-
公开(公告)号:US11075951B1
公开(公告)日:2021-07-27
申请号:US16024528
申请日:2018-06-29
申请人: NortonLifeLock Inc.
发明人: Daniel Kats , Brian Schlatter , Michael Hart , Steven Meckl , Jung Hui Yoon , Matteo Dell'Amico
摘要: A method for learning queries in automated incident remediation is performed by one or more computing devices, each comprising one or more processors. The method includes parsing at least a portion of incidents from an incident log based at least in part on one or more incident types associated with each incident from the portion of the incidents, identifying parameters associated with a plurality of queries, grouping the plurality of queries into a plurality of query groups based at least in part on the identified parameters, identifying a new incident added to the incident log, and generating an automated query based at least in part on a similarity between the new incident and a prior incident.
-
公开(公告)号:US11062034B1
公开(公告)日:2021-07-13
申请号:US17006608
申请日:2020-08-28
申请人: NortonLifeLock Inc.
发明人: Qing Li , Brian Varner , Stan Kiefer , Samir Kapuria
摘要: The disclosed computer-implemented method for improving application analysis may include (i) configuring a computing environment to execute an application such that the computing environment spoofs a simulated geolocation that is detected by the application, (ii) performing a dynamic analysis of how the application behaves within the simulated geolocation, and (iii) generating a holistic security analysis of the application based on both a result of the dynamic analysis performed for the simulated geolocation and an additional result of at least one additional dynamic analysis performed for a second geolocation that is distinct from the simulated geolocation. Various other methods, systems, and computer-readable media are also disclosed.
-
公开(公告)号:US11044102B1
公开(公告)日:2021-06-22
申请号:US17006581
申请日:2020-08-28
申请人: NortonLifeLock Inc.
发明人: Qing Li , Stanley Stanton Kiefer , Brian Varner , Jacques Fourie , Samir Kapuria , Scott Wilde
摘要: The disclosed computer-implemented method for detecting certificate pinning may include (i) attempting, by a security network proxy, to break a network connection between a client device and a server device, (ii) detecting, by the security network proxy, whether the network connection between the client device and the server device is certificate pinned based on a result of attempting to break the network connection, and (iii) performing a security action by the security network proxy to protect the client device at least in part based on detecting whether the network connection between the client device and the server device is certificate pinned. Various other methods, systems, and computer-readable media are also disclosed.
-
公开(公告)号:US11032303B1
公开(公告)日:2021-06-08
申请号:US16134109
申请日:2018-09-18
申请人: NortonLifeLock Inc.
IPC分类号: H04L29/06 , G06F16/28 , G06F16/901
摘要: A method for anomaly detection using grouping-based graph summarization is performed by one or more computing devices, each including one or more processors. The method includes identifying a first graph from a stream of incoming graphs, generating a first summary of the first graph, classifying the first summary in a first category, identifying a second graph from the stream of incoming graphs, generating a second summary of the second graph, comparing the first summary with the second summary, mapping the first summary and the second summary to the first category upon determining that the comparing indicates a similarity between the first summary and the second summary satisfies a graph similarity threshold, analyzing a frequency of graphs being mapped to graph categories, the graph categories including at least the first category, and detecting an anomaly in one of the graph categories based at least in part on the analysis.
-
85.发明授权公开(公告)号:US10893058B1
公开(公告)日:2021-01-12
申请号:US14575759
申请日:2014-12-18
申请人: NortonLifeLock Inc.
发明人: Jim Casaburi , Steven P. Stockman
IPC分类号: H04L29/06
摘要: As described, embodiments presented herein provide techniques for detecting malware on computing devices connected to a local network segment by observing the traffic flows of such devices and generating signatures characterizing such traffic flows. Doing so allows instances of malware to be detected on a variety of devices which can be connected to a computing network, but which lack the capability of directly detecting and preventing malware applications from infecting such devices.
-
公开(公告)号:US10812981B1
公开(公告)日:2020-10-20
申请号:US15466156
申请日:2017-03-22
申请人: Symantec Corporation
发明人: Ilya Sokolov , Keith Newstadt
IPC分类号: G08B23/00 , H04W12/12 , H04W4/02 , H04L29/06 , H04B10/116
摘要: The disclosed computer-implemented method for certifying geolocation coordinates of computing devices may include (i) receiving, from a client computing device, a set of geolocation coordinates that purport to identify the physical location of the client computing device, (ii) identifying, in response to receiving the geolocation coordinates, at least one cooperating geolocation device that is within physical proximity to the geolocation coordinates provided by the client computing device, (iii) performing a proximity validation check that demonstrates that the client computing device is within physical proximity to the cooperating geolocation device, and (iv) certifying, based on the proximity validation check, the geolocation coordinates as valid geolocation coordinates. Various other methods, systems, and computer-readable media are also disclosed.
-
公开(公告)号:US10810089B1
公开(公告)日:2020-10-20
申请号:US15665257
申请日:2017-07-31
申请人: Symantec Corporation
发明人: Lei Gu , Ilya Sokolov
摘要: Backup metrics are received from multiple endpoints. Backup baselines are established, based on backup metrics received over a period of time. Each established backup baseline specifies an empirically determined baseline level of backup activity according to specific criteria. Changes in backup behavior are detected, as measured against established backup baselines, based on analyzing received backup metrics. Such changes can be detected by applying a non-supervised machine learning technique to backup metrics. Detected backup behavior changes that meet a corresponding threshold are further analyzed to determine whether to alter corresponding backup activity in response. Backup activity on endpoints can be modified, in response to the analysis. This can take the form of omitting specific files or folders from corresponding backups, or changing default backup configuration(s). For example, a new or modified default backup configuration can be transmitted to one or more endpoints.
-
公开(公告)号:US10803167B1
公开(公告)日:2020-10-13
申请号:US15899384
申请日:2018-02-20
申请人: Symantec Corporation
摘要: The disclosed computer-implemented method for executing application launchers may include (i) creating a security sandbox within an operating system environment, (ii) executing an original application launcher within the security sandbox, and (iii) registering the security sandbox as a new application launcher within the operating system environment such that the original application launcher is still available to a user through the security sandbox and the security sandbox supplements the original application launcher by providing a layer of protection for the user. Various other methods, systems, and computer-readable media are also disclosed.
-
公开(公告)号:US10789363B1
公开(公告)日:2020-09-29
申请号:US16146189
申请日:2018-09-28
申请人: SYMANTEC CORPORATION
发明人: Mehmet Emre Gursoy , Acar Tamersoy
摘要: Identifying and protecting against computer security threats while preserving privacy of individual client devices using condensed local differential privacy (CLDP). In one embodiment, a method may include mapping non-ordinal data values to ordinal data values, generating a first ordering scheme for the ordinal data values, accessing actual non-ordinal data values, converting the actual non-ordinal data values to actual ordinal data values according to the mapping, generating first perturbed ordinal data values by adding noise, and aggregating the first perturbed ordinal data values. The method may also include generating a second ordering scheme for the ordinal data values by denoising and refining the aggregated first perturbed ordinal data values, generating second perturbed ordinal data values by adding noise, aggregating the second perturbed ordinal data values, analyzing the aggregated second perturbed ordinal data values to identify a computer security threat, and in response, thwarting the computer security threat.
-
90.发明授权公开(公告)号:US10783261B1
公开(公告)日:2020-09-22
申请号:US15981266
申请日:2018-05-16
申请人: Symantec Corporation
发明人: Lei Gu , Ilya Sokolov
摘要: The disclosed computer-implemented method for preventing sensitive information exposure based on a surrounding audience may include (1) detecting, from one or more communication devices, surrounding audience data associated with an audience presentation on a presentation device, the audience presentation including sensitive information and non-sensitive information, (2) determining an audience profile based on the surrounding audience data, the audience profile identifying one or more unintended audience members in the surrounding audience, (3) assigning an information exposure policy to the audience presentation based on the audience profile, and (4) performing a security action to enforce the information exposure policy on the presentation device such that the sensitive information is prevented from being exposed to the surrounding audience during the audience presentation. Various other methods, systems, and computer-readable media are also disclosed.
-
-
-
-
-
-
-
-
-
搜索结果
95 条记录 (耗时 0.021 秒)
