Intrusion Detection Patents (Class 726/23)
  • Patent number: 11902324
    Abstract: Systems and methods are disclosed that minimize ongoing risk to an organization from user behaviors which magnify the severity of a spoofed domain. Systems and method are provided which enable an entity and users of an entity to identify potential harmful domains, combining search, discovery, reporting, the generation of risk indicators, end-user risk assessments, and training into a security awareness system.
    Type: Grant
    Filed: April 1, 2022
    Date of Patent: February 13, 2024
    Inventors: Stu Sjouwerman, Alin Irimie, Greg Kras
  • Patent number: 11902309
    Abstract: Historical time-series data can be analyzed using a probabilistic model to determine one or more distributions, including at least a normal distribution and an anomaly distribution. These distributions can be analyzed to obtain values for distribution parameters, such as mean, standard deviation, and density, as well as other statistical parameters, for use in building a forecasting model. This model can analyze the time-series data to predict or forecast actionable anomalies at one or more future points or periods in time, such as may exceed a determined anomaly threshold with at least a minimum amount of confidence. A determination can be made as to one or more actions to take in anticipation of the anomalous event, or volume of events, such as to attempt to prevent the occurrence or to be better positioned to handle the occurrence. Such forecasting or prediction can utilize both modeling and feature engineering.
    Type: Grant
    Filed: June 25, 2021
    Date of Patent: February 13, 2024
    Assignee: Amazon Technologies, Inc.
    Inventors: Vijayan Nagarajan, Lisa Harrington Waygood, Siddharth Krishnamurthy
  • Patent number: 11902316
    Abstract: A cybersecurity assessment system is provided for monitoring, assessing, and addressing the cybersecurity status of a target network. The cybersecurity assessment system can analyze the scan data and determine a degree to which the current status of the target network satisfies a particular cybersecurity readiness standard, and how the status changes over time. The cybersecurity assessment system can also transform large amounts of vulnerability scan data into efficient representations for use in providing interactive presentations of the vulnerabilities detected on the target network. The cybersecurity assessment system can also provide information regarding cybersecurity events in substantially real time.
    Type: Grant
    Filed: March 8, 2022
    Date of Patent: February 13, 2024
    Assignee: Cytellix Corporation
    Inventors: Brian Douglas Berger, Howard Chen Lin, Andrew Michael Fabrizio
  • Patent number: 11902127
    Abstract: In one embodiment, a device computes time series dynamics for a performance metric of a path in a network used to convey traffic for an online application. The device matches those time series dynamics to one or more dynamics categories. The device makes a determination as to whether the path in the network is anomalous, based on the one or more dynamics categories. The device provides, based on the determination, an indication that the path in the network is anomalous for display.
    Type: Grant
    Filed: November 23, 2021
    Date of Patent: February 13, 2024
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Jean-Philippe Vasseur, Sambarta Dasgupta, Vinay Kumar Kolar
  • Patent number: 11902303
    Abstract: A system configured to detect a threat activity on a network. The system including a digital device configured to detect a first order indicator of compromise on a network, detect a second order indicator of compromise on the network, generate a risk score based on correlating said first order indicator of compromise on the network with the second order indicator of compromise on said network, and generate at least one incident alert based on comparing the risk score to a threshold.
    Type: Grant
    Filed: July 29, 2022
    Date of Patent: February 13, 2024
    Assignee: Juniper Networks, Inc.
    Inventors: Fengmin Gong, Alexander Burt, Frank Jas
  • Patent number: 11895147
    Abstract: A system for suspending a computing device suspected of being infected by a malicious code is configured to receive a signal to initiate a suspension procedure of the computing device. The system captures states of instructions that are being executed by a processor of the computing device, where the instructions comprise the malicious code. The system prioritizes the operation of a kill switch button over the instructions being executed by the processor. The system sends notification signals to servers managing a user account associated with a user currently logged in at the computing device, indicating that the computing device is suspected of having been infected by the malicious code. In response to sending the notification signals to the servers, the user account is suspended. The system terminates network connections of the computing device such that the computing device is disconnected from other devices.
    Type: Grant
    Filed: November 29, 2022
    Date of Patent: February 6, 2024
    Assignee: Bank of America Corporation
    Inventors: Adam B. Richman, William Thomas Stranathan, Anusha Ravulapati, Kenneth Aaron Kaye, Nikhil Harish Sanil, Alice Yali Chang, Brady Prentice Merkel
  • Patent number: 11892926
    Abstract: Described embodiments provide systems and methods for displaying a service graph in association with a time of a detected anomaly. A device may store a plurality of snapshots of a service graph of a plurality of microservices. Each of the snapshots of the service graphs include metrics at a respective time increment from execution of each of the plurality of microservices. The device may detect an anomaly with operation of one or more microservices of the plurality of services. The device may identify a set of snapshots of the service graph within a predetermined time period of a time of the anomaly. The device may display each of the snapshots in the set of snapshots of in sequence corresponding to time increments within the predetermined time period of the time of the anomaly.
    Type: Grant
    Filed: August 3, 2022
    Date of Patent: February 6, 2024
    Inventors: Chiradeep Vittal, Abhishek Chauhan
  • Patent number: 11895148
    Abstract: Techniques for detecting and mitigating Denial of Service (DoS) attacks in distributed networking environment are disclosed. In certain embodiments, a DoS detection and mitigation system is disclosed that automatically monitors and analyzes network traffic data in a distributed networking environment using a set of pre-defined threshold criteria. The system includes capabilities for automatically invoking various mitigation techniques that take actions on malicious traffic based on the analysis and the pre-defined threshold criteria. The system includes capabilities for automatically detecting and mitigating “outbound” DoS attacks by analyzing network traffic data originating from an entity within the network to a public network (e.g., the Internet) outside the network as well as detect and mitigate “east-west” DoS attacks by analyzing network traffic data originating from a first entity located in a first data center of the network to a second entity located in a second data center of the network.
    Type: Grant
    Filed: September 7, 2022
    Date of Patent: February 6, 2024
    Assignee: ORACLE INTERNATIONAL CORPORATION
    Inventors: Jesse Gingold, Jaiminkumar Kantilal Patel, Karl Georg Brumund
  • Patent number: 11895124
    Abstract: There is provided data-efficient threat detection method in a computer network. The method can include: receiving raw data related to a network node, generating local 5 behaviour models related to the network node; generating at least one common model of normal behaviour on the basis of local behaviour models related to multiple network nodes; filtering input events by using a measure for estimating the likelihood that the input event is produced by the generated common model of normal behaviour and/or by the generated one or more local behaviour models, wherein only input events having a 10 likelihood below a predetermined threshold of being produced by any one of the models are passed through the filtering; and processing input events passed through the filtering for generating a security related decision.
    Type: Grant
    Filed: September 23, 2020
    Date of Patent: February 6, 2024
    Assignee: F-SECURE CORPORATION
    Inventor: Matti Aksela
  • Patent number: 11895128
    Abstract: Artificial Intelligence (“AI”) apparatus and method are provided that correlate and consolidate operation of discrete vendor tools for detecting cyberthreats on a network. An AI engine may filter false positives and eliminate duplicates within cyberthreats detected by multiple vendor tools. The AI engine provides machine learning solutions to complexities associated with translating vendor-specific cyberthreats to known cyberthreats. The AI engine may ingest data generated by the multiple vendor tools. The AI engine may classify hardware devices or software applications scanned by each vendor tool. The AI engine may decommission vendor tools that provide redundant cyberthreat detection. The AI engine may display operational results on a dashboard directing cyberthreat defense teams to corroborated cyberthreats and away from false positives.
    Type: Grant
    Filed: January 15, 2021
    Date of Patent: February 6, 2024
    Assignee: Bank of America Corporation
    Inventors: Peggy J. Qualls, Ghada I. Khashab, Lori Mammoser, Ajay Jose Paul, Anthony R. Bandos, Sidy Diop
  • Patent number: 11895129
    Abstract: A device may receive a malicious file associated with a network of network devices and may identify a file type and file characteristics associated with the malicious file. The device may determine one or more rules to apply to the malicious file based on the file type and the file characteristics associated with the malicious file and may apply the one or more rules to the malicious file to generate a partial file signature for the malicious file. The device may provide the partial file signature for the malicious file to one or more of the network devices of the network. The partial file signature may cause the one or more of the network devices to block the malicious file.
    Type: Grant
    Filed: June 29, 2021
    Date of Patent: February 6, 2024
    Assignee: Juniper Networks, Inc.
    Inventors: Paul Randee Dilim Kimayong, Mounir Hahad
  • Patent number: 11895145
    Abstract: The methods and system described herein automatically generate network router access control entities (ACEs) that are used to filter internet traffic and more specifically to block malicious traffic. The rules are generated by an ACE engine that processes incoming internet packets and examines existing ACEs and a statistical profile of the captured packets to produce one or more recommended ACEs with a quantified measure of confidence. Preferably, a recommended ACE is identified in real time of the attack, and preferably selected from a library of pre-authored ACEs. It is then deployed automatically or alternatively sent to system personnel for review and confirmation.
    Type: Grant
    Filed: January 6, 2022
    Date of Patent: February 6, 2024
    Assignee: Akamal Technologies, Inc.
    Inventors: Bonita G. Lee, Christopher Bero
  • Patent number: 11886587
    Abstract: Aspects of the present invention disclose a method, computer program product, and system for detecting a malicious process by a selected instance of an anti-malware system. The method includes one or more processors examining a process for indicators of compromise to the process. The method further includes one or more processors determining a categorization of the process based upon a result of the examination. In response to determining that the categorization of the process does not correspond to a known benevolent process and a known malicious process, the method further includes one or more processors executing the process in a secure enclave. The method further includes one or more processors collecting telemetry data from executing the process in the secure enclave. The method further includes one or more processors passing the collected telemetry data to a locally trained neural network system.
    Type: Grant
    Filed: October 13, 2020
    Date of Patent: January 30, 2024
    Assignee: KYNDRYL, INC
    Inventors: Arjun Udupi Raghavendra, Tim Uwe Scheideler, Matthias Seul, Andrea Giovannini
  • Patent number: 11888859
    Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity, the monitoring observing an electronically-observable data source; deriving an observable based upon the monitoring of the electronically-observable data source; identifying a security related activity, the security related activity being based upon the observable from the electronic data source; analyzing the security related activity, the analyzing the security related activity using a security risk persona; associating the security risk persona with a phase of a cyber kill chain; and, performing a security operation on the security related activity via a security system, the security operation disrupting performance of the phase of the cyber kill chain.
    Type: Grant
    Filed: December 11, 2020
    Date of Patent: January 30, 2024
    Assignee: Forcepoint LLC
    Inventors: Margaret Cunningham, Clifford Charles Wright
  • Patent number: 11888876
    Abstract: Systems, methods, and computer-readable media for performing threat remediation through a switch fabric of a virtualized network environment. Data traffic passing into a virtualized network environment including a plurality of virtual machines running on a switch fabric is monitored. A network threat introduced through at a least a portion of the data traffic is identified at the switch fabric. One or more remedial measures are performed in the network environment based on the identification of the network threat in the virtualized network environment.
    Type: Grant
    Filed: February 17, 2023
    Date of Patent: January 30, 2024
    Assignee: Cisco Technology, Inc.
    Inventors: Balaji Sundararajan, Gaurang Rajeev Mokashi, Preety Mordani, Vivek Agarwal
  • Patent number: 11887445
    Abstract: Realized is a configuration that monitors a behavior of a visitor and issues an alert or performs some other action in the case where a suspicious behavior is detected. The configuration includes a data processing section configured to monitor the behavior of the visitor. The data processing section identifies the visitor, acquires profile information of the identified visitor, determines a behavior monitoring mode of the visitor on the basis of the profile information, and monitors the behavior of the visitor according to the determined behavior monitoring mode.
    Type: Grant
    Filed: January 10, 2020
    Date of Patent: January 30, 2024
    Assignee: SONY GROUP CORPORATION
    Inventor: Kuniaki Torii
  • Patent number: 11888895
    Abstract: Aspects of the disclosure relate to generating threat intelligence information. A computing platform may receive forensics information corresponding to message attachments. For each message attachment, the computing platform may generate a feature representation. The computing platform may input the feature representations into a neural network, which may result in a numeric representation for each message attachments. The computing platform may apply a clustering algorithm to cluster each message attachments based on the numeric representations, which may result in clustering information. The computing platform may extract, from the clustering information, one or more indicators of compromise indicating that one or more attachments corresponds to a threat campaign.
    Type: Grant
    Filed: June 25, 2021
    Date of Patent: January 30, 2024
    Assignee: Proofpoint, Inc.
    Inventors: Zachary Mitchell Abzug, Kevin Patrick Blissett, Brian Sanford Jones
  • Patent number: 11888883
    Abstract: An enhanced threat disposition analysis technique is provided. In response to receipt of a security threat, a threat disposition score (TDS) is retrieved. The threat disposition score is generated from a machine learning scoring model that is built from information about historical security threats, including historical disposition of one or more alerts associated with the historical security threats. The system augments an alert to include the threat disposition score, optionally together with a confidence level, to generate an enriched alert. The enriched alert is then presented to the security analyst for handling directly. Depending on the TDS (and its confidence level), the analyst may be able to respond to the threat immediately, i.e., without further detailed investigation. Preferably, the machine learning model is updated continuously as the system handles security threats, thereby increasing the predictive benefit of the TDS scoring.
    Type: Grant
    Filed: June 14, 2017
    Date of Patent: January 30, 2024
    Assignee: International Business Machines Corporation
    Inventors: Gary I. Givental, Aankur Bhatia, Paul J. Dwyer
  • Patent number: 11886591
    Abstract: There is provided a system and a computerized method of remediating one or more operations linked to a given program running in an operating system, the method comprising: querying a stateful model to retrieve a group of entities related to the given program; terminating at least a sub set of the group of entities related to the given program; generating a remediation plan including one or more operations linked to the given program, the one or more operations being retrieved based on the group in the stateful model; and executing the remediation plan by undoing at least part of the one or more operations linked to the given program thereby restoring state of the operating system to a state prior to the given program being executed. There is further provided a computerized method of detecting malicious code related to a program in an operating system in a live environment.
    Type: Grant
    Filed: October 18, 2022
    Date of Patent: January 30, 2024
    Assignee: SENTINEL LABS ISRAEL LTD.
    Inventors: Almog Cohen, Tomer Weingarten, Shlomi Salem, Nir Izraeli, Asaf Karelsbad
  • Patent number: 11888881
    Abstract: Adaptive normal profiles are generated at a hierarchical scope corresponding to a set of endpoints and a process. Abnormal endpoint activity is detected by verifying whether event data tracking activity on the set of endpoints conforms to the adaptive normal profiles. False positives are reduced by verifying alarms correspond to normal endpoint activity. Abnormal event data is forwarded to a causality chain identifier that identifies abnormal chains of processes for the abnormal endpoint activity. A trained threat detection model receives abnormal causality chains from the causality chain identifier and indicates a likelihood of corresponding to a malicious attack that indicates abnormal endpoint behavior.
    Type: Grant
    Filed: September 12, 2022
    Date of Patent: January 30, 2024
    Assignee: Palo Alto Networks, Inc.
    Inventors: Shai Meir, Dany Cohen, Arkady Miasnikov, Ohad Ohayon
  • Patent number: 11888892
    Abstract: Cryptocurrency based malware and ransomware detection systems and methods are disclosed herein. An example method includes analyzing a plurality of malware or ransomware attacks to determine cryptocurrency payment address of malware or ransomware attacks, building a malware or ransomware attack database with the cryptocurrency payment addresses of the plurality of malware or ransomware attacks, identifying a proposed cryptocurrency transaction that includes an address that is included in the malware or ransomware attack database, and denying the proposed cryptocurrency transaction.
    Type: Grant
    Filed: December 3, 2022
    Date of Patent: January 30, 2024
    Assignee: CipherTrace, Inc.
    Inventors: David Jevans, Rudi Cilibrasi
  • Patent number: 11880391
    Abstract: Systems, methods, and software can be used to cluster software codes in a scalable manner. In some aspects, a computer-implemented method comprises: obtaining a plurality of software samples; computing one or more first hash results for each of the plurality of software samples; computing one or more second hash results for each of the plurality of software samples based on the one or more first hash results, wherein an amount of the one or more second hash results is less than an amount of the one or more first hash results; determining a similarity output based on the one or more second hash results of two of the plurality of software samples; and clustering the plurality of software samples based on the similarity output to generate one or more software sample clusters.
    Type: Grant
    Filed: April 20, 2021
    Date of Patent: January 23, 2024
    Assignee: CYLANCE, INC.
    Inventors: Sameer Shashikant Paranjape, Bronson Boersma, David Alan Greer
  • Patent number: 11882127
    Abstract: A method including transmitting, by an infrastructure device, a current fingerprint associated with a first instance of a source application; receiving, by the infrastructure device, respective results associated with comparing the current fingerprint with respective verification fingerprints, which are associated with instances of the source application other than the first instance; determining, by the infrastructure device based at least in part on the respective results, a determination result indicating whether the first instance of the source application is to be utilized for transmitting a transmission packet; and transmitting, by the infrastructure device, the determination result to indicate whether the first instance of the source application is to be utilized for transmitting the transmission packet. Various other aspects are contemplated.
    Type: Grant
    Filed: March 19, 2022
    Date of Patent: January 23, 2024
    Assignee: UAB 360 IT
    Inventor: Mohamed Adly Amer Elgaafary
  • Patent number: 11879541
    Abstract: A gearbox including a gear and a gutter. The gear is rotatable about a rotational axis in a rotational direction. The gear has a radial direction and an axial direction, and the gear expels oil radially outward when the gear rotates. The gutter is positioned radially outward of the gear in the radial direction of the gear to collect oil expelled by the gear when the gear rotates. The gutter includes an axial surface, a plurality of radial surfaces including a first radial surface and a second radial surface, and at least one opening to allow the oil collected in the gutter to flow therethrough. Each of the first radial surface and the second radial surface is oriented in a direction intersecting the axial surface, and the at least one opening is formed on both the axial surface and one of the first radial surface and the second radial surface.
    Type: Grant
    Filed: April 1, 2022
    Date of Patent: January 23, 2024
    Assignees: GENERAL ELECTRIC COMPANY, GE AVIO S.R.L.
    Inventors: Xiaohua Zhang, Bugra H. Ertas, Flavia Turi, Walter J. Smith
  • Patent number: 11882216
    Abstract: A local buffer is integrated with a witness generator and a proof generator on a cryptographic processor and is separate from host memory accessed by a host processor operating with the cryptographic processor in a proving computing system. The witness generator: receives, from software program running on the host processor, compiled code of a zero-knowledge-proof (ZKP) program and specific input to the ZKP program; executes the ZKP program by way of executing the compiled code; records specific output generated from the ZKP program with the specific input, intermediate variable values, and the specific input, as a specific witness of executing the ZKP program; stores the specific witness in the local buffer. The proof generator: receives, from the software program running on the host processor, a proving key; accesses the specific witness in the local buffer; generates a specific zero-knowledge proof for executing the ZKP program with the specific input.
    Type: Grant
    Filed: June 26, 2023
    Date of Patent: January 23, 2024
    Assignee: Auradine, Inc.
    Inventors: Patrick Xu, Minglei Wang, Sidong Li, De Vu, Saptadeep Pal, Lei Chang
  • Patent number: 11880462
    Abstract: A method (600) for identifying malicious software includes receiving and executing a software application (210), identifying a plurality of uniform resource identifiers (220) the software application interacts with during execution of the software application, and generating a vector representation (260) for the software application using a feed-forward neural network (170) configured to receive the plurality of uniform resource identifiers as feature inputs. The method also includes determining similarity scores (262) for a pool of training applications, each similarity score associated with a corresponding training application and indicating a level of similarity between the vector representation for the software application and a respective vector representation for the corresponding training application.
    Type: Grant
    Filed: May 21, 2018
    Date of Patent: January 23, 2024
    Assignee: Google LLC
    Inventors: Richard Cannings, Sai Deep Tetali, Mo Yu, Salvador Mandujano
  • Patent number: 11882143
    Abstract: Embodiments are directed toward a non-transitory processor-readable medium for providing a zero-day attack prevention cybersecurity system, including an agent and an orchestrator. The agent is configured to be installed at an endpoint within a network to be evaluated. The endpoint has a cybersecurity solution to be tested. The orchestrator is enables standardized tactics, techniques, and procedures (“TTPs”) and non-standard TTPs to be sent across the network to the endpoint. The agent is configured to limit network communication outgoing from the endpoint to predefined or selected communications while the agent is installed at the endpoint. Accordingly, the agent and the orchestrator cooperatively enable testing the cybersecurity solution of the endpoint with respect to both the standardized TTPs and the non-standard TTPs without exposing other endpoints in communication with the network to security risks posed by the standardized TTPs and the non-standard TTPs sent to the endpoint.
    Type: Grant
    Filed: August 5, 2021
    Date of Patent: January 23, 2024
    Assignee: Reveald Holdings Inc.
    Inventor: Jesus Guadalupe Garcia Correa
  • Patent number: 11880461
    Abstract: Providing an isolation system that allows analysts to analyze suspicious information in way that aids in preventing harmful information from spreading to other applications and systems on a network. A plurality of virtual containers may be used by analysts to analyze the suspicious information. The analyst may utilize a non-native application to analyze the suspicious information within the virtual container. The non-native application may be used to analyze the suspicious information in an analysis format instead of an original format for which the suspicious information, and any harmful information therein, were intended to be accessed. Additionally, the virtual containers may be accessed through the use of an API that allows an analyst to analyze the suspicious information in the virtual container without transferring information from the virtual container back to the analyst user computer system.
    Type: Grant
    Filed: June 22, 2020
    Date of Patent: January 23, 2024
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: Dustin Paul Stocks, Jon Codispoti
  • Patent number: 11875351
    Abstract: Logic may assign a customer identification to a model to associate a first customer with the model to detect fraudulent transactions. Logic may determine one or more clusters to associate with the first customer based on characteristics associated with the first customer. Logic may associate one or more cluster identifications with the first customer. Each cluster identification may identify one cluster of the one or more clusters. Each cluster may identify a group of customers based on characteristics associated with the group of customers. Logic may cause the model to transmit to a customer device associated with the first customer. Logic may receive transaction data for a transaction for one customer of the group of customers associated with a first cluster. And logic may communicate modified transaction data to customer devices of more than one customer of the group of customers associated with the first cluster.
    Type: Grant
    Filed: October 7, 2019
    Date of Patent: January 16, 2024
    Assignee: Capital One Services, LLC
    Inventors: Austin Grant Walters, Jeremy Edward Goodsitt, Fardin Abdi Taghi Abad, Reza Farivar
  • Patent number: 11876810
    Abstract: A method of detecting a malicious node in a bus network system includes pre-storing, by a receiving node, autocorrelation characteristics and node identifiers for each signal received from nodes excluding than the receiving node in a bus network system, receiving, by the receiving node, a target signal from any one of the nodes, generating, by the receiving node, an autocorrelation characteristic of the target signal, searching for an autocorrelation characteristic, which is identical to the autocorrelation characteristic of the target signal or similar to the autocorrelation characteristic of the target signal by a reference level or more, among the autocorrelation characteristics of each of the signals stored by the receiving node, determining, by the receiving node, whether a first node identifier matching the searched autocorrelation characteristic and a second node identifier extracted from a packet transmitted to the target signal are the same.
    Type: Grant
    Filed: August 5, 2021
    Date of Patent: January 16, 2024
    Assignee: DAEGU GYEONGBUK INSTITUTE OF SCIENCE AND TECHNOLOGY
    Inventors: Ji Woong Choi, Woo Jin Jeong, Eun Min Choi
  • Patent number: 11876833
    Abstract: Disclosed herein are systems, methods, and storage media for thwarting cyber-attacks and data theft. A computing system receives packets and compares with a configuration resource. The computing system determines that the packet does not match the configuration resource and transmits a packet to a decoy environment via an SDN switch. The decoy environment is configured to generate time-out, service unavailable, or restricted access messages. In some embodiments, the computing system determines the packet does match the configuration and transmits the packet to a production network via an SDN switch. The SDN switch is communicatively connected to the decoy environment through a first channel and communicatively connected to a production environment through a separate second channel. The computing system is further configured to create and transmit to the SDN switch, rules to manage transmitting the packet to either the decoy environment or the production environment.
    Type: Grant
    Filed: August 15, 2019
    Date of Patent: January 16, 2024
    Assignee: UCHICAGO ARGONNE, LLC
    Inventor: Joshua A Lyle
  • Patent number: 11874925
    Abstract: The present disclosure provides a data processing method for coping with ransomware, which encrypts data with a malicious intent and blocks an access to the data, to protect the data, and a program for executing the data processing method. In a computer apparatus that loads an application program stored in a memory onto a processor and carries out a predetermined processing according to the application program, on an operating system (OS) kernel which controls an access of the application program to hardware components of the computer apparatus, the processor reads the data stored in the memory, performs the predetermined processing at the request of the application program, determines whether a ransomware attack occurred for the data before storing the processed data back to the memory, and stores the processed data to the memory according to a determination result, thereby preventing the damage caused by the ransomware attack.
    Type: Grant
    Filed: September 23, 2022
    Date of Patent: January 16, 2024
    Assignee: SECUVE CO., LTD.
    Inventor: Ki Yoong Hong
  • Patent number: 11870795
    Abstract: Techniques for identifying attack behavior based on scripting language activity are disclosed. A security monitoring system generates a behavior profile for a first client device based on scripting language commands included in a first set of raw machine data received from the first client device, where the first client device is coupled to a network, and the first set of raw machine data is associated with network traffic received by or transmitted from the first client device. The security monitoring system analyzes a second set of raw machine data received from the first client device, where the second set of raw machine data is associated with subsequent network traffic received by or transmitted from the first client device. The security monitoring system detects an anomaly in the second set of raw machine data based on the behavior profile, and initiates a mitigation action in response to detecting the anomaly.
    Type: Grant
    Filed: June 14, 2021
    Date of Patent: January 9, 2024
    Assignee: SPLUNK INC.
    Inventors: Joseph Auguste Zadeh, Rodolfo Soto, Madhupreetha Chandrasekaran, Yijiang Li
  • Patent number: 11868479
    Abstract: A security framework for life-critical and safety-critical devices, specifically medical devices, using: a) runtime, adaptive methods that dynamically assess the risk of newly discovered vulnerabilities and threats, and b) automatic mitigation methods that reduce system risk by seamlessly reconfiguring the device to operate within different execution modes. This technology automatically isolates threats by disabling affected system components. A multi-modal software design uses adaptive software in which operational modes have monotonically decreasing cumulative risk. Formal risk models are used to model the individual risk of accessing or controlling system components and to automatically calculate the cumulative risk of software modes. The automated detection of potential threats by the system or reporting of known vulnerabilities will dynamically change the system risk.
    Type: Grant
    Filed: November 1, 2019
    Date of Patent: January 9, 2024
    Assignees: ARIZONA BOARD OF REGENTS ON BEHALF OF THE UNIVERSITY OF ARIZONA, JOHANNES KEPLER UNIVERSITY LINZ
    Inventors: Roman Lysecky, Jerzy Rozenblit, Johannes Sametinger, Aakarsh Rao, Nadir Carreon
  • Patent number: 11870789
    Abstract: An unauthorized message in an in-vehicle network is more accurately detected. A detection device includes: a monitoring unit configured to monitor, as target messages, an authorized message being periodically transmitted and the unauthorized message in the in-vehicle network, and monitor a reference message being periodically transmitted; a calculation unit configured to, based on a monitoring result of the monitoring unit, calculate a time difference between a time corresponding to a transmission time of the target message and a time corresponding to a transmission time of the reference message; and a detection unit configured to, based on the time difference calculated by the calculation unit, perform a detection process of detecting the unauthorized message.
    Type: Grant
    Filed: May 19, 2020
    Date of Patent: January 9, 2024
    Assignees: AUTONETWORKS TECHNOLOGIES, LTD., SUMITOMO WIRING SYSTEMS, LTD., SUMITOMO ELECTRIC INDUSTRIES, LTD.
    Inventors: Yoshihiro Hamada, Hiroshi Ueda, Naoki Adachi, Shinichi Aiba, Shogo Kamiguchi, Fumiya Ishikawa
  • Patent number: 11868483
    Abstract: Applications on a device are assigned scores based on their attributes, update status, and source. A device is a assigned a score based on its attributes and the scores of applications installed thereon. the device score may be combined with an evaluation of user behavior to obtain a user score. The scores may be used to invoke security actions with respect to data and services of an enterprise. Security reports for a network environment may be modified such that the severity of threats accounts for policies and attributes of the environment. Security of a device may be evaluated locally, including the training of a model to identify anomalous authentication or usage behavior. Security of a device may be reduced to a score lacking personal information that may be used by a server to select access controls for a device.
    Type: Grant
    Filed: November 8, 2022
    Date of Patent: January 9, 2024
    Assignee: LOOKOUT INC.
    Inventors: Victoria Ashley Mosby, Bastien Bobe, Brian James Buck, Katelyn Clifford
  • Patent number: 11861001
    Abstract: A computer-implemented method, computer program product and computing system for: a computer-implemented method is executed on a computing device and includes: obtaining object information concerning one or more initial objects within a computing platform in response to a security event; identifying an event type for the security event; and executing a response script based, at least in part, upon the event type.
    Type: Grant
    Filed: November 22, 2021
    Date of Patent: January 2, 2024
    Assignee: RELIAQUEST HOLDINGS, LLC
    Inventors: Brian P. Murphy, Joe Partlow, Colin O′Connor, Jason Pfeiffer, Brian Philip Murphy
  • Patent number: 11860796
    Abstract: Embodiments described herein provide techniques to manage drivers in a user space in a data processing system. One embodiment provides a data processing system configured perform operations, comprising discovering a hardware device communicatively coupled to the communication bus, launching a user space driver daemon, establishing an inter-process communication (IPC) link between a first proxy interface for the user space driver daemon and a second proxy interface for a server process in a kernel space, receiving, at the first proxy interface, an access right to enable access to a memory buffer in the kernel space, and relaying an access request for the memory buffer from the user space driver daemon via a third-party proxy interface to enable the user space driver daemon to access the memory buffer, the access request based on the access right.
    Type: Grant
    Filed: August 9, 2021
    Date of Patent: January 2, 2024
    Assignee: Apple Inc.
    Inventors: Jeremy C. Andrus, Joseph R. Auricchio, Russell A. Blaine, Daniel A. Chimene, Simon M. Douglas, Landon J. Fuller, Yevgen Goryachok, John K. Kim-Biggs, Arnold S. Liu, James M. Magee, Daniel A. Steffen, Roberto G. Yepez
  • Patent number: 11863587
    Abstract: A webshell detection method and apparatus are provided. The apparatus obtains first web traffic of a protected host; generates a web page visit record of the protected host based on the first web traffic, where the web page visit record is used to save at least one uniform resource locator (URL), an IP address visiting each URL, and a total quantity of visits to each URL; determines a suspicious URL from the at least one URL based on the web page visit record, where a total quantity of visits to the suspicious URL is less than a first threshold, and a ratio of a quantity of different IP addresses visiting the suspicious URL to the total quantity of visits to the suspicious URL is less than a second threshold; and determines whether a web page identified by the suspicious URL contains a webshell signature.
    Type: Grant
    Filed: June 13, 2019
    Date of Patent: January 2, 2024
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventor: Wu Jiang
  • Patent number: 11861563
    Abstract: In an embodiment, the disclosed technologies monitor electronic message traffic between a network and a recipient computer system. An embodiment includes obtaining, from an electronic message received from the network, a triple of a display name, email address, and sending domain, determining a name score for triple, and determining characteristics of the electronic message. The name score of the triple and the characteristics of the electronic message may be used to determine whether the electronic message is a spoofing attack such as a business email compromise (BEC) attack. In response to determining that the electronic message is malicious, an embodiment may cause the network to at least one of modify, delay, re-route, or block transmission of the electronic message to the recipient computer system.
    Type: Grant
    Filed: January 15, 2021
    Date of Patent: January 2, 2024
    Assignee: CLOUDFLARE, INC.
    Inventors: Umalatha Batchu, Torsten Zeppenfeld, Blake Darche, Philip Syme
  • Patent number: 11856007
    Abstract: A system and a method are disclosed for determining that a first electronic communication, received in a first private repository of a user, has been identified (e.g., flagged) as including a threat, and determining a probability that the first electronic communication includes the threat. In response to determining that the probability exceeds a threshold probability, the system monitors monitoring for a second electronic communication, received in a second private repository, that includes contents that match the contents of the first electronic communication.
    Type: Grant
    Filed: December 7, 2020
    Date of Patent: December 26, 2023
    Assignee: Material Security Inc.
    Inventors: Ryan M. Noon, Abhishek Agrawal, Christopher J. Park
  • Patent number: 11853415
    Abstract: Disclosed herein are methods, systems, and processes for context-based identification of anomalous log data. Log data with multiple original logs is received at an anomalous log data identification system. A context associated training dataset is generated by splitting a string in a log into multiple split strings, generating a context association between each split string and a unique key that corresponds to the log, and generating an input/output (I/O) string data batch that includes I/O string data for each split string in the log by training each split string against every other split string in the log. A context-based anomalous log data identification model is then trained according to a machine learning technique using the I/O string data batch that includes a list of unique strings in the context associated training dataset.
    Type: Grant
    Filed: December 9, 2020
    Date of Patent: December 26, 2023
    Assignee: Rapid7, Inc.
    Inventor: Douglas George Wainer
  • Patent number: 11856011
    Abstract: A computerized method for analyzing an object is disclosed. The computerized method includes obtaining, by a cybersecurity system, an object and context information generated during a first malware analysis of the object conducted prior to obtaining the object. Thereafter, the cybersecurity system performs a second malware analysis of the object to determine a verdict indicating maliciousness of the object. The scrutiny of the second malware analysis is adjusted based, at least in part, the context information, which may include (i) activating additional or different monitors, (ii) adjusting thresholds for determining maliciousness, or (iii) applying a modified rule set during the second malware analysis based on the context information.
    Type: Grant
    Filed: January 13, 2023
    Date of Patent: December 26, 2023
    Assignee: Musarubra US LLC
    Inventors: Sai Vashisht, Sumer Deshpande, Sushant Paithane, Rajeev Menon
  • Patent number: 11846980
    Abstract: Some examples relate generally to managing and storing data, and more specifically to the real-time detection of ransomware, system (or insider) threats, or the misappropriation of credentials by using file system audit events.
    Type: Grant
    Filed: November 11, 2022
    Date of Patent: December 19, 2023
    Assignee: Rubrik, Inc.
    Inventors: Shanthi Kiran Pendyala, Di Wu, Matthew Edward Noe
  • Patent number: 11848948
    Abstract: Example methods and systems for correlation-based security threat analysis are described. In one example, a computer system may obtain event information that is generated by monitoring a virtualized computing instance supported by a host; and network alert information that is generated by monitoring network traffic associated with the virtualized computing instance. The network alert information may specify security threat signature(s) detected based on the network traffic. The computer system may map the network alert information to threat information that specifies indicator(s) of compromise associated with the signature(s) and perform a correlation analysis based on the event information, network alert information and threat information. Based on the correlation analysis, it is determined whether there is a potential security threat associated with the virtualized computing instance.
    Type: Grant
    Filed: December 18, 2020
    Date of Patent: December 19, 2023
    Assignee: VMWARE, INC.
    Inventors: Baibhav Singh, Jayant Jain
  • Patent number: 11848960
    Abstract: A server interacts with a bot detection service to provide bot detection as a requesting client interacts with the server. In an asynchronous mode, the server injects into a page a data collection script configured to record interactions at the requesting client, to collect sensor data about the interactions, and to send the collected sensor data to the server. After the client receives the page, the sensor data is collected and forwarded to the server through a series of posts. The server forwards the posts to the detection service. During this data collection, the server also may receive a request from the client for a protected endpoint. When this occurs, and in a synchronous mode, the server issues a query to the detection service to obtain a threat score based in part on the collected sensor data that has been received and forwarded by the server. Based on the threat score returned, the server then determines whether the request for the endpoint should be forwarded onward for handling.
    Type: Grant
    Filed: February 8, 2022
    Date of Patent: December 19, 2023
    Assignee: Akamai Technologies, Inc.
    Inventors: David Senecal, Prajakta Bhurke, Tu Vuong
  • Patent number: 11847413
    Abstract: Techniques are disclosed for building a dictionary of words from combinations of symbols generated based on input data. A neuro-linguistic behavior recognition system includes a neuro-linguistic module that generates a linguistic model that describes data input from a source (e.g., video data, SCADA data, etc.). To generate words for the linguistic model, a lexical analyzer component in the neuro-linguistic module receives a stream of symbols, each symbol generated based on an ordered stream of normalized vectors generated from input data. The lexical analyzer component determines words from combinations of the symbols based on a hierarchical learning model having one or more levels. Each level indicates a length of the words to be identified at that level. Statistics are evaluated for the words identified at each level. The lexical analyzer component identifies one or more of the words having statistical significance.
    Type: Grant
    Filed: May 24, 2021
    Date of Patent: December 19, 2023
    Assignee: Intellective Ai, Inc.
    Inventors: Gang Xu, Ming-Jung Seow, Tao Yang, Wesley Kenneth Cobb
  • Patent number: 11847223
    Abstract: A method and a system for identifying indicators of compromise are provided. The method comprises: obtaining a given malware carrier configured for execution a main malware module; generating, based on the given malware carrier, an attack roadmap, the attack roadmap including a plurality of malware carriers; determining a malware class of each one of the plurality of malware carriers; generating a current list of indicators of compromise of each of the plurality of malware carriers; searching a database to locate at least one stored attack roadmap including a plurality of stored malware carriers; retrieving from the database a stored list of indicators of compromise for each of the plurality of stored malware carriers; generating an amalgamated list of indicators of compromise based on the current list of indicators and the stored digital list of indicators of compromise; storing, in the database, the amalgamated list of indicators of compromise.
    Type: Grant
    Filed: February 18, 2021
    Date of Patent: December 19, 2023
    Assignee: GROUP IB TDS, LTD
    Inventor: Ilia Sergeevich Pomerantsev
  • Patent number: 11843621
    Abstract: Systems, methods, and related technologies for profiling an entity and classifying an entity based on a profile are described. In certain aspects, accessing data associated with one or more communications of an entity is accessed and one or more behaviors based on the data associated with the one or more communications of the entity are determined. One or more sequences of the one or more behaviors of the entity are determined and a profile is determined based on the one or more sequences of the one or more behaviors, wherein the profile comprises a classification of the entity. The profile may then be stored.
    Type: Grant
    Filed: March 8, 2019
    Date of Patent: December 12, 2023
    Assignee: FORESCOUT TECHNOLOGIES, INC.
    Inventors: Yang Zhang, Arun Raghuramu, Siying Yang
  • Patent number: 11841952
    Abstract: A system and method for determining device attributes using a classifier hierarchy. The method includes: determining at least one exploitation condition for a manufacturing device based on at least one first device attribute of the manufacturing device and a plurality of second device attributes indicated in a vulnerabilities database, wherein the vulnerabilities database further indicates a plurality of known exploits for the plurality of second device attributes; analyzing behavior and configuration of the medical device to detect an exploitable vulnerability for the manufacturing device, wherein the exploitable vulnerability is a behavior or configuration of the manufacturing device which meets the at least one exploitation condition; and performing at least one mitigation action based on the exploitable vulnerability.
    Type: Grant
    Filed: February 26, 2020
    Date of Patent: December 12, 2023
    Assignee: ARMIS SECURITY LTD.
    Inventors: Shaked Gitelman, Tal Ravid