joshua Daniel Saxe, Konstantin Berlin
  • Patent number: 10891373
    Abstract: A technique includes determining pairwise relationships among entities associated with a first electronic mail organization and entities associated with a second electronic mail organization. The technique includes controlling receipt of an electronic message originating from a sender associated with the first email organization based on the determined pairwise relationships.
    Type: Grant
    Filed: August 31, 2017
    Date of Patent: January 12, 2021
    Assignee: Micro Focus LLC
    Inventor: Darren Humphries
  • Patent number: 10891378
    Abstract: Automated malware signature generation is disclosed. Automated malware signature generation includes monitoring incoming unknown files for the presence of malware and analyzing the incoming unknown files based on both a plurality of classifiers of file behavior and a plurality of classifiers of file content. An incoming file is classified as having a particular malware classification based on the analyzing of incoming unknown files and a malware signature is generated for the incoming unknown file based on the particular malware classification. Access is provided to the malware signature.
    Type: Grant
    Filed: May 29, 2018
    Date of Patent: January 12, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Ning Sun, Patrick Winkler, Chengyun Chu, Hong Jia, Jason Geffner, Tony Lee, Jigar Mody, Frank Swiderski
  • Patent number: 10887342
    Abstract: Provided are methods and systems for mitigating a distributed denial of service (DDoS) event. The method may commence with sending a request to a health monitor concerning a state of a network. The method may continue with attributing a lack of response to the request from the health monitor to be an indication of a collapse of a collapsible virtual data circuit associated with network data traffic. The collapsible virtual data circuit may be designed to collapse in response to the DDoS event in the network. The method may include redirecting the network data traffic associated with the collapsible virtual data circuit based on the indication of the collapse of the collapsible virtual data circuit.
    Type: Grant
    Filed: December 14, 2018
    Date of Patent: January 5, 2021
    Assignee: A10 Networks, Inc.
    Inventors: Micheal Thompson, Vernon Richard Groves
  • Patent number: 10885188
    Abstract: There is provided a method of reducing false positive rate by using available contextual information on any sample, such as file name of the sample at a client machine, file path folder structure of the sample at client machine, download location of the sample and others, thus narrowing down the search space in first step of generic statistical classification and introducing new specific classifiers deliberately trained for each case.
    Type: Grant
    Filed: December 29, 2017
    Date of Patent: January 5, 2021
    Inventor: Berker Batur
  • Patent number: 10885208
    Abstract: A content management system for collecting files from one or more submitters in a collection folder. A collector, who generates the collection folder, can invite one or more submitters to submit one or more files to the collection folder. The submitted files are scanned for malicious content. The one or more submitters have limited rights to the collection folder. The limited rights can include uploading rights and prohibiting a submitter from viewing files that other submitters associated with the collection folder submitted. Thus, the collection folder is able to store files from the one or more submitters, but prevent them from viewing other's submissions.
    Type: Grant
    Filed: August 31, 2018
    Date of Patent: January 5, 2021
    Assignee: Dropbox, Inc.
    Inventors: Mindy Zhang, Pranav Piyush