专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US10452841B1 Modeling malicious behavior that occurs in the absence of users 有权
公开(公告)号：US10452841B1
公开(公告)日：2019-10-22
申请号：US15583077
申请日：2017-05-01
申请人： SYMANTEC CORPORATION
发明人： Acar Tamersoy , Sandeep Bhatkar , Daniel Marino , Kevin Alejandro Roundy
IPC分类号： G06F21/55 , G06N5/04 , G06N20/00
摘要： Systems, apparatuses, methods, and computer readable mediums for modeling malicious behavior that occurs in the absence of users. A system trains an anomaly detection model using attributes associated with a first plurality of events representing system activity on one or more clean machines when users are not present. Next, the system utilizes the trained anomaly detection model to remove benign events from a second plurality of events captured from infected machines when users are not present. Then, the system utilizes malicious events, from the second plurality of events, to train a classifier. Next, the classifier identifies a first set of attributes which are able to predict if an event is caused by malware with a predictive power greater than a threshold.

2. 发明授权

US10200395B1 Systems and methods for automated whitelisting of files 有权
公开(公告)号：US10200395B1
公开(公告)日：2019-02-05
申请号：US15084515
申请日：2016-03-30
申请人： Symantec Corporation
发明人： Kevin Alejandro Roundy , Christopher Gates
IPC分类号： G08B23/00 , G06F12/16 , G06F12/14 , G06F11/00 , H04L29/06
摘要： The disclosed computer-implemented method for automated whitelisting of files may include (1) obtaining telemetry information that identifies files located on a set of computing systems, (2) establishing a whitelist of files for the set of computing systems by, for each file identified by the telemetry information, (A) calculating an amount by which a cost for using the whitelist will increase if the file is included in the whitelist, (B) calculating an amount by which whitelist coverage of files in the set of computing devices will increase if the file is included in the whitelist, (C) determining whether to include the file in the whitelist by balancing the increase in the cost against the increase in whitelist coverage, and (3) using the whitelist to protect the set of computing systems from undesirable files. Various other methods, systems, and computer-readable media are also disclosed.

3. 发明申请

US20170289178A1 SYSTEMS AND METHODS FOR DETECTING SECURITY THREATS 有权
公开(公告)号：US20170289178A1
公开(公告)日：2017-10-05
申请号：US15084522
申请日：2016-03-30
申请人： Symantec Corporation
发明人： Kevin Alejandro Roundy , Michael Hart , Christopher Gates
IPC分类号： H04L29/06
CPC分类号： H04L63/1416 , G06F21/554 , G06F2201/86 , H04L63/1425
摘要： The disclosed computer-implemented method for detecting security threats may include (1) detecting, by a software security program, a security incident at a client device such that the software security program generates a signature report to identify the security incident, (2) querying an association database with the signature report to deduce another signature report that a different software security program would have predictably generated at the client device, the different software security program having been unavailable at the client device at a time of detecting the security incident, and (3) performing at least one protective action to protect the client device from a security threat associated with the security incident based on the other signature report deduced by querying the association database. Various other methods, systems, and computer-readable media are also disclosed.

4. 发明授权

US09485272B1 Systems and methods for estimating confidence scores of unverified signatures 有权
标题翻译：用于估计未验证签名的置信度分数的系统和方法
公开(公告)号：US09485272B1
公开(公告)日：2016-11-01
申请号：US14307477
申请日：2014-06-17
申请人： Symantec Corporation
发明人： Kevin Alejandro Roundy
IPC分类号： H04L29/06 , G06F21/55 , G06F21/56 , G06F21/50
CPC分类号： H04L63/145 , G06F21/50 , G06F21/552 , G06F21/56 , G06F21/564 , G06F21/566 , H04L63/14 , H04L63/1408 , H04L63/1416 , H04L63/1441
摘要： The disclosed computer-implemented method for estimating confidence scores of unverified signatures may include (1) detecting a potentially malicious event that triggers a malware signature whose confidence score is above a certain threshold, (2) detecting another event that triggers another signature whose confidence score is unknown, (3) determining that the potentially malicious event and the other event occurred within a certain time period of one another, and then (4) assigning, to the other signature, a confidence score based at least in part on the potentially malicious event and the other event occurring within the certain time period of one another. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译：用于估计未验证签名的置信度分数的所公开的计算机实现的方法可以包括（1）检测触发其置信度高于某个阈值的恶意软件签名的潜在恶意事件，（2）检测触发另一个事件，未知，（3）确定潜在的恶意事件和其他事件发生在彼此的某个时间段内，然后（4）至少部分地基于潜在恶意的方式向另一签名分配置信度得分事件和另一事件发生在彼此的某个时间段内。还公开了各种其它方法，系统和计算机可读介质。

5. 发明授权

US11295015B1 Identifying and protecting against surveillance apps installed on client devices 有权
公开(公告)号：US11295015B1
公开(公告)日：2022-04-05
申请号：US16286050
申请日：2019-02-26
申请人： SYMANTEC CORPORATION
发明人： Kevin Alejandro Roundy , Acar Tamersoy
IPC分类号： G06F21/56 , G06F21/55 , G06F21/53 , H04L29/06 , G06F8/61
摘要： Identifying and protecting against malicious apps installed on client devices. In some embodiments, a method may include (a) identifying client devices, (b) identifying apps installed on the client devices, (c) assigning each of the apps known to be a malicious app with a highest app suspicion score, (d) assigning each of the other apps as an unknown app with a lowest app suspicion score, (e) assigning each of the client devices with a device suspicion score, (f) assigning each of the unknown apps with an updated app suspicion score, (g) repeating (e), and repeating (f) with a normalization, until the device suspicion scores and the app suspicion scores converge within a convergence threshold, (h) identifying one of the unknown apps as a malicious app, and (i) protecting against the malicious app by directing performance of a remedial action to protect the client device from the malicious app.

6. 发明授权

US10877946B1 Efficient incident response through tree-based visualizations of hierarchical clustering 有权
公开(公告)号：US10877946B1
公开(公告)日：2020-12-29
申请号：US15610505
申请日：2017-05-31
申请人： Symantec Corporation
发明人： David Silva , Matteo Dell'Amico , Kevin Alejandro Roundy , Michael Hart , Christopher Gates
IPC分类号： G06F16/21 , G06F16/248 , G06F16/28 , G06F16/22
CPC分类号： G06F16/211 , G06F16/2246 , G06F16/248 , G06F16/287
摘要： A computer system stores incident records in a database. When a user wants to resolve a particular current incident, the computer system will access the current incident record from an incident queue. The computer system also identifies historical incident records that share one or more attributes with the current incident record. The computer system creates a plurality of clusters from the current incident record and the selected historical incident records. The clusters are then arranged into a hierarchical tree. This hierarchical tree is presented in a graphical user interface. A user can select a node to access additional information for that node. The computer system generates a first suggested response to a particular current incident based on the incident records included in the selected node. The computer system presents the first suggested response to the particular current incident in a graphical user interface.

7. 发明授权

US10579794B1 Securing a network device by automatically identifying files belonging to an application 有权
公开(公告)号：US10579794B1
公开(公告)日：2020-03-03
申请号：US15633245
申请日：2017-06-26
申请人： SYMANTEC CORPORATION
发明人： Christopher Gates , Kyle Soska , Kevin Alejandro Roundy
IPC分类号： G06F21/56 , G06F21/55 , G06F3/06 , H04L29/06 , H04L9/32 , H04L29/08
摘要： Securing a network device by automatically identifying files belonging to an application. In one embodiment, a method may include collecting file attributes for multiple files from multiple network devices, examining a hash of file contents of each of the multiple files to identify multiple unique files in the multiple files, summarizing the file attributes for each of the multiple unique files to generate a sketch of file attributes for each of the multiple unique files, clustering the multiple unique files into multiple applications, making a security action decision for one application of the multiple applications, and performing a security action on a network device based on the security action decision.

8. 发明申请

US20160103992A1 SYSTEMS AND METHODS FOR CLASSIFYING SECURITY EVENTS AS TARGETED ATTACKS 有权
标题翻译：将安全事件分类为有针对性的攻击的系统和方法
公开(公告)号：US20160103992A1
公开(公告)日：2016-04-14
申请号：US14513804
申请日：2014-10-14
申请人： Symantec Corporation
发明人： Kevin Alejandro Roundy , Sandeep Bhatkar
IPC分类号： G06F21/55 , H04L29/06
CPC分类号： G06F21/554 , G06F21/55 , H04L63/1416
摘要： The disclosed computer-implemented method for classifying security events as targeted attacks may include (1) detecting a security event in connection with at least one organization, (2) comparing the security event against a targeted-attack taxonomy that identifies a plurality of characteristics of targeted attacks, (3) determining that the security event is likely targeting the organization based at least in part on comparing the security event against the targeted-attack taxonomy, and then in response to determining that the security event is likely targeting the organization, (4) classifying the security event as a targeted attack. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译：用于将安全事件分类为目标攻击的公开的计算机实现的方法可以包括（1）检测与至少一个组织有关的安全事件，（2）将安全事件与标识多个特征的目标攻击分类法进行比较（3）至少部分地基于将安全事件与目标攻击分类法进行比较来确定安全事件可能针对组织，然后响应于确定安全事件可能针对组织（（ 4）将安全事件分类为有针对性的攻击。还公开了各种其它方法，系统和计算机可读介质。

9. 发明授权

US09256739B1 Systems and methods for using event-correlation graphs to generate remediation procedures 有权
标题翻译：使用事件关联图生成修复程序的系统和方法
公开(公告)号：US09256739B1
公开(公告)日：2016-02-09
申请号：US14221703
申请日：2014-03-21
申请人： Symantec Corporation
发明人： Kevin Alejandro Roundy , Sandeep Bhatkar
IPC分类号： G06F21/55 , H04L29/06 , G06F21/56 , H04L12/24 , G06F21/54
CPC分类号： G06F21/554 , G06F21/54 , G06F21/552 , G06F21/566 , H04L41/0631 , H04L63/1425
摘要： A computer-implemented method for using event-correlation graphs to generate remediation procedures may include (1) detecting a suspicious event involving a first actor within a computing system, (2) constructing, in response to detecting the suspicious event involving the first actor, an event-correlation graph that includes (i) a first node that represents the first actor, (ii) a second node that represents a second actor, and (iii) an edge that interconnects the first node and the second node and represents an additional suspicious event involving the first actor and the second actor, and (3) using the event-correlation graph to generate a procedure for remediating an effect of an attack on the computing system that is reflected in the event-correlation graph. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译：一种用于使用事件相关图来产生修复过程的计算机实现的方法可以包括：（1）检测涉及计算系统内的第一actor的可疑事件，（2）响应于检测到涉及第一actor的可疑事件，事件相关图，其包括（i）表示第一演员的第一节点，（ii）表示第二演员的第二节点，以及（iii）将第一节点和第二节点互连并表示附加的边缘涉及第一演员和第二演员的可疑事件，以及（3）使用事件相关图来生成反映在事件相关图中的针对计算系统的攻击的影响的过程。还公开了各种其它方法，系统和计算机可读介质。

10. 发明授权

US10200369B1 Systems and methods for dynamically validating remote requests within enterprise networks 有权
公开(公告)号：US10200369B1
公开(公告)日：2019-02-05
申请号：US15044708
申请日：2016-02-16
申请人： Symantec Corporation
发明人： Kevin Alejandro Roundy , Christopher Gates , Petrus Johannes Viljoen
IPC分类号： H04L29/06 , H04L29/12 , H04L29/08
摘要： The disclosed computer-implemented method for dynamically validating remote requests within enterprise networks may include (1) receiving, on a target system within an enterprise network, a request to access a portion of the target system from a remote system within the enterprise network, (2) performing a validation operation to determine whether the remote system is trustworthy to access the portion of the target system by (A) querying an enterprise security system to authorize the request from the remote system and (B) receiving, from the enterprise security system in response to the query, a notification indicating whether the remote system is trustworthy to access the portion of the target system, and then (3) determining whether to grant the request based at least in part on the notification received from the enterprise security system as part of the validation operation. Various other methods, systems, and computer-readable media are also disclosed.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式