Monitoring Or Scanning Of Software Or Data Including Attack Prevention Patents (Class 726/22)
  • Patent number: 10742676
    Abstract: Data is collected from a set of devices according to a data collection policy. The data is associated with device configuration, device state, or device behavior. A norm is established using the collected data. A different data collection policy is established based on the norm. Data is collected from a particular device according to the different data collection policy. The norm is compared to the data collected from the particular device. If there is a deviation outside of a threshold deviation between the norm and the data collected from the particular device, a message is transmitted to an administrator.
    Type: Grant
    Filed: August 23, 2018
    Date of Patent: August 11, 2020
    Assignee: LOOKOUT, INC.
    Inventors: Kevin Patrick Mahaffey, Timothy Micheal Wyatt, Brian James Buck, John Gunther Hering, Amit Gupta, Alex Cameron Abey
  • Patent number: 10740466
    Abstract: Interfaces of a compute node on a printed circuit board can be secured by obfuscating the information communicated over the interfaces. Data to be communicated between the compute node and a device on the printed circuit board using an interface can be encrypted, and an address corresponding to the data to be communicated can be scrambled. In addition, the compute node can be the root of trust which can provide secure boot of different components using an on-chip mechanism, and without relying on external devices.
    Type: Grant
    Filed: September 29, 2016
    Date of Patent: August 11, 2020
    Assignee: Amazon Technologies, Inc.
    Inventors: Nafea Bshara, Matthew Shawn Wilson, Eric Jason Brandwine, Anthony Nicholas Liguori, Yaniv Shapira, Mark Bradley Davis, Adi Habusha
  • Patent number: 10740463
    Abstract: A method for proactively detecting shared libraries suspected of association with malware includes the steps of determining one or more shared libraries loaded on an electronic device, determining that one or more of the shared libraries include suspicious shared libraries by determining that the shared library is associated with indications that the shared library may have been maliciously injected, loaded, and/or operating on the electronic device, and identifying the suspicious shared libraries to a reputation server.
    Type: Grant
    Filed: February 5, 2018
    Date of Patent: August 11, 2020
    Assignee: McAfee, LLC
    Inventor: Ahmed Said Sallam
  • Patent number: 10742668
    Abstract: A network attack pattern determination apparatus, method, and non-transitory computer readable storage medium thereof are provided. The apparatus is stored with several attack patterns and access records. Each access record includes a network address, time stamp, and access content. Each attack pattern corresponds to at least one attack access relation. Each attack access relation is defined by a network address and access content. The apparatus retrieves several attack records according to at least one attack address. The network address of each attack record is one of the attack address(s). The apparatus divides the attack records into several groups according to the time stamps and performs the following operations for each group: (a) creating at least one access relation for each attack address included in the group and (b) determining that the group corresponds to one of the attack patterns according to the at least one access relation of the group.
    Type: Grant
    Filed: December 7, 2016
    Date of Patent: August 11, 2020
    Assignee: Institute For Information Industry
    Inventors: Chia-Min Lai, Ching-Hao Mao, Chih-Hung Hsieh, Te-En Wei, Chi-Ping Lai
  • Patent number: 10740496
    Abstract: A method and an apparatus for operating a multi-processor system of an electronic device. The electronic device includes a memory for storing commands for running a secure Operating System (OS) and a non-secure OS, and at least one processor including a plurality of processor cores. Upon generation of at least one secure OS thread in the secure OS installed on the electronic device, the at least one processor generates and sends information indicating a secure mode operation request by assigning at least one of the processors cores in the secure OS, and executes the secure OS thread on the at least one processor core assigned in a secure mode based on the information.
    Type: Grant
    Filed: January 11, 2018
    Date of Patent: August 11, 2020
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Alexander Nikolaevich Matveev, Vladimir Vasilievich Podieiapolskii
  • Patent number: 10733323
    Abstract: A method, system and computer-usable medium are disclosed for performing a privacy operation, comprising: monitoring user behavior via an Input/output collector, the Input/output collector capturing user/device interactions between a user and a device; determining whether the user/device interactions include sensitive personal information; obfuscating the sensitive personal information, the obfuscating preventing viewing of the sensitive personal information; storing obfuscated sensitive personal information within an obfuscated sensitive personal information repository; and, allowing access to the obfuscated sensitive personal information stored within the obfuscated sensitive personal information repository only when an administrator is authorized to access the obfuscated sensitive personal information so as to provide conditional sensitive personal information access.
    Type: Grant
    Filed: March 29, 2019
    Date of Patent: August 4, 2020
    Assignee: Forcepoint LLC
    Inventors: Richard A. Ford, Christopher B. Shirey, Jonathan B. Knepher, Lidror Troyansky
  • Patent number: 10735374
    Abstract: A method, an apparatus, and a system for detecting a terminal security status are provided. The method includes: receiving a file, and running the file, to generate a dynamic behavior result. The dynamic behavior result includes a behavior sequence that is generated according to a chronological order of occurrence of behaviors. When the file includes an APT, the security protection device obtains a stable behavior feature in the dynamic behavior result, generates a corresponding IOC according to the stable behavior feature, and sends the generated IOC to a terminal. The stable behavior feature is a behavior always existing in a behavior sequence that is generated each time after the file is run.
    Type: Grant
    Filed: January 15, 2018
    Date of Patent: August 4, 2020
    Assignee: Huawei Technologies Co., Ltd.
    Inventor: Yongcun Gan
  • Patent number: 10733297
    Abstract: A device may generate versions of a first executable process that is associated with deterministically defined parameters. The device may run the versions of the first executable process, and may monitor device parameters of the device or the first executable process when running the versions of the first executable process. The device may determine, based on monitoring the device parameters of the device or the first executable process, a variance to a parameter of the deterministically defined parameters relative to an expected value for the parameter, and may provide information indicating a presence of malware in connection with the device based on determining the variance to the parameter.
    Type: Grant
    Filed: August 30, 2018
    Date of Patent: August 4, 2020
    Assignee: Juniper Networks, Inc.
    Inventors: Anoop Wilbur Saldanha, Abhijit Mohanta
  • Patent number: 10735469
    Abstract: The disclosed apparatus may include a storage device that stores a set of security policies. In this example, the apparatus may also include a physical processor that is communicatively coupled to the storage device. This physical processor may (1) analyze an unknown flow of packets that are destined for a target node within the network, (2) identify at least one characteristic of the unknown flow of packets based at least in part on the analysis, (3) predictively select, from the set of security policies stored in the storage device, a security policy to apply to the unknown flow of packets based at least in part on the characteristic of the unknown flow of packets, and then (4) perform at least one security action defined by the predictively selected security policy on the unknown flow of packets. Various other apparatuses, systems, and methods are also disclosed.
    Type: Grant
    Filed: July 1, 2017
    Date of Patent: August 4, 2020
    Assignee: Juniper Networks, Inc
    Inventor: Craig Dods
  • Patent number: 10735438
    Abstract: An exemplary system, method and computer-accessible medium for determining a starting point of a header field(s) in a network packet(s) can be provided, which can include, for example receiving the network(s) packet, determining a header location of the header field(s) in the network packet(s), determining a delimiter location of a delimiter(s) in the network packet(s), and determining the starting point of the header field(s) based on the header and delimiter locations. The header location can be determined using a header finder module. The delimiter location can be determined using a delimiter finder module. The header and delimiter locations can be determined using a plurality of comparators arranged into a plurality of sets.
    Type: Grant
    Filed: January 6, 2017
    Date of Patent: August 4, 2020
    Assignee: New York University
    Inventors: Sateesh K. Addepalli, Ramesh Karri, Vinayaka Jyothi
  • Patent number: 10733030
    Abstract: According to one embodiment, a computer-implemented method includes executing code for an application using a computing resource of a first computing device. The application requests execution of a first thread and a second thread. The first thread is executed using the computing resource of the first computing device. A second computing device is selected from a plurality of computing devices. The second computing device has an available computing resource to execute the second thread. The second thread is assigned to the second computing device. The second computing device is operable to execute the second thread using the available computing resource.
    Type: Grant
    Filed: June 6, 2016
    Date of Patent: August 4, 2020
    Assignee: Amazon Technologies, Inc.
    Inventor: Chris Higgins
  • Patent number: 10735443
    Abstract: A computer-implemented method, computer program product and computing system for: obtaining consolidated platform information to identify current security-relevant capabilities for a computing platform; determining possible security-relevant capabilities for the computing platform; and generating comparison information that compares the current security-relevant capabilities of the computing platform to the possible security-relevant capabilities of the computing platform to identify security-relevant deficiencies.
    Type: Grant
    Filed: June 5, 2019
    Date of Patent: August 4, 2020
    Assignee: ReliaQuest Holdings, LLC
    Inventors: Brian P. Murphy, Joe Partlow, Colin O'Connor, Jason Pfeiffer
  • Patent number: 10735370
    Abstract: Name based Internet of Things (IoT) discovery includes receiving domain name system (DNS) events. An Internet Protocol (IP) address to name mapping is built based on the DNS events. A data communication event occurring in a computer network is received. A destination IP address in the data communication event is mapped to a domain name by querying the IP address to name mapping. Whether the data communication event is associated with an IoT device is determined based on the domain name satisfying a rule.
    Type: Grant
    Filed: February 28, 2019
    Date of Patent: August 4, 2020
    Assignee: International Business Machines Corporation
    Inventors: Dilip Dinkar Kandlur, Douglas M. Freimuth, Thai Franck Le, Erich Nahum, Jorge Jose Ortiz
  • Patent number: 10726704
    Abstract: Systems and methods for delaying transmission of an alarm signal responsive to detecting delay actions indicative of progress towards confirming or denying the alarm signal are provided and can include an alarm processing device receiving the alarm signal and determining whether a user device is enrolled in an alarm notification service. When the user device is enrolled in the alarm notification service, the alarm processing device can transmit a notification to the user device, start a delay timer, and determine whether a first delay action associated with the user device is detected prior to expiration of the delay timer. When the first delay action is detected prior to the expiration of the delay timer, the alarm processing device can alter the delay timer consistent with a next delay action associated with the user device and, when the delay timer expires, transmit the alarm signal to the central monitoring station.
    Type: Grant
    Filed: July 2, 2019
    Date of Patent: July 28, 2020
    Assignee: ADEMCO INC.
    Inventors: James Kern, Christopher Coleman, Philip Ferro
  • Patent number: 10728254
    Abstract: A management system, a communication system, and a management method. The management system and the management method include receiving a request to associate identification information of a first user with identification information of a first client application that the first user is authorized to use, and identification information of a second user who has been authenticated and has been authorized to use a second client application, determining whether the identification information of the second user matches certain information that corresponds to the first client application, and associating the identification information of the first user with the identification information of the first client application when the determining determines that the identification information of the second user matches the certain information that corresponds to the first client application.
    Type: Grant
    Filed: June 13, 2017
    Date of Patent: July 28, 2020
    Assignee: Ricoh Company, Ltd.
    Inventors: Mayu Hakata, Takeshi Horiuchi
  • Patent number: 10728128
    Abstract: The present disclosure relates to a sensor network, machine type communication (MTC), machine-to-machine (M2M) communication, and technology for internet of things (IoT). The present disclosure may be applied to intelligent services based on the above technologies, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. A method for detecting a counterfeit advertiser by a server includes detecting a random delay time or a cumulative interval for a reference device based on a time stamp for an advertisement packet received from the reference device, and detecting a random delay time or a cumulative interval for a receiving device other than the reference device based on a time stamp for an advertisement packet received from the receiving device.
    Type: Grant
    Filed: June 20, 2019
    Date of Patent: July 28, 2020
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Dae-Kyu Choi, Sin-Seok Seo, Ki-Seok Lee, Do-Hy Hong
  • Patent number: 10726125
    Abstract: Techniques for malware detection using clustering with malware source information are disclosed. In some embodiments, malware detection using clustering with malware source information includes generating a first cluster of source information associated with a first malware sample, in which the first malware sample was determined to be malware, and the first malware sample was determined to be downloaded from a first source; and determining that a second source is associated with malware based on the first cluster.
    Type: Grant
    Filed: November 5, 2018
    Date of Patent: July 28, 2020
    Assignee: Palo Alto Networks, Inc.
    Inventors: Yanxin Zhang, Xinran Wang, Huagang Xie, Wei Xu
  • Patent number: 10728276
    Abstract: Provided is predictive modeling for anti-malware solutions. The predictive modeling includes an identification manager component that generates profile data for a hostile source. The hostile source is identified based on a previous threat attributed to the hostile source. The predictive modeling also includes an evaluation component that determines a characteristic of an interaction between a source and an endpoint. Further, the predictive modeling includes a validation component that compares the characteristic of the interaction with the profile data and controls access to the source by the endpoint based on the comparison. In addition, anti-malware software is not deployed on the endpoint.
    Type: Grant
    Filed: February 28, 2018
    Date of Patent: July 28, 2020
    Assignee: Wells Fargo Bank, N.A.
    Inventors: Ryan B. Benskin, Lawrence T. Belton, Jr., Christopher Houser, Peter A. Makohon, Timothy Morris, Omar Bracey
  • Patent number: 10728282
    Abstract: Input signals may be received from monitoring nodes of the industrial asset, each input signal comprising time series data representing current operation. A neutralization engine may transform the input signals into feature vectors in feature space, each feature vector being associated with one of a plurality of overlapping batches of received input signals. A dynamic decision boundary may be generated based on the set of feature vectors, and an abnormal state of the asset may be detected based on the set of feature vectors and a predetermined static decision boundary. An estimated neutralized value for each abnormal feature value may be calculated based on the dynamic decision boundary and the static decision boundary such that a future set of feature vectors will be moved with respect to the static decision boundary. An inverse transform of each estimated neutralized value may be performed to generate neutralized signals comprising time series data that are output.
    Type: Grant
    Filed: May 23, 2018
    Date of Patent: July 28, 2020
    Assignee: General Electric Company
    Inventors: Lalit Keshav Mestha, Olugbenga Anubi, Hema Achanta
  • Patent number: 10728269
    Abstract: A security agent conditionally hooks a process for malware monitoring based on a persistent hook state for the process that may be stored, for example, in a process cache. When a process launches in a backoff state indicating that the process previously crashed after hooking, the security agent may further conditionally hook the process based on a reputation of the process or any other relevant contextual information.
    Type: Grant
    Filed: May 3, 2018
    Date of Patent: July 28, 2020
    Assignee: Sophos Limited
    Inventors: Neil Robert Tyndale Watkiss, Mark D. Harris
  • Patent number: 10726142
    Abstract: An intermediary data handler is used in a Secured Data Storage Subsystem (SDSS), to provide a host electrical computer system with security of certain data stored in memory of the computer system's static data storage device. The intermediary data handler is functionally disposed between the operating system (OS) and data storage device of the host computer. The data handler has Processor, Memory, and User Interface circuits, and resident software adapted to generate mocked-up response data in reply to an unauthorized read/write communication from the OS, the mock data response being automatically formatted to have a content and data-structure format acceptable by the host OS, while isolating and controlling the original communication from the OS. The SDSS includes host software adapted to integrate operation and function of the intermediary data handler with the host computer system to accomplish the security of data stored on the storage device.
    Type: Grant
    Filed: July 5, 2016
    Date of Patent: July 28, 2020
    Inventor: Scott R. Copeland
  • Patent number: 10728280
    Abstract: In one embodiment, a device in a network receives an attack mitigation request regarding traffic in the network. The device causes an assessment of the traffic, in response to the attack mitigation request. The device determines that an attack detector associated with the attack mitigation request incorrectly assessed the traffic, based on the assessment of the traffic. The device causes an update to an attack detection model of the attack detector, in response to determining that the attack detector incorrectly assessed the traffic.
    Type: Grant
    Filed: August 24, 2016
    Date of Patent: July 28, 2020
    Assignee: Cisco Technology, Inc.
    Inventors: K. Tirumaleswar Reddy, Daniel G. Wing, Blake Harrell Anderson, David McGrew
  • Patent number: 10719375
    Abstract: A system includes a non-transitory memory and a hardware processors configured to perform operations including receiving a plurality of events from one or more network monitoring systems, wherein each event includes a message output by a network monitoring system communicating a status of a network resource connected to a network, clustering similar events into one or more event clusters, extracting an event template for each event cluster, extracting a regular expression (regex) for each event cluster, grouping the events into one or more groups of events having the same or similar extracted regexes, and outputting the one or more groups of events.
    Type: Grant
    Filed: March 13, 2018
    Date of Patent: July 21, 2020
    Assignee: ServiceNow, Inc.
    Inventors: Stephen Tucker, Qingbin Li
  • Patent number: 10721243
    Abstract: Implementations of the present disclosure involve a system and/or method for identifying and mitigating malicious network threats. Network data associated is retrieved from various sources across a network and analyzed to identify a malicious network threat. When a threat is found, the system performs a mitigating action to neutralize the malicious network threat.
    Type: Grant
    Filed: November 13, 2018
    Date of Patent: July 21, 2020
    Assignee: Level 3 Communications, LLC
    Inventors: Brad Bernay Doctor, Skyler Jameson Bingham, Keshava Berg, John Sherwood Reynolds, II, Justin George Mohr
  • Patent number: 10721245
    Abstract: The present invention relates to a method and a device for automatically verifying a security event. The method for automatically verifying a security event, according to one embodiment of the present invention, comprises the steps of: receiving a security event and information related to the security event; extracting a feature of the security event; classifying the security event; and verifying the security event.
    Type: Grant
    Filed: February 15, 2016
    Date of Patent: July 21, 2020
    Assignee: KOREA INSTITUTE OF SCIENCE AND TECHNOLOGY INFORMATION
    Inventors: Jungsuk Song, Jangwon Choi, Sangsoo Choi, Heeseok Kim, Jiyeon Choi, Younsu Lee
  • Patent number: 10721250
    Abstract: The present disclosure relates to systems, methods, and non-transitory computer readable storage medium for detecting a tunnel routing loop attack on a computer network. A method of the presently claimed invention receives a packet of data over an automatic tunnel. When the received packet includes an Internet protocol version 6 (IPv6) packet headers in the received packet may be extracted from the received packet. When an extracted header is a tunnel routing loop attack (TRLA) header, address information included in the TRLA header may be matched to a destination address that the IPv6 packet is about to be tunneled through. When the address information included in the TRLA header matches the destination address that the IPv6 packet is about to be tunneled through the IPv6 packet is dropped because the match indicates that that a loop is about to be formed.
    Type: Grant
    Filed: April 23, 2018
    Date of Patent: July 21, 2020
    Assignee: SONICWALL INC.
    Inventors: Hui Ling, Zhong Chen
  • Patent number: 10712982
    Abstract: An image forming apparatus having a verification function of verifying a predetermined program includes a controller configured to execute the verified predetermined program, a predetermined unit, and a power supply configured to supply power to the controller and the predetermined unit, wherein the power supply is configured to start supplying power to the predetermined unit before the verifying of the predetermined program is completed, and if the predetermined program is confirmed not to be authentic by the verifying, stop supplying power to the predetermined unit.
    Type: Grant
    Filed: March 26, 2019
    Date of Patent: July 14, 2020
    Assignee: Canon Kabushiki Kaisha
    Inventor: Yuichi Konosu
  • Patent number: 10715545
    Abstract: Malicious activity data is obtained, that is indicative of attempted attacks on a computing system. Clusters of targets are identified and it is determined whether the malicious activity preferentially targets one cluster of targets over other. Also, low prevalence attacks are identified and it is determined whether a low prevalence attack has a high concentration in one or more of the target clusters. If the malicious activity either preferentially targets a cluster, or a low prevalence attack has a high concentration in a cluster, then the attack is identified as a targeted attack, so that remediation steps can be taken.
    Type: Grant
    Filed: January 19, 2018
    Date of Patent: July 14, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Philip K. Newman, Puhazholi Vetrivel, Sudhakar Narayanamurthy, Ejike E. Ofuonye, Suresh C. Palani, Ashish Mishra
  • Patent number: 10715540
    Abstract: There are provided measures for protection from malicious and/or harmful content in cloud-based service scenarios. Such measures exemplarily include detecting a transmission attempt of a file between a service cloud entity and a remote accessing entity, identifying said file, selecting between a synchronous file scanning and an asynchronous file scanning for said file based on at least one of: a file size, a file type, an extension type and predetermined security policies, and receiving security threat scan result for said file and storing said security threat scan result for said file in the scan result memory.
    Type: Grant
    Filed: June 27, 2018
    Date of Patent: July 14, 2020
    Assignee: F-Secure Corporation
    Inventor: Dmitriy Viktorov
  • Patent number: 10713718
    Abstract: Various embodiments comprise systems, methods, and computer-readable media for configuring and trading binary options. A first index may be configured, e.g., based on a portfolio configured by a user. One or more second indices may be determined. A binary option may pay out if the first index outperforms the one or more second indices, e.g., over a period of time. The binary option may be traded in the primary and secondary markets.
    Type: Grant
    Filed: May 19, 2016
    Date of Patent: July 14, 2020
    Assignee: CFPH, LLC
    Inventors: Rich Jaycobs, Thomas D. Bradshaw, Jason Poulos
  • Patent number: 10715501
    Abstract: An example includes a computing device including a controller configured to communicably couple the computing device to a peripheral computing device. The controller includes an encryption unit configured to encrypt input data received from the peripheral computing device before sending the input data to an application running on the computing device, and a decryption unit configured to decrypt output data received from the application before sending the output data to the peripheral computing device. The computing device also includes a memory device including a data structure that directs the flow of the data between the peripheral computing device and the application. The data structure includes an encryption enable field and an encryption key field for controlling the encryption and decryption units of the controller.
    Type: Grant
    Filed: October 26, 2016
    Date of Patent: July 14, 2020
    Assignee: Intel Corporation
    Inventors: Rafal Wielicki, Jaroslaw Stelter, Tomer Rider
  • Patent number: 10715550
    Abstract: Target application information for validation is received at a network device from user equipment. The received target application information is validated. Risk information associated with the validated target application information is determined. Based on the determined risk information, prompt information is returned to the user equipment.
    Type: Grant
    Filed: May 4, 2018
    Date of Patent: July 14, 2020
    Assignee: Alibaba Group Holding Limited
    Inventors: Lizhong Li, Yanan Zhang
  • Patent number: 10706180
    Abstract: A performance monitoring unit in a processor is programmed to issue an interrupt when a context switch occurs within an operating system if the currently executing thread belongs to a process that is subject to the malware prevention mechanism of the present invention. The interrupt enables a module that identifies mispredictions by the branch prediction unit of the processor and analyzes the address of the branch that was not predicted correctly. If the address of the branch is not contained on an existing whitelist of permissible branch addresses, and alert is generated and/or a protective action is taken. Such protective actions may include thread suspension, thread termination, process suspension, or process termination.
    Type: Grant
    Filed: July 7, 2017
    Date of Patent: July 7, 2020
    Assignee: Endgame, Inc.
    Inventor: Gabriel Landau
  • Patent number: 10708281
    Abstract: A method of detecting bots, preferably in an operating environment supported by a content delivery network (CDN) that comprises a shared infrastructure of distributed edge servers from which CDN customer content is delivered to requesting end users (clients). The method begins as clients interact with the edge servers. As such interactions occur, transaction data is collected. The transaction data is mined against a set of “primitive” or “compound” features sets to generate a database of information. In particular, preferably the database comprises one or more data structures, wherein a given data structure associates a feature value with its relative percentage occurrence across the collected transaction data. Thereafter, and upon receipt of a new transaction request, primitive or compound feature set data derived from the new transaction request are compared against the database. Based on the comparison, an end user client associated with the new transaction request is then characterized, e.g.
    Type: Grant
    Filed: September 24, 2018
    Date of Patent: July 7, 2020
    Assignee: Akamai Technologies, Inc.
    Inventors: Venkata Sai Kishore Modalavalasa, Sreenath Kurupati, Tu Vuong
  • Patent number: 10705855
    Abstract: Systems, method, and non-transitory computer readable storage medium are provided for configuring an information computing machine during execution of a kernel image. The system can create a file system from a base file system image in system memory of the computing system, apply configuration files from a bundle image to the file system in memory, copy files from a persistent file system stored in the storage resource to memory, validate the files from the persistent file system, and apply validated files to the file system in memory. The base file system image and bundle image can be verified by comparing a signed hash of the image with a hash generated by the initial file system and checking the hash signature against a public certificate included in the initial filesystem. The system can further execute /sbin/init and start application services.
    Type: Grant
    Filed: November 29, 2017
    Date of Patent: July 7, 2020
    Assignee: FORCEPOINT LLC
    Inventors: Mickey J. Malone, II, Jacob Minnis
  • Patent number: 10708296
    Abstract: A threat detection system for detecting malware can automatically decide, without manual expert-level interaction, the best set of features on which to train a classifier, which can result in the automatic creation of a signature-less malware detection engine. The system can use a combination of execution graphs, anomaly detection and automatic feature pruning. Execution graphs can provide a much richer structure of runtime execution behavior than conventional flat execution trace files, allowing the capture of interdependencies while preserving attribution (e.g., D happened because of A followed by B followed by C). Performing anomaly detection on this runtime execution behavior can provide higher order knowledge as to what behaviors are anomalous or not among the sample files. During training the system can automatically prune the features on which a classifier is trained based on this higher order knowledge without any manual intervention until a desired level of accuracy is achieved.
    Type: Grant
    Filed: March 16, 2015
    Date of Patent: July 7, 2020
    Assignee: Threattrack Security, Inc.
    Inventors: Paul Apostolescu, Melvin Antony, Aboubacar Toure, Jeff Markey, Prathap Adusumilli
  • Patent number: 10706149
    Abstract: A malicious content detection (MCD) system and a computerized method for manipulating time uses two or more time controllers operating within the MCD system in order to capture the behavior of delayed activation malware (time bombs). Each time controller may include a monitoring agent located in a software layer of a computer runtime environment configured to intercept software calls (e.g., API calls or system calls) and/or other time checks that seek to obtain a “current time,” and time-dilation action logic located in a different layer (e.g., a hypervisor layer) configured to respond to the software calls by providing a “false” current time that indicates considerably more time has transpired than the real clock. Additionally, a primary controller may be used in some embodiments to configure and manage, the time controllers.
    Type: Grant
    Filed: June 29, 2016
    Date of Patent: July 7, 2020
    Assignee: FireEye, Inc.
    Inventor: Michael Vincent
  • Patent number: 10708064
    Abstract: To shorten a processing time at boot time without lowering a security level, an acquiring unit acquires a public key, a signature generated with a secret key corresponding to the public key, and a program associated with the signature. A signature verification unit performs signature verification by using the public key and the signature acquired by the acquiring unit, before the program acquired by the acquiring unit is booted. A calculation unit calculates a first MAC value by using a device eigenvalue and stores the first MAC value, when the result of signature verification by the signature verification unit is appropriate. A boot unit calculates a second MAC value by using the device eigenvalue, compares the second MAC value and the stored first MAC value with each other to determine that the program is legitimate, and executes boot based on the determination result.
    Type: Grant
    Filed: February 27, 2018
    Date of Patent: July 7, 2020
    Assignee: RENESAS ELECTRONICS CORPORATION
    Inventors: Seishiro Nagano, Shigenori Miyauchi
  • Patent number: 10700919
    Abstract: Methods and system are provided for decomposing events from managed infrastructures. The system decomposes events from a managed infrastructure and includes a first engine that receives data from a managed infrastructure which includes managed infrastructure physical hardware. The infrastructure physical hardware supports the flow and processing of information. A second engine determines common characteristics of events and produces clusters of events relating to the failure of errors in the managed infrastructure. Membership in a cluster indicates a common factor of the events that is a failure or an actionable problem in the physical hardware managed infrastructure directed to support the flow and processing of information. Events are produced that relate to the managed infrastructure. The events are converted into words and subsets used to group the events that relate to failures or errors in the managed infrastructure, including the managed infrastructure physical hardware.
    Type: Grant
    Filed: September 24, 2018
    Date of Patent: June 30, 2020
    Assignee: Moogsoft Inc.
    Inventor: Philip Tee
  • Patent number: 10701099
    Abstract: An improved information tracking procedure is provided. A precise information tracking procedure is performed for a sensitive value when an application is predicted to modify the sensitive value prior to the sensitive value reaching a data sink. The sensitive value comprises an attribute that may be linked to external knowledge to reveal sensitive information about an individual. In response to the application not being predicted to modify the sensitive value prior to the sensitive value reaching the data sink, a value-based information tracking procedure is performed. The value-based information tracking procedure comprises storing one or more values that are observed at a data source, and then determining whether or not each of these one or more values are observed at the data sink.
    Type: Grant
    Filed: September 28, 2016
    Date of Patent: June 30, 2020
    Assignee: International Business Machines Corporation
    Inventors: Pietro Ferrara, Marco Pistoia, Omer Tripp, Petar I. Tsankov
  • Patent number: 10699246
    Abstract: A system and method are disclosed for maintaining a whitelist, including: obtaining message data based on an email message sent by a user; extracting recipient information from message data; updating the whitelist using the recipient information.
    Type: Grant
    Filed: January 22, 2018
    Date of Patent: June 30, 2020
    Assignee: SONICWALL INC.
    Inventors: Paul R. Wieneke, Scott D. Eikenberry, Tim Nufire, David A. Koblas, Brian K. Wilson
  • Patent number: 10699008
    Abstract: Threat model chaining methods include providing one or more databases including a threat model components, threats, each threat associated with at least one of the threat model components, and compensating controls, each compensating control associate with one of the threats, providing a diagram interface configured to display a relational diagram defining a first threat model, and configuring the diagram interface to add a component group to the first threat model include in it a second threat model. Attack simulation methods include providing the one or more databases and diagram interface and configuring the diagram interface to visually display attack paths of threats associated with diagrammed threat model components which compromise a selected threat model component.
    Type: Grant
    Filed: December 20, 2018
    Date of Patent: June 30, 2020
    Assignee: ThreatModeler Software Inc.
    Inventor: Anurag Agarwal
  • Patent number: 10691791
    Abstract: Provided are methods and systems for unpacking and analyzing malware for purposes of identification and investigation. A malicious executable or an application containing malicious code is executed in sandboxed memory to unpack the executable. The memory is then dumped to disk and one or more post-processing operations are performed to generate a new version of the executable, including identifying an initial entry point of the executable, recreating the relocation table, and recreating the import address table, export table, and other tables of the executable. Various types of analyses, such as static analyses, which could not be performed on the malicious executable, are able to be performed on the new version of the executable.
    Type: Grant
    Filed: June 29, 2017
    Date of Patent: June 23, 2020
    Assignee: PayPal, Inc.
    Inventor: Shlomi Boutnaru
  • Patent number: 10691800
    Abstract: Disclosed are methods and systems for detecting malicious codes in the address space of processes. The described method detects a launching of a process from an executable file executing on a computer, detects access to a address within a memory area in an address space of the trusted process, wherein the memory area is a memory area that lies outside the boundaries of the trusted executable image representing the executable file and is an executable memory area, analyzes memory areas within a vicinity of the address space to determine whether another executable image is located in the memory areas, analyzing the another executable image to determine whether the other executable image contains malicious code, concluding malicious code is contained in the address space of the trusted process when the another executable image contains malicious code and performing one of removing, halting or quaranting the malicious code from the address space.
    Type: Grant
    Filed: March 20, 2018
    Date of Patent: June 23, 2020
    Assignee: AO Kaspersky Lab
    Inventor: Mikhail A. Pavlyushchik
  • Patent number: 10691901
    Abstract: A machine learning system including a continuous embedding output layer is provided. Whereas traditional machine language translation or generation models utilize an output layer that include an single output for each word in the output vocabulary V, the present machine learning system includes a continuous embedding output layer that stores continuous vectors mapped to an m-dimensional vector space, where m is less than V. Accordingly, the present machine learning system processes an input string to produce an output vector and then searches for the continuous vector within the vector space that most closely corresponding to the output vector via, for example, a k-nearest neighbor algorithm. The system then outputs the output string corresponding to the determined continuous vector. The present system can be trained utilizing a cosine-based loss function.
    Type: Grant
    Filed: July 12, 2019
    Date of Patent: June 23, 2020
    Assignee: Carnegie Mellon University
    Inventors: Sachin Kumar, Yulia Tsvetkov
  • Patent number: 10693707
    Abstract: A system is provided for decomposing events from managed infrastructures. A first engine is configured to receive message data from a managed infrastructure that includes managed infrastructure physical hardware that supports the flow and processing of information, the at least one engine is configured to determine common characteristics of events and produce clusters of events relating to the failure of errors in the managed infrastructure. Membership in a cluster indicates a common factor of the events that is a failure or an actionable problem in a physical hardware of the managed infrastructure directed to supporting the flow and processing of information. The first engine is configured to create one or more situations that is a collection of one or more events or alerts representative of the actionable problem in the managed infrastructure. A second engine is configured to determine one or more common steps from events and produces clusters relating to events.
    Type: Grant
    Filed: July 24, 2018
    Date of Patent: June 23, 2020
    Assignee: Moogsoft Inc.
    Inventors: Philip Tee, Robert Duncan Harper
  • Patent number: 10693904
    Abstract: A system and method for disrupting an information security threat that constitutes an attack on a computer asset in a computer network is provided. The provided system and method disrupts this information security threat after the attack on the computer asset has been detected by at least one of the monitoring devices on the affected computer network. An intermediate upstream gateway of the affected computer network is then utilized to disrupt this information security threat. As the detected attack is being disrupted, a mitigation action will be automatically initiated if a mitigation action associated with the attack is stored in the system's database; else information about the attack will be sent to a central command centre for further assessment. At the central command centre, a mitigating action will be further developed and executed to address the intention of the attack.
    Type: Grant
    Filed: March 18, 2015
    Date of Patent: June 23, 2020
    Assignee: CERTIS CISCO SECURITY PTE LTD
    Inventor: Keng Leng Albert Lim
  • Patent number: 10694385
    Abstract: Security techniques for device assisted services are provided. In some embodiments, secure service measurement and/or control execution partition is provided. In some embodiments, implementing a service profile executed at least in part in a secure execution environment of a processor of a communications device for assisting control of the communications device use of a service on a wireless network, in which the service profile includes a plurality of service policy settings, and wherein the service profile is associated with a service plan that provides for access to the service on the wireless network; monitoring use of the service based on the service profile; and verifying the use of the service based on the monitored use of the service.
    Type: Grant
    Filed: July 13, 2018
    Date of Patent: June 23, 2020
    Assignee: Headwater Research LLC
    Inventor: Gregory G. Raleigh
  • Patent number: 10686834
    Abstract: Disclosed are various embodiments for detecting malicious activity through the use of inert input parameters to a web service or web page. A service request is received from a client computing device via a service endpoint. A modification is detected to an expected parameter in the service request. The expected parameter is configured to be inert in effect with respect to the service when the expected parameter has not been modified. One or more actions are initiated in response to the modification.
    Type: Grant
    Filed: February 23, 2017
    Date of Patent: June 16, 2020
    Assignee: Amazon Technologies, Inc.
    Inventors: Daniel Wade Hitchcock, Max Harwell Funderburk, Mathew Persons Jack
  • Patent number: 10686831
    Abstract: In one embodiment, a device in a network receives certificate data for an encrypted traffic flow associated with a client node in the network. The device determines one or more data features from the certificate data. The device determines one or more flow characteristics of the encrypted traffic flow. The device performs a classification of an application executed by the client node and associated with the encrypted traffic flow by using a machine learning-based classifier to assess the one or more data features from the certificate data and the one or more flow characteristics of the traffic flow. The device causes performance of a network action based on a result of the classification of the application.
    Type: Grant
    Filed: November 16, 2016
    Date of Patent: June 16, 2020
    Assignee: Cisco Technology, Inc.
    Inventors: Blake Harrell Anderson, David McGrew, Subharthi Paul, Ivan Nikolaev, Martin Grill