Monitoring Or Scanning Of Software Or Data Including Attack Prevention Patents (Class 726/22)
  • Patent number: 9948665
    Abstract: Various techniques for detecting a persistent cross-site scripting vulnerability are described herein. In one example, a method includes detecting, via the processor, a read operation executed on a resource using an instrumentation mechanism and returning, via the processor, a malicious script in response to the read operation. The method also includes detecting, via the processor, a write operation executed on the resource using the instrumentation mechanism and detecting, via the processor, a script operation executed by the malicious script that results in resource data being sent to an external computing device from a client device. Furthermore, the method includes receiving, via the processor, metadata indicating the execution of the read operation, the write operation, and the script operation.
    Type: Grant
    Filed: June 4, 2015
    Date of Patent: April 17, 2018
    Assignee: International Business Machines Corporation
    Inventors: Emanuel Bronshtein, Roee Hay, Sagi Kedmi
  • Patent number: 9948633
    Abstract: The present disclosure is directed towards systems and methods for validation of a secure socket layer (SSL) certificate of a server for clientless SSL virtual private network (VPN) access. An intermediary device can receive a first request from a client for a clientless SSL VPN connection to a first server. The intermediary device can determine, using a preconfigured policy, that the first server in the first request meets a condition of the preconfigured policy. The intermediary device 801 can perform, responsive to the determination, an action to validate a SSL certificate of the first server using one or more certificate authority (CA) certificate files available to the intermediary device. The one or more CA certificate files can be specified by the preconfigured policy for the action.
    Type: Grant
    Filed: October 28, 2015
    Date of Patent: April 17, 2018
    Assignee: Citrix Systems, Inc.
    Inventors: Jaydeep Khandelwal, Punit Gupta, Arkesh Kumar
  • Patent number: 9946871
    Abstract: Architecture that provides a secure environment in which data (e.g., code, instructions, files, images, etc.) can be opened and run by a client application. Once opened the data can be viewed (in a “protected view”) by the user without incurring risk to other client processing and systems. Accordingly, the architecture mitigates malicious attacks by enabling users to preview untrusted and potentially harmful data (e.g., files) in a low risk manner. Files opened in the protected view are isolated from accessing key resources on the client computer and provides the user a safer way to read files that can contain dangerous content. The protected view also provides a seamless user experience. The user is unaware that the client is operating on data in a different mode and allows for the reduction of security prompts.
    Type: Grant
    Filed: February 23, 2017
    Date of Patent: April 17, 2018
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Vikas Malhotra, Benjamin E. Canning, Daniel B. Jump, David C LeBlanc, Benjamen E. Ross, James Campbell, Brian Carver, Joshua Pollock
  • Patent number: 9948671
    Abstract: A computerized system and method for performing behavioral clustering of malware samples, comprising: executing malware samples in a controlled computer environment for a predetermined time to obtain Hypertext Transfer Protocol. HTTP traffic; clustering the malware samples into at least one cluster based on network behavioral information from the HTTP traffic; and extracting, using the at least one processor, network signatures from the HTTP traffic information for each cluster, the network signatures being indicative of malware infection.
    Type: Grant
    Filed: June 27, 2014
    Date of Patent: April 17, 2018
    Assignee: Damballa, Inc.
    Inventors: Roberto Perdisci, Wenke Lee, Gunter Ollmann
  • Patent number: 9948185
    Abstract: A circuit configured for improving the large signal response of a control stage circuit of a switch mode DC/DC power converter by increasing the differential input range of an error amplifier by segmenting and adding an offset to the error amplifier input and output. When a transient is detected, the feedback voltage is offset in multiple segments by multiple offset voltage sources to prevent saturation of the control stage circuit. Counteracting offset voltages are added to an output of an error amplifier to prevent overshoot or undershoot. A feed-forward compensation signal is generated with the amplitude of the signal being clamped to fixed voltage levels between a minimum and a maximum amplitude of the feed-forward compensation signal. The feed-forward compensation signal is added to the output of the error amplifier to produce an output error signal of the control stage circuit configured for controlling the modulating of the switch mode DC/DC power converter.
    Type: Grant
    Filed: June 10, 2016
    Date of Patent: April 17, 2018
    Assignee: Dialog Semiconductor (UK) Limited
    Inventor: Naoyuki Unno
  • Patent number: 9942249
    Abstract: According to one embodiment, an apparatus is configured to communicate a first plurality of phishing emails to a first plurality of users, each phishing email of the first plurality of phishing emails is of a first type or a second type. The apparatus is configured to determine a first response rate of the first plurality of users to phishing emails of the first type and to determine a second response rate of the first plurality of users to phishing emails of the second type. The apparatus is configured to determine a second plurality of phishing emails comprising phishing emails of the first type and the second type, wherein an aggregate response rate of a second plurality of users to the second plurality of phishing emails is predicted to be closer to a target response rate than one or more of the first response rate and the second response rate.
    Type: Grant
    Filed: July 22, 2015
    Date of Patent: April 10, 2018
    Assignee: Bank of America Corporation
    Inventor: Benjamin L. Gatti
  • Patent number: 9942266
    Abstract: Denial-of-service attacks are prevented or mitigated in a cloud compute environment, such as a multi-tenant, collaborative SaaS system. This is achieved by providing a mechanism by which characterization of “legitimate” behavior is defined for accessor classes, preferably along with actions to be taken in the event an accessor exceeds those limits. A set of accessor “usage profiles” are generated. Typically, a profile comprises information, such as a “request time window,” one or more “constraints,” and one or more “actions.” A request time window defines a time period over which request usage is accumulated and over which constraints are applied. A constraint may be of various types (e.g., number of transactions, defined resource usage limits, etc.) to be applied for the usage monitoring An action defines how the system will respond if a particular constraint is triggered. By applying the constraints to accessor requests, over-utilization of compute resources is enabled.
    Type: Grant
    Filed: August 18, 2015
    Date of Patent: April 10, 2018
    Assignee: International Business Machines Corporation
    Inventors: Russell L. Holden, John Douglas Curtis, Peter Otto Mierswa
  • Patent number: 9940934
    Abstract: An adaptive voice authentication system is provided. The adaptive voice authentication system includes an adaptive module configured to compare a feature quality index of the plurality of authentication features and the plurality of enrollment features and dynamically replace and store one or more enrollment features with one or more authentication features to form a plurality of updated enrollment features. The adaptive module is configured to generate an updated enrollment voice print model from the plurality of the updated enrollment features. The adaptive module is further configured to compare the updated enrollment voice print model with the previously stored enrollment voice print model and dynamically update the previously stored enrollment voice print model with the updated enrollment voice print model based on a model quality index.
    Type: Grant
    Filed: March 9, 2016
    Date of Patent: April 10, 2018
    Assignee: UNIPHONE SOFTWARE SYSTEMS
    Inventor: Umesh Sachdev
  • Patent number: 9940454
    Abstract: A source of side-loaded software is determined. An action may be performed in response to the determination of the source. In one case, the handling of an application on a mobile device may be based on whether the source of the application is trusted or untrusted. If a software application being newly-installed on a mobile device of a user is determined to be untrusted, installation or execution is blocked. In one approach, the determination of the source includes: determining whether a first source identifier of a first application matches a white list of source identifiers or a black list of source identifiers; and sending the first source identifier, a first application identifier, and a signature of authorship for the first application to a different computing device.
    Type: Grant
    Filed: February 8, 2017
    Date of Patent: April 10, 2018
    Assignee: LOOKOUT, INC.
    Inventors: David Richardson, Ahmed Mohamed Farrakha, William Neil Robinson, Brian James Buck
  • Patent number: 9935967
    Abstract: Examples of the present disclosure provide a method and device for detecting a malicious URL, the method includes: a URL detection request is received, contents of a page addressed by a URL in the URL detection request are analyzed, and it is determined that whether the page is a non-text page; when the page is a non-text page, a page image of the page, which is displayed in a browser and addressed by the URL in the URL detection request, is obtained, image detection is performed on the page image, and a page attribute of the URL in the URL detection request is obtained, whether the URL is a malicious URL is determined based on the page attribute of the URL in the URL detection request.
    Type: Grant
    Filed: May 13, 2015
    Date of Patent: April 3, 2018
    Assignee: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED
    Inventor: Sinan Tao
  • Patent number: 9934165
    Abstract: The application discloses an apparatus for monitoring data access to internal memory device and an internal memory device. The internal memory device is coupled to a memory controller via a memory bus. The monitoring apparatus includes a buffer memory module and a security control module. The buffer memory module is configured to couple with the memory bus to receive and store data exchanged via the memory bus and/or a data access command and a destination address associated with the exchanged data. The security control module is configured to process the exchanged data and/or the data access command and the destination address stored in the buffer memory module to identify the existence of security risk in the data access to the internal memory device. The monitoring apparatus will not affect the operation of the internal memory device, and thus is fully compatible with the conventional system architecture.
    Type: Grant
    Filed: December 28, 2015
    Date of Patent: April 3, 2018
    Assignee: MONTAGE TECHNOLOGY (SHANGHAI) CO., LTD.
    Inventor: Gang Shan
  • Patent number: 9934384
    Abstract: Disclosed are various embodiments for assessing risk associated with a software application on a user computing device in an enterprise networked environment. An application rating is generated for the software application based at least in part on application characteristics. A risk analysis for the installation of the application is generated based at least in part on the application rating, the user computing device, and user information.
    Type: Grant
    Filed: December 23, 2014
    Date of Patent: April 3, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Jesper M. Johansson, Kenneth L. Hamer, Beau J. Hunter, Jeffrey Joseph Busch
  • Patent number: 9934378
    Abstract: The disclosed computer-implemented method for filtering log files may include (1) identifying, on the endpoint computing device, log files that recorded events performed by processes executing on the endpoint computing device, (2) prior to sending the log files from the endpoint computing device to a security server for analysis, filtering, based on an analysis of the events recorded by the log files, the log files by excluding log files that recorded non-suspicious events, and (3) forwarding the filtered log files from the endpoint computing device to the security server for analysis. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: April 21, 2015
    Date of Patent: April 3, 2018
    Assignee: Symantec Corporation
    Inventors: Nobuto Hotta, Nathan Brogan, Patrick Coyne
  • Patent number: 9936514
    Abstract: In a wireless communication system, a secure communication link is provided by selecting a decoy data signal vector for transmission, generating a MIMO precoding matrix from a message to be sent; and multiplying the decoy data signal vector by the MIMO precoding matrix to construct a precoded signal vector. The MIMO precoding matrix produces information-bearing synthesized channel distortions in the transmitted signal. An undistorted version of the decoy data may be transmitted to an intended receiver. The receiver distinguishes between the synthesized information-bearing channel distortions and natural channel distortions to decrypt the information, while an eavesdropper would find it difficult to distinguish between natural and synthesized channel distortions in the signals it receives.
    Type: Grant
    Filed: November 10, 2015
    Date of Patent: April 3, 2018
    Assignee: Department 13, LLC
    Inventors: Steve J Shattil, Robi Sen
  • Patent number: 9928363
    Abstract: Determining, by a machine learning model in an isolated operating environment, whether a file is safe for processing by a primary operating environment. The file is provided, when the determining indicates the file is safe for processing, to the primary operating environment for processing by the primary operating environment. When the determining indicates the file is unsafe for processing, the file is prevented from being processed by the primary operating environment. The isolated operating environment can be maintained on an isolated computing system remote from a primary computing system maintaining the primary operating system. The isolating computing system and the primary operating system can communicate over a cloud network.
    Type: Grant
    Filed: August 30, 2016
    Date of Patent: March 27, 2018
    Assignee: Cylance Inc.
    Inventors: Ryan Permeh, Derek A. Soeder, Matthew Wolff, Ming Jin, Xuan Zhao
  • Patent number: 9930061
    Abstract: A method for cyber attack risk assessment is disclosed. The method uses at least one hardware processor for: continuously collecting, from a networked resource, cyber attack data having multiple attack methods directed at multiple objectives. The method also collects organizational profile data, having: assets, each relevant to at least one of the objectives, and defensive controls, each configured to protect at least one of the assets by resisting one or more of the attack methods. The method continuously computes: an enterprise risk score, and an asset risk score for each of the assets. Each asset risk score is computed with respect to: the attack methods directed at the objectives relevant to the asset, the defensive controls provided to protect the asset, and a maturity score representing the capability of the defensive controls to protect the asset. The method also continuously displays a dynamic rendition of the risk scores.
    Type: Grant
    Filed: August 22, 2016
    Date of Patent: March 27, 2018
    Assignee: Cytegic Ltd.
    Inventor: Shay Zandani
  • Patent number: 9930024
    Abstract: Techniques for detecting security flaws are described herein. An example system includes a processor to perform a login attempt into a website to be tested using a first social login account and a first verification to determine whether the first social login account is logged in. The processor can monitor a database associated with the website for queries. The processor can perform a second login attempt into the website using a second social login account and a second verification to determine whether the second social login account is logged in. The processor can perform a third login attempt using a third social login account. The processor can detect a second set of features based on the queries during the third login attempt. The processor can detect a social login security flaw based on the first and second verification, and the first and second set of detected features.
    Type: Grant
    Filed: November 2, 2015
    Date of Patent: March 27, 2018
    Assignee: International Business Machines Corporation
    Inventors: Roee Hay, Or Peles
  • Patent number: 9923925
    Abstract: Systems and techniques for sharing security data are described herein. Security rules and/or attack data may be automatically shared, investigated, enabled, and/or used by entities. A security rule may be enabled on different entities comprising different computing systems to combat similar security threats and/or attacks. Security rules and/or attack data may be modified to redact sensitive information and/or configured through access controls for sharing.
    Type: Grant
    Filed: April 10, 2015
    Date of Patent: March 20, 2018
    Assignee: Palantir Technologies Inc.
    Inventors: Jacob Albertson, Melody Hildebrandt, Harkirat Singh, Shyam Sankar, Rick Ducott, Peter Maag, Marissa Kimball
  • Patent number: 9923961
    Abstract: There are provided measures for enabling/realizing an integrity check of a DNS server setting, thereby enabling/realizing detection of DNS hacking or hijacking. Such measures could exemplarily include triggering a DNS resolution operation by a service device configured to provide a service using the DNS server setting, wherein the DNS server setting is used for DNS resolution or DNS forwarding in service provisioning, acquiring the IP address of a DNS server device, which is configured to perform DNS resolution in service provisioning, by reading the IP address of the DNS server device included in a DNS message as part of the triggered DNS resolution operation by the service device, and processing the acquired IP address of the DNS server device for evaluating integrity of the DNS server setting used in service provisioning.
    Type: Grant
    Filed: November 18, 2015
    Date of Patent: March 20, 2018
    Assignee: F-Secure Corporation
    Inventor: Daavid Hentunen
  • Patent number: 9922193
    Abstract: A security device may receive actual behavior information associated with an object. The actual behavior information may identify a first set of behaviors associated with executing the object in a live environment. The security device may determine test behavior information associated with the object. The test behavior information may identify a second set of behaviors associated with testing the object in a test environment. The security device may compare the first set of behaviors and the second set of behaviors to determine a difference between the first set of behaviors and the second set of behaviors. The security device may identify whether the object is an evasive malicious object based on the difference between the first set of behaviors and the second set of behaviors. The security device may provide an indication of whether the object is an evasive malicious object.
    Type: Grant
    Filed: March 10, 2017
    Date of Patent: March 20, 2018
    Assignee: Juniper Networks, Inc.
    Inventors: Kyle Adams, Daniel J. Quinlan
  • Patent number: 9917852
    Abstract: Techniques for Domain Generation Algorithm (DGA) behavior detection are provided. In some embodiments, a system, process, and/or computer program product for DGA behavior detection includes receiving passive Domain Name System (DNS) data that comprises a plurality of DNS responses at a security device; and applying a signature to the passive DNS data to detect DGA behavior, in which applying the signature to the passive DNS data to detect DGA behavior further comprises: parsing each of the plurality of DNS responses to determine whether one or more of the plurality of DNS responses correspond to a non-existent domain (NXDOMAIN) response.
    Type: Grant
    Filed: June 29, 2015
    Date of Patent: March 13, 2018
    Assignee: Palo Alto Networks, Inc.
    Inventors: Wei Xu, Xin Ouyang
  • Patent number: 9916448
    Abstract: Software development kit (SDK) class tree structures of malicious SDKs are created, with each node of the SDK class tree structures representing a class of a corresponding malicious SDK. An app class tree structure of a mobile app is also created, with each node of the app class tree structure representing a class of the mobile app. To determine if the mobile app has been created (e.g., repackaged or originally created) using at least one of the malicious SDKs, the app class tree structure is compared against the SDK class tree structures to find an SDK class tree structure that matches the app class tree structure. For confirmation, the similarity of classes of the app class tree structure relative to classes of the SDK class tree structure can be determined.
    Type: Grant
    Filed: January 21, 2016
    Date of Patent: March 13, 2018
    Assignee: Trend Micro Incorporated
    Inventors: Zhibo Zhang, Liang Sun, Longping Wu
  • Patent number: 9915540
    Abstract: Aspects of the present invention disclose a method, computer program product, and system for generating routing information. The method includes one or more processors acquiring a current location for each of a plurality of mobile computing devices. The method further includes one or more processors identifying a range that corresponds to each of the plurality of mobile computing devices. The method further includes one or more processors determining a target location at which at least two of the plurality of mobile computing devices can be in proximity. The determined target location is based on the acquired current location of each of the plurality of mobile computing devices and the identified ranges that correspond to each of the plurality of mobile computing devices. The method further includes one or more processors generating routing information corresponding to the at least two of the mobile computing devices and the determined target location.
    Type: Grant
    Filed: August 6, 2015
    Date of Patent: March 13, 2018
    Assignee: International Business Machines Corporation
    Inventors: Anna Bridgen, Christopher J. Poole, Stephen J. Upton, Mark A. Woolley
  • Patent number: 9917821
    Abstract: An example method of establishing an authenticated session between two communicating devices includes establishing, by a first processor of a first device, a secure connection with a second device over the network using a communications protocol; receiving, by the first processor, an identity authentication request from the second device; passing, by the first processor, the identity authentication request to a second processor located on an authentication chip of the first device; generating, by the second processor using one or more authentication code functions stored on the authentication chip, one or more authentication codes using a unique serial number of the first device and an authentication key, both stored on the authentication chip; providing, by the second processor, the one or more generated authentication codes to the first processor; and sending, by the first processor, a response to the second device that includes the one or more generated authentication codes.
    Type: Grant
    Filed: December 29, 2015
    Date of Patent: March 13, 2018
    Assignee: ITRON, INC.
    Inventors: Matthew Keith Gillmore, James Marcus Otting
  • Patent number: 9911128
    Abstract: Systems and methods for determining and sending a preferred of two electronic mail communications or messages (‘emails’) to a group to increase likelihood of its review. Information for conducting a test between two emails, referred to as A email and B email, is collected. The information may identify a particular group, and segments A and B of the group. The information may provide content for the emails and include differentiation information between the emails. Determination information on how to select one of the emails as the preferred email and when to select the preferred email may be collected. The information is used to send the A email to the segment A, to send the B email to the segment B, to determine the preferred email between the A email and the B email, and to send the preferred email to at least a portion of the particular group.
    Type: Grant
    Filed: October 31, 2008
    Date of Patent: March 6, 2018
    Assignee: The Rocket Science Group LLC
    Inventors: Ben Chestnut, Mark Armstrong, Chadwick Morris
  • Patent number: 9912638
    Abstract: Systems and methods of integrating log data from a cloud system with an internal management system are described, wherein the cloud system is located externally from a secure network which contains the internal management system. The systems and methods include receiving log data from a cloud system through a secure connection between the secure network and the cloud system; buffering the received log data; filtering the buffered, received log data; and transmitting the filtered, buffered, received log data to the internal management system in a format associated with the internal management system.
    Type: Grant
    Filed: January 15, 2015
    Date of Patent: March 6, 2018
    Assignee: Zscaler, Inc.
    Inventors: Kailash Kailash, Chakkaravarthy Periyasamy Balaiah, Sushil Pangeni, Amit Sinha, Samuel John Crank, Manoj Apte, Sridhar Narasimhan
  • Patent number: 9912690
    Abstract: A system and method in accordance with example embodiments may include systems and methods for generating and transforming data presentation. The method may include receiving, using a processor, a request for a web page, and submitting, by the processor, the request to a computer server system. The request can include a user identification and a user password. The method may further include receiving, from the computer server system, data corresponding to the requested web page. Further, the method includes storing, in a memory, the received data, and causing the received data to be shown on a display associated with the user device.
    Type: Grant
    Filed: April 8, 2015
    Date of Patent: March 6, 2018
    Assignee: CAPITAL ONE FINANCIAL CORPORATION
    Inventor: Christopher Marshall
  • Patent number: 9912694
    Abstract: Dashboards for displaying threat insight information are provided herein, as well as systems and methods for generating the same. According to some embodiments, methods for providing a threat dashboard may include locating metrics regarding a malicious attack against a targeted resource, where the metrics indicate instances where users were exposed to the malicious attack or instances where a cloud-based threat detection system prevented the user from being exposed to the malicious attack. The method may also include rendering a threat dashboard for a web browser application of a client device, where the threat dashboard includes the located metrics.
    Type: Grant
    Filed: January 27, 2017
    Date of Patent: March 6, 2018
    Assignee: Proofpoint, Inc.
    Inventors: David Eric Hagar, Steve Eddy
  • Patent number: 9910988
    Abstract: Techniques for malware detection are described. Herein, a system, which detects malware in a received specimen, comprises a processor and a memory. Communicatively coupled to the processor, the memory comprises a controller that controls analysis of the specimen for malware in accordance with an analysis plan. The memory further comprises (a) a static analysis module that performs at least a first static analysis to identify a suspicious indicator of malware and at least partially determine that the specimen includes a packed object; (b) an emulation analysis module that emulates operations associated with processing of the specimen by a software application or library, including unpacking an object of the specimen when the specimen is determined by the static analysis module to include the packed object, and monitors one or more behaviors of the specimen during the emulated operations; and a classifier that determines whether the specimen should be classified as malicious.
    Type: Grant
    Filed: October 23, 2015
    Date of Patent: March 6, 2018
    Assignee: FireEye, Inc.
    Inventors: Michael Vincent, Ali Mesdaq, Emmanuel Thioux, Abhishek Singh, Sal Vashisht
  • Patent number: 9904786
    Abstract: Identifying stored security vulnerabilities in computer software applications by providing via a first interface of a computer software application during execution of the computer software application, test data having a characteristic of a malicious payload, where an interaction performed with the first interface resulted in data being written to a location within a persistent data store, and where an interaction performed with a second interface of the computer software application resulted in data being read from the location within the persistent data store, and identifying a stored security vulnerability associated with the computer software application if the test data are written to the persistent data store at the location.
    Type: Grant
    Filed: January 17, 2013
    Date of Patent: February 27, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Omer Tripp, Omri Weisman
  • Patent number: 9906519
    Abstract: Provided is contextual and time sensitive out of band transactional signing. The transactional signing includes providing a token code in response to a request to initiate a transaction within a secure network. The request is received over a first channel and the token code is provided over a second channel. The first channel and the second channel are different channels. The transactional signing also includes evaluating a received context, wherein the context is appended to the token code. In addition, the transactional signing includes selectively allowing the transaction based on the context appended to the token code.
    Type: Grant
    Filed: April 28, 2015
    Date of Patent: February 27, 2018
    Assignee: Wells Fargo Bank, N.A.
    Inventor: Sridhar Kotamraju
  • Patent number: 9904792
    Abstract: A method for protecting a computer includes identifying potential NOP-sled target addresses in a heap within the memory of the computer. Using a security program module running on the computer, blocks of the memory containing the identified target addresses are preallocated so as to prevent exploitation of the identified target addresses by a heap-spray attack.
    Type: Grant
    Filed: September 25, 2013
    Date of Patent: February 27, 2018
    Assignee: PALO ALTO NETWORKS, INC
    Inventors: Gal Badishi, Netanel Davidi
  • Patent number: 9904787
    Abstract: Identifying stored security vulnerabilities in computer software applications by providing via a first interface of a computer software application during execution of the computer software application, test data having a characteristic of a malicious payload, where an interaction performed with the first interface resulted in data being written to a location within a persistent data store, and where an interaction performed with a second interface of the computer software application resulted in data being read from the location within the persistent data store, and identifying a stored security vulnerability associated with the computer software application if the test data are written to the persistent data store at the location.
    Type: Grant
    Filed: October 30, 2013
    Date of Patent: February 27, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Omer Tripp, Omri Weisman
  • Patent number: 9898615
    Abstract: A processor-based method to defeat file and process hiding techniques in a computing device is provided. The method includes generating one of a path permutation, a symlink, or an address, for a path to open or obtain status of a tool or function in a library in a mobile computing device and making an open or status call for the tool or function, using the one of the path permutation, symlink or address. The method includes avoiding a pattern match and blocking, by an injected library, of the open or status call, the avoiding being a result of making the open or status call using the path permutation, symlink or address.
    Type: Grant
    Filed: August 20, 2015
    Date of Patent: February 20, 2018
    Assignee: SYMANTEC CORPORATION
    Inventors: Nathan Evans, Azzedine Benameur, Yun Shen
  • Patent number: 9894097
    Abstract: A method and device for identifying an abnormal application are provided. The method includes executing abnormal applications, obtaining dynamic behavior information of the abnormal applications, inputting the dynamic behavior information of the abnormal applications into a preset detection network, obtaining a behavior rule of the dynamic behavior information via the detection network, and identifying a detected application according to the behavior rule to determine whether the detected application is an abnormal application.
    Type: Grant
    Filed: April 30, 2015
    Date of Patent: February 13, 2018
    Assignee: Tencent Technology (Shenzhen) Company Limited
    Inventor: Wenfeng Yu
  • Patent number: 9892415
    Abstract: Merchant accounts associated with sales of counterfeit or other prohibited goods may be automatically discovered by identifying websites that have traits characteristic of those that sell prohibited goods. Automated browsing sessions are established with the respective websites, in which communication traffic, page identifiers, and page contents are captured for analysis. During each of the automated sessions, a website is automatically navigated to locate and visit a payment-processing page associated with a known payment processor. The captured data from the session is analyzed to identify a merchant account established with the payment processor for receiving proceeds from sales of prohibited goods. In some cases, the captured data is analyzed to identify a common merchant and/or page identifier that was encountered in multiple sessions. Multiple otherwise unrelated websites may thereby be grouped together as being likely associated with a common merchant account.
    Type: Grant
    Filed: April 2, 2015
    Date of Patent: February 13, 2018
    Assignee: MARKETLY LLC
    Inventors: Chase Richards, Eric Catlin, Anthony Bisig, Pulin Thakkar
  • Patent number: 9886582
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for determining threat data contextualization.
    Type: Grant
    Filed: August 31, 2015
    Date of Patent: February 6, 2018
    Assignee: Accenture Global Sevices Limited
    Inventors: Elvis Hovor, David William Rozmiarek, Robin Lynn Burkett, Matthew Carver, Mohamed H. El-Sharkawi
  • Patent number: 9888023
    Abstract: Methods and systems for extracting, processing, displaying, and analyzing events that are associated with one or more threats are provided. According to one embodiment, threat information, including information from one or more of firewall logs and historical threat logs, is maintained in a database. Information regarding threat filtering parameters is received. Information regarding threats matching the threat filtering parameters are extracted from the database and is presented in a form of an interactive historical graph. Responsive to receiving from an administrator an indication regarding a selected subset of time in which to zoom into for further details, a list of threats within the selected subset is presented in tabular form.
    Type: Grant
    Filed: February 17, 2017
    Date of Patent: February 6, 2018
    Assignee: Fortinet, Inc.
    Inventor: Mathieu Nantel
  • Patent number: 9888019
    Abstract: According to one embodiment, in response to receiving a plurality of uniform resource locator (URL) links for malicious determination, any known URL links are removed from the URL links based on a list of known link signatures. For each of remaining URL links that are unknown, a link analysis is performed on the URL link based on link heuristics to determine whether the URL link is suspicious. For each of the suspicious URL links, a dynamic analysis is performed on a resource of the suspicious URL link. It is classified whether the suspicious URL link is a malicious link based on a behavior of the resource during the dynamic analysis.
    Type: Grant
    Filed: March 28, 2016
    Date of Patent: February 6, 2018
    Assignee: FireEye, Inc.
    Inventors: Vinay Pidathala, Henry Uyeno
  • Patent number: 9882930
    Abstract: A method of enhancing secure operation of a computer is disclosed. The computer receives input data from an untrusted source and also operates an application program which can utilize the input data. The method involves creating a tainted value cache and storing the input data in that cache. In the event that the application program invokes a method which utilizes data from the cache, then that data is intercepted before it is utilized by the application program. The intercepted data is subjected to a data content test. If the intercepted data passes the data content test, then the intercepted data is forwarded to the application program to be utilized thereby. However, if the intercepted data fails the data content test, a security action is implemented.
    Type: Grant
    Filed: June 30, 2015
    Date of Patent: January 30, 2018
    Assignee: Waratek Limited
    Inventor: John Matthew Holt
  • Patent number: 9882914
    Abstract: A system for security group authentication comprises an interface, an authentication level determiner, and an authenticator. The interface is for receiving a request from a user to perform an action. The authentication level determiner is for determining that a current authentication level for the user is not adequate for the action. The authenticator is for providing a request to authenticate a new authentication level to the user. The current authentication level and the new authentication level are associated with the user using a security group.
    Type: Grant
    Filed: February 25, 2015
    Date of Patent: January 30, 2018
    Assignee: Workday, Inc.
    Inventor: Christopher W. Co
  • Patent number: 9876815
    Abstract: A graph of a plurality of resources in a computing environment is generated, with the graph associating a first resource of the plurality with a second resource of the plurality. Based at least in part on measurements obtained at a point in a test computing environment that corresponds to a point in the computing environment, an expected value or expected range of values is determined. An assessment of a security state of the computing environment is generated based at least in part on a comparison between a measurement obtained at the point in the computing environment and the expected value or expected range of values, and responsive to a determination that the assessment indicates a rule violation in the computing environment, a security action is performed.
    Type: Grant
    Filed: September 2, 2016
    Date of Patent: January 23, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Hassan Sultan, John Schweitzer, Donald Lee Bailey, Jr., Gregory Branchek Roth, Nachiketh Rao Potlapally
  • Patent number: 9877210
    Abstract: Methods and apparatus, including computer program products, for surreptitiously installing, monitoring, and operating software on a remote computer controlled wireless communication device are described. One aspect includes a control system for communicating programming instructions and exchanging data with the remote computer controlled wireless communication device. The control system is configured to provide at least one element selected from the group consisting of: a computer implemented device controller; a module repository in electronic communication with the device controller; a control service in electronic communication with the device controller; an exfiltration data service in electronic communication with the device controller configured to receive, store, and manage data obtained surreptitiously from the remote computer controlled wireless communication device; and a listen-only recording service in electronic communication with the device controller.
    Type: Grant
    Filed: November 26, 2013
    Date of Patent: January 23, 2018
    Assignee: Mantech Advanced Systems International, Inc.
    Inventors: Steven Hildner, Nathan Klonoski, Jay Lukin, Adam McKay, Sam Emara, Thomas Shanley, Thomas Krussel, Paul Neuner
  • Patent number: 9876896
    Abstract: A method of thwarting infiltration of malware onto a mobile communication device. The method comprises a filtering application executing on an ad gateway server computer analyzing a mobile advertisement by to determine a signature of the mobile advertisement, where the signature comprises at least one of a brand identity, a color scheme, a reference image, and a font type, searching a rules data store using the signature of the mobile advertisement as a search key to obtain a first rule, and identifying a first mobile presentation context in the first rule. The method further comprises the filtering application determining that a mobile presentation context of a mobile communication device to which the mobile advertisement is directed by matches the first mobile presentation context and the filtering application blocking transmission of the mobile advertisement from the ad gateway server to the mobile communication device.
    Type: Grant
    Filed: June 21, 2016
    Date of Patent: January 23, 2018
    Assignee: Sprint Communications Company L.P.
    Inventors: Michael A. Gailloux, Peter K. O'Brien, Adam C. Pickett
  • Patent number: 9875466
    Abstract: A system and method are disclosed for maintaining a whitelist, including: obtaining message data based on an email message sent by a user; extracting recipient information from message data; updating the whitelist using the recipient information.
    Type: Grant
    Filed: July 22, 2015
    Date of Patent: January 23, 2018
    Assignee: DELL PRODUCTS L.P
    Inventors: Paul R. Wieneke, Scott D. Eikenberry, Tim Nufire, David A. Koblas, Brian K. Wilson
  • Patent number: 9866577
    Abstract: A method for detecting intrusions on a set of virtual resources in a computer system including at least one physical machine hosting the set of virtual resources. The method includes: calculating an intrusion detection itinerary defined by a sequence of virtual resources from the set, the virtual resources being integrated and arranged in the sequence on the basis of respective vulnerability criticality levels assigned to the virtual resources of the set; and carrying out an intrusion detection operation, following the calculated itinerary.
    Type: Grant
    Filed: May 7, 2012
    Date of Patent: January 9, 2018
    Assignee: ORANGE
    Inventors: Sylvie Laniepce, Fabien Bignon, Karel Mittig
  • Patent number: 9865102
    Abstract: A system and method to preserve the integrity of data being extracted from an electronic data recorder (“EDR”) of an electronic control module (“ECM”) makes use of a forensic link adapter and, optionally, a sensor simulator (when ECM is out of the vehicle). The forensic link adapter has one or more first microprocessors and a first software means which prevent any message being sent by an external network from corrupting the previously recorded data measurements. The data measurements are then extracted, verified, and stored in a separate file. The sensor simulator has one or more second microprocessors, a second software means, and a bank of resistors that mimic sensors normally in communication with the ECM. The simulator “tricks” the ECM into thinking it is still in the vehicle by using the replicating vehicle system values the ECM normally sees when in the vehicle.
    Type: Grant
    Filed: April 10, 2014
    Date of Patent: January 9, 2018
    Assignee: The University of Tulsa
    Inventors: Jeremy Daily, James Johnson, Andrew Kongs, Jose Corcega
  • Patent number: 9864660
    Abstract: The backup management system includes a storage device that retains a location management table that stores therein at least one of position specifying information uniquely specifying a location provided by a computer resource in each cloud service and an area specifying information specifying a predetermined area including the location provided without uniquely specifying the location provided, and a processing device configured to perform a process of receiving a designation related to a computer resource as a backup target and a backup requirement, from a user of the cloud service, and a process of specifying as a backup destination a computer resource that has a position relation with the computer resource as the backup target satisfying the backup requirement, based on a designation from the user and at least one of the position specifying information and the area specifying information.
    Type: Grant
    Filed: November 7, 2014
    Date of Patent: January 9, 2018
    Assignee: Hitachi, Ltd.
    Inventors: Yuki Naganuma, Yuichi Taguchi
  • Patent number: 9866542
    Abstract: A system and method of responding to unauthorized electronic access to a vehicle includes: receiving data indicating unauthorized electronic access to electronic hardware in the vehicle; initiating an electronic hardware countermeasure in response to the unauthorized electronic access; generating a command set that instructs at least a portion of the electronic hardware to implement the electronic hardware countermeasure; and communicating the command set to the portion of the electronic hardware.
    Type: Grant
    Filed: January 28, 2015
    Date of Patent: January 9, 2018
    Assignee: GM Global Technology Operations
    Inventors: Kevin M. Baltes, Thomas M. Forest, Joseph E. Ploucha
  • Patent number: RE46768
    Abstract: The invention is a system and method for identifying, assessing, and responding to vulnerabilities on a mobile communication device. Information about the mobile communication device, such as its operating system, firmware version, or software configuration, is transmitted to a server for assessment. The server accesses a data storage storing information about vulnerabilities. Based on the received information, the server may identify those vulnerabilities affecting the mobile communication device, and may transmit a notification to remediate those vulnerabilities. The server may also transmit result information about the vulnerabilities affecting the mobile communication device. The server may also store the received information about the device, so that in the event the server learns of new vulnerabilities, it may continue to assess whether the device is affected, and may accordingly notify or remediate the device.
    Type: Grant
    Filed: December 17, 2013
    Date of Patent: March 27, 2018
    Assignee: LOOKOUT, INC.
    Inventors: John G. Hering, Kevin Mahaffey, James Burgess