Virus Detection Patents (Class 726/24)
-
Patent number: 12069076Abstract: A network device may include a memory and one or more processors configured to analyze execution of suspicious data; detect one or more states of execution of the suspicious data; determine that the one or more states of execution are to be assigned a priority level; and extract at least a portion of the suspicious data from one or more locations based on determining that the one or more states of execution are to be assigned a priority level.Type: GrantFiled: January 28, 2022Date of Patent: August 20, 2024Assignee: Juniper Networks, Inc.Inventors: Abhijit Mohanta, Anoop Wilbur Saldanha
-
Patent number: 12050945Abstract: A standalone storage product having: a first bus connector for connecting to an external processor; a second bus connector for connecting to an external network interface; a storage device accessible over the network interface; and a processing device configured to communicate, via the second bus connector, with the network interface to obtain storage access messages represented by incoming packets received at the network interface from a computer network. The processing device can: identify, from the storage access messages, first messages and second messages; provide, the first messages via the first bus connector, to the processor; and provide, the second messages, to the storage device without the second messages going through the processor. The storage device is configured to: receive, via the first bus connector, third messages from the processor; and execute commands in the second messages and the third messages to implement a network storage service.Type: GrantFiled: July 15, 2022Date of Patent: July 30, 2024Assignee: Micron Technology, Inc.Inventor: Luca Bert
-
Patent number: 12039034Abstract: Embodiments seek to prevent detection of a sandbox environment by a potential malware application. To this end, execution of the application is monitored, and provide information about the execution to a reinforcement learning machine learning model. The model generates a suggested modification to make to the executing application. The model is provided with information indicating whether the application executed successfully or not, and this information is used to train the model for additional modifications. By modifying the potential malware execution during its execution, detection of a sandbox environment is prevented, and analysis of the potential malware applications features are better understood.Type: GrantFiled: January 30, 2023Date of Patent: July 16, 2024Assignee: Microsoft Technology Licensing, LLCInventors: Jugal Parikh, Geoffrey Lyall McDonald, Mariusz Hieronim Jakubowski, Seyed Mehdi Fatemi Booshehri, Allan Gordon Lontoc Sepillo, Bradley Noah Faskowitz
-
Patent number: 12039048Abstract: A system and method of deployment of malware detection traps by at least one processor may include performing a first interrogation of a first Network Asset (NA) of a specific NA family; determining, based on the interrogation, a value of one or more first NA property data elements of the first NA; obtaining one or more second NA property data elements corresponding to the specific NA family; integrating the one or more first NA property data elements and the one or more second NA property data elements to generate a template data element, corresponding to the specific NA family; producing, from the template data element, a malware detection trap module; and deploying, on one or more computing devices of a computer network, one or more instantiations of the malware detection trap module as decoys of the first NA.Type: GrantFiled: April 27, 2023Date of Patent: July 16, 2024Assignee: Commvault Systems, Inc.Inventors: Oleg Goldshmidt, Mori Benech
-
Patent number: 12028358Abstract: Methods, computer-readable media, software, and apparatuses may assist a consumer in keeping track of a consumer's accounts in order to prevent unauthorized access or use of the consumer's identified accounts. To discover the various accounts, the methods, computer-readable media, software, and apparatuses can monitor at least a consumer's email accounts, web browser history, and web cache. The discovered accounts may be displayed to the consumer along with recommendations and assistance for closing unused or unwanted accounts to prevent unauthorized access or use.Type: GrantFiled: February 1, 2023Date of Patent: July 2, 2024Assignee: Allstate Insurance CompanyInventors: Jason D. Park, John S. Parkinson
-
Patent number: 12021879Abstract: A computer includes a processor and a memory, and the memory stores instructions executable by the processor to receive a plurality of first message patterns; receive a plurality of second message patterns; determine a set of differences between the first message patterns and the second message patterns; for at least one of the differences, determine a respective resolution in favor of either the first message patterns or the second message patterns; and generate a plurality of third message patterns. The message patterns define messaging between electronic control units on board a vehicle. The message patterns include values for attributes assigned to the respective message patterns. The third message patterns include the at least one resolution and commonalities between the first message patterns and the second message patterns.Type: GrantFiled: February 8, 2022Date of Patent: June 25, 2024Assignee: Ford Global Technologies, LLCInventors: Jacob David Nelson, Venkata Kishore Kajuluri
-
Patent number: 12021685Abstract: Examples of the present disclosure describe systems and methods relating to adaptive virtual services. In an example, a user specifies a device configuration for a platform device. As a result, a service provider installs selected virtual-network functions and defines network connections as specified by the device configuration. Management software may also be installed, thereby enabling the service provider to communicate with and remotely manage the platform device. The installed virtual-network functions are activated on the platform device once it is delivered to the user. In some instances, the user changes the device configuration. For example, the user may install new virtual-network functions, reconfigure or remove existing virtual-network functions, or change defined network connections. As a result, the service provider reconfigures the platform device accordingly. Thus, the user need not purchase new specialized hardware in order to change the available functions of the computer network.Type: GrantFiled: May 8, 2023Date of Patent: June 25, 2024Assignee: Level 3 Communications, LLCInventors: Adam Saenger, Matthew Holway, Len Brannen, Gene Clark, Anil Simlot, Zubin Ingah, Johan J. Shane, Michael Gibson, Cory Sawyer, Rich Cerami, Kurt Deshazer
-
Patent number: 12019746Abstract: An adaptive malware writing system includes a targeting engine that classifies malware candidates as a malicious candidate or a benign candidate through a surrogate model. The surrogate model assigns a weight to each byte of the malware candidates through a saliency vector. The sum of the weights render a malware classification score. An alteration engine alters a binary form of the malware candidates classified as malware by executing a functional analysis that traces application program interface calls and memory. The alteration engine alters the binary form of the malware candidates classified as malware to render a synthesized malware. The malware analysis determines if the synthesized malware is operational by comparing an image of the synthesized malware to an image of at least one of the plurality of malware candidates. A target classifier engine identifies the vulnerabilities of a targeted computer.Type: GrantFiled: June 28, 2022Date of Patent: June 25, 2024Assignee: UT-Battelle, LLCInventors: Jared M. Smith, Luke Koch
-
Patent number: 12014066Abstract: A system includes control logic to boot to a waking state, configure the system, and check for the presence of non-volatile DIMMs. Based on a determination that non-volatile DIMMs are not present, the control logic is to create one or more block devices to overcome CPU utilization limitations. Based on a determination that non-volatile DIMMs are present, the control logic is to use a non-volatile DIMM for storage.Type: GrantFiled: September 2, 2022Date of Patent: June 18, 2024Assignee: SOFTIRON LIMITEDInventors: Kenny Van Alstyne, Phillip Edward Straw
-
Patent number: 12013929Abstract: Examples of the present disclosure describe systems and methods for detecting and mitigating stack pivoting exploits. In aspects, various “checkpoints” may be identified in software code. At each checkpoint, the current stack pointer, stack base, and stack limit for each mode of execution may be obtained. The current stack pointer for each mode of execution may be evaluated to determine whether the stack pointer falls within a stack range between the stack base and the stack limit of the respective mode of execution. When the stack pointer is determined to be outside of the expected stack range, a stack pivot exploit is detected and one or more remedial actions may be automatically performed.Type: GrantFiled: January 24, 2023Date of Patent: June 18, 2024Assignee: OPEN TEXT INC.Inventor: Andrew Sandoval
-
Patent number: 12010076Abstract: Systems and method for providing an application chatbot that provides a conversational interface that receives natural language input from an application user, interprets the user's intent, and uses application-related context for generating and providing a contextually accurate response in a conversation with the user. In some examples, the application chatbot determines an action to perform corresponding to the response and provides an option to perform the action in the conversational user interface. A selection of the option causes the action to be performed.Type: GrantFiled: June 12, 2023Date of Patent: June 11, 2024Assignee: Microsoft Technology Licensing, LLCInventors: Felix Andrew, Ryan Gregory Cropp, Laurentiu T. Nedelcu
-
Patent number: 12001556Abstract: An anti-virus chip includes a first connection terminal, a second connection terminal, a detection unit and a processing unit. The first connection terminal and the second connection terminal are respectively coupled to a connection port and a system circuit of an electronic device. The detection unit detects whether the connection port is connected to an external device via the first connection terminal. When the detection unit detects that the connection port is connected to the external device, the processing unit performs a virus-scan program on the external device to determine whether a virus exists in the external device. When determining that a virus does not exist in the external device, the processing unit establishes a first transmission path between the first connection terminal and the second connection terminal. When determining that a virus exists in the external device, the processing unit does not establish the first transmission path.Type: GrantFiled: April 18, 2023Date of Patent: June 4, 2024Assignee: NUVOTON TECHNOLOGY CORPORATIONInventors: Ming-Che Hung, Chia-Ching Lu, Shih-Hsuan Yen, Chih-Wei Tsai
-
Patent number: 11997128Abstract: Collecting the topology and asset information of the virtual generated computer network, converting the topology and asset information into a training data set for training the neural network model, training the neural network model based on the training data set, and training A method and apparatus for predicting an attack vulnerability of a computer network through the step of inferring an attack vulnerability of a target computer network using a neural network model are provided.Type: GrantFiled: August 5, 2021Date of Patent: May 28, 2024Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTEInventors: Ki Jong Koo, Dae Sung Moon, Jooyoung Lee, Ik Kyun Kim, Kyungmin Park, Ho Hwang
-
Patent number: 11989297Abstract: Examples of the disclosure can provide an apparatus for detecting malware. The apparatus can comprise means for: selecting one or more tasks to be performed by a user device during charging of the user device; enabling a power trace to be obtained wherein the power trace provides an indication of the power consumed by the user device while the one or more tasks are being performed; and enabling the power trace to be analysed to provide an indication of the presence of malware.Type: GrantFiled: June 18, 2021Date of Patent: May 21, 2024Assignee: Nokia Technologies OyInventor: Christopher Wright
-
Patent number: 11983270Abstract: An amount of data change associated with a version of a content file with respect to one or more previous versions of the content file is determined. The amount of change associated with the version of the content file is determined using a tree data structure associated with the content file that is stored on a storage cluster. One or more statistics associated with backup snapshot are provided to a server. The server is configured to determine that the amount of data change associated with the version of the content file is anomalous based in part on the one or more statistics associated with the backup snapshot. A notification that data associated with the backup snapshot is potentially infected by malicious software is received from the server. The version of the content file is indicated as being potentially infected by malicious software.Type: GrantFiled: January 22, 2021Date of Patent: May 14, 2024Assignee: Cohesity, Inc.Inventors: Prashant Gaurav, Sidharth Mishra, Karandeep Singh Chawla, Anubhav Gupta, Sudhir Srinivas, Apurv Gupta, Nagapramod Mandagere
-
Patent number: 11979423Abstract: Aspects of the disclosure relate to real-time classification of content in a data transmission. A computing platform may detect, in real-time and via a computing device, a plurality of data transmissions between applications over a communications network. Then, the computing platform may retrieve, for a particular data transmission of the plurality of data transmissions, a content of the particular data transmission. The computing platform may then analyze, via the computing device, the content. Subsequently, the computing platform may determine, in real-time via the computing device and based on the analyzing, a security classification for the content. Then, the computing platform may cause, in real-time via the computing device, the content to be marked with the determined security classification.Type: GrantFiled: February 23, 2023Date of Patent: May 7, 2024Assignee: Bank of America CorporationInventors: George Albero, Gulsen Saffel
-
Patent number: 11968225Abstract: Methods and systems for generating an attack path based on user and system risk profiles are presented. The method comprises determining user information associated with a computing device; determining system exploitability information of the computing device; determining system criticality information of the computing device; determining a risk profile for the computing device based on the user information, the system exploitability information, and the system criticality information; and generating an attack path based on the risk profile. The attack path indicates a route through which an attacker accesses the computing device. The system exploitability information indicates one or more of: the vulnerability associated with the computing device, an exposure window associated with the computing device, and a protection window associated with the computing device.Type: GrantFiled: June 13, 2022Date of Patent: April 23, 2024Assignee: Qualys, Inc.Inventors: Mayuresh Vishwas Dani, Ankur S. Tyagi, Rishikesh Jayaram Bhide
-
Patent number: 11960605Abstract: A sample is analyzed to determine a set of events that should be selected for performing by a dynamic analyzer executing the sample in an instrumented, emulated environment. The set of selected events is performed. In some cases, at least one emulator detection resistance action is performed. A maliciousness verdict is determined for the sample based at least in part on one or more responses taken by the sample in response to the set of selected events being performed by the dynamic analyzer.Type: GrantFiled: November 21, 2022Date of Patent: April 16, 2024Assignee: Palo Alto Networks, Inc.Inventors: Cong Zheng, Wenjun Hu, Zhi Xu
-
Patent number: 11956338Abstract: A computing system may identify packets received by a network device from a host located in a first network and may generate log entries corresponding to the packets received by the network device. The computing system may identify packets transmitted by the network device to a host located in a second network and may generate log entries corresponding to the packets transmitted by the network device. Utilizing the log entries corresponding to the packets received by the network device and the log entries corresponding to the packets transmitted by the network device, the computing system may correlate the packets transmitted by the network device with the packets received by the network device.Type: GrantFiled: May 19, 2023Date of Patent: April 9, 2024Assignee: Centripetal Networks, LLCInventors: David K. Ahn, Peter P. Geremia, Pierre Mallett, III, Sean Moore, Robert T. Perry
-
Patent number: 11930019Abstract: In one embodiment, a malware analysis method includes receiving a file on a virtual machine (VM). The VM includes, a web debugging proxy, a system resource monitor, and a file analysis tool. The method also includes performing, with the file analysis tool, a static analysis on the file. The static analysis includes determining a set of file properties of the file, and storing the determined file properties in a repository. The method further includes performing, with the web debugging proxy and the system resource monitor, a dynamic analysis on the file, the dynamic analysis. The dynamic analysis includes running the file on the VM, determining, with the web debugging proxy, web traffic of the virtual machine, determining, with the system resource monitor, executed commands and modifications to system resources of the VM originating from the file, and storing the determined traffic and executed commands in the repository.Type: GrantFiled: April 21, 2021Date of Patent: March 12, 2024Assignee: Saudi Arabian Oil CompanyInventors: Reem Abdullah Algarawi, Majed Ali Hakami
-
Patent number: 11928206Abstract: Examples of the present disclosure describe systems and methods for selective export address table filtering. In aspects, the relative virtual address (RVA) of exported function names may be modified to point to a protected memory location. An exception handler may be registered to process exceptions relating to access violations of the protected memory location. If an exception is detected that indicates an attempt to access the protected memory location, the instruction pointer of the exception may be compared to an allowed range of memory addresses. If the instruction pointer address is outside the boundaries, remedial action may occur.Type: GrantFiled: April 20, 2023Date of Patent: March 12, 2024Assignee: Open Text Inc.Inventors: Eric Klonowski, Ira Strawser
-
Patent number: 11928631Abstract: A computer model is created for automatically evaluating the business value of computing objects such as files and databases on an endpoint. This can be used to assess the potential business impact of a security compromise to an endpoint, or a process executing on an endpoint, in order to prioritize potential threats within an enterprise for human review and intervention.Type: GrantFiled: March 1, 2021Date of Patent: March 12, 2024Assignee: Sophos LimitedInventors: Russell Humphries, Andrew J. Thomas
-
Patent number: 11922199Abstract: An in-guest agent in a virtual machine (VM) operates in conjunction with a replication module. The replication module performs continuous data protection (CDP) by saving images of the VM as checkpoints at a disaster recovery site over time. Concurrently, the in-guest agent monitors for behavior in the VM that may be indicative of the presence of malicious code. If the in-guest agent identifies behavior (at a particular point in time) at the VM that may be indicative of the presence of malicious code, the replication module can tag a checkpoint that corresponds to the same particular point in time as a security risk. One or more checkpoints generated prior to the particular time may be determined to be secure checkpoints that are usable for restoration of the VM.Type: GrantFiled: March 2, 2020Date of Patent: March 5, 2024Assignee: VMware, Inc.Inventors: Sunil Hasbe, Shirish Vijayvargiya
-
Patent number: 11916930Abstract: A system and method are disclosed for performing non-invasive scan of a target device. The system is configured for: i) loading an endpoint protection agent to a target device; ii) providing a remote direct memory access of the target device to the remote security server for reading a memory of the target device; iii) scanning, by a second memory scan engine of the remote security server, the memory of the target device upon the violation of the security policy; iv) identifying, by the second memory scan engine of the remote security server, a threat on the target device; and v) sending, by the remote security server, a security response action to the endpoint protection agent on the target device in accordance with the security policy.Type: GrantFiled: June 29, 2021Date of Patent: February 27, 2024Assignee: Acronis International GmbHInventors: Alexander Tormasov, Serguei Beloussov, Stanislav Protasov
-
Patent number: 11907658Abstract: Systems and methods for user-agent anomaly detection are disclosed. In one embodiment, a user-agent string may be embedded into a numerical data vector representation using a sentence embedding algorithm (e.g., FastText). A predictive score may be calculated based on the numerical data vector representation and using a probability distribution function model that models a likelihood of occurrence of the observed user-agent based on patterns learned from historic payload data (e.g., a Gaussian Mixture Model). The predictive score may be compared to a threshold and, based on the comparison, it may be determined whether the user-agent is fraudulent.Type: GrantFiled: May 5, 2021Date of Patent: February 20, 2024Assignee: PayPal, Inc.Inventors: Zhe Chen, Hewen Wang, Yuzhen Zhuo, Solomon kok how Teo, Shanshan Peng, Quan Jin Ferdinand Tang, Serafin Trujillo, Kenneth Bradley Snyder, Mandar Ganaba Gaonkar, Omkumar Mahalingam
-
Patent number: 11909761Abstract: Systems and methods for mitigating the impact of malware by reversing malware related modifications in a computing device are provided. According to an embodiment, a sandbox service running within a network security platform protecting an enterprise network receives a file containing malware and associated contextual information from an endpoint security solution running on an endpoint device, which has been infected by the malware. The sandbox service captures information regarding a first series of actions performed by the malware and based on the first series of actions generates a remediation script specifying a second series of actions that are configured to restore the endpoint device to a pre-infected state. The network security platform causes the endpoint device to be returned to the pre-infected state by causing the endpoint security solution to execute the remediation script on the endpoint device.Type: GrantFiled: February 2, 2022Date of Patent: February 20, 2024Assignee: Fortinet, Inc.Inventors: Udi Yavo, Roy Katmor, Ido Kelson
-
Patent number: 11895131Abstract: Methods, computer-readable media, software, and apparatuses may assist a consumer in keeping track of a consumer's accounts in order to prevent unauthorized access or use of the consumer's identified subscriptions and financial accounts. The identified subscriptions and financial accounts may be displayed to the consumer along with recommendations and assistance for closing unused or unwanted financial accounts and subscriptions to prevent unauthorized access or use.Type: GrantFiled: November 1, 2022Date of Patent: February 6, 2024Assignee: Allstate Insurance CompanyInventors: Jason D. Park, John S. Parkinson
-
Patent number: 11886583Abstract: Disclosed is a description-entropy-based intelligent detection method for a big data mobile software similarity. The method comprises the following steps: acquiring a path of mobile software, and reading a file of the mobile software according to the path; performing preliminary reverse engineering decompilation on the file of the mobile software to obtain function characteristics of each piece of mobile software; counting distribution of description entropy of each piece of mobile software by means of description entropy in the function characteristics; further integrating description entropy of each piece of mobile software, after integration, comparing description entropy distribution conditions among the mobile software, and carrying out similarity score calculation to obtain similarity scores among the mobile software; and outputting the similarity scores of all mobile software to obtain a mobile software similarity result.Type: GrantFiled: April 22, 2020Date of Patent: January 30, 2024Inventors: Quanlong Guan, Weiqi Luo, Chuying Liu, Huanming Zhang, Lin Cui, Zhefu Li, Rongjun Li
-
Patent number: 11882145Abstract: A method, apparatus, and computer program are disclosed. The method may be performed by one or more processors and may comprise receiving first data representing an infrastructure of a computer network, the first data comprising an indication of hosts which form at least part of the computer network and one or more software resources on respective hosts. The method may also comprise receiving second data from a vulnerability scanning software, the second data comprising an indication of one or more vulnerabilities detected in the one or more software resources provided on at least some of the hosts of the computer network. Using a combination of the first data and the second data, output data may be generated representing a risk profile of the computer network infrastructure, the output data indicating one or more subsets of hosts, determined as being at risk of being affected by the detected vulnerabilities by virtue of the software resources they provide for output on a user interface.Type: GrantFiled: June 21, 2022Date of Patent: January 23, 2024Assignee: Palantir Technologies Inc.Inventors: Elliot Colquhoun, Abhishek Agarwal, Andrew Eggleton, Brandon Helms, Carl Ambroselli, Cem Zorlular, Daniel Kelly, Gautam Punukollu, Jeffrey Tsui, Morten Kromann, Nikhil Seetharaman, Raj Krishnan, Samuel Jones, Tareq Alkhatib, Dayang Shi
-
Patent number: 11876789Abstract: A gateway device between a first and second communication network outside the gateway device handles communication between a first device in the first network and a second device in the second network. When the gateway receives a communication request from the first device, directed to the second device, for performing a first cryptographic data communication protocol, the gateway determines whether the first cryptographic data communication protocol is registered as unsafe in the gateway device, and/or registered as safe, in particular whether it is safe against key reconstruction by a quantum computer. When the first cryptographic data communication protocol is not registered as unsafe in the gateway device, and/or registered as safe, the gateway device forwards messages exchanged as part of execution of the first cryptographic data communication protocol between the first and second device.Type: GrantFiled: May 25, 2020Date of Patent: January 16, 2024Assignee: Nederlandse Organisatie voor toegepast-natuurwetenschappelijk onderzoek TNOInventors: Nicolaas Leonardus Maria Van Adrichem, Maran Paula Petronella Van Heesch, Piotr Wojciech Zuraniewski, Jeffrey Jermain Panneman
-
Patent number: 11874921Abstract: The present disclosure relates to a system and method for performing anti-malware scanning of data files that is data-centric rather than device-centric. In the example, a plurality of computing devices are connected via a network. An originating device creates or first receives data, and scans the data for malware. After scanning the data, the originating device creates and attaches to the data a metadata record including the results of the malware scan. The originating device may also scan the data for malware contextually-relevant to a second device.Type: GrantFiled: May 11, 2022Date of Patent: January 16, 2024Assignee: McAfee, LLCInventors: Dattatraya Kulkarni, Srikanth Nalluri, Kamlesh Halder, Venkatasubrahmanyam Krishnapur, Sailaja K. Shankar, Kaushal Kumar Dhruw
-
Patent number: 11869035Abstract: An advertisement distribution system, method, and computer readable medium (collectively, the “System”) is provided. The System may request posts containing a subject tag from social media operators. The posts may be made by merchants having a relationship with the System. The System may filter the posts based on filters, geographic data, and member preferences. The System may distribute the posts to members having a relationship with the System.Type: GrantFiled: January 17, 2020Date of Patent: January 9, 2024Assignee: AMERICAN EXPRESS TRAVEL RELATED SERVICES COMPANY, INC.Inventors: Jonathan J. Carroll, Hans-Jurgen Greiner, Padmaja Kodavanti, Gopinath Kondapally, Kevin H. Ringger, James Jerome Smart-Foster, Arun Swamy
-
Patent number: 11868471Abstract: A method of particle-based threat scanning may include obtaining a sample from a sample source, generating a plurality of particles from the sample, wherein each particle from the plurality of particles is an array of unique bytes generated based on one or more particle properties, and determining whether the sample is associated with a known threat by comparing the plurality of particles to particle threat signatures in a threat database.Type: GrantFiled: January 27, 2021Date of Patent: January 9, 2024Assignee: Amazon Technologies, Inc.Inventor: Mircea Ciubotariu
-
Patent number: 11863568Abstract: In one embodiment, a method comprises training at least one model based at least in part on interactions between one or more users and electronic messages sent to addresses associated with the one or more users, receiving a first electronic message sent to a first address associated with a first user, analyzing the first electronic message to generate first feature data, determining one or more characteristics of the first user to generate second feature data, inputting, to the at least one model, the first feature data and the second feature data, and receiving, as output of the at least one model, data indicating whether to output, to the first user, a warning regarding the first electronic message.Type: GrantFiled: March 22, 2021Date of Patent: January 2, 2024Assignees: Cisco Technology, Inc., University of Florida Research Foundation, Inc.Inventors: Nikolaos Sapountzis, Fabio R. Maino, Madhuri Kolli, Daniela Alvim Seabra De Oliveira
-
Patent number: 11861006Abstract: A reference file set having high-confidence malware severity classification is generated by selecting a subset of files from a group of files first observed during a recent observation period and including them in the subset. A plurality of other antivirus providers are polled for their third-party classification of the files in the subset and for their third-party classification of a plurality of files from the group of files not in the subset. A malware severity classification is determined for the files in the subset by aggregating the polled classifications from the other antivirus providers for the files in the subset after a stabilization period of time, and one or more files having a third-party classification from at least one of the polled other antivirus providers that changed during the stabilization period to the subset are added to the subset.Type: GrantFiled: January 18, 2021Date of Patent: January 2, 2024Assignee: Avast Software s.r.o.Inventors: Martin Bálek, Fabrizio Biondi, Dmitry Kuznetsov, Olga Petrova
-
Patent number: 11847218Abstract: A virus scanning router may manages a local network, including routing network traffic between devices on the network and routing network traffic being sent to and from such devices via an external communication system. The virus scanning router remotely scans for viruses the files stored on one or more such devices on the network. The virus scanning router may be a device trusted by the other devices on local network to facilitate the virus scanning router reading and scanning one or more files stored on such devices for viruses. The virus scanning router also takes corrective actions such as isolating the infected device or isolating an affected network zone to which the remote device belongs.Type: GrantFiled: February 22, 2021Date of Patent: December 19, 2023Assignee: DISH TECHNOLOGIES L.L.C.Inventor: William Michael Beals
-
Patent number: 11841947Abstract: Apparatus and methods describe herein, for example, a process that can include receiving a potentially malicious file, and dividing the potentially malicious file into a set of byte windows. The process can include calculating at least one attribute associated with each byte window from the set of byte windows for the potentially malicious file. In such an instance, the at least one attribute is not dependent on an order of bytes in the potentially malicious file. The process can further include identifying a probability that the potentially malicious file is malicious, based at least in part on the at least one attribute and a trained threat model.Type: GrantFiled: December 8, 2020Date of Patent: December 12, 2023Assignee: Invincea, Inc.Inventors: Joshua Daniel Saxe, Konstantin Berlin
-
Patent number: 11829469Abstract: This disclosure relates to systems and methods generating and distributing protected software applications. In certain embodiments, integrity checking mechanisms may be implemented using integrity checking code in software code prior to compilation into machine code. Following compilation and execution of the application, the introduced code may check the integrity of the application by determining whether the application behaves and/or otherwise functions as expected. By introducing integrity checking in this manner, integrity checking techniques may be injected into the application prior to compilation into machine code and/or independent of the particular manner in which the application is compiled.Type: GrantFiled: December 9, 2022Date of Patent: November 28, 2023Assignee: Intertrust Technologies CorporationInventor: Marko Caklovic
-
Patent number: 11822658Abstract: A sample is analyzed to determine a set of events that should be selected for performing by a dynamic analyzer executing the sample in an instrumented, emulated environment. The set of selected events is performed. In some cases, at least one emulator detection resistance action is performed. A maliciousness verdict is determined for the sample based at least in part on one or more responses taken by the sample in response to the set of selected events being performed by the dynamic analyzer.Type: GrantFiled: November 21, 2022Date of Patent: November 21, 2023Assignee: Palo Alto Networks, Inc.Inventors: Cong Zheng, Wenjun Hu, Zhi Xu
-
Patent number: 11822654Abstract: Embodiments described herein enable the detection, analysis and signature determination of obfuscated malicious code. Such malicious code comprises a deobfuscation portion that deobfuscates the obfuscated portion during runtime to generate deobfuscated malicious code. The techniques described herein deterministically detect and suspend the deobfuscated malicious code when it attempts to access memory resources that have been morphed in accordance with embodiments described herein. This advantageously enables the deobfuscated malicious code to be suspended at its initial phase. By doing so, the malicious code is not given the opportunity to delete its traces in memory regions it accesses, thereby enabling the automated exploration of such memory regions to locate and extract runtime memory characteristics associated with the malicious code.Type: GrantFiled: April 20, 2018Date of Patent: November 21, 2023Assignee: Morphisec Information Security 2014 Ltd.Inventors: Evgeny Goldstein, Michael Gorelik, Mordechai Guri, Ronen Yehoshua
-
Patent number: 11822435Abstract: Embodiments of the present invention provide a system for identifying occurrence of events and performing one or more actions to mitigate the impacts of the events. The system is configured for gathering data from one or more data sources of an entity, generating dataflows using the data gathered from the one or more data sources, identifying an anomaly based on one or more indicators and the dataflows, determining occurrence of an event and generating one or more propagation models associated with the event, performing event impact analysis based on the one or more propagation models, perform one or more actions to contain the event based on the one or more propagation models, identifying a last good copy of data based on the data gathered from the one or more data sources, retrieving the last good copy of data, and restoring the last good copy of data.Type: GrantFiled: July 6, 2021Date of Patent: November 21, 2023Assignee: BANK OF AMERICA CORPORATIONInventors: Christopher Emmanuel Huntley, Musa Ajakaiye, Prasad V. Annadata, Dnyanesh P. Ballikar, Sina Bauer, Jason Kenneth Bellew, Timothy John Bendel, David Alan Beumer, Michelle Andrea Boston, Lisa Julia Brown, Robin J. Buck, Brian C. Busch, Salvatore Michael Certo, Ramesh Naidu Chatta, Lisa Michelle Cook, Joseph Corbett, Joseph Seth Cushing, Steven Paul Davidson, Shailesh Deshpande, Sevara Ergasheva, Maria Ervin, James Wilson Foy, Jr., Noel Mary Fuller, Benjamin Judson Gaines, III, Candace Gordon, Jesse Antonio Hernandez, Christine Hoagland, Robert Charles Hoard, Michael Spiro Karafotis, Wesley Keville, Sandip Kumar, Terri Dorinda Lail, Mukesh Maraj, Wyatt Edward Maxey, Dari Ann Mckenzie, Ashley Meadows, Heather Newell, Conor Mitchell Liam Nodzak, Kenyell Javon Ollie, Jayshree G. Patel, David John Perro, Nivetha Raghavan, Nikhil Ram, Tara Michel Ramirez, Laurie Readhead, Mary Kathleen Riley, Elizabeth Rachel Rock, Angela Dawn Roose, Sanjay Singeetham, Kyle S. Sorensen, Shreyas Srinivas, Constance Jones Suarez, Viresh Taskar, Linda Trent, Sachin Varule, Bradley Walton, Christie M. Weekley, Yvette Alston, Ravindra Bandaru, Carmen R. Barnhill, Jamie Gilchrist, Namrata Kaushik, Fernando A. Maisonett
-
Patent number: 11816215Abstract: Systems and methods for archive scanning are provided herein. In some embodiments, a method includes: selecting an archive; reading a metadata representing a plurality of files within the archive; reading a plurality of hash strings from the archive; comparing the plurality of hash strings with a database of hash strings; and determining, based on the comparing, if the plurality of files within the archive represent a security threat based on the plurality of hash strings.Type: GrantFiled: February 16, 2022Date of Patent: November 14, 2023Assignee: UAB 360 ITInventors: Mohamed Adly Amer Elgaafary, Aleksandr Sevcenko
-
Patent number: 11811821Abstract: Example techniques described herein determine a validation dataset, determine a computational model using the validation dataset, or determine a signature or classification of a data stream such as a file. The classification can indicate whether the data stream is associated with malware. A processing unit can determine signatures of individual training data streams. The processing unit can determine, based at least in part on the signatures and a predetermined difference criterion, a training set and a validation set of the training data streams. The processing unit can determine a computational model based at least in part on the training set. The processing unit can then operate the computational model based at least in part on a trial data stream to provide a trial model output. Some examples include determining the validation set based at least in part on the training set and the predetermined criterion for difference between data streams.Type: GrantFiled: November 2, 2020Date of Patent: November 7, 2023Assignee: CrowdStrike, Inc.Inventors: Sven Krasser, David Elkind, Brett Meyer, Patrick Crenshaw
-
Patent number: 11799878Abstract: The disclosed embodiments include a software-defined security (SDS) service that can monitor runtime behavior of a network of nodes of a wireless network and detect anomalous activity indicating contamination of the network of nodes, where the contamination includes unauthorized instructions designed to damage or interrupt a function of the network of nodes. The SDS service can dynamically coordinate a blacklist and a whitelist, where the blacklist includes an indication of contaminated assets and the whitelist includes an indication of non-contaminated assets. The contaminated assets are isolated with a cleanroom environment, where the security resources sanitize the contaminated assets. Then, indications of the decontaminated assets are moved from the blacklist to the whitelist, and the use of the security resources are dynamically adjusted according to a load ratio between the whitelist and the blacklist.Type: GrantFiled: April 15, 2020Date of Patent: October 24, 2023Assignee: T-Mobile USA, Inc.Inventors: Venson Shaw, Sunil Lingayat, Gaviphat Lekutai
-
Patent number: 11790416Abstract: Systems and methods for in-store purchases are provided. An exemplary method may include receiving by a customer device associated with a customer, customer data including customer preference data. The method may include storing the received customer data and identifying a merchant at a location of the customer. The method may also include determining a customer order for the identified merchant based on the customer preference data. Further, the method may include transmitting a notification to a merchant device associated with the identified merchant, the notification including the determined customer order.Type: GrantFiled: April 28, 2021Date of Patent: October 17, 2023Assignee: Capital One Services, LLCInventors: Adam Koeppel, Robert Perry
-
Patent number: 11790083Abstract: Techniques are provided for detecting a malicious script in a web page. Instrumentation code is provided for serving to a client computing device with a web page. The instrumentation code is configured to monitor web code execution at the client computing device when a script referenced by the web page is processed. Script activity data generated by the instrumentation code is received. The script activity data describes one or more script actions detected by the instrumentation code at the client computing device. Prior script activity data generated by a prior instance of the instrumentation code is obtained. A malicious change in the script is detected based on comparing the script activity data and the prior script activity data. In response to detecting the malicious change in the script, a threat response action is performed.Type: GrantFiled: June 26, 2020Date of Patent: October 17, 2023Assignee: SHAPE SECURITY, INC.Inventors: Tim Disney, Madhukar Kedlaya, Claire Schlenker Schlenker, Nitish Khadke
-
Patent number: 11785044Abstract: System and method of detecting malicious interactions in a computer network, the method including generating, by a processor, at least one decoy segment, broadcasting, by the processor, the generated at least one decoy segment in a public database, monitoring, by the processor, communication within the computer network to identify interactions associated with the generated at least one decoy segment, determining, by the processor, at least one indicator of compromise (IOC) for the identified interactions, and blocking communication between the computer network and any computer associated with the determined at least one IOC.Type: GrantFiled: February 3, 2023Date of Patent: October 10, 2023Assignee: IntSights Cyber Intelligence Ltd.Inventors: Gal Ben David, Amir Hozez
-
Patent number: 11775640Abstract: Systems and methods are described for detecting and preventing execution of malware on an on-demand code execution system. An on-demand code execution system may execute user-submitted code on virtual machine instances, which may be provisioned with various computing resources (memory, storage, processors, network bandwidth, etc.). These resources may be utilized in varying amounts or at varying rates during execution of the user-submitted code. The user-submitted code may also be unavailable for inspection for security or other reasons. A malware detection system may thus identify user-submitted code that corresponds to malware by monitoring resource utilization during execution of the code and generating a resource utilization signature, which enables comparison between the signature of the user-submitted code and resource utilization signatures of codes previously identified as malware.Type: GrantFiled: March 30, 2020Date of Patent: October 3, 2023Assignee: Amazon Technologies, Inc.Inventors: Mihir Sathe, Niall Mullen
-
Patent number: RE49684Abstract: In one embodiment, a traffic analysis service receives captured traffic data regarding a Transport Layer Security (TLS) connection between a client and a server. The traffic analysis service applies a first machine learning-based classifier to TLS records from the traffic data, to identify a set of the TLS records that include Hypertext Transfer Protocol (HTTP) header information. The traffic analysis service estimates one or more HTTP transaction labels for the connection by applying a second machine learning-based classifier to the identified set of TLS records that include HTTP header information. The traffic analysis service augments the captured traffic data with the one or more HTTP transaction labels. The traffic analysis service causes performance of a network security function based on the augmented traffic data.Type: GrantFiled: August 31, 2021Date of Patent: October 3, 2023Assignee: Cisco Technology, Inc.Inventors: Blake Harrell Anderson, David McGrew
-
Patent number: RE50024Abstract: Computer systems and methods in various embodiments are configured for improving the security and efficiency of client computers interacting with server computers through supervising instructions defined in a web page and/or web browser. In an embodiment, a computer system comprising one or more processors, coupled to a remote client computer, and configured to send, to the remote client computer, one or more instructions, which when executed by the remote client computer, cause a run-time environment on the remote client computer to: intercept, within the run-time environment, a first call to execute a particular function defined in the run-time environment by a first caller function in the run-time environment; determine a first caller identifier, which corresponds to the first caller function identified in a run-time stack maintained by the run-time environment; determine whether the first caller function is authorized to call the particular function based on the first caller identifier.Type: GrantFiled: December 21, 2018Date of Patent: June 25, 2024Assignee: SHAPE SECURITY, INC.Inventors: Yao Zhao, Xinran Wang
