-
公开(公告)号:US20240330447A1
公开(公告)日:2024-10-03
申请号:US18343956
申请日:2023-06-29
Applicant: Dell Products L.P.
Inventor: Ofir Ezrielev , Yeh'iel Zohar , Yevgeni Gehtman , Tomer Shachar , Maxim Balin
CPC classification number: G06F21/554 , G06F21/562 , G06F2221/033
Abstract: A bait file owned by a bait process is created and locked in a computing system. Attempts or access the bait file or kill the bait process are detected. The process attempting to access the bait file or kill the bait process is viewed as malicious and protective operations are performed in the computing system. When an attempt to access the bait file is performed, the process attempting to access the bait file and all files related to the process attempting to access the bait file are identified. The related processes are identified using a table that tracks related processes. The protection operations are performed with respect to the process attempting to access the bait file and all related processes.
-
公开(公告)号:US12079757B2
公开(公告)日:2024-09-03
申请号:US18449315
申请日:2023-08-14
Applicant: Sophos Limited
Inventor: Beata Ladnai , Mark D. Harris , Andrew G. P. Smith , Kenneth D. Ray , Andrew J. Thomas , Russell Humphries
IPC: H04L9/40 , G06F9/54 , G06F11/07 , G06F16/955 , G06F17/18 , G06F18/21 , G06F18/214 , G06F18/23213 , G06F18/2413 , G06F21/55 , G06F21/56 , G06N5/01 , G06N5/022 , G06N5/04 , G06N5/046 , G06N7/00 , G06N20/00 , G06N20/20 , G06Q10/0635 , G06Q10/0639 , G06V20/52 , G06Q30/018 , G06Q30/0283
CPC classification number: G06Q10/0635 , G06F9/542 , G06F11/079 , G06F16/955 , G06F17/18 , G06F18/214 , G06F18/2178 , G06F18/23213 , G06F18/24143 , G06F21/554 , G06F21/56 , G06F21/562 , G06F21/565 , G06N5/01 , G06N5/022 , G06N5/04 , G06N5/046 , G06N7/00 , G06N20/00 , G06N20/20 , G06Q10/06395 , G06V20/52 , H04L63/0227 , H04L63/0263 , H04L63/1408 , H04L63/1416 , H04L63/1425 , H04L63/1433 , H04L63/1441 , H04L63/20 , G06Q30/0185 , G06Q30/0283
Abstract: An endpoint coupled in a communicating relationship with an enterprise network may include a data recorder configured to store an event stream of data indicating events on the endpoint including types of changes to computing objects, a filter configured to locally process the event stream into a filtered event stream including a subset of types of changes to the computing objects, and a local security agent. The local security agent may be configured to transmit the filtered event stream to a threat management facility, respond to a filter adjustment from the threat management facility by adjusting the filter to modify the subset of types of changes included in the filtered event stream, and respond to a query from the threat management facility by retrieving data stored in the data recorder over a time window before the query and excluded from the filtered event stream.
-
公开(公告)号:US12079336B2
公开(公告)日:2024-09-03
申请号:US18092083
申请日:2022-12-30
Applicant: Musarubra US LLC
Inventor: Derek Pearcy , Jessica Heinrich , Michael Bishop , Cristian Fiorentino , Jessica Gaskins , Martina Borkowsky
CPC classification number: G06F21/562 , G06F21/552 , G06F21/577 , H04L63/1425
Abstract: A system for securing electronic devices includes a processor, non-transitory machine readable storage medium communicatively coupled to the processor, security applications, and a security controller. The security controller includes computer-executable instructions on the medium that are readable by the processor. The security application is configured to determine a suspicious file from a client using the security applications, identify whether the suspicious file has been encountered by other clients using the security applications, calculate a time range for which the suspicious file has been present on the clients, determine resources accessed by the suspicious file during the time range, and create a visualization of the suspicious file, a relationship between the suspicious file and the clients, the time range, and the resources accessed by the suspicious file during the time range.
-
公开(公告)号:US12050684B2
公开(公告)日:2024-07-30
申请号:US17239511
申请日:2021-04-23
Applicant: VMware, Inc.
Inventor: Jason Zhang , Stefano Ortolani , Giovanni Vigna
IPC: G06F21/56
CPC classification number: G06F21/562 , G06F2221/033
Abstract: The disclosure herein describes the detection of malware campaigns based on analysis of attributes of telemetry data. Telemetry data associated with malware campaign detection includes multiple attributes and is associated with a first time interval. Statistics of a target statistic set are calculated based on a composite time series of the multiple attributes of the telemetry data. The target set is compared to a historical statistic set based on a second time interval and, based on the target set exceeding a statistic threshold of the historical set, peak detection analysis of the target set is performed. Based on the analysis indicating the presence of a valid peak result, a notification of detection of a malware campaign is sent, wherein the notification includes data indicative of the valid peak result and enables a receiver of the notification to take corrective action.
-
公开(公告)号:US20240202334A1
公开(公告)日:2024-06-20
申请号:US18066377
申请日:2022-12-15
Applicant: Nozomi Networks Sagl
Inventor: Alexey KLEYMENOV , Alessandro DI PINTO , Moreno CARULLO , Andrea CARCANO
CPC classification number: G06F21/566 , G06F16/137 , G06F21/562 , H04L9/0643 , G06F2221/034
Abstract: The present invention relates to a method for automatically storing malicious samples, comprising collecting input samples from sample providers relating to malwares and goodwares, parsing each of the input samples to extract metadata relating to each of said input sample, adding the metadata relating to each of said input sample in a metadata database, storing each of the input sample in a sample storage, wherein the adding comprises converting the original hashes of each of the input samples to SHA256 hashes according to a hash mapping table operatively connected to the metadata database, and wherein the storing comprises defining the filename of each of the input samples equal to the corresponding SHA256 hash.
-
Patent Agency Ranking
公开(公告)号:US11995177B2
公开(公告)日:2024-05-28
申请号:US17330478
申请日:2021-05-26
Applicant: Karamba Security Ltd.
Inventor: Assaf Harel , Amiram Dotan , Tal Efraim Ben David , David Barzilai
CPC classification number: G06F21/52 , G06F11/3668 , G06F21/51 , G06F21/562 , G06F21/566 , G06F21/577 , G06F2221/033 , H04L67/12
Abstract: In one implementation, a method for providing security on controllers includes detecting computer-readable code running on a controller, the computer-readable code including code portions that each include instructions to be performed by the controller; identifying a current code portion of the computer-readable code; accessing an in-memory graph that models an operational flow of the computer-readable code, wherein the in-memory graph includes a plurality of nodes, each of the nodes corresponding to one of the code portions and each of the nodes having a risk value for the associated code portion that is a measure of security risk for the associated code portion; identifying the risk value for the current code portion; selecting, from a plurality of available flow control integrity (IMV) schemes, an IMV scheme based on the identified risk value; and applying, to the code portion as the code portion is running on the controller, the selected IMV scheme.
-
公开(公告)号:US11989291B2
公开(公告)日:2024-05-21
申请号:US17361354
申请日:2021-06-29
Applicant: Tulip Tree Technology, LLC
Inventor: Ryan S. Torvik , James A. Connor, Jr.
CPC classification number: G06F21/562 , G06F21/577 , G06F2221/033
Abstract: A system and method for software verification provides a lifting dictionary for each desired computer architecture. The lifting dictionary is used to translate native machine language instructions into descriptive intermediate language instructions. Each descriptive intermediate language instruction is atomic, in that, each descriptive intermediate language instruction changes at most one state of the emulated system. An emulator then runs the descriptive intermediate language instructions with tools that show each change of state after each DIL is emulated.
-
公开(公告)号:US11972252B2
公开(公告)日:2024-04-30
申请号:US17391903
申请日:2021-08-02
Applicant: MICRO FOCUS LLC
Inventor: Qiuxia Song , Yi-Ming Chen , Zhong-Yi Yang , Yangyang Zhao , Lei Xiao
IPC: G06F8/61 , G06F8/65 , G06F8/70 , G06F8/71 , G06F21/44 , G06F8/20 , G06F8/60 , G06F8/656 , G06F21/53 , G06F21/56 , G06F21/57 , H04L9/40
CPC classification number: G06F8/70 , G06F21/44 , G06F8/24 , G06F8/60 , G06F8/63 , G06F8/656 , G06F8/71 , G06F21/53 , G06F21/562 , G06F21/564 , G06F21/566 , G06F21/577 , H04L63/1433 , H04L63/20
Abstract: A docker image is received. The docker image is for a container. The container contains files that allow for virtualization of applications that run within the container. The docker image is parsed to identify layer files in the docker image. Installed software components (e.g., installed files) and/or hardware components in the layer files are identified. Software application index calls are made to generate information that identifies relationships between the installed software components and/or hardware components. The relationships between the installed software components and/or hardware components are then displayed to a user.
-
公开(公告)号:US20240119150A1
公开(公告)日:2024-04-11
申请号:US18483795
申请日:2023-10-10
Applicant: Sophos Limited
Inventor: Joshua Daniel SAXE , Ethan M. RUDD , Richard HARANG
CPC classification number: G06F21/56 , G06F18/214 , G06F18/24 , G06F21/562 , G06F21/563 , G06N3/04 , G06N3/045 , G06N5/01 , G06N20/20
Abstract: An apparatus for detecting malicious files includes a memory and a processor communicatively coupled to the memory. The processor receives multiple potentially malicious files. A first potentially malicious file has a first file format, and a second potentially malicious file has a second file format different than the first file format. The processor extracts a first set of strings from the first potentially malicious file, and extracts a second set of strings from the second potentially malicious file. First and second feature vectors are defined based on lengths of each string from the associated set of strings. The processor provides the first feature vector as an input to a machine learning model to produce a maliciousness classification of the first potentially malicious file, and provides the second feature vector as an input to the machine learning model to produce a maliciousness classification of the second potentially malicious file.
-
公开(公告)号:US11954202B2
公开(公告)日:2024-04-09
申请号:US17320616
申请日:2021-05-14
Applicant: Capital One Services, LLC
Inventor: Farshid Marbouti , Sarvani Kare , Boshika Tara , Stephen Fletcher , Patrick Sofo
CPC classification number: G06F21/562 , G06F21/554 , G06N3/04 , G06N3/045 , G06N3/0464 , G06N3/08 , G06F2221/033
Abstract: In some implementations, a system may receive a shell script associated with a computing device. The system may generate a character frequency feature vector based on the shell script. The system may input text of the shell script to a convolutional neural network (CNN) branch of a trained deep learning model. The system may input the character frequency feature vector to a feedforward neural network (FNN) branch of the trained deep learning model. The system may determine using the trained deep learning model, a respective probability score for each of a plurality of obfuscation types for the shell script based on a combined output of the CNN branch and the FNN branch. The system may detect whether the shell script is obfuscated based on the respective probability score for each of the plurality of obfuscation types determined for the shell script.
-
-
-
-
-
-
-
-
-
Search Results
1290
records
(took 0.023 seconds)
