-
公开(公告)号:US10547623B1
公开(公告)日:2020-01-28
申请号:US15664029
申请日:2017-07-31
申请人: SYMANTEC CORPORATION
摘要: Securing network devices by forecasting future security incidents for a network based on past security incidents. In one embodiment, a method may include constructing past inside-in security features for a network, constructing past outside-in security features for the network, and employing dynamic time warping to generate a similarity score for each security feature pair in the past inside-in security features, in the past outside-in security features, and between the past inside-in security features and the past outside-in security features. The method may further include generating a Coupled Gaussian Latent Variable (CGLV) model based on the similarity scores, forecasting future inside-in security features for the network using the CGLV model, and performing a security action on one or more network devices of the network based on the forecasted future inside-in security features for the network.
-
公开(公告)号:US10437994B1
公开(公告)日:2019-10-08
申请号:US15163720
申请日:2016-05-25
申请人: Symantec Corporation
发明人: Yun Shen , Yufei Han , Pierre-Antoine Vervier
摘要: The disclosed computer-implemented method for determining the reputations of unknown files may include (1) identifying a file that was downloaded by the computing device from an external file host, (2) creating a node that represents the file in a dynamic file relationship graph, (3) connecting the node in the dynamic file relationship graph with at least one other node that represents an attribute of the external file host, and (4) labeling the node with a reputation score calculated based at least in part on a reputation score of the at least one other node that represents the attribute of the external file host. Various other methods, systems, and computer-readable media are also disclosed.
-
公开(公告)号:US09843594B1
公开(公告)日:2017-12-12
申请号:US14525792
申请日:2014-10-28
申请人: Symantec Corporation
发明人: Nathan Evans , Azzedine Benameur , Yun Shen
CPC分类号: H04L63/1425
摘要: The disclosed computer-implemented method for detecting anomalous messages in automobile networks may include (1) receiving automobile-network messages that are expected to be broadcast over an automobile network of an automobile, (2) extracting a set of features from the automobile-network messages, and (3) using the set of features to create a model that is capable of distinguishing expected automobile-network messages from anomalous automobile-network messages. The disclosed computer-implemented method may further include (1) detecting an automobile-network message that has been broadcast over the automobile network, (2) using the model to determine that the automobile-network message is anomalous, and (3) performing a security action in response to determining that the automobile-network message is anomalous. Various other methods, systems, and computer-readable media are also disclosed.
-
公开(公告)号:US11025666B1
公开(公告)日:2021-06-01
申请号:US16207431
申请日:2018-12-03
申请人: Symantec Corporation
发明人: Yufei Han , Yuzhe Ma , Kevin Roundy , Chris Gates , Yun Shen
摘要: The disclosed computer-implemented method for preventing decentralized malware attacks may include (i) receiving, by a computing device, node data from a group of nodes over a network, (ii) training a machine learning model by shuffling the node data to generate a set of outputs utilized for predicting malicious data, (iii) calculating a statistical deviation for each output in the set of outputs from an aggregated output for the set of outputs, and (iv) identifying, based on the statistical deviation, an anomalous output in the set of outputs that is associated with one or more of the malicious nodes, the one or more malicious nodes hosting the malicious data. Various other methods, systems, and computer-readable media are also disclosed.
-
公开(公告)号:US10185838B1
公开(公告)日:2019-01-22
申请号:US15899666
申请日:2018-02-20
申请人: SYMANTEC CORPORATION
发明人: Nathan Evans , Azzedine Benameur , Yun Shen
摘要: A processor-based method to defeat file and process hiding techniques in a computing device is provided. The method includes generating one of a path permutation, a symlink, or an address, for a path to open or obtain status of a tool or function in a library in a mobile computing device and making an open or status call for the tool or function, using the one of the path permutation, symlink or address. The method includes avoiding a pattern match and blocking, by an injected library, of the open or status call, the avoiding being a result of making the open or status call using the path permutation, symlink or address.
-
公开(公告)号:US20190020674A1
公开(公告)日:2019-01-17
申请号:US15647303
申请日:2017-07-12
申请人: Symantec Corporation
发明人: Pierre-Antoine Vervier , Yun Shen
IPC分类号: H04L29/06
摘要: The disclosed computer-implemented method for detecting vulnerabilities on servers may include (i) sending requests to servers for information about services potentially executing on the servers, (ii) receiving, in response to requests, messages from the servers that comprise the information about the services, wherein the set of messages use different formats for transmitting the information, (iii) creating, by analyzing the set of the messages, at least one heuristic that is capable of automatically extracting, from a message, an identifier of a service that executes on a server that sent the message, (iv) extracting, from the message, via the heuristic, the identifier of the service executes on the server that sent the message, and (v) determining, based on the identifier of the service, that the service contributes to a vulnerability on the server that sent the message. Various other methods, systems, and computer-readable media are also disclosed.
-
公开(公告)号:US10146893B1
公开(公告)日:2018-12-04
申请号:US14671036
申请日:2015-03-27
申请人: Symantec Corporation
发明人: Nathan Evans , Azzedine Benameur , Yun Shen
IPC分类号: G06F17/50
摘要: A computer-implemented method for evaluating electronic control units within vehicle emulations may include (1) connecting an actual electronic control unit for a vehicle to a vehicle bus that emulates network traffic rather than actual network traffic generated by operation of the vehicle, (2) manipulating input to the actual electronic control unit to test how safely the actual electronic control unit and the emulated electronic control unit respond to the manipulated input, (3) detecting an output from the actual electronic control unit that indicates a response, from the actual electronic control unit, to manipulating the input, and (4) evaluating a safety level of at least one of the actual electronic control unit and the emulated electronic control unit based on detecting the output from the actual electronic control unit. Various other methods, systems, and computer-readable media are also disclosed.
-
公开(公告)号:US09898272B1
公开(公告)日:2018-02-20
申请号:US14969885
申请日:2015-12-15
申请人: Symantec Corporation
发明人: Azzedine Benameur , Nathan Evans , Yun Shen
CPC分类号: G06F8/65 , G06F8/62 , G06F9/44505 , G06F9/45533
摘要: The present disclosure relates to systems and methods based at least in part on managing electronic device configuration and/or features. In some embodiments, a method may include identifying a first configuration state at a first time; generating a virtual configuration state based at least in part on the first configuration state at the first time; determining a first modification to be made to the first configuration state based at least in part on a first characteristic of a first application; modifying the virtual configuration state based at least in part on the determined first modification; and/or modifying the first configuration state at a second time after the first time based at least in part on the determined first modification.
-
9.发明授权公开(公告)号:US09582669B1
公开(公告)日:2017-02-28
申请号:US14525715
申请日:2014-10-28
申请人: Symantec Corporation
发明人: Yun Shen , Nathan Evans , Azzedine Benameur
CPC分类号: G06F21/60 , G06F21/57 , G06F21/64 , G06F2221/034
摘要: The disclosed computer-implemented method for detecting discrepancies in automobile-network data may include (1) receiving data that indicates at least one attribute of an automobile and that was conveyed via an automobile-network message that was purportedly broadcast over an automobile network of the automobile, (2) receiving additional data that indicates the same attribute of the automobile and that was not conveyed via any automobile-network message that was broadcast over the automobile network, (3) detecting a discrepancy between the data and the additional data, and (4) performing a security action in response to detecting the discrepancy between the data and the additional data. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译: 所公开的用于检测汽车网络数据中的差异的计算机实现的方法可以包括(1)接收指示汽车的至少一个属性的数据,并且经由汽车网络消息传送的汽车网络消息被传送到汽车网络的汽车网络上 汽车,(2)收到指示汽车相同属性的附加数据,并且没有通过汽车网络广播的任何汽车网络信息传送,(3)检测数据与附加数据之间的差异,以及 (4)响应于检测到数据和附加数据之间的差异来执行安全动作。 还公开了各种其它方法,系统和计算机可读介质。
-
10.发明授权公开(公告)号:US11108787B1
公开(公告)日:2021-08-31
申请号:US15940571
申请日:2018-03-29
申请人: SYMANTEC CORPORATION
发明人: Yun Shen , Pierre-Antoine Vervier
摘要: Securing a network device by forecasting an attack event using a recurrent neural network. In one embodiment, a method may include collecting event sequences of events that occurred on multiple network devices, generating training sequences, validation sequences, and test sequences from the event sequences, training a recurrent neural network using the training sequences, the validation sequences, and the test sequences, collecting an event sequence of the most recent events that occurred on a target network device, forecasting, using the recurrent neural network and based on the event sequence of the most recent events that occurred on the target network device, the next event that will occur on the target network device, and in response to the forecasted next event being an attack event, performing a security action to prevent harm to the target network device from the attack event.
-
-
-
-
-
-
-
-
-
搜索结果
29 条记录 (耗时 0.023 秒)
