125 patents
Page 5 of 7
Utility
System and method for protecting a software component running in virtual machine using a virtualization layer
4 May 20
A computing device features one or more hardware processors and a memory that is coupled to the one or more processors.
Udo Steinberg
Filed: 29 Jun 16
Utility
Classifying sets of malicious indicators for detecting command and control communications associated with malware
27 Apr 20
A method for detecting a cyber-attack by performing a first analysis on content within a first portion of a communication to determine whether the content includes a first high quality indicator.
Ali Islam, Zheng Bu
Filed: 22 Jul 18
Utility
Method to detect forgery and exploits using last branch recording registers
13 Apr 20
A method for detecting a ROP attack comprising processing of an object within a virtual machine managed by a virtual machine monitor (VMM), intercepting an attempted execution by the object of an instruction, the instruction stored on a page in memory that is accessed by the virtual machine, responsive to determining the page includes instructions corresponding to one of a predefined set of function calls, (i) inserting a first transition event into the memory at a starting address location of a function call, and (ii) setting a permission of the page to be execute only, and responsive to triggering the first transition event, halting, by the VMM, the processing of the object and analyzing, by logic within the VMM, content of last branch records associated with the virtual machine to determine whether the processing of the object displays characteristics of a ROP attack is shown.
Jonas Pfoh, Phung-Te Ha
Filed: 28 Jun 16
Utility
System and method for virtual analysis of network data
13 Apr 20
A system is provided with one or more virtual machines and a replayer.
Ashar Aziz, Ramesh Radhakrishnan, Osman Ismael
Filed: 4 Mar 18
Utility
Dynamic adaptive defense for cyber-security threats
6 Apr 20
Disclosed is a cyber-security system that is configured to aggregate and unify data from multiple components and platforms on a network.
Bernard Thomas, David Scott, Fred Brott, Paul Smith
Filed: 8 Nov 18
Utility
Distributed malware detection system and submission workflow thereof
6 Apr 20
A submission process for a malware detection system including one or more sensors and a cluster including one or more computing nodes is described.
Alexander Otvagin
Filed: 29 Sep 16
Utility
Intelligent System for Mitigating Cybersecurity Risk by Analyzing Domain Name System Traffic Metrics
1 Apr 20
A system, method and computer-readable medium for mitigating cybersecurity risk by analyzing domain name system (DNS) traffic metrics, including detecting a network communication propagated over a computer network, the network communication comprising a domain identifier, determining DNS traffic metadata corresponding to the domain identifier, the DNS traffic metadata being determined based on monitored DNS traffic associated with the domain identifier to one or more DNS servers, the DNS traffic metadata comprising a count of DNS queries associated with the domain identifier and a rate of DNS queries associated with the domain identifier, determining whether the count of DNS queries and the rate of DNS queries are indicative of a cybersecurity risk, and activating one or more mitigation actions based at least in part on a determination that the count of DNS queries and the rate of DNS queries are indicative of a cybersecurity risk.
Ken BAGNALL, Ralph CASEY, John JENSEN
Filed: 27 Sep 18
Utility
Intelligent System for Mitigating Cybersecurity Risk by Analyzing Domain Name System Traffic
1 Apr 20
A system, method and computer-readable medium for mitigating cybersecurity risk by analyzing domain name system (DNS) traffic, including detecting a network communication propagated over a computer network, the network communication comprising a domain identifier, monitoring DNS traffic to and from one or more DNS servers relating to the domain identifier, the DNS traffic including one or more DNS queries and one or more corresponding responses, extracting information from the monitored DNS traffic to generate a record identifier, updating a DNS metadata record stored in memory and associated with the record identifier based at least in part on the monitored DNS traffic, the DNS metadata record including one or more occurrence metrics associated with instances of the domain identifier in previous DNS traffic, determining whether the one or more occurrence metrics are indicative of a cybersecurity risk, and activating one or more mitigation actions based at least in part on a determination that the one or more occurrence metrics are indicative of the cybersecurity risk.
Ken BAGNALL, Ralph CASEY, John JENSEN
Filed: 27 Sep 18
Utility
Cyber-security system and method for weak indicator detection and correlation to generate strong indicators
23 Mar 20
A method for detecting a cyber-attack is described.
Sundararaman Jeyaraman, Ramaswamy Ramaswamy
Filed: 28 Jun 17
Utility
System and method for managing sensor enrollment
23 Mar 20
Sensor enrollment management is conducted where features and capabilities for one or more broker computing nodes within the cluster are received by an enrollment service operating within a management system.
Mumtaz Siddiqui
Filed: 29 Sep 16
Utility
Detection of credential spearphishing attacks using email analysis
23 Mar 20
A non-transitory computer readable storage medium having stored thereon instructions when executable by a processor perform operations including responsive to receiving an email including a URL, conducting an analysis of the email including: (i) analyzing a header and a body, and (ii) analyzing the URL; analyzing contents of a web page directed to by the URL; generating a score indicating a level of confidence the email is associated with a phishing attack based on at least one of the analysis of the email or the analysis of the contents of the web page; and responsive to the score being below a threshold, virtually processing the web page to determine whether the web page is associated with the phishing attack is shown.
Ali Mesdaq, Abhishek Singh, Varun Jain
Filed: 29 Sep 15
Utility
Secure communications between peers using a verified virtual trusted platform module
16 Mar 20
The embodiments herein are directed to a technique for providing secure communication between nodes of a network environment or within a node of the network using a verified virtual trusted platform module (TPM) of each node.
Osman Abdoul Ismael, Hendrik Tews
Filed: 8 Sep 16
Utility
Technique for malware detection capability comparison of network security devices
9 Mar 20
A testing technique tests and compares malware detection capabilities of network security devices, such as those commercially available from a variety of cyber-security vendors.
Yasir Khalid, Nadeem Shahbaz
Filed: 21 Nov 16
Utility
System and method for bot detection
9 Mar 20
Exemplary systems and methods for detecting a communication channel of a bot.
Ashar Aziz, Wei-Lung Lai, Jayaraman Manni
Filed: 16 Apr 17
Utility
Malicious message analysis system
2 Mar 20
A computerized technique is provided to analyze a message for malware by determining context information from attributes of the message.
Abhishek Singh
Filed: 12 Aug 18
Utility
Malware detection system with contextual analysis
2 Mar 20
A computerized method for detecting malware associated with an object.
Yasir Khalid, Sai Omkar Vashisht, Alexander Otvagin
Filed: 30 Dec 15
Utility
Enhanced malware detection for generated objects
2 Mar 20
A computerized method to identify malicious code generated by seemingly benign objects is described.
Sushant Paithane, Sai Omkar Vashisht
Filed: 18 Jun 17
Utility
System and method to create a number of breakpoints in a virtual machine via virtual machine trapping events
24 Feb 20
A system and method for dynamic software analysis operable to describe program behavior via instrumentation of virtualization events.
Robert Jung, Antony Saba
Filed: 23 Apr 13
Utility
Exploit of privilege detection framework
17 Feb 20
A non-transitory storage medium having stored thereon logic, the logic being executable by one or more processors to perform operations including comparing a current privilege of a first process with an initial privilege of the first process recorded in a privilege list, and responsive to determining a change exists between the current privilege of the first process and the initial privilege of the first process that is greater than a predetermined threshold, determining the first process is operating with the current privilege due to an exploit of privilege attack is shown.
Michael Vincent, Sai Omkar Vashist, Jonas Pfoh
Filed: 28 Jun 16
Utility
System for detecting a presence of malware from behavioral analysis
17 Feb 20
A system for detecting malware is described.
Ashar Aziz
Filed: 31 Jul 16