Intrusion Detection Patents (Class 726/23)
  • Patent number: 11128655
    Abstract: This disclosure relates to method and system for managing security vulnerability in a host computer system. In an embodiment, the method may include receiving reputation data with respect to external network traffic data and receiving intrusion data with respect to host system data. The intrusion data may be generated by the host computer system based on the external network traffic data. The method may further include generating a plurality of test cases based on the reputation data and the intrusion data. The test cases, upon simulation, may provide information with respect to security vulnerability in the host computer system. The method may further include determining a set of implementable topologies for the host computer system, based on a simulation of each of the plurality of test cases, using a first artificial neural network (ANN) model to manage the security vulnerability.
    Type: Grant
    Filed: October 24, 2019
    Date of Patent: September 21, 2021
    Assignee: Wipro Limited
    Inventor: Ajith Kumar S
  • Patent number: 11126713
    Abstract: A system for detecting directory reconnaissance in a directory service includes a sensor and a directory reconnaissance detector, each of which is executing on one or more computing devices. The sensor determines whether a query that is submitted to a directory server is a suspicious query and, if the query is determined to be a suspicious query, transmits the suspicious query to the directory reconnaissance detector. The director reconnaissance detector includes a receiver, a context obtainer, an alert determiner and an alert transmitter. The receiver receives the suspicious query from the sensor and the context obtainer obtains context information associated with the suspicious query. The alert determiner determines whether a security alert should be generated based at least on the suspicious query and the context information. The alert transmitter generates the security alert responsive to a determination that the security alert should be generated.
    Type: Grant
    Filed: April 8, 2019
    Date of Patent: September 21, 2021
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Tal J. Maor, Itai Grady Ashkenazy, Gal Z. Bruchim, Jonathan M. Monsonego, Sivan Krigsman, Lior Schindler
  • Patent number: 11128618
    Abstract: A security system autonomously secures a modular data center (MDC) from a detected external threat by disabling access to physical communication ports. Sensor(s) are monitored that detects a presence of a person in an exterior or interior of a volumetric container of an MDC. Information technology (IT) component(s) are positioned within the volumetric container and include physical communication port(s) that receive a hot pluggable device containing memory. In response to determining that a detected person is not authenticated, a controller identifies any hot pluggable device that is currently engaged to a physical communication port of the MDC. The controller selectively disables access via the physical communication port(s) that is not engaged to a hot pluggable device. The controller enables continued access to the IT component(s) by any identified hot pluggable device that was engaged to a physical communication port before detecting the presence of the unauthenticated person.
    Type: Grant
    Filed: October 15, 2019
    Date of Patent: September 21, 2021
    Assignee: Dell Products, L.P.
    Inventors: Mark M. Bailey, Tyler B. Duncan, Mukund P. Khatri
  • Patent number: 11127014
    Abstract: A sleep pattern analyzer (SPA) system for capturing and analyzing sleep data and sleep pattern data is provided. The SPA system is configured to receive sleep data associated with a user, the sleep data including a registered user identifier and at least one sleep time stamp, and store the sleep data in a sleep pattern database. The SPA system is also configured to receive transaction data for a transaction initiated by a consumer with a merchant. The SPA system is further configured to match the consumer identifier to the registered user identifier, generate a fraud notification message when the transaction time stamp overlaps with the at least one sleep time stamp, and transmit the fraud notification message to at least one of an issuer, the merchant, and the consumer associated with the consumer identifier.
    Type: Grant
    Filed: December 11, 2017
    Date of Patent: September 21, 2021
    Assignee: MASTERCARD INTERNATIONAL INCORPORATED
    Inventor: Rick Unnerstall
  • Patent number: 11128641
    Abstract: Example embodiments disclosed herein relate to propagating belief information about malicious and benign nodes. In one example, a domain name system (DNS) resolution graph including multiple nodes is determined. In this example, a first subset of nodes is determined based on an initial benign value or an initial unknown value associated with the respective nodes. In the example, benign belief information is propagated for the first subset based on the respective initial benign values. Moreover, in the example, a second subset of the nodes is determined based on an initial malicious value or an initial unknown value. Malicious belief information is propagated for the second subset based on the respective malicious values. The propagated belief information is copied to a DNS resolution graph.
    Type: Grant
    Filed: August 28, 2015
    Date of Patent: September 21, 2021
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Loai Zomlot, Pratyusa K. Manadhata
  • Patent number: 11128659
    Abstract: The present application relates to the handling of what are generally referred to as denial of service (DoS) attacks. More specifically, the present application relates to a method and system for protecting one or more on-line Web service application servers from DoS and/or distributed DoS (DDoS) attacks.
    Type: Grant
    Filed: December 20, 2019
    Date of Patent: September 21, 2021
    Assignee: Transform SR Brands LLC
    Inventors: Partha Ghosh, Vivek Bawge
  • Patent number: 11128588
    Abstract: A processor acquires feature information of a target email, among email that has already been transmitted from the information processing apparatus, the target email specified by an operation of a user of the information processing apparatus as email to be restricted from viewing-access by a user of a receiving-side apparatus. The processor transmits feature information of the target email to an apparatus that receives information for identifying a removal target for a security measure system. The target email is designated as a removal target by the security measure system for the receiving-side apparatus.
    Type: Grant
    Filed: June 30, 2020
    Date of Patent: September 21, 2021
    Assignee: NOMURA RESEARCH INSTITUTE, LTD.
    Inventors: Masahiro Ueno, Tianfeng Ma, Atsushi Ito, Sumio Midorikawa
  • Patent number: 11128548
    Abstract: A network element health status detection method and device, where the method includes: determining sampled data of at least one key performance indicator (KPI) of a target network element in a first time window; obtaining a fluctuation score of any KPI in the at least one KPI according to sampled data of the any KPI in the first time window and a steady state value of the any KPI; and determining a health status of the target network element based on a fluctuation score of each KPI. Therefore, a network element health status is determined using single-point performance data of a network element and performance data in a network element time window.
    Type: Grant
    Filed: October 7, 2019
    Date of Patent: September 21, 2021
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Yuming Xie, Qian Xiao, Zhiman Xiong, Li Xue, Ming Chen
  • Patent number: 11128637
    Abstract: The disclosed embodiments include systems and methods for implementing least-privilege access to, control of, and/or code execution on target network resources. Operations may include identifying a prompt associated with a least-privilege requesting identity to initiate a remote session on a target network resource; executing, in response to the prompt, a first agent; retrieving, from a secure storage location, a second agent; initiating, by the first agent, execution of the second agent on the target network resource, wherein the second agent executes using a least-privilege credential or using least-privilege permissions associated with the least-privilege requesting identity; and instructing the second agent to perform an action remotely on the target network resource through the remote session using the least-privilege credential or using the least-privilege permissions.
    Type: Grant
    Filed: November 5, 2019
    Date of Patent: September 21, 2021
    Assignee: CYBERARK SOFTWARE LTD.
    Inventor: Tomer Dayan
  • Patent number: 11128651
    Abstract: Search results are received from an initiated free text search of log data from one or more logs, where the free text is performed using search terms entered into a free text search graphical user interface. A set of at least one search result is selected from the search results containing an event desired to be identified in a completed enterprise threat detection (ETD) pattern. A forensic lab application is rendered to complete an ETD pattern. An event filter is added for an event type based on normalized log data to a path. A relative ETD pattern time range is set and an ETD pattern is completed based on the added event filter.
    Type: Grant
    Filed: January 6, 2020
    Date of Patent: September 21, 2021
    Assignee: SAP SE
    Inventors: Eugen Pritzkau, Joscha Philipp Bohn, Daniel Kartmann, Wei-Guo Peng, Hristina Dinkova, Lin Luo, Thomas Kunz, Marco Rodeck, Hartwig Seifert, Harish Mehta, Nan Zhang, Rita Merkel, Florian Chrosziel
  • Patent number: 11120131
    Abstract: Described herein is a system that detects ransomware infection in filesystems. The system detects ransomware infection by using backup data of machines. The system detects ransomware infection in two stages. In the first stage, the system analyzes a filesystem's behavior. The filesystem's behavior can be obtained by loading the backup data and crawling the filesystem to create a filesystem metadata including information about file operations during a time interval. The filesystem determines a pattern of the file operations and compares the pattern to a normal patter to analyze the filesystem's behavior. If the filesystem's behavior is abnormal, the system proceeds to the second stage to analyze the content of the files to look for signs of encryption in the filesystem. The system combines the analysis of both stages to determine whether the filesystem is infected by ransomware.
    Type: Grant
    Filed: July 30, 2018
    Date of Patent: September 14, 2021
    Assignee: RUBRIK, INC.
    Inventors: Oscar Chen, Di Wu, Benjamin Reisner, Matthew E. Noe
  • Patent number: 11121953
    Abstract: During operation, a computer may compare values of at least one performance metric for access points in appropriate contexts to determine one or more temporal anomalies and/or one or more spatial anomalies for one or more of the access points. Then, the computer may generate one or more temporal anomaly events based at least in part on the one or more temporal anomalies and one or more spatial anomaly events based at least in part on the one or more spatial anomalies. Next, the computer may calculate one or more complex events based at least in part on two or more of the different anomalies. Moreover, the computer may evaluate the different anomalies, anomaly event and/or complex events to determine one or more insights about a problem in the network. Furthermore, the computer may perform a remedial action.
    Type: Grant
    Filed: June 10, 2020
    Date of Patent: September 14, 2021
    Assignee: ARRIS Enterprises LLC
    Inventors: Yang Han, SeeHo Ting, Koteswar Rao Mellachervu, Lakshmi Nagarajan, Ilango Purushothaman, Jiayi Chen
  • Patent number: 11120127
    Abstract: Methods and systems for detecting and correcting anomalies include predicting normal behavior of a monitored system based on training data that includes only sensor data collected during normal behavior of the monitored system. The predicted normal behavior is compared to recent sensor data to determine that the monitored system is behaving abnormally. A corrective action is performed responsive to the abnormal behavior to correct the abnormal behavior.
    Type: Grant
    Filed: December 13, 2018
    Date of Patent: September 14, 2021
    Inventors: Alexandru Niculescu-Mizil, Eric Cosatto, Xavier Fontaine
  • Patent number: 11113397
    Abstract: In one embodiment, a device disassembles an executable file into assembly instructions. The device maps each of the assembly instructions to a fixed length instruction vector using one-hot encoding and an instruction vocabulary and forms vector representations of blocks of a control flow graph for corresponding functions of the executable file by embedding and aggregating bags of the instruction vectors. The device generates, based on the vector representations of the blocks of the control flow graph, a call graph model of the functions in the executable file. The device forms a vector representation of the executable file based in part on the call graph model. The device determines, based on the vector representation of the executable file, whether the executable file is malware.
    Type: Grant
    Filed: May 16, 2019
    Date of Patent: September 7, 2021
    Assignee: Cisco Technology, Inc.
    Inventors: Tomas Pevny, Jan Franco̊, Petr Somol
  • Patent number: 11115437
    Abstract: A method and system for adaptively securing a protected entity against a potential advanced persistent threat (APT) are provided. The method includes probing a plurality of resources in a network prone to be exploited by an APT attacker; operating at least one security service configured to output signals indicative of APT related activity of each of the plurality of probed resources; generating at least one security event respective of the output signals; determining if the at least one security event satisfies at least one workflow rule; and upon determining that the at least one security event satisfies the at least one workflow rule, generating at least one action with respect to the potential APT attack.
    Type: Grant
    Filed: July 15, 2015
    Date of Patent: September 7, 2021
    Assignee: Cybereason Inc.
    Inventor: Avi Chesla
  • Patent number: 11108752
    Abstract: Systems and methods are disclosed for managing the resetting of online identities or accounts of users of Internet web pages. One method includes: receiving, through an electronic device, a request to reset login information to access a web page associated with the user's online account; determining that an IP address associated with the request is not identified as being suspicious; receiving user data intrinsic to the user's request; automatically verifying two or more values of the data intrinsic to the user's request as being indicative of a level of trust of the identity of the user; and transmitting, to the user over the Internet, a subset of options to reset the login information, the subset being selected based on the level of trust.
    Type: Grant
    Filed: December 23, 2019
    Date of Patent: August 31, 2021
    Assignee: Verizon Media Inc.
    Inventor: Lachlan A. Maxwell
  • Patent number: 11106792
    Abstract: Disclosed herein are systems and method for deep dynamic analysis for protecting endpoint devices from malware. In one aspect, an exemplary method comprises launching a deep analysis process, by a deep analysis tool, the launching including: injecting a dynamically loaded component into an address space of an application code and initializing, by the dynamically loaded component, to allow an execution activity, by the injected dynamically loaded component, parsing dependencies of run-time linkages, hooking system functions, creating an application memory map with separate application and system code areas, transferring control back to the application code, and performing on-sample-execution activity, obtaining control of exception handler and monitoring attempts to use the exception handler, changing an available area, logging accesses, inspecting exception reasons and applying policies, determining whether or not the application of the sample is a malware, and sending a final verdict.
    Type: Grant
    Filed: March 29, 2019
    Date of Patent: August 31, 2021
    Assignee: Acronis International GmbH
    Inventors: Alexey Kostyushko, Anastasia Pereberina, Serguei Beloussov, Stanislav Protasov
  • Patent number: 11108791
    Abstract: System and methods are described which are useful for efficiently combining characteristic detection rules, such as may be done to efficiently and quickly assist in the dispositioning of user reported security threats.
    Type: Grant
    Filed: August 11, 2020
    Date of Patent: August 31, 2021
    Assignee: KnowBe4, Inc.
    Inventors: Marcio Castilho, Alin Irimie, Michael Hanley, Daniel Cormier, Raymond Skinner
  • Patent number: 11108797
    Abstract: A non-transitory computer-readable medium having a program stored thereon that, when executed by one or more processors, directs a computing system to secure a communication network. The program comprises a traffic inspection engine, a domain generation algorithm (DGA) inspection engine, and a message bus communicationally coupling the traffic inspection engine and the DGA inspection engine. The traffic inspection engine is configured to identify if a traffic session containing a domain name system (DNS) request and/or response in a communication network includes a DGA generated domain and send information about the identified DGA generated domain to the DGA inspection engine via the message bus. The DGA inspection engine is configured to verify if the identified DGA generated domain is registered, and send information about the registered DGA domain to the traffic inspection engine via the message bus.
    Type: Grant
    Filed: March 11, 2019
    Date of Patent: August 31, 2021
    Assignee: Stellar Cyber, Inc.
    Inventors: Zhang Xu, Changming Liu
  • Patent number: 11108813
    Abstract: The disclosed embodiments provide a system for mitigating a distributed denial-of-service (DDoS) attack. During operation, the system analyzes application layer data in historical traffic to an online system to determine a historical volume of member traffic from an Internet Protocol (IP) address to the online system, wherein the member traffic is generated by members of the online system. Next, the system calculates a rate limit for a set of requests from the IP address to the online system based on the historical volume of member traffic from the IP address. During a DDoS attack, the system outputs the rate limit for use in blocking a subset of the requests from the IP address to the online system.
    Type: Grant
    Filed: June 28, 2019
    Date of Patent: August 31, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Shoufu Luo, Jie Zhang
  • Patent number: 11108790
    Abstract: Methods and systems for detecting malicious activity on a network. The methods described herein involve gathering data regarding a first state of a computing environment, executing an attack tool to simulate malicious activity in the computing environment, and then gathering data regarding a second state of the computing environment. The methods described herein may then involve generating a signature based on changes between the first and second states, and then using the generated signature to detect malicious activity in a target network.
    Type: Grant
    Filed: April 30, 2019
    Date of Patent: August 31, 2021
    Assignee: Rapid7, Inc.
    Inventors: Paul Deardorff, Dustin Myers
  • Patent number: 11108802
    Abstract: There is disclosed a method and system for determining web hosts receiving abnormal site visits. The method comprises generating a graph of web search history and clustering nodes in the graph. The method then comprises removing clusters that are affiliated based on user interaction data, and storing indicators that the remaining web hosts are associated with abnormal site visits.
    Type: Grant
    Filed: May 7, 2020
    Date of Patent: August 31, 2021
    Assignee: YANDEX EUROPE AG
    Inventors: Dmitry Aleksandrovich Cherkasov, Alexander Vladimirovich Anisimov, Grigory Mikhailovich Gankin
  • Patent number: 11100243
    Abstract: Technologies are described for selective persistence of data utilized by software containers. A configuration policy is defined that includes data that specifies one or more data stores for which data is not to be persisted following accesses to a software container and one or more data stores for which data is to be persisted following accesses to the software container. When the software container is first accessed, the data stores identified in the configuration policy are attached to the software container. Upon a subsequent access to the container, such as at the conclusion of a user session or upon destruction of the container, the data in the attached data stores is persisted or deleted based upon the configuration policy. When the software container is once again accessed, the data store containing the persisted data can be re-attached to the software container.
    Type: Grant
    Filed: January 15, 2018
    Date of Patent: August 24, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Margarit Simeonov Chenchev, Benjamin M. Schultz, Giridhar Viswanathan, Balaji Balasubramanyan, Yanan Zhang, Frederick Justus Smith, Hari R. Pulapaka, David Weston
  • Patent number: 11102223
    Abstract: A system and method for tracking data security threats within an organization is proposed. A threat aggregator process executing on an analysis computer system within the organization receives events indicating possible threats observed by and sent from different user devices and aggregates related events into threats. This enables the threats to be analyzed and acted upon at a level of the organization (e.g., across user devices) rather than at the level of the individual user devices. An endpoint telemetry system analyzes threats sent from the aggregator and provides security policies for responding to the threats. In examples, the system can identify attacks of related threats and act upon the related threats of the attack collectively, and can characterize false positive threats sent from multiple user devices as a single extraneous threat. This has advantages over the per-user device focus for responding to threats provided by current systems and methods.
    Type: Grant
    Filed: June 27, 2019
    Date of Patent: August 24, 2021
    Assignee: Carbon Black, Inc.
    Inventors: Jeffrey Albin Kraemer, Ranganathan Gopalan
  • Patent number: 11102240
    Abstract: Early-warning decision method, node and system are provided in the present disclosure. The method includes obtaining a flow analysis result of a portion of service requests that are targeted at a same server; calculating a flow of all the service requests that are targeted at the server based on a flow indicated by the flow analysis result and a weight of a current distributed node, the weight being a weight or proportion of all the service requests targeted at the server that accounts for the flow indicated by the flow analysis result that is obtained by the current distributed node; comparing a flow of all the service requests that are targeted at the server with an abnormal flow threshold; and determining whether to send an instruction for performing subsequent processing on the server based on a comparison result.
    Type: Grant
    Filed: May 25, 2018
    Date of Patent: August 24, 2021
    Assignee: Alibaba Group Holding Limited
    Inventors: Yifan Tu, Huilai Qiao, Jiong Jia
  • Patent number: 11102219
    Abstract: Systems and methods to manage operation of at least one network is provided. The system includes a processor, an input/output device coupled to the processor, and a memory coupled with the processor. The memory comprises executable instructions that when executed by the processor cause the processor to effectuate operations. The operations include identifying at least one event signature associated with an event, wherein the event signature is indicative that it is probable that at least one user of the network will experience a predefined service anomaly. Operation of the network is monitored for a presence of the at least one event signature. The presence of the at least one event signature is detected. At least one action is determined to deter the predefined service anomaly. The action is caused to be implemented on the network.
    Type: Grant
    Filed: August 24, 2017
    Date of Patent: August 24, 2021
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: James Fan, Alireza Hooshiari, Dan Celenti
  • Patent number: 11102226
    Abstract: The present invention relates to a dynamic security method and system based on multi-fusion linkage response. In the method, a site control device conducts active response and passive response through identity authentication and key management to give an alarm for abnormal behaviors. The system comprises an access authentication active response module, an access control active response module, an access control passive response module, an abnormal pretending passive response module, a key vulnerability passive response module and an abnormal state passive response mechanism module. On the basis of ensuring validity and feasibility for the security of a terminal device, the present invention can build a secure and trusted industrial control system operating environment.
    Type: Grant
    Filed: May 7, 2018
    Date of Patent: August 24, 2021
    Assignee: SHENYANG INSTITUTE OF AUTOMATION, CHINESE ACADEMY OF SCIENCES
    Inventors: Haibin Yu, Peng Zeng, Jianming Zhao, Xianda Liu, Chunyu Chen, Tianyu Wang
  • Patent number: 11102215
    Abstract: A method, computer system, and a computer program product for restricting and anonymizing a graphical user interface for a remote access session is provided. The present invention may include determining a plurality of appropriate permissions for the graphical user interface of a client computer for fixing a problem. The present invention may also include determining a plurality of restricted graphical user interface panels associated with the graphical user interface, wherein the determined plurality of restricted graphical user interface panels includes a minimum access level for the third party to fix the problem.
    Type: Grant
    Filed: October 4, 2019
    Date of Patent: August 24, 2021
    Assignee: International Business Machines Corporation
    Inventors: Jeffrey A. Calcaterra, Erik Rueger, Christof Schmitt
  • Patent number: 11095664
    Abstract: A mobile device receives an invitation to commence a media session. The invitation may be from a legitimate caller or from a spoofing caller. The mobile device checks parameters using templates to evaluate a consistency of the invitation with respect to a database in the mobile device. The templates include session protocol, network topology, routing, and social templates. Specific template data includes standardized protocol parameters, values from a database of the mobile device and phonebook entries of the mobile device. Examples of the parameters include capabilities, preconditions, vendor equipment identifiers, a hop counter value and originating network information. The originating network information may be obtained from the database by first querying an on-line database to determine a network identifier associated with caller identification information in the invitation.
    Type: Grant
    Filed: April 5, 2017
    Date of Patent: August 17, 2021
    Assignee: Apple Inc.
    Inventors: Shi Lu, Camille Chen, Wenping Lou, Wen Zhao
  • Patent number: 11095540
    Abstract: A computing device is provided that is configured to obtain, from a managed network, a plurality of response times of a network-based service provided by the managed network; to train, based on the plurality of response times, a probability distribution to model the managed network; to receive an additional response time from the managed network; to use the probability distribution to determine, for the additional response time, a percentile based on the additional response time; based on the percentile, to determine that the additional response time is anomalously high with respect to the plurality of response times of the network-based service; and to transmit, to a client device associated with the managed network, an indication that the additional response time is anomalously high. The probability distribution includes a central portion based on a plurality of bins and a tail portion based on a parametric distribution.
    Type: Grant
    Filed: January 23, 2019
    Date of Patent: August 17, 2021
    Assignee: ServiceNow, Inc.
    Inventors: Qingbin Li, Brian Robert Silverstein, James Allen Crotinger, Dariush Shahgoshtasbi, Darren Hou, Yujie Fang
  • Patent number: 11093611
    Abstract: A method and system for the deployment of deceptive decoy elements in a computerized environment to identify data leakage processes invoked by suspicious entities are presented. The method includes generating at least one deceptive decoy element; and deploying the generated at least one deceptive decoy element in a folder in a file system of the computerized environment, wherein the deployment is based on a sensitivity level of the folder, wherein the at least one deceptive decoy element is configured to provide an indication of unauthorized access upon an attempt by an unauthorized entity to access the folder.
    Type: Grant
    Filed: June 25, 2018
    Date of Patent: August 17, 2021
    Assignee: Itsmine LTD.
    Inventors: Kfir Kimhi, Ran Norman, Guy Ben Mayor
  • Patent number: 11093621
    Abstract: A nested file having a primary file and at least one secondary file embedded therein is parsed using at least one parser of a cell. The cell assigns a maliciousness score to each of the parsed primary file and each of the parsed at least one secondary file. Thereafter, the cell generates an overall maliciousness score for the nested file that indicates a level of confidence that the nested file contains malicious content. The overall maliciousness score is provided to a data consumer indicating whether to proceed with consuming the data contained within the nested file.
    Type: Grant
    Filed: June 21, 2019
    Date of Patent: August 17, 2021
    Assignee: Cylance Inc.
    Inventors: Eric Petersen, Derek A. Soeder
  • Patent number: 11095612
    Abstract: Techniques for providing flow meta data exchanges between network and security functions for a security service are disclosed. In some embodiments, a system/process/computer program product for providing flow meta data exchanges between network and security functions for a security service includes receiving a flow at a network gateway of a security service from a software-defined wide area network (SD-WAN) device; inspecting the flow to determine meta information associated with the flow; and communicating the meta information associated with the flow to the SD-WAN device.
    Type: Grant
    Filed: October 30, 2020
    Date of Patent: August 17, 2021
    Assignee: Palo Alto Networks, Inc.
    Inventors: Anand Oswal, Arivu Mani Ramasamy, Bhaskar Bhupalam, Shu Lin
  • Patent number: 11093606
    Abstract: System for detecting a cyber-attack of a SCADA system managed plant. Each industrial computerized device of the system comprises a processor configured with a data validation module to determine whether data flow outputted from a SCADA-connected controller is authentic, and with an alert issuing mechanism activated following detection that the outputted data flow is indicative of a cyber-attack. The at least one dedicated industrial computerized device is operable to passively monitor in parallel data communicated between each of the controllers and the SCADA system including the outputted data at the nearest points of each of the controllers; seek mismatches between the plant state and the physical operation model; if a mismatch is detected, determine whether the mismatch is indicative of a cyber-attack perpetrated with respect to one of the controllers or an operational malfunction; and upon detecting a cyber-attack, activate the alert issuing mechanism to issue a security alert.
    Type: Grant
    Filed: May 25, 2018
    Date of Patent: August 17, 2021
    Assignee: RAFAEL ADVANCED DEFENSE SYSTEMS LTD.
    Inventors: Michael Arov, Ronen Ochman, Moshe Cohen
  • Patent number: 11086993
    Abstract: The invention relates to a system for protecting IoT devices from malicious code, which comprises: (a) a memory extracting module at each of said IoT devices, for extracting a copy of at least a portion of the memory content from the IoT device, and sending the same to an in-cloud server; and (b) an in-cloud server for receiving said memory content, and performing an integrity check for a possible existance of malicious code within said memory content.
    Type: Grant
    Filed: March 7, 2017
    Date of Patent: August 10, 2021
    Assignee: B. G. NEGEV TECHNOLOGIES AND APPLICATIONS LTD., AT BEN-GURION UNIVERSITY
    Inventors: Mordechai Guri, Yuval Elovici
  • Patent number: 11089034
    Abstract: In some embodiments, a behavioral computer security system protects clients and networks against threats such as malicious software and intrusion. A set of client profiles is constructed according to a training corpus of events occurring on clients, wherein each client profile represents a subset of protected machines, and each client profile is indicative of a normal or baseline pattern of using the machines assigned to the client respective profile. A client profile may group together machines having a similar event statistic. Following training, events detected on a client are selectively analyzed against a client profile associated with the respective client, to detect anomalous behavior. In some embodiments, individual events are analyzed in the context of other events, using a multi-dimensional event embedding space.
    Type: Grant
    Filed: December 10, 2018
    Date of Patent: August 10, 2021
    Assignee: Bitdefender IPR Management Ltd.
    Inventors: Daniel Dichiu, Stefan Niculae, Elena A. Bosinceanu, Sorina N. Stoian, Andreea Dincu, Andrei A. Apostoae
  • Patent number: 11089040
    Abstract: This disclosure provides for a signal flow analysis-based exploration of security knowledge represented in a graph structure comprising nodes and edges. “Conductance” values are associated to each of a set of edges. Each node has an associated “toxicity” value representing a degree of maliciousness associated with the node. The conductance value associated with an edge is a function of at least the toxicity values of the nodes to which the edge is incident. A signal flow analysis is conducted with respect to an input node representing an observable associated with an offense. The flow analysis seeks to identify a subset of the nodes that, based on their conductance values, are reached by flow of a signal representing a threat, wherein signal flow over a path in the graph continues until a signal threshold is met. Based on the analysis, nodes within the subset are designated as hypothesis nodes for further examination.
    Type: Grant
    Filed: December 27, 2019
    Date of Patent: August 10, 2021
    Assignee: International Business Machines Corporation
    Inventors: Jiyong Jang, Dhilung Hang Kirat, Youngja Park, Marc Philippe Stoecklin
  • Patent number: 11089053
    Abstract: Systems, methods, and media are used to identify phishing attacks. A notification of a phishing attempt with a parameter associated with a recipient of the phishing attempt is received at a security management node. In response, an indication of the phishing attempt is presented in a phishing attempt search interface. The phishing attempt search interface may be used to search for additional recipients, identify which recipients have been successfully targeted, and provide a summary of the recipients. Using this information, appropriate security measures in response to the phishing attempt for the recipients may be performed.
    Type: Grant
    Filed: September 17, 2018
    Date of Patent: August 10, 2021
    Assignee: ServiceNow, Inc.
    Inventors: Deepakeswaran Sundaragopal Kolingivadi, Amit Sharma, Santosh Reddy Poreddy, Sachin Shivarama Nayak
  • Patent number: 11086992
    Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for identifying, by a file analysis system, a plurality of files that have been uploaded by a user to a particular folder that has been allocated to the user in a file storage service; scanning, by the file analysis system, each of the plurality of files using each of a plurality of antivirus software programs; in response to the scanning, determining that a particular file of the plurality of files is indicated as potentially malicious by a particular antivirus software program of the plurality of antivirus software programs; and providing a notification to a vendor of the particular antivirus software program indicating that the particular file has been indicated as potentially malicious by the particular antivirus software program.
    Type: Grant
    Filed: October 30, 2018
    Date of Patent: August 10, 2021
    Inventor: Jose Bernardo Quintero Ramirez
  • Patent number: 11089033
    Abstract: A state detection section (105) detects states of a plurality of controllers (300, 400) included in a communication system (600). An attack determination section (103) selects, from among a plurality of whitelists (110) each of which is associated with a combination of states, a whitelist (110) associated with the combination of the states of the plurality of controllers (300, 400) detected by the state detection section (105). The attack determination section (103) detects an attack on the communication system (600) by using the selected whitelist (110).
    Type: Grant
    Filed: April 26, 2016
    Date of Patent: August 10, 2021
    Assignee: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Tsunato Nakai, Teruyoshi Yamaguchi, Koichi Shimizu, Nobuhiro Kobayashi
  • Patent number: 11082289
    Abstract: An enterprise platform may include a time series database that may include time series data related to a plurality of configuration items associated with an enterprise. The enterprise platform may also include one or more instance data tables having instance data associated with the plurality of configuration items. The enterprise platform may also include an alert interface that may receive an indication of an alert associated with a configuration item of the plurality of configuration items and determine a subset of a plurality of metrics associated with the alert based on the configuration item and the time series data, the instance data, or both. The alert interface may then generate a plurality of visualizations for display via a user interface based on the subset of the plurality of metrics.
    Type: Grant
    Filed: May 3, 2019
    Date of Patent: August 3, 2021
    Assignee: ServiceNow, Inc.
    Inventors: Kanwaldeep Kaur Dang, Ritika Goyal, Luc John Johnson, Bnayahu Makovsky
  • Patent number: 11082478
    Abstract: The present invention teaches a method for determining an accurate measure of unique download sessions in an environment where IP addresses are shared among multiple devices. According to a first preferred embodiment, the system of the present invention may analyze requested server log data to determine the number of unique client devices sharing the same IP addresses. The system may then dynamically adjust the length of lookback windows for each unique device based on observed download behavior and the number of user agents associated with each overlapping IP address.
    Type: Grant
    Filed: May 7, 2020
    Date of Patent: August 3, 2021
    Assignee: PODTRAC, Inc.
    Inventors: Robert W. Freeland, Mark McCrery, Jason Defontes
  • Patent number: 11077826
    Abstract: A method of operating an activity recognition system includes capturing ambient radio frequency (RF) data by an RF sniffer. The ambient RF data is then received by a processor. The processor reduces noise content of the ambient RF data. Background is then subtracted from the ambient RF data by the processor. The processed ambient RF data is then converted into an image by the processor. The system generates successive images for each one of a plurality of time intervals. An image processing algorithm, stored in a storage medium and executed by the processor, is applied to the plurality of successive images to determine activity recognition.
    Type: Grant
    Filed: January 10, 2020
    Date of Patent: August 3, 2021
    Assignee: CARRIER CORPORATION
    Inventors: Junyang Lin, Zhen Jia, Jie Xi, Tianyuan Chen, Yuanjing Sun
  • Patent number: 11082434
    Abstract: A cognitive security analytics platform is enhanced by providing a technique for automatically inferring temporal relationship data for cybersecurity events. In operation, a description of a security event is received, typically as unstructured security content or data. Information such as temporal data or cues, are extracted from the description, along with security entity and relationship data. Extracted temporal information is processing according to a set of temporal markers (heuristics) to determine a time value marker (i.e., an established time) of the security event. This processing typically involves retrieval of information from one or more structured data sources. The established time is linked to the security entities and relationships. The resulting security event, as augmented with the identified temporal data, is then subjected to a management operation.
    Type: Grant
    Filed: April 6, 2019
    Date of Patent: August 3, 2021
    Assignee: International Business Machines Corporation
    Inventors: Preeti Ravindra, Youngja Park, Dhilung Hang Kirat, Jiyong Jang, Marc Philippe Stoecklin
  • Patent number: 11082436
    Abstract: According to one embodiment, a system features a network security device and a cloud computing service. The network security device is configured to determine whether an object includes one or more characteristics associated with a malicious attack. The cloud computing service, communicatively coupled to and remotely located from the network security device, includes virtual execution logic that, upon execution by a processing unit deployed as part of the cloud computing service and after the network security device determining that the object includes the one or more characteristics associated with the malicious attack, processes the object and monitors for behaviors of at least the object suggesting the object is associated with a malicious attack.
    Type: Grant
    Filed: October 21, 2019
    Date of Patent: August 3, 2021
    Assignee: FireEye, Inc.
    Inventors: Muhammad Amin, Masood Mehmood, Ramaswamy Ramaswamy, Madhusudan Challa, Shrikrishna Karandikar
  • Patent number: 11082435
    Abstract: Exemplary systems and methods for malware attack detection and identification are provided. A malware detection and identification system a controller that features an analysis environment including a virtual machine. The analysis environment to (1) receive data by the virtual machine of the analysis environment and identify a portion of the data that have been received from one or more untrusted, (2) monitor state information associated with the identified portion of the data during execution by the virtual machine, (3) identify an outcome of the state information by tracking the state information during execution of the identified portion of the data by the virtual machine, and (4) determine whether the identified outcome comprises a redirection in control flow during execution by the virtual machine of the portion of the data, the redirection in the control flow constituting an unauthorized activity.
    Type: Grant
    Filed: May 6, 2019
    Date of Patent: August 3, 2021
    Assignee: FireEye, Inc.
    Inventors: Ashar Aziz, Wei-Lung Lai, Jayaraman Manni
  • Patent number: 11073809
    Abstract: Devices, systems and methods for controlling electrical loads in one or more areas. A method includes transmitting, with a microcontroller via a transceiver, a sync packet including a unique address of the lighting fixture control module to a bus. The method includes listening, via the transceiver, on the bus. The method includes placing the microcontroller into a master operation mode when a master sync timeout period expires without receiving a second sync packet including a unique address for a second master device from the bus. The method includes placing the microcontroller into a subordinate operation mode when the second sync packet is received from the bus during the master sync timeout period.
    Type: Grant
    Filed: August 30, 2019
    Date of Patent: July 27, 2021
    Assignee: Hubbell Incorporated
    Inventors: Theodore E. Weber, Mark A. Rosenau, Thomas J. Hartnagel, Michael L. Muecke, Terrence R. Arbouw
  • Patent number: 11075927
    Abstract: A fraud detection electronic control unit is connected to an electronic control unit through an in-vehicle network system. The fraud detection electronic control unit includes a storage and a determination unit. The storage stores a first regulation for determining whether the frame transmitted from the electronic control unit is fraudulent. The determination unit determines whether the frame transmitted from the electronic control unit is fraudulent in pursuant to the first regulation. When a predetermined condition is satisfied, the storage acquires a second regulation retained by the electronic control unit and updates the stored first regulation.
    Type: Grant
    Filed: June 25, 2019
    Date of Patent: July 27, 2021
    Assignee: PANASONIC INTELLECTUAL PROPERTY MANAGEMENT CO., LTD.
    Inventors: Kazuya Fujimura, Jun Anzai, Masato Tanabe
  • Patent number: 11074152
    Abstract: A quality score for a computer application release is determined using a first number of unique users who have launched the computer application release on user devices and a second number of unique users who have encountered at least once an abnormal termination with the computer application release on user devices. Additionally or optionally, an application quality score can be computed for a computer application based on quality scores of computer application releases that represent different versions of the computer application. Additionally or optionally, a weighted application quality score can be computed for a computer application by further taking into consideration the average application quality score and popularity of a plurality of computer applications.
    Type: Grant
    Filed: May 31, 2020
    Date of Patent: July 27, 2021
    Assignee: Splunk Inc.
    Inventors: Ioannis Vlachogiannis, Vasileios Karampinas
  • Patent number: 11074534
    Abstract: A method of determining a microbiological risk level in food, comprising determining zero-inflated binomial (ZIB) distribution parameters (?, p); i) determining cumulative relative frequencies (fo, fi, f2, . .. , fx) for a number of occurrences (0, 1, 2, x) of defective samples; ii) calculating a vector of a sub-set of zero-inflation parameters (?) of k+1 elements according to; o/o=[0, 1* fo/k, 2*fo/ k, k*fo/k]; iii) calculating a vector of a sub-set of first parameters (?) based on the sub-set of zero-inflation parameter (?); iv) for the vector pairs (p, ?) in the sub-set of first parameters and the sub¬set of zero-inflation parameters, determining a square error between said cumulative relative frequencies and cumulative theoretical probabilities Px of having ?x occurrences over N samples for a ZIB distribution; v) determining the zero-inflation parameter lt) and the first parameter (p) as the vector pair providing the least square error.
    Type: Grant
    Filed: October 23, 2018
    Date of Patent: July 27, 2021
    Assignee: TETRA LAVAL HOLDINGS & FINANCE S.A.
    Inventors: Luca Piccicuto, Pietro Tarantino