专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US10452841B1 Modeling malicious behavior that occurs in the absence of users 有权
公开(公告)号：US10452841B1
公开(公告)日：2019-10-22
申请号：US15583077
申请日：2017-05-01
申请人： SYMANTEC CORPORATION
发明人： Acar Tamersoy , Sandeep Bhatkar , Daniel Marino , Kevin Alejandro Roundy
IPC分类号： G06F21/55 , G06N5/04 , G06N20/00
摘要： Systems, apparatuses, methods, and computer readable mediums for modeling malicious behavior that occurs in the absence of users. A system trains an anomaly detection model using attributes associated with a first plurality of events representing system activity on one or more clean machines when users are not present. Next, the system utilizes the trained anomaly detection model to remove benign events from a second plurality of events captured from infected machines when users are not present. Then, the system utilizes malicious events, from the second plurality of events, to train a classifier. Next, the classifier identifies a first set of attributes which are able to predict if an event is caused by malware with a predictive power greater than a threshold.

2. 发明授权

US09148441B1 Systems and methods for adjusting suspiciousness scores in event-correlation graphs 有权
标题翻译：在事件相关图中调整可疑度评分的系统和方法
公开(公告)号：US09148441B1
公开(公告)日：2015-09-29
申请号：US14138891
申请日：2013-12-23
申请人： Symantec Corporation
发明人： Acar Tamersoy , Kevin Roundy , Sandeep Bhatkar , Elias Khalil
IPC分类号： H04L29/06 , G06F21/57
CPC分类号： H04L63/1416 , G06F21/566 , G06F21/567 , G06F21/577 , H04L63/1408 , H04L63/1425 , H04L63/145
摘要： A computer-implemented method for adjusting suspiciousness scores in event-correlation graphs may include (1) detecting a suspicious event involving a first actor and a second actor within a computing system, (2) constructing an event-correlation graph that includes (i) a representation of the first actor, (ii) a representation of the suspicious event, and (iii) a representation of the second actor, and (3) adjusting a suspiciousness score associated with at least one representation in the event-correlation graph based at least in part on a suspiciousness score associated with at least one other representation in the event-correlation graph such that the adjusted suspiciousness score associated with the at least one representation is influenced by the suspicious event. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译：用于调整事件相关图中的可疑度分数的计算机实现的方法可以包括：（1）检测涉及计算系统内的第一行为者和第二行为者的可疑事件，（2）构建事件相关图，其包括（i）第一演员的表示，（ii）可疑事件的表示，以及（iii）第二演员的表示，以及（3）调整与基于事件相关图中的至少一个表示相关联的可疑度分数，其基于至少部分地基于与所述事件相关图中的至少一个其他表示相关联的可疑度分数，使得与所述至少一个表示相关联的调整后的可疑度得分受到所述可疑事件的影响。还公开了各种其它方法，系统和计算机可读介质。

3. 发明授权

US10530805B1 Systems and methods for detecting security incidents 有权
公开(公告)号：US10530805B1
公开(公告)日：2020-01-07
申请号：US15679131
申请日：2017-08-16
申请人： Symantec Corporation
发明人： Acar Tamersoy , Kevin Roundy , Michael Hart , Daniel Kats , Michael Spertus
IPC分类号： H04L29/06
摘要： The disclosed computer-implemented method for detecting security incidents may include (i) collecting, by a security server, security information describing security events detected on at least one client device, (ii) generating, based on the collected security information, a mathematical graph that includes a set of nodes designating machine-windows of data and a set of nodes designating detected security events, (iii) executing a random-walk-with-restart algorithm on the generated mathematical graph to sort the set of nodes designating machine-windows of data in terms of relevance to a set of ground truth nodes that indicate confirmed security threats, and (iv) performing a remedial security action to protect a user in response to detecting a candidate security threat based on sorting the set of nodes designating machine-windows of data by executing the random-walk-with-restart algorithm. Various other methods, systems, and computer-readable media are also disclosed.

4. 发明授权

US10142357B1 Systems and methods for preventing malicious network connections using correlation-based anomaly detection 有权
公开(公告)号：US10142357B1
公开(公告)日：2018-11-27
申请号：US15385963
申请日：2016-12-21
申请人： Symantec Corporation
发明人： Acar Tamersoy , Kevin Roundy
IPC分类号： H04L29/06 , G06N99/00
摘要： The disclosed computer-implemented method may include (i) monitoring computing activity, (ii) detecting, during a specific time period, at least one malicious network connection that involves a computing device within a network, (iii) determining that no malicious network connections involving the computing device were detected during another time period, (iv) identifying a feature of the computing activity that (a) occurred during the specific time period and (b) did not occur during the other time period, (v) determining that the feature is likely indicative of malicious network activity due at least in part to the feature having occurred during the specific time period and not having occurred during the other time period, and in response to detecting the feature at a subsequent point in time, (vi) performing a security action on a subsequent network connection attempted around the subsequent point in time. Various other methods, systems, and computer-readable media are also disclosed.

5. 发明授权

US09323924B1 Systems and methods for establishing reputations of files 有权
标题翻译：建立文件声誉的系统和方法
公开(公告)号：US09323924B1
公开(公告)日：2016-04-26
申请号：US14274420
申请日：2014-05-09
申请人： Symantec Corporation
发明人： Kevin Alejandro Roundy , Acar Tamersoy , Sourabh Satish
IPC分类号： G06F21/55 , G06F11/00
CPC分类号： G06F21/577 , G06F2221/033
摘要： A disclosed method may include (1) tracking the health of a computing system over time by calculating, for each of several time periods, a health metric that indicates the computing system's health during the time period, (2) evaluating the health metrics of the time periods to identify an anomalous time period during which the health of the computing system changed, (3) locating one or more files that were present on the computing system during the anomalous time period and absent from the computing system during one or more other time periods, and (4) basing a reputation for the file(s) on an association between the file(s) and the computing system that includes the anomalous time period and excludes the other time period. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译：所公开的方法可以包括（1）通过针对数个时间段中的每一个计算在该时间段期间指示计算系统的健康状况的健康度量，（2）评估计算系统的健康度量识别计算系统的健康状况发生变化的异常时间段的时间段，（3）在一个或多个其他时间期间，在异常时间期间定位存在于计算系统上的一个或多个文件，并且在计算系统中不存在期间，以及（4）将文件的声誉设置在包含异常时间段的文件和计算系统之间的关联上，并排除另一时间段。还公开了各种其它方法，系统和计算机可读介质。

6. 发明授权

US11469904B1 Systems and methods for authenticating digital media content 有权
公开(公告)号：US11469904B1
公开(公告)日：2022-10-11
申请号：US16360515
申请日：2019-03-21
申请人： Symantec Corporation
发明人： Daniel Kats , Christopher Gates , Acar Tamersoy , Daniel Marino
IPC分类号： H04L9/32 , G06F21/10 , G06F21/60 , H04L9/00
摘要： The disclosed computer-implemented method for authenticating digital media content may include (i) receiving digital media content that has been captured by a capturing device and digitally signed through a cryptoprocessor embedded within the capturing device to provide an assurance of authenticity regarding how the capturing device captured the digital media content, and (ii) encoding an identifier of the received digital media content and a digital signature to an encrypted distributed ledger, the digital signature including at least one of a digital signature of the digital media content by the capturing device or a digital signature of the digital media content by an entity encoding the received digital media content such that the encoding becomes available for subsequent verification through the encrypted distributed ledger. Various other methods, systems, and computer-readable media are also disclosed.

7. 发明授权

US10795999B1 Identifying and protecting against computer security threats while preserving privacy of individual client devices using condensed local differential privacy (CLDP) 有权
公开(公告)号：US10795999B1
公开(公告)日：2020-10-06
申请号：US16146217
申请日：2018-09-28
申请人： SYMANTEC CORPORATION
发明人： Mehmet Emre Gursoy , Acar Tamersoy
IPC分类号： G06F21/00 , G06F21/56 , G06F21/62 , G06F21/55
摘要： Identifying and protecting against computer security threats while preserving privacy of individual client devices using condensed local differential privacy (CLDP). In one embodiment, a method may include accessing an actual data value, generating a perturbed data value by adding noise to the actual data value, aggregating the perturbed data values to at least partially cancel out aggregate noise of the aggregated perturbed data values at a population level, analyzing, using CLDP, the aggregated perturbed data values to identify a computer security threat, and in response, protecting against the computer security threat by performing a remedial action. The amount of noise added to each actual data value may be probabilistically computed such that a probability of noise being added decreases as an amount of added noise increases. The perturbed data values may preserve privacy of the actual data values.

8. 发明授权

US10455085B1 Systems and methods for real-time scam protection on phones 有权
公开(公告)号：US10455085B1
公开(公告)日：2019-10-22
申请号：US16172674
申请日：2018-10-26
申请人： Symantec Corporation
发明人： Kevin Roundy , Mahmood Sharif , Acar Tamersoy
IPC分类号： H04M3/436 , H04W4/16 , H04M3/22 , G10L15/18 , G10L17/26 , H04M1/57 , G10L15/22 , H04M3/533
摘要： The disclosed computer-implemented method for using electronic text information to automatically determine untrustworthy voice calls, at least a portion of the method being performed by a computing device comprising at least one processor, may include (1) during a voice call, receiving, by the computing device, text information representing contents of the voice call, (2) analyzing, by the computing device, the text information representing the contents of the voice call, (3) determining, by the computing device, that the voice call is untrustworthy based on the analysis of the text information, and (4) during the voice call, advising a recipient of the voice call of the determination that the voice call is untrustworthy. Various other methods, systems, and computer-readable media are also disclosed.

9. 发明申请

US20150074806A1 SYSTEMS AND METHODS FOR USING EVENT-CORRELATION GRAPHS TO DETECT ATTACKS ON COMPUTING SYSTEMS 有权
标题翻译：使用事件相关图来检测计算机系统的攻击的系统和方法
公开(公告)号：US20150074806A1
公开(公告)日：2015-03-12
申请号：US14041762
申请日：2013-09-30
申请人： Symantec Corporation
发明人： Kevin Roundy , Fanglu Guo , Sandeep Bhatkar , Tao Cheng , Jie Fu , Zhi Kai Li , Darren Shou , Sanjay Sawhney , Acar Tamersoy , Elias Khalil
IPC分类号： G06F21/55
CPC分类号： G06F21/55 , G06F21/577 , H04L63/1425 , H04L63/1433
摘要： A computer-implemented method for using event-correlation graphs to detect attacks on computing systems may include (1) detecting a suspicious event involving a first actor within a computing system, (2) constructing an event-correlation graph that includes a first node that represents the first actor, a second node that represents a second actor, and an edge that interconnects the first node and the second node and represents a suspicious event involving the first actor and the second actor, (3) calculating, based at least in part on the additional suspicious event, an attack score for the event-correlation graph, (4) determining that the attack score is greater than a predetermined threshold, and (5) determining, based at least in part on the attack score being greater than the predetermined threshold, that the suspicious event may be part of an attack on the computing system. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译：用于使用事件相关图来检测对计算系统的攻击的计算机实现的方法可以包括（1）检测涉及计算系统内的第一actor的可疑事件，（2）构建事件相关图，其包括第一节点，代表第一演员，表示第二演员的第二节点和互连第一节点和第二节点并且表示涉及第一演员和第二演员的可疑事件的边缘，（3）至少部分地计算关于附加的可疑事件，事件相关图的攻击得分，（4）确定攻击得分大于预定阈值，以及（5）至少部分地基于攻击得分大于预定阈值，可疑事件可能是对计算系统的攻击的一部分。还公开了各种其它方法，系统和计算机可读介质。

10. 发明授权

US11295015B1 Identifying and protecting against surveillance apps installed on client devices 有权
公开(公告)号：US11295015B1
公开(公告)日：2022-04-05
申请号：US16286050
申请日：2019-02-26
申请人： SYMANTEC CORPORATION
发明人： Kevin Alejandro Roundy , Acar Tamersoy
IPC分类号： G06F21/56 , G06F21/55 , G06F21/53 , H04L29/06 , G06F8/61
摘要： Identifying and protecting against malicious apps installed on client devices. In some embodiments, a method may include (a) identifying client devices, (b) identifying apps installed on the client devices, (c) assigning each of the apps known to be a malicious app with a highest app suspicion score, (d) assigning each of the other apps as an unknown app with a lowest app suspicion score, (e) assigning each of the client devices with a device suspicion score, (f) assigning each of the unknown apps with an updated app suspicion score, (g) repeating (e), and repeating (f) with a normalization, until the device suspicion scores and the app suspicion scores converge within a convergence threshold, (h) identifying one of the unknown apps as a malicious app, and (i) protecting against the malicious app by directing performance of a remedial action to protect the client device from the malicious app.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式