System and methods to detect mobile credential leaks during dynamic analysis
Granted: October 23, 2018
Patent Number:
10110618
The present disclosure relates to systems and methods for detecting malware. In some embodiments, a method may include detecting, via a processor, a user login event at an application; dynamically comparing, via the processor, the user login event with one or more expected behaviors associated with the application; and determining, via the processor, whether the application is potential malware based at least in part on a result of the comparing.
Systems and methods for performing security actions based on people's actual reactions to interactions
Granted: October 23, 2018
Patent Number:
10109171
The disclosed computer-implemented method for performing security actions based on people's actual reactions to interactions may include (i) detecting an interaction (e.g., an interaction with a digital communication) of a monitored person (e.g., a child), (ii) estimating the monitored person's expected reaction to the interaction, (iii) using contemporaneous sensor data to estimate the monitored person's actual reaction to the interaction, and (iv) performing a security action based at…
Systems and methods for detecting anomalies that are potentially indicative of malicious attacks
Granted: October 16, 2018
Patent Number:
10104100
A computer-implemented method for detecting anomalies that are potentially indicative of malicious attacks may include (1) identifying a sequence of activities performed on a computing device, (2) calculating a cumulative influence score between pairs of activities in the sequence of activities through convolution of the sequence of activities, (3) detecting an anomaly that is potentially indicative of a malicious attack based on a comparison of the cumulative influence score and an…
Systems and methods for preventing targeted malware attacks
Granted: October 16, 2018
Patent Number:
10104097
The disclosed computer-implemented method for preventing targeted malware attacks may include (1) identifying at least one candidate risk factor for targets of previous targeted malware attacks that were directed to the targets based on characteristics of the targets, (2) calculating a degree of association between the candidate risk factor and the previous targeted malware attacks by comparing rates of targeted malware attacks between a group that possesses the risk factor and a group…
Systems and methods for automatically adjusting user access permissions based on beacon proximity
Granted: October 9, 2018
Patent Number:
10097560
The disclosed computer-implemented method for automatically adjusting user access permissions based on beacon proximity may include (1) identifying a network-enabled device that is attempting to access a network resource that is protected by a security policy, where the security policy identifies an access level at which one or more devices may access the network resource when the devices are within range of the short-range wireless signal from the secure beacon, (2) determining that the…
Systems and methods for detecting security blind spots
Granted: October 2, 2018
Patent Number:
10091231
The disclosed computer-implemented method for detecting security blind spots may include (i) detecting, via an endpoint security program, a threat incident at a set of client machines associated with a security vendor server, (ii) obtaining an indication of how the set of client machines will respond to the detecting of the threat incident, (iii) predicting how a model set of client machines would respond to the threat incident, (iv) determining that a delta exceeds a security threshold,…
Systems and methods for detecting transactional message sequences that are obscured in multicast communications
Granted: October 2, 2018
Patent Number:
10091077
The disclosed computer-implemented method for detecting transactional message sequences that are obscured in multicast communications may include (i) collecting a sequence of messages that were distributed on a communication channel and that include an obscured cyclic sequence of request-response messages that are interleaved in the sequence of messages, (ii) constructing a sequence graph from the sequence of messages by (a) adding, for each unique message identifier in the sequence of…
Systems and methods for whitelisting file clusters in connection with trusted software packages
Granted: October 2, 2018
Patent Number:
10089469
The disclosed computer-implemented method for whitelisting file clusters in connection with trusted software packages may include (1) identifying a trusted file cluster that includes a set of clean files, (2) identifying an additional file cluster that includes a set of additional files that typically co-exist with the set of clean files included in the trusted file cluster on computing systems, (3) determining that the trusted file cluster and the additional file cluster represent…
Static approach to identify junk APIs in a malware
Granted: September 25, 2018
Patent Number:
10083298
A method for identifying malware is provided. The method includes performing a static analysis of a plurality of files and for each file of the plurality of files, determining in the static analysis whether the file includes an application programming interface (API). For each file, of the plurality of files, found to have an application programming interface, the method includes determining in the static analysis whether the application programming interface is proper in the file and…
Systems and methods for provisioning cyber security simulation exercises
Granted: September 18, 2018
Patent Number:
10079850
A computer-implemented method for provisioning cyber security simulation exercises may include (1) maintaining, at a data center level for a data center including a multitude of nodes, a cyber security simulation template that defines a resource configuration for a cyber security simulation exercise in which a participant executes a security attack within a contained network environment to educate the participant about cyber security, (2) detecting an indication to place a user session…
Systems and methods for data loss prevention of unidentifiable and unsupported object types
Granted: September 18, 2018
Patent Number:
10079835
A computer-implemented method for data loss prevention of unidentifiable and unsupported object types may include (1) monitoring, through at least one filter, data input to an application during execution, (2) scanning, through a data loss prevention scanner, the data input to the application to detect whether the data includes sensitive data that is protected by a data loss prevention policy, (3) flagging, based on the scanning, the application as having accessed the sensitive data that…
Systems and methods for digitally enforcing computer parental controls
Granted: September 18, 2018
Patent Number:
10078762
The disclosed computer-implemented method for digitally enforcing computer parental controls may include (i) identifying a parental-control policy that controls a user's computer usage in some way, (ii) determining that the user is using a primary device, which is configured to restrict its usage according to the terms of the parental-control policy, to access a secondary device, which is not configured to restrict its usage according to the terms of the parental-control policy, and…
Systems and methods for detecting exploit-kit landing pages
Granted: September 11, 2018
Patent Number:
10075456
The disclosed computer-implemented method for detecting exploit-kit landing pages may include detecting an attempt to access a web page via a computing device. The web page may be an unknown landing page of an exploit kit that includes a script that may be used by the exploit kit to access attributes of the computing device that may be used by the exploit kit to select suitable exploit code for compromising the computing device. The disclosed computer-implemented method may further…
Using telemetry data to detect false positives
Granted: September 11, 2018
Patent Number:
10075454
Telemetry data concerning multiple samples convicted as malware by different endpoints is tracked over time. During a period of time in which telemetry data concerning convicted samples are tracked, specific samples can be convicted multiple times, both on a single endpoint and/or on multiple endpoints. The tracked telemetry data concerning the convicted samples is analyzed, and data that is indicative of false positives is identified. Convictions of samples can be exonerated as false…
Systems and methods for identifying suspicious singleton files using correlational predictors
Granted: September 11, 2018
Patent Number:
10073983
The disclosed computer-implemented method for identifying suspicious singleton files using correlational predictors may include (1) identifying a set of known-clean computing devices that include no singleton files, (2) detecting at least one software component that is installed on a threshold number of the known-clean computing devices, (3) identifying an unvindicated computing device whose infection status is unknown, (4) determining that, in addition to being installed on the…
Systems and methods for classifying files
Granted: September 11, 2018
Patent Number:
10073968
The disclosed computer-implemented method for classifying files may include (i) identifying a point in time before which there is a non-zero probability that at least one file within a group of files has been classified by a security system, (ii) identifying, within the group of files, a file with a timestamp that indicates the file was created or modified before the point in time, (iii) assign, based on the timestamp of the file, a classification to the file that indicates the file is…
Techniques for predicting and protecting spearphishing targets
Granted: September 4, 2018
Patent Number:
10069862
Techniques for predicting and protecting spearphishing targets are disclosed. In one particular exemplary embodiment, the techniques may be realized as a system for predicting and protecting spearphishing targets. The system may comprise one or more processors communicatively coupled to a network. The one or more processors may be configured to identify one or more potential spearphishing targets based on information from an organization, receive additional information associated with…
Indirect access control
Granted: September 4, 2018
Patent Number:
10069823
Indirect access control is performed between a requestor computing device and a requestee computing device. Peer data is transmitted from the requestor to the requestee that asserts that the requestor is trusted by a peer computing device. It is verified that the requestor has a first degree of trust with the peer. Next degree peer data is received from the peer that asserts that the peer is trusted by a next degree peer computing device. It is verified that the peer has a next degree of…
Systems and methods for network security
Granted: September 4, 2018
Patent Number:
10068089
A computer-implemented method for network security may include (1) obtaining initial information that at least partially identifies an initial access point for connecting to a network, (2) after obtaining the initial information, obtaining subsequent information that at least partially identifies a subsequent access point for connecting to the same network, (3) comparing, by a security program, the initial information and the subsequent information in an attempt to detect whether the…
Systems and methods for collecting error data to troubleshoot product errors
Granted: August 28, 2018
Patent Number:
10061683
The disclosed computer-implemented method for collecting error data to troubleshoot product errors may include (1) monitoring Internet searches submitted by a user of a computing device to a search engine executing within a browser installed on the computing device, (2) identifying, while monitoring the Internet searches, a search including a description of an error in a product installed on the computing device, (3) in response to identifying the search, automatically enabling debug…
