Virus Detection Patents (Class 726/24)
-
Patent number: 11258828Abstract: Systems and methods for monitoring and correcting security measures taken for a computer system are disclosed. Exemplary implementations may: determine a set of risk parameters of the computing system; collect sets of values of the security parameters at various times and determine the efficacy adjustments based on a comparison of the sets of values and an elapsed time between collection of the sets of values.Type: GrantFiled: September 17, 2019Date of Patent: February 22, 2022Assignee: Risklens, Inc.Inventor: Jack Jones
-
Patent number: 11256808Abstract: Techniques for detecting malware via scanning for dynamically generated function pointers in memory are disclosed. In some embodiments, a system/process/computer program product for detecting malware via scanning for dynamically generated function pointers in memory includes monitoring changes in memory during execution of a malware sample in a computing environment; detecting a dynamically generated function pointer in memory based on an analysis of the monitored changes in memory during execution of the malware sample in the computing environment; and generating a signature based on detection of the dynamically generated function pointer in memory, wherein the malware sample was determined to be malicious.Type: GrantFiled: February 28, 2020Date of Patent: February 22, 2022Assignee: Palo Alto Networks, Inc.Inventor: Robert Jung
-
Patent number: 11250145Abstract: Examples of a data transmission method and apparatus in TEE systems are described. One example of the method includes: obtaining first data; obtaining a write offset address by reading a first address; obtaining a read offset address by reading a second address; determining whether the number of bytes in the first data is less than or equal to the number of writable bytes, where the number of writable bytes is determined based on the write offset address and the read offset address, and each address corresponds to one byte; when the number of bytes in the first data is less than or equal to the number of writable bytes, writing the first data into third addresses starting from the write offset address; and updating the write offset address in the first address.Type: GrantFiled: May 10, 2021Date of Patent: February 15, 2022Assignee: Advanced New Technologies Co., Ltd.Inventors: Qi Liu, Boran Zhao, Ying Yan, Changzheng Wei
-
Patent number: 11245599Abstract: A network monitoring device may receive flow-tap information that identifies a traffic flow characteristic and a signed URL associated with a signed URL platform from a mediation device. The network device may map the traffic flow characteristic to the signed URL in an entry of a flow-tap filter that is maintained within a data structure of the network device. The network device may analyze, using the flow-tap filter, network traffic of the network to detect a traffic flow that is associated with the traffic flow characteristic. The network device may generate, based on detecting the traffic flow in the network traffic, a traffic flow copy that is associated with the traffic flow. The network device may provide, based on the signed URL, the traffic flow copy to the signed URL platform, wherein the traffic flow copy is to be accessible to an authorized user device via the signed URL.Type: GrantFiled: June 26, 2020Date of Patent: February 8, 2022Assignee: Juniper Networks, Inc.Inventor: Sheeja J S
-
Patent number: 11244051Abstract: A computer implemented method for protecting data stored in at least one file from being overwritten by malicious code, comprises: monitoring at least one file stored in a storage device location to detect a request to perform an overwrite operation at least a portion of data of the at least one file; redirecting the overwrite operation to a memory location designated as safe for being overwritten; analyzing the overwrite operation at the memory location to identify an association with malicious code; and outputting an indication of an attempt to overwrite the at least one file by malicious code.Type: GrantFiled: December 11, 2017Date of Patent: February 8, 2022Assignee: Fortinet, Inc.Inventors: Udi Yavo, Tomer Bitton, Ido Kelson, Gregory Messerman
-
Patent number: 11240275Abstract: A network device for collecting and distributing cybersecurity intelligence, which features analytics logic and a plurality of plug-ins. The analytics logic is configured to (i) receive a request message to conduct a cybersecurity analysis and (ii) select one of a first set or second set of plug-ins to conduct the cybersecurity analysis. Responsive to selecting a first plug-in of the first set of plug-ins by the analytics logic, the system conducts and completes the cybersecurity analysis while a communication session between the first plug-in and a network device initiating the request message remains open. Responsive to selecting a second plug-in by the analytics logic, the system conducts and completes the cybersecurity analysis while allowing the cybersecurity intelligence to be provided in response to the request message during a different and subsequent communication session than the communication session during which the request message is received.Type: GrantFiled: December 17, 2018Date of Patent: February 1, 2022Assignee: FireEye Security Holdings US LLCInventors: Sai Vashisht, Alexander Otvagin
-
Patent number: 11240260Abstract: A method and system for monitoring computer network intrusions, the system comprising at least one security device including a processor and memory. The at least one security device is communicatively coupled to a private network and configured to generate heartbeat pulses comprising operational snapshots of the at least one security device. The system further comprises one or more host systems configured to communicate with the at least one security device from an external network, transmit configuration parameters to the at least one security device, the configuration parameters including instructions for the at least one security device to operate as a given type of network asset, monitor the heartbeat pulse of the at least one security device, determine a change in integrity in the at least one security device based on the monitoring, and send one or more notification messages to a network administrator based on the determination.Type: GrantFiled: February 4, 2020Date of Patent: February 1, 2022Assignee: Connecticut Information Security LLCInventor: Sean Murray Mehner
-
Patent number: 11233703Abstract: Techniques for enriching encrypted traffic analytics are presented. In one embodiment, a method includes obtaining telemetry data for one or more domains within a network. The telemetry data includes both encrypted traffic analytics information and traffic flow information associated with the network traffic. For each domain of the one or more domains, the method also includes generating a model comprising a mapping from a plurality of traffic flow information features to at least one encrypted traffic analytics feature. The method includes generating a database comprising generated models for each of the domains and obtaining telemetry data for a target domain that includes traffic flow information, but does not include encrypted traffic analytics information. At least one encrypted traffic analytics feature of the target domain is determined based on a plurality of traffic flow information features of the target domain using the database.Type: GrantFiled: November 20, 2018Date of Patent: January 25, 2022Assignee: CISCO TECHNOLOGY, INC.Inventors: Martin Vejman, Lukas Machlica
-
Patent number: 11232204Abstract: Disclosed herein are system, method, and computer program product embodiments for performing threat detection on a monitored system. The monitored system may periodically send artifacts (e.g., database records, binaries, program code, business data) to a repository for storage and creation of a snapshot. This repository is typically held in a cloud-based system. The cloud-based system can compare a snapshot of the artifacts against prior snapshots, and generate a change log. This change log can then be provided to a threat detection system for analysis. By this approach, an intrusion can potentially be detected even when system logs cannot be trusted, due to tampering or other inaccuracies.Type: GrantFiled: November 20, 2018Date of Patent: January 25, 2022Assignee: SAP SEInventors: Robert Lorch, Frederik Thormaehlen
-
Patent number: 11232198Abstract: Disclosed embodiments relate to systems and methods for generating visual representations of scripts based on centralized security assessments. Techniques include identifying, at a centralized script execution resource in a network environment, a first script; performing a multidimensional analysis for a particular action of the first script based on at least: a service identity of the particular action, an action type of the particular action, and a target resource associated with the particular action; and providing a visual representation of a context of the particular action based on the multidimensional analysis, the visual representation expressing the service identity, the action type, and the target resource.Type: GrantFiled: January 28, 2020Date of Patent: January 25, 2022Assignee: CyberArk Software Ltd.Inventor: Asaf Hecht
-
Patent number: 11232206Abstract: A system and method for providing automated service-based malware remediation. When a computing device is attacked by malware such as ransomware, multiple manual steps are usually needed to fully remediate the device. Users are typically required to follow several steps to remove the ransomware, and potentially must engage in the challenging task of reimaging the impacted device as well as choosing a restore point for point-in-time recovery. The disclosed systems provide a mechanism by which a cloud-based service manages a fully automated remediation and file recovery process for the user.Type: GrantFiled: April 23, 2019Date of Patent: January 25, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Filip Chelarescu, Steven J. Bailey, John David Rodrigues
-
Patent number: 11228610Abstract: A method and system for classification of cyber-threats is provided. The method includes receiving a request for classifying a cyber-threat detected by a cyber-security system, wherein the request includes initial information about the detected cyber-threat; enriching the initial information about the detected cyber-threat to provide textual information about at least one perceived threat related to the detected cyber-threat; and classifying each of the at least one perceived threat into a security service, wherein the classification is performed based on the respective textual information.Type: GrantFiled: August 14, 2018Date of Patent: January 18, 2022Assignee: Cybereason Inc.Inventors: Shlomi Medalion, Rami Cohen, Ron Katz, Idan Bellayev, Avi Chesla
-
Patent number: 11227051Abstract: A method for detecting computer virus applied in a computing device includes obtaining a list of clean files each with file storage path and calculating a hash value of the file name corresponding to each storage path. An original status list according to the hash value and the storage path is generated, and the original status list is written in to a blockchain network. After the computing device becomes connected to a network and therefore exposed to viruses a second list of the files can be obtained and hash value of the file name is compared to the hash value in the original status list. Differences in hash values are deemed the result of a virus and the user is warned. A computing device and storage medium are also disclosed.Type: GrantFiled: October 30, 2019Date of Patent: January 18, 2022Assignee: HON HAI PRECISION INDUSTRY CO., LTD.Inventor: Liang-Te Chiu
-
Patent number: 11227052Abstract: A method of protecting a computer from malicious software includes receiving a computer file, and scanning, via anti-malware, the computer file for known malicious software. The method include, when the anti-malware fails to detect known malicious software in the computer file, performing a dynamic operating-system-level containerization to access content of the computer file, including creating and launching an isolated container on the computer. The method includes accessing the content of the computer file in the isolated container on the computer, and monitoring execution of computer-readable program code in the isolated container as the content of the computer file is accessed. And the method includes performing a remedial action when as the execution of computer-readable program code in the isolated container is monitored, a pattern in the execution is detected that indicates the computer file contains malicious software that is otherwise unknown.Type: GrantFiled: May 21, 2019Date of Patent: January 18, 2022Assignee: THE BOEING COMPANYInventor: Rahul C. Thakkar
-
Patent number: 11222114Abstract: A method, computer program product and computer system are provided. A processor retrieves a target file for inspection of malware. A processor converts the target file to a time domain format. A processor determines one or more time-frequency domain features of the converted target file. A processor generates a malicious classification for the target file based on the one or more time-frequency domain features of the converted target file and one or more classification models.Type: GrantFiled: August 1, 2018Date of Patent: January 11, 2022Assignee: International Business Machines CorporationInventors: Bar Haim, Eitan Menahem
-
Patent number: 11223638Abstract: Methods and systems for classifying network users. The system may receive a classification of a user account on a network and network activity data associated with the user account. Upon detecting a discrepancy between the expected behavior of the user account based on its classification and the present behavior of the user account, the system may obtain a corroborating result from one or more directory sources. An alert may then be issued based on the detected discrepancy and the corroborating result.Type: GrantFiled: December 27, 2018Date of Patent: January 11, 2022Assignee: Rapid7, Inc.Inventor: Roy Hodgman
-
Patent number: 11216554Abstract: A determining apparatus performs emulation of an attack code included in an attack request that is addressed to a web application (web server), based on the attack type of the attack code, and extracts a feature that appears in a response issued by the web application when the emulation results in a successful attack. The determining apparatus determines that the attack has succeeded if the feature is included in a response from the web application, and determines that the attack has failed if the feature is not included.Type: GrantFiled: July 11, 2018Date of Patent: January 4, 2022Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventor: Yo Kanemoto
-
Patent number: 11216557Abstract: A system and a method to detect malicious software written to an Ethernet solid-state drive (eSSD). The system includes an Ethernet switch, at least one SSD, and a baseboard management controller (BMC). The Ethernet switch receives write data from a communication network in response to a write command. The at least one SSD receives the write data from the Ethernet switch and stores the received write data. The BMC receives from the at least one SSD the received write data. The BMC determines whether the received write data contains malicious software. The received write data may be contained in a plurality of Ethernet packets in which case the BMC stores the received write data in a scan buffer in an order that is based on an assembled order of the received write data.Type: GrantFiled: February 25, 2020Date of Patent: January 4, 2022Inventors: Sompong Paul Olarig, Ramdas P. Kachare, Son T. Pham
-
Patent number: 11210411Abstract: Examples of a data transmission method and apparatus in TEE systems are described. One example of the method includes: obtaining first data; obtaining a write offset address by reading a first address; obtaining a read offset address by reading a second address; determining whether the number of bytes in the first data is less than or equal to the number of writable bytes, where the number of writable bytes is determined based on the write offset address and the read offset address, and each address corresponds to one byte; when the number of bytes in the first data is less than or equal to the number of writable bytes, writing the first data into third addresses starting from the write offset address; and updating the write offset address in the first address.Type: GrantFiled: May 10, 2021Date of Patent: December 28, 2021Assignee: Advanced New Technologies Co., Ltd.Inventors: Qi Liu, Boran Zhao, Ying Yan, Changzheng Wei
-
Patent number: 11210464Abstract: Methods and systems are presented for automatically detecting positions of various webpage elements within a webpage when the webpage is rendered, based on analyzing the programming code of the webpage. A position detection system obtains and parses the programming code of the webpage to identify webpage elements within the webpage. A group of related webpage elements is identified based on a shared programming structure. The position detection system generates a DOM tree based on the programming code, and determines relative positions of the webpage elements within the group by traversing the DOM tree using a breadth-first search algorithm.Type: GrantFiled: September 3, 2019Date of Patent: December 28, 2021Assignee: PayPal, Inc.Inventors: Olga Sharshevsky, Yarden Raiskin, Ran Yuchtman
-
Patent number: 11212301Abstract: The present teaching generally relates to detecting abnormal user activity associated with an entity. In a non-limiting embodiment, baseline distribution data representing a baseline distribution characterizing normal user activities for an entity may be obtained. Information related to online user activities with respect to the entity may be received, distribution data representation a dynamic distribution may be determined based, at least in part, on the information. One or more measures characterizing a difference between the baseline distribution and the dynamic distribution may be computed, and in real-time it may be assessed whether the information indicates abnormal user activity. If the first information indicates abnormal user activity, then output data including the distribution data and the one or more measures may be generated.Type: GrantFiled: August 13, 2019Date of Patent: December 28, 2021Assignee: VERIZON MEDIA INC.Inventors: Liang Wang, Angus Qiu, Chun Han, Liang Peng
-
Patent number: 11212373Abstract: Methods and apparatus for efficient data transfer within a user space network stack. Unlike prior art monolithic networking stacks, the exemplary networking stack architecture described hereinafter includes various components that span multiple domains (both in-kernel, and non-kernel). For example, unlike traditional “socket” based communication, disclosed embodiments can transfer data directly between the kernel and user space domains. Direct transfer reduces the per-byte and per-packet costs relative to socket based communication. A user space networking stack is disclosed that enables extensible, cross-platform-capable, user space control of the networking protocol stack functionality. The user space networking stack facilitates tighter integration between the protocol layers (including TLS) and the application or daemon. Exemplary systems can support multiple networking protocol stack instances (including an in-kernel traditional network stack).Type: GrantFiled: December 28, 2018Date of Patent: December 28, 2021Assignee: Apple Inc.Inventors: Cahya Adiansyah Masputra, Wei Shen, Sandeep Nair, Olivier Mardinian, Darrin Jewell
-
Patent number: 11204745Abstract: Examples herein describe techniques for generating dataflow graphs using source code for defining kernels and communication links between those kernels. In one embodiment, the graph is formed using nodes (e.g., kernels) which are communicatively coupled by edges (e.g., the communication links between the kernels). A compiler converts the source code into a bit stream and/or binary code which configure a heterogeneous processing system of a SoC to execute the graph. The compiler uses the graph expressed in source code to determine where to assign the kernels in the heterogeneous processing system. Further, the compiler can select the specific communication techniques to establish the communication links between the kernels and whether synchronization should be used in a communication link. Thus, the programmer can express the dataflow graph at a high-level (using source code) without understanding about how the operator graph is implemented using the heterogeneous hardware in the SoC.Type: GrantFiled: May 23, 2019Date of Patent: December 21, 2021Assignee: XILINX, INC.Inventors: Shail Aditya Gupta, Samuel R. Bayliss, Vinod K. Kathail, Ralph D. Wittig, Philip B. James-Roxby, Akella Sastry
-
Patent number: 11205001Abstract: A method of cleaning up a virus program, in an electronic terminal including at least one processor, is provided. An operable interface is displayed on a terminal locked page in response to a first operation instruction on the terminal locked page, the terminal locked page being a page of the virus program and displayed on a screen of the electronic terminal. A second operation instruction on the operable interface is obtained, and identifier information of the virus program is obtained in response to the second operation instruction. The virus program is controlled to run by displaying an auxiliary page on the screen of the electronic terminal in a bring-to-front manner. The virus program is cleaned up based on the identifier information.Type: GrantFiled: July 22, 2019Date of Patent: December 21, 2021Assignee: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LTDInventor: Chen Geng
-
Patent number: 11204999Abstract: Disclosed are an apparatus and method of verifying an application installation procedure. One example method of operation may include receiving an application at a computer device and initiating the installation of the application on the computer device. The method may also provide executing the application during the installation procedure and creating a hash value corresponding to the executed application data. The method may further provide storing the hash value in memory and comparing the hash value to a pre-stored hash value to determine whether to continue the installation of the application.Type: GrantFiled: April 28, 2020Date of Patent: December 21, 2021Assignee: OPEN INVENTION NETWORK LLCInventor: William Charles Easttom
-
Patent number: 11202187Abstract: A system, method and storage medium for operating a stealth mode of an emergency vehicle includes receiving input data including at least one of an input from an operator or one or more program input parameters; determining a data operation mode based on the received input data, wherein the data operation mode is one of a normal mode and one or more stealth modes; and generating a control signal based on the determined operation mode. When the data operation mode is one of the one or more stealth modes, the control signal is adapted to control a first device to suspend a transmission of at least one data group among candidate suspended data to at least one second device in communication with the first device.Type: GrantFiled: December 20, 2019Date of Patent: December 14, 2021Assignee: WHELEN ENGINEERING COMPANY, INC.Inventor: George W. Whelen
-
Patent number: 11194909Abstract: A computerized method for logical identification of malicious threats across a plurality of end-point devices (EPD) communicatively connected by a network, comprising collecting over the network an identifier associated with each file of a plurality of files, wherein each file of the plurality of files is installed on at least one of the plurality of EPDs and wherein the identifier is the same for each like file of the plurality of file. Information associated with an identified subset of files is collected, wherein the information indicates at least a time at which the at least one file was installed on one or more of the plurality of EPDs and the way the at least one file spread within the network. The collected information is analyzed according to a set of predetermined computerized investigation rules. The analysis is used to determine whether at least a file of the identified subset files is a suspicious file.Type: GrantFiled: June 21, 2018Date of Patent: December 7, 2021Assignee: Palo Alto Networks, Inc.Inventor: Gil Barak
-
Patent number: 11196754Abstract: The disclosed computer-implemented method for protecting against malicious content may include intercepting, by a security application installed on the computing device, an original message intended for a target application installed on the same computing device. The original message may include potentially malicious content. The security application may forward the original message to a security service. The computing device may receive a clean message from the security service, wherein the clean message includes a safe representation of the potentially malicious content. Various other methods, systems, and computer-readable media are also disclosed.Type: GrantFiled: June 25, 2019Date of Patent: December 7, 2021Assignee: CA, INC.Inventors: Everett Lai, Tamas Rudnai
-
Patent number: 11196765Abstract: Simulating user interactions during dynamic analysis of a sample is disclosed. A sample is received for analysis. Prior to execution of the sample, a baseline screenshot of a desktop is generated by accessing frame buffer data stored on a graphics card. The sample is caused to execute, at least in part using one or more hypervisor instructions to move a pointing device to an icon associated with the sample. A current screenshot of the desktop is generated by accessing current frame buffer data stored on the graphics card.Type: GrantFiled: September 13, 2019Date of Patent: December 7, 2021Assignee: Palo Alto Networks, Inc.Inventors: Brandon R. Young, Daniel Raygoza, Sebas Sujeen Reymond Johnson, Abhiroop Dabral
-
Patent number: 11188477Abstract: In an embodiment, a computer system comprises a page protection layer. The page protection layer may be the component in the system which manages the page tables for virtual to physical page mappings. Transactions to the page protection layer are used to create/manage mappings created in the page tables. The page protection layer may enforce dynamic security policies in the system (i.e. security policies that may not be enforced using only a static hardware configuration). In an embodiment, the page protection layer may ensure that it is the only component which is able to modify the page tables. The page protection layer may ensure than no component in the system is able to modify a page that is marked executable in any process' address space. The page protection may ensure that any page that is marked executable has code with a verified code signature, in an embodiment.Type: GrantFiled: September 9, 2019Date of Patent: November 30, 2021Assignee: Apple Inc.Inventors: Julien Oster, Thomas G. Holland, Bernard J. Semeria, Jason A. Harmening, Pierre-Olivier J. Martel, Gregory D. Hughes, P. Love Hornquist Astrand, Jacques Fortier, Ryan P. Nielson, Simon P. Cooper
-
Patent number: 11188644Abstract: There is provided a method for application behaviour control on a computer system. The method includes grouping applications into a set of clusters, wherein each application is grouped to a specific cluster on the basis of predefined event profiles for applications in the specific cluster; monitoring procedures that a specific cluster performs on one or more computer devices; and generating a list of expected events and prohibited events of the specific cluster based on monitoring for enabling the one or more client computer devices and/or an administrator of the one or more client computer devices to take further action related to the applications installed on the one or more client computer devices.Type: GrantFiled: March 18, 2019Date of Patent: November 30, 2021Assignee: F-Secure CorporationInventors: Pavel Turbin, Dmitrii Tikhonov, Grigori Eskov, Janne Laaksonen
-
Patent number: 11190540Abstract: The technology disclosed relates to detecting a data attack on a local file system. The detecting includes scanning a list to identify files of the local file system that have been updated within a timeframe, reading payloads of files identified by the scanning, calculating current content properties from the payload of the files, obtaining historical content properties of the files, determining that a malicious activity is in process by analyzing the current content properties and the historical content properties to identify a pattern of changes that exceeds a predetermined change velocity. Further, the detecting includes determining that the malicious activity is in process by analyzing the current content properties and known patterns of malicious metadata to identify a match between the current metadata and the known patterns of malicious metadata, determining a machine/user that initiated the malicious activity, and implementing a response mechanism that restricts file modifications by the machine/user.Type: GrantFiled: November 4, 2019Date of Patent: November 30, 2021Assignee: Netskope, Inc.Inventors: Sean Hittel, Krishna Narayanaswamy, Ravindra K. Balupari, Ravi Ithal
-
Patent number: 11188650Abstract: Data is analyzed using feature hashing to detect malware. A plurality of features in a feature set is hashed. The feature set is generated from a sample. The sample includes at least a portion of a file. Based on the hashing, one or more hashed features are indexed to generate an index vector. Each hashed feature corresponds to an index in the index vector. Using the index vector, a training dataset is generated. Using the training dataset, a machine learning model for identifying at least one file having a malicious code is trained.Type: GrantFiled: February 24, 2020Date of Patent: November 30, 2021Assignee: Cylance Inc.Inventor: Andrew Davis
-
Patent number: 11184379Abstract: Disclosed herein are embodiments of systems, methods, and products comprising an analytic server, which automatically detects malicious electronic files. The analytic server receives electronic files, runs a file extraction module to recursively scan the electronic files, and extracts all of the embedded and linked electronic files. The analytic server runs an exploit scanner against the extracted electronic files, and extracts code included in the electronic files. The analytic server deobfuscates the extracted code and examines the deobfuscated code by applying a set of malicious behavior rules against the deobfuscated rules. The analytic server identifies potentially malicious electronic files based on the examination. The analytic server applies a set of whitelist rules on the potentially malicious electronic files to eliminate false alarms. The analytic server transmits alert notifications to an analyst regarding the malicious electronic files and updates the whitelist rules based on analyst's feedback.Type: GrantFiled: March 15, 2019Date of Patent: November 23, 2021Assignee: United Services Automobile Association (USAA)Inventor: Joseph Andrew Kjar
-
Patent number: 11182182Abstract: A method of probing a computer system includes steps of compiling a script that includes a call to a first function with first parameters, to generate executable code that includes a call to a second function with second parameters, wherein the second function and the second parameters are specified as values of the first parameters of the first function in the call to the first function, injecting the executable code into an executing module of the computer system, and as the executing module is running, executing the executable code to call the second function.Type: GrantFiled: July 24, 2019Date of Patent: November 23, 2021Assignee: VMware, Inc.Inventors: Julien Freche, Ashish Kaila, Lorenzo David, Abhishek Srivastava, Nahim El Atmani
-
Patent number: 11184380Abstract: Website data security is provided by conditionally accessing, assessing, and processing website content file attribute data and website content files used to host websites with a first set of servers configured with website content security breach analysis, detection, and repair functionality. The website content files are conditionally accessed based on a file modification date without heavily loading the servers hosting the website. The website content is analyzed by decoding PHP code and executing code in a hardened execution environment. Repair is accomplished through removing or replacing breached content.Type: GrantFiled: December 10, 2019Date of Patent: November 23, 2021Assignee: SiteLock, LLCInventors: Tomas Gorny, Tracy Conrad, Scott Lovell, Neill E. Feather
-
Patent number: 11182481Abstract: A system for evaluating files for cyber threats includes a machine learning model and a locality sensitive hash (LSH) repository. When the machine learning model classifies a target file as normal, the system searches the LSH repository for a malicious locality sensitive hash that is similar to a target locality sensitive hash of the target file. When the machine learning model classifies the target file as malicious, the system checks if response actions are enabled for the target file. The system reevaluates files that have been declared as normal, and updates the LSH repository in the event of false negatives. The system disables response actions for files that have been reported as false positives.Type: GrantFiled: July 31, 2019Date of Patent: November 23, 2021Assignee: Trend Micro IncorporatedInventors: Jonathan James Oliver, Chia-Yen Chang, Wen-Kwang Tsao, Li-Hsin Hsu
-
Patent number: 11178172Abstract: The technology disclosed relates to detecting a data attack on a file system stored on an independent data store. The detecting includes scanning a list to identify files of the independent data store that have been updated within a timeframe, assembling current metadata for files identified by the scanning, obtaining historical metadata of the files, determining that a malicious activity is in process by analyzing the current metadata of the files and the historical metadata to identify a pattern of changes that exceeds a predetermined change velocity. Further, the detecting includes determining that the malicious activity is in process by analyzing the current metadata of the files and known patterns of malicious metadata to identify a match between the current metadata and the known patterns of malicious metadata, determining a machine/user that initiated the malicious activity, and implementing a response mechanism that restricts file modifications by the determined machine/user.Type: GrantFiled: November 8, 2019Date of Patent: November 16, 2021Assignee: NETSKOPE, INC.Inventors: Sean Hittel, Krishna Narayanaswamy, Ravindra K. Balupari, Ravi Ithal
-
Patent number: 11176263Abstract: Disclosed herein are systems and methods for detecting unauthorized alteration with regard to a certificate store. In one aspect, an exemplary method comprises, tracking changes in a file system or a system registry of an operating system of a device with regard to the certificate store, detecting an alteration or an attempted alteration with regard to the certificate and sending information about the alternation or the attempted alteration to an analysis module, obtaining information about at least one certificate with which a change in the file system or the system registry with regard to the certificate store is connected, and determining a class of the change, where the class of the change is determined from a portion of the respective system registry or the file system in which the change occurred and from an action associated with the change, and comparing the obtained information to similar information on known certificates.Type: GrantFiled: March 20, 2019Date of Patent: November 16, 2021Assignee: AO Kaspersky LabInventors: Vladislav I. Ovcharik, Oleg G. Bykov, Natalya S. Sidorova
-
Patent number: 11178106Abstract: A first security policy associated with a first tenant in a multi-tenant hosting data processing environment is created. A first virtual machine is caused to execute on a first host, the first virtual machine associated with a first group defined by the first security policy. A controller is caused to send, from the controller to an agent executing on the first host, authorized communication information, the authorized communication information specifying a set of virtual machines associated with the first group. The agent is caused to configure a second routing entry in the first host, the second routing entry derived from the authorized communication information, the second routing entry causing the first virtual machine to reject outgoing network traffic intended for a second IP address, the second IP address associated with a third virtual machine outside the first group.Type: GrantFiled: February 11, 2019Date of Patent: November 16, 2021Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Yi Yang, Timothy J. Kuik, Flavio Fernandes, Kyle Andrew Donald Mestery
-
Patent number: 11177933Abstract: A method for side-channel attack mitigation in streaming encryption includes reading into a decryption process executing in memory of a computer, an input stream and extracting from the input stream both an encryption envelope and cipher text and extracting from the encryption envelope, a wrapped key. Then, decryption may be performed in constant time of the cipher text using one of two different keys, a first for authenticated decryption comprising the wrapped key, and a second for unauthenticated encryption comprising a dummy key, with no difference in timing of execution regardless of which of the two different keys are utilized during decryption of the cipher text.Type: GrantFiled: March 24, 2019Date of Patent: November 16, 2021Assignee: Google LLCInventor: Adam Markowitz
-
Patent number: 11178181Abstract: System and method for managing security-relevant information in a computer network uses a security information plane (SIP) manager to which different types of security-relevant data are uploaded from components in the computer network and from which networkwide aggregated security information produced from the security-relevant data is download to a global security controller. The downloaded networkwide aggregated security information is used by the global security controller to control security applications running in the computer network.Type: GrantFiled: December 20, 2018Date of Patent: November 16, 2021Assignee: VMWARE, INC.Inventors: David Ott, Lei Xu, Dennis R. Moreau
-
Patent number: 11171973Abstract: A threat protection system provides for detecting links in a document and analyzing whether one of the detected links is a malicious link that may direct a user of the document to a malicious universal resource locator (URL). In one implementation of the described technology, when a user selects a link in a document, a link activation module calls a threat protection client module that performs a reputation check for the link. If the selected link is malicious, the threat protection client module sends a URL of a warning page to the link activation module.Type: GrantFiled: October 21, 2019Date of Patent: November 9, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Varagur Karthikeyan Sriram Iyer, Willson Kulandai Raj David, Vinayak Goyal, Matthew Bryan Jeffries
-
Patent number: 11165811Abstract: Computer security vulnerability assessment is performed with product binary data and product vulnerability data that correspond with product identification data. A correspondence between the product binary data and the product vulnerability data is determined, and a binaries-to-vulnerabilities database is generated. The binaries-to-vulnerabilities database is used to scan binary data from a target device to find matches with the product binary data. A known security vulnerability of the target device is determined based on the scanning and the correspondence between the product binary data and the vulnerability data. In some embodiments, the target device is powered off and used as an external storage device to receive the binary data therefrom.Type: GrantFiled: February 3, 2020Date of Patent: November 2, 2021Assignee: OPSWAT, Inc.Inventors: Benjamin Czarny, Jianpeng Mo, Ali Rezafard, David Matthew Patt
-
Patent number: 11157620Abstract: A cybersecurity server receives an executable file to be classified. A call graph of the executable file is generated. Functions of the executable file are represented as vertices in the call graph, and a vertex value is generated for each vertex. The vertex values are arranged in traversal order of the call graph to generate a call graph pattern. A digest of the call graph pattern is calculated and compared to one or more malicious digests.Type: GrantFiled: January 21, 2020Date of Patent: October 26, 2021Assignee: Trend Micro IncorporatedInventors: Chia-Ching Fang, Shih-Hao Weng
-
Method to transfer firmware level security indicators to OS level threat protection tools at runtime
Patent number: 11157628Abstract: An information handling system may include a processor, a memory coupled to the processor, a storage resource, and a basic input/output system (BIOS). The BIOS may be configured to, while the information handling system is in a pre-boot environment and prior to initialization of an operating system of the information handling system: detect a security vulnerability of the information handling system; and store data regarding the security vulnerability in a portion of the storage resource that is accessible to both the BIOS and the operating system. The information handling system may be further configured to, after the initialization of the operating system, execute a security management service to access, from within the operating system, the data regarding the security vulnerability.Type: GrantFiled: July 25, 2019Date of Patent: October 26, 2021Assignee: Dell Products L.P.Inventors: Shekar Babu Suryanarayana, Balasingh Ponraj Samuel -
Patent number: 11159538Abstract: A malware profile is received. The malware profile comprises a set of one or more activities associated with executing a copy of a known malicious application that is associated with the malware profile. A set of one or more log entries is analyzed for a set of entries that matches the malware profile. Based at least in part on identifying the set of entries matching the malware profile, a determination is made that a host was compromised.Type: GrantFiled: January 31, 2018Date of Patent: October 26, 2021Assignee: Palo Alto Networks, Inc.Inventors: Jun Wang, Wei Xu
-
Patent number: 11151248Abstract: There is provided a method which forwards an anomaly to cloud based malware analysis and detection system in order to analyze files having this anomaly and increase zero-day malware detection throughput for files attached to emails. The method takes data from a binary file for calculating the true file type and the file extension, then applies a contradiction check to control whether the file extension seen in a file name is consistent with the file type. The file of the attachment is forwarded to a zero-day malware analysis queue, implementing zero-day malware classification, if the file extension is not reflecting the true file type. If the file extension and the true file type are consistent, the method forwards the file of the attachment to a malware analysis and detection queue, implementing traditional unknown file classification.Type: GrantFiled: September 10, 2019Date of Patent: October 19, 2021Inventor: Berker Batur
-
Patent number: 11146532Abstract: Blockchain technology is used to provide security of electronic systems. The disclosed technology allows for a dynamic bond of trust to be applied to the field of information security without the need for a single point of trust to first be established. The lines of trust between electronic systems or devices is established by distributing information among the systems or devices. This allows for easy identification of commonalities and/or decision making whereby policy(s)/action(s)/monitoring/etc. can be enforced when those commonalities align. Simultaneously, deviations from those commonalities can be identified and policy(s)/action(s)/monitoring/etc. may also be invoked.Type: GrantFiled: November 26, 2018Date of Patent: October 12, 2021Inventor: Kevin Tobin
-
Patent number: 11144640Abstract: According to one embodiment of the present invention, a system provides security for a device and includes at least one processor. The system monitors a plurality of networked devices for a security risk. Each networked device is associated with a corresponding security risk tolerance. In response to a monitored security risk for one or more of the plurality of networked devices exceeding the corresponding risk tolerance, a network service is initiated to perform one or more actions on each of the one or more networked devices to alleviate the associated security risk. Embodiments of the present invention further include a method and computer program product for providing security to a device in substantially the same manner described above.Type: GrantFiled: August 9, 2019Date of Patent: October 12, 2021Assignee: International Business Machines CorporationInventors: Michael Bender, Rhonda L. Childress, Marc A. Dickenson, Thomas J. Fleischman, Timothy J. Hahn