Virus Detection Patents (Class 726/24)
  • Software integrity checking systems and methods
    Patent number: 11829469
    Abstract: This disclosure relates to systems and methods generating and distributing protected software applications. In certain embodiments, integrity checking mechanisms may be implemented using integrity checking code in software code prior to compilation into machine code. Following compilation and execution of the application, the introduced code may check the integrity of the application by determining whether the application behaves and/or otherwise functions as expected. By introducing integrity checking in this manner, integrity checking techniques may be injected into the application prior to compilation into machine code and/or independent of the particular manner in which the application is compiled.
    Type: Grant
    Filed: December 9, 2022
    Date of Patent: November 28, 2023
    Assignee: Intertrust Technologies Corporation
    Inventor: Marko Caklovic
  • System and method for runtime detection, analysis and signature determination of obfuscated malicious code
    Patent number: 11822654
    Abstract: Embodiments described herein enable the detection, analysis and signature determination of obfuscated malicious code. Such malicious code comprises a deobfuscation portion that deobfuscates the obfuscated portion during runtime to generate deobfuscated malicious code. The techniques described herein deterministically detect and suspend the deobfuscated malicious code when it attempts to access memory resources that have been morphed in accordance with embodiments described herein. This advantageously enables the deobfuscated malicious code to be suspended at its initial phase. By doing so, the malicious code is not given the opportunity to delete its traces in memory regions it accesses, thereby enabling the automated exploration of such memory regions to locate and extract runtime memory characteristics associated with the malicious code.
    Type: Grant
    Filed: April 20, 2018
    Date of Patent: November 21, 2023
    Assignee: Morphisec Information Security 2014 Ltd.
    Inventors: Evgeny Goldstein, Michael Gorelik, Mordechai Guri, Ronen Yehoshua
  • Dynamic analysis techniques for applications
    Patent number: 11822658
    Abstract: A sample is analyzed to determine a set of events that should be selected for performing by a dynamic analyzer executing the sample in an instrumented, emulated environment. The set of selected events is performed. In some cases, at least one emulator detection resistance action is performed. A maliciousness verdict is determined for the sample based at least in part on one or more responses taken by the sample in response to the set of selected events being performed by the dynamic analyzer.
    Type: Grant
    Filed: November 21, 2022
    Date of Patent: November 21, 2023
    Assignee: Palo Alto Networks, Inc.
    Inventors: Cong Zheng, Wenjun Hu, Zhi Xu
  • Consolidated data restoration framework
    Patent number: 11822435
    Abstract: Embodiments of the present invention provide a system for identifying occurrence of events and performing one or more actions to mitigate the impacts of the events. The system is configured for gathering data from one or more data sources of an entity, generating dataflows using the data gathered from the one or more data sources, identifying an anomaly based on one or more indicators and the dataflows, determining occurrence of an event and generating one or more propagation models associated with the event, performing event impact analysis based on the one or more propagation models, perform one or more actions to contain the event based on the one or more propagation models, identifying a last good copy of data based on the data gathered from the one or more data sources, retrieving the last good copy of data, and restoring the last good copy of data.
    Type: Grant
    Filed: July 6, 2021
    Date of Patent: November 21, 2023
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: Christopher Emmanuel Huntley, Musa Ajakaiye, Prasad V. Annadata, Dnyanesh P. Ballikar, Sina Bauer, Jason Kenneth Bellew, Timothy John Bendel, David Alan Beumer, Michelle Andrea Boston, Lisa Julia Brown, Robin J. Buck, Brian C. Busch, Salvatore Michael Certo, Ramesh Naidu Chatta, Lisa Michelle Cook, Joseph Corbett, Joseph Seth Cushing, Steven Paul Davidson, Shailesh Deshpande, Sevara Ergasheva, Maria Ervin, James Wilson Foy, Jr., Noel Mary Fuller, Benjamin Judson Gaines, III, Candace Gordon, Jesse Antonio Hernandez, Christine Hoagland, Robert Charles Hoard, Michael Spiro Karafotis, Wesley Keville, Sandip Kumar, Terri Dorinda Lail, Mukesh Maraj, Wyatt Edward Maxey, Dari Ann Mckenzie, Ashley Meadows, Heather Newell, Conor Mitchell Liam Nodzak, Kenyell Javon Ollie, Jayshree G. Patel, David John Perro, Nivetha Raghavan, Nikhil Ram, Tara Michel Ramirez, Laurie Readhead, Mary Kathleen Riley, Elizabeth Rachel Rock, Angela Dawn Roose, Sanjay Singeetham, Kyle S. Sorensen, Shreyas Srinivas, Constance Jones Suarez, Viresh Taskar, Linda Trent, Sachin Varule, Bradley Walton, Christie M. Weekley, Yvette Alston, Ravindra Bandaru, Carmen R. Barnhill, Jamie Gilchrist, Namrata Kaushik, Fernando A. Maisonett
  • System and method for archive AM scanning
    Patent number: 11816215
    Abstract: Systems and methods for archive scanning are provided herein. In some embodiments, a method includes: selecting an archive; reading a metadata representing a plurality of files within the archive; reading a plurality of hash strings from the archive; comparing the plurality of hash strings with a database of hash strings; and determining, based on the comparing, if the plurality of files within the archive represent a security threat based on the plurality of hash strings.
    Type: Grant
    Filed: February 16, 2022
    Date of Patent: November 14, 2023
    Assignee: UAB 360 IT
    Inventors: Mohamed Adly Amer Elgaafary, Aleksandr Sevcenko
  • Validation-based determination of computational models
    Patent number: 11811821
    Abstract: Example techniques described herein determine a validation dataset, determine a computational model using the validation dataset, or determine a signature or classification of a data stream such as a file. The classification can indicate whether the data stream is associated with malware. A processing unit can determine signatures of individual training data streams. The processing unit can determine, based at least in part on the signatures and a predetermined difference criterion, a training set and a validation set of the training data streams. The processing unit can determine a computational model based at least in part on the training set. The processing unit can then operate the computational model based at least in part on a trial data stream to provide a trial model output. Some examples include determining the validation set based at least in part on the training set and the predetermined criterion for difference between data streams.
    Type: Grant
    Filed: November 2, 2020
    Date of Patent: November 7, 2023
    Assignee: CrowdStrike, Inc.
    Inventors: Sven Krasser, David Elkind, Brett Meyer, Patrick Crenshaw
  • On-demand software-defined security service orchestration for a 5G wireless network
    Patent number: 11799878
    Abstract: The disclosed embodiments include a software-defined security (SDS) service that can monitor runtime behavior of a network of nodes of a wireless network and detect anomalous activity indicating contamination of the network of nodes, where the contamination includes unauthorized instructions designed to damage or interrupt a function of the network of nodes. The SDS service can dynamically coordinate a blacklist and a whitelist, where the blacklist includes an indication of contaminated assets and the whitelist includes an indication of non-contaminated assets. The contaminated assets are isolated with a cleanroom environment, where the security resources sanitize the contaminated assets. Then, indications of the decontaminated assets are moved from the blacklist to the whitelist, and the use of the security resources are dynamically adjusted according to a load ratio between the whitelist and the blacklist.
    Type: Grant
    Filed: April 15, 2020
    Date of Patent: October 24, 2023
    Assignee: T-Mobile USA, Inc.
    Inventors: Venson Shaw, Sunil Lingayat, Gaviphat Lekutai
  • Systems and methods for purchase device
    Patent number: 11790416
    Abstract: Systems and methods for in-store purchases are provided. An exemplary method may include receiving by a customer device associated with a customer, customer data including customer preference data. The method may include storing the received customer data and identifying a merchant at a location of the customer. The method may also include determining a customer order for the identified merchant based on the customer preference data. Further, the method may include transmitting a notification to a merchant device associated with the identified merchant, the notification including the determined customer order.
    Type: Grant
    Filed: April 28, 2021
    Date of Patent: October 17, 2023
    Assignee: Capital One Services, LLC
    Inventors: Adam Koeppel, Robert Perry
  • Detecting malicious scripts in a web page
    Patent number: 11790083
    Abstract: Techniques are provided for detecting a malicious script in a web page. Instrumentation code is provided for serving to a client computing device with a web page. The instrumentation code is configured to monitor web code execution at the client computing device when a script referenced by the web page is processed. Script activity data generated by the instrumentation code is received. The script activity data describes one or more script actions detected by the instrumentation code at the client computing device. Prior script activity data generated by a prior instance of the instrumentation code is obtained. A malicious change in the script is detected based on comparing the script activity data and the prior script activity data. In response to detecting the malicious change in the script, a threat response action is performed.
    Type: Grant
    Filed: June 26, 2020
    Date of Patent: October 17, 2023
    Assignee: SHAPE SECURITY, INC.
    Inventors: Tim Disney, Madhukar Kedlaya, Claire Schlenker Schlenker, Nitish Khadke
  • System and method for detection of malicious interactions in a computer network
    Patent number: 11785044
    Abstract: System and method of detecting malicious interactions in a computer network, the method including generating, by a processor, at least one decoy segment, broadcasting, by the processor, the generated at least one decoy segment in a public database, monitoring, by the processor, communication within the computer network to identify interactions associated with the generated at least one decoy segment, determining, by the processor, at least one indicator of compromise (IOC) for the identified interactions, and blocking communication between the computer network and any computer associated with the determined at least one IOC.
    Type: Grant
    Filed: February 3, 2023
    Date of Patent: October 10, 2023
    Assignee: IntSights Cyber Intelligence Ltd.
    Inventors: Gal Ben David, Amir Hozez
  • Aerial drone-based systems and methods for adaptively providing an aerial relocatable communication hub within a delivery vehicle
    Patent number: 11775919
    Abstract: Drone-based systems and methods are described for providing an airborne relocatable communication hub within a delivery vehicle for broadcast-enabled devices maintained within the delivery vehicle. Such a method has an aerial communication drone paired with the delivery vehicle transitioning to an active power state, uncoupling from a secured position on an internal docking station fixed within the delivery vehicle and then moving to a first deployed airborne position within the delivery vehicle. At a first position, the method has the aerial communication drone establishing a first wireless data communication path to a first broadcast-enabled device within the delivery vehicle, then establishing a second wireless data communication path to a second broadcast-enabled device within the delivery vehicle. The drone then couples the first and second wireless data communication paths it established operating as the airborne relocatable communication hub for the devices.
    Type: Grant
    Filed: November 17, 2020
    Date of Patent: October 3, 2023
    Assignee: Federal Express Corporation
    Inventors: Reuben F. Burch, V., David A. Doyle, Brian D. Popp
  • Resource utilization-based malicious task detection in an on-demand code execution system
    Patent number: 11775640
    Abstract: Systems and methods are described for detecting and preventing execution of malware on an on-demand code execution system. An on-demand code execution system may execute user-submitted code on virtual machine instances, which may be provisioned with various computing resources (memory, storage, processors, network bandwidth, etc.). These resources may be utilized in varying amounts or at varying rates during execution of the user-submitted code. The user-submitted code may also be unavailable for inspection for security or other reasons. A malware detection system may thus identify user-submitted code that corresponds to malware by monitoring resource utilization during execution of the code and generating a resource utilization signature, which enables comparison between the signature of the user-submitted code and resource utilization signatures of codes previously identified as malware.
    Type: Grant
    Filed: March 30, 2020
    Date of Patent: October 3, 2023
    Assignee: Amazon Technologies, Inc.
    Inventors: Mihir Sathe, Niall Mullen
  • Automated selection of DDoS countermeasures using statistical analysis
    Patent number: 11770405
    Abstract: A method of automated filtering includes receiving a network traffic snapshot having packets with data stored in respective fields, generating a statistical data structure storing each potential unique combination of data stored in respective fields with an associated counter that is incremented for each occurrence that the combination matches one of the packets of the network traffic snapshot and one or more observation timestamps. Determining an observed vector from the statistical data structure, wherein the observed vector has associated attribute/value pairs and counters that satisfy a predetermined criterion. The observed vector's attribute/value pairs are compared to known attribute/value pairs associated with known DDoS attack vectors of an attack vector database.
    Type: Grant
    Filed: September 10, 2020
    Date of Patent: September 26, 2023
    Assignee: ARBOR NETWORKS, INC.
    Inventors: Steinthor Bjarnason, Brian St. Pierre
  • Unstructured text classification
    Patent number: 11762990
    Abstract: The technology described herein identifies malicious URLs using a classifier that is both accurate and fast. Aspects of the technology are particularly well adapted for use as a real-time URL security analysis tool because the technology is able to quickly process a URL and produce a warning when a malicious URL is identified. The rapid processing speed of the technology described herein is produced, in part, by use of only a single input signal, which is the URL itself. The high accuracy produced by the technology described herein is achieved by analyzing the unstructured text on both a character-by-character level and a word-by-word level. The technology described herein uses both character-level and word-level information from the incoming URL.
    Type: Grant
    Filed: June 30, 2020
    Date of Patent: September 19, 2023
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Arunkumar Gururajan, Jack Wilson Stokes, III, Farid Tajaddodianfar
  • Method for reducing false-positives for identification of digital content
    Patent number: 11762959
    Abstract: Many areas of investigation require searching through data that may be of interest. In a first method step, a digital content element is provided. The digital content element may have any suitable format or data structure of interest to a searching entity. The digital content element may be a particular data file that is of interest to a searching entity. In a second step, the digital content element is compared with a first set of data provided by a combination of a second set of data and a third set of data. The first set of data is a collection of known digital content elements that are of interest to a searching entity, for example contraband digital content elements or digital content elements owned by or represented by the searching entity. In a third method step, the digital content element is identified as known if the digital content element is detected within the first set of data.
    Type: Grant
    Filed: March 12, 2018
    Date of Patent: September 19, 2023
    Assignee: CYACOMB LIMITED
    Inventors: William Johnston Buchanan, Owen Chin Wai Lo, Philip Penrose, Richard MacFarlane, Ian Stevenson, Bruce Ramsay
  • Cybersecurity threat intelligence and remediation system
    Patent number: 11757907
    Abstract: A cybersecurity system is provided for automated cybersecurity insights, remediation recommendations, and service provisioning. The cybersecurity system can generate threat insights and/or generate remediation recommendations using machine learning models and cybersecurity data obtained from target networks, partners, and the like. To provision cybersecurity services, cybersecurity system may collect metadata regarding the network connections and use cases desired for one or more services. Once the metadata has been collected, the cybersecurity assessment system automatically provisions the selected services based on the provided data, such as duration of time elected, service metrics, and the like.
    Type: Grant
    Filed: June 18, 2020
    Date of Patent: September 12, 2023
    Assignee: Cytellix Corporation
    Inventors: Brian Douglas Berger, Howard Chen Lin, Tanner Joseph Sirota
  • Systems, methods, and media for analyzing structured files for malicious content
    Patent number: 11755728
    Abstract: Mechanisms for analyzing a structured file for malicious content are provided, comprising: parsing the structured file into a plurality of portions; selecting a selected portion of the portions; checking the selected portion to determine if at least one pre-condition is met; and in response to determining that the at least one pre-condition is met: decoding the selected portion to form a decoded portion; and checking the decoded portion to determine if it is malicious. In some embodiments: the at least one pre-condition can be changed; the structured file is a MICROSOFT OFFICE XML file; the selected portion is a file; the at least one pre-condition checks at least one attribute of the selected portion; decoding the selected portion comprises decompressing the selected portion; and/or checking the decoded portion to determine if it is malicious comprises checking whether a previously decoded portion of the structure file meets at least one condition.
    Type: Grant
    Filed: February 4, 2021
    Date of Patent: September 12, 2023
    Assignee: McAfee, LLC
    Inventors: Qiang Liu, Chong Xu, Praveen Kumar Amritaluru, Mayank Bhatnagar
  • Sandbox environment for document preview and analysis
    Patent number: 11741222
    Abstract: Attachments or other documents can be transmitted to a sandbox environment where they can be concurrently opened for remote preview from an endpoint and scanned for possible malware. A gateway or other intermediate network element may enforce this process by replacing attachments, for example, in incoming electronic mail communications, with links to a document preview hosted in the sandbox environment.
    Type: Grant
    Filed: December 15, 2020
    Date of Patent: August 29, 2023
    Assignee: Sophos Limited
    Inventors: Ross McKerchar, John Edward Tyrone Shaw, Andrew J. Thomas, Russell Humphries, Kenneth D. Ray, Daniel Salvatore Schiappa
  • Operating system service sanitization of data associated with sensitive information
    Patent number: 11741253
    Abstract: A technique includes, in response to an exception occurring in the execution of a process on a computer, invoking an operating system service. The operating system service is used to sanitize data that is associated with the process and is stored in a memory of the computer. The data is associated with sensitive information.
    Type: Grant
    Filed: January 31, 2019
    Date of Patent: August 29, 2023
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Sridhar Bandi, Suhas Shivanna
  • Hardware, firmware, and software anomaly handling based on machine learning
    Patent number: 11741065
    Abstract: Aspects of the invention include detecting an anomaly in a database of hardware, firmware, and software events. An exemplary method includes determining whether a previously addressed anomaly is a duplicate of the anomaly, addressing the anomaly according to a state of the previously addressed anomaly based on the previously addressed anomaly being a duplicate of the anomaly, and addressing the anomaly according to machine learning based on the previously addressed anomaly not being the duplicate of the anomaly.
    Type: Grant
    Filed: February 4, 2020
    Date of Patent: August 29, 2023
    Assignee: International Business Machines Corporation
    Inventors: Edward C. McCain, Jeffrey Nettey, Barin Bhattacharya, Jeffrey Willoughby
  • System and method for providing secure in-vehicle network
    Patent number: 11729183
    Abstract: A system and a method of providing security to an in-vehicle network are provided. The method efficiently operates multiple detection techniques to reduce the required system resources while maintaining robustness against malicious message detection.
    Type: Grant
    Filed: December 19, 2018
    Date of Patent: August 15, 2023
    Assignees: Hyundai Motor Company, Kia Motors Corporation
    Inventors: Seung Wook Park, Seil Kim, Aram Cho
  • Integrity verification for a software stack or part of a software stack
    Patent number: 11720675
    Abstract: The present disclosure relates to a method for integrity verification of a software stack or part of a software stack resident on a host machine. A management entity generates a measurement log for a disk image associated with the software stack or the part of a software stack. A verifier entity retrieves the generated measurement log and compares the generated measurement log with a reference measurement of a verification profile previously assigned by the verifier entity to the software stack or the part of a software stack to verify the software stack or the part of a software stack.
    Type: Grant
    Filed: April 15, 2022
    Date of Patent: August 8, 2023
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Sidnei Roberto Selzler Franco, Ludovic Emmanuel Paul Noel Jacquin, Jonathan Meller, Guilherme De Campos Magalhaes
  • Network traffic monitoring or storage using a signed uniform resource locator
    Patent number: 11716263
    Abstract: A network monitoring device may receive flow-tap information that identifies a traffic flow characteristic and a signed URL associated with a signed URL platform from a mediation device. The network device may map the traffic flow characteristic to the signed URL in an entry of a flow-tap filter that is maintained within a data structure of the network device. The network device may analyze, using the flow-tap filter, network traffic of the network to detect a traffic flow that is associated with the traffic flow characteristic. The network device may generate, based on detecting the traffic flow in the network traffic, a traffic flow copy that is associated with the traffic flow. The network device may provide, based on the signed URL, the traffic flow copy to the signed URL platform, wherein the traffic flow copy is to be accessible to an authorized user device via the signed URL.
    Type: Grant
    Filed: January 26, 2022
    Date of Patent: August 1, 2023
    Assignee: Juniper Networks, Inc.
    Inventor: Sheeja J S
  • Secure message search
    Patent number: 11706198
    Abstract: A communication server, interacting with an organization system having users that wish to communicate securely, provides secure communication capability to the users, without the communication server itself having access to unencrypted content of the user communications or to cryptographic keys that would allow the communication server to derive the unencrypted content. Thus, the communication server that provides the secure communication capability need not itself be trusted by the users with access to communicated content. To achieve this, the various entities communicate to exchange cryptographic keys in such a manner that the communication server never obtains usable copies of the cryptographic keys.
    Type: Grant
    Filed: May 8, 2020
    Date of Patent: July 18, 2023
    Assignee: SYMPHONY COMMUNICATION SERVICES HOLDINGS LLC
    Inventors: Serkan Mulayin, David M'Raihi, Tim Casey, Michael Harmon, Jon McLachlan
  • Side channel timing attack mitigation in securing data in transit
    Patent number: 11706015
    Abstract: A method for side-channel attack mitigation in streaming encryption includes reading an input stream into a decryption process, extracting an encryption envelope having a wrapped key, a cipher text, and a first message authentication code (MAC) from the input stream, generating a second MAC using the wrapped key of the encryption envelope, and performing decryption of the cipher text in constant time by determining whether the encryption envelope is authentic by comparing the first MAC extracted from the encryption envelope and the second MAC generated using the wrapped key.
    Type: Grant
    Filed: October 27, 2021
    Date of Patent: July 18, 2023
    Assignee: Google LLC
    Inventor: Adam Markowitz
  • System and method for detecting suspicious actions of a software object
    Patent number: 11704410
    Abstract: A system for detecting malicious software, comprising at least one hardware processor adapted to: execute a tested software object in a plurality of computing environments each configured according to a different hardware and software configuration; monitor a plurality of computer actions performed in each of the plurality of computing environments when executing the tested software object; identify at least one difference between the plurality of computer actions performed in a first of the plurality of computing environments and the plurality of computer actions performed in a second of the plurality of computing environments; and instruct a presentation of an indication of the identified at least one difference on a hardware presentation unit.
    Type: Grant
    Filed: May 19, 2021
    Date of Patent: July 18, 2023
    Assignee: NEC Corporation Of America
    Inventors: Tsvi Lev, Yaacov Hoch
  • Cloud-based malware detection
    Patent number: 11687651
    Abstract: Systems, methods and apparatus for malware detection to detect and stop the distribution of malware and other undesirable content before such content reaches computing systems. A Malware Detection Service (MDS) including a processor and memory storing computer program instructions that when executed cause the processor to receive one of content or a signature of a file, responsive to receiving a signature of a file, determine a status of the file as trusted, untrusted, or unknown for malware based on the signature, responsive to receiving content of a file, generate a signature of the file and scan the content to identify the status of the content as trusted or untrusted.
    Type: Grant
    Filed: March 7, 2022
    Date of Patent: June 27, 2023
    Assignee: Zscaler, Inc.
    Inventors: Kailash Kailash, Robert L. Voit, Jose Raphel
  • Detection of ransomware
    Patent number: 11689562
    Abstract: An apparatus, including systems and methods, for detecting ransomware is disclosed herein. For example, in some embodiments, an apparatus includes a memory element operable to store instructions; and a processor operable to execute the instructions, such that the apparatus is configured to receive data identifying a process and a plurality of files accessed by the process; identify an access indicator associated with each of the plurality of files accessed by the process, wherein the access indicator includes file type; determine whether the access indicator exceeds a threshold; interrupt, based on a determination that the access indicator exceeds a threshold, the process; and prompt a user to allow or disallow the process to proceed.
    Type: Grant
    Filed: June 17, 2020
    Date of Patent: June 27, 2023
    Assignee: McAfee, LLC
    Inventors: Oliver G. Devane, Abhishek Karnik, Sriram P
  • Automated malware family signature generation
    Patent number: 11677764
    Abstract: The automatic generation of malware family signatures is disclosed. A set of metadata associated with a plurality of samples is received. The samples are clustered. For members of a first cluster, a set of similarities shared among at least a portion of the members of the first cluster is determined. The similarities are evaluated for suitability as a malware family signature. Suitability is evaluated based on how well the similarities uniquely identify the members of the first cluster. In the event the similarities are determined to be suitable as a malware family signature, a signature is generated.
    Type: Grant
    Filed: June 1, 2021
    Date of Patent: June 13, 2023
    Assignee: Palo Alto Networks, Inc.
    Inventors: Zhi Xu, Jiajie Wang, Xiao Zhang, Wenjun Hu
  • System and method of detecting a false positive outcome in classification of files
    Patent number: 11663363
    Abstract: A method for detecting a false positive outcome in classification of files includes, analyzing a file to determine whether or not the file is to be recognized as being malicious, analyzing a file to determine whether a digital signature certificate is present for the file, in response to recognizing the file as being malicious; comparing the digital certificate of the file with one or more digital certificates stored in a database of trusted files, in response to determining that the digital signature certificate is present for the file; and detecting a false positive outcome if the digital certificate of the file is found in the database of trusted files, when the false positive outcome is detected, excluding the file from further determination of whether the file is malicious and calculating a flexible hash value of the file.
    Type: Grant
    Filed: February 15, 2022
    Date of Patent: May 30, 2023
    Assignee: AO Kaspersky Lab
    Inventors: Sergey V. Prokudin, Alexander S. Chistyakov, Alexey M. Romanenko
  • Virtual disk image testing
    Patent number: 11663082
    Abstract: Systems and methods for virtual disk image testing. An example method may comprise uploading a virtual disk image, by a requestor, to a cloud. Deploying a temporary instance of the uploaded virtual disk. Determining whether deployment of the temporary instance of the uploaded virtual disk image in the cloud is successful. Responsive to determining that the deployment of the temporary instance of the uploaded virtual disk image in the cloud is unsuccessful, flagging the uploaded virtual disk image as unbootable. Responsive to flagging the uploaded virtual disk image as unbootable, notifying the requestor that the uploaded virtual disk image is not submitted to a repository of the cloud.
    Type: Grant
    Filed: August 27, 2021
    Date of Patent: May 30, 2023
    Assignee: Red Hat, Inc.
    Inventors: Arie Bregman, Ilan Gersht
  • Detection of high-risk blobs based on an analysis of associated graphical elements
    Patent number: 11665181
    Abstract: Efficient and effectiveness malware and phishing detection methods select specific objects of a document based on an analysis of associated graphical elements of a document rendering. A received document may include a number of blobs, which can include URLs or code that generates URLs that can present potential risks. The system can score and/or rank each blob and its corresponding URLs based on a size, shape, position, and/or other characteristics of a visual element associated with each blob. The score or rank can be increased for visual elements that are most likely to be selected by a user, such as large visual elements positioned near the center of a document. The system can then test individual URLs selected based a corresponding rank or score. The test can efficiently reveal the presence of malware or phishing tactics by forgoing tests on URLs that are not likely to be selected.
    Type: Grant
    Filed: March 18, 2020
    Date of Patent: May 30, 2023
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Abhijeet Surendra Hatekar, Guy Pergal
  • Adaptive virtual services
    Patent number: 11646936
    Abstract: Examples of the present disclosure describe systems and methods relating to adaptive virtual services. In an example, a user specifies a device configuration for a platform device. As a result, a service provider installs selected virtual-network functions and defines network connections as specified by the device configuration. Management software may also be installed, thereby enabling the service provider to communicate with and remotely manage the platform device. The installed virtual-network functions are activated on the platform device once it is delivered to the user. In some instances, the user changes the device configuration. For example, the user may install new virtual-network functions, reconfigure or remove existing virtual-network functions, or change defined network connections. As a result, the service provider reconfigures the platform device accordingly. Thus, the user need not purchase new specialized hardware in order to change the available functions of the computer network.
    Type: Grant
    Filed: March 18, 2022
    Date of Patent: May 9, 2023
    Assignee: Level 3 Communications, LLC
    Inventors: Adam Saenger, Matthew Holway, Len Brannen, Gene Clark, Anil Simlot, Zubin Ingah, Johan J. Shane, Michael Gibson, Cory Sawyer, Rich Cerami, Kurt Deshazer
  • Artificial reality system with multi-stage boot process
    Patent number: 11636210
    Abstract: Techniques are described for improving security of a boot sequence of a system, such as an artificial reality system. In some examples, a method includes configuring, by a boot sequencing system, attack detection circuitry based on configuration information accessed from a first storage device; after configuring the attack detection circuitry, starting, by the boot sequencing system, a root of trust processor to initiate a boot sequence; enabling access, by the root of trust processor during the boot sequence, to secret information stored in a second storage device.
    Type: Grant
    Filed: September 1, 2020
    Date of Patent: April 25, 2023
    Assignee: META PLATFORMS TECHNOLOGIES, LLC
    Inventors: Shrirang Madhav Yardi, Neeraj Upasani, Dinesh Patil
  • System and method for remotely detecting an anomaly
    Patent number: 11636200
    Abstract: The following relates generally to defense mechanisms and security systems. Broadly, systems and methods are disclosed that detect an anomaly in an Embedded Mission Specific Device (EMSD). Disclosed approaches include a meta-material antenna configured to receive a radio frequency signal from the EMSD, and a central reader configured to receive a signal from the meta-material antenna. The central reader may be configured to: build a finite state machine model of the EMSD based on the signal received from the meta-material antenna; and detect if an anomaly exists in the EMSD based on the built finite state machine model.
    Type: Grant
    Filed: June 11, 2018
    Date of Patent: April 25, 2023
    Assignee: Palo Alto Research Center Incorporated
    Inventors: George Daniel, Alexander Feldman, Bhaskar Saha, Anurag Ganguli, Bernard D. Casse, Johan de Kleer, Shantanu Rane, Ion Matei
  • Detecting and mitigating malware by evaluating HTTP errors
    Patent number: 11632393
    Abstract: Malware is detected and mitigated by differentiating HTTP error generation patterns between errors generated by malware, and errors generated by benign users/software. In one embodiment, a malware detector system receives traffic that includes HTTP errors and successful HTTP requests. Error traffic and the successful request traffic are segmented for further analysis. The error traffic is supplied to a clustering component, which groups the errors, e.g., based on their URI pages and parameters. During clustering, various statistical features are extracted (as feature vectors) from one or more perspectives, namely, error provenance, error generation, and error recovery. The feature vectors are supplied to a classifier component, which is trained to distinguish malware-generated errors from benign errors. Once trained, the classifier takes an error cluster and its surrounding successful HTTP requests as inputs, and it produces a verdict on whether a particular cluster is malicious.
    Type: Grant
    Filed: October 16, 2020
    Date of Patent: April 18, 2023
    Assignee: International Business Machines Corporation
    Inventors: Jialong Zhang, Jiyong Jang, Marc Philippe Stoecklin
  • Intelligent-interaction honeypot for IoT devices
    Patent number: 11627160
    Abstract: Techniques for providing an intelligent-interaction honeypot for IoT devices in accordance with some embodiments. In some embodiments, a system/process/computer program product for providing an intelligent-interaction honeypot for IoT devices includes receiving a request from an attacker sent to an IP address that is associated with a honeypot instance for Internet of Things (IoT) devices; determining a response to the request using a data store that stores a plurality of responses and associated IoT device information, wherein the plurality of responses and associated IoT device information is generated based on automated machine learning of active probing of physical IoT devices on the Internet; and sending the response from the honeypot instance for IoT devices to the attacker, wherein the attacker is unable to detect that the response is associated with an emulated IoT device.
    Type: Grant
    Filed: February 28, 2021
    Date of Patent: April 11, 2023
    Assignee: Palo Alto Networks, Inc.
    Inventors: Tongbo Luo, Zhaoyan Xu, Xing Jin, Yanhui Jia, Xin Ouyang
  • Method and system for detecting and mitigating a denial of service attack
    Patent number: 11627157
    Abstract: A method of detecting and mitigating a denial of service attack is described. The method comprises monitoring incoming first traffic packets, building a first Benford distribution of the first traffic packets, the first Benford distribution corresponding to network behaviour associated with normal traffic, and detecting a denial of service attack associated with incoming second traffic packets. After detecting the denial of service attack, the method involves sorting the incoming second traffic packets according to a characteristic of the incoming second traffic packets to create a Zipf distribution, building a second Benford distribution of the second traffic packets using the Zipf distribution and the first Benford distribution, discarding incoming second traffic packets that are not consistent with the second Benford distribution, and allowing incoming second traffic packets that are consistent with the second Benford distribution.
    Type: Grant
    Filed: September 21, 2021
    Date of Patent: April 11, 2023
    Assignee: HYPRFIRE PTY LTD
    Inventors: Mihai Mugurel Lazarescu, Sie Teng Soh, Subhash Kak, Stefan Prandl
  • Dynamic re-composition of patch groups using stream clustering
    Patent number: 11620381
    Abstract: Techniques for dynamic server groups that can be patched together using stream clustering algorithms, and learning components in order to reuse the repeatable patterns using machine learning are provided herein. In one example, in response to a first risk associated with a first server device, a risk assessment component patches a server group to mitigate a vulnerability of the first server device and a second server device, wherein the server group is comprised of the first server device and the second server device. Additionally, a monitoring component monitors data associated with a second risk to the server group to mitigate the second risk to the server group.
    Type: Grant
    Filed: December 28, 2020
    Date of Patent: April 4, 2023
    Assignee: Kyndryl, Inc.
    Inventors: Muhammed Fatih Bulut, Jinho Hwang, Vugranam C. Sreedhar, Sai Zeng
  • Methods and apparatus for using machine learning on multiple file fragments to identify malware
    Patent number: 11609991
    Abstract: In some embodiments, a method includes processing at least a portion of a received file into a first set of fragments and analyzing each fragment from the first set of fragments using a machine learning model to identify within each fragment first information potentially relevant to whether the file is malicious. The method includes forming a second set of fragments by combining adjacent fragments from the first set of fragments and analyzing each fragment from the second set of fragments using the machine learning model to identify second information potentially relevant to whether the file is malicious. The method includes identifying the file as malicious based on the first information within at least one fragment from the first set of fragments and the second information within at least one fragment from the second set of fragments. The method includes performing a remedial action based on identifying the file as malicious.
    Type: Grant
    Filed: April 21, 2020
    Date of Patent: March 21, 2023
    Assignee: Sophos Limited
    Inventors: Joshua Daniel Saxe, Richard Harang
  • Systems and methods for determining a likelihood of an existence of malware on an executable
    Patent number: 11609984
    Abstract: Provided herein are systems and methods for determining a likelihood that an executable comprises malware. A learning engine may determine a plurality of attributes of an executable identified in a computing environment, and a corresponding weight to assign to each of the plurality of attributes. Each of the plurality of attributes may be indicative of a level of risk for the computing environment. The learning engine may generate, according to the determined plurality of attributes and the corresponding weights, one or more scores indicative of a likelihood that the executable comprises malware. A rule engine may perform an action to manage operation of the executable, according to the generated one or more scores.
    Type: Grant
    Filed: February 14, 2018
    Date of Patent: March 21, 2023
    Assignee: Digital Guardian LLC
    Inventor: Dwayne A. Carson
  • Method and apparatus for managing application
    Patent number: 11604656
    Abstract: An electronic device is disclosed that includes a memory storing a first application run based on a first sandbox environment and a processor connected with the memory. The memory stores instructions which, when executed, cause the processor to determine whether it is necessary to change a first user identifier (UID) for the first application in response to an application installation request requesting to update the first application to a second application, assign a second UID for the second application using a UID mapping resident program based on it being necessary to change the first UID, and construct a second sandbox environment for the second application to have the second UID and a resource included in the first sandbox environment.
    Type: Grant
    Filed: July 7, 2020
    Date of Patent: March 14, 2023
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Moonkyung Kim, Seyeong Lee, Myeongjin Oh
  • Behavioral DNS tunneling identification
    Patent number: 11606385
    Abstract: Methods, apparatus and computer software products for protecting a computing system implement embodiments of the present invention that include extracting, from data traffic transmitted over a data network connecting a plurality of computing devices to multiple Internet hosting services, respective sets of transmissions from the computing devices to the Internet hosting services, and identifying, in a given set of the transmissions from a given computing device, multiple domain name system (DNS) requests for an identical second-level domain (2LD) and for different respective sub-domains within the 2LD. A number of the different sub-domains within the 2LD and a data size of the multiple DNS requests are computed, and when the number of the different sub-domains and the data size of the multiple DNS requests exceed a predefined criterion, a preventive action is initiated to inhibit DNS tunneling from at least the given computing device.
    Type: Grant
    Filed: February 13, 2020
    Date of Patent: March 14, 2023
    Assignee: PALO ALTO NETWORKS (ISRAEL ANALYTICS) LTD.
    Inventors: Aviad Meyer, Jonathan Allon, Rony Brailovsky
  • Digital safety and account discovery
    Patent number: 11606371
    Abstract: Methods, computer-readable media, software, and apparatuses may assist a consumer in keeping track of a consumer's accounts in order to prevent unauthorized access or use of the consumer's identified accounts. To discover the various accounts, the methods, computer-readable media, software, and apparatuses can monitor at least a consumer's email accounts, web browser history, and web cache. The discovered accounts may be displayed to the consumer along with recommendations and assistance for closing unused or unwanted accounts to prevent unauthorized access or use.
    Type: Grant
    Filed: May 24, 2021
    Date of Patent: March 14, 2023
    Assignee: ALLSTATE INSURANCE COMPANY
    Inventors: Jason D. Park, John S. Parkinson
  • Network switch, non-transitory computer-readable storage medium, and control method
    Patent number: 11606313
    Abstract: A network switch includes a field programmable gate array (FPGA) and a processor. The FPGA is configured to transfer a processing target packet to a transfer destination, based on transfer definition information, and to transfer a copy of the processing target packet to the processor. The processor is configured to delete an entry of the transfer definition information based on a transfer record information, and to update the transfer record information based on the copy of the processing target packet.
    Type: Grant
    Filed: May 25, 2021
    Date of Patent: March 14, 2023
    Assignee: FUJITSU LIMITED
    Inventor: Jun Kato
  • Composite relationship graph for network security
    Patent number: 11575693
    Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.
    Type: Grant
    Filed: December 17, 2020
    Date of Patent: February 7, 2023
    Assignee: SPLUNK INC.
    Inventors: Sudhakar Muddu, Christos Tryfonas, Ravi Prasad Bulusu, Marios Iliofotou
  • Data security protection system
    Patent number: 11568069
    Abstract: According to embodiments of the present disclosure, there is provided a system, method, electronic device, storage medium and program product of security protection. The system comprises: a security computing sub-system, configured to manage security of developed code to compile the developed code into an installation file corresponding to a target application and a service program for supporting the target application; a data exchange sub-system, configured to manage data communication of the target application or service program with RoW (rest of World); and a security sandbox sub-system, configured to manage traffic data associated with the target application. In this way, the embodiments of the present disclosure can guarantee the security and compliance of data related to the target application.
    Type: Grant
    Filed: February 24, 2022
    Date of Patent: January 31, 2023
    Assignee: BEIJING BYTEDANCE NETWORK TECHNOLOGY CO., LTD.
    Inventors: Yuming Liang, Dingkun Hong, Lifeng Sang, Jingting Jin, Jianye Ye, Xingxiu Chen, Zhenyuan Yang
  • Automated malware monitoring and data extraction
    Patent number: 11568053
    Abstract: A malware monitoring method includes: obtaining a malware sample; extracting operational parameters corresponding to the malware sample; configuring an emulator application corresponding to the malware sample using the operational parameters; executing a plurality of instances of the configured emulator application; collecting output data from each of the plurality of instances; and generating indicators of compromise (IOCs) based on the collected output data.
    Type: Grant
    Filed: May 22, 2020
    Date of Patent: January 31, 2023
    Inventors: Nick Summerlin, Ferran Pichel
  • Undetectable sandbox for malware
    Patent number: 11568052
    Abstract: Embodiments seek to prevent detection of a sandbox environment by a potential malware application. To this end, execution of the application is monitored, and provide information about the execution to a reinforcement learning machine learning model. The model generates a suggested modification to make to the executing application. The model is provided with information indicating whether the application executed successfully or not, and this information is used to train the model for additional modifications. By modifying the potential malware execution during its execution, detection of a sandbox environment is prevented, and analysis of the potential malware applications features are better understood.
    Type: Grant
    Filed: May 31, 2020
    Date of Patent: January 31, 2023
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Jugal Parikh, Geoffrey Lyall McDonald, Mariusz H. Jakubowski, Seyed Mehdi Fatemi Booshehri, Allan Gordon Lontoc Sepillo, Bradley Noah Faskowitz
  • Leveraging point inferences on HTTP transactions for HTTPS malware detection
    Patent number: RE49684
    Abstract: In one embodiment, a traffic analysis service receives captured traffic data regarding a Transport Layer Security (TLS) connection between a client and a server. The traffic analysis service applies a first machine learning-based classifier to TLS records from the traffic data, to identify a set of the TLS records that include Hypertext Transfer Protocol (HTTP) header information. The traffic analysis service estimates one or more HTTP transaction labels for the connection by applying a second machine learning-based classifier to the identified set of TLS records that include HTTP header information. The traffic analysis service augments the captured traffic data with the one or more HTTP transaction labels. The traffic analysis service causes performance of a network security function based on the augmented traffic data.
    Type: Grant
    Filed: August 31, 2021
    Date of Patent: October 3, 2023
    Assignee: Cisco Technology, Inc.
    Inventors: Blake Harrell Anderson, David McGrew