-
公开(公告)号:US20240311473A1
公开(公告)日:2024-09-19
申请号:US18185136
申请日:2023-03-16
申请人: CrowdStrike, Inc.
发明人: Gabriel Cirlig , Matthew Zavislak , Robert Aron
CPC分类号: G06F21/554 , G06F9/451 , G06F2221/034
摘要: Systems and methods disclosed that receive, from an accessibility service executing on a computing device, screen content that is displayed on a screen of the computing device to a user. The accessibility service is configured to interact with a graphical user interface executing on the computing device to determine the screen content and determine that the screen content includes malicious content. The systems and methods perform an operation, by the computing device, that impedes the user from selecting the malicious content.
-
公开(公告)号:US20240281352A1
公开(公告)日:2024-08-22
申请号:US18110456
申请日:2023-02-16
申请人: CrowdStrike, Inc.
发明人: Andrew Southgate
CPC分类号: G06F11/3065 , G06F11/327
摘要: An artificial intelligence (AI) monitoring service detects, in real time or in near real time, misbehaving AI. The AI monitoring service monitors any of inputs to the AI, incoming/outgoing communications, API calls, inter-service/inter-container activities associated with the AI, and/or an output generated by the AI. Any activity conducted by, or associated with, the AI may be compared to an AI behavior profile defining permissible/impermissible activities. If any activity fails to conform to the AI behavior profile, alerts are sent and threat procedures are implemented. Very early stages of abnormal AI behavior are detected, thus quickly exposing abnormal AI behavior before the artificial intelligence can implement undesirable, or even harmful, actions.
-
公开(公告)号:US20240248983A1
公开(公告)日:2024-07-25
申请号:US18159266
申请日:2023-01-25
申请人: CrowdStrike, Inc.
发明人: Marian Radu , Daniel Radu
IPC分类号: G06F21/55
CPC分类号: G06F21/552 , G06F2221/034
摘要: A security agent configured to utilize a decision validation model for a prediction model of a security agent of the computing device is described herein. The decision validation model includes non-executable data and is utilized by a function of the security agent along with the input vector and decision value of the prediction model as inputs to the decision validation model. The decision validation model then outputs a different decision value from the decision value of the prediction model. The security agent receives the decision validation model from a security service that trains the decision validation model when the prediction model is generating false predictions.
-
公开(公告)号:US20240054209A1
公开(公告)日:2024-02-15
申请号:US17884295
申请日:2022-08-09
申请人: CrowdStrike, Inc.
发明人: Marina Simakov , Eyal Karni , Yaron Zinar
IPC分类号: G06F21/46
CPC分类号: G06F21/46
摘要: Techniques and systems are described for enabling an identity provider to identify a computing device during authentication of a user that uses the computing device, and to do so in a manner that is independent of a browser and/or a client application and/or an operating system on the computing device. For example, upon receiving, from a first identity provider, redirection data to redirect an authentication request to a second identity provider, a security agent executing on the computing device may intercept the authentication request, retrieve data about the computing device, and send the authentication request with the device data to the second identity provider. Upon receiving, from the second identity provider, a signed response to the authentication request, the computing device may send the signed response to the first identity provider to receive a result of the authentication request from the first identity provider.
-
公开(公告)号:US11899786B2
公开(公告)日:2024-02-13
申请号:US16507194
申请日:2019-07-10
申请人: CrowdStrike, Inc.
IPC分类号: G06N3/08 , G06N3/044 , G06F21/55 , G06V30/196
CPC分类号: G06F21/554 , G06N3/044 , G06N3/08 , G06V30/1985 , G06F2221/034
摘要: An event can be analyzed for association with a security violation. Characters or other values of event data (e.g., command-line text) associated with the event can be provided sequentially to a trained representation mapping to determine respective representation vectors. Respective indicators can be determined by applying the vectors to a trained classifer. A token in the event data can be located based on the indicators. The event's can be determined to be associated with a security violation based on the token satisfying a token-security criterion. The representation mapping can be trained by adjusting model parameters so the trained representation predicts, based on a character of training command-line text, an immediately following character in the training command-line text. The classifier can be determined based on the trained representation mapping and classification training data indicating whether respective portions of training event data are associated with security violations.
-
公开(公告)号:US20240007491A1
公开(公告)日:2024-01-04
申请号:US17855360
申请日:2022-06-30
申请人: CrowdStrike, Inc.
IPC分类号: H04L9/40
CPC分类号: H04L63/1425 , H04L63/1441
摘要: Methods and systems for detecting malicious attacks in a network and preventing lateral movement in the network by identity control are disclosed. According to an implementation, a security appliance may receive telemetry data from an endpoint device collected during a period of time. The security appliance may determine a threat behavior based on the telemetry data. The threat behavior may be associated with a user identity or user account. The security appliance further determines one or more additional user identities based on the user identity connected to the threat behavior. The security appliance may enforce one or more security actions on the user identity and the one or more additional user identities to prevent attacks to a plurality of computing domains from the endpoint device using the one or more additional user identities. The security appliance may be implemented on any network participants including servers, cloud device, cloud-based services/platforms, etc.
-
公开(公告)号:US20230421587A1
公开(公告)日:2023-12-28
申请号:US17849537
申请日:2022-06-24
申请人: Crowdstrike, Inc.
IPC分类号: H04L9/40
CPC分类号: H04L63/1425
摘要: A distributed security system includes instances of a compute engine that can receive an event stream comprising event data associated with an occurrence of one or more events on one or more client computing devices and generate new event data based on the event data in the event stream. A predictions engine coupled in communication with the compute engine(s) receives the new event data and applies at least a portion of the received new event data to one or more machine learning models of the distributed security system based to the received new event data. The one or more machine learning models generate a prediction result that indicates whether the occurrence of the one or more events from which the new event data was generated represents one or more target behaviors, based on the applying of at least the portion of the received new event data to the one or more machine learning models according to the received new event data.
-
8.
公开(公告)号:US20230351016A1
公开(公告)日:2023-11-02
申请号:US17733721
申请日:2022-04-29
申请人: CrowdStrike, Inc.
发明人: Marian Radu , Daniel Radu
CPC分类号: G06F21/565 , G06F21/563 , G06F21/552 , G06F21/577
摘要: Methods and systems are provided for a histogram model configuring a computing system to derive an indicator of compromise signature based on a sliding window index of identified malware samples, and a matching rule constructor configuring a computing system to generate matching signatures by selecting statistically relevant n-grams of an unidentified file sample. A matching rule constructor configures the computing system to construct a matching rule including, as a signature, 32 n-grams found in the unidentified file sample which occur most frequently, and another 32 n-grams found in the unidentified file sample which occur least frequently amongst records of the threat database across 32 discrete file size ranges. These functions can configure backend operations to a sample identification operation performed by a user operating a client computing device, in a fashion that does not require a user to manually discern strings from the unidentified file sample to derive a signature for the matching engine to search against the threat database.
-
公开(公告)号:US20230334154A1
公开(公告)日:2023-10-19
申请号:US18213141
申请日:2023-06-22
申请人: CrowdStrike, Inc.
发明人: Radu Cazan , Daniel Radu , Marian Radu
IPC分类号: G06F21/56 , G06F21/55 , G06N3/08 , G06F18/214
CPC分类号: G06F21/56 , G06F21/552 , G06N3/08 , G06F18/214
摘要: Training and use of a byte n-gram embedding model is described herein. A neural network is trained to determine a probability of occurrence associated with a byte n-gram. The neural network includes one or more embedding model layers, at least one of which is configured to output an embedding array of values. The byte n-gram embedding model may be used to generate a hash of received data, to classify the received data with no knowledge of a data structure associated with the received data, to compare the received data to files having a known classification, and/or to generate a signature for the received data.
-
公开(公告)号:US11625484B2
公开(公告)日:2023-04-11
申请号:US16752374
申请日:2020-01-24
申请人: Crowdstrike, Inc.
发明人: Horea Coroiu , Daniel Radu
IPC分类号: G06F21/56 , G06F16/14 , H04L9/40 , H04W12/128 , G06F16/901
摘要: Techniques for searching an inverted index associating byte sequences of a fixed length and files that contain those byte sequences are described herein. Byte sequences comprising a search query are determined and searched in the inverted index, and an intersection of the results is determined and returned as a response to the search query. Further, search queries in the form of expressions including search terms and logical operators are searched in the inverted index and evaluated using a syntax tree constructed based on the logical operators. Also, byte sequences comprising a file are searched in the inverted index and results of the search are used to generate signatures and fuzzy hashes.
-
-
-
-
-
-
-
-
-