Virus Detection Patents (Class 726/24)
-
Patent number: 11531751Abstract: This disclosure relates to systems and methods generating and distributing protected software applications. In certain embodiments, integrity checking mechanisms may be implemented using integrity checking code in software code prior to compilation into machine code. Following compilation and execution of the application, the introduced code may check the integrity of the application by determining whether the application behaves and/or otherwise functions as expected. By introducing integrity checking in this manner, integrity checking techniques may be injected into the application prior to compilation into machine code and/or independent of the particular manner in which the application is compiled.Type: GrantFiled: December 4, 2020Date of Patent: December 20, 2022Assignee: Intertrust Technologies CorporationInventor: Marko Caklovic
-
Patent number: 11531786Abstract: A method may include detecting a keylogger based at least in part on an increase in power drawn by an input device, detecting the keylogger based at least in part on a driver of the input device, detecting the keylogger based at least in part on a duration of time that a signal generated by the input device takes to transmit to a computing device, or any combination thereof. The method may also include, in response to detecting the keylogger, generating an alert to indicate a presence of the keylogger.Type: GrantFiled: December 2, 2020Date of Patent: December 20, 2022Assignee: United Services Automobile Association (USAA)Inventors: Ashley Raine Philbrick, Ryan Thomas Russell, David Joaquin Harris
-
Patent number: 11528324Abstract: Due to slow download speeds from a cloud server to an end-user and the high costs associated therewith, described is a private environment that manages and utilizes resources provided by a public cloud and the storage horsepower of a private server. Certain embodiments envision syncing data objects across at least one cloud data bucket located in a public cloud and at least one server data bucket located in at least one private server. Certain aspects explore using a software platform that manages syncing data from a cloud data bucket to a server data bucket by way of asynchronous notifications from the cloud data bucket to the software platform. However, syncing data in the opposite direction from the server data bucket to the cloud data bucket is by way of direct syncing and not through asynchronous notifications. Conflict resolution is also described when two different data object versions are uploaded to two different data buckets before the data objects can be synced across the data buckets.Type: GrantFiled: February 9, 2021Date of Patent: December 13, 2022Assignee: Spectra Logic CorporationInventors: Joseph T Frank, David Lee Trachy
-
Patent number: 11522696Abstract: An Intrusion Defense System for protecting the computer systems of a vehicle includes a vehicle having a computer with a direct wired or Radio frequency or other contact-less remote connection diagnosis connection port interface. A hardware device for protecting the computer from hazardous software code intrusions into the computer system. is used to protect the computer from unwanted hacks or intrusions into the system. The hardware device includes at least one or more of: a Diagnostic Port Gateway; a CAN Conditioner; and a CAN Data Security Diode and combinations of these.Type: GrantFiled: March 15, 2021Date of Patent: December 6, 2022Assignee: Dearborn Group, Inc.Inventors: Prakash K. Kulkarni, Mark P. Zachos
-
Patent number: 11520887Abstract: Client devices detect malware based on a ruleset received from a security server. To evaluate a current ruleset, an administrative client device initiates a ruleset evaluation of the malware detection ruleset. A security server partitions stored malware samples into a group of evaluation lists based on an evaluation policy. The security server then creates scanning nodes on an evaluation server according to the evaluation policy. The scanning nodes scan the malware samples of the evaluation lists using the rulesets and associate each malware sample with a rule of the ruleset based on the detections, if any. The security server analyzes the associations and optimizes the ruleset and stored malware samples. The security server sends the optimized ruleset to client devices such that they more efficiently detect malware samples.Type: GrantFiled: October 14, 2020Date of Patent: December 6, 2022Assignee: Malwarebytes Inc.Inventors: Sunil Mathew Thomas, Michael Graham Malone
-
Patent number: 11522902Abstract: A level-of-confidence calculation apparatus includes a first collecting unit that collects relevant information related to first threat intelligence that is input; a second collecting unit that collects, from a memory unit storing threat intelligence to which a level of confidence is appended, second threat intelligence related to the relevant information; a generation unit that generates a graph in which the first threat intelligence, the relevant information, and the second threat intelligence are set as nodes and the nodes relating to related information are connected; and a calculating unit that calculates, by applying a belief propagation method to the graph, a level of confidence of the first threat intelligence based on a level of confidence of the second threat intelligence, and therefore a level of confidence of threat intelligence with uncertain level of confidence can be calculated.Type: GrantFiled: May 13, 2019Date of Patent: December 6, 2022Assignee: Nippon Telegraph and Telephone CorporationInventor: Yuta Kazato
-
Patent number: 11520886Abstract: Methods, apparatuses and computer program products implement embodiments of the present invention that include protecting a computer system coupled to a storage device by storing, to the storage device, a set of protected files and one or more decoy files, wherein any modification to the decoy file indicates a cyber-attack on the computer system. Upon receiving a request from a process executing on the computing device to enumerate files stored on the storage device, the process is analyzed so as to classify the process as benign or suspicious. The protected files are enumerated to the process whether the process was classified as benign or suspicious. However, the one or more decoy files are enumerated to the process only upon process being classified as suspicious.Type: GrantFiled: July 26, 2020Date of Patent: December 6, 2022Assignee: PALO ALTO NETWORKS (ISRAEL ANALYTICS) LTD.Inventors: Erez Levy, Or Chechik, Liav Zigelbaum, Eldar Aharoni
-
Patent number: 11514162Abstract: Systems and methods for malware filtering are provided herein. In some embodiments, a system having one or more processors is configured to: retrieve a file downloaded to a user device; break the downloaded file into a plurality of chunks; scan the plurality of chunks to identify potentially malicious chunks; predict whether the downloaded file is malicious based on the scan of the plurality of chunks; and determine whether the downloaded file is malicious based on the prediction.Type: GrantFiled: January 13, 2022Date of Patent: November 29, 2022Assignee: UAB 360 ITInventors: Aleksandr Sevcenko, Mantas Briliauskas
-
Patent number: 11514160Abstract: Disclosed herein are systems and methods for determining a coefficient of harmfulness of a file using a trained learning model. In one aspect, an exemplary method includes forming a first vector containing a plurality of attributes of a known malicious file. A learning model is trained using the first vector to identify a plurality of significant attributes that influence identification of the malicious file. A second vector is formed containing a plurality of attributes of known safe files. The learning model is trained using the second vector to identify attributes insignificant to the identification of the malicious file. An unknown file is analyzed by the learning model. The learning model outputs a numerical value identifying a coefficient of harmfulness relating to a probability that the unknown file will prove to be harmful.Type: GrantFiled: January 26, 2021Date of Patent: November 29, 2022Assignee: AO Kaspersky LabInventors: Sergey V. Prokudin, Alexey M. Romanenko
-
Patent number: 11507656Abstract: A system and method of detecting and remediating attacks includes receiving operating system (OS) read/write data from an OS, the OS read/write data describing at least one of reads from and writes to a storage device over a file system interface of the OS; collecting storage device read/write data, the storage device read/write data describing at least one of reads from and writes to the storage device; comparing the OS read/write data to the storage device read/write data; and determining if there is a discrepancy between the OS read/write data and the storage device read/write data. If there is a discrepancy, determining if there is an anomaly detected between OS read/write data and the storage device read/write data. If there is an anomaly, causing a remediation action to be taken to stop a malware attack.Type: GrantFiled: December 23, 2020Date of Patent: November 22, 2022Assignee: INTEL CORPORATIONInventors: Omer Ben-Shalom, Alex Nayshtut, Behnam Eliyahu, Denis Klimov
-
Patent number: 11501120Abstract: An artifact is received and features are extracted therefrom to form a feature vector. Thereafter, a determination is made to alter a malware processing workflow based on a distance of one or more features in the feature vector relative to one or more indicator centroids. Each indicator centroid specifying a threshold distance to trigger an action. Based on such a determination, the malware processing workflow is altered.Type: GrantFiled: February 20, 2020Date of Patent: November 15, 2022Assignee: Cylance Inc.Inventors: Eric Glen Petersen, Michael Alan Hohimer, Jian Luan, Matthew Wolff, Brian Michael Wallace
-
Patent number: 11503046Abstract: A evaluation method by a computer, the method includes: making, based on domain information included in input cyber attack information, an inquiry about whether an address associated with the domain information exists to multiple first servers that manage associations between the domain information and addresses; make an inquiry about an answer history related to the domain information to a second server that monitors communication of the first servers and manages answer histories, related to the associations between the domain information and the addresses, of the first servers; and outputting a result of diagnosing a threat detail of a cyber attack related to the domain information based on a ratio of the number of answers indicating that an address associated with the domain information does not exist with respect to the number of answers acquired from each of the first servers, and the answer histories acquired from the second server.Type: GrantFiled: January 22, 2020Date of Patent: November 15, 2022Assignee: FUJITSU LIMITEDInventor: Tsuyoshi Taniguchi
-
Patent number: 11494492Abstract: A program analysis method according to an exemplary aspect of the present disclosure includes: generating an analysis-target abstract code that is data representing a mathematical model into which an inspection-target execution code is transformed; and determining whether or not the inspection-target execution code is a fraudulent program by executing at least processing of determining whether or not the analysis-target abstract code includes a known factor code that is data representing a mathematical model into which a known execution code is transformed, and processing of determining whether or not a state at an end of execution of the inspection-target execution code is included in success state information indicating a state in which an attack by a fraudulent program is successful.Type: GrantFiled: August 27, 2020Date of Patent: November 8, 2022Assignee: NEC CORPORATIONInventor: Masaru Kawakita
-
Patent number: 11494216Abstract: A method for capturing VM resources for forensics includes receiving an indication of compromise (IoC). The indication of compromise indicates an attack is imminent against a virtual machine. The method also includes, in response to receiving the IoC and before the attack begins, snapshotting a memory state of memory used by the virtual machine and increasing a level of auditing of the virtual machine from a standard level of auditing to a heightened level of auditing. The heightened level of auditing generates data representative of all accesses to the memory used by the virtual machine. After the attack against the virtual machine has begun, the method includes maintaining the heightened level of auditing for a threshold period of time, notifying a user of the virtual machine of the indication of compromise, and storing the data in memory external to the virtual machine.Type: GrantFiled: August 16, 2019Date of Patent: November 8, 2022Assignee: Google LLCInventors: Michael Halcrow, Thomas Garnier
-
Patent number: 11496508Abstract: A network security system centrally manages security packages and deploy them to a network host that is identified as potentially compromised. A security package is selected or assembled to be targeted to the identified host. Security packages are designed to isolate identified hosts from other network resources and collect forensic information from the hosts without interfering with operations of the hosts. Once forensic information is collected, software packages can be dissolved from hosts. Collected forensic information can be used to analyze and mitigate threats on hosts.Type: GrantFiled: July 27, 2020Date of Patent: November 8, 2022Assignee: Target Brands, Inc.Inventors: Chris Carlson, Adam Lesperance
-
Patent number: 11487811Abstract: A mechanism is described for facilitating recognition, reidentification, and security in machine learning at autonomous machines. A method of embodiments, as described herein, includes facilitating a camera to detect one or more objects within a physical vicinity, the one or more objects including a person, and the physical vicinity including a house, where detecting includes capturing one or more images of one or more portions of a body of the person. The method may further include extracting body features based on the one or more portions of the body, comparing the extracted body features with feature vectors stored at a database, and building a classification model based on the extracted body features over a period of time to facilitate recognition or reidentification of the person independent of facial recognition of the person.Type: GrantFiled: November 26, 2019Date of Patent: November 1, 2022Assignee: Intel CorporationInventors: Barnan Das, Mayuresh M. Varerkar, Narayan Biswal, Stanley J. Baran, Gokcen Cilingir, Nilesh V. Shah, Archie Sharma, Sherine Abdelhak, Praneetha Kotha, Neelay Pandit, John C. Weast, Mike B. MacPherson, Dukhwan Kim, Linda L. Hurd, Abhishek R. Appu, Altug Koker, Joydeep Ray
-
Patent number: 11487875Abstract: A computer program product, a computer-implemented method, and a computer system include a processor(s) that obtains side channel emanations from a device. The processor(s) analyzes the side channel emanations to identify distinct emanation patterns and timing characteristics, wherein the timing characteristics are associated with transitions between the distinct emanation patterns. The processor(s) generates a non-deterministic finite automaton (NFA) by correlating the distinct emanation patterns with states of the device, where the NFA captures states and state transitions of the device. The processor(s) identifies an anomaly in the device, based on deviation in emanations from the device.Type: GrantFiled: November 23, 2020Date of Patent: November 1, 2022Assignee: Peraton Labs Inc.Inventors: Scott Alexander, Josephine Micallef, Joshua Morman, Euthimios Panagos, Marc Pucci, Simon Tsang
-
Patent number: 11487876Abstract: A locality-sensitive hash value is calculated for a suspect file in an endpoint computer. A similarity score is calculated for the suspect hash value by comparing it to similarly-calculated hash values in a cluster of known benign files. A suspiciousness score is calculated for the suspect hash value based upon similar matches in a cluster of benign files and a cluster of known malicious files. These similarity score and the suspiciousness score or combined in order to determine if the suspect file is malicious or not. Feature extraction and a set of features for the suspect file may be used instead of the hash value; the classes would contain sets of features rather than hash values. The clusters may reside in a cloud service database. The suspiciousness score is a modified Tarantula technique. Matching of locality-sensitive hashes may be performed by traversing tree structures of hash values.Type: GrantFiled: April 6, 2020Date of Patent: November 1, 2022Assignee: Trend Micro Inc.Inventor: Jayson Pryde
-
Patent number: 11481487Abstract: The technology provides for a threat detection system. In this regard, the system may be configured to output file states of a multi-layer file system. For instance, the system may determine, based on the file states for a file, one or more layers of the multi-layer file system in which one or more objects corresponding to the file can be found. Based on the one or more objects corresponding to the file, the system may detect a potential threat. The system may then take an action in response to the potential threat.Type: GrantFiled: July 8, 2019Date of Patent: October 25, 2022Assignee: Google LLCInventors: Michael Halcrow, Thomas Garnier
-
Patent number: 11481492Abstract: Disclosed are a method and system for static behavior-predictive malware detection. The method and system use a transfer learning model from behavior prediction to malware detection based on static features. In accordance with an embodiment, machine learning is used to capture the relations between static features, behavior features, and other context information. For example, the machine learning may be implemented with a deep learning network model with multiple embedded layers pre-trained with metadata gathered from various resources, including sandbox logs, simulator logs and context information. Synthesized behavior-related static features are generated by projecting the original static features to the behavior features. A final static model may then be trained using the combination of the original static features and the synthesized features as the training data. The detection stage may be performed in real time with static analysis because only static features are needed.Type: GrantFiled: July 25, 2017Date of Patent: October 25, 2022Assignee: TREND MICRO INCORPORATEDInventors: Wen-Kwang Tsao, Chia-Yen Chang, PingHuan Wu
-
Patent number: 11475169Abstract: Examples described herein relate to a security system consistent with the disclosure. For instance, the security system may comprise a sensor interface bridge connecting a gateway to an input/output (I/O) card, a Field Programmable Gate Array (FPGA) to scan data to detect an anomaly in the data while the data is in the sensor interface bridge, where a learning neural network accelerator Application-Specific Integrated Circuit (ASIC) is integrated with the FPGA and send the data without an anomaly to the gateway.Type: GrantFiled: March 4, 2019Date of Patent: October 18, 2022Assignee: Hewlett Packard Enterprise Development LPInventors: Martin Foltin, Aalap Tripathy, Harvey Edward White, Jr., John Paul Strachan
-
Patent number: 11461467Abstract: Techniques are provided for detecting malicious software code embedded in image files, using machine learning. One method comprises obtaining metadata for an image file; applying the obtained metadata to at least one machine learning technique to classify the image file into at least one of a plurality of predefined classes, wherein the plurality of predefined classes comprises at least one malicious file class; and determining whether the image file comprises malicious software code based on the classification. The machine learning technique can be trained using image files classified into at least one of the plurality of predefined classes. The machine learning technique may employ a deep neural network and/or a convolutional neural network to classify the image file into the at least one predefined class.Type: GrantFiled: May 1, 2019Date of Patent: October 4, 2022Assignee: EMC IP Holding Company LLCInventors: Or Herman Saffar, Amihai Savir, Yevgeni Gehtman
-
Patent number: 11461465Abstract: A method protects a daemon in an operating system of a host computer. The operating system detects that there is an access of a plist file of a daemon by a process in the computer. If so, then it executes a callback function registered for the plist file. The callback function sends to a kernel extension a notification of the attempted access. The kernel extension returns a value to the operating system indicating that the access should be denied. The operating system denies access to the plist file of the daemon by the process. The extension may also notify an application which prompts the user for instruction. The kernel extension also protects itself by executing its exit function when a command is given to unload the extension, and the exit function determines whether or not the command is invoked by an authorized application, such as by checking a flag.Type: GrantFiled: March 19, 2021Date of Patent: October 4, 2022Assignee: TREND MICRO INC.Inventors: Chuan Jiang, Xilin Li, Yafei Zhang
-
Patent number: 11456993Abstract: In one aspect, an example method includes receiving, from a first content-presentation device, a request for supplemental content for use in connection with performing a content-modification operation; identifying a download conflict between the first content-presentation device and a second content-presentation device having a same IP address as the first content-presentation device; and providing, to the first content-presentation device, a response to the request, with the request including a download delay instruction. Reception of the download delay instruction by the first content-presentation device causes the first content-presentation device to wait until a condition associated with the download delay instruction is satisfied before downloading a supplemental content item specified in the response.Type: GrantFiled: June 23, 2021Date of Patent: September 27, 2022Assignee: ROKU, INC.Inventor: Matthew Grover
-
Patent number: 11449896Abstract: There is disclosed in one example a computing apparatus, including: a processor and a memory; instructions encoded within the memory to instruct the processor to: identify a downloaded file on a file system; inspect a metadata object attached to the downloaded file; parse the metadata object to extract an advertiser identification string from a GET code portion of a uniform resource locator (URL); query a reputation cache for a reputation for the advertiser identification string; receive a deceptive reputation for the advertiser identification string; and take a remedial action against the downloaded file.Type: GrantFiled: September 30, 2019Date of Patent: September 20, 2022Assignee: McAfee, LLCInventors: Oliver G. Devane, Lee Codel Lawson Tarbotton, Federico Barbieri
-
Patent number: 11451561Abstract: In one embodiment, a device obtains execution records regarding executions of a plurality of binaries. The execution records comprise command line arguments used during the execution. The device determines measures of similarity between the executions of the binaries based on their command line arguments. The device clusters the executions into clusters based on the determined measures of similarity. The device flags the command line arguments for a particular one of the clusters as an indicator of compromise for malware, based on at least one of the binaries associated with the particular cluster being malware.Type: GrantFiled: September 14, 2018Date of Patent: September 20, 2022Assignee: Cisco Technology, Inc.Inventors: Jan Jusko, Danila Khikhlukha, Harshit Nayyar
-
Patent number: 11451570Abstract: A testing computer system communicates with a cloud computing platform coupled to one or more target computer systems. The testing computer system receives a list of target computer systems from the cloud computing platform, generates respective test payloads for a set of the target systems, and sends the test payloads to the set of target systems. Each respective test payload is useable by its respective target system to perform a security scan of the target system and send test results to the testing computer system and includes instructions that cause the test payloads to be deleted after the security scan is performed. The testing computer system receives test results generated by the set of target systems and evaluates the test results to determine whether any of the set of target systems is implicated in a security breach.Type: GrantFiled: June 27, 2019Date of Patent: September 20, 2022Assignee: Kaseya LimitedInventors: Ryan Brandt Morris, Christopher Michael Gerritz
-
Patent number: 11444901Abstract: A fraudulent email decision device (10) is provided with a consistency analysis unit (24). The consistency analysis unit (24) identifies an intention of a subject email by, for example, a method of, with respect to a newly received incoming email as a subject email, extracting a function term, being a word expressing a reason the subject email was sent, from a body of the subject email. The consistency analysis unit (24) decides whether or not the subject email is a fraudulent email, from a relationship between another incoming email received in the past from the same sender as the sender of the subject email, and the identified intention of the subject email.Type: GrantFiled: October 1, 2020Date of Patent: September 13, 2022Assignee: Mitsubishi Electric CorporationInventors: Takumi Yamamoto, Hiroki Nishikawa, Kiyoto Kawauchi
-
Patent number: 11440201Abstract: Artificial intelligence (AI)-based process identification, extraction, and automation for robotic process automation (RPA) is disclosed. Listeners may be deployed to user computing systems to collect data pertaining to user actions. The data collected by the listeners may then be sent to one or more servers and be stored in a database. This data may be analyzed by AI layers to recognize patterns of user behavioral processes therein. These recognized processes may then be distilled into respective RPA workflows and deployed to automate the processes.Type: GrantFiled: December 9, 2019Date of Patent: September 13, 2022Assignee: UiPath, Inc.Inventors: Prabhdeep Singh, Christian Berg
-
Patent number: 11443032Abstract: Examples of the present disclosure describe systems and methods for detecting and mitigating stack pivoting exploits. In aspects, various “checkpoints” may be identified in software code. At each checkpoint, the current stack pointer, stack base, and stack limit for each mode of execution may be obtained. The current stack pointer for each mode of execution may be evaluated to determine whether the stack pointer falls within a stack range between the stack base and the stack limit of the respective mode of execution. When the stack pointer is determined to be outside of the expected stack range, a stack pivot exploit is detected and one or more remedial actions may be automatically performed.Type: GrantFiled: November 3, 2020Date of Patent: September 13, 2022Assignee: WEBROOT INC.Inventor: Andrew Sandoval
-
Patent number: 11442623Abstract: An information management system is described herein that performs either a pre-processing or a post-processing operation to increase browse and restore speeds when a user attempts to browse for and restore files from a secondary copy of a data volume. For example, the information management system can implement the pre-processing operation by parsing a master file table (MFT) when a secondary copy operation is initiated on the data volume. The information management system can implement the post-processing operation by parsing the MFT after a secondary copy operation is complete. The parsing can occur to identify records of the MFT that include information useful for enabling a user to browse a secondary copy of the data volume. The information management system can then store the secondary copy of these records for use later in constructing an interface for browsing a secondary copy of the data volume.Type: GrantFiled: May 2, 2019Date of Patent: September 13, 2022Assignee: Commvault Systems, Inc.Inventors: Sri Karthik Bhagi, Sunil Kumar Gutta
-
Patent number: 11445340Abstract: Techniques are disclosed for identifying anomalous subjects and devices at a site. The devices may or may not be carried by or associated with subjects at the site. A number of various types of sensors may be utilized for this purpose. The sensors gather data about the subjects and devices. The data is processed by a data processing module which provides its output to a rolling baseline engine. The rolling baseline engine establishes a baseline for what is considered the “normal” behavior for subjects/devices at the site based on a desired dimension of analysis. Data associated with subjects/devices that is not normal is identified as an anomaly along with the associated subject/device. The findings are archived for performing analytics as required.Type: GrantFiled: January 21, 2021Date of Patent: September 13, 2022Assignee: Flying Cloud Technologies, Inc.Inventor: Brian P. Christian
-
Patent number: 11436327Abstract: One embodiment of the described invention is directed to a computerized method for improving detection of cybersecurity threats initiated by a script. Herein, the method is configured to analyze the script provided as part of a script object by at least (i) determining whether any functional code blocks forming the script include a critical code statement, (ii) determining whether any of the functional code blocks include an evasive code statement, (iii) modifying the script to control processing of a subset of the functional code blocks by avoiding an execution code path including the evasive code statement and processing functional code blocks forming a code path including the critical code statement, and (iv) executing of the modified script and monitoring behaviors of a virtual environment. Thereafter, the method is configured to determine whether the script including cybersecurity threats based on the monitored behaviors.Type: GrantFiled: December 23, 2020Date of Patent: September 6, 2022Assignee: FireEye Security Holdings US LLCInventors: Sai Vashisht, Sushant Paithane, Imtiyaz Yunus Pathan
-
Patent number: 11435990Abstract: The methods and apparatus for detecting malware using JAR file decompilation are disclosed. An apparatus for decompiling class files, the apparatus comprising a class feature unpacker to unpack a class feature from a class file included in an instruction set, a constant pool address generator to generate a constant pool address table, from the class features, including a plurality of constant pool blocks, based on constant pool type, through an iterative process, a class feature identifier to determine values for each constant pool block based on a constant pool type and store the determined values as a class file feature set, a feature value identifier to obtain raw feature values from a class file feature set and non-class file features, and a feature matrix generator to generate a matrix based on the raw features that correspond to the instruction set.Type: GrantFiled: August 14, 2019Date of Patent: September 6, 2022Assignee: MCAFEE, LLCInventor: Daniel Burke
-
Patent number: 11431801Abstract: Techniques are provided for offloading the management of sensor data and generating custom views of sensor data. Sensor data received from a data network through a message is stored within storage managed by a computing device. A handle is generated to identify the sensor data. The sensor data within the message is replaced with the handle, and the message is transmitted to a device within the data network. The device may use handles of sensor data to request custom views of sensor data.Type: GrantFiled: March 26, 2019Date of Patent: August 30, 2022Assignee: NetApp Inc.Inventors: David Slik, Keith Arnold Smith
-
Patent number: 11416608Abstract: Events within a computer system are grouped in order to identify security threats and, in some cases, perform an action to mitigate the threat. In some aspects, a computing system event that meets a criterion, are identified. A first layer of computing resources is determined which includes computing resources referenced during the computing system event. A second layer of computing resources is then determined, the second layer including one or more of a parent process or file loaded by the first layer processes, a process writing to a file included in the first layer of computing resources, or a previous version of a file included in the first layer of computing resources. Similarities between computing resource pairs in the first and second layers are determined, and a group of high similarity pairs related to each other is identified. In some embodiments, a mitigating action is identified based on the group.Type: GrantFiled: May 29, 2020Date of Patent: August 16, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Sadegh Momeni Milajerdi, Mariusz H. Jakubowski, Jugal Parikh
-
Patent number: 11409868Abstract: A processing system including at least one processor may detect an accessing of a file, where the accessing comprises a read operation, generate a copy of the file in response to detecting the accessing of the file, and store the copy of the file in a designated storage location. The processing system may further detect a completion of the accessing of the file, apply a checksum operation to the file to generate a checksum in response to detecting the completion of the accessing of the file, determine that the checksum does not match an expected checksum for the file, and generate an alert of a possible manipulation of the file in response to determining that the checksum does not match the expected checksum.Type: GrantFiled: September 26, 2019Date of Patent: August 9, 2022Assignee: AT&T Intellectual Property I, L.P.Inventors: Dylan Reid, Joseph Soryal
-
Patent number: 11409916Abstract: A method to transform the function of a programmable circuit (e.g. FPGA) for removing functional bugs or Hardware Trojans is provided.Type: GrantFiled: August 28, 2020Date of Patent: August 9, 2022Assignee: EASY-LOGIC TECHNOLOGY LTD.Inventors: Yu-Liang Wu, Xing Wei, Tak-Kei Lam, Yi Diao
-
Patent number: 11409884Abstract: A system, method, and computer-readable medium for a security vulnerability detection operation. The security vulnerability operation includes configuring a firmware security profiling environment with a trusted host and a trusted service processor; receiving a firmware update file via the trusted service processor; using the trusted service processor to identify a security vulnerability within the firmware update file; and, installing the firmware update file to the information handling system only when no security vulnerability is identified by the trusted service processor, the installing being performed by the trusted host.Type: GrantFiled: October 31, 2018Date of Patent: August 9, 2022Assignee: Dell Products L.P.Inventors: Chitrak Gupta, Rama Rao Bisa, Elie A. Jreij, Sushma Basavarajaiah, Kala Sampathkumar, Mainak Roy
-
Patent number: 11399033Abstract: There is disclosed in one example an advertisement reputation server, including: a hardware platform including a processor and a memory; a network interface; and an advertisement reputation engine including instructions encoded in memory to instruct the processor to: receive via the network interface a plurality of advertisement instances displayed on client devices; extract from the advertisement instances an advertiser identifier; analyze one or more advertisements associated with the advertiser identifier to assign an advertiser reputation; and publish via the network interface advertisement reputation information derived from the reputation for the advertisement identifier.Type: GrantFiled: June 25, 2019Date of Patent: July 26, 2022Assignee: McAfee, LLCInventors: Joel R. Spurlock, Nikhil Meshram, Prashanth Palasamudram Ramagopal, Daniel L. Burke
-
Patent number: 11399040Abstract: A computerized method is described for authenticating access to a subscription-based service to detect an attempted cyber-attack. First, a request is received by a subscription review service to subscribe to the subscription-based service. The service is configured to analyze one or more objects for a potential presence of malware representing the attempted cyber-attack. Using service policy level information, the cloud broker selects a cluster from a plurality of clusters to analyze whether the one or more objects are associated with the attempted cyber-attack and establishes a communication session between the sensor and the cluster via the cloud broker. The service policy level information is associated with the customer and is used in accessing the subscription-based service. The service policy level information includes at least an identifier assigned to the customer.Type: GrantFiled: September 28, 2020Date of Patent: July 26, 2022Assignee: FireEye Security Holdings US LLCInventors: Mumtaz Siddiqui, Manju Radhakrishnan
-
Patent number: 11394733Abstract: A system provides for generation and implementation of resiliency controls for securing technology resources. In particular, the system may generate a model for securing technology resources based on compromise vectors that may affect the integrity or security of the resources, along with resiliency controls which may be used by the system to protect the resources. Based on the above information, the system may determine the impact that certain vectors may have on certain resources and assess the resistance of the resources to the impacts. In this way, the system may provide an efficient way to assess resiliency of resources and implement resiliency controls to protect such resources.Type: GrantFiled: November 12, 2019Date of Patent: July 19, 2022Assignee: BANK OF AMERICA CORPORATIONInventors: Brandon Sloane, Lydia Lambright, Regina Yee Cadavid, Gloria Joo
-
Patent number: 11389728Abstract: Provided is a method of monitoring mobile game macro user. The method is performed by a processor of a computer.Type: GrantFiled: February 15, 2021Date of Patent: July 19, 2022Assignee: NHN CORPORATIONInventor: Chang Yul Lee
-
Patent number: 11386206Abstract: A system and method model activities in the production environment as sequences of microservices, and identify unusual activities by analyzing these sequences. In particular, a directed graph of usual activity is formed as a basis for determining unusual activities. Next, activities that were actually performed are determined by statistically analyzing records of microservice invocation in application diagnostic files. These activity sequences are overlaid on the directed graph to determine relative fit by using a trace coverage percentage score. Application instances or activities with low relative fit are deemed suspicious. If the low fit persists for an extended duration, then the instances or activities are deemed unusual and an individual is alerted to begin a manual review.Type: GrantFiled: September 21, 2020Date of Patent: July 12, 2022Assignee: Dell Products L.P.Inventors: Parminder Singh Sethi, Kanika Kapish, Anay Kishore, Kunal Visoulia
-
Patent number: 11381586Abstract: A method may include monitoring calls and/or traffic on a network and identifying behavior associated with each of a plurality of user devices with respect to activity on the network. The method may also include aggregating information about the behavior associated with the user devices, determining whether the aggregated information corresponds to an anomaly with respect to usage of the network and determining, when the aggregated information corresponds to the anomaly, whether the anomaly meets a threshold based on a type of anomaly and a number of user devices affected by the anomaly. The method may further include identifying, when the aggregated information corresponds to the anomaly, user devices in an area corresponding to the anomaly, generating a notification in response to determining that the aggregated information corresponds to the anomaly and transmitting the notification to the identified user devices in the area corresponding to the anomaly.Type: GrantFiled: November 20, 2019Date of Patent: July 5, 2022Assignee: Verizon Patent and Licensing Inc.Inventors: Shoma Chakravarty, Manah M. Khalil
-
Patent number: 11379689Abstract: Disclosed is a method of analyzing abnormal behavior by using data imaging, including: receiving data to be analyzed as an input, wherein the data to be analyzed is related to a state of a system to be analyzed; converting the inputted data to be analyzed into image data; training a neural network unit with the converted image data as an input; and detecting or predicting abnormal behavior in the system to be analyzed, at the neural network unit, which has received the image data converted from the data to be analyzed as the input and completed training.Type: GrantFiled: February 12, 2018Date of Patent: July 5, 2022Assignee: CTILAB CO., LTD.Inventors: Hong Yeon Cho, Tae Yang Oh, Won Woo Park
-
Patent number: 11379143Abstract: Provided is a storage system in which a plurality of virtual volumes obtained by replicating a master virtual volume are provided to each of a plurality of virtual machines of a physical server, respectively, the storage system including: a snapshot management unit that configures a continuous scan generation from the plurality of virtual volumes; a selection processing unit that groups into at least one scan group on the basis of a duplication rate of the plurality of virtual volumes included in the continuous scan generation; and a path setting unit that collectively unmounts the plurality of virtual volumes belonging to the scan group from the physical server in a case where a replica of the virtual volume selected by the selection processing unit is attached to a virus scanning server and one of the plurality of virtual volumes belonging to the scan group is infected with virus.Type: GrantFiled: September 4, 2020Date of Patent: July 5, 2022Assignee: Hitachi, Ltd.Inventor: Shunsuke Handa
-
Patent number: 11372982Abstract: A centralized network environment is provided for processing validated executable data based on authorized hash outputs. In particular, the system may generate cryptographic hash outputs of code or software that has been evaluated (e.g., within a virtual environment). The system may then store the hash outputs within a hash database which may be accessible by multiple entity networks, where multiple entities may upload hash output values to and/or retrieve hash output values from the hash database. Based on the data within the hash database, each entity may efficiently identify code that may be safe or unsafe to execute on certain computing systems within its network environment. The system may further comprise an artificial intelligence-powered component which may be configured to detect patterns within code that has been identified by the system as unsafe and provide notifications containing systems likely to be affected and recommended countermeasures.Type: GrantFiled: July 2, 2020Date of Patent: June 28, 2022Assignee: BANK OF AMERICA CORPORATIONInventors: George Albero, Jake Michael Yara, Edward Lee Traywick, Konata Stinson, Emanuel David Guller, Scot Lincoln Daniels, Rick Wayne Sumrall, Carrie Elaine Gates
-
Patent number: 11372978Abstract: A system facilitates detection of malicious properties of software packages. A generic application which comprises known functionality into which a software package has been included is analyzed through a static analysis and/or dynamic analysis, which is performed based on executing the generic application in a controlled environment. The static analysis and/or dynamic analysis are performed to determine whether one or more properties associated with the software package comprise deviations from the known behavior of the generic application. Behavior deviations identified based on the static and/or dynamic analysis are associated with a score. An aggregate score is calculated for the software package based on the scores which have been assigned to the identified behavior deviations and may be adjusted based on a reputation multiplier determined based on metadata of the software package. If the aggregate score of the software package exceeds a score threshold, the software package is flagged as malicious.Type: GrantFiled: April 13, 2020Date of Patent: June 28, 2022Assignee: Twistlock Ltd.Inventors: Ory Segal, Yuri Shapira, Avraham Shulman, Benny Nissimov, Shaked Yosef Zin
-
Patent number: 11373065Abstract: Presence of malicious code can be identified in one or more data samples. A feature set extracted from a sample is vectorized to generate a sparse vector. A reduced dimension vector representing the sparse vector can be generated. A binary representation vector of reduced dimension vector can be created by converting each value of a plurality of values in the reduced dimension vector to a binary representation. The binary representation vector can be added as a new element in a dictionary structure if the binary representation is not equal to an existing element in the dictionary structure. A training set for use in training a machine learning model can be created to include one vector whose binary representation corresponds to each of a plurality of elements in the dictionary structure.Type: GrantFiled: January 17, 2018Date of Patent: June 28, 2022Assignee: Cylance Inc.Inventor: Andrew Davis