公开(公告)号：US11775634B2

公开(公告)日：2023-10-03

申请号：US16774975

申请日：2020-01-28

Applicant: McAfee, LLC

Inventor： Paritosh Saxena ,  Adrian M. M. T. Dunbar ,  Michael S. Hughes ,  John Teddy ,  David Michael Durham ,  Balaji Vembu ,  Prashant Dewan ,  Debra Cablao ,  Nicholas D. Triantafillou ,  Jason M. Surprise

IPC: G06F9/50 ,  G06F21/55 ,  G06F21/74 ,  G06F12/14 ,  G06F21/75 ,  G06F21/44 ,  G06F21/56 ,  G06F21/57 ,  G06F21/71 ,  G06F1/28 ,  G06F9/455 ,  G06T1/20 ,  G09G5/36

CPC classification number: G06F21/552 ,  G06F1/28 ,  G06F9/5027 ,  G06F12/14 ,  G06F12/145 ,  G06F12/1491 ,  G06F21/445 ,  G06F21/554 ,  G06F21/56 ,  G06F21/566 ,  G06F21/57 ,  G06F21/71 ,  G06F21/74 ,  G06F21/755 ,  G06F9/45558 ,  G06F2009/45587 ,  G06F2209/509 ,  G06F2212/1052 ,  G06F2221/034 ,  G06F2221/2149 ,  G06T1/20 ,  G09G5/363 ,  Y02D10/00

Abstract: Computing platform security methods and apparatus are disclosed. An example apparatus includes a graphics processor; and a graphics driver to facilitate access to the graphics processor, the graphics driver including: an authenticator to establish a trusted channel between the graphics driver and an application driver via mutual authentication of the graphics driver and the application driver; an offloader to offload a computing task to the graphics processor via the trusted channel, the computing task associated with the application driver; and a hypervisor to monitor memory associated with the offloaded computing task for an unauthorized access attempt.

公开(公告)号：US20230306118A1

公开(公告)日：2023-09-28

申请号：US17655847

申请日：2022-03-22

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor： Ambrish Rawat ,  Stefano Braghin ,  Killian Levacher ,  Ngoc Minh Tran ,  Giulio Zizzo

IPC: G06F21/57 ,  G06F21/55 ,  G06N3/04

CPC classification number: G06F21/577 ,  G06F21/552 ,  G06N3/0454 ,  G06F2221/033

Abstract: A method, computer program, and computer system are provided for predicting and assessing risks on websites. Data corresponding to historical interactions of a user with one or more websites is accessed. A simulation of actions of the user is generated based on the accessed data, and actions of the user are simulated on a pre-defined target website based on the generated simulation of the actions of the user. Risks on the target website are identified based on simulating the actions of the user. The website is updated to mitigate the identified risks.

公开(公告)号：US20230306108A1

公开(公告)日：2023-09-28

申请号：US17700958

申请日：2022-03-22

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Alex Veprinsky ,  Charles F. Clark ,  John Blumenthal ,  Ayman Abouelwafa

IPC: G06F21/55

CPC classification number: G06F21/552 ,  G06F2221/034

Abstract: In some examples, a system applies an inline detection of a write of data in a storage, the inline detection to detect potential data encryption of the data. In response to an indication of the potential data encryption, the system creates a first object that represents a first version of the data, and applies a further analysis to determine whether the potential data encryption constitutes unauthorized data encryption, the further analysis based on the first object and a second object that represents a second version of the data that is prior to the first version of the data.

公开(公告)号：US11768933B2

公开(公告)日：2023-09-26

申请号：US16990393

申请日：2020-08-11

Applicant: Saudi Arabian Oil Company

Inventor： Urfan Ahmed

IPC: G06F21/55 ,  G06F21/56 ,  H04L9/40 ,  G06F21/74

CPC classification number: G06F21/552 ,  G06F21/562 ,  G06F21/74 ,  H04L63/101 ,  G06F2221/034

Abstract: A cybersecurity solution for preventing malware from infecting a computing device or a computer resource on the computing device. The solution can include detecting a computer resource process running or attempting to run on an operating system and comparing details of the computer resource process against an authorized processes database containing details of previously run computer resources processes to determine if the computer resource process is running or attempting to run for a first time on the operating system. The solution can include adding, during a learning mode, the details of the computer resource process to the authorized processes database when it is determined that the computer resource process is running or attempting to run for the first time on the operating system, and suspending, during a protect mode, the computer resource process from running on the operating system when it is determined that the computer resource process is running or attempting to run for the first time on the operating system. The details of the computer resource process can include at least one of semaphore data, mutex data or atom data for the computer resource process.

公开(公告)号：US11762984B1

公开(公告)日：2023-09-19

申请号：US16601807

申请日：2019-10-15

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Matthew Daniel DeMoss ,  Jonathan Matthew Miller

IPC: G06F21/53 ,  G06F21/55 ,  H04L9/40 ,  G06F21/57 ,  G06F21/62 ,  G06F21/56

CPC classification number: G06F21/53 ,  G06F21/552 ,  G06F21/56 ,  G06F21/577 ,  G06F21/62 ,  H04L63/1441

Abstract: A support service application may process a request that contains a hyperlink. The hyperlink may be examined to determine a level of risk associated with accessing a resource referred to by the hyperlink. An execution environment for processing the hyperlink may be identified. The execution environment may comprise a virtual machine drawn from a pool of virtual machines. The resource may be retrieved by a browser process operating within the context of the virtual machine, and a safe version of the resource may be rendered and made available to customer support personnel using the support service application.

公开(公告)号：US11755725B2

公开(公告)日：2023-09-12

申请号：US16261753

申请日：2019-01-30

Applicant: Salesforce, Inc.

Inventor： Amey Ruikar ,  Carl Meister ,  Tony Wong ,  Charles Kuo ,  Aishwarya Kumar ,  Wayne Rantala ,  Shailesh Govande

IPC: G06F21/55 ,  G06N20/00 ,  G06Q30/01

CPC classification number: G06F21/552 ,  G06F21/554 ,  G06N20/00 ,  G06F2221/034 ,  G06Q30/01

Abstract: Techniques and structures to facilitate anomaly detection within a networking system, including receiving a plurality of performance metric messages at a database system, extracting a plurality of anomaly detection messages included in the performance metric messages, storing the plurality of anomaly detection messages in an in-memory database and executing a machine learning model to process the plurality of anomaly detection messages in the in-memory database to detect whether anomalous usage of the networking system has been detected.

公开(公告)号：US20230281307A1

公开(公告)日：2023-09-07

申请号：US18087686

申请日：2022-12-22

Applicant: Recorded Future, Inc.

Inventor： Christopher Ahlberg ,  Bill Ladd ,  Sanil Chohan ,  Adrian Tirados Mata ,  Michael Tran ,  Staffan Truvé

IPC: G06F21/56 ,  G06F21/55

CPC classification number: G06F21/56 ,  G06F21/552 ,  G06F2221/034

Abstract: A computer security monitoring system and method are disclosed that feature, in one general aspect, monitoring on an ongoing basis for evidence of the presence of infected systems in one or more networks that are each associated with a monitored organizational entity possessing digital assets, continuously updating risk profiles for the entities based on information about intrusion features from the monitoring, aggregating risk scores for the entities, and electronically reporting the aggregated risk score to an end user. In another general aspect, a method is disclosed that includes acquiring and storing data relating to interactions with malware controllers over a public network, acquiring and storing a map of relationships between networks connected to the public network, extracting risk data from the stored interaction data and the stored relationship map by cross-referencing the acquired interaction data against the map of relationships, and issuing security alerts based the extracted risk data.

公开(公告)号：US20230281301A1

公开(公告)日：2023-09-07

申请号：US17653303

申请日：2022-03-03

Applicant: Dell Products, L.P.

Inventor： Marc N. McGarry ,  Nizar A. Basan ,  Weiqing Cai

IPC: G06F21/55

CPC classification number: G06F21/552 ,  G06F2221/034

Abstract: According to one embodiment, an Information Handling System (IHS) includes a memory to store a secure event log associated with one or more attributes of the IHS, and computer-executable code to obtain a system time from a system clock of the IHS, obtain a network time from a network time protocol (NTP) server, and compare the system time against the network time. When the obtained system time does not match the obtained network time, set a system clock attack chain vector in the secure event log and generate an Indicator of Attack (IoA) report based at least in part, on the system clock attack chain vector.

公开(公告)号：US11748490B2

公开(公告)日：2023-09-05

申请号：US17566053

申请日：2021-12-30

Applicant: REGENTS OF THE UNIVERSITY OF MICHIGAN

Inventor： Todd Austin ,  Valeria Bertacco ,  Mark Gallagher ,  Baris Kasikci

IPC: G06F21/57 ,  G06F8/65 ,  G06F21/55 ,  G06F21/56 ,  G06F21/60 ,  H04L9/08

CPC classification number: G06F21/577 ,  G06F8/65 ,  G06F21/552 ,  G06F21/554 ,  G06F21/566 ,  G06F21/602 ,  H04L9/0869 ,  G06F2221/0751

Abstract: A computer system includes an ensemble moving target defense architecture that protects the computer system against attack using one or more composable protection layers that change each churn cycle, thereby requiring an attacker to acquire information needed for an attack (e.g., code and pointers) and successfully deploy the attack, before the layers have changed state. Each layer may deploy a respective attack information asset protection providing multiple respective attack protections each churn cycle, wherein the respective attack information asset protections may differ.

公开(公告)号：US20230275909A1

公开(公告)日：2023-08-31

申请号：US18144357

申请日：2023-05-08

Applicant: Rapid7, Inc.

Inventor： Vasudha Shivamoggi ,  Roy Donald Hodgman ,  Katherine Wilbur

IPC: H04L9/40 ,  G06F21/55

CPC classification number: H04L63/1416 ,  H04L63/1425 ,  G06F21/552 ,  H04L63/1441

Abstract: Systems and methods are disclosed to implement a cyberattack detection system that monitors a computer network for lateral movement. In embodiments, the system uses network data from a computer network to build a baseline of connection behaviors for the network. Connection graphs are generated from new network data that indicate groups of nodes that made connections with one another during a last time interval. The graphs are analyzed for connection behavior anomalies and ranked to determine a subset of graphs with suspected lateral movement. Graphs with suspected lateral movement may be further analyzed to determine a set of possible attack paths in the lateral movements. The suspected attack paths are reported to network administrators via a notification interface. Advantageously, the disclosed system is able to detect potential lateral movements in localized portions of a network by monitoring for connection behavior anomalies in network data gathered from the network.