公开(公告)号：US11271951B1

公开(公告)日：2022-03-08

申请号：US16875614

申请日：2020-05-15

Applicant: Redberry Systems, Inc.

Inventor： Sandeep Khanna ,  Varadarajan Srinivasan ,  Madhavan Bakthavatchalam

IPC: H04L29/06 ,  G06F16/951 ,  H04L69/22

Abstract: Upon receiving malware detection rules that are to be identified with respect to an input traffic stream, a sequence of state definitions are generated for each of the rules. The state definitions for each rule correspond to respective segments of the rule and specify conditions under which a state machine is to transition between search states corresponding to those segments, at least one of the segments corresponding to multiple characters within the input traffic stream. A state machine transitions between search states corresponding to one or more of the rules in accordance with contents of the input traffic stream and the conditions specified by the sequence of state definitions.

公开(公告)号：US10885192B2

公开(公告)日：2021-01-05

申请号：US15791644

申请日：2017-10-24

Applicant: Redberry Systems, Inc.

Inventor： Madhavan Bakthavatchalam ,  Sandeep Khanna ,  Varadarajan Srinivasan

IPC: G06F21/56 ,  H04L29/06

Abstract: Upon receiving malware detection rules that are to be identified with respect to an input traffic stream, a rule database that requires less storage capacity than the malware detection rules is generated by substituting tokens for selected symbol strings within the malware detection rules. A compressed traffic stream is generated by substituting the tokens for instances of the selected symbol strings within the input traffic stream, and then compared with the rule database to determine whether the input traffic stream contains one or more symbol sequences that correspond to any of the malware detection rules.

公开(公告)号：US20230403292A1

公开(公告)日：2023-12-14

申请号：US18235974

申请日：2023-08-21

Applicant: Redberry Systems, Inc.

Inventor： Madhavan BAKTHAVATCHALAM ,  Sandeep KHANNA ,  Varadarajan SRINIVASAN

IPC: H04L9/40 ,  G06N20/00 ,  G06N5/04

CPC classification number: H04L63/1425 ,  H04L63/1416 ,  G06N20/00 ,  G06N5/04

Abstract: This disclosure provides systems, methods and apparatuses for classifying traffic flow using a plurality of learning machines arranged in multiple hierarchical levels. A first learning machine may classify a first portion of the input stream as malicious based on a match with first classification rules, and a second learning machine may classify at least part of the first portion of the input stream as malicious based on a match with second classification rules. The at least part of the first portion of the input stream may be classified as malicious based on the matches in the first and second learning machines.

公开(公告)号：US20230396636A1

公开(公告)日：2023-12-07

申请号：US18235762

申请日：2023-08-18

Applicant: Redberry Systems, Inc.

Inventor： Madhavan BAKTHAVATCHALAM ,  Sandeep KHANNA ,  Varadarajan SRINIVASAN

IPC: H04L9/40 ,  G06N20/00 ,  G06N5/04

CPC classification number: H04L63/1425 ,  H04L63/1416 ,  G06N20/00 ,  G06N5/04

Abstract: This disclosure provides systems, methods and apparatuses for classifying traffic flow using a plurality of learning machines arranged in multiple hierarchical levels. A first learning machine may classify a first portion of the input stream as malicious based on a match with first classification rules, and a second learning machine may classify at least part of the first portion of the input stream as malicious based on a match with second classification rules. The at least part of the first portion of the input stream may be classified as malicious based on the matches in the first and second learning machines.

公开(公告)号：US20210165880A1

公开(公告)日：2021-06-03

申请号：US17109387

申请日：2020-12-02

Applicant: Redberry Systems, Inc.

Inventor： Madhavan Bakthavatchalam ,  Sandeep Khanna ,  Varadarajan Srinivasan

IPC: G06F21/56 ,  H04L29/06

Abstract: Upon receiving malware detection rules that are to be identified with respect to an input traffic stream, a rule database that requires less storage capacity than the malware detection rules is generated by substituting tokens for selected symbol strings within the malware detection rules. A compressed traffic stream is generated by substituting the tokens for instances of the selected symbol strings within the input traffic stream, and then compared with the rule database to determine whether the input traffic stream contains one or more symbol sequences that correspond to any of the malware detection rules.

公开(公告)号：US11770391B1

公开(公告)日：2023-09-26

申请号：US16572581

申请日：2019-09-16

Applicant: Redberry Systems, Inc.

Inventor： Madhavan Bakthavatchalam ,  Sandeep Khanna ,  Varadarajan Srinivasan

IPC: H04L9/40 ,  G06N5/04 ,  G06N20/00

CPC classification number: H04L63/1425 ,  G06N5/04 ,  G06N20/00 ,  H04L63/1416

Abstract: This disclosure provides systems, methods and apparatuses for classifying traffic flow using a plurality of learning machines arranged in multiple hierarchical levels. A first learning machine may classify a first portion of the input stream as malicious based on a match with first classification rules, and a second learning machine may classify at least part of the first portion of the input stream as malicious based on a match with second classification rules. The at least part of the first portion of the input stream may be classified as malicious based on the matches in the first and second learning machines.

公开(公告)号：US10033750B1

公开(公告)日：2018-07-24

申请号：US15832727

申请日：2017-12-05

Applicant: Redberry Systems, Inc.

Inventor： Madhavan Bakthavatchalam ,  Varadarajan Srinivasan ,  Sandeep Khanna

IPC: H04L29/06 ,  H04L12/743 ,  G06F7/02 ,  G06F21/56

Abstract: In a malware detection device, first characters in a network traffic flow are compared with a plurality of entries within a ternary content addressable memory (TCAM), the plurality of entries including a first entry that constitutes a first segment of a malware signature. In response to an output from the first TCAM indicating that the first characters match the first entry, a variable-character expression engine determines whether second characters in the network traffic flow match a first variable-length regular expression, the variable-length regular expression corresponding to a second segment of the malware signature. A comparand value is generated that includes third characters in the network traffic flow and an expression-match value that indicates whether the second characters match the first variable-length regular expression. The TCAM compares the first comparand value with the plurality of entries therein as part of a determination whether the network traffic flow contains the malware signature.

公开(公告)号：US11882142B2

公开(公告)日：2024-01-23

申请号：US18235762

申请日：2023-08-18

Applicant: Redberry Systems, Inc.

Inventor： Madhavan Bakthavatchalam ,  Sandeep Khanna ,  Varadarajan Srinivasan

IPC: H04L9/40 ,  G06N5/04 ,  G06N20/00

CPC classification number: H04L63/1425 ,  G06N5/04 ,  G06N20/00 ,  H04L63/1416

Abstract: This disclosure provides systems, methods and apparatuses for classifying traffic flow using a plurality of learning machines arranged in multiple hierarchical levels. A first learning machine may classify a first portion of the input stream as malicious based on a match with first classification rules, and a second learning machine may classify at least part of the first portion of the input stream as malicious based on a match with second classification rules. The at least part of the first portion of the input stream may be classified as malicious based on the matches in the first and second learning machines.

公开(公告)号：US11714909B2

公开(公告)日：2023-08-01

申请号：US17109387

申请日：2020-12-02

Applicant: Redberry Systems, Inc.

Inventor： Madhavan Bakthavatchalam ,  Sandeep Khanna ,  Varadarajan Srinivasan

IPC: G06F21/56 ,  H04L29/06 ,  H04L9/40

CPC classification number: G06F21/567 ,  G06F21/566 ,  H04L63/0245 ,  H04L63/145 ,  H04L63/1416 ,  H04L63/0263

Abstract: Upon receiving malware detection rules that are to be identified with respect to an input traffic stream, a rule database that requires less storage capacity than the malware detection rules is generated by substituting tokens for selected symbol strings within the malware detection rules. A compressed traffic stream is generated by substituting the tokens for instances of the selected symbol strings within the input traffic stream, and then compared with the rule database to determine whether the input traffic stream contains one or more symbol sequences that correspond to any of the malware detection rules.

公开(公告)号：US10693894B1

公开(公告)日：2020-06-23

申请号：US16247916

申请日：2019-01-15

Applicant: Redberry Systems, Inc.

Inventor： Sandeep Khanna ,  Varadarajan Srinivasan ,  Madhavan Bakthavatchalam

IPC: H04L29/06 ,  G06F16/951

Abstract: Upon receiving malware detection rules that are to be identified with respect to an input traffic stream, a sequence of state definitions are generated for each of the rules. The state definitions for each rule correspond to respective segments of the rule and specify conditions under which a state machine is to transition between search states corresponding to those segments, at least one of the segments corresponding to multiple characters within the input traffic stream. A state machine transitions between search states corresponding to one or more of the rules in accordance with contents of the input traffic stream and the conditions specified by the sequence of state definitions.