Monitoring Or Scanning Of Software Or Data Including Attack Prevention Patents (Class 726/22)
  • Patent number: 10296470
    Abstract: Described systems and methods allow protecting a host system against malware, using hardware virtualization technology. A memory introspection engine executes at the level of a hypervisor, protecting a virtual machine (VM) from exploits targeting the call stack of a thread executing within the respective VM. The introspection engine identifies a virtual memory page reserved for the stack, but not committed to the stack, and intercepts an attempt to write to the respective page. In response to intercepting the write attempt, the memory introspection engine marks the respective page as non-executable, thus protecting the stack against exploits.
    Type: Grant
    Filed: June 30, 2017
    Date of Patent: May 21, 2019
    Assignee: Bitdefender IPR Management Ltd.
    Inventor: Andrei V. Lutas
  • Patent number: 10298602
    Abstract: The present invention relates to methods, network devices, and machine-readable media for an integrated environment for automated processing of reports of suspicious messages, and furthermore, to a network for distributing information about detected phishing attacks.
    Type: Grant
    Filed: February 26, 2018
    Date of Patent: May 21, 2019
    Assignee: Cofense Inc.
    Inventors: Aaron Higbee, Rohyt Belani, Scott Greaux, William Galway, Douglas Hagen
  • Patent number: 10297128
    Abstract: A networked system for managing a physical intrusion detection/alarm includes an upper tier of server devices, comprising: processor devices and memory in communication with the processor devices, a middle tier of gateway devices that are in communication with upper tier servers, and a lower level tier of devices that comprise fully functional nodes with at least some of the functional nodes including an application layer that execute routines to provide node functions, and a device to manage the lower tier of devices, the device instantiating a program manager that executes a state machine to control the application layer in each of the at least some of the functional nodes.
    Type: Grant
    Filed: January 10, 2017
    Date of Patent: May 21, 2019
    Assignee: TYCO FIRE & SECURITY GMBH
    Inventor: Paul B. Rasband
  • Patent number: 10296746
    Abstract: An information processing device includes a processor configured to generate one or more sets of data corresponding to information about a testing method set in advance, to input the sets of generated data into a test device, to identify sets of data making the test device exhibit predetermined behavior, among the sets of generated data, and to refer to information common among the sets of identified data, to aggregate the sets of generated data.
    Type: Grant
    Filed: January 21, 2016
    Date of Patent: May 21, 2019
    Assignee: FUJITSU LIMITED
    Inventors: Hisashi Kojima, Masahiro Nakada
  • Patent number: 10298713
    Abstract: Network caching performance can be improved by allowing users to discover distributed cache locations storing content of a central content server. Specifically, retrieving the content from a distributed cache proximately located to the user, rather than from the central content server, may allow for faster content delivery, while also consuming fewer network resources. Content can be associated with distributed cache locations storing that content by cache location tables, which may be maintained at intermediate network nodes, such as border routers and other devices positioned in-between end-users and central content servers. Upon receiving a query, the intermediate network nodes may determine whether the content requested by the query is associated with a cache location in the cache location table, and if so, provide the user with a query response identifying the associated cache location.
    Type: Grant
    Filed: March 30, 2015
    Date of Patent: May 21, 2019
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Xu Li, Ngoc-Dung Dao
  • Patent number: 10289839
    Abstract: The disclosed computer-implemented method for preventing unauthorized access to computing devices implementing computer accessibility services may include (i) detecting, at a client computing device, an instruction to perform a user interface action utilizing a computer accessibility service, (ii) determining, at the client computing device, whether the instruction was triggered based on a touch event initiated by a user of the client computing device, and (iii) performing, at the client computing device, a security action in response to determining that the instruction was not triggered based on a touch event initiated by the user. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: September 27, 2016
    Date of Patent: May 14, 2019
    Assignee: Symantec Corporation
    Inventors: Rachana Bedekar, Hai Zhao, Jiajia Liu
  • Patent number: 10291637
    Abstract: A security system detects and attributes anomalous activity in a network. The system logs user network activity, which can include ports used, IP addresses, commands typed, etc., and may detect anomalous activity by comparing users to find similar users, sorting similar users into cohorts, and comparing new user activity to logged behavior of the cohort. The comparison can include a divergence calculation. Origins of user activity can also be used to determine anomalous network activity. The hostname, username, IP address, and timestamp can be used to calculate aggregate scores and convoluted scores. The system extracts features from the logged anomalous network activity, and determines whether the activity is attributable to an actor profile by comparing the extracted features and attributes associated with the actor profile based upon previous activity attributed to the actor.
    Type: Grant
    Filed: July 5, 2016
    Date of Patent: May 14, 2019
    Assignee: PALANTIR TECHNOLOGIES INC.
    Inventor: Daniel Bardenstein
  • Patent number: 10291629
    Abstract: An approach is provided in which a knowledge manager identifies document command statements in a document that correspond to requests included in the document. The knowledge manager compares the document command statements against promise structures corresponding to promises included in valid documents and generates a suspicion score based on the analysis. In turn, the knowledge manager generates a suspicious document notification corresponding to the document when the suspicion score reaches a suspicion threshold.
    Type: Grant
    Filed: September 19, 2015
    Date of Patent: May 14, 2019
    Assignee: International Business Machines Corporation
    Inventors: Corville O. Allen, Andrew R. Freed
  • Patent number: 10289836
    Abstract: A method to monitor integrity of webpages. The method includes obtaining rendered code generated using source code of a webpage from a server that hosts the webpage and using remotely called code referenced in the source code, the rendered code used to display the webpage. The method also includes determining a difference between the rendered code and previous rendered code of the webpage. The previous rendered code may be generated before obtaining the rendered code. The method further includes analyzing the difference between the rendered code and the previous rendered code to determine a change in integrity of security of the webpage and in response to a change in the integrity of security of the webpage, generating an alert regarding the integrity of security of the webpage that may indicate the integrity of the webpage may have changed.
    Type: Grant
    Filed: May 18, 2018
    Date of Patent: May 14, 2019
    Assignee: SecurityMetrics, Inc.
    Inventor: Aaron Willis
  • Patent number: 10291640
    Abstract: Disclosed are system and method for detecting anomalous elements of web pages. One exemplary method comprises: obtaining access to a web site, by a client computing device, by requesting a web page associated with the web site via a web server; executing the web page by the client computing device to gather data relating to the web page; determining at least one N-dimensional vector based at least on the gathered data; creating at least one cluster comprising a set of values of coordinates of vectors for at least one element of the web page in N-dimensional space based on the at least one N-dimensional vector; creating a statistical model of the web page based on the at least one cluster; and using the statistical model for detecting anomalous elements of the web page.
    Type: Grant
    Filed: February 21, 2017
    Date of Patent: May 14, 2019
    Assignee: AO Kaspersky Lab
    Inventors: Oleg V. Kupreev, Anton B. Galchenko, Mikhail V. Ustinov, Vitaly V. Kondratov, Vladimir A. Kuskov
  • Patent number: 10291628
    Abstract: An approach is provided in which a knowledge manager identifies document command statements in a document that correspond to requests included in the document. The knowledge manager compares the document command statements against promise structures corresponding to promises included in valid documents and generates a suspicion score based on the analysis. In turn, the knowledge manager generates a suspicious document notification corresponding to the document when the suspicion score reaches a suspicion threshold.
    Type: Grant
    Filed: November 7, 2014
    Date of Patent: May 14, 2019
    Assignee: International Business Machines Corporation
    Inventors: Corville O. Allen, Andrew R. Freed
  • Patent number: 10284720
    Abstract: Systems and methods for using machine-learning techniques for labeling incoming calls with categories relating to a risk level. A model is generated using call log data. The call log data is augmented using information from additional data sources to generate features for the model. The model may then be used to categorize additional incoming calls. The model may be used in real-time to categorize incoming calls, or categorization results may be stored for a plurality of calling numbers. Various embodiments provide various technical advantages by virtue of how the components of the system are deployed between an endpoint communication device, a telephony provider system, and possibly other systems.
    Type: Grant
    Filed: November 1, 2017
    Date of Patent: May 7, 2019
    Assignee: Transaction Network Services, Inc.
    Inventors: Sean J. Kent, Ken Cartwright, Amit Singla, Srikanth Mohan, Paul Florack
  • Patent number: 10284463
    Abstract: A system and method for tracking and adjusting packet flows through a network having a service delivery node and one or more residential services gateways. Packet flows are recognized as they pass through one or more residential services gateway and flow analytics information corresponding to the packet flows recognized in the residential services gateways are transferred from the residential gateways to the flow identification control unit. The flow analytics information received from the residential services gateways is analyzed within the flow identification control unit and traffic through one or more of the service access platform and the residential services gateways is adjusted, if necessary, as a function of the flow analytics information analyzed by the flow identification control unit.
    Type: Grant
    Filed: January 7, 2016
    Date of Patent: May 7, 2019
    Assignee: Calix, Inc.
    Inventors: Brower Dimond, Ari Sodhi
  • Patent number: 10284570
    Abstract: Aspects of the present disclosure relate to systems and methods for detecting a threat of a computing system. In one aspect, a plurality of instances of input data may be received from at least one sensor. A feature vector based upon at least one instance of the plurality of instances of input data may be generated. The feature vector may be sent to a classifier component, where a threat assessment score is determined for the feature vector. The threat assessment score may be determined by combining information associated with the plurality of instances of input data. A threat assignment may be assigned to the at least one instance of data based on the determined threat assessment score. The threat assignment and threat assessment score may be disseminated.
    Type: Grant
    Filed: July 24, 2014
    Date of Patent: May 7, 2019
    Assignee: Wells Fargo Bank, National Association
    Inventors: Mauritius A. R. Schmidtler, Gaurav Dalal, Timur Kovalev
  • Patent number: 10277616
    Abstract: A network monitoring “sensor” is built on initial startup by checking the integrity of the bootstrap system and, if it passes, downloading information from which it builds the full system including an encrypted and an unencrypted portion. Later, the sensor sends hashes of files, configurations, and other local information to a data center, which compares the hashes to hashes of known-good versions. If they match, the data center returns information (e.g., a key) that the sensor can use to access the encrypted storage. If they don't, the data center returns information to help remediate the problem, a command to restore some or all of the sensor's programming and data, or a command to wipe the encrypted storage. The encrypted storage stores algorithms and other data for processing information captured from a network, plus the captured/processed data itself.
    Type: Grant
    Filed: September 25, 2015
    Date of Patent: April 30, 2019
    Assignee: Vigilant IP Holdings LLC
    Inventors: Christopher D. Nyhuis, Michael Pananen
  • Patent number: 10277614
    Abstract: An information processing apparatus is provided with: a comparison unit that compares a communication by a terminal connected to a network with a pattern held in advance; a specification unit that specifies an evaluated value indicating a degree to which it is inferred that the terminal is used to conduct unauthorized activity, and a phase of unauthorized activity, in accordance with a comparison result; a holding unit that holds a maximum value of the evaluated value, for each phase, and for each terminal; and a determination unit that determines whether or not the terminal is used to conduct unauthorized activity, based on the maximum value of the evaluated value for each of the phases.
    Type: Grant
    Filed: July 13, 2016
    Date of Patent: April 30, 2019
    Assignee: PFU LIMITED
    Inventors: Kazuhiro Koide, Keiji Michine
  • Patent number: 10277626
    Abstract: Techniques for network traffic filtering and flow control are disclosed. Some implementations provide a network communication evaluation module (“NCEM”) that executes on a networking device, such as a gateway or router, and performs network traffic control, such as suppressing denial of service attacks or otherwise limiting packet flow. The NCEM performs packet filtering in order to identify and drop packets that are being (or are likely to be) transmitted as part of a denial of service attack. The NCEM conditionally drops packets that meet specified conditions or rules. For example, the NCEM may drop all packets that are using a nonauthentic source address. As another example, the NCEM may limit the volume of packets of a particular type, such as by limiting the number of DNS requests that are made during a specified time interval.
    Type: Grant
    Filed: November 9, 2017
    Date of Patent: April 30, 2019
    Inventor: Daniel Chien
  • Patent number: 10277628
    Abstract: Classifying electronic communications is disclosed. An electronic communication is received. A first likelihood that a potential recipient of the electronic communication would conclude that the communication was transmitted on behalf of an authoritative entity is determined. An assessment of a second likelihood that the received communication was transmitted with authorization from the purported authoritative entity is performed. The electronic communication is classified based at least in part on the first and second liklihoods.
    Type: Grant
    Filed: September 16, 2014
    Date of Patent: April 30, 2019
    Assignee: ZAPFRAUD, INC.
    Inventor: Bjorn Markus Jakobsson
  • Patent number: 10278074
    Abstract: The disclosed computer-implemented method for categorizing mobile devices as rooted may include (1) gathering a set of metadata describing a plurality of rooted mobile devices that have been modified to allow a user to alter protected systems and an additional set of metadata describing a plurality of unrooted mobile devices that have not been modified to allow the user to alter the protected systems, (2) comparing the set of metadata with the additional set of metadata to determine at least one feature that differentiates the rooted mobile devices from the unrooted mobile devices, (3) determining whether the feature is present in metadata that describes an uncategorized mobile device, and (4) categorizing the uncategorized mobile device as a rooted mobile device based on the presence of the feature in the metadata that describes the uncategorized mobile device. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: October 22, 2015
    Date of Patent: April 30, 2019
    Assignee: Symantec Corporation
    Inventors: Yun Shen, Azzedine Benameur, Nathan Evans
  • Patent number: 10275595
    Abstract: An embodiment may create a memory image including a representation of a thread environment block (TEB) and representation of a process environment block (PEB) according to specifications of an operating system. A memory image may be loaded into a memory and a shellcode may be caused to use the memory image when executed. An access to the memory image, made by the shellcode, may be monitored and controlled.
    Type: Grant
    Filed: September 29, 2016
    Date of Patent: April 30, 2019
    Assignee: Trap Data Security Ltd.
    Inventors: Yuval Malachi, Mori Benech
  • Patent number: 10270789
    Abstract: Provided are systems, methods, and computer-program products for a targeted threat intelligence engine, implemented in a network device. The network device may receive incident data, which may include information derived starting at detection of an attack on the network until detection of an event. The network device may include analytic engines that run in a predetermined order. An analytic engine can analyze incident data of a certain data type, and can produce a result indicating whether a piece of data is associated with the attack. The network device may produce a report of the attack, which may include correlating the results from the analytic engines. The report may provide information about a sequence of events that occurred in the course of the attack. The network device may use the record of the attack to generate indicators, which may describe the attack, and may facilitate configuring security for a network.
    Type: Grant
    Filed: January 12, 2017
    Date of Patent: April 23, 2019
    Assignee: ACALVIO TECHNOLOGIES, INC.
    Inventor: Abhishek Singh
  • Patent number: 10270779
    Abstract: Disclosed are a method and an apparatus for determining a phishing website. The method comprises: a server determining whether a target website accessed by a client is a gray website, the gray website being a website neither in a preset blacklist nor in a whitelist; the client acquiring the browsing information of the gray website in the local client, and determining whether the browsing information meets a preset condition; if yes, determining that the gray website is a non-phishing website; if not, the client acquiring the domain name feature information of the gray website, and when the domain name feature information conforms to a pre-configured rule, determining that the gray website is a phishing website.
    Type: Grant
    Filed: July 31, 2017
    Date of Patent: April 23, 2019
    Assignee: Beijing Qihoo Technology Company Limited
    Inventor: Ming Wen
  • Patent number: 10270790
    Abstract: The present invention relates to an insider threat detection system which includes at least two stages: a front end sensor stage with activity detection from detectors, and a behavior reasoning component (BRC) with following automated reporting. As opposed to typical monitoring systems that seek to identify network activities as endpoint activities, work on a small number of static triggered rules or anomalous deviations from established norms, the present invention includes a behavior reasoning component (BRC) that uses network activity as precursor indicators to subsequent malicious or non-malicious behaviors, using BRC pattern classifiers, to predict likely malicious insider behaviors and alert security personnel to insider threat from high probability sabotage, fraud, or theft of sensitive, proprietary, classified data/information.
    Type: Grant
    Filed: December 9, 2015
    Date of Patent: April 23, 2019
    Assignee: Anbeco, LLC
    Inventor: Gary M Jackson
  • Patent number: 10270797
    Abstract: A wireless communications system mitigates the threat of a man-in-the-middle attack when sharing network credentials with a new device. A new wireless device signals that it needs credentials if no other devices are signaling that they need credentials. The new device provides a visible or audible indicator when requested to do so by a device with credentials. Either in response to approval by a user or automatically in response to the indicator, the device with credentials shares credentials with the new device, which can then establish a connection to the network.
    Type: Grant
    Filed: March 28, 2016
    Date of Patent: April 23, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Richard William Mincher, David George Butler, Richard David Young, Thomas Bruno Mader
  • Patent number: 10262157
    Abstract: One embodiment provides a method, including: tracking behavior of a user when the user is providing input to a permission request of an application, wherein the permission request comprises at least one application permission requesting access for the application to information accessible by an information handling device; identifying at least one undesired application permission, wherein the identifying comprises detecting, based upon the behavior of the user, that the user is uncomfortable with the at least one undesired application permission; determining whether another similar application, having a permission set the user is comfortable with, is available, wherein the determining comprises searching for applications similar to the application and filtering the similar applications by removing applications having a permission similar to the undesired application permission; and providing a recommendation, if there is another similar application, to the user, wherein the recommendation comprises the anothe
    Type: Grant
    Filed: September 28, 2016
    Date of Patent: April 16, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Rahul Rajendra Aralikatte, Vijay Ekambaram, Senthil Kumar Kumarasamy Mani, Giriprasad Sridhara
  • Patent number: 10262135
    Abstract: The disclosed computer-implemented method for detecting and addressing suspicious file restore activities may include (i) detecting a restore activity during which files are restored to a client device from a previously stored backup of the files, (ii) determining that a total number of the files restored during the restore activity exceeds a threshold number, and (iii) performing, based on the total number of the files exceeding the threshold number, a security action to protect the client device from a malicious threat associated with the restore activity. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: December 13, 2016
    Date of Patent: April 16, 2019
    Assignee: Symantec Corporation
    Inventors: Lei Gu, Ilya Sokolov, Haik Mesropian
  • Patent number: 10263998
    Abstract: A processing device in one embodiment comprises a processor coupled to a memory and is configured to obtain a plurality of security alerts in a computer network, to process the security alerts to extract a plurality of markers from each of the security alerts, to compute at least one relevance score relating a given one of the security alerts to another one of the security alerts based at least in part on distance measures computed between markers shared by the given security alert and the other security alert, and to adjust at least one operating characteristic of a network security system of the computer network based at least in part on the relevance score. The relevance score may be computed as a function of a number of markers shared by the given security alert and the other security alert.
    Type: Grant
    Filed: December 14, 2016
    Date of Patent: April 16, 2019
    Assignee: EMC IP Holding Company LLC
    Inventors: Nitin Bhatt, Vadim Bruk
  • Patent number: 10264154
    Abstract: A system includes a server to distribute one or more applications and an image processing apparatus communicable with the server. The server includes circuitry. The circuitry receives information relating to a device type of the image processing apparatus from the image processing apparatus. The circuitry changes, based on the received information relating to the device type, a part of a screen design relating to an application list screen. The circuitry transmits, to the image processing apparatus, information relating to the application list screen in which the part of the screen design is changed based on the information relating to the device type. The browser executes an application command for transmitting the information relating to the device type to the server. The browser displays the application list screen in which the part of the screen design is changed based on the information relating to the device type.
    Type: Grant
    Filed: June 6, 2018
    Date of Patent: April 16, 2019
    Assignee: Ricoh Company, Ltd.
    Inventors: Satoru Hirakata, Kenichi Takeda
  • Patent number: 10264016
    Abstract: The present disclosure discloses a method of allowing Web View to verify the security level of a web content and inform the user with regards to the security and blocks web contents that are determined harmful or inappropriate. In one embodiment of the present disclosure, the Web View checks a trusted data source to see if the visited web content has been labeled or flagged as safe or unsafe by initiating a connection to a trusted third-party database using a to determine whether or not the URL is associated with a domain that has been classified or labeled as safe or unsafe. The Web View then informs the user about the security level of the web content through a visual indicator or it can redirect the user to a warning page explaining why access to the site is prohibited, or it can block access without warning.
    Type: Grant
    Filed: April 23, 2016
    Date of Patent: April 16, 2019
    Inventor: Paul Fergus Walsh
  • Patent number: 10257212
    Abstract: A system and method of analysis. NX domain names are collected from an asset in a real network. The NX domain names are domain names that are not registered. The real network NX domain names are utilized to create testing vectors. The testing vectors are classified as benign vectors or malicious vectors based on training vectors. The asset is then classified as infected if the NX testing vector created from the real network NX domain names is classified as a malicious vector.
    Type: Grant
    Filed: December 19, 2016
    Date of Patent: April 9, 2019
    Assignee: Help/Systems, LLC
    Inventors: Emmanouil Antonakakis, Robert Perdisci, Wenke Lee, Gunter Ollmann
  • Patent number: 10257213
    Abstract: An extraction criterion determination method performed by an extraction criterion determination apparatus includes collecting a log information entry that is in a predetermined period of time and determined to be a specific communication, extracting a communication satisfying a criterion used to extract the specific communication from log information entries from the collected log information entries with reference to a storage unit storing an extraction criterion in which the criterion is defined, determining to adopt the extraction criterion when the ratio of the specific communications to the extracted communications is larger than or equal to a threshold, and performing a control to output the adopted extraction criterion.
    Type: Grant
    Filed: March 16, 2015
    Date of Patent: April 9, 2019
    Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Takeshi Yagi, Daiki Chiba, Kazunori Kamiya, Tohru Sato, Kensuke Nakata
  • Patent number: 10254720
    Abstract: Systems and methods of monitoring, analyzing, optimizing and controlling data centers and data center operations are disclosed. The system includes data collection and storage hardware and software for harvesting operational data from data center assets and operations. Intelligent analysis and optimization software enables identification of optimization and/or control actions. Control software and hardware enables enacting a change in the operational state of data centers.
    Type: Grant
    Filed: August 10, 2016
    Date of Patent: April 9, 2019
    Assignee: BASELAYER Technology, LLC
    Inventors: George Slessman, William Slessman, Kevin Malik, Jeremy Steffensen, Kjell Holmgren
  • Patent number: 10257172
    Abstract: A streams manager assesses the security risk of streams communication and when possible turns off encryption of intranode communication between operators of a streaming application on a computer node to increase performance of the computer node. The streams manager includes a stream security module (SSM) with a monitor that monitors risk in the system and changes encryption between operators on a node depending on the risk. The stream security module may use security data and node profile data collected by the monitor or the system to determine the risk. The stream security module may provide recommendations to a customer for the customer to override changes in encryption.
    Type: Grant
    Filed: November 18, 2016
    Date of Patent: April 9, 2019
    Assignee: International Business Machines Corporation
    Inventors: David M. Koster, Jason A. Nikolai, Adam D. Reznechek, Andrew T. Thorstensen
  • Patent number: 10257058
    Abstract: The present invention extends to methods, systems, and computer program products for ingesting streaming signals. Signal ingestion modules sample a plurality of frames contained in a raw streaming signal. The signal ingestion modules separate the raw streaming signal into a plurality of segments. It is determined that content in the plurality of sampled frames indicates a possible event type. The signal ingestion modules replay a segment, from among the plurality of segments, in response to determining the indicated possible event. The content of the segment is inspected during replay of the segment. The possible event type is confirmed or not confirmed as an actual event type based on the inspection. When confirmed, a context dimension of the streaming signal is updated to include the event type.
    Type: Grant
    Filed: August 21, 2018
    Date of Patent: April 9, 2019
    Assignee: Banjo, Inc.
    Inventors: K W Justin Leung, Michael Avner Urbach, Armando Guereca-Pinuelas, Christopher E. Latko, Damien Patton, Rish Mehta
  • Patent number: 10257221
    Abstract: Techniques for selective sinkholing of malware domains by a security device via DNS poisoning are provided. In some embodiments, selective sinkholing of malware domains by a security device via DNS poisoning includes intercepting a DNS query for a network domain from a local DNS server at the security device, in which the network domain was determined to be a bad network domain and the bad network domain was determined to be associated with malware (e.g., a malware domain); and generating a DNS query response to the DNS query to send to the local DNS server, in which the DNS query response includes a designated sinkholed IP address for the bad network domain to facilitate identification of an infected host by the security device.
    Type: Grant
    Filed: March 18, 2016
    Date of Patent: April 9, 2019
    Assignee: Palo Alto Networks, Inc.
    Inventors: Huagang Xie, Taylor Ettema
  • Patent number: 10255433
    Abstract: A system and method to monitor executing processes are disclosed. A respective starting fingerprint of memory of each executing process within at least one process is determined during a system startup phase that is prior to a device operational phase. A present fingerprint of memory of the selected executing process within the at least one process is determined during the device operational phase and while a selected executing process is executing. A difference between the respective starting fingerprint of the selected executing process and the present fingerprint of the selected executing process is determined and an indication of the difference for the selected executing process is reported based on determining the difference.
    Type: Grant
    Filed: November 6, 2015
    Date of Patent: April 9, 2019
    Assignee: BlackBerry Limited
    Inventors: Kristof Takacs, Jameson Bauer Hyde, Marek Paruzel, Ravi Singh
  • Patent number: 10250651
    Abstract: A method and a mobile terminal for publishing information automatically are provided. The mobile terminal can publish information automatically, thereby reducing user operations and facilitating use for users. The method includes receiving operation information of a user; and sending an information publishing indication message to a predetermined server when a type of the operation information of the user matches a preset operation information type, where the information publishing indication message includes at least an address of the predetermined server, account information of the user, and the operation information, so that the predetermined server publishes the operation information according to the account information. The present invention is applicable to the field of mobile terminal technologies.
    Type: Grant
    Filed: March 4, 2015
    Date of Patent: April 2, 2019
    Assignee: HUAWEI DEVICE (DONGGUAN) CO., LTD.
    Inventor: Valluri Kumar
  • Patent number: 10250630
    Abstract: This disclosure relates generally to computer network, and more particularly to a system and method for providing computer network security. In one embodiment, a method is provided for providing computer network security. The method comprises gathering threat information from one or more sources, deriving security intelligence based on the threat information, determining a security measure based on the security intelligence, and dynamically applying the security measure to a computer network using a set of virtual appliances and a set of virtual switches.
    Type: Grant
    Filed: November 17, 2015
    Date of Patent: April 2, 2019
    Assignee: WIPRO LIMITED
    Inventor: Radha Krishna Singuru
  • Patent number: 10250560
    Abstract: The present invention provides a network security method, which comprises the steps of: maintaining information on blocked countries, to be blocked from data communication, in a blocked country database; identifying an external IP address by extracting at least one of a source IP address and a destination IP address of a communication packet transmitted on a network; identifying a country to which the identified external IP address belongs; and blocking the communication packet when the country to which the identified external IP address belongs is included in the blocked countries.
    Type: Grant
    Filed: September 26, 2014
    Date of Patent: April 2, 2019
    Assignee: SOOSAN INT CO., LTD.
    Inventor: Yong Hwan Lee
  • Patent number: 10250623
    Abstract: A security server tracks malicious objects detected by malware detection applications that scan for malicious objects on clients. The security server also receives client information from the clients indicating client states. The client state describes one or more protection applications executing on the client that seek to identify and prevent malicious objects from taking malicious actions based on real-time monitoring. Thus, the security server may identify when the protection application fails to detect a malicious object. In addition, the security server maps detection events of malicious objects with corresponding client states to generate aggregate detection information for a population of clients. Analytical data can be derived from the aggregate detection information to identify trends useful for evaluating different types of protection applications.
    Type: Grant
    Filed: December 11, 2017
    Date of Patent: April 2, 2019
    Assignee: Malwarebytes, Inc.
    Inventors: Mark William Patton, Darren Kazuo Chinen, Braydon Michael Davis, Ragesh Damodaran, Manikandan Vellore Muneeswaran, Vijay Arumugam Velayutham
  • Patent number: 10248792
    Abstract: An example process includes: identifying, by one or more processing devices, candidate code in executable code based on a static analysis of the executable code, where the candidate code includes code that is vulnerable to attack or the candidate code being on a path to code that is vulnerable to attack, where information related to the attack is based, at least in part, on the candidate code; customizing, by one or more processing devices, a healing template based on the information to produce a customized healing template; and inserting, by one or more processing devices, the customized healing template into a version of the executable code at a location that is based on a location of the candidate code in the executable code, where the customized healing template includes code that is executable to inhibit the attack.
    Type: Grant
    Filed: August 10, 2017
    Date of Patent: April 2, 2019
    Assignee: BlueRISC, Inc.
    Inventors: Csaba Andras Moritz, Kristopher Carver, Jeffry Gummeson
  • Patent number: 10250627
    Abstract: Remediating a security threat to a network includes obtaining, from a network, security information about the network to determine traffic patterns of the network, identifying, based on the traffic patterns of the network, a security threat to the network, determining, from a playbook library and a workflow library, a workflow template and at least one software-defined networking (SDN) flow rule template to remediate the security threat, and deploying, via a SDN controller, a SDN flow rule based on the at least one SDN flow rule template in the network to remediate the security threat by altering a control path of the network.
    Type: Grant
    Filed: July 31, 2014
    Date of Patent: April 2, 2019
    Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
    Inventors: Marco Casassa Mont, Simon Ian Arnell
  • Patent number: 10243679
    Abstract: In some examples, a system receives a response from a web server, the response being responsive to a web request sent to the web server. The system executes a script in the response with a web browser, links a document object model (DOM) method to application code executed during the executing of the script, and determines a vulnerability based on the DOM method linked during the executing of the script.
    Type: Grant
    Filed: May 25, 2017
    Date of Patent: March 26, 2019
    Assignee: ENTIT SOFTWARE LLC
    Inventors: Shawn Morgan Simpson, Philip Edward Hamer
  • Patent number: 10243989
    Abstract: An email inspection system receives emails that are addressed to recipients of a private computer network. The emails are inspected for malicious content, and security information of emails that pass inspection is recorded. When an email is detected to have malicious content, the recorded security information of emails is checked to identify compromised emails, which are emails that previously passed inspection but include the same malicious content. A notification email is sent to recipients of compromised emails. The notification email includes Simple Mail Transfer Protocol headers that facilitate identification of the recipients, blocking of incoming emails with the same malicious content, and identification of public Mail Transfer Agents that send malicious emails, i.e., emails with malicious content.
    Type: Grant
    Filed: July 27, 2017
    Date of Patent: March 26, 2019
    Assignee: Trend Micro Incorporated
    Inventors: Zhichao Ding, Jun Qu, Guangxiang Yang
  • Patent number: 10241980
    Abstract: The functionality of a browser application is enhanced using a browser plug-in, which enables the browser application to access portions of a file system not otherwise accessible to the browser application. The enhanced functionality provided by the browser plug-in is used in one example by an image uploading web application. The browser application may also start a task in the background, such as a task for uploading several images, and then monitor the progress of the task even when the browser application navigates away from the page that initiated the task. The browser application may use a local web server running on the client device to perform tasks, including the rendering of images and monitoring progress of long running tasks.
    Type: Grant
    Filed: March 7, 2014
    Date of Patent: March 26, 2019
    Assignee: Facebook, Inc.
    Inventors: Matthew Cahill, Christopher W. Putnam, Daniel Reed Weatherford
  • Patent number: 10242231
    Abstract: The present invention provides a method, and associated computer system and computer program product, for masking selected vulnerable data portions of a data set transmitted over a network by parsing the vulnerable data, generating masked values for the vulnerable data, updating the data set to include the masked values, then sending the updated data set to a third party for analysis.
    Type: Grant
    Filed: March 22, 2017
    Date of Patent: March 26, 2019
    Assignee: International Business Machines Corporation
    Inventors: Javed Iqbal Abdul, Jose Peter, Nisanth M. Simon
  • Patent number: 10242403
    Abstract: Methods, apparatuses, and article of manufactures for receiving a plurality of bids and offers for a binary options instrument. Each bid and offer comprises a quantity and a price. A subset of bids and offers from the plurality of received bids and offers is generated. At least one rule is applied to the subset of bids and offers to generate a reduced subset of bids and offers. A binary options index is computed from the reduced subset of bids and offer. A request for a binary options transaction that is based on the computed binary options index is received.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: March 26, 2019
    Assignee: CANTOR FUTURES EXCHANGE, L.P.
    Inventors: Rich Jaycobs, Nolan Glantz, James Les Walker
  • Patent number: 10242187
    Abstract: The disclosed computer-implemented method for providing integrated security management may include (1) identifying a computing environment protected by security systems and monitored by a security management system that receives event signatures from the security systems, where a first security system uses a first event signature naming scheme that differs from a second event signature naming scheme used by a second security system, (2) observing a first event signature that originates from the first security system and uses the first event signature naming scheme, (3) determine that the first event signature is equivalent to a second event signature that uses the second event signature naming scheme, and (4) performing, in connection with observing the first event signature, a security action associated with the second event signature and directed to the computing environment. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: September 14, 2016
    Date of Patent: March 26, 2019
    Assignee: Symantec Corporation
    Inventors: Kevin Roundy, Matteo Dell'Amico, Chris Gates, Michael Hart, Stanislav Miskovic
  • Patent number: 10243983
    Abstract: The invention provides a system and method for detecting intrusion is an intranet, determining of attack intent; identifying compromised servers and network elements; creating request log; and outputting alerts to users by a predetermined alert medium. The invention provides encoding of received requests such that compromised network elements can be identified.
    Type: Grant
    Filed: November 9, 2016
    Date of Patent: March 26, 2019
    Inventor: Sudhir Pendse
  • Patent number: 10244102
    Abstract: A method for operating an electronic device includes displaying a user-interface for a mode for controlling data usage on a display of the electronic device, in response to detecting an input for the user-interface, activating the mode, in the mode, identifying a first set of applications among a plurality of applications installed in the electronic device based on a predefined list, allowing first data usage for a first set of applications, and restricting second data usage for a second set of applications among the plurality of applications other than the first set of applications.
    Type: Grant
    Filed: August 18, 2016
    Date of Patent: March 26, 2019
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Tasleem Arif, Manoj Kumar, Prakhar Avasthi, Achintya Dixit, Dhananjay Govekar, Aleena Das, Munwar Khan, Sanket Magarkar, Shashank Shekhar