Computer Virus Detection By Cryptography Patents (Class 713/188)
  • Patent number: 10348751
    Abstract: A malicious communication pattern extraction device includes: a statistical value calculation unit that calculates a statistical value for an appearance frequency of each of plural communication patterns, from a traffic log obtained from traffic caused by malware, and a traffic log obtained from traffic in a predetermined communication environment; a malicious list candidate extraction unit that compares between the appearance frequency of the traffic logs for each of the communication patterns, based on the calculated statistical value, and extracts the communication pattern as the malicious communication pattern when a difference between both of the appearance frequencies is equal to or more than a predetermined threshold; and a threshold setting unit that sets a threshold so that an erroneous detection rate probability of erroneously detecting the traffic caused by malware and a detection rate probability of detecting the traffic caused by malware is equal to or more than a certain value.
    Type: Grant
    Filed: February 3, 2016
    Date of Patent: July 9, 2019
    Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Kazunori Kamiya, Kazufumi Aoki, Kensuke Nakata, Tohru Sato
  • Patent number: 10331889
    Abstract: The disclosed embodiments include a method for disarming malicious content in a computer system. The method includes accessing input content intended for a recipient of a network, automatically modifying at least a portion of digital values of the input content to render inactive code that is included in the input content intended for malicious purpose, the modified input content being of the same type as the accessed input content, enabling access to the modified input content by the intended recipient, analyzing the input content according to at least one malware detection algorithm configured to detect malicious content, and enabling access to the input content by the intended recipient when no malicious content is detected according to the at least one malware detection algorithm.
    Type: Grant
    Filed: March 20, 2018
    Date of Patent: June 25, 2019
    Assignee: VOTIRO CYBERSEC LTD.
    Inventor: Aviv Grafi
  • Patent number: 10326788
    Abstract: The disclosed computer-implemented method for identifying suspicious controller area network messages may include (i) monitoring, for a predetermined period of time, messages sent by an electronic control unit that comprise a controller area network identifier for at least one controller area network device, (ii) observing, in the messages, a set of corresponding patterns that each comprise a content pattern and a timing pattern, (v) detecting a message that comprises the controller area network identifier, wherein a content pattern of the message and a timing pattern of the message do not match any pair of corresponding patterns in the set of corresponding patterns, and (vi) determining that the message is suspicious based at least in part on content pattern of the message and the timing pattern of the message not matching any pair of corresponding patterns in the set. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: May 5, 2017
    Date of Patent: June 18, 2019
    Assignee: Symantec Corporation
    Inventors: Vishal Bajpai, Michael Pukish, Venkatesh Chakravarthy
  • Patent number: 10320831
    Abstract: The disclosed computer-implemented method for applying security updates to endpoint devices may include (1) calculating a reputation score for an endpoint device that indicates a security state of the endpoint device, (2) transmitting, from the endpoint device to a security server that provides security updates, a request to receive a security update with a degree of urgency based on the reputation score of the endpoint device, (3) receiving the security update from the security server in accordance with the degree of urgency, and then (4) applying the security update within the endpoint device. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: August 8, 2016
    Date of Patent: June 11, 2019
    Assignee: Symantec Corporation
    Inventors: Prasad Agarmore, Karan Khanna
  • Patent number: 10320810
    Abstract: The profiling and fingerprinting of communication and control (C&C) infrastructure is disclosed herein. An initial C&C profile is transmitted to a first network monitoring system. The initial C&C profile includes at least one of: (1) a domain corresponding to a C&C channel, and (2) a C&C pattern corresponding to a C&C channel. At least in part in response to information received from a second network monitoring system, the initial C&C profile is revised. An updated C&C profile is transmitted to the first network monitoring system.
    Type: Grant
    Filed: October 31, 2016
    Date of Patent: June 11, 2019
    Assignee: Palo Alto Networks, Inc.
    Inventors: Zhi Xu, Cong Zheng
  • Patent number: 10320822
    Abstract: The technology disclosed relates to identifying and notifying a user of nearby attendees at a mega attendance event who are in user's social graph by comparing the user's social graph to a list of event attendees. The identified attendees can be stratified into social graph tags that annotate, categorize and prioritize other users in the user's social graph. The technology disclosed also relates to identifying and notifying the user of nearby attendees of sessions at the event who meet introduction preferences of the user by finding matches between introduction preference attributes specified by the user and attributes of the attendees provided by the list of event attendees.
    Type: Grant
    Filed: February 1, 2018
    Date of Patent: June 11, 2019
    Assignee: salesforce.com, inc.
    Inventor: Jason Schroeder
  • Patent number: 10320840
    Abstract: A method for detecting spoofing by wireless access devices. In some embodiments, spoofing can be detected based on locations for a wireless access device having an identifier at first and second times. The locations are compared to determine whether the wireless access device could access the particular network at the locations in the time period between the first and second times. In several embodiments, spoofing can be detected by tracking the activity of wireless access devices and identifying events that that are prohibited by one or more policy elements of the particular network.
    Type: Grant
    Filed: September 29, 2017
    Date of Patent: June 11, 2019
    Assignee: OL Security Limited Liability Company
    Inventors: Elaine Harvey, Matthew Walnock
  • Patent number: 10305917
    Abstract: Methods and systems for detecting malicious processes include modeling system data as a graph comprising vertices that represent system entities and edges that represent events between respective system entities. Each edge has one or more timestamps corresponding respective events between two system entities. A set of valid path patterns that relate to potential attacks is generated. One or more event sequences in the system are determined to be suspicious based on the graph and the valid path patterns using a random walk on the graph.
    Type: Grant
    Filed: July 19, 2016
    Date of Patent: May 28, 2019
    Assignee: NEC Corporation
    Inventors: Zhengzhang Chen, LuAn Tang, Boxiang Dong, Guofei Jiang, Haifeng Chen
  • Patent number: 10303875
    Abstract: Apparatus and methods describe herein, for example, a process that can include receiving a potentially malicious file, and dividing the potentially malicious file into a set of byte windows. The process can include calculating at least one attribute associated with each byte window from the set of byte windows for the potentially malicious file. In such an instance, the at least one attribute is not dependent on an order of bytes in the potentially malicious file. The process can further include identifying a probability that the potentially malicious file is malicious, based at least in part on the at least one attribute and a trained threat model.
    Type: Grant
    Filed: January 23, 2018
    Date of Patent: May 28, 2019
    Assignee: Invincea, Inc.
    Inventors: Joshua Daniel Saxe, Konstantin Berlin
  • Patent number: 10289847
    Abstract: Systems, methods, and computer programs are disclosed for updating virtual memory addresses of target application functionalities for an updated version of application binary code. The method comprises storing a virtual address mapping table associated with application binary code registered with a high-level operating system. The virtual address mapping table comprises a plurality of virtual addresses mapped to corresponding target application functionalities in the application binary code. In response to receiving an updated version of the application binary code, a pseudo binary code template is selected, which is associated with one or more of the plurality of virtual addresses in the virtual address mapping table. The pseudo binary code template is matched to binary instructions in the updated version of the application binary code. The new virtual addresses corresponding to the matching binary instructions are determined. The virtual address mapping table is updated with the new virtual addresses.
    Type: Grant
    Filed: August 23, 2016
    Date of Patent: May 14, 2019
    Assignee: QUALCOMM Incorporated
    Inventor: Subrato Kumar De
  • Patent number: 10291534
    Abstract: Disclosed herein are system, method, and computer program product embodiments for increasingly applying network resources to traffic flows based on heuristics and policy conditions. A network determines that a traffic flow satisfies a first condition and transmits a first portion of the traffic flow to a network service. A network service then inspects the first portion of the traffic flow at a first level of detail and determines that the traffic flow satisfies a second condition. The network can then transmit a second portion of the traffic flow to the network service based on the determining the traffic flow satisfies the second condition. The network service can inspect the second portion of the traffic flow at a second level of detail, wherein the inspecting at the second level of detail requires a different amount of computing resources than the inspecting at the first level of detail.
    Type: Grant
    Filed: November 16, 2017
    Date of Patent: May 14, 2019
    Assignee: Level 3 Communications, LLC
    Inventors: Pete Joseph Caputo, II, William Thomas Sella
  • Patent number: 10291562
    Abstract: Embedding actionable content in electronic communication includes associating an embedding gadget with an electronic message and modifying the electronic message based on the embedding gadget.
    Type: Grant
    Filed: May 20, 2013
    Date of Patent: May 14, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Paul R. Bastide, Matthew E. Broomhall, Robert E. Loredo
  • Patent number: 10282699
    Abstract: An approach for updating of a repetition frequency of a system scan operation. The approach calculates values of asset management factors based on results of the asset management factors from a current and a previously performed system scan operation. Groups of the computer systems are treated as node equivalents, and the asset management factors are treated as synapse equivalents of the node equivalents. The approach also feeds values of the factors and weighing values as input for determining an update value for the repetition frequency as output. The weighing value is adaptable via the learning capability of the neural network equivalent. Finally, the repetition frequency is updated using the update value by an activation function.
    Type: Grant
    Filed: June 14, 2016
    Date of Patent: May 7, 2019
    Assignee: International Business Machines Corporation
    Inventors: Krzysztof G. Fabjanski, Marek Peszt, Agnieszka Tkaczyk, Piotr J. Walczak
  • Patent number: 10284589
    Abstract: Systems and methods for determining priority levels to process vulnerabilities associated with a networked computer system can include a data collection engine receiving a plurality of specification profiles, each defining one or more specification variables of the networked computer system or a respective asset. The data collection engine can receive, from a vulnerability scanner, vulnerability data indicative of a vulnerability associated with the networked computer system. A profiling engine can interrogate a computing device of the networked computer system, and receive one or more respective profiling parameters from that computing device. A ranking engine can compute a priority ranking value of the computing device based on the profile specification variables, the vulnerability data and the profiling parameters.
    Type: Grant
    Filed: October 31, 2016
    Date of Patent: May 7, 2019
    Assignee: Acentium Inc.
    Inventor: Amine Hamdi
  • Patent number: 10282550
    Abstract: Techniques for performing auto-remediation on computer system vulnerabilities in source code are disclosed herein. An application source code representation is scanned to determine any security vulnerabilities and from those vulnerabilities, a set of security patch rules are generated that may be used to automatically remediate the vulnerabilities. One or more of the security patch rules is selected for verification and, once verified may be used to generate a security patch. The security patch may then be automatically applied to the source code representation to produce a patched representation of the application source code with the vulnerability at least partly remediated.
    Type: Grant
    Filed: March 12, 2015
    Date of Patent: May 7, 2019
    Assignee: WhiteHat Security, Inc.
    Inventors: Eric Sheridan, Harry Papaxenopoulos, John Thomas Melton
  • Patent number: 10275238
    Abstract: A hybrid program analysis method includes initiating a static program analysis of an application, generating, by a static program analyzer, a query to a dynamic program analyzer upon determining a code construct of the application requiring dynamic analysis, resolving, by the dynamic program analyzer, the query into a set of arguments with which to invoke the code construct of the application, generating, by the dynamic program analyzer, the set of arguments, invoking, by the dynamic program analyzer, the code construct of the application using set of arguments, answering, by the dynamic program analyzer, the query, and continuing the static program analysis of the application.
    Type: Grant
    Filed: November 8, 2012
    Date of Patent: April 30, 2019
    Assignee: International Business Machines Corporation
    Inventors: Evgeny Beskrovny, Marco Pistoia, Omer Tripp
  • Patent number: 10277612
    Abstract: An edge device is dynamically reconfigured to block undesired traffic using control information that originates in a core network. The control information is delivered to the device indirectly and, in particular, by a core appliance (e.g., an intrusion prevention system) setting and returning an HTTP cookie to a requesting client. The edge device is pre-configured to respond to HTTP cookies that have (or that are) control information. When the receiving client later returns that cookie to the edge device to obtain subsequent service, the control information that originated at the core is used by the device to deny that service. This indirect method of communicating the control information (from the core to the requesting client and then back to the device) enables the device to be reconfigured dynamically as needed to address network exploits or other threats.
    Type: Grant
    Filed: September 28, 2015
    Date of Patent: April 30, 2019
    Assignee: International Business Machines Corporation
    Inventors: Mauro Marzorati, Aaron Keith Baughman, Gary Francis Diamanti, Elizabeth Merckel Valletti
  • Patent number: 10275467
    Abstract: Implementing a high availability mode. A distributed computing environment includes a plurality of nodes. Each of the nodes has an instance of a particular storage service. One or more of the instances have one or more cluster shared filesystems coupled to them. A method includes monitoring arrivals and departures of cluster shared file systems. The method further includes identifying the arrival of one or more clustered shared file systems previously attached to a different instance of the storage service on a different node and being accessible by following one or more namespace partitions located in that clustered shared file system. As a result, the method further includes connecting the instance of the storage service to the one or more arriving clustered shared file systems and exposing the one or more namespace partitions located in that clustered shared file system.
    Type: Grant
    Filed: March 15, 2016
    Date of Patent: April 30, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Diaa E. Fathalla, Sai Sudhir Anantha Padmanaban, Ali Ediz Turkoglu
  • Patent number: 10277542
    Abstract: Embedding actionable content in electronic communication includes associating an embedding gadget with an electronic message and modifying the electronic message based on the embedding gadget.
    Type: Grant
    Filed: May 22, 2013
    Date of Patent: April 30, 2019
    Assignee: INTERNATIOAL BUSINESS MACHINES CORPORATION
    Inventors: Paul R. Bastide, Matthew E. Broomhall, Robert E. Loredo
  • Patent number: 10257193
    Abstract: Embodiments are directed to a computing device having execution hardware including at least one processor core, and non-volatile memory that stores verification module and a private symmetric key unique to the computing device. The verification module, when executed on the execution hardware, causes the execution hardware to perform pre-execution local authenticity verification of externally-supplied code in response to a command to launch that code. The local authenticity verification includes computation of a cryptographic message authentication code (MAC) of the externally-supplied code based on the private symmetric key, and verification of the MAC against a stored local authenticity verification value previously written to the non-volatile memory. In response to a positive verification of the of the MAC, execution of the externally-supplied code is permitted.
    Type: Grant
    Filed: January 16, 2018
    Date of Patent: April 9, 2019
    Assignee: Intel Corporation
    Inventor: Ernie F. Brickell
  • Patent number: 10257153
    Abstract: A communication apparatus: designates a name in a network and requests name resolution for the name; receives a response to the request; and stores the name and information included in the response and relating to the name in a case where the name has a length not greater than a predetermined length, and does not store the name and the information in a case where the name has a length greater than the predetermined length.
    Type: Grant
    Filed: April 2, 2015
    Date of Patent: April 9, 2019
    Assignee: CANON KABUSHIKI KAISHA
    Inventor: Kensuke Sano
  • Patent number: 10248787
    Abstract: The disclosed computer-implemented method for determining reputations of files may include (i) identifying, on an endpoint device, a loadpoint data entry created by a file installed on the endpoint device that directs an operating system of the endpoint device to execute the file during boot up operations of the endpoint device, (ii) determining a reputation of the loadpoint data entry, (iii) detecting, on an additional endpoint device, an attempt to install a suspicious file with a loadpoint data entry at least partially similar to the loadpoint data entry of the file installed on the endpoint device, (iv) determining a reputation of the suspicious file based on the reputation of the loadpoint data entry of the file installed on the endpoint device, and (v) protecting the additional endpoint device from security threats by performing a security action on the suspicious file based on the reputation of the suspicious file.
    Type: Grant
    Filed: December 20, 2016
    Date of Patent: April 2, 2019
    Assignee: Symantec Corporation
    Inventor: Sujit Magar
  • Patent number: 10250631
    Abstract: Approaches for modeling a risk of security breaches to a network. Agents gather, from multiple sources across the network, analysis data that identifies observed characteristics of habitable nodes and opaque nodes. Using the analysis data a multi-layer risk model for the network is generated that comprises a first layer that models an inherent risk of security breaches to assets of the network based on the observed characteristics. The model also comprises a second layer that models a present state of the inherent risk to the assets caused by global and temporal events. The model also comprises a third layer that models a change to the risk of security breaches in response to potential mitigative actions. The model may be used to understand how risk of a security breach is distributed and interdependent upon the nodes of the network so as to allow the most valuable preventive measures to be taken.
    Type: Grant
    Filed: December 19, 2016
    Date of Patent: April 2, 2019
    Assignee: Balbix, Inc.
    Inventors: Vinay Sridhara, Vansh Pal Singh Makh, Gaurav Banga, Rajarshi Gupta
  • Patent number: 10200402
    Abstract: Systems and methods are described that enable the mitigation of network attacks directed to specific sets of content on a content delivery system. A set of content targeted in the attack may be identified based at least in part on a combination of network addresses to which attacked-related packets are transmitted. Thereafter, the content delivery system may mitigate the attack based on the identified target. For example, where both targeted and non-targeted sets of content are associated with the attacked network addresses, traffic directed to these sets of content may be separated, e.g., in order to reduce the impact of the attack on the non-targeted sets of content or increase the computing resources available to the targeted content. Redirection of traffic may occur using either or both of resolution-based redirection or routing-based redirection.
    Type: Grant
    Filed: September 25, 2017
    Date of Patent: February 5, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Anton Stephen Radlein, Nathan Alan Dye, Craig Wesley Howard, Harvo Reyzell Jones
  • Patent number: 10185924
    Abstract: Techniques are described for generating response recommendation information that describes one or more response profiles, each including one or more actions that may be performed to respond to a security risk present in a deployed software module. The response recommendation information may quantify, for each response profile, a cost and a benefit due to the performance of the action(s) included in the response profile. The cost may include lost revenues or other value lost due to the action(s). The benefit may include a mitigation of the security risk.
    Type: Grant
    Filed: July 1, 2014
    Date of Patent: January 22, 2019
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventors: Jon Arron McClintock, George Nikolaos Stathakopoulos
  • Patent number: 10187400
    Abstract: A computer system programmed to provide improved packet capture comprises: a plurality of sensor computers each programmed to capture data packets directed to a different compromised computer; a command server that is programmed to determine an expiration time for capturing a first set of data packets that have been routed toward a first compromised computer, to determine a time interval indicating an interval for capturing the first set of data packets, to identify a first packet capture filter of a plurality of packet capture filters for a first sensor computer of the plurality of sensor computers, to transmit, via a communications network, the first packet capture filter and a message, which comprises the time interval and the expiration time, to the first sensor computer of the plurality of sensor computers to capture the first set of data packets every the time interval and until the expiration time expires.
    Type: Grant
    Filed: June 29, 2017
    Date of Patent: January 22, 2019
    Assignee: Area 1 Security, Inc.
    Inventors: Javier Castro, Blake Darche, Chiraag Aval
  • Patent number: 10187423
    Abstract: Provided are methods and systems for mitigating a DDoS event. The method may comprise receiving an indication of a collapse of a collapsible virtual data circuit associated with network data traffic. In response to the received indication of the collapse, the collapse may be attributed to the DDoS event. Furthermore, the method may comprise redirecting the network data traffic to one or more DDoS mitigation services. The method may further comprise mitigating the DDoS event by the one or more DDoS mitigation services.
    Type: Grant
    Filed: December 21, 2017
    Date of Patent: January 22, 2019
    Assignee: A10 Networks, Inc.
    Inventors: Micheal Thompson, Vernon Richard Groves
  • Patent number: 10176428
    Abstract: The various aspects configure a mobile computing device to efficiently identify, classify, model, prevent, and/or correct the conditions and/or behaviors occurring on the mobile computing device that are related to one or more peripheral devices connected to the mobile computing device and that often degrade the performance and/or power utilization levels of the mobile computing device over time. In the various aspects, the mobile computing device may obtain a classifier model that includes, tests, and/or evaluates various conditions, features, behaviors and corrective actions on the mobile computing device that are related to one or more peripheral devices connected to the mobile computing device. The mobile computing device may utilize the classifier model to quickly identify and correct undesirable behaviors occurring on the mobile computing device that are related to the one or more connected peripheral devices.
    Type: Grant
    Filed: March 13, 2014
    Date of Patent: January 8, 2019
    Assignee: QUALCOMM Incorporated
    Inventors: Vinay Sridhara, Rajarshi Gupta
  • Patent number: 10176322
    Abstract: Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a method for performing content scanning of content objects is provided. A content object that is to be scanned is stored by a general purpose processor to a system memory of the general purpose processor. Content scanning parameters associated with the content object are set up by the general purpose processor. Instructions from a signature memory of a co-processor that is coupled to the general purpose processor are read by the co-processor based on the content scanning parameters. The instructions contain op-codes of a first instruction type and op-codes of a second instruction type. Those of the instructions containing op-codes of the first instruction type are assigned by the co-processor to a first instruction pipe of multiple instruction pipes of the co-processor for execution.
    Type: Grant
    Filed: September 18, 2017
    Date of Patent: January 8, 2019
    Assignee: Fortinet, Inc.
    Inventors: Xu Zhou, Lin Huang, Michael Xie
  • Patent number: 10171611
    Abstract: A method in one example embodiment includes generating a signature for an object in a compute node in a network, searching a memory element for the signature, and responsive to determining the memory element does not contain the signature, scanning the object. The method also includes updating the memory element with a scan result, and synchronizing the memory element of the compute node with one or more memory elements of one or more other compute nodes in the network. In specific embodiments, the scan result includes the signature of the object and a threat level of the object. In further embodiments, the synchronizing includes sending the scan result to one or more other compute nodes in the network. In more specific embodiments, the scan result is sent with one or more other scan results after a predetermined interval of time from a previous synchronization.
    Type: Grant
    Filed: March 2, 2015
    Date of Patent: January 1, 2019
    Assignee: McAfee, LLC
    Inventors: Venkata Ramanan, Simon Hunt
  • Patent number: 10164989
    Abstract: The present disclosure is related to a computer-implemented method and system for distinguishing human-driven Domain Name System (DNS) queries from Machine-to-Machine (M2M) DNS queries. The method includes receiving a DNS query, which includes a domain name, generating a probability score for the domain name based on one or more predetermined rules, and categorizing the DNS query as a human-driven DNS query or a M2M DNS query based on the probability score.
    Type: Grant
    Filed: December 15, 2015
    Date of Patent: December 25, 2018
    Assignee: Nominum, Inc.
    Inventors: James Paugh, Paul O'Leary, Robert S. Wilbourn, Thanh Nguyen, Iurii Iuzifovich, Erik D. Fears
  • Patent number: 10152518
    Abstract: A method for identifying similarity between query samples and stored samples in an efficiently maintained reference library may include receiving a binary query sample and processing the binary query sample via operations including producing a query sample fingerprint from the binary query sample, scoring the query sample fingerprint with each previously stored fingerprint in the reference library to produce a matching score, and for each previously stored fingerprint for which the matching score meets or exceeds a predetermined threshold, reporting a corresponding reference sample unique identifier associated with the previously stored fingerprint and the matching score. Each previously stored fingerprint in the reference library has been determined, prior to storage, as not being duplicative of another fingerprint in the reference library.
    Type: Grant
    Filed: October 29, 2015
    Date of Patent: December 11, 2018
    Assignee: The Johns Hopkins University
    Inventor: Jonathan D. Cohen
  • Patent number: 10152591
    Abstract: A system for discovering programming variants. The system analyzes system calls from executing a program to generate programming code or executable for a particular OS and/or CPU that would perform the same or similar actions as the program. The code that is generated is then mutated, augmented, and/or changed to create variations of the program which still functions and/or obtains the same objectives as the original code.
    Type: Grant
    Filed: August 5, 2016
    Date of Patent: December 11, 2018
    Assignee: PAYPAL, INC.
    Inventors: David Tolpin, Shlomi Boutnaru, Yuri Shafet
  • Patent number: 10148537
    Abstract: In one embodiment, a device in a network receives metrics regarding a node in the network. The device uses the metrics as input to a machine learning model. The device determines, using the machine learning model and based on the metrics, an indication of abnormality of the node oscillating between using a plurality of different routing parents in the network. The device provides a results notification based on the indication of abnormality of the node oscillating between using the plurality of different routing parents.
    Type: Grant
    Filed: September 16, 2015
    Date of Patent: December 4, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Jean-Philippe Vasseur, Pascal Thubert, Patrick Wetterwald, Eric Levy-Abegnoli
  • Patent number: 10133867
    Abstract: A trusted co-processor can provide a hardware-based observation point into the operation of a host machine owned by a resource provider or other such entity. The co-processor can be installed via a peripheral card on a fast bus, such as a PCI bus, on the host machine. The co-processor can execute malware detection software, and can use this software to analyze data and/or code obtained from the relevant resources of the host machine. The trusted co-processor can notify the customer or another appropriate entity of the results of the scan, such that an appropriate action can be taken if malware is detected. The results of the scan can be trusted, as malware will be unable to falsify such a notification or modify the operation of the trusted co-processor.
    Type: Grant
    Filed: March 29, 2016
    Date of Patent: November 20, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Eric Jason Brandwine, Matthew John Campagna, Gregory Alan Rubin
  • Patent number: 10121008
    Abstract: An invention that enables an automatic discovery of Vulnerabilities in software that consists of compiled and linked machine code. Once the vulnerability, i.e., a set of values in a file or memory or network packet that causes unintended execution of commands, is discovered, the invention also automatically creates a set of commands to execute to enable a user to execute unauthorized commands. Through the employment of random input file generation that follows a set of constraints, and symbolic execution that creates solutions in the form of data input sets, which results in the CPU's program counter to execute malicious code, the invention creates novel software vulnerabilities and exploits.
    Type: Grant
    Filed: March 18, 2014
    Date of Patent: November 6, 2018
    Inventor: Stephen Patrick Frechette
  • Patent number: 10116680
    Abstract: The disclosed computer-implemented method for evaluating infection risks based on profiled user behaviors may include (1) collecting user-behavior profiles that may include labeled profiles (e.g., infected profiles and/or clean profiles) and/or unlabeled profiles, (2) training a classification model to distinguish infected profiles from clean profiles using features and labels of the user-behavior profiles, and (3) using the classification model to predict (a) a likelihood that a computing system of a user will become infected based on a profile of user behaviors of the user and/or (b) a likelihood that a user behavior in the user-behavior profiles will result in a computing-system infection. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: June 21, 2016
    Date of Patent: October 30, 2018
    Assignee: Symantec Corporation
    Inventors: Yufei Han, Leylya Yumer, Pierre-Antoine Vervier, Matteo Dell'Amico
  • Patent number: 10114946
    Abstract: The present invention discloses a method and device for detecting malicious code in an intelligent terminal. The method comprises: acquiring a virtual machine executable file of an application from an application layer of an intelligent terminal operating system; decompiling the virtual machine executable file to obtain a decompiled function information structure; parsing the decompiled function information structure to extract a function calling sequence in the decompiled function information structure; matching the function calling sequence using a preset malicious code feature library; if matching succeeds, determining that the virtual machine executable file of the application contains malicious code.
    Type: Grant
    Filed: September 25, 2017
    Date of Patent: October 30, 2018
    Assignee: BEIJING QIHOO TECHNOLOGY COMPANY LIMITED
    Inventors: Kang Yang, Zhuo Chen, Hai Tang
  • Patent number: 10116673
    Abstract: A computer implemented method may allow for the upload and verification of a document. In one aspect, the method may receive a file at a data server associated with an insurance company event and determine if the file contains a computer security threat. The method may also determine if the file is supported and convert the file wherein the converted file is supported. The method may further flag the converted file for association with an insurance company event and transmit the converted file to a permanent storage server.
    Type: Grant
    Filed: December 29, 2017
    Date of Patent: October 30, 2018
    Assignee: STATE FARM MUTUAL AUTOMOBILE INSURANCE COMPANY
    Inventors: Jeffrey Mousty, John Dillard, Surendra Karnatapu, Robert Fatima
  • Patent number: 10110531
    Abstract: Controlling cascade of information transmitted and received via one or more online data sharing platforms and electronic communication network. A message to be shared is detected. The message and the corresponding message stream may be analyzed. An action may be taken upon the message responsive to one or more criteria being met based on analyzing the message and the corresponding message stream. The action may include at least forcing a fact check of the message that determines veracity of the message. The action may also include one or more of removing the message, disabling the message, allowing conditional sharing of the message, or allowing the message to be shared. The one or more criteria may include at least determining a confidence value below a threshold value that indicates the message is non-factual.
    Type: Grant
    Filed: June 11, 2015
    Date of Patent: October 23, 2018
    Assignee: International Business Machines Corporation
    Inventors: Paul R. Bastide, Thomas J. Evans, IV, Vijay Francis
  • Patent number: 10095846
    Abstract: A method and system for generating a protected version of the digital content is disclosed. The method includes obfuscating the digital content to yield a functionally equivalent obfuscated digital content, encrypting the obfuscated digital content using at least one device or non-device parameter, generating a decryption logic to be used for generating a decryption key based upon the at least one device or non-device parameter, and concatenating the encrypted digital content and the decryption logic to generate the protected version of the digital content.
    Type: Grant
    Filed: May 30, 2014
    Date of Patent: October 9, 2018
    Assignee: JSCRAMBLER S.A.
    Inventors: Antonio Pedro Freitas Fortuna dos Santos, Rui Miguel Silvares Ribeiro, Filipe Manuel Gomes Silva
  • Patent number: 10089582
    Abstract: Methods and systems for classifying mobile device behavior include generating a full classifier model that includes a finite state machine suitable for conversion into boosted decision stumps and/or which describes all or many of the features relevant to determining whether a mobile device behavior is benign or contributing to the mobile device's degradation over time. A mobile device may receive the full classifier model along with sigmoid parameters and use the model to generate a full set of boosted decision stumps from which a more focused or lean classifier model is generated by culling the full set to a subset suitable for efficiently determining whether mobile device behavior are benign. Results of applying the focused or lean classifier model may be normalized using a sigmoid function, with the resulting normalized result used to determine whether the behavior is benign or non-benign.
    Type: Grant
    Filed: August 14, 2015
    Date of Patent: October 2, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Kassem Fawaz, Vinay Sridhara, Rajarshi Gupta, Yin Chen
  • Patent number: 10084801
    Abstract: Detecting infectious messages comprises performing an individual characteristic analysis of a message to determine whether the message is suspicious, determining whether a similar message has been noted previously in the event that the message is determined to be suspicious, classifying the message according to its individual characteristics and its similarity to the noted message in the event that a similar message has been noted previously.
    Type: Grant
    Filed: December 6, 2016
    Date of Patent: September 25, 2018
    Assignee: SonicWALL Inc.
    Inventors: Jennifer Rihn, Jonathan J. Oliver
  • Patent number: 10075453
    Abstract: A device may determine a first set of hash values corresponding to a first set of files stored by a plurality of client devices. The device may analyze information associated with the first set of hash values to determine a second set of hash values corresponding to a second set of files to be analyzed. The second set of hash values may be different from the first set of hash values. The device may prioritize the second set of hash values to form a prioritized set of hash values corresponding to a prioritized set of files, of the second set of files, to be analyzed. The device may request the prioritized set of files from one or more client devices of the plurality of client devices. The device may receive the prioritized set of files, and may cause the prioritized set of files to be analyzed.
    Type: Grant
    Filed: March 31, 2015
    Date of Patent: September 11, 2018
    Assignee: Juniper Networks, Inc.
    Inventors: Kyle Adams, Jacob Asher Langton, Daniel J. Quinlan
  • Patent number: 10075474
    Abstract: This disclosure provides a notification subsystem for generating consolidated, filtered, and relevant security risk-based notifications. A method includes discovering multiple devices in a computing system. The method includes grouping the multiple devices into multiple security zones. The method includes generating a risk value identifying at least one cyber-security risk of the devices for one of the security zones. The method includes comparing the risk value to a threshold. The method includes automatically generating a notification for one or more users when the risk value violates the threshold.
    Type: Grant
    Filed: September 30, 2015
    Date of Patent: September 11, 2018
    Assignee: Honeywell International Inc.
    Inventors: Eric T. Boice, Ziad M. Kaakani, Seth G. Carpenter
  • Patent number: 10069851
    Abstract: Systems and methods for managing forwarded infectious messages are provided. Managing electronic message comprises receiving a message, forwarding the message, determining that the forwarded message is infectious after the message has been forwarded and preventing the infectious forwarded message from spreading.
    Type: Grant
    Filed: January 11, 2016
    Date of Patent: September 4, 2018
    Assignee: SONICWALL INC.
    Inventors: Jennifer Rihn, Jonathan J. Oliver
  • Patent number: 10063574
    Abstract: A method, apparatus, and medium are provided for tracing the origin of network transmissions. Connection records are maintained at computer system for storing source and destination addresses. The connection records also maintain a statistical distribution of data corresponding to the data payload being transmitted. The statistical distribution can be compared to that of the connection records in order to identify the sender. The location of the sender can subsequently be determined from the source address stored in the connection record. The process can be repeated multiple times until the location of the original sender has been traced.
    Type: Grant
    Filed: March 4, 2015
    Date of Patent: August 28, 2018
    Assignee: The Trustees of Columbia University in the City of New York
    Inventor: Salvatore J. Stolfo
  • Patent number: 10055584
    Abstract: A method and a device for obtaining virus signatures in the field of computer security have been disclosed. The method includes: obtaining text strings contained in each virus sample within a virus sample set; selecting text strings for use as virus signatures candidate according to a first frequency at which each text string occurs in a non-virus sample set and a second frequency at which each text string occurs in the virus sample set; calculating an information entropy of the virus signatures candidate according to a quantity of virus samples containing the virus signatures candidate and a quantity of non-virus samples containing the virus signatures candidate; and selecting virus signatures from the virus signatures candidate according to the information entropy. The present disclosure may timely identify the latest virus signatures and ensure that the obtained virus signatures are optimal signatures and may identify a wide range of virus variants.
    Type: Grant
    Filed: February 7, 2017
    Date of Patent: August 21, 2018
    Assignee: Tencent Technology (Shenzhen) Co., Ltd.
    Inventor: Sheng Guan
  • Patent number: 10055583
    Abstract: The embodiments of the present invention provide a method and apparatus for processing a file. By means of acquiring a target file to be scanned and then using recognition data of a deletable file to recognize the target file, so as to obtain a recognition result, the recognition result comprising the target file being a deletable file, the target file being an undeletable file or the target file being an unknown file, the embodiments of the present invention enable the deletion of the deletable file according to the recognition result. Since the recognized deletable file can be directly deleted without the need to perform virus scanning processing thereon and then pop up a corresponding alarm prompt regarding a confirmed virus file to remind a user to delete the virus file, the occupation of system resources of a terminal can be reduced, thereby improving the processing performance of the terminal.
    Type: Grant
    Filed: December 31, 2014
    Date of Patent: August 21, 2018
    Assignee: BAIDU ONLINE NETWORK TECHNOLOGY (BEIJING) CO., LTD.
    Inventors: Mingqiang Guo, Yongcheng Zhang
  • Patent number: 10049228
    Abstract: Native file encryption support is integrated into an existing file system that does not provide such support, such as the FAT family of file systems, while maintaining backwards compatibility with previous implementations of these file systems.
    Type: Grant
    Filed: December 3, 2015
    Date of Patent: August 14, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Darwin Ou-Yang, Peter Novotney, Ravinder Thind