Virus Detection Patents (Class 726/24)
  • Patent number: 10873603
    Abstract: Systems and techniques for sharing security data are described herein. Security rules and/or attack data may be automatically shared, investigated, enabled, and/or used by entities. A security rule may be enabled on different entities comprising different computing systems to combat similar security threats and/or attacks. Security rules and/or attack data may be modified to redact sensitive information and/or configured through access controls for sharing.
    Type: Grant
    Filed: March 16, 2018
    Date of Patent: December 22, 2020
    Assignee: Palantir Technologies Inc.
    Inventors: Jacob Albertson, Melody Hildebrandt, Harkirat Singh, Shyam Sankar, Rick Ducott, Peter Maag, Marissa Kimball
  • Patent number: 10872146
    Abstract: This disclosure relates to systems and methods generating and distributing protected software applications. In certain embodiments, integrity checking mechanisms may be implemented using integrity checking code in software code prior to compilation into machine code. Following compilation and execution of the application, the introduced code may check the integrity of the application by determining whether the application behaves and/or otherwise functions as expected. By introducing integrity checking in this manner, integrity checking techniques may be injected into the application prior to compilation into machine code and/or independent of the particular manner in which the application is compiled.
    Type: Grant
    Filed: October 31, 2019
    Date of Patent: December 22, 2020
    Assignee: Intertrust Technologies Corporation
    Inventor: Marko Caklovic
  • Patent number: 10872148
    Abstract: A system, method, and computer program product are provided for isolating a device associated with at least potential data leakage activity, based on user input. In operation, at least potential data leakage activity associated with a device is identified. Furthermore, at least one action is performed to isolate the device, based on user input received utilizing a user interface.
    Type: Grant
    Filed: February 16, 2016
    Date of Patent: December 22, 2020
    Assignee: MCAFEE, LLC
    Inventors: Srinivasan Sankararaman, Deepakeswaran Kolingivadi
  • Patent number: 10867042
    Abstract: Disclosed are systems and methods generating a convolution function for training a malware detection model. An example method comprises generating, by a processor, a plurality of behavior patterns based on one or more logs of commands executed on a computing device, calculating, by the processor, an effectiveness of each of a plurality of methods for machine learning based on the plurality of behavior patterns, determining, by the processor, a preferred method for machine learning from the plurality of methods for machine learning by selecting the preferred method as a method with the greatest effectiveness from the plurality of methods for machine learning, obtaining, by the processor, parameters of the malware detection model by applying convolution functions to the plurality of behavior patterns, training, by the processor, the malware detection model to detect malicious files using the preferred method for machine learning.
    Type: Grant
    Filed: June 12, 2018
    Date of Patent: December 15, 2020
    Assignee: AO KAPERSKY LAB
    Inventors: Alexander S. Chistyakov, Ekaterina M. Lobacheva, Alexey M. Romanenko
  • Patent number: 10853480
    Abstract: Examples of the present disclosure describe systems and methods for detecting and mitigating stack pivoting exploits. In aspects, various “checkpoints” may be identified in software code. At each checkpoint, the current stack pointer, stack base, and stack limit for each mode of execution may be obtained. The current stack pointer for each mode of execution may be evaluated to determine whether the stack pointer falls within a stack range between the stack base and the stack limit of the respective mode of execution. When the stack pointer is determined to be outside of the expected stack range, a stack pivot exploit is detected and one or more remedial actions may be automatically performed.
    Type: Grant
    Filed: April 13, 2018
    Date of Patent: December 1, 2020
    Assignee: Webroot Inc.
    Inventor: Andrew Sandoval
  • Patent number: 10853188
    Abstract: A node for use in a data management system includes a persistent storage and a data protection agent. The persistent storage stores data. The data protection agent makes an identification of a data protection strategy change event for the data; in response to the identification: makes a determination that the data protection strategy change event is a scale down event; in response to the determination: identifies a number of replicas of the data in other nodes that are in a predetermined state; makes a second determination that the number of the replicas of the data in the other nodes that are in the predetermined state exceeds a threshold specified by a data protection policy associated with the data protection strategy change event; and reduces the number of replicas that exceed the threshold to be less than the threshold in response to the second determination.
    Type: Grant
    Filed: April 26, 2019
    Date of Patent: December 1, 2020
    Assignee: EMC IP Holding Company LLC
    Inventors: Si Chen, Zhenzhen Lin, Pengfei Wu, Assaf Natanzon
  • Patent number: 10855704
    Abstract: Methods and systems for neutralizing malicious locators. Threat actors may shut down their web pages or applications (i.e., resources) that serve malicious content upon receiving request(s) configured to be perceived by the resource as non-browser requests. Therefore, initiating (large-scale) non-browser requests, or requests that are at least perceived as non-browser requests, may effectively act to inhibit, or even nullify, intended attack vectors.
    Type: Grant
    Filed: February 11, 2020
    Date of Patent: December 1, 2020
    Assignee: Rapid7, Inc.
    Inventors: Roy Hodgman, Aditya Kuppa, Suchin Gururangan, Andrew Reece
  • Patent number: 10855698
    Abstract: In one embodiment, a device obtains simulation environment data regarding traffic generated within a simulation environment in which malware is executed. The device trains a malware detector using the simulation environment data. The device obtains deployment environment characteristics of a network to which the malware detector is to be deployed. The device configures the malware detector to ignore data in the simulation environment data that is associated with one or more environment characteristics that are not present in the deployment environment characteristics.
    Type: Grant
    Filed: December 22, 2017
    Date of Patent: December 1, 2020
    Assignee: Cisco Technology, Inc.
    Inventors: Blake Harrell Anderson, Martin Rehak, David McGrew, Martin Vejman, Tomas Pevny, Martin Grill, Jan Kohout
  • Patent number: 10855699
    Abstract: Methods, computer-readable media, software, and apparatuses may assist a consumer in keeping track of a consumer's accounts in order to prevent unauthorized access or use of the consumers identified subscription and financial accounts. The discovered subscriptions and financial accounts may be displayed to the consumer along with recommendations and assistance for closing unused or unwanted financial accounts and subscriptions to prevent unauthorized access or use.
    Type: Grant
    Filed: January 11, 2018
    Date of Patent: December 1, 2020
    Assignee: Allstate Insurance Company
    Inventors: Jason D. Park, John S. Parkinson
  • Patent number: 10848559
    Abstract: Malware scan status determination for network-attached storage systems is provided herein. A data storage system as described herein can include a memory that stores computer executable components and a processor that executes computer executable components stored in the memory. The computer executable components can include a data creation component that creates a scan status data structure associated with a network-attached storage (NAS) device, the scan status data structure comprising respective records that indicate a file identifier and a malware scan status for respective files stored on the NAS device, and a data update component that updates a record in the scan status data structure corresponding to a target file stored on the NAS device in response to receiving a malware scan result for the target file.
    Type: Grant
    Filed: May 1, 2018
    Date of Patent: November 24, 2020
    Assignee: EMC IP Holding Company LLC
    Inventors: Shiv Shankar Kumar, Jai Prakash Gahlot, Amit Kumar Chauhan
  • Patent number: 10846405
    Abstract: The disclosed computer-implemented method for detecting and protecting against malicious software may include loading an untrusted application having a defined entry point into an emulated computing environment, executing a first instance of the untrusted application in the emulated computing environment beginning at the defined entry point, executing a second instance of the untrusted application beginning at a second entry point downstream from the defined entry point so as to bypass at least a portion of the untrusted application executed in the first instance, identifying the untrusted application as a potential threat based on information extracted from the second instance of the untrusted application, and performing a security action to protect against the untrusted application identified as a threat. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: June 19, 2018
    Date of Patent: November 24, 2020
    Assignee: NORTONLIFELOCK INC.
    Inventors: Mircea Ciubotariu, Dumitru Stama
  • Patent number: 10839085
    Abstract: An example process includes: identifying, by one or more processing devices, candidate code in executable code based on a static analysis of the executable code, where the candidate code includes code that is vulnerable to attack or the candidate code being on a path to code that is vulnerable to attack, where information related to the attack is based, at least in part, on the candidate code; customizing, by one or more processing devices, a healing template based on the information to produce a customized healing template; and inserting, by one or more processing devices, the customized healing template into a version of the executable code at a location that is based on a location of the candidate code in the executable code, where the customized healing template includes code that is executable to inhibit the attack.
    Type: Grant
    Filed: February 11, 2019
    Date of Patent: November 17, 2020
    Assignee: BLUERISC, INC.
    Inventors: Csaba Andras Moritz, Kristopher Carver, Jeffry Gummeson
  • Patent number: 10838844
    Abstract: Data is received or accessed that includes a structured file encapsulating data required by an execution environment to manage executable code wrapped within the structured file. Thereafter, code and data regions are iteratively identified in the structured file. Such identification is analyzed so that at least one feature can be extracted from the structured file. Related apparatus, systems, techniques and articles are also described.
    Type: Grant
    Filed: May 28, 2019
    Date of Patent: November 17, 2020
    Assignee: Cylance Inc.
    Inventors: Derek A. Soeder, Ryan Permeh, Gary Golomb, Matthew Wolff
  • Patent number: 10839103
    Abstract: A method is provided for preventing divulgation of sensitive data in two snapshots, taken at different times, of one or more same systems in a cloud environment. The method identifies a set of files from among file pairs. Each file pair is formed from a respective file that includes at least one difference with respect to each snapshot. The method performs a pattern reducing process that removes, from the set of files, any of the files having, as the difference, a predetermined non-sensitive difference between respective executions of a pre-determined system operation. The method performs a commonality reducing process that removes, from the set of files, any files having, as the difference, a common difference between different users. The method annotates data in remaining files in the set as potentially being the sensitive data, subsequent to the reducing processes. The two snapshots include at least one Sandbox-based image.
    Type: Grant
    Filed: August 13, 2019
    Date of Patent: November 17, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Ai Ishida, Takuya Mishina, Yuji Watanabe
  • Patent number: 10834138
    Abstract: Among other things, this document describes systems, methods and devices for discovering and identifying client devices that attempt to access out-of-policy network services via a secure web gateway (or other network security gateway) that lacks visibility into the client network actual IP space. This is a common problem with cloud hosted SWG services that enforce access policy from outside of a customer network (e.g., external to an enterprise network), due to network address translation at the interface between the customer network and the public Internet where the cloud-hosted SWG resides. The teachings hereof address this problem. In one embodiment, a cloud hosted SWG can redirect a client to a bouncer device inside the customer network; that bouncer device can capture the actual client IP address.
    Type: Grant
    Filed: August 13, 2018
    Date of Patent: November 10, 2020
    Assignee: Akamai Technologies, Inc.
    Inventors: Eugene (John) Neystadt, Michael Graham, John Devasia
  • Patent number: 10834124
    Abstract: An opportunity to assist with remediation of a file at a remote particular host device is identified. One or more remediation techniques are identified that can be applied to assist with remediation of the file at the particular host device. In one aspect, one or more remediation scripts are identified from a plurality of remediation scripts for remediation of the file and provided to the particular host device for execution on the particular host device. In another aspect, a remediation tool is identified and launched on a computing device remote from the particular host device with operations of the remediation tool applied to resources of the particular host device. In another aspect, at least a portion of the remediation techniques are remotely initiated to be performed locally at the particular host device.
    Type: Grant
    Filed: January 30, 2019
    Date of Patent: November 10, 2020
    Assignee: McAfee, LLC
    Inventors: John D. Teddy, James Douglas Bean, Gregory William Dalcher, Jeff Hetzler
  • Patent number: 10826756
    Abstract: A computing system utilizes crowd sourcing to generate remediation files for systems experiencing alert conditions. During the generation of the remediation files the computing system identifies a plurality of different types of alerts associated with a plurality of different client systems. The computing system also generates a plurality of different client remediation process sets for each type of alert based on a correlation of process proximity and time to the alert conditions and determines which of the plurality of processes are related to the identified alert based on values in a correlation vector. Then, client remediation process sets are created to include the processes that are determined to be related to the identified alert and are clustered together to identify the processes to include in the generated composite remediation file for each type of alert, based on correlations existing between the plurality of different client remediation process sets.
    Type: Grant
    Filed: August 6, 2018
    Date of Patent: November 3, 2020
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Ben Kliger, Moshe Israel, Dotan Patrich, Michael Zeev Bargury
  • Patent number: 10824722
    Abstract: The present invention discloses methods and systems for genetic malware analysis and classification using code reuse patterns. Methods include the steps of: upon receiving a target binary file, disassembling the target binary file into assembly code; extracting individually-identifiable code fragments from the assembly code; normalizing the individually-identifiable code fragments into target genes; and collating the target genes into a code genome database. Alternatively, the step of normalizing includes upon detecting a MOV instruction, corresponding to a command to move values to a register before performing a CALL instruction, normalizing the MOV instruction to a PUSH instruction in the target genes. Alternatively, the step of normalizing includes upon detecting a SUB instruction, corresponding to a command for a subtraction operation to be performed, normalizing the SUB instruction to an ADD instruction, corresponding to a command for an addition operation to be performed, in the target genes.
    Type: Grant
    Filed: October 4, 2019
    Date of Patent: November 3, 2020
    Assignee: Intezer Labs, Ltd.
    Inventors: Itai Tevet, Roy Halevi, Ari Eitan
  • Patent number: 10824723
    Abstract: Particular embodiments described herein provide for an electronic device that can be configured to identify a binary file, identify strings in the binary file, determine that at least one string in the binary file is larger than one kilobytes of data, identify at least one substring from each of the at least one strings in the binary file is larger than one kilobytes of data, and analyze each of the at least one substrings to determine if each of the at least one substrings are suspicious and related to malware.
    Type: Grant
    Filed: September 26, 2018
    Date of Patent: November 3, 2020
    Assignee: McAfee, LLC
    Inventor: Daniel L. Burke
  • Patent number: 10826934
    Abstract: Example techniques described herein determine a validation dataset, determine a computational model using the validation dataset, or determine a signature or classification of a data stream such as a file. The classification can indicate whether the data stream is associated with malware. A processing unit can determine signatures of individual training data streams. The processing unit can determine, based at least in part on the signatures and a predetermined difference criterion, a training set and a validation set of the training data streams. The processing unit can determine a computational model based at least in part on the training set. The processing unit can then operate the computational model based at least in part on a trial data stream to provide a trial model output. Some examples include determining the validation set based at least in part on the training set and the predetermined criterion for difference between data streams.
    Type: Grant
    Filed: January 10, 2017
    Date of Patent: November 3, 2020
    Assignee: CrowdStrike, Inc.
    Inventors: Sven Krasser, David Elkind, Brett Meyer, Patrick Crenshaw
  • Patent number: 10817601
    Abstract: Techniques for restricting the execution of algorithms contained in applications executing on virtual machines executing within a computer system are described herein. A first sampled set of computer executable instructions is gathered from a virtual machine by a controlling domain and compared against a reference set of computer executable instructions. If the first set is similar to the reference set, and if the execution of the algorithm corresponding to the reference set is restricted by one or more computer system polices, one or more operations limiting the execution of the restricted algorithm are performed, thus ensuring conformance with the computer system policies.
    Type: Grant
    Filed: January 19, 2018
    Date of Patent: October 27, 2020
    Assignee: Amazon Technologies, Inc.
    Inventor: Nicholas Alexander Allen
  • Patent number: 10819614
    Abstract: There is provided a network monitoring apparatus including a memory in which information of a remote operation and a combination of one or more command codes are associated with each other, and a processor coupled to the memory and the processor configured to acquire a command code of the one or more commands codes from a header of an encrypted execution request packet for executing the one or more commands for implementing a remote operation, determine whether or not there exists the combination included in a command code list in which acquired command codes are sequentially indicated, by referring the memory, and determine that the remote operation associated with the combination is successful when it is determined that there exists the combination included in the command code list.
    Type: Grant
    Filed: November 5, 2018
    Date of Patent: October 27, 2020
    Assignee: FUJITSU LIMITED
    Inventors: Yuki Fujishima, Masanobu Morinaga, Kazuyoshi Furukawa
  • Patent number: 10819716
    Abstract: Systems and methods for analyzing network traffic are provided. An exemplary system may include a plurality of network nodes distributed in multiple geographical regions. The plurality of network nodes may be configured to collect mass scanning network traffic data. The system may also include at least one processor. The processor may be configured to receive, from a first network node, a first network scanning request from a source scanner. In response to the reception of the first network scanning request, the processor may also be configured to transmit, via a second network node, a second network scanning request to the source scanner. The processor may further be configured to determine, based on feedback from the source scanner, whether the source scanner is compromised.
    Type: Grant
    Filed: July 22, 2020
    Date of Patent: October 27, 2020
    Assignee: GREYNOISE INTELLIGENCE INC.
    Inventor: Andrew Kevin Morris
  • Patent number: 10817603
    Abstract: In some implementations, a method performed by data processing apparatuses includes receiving a new script document in a scripting language that has not yet been classified; identifying features of the new script document, wherein at least some of the features are script-language commands contained in the new script document; generating first feature-data for the new script document, the first feature-data comprising measures of frequency of occurrences of the features within the new script document; and assigning a classification to the new script document based on a comparison of the first feature-data with training data that comprises second feature-data for known-malicious script documents and third feature-data for known-benign script documents.
    Type: Grant
    Filed: August 23, 2018
    Date of Patent: October 27, 2020
    Assignee: Target Brands, Inc.
    Inventor: Evan Gaustad
  • Patent number: 10810317
    Abstract: A gateway device includes a network interface connected to data sources, and computer instructions, that when executed cause a processor to access data portions from the data sources. The processor accesses classification rules, which are configured to classify a data portion of the plurality of data portions as sensitive data in response to the data portion satisfying the rule. Each rule is associated with a significance factor representative of an accuracy of the classification rule. The processor applies each of the set of classification rules to a data portion to obtain an output of whether the data is sensitive data. The output are weighed by significance factors to produce a set of weighted outputs. The processor determines if the data portion is sensitive data by aggregating the set of weighted outputs, and presents the determination in a user interface. Security operations may also be performed on the data portion.
    Type: Grant
    Filed: February 9, 2018
    Date of Patent: October 20, 2020
    Assignee: Protegrity Corporation
    Inventors: David Clyde Williamson, Vichai Levy, Hans Meijer, Yigal Rozenberg, Lingling Yan
  • Patent number: 10805341
    Abstract: In one embodiment, a traffic analysis service receives captured traffic data regarding a Transport Layer Security (TLS) connection between a client and a server. The traffic analysis service applies a first machine learning-based classifier to TLS records from the traffic data, to identify a set of the TLS records that include Hypertext Transfer Protocol (HTTP) header information. The traffic analysis service estimates one or more HTTP transaction labels for the connection by applying a second machine learning-based classifier to the identified set of TLS records that include HTTP header information. The traffic analysis service augments the captured traffic data with the one or more HTTP transaction labels. The traffic analysis service causes performance of a network security function based on the augmented traffic data.
    Type: Grant
    Filed: February 6, 2018
    Date of Patent: October 13, 2020
    Assignee: Cisco Technology, Inc.
    Inventors: Blake Harrell Anderson, David McGrew
  • Patent number: 10802863
    Abstract: An apparatus and method for storing an audit trail in response to execution of a virtual-machine process. The method for storing an audit trail, performed by the apparatus for storing an audit trail in response to execution of a virtual-machine process, includes detecting execution of a process inside a virtual machine, determining whether the executed process is a monitoring target process and determining a type of the process, activating one or more monitoring events for monitoring at least one of an upload, a download and a drop by the process based on a result of the determination, and storing information about occurrence of the activated monitoring event as an audit trail.
    Type: Grant
    Filed: May 10, 2018
    Date of Patent: October 13, 2020
    Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventors: Hyunyi Yi, Sung-Jin Kim, Woomin Hwang, Seong-Joong Kim, Chulwoo Lee, Byung-Joon Kim, Hyoung-Chun Kim
  • Patent number: 10798123
    Abstract: Aspects of the present disclosure involve systems and methods computing devices to access a public network posing as a user to the network to detect one or more malware programs available for downloading through the network. More particularly, a malware detection control system utilizes a browser executed on a computing device to access a public network, such as the Internet. Through the browser, sites or nodes of the public network are accessed by the control system with the interactions with the sites of the public network designed to mimic or approximate a human user of the browser. More particularly, the control system may apply the one or more personality profiles to the browser of the computing device to access and interact with the nodes of the public network. Further, the control system may monitor the information retrieved from the network sites to detect the presence of malware within the nodes.
    Type: Grant
    Filed: August 16, 2019
    Date of Patent: October 6, 2020
    Assignee: Level 3 Communications, LLC
    Inventor: Skyler J. Bingham
  • Patent number: 10795855
    Abstract: In some embodiments, a target host may have provided the change data in response to detecting the change, and the change data may include one or more rules, settings, and/or parameters. Also, in various embodiments, the compliance server may determine whether the one or more rules, settings, and/or parameters meet one or more compliance policies and generate one or more test results based at least on the results of the determining. Further, in some embodiments, the target host may detect a change to a rule, setting, and/or parameter based on a collection policy defining what change data is to be collected by the target host and provide data associated with the rule, setting, and/or parameter as change data to the compliance server.
    Type: Grant
    Filed: July 2, 2018
    Date of Patent: October 6, 2020
    Assignee: Tripwire, Inc.
    Inventor: Robert DiFalco
  • Patent number: 10798116
    Abstract: Embodiments of the present disclosure relate to a data analysis system that may automatically generate memory-efficient clustered data structures, automatically analyze those clustered data structures, and provide results of the automated analysis in an optimized way to an analyst. The automated analysis of the clustered data structures (also referred to herein as data clusters) may include an automated application of various criteria or rules so as to generate a compact, human-readable analysis of the data clusters. The human-readable analyses (also referred to herein as “summaries” or “conclusions”) of the data clusters may be organized into an interactive user interface so as to enable an analyst to quickly navigate among information associated with various data clusters and efficiently evaluate those data clusters in the context of, for example, a fraud investigation. Embodiments of the present disclosure also relate to automated scoring of the clustered data structures.
    Type: Grant
    Filed: April 24, 2018
    Date of Patent: October 6, 2020
    Assignee: Palantir Technologies Inc.
    Inventors: David Cohen, Jason Ma, Bing Jie Fu, Ilya Nepomnyashchiy, Steven Berler, Alex Smaliy, Jack Grossman, James Thompson, Julia Boortz, Matthew Sprague, Parvathy Menon, Michael Kross, Michael Harris, Adam Borochoff
  • Patent number: 10795996
    Abstract: Disclosed are systems and methods for machine learning of a model for detecting malicious files. The described system samples files from a database of files and trains a detection model for detecting malicious files on the basis of an analysis of the sampled files. The described system forms behavior logs based on executable commands intercepted during execution of the sampled files, and generates behavior patterns based on the behavior log. The described system determines a convolution function based on the behavior patterns, and trains a detection model for detecting malicious files by calculating parameters of the detection model using the convolution function on the behavior patterns. The trained detection model may be used to detect malicious files by utilizing the detection model on a system behavior log generated during execution of suspicious files.
    Type: Grant
    Filed: February 28, 2018
    Date of Patent: October 6, 2020
    Assignee: AO Kaspersky Lab
    Inventors: Alexander S. Chistyakov, Ekaterina M. Lobacheva, Alexey M. Romanenko
  • Patent number: 10795995
    Abstract: There are disclosed devices, system and methods for feeding identification data of malicious creatives existing in internet advertisements to a supply side platform (SSP) by receiving reports of unwanted actions without user action by malicious creatives of internet advertisements (ads) requested from the SSP by webpages being displayed to users. The reports include a creative identification (ID), a malicious code chain of events, and a demand side platform (DSP) ID or a seat ID. The reports are pre-processed by classifying the unwanted action attempts based on the chain of events. The pre-processed reports are parsed to extract the creative IDs, the SSP IDs and the DSP IDs; and then stored in a searchable database. The stored parsed pre-processed reports are feed to SSPs based on the SSP identifications. The feed includes the creative IDs, the SSP IDs, the DSP IDs, timestamps of the unwanted action attempt and the classifications.
    Type: Grant
    Filed: April 23, 2020
    Date of Patent: October 6, 2020
    Assignee: CLEAN.IO, INC.
    Inventors: Alexey Stoletny, Seth Demsey, Iván Soroka
  • Patent number: 10789105
    Abstract: Systems, methods, computer readable media and articles of manufacture consistent with innovations herein are directed to computer virtualization, computer security and/or memory access. According to some illustrative implementations, innovations herein may utilize and/or involve a separation kernel hypervisor which may include the use of a guest operating system virtual machine protection domain, a virtualization assistance layer, and/or a detection mechanism (which may be proximate in temporal and/or spatial locality to malicious code, but isolated from it), inter alia, for detection and/or notification of, and action by a monitoring guest upon access by a monitored guest to predetermined physical memory locations.
    Type: Grant
    Filed: April 9, 2018
    Date of Patent: September 29, 2020
    Assignee: Lynx Software Technologies, Inc.
    Inventors: Edward T. Mooring, Phillip Yankovsky, Craig Howard
  • Patent number: 10783241
    Abstract: A system and methods for sandboxed malware analysis and automated patch development, deployment and validation, that uses a business operating system, vulnerability scoring engine, binary translation engine, sandbox simulation engine, at least one network endpoint, at least one database, a network, and a combination of machine learning and vulnerability probing techniques, to analyze software, locate any vulnerabilities or malicious behavior, and attempt to patch and prevent undesired behavior from occurring, autonomously.
    Type: Grant
    Filed: February 2, 2018
    Date of Patent: September 22, 2020
    Assignee: QOMPLX, INC.
    Inventors: Jason Crabtree, Andrew Sellers
  • Patent number: 10783053
    Abstract: Errors encountered by executing applications can be recorded in one or more logs. A search engine can be configured to retrieve error data from the one or more logs using pre-specified rules. A portion of the error data can be included in a small portable message (e.g., SMS text message) and sent to the developers or administrators of the applications. An administrative console can generate different visualizations based upon what errors the search engine retrieved.
    Type: Grant
    Filed: March 23, 2018
    Date of Patent: September 22, 2020
    Assignee: Palantir Technologies Inc.
    Inventors: Lauren DeMeuse, Grant Wu, Garren Riechel, Ian Mair, Michael Nazario
  • Patent number: 10783246
    Abstract: Examples relate to snapshots of system memory. In an example implementation, structural information of a process in a snapshot of system memory is compared with hashes or fuzzy hashes of executable regions of the same process in a previous snapshot of system memory to determine whether there is a structural anomaly.
    Type: Grant
    Filed: January 31, 2017
    Date of Patent: September 22, 2020
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Nigel Edwards, Michael John Wray
  • Patent number: 10783249
    Abstract: Embodiments of the present application provide a method and apparatus for removing a root-privileged virus and an electronic device. The method includes: scanning the smart device to find a root-privileged virus file; obtaining a root-privileged removing process according to the virus file; and removing the root-privileged virus file according to a preset removing strategy by using the root-privileged removing process. As a root-privileged process is directly obtained in this embodiment by using a found virus file, the smart device can obtain the root privileges more quickly, improving the speed of killing the root-privileged virus.
    Type: Grant
    Filed: December 26, 2016
    Date of Patent: September 22, 2020
    Assignee: Beijing Kingsoft Internet Security Software Co., Ltd.
    Inventor: Guoqing Yuan
  • Patent number: 10778626
    Abstract: An electronic device will identify an electronic message received by a messaging client that is associated with a first recipient, and it will analyze the electronic message to determine whether the electronic message is a simulated malicious message. Upon determining that electronic message is a simulated malicious message, the device will identify an actuatable element in the electronic message. The actuatable element will include a service address. The device will modify the electronic message by appending a user identifier of the first recipient to the service address of the actuatable element. Then, when the actutable element is actuated, the system may determine whether the first recipient actuated the actuatable element or an alternate recipient did so based on whether the user identifier of the first recipient is still appended (or is the only user identifier appended) to the actuatable element.
    Type: Grant
    Filed: February 4, 2019
    Date of Patent: September 15, 2020
    Assignee: Proofpoint, Inc.
    Inventors: Kurt Wescoe, Trevor Tyler Hawthorn, Alan Himler, Patrick H. Veverka, John T. Campbell, Dustin D. Brungart, Norman Sadeh-Koniecpol
  • Patent number: 10762261
    Abstract: A method to transform the function of a circuit is provided. The method provides a first register-transfer level (RTL) document and a second RTL document, provides a first gate level (GTL) netlist and a second GTL netlist, compares the two RTL documents to identify the instances to be modified, locates the instances to be modified in the first GTL netlist, and transforms the function of the circuit by patching the circuit such that the patched first GTL netlist is equivalent to the second GTL netlist. The method improves performance and efficiency of the transformation by reducing the number of instances to be input into the engineering change order (ECO) engine, and also minimizes change in circuit design.
    Type: Grant
    Filed: April 16, 2019
    Date of Patent: September 1, 2020
    Inventor: Yu-Liang Wu
  • Patent number: 10762194
    Abstract: A program file classification method, a program file classification apparatus, and a program file classification system, where the system sets an agent program in a client and a sandbox server to obtain behavior information corresponding to at least two behaviors executed by a program file at runtime. Each piece of behavior information includes a behavior identifier and a path related during execution of a corresponding behavior. A classification server performs normalization process on the path in each piece of behavior information, where the normalization process reduces path diversity, generates a feature vector according to at least two pieces of behavior information obtained after the path normalization process, and determines, according to the feature vector, a category to which the program file belongs. Because normalization process is performed on the path, randomness of a path obtained after the normalization process is reduced.
    Type: Grant
    Filed: January 12, 2018
    Date of Patent: September 1, 2020
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventor: Zhenhua Liu
  • Patent number: 10757135
    Abstract: A bot characteristic detection method and apparatus, where the apparatus obtains a first dynamic behavior file and a second dynamic behavior file, where the first dynamic behavior file is a behavior file resulting from dynamic behavior detection performed on a malicious file in a first sandbox, and the second dynamic behavior file is a behavior file resulting from dynamic behavior detection performed on the malicious file in a second sandbox. The apparatus determines a bot characteristic of the malicious file based on a common characteristic of the first dynamic behavior file and the second dynamic behavior file.
    Type: Grant
    Filed: April 2, 2019
    Date of Patent: August 25, 2020
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventor: Wu Jiang
  • Patent number: 10754947
    Abstract: A method, including identifying over a set of classified applications a set of discriminating features, determining via code analysis, when a first application is subjected to classification, positions of the first application's code that correspond to discriminating features, and forwarding to a classification algorithm, such that according to its output the code fragments corresponding to the discriminating features are reported beyond a determination itself of the discriminating features.
    Type: Grant
    Filed: November 30, 2015
    Date of Patent: August 25, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Pietro Ferrara, Marco Pistoia, Omer Tripp
  • Patent number: 10757120
    Abstract: An electronic message is analyzed for malware contained in the message. Text of an electronic message may be analyzed to detect and process malware content in the electronic message itself. The present technology may analyze an electronic message and attachments to electronic messages to detect a uniform resource location (URL), identify whether the URL is suspicious, and analyze all suspicious URLs to determine if they are malware. The analysis may include re-playing the suspicious URL in a virtual environment which simulates the intended computing device to receive the electronic message. If the re-played URL is determined to be malicious, the malicious URL is added to a black list which is updated throughout the computer system.
    Type: Grant
    Filed: July 16, 2018
    Date of Patent: August 25, 2020
    Assignee: FireEye, Inc.
    Inventors: Ashar Aziz, Henry Uyeno, Jay Manni, Amin Sukhera, Stuart Staniford
  • Patent number: 10747879
    Abstract: A system, method, and computer program product are provided for identifying a file utilized to automatically launch content as unwanted. In one embodiment, a file is identified in response to a detection of unwanted code, the file utilized to automatically launch content. Additionally, it is determined whether an identifier associated with the unwanted code is included in the file. Further, the file is identified as unwanted based on the determination.
    Type: Grant
    Filed: December 13, 2018
    Date of Patent: August 18, 2020
    Assignee: MCAFEE, LLC
    Inventors: Vinoo Thomas, Palasamudram Ramagopal Prashanth, Rahul Mohandas
  • Patent number: 10749880
    Abstract: The present invention involves with a cloud tenant oriented method and system for protecting privacy data. The method comprises at least the following steps: analyzing event handler information and/or behavioral signature information of request information and determining an execution mode, selecting at least one node without a behavioral signature plot to execute the tenant request and recording an execution result, generating a behavioral signature plot based on the execution result, and dynamically detecting security-sensitive behavior based on the behavioral signature plot. The present invention ensures data security during processing of security-sensitive data for cloud services by adopting a technology based on behavioral signatures, and prevents attackers from exploiting vulnerabilities and bypassing security control to conduct malicious operations.
    Type: Grant
    Filed: August 23, 2018
    Date of Patent: August 18, 2020
    Assignee: Huazhong University of Science and Technology
    Inventors: Hai Jin, Weiqi Dai, Yan Xia, Deqing Zou
  • Patent number: 10740363
    Abstract: Techniques are provided herein for classifying domains based on DNS traffic so that domains that are malicious or associated with malicious activity can be identified. Traffic between one or more domain name system (DNS) resolvers and one or more authoritative name servers hosted on the Internet is analyzed analyzing at a server having network connectivity. A mismatch between a hostname and Internet Protocol (IP) information for the hostname is detected in the traffic and domains included in the traffic are classified based on the detecting.
    Type: Grant
    Filed: November 26, 2018
    Date of Patent: August 11, 2020
    Assignee: Cisco Technology, Inc.
    Inventors: Dhia Mahjoub, Thomas M. Mathew
  • Patent number: 10742669
    Abstract: A system and method for determining malware threats based on behavior of a host/IP address uses netflow data, white lists, black lists and machine learning classification with a model. A white list generation method may be used and a machine learning model validation method.
    Type: Grant
    Filed: August 9, 2017
    Date of Patent: August 11, 2020
    Assignee: NTT Security Corporation
    Inventors: Kenji Takahashi, Marek Niedzwiedz, Michal Tadeusiak, Jan Milczek, Szymon Nakonieczny, Jakub Czakon
  • Patent number: 10735442
    Abstract: User interfaces are generated by operations that include receive and store formatted static data and dynamic data. A first query is received, and first response data is selected. A user interface is generated containing the first response data and the user interface is displayed. An indication of user selection is received. A second query is generated and second response data is selected. The user interface is updated to a second user interface, which is displayed.
    Type: Grant
    Filed: June 4, 2018
    Date of Patent: August 4, 2020
    Assignee: Target Brands, Inc.
    Inventor: Allen M. Swackhamer
  • Patent number: 10733385
    Abstract: A behavior inference model building apparatus and a behavior inference model building method thereof are provided. The behavior inference model building apparatus converts a plurality of program operation sequences of a plurality of program operation sequence data into a plurality of word vectors through a word embedding model, and inputs the first M word vectors of the word vectors, corresponding to each program operation sequence data, into a generative adversarial network (GAN) model to train and optimize the GAN model. The behavior inference model building apparatus integrates the word embedding model and the generator of the optimized GAN model to build a behavior inference model.
    Type: Grant
    Filed: December 12, 2017
    Date of Patent: August 4, 2020
    Assignee: Institute For Information Industry
    Inventors: Chia-Min Lai, Chia-Yu Lu
  • Patent number: 10735441
    Abstract: In one embodiment, a service receives traffic telemetry data regarding encrypted traffic sent by an endpoint device in a network. The service analyzes the traffic telemetry data to infer characteristics of an application on the endpoint device that generated the encrypted traffic. The service receives, from a monitoring agent on the endpoint device, application telemetry data regarding the application. The service determines that the application is evasive malware based on the characteristics of the application inferred from the traffic telemetry data and on the application telemetry data received from the monitoring agent on the endpoint device. The service initiates performance of a mitigation action in the network, after determining that the application on the endpoint device is evasive malware.
    Type: Grant
    Filed: December 20, 2017
    Date of Patent: August 4, 2020
    Assignee: Cisco Technology, Inc.
    Inventors: Blake Harrell Anderson, David McGrew, Vincent E. Parla, Jan Jusko, Martin Grill, Martin Vejman