-
公开(公告)号:US11010470B2
公开(公告)日:2021-05-18
申请号:US15844453
申请日:2017-12-15
摘要: A system for operating system remediation intercepts input/output (I/O) requests to write to one or more files and stores, as file restore data, (i) a restore copy of the one or more files to the system cache prior to performing write operations of the I/O requests and (ii) identification information for one or more processes or entities making the corresponding I/O requests in the system cache. The system reverts to the restore copy of the one or more files using the file restore data and based at least on a later determination that one or more processes making the corresponding I/O requests was malware. A current version of the one or more files is thereby replaced with the restore copy of the one or more files with improved automatic remediation support and a greater likelihood that data can be restored from the cache in the case of malware attacks.
-
公开(公告)号:US11170107B2
公开(公告)日:2021-11-09
申请号:US15843934
申请日:2017-12-15
发明人: Karthik Selvaraj , Ramprasad Gowrishankar , Gowtham Reddy Animireddygari , Catalin Daniel Sandu
摘要: Methods and devices for recovering data may include receiving an identification of at least one file on the computer device impacted by a cyber threat. The methods and devices may include receiving a last known good time stamp for the at least one file that identifies a point in time prior to the cyber threat. The methods and devices may also include transmitting, to a remote backup provider associated with the at least one file, a restore request to restore the at least one file with restored content based at least on the last known good time stamp. The methods and devices may include receiving, from the remote backup provider, a restored file with the restored content.
-
公开(公告)号:US10963566B2
公开(公告)日:2021-03-30
申请号:US15879593
申请日:2018-01-25
摘要: Implementations described herein disclose a malware sequence detection system for detecting presence of malware in a plurality of events. An implementation of the malware sequence detection includes receiving a sequence of a plurality of events, and detecting presence of a sequence of malware commands within the sequence of a plurality of events by dividing the sequence of plurality of events into a plurality of subsequences, performing sequential subsequence learning on one or more of the plurality of subsequences, and generating a probability of one or more of the plurality of subsequences being a malware based on the output of the sequential subsequence.
-
公开(公告)号:US11368361B2
公开(公告)日:2022-06-21
申请号:US16893901
申请日:2020-06-05
发明人: Matthew Ronald Shadbolt , Michael Joseph Healy , Shweta Jha , Gokhan Ozhan , Adrian Mihail Marinescu , Alemeshet Yismaw Alemu , Karthik Selvaraj , Milind Amrutrao Pawar , Vladimir Soroka , Hayk Hovsepyan , Chaohong Ou , Patanjal Digant Vyas , David Torosyan
IPC分类号: H04L41/0803 , H04L9/08 , H04L9/40
摘要: A system and method for providing stringent tamper resistant protection against changes to key system security features. The tamper protection is configured such that any changes to the policy can only occur from a configuration manager console, thereby preventing local device admin users or other malicious actors from altering the setting. Thus, tamper protection locks the selected service and prevents security settings from being changed through third-party apps and methods. When a system administrator enables the feature for an enterprise's workstations, only administrators will be able to change the service settings across a company's computers. The tamper protection policy is digitally signed in the backend before being deployed to endpoints, and the endpoint verifies the validity and intent of the policy, establishing that it is a signed package that only security operations personnel with the necessary administrator rights can control.
-
公开(公告)号:US11196759B2
公开(公告)日:2021-12-07
申请号:US16453462
申请日:2019-06-26
发明人: Peter A. Thayer , Jagannathan Deepak Manohar , Jason Matthew Conradt , Karthik Selvaraj , Donald J. Ankney
摘要: Embodiments provide for a security information and event management (SIEM) system utilizing distributed agents that can intelligently traverse a network to exfiltrate data in an efficient and secure manner. A plurality of agent devices can dynamically learn behavioral patterns and/or service capabilities of other agent devices in the networking environment, and select optimal routes for exfiltrating event data from within the network. The agent devices can independently, selectively, or collectively pre-process event data for purposes of detecting a suspect event from within the network. When a suspect event is detected, agent devices can select a target device based on the learned service capabilities and networking environment, and communicate the pre-processed event data to the target device. The pre-processed event data is thus traversed through the network along an optimal route until it is exfiltrated from the network and stored on a remote server device for storage and further analysis.
-
公开(公告)号:US10938840B2
公开(公告)日:2021-03-02
申请号:US16160540
申请日:2018-10-15
摘要: Enhanced neural network architectures that enable the determination and employment of association-based or attention-based “interrelatedness” of various portions of the input data are provided. A method of employing an architecture includes receiving a first input data element, a second input element, and a third input element. A first interrelated metric that indicates a degree of interrelatedness between the first input data element and the second input data element is determined. A second interrelated metric is determined. The second interrelated metric indicates a degree of interrelatedness between the first input data element and the third input data element. An interrelated vector is generated based on the first interrelated metric and the second interrelated metric. The neural network is employed to generate an output vector that corresponds to the first input vector and is based on a combination of the first input vector and the interrelated vector.
-
-
-
-
-
搜索结果
6 条记录 (耗时 0.027 秒)
