Virus Detection Patents (Class 726/24)
-
Patent number: 12160808Abstract: A system, method and storage medium for operating a stealth mode of an emergency vehicle includes receiving input data including at least one of an input from an operator or one or more program input parameters; determining a data operation mode based on the received input data, wherein the data operation mode is one of a normal mode and one or more stealth modes; and generating a control signal based on the determined operation mode. When the data operation mode is one of the one or more stealth modes, the control signal is adapted to control a first device to suspend a transmission of at least one data group among candidate suspended data to at least one second device in communication with the first device.Type: GrantFiled: December 13, 2021Date of Patent: December 3, 2024Assignee: WHELEN ENGINEERING COMPANY, INC.Inventor: George W. Whelen
-
Patent number: 12160745Abstract: A method for processing, by a device in a network, an alert message received by user equipment connected to the network. The alert message indicates detection of an anomaly by the user equipment in traffic transmitted via the network. The processing method includes: obtaining from the alert message at least one piece of information which is representative of at least one user equipment constraint; processing, by means of an algorithm for detecting cyber attacks, traffic characteristics provided by the user equipment and associated with the detected anomaly, the algorithm for detecting cyber attacks being chosen and/or configured according to the at least one piece of information; and determining from the at least one piece of information, according to an outcome of the processing, and if a cyber attack is detected, a response to the user equipment regarding the detected anomaly.Type: GrantFiled: April 15, 2020Date of Patent: December 3, 2024Assignee: ORANGEInventors: Hichem Sedjelmaci, Tony Capo-Chichi
-
Patent number: 12156109Abstract: A method of re-establishing a connection between a LWM2M client and an LWM2M server following a reconnection of the LWM2M client to the LWM2M server includes determining, at the LWM2M client, a state of the LWM2M client device prior to reconnection of the LWM2M client, transmitting, to the LWM2M server, an indication of the state of the LWM2M client prior to reconnection of the LWM2M client, and receiving a response from the LWM2M server indicating whether the indicated state of the LWM2M client is an expected state or an unexpected state of the LWM2M client.Type: GrantFiled: November 7, 2018Date of Patent: November 26, 2024Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Ari Keränen, Jari Arkko
-
Patent number: 12155626Abstract: In one embodiment, a computing platform features a controller in communication with one or more virtual private cloud networks, including a first virtual private cloud network (VPC). The virtual private cloud network includes at least a first egress filtering gateway configured to filter egress traffic data received from a first gateway and route the filtered egress traffic data to a public network in accordance with a first set of filter rules. The first set of filter rules are included as part of a first security policy provided by the controller.Type: GrantFiled: August 18, 2021Date of Patent: November 26, 2024Assignee: Aviatrix Systems, Inc.Inventors: Xiaobo Sherry Wei, Lee-Chik Cheung
-
Patent number: 12141283Abstract: A rootkit detection system and method analyzes memory dumps to determine connections between intercepted system driver operations requested by unknown files and changes in system memory before and after those operations. Memory dump differences and I/O buffers are analyzed with machine learning models to identify clustered features associated with rootkits.Type: GrantFiled: December 30, 2021Date of Patent: November 12, 2024Assignee: Acronis International GmbHInventors: Vladimir Strogov, Sergey Ulasen, Serguei Beloussov, Stanislav Protasov
-
Patent number: 12141278Abstract: A computer-implemented method for detecting a security status of a computer system may include: in response to satisfaction of a predetermined trigger condition associated with an electronic application installed on a memory of the computer system, performing a security check process on the computer system; in response to the security check process determining that a security status of the computer system is currently compromised, performing a first security action; and in response to the security check process determining that the security status is formerly compromised, performing a second security action.Type: GrantFiled: August 15, 2022Date of Patent: November 12, 2024Assignee: Capital One Services, LLCInventor: Jon Whitmore
-
Patent number: 12141282Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed that augment classification for low prevalence samples. An example non-transitory computer readable medium comprises instructions that, when executed, causes a machine to at least classify a data sample using a first classifier, classify the data sample using a second classifier different from the first classifier, the second classifier using a plurality of sensitive hashing (LSH) forests to analyze a sorted plurality of neighbor samples, determine whether a first classification result of the first classifier meets or exceeds a confidence threshold, in response to the first classification result of the first classifier meeting or exceeding the confidence threshold, output the first classification result, and in response to the first classification result of the first classifier not meeting or exceeding the confidence threshold, output a second classification result of the second classifier.Type: GrantFiled: December 31, 2021Date of Patent: November 12, 2024Assignee: McAfee, LLCInventors: German Lancioni, Jonathan King
-
Patent number: 12130919Abstract: The present disclosure is directed to monitoring internal process memory of a computer at a time with program code executes. Methods and apparatus consistent with the present disclosure monitor the operation of program code with the intent of detecting whether received program inputs may exploit vulnerabilities that may exist in the program code at runtime. By detecting suspicious activity or malicious code that may affect internal process memory at run-time, methods and apparatus described herein identify suspected malware based on suspicious actions performed as program code executes. Runtime exploit detection may detect certain anomalous activities or chain of events in a potentially vulnerable application during execution. These events may be detected using instrumentation code when a regular code execution path of an application is deviated from.Type: GrantFiled: January 10, 2023Date of Patent: October 29, 2024Assignee: SONICWALL INC.Inventors: Soumyadipta Das, Sai Sravan Kumar Ganachari, Yao He, Aleksandr Dubrovsky
-
Patent number: 12130949Abstract: An inspection device supports work related to ensuring security by including: a conversion unit that converts a regular expression of a first signature into a first representation by a nondeterministic finite automaton and converts a regular expression of a second signature into a second representation by a nondeterministic finite automaton; a determination unit that determines the presence or absence of an inclusive relationship between the first representation and the second representation; and an output unit that when a result of determination by the determination unit indicates that the first representation and the second representation have an inclusive relationship, outputs information indicating that the first signature and the second signature have the inclusive relationship.Type: GrantFiled: January 27, 2020Date of Patent: October 29, 2024Assignee: Nippon Telegraph and Telephone CorporationInventor: Yoshihide Nakagawa
-
Patent number: 12124568Abstract: Malware prevention and remediation is provided by monitoring actions performed by processes and maintaining indications of which processes are trusted; selectively presenting canary files to these processes, which includes presenting the canary files to processes not indicated as being trusted and hiding the canary files from processes indicated as being trusted, and where the monitoring includes monitoring for access of canary files with change privileges; scoring each of the processes based on the actions performed, including any access of canary files with change privileges, which scoring produces a malice score for each process; and automatically terminating any process for which its malice score indicates at least a threshold level of malice in the execution of the process.Type: GrantFiled: April 20, 2021Date of Patent: October 22, 2024Assignee: Assured Information Security, Inc.Inventors: Sean Laplante, Patrick McHarris
-
Patent number: 12124574Abstract: A system and method for malware classification using machine learning models trained using synthesized feature sets based on features extracted from samples of known malicious objects and known safe objects. The synthesized feature sets act as virtual samples for training a machine learning classifier to recognize new objects in the wild that are likely to be malicious.Type: GrantFiled: December 27, 2021Date of Patent: October 22, 2024Assignee: Acronis International GmbHInventors: Sergey Ulasen, Vladimir Strogov, Serguei Beloussov, Stanislav Protasov
-
Patent number: 12118087Abstract: File risk and malware detection and classification can be enhanced using machine learning analysis of content disarm and reconstruction (CDR) output. Correlations can be discovered or analyzed between individual elements of such outputs, which can include an XML report. Such correlations can provide useful information on threat intelligence and help validate content disarm and reconstruction. A method can include training machine learning algorithms with a dataset derived from CDR results from test files labelled as malicious or not malicious; instructing algorithms to predict probabilities; and determining correlation between the report items and malware (for example, using the function feature importances and the SHAP value method).Type: GrantFiled: January 28, 2022Date of Patent: October 15, 2024Assignee: Glasswall (IP) LimitedInventors: Petra Vukmirovic, Matthew James Cavey, Matthew James Dignum
-
Patent number: 12113809Abstract: Artificial Intelligence (“AI”) apparatus and method are provided that correlate and consolidate operation of discrete vendor tools for detecting cyberthreats on a network. An AI engine may filter false positives and eliminate duplicates within cyberthreats detected by multiple vendor tools. The AI engine provides machine learning solutions to complexities associated with translating vendor-specific cyberthreats to known cyberthreats. The AI engine may ingest data generated by the multiple vendor tools. The AI engine may classify hardware devices or software applications scanned by each vendor tool. The AI engine may decommission vendor tools that provide redundant cyberthreat detection. The AI engine may display operational results on a dashboard directing cyberthreat defense teams to corroborated cyberthreats and away from false positives.Type: GrantFiled: January 15, 2021Date of Patent: October 8, 2024Assignee: Bank of America CorporationInventors: Ajay Jose Paul, Ghada I. Khashab, Sidy Diop, Peggy J. Qualls, Anthony R. Bandos, Lori Mammoser
-
Patent number: 12105751Abstract: A file format identification system can predict file formats associated with binary data. The file format identification system can extract n-grams, such as byte 4-grams, from the binary data. A trained neural network with at least one embedding layer can generate embedding arrays that correspond to the extracted n-grams. A trained file format classifier can compare values in the embedding arrays with patterns of values associated with known file formats. The trained file format classifier can accordingly determine which of the known file formats are most likely to be associated with the binary data.Type: GrantFiled: May 19, 2022Date of Patent: October 1, 2024Assignee: CrowdStrike, Inc.Inventor: Marian Radu
-
Patent number: 12107872Abstract: Detection of command and control malware is disclosed. A network traffic session is monitored. Automatic feature identification for real-time malicious command and control traffic detection based on a request header of the monitored network traffic session using a deep learning model is performed.Type: GrantFiled: January 18, 2022Date of Patent: October 1, 2024Assignee: Palo Alto Networks, Inc.Inventors: Ajaya Neupane, Yuwen Dai, Stefan Achleitner, Yu Fu, Shengming Xu
-
Patent number: 12093382Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed. In one example, an apparatus includes at least one memory, instructions, and processor circuitry. The processor circuitry at least executes or instantiates the instructions to receive a group of indicators from a campaign attack, then query an indicator database with an indicator from the group of indicators, and then predict an identification of the campaign attack in response to the indicator having a current deterministic indicator and confidence scoring (DISC) score in the indicator database, wherein the DISC score represents at least one of a lethality component, a determinism component, or a confidence component of the indicator.Type: GrantFiled: December 31, 2021Date of Patent: September 17, 2024Assignee: Musarubra US LLCInventors: Christiaan Beek, John Fokker, Steve Grobman
-
Patent number: 12086249Abstract: A detection system for determining whether an update of at least one application installed on at least one whitelisted host is legitimate is provided. The system includes an update management server and update detectors installed with the application(s). During a process that software automatic update occurs in each update detector and a corresponding update installation package is executed, the executed update installation package generates at least one updater corresponding to each application. Each update detector transmits report information which includes the information of the at least one updater and sampled executable files to the update management server. The update management server obtains a number of update detectors, having performed the update operation of each application, according to the report information of each update detector. If the number is greater than or equal to a threshold value, it is determined that the update is legitimate.Type: GrantFiled: January 30, 2020Date of Patent: September 10, 2024Assignee: INDUSTRIAL TECHNOLOGY RESEARCH INSTITUTEInventors: Tzi-Cker Chiueh, Lap-Chung Lam, Li-Ting Huang, Pan-Jo Chuang
-
Patent number: 12086235Abstract: Techniques for early exit dynamic analysis of a virtual machine are disclosed. In some embodiments, a system/process/computer program product for early exit dynamic analysis of a virtual machine includes initiating a dynamic analysis of a malware sample by executing the malware sample in a virtual computing environment; monitoring activities of the malware sample during execution of the malware sample in the virtual computing environment; and determining when to exit the dynamic analysis before a predetermined period of time.Type: GrantFiled: June 30, 2021Date of Patent: September 10, 2024Assignee: Palo Alto Networks, Inc.Inventors: Esmid Idrizovic, Daniel Raygoza, Robert Jung, Michael S. Hughes
-
Patent number: 12086250Abstract: Techniques are described for monitoring and analyzing input/output (I/O) messages for patterns indicative of ransomware attacks affecting computer systems of a cloud provider, and for performing various remediation actions to mitigate data loss once a potential ransomware attack is detected. The monitoring of I/O activity for such patterns is performed at least in part by I/O proxy devices coupled to computer systems of a cloud provider network, where an I/O proxy device is interposed in the I/O path between guest operating systems running on a computer system and storage devices to which I/O messages are destined. An I/O proxy device can analyze I/O messages for patterns indicative of potential ransomware attacks by monitoring for anomalous I/O patterns which may, e.g., be indicative of a malicious process attempting to encrypt or otherwise render in accessible a significant portion of one or more storage volumes as part of a ransomware attack.Type: GrantFiled: December 10, 2021Date of Patent: September 10, 2024Assignee: Amazon Technologies, Inc.Inventor: Eric Jason Brandwine
-
Patent number: 12079340Abstract: Methods and apparatus consistent with the present disclosure may be performed by a Cloud computing device may use instrumentation code that remains transparent to an application program that the instrumentation code has been injected into, may perform deep packet inspection (DPI) on computer data, or identify a content rating associated with computer data. In certain instances, data sets that include executable code may be received via packetized communications or be received via other means, such as, receiving a file from a data store. The present technique allows one or more processors executing instrumentation code to monitor actions performed by the program code included in a received data set. Malware can be detected using exception handling to track memory allocations of the program code included in the received data set. Furthermore, access to content associated with malware, potential malware, or with inappropriate content ratings may be blocked.Type: GrantFiled: September 19, 2023Date of Patent: September 3, 2024Assignee: SONICWALL INC.Inventors: Aleksandr Dubrovsky, Soumyadipta Das, Senthilkumar Gopinathan Cheetancheri
-
Patent number: 12079339Abstract: The disclosure herein describes the processing of malware scan requests from VCIs by an anti-malware scanner (AMS) on a host device. A malware scan request is received by the AMS from a VCI, the malware scan request including script data of a script from a memory buffer of the VCI. The AMS scans the script data of the malware scan request, outside of the VCI, and determines that the script includes malware. The AMS notifies the VCI that the script includes malware, whereby the VCI is configured to prevent execution of the script or take other mitigating action. The AMS provides scanning for fileless malware to VCIs on a host device without consuming or otherwise affecting resources of the VCIs.Type: GrantFiled: May 12, 2022Date of Patent: September 3, 2024Assignee: VMware, Inc.Inventors: Kedar Bhalchandra Chaudhari, Pranav Gokhale, Mandar Barve
-
Patent number: 12079639Abstract: A device property control system determines whether a current user of a device is an owner of the device, a trusted secondary user of the device, or an untrusted secondary user of the device. The system maintains device property values for the owner as well as each trusted secondary user of the device. When the current user of the device changes, the system determines whether the current user is the owner or a trusted secondary user and if so changes the device property values to those previously used by the owner or one of the trusted secondary users (whichever is the current user of the device). However, if the current user is an untrusted secondary user, the device property control system changes the device property values to demonstration mode device property values that are expected to best demonstrate the capabilities of the device.Type: GrantFiled: April 1, 2021Date of Patent: September 3, 2024Assignee: Motorola Mobility LLCInventors: Mayank Rajesh Gupta, Nadeem Nazarali Panjwani, Amit Kumar Agrawal
-
Patent number: 12079364Abstract: A server kernel processing system receives an input/output (I/O) request from a user mode computing environment. The I/O request is analyzed to determine whether it is a file open request. If so, target analysis logic determines whether the file open request is for a driver file or for a file within a protected volume that stores a driven whitelist file. If the file open request is for a file stored in a protected volume, the request is blocked. If the file open request is for a driver file, then the driver whitelist file is examined to determine whether the target driver is on the whitelist. If not, the file open request is also blocked.Type: GrantFiled: September 15, 2021Date of Patent: September 3, 2024Assignee: Microsoft Technology Licensing, LLCInventors: Manoharan Kuppusamy, Dhananjay Ramakrishnappa, Shyam Arunkundram Ramprasad, Priyadarshi Ghosh
-
Patent number: 12072978Abstract: A system for detection of files not matching a known malware file in a computing environment that includes a processor coupled to a memory storing instructions to permit the processor to function as an analyzer. The analyzer is configured to receive, as input, an unknown file and the known malware file, compare the unknown file to the known malware file by comparing N (where N is greater of equal to 1) blocks B1, . . . , BN of lengths L1, . . . , LN located at offsets O1, . . . , ON such that the number of blocks, lengths and offsets are calculated according to pre-defined algorithm, and output a value indicating that the unknown file is different from the known malware file if exists at least one j that a Bj block of the unknown file is different from a Bj block of the known malware file.Type: GrantFiled: February 24, 2022Date of Patent: August 27, 2024Assignee: Acronis International GmbHInventors: Andrey Kulaga, Serguei Beloussov, Stanislav Protasov
-
Patent number: 12069076Abstract: A network device may include a memory and one or more processors configured to analyze execution of suspicious data; detect one or more states of execution of the suspicious data; determine that the one or more states of execution are to be assigned a priority level; and extract at least a portion of the suspicious data from one or more locations based on determining that the one or more states of execution are to be assigned a priority level.Type: GrantFiled: January 28, 2022Date of Patent: August 20, 2024Assignee: Juniper Networks, Inc.Inventors: Abhijit Mohanta, Anoop Wilbur Saldanha
-
Patent number: 12050945Abstract: A standalone storage product having: a first bus connector for connecting to an external processor; a second bus connector for connecting to an external network interface; a storage device accessible over the network interface; and a processing device configured to communicate, via the second bus connector, with the network interface to obtain storage access messages represented by incoming packets received at the network interface from a computer network. The processing device can: identify, from the storage access messages, first messages and second messages; provide, the first messages via the first bus connector, to the processor; and provide, the second messages, to the storage device without the second messages going through the processor. The storage device is configured to: receive, via the first bus connector, third messages from the processor; and execute commands in the second messages and the third messages to implement a network storage service.Type: GrantFiled: July 15, 2022Date of Patent: July 30, 2024Assignee: Micron Technology, Inc.Inventor: Luca Bert
-
Patent number: 12039034Abstract: Embodiments seek to prevent detection of a sandbox environment by a potential malware application. To this end, execution of the application is monitored, and provide information about the execution to a reinforcement learning machine learning model. The model generates a suggested modification to make to the executing application. The model is provided with information indicating whether the application executed successfully or not, and this information is used to train the model for additional modifications. By modifying the potential malware execution during its execution, detection of a sandbox environment is prevented, and analysis of the potential malware applications features are better understood.Type: GrantFiled: January 30, 2023Date of Patent: July 16, 2024Assignee: Microsoft Technology Licensing, LLCInventors: Jugal Parikh, Geoffrey Lyall McDonald, Mariusz Hieronim Jakubowski, Seyed Mehdi Fatemi Booshehri, Allan Gordon Lontoc Sepillo, Bradley Noah Faskowitz
-
Patent number: 12039048Abstract: A system and method of deployment of malware detection traps by at least one processor may include performing a first interrogation of a first Network Asset (NA) of a specific NA family; determining, based on the interrogation, a value of one or more first NA property data elements of the first NA; obtaining one or more second NA property data elements corresponding to the specific NA family; integrating the one or more first NA property data elements and the one or more second NA property data elements to generate a template data element, corresponding to the specific NA family; producing, from the template data element, a malware detection trap module; and deploying, on one or more computing devices of a computer network, one or more instantiations of the malware detection trap module as decoys of the first NA.Type: GrantFiled: April 27, 2023Date of Patent: July 16, 2024Assignee: Commvault Systems, Inc.Inventors: Oleg Goldshmidt, Mori Benech
-
Patent number: 12028358Abstract: Methods, computer-readable media, software, and apparatuses may assist a consumer in keeping track of a consumer's accounts in order to prevent unauthorized access or use of the consumer's identified accounts. To discover the various accounts, the methods, computer-readable media, software, and apparatuses can monitor at least a consumer's email accounts, web browser history, and web cache. The discovered accounts may be displayed to the consumer along with recommendations and assistance for closing unused or unwanted accounts to prevent unauthorized access or use.Type: GrantFiled: February 1, 2023Date of Patent: July 2, 2024Assignee: Allstate Insurance CompanyInventors: Jason D. Park, John S. Parkinson
-
Patent number: 12021685Abstract: Examples of the present disclosure describe systems and methods relating to adaptive virtual services. In an example, a user specifies a device configuration for a platform device. As a result, a service provider installs selected virtual-network functions and defines network connections as specified by the device configuration. Management software may also be installed, thereby enabling the service provider to communicate with and remotely manage the platform device. The installed virtual-network functions are activated on the platform device once it is delivered to the user. In some instances, the user changes the device configuration. For example, the user may install new virtual-network functions, reconfigure or remove existing virtual-network functions, or change defined network connections. As a result, the service provider reconfigures the platform device accordingly. Thus, the user need not purchase new specialized hardware in order to change the available functions of the computer network.Type: GrantFiled: May 8, 2023Date of Patent: June 25, 2024Assignee: Level 3 Communications, LLCInventors: Adam Saenger, Matthew Holway, Len Brannen, Gene Clark, Anil Simlot, Zubin Ingah, Johan J. Shane, Michael Gibson, Cory Sawyer, Rich Cerami, Kurt Deshazer
-
Patent number: 12019746Abstract: An adaptive malware writing system includes a targeting engine that classifies malware candidates as a malicious candidate or a benign candidate through a surrogate model. The surrogate model assigns a weight to each byte of the malware candidates through a saliency vector. The sum of the weights render a malware classification score. An alteration engine alters a binary form of the malware candidates classified as malware by executing a functional analysis that traces application program interface calls and memory. The alteration engine alters the binary form of the malware candidates classified as malware to render a synthesized malware. The malware analysis determines if the synthesized malware is operational by comparing an image of the synthesized malware to an image of at least one of the plurality of malware candidates. A target classifier engine identifies the vulnerabilities of a targeted computer.Type: GrantFiled: June 28, 2022Date of Patent: June 25, 2024Assignee: UT-Battelle, LLCInventors: Jared M. Smith, Luke Koch
-
Patent number: 12021879Abstract: A computer includes a processor and a memory, and the memory stores instructions executable by the processor to receive a plurality of first message patterns; receive a plurality of second message patterns; determine a set of differences between the first message patterns and the second message patterns; for at least one of the differences, determine a respective resolution in favor of either the first message patterns or the second message patterns; and generate a plurality of third message patterns. The message patterns define messaging between electronic control units on board a vehicle. The message patterns include values for attributes assigned to the respective message patterns. The third message patterns include the at least one resolution and commonalities between the first message patterns and the second message patterns.Type: GrantFiled: February 8, 2022Date of Patent: June 25, 2024Assignee: Ford Global Technologies, LLCInventors: Jacob David Nelson, Venkata Kishore Kajuluri
-
Patent number: 12013929Abstract: Examples of the present disclosure describe systems and methods for detecting and mitigating stack pivoting exploits. In aspects, various “checkpoints” may be identified in software code. At each checkpoint, the current stack pointer, stack base, and stack limit for each mode of execution may be obtained. The current stack pointer for each mode of execution may be evaluated to determine whether the stack pointer falls within a stack range between the stack base and the stack limit of the respective mode of execution. When the stack pointer is determined to be outside of the expected stack range, a stack pivot exploit is detected and one or more remedial actions may be automatically performed.Type: GrantFiled: January 24, 2023Date of Patent: June 18, 2024Assignee: OPEN TEXT INC.Inventor: Andrew Sandoval
-
Patent number: 12014066Abstract: A system includes control logic to boot to a waking state, configure the system, and check for the presence of non-volatile DIMMs. Based on a determination that non-volatile DIMMs are not present, the control logic is to create one or more block devices to overcome CPU utilization limitations. Based on a determination that non-volatile DIMMs are present, the control logic is to use a non-volatile DIMM for storage.Type: GrantFiled: September 2, 2022Date of Patent: June 18, 2024Assignee: SOFTIRON LIMITEDInventors: Kenny Van Alstyne, Phillip Edward Straw
-
Patent number: 12010076Abstract: Systems and method for providing an application chatbot that provides a conversational interface that receives natural language input from an application user, interprets the user's intent, and uses application-related context for generating and providing a contextually accurate response in a conversation with the user. In some examples, the application chatbot determines an action to perform corresponding to the response and provides an option to perform the action in the conversational user interface. A selection of the option causes the action to be performed.Type: GrantFiled: June 12, 2023Date of Patent: June 11, 2024Assignee: Microsoft Technology Licensing, LLCInventors: Felix Andrew, Ryan Gregory Cropp, Laurentiu T. Nedelcu
-
Patent number: 12001556Abstract: An anti-virus chip includes a first connection terminal, a second connection terminal, a detection unit and a processing unit. The first connection terminal and the second connection terminal are respectively coupled to a connection port and a system circuit of an electronic device. The detection unit detects whether the connection port is connected to an external device via the first connection terminal. When the detection unit detects that the connection port is connected to the external device, the processing unit performs a virus-scan program on the external device to determine whether a virus exists in the external device. When determining that a virus does not exist in the external device, the processing unit establishes a first transmission path between the first connection terminal and the second connection terminal. When determining that a virus exists in the external device, the processing unit does not establish the first transmission path.Type: GrantFiled: April 18, 2023Date of Patent: June 4, 2024Assignee: NUVOTON TECHNOLOGY CORPORATIONInventors: Ming-Che Hung, Chia-Ching Lu, Shih-Hsuan Yen, Chih-Wei Tsai
-
Patent number: 11997128Abstract: Collecting the topology and asset information of the virtual generated computer network, converting the topology and asset information into a training data set for training the neural network model, training the neural network model based on the training data set, and training A method and apparatus for predicting an attack vulnerability of a computer network through the step of inferring an attack vulnerability of a target computer network using a neural network model are provided.Type: GrantFiled: August 5, 2021Date of Patent: May 28, 2024Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTEInventors: Ki Jong Koo, Dae Sung Moon, Jooyoung Lee, Ik Kyun Kim, Kyungmin Park, Ho Hwang
-
Patent number: 11989297Abstract: Examples of the disclosure can provide an apparatus for detecting malware. The apparatus can comprise means for: selecting one or more tasks to be performed by a user device during charging of the user device; enabling a power trace to be obtained wherein the power trace provides an indication of the power consumed by the user device while the one or more tasks are being performed; and enabling the power trace to be analysed to provide an indication of the presence of malware.Type: GrantFiled: June 18, 2021Date of Patent: May 21, 2024Assignee: Nokia Technologies OyInventor: Christopher Wright
-
Patent number: 11983270Abstract: An amount of data change associated with a version of a content file with respect to one or more previous versions of the content file is determined. The amount of change associated with the version of the content file is determined using a tree data structure associated with the content file that is stored on a storage cluster. One or more statistics associated with backup snapshot are provided to a server. The server is configured to determine that the amount of data change associated with the version of the content file is anomalous based in part on the one or more statistics associated with the backup snapshot. A notification that data associated with the backup snapshot is potentially infected by malicious software is received from the server. The version of the content file is indicated as being potentially infected by malicious software.Type: GrantFiled: January 22, 2021Date of Patent: May 14, 2024Assignee: Cohesity, Inc.Inventors: Prashant Gaurav, Sidharth Mishra, Karandeep Singh Chawla, Anubhav Gupta, Sudhir Srinivas, Apurv Gupta, Nagapramod Mandagere
-
Patent number: 11979423Abstract: Aspects of the disclosure relate to real-time classification of content in a data transmission. A computing platform may detect, in real-time and via a computing device, a plurality of data transmissions between applications over a communications network. Then, the computing platform may retrieve, for a particular data transmission of the plurality of data transmissions, a content of the particular data transmission. The computing platform may then analyze, via the computing device, the content. Subsequently, the computing platform may determine, in real-time via the computing device and based on the analyzing, a security classification for the content. Then, the computing platform may cause, in real-time via the computing device, the content to be marked with the determined security classification.Type: GrantFiled: February 23, 2023Date of Patent: May 7, 2024Assignee: Bank of America CorporationInventors: George Albero, Gulsen Saffel
-
Patent number: 11968225Abstract: Methods and systems for generating an attack path based on user and system risk profiles are presented. The method comprises determining user information associated with a computing device; determining system exploitability information of the computing device; determining system criticality information of the computing device; determining a risk profile for the computing device based on the user information, the system exploitability information, and the system criticality information; and generating an attack path based on the risk profile. The attack path indicates a route through which an attacker accesses the computing device. The system exploitability information indicates one or more of: the vulnerability associated with the computing device, an exposure window associated with the computing device, and a protection window associated with the computing device.Type: GrantFiled: June 13, 2022Date of Patent: April 23, 2024Assignee: Qualys, Inc.Inventors: Mayuresh Vishwas Dani, Ankur S. Tyagi, Rishikesh Jayaram Bhide
-
Patent number: 11960605Abstract: A sample is analyzed to determine a set of events that should be selected for performing by a dynamic analyzer executing the sample in an instrumented, emulated environment. The set of selected events is performed. In some cases, at least one emulator detection resistance action is performed. A maliciousness verdict is determined for the sample based at least in part on one or more responses taken by the sample in response to the set of selected events being performed by the dynamic analyzer.Type: GrantFiled: November 21, 2022Date of Patent: April 16, 2024Assignee: Palo Alto Networks, Inc.Inventors: Cong Zheng, Wenjun Hu, Zhi Xu
-
Patent number: 11956338Abstract: A computing system may identify packets received by a network device from a host located in a first network and may generate log entries corresponding to the packets received by the network device. The computing system may identify packets transmitted by the network device to a host located in a second network and may generate log entries corresponding to the packets transmitted by the network device. Utilizing the log entries corresponding to the packets received by the network device and the log entries corresponding to the packets transmitted by the network device, the computing system may correlate the packets transmitted by the network device with the packets received by the network device.Type: GrantFiled: May 19, 2023Date of Patent: April 9, 2024Assignee: Centripetal Networks, LLCInventors: David K. Ahn, Peter P. Geremia, Pierre Mallett, III, Sean Moore, Robert T. Perry
-
Patent number: 11928631Abstract: A computer model is created for automatically evaluating the business value of computing objects such as files and databases on an endpoint. This can be used to assess the potential business impact of a security compromise to an endpoint, or a process executing on an endpoint, in order to prioritize potential threats within an enterprise for human review and intervention.Type: GrantFiled: March 1, 2021Date of Patent: March 12, 2024Assignee: Sophos LimitedInventors: Russell Humphries, Andrew J. Thomas
-
Patent number: 11928206Abstract: Examples of the present disclosure describe systems and methods for selective export address table filtering. In aspects, the relative virtual address (RVA) of exported function names may be modified to point to a protected memory location. An exception handler may be registered to process exceptions relating to access violations of the protected memory location. If an exception is detected that indicates an attempt to access the protected memory location, the instruction pointer of the exception may be compared to an allowed range of memory addresses. If the instruction pointer address is outside the boundaries, remedial action may occur.Type: GrantFiled: April 20, 2023Date of Patent: March 12, 2024Assignee: Open Text Inc.Inventors: Eric Klonowski, Ira Strawser
-
Patent number: 11930019Abstract: In one embodiment, a malware analysis method includes receiving a file on a virtual machine (VM). The VM includes, a web debugging proxy, a system resource monitor, and a file analysis tool. The method also includes performing, with the file analysis tool, a static analysis on the file. The static analysis includes determining a set of file properties of the file, and storing the determined file properties in a repository. The method further includes performing, with the web debugging proxy and the system resource monitor, a dynamic analysis on the file, the dynamic analysis. The dynamic analysis includes running the file on the VM, determining, with the web debugging proxy, web traffic of the virtual machine, determining, with the system resource monitor, executed commands and modifications to system resources of the VM originating from the file, and storing the determined traffic and executed commands in the repository.Type: GrantFiled: April 21, 2021Date of Patent: March 12, 2024Assignee: Saudi Arabian Oil CompanyInventors: Reem Abdullah Algarawi, Majed Ali Hakami
-
Patent number: 11922199Abstract: An in-guest agent in a virtual machine (VM) operates in conjunction with a replication module. The replication module performs continuous data protection (CDP) by saving images of the VM as checkpoints at a disaster recovery site over time. Concurrently, the in-guest agent monitors for behavior in the VM that may be indicative of the presence of malicious code. If the in-guest agent identifies behavior (at a particular point in time) at the VM that may be indicative of the presence of malicious code, the replication module can tag a checkpoint that corresponds to the same particular point in time as a security risk. One or more checkpoints generated prior to the particular time may be determined to be secure checkpoints that are usable for restoration of the VM.Type: GrantFiled: March 2, 2020Date of Patent: March 5, 2024Assignee: VMware, Inc.Inventors: Sunil Hasbe, Shirish Vijayvargiya
-
Patent number: 11916930Abstract: A system and method are disclosed for performing non-invasive scan of a target device. The system is configured for: i) loading an endpoint protection agent to a target device; ii) providing a remote direct memory access of the target device to the remote security server for reading a memory of the target device; iii) scanning, by a second memory scan engine of the remote security server, the memory of the target device upon the violation of the security policy; iv) identifying, by the second memory scan engine of the remote security server, a threat on the target device; and v) sending, by the remote security server, a security response action to the endpoint protection agent on the target device in accordance with the security policy.Type: GrantFiled: June 29, 2021Date of Patent: February 27, 2024Assignee: Acronis International GmbHInventors: Alexander Tormasov, Serguei Beloussov, Stanislav Protasov
-
Patent number: 11909761Abstract: Systems and methods for mitigating the impact of malware by reversing malware related modifications in a computing device are provided. According to an embodiment, a sandbox service running within a network security platform protecting an enterprise network receives a file containing malware and associated contextual information from an endpoint security solution running on an endpoint device, which has been infected by the malware. The sandbox service captures information regarding a first series of actions performed by the malware and based on the first series of actions generates a remediation script specifying a second series of actions that are configured to restore the endpoint device to a pre-infected state. The network security platform causes the endpoint device to be returned to the pre-infected state by causing the endpoint security solution to execute the remediation script on the endpoint device.Type: GrantFiled: February 2, 2022Date of Patent: February 20, 2024Assignee: Fortinet, Inc.Inventors: Udi Yavo, Roy Katmor, Ido Kelson
-
Patent number: RE50024Abstract: Computer systems and methods in various embodiments are configured for improving the security and efficiency of client computers interacting with server computers through supervising instructions defined in a web page and/or web browser. In an embodiment, a computer system comprising one or more processors, coupled to a remote client computer, and configured to send, to the remote client computer, one or more instructions, which when executed by the remote client computer, cause a run-time environment on the remote client computer to: intercept, within the run-time environment, a first call to execute a particular function defined in the run-time environment by a first caller function in the run-time environment; determine a first caller identifier, which corresponds to the first caller function identified in a run-time stack maintained by the run-time environment; determine whether the first caller function is authorized to call the particular function based on the first caller identifier.Type: GrantFiled: December 21, 2018Date of Patent: June 25, 2024Assignee: SHAPE SECURITY, INC.Inventors: Yao Zhao, Xinran Wang