Virus Detection Patents (Class 726/24)
  • Patent number: 11461467
    Abstract: Techniques are provided for detecting malicious software code embedded in image files, using machine learning. One method comprises obtaining metadata for an image file; applying the obtained metadata to at least one machine learning technique to classify the image file into at least one of a plurality of predefined classes, wherein the plurality of predefined classes comprises at least one malicious file class; and determining whether the image file comprises malicious software code based on the classification. The machine learning technique can be trained using image files classified into at least one of the plurality of predefined classes. The machine learning technique may employ a deep neural network and/or a convolutional neural network to classify the image file into the at least one predefined class.
    Type: Grant
    Filed: May 1, 2019
    Date of Patent: October 4, 2022
    Assignee: EMC IP Holding Company LLC
    Inventors: Or Herman Saffar, Amihai Savir, Yevgeni Gehtman
  • Patent number: 11461465
    Abstract: A method protects a daemon in an operating system of a host computer. The operating system detects that there is an access of a plist file of a daemon by a process in the computer. If so, then it executes a callback function registered for the plist file. The callback function sends to a kernel extension a notification of the attempted access. The kernel extension returns a value to the operating system indicating that the access should be denied. The operating system denies access to the plist file of the daemon by the process. The extension may also notify an application which prompts the user for instruction. The kernel extension also protects itself by executing its exit function when a command is given to unload the extension, and the exit function determines whether or not the command is invoked by an authorized application, such as by checking a flag.
    Type: Grant
    Filed: March 19, 2021
    Date of Patent: October 4, 2022
    Assignee: TREND MICRO INC.
    Inventors: Chuan Jiang, Xilin Li, Yafei Zhang
  • Patent number: 11456993
    Abstract: In one aspect, an example method includes receiving, from a first content-presentation device, a request for supplemental content for use in connection with performing a content-modification operation; identifying a download conflict between the first content-presentation device and a second content-presentation device having a same IP address as the first content-presentation device; and providing, to the first content-presentation device, a response to the request, with the request including a download delay instruction. Reception of the download delay instruction by the first content-presentation device causes the first content-presentation device to wait until a condition associated with the download delay instruction is satisfied before downloading a supplemental content item specified in the response.
    Type: Grant
    Filed: June 23, 2021
    Date of Patent: September 27, 2022
    Assignee: ROKU, INC.
    Inventor: Matthew Grover
  • Patent number: 11451561
    Abstract: In one embodiment, a device obtains execution records regarding executions of a plurality of binaries. The execution records comprise command line arguments used during the execution. The device determines measures of similarity between the executions of the binaries based on their command line arguments. The device clusters the executions into clusters based on the determined measures of similarity. The device flags the command line arguments for a particular one of the clusters as an indicator of compromise for malware, based on at least one of the binaries associated with the particular cluster being malware.
    Type: Grant
    Filed: September 14, 2018
    Date of Patent: September 20, 2022
    Assignee: Cisco Technology, Inc.
    Inventors: Jan Jusko, Danila Khikhlukha, Harshit Nayyar
  • Patent number: 11451570
    Abstract: A testing computer system communicates with a cloud computing platform coupled to one or more target computer systems. The testing computer system receives a list of target computer systems from the cloud computing platform, generates respective test payloads for a set of the target systems, and sends the test payloads to the set of target systems. Each respective test payload is useable by its respective target system to perform a security scan of the target system and send test results to the testing computer system and includes instructions that cause the test payloads to be deleted after the security scan is performed. The testing computer system receives test results generated by the set of target systems and evaluates the test results to determine whether any of the set of target systems is implicated in a security breach.
    Type: Grant
    Filed: June 27, 2019
    Date of Patent: September 20, 2022
    Assignee: Kaseya Limited
    Inventors: Ryan Brandt Morris, Christopher Michael Gerritz
  • Patent number: 11449896
    Abstract: There is disclosed in one example a computing apparatus, including: a processor and a memory; instructions encoded within the memory to instruct the processor to: identify a downloaded file on a file system; inspect a metadata object attached to the downloaded file; parse the metadata object to extract an advertiser identification string from a GET code portion of a uniform resource locator (URL); query a reputation cache for a reputation for the advertiser identification string; receive a deceptive reputation for the advertiser identification string; and take a remedial action against the downloaded file.
    Type: Grant
    Filed: September 30, 2019
    Date of Patent: September 20, 2022
    Assignee: McAfee, LLC
    Inventors: Oliver G. Devane, Lee Codel Lawson Tarbotton, Federico Barbieri
  • Patent number: 11440201
    Abstract: Artificial intelligence (AI)-based process identification, extraction, and automation for robotic process automation (RPA) is disclosed. Listeners may be deployed to user computing systems to collect data pertaining to user actions. The data collected by the listeners may then be sent to one or more servers and be stored in a database. This data may be analyzed by AI layers to recognize patterns of user behavioral processes therein. These recognized processes may then be distilled into respective RPA workflows and deployed to automate the processes.
    Type: Grant
    Filed: December 9, 2019
    Date of Patent: September 13, 2022
    Assignee: UiPath, Inc.
    Inventors: Prabhdeep Singh, Christian Berg
  • Patent number: 11442623
    Abstract: An information management system is described herein that performs either a pre-processing or a post-processing operation to increase browse and restore speeds when a user attempts to browse for and restore files from a secondary copy of a data volume. For example, the information management system can implement the pre-processing operation by parsing a master file table (MFT) when a secondary copy operation is initiated on the data volume. The information management system can implement the post-processing operation by parsing the MFT after a secondary copy operation is complete. The parsing can occur to identify records of the MFT that include information useful for enabling a user to browse a secondary copy of the data volume. The information management system can then store the secondary copy of these records for use later in constructing an interface for browsing a secondary copy of the data volume.
    Type: Grant
    Filed: May 2, 2019
    Date of Patent: September 13, 2022
    Assignee: Commvault Systems, Inc.
    Inventors: Sri Karthik Bhagi, Sunil Kumar Gutta
  • Patent number: 11444901
    Abstract: A fraudulent email decision device (10) is provided with a consistency analysis unit (24). The consistency analysis unit (24) identifies an intention of a subject email by, for example, a method of, with respect to a newly received incoming email as a subject email, extracting a function term, being a word expressing a reason the subject email was sent, from a body of the subject email. The consistency analysis unit (24) decides whether or not the subject email is a fraudulent email, from a relationship between another incoming email received in the past from the same sender as the sender of the subject email, and the identified intention of the subject email.
    Type: Grant
    Filed: October 1, 2020
    Date of Patent: September 13, 2022
    Assignee: Mitsubishi Electric Corporation
    Inventors: Takumi Yamamoto, Hiroki Nishikawa, Kiyoto Kawauchi
  • Patent number: 11443032
    Abstract: Examples of the present disclosure describe systems and methods for detecting and mitigating stack pivoting exploits. In aspects, various “checkpoints” may be identified in software code. At each checkpoint, the current stack pointer, stack base, and stack limit for each mode of execution may be obtained. The current stack pointer for each mode of execution may be evaluated to determine whether the stack pointer falls within a stack range between the stack base and the stack limit of the respective mode of execution. When the stack pointer is determined to be outside of the expected stack range, a stack pivot exploit is detected and one or more remedial actions may be automatically performed.
    Type: Grant
    Filed: November 3, 2020
    Date of Patent: September 13, 2022
    Assignee: WEBROOT INC.
    Inventor: Andrew Sandoval
  • Patent number: 11445340
    Abstract: Techniques are disclosed for identifying anomalous subjects and devices at a site. The devices may or may not be carried by or associated with subjects at the site. A number of various types of sensors may be utilized for this purpose. The sensors gather data about the subjects and devices. The data is processed by a data processing module which provides its output to a rolling baseline engine. The rolling baseline engine establishes a baseline for what is considered the “normal” behavior for subjects/devices at the site based on a desired dimension of analysis. Data associated with subjects/devices that is not normal is identified as an anomaly along with the associated subject/device. The findings are archived for performing analytics as required.
    Type: Grant
    Filed: January 21, 2021
    Date of Patent: September 13, 2022
    Assignee: Flying Cloud Technologies, Inc.
    Inventor: Brian P. Christian
  • Patent number: 11435990
    Abstract: The methods and apparatus for detecting malware using JAR file decompilation are disclosed. An apparatus for decompiling class files, the apparatus comprising a class feature unpacker to unpack a class feature from a class file included in an instruction set, a constant pool address generator to generate a constant pool address table, from the class features, including a plurality of constant pool blocks, based on constant pool type, through an iterative process, a class feature identifier to determine values for each constant pool block based on a constant pool type and store the determined values as a class file feature set, a feature value identifier to obtain raw feature values from a class file feature set and non-class file features, and a feature matrix generator to generate a matrix based on the raw features that correspond to the instruction set.
    Type: Grant
    Filed: August 14, 2019
    Date of Patent: September 6, 2022
    Assignee: MCAFEE, LLC
    Inventor: Daniel Burke
  • Patent number: 11436327
    Abstract: One embodiment of the described invention is directed to a computerized method for improving detection of cybersecurity threats initiated by a script. Herein, the method is configured to analyze the script provided as part of a script object by at least (i) determining whether any functional code blocks forming the script include a critical code statement, (ii) determining whether any of the functional code blocks include an evasive code statement, (iii) modifying the script to control processing of a subset of the functional code blocks by avoiding an execution code path including the evasive code statement and processing functional code blocks forming a code path including the critical code statement, and (iv) executing of the modified script and monitoring behaviors of a virtual environment. Thereafter, the method is configured to determine whether the script including cybersecurity threats based on the monitored behaviors.
    Type: Grant
    Filed: December 23, 2020
    Date of Patent: September 6, 2022
    Assignee: FireEye Security Holdings US LLC
    Inventors: Sai Vashisht, Sushant Paithane, Imtiyaz Yunus Pathan
  • Patent number: 11431801
    Abstract: Techniques are provided for offloading the management of sensor data and generating custom views of sensor data. Sensor data received from a data network through a message is stored within storage managed by a computing device. A handle is generated to identify the sensor data. The sensor data within the message is replaced with the handle, and the message is transmitted to a device within the data network. The device may use handles of sensor data to request custom views of sensor data.
    Type: Grant
    Filed: March 26, 2019
    Date of Patent: August 30, 2022
    Assignee: NetApp Inc.
    Inventors: David Slik, Keith Arnold Smith
  • Patent number: 11416608
    Abstract: Events within a computer system are grouped in order to identify security threats and, in some cases, perform an action to mitigate the threat. In some aspects, a computing system event that meets a criterion, are identified. A first layer of computing resources is determined which includes computing resources referenced during the computing system event. A second layer of computing resources is then determined, the second layer including one or more of a parent process or file loaded by the first layer processes, a process writing to a file included in the first layer of computing resources, or a previous version of a file included in the first layer of computing resources. Similarities between computing resource pairs in the first and second layers are determined, and a group of high similarity pairs related to each other is identified. In some embodiments, a mitigating action is identified based on the group.
    Type: Grant
    Filed: May 29, 2020
    Date of Patent: August 16, 2022
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Sadegh Momeni Milajerdi, Mariusz H. Jakubowski, Jugal Parikh
  • Patent number: 11409916
    Abstract: A method to transform the function of a programmable circuit (e.g. FPGA) for removing functional bugs or Hardware Trojans is provided.
    Type: Grant
    Filed: August 28, 2020
    Date of Patent: August 9, 2022
    Assignee: EASY-LOGIC TECHNOLOGY LTD.
    Inventors: Yu-Liang Wu, Xing Wei, Tak-Kei Lam, Yi Diao
  • Patent number: 11409868
    Abstract: A processing system including at least one processor may detect an accessing of a file, where the accessing comprises a read operation, generate a copy of the file in response to detecting the accessing of the file, and store the copy of the file in a designated storage location. The processing system may further detect a completion of the accessing of the file, apply a checksum operation to the file to generate a checksum in response to detecting the completion of the accessing of the file, determine that the checksum does not match an expected checksum for the file, and generate an alert of a possible manipulation of the file in response to determining that the checksum does not match the expected checksum.
    Type: Grant
    Filed: September 26, 2019
    Date of Patent: August 9, 2022
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: Dylan Reid, Joseph Soryal
  • Patent number: 11409884
    Abstract: A system, method, and computer-readable medium for a security vulnerability detection operation. The security vulnerability operation includes configuring a firmware security profiling environment with a trusted host and a trusted service processor; receiving a firmware update file via the trusted service processor; using the trusted service processor to identify a security vulnerability within the firmware update file; and, installing the firmware update file to the information handling system only when no security vulnerability is identified by the trusted service processor, the installing being performed by the trusted host.
    Type: Grant
    Filed: October 31, 2018
    Date of Patent: August 9, 2022
    Assignee: Dell Products L.P.
    Inventors: Chitrak Gupta, Rama Rao Bisa, Elie A. Jreij, Sushma Basavarajaiah, Kala Sampathkumar, Mainak Roy
  • Patent number: 11399033
    Abstract: There is disclosed in one example an advertisement reputation server, including: a hardware platform including a processor and a memory; a network interface; and an advertisement reputation engine including instructions encoded in memory to instruct the processor to: receive via the network interface a plurality of advertisement instances displayed on client devices; extract from the advertisement instances an advertiser identifier; analyze one or more advertisements associated with the advertiser identifier to assign an advertiser reputation; and publish via the network interface advertisement reputation information derived from the reputation for the advertisement identifier.
    Type: Grant
    Filed: June 25, 2019
    Date of Patent: July 26, 2022
    Assignee: McAfee, LLC
    Inventors: Joel R. Spurlock, Nikhil Meshram, Prashanth Palasamudram Ramagopal, Daniel L. Burke
  • Patent number: 11399040
    Abstract: A computerized method is described for authenticating access to a subscription-based service to detect an attempted cyber-attack. First, a request is received by a subscription review service to subscribe to the subscription-based service. The service is configured to analyze one or more objects for a potential presence of malware representing the attempted cyber-attack. Using service policy level information, the cloud broker selects a cluster from a plurality of clusters to analyze whether the one or more objects are associated with the attempted cyber-attack and establishes a communication session between the sensor and the cluster via the cloud broker. The service policy level information is associated with the customer and is used in accessing the subscription-based service. The service policy level information includes at least an identifier assigned to the customer.
    Type: Grant
    Filed: September 28, 2020
    Date of Patent: July 26, 2022
    Assignee: FireEye Security Holdings US LLC
    Inventors: Mumtaz Siddiqui, Manju Radhakrishnan
  • Patent number: 11389728
    Abstract: Provided is a method of monitoring mobile game macro user. The method is performed by a processor of a computer.
    Type: Grant
    Filed: February 15, 2021
    Date of Patent: July 19, 2022
    Assignee: NHN CORPORATION
    Inventor: Chang Yul Lee
  • Patent number: 11394733
    Abstract: A system provides for generation and implementation of resiliency controls for securing technology resources. In particular, the system may generate a model for securing technology resources based on compromise vectors that may affect the integrity or security of the resources, along with resiliency controls which may be used by the system to protect the resources. Based on the above information, the system may determine the impact that certain vectors may have on certain resources and assess the resistance of the resources to the impacts. In this way, the system may provide an efficient way to assess resiliency of resources and implement resiliency controls to protect such resources.
    Type: Grant
    Filed: November 12, 2019
    Date of Patent: July 19, 2022
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: Brandon Sloane, Lydia Lambright, Regina Yee Cadavid, Gloria Joo
  • Patent number: 11386206
    Abstract: A system and method model activities in the production environment as sequences of microservices, and identify unusual activities by analyzing these sequences. In particular, a directed graph of usual activity is formed as a basis for determining unusual activities. Next, activities that were actually performed are determined by statistically analyzing records of microservice invocation in application diagnostic files. These activity sequences are overlaid on the directed graph to determine relative fit by using a trace coverage percentage score. Application instances or activities with low relative fit are deemed suspicious. If the low fit persists for an extended duration, then the instances or activities are deemed unusual and an individual is alerted to begin a manual review.
    Type: Grant
    Filed: September 21, 2020
    Date of Patent: July 12, 2022
    Assignee: Dell Products L.P.
    Inventors: Parminder Singh Sethi, Kanika Kapish, Anay Kishore, Kunal Visoulia
  • Patent number: 11379143
    Abstract: Provided is a storage system in which a plurality of virtual volumes obtained by replicating a master virtual volume are provided to each of a plurality of virtual machines of a physical server, respectively, the storage system including: a snapshot management unit that configures a continuous scan generation from the plurality of virtual volumes; a selection processing unit that groups into at least one scan group on the basis of a duplication rate of the plurality of virtual volumes included in the continuous scan generation; and a path setting unit that collectively unmounts the plurality of virtual volumes belonging to the scan group from the physical server in a case where a replica of the virtual volume selected by the selection processing unit is attached to a virus scanning server and one of the plurality of virtual volumes belonging to the scan group is infected with virus.
    Type: Grant
    Filed: September 4, 2020
    Date of Patent: July 5, 2022
    Assignee: Hitachi, Ltd.
    Inventor: Shunsuke Handa
  • Patent number: 11381586
    Abstract: A method may include monitoring calls and/or traffic on a network and identifying behavior associated with each of a plurality of user devices with respect to activity on the network. The method may also include aggregating information about the behavior associated with the user devices, determining whether the aggregated information corresponds to an anomaly with respect to usage of the network and determining, when the aggregated information corresponds to the anomaly, whether the anomaly meets a threshold based on a type of anomaly and a number of user devices affected by the anomaly. The method may further include identifying, when the aggregated information corresponds to the anomaly, user devices in an area corresponding to the anomaly, generating a notification in response to determining that the aggregated information corresponds to the anomaly and transmitting the notification to the identified user devices in the area corresponding to the anomaly.
    Type: Grant
    Filed: November 20, 2019
    Date of Patent: July 5, 2022
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Shoma Chakravarty, Manah M. Khalil
  • Patent number: 11379689
    Abstract: Disclosed is a method of analyzing abnormal behavior by using data imaging, including: receiving data to be analyzed as an input, wherein the data to be analyzed is related to a state of a system to be analyzed; converting the inputted data to be analyzed into image data; training a neural network unit with the converted image data as an input; and detecting or predicting abnormal behavior in the system to be analyzed, at the neural network unit, which has received the image data converted from the data to be analyzed as the input and completed training.
    Type: Grant
    Filed: February 12, 2018
    Date of Patent: July 5, 2022
    Assignee: CTILAB CO., LTD.
    Inventors: Hong Yeon Cho, Tae Yang Oh, Won Woo Park
  • Patent number: 11373065
    Abstract: Presence of malicious code can be identified in one or more data samples. A feature set extracted from a sample is vectorized to generate a sparse vector. A reduced dimension vector representing the sparse vector can be generated. A binary representation vector of reduced dimension vector can be created by converting each value of a plurality of values in the reduced dimension vector to a binary representation. The binary representation vector can be added as a new element in a dictionary structure if the binary representation is not equal to an existing element in the dictionary structure. A training set for use in training a machine learning model can be created to include one vector whose binary representation corresponds to each of a plurality of elements in the dictionary structure.
    Type: Grant
    Filed: January 17, 2018
    Date of Patent: June 28, 2022
    Assignee: Cylance Inc.
    Inventor: Andrew Davis
  • Patent number: 11372982
    Abstract: A centralized network environment is provided for processing validated executable data based on authorized hash outputs. In particular, the system may generate cryptographic hash outputs of code or software that has been evaluated (e.g., within a virtual environment). The system may then store the hash outputs within a hash database which may be accessible by multiple entity networks, where multiple entities may upload hash output values to and/or retrieve hash output values from the hash database. Based on the data within the hash database, each entity may efficiently identify code that may be safe or unsafe to execute on certain computing systems within its network environment. The system may further comprise an artificial intelligence-powered component which may be configured to detect patterns within code that has been identified by the system as unsafe and provide notifications containing systems likely to be affected and recommended countermeasures.
    Type: Grant
    Filed: July 2, 2020
    Date of Patent: June 28, 2022
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: George Albero, Jake Michael Yara, Edward Lee Traywick, Konata Stinson, Emanuel David Guller, Scot Lincoln Daniels, Rick Wayne Sumrall, Carrie Elaine Gates
  • Patent number: 11372978
    Abstract: A system facilitates detection of malicious properties of software packages. A generic application which comprises known functionality into which a software package has been included is analyzed through a static analysis and/or dynamic analysis, which is performed based on executing the generic application in a controlled environment. The static analysis and/or dynamic analysis are performed to determine whether one or more properties associated with the software package comprise deviations from the known behavior of the generic application. Behavior deviations identified based on the static and/or dynamic analysis are associated with a score. An aggregate score is calculated for the software package based on the scores which have been assigned to the identified behavior deviations and may be adjusted based on a reputation multiplier determined based on metadata of the software package. If the aggregate score of the software package exceeds a score threshold, the software package is flagged as malicious.
    Type: Grant
    Filed: April 13, 2020
    Date of Patent: June 28, 2022
    Assignee: Twistlock Ltd.
    Inventors: Ory Segal, Yuri Shapira, Avraham Shulman, Benny Nissimov, Shaked Yosef Zin
  • Patent number: 11368432
    Abstract: A computing device can install and execute a kernel-level security agent that interacts with a remote security system as part of a detection loop aimed at defeating malware attacks. The kernel-level security agent can be installed with a firewall policy that can be remotely enabled by the remote security system in order to “contain” the computing device. Accordingly, when the computing device is being used, and a malware attack is detected on the computing device, the remote security system can send an instruction to contain the computing device, which causes the implementation, by an operating system (e.g., a Mac™ operating system) of the computing device, of the firewall policy accessible to the kernel-level security agent. Upon implementation and enforcement of the firewall policy, outgoing data packets from, and incoming data packets to, the computing device that would have been allowed prior to the implementation of the firewall policy are denied.
    Type: Grant
    Filed: May 18, 2020
    Date of Patent: June 21, 2022
    Assignee: Crowd Strike, Inc.
    Inventors: Paul Meyer, Cameron Gutman, John R. Kooker
  • Patent number: 11368475
    Abstract: A system and method for retrieval and analysis of stored objects for malware is described. The method involves receiving a scan request message from a customer to conduct analytics on one or more objects stored within a third-party controlled service. In response to receipt of the scan request message, the system generates a redirect message. The redirect message redirects the customer to an authentication portal of the third-party controlled service operating as a logon page and configures receipt by the system of access credentials for the third-party controlled service upon verification of the customer. Using the access credentials, the system is able to retrieve the one or more objects using the access credentials and performing analytics on each object of the one or more objects to classify each object as malicious or benign.
    Type: Grant
    Filed: December 21, 2018
    Date of Patent: June 21, 2022
    Assignee: FireEye Security Holdings US LLC
    Inventor: Sai Vashisht
  • Patent number: 11366907
    Abstract: In order to analyze, efficiently and with high precision, the similarity in operation between software that is being examined and a known malware, this malware analysis device 40 is equipped with: an abstraction unit 41 for generating first abstraction information 410 obtained by abstracting first operation information 440 which indicates the result of an operation of sample software; an abstraction information storage unit 45 for storing second abstraction information 450 obtained by abstracting second operation information which indicates one or more operation results obtained for each piece of software that has been compared with the sample; a calculation unit 42 for calculating the similarity between the first abstraction information 410 and the second abstraction information 450; and a specifying unit 43 for specifying the compared software for which the similarity satisfies a criteria.
    Type: Grant
    Filed: October 11, 2017
    Date of Patent: June 21, 2022
    Assignee: NEC CORPORATION
    Inventor: Satoshi Ikeda
  • Patent number: 11368291
    Abstract: An interface, through which functionality of a cloud computing infrastructure can be accessed, can create defined endpoints through which such an interface is accessed, with such defined endpoints limiting the functionality accessible through the interface to only allowed functions. An elevate function can, through a secure key exchange protocol, receive appropriate assurances and can, in response, remove the functionality limitations of the endpoint, thereby enabling unfettered access to the cloud computing infrastructure. Such unrestricted access can be limited in duration, which duration can be established in advance, or agreed-upon through the key exchange mechanism.
    Type: Grant
    Filed: June 15, 2020
    Date of Patent: June 21, 2022
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Armando Moran Saavedra, Daniel Pravat, Filippo Seracini, Lee Holmes, Alexandru Naparu
  • Patent number: 11356479
    Abstract: Disclosed herein are systems and methods for automatic takedown of counterfeit websites using API-based and/or email-based takedown. In implementations the method includes checking the domain of a Uniform Resource Locator (URL) against a database to determine if an API-based takedown can be performed for the counterfeit website. If an API-based takedown cannot be performed the system determines the email of the hosting provider hosting the counterfeit website based on the resolve Internet Protocol (IP) address and sends a takedown notification via email with evidence such as screenshots, hosting infrastructure information, website lifecycle and scan timestamp. The system checks periodically whether the counterfeit website has been taken down by the network owner. If, after a check, the website is still live, the process of takedown is repeated until the website is taken down.
    Type: Grant
    Filed: February 24, 2020
    Date of Patent: June 7, 2022
    Assignee: Bolster, Inc
    Inventors: Shashi Prakash, Abhishek Dubey
  • Patent number: 11349852
    Abstract: A network-based line-rate method and apparatus for detecting and managing potential malware utilizing a black list of possible malware to scan content and detect potential malware content based upon characteristics that match the preliminary signature. The undetected content is then subjected to an inference-based processes and methods to determine whether the undetected content is safe for release. Typical to inference-based processes and method, the verdict is a numerical value within a predetermined range, out of which content is not safe. The network content released if the verdict is within safe range, otherwise, the apparatus provides various options of handling such presumably unsafe content; options including, soliciting user input whether to release, block, or subject the content to further offline behavioral analysis.
    Type: Grant
    Filed: August 30, 2017
    Date of Patent: May 31, 2022
    Assignee: Wedge Networks Inc.
    Inventors: Hongwen Zhang, Mark Koob, Kevin Chmilar, Husam Kinawi
  • Patent number: 11349855
    Abstract: A computer-implemented system and method for detecting and terminating a ransomware attack at its very early stage, reducing damages of data loss if occurred, while minimally disturbing ongoing operations within the organization's most demanding business goals (RTO/RPO).
    Type: Grant
    Filed: February 4, 2022
    Date of Patent: May 31, 2022
    Assignee: TEN ROOT CYBER SECURITY LTD.
    Inventor: Dor Amit
  • Patent number: 11347848
    Abstract: The present disclosure relates to a system and method for performing anti-malware scanning of data files that is data-centric rather than device-centric. In the example, a plurality of computing devices are connected via a network. An originating device creates or first receives data, and scans the data for malware. After scanning the data, the originating device creates and attaches to the data a metadata record including the results of the malware scan. The originating device may also scan the data for malware contextually-relevant to a second device.
    Type: Grant
    Filed: September 16, 2019
    Date of Patent: May 31, 2022
    Assignee: McAfee, LLC
    Inventors: Dattatraya Kulkarni, Srikanth Nalluri, Kamlesh Halder, Venkatasubrahmanyam Krishnapur, Sailaja K. Shankar, Kaushal Kumar Dhruw
  • Patent number: 11341240
    Abstract: A system for reducing the effects of unwanted software (“malware”) is described having a user computing device which runs on a user operating system (UOS) and a user web browser coupled by a limited communication link to a host computing device including VM executable code for emulating a virtual machine, a virtual OS which runs on the virtual machine and a web browser adapted to run on the virtual OS. The limited communication link connected between the user computing device and the host computing device is adapted to pass certain user input communications (signals from the input devices) from the user computing device to the host computing device; and pass certain output communications (signals to output devices) from the host computing device to the user computing device thereby restricting malware from being introduced to the user computing device.
    Type: Grant
    Filed: February 22, 2019
    Date of Patent: May 24, 2022
    Inventors: Zachary Waldman, Samuel Neely
  • Patent number: 11343276
    Abstract: This disclosure generally revolves around providing users with advance warning that a message that they have received may be suspicious. The user may not be aware of known threats, may not recognize threats in real time, or may not be aware of new threats, and therefore may unintentionally interact with a hazardous message. A security awareness system, on the other hand, is aware of known threats and may become aware of new threats more quickly than users can be trained to identify them. The system may notify the user when one of these threats are found in their messages. The disclosure further provides systems and methods for updating the security awareness training for users for new threats that appear.
    Type: Grant
    Filed: July 10, 2018
    Date of Patent: May 24, 2022
    Assignee: KnowBe4, Inc.
    Inventors: Benjamin Edwards, Alin Irimie, Greg Kras
  • Patent number: 11343280
    Abstract: The present system and method pertain to the detection of malicious software and processes such as malware. A cloud security policy system receives hashes and behavioral information about applications and/or processes executing on user devices. The cloud security policy system records this information and then evaluates the trustworthiness of the hashes based on the information received from the user devices to provide a security policy for the applications and/or processes. The security policy is sent from the cloud security policy system to user devices to be applied by the user devices.
    Type: Grant
    Filed: May 31, 2019
    Date of Patent: May 24, 2022
    Assignee: Carbon Black, Inc.
    Inventor: Jeffrey Albin Kraemer
  • Patent number: 11341236
    Abstract: An illustrative method includes a data protection system determining that a total amount of read traffic and write traffic processed by a storage system during a time period exceeds a threshold, the read traffic representing data read from the storage system during the time period and the write traffic representing data written to the storage system during the time period, determining that the write traffic is less compressible than the read traffic, and determining, based on the total amount of read traffic and write traffic exceeding the threshold and on the write traffic being less compressible than the read traffic, that the storage system is possibly being targeted by a security threat.
    Type: Grant
    Filed: June 30, 2020
    Date of Patent: May 24, 2022
    Assignee: Pure Storage, Inc.
    Inventors: Andrew Miller, Ronald Karr, Andrew Kutner, Patrick D. Lee, David Huskisson, John Colgrove, Jean-Luc Degrenand
  • Patent number: 11343263
    Abstract: The present disclosure relates to methods, systems, and computer program products for generating an asset remediation trend map used in remediating against an attack campaign. The method comprises receiving attack kill chain data. The attack kill chain data comprises steps for executing an attack campaign on one or more assets associated with a computing device. The method further comprises parsing the attack kill chain data to determine one or more attack execution operations for executing the attack campaign on the one or more assets associated with the computing device. The method determines based on the parsing, one or more remediation operations corresponding to the one or more attack execution operations. In addition, the method sequences the one or more remediation operations to form an asset remediation trend map. In one implementation, the asset remediation trend map indicates steps for remediating the attack campaign.
    Type: Grant
    Filed: April 15, 2019
    Date of Patent: May 24, 2022
    Assignee: Qualys, Inc.
    Inventors: Ankur S. Tyagi, Mayuresh Vishwas Dani
  • Patent number: 11336676
    Abstract: Techniques to facilitate operation of a centralized trust authority for web application components are disclosed herein. In at least one implementation, a plurality of web resources used to construct web applications is received. Over a secure application programming interface (API), component registration information associated with each of the plurality of web resources is received, provided by producers of the web resources. The plurality of web resources is analyzed to determine unique identities and security attributes for each of the web resources. A plurality of security risk factors is identified for each of the plurality of web resources based on the component registration information and the security attributes determined for each of the web resources. A security profile is generated for each of the plurality of web resources based on the security risk factors identified for each of the web resources.
    Type: Grant
    Filed: November 12, 2019
    Date of Patent: May 17, 2022
    Assignee: Tala Security, Inc.
    Inventors: Aanand Krishnan, Swapnil Bhalode, Siddhesh Yawalkar, Sanjay Sawhney, Hemant Puri
  • Patent number: 11336557
    Abstract: A network device includes storage. The network device also includes a forwarding information manager. The storage stores forwarding information. The storage also stores information source rankings. The forwarding information manager obtains information from a source. The information source rankings include a ranking associated with the source. The forwarding information manager makes a determination, based on the information source rankings, that the source is undesirable. The forwarding information manager discards the information without processing the information based on the determination.
    Type: Grant
    Filed: November 7, 2019
    Date of Patent: May 17, 2022
    Assignee: Arista Networks, Inc.
    Inventor: John W. French
  • Patent number: 11334672
    Abstract: A cluster is scanned. The cluster includes one or more virtual machines. A first content file change is detected based on the scan of the cluster. The first content file change is to a first content file. The first content file is located on a first virtual machine related to the cluster. A content-based security level of the cluster is determined based on the detection of the first content file change. The determined content-based security level of the cluster is compared to a security level standard of the cluster. A security gap is identified based on the comparison of the determined content-based security level to the security level standard of the cluster. In response to the identification of the security gap, an update to the security settings of the cluster is performed.
    Type: Grant
    Filed: November 22, 2019
    Date of Patent: May 17, 2022
    Assignee: International Business Machines Corporation
    Inventor: Shailaja Mallya
  • Patent number: 11334240
    Abstract: The present disclosure provides a method, device, electronic device, and storage medium for sending and receiving message. The method for sending a message can include: receiving an operation instruction for selecting a resource icon; acquiring an image resource based on the resource icon in response to the operation instruction; detecting an operation gesture; determining control information of the image resource for controlling a presentation effect of the image resource based on the operation gesture; generating the message by encapsulating the image resource and the control information; and sending the message to a receiver device.
    Type: Grant
    Filed: July 22, 2020
    Date of Patent: May 17, 2022
    Assignee: Beijing Dajia Internet Information Technology Co., Ltd.
    Inventors: Xuan Liu, Zhenlong Bai, Kaijian Jiang, Chao Wang
  • Patent number: 11328061
    Abstract: Disclosed herein are systems and method for inspecting archived slices for malware. In one exemplary aspect, the method comprises mounting, to a disk, a first slice of a plurality of slices in a backup archive, wherein the first slice is an image of user data at a first time. The method further comprises detecting a modified block of the mounted, identifying at least one file in the mounted first slice that corresponds to the detected modified block, and scanning the at least one file for viruses and malicious software. In response to detecting that the at least one file is infected, the method comprises generating a cured slice that comprises the user data of the mounted first slice without the at least one file.
    Type: Grant
    Filed: February 24, 2020
    Date of Patent: May 10, 2022
    Assignee: Acronis International GmbH
    Inventors: Vladimir Strogov, Anatoly Stupak, Andrey Kulaga, Alexey Sergeev, Serguei Beloussov, Stanislav Protasov
  • Patent number: 11328064
    Abstract: A method and system for detecting ransomware and repairing data following an attack. The method includes, collecting file statistics for files in a file system, identifying an affected file based on collected file statistics, locking down of access to the file system in response to identifying the affected file, undoing of reconcile processing, repairing the affected files, and unlocking access to the file system. The system includes a computer node, a file system, a plurality of disc storage components, a backup client, a backup client, and a hierarchical storage client. The hierarchical storage client is configured to collect file statistics for files in file system, identify affected files based on collected file statistics for the file, lock down of access to the file system in response to an identified affected file, undo reconcile processing, repair the affected file; and unlock access to the file system.
    Type: Grant
    Filed: August 13, 2019
    Date of Patent: May 10, 2022
    Assignee: International Business Machines Corporation
    Inventors: Dominic Mueller-Wicke, Stefan Bender, Thomas Schreiber, Kai Boerner
  • Patent number: 11321194
    Abstract: A computer-implemented method according to one embodiment includes, in response to a determination that a predetermined operation has been performed on an object of a first file stored on a first cluster site, storing predetermined information about the object of the first file stored on the first cluster site. The predetermined information is stored on an extended attribute of the first file stored on the first cluster site. In response to a determination that the predetermined operation is performed on an object of a first file stored on a second cluster site, the predetermined information is removed from the extended attribute of the first file stored on the first cluster site. In response to a determination that a failure event has occurred on a queue of the first cluster site, a predetermined recovery process is performed, thereby enabling fulfillment of entries of the queue of the first cluster site.
    Type: Grant
    Filed: April 3, 2020
    Date of Patent: May 3, 2022
    Assignee: International Business Machines Corporation
    Inventors: Venkateswara Rao Puvvada, Karrthik Kalaga Gopalakrishnan, Saket Kumar, Ashish Pandey
  • Patent number: 11323472
    Abstract: Systems, methods, and software described herein provide security actions based on related security threat communications. In one example, a method of operating an advisement system includes identifying a security threat within the computing environment, wherein the computing environment comprises a plurality of computing assets. The method further provides obtaining descriptor information for the security threat, and retrieving related communication interactions based on the descriptor information. The method also includes generating a response to the security threat based on the related communication interactions.
    Type: Grant
    Filed: September 25, 2020
    Date of Patent: May 3, 2022
    Assignee: Splunk Inc.
    Inventors: Sourabh Satish, Oliver Friedrichs, Atif Mahadik, Govind Salinas