Virus Detection Patents (Class 726/24)
  • Patent number: 11531751
    Abstract: This disclosure relates to systems and methods generating and distributing protected software applications. In certain embodiments, integrity checking mechanisms may be implemented using integrity checking code in software code prior to compilation into machine code. Following compilation and execution of the application, the introduced code may check the integrity of the application by determining whether the application behaves and/or otherwise functions as expected. By introducing integrity checking in this manner, integrity checking techniques may be injected into the application prior to compilation into machine code and/or independent of the particular manner in which the application is compiled.
    Type: Grant
    Filed: December 4, 2020
    Date of Patent: December 20, 2022
    Assignee: Intertrust Technologies Corporation
    Inventor: Marko Caklovic
  • Patent number: 11531786
    Abstract: A method may include detecting a keylogger based at least in part on an increase in power drawn by an input device, detecting the keylogger based at least in part on a driver of the input device, detecting the keylogger based at least in part on a duration of time that a signal generated by the input device takes to transmit to a computing device, or any combination thereof. The method may also include, in response to detecting the keylogger, generating an alert to indicate a presence of the keylogger.
    Type: Grant
    Filed: December 2, 2020
    Date of Patent: December 20, 2022
    Assignee: United Services Automobile Association (USAA)
    Inventors: Ashley Raine Philbrick, Ryan Thomas Russell, David Joaquin Harris
  • Patent number: 11528324
    Abstract: Due to slow download speeds from a cloud server to an end-user and the high costs associated therewith, described is a private environment that manages and utilizes resources provided by a public cloud and the storage horsepower of a private server. Certain embodiments envision syncing data objects across at least one cloud data bucket located in a public cloud and at least one server data bucket located in at least one private server. Certain aspects explore using a software platform that manages syncing data from a cloud data bucket to a server data bucket by way of asynchronous notifications from the cloud data bucket to the software platform. However, syncing data in the opposite direction from the server data bucket to the cloud data bucket is by way of direct syncing and not through asynchronous notifications. Conflict resolution is also described when two different data object versions are uploaded to two different data buckets before the data objects can be synced across the data buckets.
    Type: Grant
    Filed: February 9, 2021
    Date of Patent: December 13, 2022
    Assignee: Spectra Logic Corporation
    Inventors: Joseph T Frank, David Lee Trachy
  • Patent number: 11522696
    Abstract: An Intrusion Defense System for protecting the computer systems of a vehicle includes a vehicle having a computer with a direct wired or Radio frequency or other contact-less remote connection diagnosis connection port interface. A hardware device for protecting the computer from hazardous software code intrusions into the computer system. is used to protect the computer from unwanted hacks or intrusions into the system. The hardware device includes at least one or more of: a Diagnostic Port Gateway; a CAN Conditioner; and a CAN Data Security Diode and combinations of these.
    Type: Grant
    Filed: March 15, 2021
    Date of Patent: December 6, 2022
    Assignee: Dearborn Group, Inc.
    Inventors: Prakash K. Kulkarni, Mark P. Zachos
  • Patent number: 11520887
    Abstract: Client devices detect malware based on a ruleset received from a security server. To evaluate a current ruleset, an administrative client device initiates a ruleset evaluation of the malware detection ruleset. A security server partitions stored malware samples into a group of evaluation lists based on an evaluation policy. The security server then creates scanning nodes on an evaluation server according to the evaluation policy. The scanning nodes scan the malware samples of the evaluation lists using the rulesets and associate each malware sample with a rule of the ruleset based on the detections, if any. The security server analyzes the associations and optimizes the ruleset and stored malware samples. The security server sends the optimized ruleset to client devices such that they more efficiently detect malware samples.
    Type: Grant
    Filed: October 14, 2020
    Date of Patent: December 6, 2022
    Assignee: Malwarebytes Inc.
    Inventors: Sunil Mathew Thomas, Michael Graham Malone
  • Patent number: 11522902
    Abstract: A level-of-confidence calculation apparatus includes a first collecting unit that collects relevant information related to first threat intelligence that is input; a second collecting unit that collects, from a memory unit storing threat intelligence to which a level of confidence is appended, second threat intelligence related to the relevant information; a generation unit that generates a graph in which the first threat intelligence, the relevant information, and the second threat intelligence are set as nodes and the nodes relating to related information are connected; and a calculating unit that calculates, by applying a belief propagation method to the graph, a level of confidence of the first threat intelligence based on a level of confidence of the second threat intelligence, and therefore a level of confidence of threat intelligence with uncertain level of confidence can be calculated.
    Type: Grant
    Filed: May 13, 2019
    Date of Patent: December 6, 2022
    Assignee: Nippon Telegraph and Telephone Corporation
    Inventor: Yuta Kazato
  • Patent number: 11520886
    Abstract: Methods, apparatuses and computer program products implement embodiments of the present invention that include protecting a computer system coupled to a storage device by storing, to the storage device, a set of protected files and one or more decoy files, wherein any modification to the decoy file indicates a cyber-attack on the computer system. Upon receiving a request from a process executing on the computing device to enumerate files stored on the storage device, the process is analyzed so as to classify the process as benign or suspicious. The protected files are enumerated to the process whether the process was classified as benign or suspicious. However, the one or more decoy files are enumerated to the process only upon process being classified as suspicious.
    Type: Grant
    Filed: July 26, 2020
    Date of Patent: December 6, 2022
    Assignee: PALO ALTO NETWORKS (ISRAEL ANALYTICS) LTD.
    Inventors: Erez Levy, Or Chechik, Liav Zigelbaum, Eldar Aharoni
  • Patent number: 11514162
    Abstract: Systems and methods for malware filtering are provided herein. In some embodiments, a system having one or more processors is configured to: retrieve a file downloaded to a user device; break the downloaded file into a plurality of chunks; scan the plurality of chunks to identify potentially malicious chunks; predict whether the downloaded file is malicious based on the scan of the plurality of chunks; and determine whether the downloaded file is malicious based on the prediction.
    Type: Grant
    Filed: January 13, 2022
    Date of Patent: November 29, 2022
    Assignee: UAB 360 IT
    Inventors: Aleksandr Sevcenko, Mantas Briliauskas
  • Patent number: 11514160
    Abstract: Disclosed herein are systems and methods for determining a coefficient of harmfulness of a file using a trained learning model. In one aspect, an exemplary method includes forming a first vector containing a plurality of attributes of a known malicious file. A learning model is trained using the first vector to identify a plurality of significant attributes that influence identification of the malicious file. A second vector is formed containing a plurality of attributes of known safe files. The learning model is trained using the second vector to identify attributes insignificant to the identification of the malicious file. An unknown file is analyzed by the learning model. The learning model outputs a numerical value identifying a coefficient of harmfulness relating to a probability that the unknown file will prove to be harmful.
    Type: Grant
    Filed: January 26, 2021
    Date of Patent: November 29, 2022
    Assignee: AO Kaspersky Lab
    Inventors: Sergey V. Prokudin, Alexey M. Romanenko
  • Patent number: 11507656
    Abstract: A system and method of detecting and remediating attacks includes receiving operating system (OS) read/write data from an OS, the OS read/write data describing at least one of reads from and writes to a storage device over a file system interface of the OS; collecting storage device read/write data, the storage device read/write data describing at least one of reads from and writes to the storage device; comparing the OS read/write data to the storage device read/write data; and determining if there is a discrepancy between the OS read/write data and the storage device read/write data. If there is a discrepancy, determining if there is an anomaly detected between OS read/write data and the storage device read/write data. If there is an anomaly, causing a remediation action to be taken to stop a malware attack.
    Type: Grant
    Filed: December 23, 2020
    Date of Patent: November 22, 2022
    Assignee: INTEL CORPORATION
    Inventors: Omer Ben-Shalom, Alex Nayshtut, Behnam Eliyahu, Denis Klimov
  • Patent number: 11501120
    Abstract: An artifact is received and features are extracted therefrom to form a feature vector. Thereafter, a determination is made to alter a malware processing workflow based on a distance of one or more features in the feature vector relative to one or more indicator centroids. Each indicator centroid specifying a threshold distance to trigger an action. Based on such a determination, the malware processing workflow is altered.
    Type: Grant
    Filed: February 20, 2020
    Date of Patent: November 15, 2022
    Assignee: Cylance Inc.
    Inventors: Eric Glen Petersen, Michael Alan Hohimer, Jian Luan, Matthew Wolff, Brian Michael Wallace
  • Patent number: 11503046
    Abstract: A evaluation method by a computer, the method includes: making, based on domain information included in input cyber attack information, an inquiry about whether an address associated with the domain information exists to multiple first servers that manage associations between the domain information and addresses; make an inquiry about an answer history related to the domain information to a second server that monitors communication of the first servers and manages answer histories, related to the associations between the domain information and the addresses, of the first servers; and outputting a result of diagnosing a threat detail of a cyber attack related to the domain information based on a ratio of the number of answers indicating that an address associated with the domain information does not exist with respect to the number of answers acquired from each of the first servers, and the answer histories acquired from the second server.
    Type: Grant
    Filed: January 22, 2020
    Date of Patent: November 15, 2022
    Assignee: FUJITSU LIMITED
    Inventor: Tsuyoshi Taniguchi
  • Patent number: 11494492
    Abstract: A program analysis method according to an exemplary aspect of the present disclosure includes: generating an analysis-target abstract code that is data representing a mathematical model into which an inspection-target execution code is transformed; and determining whether or not the inspection-target execution code is a fraudulent program by executing at least processing of determining whether or not the analysis-target abstract code includes a known factor code that is data representing a mathematical model into which a known execution code is transformed, and processing of determining whether or not a state at an end of execution of the inspection-target execution code is included in success state information indicating a state in which an attack by a fraudulent program is successful.
    Type: Grant
    Filed: August 27, 2020
    Date of Patent: November 8, 2022
    Assignee: NEC CORPORATION
    Inventor: Masaru Kawakita
  • Patent number: 11494216
    Abstract: A method for capturing VM resources for forensics includes receiving an indication of compromise (IoC). The indication of compromise indicates an attack is imminent against a virtual machine. The method also includes, in response to receiving the IoC and before the attack begins, snapshotting a memory state of memory used by the virtual machine and increasing a level of auditing of the virtual machine from a standard level of auditing to a heightened level of auditing. The heightened level of auditing generates data representative of all accesses to the memory used by the virtual machine. After the attack against the virtual machine has begun, the method includes maintaining the heightened level of auditing for a threshold period of time, notifying a user of the virtual machine of the indication of compromise, and storing the data in memory external to the virtual machine.
    Type: Grant
    Filed: August 16, 2019
    Date of Patent: November 8, 2022
    Assignee: Google LLC
    Inventors: Michael Halcrow, Thomas Garnier
  • Patent number: 11496508
    Abstract: A network security system centrally manages security packages and deploy them to a network host that is identified as potentially compromised. A security package is selected or assembled to be targeted to the identified host. Security packages are designed to isolate identified hosts from other network resources and collect forensic information from the hosts without interfering with operations of the hosts. Once forensic information is collected, software packages can be dissolved from hosts. Collected forensic information can be used to analyze and mitigate threats on hosts.
    Type: Grant
    Filed: July 27, 2020
    Date of Patent: November 8, 2022
    Assignee: Target Brands, Inc.
    Inventors: Chris Carlson, Adam Lesperance
  • Patent number: 11487811
    Abstract: A mechanism is described for facilitating recognition, reidentification, and security in machine learning at autonomous machines. A method of embodiments, as described herein, includes facilitating a camera to detect one or more objects within a physical vicinity, the one or more objects including a person, and the physical vicinity including a house, where detecting includes capturing one or more images of one or more portions of a body of the person. The method may further include extracting body features based on the one or more portions of the body, comparing the extracted body features with feature vectors stored at a database, and building a classification model based on the extracted body features over a period of time to facilitate recognition or reidentification of the person independent of facial recognition of the person.
    Type: Grant
    Filed: November 26, 2019
    Date of Patent: November 1, 2022
    Assignee: Intel Corporation
    Inventors: Barnan Das, Mayuresh M. Varerkar, Narayan Biswal, Stanley J. Baran, Gokcen Cilingir, Nilesh V. Shah, Archie Sharma, Sherine Abdelhak, Praneetha Kotha, Neelay Pandit, John C. Weast, Mike B. MacPherson, Dukhwan Kim, Linda L. Hurd, Abhishek R. Appu, Altug Koker, Joydeep Ray
  • Patent number: 11487875
    Abstract: A computer program product, a computer-implemented method, and a computer system include a processor(s) that obtains side channel emanations from a device. The processor(s) analyzes the side channel emanations to identify distinct emanation patterns and timing characteristics, wherein the timing characteristics are associated with transitions between the distinct emanation patterns. The processor(s) generates a non-deterministic finite automaton (NFA) by correlating the distinct emanation patterns with states of the device, where the NFA captures states and state transitions of the device. The processor(s) identifies an anomaly in the device, based on deviation in emanations from the device.
    Type: Grant
    Filed: November 23, 2020
    Date of Patent: November 1, 2022
    Assignee: Peraton Labs Inc.
    Inventors: Scott Alexander, Josephine Micallef, Joshua Morman, Euthimios Panagos, Marc Pucci, Simon Tsang
  • Patent number: 11487876
    Abstract: A locality-sensitive hash value is calculated for a suspect file in an endpoint computer. A similarity score is calculated for the suspect hash value by comparing it to similarly-calculated hash values in a cluster of known benign files. A suspiciousness score is calculated for the suspect hash value based upon similar matches in a cluster of benign files and a cluster of known malicious files. These similarity score and the suspiciousness score or combined in order to determine if the suspect file is malicious or not. Feature extraction and a set of features for the suspect file may be used instead of the hash value; the classes would contain sets of features rather than hash values. The clusters may reside in a cloud service database. The suspiciousness score is a modified Tarantula technique. Matching of locality-sensitive hashes may be performed by traversing tree structures of hash values.
    Type: Grant
    Filed: April 6, 2020
    Date of Patent: November 1, 2022
    Assignee: Trend Micro Inc.
    Inventor: Jayson Pryde
  • Patent number: 11481487
    Abstract: The technology provides for a threat detection system. In this regard, the system may be configured to output file states of a multi-layer file system. For instance, the system may determine, based on the file states for a file, one or more layers of the multi-layer file system in which one or more objects corresponding to the file can be found. Based on the one or more objects corresponding to the file, the system may detect a potential threat. The system may then take an action in response to the potential threat.
    Type: Grant
    Filed: July 8, 2019
    Date of Patent: October 25, 2022
    Assignee: Google LLC
    Inventors: Michael Halcrow, Thomas Garnier
  • Patent number: 11481492
    Abstract: Disclosed are a method and system for static behavior-predictive malware detection. The method and system use a transfer learning model from behavior prediction to malware detection based on static features. In accordance with an embodiment, machine learning is used to capture the relations between static features, behavior features, and other context information. For example, the machine learning may be implemented with a deep learning network model with multiple embedded layers pre-trained with metadata gathered from various resources, including sandbox logs, simulator logs and context information. Synthesized behavior-related static features are generated by projecting the original static features to the behavior features. A final static model may then be trained using the combination of the original static features and the synthesized features as the training data. The detection stage may be performed in real time with static analysis because only static features are needed.
    Type: Grant
    Filed: July 25, 2017
    Date of Patent: October 25, 2022
    Assignee: TREND MICRO INCORPORATED
    Inventors: Wen-Kwang Tsao, Chia-Yen Chang, PingHuan Wu
  • Patent number: 11475169
    Abstract: Examples described herein relate to a security system consistent with the disclosure. For instance, the security system may comprise a sensor interface bridge connecting a gateway to an input/output (I/O) card, a Field Programmable Gate Array (FPGA) to scan data to detect an anomaly in the data while the data is in the sensor interface bridge, where a learning neural network accelerator Application-Specific Integrated Circuit (ASIC) is integrated with the FPGA and send the data without an anomaly to the gateway.
    Type: Grant
    Filed: March 4, 2019
    Date of Patent: October 18, 2022
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Martin Foltin, Aalap Tripathy, Harvey Edward White, Jr., John Paul Strachan
  • Patent number: 11461467
    Abstract: Techniques are provided for detecting malicious software code embedded in image files, using machine learning. One method comprises obtaining metadata for an image file; applying the obtained metadata to at least one machine learning technique to classify the image file into at least one of a plurality of predefined classes, wherein the plurality of predefined classes comprises at least one malicious file class; and determining whether the image file comprises malicious software code based on the classification. The machine learning technique can be trained using image files classified into at least one of the plurality of predefined classes. The machine learning technique may employ a deep neural network and/or a convolutional neural network to classify the image file into the at least one predefined class.
    Type: Grant
    Filed: May 1, 2019
    Date of Patent: October 4, 2022
    Assignee: EMC IP Holding Company LLC
    Inventors: Or Herman Saffar, Amihai Savir, Yevgeni Gehtman
  • Patent number: 11461465
    Abstract: A method protects a daemon in an operating system of a host computer. The operating system detects that there is an access of a plist file of a daemon by a process in the computer. If so, then it executes a callback function registered for the plist file. The callback function sends to a kernel extension a notification of the attempted access. The kernel extension returns a value to the operating system indicating that the access should be denied. The operating system denies access to the plist file of the daemon by the process. The extension may also notify an application which prompts the user for instruction. The kernel extension also protects itself by executing its exit function when a command is given to unload the extension, and the exit function determines whether or not the command is invoked by an authorized application, such as by checking a flag.
    Type: Grant
    Filed: March 19, 2021
    Date of Patent: October 4, 2022
    Assignee: TREND MICRO INC.
    Inventors: Chuan Jiang, Xilin Li, Yafei Zhang
  • Patent number: 11456993
    Abstract: In one aspect, an example method includes receiving, from a first content-presentation device, a request for supplemental content for use in connection with performing a content-modification operation; identifying a download conflict between the first content-presentation device and a second content-presentation device having a same IP address as the first content-presentation device; and providing, to the first content-presentation device, a response to the request, with the request including a download delay instruction. Reception of the download delay instruction by the first content-presentation device causes the first content-presentation device to wait until a condition associated with the download delay instruction is satisfied before downloading a supplemental content item specified in the response.
    Type: Grant
    Filed: June 23, 2021
    Date of Patent: September 27, 2022
    Assignee: ROKU, INC.
    Inventor: Matthew Grover
  • Patent number: 11449896
    Abstract: There is disclosed in one example a computing apparatus, including: a processor and a memory; instructions encoded within the memory to instruct the processor to: identify a downloaded file on a file system; inspect a metadata object attached to the downloaded file; parse the metadata object to extract an advertiser identification string from a GET code portion of a uniform resource locator (URL); query a reputation cache for a reputation for the advertiser identification string; receive a deceptive reputation for the advertiser identification string; and take a remedial action against the downloaded file.
    Type: Grant
    Filed: September 30, 2019
    Date of Patent: September 20, 2022
    Assignee: McAfee, LLC
    Inventors: Oliver G. Devane, Lee Codel Lawson Tarbotton, Federico Barbieri
  • Patent number: 11451561
    Abstract: In one embodiment, a device obtains execution records regarding executions of a plurality of binaries. The execution records comprise command line arguments used during the execution. The device determines measures of similarity between the executions of the binaries based on their command line arguments. The device clusters the executions into clusters based on the determined measures of similarity. The device flags the command line arguments for a particular one of the clusters as an indicator of compromise for malware, based on at least one of the binaries associated with the particular cluster being malware.
    Type: Grant
    Filed: September 14, 2018
    Date of Patent: September 20, 2022
    Assignee: Cisco Technology, Inc.
    Inventors: Jan Jusko, Danila Khikhlukha, Harshit Nayyar
  • Patent number: 11451570
    Abstract: A testing computer system communicates with a cloud computing platform coupled to one or more target computer systems. The testing computer system receives a list of target computer systems from the cloud computing platform, generates respective test payloads for a set of the target systems, and sends the test payloads to the set of target systems. Each respective test payload is useable by its respective target system to perform a security scan of the target system and send test results to the testing computer system and includes instructions that cause the test payloads to be deleted after the security scan is performed. The testing computer system receives test results generated by the set of target systems and evaluates the test results to determine whether any of the set of target systems is implicated in a security breach.
    Type: Grant
    Filed: June 27, 2019
    Date of Patent: September 20, 2022
    Assignee: Kaseya Limited
    Inventors: Ryan Brandt Morris, Christopher Michael Gerritz
  • Patent number: 11444901
    Abstract: A fraudulent email decision device (10) is provided with a consistency analysis unit (24). The consistency analysis unit (24) identifies an intention of a subject email by, for example, a method of, with respect to a newly received incoming email as a subject email, extracting a function term, being a word expressing a reason the subject email was sent, from a body of the subject email. The consistency analysis unit (24) decides whether or not the subject email is a fraudulent email, from a relationship between another incoming email received in the past from the same sender as the sender of the subject email, and the identified intention of the subject email.
    Type: Grant
    Filed: October 1, 2020
    Date of Patent: September 13, 2022
    Assignee: Mitsubishi Electric Corporation
    Inventors: Takumi Yamamoto, Hiroki Nishikawa, Kiyoto Kawauchi
  • Patent number: 11440201
    Abstract: Artificial intelligence (AI)-based process identification, extraction, and automation for robotic process automation (RPA) is disclosed. Listeners may be deployed to user computing systems to collect data pertaining to user actions. The data collected by the listeners may then be sent to one or more servers and be stored in a database. This data may be analyzed by AI layers to recognize patterns of user behavioral processes therein. These recognized processes may then be distilled into respective RPA workflows and deployed to automate the processes.
    Type: Grant
    Filed: December 9, 2019
    Date of Patent: September 13, 2022
    Assignee: UiPath, Inc.
    Inventors: Prabhdeep Singh, Christian Berg
  • Patent number: 11443032
    Abstract: Examples of the present disclosure describe systems and methods for detecting and mitigating stack pivoting exploits. In aspects, various “checkpoints” may be identified in software code. At each checkpoint, the current stack pointer, stack base, and stack limit for each mode of execution may be obtained. The current stack pointer for each mode of execution may be evaluated to determine whether the stack pointer falls within a stack range between the stack base and the stack limit of the respective mode of execution. When the stack pointer is determined to be outside of the expected stack range, a stack pivot exploit is detected and one or more remedial actions may be automatically performed.
    Type: Grant
    Filed: November 3, 2020
    Date of Patent: September 13, 2022
    Assignee: WEBROOT INC.
    Inventor: Andrew Sandoval
  • Patent number: 11442623
    Abstract: An information management system is described herein that performs either a pre-processing or a post-processing operation to increase browse and restore speeds when a user attempts to browse for and restore files from a secondary copy of a data volume. For example, the information management system can implement the pre-processing operation by parsing a master file table (MFT) when a secondary copy operation is initiated on the data volume. The information management system can implement the post-processing operation by parsing the MFT after a secondary copy operation is complete. The parsing can occur to identify records of the MFT that include information useful for enabling a user to browse a secondary copy of the data volume. The information management system can then store the secondary copy of these records for use later in constructing an interface for browsing a secondary copy of the data volume.
    Type: Grant
    Filed: May 2, 2019
    Date of Patent: September 13, 2022
    Assignee: Commvault Systems, Inc.
    Inventors: Sri Karthik Bhagi, Sunil Kumar Gutta
  • Patent number: 11445340
    Abstract: Techniques are disclosed for identifying anomalous subjects and devices at a site. The devices may or may not be carried by or associated with subjects at the site. A number of various types of sensors may be utilized for this purpose. The sensors gather data about the subjects and devices. The data is processed by a data processing module which provides its output to a rolling baseline engine. The rolling baseline engine establishes a baseline for what is considered the “normal” behavior for subjects/devices at the site based on a desired dimension of analysis. Data associated with subjects/devices that is not normal is identified as an anomaly along with the associated subject/device. The findings are archived for performing analytics as required.
    Type: Grant
    Filed: January 21, 2021
    Date of Patent: September 13, 2022
    Assignee: Flying Cloud Technologies, Inc.
    Inventor: Brian P. Christian
  • Patent number: 11436327
    Abstract: One embodiment of the described invention is directed to a computerized method for improving detection of cybersecurity threats initiated by a script. Herein, the method is configured to analyze the script provided as part of a script object by at least (i) determining whether any functional code blocks forming the script include a critical code statement, (ii) determining whether any of the functional code blocks include an evasive code statement, (iii) modifying the script to control processing of a subset of the functional code blocks by avoiding an execution code path including the evasive code statement and processing functional code blocks forming a code path including the critical code statement, and (iv) executing of the modified script and monitoring behaviors of a virtual environment. Thereafter, the method is configured to determine whether the script including cybersecurity threats based on the monitored behaviors.
    Type: Grant
    Filed: December 23, 2020
    Date of Patent: September 6, 2022
    Assignee: FireEye Security Holdings US LLC
    Inventors: Sai Vashisht, Sushant Paithane, Imtiyaz Yunus Pathan
  • Patent number: 11435990
    Abstract: The methods and apparatus for detecting malware using JAR file decompilation are disclosed. An apparatus for decompiling class files, the apparatus comprising a class feature unpacker to unpack a class feature from a class file included in an instruction set, a constant pool address generator to generate a constant pool address table, from the class features, including a plurality of constant pool blocks, based on constant pool type, through an iterative process, a class feature identifier to determine values for each constant pool block based on a constant pool type and store the determined values as a class file feature set, a feature value identifier to obtain raw feature values from a class file feature set and non-class file features, and a feature matrix generator to generate a matrix based on the raw features that correspond to the instruction set.
    Type: Grant
    Filed: August 14, 2019
    Date of Patent: September 6, 2022
    Assignee: MCAFEE, LLC
    Inventor: Daniel Burke
  • Patent number: 11431801
    Abstract: Techniques are provided for offloading the management of sensor data and generating custom views of sensor data. Sensor data received from a data network through a message is stored within storage managed by a computing device. A handle is generated to identify the sensor data. The sensor data within the message is replaced with the handle, and the message is transmitted to a device within the data network. The device may use handles of sensor data to request custom views of sensor data.
    Type: Grant
    Filed: March 26, 2019
    Date of Patent: August 30, 2022
    Assignee: NetApp Inc.
    Inventors: David Slik, Keith Arnold Smith
  • Patent number: 11416608
    Abstract: Events within a computer system are grouped in order to identify security threats and, in some cases, perform an action to mitigate the threat. In some aspects, a computing system event that meets a criterion, are identified. A first layer of computing resources is determined which includes computing resources referenced during the computing system event. A second layer of computing resources is then determined, the second layer including one or more of a parent process or file loaded by the first layer processes, a process writing to a file included in the first layer of computing resources, or a previous version of a file included in the first layer of computing resources. Similarities between computing resource pairs in the first and second layers are determined, and a group of high similarity pairs related to each other is identified. In some embodiments, a mitigating action is identified based on the group.
    Type: Grant
    Filed: May 29, 2020
    Date of Patent: August 16, 2022
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Sadegh Momeni Milajerdi, Mariusz H. Jakubowski, Jugal Parikh
  • Patent number: 11409868
    Abstract: A processing system including at least one processor may detect an accessing of a file, where the accessing comprises a read operation, generate a copy of the file in response to detecting the accessing of the file, and store the copy of the file in a designated storage location. The processing system may further detect a completion of the accessing of the file, apply a checksum operation to the file to generate a checksum in response to detecting the completion of the accessing of the file, determine that the checksum does not match an expected checksum for the file, and generate an alert of a possible manipulation of the file in response to determining that the checksum does not match the expected checksum.
    Type: Grant
    Filed: September 26, 2019
    Date of Patent: August 9, 2022
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: Dylan Reid, Joseph Soryal
  • Patent number: 11409916
    Abstract: A method to transform the function of a programmable circuit (e.g. FPGA) for removing functional bugs or Hardware Trojans is provided.
    Type: Grant
    Filed: August 28, 2020
    Date of Patent: August 9, 2022
    Assignee: EASY-LOGIC TECHNOLOGY LTD.
    Inventors: Yu-Liang Wu, Xing Wei, Tak-Kei Lam, Yi Diao
  • Patent number: 11409884
    Abstract: A system, method, and computer-readable medium for a security vulnerability detection operation. The security vulnerability operation includes configuring a firmware security profiling environment with a trusted host and a trusted service processor; receiving a firmware update file via the trusted service processor; using the trusted service processor to identify a security vulnerability within the firmware update file; and, installing the firmware update file to the information handling system only when no security vulnerability is identified by the trusted service processor, the installing being performed by the trusted host.
    Type: Grant
    Filed: October 31, 2018
    Date of Patent: August 9, 2022
    Assignee: Dell Products L.P.
    Inventors: Chitrak Gupta, Rama Rao Bisa, Elie A. Jreij, Sushma Basavarajaiah, Kala Sampathkumar, Mainak Roy
  • Patent number: 11399033
    Abstract: There is disclosed in one example an advertisement reputation server, including: a hardware platform including a processor and a memory; a network interface; and an advertisement reputation engine including instructions encoded in memory to instruct the processor to: receive via the network interface a plurality of advertisement instances displayed on client devices; extract from the advertisement instances an advertiser identifier; analyze one or more advertisements associated with the advertiser identifier to assign an advertiser reputation; and publish via the network interface advertisement reputation information derived from the reputation for the advertisement identifier.
    Type: Grant
    Filed: June 25, 2019
    Date of Patent: July 26, 2022
    Assignee: McAfee, LLC
    Inventors: Joel R. Spurlock, Nikhil Meshram, Prashanth Palasamudram Ramagopal, Daniel L. Burke
  • Patent number: 11399040
    Abstract: A computerized method is described for authenticating access to a subscription-based service to detect an attempted cyber-attack. First, a request is received by a subscription review service to subscribe to the subscription-based service. The service is configured to analyze one or more objects for a potential presence of malware representing the attempted cyber-attack. Using service policy level information, the cloud broker selects a cluster from a plurality of clusters to analyze whether the one or more objects are associated with the attempted cyber-attack and establishes a communication session between the sensor and the cluster via the cloud broker. The service policy level information is associated with the customer and is used in accessing the subscription-based service. The service policy level information includes at least an identifier assigned to the customer.
    Type: Grant
    Filed: September 28, 2020
    Date of Patent: July 26, 2022
    Assignee: FireEye Security Holdings US LLC
    Inventors: Mumtaz Siddiqui, Manju Radhakrishnan
  • Patent number: 11394733
    Abstract: A system provides for generation and implementation of resiliency controls for securing technology resources. In particular, the system may generate a model for securing technology resources based on compromise vectors that may affect the integrity or security of the resources, along with resiliency controls which may be used by the system to protect the resources. Based on the above information, the system may determine the impact that certain vectors may have on certain resources and assess the resistance of the resources to the impacts. In this way, the system may provide an efficient way to assess resiliency of resources and implement resiliency controls to protect such resources.
    Type: Grant
    Filed: November 12, 2019
    Date of Patent: July 19, 2022
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: Brandon Sloane, Lydia Lambright, Regina Yee Cadavid, Gloria Joo
  • Patent number: 11389728
    Abstract: Provided is a method of monitoring mobile game macro user. The method is performed by a processor of a computer.
    Type: Grant
    Filed: February 15, 2021
    Date of Patent: July 19, 2022
    Assignee: NHN CORPORATION
    Inventor: Chang Yul Lee
  • Patent number: 11386206
    Abstract: A system and method model activities in the production environment as sequences of microservices, and identify unusual activities by analyzing these sequences. In particular, a directed graph of usual activity is formed as a basis for determining unusual activities. Next, activities that were actually performed are determined by statistically analyzing records of microservice invocation in application diagnostic files. These activity sequences are overlaid on the directed graph to determine relative fit by using a trace coverage percentage score. Application instances or activities with low relative fit are deemed suspicious. If the low fit persists for an extended duration, then the instances or activities are deemed unusual and an individual is alerted to begin a manual review.
    Type: Grant
    Filed: September 21, 2020
    Date of Patent: July 12, 2022
    Assignee: Dell Products L.P.
    Inventors: Parminder Singh Sethi, Kanika Kapish, Anay Kishore, Kunal Visoulia
  • Patent number: 11381586
    Abstract: A method may include monitoring calls and/or traffic on a network and identifying behavior associated with each of a plurality of user devices with respect to activity on the network. The method may also include aggregating information about the behavior associated with the user devices, determining whether the aggregated information corresponds to an anomaly with respect to usage of the network and determining, when the aggregated information corresponds to the anomaly, whether the anomaly meets a threshold based on a type of anomaly and a number of user devices affected by the anomaly. The method may further include identifying, when the aggregated information corresponds to the anomaly, user devices in an area corresponding to the anomaly, generating a notification in response to determining that the aggregated information corresponds to the anomaly and transmitting the notification to the identified user devices in the area corresponding to the anomaly.
    Type: Grant
    Filed: November 20, 2019
    Date of Patent: July 5, 2022
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Shoma Chakravarty, Manah M. Khalil
  • Patent number: 11379689
    Abstract: Disclosed is a method of analyzing abnormal behavior by using data imaging, including: receiving data to be analyzed as an input, wherein the data to be analyzed is related to a state of a system to be analyzed; converting the inputted data to be analyzed into image data; training a neural network unit with the converted image data as an input; and detecting or predicting abnormal behavior in the system to be analyzed, at the neural network unit, which has received the image data converted from the data to be analyzed as the input and completed training.
    Type: Grant
    Filed: February 12, 2018
    Date of Patent: July 5, 2022
    Assignee: CTILAB CO., LTD.
    Inventors: Hong Yeon Cho, Tae Yang Oh, Won Woo Park
  • Patent number: 11379143
    Abstract: Provided is a storage system in which a plurality of virtual volumes obtained by replicating a master virtual volume are provided to each of a plurality of virtual machines of a physical server, respectively, the storage system including: a snapshot management unit that configures a continuous scan generation from the plurality of virtual volumes; a selection processing unit that groups into at least one scan group on the basis of a duplication rate of the plurality of virtual volumes included in the continuous scan generation; and a path setting unit that collectively unmounts the plurality of virtual volumes belonging to the scan group from the physical server in a case where a replica of the virtual volume selected by the selection processing unit is attached to a virus scanning server and one of the plurality of virtual volumes belonging to the scan group is infected with virus.
    Type: Grant
    Filed: September 4, 2020
    Date of Patent: July 5, 2022
    Assignee: Hitachi, Ltd.
    Inventor: Shunsuke Handa
  • Patent number: 11372982
    Abstract: A centralized network environment is provided for processing validated executable data based on authorized hash outputs. In particular, the system may generate cryptographic hash outputs of code or software that has been evaluated (e.g., within a virtual environment). The system may then store the hash outputs within a hash database which may be accessible by multiple entity networks, where multiple entities may upload hash output values to and/or retrieve hash output values from the hash database. Based on the data within the hash database, each entity may efficiently identify code that may be safe or unsafe to execute on certain computing systems within its network environment. The system may further comprise an artificial intelligence-powered component which may be configured to detect patterns within code that has been identified by the system as unsafe and provide notifications containing systems likely to be affected and recommended countermeasures.
    Type: Grant
    Filed: July 2, 2020
    Date of Patent: June 28, 2022
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: George Albero, Jake Michael Yara, Edward Lee Traywick, Konata Stinson, Emanuel David Guller, Scot Lincoln Daniels, Rick Wayne Sumrall, Carrie Elaine Gates
  • Patent number: 11372978
    Abstract: A system facilitates detection of malicious properties of software packages. A generic application which comprises known functionality into which a software package has been included is analyzed through a static analysis and/or dynamic analysis, which is performed based on executing the generic application in a controlled environment. The static analysis and/or dynamic analysis are performed to determine whether one or more properties associated with the software package comprise deviations from the known behavior of the generic application. Behavior deviations identified based on the static and/or dynamic analysis are associated with a score. An aggregate score is calculated for the software package based on the scores which have been assigned to the identified behavior deviations and may be adjusted based on a reputation multiplier determined based on metadata of the software package. If the aggregate score of the software package exceeds a score threshold, the software package is flagged as malicious.
    Type: Grant
    Filed: April 13, 2020
    Date of Patent: June 28, 2022
    Assignee: Twistlock Ltd.
    Inventors: Ory Segal, Yuri Shapira, Avraham Shulman, Benny Nissimov, Shaked Yosef Zin
  • Patent number: 11373065
    Abstract: Presence of malicious code can be identified in one or more data samples. A feature set extracted from a sample is vectorized to generate a sparse vector. A reduced dimension vector representing the sparse vector can be generated. A binary representation vector of reduced dimension vector can be created by converting each value of a plurality of values in the reduced dimension vector to a binary representation. The binary representation vector can be added as a new element in a dictionary structure if the binary representation is not equal to an existing element in the dictionary structure. A training set for use in training a machine learning model can be created to include one vector whose binary representation corresponds to each of a plurality of elements in the dictionary structure.
    Type: Grant
    Filed: January 17, 2018
    Date of Patent: June 28, 2022
    Assignee: Cylance Inc.
    Inventor: Andrew Davis