Securing compromised network devices in a network
Granted: August 28, 2018
Patent Number:
10063582
Securing compromised network devices in a network. In one embodiment, a method may include (a) identifying a Positive Unlabeled (PU) machine learning classifier, (b) selecting labeled positive samples and unlabeled positive and negative samples as a bootstrap subset of training data from a set of training data, (c) training the PU machine learning classifier, (d) repeating (a)-(c) one or more times to create a set of trained PU machine learning classifiers, (e) predicting probabilities…
Detecting malicious code based on deviations in executable image import resolutions and load patterns
Granted: August 28, 2018
Patent Number:
10061924
Trusted executable images are run in a controlled environment, such as a dynamic malware analysis platform. For each trusted executable image, a corresponding baseline import-load signature is generated. This can be done by applying a cryptographic hash function to the specific instructions which resolve imports and/or load libraries, and their operands. Sample programs are run in the controlled environment and tested for maliciousness. Any executable image run by a given sample program…
Systems and methods for collecting error data to troubleshoot product errors
Granted: August 28, 2018
Patent Number:
10061683
The disclosed computer-implemented method for collecting error data to troubleshoot product errors may include (1) monitoring Internet searches submitted by a user of a computing device to a search engine executing within a browser installed on the computing device, (2) identifying, while monitoring the Internet searches, a search including a description of an error in a product installed on the computing device, (3) in response to identifying the search, automatically enabling debug…
Systems and methods for profiling client systems
Granted: August 21, 2018
Patent Number:
10057274
The disclosed computer-implemented method for profiling client systems may include (1) identifying one or more administrative categories used to categorize clients according to system profiles of the clients, (2) collecting attribute information that associates one or more client attributes with the administrative category, (3) generating, based at least in part on the association between the client attribute and the administrative category, an association scoring protocol that estimates…
Systems and methods for determining the trustworthiness of files within organizations
Granted: August 21, 2018
Patent Number:
10055586
The disclosed computer-implemented method for determining the trustworthiness of files within organizations may include (1) identifying a file on a computing device within multiple computing devices managed by an organization, (2) in response to identifying the file, identifying at least one additional computing device within the multiple computing devices that is potentially associated with the file, (3) distributing at least a portion of the file to a user of the additional computing…
Method and apparatus for remotely managing a resource at a computer
Granted: August 14, 2018
Patent Number:
10049190
A method and apparatus for using a remote delegate is described. In one embodiment, the method comprising evaluating information that identifies at least one of software packages resident in a client computer or licenses associated with the software packages using a remote delegate and enabling use of a resource at the client computer based on the information through use of the remote delegate.
Real-time anomaly detection in a network using state transitions
Granted: August 14, 2018
Patent Number:
10050987
Real-time anomaly detection in a network using state transitions. In one embodiment, a method may include identifying a sequence of messages sent between a first network node and a second network node over a network link. The method may further include identifying a sequence of message states for the sequence of messages. The method may also include identifying variable-length candidate patterns in the sequence of message states. The method may further include adding the candidate…
Systems and methods for reverse-engineering malware protocols
Granted: August 14, 2018
Patent Number:
10050982
The disclosed computer-implemented method for reverse-engineering malware protocols may include (1) decrypting encrypted network traffic generated by a malware program, (2) identifying at least one message type field in the decrypted network traffic, (3) identifying at least one message in the decrypted network traffic with the identified message type, and (4) inferring at least a portion of a protocol used by the malware program by analyzing the identified message to identify a field…
Systems and methods for detecting malicious processes on computing devices
Granted: August 14, 2018
Patent Number:
10049214
The disclosed computer-implemented method for detecting malicious processes on computing devices may include (i) identifying a portion of data on a computing device that is stored in an unrestricted section of memory and accessed by processes while running on the computing device, (ii) allocating a restricted section of memory within the computing device and indicating that the portion of data is located in the restricted section of memory, (iii) detecting an attempt by a process running…
Computer readable storage media for multi-factor authentication and methods and systems utilizing same
Granted: August 14, 2018
Patent Number:
10049204
Systems and methods for providing multi-factor authentication are discloses herein. A method for multi-factor authentication may include a step for receiving an authentication window request from an electronic device. The authentication window request may be configured to identify a user. The method may further include enabling an authentication window responsive, at least in part, to receipt of the authentication window request. The method may further include receiving a login…
Outlier detection in databases
Granted: August 14, 2018
Patent Number:
10049128
Various systems, methods, and processes for identifying outliers in a data set stored in a database are disclosed. A subset of data is extracted from a data set. Data descriptors are allocated to the subset of data. A model of the subset of data is created based on attributes of the data descriptors. An iteration of an outlier detection process based on the model is then executed. The outlier detection process evaluates the subset of data, and the outlier detection process evaluates the…
Reducing redundant transmissions by polling clients
Granted: August 7, 2018
Patent Number:
10044835
Systems and methods for optimized polling. An example method may comprise: receiving, over a transport layer connection, a first application layer request comprising a payload; storing, by a processing device, the payload in a memory; forwarding the payload to an application layer; receiving, over the transport layer connection, a second application layer request comprising no payload; and forwarding the payload to the application layer.
Method and apparatus for detecting security anomalies in a public cloud environment using network activity monitoring, application profiling and self-building host mapping
Granted: August 7, 2018
Patent Number:
10044740
The disclosed computer-implemented method for detecting security anomalies in a public cloud environment using network activity monitoring, application profiling, and self-building host mapping may include (1) collecting host information that identifies (A) at least one communication channel that has previously facilitated communication between at least one host computing platform within a cloud computing environment and at least one additional computing platform and/or (B) at least one…
Decrypting network traffic on a middlebox device using a trusted execution environment
Granted: August 7, 2018
Patent Number:
10044691
Decrypting network traffic on a middlebox device using a trusted execution environment (TEE). In one embodiment, a method may include loading a kernel application inside the TEE, loading a logic application outside the TEE, intercepting, by the logic application, encrypted network traffic, forwarding, from the logic application to the kernel application, the encrypted network traffic, decrypting, at the kernel application, the encrypted network traffic, inspecting, at the kernel…
Systems and methods for detecting gadgets on computing devices
Granted: August 7, 2018
Patent Number:
10043013
The disclosed computer-implemented method for detecting gadgets on computing devices may include (i) identifying, on a computing device, a process containing multiple modules, (ii) identifying, within the process, each module that does not implement a security protocol that randomizes, each time the module executes, a memory location of at least one portion of data accessed by the module, (iii) copying each module that does not implement the security protocol to a section of memory…
Locally securing sensitive data stored on a mobile phone
Granted: July 31, 2018
Patent Number:
10038778
Locally securing sensitive data stored on a mobile phone. In one embodiment, a computer-implemented method for locally securing sensitive data stored on a mobile phone may be performed, at least in part, by a computing device including at least one processor. The method may include operating a mobile phone in an owner mode. The method may also include locally detecting, by the mobile phone, an insecurity event on the mobile phone. The method may further include, in response to locally…
Detecting suspicious file prospecting activity from patterns of user activity
Granted: July 31, 2018
Patent Number:
10037425
Suspicious file prospecting activity is detected based on patterns of file system access. A user's file system access is monitored over a specific time period. A sequence of the file accesses (e.g., represented as path names) made by the user during the time period is recorded. Distances between the recorded file accesses are determined, for example as edit distances. A distance sequence is recorded, comprising a record of the determined distances. The distance sequence is reduced to one…
Techniques for classifying and labeling data
Granted: July 31, 2018
Patent Number:
10037378
Techniques for classifying and labeling data are disclosed. In one embodiment, the techniques may be realized as a system for classifying and labeling data comprising one or more processors. The one or more processors may be configured to distribute training data across a plurality of hosts. Each of the hosts may be assigned a random subset of the training data, and configured to cluster its own subset independently. The one or more processors may be further configured to label each…
Systems and methods for selectively applying malware signatures
Granted: July 24, 2018
Patent Number:
10032023
A computer-implemented method for selectively applying malware signatures may include (1) receiving a time-sensitive malware signature at a receiving time to apply to a computing environment, (2) identifying a first target object observed within the computing environment at a first observation time, (3) deactivating the time-sensitive malware signature with respect to the first target object based on a difference between the receiving time and the first observation time, (4) observing a…
Systems and methods for protecting backed-up data from ransomware attacks
Granted: July 24, 2018
Patent Number:
10032033
The disclosed computer-implemented method for protecting backed-up data from ransomware attacks may include (1) determining that a backup system periodically backs up at least one file stored at a computing device to a remote storage system by storing a copy of the file at the remote storage system, (2) identifying one or more characteristics of the file backed up by the backup system, (3) storing a tripwire file with the one or more characteristics at the computing device, (4)…
