Monitoring Or Scanning Of Software Or Data Including Attack Prevention Patents (Class 726/22)
  • Patent number: 10235520
    Abstract: A system and method for analyzing a patch file determine the similarity between a patch file of an application program and an existing file in terms of an operation pattern and a file type and also determine whether risky behavior is performed by the patch file, thereby detecting a file disguised as a patch file. The system for analyzing a patch file includes: a program analysis module configured to collect setup information configured in an application program and generate the collected information as reference information; a reference information database (DB) configured to store the reference information; a patch file analysis module configured to generate setup information configured in a patch file of the application program as patch information by analyzing the patch file; and a comparison module configured to search for reference information and compare the patch information with the reference information.
    Type: Grant
    Filed: March 23, 2015
    Date of Patent: March 19, 2019
    Assignee: SOFTCAMP CO., LTD.
    Inventor: Steve Bae
  • Patent number: 10235218
    Abstract: A computer system may identify a cryptographic application programming interface (API) call for a program. The cryptographic API call may include a first variable. The computer system may determine that the first variable is a static value. The computer system may tag the first variable. The computer system may determine that the cryptographic API call will be executed. The computer system may replace the first variable with a second variable during execution of the program. The computer system may execute the cryptographic API call with the second variable.
    Type: Grant
    Filed: May 3, 2016
    Date of Patent: March 19, 2019
    Assignee: International Business Machines Corporation
    Inventors: Paul Ionescu, Iosif V. Onut, Omer Tripp
  • Patent number: 10235522
    Abstract: Even if a virus invades a program in operation according to the present invention, regardless of the timing and means of invasion and the number of attempts thereof, the present program autonomously and unassistedly detects the virus as contamination of a memory area used by the program and disinfects the contamination for quick recovery in order to continue the normal operation. The present program detects the virus as contamination caused by false information against the intent of the present program. Upon occurrence of contamination, the present program detects the contamination as a predicate inconsistency. However, this scheme is not for detecting an invading virus but is needed as a structural requirement in order for the program to exist as a legitimate program. The present program disinfects the detected contamination using a scheme in accordance with the present invention.
    Type: Grant
    Filed: February 2, 2017
    Date of Patent: March 19, 2019
    Inventor: Fumio Negoro
  • Patent number: 10237721
    Abstract: Methods, systems, and computer readable media for validating a redirect address in a Diameter message are disclosed. One method occurs at a Diameter node, e.g., a Diameter routing agent (DRA) node, a packet data network (PDN) gateway, a policy and charging enforcement function (PCEF) node, or a Diameter edge agent (DEA) node. The method includes receiving a message containing a redirect address that appears to be associated with a top-up server for facilitating a subscriber to recharge or top-up an account balance. The method also includes determining whether the redirect address is valid by querying, using a subscriber related identifier, a data structure containing one or more addresses. The method further includes performing at least one action based on the determining.
    Type: Grant
    Filed: January 17, 2017
    Date of Patent: March 19, 2019
    Assignee: Oracle International Corporation
    Inventors: Nitin Gupta, Shashikiran Bhalachandra Mahalank, Venkatesh Aravamudhan
  • Patent number: 10228929
    Abstract: A computer system having a system memory and being arranged to permit a target program (90) installed on the system to be modified in a trusted manner. The system comprises a White-list Management Agent, WMA, module (10) for receiving, at a notification receiver (12), a notification that the target program (90) which is loaded into the system memory of the computer system has performed an update operation on the target program resulting in the generation and storage of a modified version of the target program on a storage device associated with the computer system. The WMA module is operable, upon receipt of a target program update notification, to determine if the program (90) as loaded into the system memory is in a trusted state by measuring the program (90) using a program measurer module (14) and comparing this, using a comparator (16), with a pre-stored value contained in a program whitelist (30), the pre-stored value being obtained from the program whitelist (30) using a whitelist reader/writer (18).
    Type: Grant
    Filed: August 15, 2014
    Date of Patent: March 12, 2019
    Assignee: BRITISH TELECOMMUNICATIONS public limited company
    Inventors: Fadi Ali El-Moussa, Andrew Paverd
  • Patent number: 10230729
    Abstract: A resource-access management system detects whether a user is authorized to access resources. The system may include a user device being configured to include a sensor that detects sensor data associated with the user. Further, the system includes a client qualification engine that determines whether or not a client is authorized to access the resources by comparing the sensor data with a plurality of patterns for evaluating whether or not the user is an authorized user. User scores are generated based on the compared sensor data and the plurality of patterns. Further, a composite score corresponding to the user is generated using the sensor data, plurality of patterns, and one or more additional criteria. Whether the user is granted access to the resources, presented with unauthorized user tests, or blocked from access to the resources depends on the composite score and threshold values.
    Type: Grant
    Filed: December 4, 2017
    Date of Patent: March 12, 2019
    Assignee: Live Nation Entertainment, Inc.
    Inventors: Fengpei Du, Michael Lane, Kenneth Ives-Halperin
  • Patent number: 10230754
    Abstract: A system, method, and computer program product for implementing a phishing assessment that includes a phishing server that implements one or more phishing assessments; the phishing server: identifies legitimate target domain names to be used in the phishing assessment, generates one or more pseudo domain names and pseudo web pages, where the pseudo domain name are visually similar to an identified target domain name and the pseudo web page includes one or more characteristics and attributes of a legitimate web page.
    Type: Grant
    Filed: February 20, 2018
    Date of Patent: March 12, 2019
    Assignee: Duo Security, Inc.
    Inventor: Jon Oberheide
  • Patent number: 10228968
    Abstract: A Network Interface Device (NID) of a web hosting server implements multiple virtual NIDs. For each virtual NID there is a block in a memory of a transactional memory on the NID. This block stores configuration information that configures the corresponding virtual NID. The NID also has a single managing processor that monitors configuration of the plurality of virtual NIDs. If there is a write into the memory space where the configuration information for the virtual NIDs is stored, then the transactional memory detects this write and in response sends an alert to the managing processor. The size and location of the memory space in the memory for which write alerts are to be generated is programmable. The content and destination of the alert is also programmable.
    Type: Grant
    Filed: August 29, 2017
    Date of Patent: March 12, 2019
    Assignee: Netronome Systems, Inc.
    Inventors: Gavin J. Stark, Rolf Neugebauer
  • Patent number: 10223748
    Abstract: Embodiments of the present disclosure relate to a data analysis system that may automatically generate memory-efficient clustered data structures, automatically analyze those clustered data structures, automatically tag and group those clustered data structures, and provide results of the automated analysis and grouping in an optimized way to an analyst. The automated analysis of the clustered data structures (also referred to herein as data clusters) may include an automated application of various criteria, rules, indicators, or scenarios so as to generate scores, reports, alerts, or conclusions that the analyst may quickly and efficiently use to evaluate the groups of data clusters.
    Type: Grant
    Filed: August 17, 2016
    Date of Patent: March 5, 2019
    Assignee: Palantir Technologies Inc.
    Inventors: Sean Hunter, Aditya Kumar, Jacob Albertson
  • Patent number: 10225269
    Abstract: There are provided a method and an apparatus for detecting attacks and automatically generating attack signatures based on signature merging. A method for detecting attacks and automatically generating attack signatures based on signature merging includes detecting a character string matched to at least one previously stored compressed attack signature in an input packet received from a network, determining whether the character string detected in the primary attack detection is matched to at least one previously stored individual attack signature, and, if the detected character string is matched to the at least one previously stored individual attack signature, determining the input packet as an attack packet, and, if the detected character string is not matched, determining the input packet as a new attack signature.
    Type: Grant
    Filed: August 1, 2016
    Date of Patent: March 5, 2019
    Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventor: Sungwon Yi
  • Patent number: 10217071
    Abstract: A multiplier is utilized to quantify a cybersecurity risk level of a portfolio of entities (e.g., companies) and enable actions to mitigate that quantified risk. In doing so, features or attributes of one or more companies in a portfolio are compared to features or attributes of one or more companies that experienced an adverse cybersecurity event (e.g. a data breach). Further, a degree of dependency, such as a matrix of a number of shared vendors and the proximity of those vendors to the companies, can be measured between (1) portfolio companies and one or more companies that experienced a cybersecurity event, and/or (2) the portfolio companies themselves to better quantify the risk. That is, to more meaningfully analyze a cybersecurity event that occurred at one or more companies and better predict the likelihood of an occurrence at portfolio companies, embodiments can determine an n-degree interdependency between companies.
    Type: Grant
    Filed: June 26, 2018
    Date of Patent: February 26, 2019
    Assignee: SecurityScorecard, Inc.
    Inventors: Jue Mo, Luis Vargas, A. Robert Sohval
  • Patent number: 10218722
    Abstract: The present invention discloses a computer implemented method for developing an anomaly detector which is adapted to detect/predict anomaly in one or more network terminals and optimize the behavior of the network terminals. The said method is adapted to collect and monitor the behavior of the network terminals and compare it with the behavior profile of the network terminals in order to detect the anomaly parameter. The behavior profile is the normal interaction of the software and hardware components of the network terminals. A system for implementation and execution of such anomaly detector is also disclosed.
    Type: Grant
    Filed: November 20, 2015
    Date of Patent: February 26, 2019
    Inventors: Yandy Perez Ramos, Aldo Ferrante
  • Patent number: 10218740
    Abstract: A computerized method for classifying objects in a malware system is described. The method includes detecting behaviors of an object for classification after processing of the object has begun. Data associated with the detected behaviors is collected, and a fuzzy hash for the received object is generated. The generation of the fuzzy hash may include (i) removing a portion of the data associated with the detected behaviors, and (ii) performing a hash operation on a remaining portion of the data associated with the detected behaviors. Thereafter, the fuzzy hash for the received object is compared to a fuzzy hash of an object in a preexisting cluster to generate a similarity measure. The received object is associated with the preexisting cluster in response to determining that the similarity measure is above a predefined threshold value. Thereafter, the results are reported.
    Type: Grant
    Filed: March 5, 2018
    Date of Patent: February 26, 2019
    Assignee: FireEye, Inc.
    Inventors: Ali Mesdaq, Paul L. Westin, III
  • Patent number: 10212182
    Abstract: In one embodiment, a server instructs one or more networking devices in a local area network (LAN) to form virtual network overlay in the LAN that redirects traffic associated with a particular node in the LAN to the server. The server receives the redirected traffic associated with the particular node. The server determines a node profile for the particular node based in part on an analysis of the redirected traffic. The server configures the particular node based on the determined node profile for the particular node.
    Type: Grant
    Filed: April 12, 2017
    Date of Patent: February 19, 2019
    Assignee: Cisco Technology, Inc.
    Inventors: Patrick Wetterwald, Pascal Thubert, Jean-Philippe Vasseur, Eric Levy-Abegnoli
  • Patent number: 10212602
    Abstract: A computer-implemented method for determining security reputations of wireless network access points may include (1) receiving a unique identifier for a wireless network access point to which a mobile device has connected and security information that identifies the security posture of the mobile device after connecting to the wireless network access point, (2) adding the unique identifier and the security information to a security database, (3) correlating the security information with an additional set of security information that identifies the security posture of an additional mobile device after connecting to the wireless network access point, (4) assigning a security reputation to the wireless network access point, and (5) enabling a requesting mobile device to determine whether to connect to the wireless network access point by providing the security reputation of the wireless network access point to the requesting mobile device.
    Type: Grant
    Filed: August 8, 2016
    Date of Patent: February 19, 2019
    Assignee: Symantec Corporation
    Inventors: Ajitesh RoyChowdhury, Rajdeep Deb
  • Patent number: 10212132
    Abstract: System, methods, and apparatuses enable a network security system to more efficiently perform pattern matching against data items. For example, the disclosed approaches may be used to improve the way in which a deep packet inspection (DPI) microservice performs pattern matching against data items (e.g., network traffic, files, email messages, etc.) in order to detect various types of network security threats (e.g., network intrusion attempts, viruses, spam, and other potential network security issues). A DPI microservice generally refers to an executable component of a network security system that monitors and performs actions relative to input data items for purposes related to computer network security.
    Type: Grant
    Filed: July 29, 2016
    Date of Patent: February 19, 2019
    Assignee: ShieldX Networks, Inc.
    Inventors: Ratinder Paul Singh Ahuja, Manuel Nedbal, Sumanth Gangashanaiah
  • Patent number: 10212180
    Abstract: Techniques for ascertaining legitimacy of communications received during a digital interaction with a client device. The techniques include: receiving a communication; identifying from the communication a first secured token; processing the first secured token by: obtaining, from the first secured token, information indicating a state of the digital interaction; and using the information indicating the state to determine whether the communication is from the client device; and when it is determined that the communication is from the client device, causing at least one action responsive to the communication to be performed; updating the information indicating the state of the digital interaction to obtain updated information indicating the state of the digital interaction; and providing a second secured token to the client device for use in a subsequent communication during the digital interaction, the second secured token comprising the updated information indicating the state of the digital interaction.
    Type: Grant
    Filed: September 4, 2016
    Date of Patent: February 19, 2019
    Assignee: MASTERCARD TECHNOLOGIES CANADA ULC
    Inventors: Christopher Everett Bailey, Randy Lukashuk, Gary Wayne Richardson
  • Patent number: 10210348
    Abstract: Disclosed are systems and methods for blocking access to protected applications. An exemplary method includes: intercepting access by a process of first information to be displayed on the user's device; determining second information based on the interception of the access by the process, the second information associated with the process; determining a region on a display of the user's device associated with the first information; analyzing one or more intersections between the region and at least one graphic interface associated with the process; and blocking the access by the process to the first information based on the analysis of the one or more intersections between the region and the at least one graphic interface associated with the process.
    Type: Grant
    Filed: December 5, 2016
    Date of Patent: February 19, 2019
    Assignee: AO Kaspersky Lab
    Inventors: Alexander V. Kalinin, Pavel L. Polozov, Vyacheslav I. Levchenko, Maxim V. Yudin
  • Patent number: 10204224
    Abstract: The present disclosure relates to malware and, more particularly, towards systems and methods of processing information associated with detecting and handling malware. According to certain illustrative implementations, methods of processing malware are disclosed. Moreover, such methods may include one or more of unpacking and/or decrypting malware samples, dynamically analyzing the samples, disassembling and/or reverse engineering the samples, performing static analysis of the samples, determining latent logic execution path information regarding the samples, classifying the samples, and/or providing intelligent report information regarding the samples.
    Type: Grant
    Filed: December 9, 2015
    Date of Patent: February 12, 2019
    Assignee: McAfee Ireland Holdings Limited
    Inventor: Lixin Lu
  • Patent number: 10205735
    Abstract: The disclosed techniques relate to a graph-based network security analytic framework to combine multiple sources of information and security knowledge in order to detect risky behaviors and potential threats. In some examples, the input can be anomaly events or simply regular events. The entities associated with the activities can be grouped into smaller time units, e.g., per day. The riskiest days of activity can be found by computing a risk score for each day and according to the features in the day. A graph can be built with links between the time units. The links can also receive scoring based on a number of factors. The resulting graph can be compared with known security knowledge for adjustments. Threats can be detected based on the adjusted risk score for a component (i.e., a group of linked entities) as well as a number of other factors.
    Type: Grant
    Filed: January 30, 2017
    Date of Patent: February 12, 2019
    Assignee: SPLUNK INC.
    Inventor: Georgios Apostolopoulos
  • Patent number: 10203918
    Abstract: An information processing apparatus including an access point function includes a display unit that displays wireless connection information corresponding to the access point function, a determination unit that determines whether a user who issued an instruction for activating the access point function matches a user who logged into the information processing apparatus, and a control unit that controls the display unit to display the wireless connection information in a case where the determination unit determines that the user who issued the instruction for activating the access point function matches the user who logged into the information processing apparatus and not to display the wireless connection information in a case where the user who issued the instruction for activating the access point does not match the user who logged into the information processing apparatus.
    Type: Grant
    Filed: May 19, 2017
    Date of Patent: February 12, 2019
    Assignee: Canon Kabushiki Kaisha
    Inventor: Hiroki Kawasaki
  • Patent number: 10200369
    Abstract: The disclosed computer-implemented method for dynamically validating remote requests within enterprise networks may include (1) receiving, on a target system within an enterprise network, a request to access a portion of the target system from a remote system within the enterprise network, (2) performing a validation operation to determine whether the remote system is trustworthy to access the portion of the target system by (A) querying an enterprise security system to authorize the request from the remote system and (B) receiving, from the enterprise security system in response to the query, a notification indicating whether the remote system is trustworthy to access the portion of the target system, and then (3) determining whether to grant the request based at least in part on the notification received from the enterprise security system as part of the validation operation. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: February 16, 2016
    Date of Patent: February 5, 2019
    Assignee: Symantec Corporation
    Inventors: Kevin Alejandro Roundy, Christopher Gates, Petrus Johannes Viljoen
  • Patent number: 10200398
    Abstract: Methods, systems, and apparatus for use in a distributed client-side user monitoring and attack system are disclosed herein. An example method includes providing a first set of instructions from a security application server to a target application server, the first set of instructions to, when executed, cause a client device to transmit a request for an image to the security application server. In response to the request for the image, a connection is opened between the client device and the security application server. Via the connection opened in response to the request for the image, a second set of instructions is provided to cause the client device to perform a vulnerability test on the target application server and communicate a result of the vulnerability test via the connection.
    Type: Grant
    Filed: September 22, 2017
    Date of Patent: February 5, 2019
    Assignee: Trustwave Holdings, Inc.
    Inventors: Tyler Rorabaugh, Quoc Quach, Matthew Batema, Jim Hong, Scott Parcel
  • Patent number: 10198581
    Abstract: A system comprising at least one component running on at least one server and receiving vulnerability data and, for each device of a plurality of devices, device data that includes data of at least one device component. The system includes a trust score corresponding to each device of the plurality of devices and representing a level of security applied to the device. The trust score is generated using a severity of the vulnerability data. The system includes an access control component coupled to the at least one component and controlling access of the plurality of devices to an enterprise using the trust score.
    Type: Grant
    Filed: March 7, 2012
    Date of Patent: February 5, 2019
    Assignee: Rapid7, Inc.
    Inventors: Giridhar Sreenivas, Derek Sigurdson, Kurt Berglund, Jordan Parker
  • Patent number: 10200400
    Abstract: A method for performing attribution on an adversary engaged in attacking a computer system while preventing the adversary from performing attribution includes steps of providing a callback server operatively connected to a communications network, configuring an anonymity system associated with the callback server, delivering executable code to an adversary computer operatively connected to the communications network and used by the adversary engaged in attacking the computer system wherein the executable code is executed by the adversary computer to send information associated with the adversary computer to the callback server through the anonymity system, routing the information associated with the adversary computer through the anonymity system to prevent the adversary from obtaining attribution associated with the callback server, receiving the information associated with the adversary computer at the callback server, and performing attribution on the adversary using the information associated with the adv
    Type: Grant
    Filed: August 11, 2016
    Date of Patent: February 5, 2019
    Assignee: NETSEC CONCEPTS LLC
    Inventor: Ethan Robish
  • Patent number: 10200374
    Abstract: Techniques for detecting malicious files are disclosed. In one embodiment, the techniques may be realized as a system for detecting malicious files comprising one or more computer processors. The one or more computer processors may be configured to collect at least one of a file or an attribute of the file. The one or more computer processors may further be configured to determine if the file is malicious. The one or more computer processors may further be configured to identify, if the file is determined to be malicious, a Uniform Resource Locator (URL) and a time frame associated with the file. The one or more computer processors may further be configured to detect a threat based on the URL and the time frame.
    Type: Grant
    Filed: February 29, 2016
    Date of Patent: February 5, 2019
    Assignee: SYMANTEC CORPORATION
    Inventors: Samuel Kim, Everett J. Lai, Thuan Vo
  • Patent number: 10200382
    Abstract: A system and method for detecting abnormal traffic behavior. The method comprises: applying a task to an input data set to create an un-normalized cluster of traffic features, wherein the task defines a plurality of traffic features; computing a center point of the cluster of traffic features; computing a distance between the computed center point and a new sample, wherein the new sample includes traffic features defined in the task; and determining, based on the computed distance, whether the received new sample demonstrates abnormal behavior.
    Type: Grant
    Filed: November 5, 2015
    Date of Patent: February 5, 2019
    Assignee: RADWARE, LTD.
    Inventors: Lev Medvedovsky, David Aviv
  • Patent number: 10193890
    Abstract: A communication apparatus receives control information of first data and a plurality of types of header information of first data, the first data being received by a first data receiver; selects a parameter from the plurality of types of header information of the first data based on a priority of a first data receiver group to which the first data receiver belongs and a storage condition, the priority being indicated by priority information, the storage condition indicating the number of entries of a whitelist that can be stored in a whitelist storage first memory; and add, to the whitelist, an entry that includes control information of the first data and at least one parameter selected above.
    Type: Grant
    Filed: August 8, 2016
    Date of Patent: January 29, 2019
    Assignee: Alaxala Networks Corporation
    Inventors: Keigo Uchizumi, Hiroki Yano, Yoshifumi Atarashi
  • Patent number: 10187419
    Abstract: A method and system for secure notification message presentation are disclosed. A device with one or more processors and memory detects a trigger to display a notification message and, in response to detecting the trigger, determines a risk level corresponding to the notification message based on content of the notification message, where the risk level is one of benign, malicious, or unknown. In accordance with a determination that the risk level corresponding to the notification message is benign, the device displays the notification message. In accordance with a determination that the risk level corresponding to the notification message is malicious, the device displays blocking display of the notification message.
    Type: Grant
    Filed: April 21, 2016
    Date of Patent: January 22, 2019
    Assignee: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED
    Inventor: Baike Lin
  • Patent number: 10185645
    Abstract: Querying resource lifetime using a trace of program execution. An embodiment includes identifying a query expression targeted at least a portion of the trace of program execution. The query expression specifies at least (i) a data object representing a plurality of events identified in the trace, each event associated with one or more attributes relating to resource lifetime, and (ii) one or more conditions matching the one attributes relating to resource lifetime. In response to receiving the query expression, the query expression is processed based at least on an analysis of an identified subset of the trace. Based on processing the query expression, a result data set that includes or identifies at least one of the plurality of events that meets the one or more conditions is presented.
    Type: Grant
    Filed: June 23, 2017
    Date of Patent: January 22, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Jordi Mola, Kenneth Walter Sykes
  • Patent number: 10187403
    Abstract: A system detects a security attack through a network-based application. The system receives a runtime request for invocation of a function and dynamically determines if the request for invocation of the function is associated with a cross-site scripting attack. In response to determine the function is associated with a cross-site scripting attack, the system stores information associated with the request, which is used for determining if the request is a legitimate request or a cross-site scripting attack.
    Type: Grant
    Filed: December 2, 2015
    Date of Patent: January 22, 2019
    Assignee: SALESFORCE.COM, INC.
    Inventors: Amalkrishnan Chemmany Gopalakrishnan, Angel Prado, Sun Hwan Kim, Omkar Ramesh Kulkarni, Harsimranjit Singh Chabbewal
  • Patent number: 10187416
    Abstract: The subject matter described herein includes methods, systems, and computer program products for data traffic signature-based detection and protection against malware. According to one method, data traffic and behavior associated with a computing device is monitored and a device activity signature is created that includes an abstraction of the data traffic. A classification of the device activity signature is determined and a policy decision for the computing device is applied based on the determined classification.
    Type: Grant
    Filed: September 25, 2017
    Date of Patent: January 22, 2019
    Assignee: Seven Networks, LLC
    Inventor: Ross Bott
  • Patent number: 10182040
    Abstract: Described are systems, methods, and computer readable medium for authenticating user device interactions with external entities. A secure communication session is established between an external device or application and a trusted execution environment. An authentication request is received from the external application or device at the trusted execution environment. A secure communication channel is established between the trusted execution environment and an input/output interface of the user authentication device. Input is received from a user assurance action related to the authentication request over the secure communication channel. Data is encrypted at a secure element of the user authentication device, and a response is transmitted including the encrypted data and an indicator of the user assurance action to the external application or device from the trusted execution environment in response to the authentication request via the secure communication session.
    Type: Grant
    Filed: June 9, 2016
    Date of Patent: January 15, 2019
    Assignee: Massachusetts Institute of Technology
    Inventors: Hongyi Hu, Chad S. Spensky
  • Patent number: 10182066
    Abstract: In one embodiment, a device in a network analyzes data indicative of a behavior of a network using a supervised anomaly detection model. The device determines whether the supervised anomaly detection model detected an anomaly in the network from the analyzed data. The device trains an unsupervised anomaly detection model, based on a determination that no anomalies were detected by the supervised anomaly detection model.
    Type: Grant
    Filed: November 2, 2017
    Date of Patent: January 15, 2019
    Assignee: Cisco Technology, Inc.
    Inventors: Fabien Flacher, Grégory Mermoud, Jean-Philippe Vasseur, Sukrit Dasgupta
  • Patent number: 10177998
    Abstract: Flow data can be augmented with features or attributes from other domains, such as attributes from a source host and/or destination host of a flow, a process initiating the flow, and/or a process owner or user. A network can be configured to capture network or packet header attributes of a first flow and determine additional attributes of the first flow using a sensor network. The sensor network can include sensors for networking devices (e.g., routers, switches, network appliances), physical servers, hypervisors or container engines, and virtual partitions (e.g., virtual machines or containers). The network can calculate a feature vector including the packet header attributes and additional attributes to represent the first flow. The network can compare the feature vector of the first flow to respective feature vectors of other flows to determine an applicable policy, and enforce that policy for subsequent flows.
    Type: Grant
    Filed: June 3, 2016
    Date of Patent: January 8, 2019
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Ali Parandehgheibi, Mohammadreza Alizadeh Attar, Omid Madani, Vimalkumar Jeyakumar, Ellen Christine Scheib, Navindra Yadav
  • Patent number: 10176320
    Abstract: This disclosure provides a security system and method for using machine learning to improve cybersecurity operations in an industrial control networks and other systems. A method includes collecting, by a security system, current process information for a plurality of processes in a control system. The method includes analyzing, by the security system, the current process information according to one or more process models. The method includes producing, by the security system and according to the analysis, a risk report that identifies an abnormal process among the plurality of processes.
    Type: Grant
    Filed: December 4, 2017
    Date of Patent: January 8, 2019
    Assignee: Honeywell International Inc.
    Inventors: Kevin McMurdie, Ganesh P. Gadhe
  • Patent number: 10171494
    Abstract: A method, computer program product and/or system receives information pertaining to network data traffic from and/or to a network accessible resource, analyzes the information to determine whether a user is engaged in potential hacking transaction(s) with respect to the resource. On condition that the user is determined to be engaged in potential hacking transaction(s), a “scarecrow” message designed for display to the user, is generated and sent to the user.
    Type: Grant
    Filed: February 16, 2016
    Date of Patent: January 1, 2019
    Assignee: International Business Machines Corporation
    Inventors: Roza Miroshnikov, David Rozenblat, Oded Sofer
  • Patent number: 10172131
    Abstract: A wireless device (120) and a method for enabling access to a radio network node (110) as well as a radio network node (110) and a method for enabling the wireless device (120) to enable access to the radio network node (110) are disclosed. The wireless device (120) supports a first transmission bandwidth. The radio network node (110) operates a carrier on a second transmission bandwidth. The first transmission bandwidth is narrower than the second transmission band width. The wireless device (120) obtains (202) information about the carrier. The wireless device (120) determines (206) a mapping scheme for mapping a set of enumerable elements, e.g. resource blocks or sequence elements, to frequency ranges based on the information about the carrier.
    Type: Grant
    Filed: March 25, 2013
    Date of Patent: January 1, 2019
    Assignee: Telefonaktiebolaget LM Ericsson (Publ)
    Inventors: Robert Baldemair, Jung-Fu Cheng, Mattias Frenne, Havish Koorapaty, Daniel Larsson
  • Patent number: 10171352
    Abstract: A communication system includes at least one node that processes a packet, and a control device that receives a request for a transmission of a first processing rule from said node, the first processing rule including a matching rule and a second processing rule that conforms to the matching rule, the matching rule being for comparing with information included in the packet. The control device retrieves a first processing rule which corresponds to an identifier from a database if the identifier for identifying the first processing rule is included in the request.
    Type: Grant
    Filed: July 20, 2016
    Date of Patent: January 1, 2019
    Assignee: NEC CORPORATION
    Inventor: Yasunobu Chiba
  • Patent number: 10169190
    Abstract: A method and system to detect behaviors of operational computer code. The method begins by tracking a synthetic call trace state variable when extracting the computed behavior of the program. The method continues by extending instruction semantics of call instructions with additional semantics by adding a current function call, either local or external API, to an existing call trace represented by the synthetic call trace state variable. A method finishes with extracting the computed behavior of a program.
    Type: Grant
    Filed: September 20, 2017
    Date of Patent: January 1, 2019
    Assignee: Lenvio Inc.
    Inventor: Kirk Damon Sayre
  • Patent number: 10169460
    Abstract: Processes are disclosed for fingerprinting and identifying client applications based on the analysis of client requests. In an HTTP-based embodiment, a fingerprint is constructed based on the presence and order of HTTP headers included in a request from a client application or device. This fingerprint may then be compared to known fingerprints associated with particular client applications to identify the particular client application and/or to assess whether the client application is malicious. The results of this analysis may, for example, be used to determine how to respond to the current request and/or subsequent requests.
    Type: Grant
    Filed: December 31, 2015
    Date of Patent: January 1, 2019
    Assignee: Oath Inc.
    Inventors: William Salusky, Mark Ellzey Thomas
  • Patent number: 10169603
    Abstract: Aspects include detecting that an extract transform load (ETL) job in an ETL system has been submitted for execution. The ETL job can include an input data storage location and an output data storage location. The ETL job is analyzed to predict whether execution of the ETL job will result in sensitive information being made accessible to an unauthorized user. The analyzing can be based on a sensitivity status of contents of the input data storage location and a data lineage of contents of the output data storage location. The ETL job is prevented from executing based on predicting that execution of the ETL job will result in sensitive information being made accessible to an unauthorized user. Execution of the ETL job is initiated based on predicting that execution of the ETL job will not result in sensitive information being made accessible to an unauthorized user.
    Type: Grant
    Filed: March 16, 2016
    Date of Patent: January 1, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Shlomit Becker, Boris Melamed, Alexander Pyasik, Shani Turgeman, Gidi Weber, Yifat Yulevich
  • Patent number: 10169584
    Abstract: The disclosed computer-implemented method for identifying non-malicious files on computing devices within organizations may include (1) identifying a file on at least one computing device within multiple computing devices managed by an organization, (2) identifying a source of the file based on examining a relationship between the file and the organization, (3) determining that the source of the file is trusted within the organization, and then (4) concluding, based on the source of the file being trusted within the organization, that the file is not malicious. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: June 25, 2015
    Date of Patent: January 1, 2019
    Assignee: Symantec Corporation
    Inventors: Kevin Roundy, Sandeep Bhatkar, Aleatha Parker-Wood, Yin Liu, Anand Kashyap, Leylya Yumer, Christopher Gates
  • Patent number: 10171490
    Abstract: The system and method described herein may leverage active network scanning and passive network monitoring to provide strategic anti-malware monitoring in a network. In particular, the system and method described herein may remotely connect to managed hosts in a network to compute hashes or other signatures associated with processes running thereon and suspicious files hosted thereon, wherein the hashes may communicated to a cloud database that aggregates all known virus or malware signatures that various anti-virus vendors have cataloged to detect malware infections without requiring the hosts to have a local or resident anti-virus agent. Furthermore, running processes and file system activity may be monitored in the network to further detect malware infections. Additionally, the network scanning and network monitoring may be used to detect hosts that may potentially be participating in an active botnet or hosting botnet content and audit anti-virus strategies deployed in the network.
    Type: Grant
    Filed: June 12, 2015
    Date of Patent: January 1, 2019
    Assignee: Tenable, Inc.
    Inventors: Marcus J. Ranum, Ron Gula
  • Patent number: 10169576
    Abstract: Embodiments of the invention provide for malware collusion detection in a mobile computing device. In one embodiment, a method for malicious inter-application interaction detection in a mobile computing device includes filtering applications installed in a mobile device to a set of related applications and then monitoring in the mobile device execution of the related applications in the set. The method additionally includes computing resource utilization of one of the related applications executing in a background of the mobile device while also computing execution performance of a different one of the related applications. Finally, the method includes responding to a determination that the computed resource utilization is high while the computed execution performance is poor by generating a notification in the display of the mobile device that the one of the related applications is suspected of malware collusion with the different one of the related applications.
    Type: Grant
    Filed: November 15, 2016
    Date of Patent: January 1, 2019
    Assignee: International Business Machines Corporation
    Inventors: Vijay Ekambaram, Roger C. Snook, Leigh Williamson, Shinoj Zacharias
  • Patent number: 10171492
    Abstract: Systems and methods for improving the performance of DDoS mitigation by monitoring the health of a protected network resource are provided. According to one embodiment, health of a network device protected by DoS mitigation device can be evaluated and packet/traffic received on the DoS mitigation device can be selectively/conditionally forwarded to the protected network device or can be dropped based on the health of the protected network device. According to one embodiment, at-least a part of the traffic is blocked when the health of the protected network device is below a predetermined health threshold. In an exemplary implementation, a measure of volume of traffic originated by different computing devices and handled by the protected network device can be computed, and packet filtering or conditional forwarding can be enabled when the computed measure of volume of traffic exceeds a predetermined traffic volume threshold.
    Type: Grant
    Filed: June 24, 2016
    Date of Patent: January 1, 2019
    Assignee: Fortinet, Inc.
    Inventors: William A. Kish, Sergey Katsev
  • Patent number: 10164998
    Abstract: Systems and methods for identifying and remediating malware-compromised mobile devices are disclosed. A computer-implemented method includes accessing, by a computing device, malware risk data; determining, by the computing device, a mobile device is at risk from malware based on the malware risk data; identifying, by the computing device, a set of connections of a user of the mobile device, wherein each connection in the set of connections is associated with a user computer device; identifying, by the computing device, at least one user computer device from the set of connections at risk from the malware; and outputting, by the computer device, a malware notification for the mobile device at risk and at least one user computer device at risk.
    Type: Grant
    Filed: September 13, 2017
    Date of Patent: December 25, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Anne L. Bolgert, Richard J. Cohen, Miguel Sang, Krishna K. Yellepeddy
  • Patent number: 10163108
    Abstract: Embodiments of the present invention provide systems and methods for generating policy-based transaction alerts. In accordance with the systems and methods, an alert generation engine transparently detects ongoing transactions without participating in the transaction path, and generates policy-based alerts.
    Type: Grant
    Filed: February 28, 2013
    Date of Patent: December 25, 2018
    Assignee: Ondot Systems, Inc.
    Inventors: Vaduvur Bharghavan, Jari Malinen, Rahul Paul, Ramachandran Minakshi Sundaram
  • Patent number: 10164995
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for performing semi-supervised learning on partially labeled nodes on a bipartite graph. One described method can determine a useful score of malware infection risk from partial known facts for entities modeled as nodes on a bipartite graph, where network traffic is measured between inside-the-enterprise entities and outside-the-enterprise entities. This and other methods can be implemented in a large-scale massively parallel processing database. Methods of scaling the partial label input and of presenting the results are also described.
    Type: Grant
    Filed: August 14, 2015
    Date of Patent: December 25, 2018
    Assignee: Pivotal Software, Inc.
    Inventors: Chunsheng Fang, Derek Chin-Teh Lin
  • Patent number: 10162973
    Abstract: Embodiments of the present invention disclose methods and systems which receive a user credential corresponding to a user, a task to be performed by the user, a security policy including a user role, and sensitive information. These methods and systems dynamically provision virtual machines including un-redacted information from received sensitive information. Furthermore, a set of tools process the redacted information, based on the user credential, the task to be performed, and the security policy.
    Type: Grant
    Filed: June 28, 2016
    Date of Patent: December 25, 2018
    Assignee: International Business Machines Corporation
    Inventors: Itai Gordon, Peter Hagelund, Ilan D. Prager