Intrusion Detection Patents (Class 726/23)
  • Patent number: 10785239
    Abstract: Systems and methods for utilizing statistical relational learning techniques in order to predict factors for nodes of a node graph, such as a node graph that represents attacks and incidents to a computing system, are described. In some embodiments, the systems and methods identify certain nodes (of a node graph) as representing malicious attributes of an email or other threat artifact received by a computing system or network and utilize relational learning to predict the maliciousness of attributes represented by other nodes (of the node graph).
    Type: Grant
    Filed: December 10, 2018
    Date of Patent: September 22, 2020
    Assignee: McAfee, LLC
    Inventors: Connor Walsh, Elisabeth Maida
  • Patent number: 10785248
    Abstract: Techniques for routing a request based on a vulnerability in a processing node are disclosed. A vulnerability analyzer determines a set of detected vulnerabilities in each of a set of processing nodes. Based on the detected vulnerabilities, the vulnerability analyzer determines a respective vulnerability score for each processing node. A routing engine receives a request to be processed by at least one of the set of processing nodes. The routing engine selects a particular node for processing the request based on the detected vulnerabilities in one or more of the set of processing nodes. The routing engine may select the particular node based on the vulnerability scores of the set of processing nodes. Additionally or alternatively, the routing engine may select the particular node based on whether the particular node includes any vulnerability that may be exploited by the request.
    Type: Grant
    Filed: March 22, 2017
    Date of Patent: September 22, 2020
    Assignee: Oracle International Corporation
    Inventors: Ajai Joy, Sarat Aramandla
  • Patent number: 10785246
    Abstract: Black-box security testing for a Web application includes identifying infrastructure supporting the Web application, obtaining vulnerability data for the Web application from an external data source according to the infrastructure, deriving a test payload from the vulnerability data using a processor, and determining a type of vulnerability exploited by the test payload. An existing validation operation of a testing system is selected for validating a response from the Web application to the test payload according to the type of vulnerability.
    Type: Grant
    Filed: September 11, 2013
    Date of Patent: September 22, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Evgeny Beskrovny, Omer Tripp
  • Patent number: 10778712
    Abstract: Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.
    Type: Grant
    Filed: January 31, 2019
    Date of Patent: September 15, 2020
    Assignee: Splunk Inc.
    Inventors: Vijay Chauhan, Cary Noel, Wenhui Yu, Luke Murphey, Alexander Raitz, David Hazekamp
  • Patent number: 10778696
    Abstract: Provided is a vehicle-mounted relay device, a vehicle-mounted communication system, and a relay program configured to prevent an unauthorized message from being relayed between networks. A vehicle-mounted relay device includes a plurality of communication units to which a plurality of CAN buses are connected and determines whether a message transmitted by any ECU connected to the CAN buses are authorized. If a message is unauthorized, then the vehicle-mounted relay device 10 gives, to the respective CAN bus connected to the communication unit receiving the message, a notification that the unauthorized message has been transmitted. The vehicle-mounted relay device prohibits further relaying of a message that has the same CAN-ID as the CAN-ID contained in the message determined to be unauthorized. Concurrently, the vehicle-mounted relay device gives, to the other communication lines connected to a communication unit, a notification that relay of the message is prohibited.
    Type: Grant
    Filed: June 10, 2016
    Date of Patent: September 15, 2020
    Assignees: AutoNetworks Technologies, Ltd., Sumitomo Wiring Systems, Ltd., Sumitomo Electric Industries, Ltd.
    Inventor: Yukihiro Miyashita
  • Patent number: 10776427
    Abstract: A computer implemented method to determine the satisfaction of one or more mapping conditions conditionally mapping a first state in a first pattern matching automaton to a second state in the first automaton, each of the conditions being based on symbol patterns matched by a second pattern matching automaton having states corresponding to wildcard symbols in the first automaton, the method comprising: encoding the conditions in a condition tree data structure associated with the first state, the condition tree modeling sequences of symbol patterns for matching by the second automaton and corresponding to each of the conditions, wherein a node in the condition tree corresponding to a complete set of symbol patterns for a condition has associated an output symbol sequence to identify a pattern match by the first automaton.
    Type: Grant
    Filed: September 22, 2015
    Date of Patent: September 15, 2020
    Assignee: British Telecommunications Public Limited Company
    Inventor: James Mistry
  • Patent number: 10776495
    Abstract: This disclosure relates to systems, devices, and methods for receiving security configuration information and malware state information for a plurality of client devices, the security configuration information comprising identification of at least one of security parameters, hardware configurations, or software configurations of each of the plurality of client devices, and the malware state information comprising identification of at least one or more types of malware on each of the plurality of devices. The security configuration information and malware state information may be analyzed to identify which client devices from the plurality of devices have a security configuration that places the identified client devices in a vulnerable security state.
    Type: Grant
    Filed: May 10, 2018
    Date of Patent: September 15, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Hermineh Sanossian, Tushar Suresh Sugandhi
  • Patent number: 10776485
    Abstract: A virtual machine transmits local files to a secure virtual machine hosted by a hypervisor for malware detection. When malware is detected, the secure virtual machine can responsively provide remediation code to the virtual machine on a temporary basis so that the virtual machine can perform suitable remediation without a permanent increase in size of the virtual machine.
    Type: Grant
    Filed: December 13, 2018
    Date of Patent: September 15, 2020
    Assignee: Sophos Limited
    Inventors: Richard Barlow Harrison, Andrew Colin Piper, Mark Bond, Robert William Allsworth, Kenneth D. Ray
  • Patent number: 10771491
    Abstract: Data packets transmitted to and from an IoT device are obtained and at least one of the data packets are analyzed using deep packet inspection to identify transaction data from payload of the at least one of the data packets. An event log is generated for the IoT device from the transaction data, the event log, at least in part, used to generate a historical record for the IoT device. The IoT device is profiled into a device profile based on the historical record for the IoT device. The event log is updated in real-time to indicate current operation of the IoT device. Abnormal device behavior of the IoT device is determined using the event log and the device profile. The device profile is updated to indicate the abnormal device behavior of the IoT device.
    Type: Grant
    Filed: February 19, 2019
    Date of Patent: September 8, 2020
    Assignee: Palo Alto Networks, Inc.
    Inventors: Gong Cheng, Pui-Chuen Yip, Zhiwei Xiao, Ran Xia, Mei Wang
  • Patent number: 10771476
    Abstract: In one embodiment, an elimination point device in a network obtains a master secret from a network controller. The elimination point device assesses, using the master secret, whether an incoming packet received by the elimination point device from a redundant path between the elimination point device and a replication point device in the network includes a valid message integrity check (MIC). The elimination point device determines whether the incoming packet was injected maliciously into the redundant path, based on the assessment of the incoming packet. The elimination point device initiates performance of a mitigation action in the network, when the elimination point device determines that the incoming packet was injected maliciously into the redundant path.
    Type: Grant
    Filed: March 14, 2018
    Date of Patent: September 8, 2020
    Assignee: Cisco Technology, Inc.
    Inventors: Pascal Thubert, Patrick Wetterwald, Eric Levy-Abegnoli, Jean-Philippe Vasseur
  • Patent number: 10765941
    Abstract: A non-limiting example communication game system comprises at least two game apparatuses, and the two game apparatuses communicate with each other directly or via an internet according to instructions of a player. At this time, one of the two game apparatuses functions as a parent apparatus and the other of the two game apparatuses functions as a child apparatus. If both players instruct to exchange characters, character data are sent and received between the parent apparatus and the child apparatus. When a rarity of a character X that is to be sent on exchange is lower than a rarity of a character Y that is to be received by exchange, the parent apparatus receives a notification of writing start from the child apparatus, and performs save writing.
    Type: Grant
    Filed: June 27, 2016
    Date of Patent: September 8, 2020
    Assignee: NINTENDO CO., LTD.
    Inventors: Kei Ninomiya, Akira Kinashi
  • Patent number: 10771485
    Abstract: Embodiments of the invention are directed to a system, method, or computer program product for cross-channel electronic communication security. In this regard, the invention provides dynamic construction and targeting of adaptive simulated malicious electronic communications for unsecure communication identification by a user. The invention configures adaptive simulated malicious electronic communications for interacting with users via user interfaces of the multiple electronic communication media and user devices. Another aspect of the invention is directed to configuring, dynamically and in real time, a simulated malicious electronic communication for one electronic communication medium, based on and in response to, user actions on another simulated malicious electronic communication on another electronic communication medium.
    Type: Grant
    Filed: July 12, 2018
    Date of Patent: September 8, 2020
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: Donald Joseph Cardinal, Shane Edward Asher, Travis John Hicks, Guy Vernon Pearson, Jr., Christopher Daniel Birch, Shannon Sabina Willis, Todd Anthony Smialek, Corey Scott Gillespie
  • Patent number: 10762203
    Abstract: Methods and systems for reducing the impact of malware/ransomware in a caching environment are provided. A system for reducing the impact of malware/ransomware includes a pattern detection module that identifies one or more file operations associated with one or more malicious patterns. Additionally, the one or more file operations act on data stored at a first data site. The system also includes an administration module that provides an alert to an administrator that one or more malicious patterns have been identified and determines an administration action in response to the alert. The system further includes a replication module that performs a replication action for the one or more file operations based on the administration action, wherein the replication action is performed in relation to replicated data stored at a second data site.
    Type: Grant
    Filed: August 27, 2018
    Date of Patent: September 1, 2020
    Assignee: International Business Machines Corporation
    Inventors: Ashish Pandey, Deepak Ghuge, Sandeep Ramesh Patil
  • Patent number: 10764255
    Abstract: An industrial control system that includes a cloud platform facilitates secure execution of command data for an industrial device in communication with the cloud platform. The system includes an interface component, a validation component and an execution component. The interface component transmits industrial data associated with an industrial device to the cloud platform that analyzes the industrial data. The interface component also receives, from the cloud platform, command data for the industrial device that is generated based on the industrial data. The validation component validates the command data received from the cloud platform based on execution data indicative of a set of conditions for the command data. The validation component also establishes a secure communication link with the industrial device in response to a determination that the command data is approved for execution on the industrial device. The execution component initiates execution of the command data via the industrial device.
    Type: Grant
    Filed: September 21, 2016
    Date of Patent: September 1, 2020
    Assignee: Rockwell Automation Technologies, Inc.
    Inventors: Juan L. Asenjo, Francisco Maturana
  • Patent number: 10764298
    Abstract: A computer-implemented method is provided for comparing the security profile of a particular entity to peer entities. The method can include receiving, for a particular entity, (i) a value for at least one feature and (ii) a number of security records of one or more security risk types. The method can include determining peer entities based on the value of the features; obtaining, for each peer entity, a number of security records; and adjusting the number of peer security records based on the number of entity security records. The method can further include comparing, for one or more security risk types, the received number of security records for the particular entity to the respective adjusted number of security records for each peer entity; and comparing a security profile of the particular entity to security profiles of the population of peer entities based on the comparison for the security risk types.
    Type: Grant
    Filed: February 26, 2020
    Date of Patent: September 1, 2020
    Assignee: BitSight Technologies, Inc.
    Inventors: Marc Noel Light, Liwei Lin, Thomas Erhardt Montroy, Miguel Pinto
  • Patent number: 10764314
    Abstract: Embodiments of the present disclosure are directed to updating categorization of online content. An analytics engine implemented at least partially in hardware can receive an engagement indicator across a network interface; identify a type of the engagement indicator, the type of the engagement indicator comprising one of a positive engagement indicator or a negative engagement indicator; and update the reputation data stored in memory based on the type of the engagement indicator. A safe harbor time window is described during with user activity with online content is not reported to system administrators.
    Type: Grant
    Filed: August 23, 2018
    Date of Patent: September 1, 2020
    Assignee: McAfee, LLC
    Inventor: Craig Philip Olinsky
  • Patent number: 10754948
    Abstract: Under one aspect, a method is provided for protecting a device from a malicious file. The method can be implemented by one or more data processors forming part of at least one computing device and can include extracting from the file, by at least one data processor, sequential data comprising discrete tokens. The method also can include generating, by at least one data processor, n-grams of the discrete tokens. The method also can include generating, by at least one data processor, a vector of weights based on respective frequencies of the n-grams. The method also can include determining, by at least one data processor and based on a statistical analysis of the vector of weights, that the file is likely to be malicious. The method also can include initiating, by at least one data processor and responsive to determining that the file is likely to be malicious, a corrective action.
    Type: Grant
    Filed: April 18, 2017
    Date of Patent: August 25, 2020
    Assignee: Cylance Inc.
    Inventors: Li Li, Xuan Zhao, Sepehr Akhavan-Masouleh, John Hendershott Brock, Yaroslav Oliinyk, Matthew Wolff
  • Patent number: 10756804
    Abstract: A relay device assists in enabling lawful intercept (LI) by reporting, to a LI entity associated with the cellular network, authenticated identities of remote UEs (such as remote UEs connected via proximity services) and identification information that may allow the LI entity to monitor traffic (and/or control statistics related to the traffic) associated with the remote UEs. The authentication of the remote UEs may be performed using a technique that does not require involvement of the cellular network.
    Type: Grant
    Filed: March 27, 2015
    Date of Patent: August 25, 2020
    Assignee: Apple Inc.
    Inventors: Alexandre Stojanovski, Muthaiah Venkatachalam
  • Patent number: 10757134
    Abstract: According to one embodiment, a computerized method is directed to neutralizing callback malware. This method involves intercepting a message directed to an endpoint device, where the message is in response to a callback message sent from callback malware operating on the endpoint device. Thereafter, a first portion of information within the message is substituted with a second portion of information. The second portion of information includes code that is configured to overwrite at least a portion of the callback malware and cause the callback malware to become inoperable or mitigate its operability.
    Type: Grant
    Filed: September 24, 2018
    Date of Patent: August 25, 2020
    Assignee: FireEye, Inc.
    Inventor: Hatem Eyada
  • Patent number: 10754819
    Abstract: An embodiment of the present invention is directed to an automated archiving tool. A system that implements an automated archiving tool comprises: a memory component; an interactive interface that receives one or more user inputs; and a processor, coupled to the memory component and the interactive interface, the processor configured to perform the steps comprising: querying for issues that meet an archive criteria; performing an export of the queried issues that meet the archive criteria; executing a script creating a macro for tickets and associated attachments; archiving the tickets as flat files; executing a script to index the archived issues by project; moving support files to a common directory; macro archiving the attachments; and identifying local references.
    Type: Grant
    Filed: May 5, 2017
    Date of Patent: August 25, 2020
    Assignee: JPMorgan Chase Bank, N.A.
    Inventor: James Todd Barnes
  • Patent number: 10756956
    Abstract: A software-defined network controller (SDN controller) defines a first network flow to be selectively implemented by a networking device according to a first network operation profile. The SDN controller defines a second network flow to be selectively implemented by the networking device according to a second network operation profile. A memory device of the networking device may store at least first and second network operation profiles for selective implementation based on network packet characteristic matching and/or a “trigger alarm” event. The first network operation profile is implemented when an incoming network packet matches a pre-defined and/or customizable network packet characteristic match template. The second network operation profile is implemented when a “trigger alarm” event is received. A network operation profile may execute a write action to latch, or otherwise trigger, a physical alarm of a networking device or associated device.
    Type: Grant
    Filed: January 16, 2019
    Date of Patent: August 25, 2020
    Assignee: Schweitzer Engineering Laboratories, Inc.
    Inventors: Dennis Gammel, Rhett Smith
  • Patent number: 10749890
    Abstract: Disclosed herein are embodiments of systems, methods, and products comprise an analytic server, which provides a SilverlineRT system that prioritizes and analyzes security alerts and events. The server builds an attack tree based on attack detection rules. The server monitors large-scale distributed systems and receives alerts from various devices. The server determines attacks using the attack tree while excluding false alarms. The server determines impact and risk metrics for attacks in real-time, and calculates an impact score for each attack. The server ranks and prioritizes the attacks based on the impact scores. The server also generates real-time reports. By consider the mission and system specific context in the analysis alert information, the server gives insight into the overall context of problems and potential solutions, improving decision-making. By showing the impacts of alters, the server allows security personnel to prioritize responses and focus on highest value defense activities.
    Type: Grant
    Filed: June 19, 2018
    Date of Patent: August 18, 2020
    Assignee: Architecture Technology Corporation
    Inventors: Scott Aloisio, Robert Joyce, Judson Powers
  • Patent number: 10742670
    Abstract: Utility driven graph summarization for use in detecting and preventing malicious computer application. In one embodiment, a method may include receiving a graph comprising a plurality of nodes and a plurality of edges, prioritizing each of the plurality of nodes by way of assigning a relative importance value to each node of the plurality of nodes, combining at least two nodes of the plurality of nodes into a supernode based at least on the relative importance value of each node, calculating a utility penalty value for creating a superedge between the supernode and a node neighboring the supernode, creating the superedge between the supernode and the node neighboring the supernode if the utility penalty value satisfies a pre-determined penalty threshold, calculating a utility level based at least in part on creating the supernode and the superedge, and repeating the method until the calculated utility level satisfies a pre-determined threshold.
    Type: Grant
    Filed: April 18, 2018
    Date of Patent: August 11, 2020
    Assignee: NORTONLIFELOCK INC.
    Inventors: Ashwin Kumar Kayyoor, Petros Efstathopoulos
  • Patent number: 10742484
    Abstract: Described herein are systems, methods, and software to enhance the management of responses to incidents. In one example, a method of improving incident response comprises identifying an incident in an information technology (IT) environment associated with a first entity of a plurality of entities, and identifying action implementation information related to the incident. The method further anonymizes the action implementation information for the incident, and determines action suggestions based at least on the anonymized action implementation information.
    Type: Grant
    Filed: July 31, 2018
    Date of Patent: August 11, 2020
    Assignee: Splunk Inc.
    Inventors: Oliver Friedrichs, Atif Mahadik, Govind Salinas, Sourabh Satish
  • Patent number: 10742682
    Abstract: An attack data packet processing method, an apparatus, and a system are provided. The method includes receiving, by a management node, description information of an attack data packet and an attack type of the attack data packet, where the description information and the attack type are sent by an awareness node; determining a processing policy on the attack data packet of the attack type according to the attack type; and sending the description information and the processing policy to a switch using a software-defined networking controller, so that the switch performs an operation indicated by the processing policy on the attack data packet with the description information.
    Type: Grant
    Filed: June 22, 2017
    Date of Patent: August 11, 2020
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Qinghua Yu, Xinhua Yang
  • Patent number: 10733301
    Abstract: A computing device communicates a request to a risk determination system to determine whether particular content is malware. The content is oftentimes a file containing a program to be run, but can alternatively take other forms, and an indication of the content is provided to the risk determination system. Additional information describing attributes of the computing device is also provided to the risk determination system. These attributes can include for the computing device hardware specifications, operating system specifications, anonymized information, information describing anti-virus or other anti-malware program settings, information describing programs running on the computing device, and so forth. The risk determination system analyzes the information describing attributes and/or activity of the computing device to determine a risk factor of the content, and from the risk factor determines whether the content is malware for the computing device.
    Type: Grant
    Filed: August 24, 2016
    Date of Patent: August 4, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Tudor Alexandru Dobrila, Caglar Gunyakti, Brian Paul Bussone
  • Patent number: 10735246
    Abstract: Monitoring an object to prevent an occurrence of an issue includes monitoring an object based on a number of parameters, categorizing messages of the object into categories while monitoring for a recurrence of a pattern of messages, detecting a potential issue with the object based on the recurrence of the pattern of messages, and alerting an operations manager agent of the potential issue to prevent an occurrence of the issue.
    Type: Grant
    Filed: January 10, 2014
    Date of Patent: August 4, 2020
    Assignee: ENT. SERVICES DEVELOPMENT CORPORATION LP
    Inventors: Roberto Antonio Contreras Masse, Rong Pan, Rajesh Dontula, Dong Han, Jun Wang, Guo-Xiang Qin, Easwaran Nadhan
  • Patent number: 10733072
    Abstract: Systems for alerting in computing systems. A method commences by defining a plurality of analysis zones bounded by respective ranges of system metric values, which ranges in turn correspond a plurality of system behavior classifications. System observations are taken while the computing system is running. A system observation comprising a measured metric value is classified into one or more of the behavior classifications. Based on the classification, one or more alert analysis processes are invoked to analyze the system observation and make a remediation recommendation. An alert or remediation is raised or suppressed based on one or more zone-based analysis outcomes. An alert is raised when anomalous behavior is detected. The system makes ongoing observations to learn how and when to classify a measured metric value into normal or anomalous behaviors. As changes occur in the system configuration, the analysis zones are adjusted to reflect changing bounds of the zones.
    Type: Grant
    Filed: July 31, 2018
    Date of Patent: August 4, 2020
    Assignee: Nutanix, Inc.
    Inventors: Zihong Lu, Abhinay Nagpal, Harry Hai Yang, Himanshu Shukla, Shyama Sundar Duriseti, Surendran Madheswaran, Cong Liu
  • Patent number: 10733293
    Abstract: Systems, computer program products, and methods are described herein for cross platform user event record aggregation system. The present invention is configured to receive one or more exposure events from one or more detection systems; determine that a combination of at least a portion of the one or more exposure events indicates an intrusion in at least one of the one or more detection systems, thereby requiring elevated review of each exposure event; initiate the elevated review based on at least the indication of the intrusion; determine whether the intrusion is benign or harmful; and re-train the machine learning algorithm based on at least determining whether the intrusion is benign or harmful, thereby adjusting the score for future incidents of each exposure event in the combination of at least a portion of the one or more exposure events.
    Type: Grant
    Filed: January 28, 2020
    Date of Patent: August 4, 2020
    Assignee: Bank of America Corporation
    Inventors: Scott Anderson Sims, Kolt Arthur Bell, Michael Joseph Carroll, Elliot Piatetsky, Stephen M. Schneeweis, Craig D. Widmann, Dharmender Kumar Satija, Sai Kishan Alapati
  • Patent number: 10735465
    Abstract: A computer network endpoint is secured to prevent information leak or other compromise by instantiating in memory first, second and third security zones. With respect to an authorized user, the first zone is readable and writable, the second zone is read-only, and the third zone is neither readable nor writable. System information (e.g., applications, libraries, policies, etc.) are deployed into the first zone from the second zone. When sensitive data is generated in the first zone, e.g., when a secure communication session is established using a cryptographic key, the sensitive data is transferred from the first zone to the third zone, wherein it is immune from information leak or other compromise. The sensitive information is transferable from the third zone to one or more external having a need to know that information. Because information does not pass directly from the first security zone to the external systems, the endpoint is secured against information leak or other attack.
    Type: Grant
    Filed: June 29, 2019
    Date of Patent: August 4, 2020
    Assignee: International Business Machines Corporation
    Inventors: Kuo-Chun Chen, Wei-Hsiang Hsiung, Sheng-Tung Hsu, Fadly Yahaya
  • Patent number: 10735439
    Abstract: A method and system for matching event sequences for predictive detection of cyber-attacks are discussed. The method comprises receiving a reference event sequence and a query event sequence; converting the reference event sequence to a first step-value list and the query event sequence to a second step-value list; and matching the first and second step-value lists to identify at least one optimal common pattern.
    Type: Grant
    Filed: August 31, 2017
    Date of Patent: August 4, 2020
    Assignee: Radware, Ltd.
    Inventors: Yotam Ben Ezra, Mor Krispil
  • Patent number: 10735455
    Abstract: A system is provided for anonymously detecting and blocking threats within a telecommunications network. A network analyzer of the system may intercept traffic, or receive log files, related to traffic that passes over the network, collect metadata that includes values of data attributes associated with the traffic, interpret the metadata and therefrom generate and transmit a request for an associated threat score for the value of a data attribute, and receive the associated threat score and based thereon initiate a block or redirection of the traffic. A score requestor of the system may receive and serve the request by either returning the score from local storage or otherwise, generating and transmitting a secondary request to a scoring engine configured to calculate the associated threat score and the associated threat score to the score requestor to return to the network analyzer.
    Type: Grant
    Filed: June 6, 2016
    Date of Patent: August 4, 2020
    Assignee: Dark3, LLC
    Inventors: Vincent Owen Crisler, Theresa Marie Payton
  • Patent number: 10728264
    Abstract: A technique includes receiving data identifying behavior anomalies that are exhibited by entities that are associated with a computer system. The technique includes associating the behavior anomalies with contexts based at least in part on threat intelligence to provide modified anomalies. The threat intelligence associates the contexts with indicators of potential breach. The technique includes characterizing the behavior anomaly identification based at least in part on the threat intelligence. The characterization includes applying machine learning to features of the modified anomalies to classify the identified behavior anomalies.
    Type: Grant
    Filed: February 15, 2017
    Date of Patent: July 28, 2020
    Assignee: Micro Focus LLC
    Inventors: Sandeep N. Bhatt, Pratyusa K. Manadhata, Tomas Sander
  • Patent number: 10728309
    Abstract: There is provided an information management system having: a management server device and a client terminal, wherein the management server device includes: a processor programmed to: store information to be managed; and determine whether or not to transmit at least some of the stored information to an outside of the information management system, and wherein the client terminal includes: a processor programmed to: determine whether or not to transfer the information stored by the management server device; and transmit at least some of the stored information to the outside of the information management system based on a result determined by the management server device and a result determined by the client terminal.
    Type: Grant
    Filed: October 17, 2016
    Date of Patent: July 28, 2020
    Assignee: PFU LIMITED
    Inventors: Takuya Moriyama, Masahito Sakui
  • Patent number: 10728256
    Abstract: Systems, computer program products, and methods are described herein for elevated authentication model using cross-channel data. The present invention is configured to receive one or more exposure events from a detection system, wherein at least one of the one or more exposure events indicates that a user has failed an authentication requirement in at least one communication channel associated with the detection system; store the one or more exposure events in a centralized repository; determine one or more other communication channels across the one or more detection systems available for access to the user; and increase an authentication requirement of the user in the one or more other communication channels, wherein increasing the authentication requirement further comprises increasing an authentication level required to enable the user to access at least one of the one or more functions associated with at least one of the one or more applications.
    Type: Grant
    Filed: October 30, 2017
    Date of Patent: July 28, 2020
    Assignee: Bank of America Corporation
    Inventors: Scott Anderson Sims, Kolt Arthur Bell, Michael Joseph Carroll, Andrew DongHo Kim, Elliot Piatetsky, Stephen M. Schneeweis, Michael E. Toth, Craig D. Widmann, Dharmender Kumar Satija, Sai Kishan Alapati
  • Patent number: 10715547
    Abstract: A method for detecting a man-in-the-middle attack against communications between a client device and a specific remote end point over a network, the method using probe software installed on the client device, the method comprising the probe software sending a connection initiation request from the client device over the network, directed to the remote end point, to at least partially initiate a secure network connection between the remote end point and the client device, receiving at the client device encryption credentials sent to the client device in response to the connection initiation request, the probe software comparing the received encryption credentials with expected encryption credentials for the remote end point, and the probe software determining that a man-in-the-middle attack is present if the received encryption credentials do no match the expected encryption credentials.
    Type: Grant
    Filed: April 8, 2016
    Date of Patent: July 14, 2020
    Assignee: Wandera Limited
    Inventors: John Edwards, Matthew Vlasach
  • Patent number: 10713362
    Abstract: A method of detecting malware in a specimen of computer content or network traffic is described. The method features conducting a first analysis on the specimen in accordance with a first plurality of analyses and an order of the first plurality of analyses. A second analysis is conducted on the specimen different than the first analysis type. Thereafter, further analyses on the specimen may be altered by modifying information associated with the first plurality of analyses or the order of the first plurality of analyses in response to feedback information based on results from at least the first analysis. The modified information changes a malware analysis of the specimen from being conducted in accordance with the first plurality of analyses to being conducted in accordance with a second plurality of analyses different in analysis type or in order of analyses than the first plurality of analyses.
    Type: Grant
    Filed: March 5, 2018
    Date of Patent: July 14, 2020
    Assignee: FireEye, Inc.
    Inventors: Michael Vincent, Ali Mesdaq, Emmanuel Thioux, Abhishek Singh, Sai Vashisht
  • Patent number: 10715469
    Abstract: A method, apparatus, system, and computer program product for processing messages. A message is received from a producer by a computer system. The message is sent to a consumer by the computer system. The message is sent to a set of consumers in addition to the consumer by the computer system in response to an adverse condition being present for the consumer after sending the message the consumer. A set of actions is performed in response to the adverse condition being present in the set of consumers receiving the message.
    Type: Grant
    Filed: September 19, 2018
    Date of Patent: July 14, 2020
    Assignee: International Business Machines Corporation
    Inventors: Samuel Hawker, Adam J. Pilkington, Matthew Chirgwin, Andrew Dunnings
  • Patent number: 10715404
    Abstract: A slice changing device is disclosed including a circuitry configured to acquire, in a case where a condition for changing a slice is satisfied, a connection destination of a slice after change. The circuitry is further configured to notify a communication device that connects a terminal using a slice and a connection destination of a slice of the acquired connection destination, and to release a resource relating to a slice before change after notification by the notifying means, where a service which is used by the terminal is allocated to a slice, and in a case where a condition in which the slice is changed is satisfied, the service is allocated to a slice after change.
    Type: Grant
    Filed: March 30, 2017
    Date of Patent: July 14, 2020
    Assignee: NTT DOCOMO, INC.
    Inventors: Takuya Shimojou, Shigeru Iwashina
  • Patent number: 10713098
    Abstract: Stored cookie information is obtained from a first browser from among a plurality of browsers where each of the plurality of browsers stores respective cookie information. In a case where a second browser is used, the cookie information obtained from the first browser is passed to the second browser.
    Type: Grant
    Filed: February 14, 2019
    Date of Patent: July 14, 2020
    Assignee: Canon Kabushiki Kaisha
    Inventor: Masaaki Sato
  • Patent number: 10715546
    Abstract: Embodiments of this application disclose a website attack detection and protection method and system performed by a computing device, applied to the field of information processing technologies. In the method in the embodiments, the computing device calculates a parameter value of an information aggregation degree parameter corresponding to each field included in a header of a request for accessing a website, and then determines, according to the parameter value or a variation degree of the parameter value of the information aggregation degree parameter of the field, whether the website suffers a Challenge Collapsar attack.
    Type: Grant
    Filed: March 7, 2019
    Date of Patent: July 14, 2020
    Assignee: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED
    Inventor: Dandan Peng
  • Patent number: 10715549
    Abstract: The present disclosure describes systems and methods for using a model for a predetermined role for simulated phishing campaigns. A campaign controller communicates simulated phishing communications to one or more devices of a user using a model that the campaign controller selects from a plurality of models in a database that have been established for predetermined roles of a company. The model is selected based on one or more attributes of the user that are identified by the campaign controller. The campaign controller identifies one or more attributes of each user of a plurality of users for the simulated phishing campaign, and the campaign controller selects a respective model for each user based on the attributes of each user, wherein the models are not all the same for all of the users.
    Type: Grant
    Filed: December 1, 2017
    Date of Patent: July 14, 2020
    Assignee: KnowBe4, INC.
    Inventors: Alin Irimie, Stu Sjouwerman, Greg Kras, Eric Sites
  • Patent number: 10708302
    Abstract: Systems and methods are provided for automatically detecting phishing attacks. Network traffic may be monitored to detected phishing attacks and/or identify phishing websites and/or target websites. The monitoring may comprise generating and analysing logs corresponding to the monitored network traffic, with the logs comprising network traffic events and/or information relating to requesting and responding addresses. The network traffic events used in detecting phishing attacks may comprise sequences each comprising one or more requests and responses. Requested websites may be identified as phishing websites based on event sequences meeting particular criteria. Components and/or functions utilized for monitoring the network traffic and/or automatic phishing detection based thereon may be implemented as parts of a browser and/or network routers utilized during typical and normal use operations.
    Type: Grant
    Filed: July 26, 2016
    Date of Patent: July 7, 2020
    Assignee: SWISSCOM AG
    Inventors: Ulrich Buergi, Florian Angehrn
  • Patent number: 10708285
    Abstract: Techniques are disclosed for facilitating analysis of cloud activity. A cloud activity analysis agent may run within a virtual machine in a cloud computing environment to collecting information regarding computing activity within the virtual machine. The cloud activity analysis agent may include, in network flow data records, cloud activity data based on the collected information. The cloud activity analysis agent may then transmit the network flow data records to a network device for flow analysis. In some embodiments, the network flow data records are transmitted to a network flow analyzer that is configured to receive the cloud activity data and is further configured to receive network flow data from one or more flow collectors within a network of the entity. The network flow analyzer may then perform a security analysis for the entity based on the network flow data and the cloud activity data.
    Type: Grant
    Filed: November 15, 2016
    Date of Patent: July 7, 2020
    Assignee: Ziften Technologies, Inc.
    Inventors: Ryan Holeman, Al Hartmann, Josh Harriman, Josh Applebaum
  • Patent number: 10698398
    Abstract: An alarm display system includes: a database configured to store a plurality of sets of predetermined events, occurrence probabilities of the events, checking situations of the events, and countermeasure policies of the events in association with the sets; an alarm information acquisition unit configured to acquire alarm information indicating that the events occur in monitoring target devices; a support information addition unit configured to add support information for supporting determination of a countermeasure for the alarm information according to information stored in the database, to the acquired alarm information; and a display unit configured to display alarm display information in which the support information is added.
    Type: Grant
    Filed: January 26, 2018
    Date of Patent: June 30, 2020
    Assignee: MITSUBISHI HITACHI POWER SYSTEMS, LTD.
    Inventors: Makoto Kishi, Satoru Mori, Yuki Nakazawa, Toru Tanaka
  • Patent number: 10698927
    Abstract: Methods, systems and apparatus, including computer programs encoded on computer storage media for compressing sensor log information. One of the methods includes accessing log information maintained in one or more databases, the log information being generated in response to actions associated with entities, and the log information indicative of respective sessions for which one or more logs were generated, each log indicating an entity. Log information is grouped according to entity. One or more logs associated with respective sessions based on the grouped log information. Compressed logs are generated from logs associated with respective sessions based on compression rules.
    Type: Grant
    Filed: August 8, 2017
    Date of Patent: June 30, 2020
    Assignee: Palantir Technologies Inc.
    Inventors: Daniel Chin, Daniel Dries
  • Patent number: 10698783
    Abstract: A method of detecting virtualization in a computing system, which includes a processor having at least three hierarchical privilege levels including a third privilege level more privileged than a second privilege level, the second privilege level more privileged than a first privilege level, is described. The method includes: executing a program on the processor at a privilege level less privileged than the third privilege level, the program including a load-exclusive instruction of the processor, followed by at least one instruction of the processor capable of being trapped to the third privilege level, followed by a store-exclusive instruction of the processor; and determining presence or absence of virtualization software at least a portion of which executes at the third privilege level in response to a return status of the store-exclusive instruction.
    Type: Grant
    Filed: January 9, 2018
    Date of Patent: June 30, 2020
    Assignee: VMware, Inc.
    Inventors: Andrei Warkentin, Cyprien Laplace, Regis Duchesne, Ye Li, Alexander Fainkichen
  • Patent number: 10701037
    Abstract: The invention enables high-availability, high-scale, high security and disaster recovery for API computing, including in terms of capture of data traffic passing through proxies, routing communications between clients and servers, and load balancing and/or forwarding functions. The invention inter alia provides (i) a scalable cluster of proxies configured to route communications between clients and servers, without any single point of failure, (ii) proxy nodes configured for implementing the scalable cluster (iii) efficient methods of configuring the proxy cluster, (iv) natural resiliency of clusters and/or proxy nodes within a cluster, (v) methods for scaling of clusters, (vi) configurability of clusters to span multiple servers, multiple racks and multiple datacenters, thereby ensuring high availability and disaster recovery (vii) switching between proxies or between servers without loss of session.
    Type: Grant
    Filed: May 25, 2016
    Date of Patent: June 30, 2020
    Assignee: Ping Identity Corporation
    Inventors: Udayakumar Subbarayan, Bernard Harguindeguy, Anoop Krishnan Gopalakrishnan, Abdu Raheem Poonthiruthi
  • Patent number: 10691668
    Abstract: Machine-generated data is divided into its metadata (or contextual data) that is indicative of a data container, and the data values themselves that are indicative of sensed variables. The metadata is checked to obtain a container integrity indicator of whether the data is accurate based on characteristics of the data container. The actual data values are subjected to quality checking to determine whether they have been corrupted by inaccuracies. Data corresponding to inaccurate metadata or inaccurate data values themselves is quarantined, and correction logic attempts to correct any inaccurate data. Corrected data is output with the verified data.
    Type: Grant
    Filed: August 25, 2016
    Date of Patent: June 23, 2020
    Assignee: Deere & Company
    Inventors: Sebastian Blank, Dohn W. Pfeiffer, Robert A. Stevens
  • Patent number: 10693909
    Abstract: A computer network endpoint is secured to prevent information leak or other compromise by instantiating in memory first, second and third security zones. With respect to an authorized user, the first zone is readable and writable, the second zone is read-only, and the third zone is neither readable nor writable. System information (e.g., applications, libraries, policies, etc.) are deployed into the first zone from the second zone. When sensitive data is generated in the first zone, e.g., when a secure communication session is established using a cryptographic key, the sensitive data is transferred from the first zone to the third zone, wherein it is immune from information leak or other compromise. The sensitive information is transferable from the third zone to one or more external having a need to know that information. Because information does not pass directly from the first security zone to the external systems, the endpoint is secured against information leak or other attack.
    Type: Grant
    Filed: January 19, 2018
    Date of Patent: June 23, 2020
    Assignee: International Business Machines Corporation
    Inventors: Kuo-Chun Chen, Wei-Hsiang Hsiung, Sheng-Tung Hsu, Fadly Yahaya