Loading...
Docoh

NortonLifeLock (NLOK)

200 patents

Page 5 of 10
Utility
Systems and methods for preparing honeypot computer files
8 Jun 21
The disclosed computer-implemented method for preparing honeypot computer files may include (1) identifying, at a computing device, a search term used by a cyber attacker in an electronic search request, (2) identifying, without regard to a search access restriction, a sensitive computer document in search results stemming from the electronic search request, (3) creating, as a security action in response to the electronic search request, a honeypot computer file based on the sensitive computer document and including the identified search term, and (4) placing the honeypot computer file in the search results.
Kevin Roundy, Sandeep Bhatkar, Michael Rinehart, Xiaolin Wang
Filed: 31 Aug 18
Utility
Systems and methods for cross-product malware categorization
1 Jun 21
The disclosed computer-implemented method for cross-product malware categorization may include accessing computer readable media storing an incomplete feature dataset and an incomplete label dataset, determining a correlation between the plurality of features and the plurality of malware labels, and constructing at least one of a complete feature dataset based on the incomplete feature dataset and the correlation and a complete label dataset based on the incomplete label dataset and the correlation.
Yufei Han, Yun Shen
Filed: 21 Mar 18
Utility
Systems and methods for malware classification
1 Jun 21
The disclosed computer-implemented method for malware classification may include receiving dynamic analysis traces that include event descriptions regarding malware programs, and labels regarding classes of malware programs; performing a first mapping of the event descriptions to a first set of vector representations, wherein order of the events is not taken into account by the first mapping; performing a second mapping of the event descriptions to a second set of vector representations, wherein order of the events is taken into account by the second mapping; combining the first set of vector representations and the second set of vector representations into a combined set of vector representations; inputting the combined set of vector representations, along with the labels, into an autoencoder; and training the autoencoder to generate a feature space representation that correlates identified features with classes of malware.
Leyla Bilge, Yufei Han, Oystein Fladby
Filed: 26 Jun 18
Utility
Systems and methods for preventing decentralized malware attacks
1 Jun 21
The disclosed computer-implemented method for preventing decentralized malware attacks may include (i) receiving, by a computing device, node data from a group of nodes over a network, (ii) training a machine learning model by shuffling the node data to generate a set of outputs utilized for predicting malicious data, (iii) calculating a statistical deviation for each output in the set of outputs from an aggregated output for the set of outputs, and (iv) identifying, based on the statistical deviation, an anomalous output in the set of outputs that is associated with one or more of the malicious nodes, the one or more malicious nodes hosting the malicious data.
Yufei Han, Yuzhe Ma, Kevin Roundy, Chris Gates, Yun Shen
Filed: 3 Dec 18
Utility
Real-time detection of privacy leaks based on linguistic features
18 May 21
Methods and systems are provided for detecting privacy leakage risks in text.
Ashwin Kayyoor, Petros Efstathopoulos
Filed: 10 Sep 18
Utility
Memory efficiency of production rule systems
18 May 21
A method for improving memory efficiency of production rule systems is described.
Daniel Marino, Kevin Roundy, Acar Tamersoy, Sandeep Bhatkar
Filed: 13 Jul 17
Utility
Systems and methods for establishing restricted interfaces for database applications
18 May 21
The disclosed computer-implemented method for establishing restricted interfaces for database applications may include analyzing, by a computing device, query behavior of an application for query requests from the application to a remote database in a computer system and identifying, based on the analysis, an expected query behavior for the application.
Daniel Kats, Daniel Marino
Filed: 9 Jan 18
Utility
Detecting abnormal user behavior via temporally regularized tensor factorization
18 May 21
Detecting abnormal user behavior via temporally regularized tensor factorization.
Yufei Han, Xiaolin Wang
Filed: 21 Dec 18
Utility
Systems and methods for enforcing age-based application constraints
11 May 21
The disclosed computer-implemented method for enforcing age-based application constraints may include (1) receiving a selection of age-based use constraints to be associated with one or more applications installed on the computing device, (2) associating the age-based use constraints with the applications, (3) determining that a user attempting to access the applications does not meet the age-based use constraints, and (4) performing a security action that restricts user access to the applications when the user does not meet the age-based use constraints.
Sharad Mhaske, Anand Darak, Anuradha Joshi
Filed: 18 Sep 18
Utility
Reputation-based transaction security
11 May 21
Reputation-based transaction security.
Qubo Song, Joe H. Chen
Filed: 17 Dec 18
Utility
Age-based app lock
27 Apr 21
An entity runs in background mode on a computing device and automatically determines when the current user is attempting to open an age-restricted app.
Anand Darak, Anuradha Joshi
Filed: 26 Sep 18
Utility
Systems and methods for performing micro-segmenting
6 Apr 21
The disclosed computer-implemented method for performing micro-segmenting may include (i) identifying at least a portion of a device, (ii) measuring a variance value that indicates a level of variance in terms of websites accessed by the portion of the device over a period of time, and (iii) locking, in response to determining that the variance value satisfies a threshold level of simplicity, the portion of the device by applying a security profile to the portion of the device that limits the portion of the device to accessing a set of websites that is defined in terms of the websites accessed by the portion of the device over the period of time.
Bruce McCorkendale
Filed: 26 Sep 18
Utility
Systems and methods for recovering an infected endpoint
6 Apr 21
The disclosed computer-implemented method for recovering an infected endpoint may include receiving an acoustic signal having an embedded command for executing a security application at the infected endpoint, decoding the acoustic signal to obtain the embedded command, and executing the embedded command to start a security application at the infected endpoint, where the security application is operable to mitigate the infected endpoint.
Shrikant Pawar, Sharad Mhaske
Filed: 21 Sep 18
Utility
Using security app injection and multi-device licensing to recover device facing denial of access caused by malware infection
30 Mar 21
A mobile computing device is infected by malware which blocks access to the infected device by an authorized user.
Anand Darak, Anuradha Joshi, Pallavi Rajput
Filed: 30 May 18
Utility
Systems and methods for virtual boundary enforcement using network filters
30 Mar 21
The disclosed computer-implemented method for virtual boundary enforcement using network filters may include (i) applying a network filter to network traffic associated with a target computing device, (ii) analyzing data generated by the network filter, (iii) identifying, based on an analysis of the data, a potential violation of a virtual boundary associated with the target computing device, and (iv) in response to identifying the potential violation, performing a security action to enforce the virtual boundary associated with the target computing device.
Lei Gu, Ilya Sokolov
Filed: 13 Dec 18
Utility
Systems and methods for system recovery from a system user interface process malfunction
30 Mar 21
The disclosed computer-implemented method for system recovery from a system user interface process malfunction may include (i) determining that a system user interface (UI) process is executing on the computing device, (ii) determining that a message indicating a malfunction of the system UI process is displayed on the computing device, (iii) identifying a mobile application that was executing on the computing device at a time of the malfunction of the system UI process, and (iv) in response to identifying the mobile application that was executing at the time of the malfunction of the system UI process, performing a security action for recovery from the malfunction of the system UI process.
Sharad Mhaske, Shrikant Pawar
Filed: 18 Dec 18
Utility
Systems and methods for verifying connection integrity
23 Mar 21
The disclosed computer-implemented method for verifying connection integrity may include (i) receiving a request from a client to initiate a connection to a server via a middlebox, (ii) receiving, from the client, via a side protocol executing in parallel with a transport layer security protocol, a request for a certificate for the middlebox, (iii) sending, to the client, via the side protocol, the certificate, (iv) receiving, from the client, via the side protocol, a request for an additional certificate from a device upstream of the middlebox, (v) requesting, from the device upstream of the middlebox, via the side protocol, the additional certificate, (vi) receiving, from the device upstream of the middlebox, via the side protocol, the additional certificate, (vii) sending, to the client, via the side protocol, the additional certificate, and (viii) relaying data via the connection.
Brian Witten, Qing Li, Ronald Frederick, Roelof Du Toit, Susanta Nanda, Saurabh Shintre, Darren Shou
Filed: 24 Mar 17
Utility
Rating communicating entities based on the sharing of insecure content
16 Mar 21
Communications received by a computing device originating from communicating entities that are members of the same group(s) as a user are tracked.
Anuradha Joshi, Anand Darak
Filed: 29 Aug 18
Utility
Systems and methods for dynamically adjusting a backup policy
9 Mar 21
The disclosed computer-implemented method for dynamically adjusting a backup policy may include dynamically adjusting a backup policy may include accessing a media file, evaluating an objective criterion of a difficulty to reproduce the media file to generate a difficulty rating, comparing the difficulty rating of the media file to an existing difficulty rating for at least one previous media file, and adjusting a backup policy for the media file based on the comparison of the difficulty rating.
Lei Gu, Ilya Sokolov
Filed: 6 Sep 18
Utility
Systems and methods for identifying malicious domain names from a passive domain name system server log
9 Mar 21
Disclosed computer-implemented methods for identifying malicious domain names from a passive domain name system server log (DNS log) may include, in some examples, (1) creating a pool of domain names from the DNS log, (2) identifying respective features of each name in the pool, (3) preparing a list of known benign names and respective features of each known benign name, (4) preparing a list of known malicious names and features of each known malicious name, (5) computing a classification model based on (A) the features of each benign name on the list of benign names and (B) the features of each malicious name on the list of malicious names, (6) identifying respective features of an unclassified domain name, and (7) classifying, using the classification model, the unclassified domain name as malicious, based on the respective features of the unclassified domain name.
Leyla Bilge, Pierre-Antoine Vervier
Filed: 25 Jun 18
Patents are sorted by USPTO publication date, most recent first