Cylance, Inc.

États‑Unis d’Amérique

Retour au propriétaire

1-100 de 200 pour Cylance, Inc. Trier par
Recheche Texte
Affiner par
Type PI
        Brevet 146
        Marque 54
Juridiction
        États-Unis 136
        International 37
        Canada 16
        Europe 11
Date
2023 3
2022 22
2021 10
2020 22
2019 19
Voir plus
Classe IPC
G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus 78
G06N 20/00 - Apprentissage automatique 49
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole 48
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures 25
G06N 3/08 - Méthodes d'apprentissage 24
Voir plus
Classe NICE
09 - Appareils et instruments scientifiques et électriques 43
42 - Services scientifiques, technologiques et industriels, recherche et conception 41
37 - Services de construction; extraction minière; installation et réparation 1
Statut
En Instance 5
Enregistré / En vigueur 195
  1     2     3        Prochaine page

1.

CLUSTERING ANALYSIS FOR DEDUPLICATION OF TRAINING SET SAMPLES FOR MACHINE LEARNING BASED COMPUTER THREAT ANALYSIS

      
Numéro d'application 18179248
Statut En instance
Date de dépôt 2023-03-06
Date de la première publication 2023-06-29
Propriétaire Cylance Inc. (USA)
Inventeur(s) Brock, John

Abrégé

A method, a system, and a computer program product for performing analysis of data to detect presence of malicious code are disclosed. Reduced dimensionality vectors are generated from a plurality of original dimensionality vectors representing features in a plurality of samples. The reduced dimensionality vectors have a lower dimensionality than an original dimensionality of the plurality of original dimensionality vectors. A first plurality of clusters is determined by applying a first clustering algorithm to the reduced dimensionality vectors. A second plurality of clusters is determined by applying a second clustering algorithm to one or more clusters in the first plurality of clusters using the original dimensionality. An exemplar for a cluster in the second plurality of clusters is added to a training set, which is used to train a machine learning model for identifying a file containing malicious code.

Classes IPC  ?

  • G06N 20/00 - Apprentissage automatique
  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
  • G05B 13/02 - Systèmes de commande adaptatifs, c. à d. systèmes se réglant eux-mêmes automatiquement pour obtenir un rendement optimal suivant un critère prédéterminé électriques
  • G06F 18/23 - Techniques de partitionnement
  • G06F 18/28 - Détermination de motifs de référence représentatifs, p.ex. en faisant la moyenne ou en déformant; Génération de dictionnaires
  • G06F 18/232 - Techniques non hiérarchiques

2.

Methods and systems for fingerprinting malicious behavior

      
Numéro d'application 17551537
Numéro de brevet 12061692
Statut Délivré - en vigueur
Date de dépôt 2021-12-15
Date de la première publication 2023-06-15
Date d'octroi 2024-08-13
Propriétaire Cylance Inc. (USA)
Inventeur(s) Paranjape, Sameer Shashikant

Abrégé

Methods and systems for fingerprinting a malicious behavior. In a first stage of training, a coarse machine learning one-class classifier is trained to detect a first dataset of events, the first dataset of events including a dataset of events representing a malicious behavior and a dataset of events representing non-malicious behavior and a benign machine learning one-class classifier is trained to detect a second dataset of events, the second dataset of events excluding the dataset of events representing malicious activity. An ensemble of models including the benign and coarse machine learning one-class classifiers is applied to the first dataset of events to create a third training set representing the malicious behavior for a second stage of training. A final machine learning one-class classifier is trained in the second stage of training using the third training set. The final machine learning one-class classifier represents a fingerprint of the malicious behavior.

Classes IPC  ?

  • G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
  • G06F 18/214 - Génération de motifs d'entraînement; Procédés de Bootstrapping, p.ex. ”bagging” ou ”boosting”
  • G06F 18/2433 - Perspective d'une seule classe, p.ex. une classification "une contre toutes"; Détection de nouveauté; Détection de valeurs aberrantes
  • G06N 20/20 - Techniques d’ensemble en apprentissage automatique

3.

METHODS AND SYSTEMS FOR TRAINING A NEURAL NETWORK BASED ON IMPURE DATA

      
Numéro d'application 17551458
Statut En instance
Date de dépôt 2021-12-15
Date de la première publication 2023-06-15
Propriétaire CYLANCE INC. (USA)
Inventeur(s) Paranjape, Sameer Shashikant

Abrégé

Methods and systems for training a neural network. In a first stage of training, a coarse machine learning one-class classifier is trained using a first training set including a signal and noise and a noise machine learning one-class classifier is trained using a second training set excluding the signal. An assembly of models including the noise machine learning one-class classifier and the coarse machine learning one-class classifier is applied to the first training set to create a third training set representing the signal for a second stage of training. A final machine learning one-class classifier is trained in the second stage of training using the third training set representing the signal.

Classes IPC  ?

  • G06N 3/08 - Méthodes d'apprentissage
  • G06N 20/20 - Techniques d’ensemble en apprentissage automatique

4.

METHODS FOR CONVERTING HIERARCHICAL DATA

      
Numéro d'application 17351018
Statut En instance
Date de dépôt 2021-06-17
Date de la première publication 2022-12-22
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Oliinyk, Yaroslav
  • Beveridge, David Neill
  • Liebson, David Michael
  • Jia, Lichun Lily
  • Petersen, Eric Glen

Abrégé

Systems, methods, and software can be used for securing in-tunnel messages. One example of a method includes obtaining a parsed file that comprises two or more sub-feature trees, and each of the two or more sub-feature trees comprise at least one feature layer that comprises features. The method further includes generating a feature vector that identifies the features in the at least one feature layer for each of the two or more sub-feature trees. The method yet further includes mapping the features in the at least one feature layer for each of the one or more sub-feature trees to a corresponding position in the feature vector. By converting features in the parsed file into a feature vector, the method provides an applicable format of the feature vector in wide applications for the parsed file.

Classes IPC  ?

  • G06N 3/08 - Méthodes d'apprentissage
  • G06K 9/62 - Méthodes ou dispositions pour la reconnaissance utilisant des moyens électroniques
  • G06F 16/28 - Bases de données caractérisées par leurs modèles, p.ex. des modèles relationnels ou objet
  • G06F 16/901 - Indexation; Structures de données à cet effet; Structures de stockage
  • H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système

5.

Indicator centroids for malware handling

      
Numéro d'application 16796843
Numéro de brevet 11501120
Statut Délivré - en vigueur
Date de dépôt 2020-02-20
Date de la première publication 2022-11-15
Date d'octroi 2022-11-15
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Petersen, Eric Glen
  • Hohimer, Michael Alan
  • Luan, Jian
  • Wolff, Matthew
  • Wallace, Brian Michael

Abrégé

An artifact is received and features are extracted therefrom to form a feature vector. Thereafter, a determination is made to alter a malware processing workflow based on a distance of one or more features in the feature vector relative to one or more indicator centroids. Each indicator centroid specifying a threshold distance to trigger an action. Based on such a determination, the malware processing workflow is altered.

Classes IPC  ?

  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
  • G06K 9/62 - Méthodes ou dispositions pour la reconnaissance utilisant des moyens électroniques
  • G06T 7/60 - Analyse des attributs géométriques
  • G06N 3/08 - Méthodes d'apprentissage
  • G06F 16/16 - Opérations sur les fichiers ou les dossiers, p.ex. détails des interfaces utilisateur spécialement adaptées aux systèmes de fichiers
  • G06N 3/04 - Architecture, p.ex. topologie d'interconnexion
  • G06N 20/00 - Apprentissage automatique

6.

Clustering software codes in scalable manner

      
Numéro d'application 17235524
Numéro de brevet 11880391
Statut Délivré - en vigueur
Date de dépôt 2021-04-20
Date de la première publication 2022-10-20
Date d'octroi 2024-01-23
Propriétaire CYLANCE, INC. (USA)
Inventeur(s)
  • Paranjape, Sameer Shashikant
  • Boersma, Bronson
  • Greer, David Alan

Abrégé

Systems, methods, and software can be used to cluster software codes in a scalable manner. In some aspects, a computer-implemented method comprises: obtaining a plurality of software samples; computing one or more first hash results for each of the plurality of software samples; computing one or more second hash results for each of the plurality of software samples based on the one or more first hash results, wherein an amount of the one or more second hash results is less than an amount of the one or more first hash results; determining a similarity output based on the one or more second hash results of two of the plurality of software samples; and clustering the plurality of software samples based on the similarity output to generate one or more software sample clusters.

Classes IPC  ?

  • G06F 16/28 - Bases de données caractérisées par leurs modèles, p.ex. des modèles relationnels ou objet
  • G06F 16/22 - Indexation; Structures de données à cet effet; Structures de stockage

7.

CylanceAVERT

      
Numéro d'application 1683138
Statut Enregistrée
Date de dépôt 2022-07-08
Date d'enregistrement 2022-07-08
Propriétaire Cylance Inc. (USA)
Classes de Nice  ?
  • 09 - Appareils et instruments scientifiques et électriques
  • 42 - Services scientifiques, technologiques et industriels, recherche et conception

Produits et services

Recorded and downloadable computer software for providing cyber-security, endpoint security and data protection and privacy; recorded and downloadable computer software for measuring, assessing, identifying, detecting, analyzing, preventing, and responding to cybersecurity threats, attacks, risks, and vulnerabilities; recorded and downloadable computer software for endpoint security, malware analysis, vulnerability testing, penetration testing, and vulnerability assessment; recorded and downloadable computer software that enable software developers to design, test, deploy, manage, and monitor internet of things (IoT) and machine-to-machine (m2m) devices. Technology consultation in the field of cybersecurity; design and development of computer software; software as a service (SaaS) and platform as a service (PaaS) services featuring software for providing cyber-security, data protection and privacy; providing temporary use of non-downloadable computer software for measuring, assessing, identifying, detecting, analyzing, preventing, and responding to cybersecurity threats, attacks, risks, and vulnerabilities; providing temporary use of on-line non-downloadable computer software for endpoint security, malware analysis, vulnerability testing, penetration testing, and vulnerability assessment; computer software services, namely, development, maintenance, repair, installation, troubleshooting of problems, support in the nature of diagnosing problems, upgrade and updating, authoring, provision of information, consultation, design and customization of computer software and middleware; computer security consultancy; providing temporary use of non-downloadable software for artificial intelligence, analytics based machine learning, and non-downloadable deep learning software, all for the purpose of the design, development, installation, deployment, analysis, monitoring of and maintenance of computer software; platform as a service (PaaS) services featuring computer development platforms that enable software developers to design, test, deploy, manage, and monitor internet of things (IoT) and machine-to-machine (m2m) devices.

8.

CylancePERSONA

      
Numéro d'application 1683140
Statut Enregistrée
Date de dépôt 2022-07-08
Date d'enregistrement 2022-07-08
Propriétaire Cylance Inc. (USA)
Classes de Nice  ?
  • 09 - Appareils et instruments scientifiques et électriques
  • 42 - Services scientifiques, technologiques et industriels, recherche et conception

Produits et services

Recorded and downloadable computer software for providing cyber-security, endpoint security and data protection and privacy; recorded and downloadable computer software for measuring, assessing, identifying, detecting, analyzing, preventing, and responding to cybersecurity threats, attacks, risks, and vulnerabilities; recorded and downloadable computer software for endpoint security, malware analysis, vulnerability testing, penetration testing, and vulnerability assessment; recorded and downloadable computer software that enable software developers to design, test, deploy, manage, and monitor internet of things (IoT) and machine-to-machine (m2m) devices. Technology consultation in the field of cybersecurity; design and development of computer software; software as a service (SaaS) and platform as a service (PaaS) services featuring software for providing cyber-security, data protection and privacy; providing temporary use of non-downloadable computer software for measuring, assessing, identifying, detecting, analyzing, preventing, and responding to cybersecurity threats, attacks, risks, and vulnerabilities; providing temporary use of on-line non-downloadable computer software for endpoint security, malware analysis, vulnerability testing, penetration testing, and vulnerability assessment; computer software services, namely, development, maintenance, repair, installation, troubleshooting of problems, support in the nature of diagnosing problems, upgrade and updating, authoring, provision of information, consultation, design and customization of computer software and middleware; computer security consultancy; providing temporary use of non-downloadable software for artificial intelligence, analytics based machine learning, and non-downloadable deep learning software, all for the purpose of the design, development, installation, deployment, analysis, monitoring of and maintenance of computer software; platform as a service (PaaS) services featuring computer development platforms that enable software developers to design, test, deploy, manage, and monitor internet of things (IoT) and machine-to-machine (m2m) devices.

9.

CylanceGATEWAY

      
Numéro d'application 1683142
Statut Enregistrée
Date de dépôt 2022-07-08
Date d'enregistrement 2022-07-08
Propriétaire Cylance Inc. (USA)
Classes de Nice  ?
  • 09 - Appareils et instruments scientifiques et électriques
  • 42 - Services scientifiques, technologiques et industriels, recherche et conception

Produits et services

Recorded and downloadable computer software for providing cyber-security, endpoint security and data protection and privacy; recorded and downloadable computer software for measuring, assessing, identifying, detecting, analyzing, preventing, and responding to cybersecurity threats, attacks, risks, and vulnerabilities; recorded and downloadable computer software for endpoint security, malware analysis, vulnerability testing, penetration testing, and vulnerability assessment; recorded and downloadable computer software that enable software developers to design, test, deploy, manage, and monitor internet of things (IoT) and machine-to-machine (m2m) devices. Technology consultation in the field of cybersecurity; design and development of computer software; software as a service (SaaS) and platform as a service (PaaS) services featuring software for providing cyber-security, data protection and privacy; providing temporary use of non-downloadable computer software for measuring, assessing, identifying, detecting, analyzing, preventing, and responding to cybersecurity threats, attacks, risks, and vulnerabilities; providing temporary use of on-line non-downloadable computer software for endpoint security, malware analysis, vulnerability testing, penetration testing, and vulnerability assessment; computer software services, namely, development, maintenance, repair, installation, troubleshooting of problems, support in the nature of diagnosing problems, upgrade and updating, authoring, provision of information, consultation, design and customization of computer software and middleware; computer security consultancy; providing temporary use of non-downloadable software for artificial intelligence, analytics based machine learning, and non-downloadable deep learning software, all for the purpose of the design, development, installation, deployment, analysis, monitoring of and maintenance of computer software; platform as a service (PaaS) services featuring computer development platforms that enable software developers to design, test, deploy, manage, and monitor internet of things (IoT) and machine-to-machine (m2m) devices.

10.

CylanceGUARD

      
Numéro d'application 1673558
Statut Enregistrée
Date de dépôt 2022-06-22
Date d'enregistrement 2022-06-22
Propriétaire Cylance Inc. (USA)
Classes de Nice  ? 42 - Services scientifiques, technologiques et industriels, recherche et conception

Produits et services

Providing online non-downloadable software for use in preventing unauthorized access to computer and electronics systems; providing online non-downloadable internet security software; consulting services in the field of downloadable and non-downloadable Internet security software; consulting services in the fields of the design, development, and implementation of computer hardware and software for preventing unauthorized access to computers and electronics systems; consulting services in the field of internet security software.

11.

CYLANCEOPTICS

      
Numéro d'application 1673568
Statut Enregistrée
Date de dépôt 2022-06-22
Date d'enregistrement 2022-06-22
Propriétaire Cylance Inc. (USA)
Classes de Nice  ?
  • 09 - Appareils et instruments scientifiques et électriques
  • 42 - Services scientifiques, technologiques et industriels, recherche et conception

Produits et services

Endpoint detection and response software. Providing online non-downloadable endpoint detection and response software.

12.

CylanceGATEWAY

      
Numéro d'application 220980500
Statut Enregistrée
Date de dépôt 2022-07-08
Date d'enregistrement 2024-03-07
Propriétaire Cylance Inc. (USA)
Classes de Nice  ?
  • 09 - Appareils et instruments scientifiques et électriques
  • 42 - Services scientifiques, technologiques et industriels, recherche et conception

Produits et services

(1) Recorded and downloadable computer software for providing cyber-security, endpoint security and data protection and privacy; recorded and downloadable computer software for measuring, assessing, identifying, detecting, analyzing, preventing, and responding to cybersecurity threats, attacks, risks, and vulnerabilities; recorded and downloadable computer software for endpoint security, malware analysis, vulnerability testing, penetration testing, and vulnerability assessment; recorded and downloadable computer software that enable software developers to design, test, deploy, manage, and monitor internet of things (IoT) and machine-to-machine (m2m) devices. (1) Technology consultation in the field of cybersecurity; design and development of computer software; software as a service (SaaS) and platform as a service (PaaS) services featuring software for providing cyber-security, data protection and privacy; providing temporary use of non-downloadable computer software for measuring, assessing, identifying, detecting, analyzing, preventing, and responding to cybersecurity threats, attacks, risks, and vulnerabilities; providing temporary use of on-line non-downloadable computer software for endpoint security, malware analysis, vulnerability testing, penetration testing, and vulnerability assessment; computer software services, namely, development, maintenance, repair, installation, troubleshooting of problems, support in the nature of diagnosing problems, upgrade and updating, authoring, provision of information, consultation, design and customization of computer software and middleware; computer security consultancy; providing temporary use of non-downloadable software for artificial intelligence, analytics based machine learning, and non-downloadable deep learning software, all for the purpose of the design, development, installation, deployment, analysis, monitoring of and maintenance of computer software; platform as a service (PaaS) services featuring computer development platforms that enable software developers to design, test, deploy, manage, and monitor internet of things (IoT) and machine-to-machine (m2m) devices.

13.

CylancePERSONA

      
Numéro d'application 220980600
Statut Enregistrée
Date de dépôt 2022-07-08
Date d'enregistrement 2024-03-07
Propriétaire Cylance Inc. (USA)
Classes de Nice  ?
  • 09 - Appareils et instruments scientifiques et électriques
  • 42 - Services scientifiques, technologiques et industriels, recherche et conception

Produits et services

(1) Recorded and downloadable computer software for providing cyber-security, endpoint security and data protection and privacy; recorded and downloadable computer software for measuring, assessing, identifying, detecting, analyzing, preventing, and responding to cybersecurity threats, attacks, risks, and vulnerabilities; recorded and downloadable computer software for endpoint security, malware analysis, vulnerability testing, penetration testing, and vulnerability assessment; recorded and downloadable computer software that enable software developers to design, test, deploy, manage, and monitor internet of things (IoT) and machine-to-machine (m2m) devices. (1) Technology consultation in the field of cybersecurity; design and development of computer software; software as a service (SaaS) and platform as a service (PaaS) services featuring software for providing cyber-security, data protection and privacy; providing temporary use of non-downloadable computer software for measuring, assessing, identifying, detecting, analyzing, preventing, and responding to cybersecurity threats, attacks, risks, and vulnerabilities; providing temporary use of on-line non-downloadable computer software for endpoint security, malware analysis, vulnerability testing, penetration testing, and vulnerability assessment; computer software services, namely, development, maintenance, repair, installation, troubleshooting of problems, support in the nature of diagnosing problems, upgrade and updating, authoring, provision of information, consultation, design and customization of computer software and middleware; computer security consultancy; providing temporary use of non-downloadable software for artificial intelligence, analytics based machine learning, and non-downloadable deep learning software, all for the purpose of the design, development, installation, deployment, analysis, monitoring of and maintenance of computer software; platform as a service (PaaS) services featuring computer development platforms that enable software developers to design, test, deploy, manage, and monitor internet of things (IoT) and machine-to-machine (m2m) devices.

14.

CylanceAVERT

      
Numéro d'application 220980700
Statut Enregistrée
Date de dépôt 2022-07-08
Date d'enregistrement 2024-03-07
Propriétaire Cylance Inc. (USA)
Classes de Nice  ?
  • 09 - Appareils et instruments scientifiques et électriques
  • 42 - Services scientifiques, technologiques et industriels, recherche et conception

Produits et services

(1) Recorded and downloadable computer software for providing cyber-security, endpoint security and data protection and privacy; recorded and downloadable computer software for measuring, assessing, identifying, detecting, analyzing, preventing, and responding to cybersecurity threats, attacks, risks, and vulnerabilities; recorded and downloadable computer software for endpoint security, malware analysis, vulnerability testing, penetration testing, and vulnerability assessment; recorded and downloadable computer software that enable software developers to design, test, deploy, manage, and monitor internet of things (IoT) and machine-to-machine (m2m) devices. (1) Technology consultation in the field of cybersecurity; design and development of computer software; software as a service (SaaS) and platform as a service (PaaS) services featuring software for providing cyber-security, data protection and privacy; providing temporary use of non-downloadable computer software for measuring, assessing, identifying, detecting, analyzing, preventing, and responding to cybersecurity threats, attacks, risks, and vulnerabilities; providing temporary use of on-line non-downloadable computer software for endpoint security, malware analysis, vulnerability testing, penetration testing, and vulnerability assessment; computer software services, namely, development, maintenance, repair, installation, troubleshooting of problems, support in the nature of diagnosing problems, upgrade and updating, authoring, provision of information, consultation, design and customization of computer software and middleware; computer security consultancy; providing temporary use of non-downloadable software for artificial intelligence, analytics based machine learning, and non-downloadable deep learning software, all for the purpose of the design, development, installation, deployment, analysis, monitoring of and maintenance of computer software; platform as a service (PaaS) services featuring computer development platforms that enable software developers to design, test, deploy, manage, and monitor internet of things (IoT) and machine-to-machine (m2m) devices.

15.

CYLANCEPERSONA

      
Numéro de série 97485495
Statut Enregistrée
Date de dépôt 2022-07-01
Date d'enregistrement 2023-07-25
Propriétaire Cylance Inc. ()
Classes de Nice  ? 09 - Appareils et instruments scientifiques et électriques

Produits et services

Recorded and downloadable computer software for providing cyber-security, endpoint security and data protection and privacy; recorded and downloadable computer software for measuring, assessing, identifying, detecting, analyzing, preventing, and responding to cybersecurity threats, attacks, risks, and vulnerabilities; recorded and downloadable computer software for endpoint security, malware analysis, vulnerability testing, penetration testing, and vulnerability assessment; recorded and downloadable computer software that enable software developers to design, test, deploy, manage, and monitor internet of things (IoT) and machine-to-machine (m2m) devices

16.

CYLANCEGATEWAY

      
Numéro de série 97485501
Statut Enregistrée
Date de dépôt 2022-07-01
Date d'enregistrement 2023-07-25
Propriétaire Cylance Inc. ()
Classes de Nice  ? 09 - Appareils et instruments scientifiques et électriques

Produits et services

Recorded and downloadable computer software for providing cyber-security, endpoint security and data protection and privacy; recorded and downloadable computer software for measuring, assessing, identifying, detecting, analyzing, preventing, and responding to cybersecurity threats, attacks, risks, and vulnerabilities; recorded and downloadable computer software for endpoint security, malware analysis, vulnerability testing, penetration testing, and vulnerability assessment; recorded and downloadable computer software that enable software developers to design, test, deploy, manage, and monitor internet of things (IoT) and machine-to-machine (m2m) devices

17.

CYLANCEAVERT

      
Numéro de série 97485507
Statut Enregistrée
Date de dépôt 2022-07-01
Date d'enregistrement 2024-02-27
Propriétaire Cylance Inc. ()
Classes de Nice  ? 09 - Appareils et instruments scientifiques et électriques

Produits et services

Recorded and downloadable computer software for providing cyber-security, endpoint security and data protection and privacy; recorded and downloadable computer software for measuring, assessing, identifying, detecting, analyzing, preventing, and responding to cybersecurity threats, attacks, risks, and vulnerabilities; recorded and downloadable computer software for endpoint security, malware analysis, vulnerability testing, penetration testing, and vulnerability assessment; recorded and downloadable computer software that enable software developers to design, test, deploy, manage, and monitor internet of things (IoT) and machine-to-machine (m2m) devices

18.

Statistical data fingerprinting and tracing data similarity of documents

      
Numéro d'application 17132767
Numéro de brevet 11430244
Statut Délivré - en vigueur
Date de dépôt 2020-12-23
Date de la première publication 2022-06-23
Date d'octroi 2022-08-30
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Beveridge, David Neill
  • Liebson, David Michael
  • Oliinyk, Yaroslav

Abrégé

A method and computing device for statistical data fingerprinting and tracing data similarity of documents. The method comprises applying a statistical function to a subset of text in a first document thereby generating a first fingerprint; applying the statistical function to a subset of text in a second document thereby generating a second fingerprint; comparing the first fingerprint to the second fingerprint; and determining that the subset of text in the first document matches the subset of text in the second document based on the first fingerprint threshold matching the second fingerprint, wherein the statistical function is a measure of randomness of a count of each character in a subset of text against an expected distribution of said characters.

Classes IPC  ?

  • G06V 30/418 - Appariement de documents, p.ex. d’images de documents
  • G06K 9/62 - Méthodes ou dispositions pour la reconnaissance utilisant des moyens électroniques
  • G06F 17/18 - Opérations mathématiques complexes pour l'évaluation de données statistiques
  • G06F 40/279 - Reconnaissance d’entités textuelles
  • G06V 10/75 - Appariement de motifs d’image ou de vidéo; Mesures de proximité dans les espaces de caractéristiques utilisant l’analyse de contexte; Sélection des dictionnaires
  • G06F 17/00 - TRAITEMENT ÉLECTRIQUE DE DONNÉES NUMÉRIQUES Équipement ou méthodes de traitement de données ou de calcul numérique, spécialement adaptés à des fonctions spécifiques

19.

CYLANCEGATEWAY

      
Numéro de série 97470754
Statut Enregistrée
Date de dépôt 2022-06-22
Date d'enregistrement 2023-07-25
Propriétaire Cylance Inc. ()
Classes de Nice  ? 42 - Services scientifiques, technologiques et industriels, recherche et conception

Produits et services

Technology consultation in the field of cybersecurity; Design and development of computer software; Software as a service (SaaS) and Platform as a service (PaaS) services featuring software for providing cyber-security, data protection and privacy; Providing temporary use of non-downloadable computer software for measuring, assessing, identifying, detecting, analyzing, preventing, and responding to cybersecurity threats, attacks, risks, and vulnerabilities; Providing temporary use of on-line non-downloadable computer software for endpoint security, malware analysis, vulnerability testing, penetration testing, and vulnerability assessment; computer software services, namely, development, maintenance, repair, installation, troubleshooting of problems, support in the nature of diagnosing problems, upgrade and updating, authoring, provision of information, consultation, design and customization of computer software and middleware; computer security consultancy; providing temporary use of non-downloadable software for artificial intelligence, analytics based machine learning, and non-downloadable deep learning software, all for the purpose of the design, development, installation, deployment, analysis, monitoring of and maintenance of computer software; Platform as a service (PAAS) services featuring computer development platforms that enable software developers to design, test, deploy, manage, and monitor internet of things (IoT) and machine-to-machine (m2m) devices

20.

CYLANCEOPTICS

      
Numéro d'application 219950100
Statut En instance
Date de dépôt 2022-06-22
Propriétaire Cylance Inc. (USA)
Classes de Nice  ?
  • 09 - Appareils et instruments scientifiques et électriques
  • 42 - Services scientifiques, technologiques et industriels, recherche et conception

Produits et services

(1) Endpoint detection and response software. (1) Providing online non-downloadable endpoint detection and response software.

21.

CylanceGUARD

      
Numéro d'application 219950300
Statut En instance
Date de dépôt 2022-06-22
Propriétaire Cylance Inc. (USA)
Classes de Nice  ? 42 - Services scientifiques, technologiques et industriels, recherche et conception

Produits et services

(1) Providing online non-downloadable software for use in preventing unauthorized access to computer and electronics systems; providing online non-downloadable internet security software; consulting services in the field of downloadable and non-downloadable Internet security software; consulting services in the fields of the design, development, and implementation of computer hardware and software for preventing unauthorized access to computers and electronics systems; consulting services in the field of internet security software.

22.

CYLANCEPERSONA

      
Numéro de série 97470713
Statut Enregistrée
Date de dépôt 2022-06-22
Date d'enregistrement 2023-07-25
Propriétaire Cylance Inc. ()
Classes de Nice  ? 42 - Services scientifiques, technologiques et industriels, recherche et conception

Produits et services

Technology consultation in the field of cybersecurity; Design and development of computer software; Software as a service (SaaS) and Platform as a service (PaaS) services featuring software for providing cyber-security, data protection and privacy; Providing temporary use of non-downloadable computer software for measuring, assessing, identifying, detecting, analyzing, preventing, and responding to cybersecurity threats, attacks, risks, and vulnerabilities; Providing temporary use of on-line non-downloadable computer software for endpoint security, malware analysis, vulnerability testing, penetration testing, and vulnerability assessment; computer software services, namely, development, maintenance, repair, installation, troubleshooting of problems, support in the nature of diagnosing problems, upgrade and updating, authoring, provision of information, consultation, design and customization of computer software and middleware; computer security consultancy; providing temporary use of non-downloadable software for artificial intelligence, analytics based machine learning, and non-downloadable deep learning software, all for the purpose of the design, development, installation, deployment, analysis, monitoring of and maintenance of computer software; Platform as a service (PAAS) services featuring computer development platforms that enable software developers to design, test, deploy, manage, and monitor internet of things (IoT) and machine-to-machine (m2m) devices

23.

CYLANCEAVERT

      
Numéro de série 97470734
Statut Enregistrée
Date de dépôt 2022-06-22
Date d'enregistrement 2023-07-25
Propriétaire Cylance Inc. ()
Classes de Nice  ? 42 - Services scientifiques, technologiques et industriels, recherche et conception

Produits et services

Technology consultation in the field of cybersecurity; Design and development of computer software; Software as a service (SaaS) and Platform as a service (PaaS) services featuring software for providing cyber-security, data protection and privacy; Providing temporary use of non-downloadable computer software for measuring, assessing, identifying, detecting, analyzing, preventing, and responding to cybersecurity threats, attacks, risks, and vulnerabilities; Providing temporary use of on-line non-downloadable computer software for endpoint security, malware analysis, vulnerability testing, penetration testing, and vulnerability assessment; computer software services, namely, development, maintenance, repair, installation, troubleshooting of problems, support in the nature of diagnosing problems, upgrade and updating, authoring, provision of information, consultation, design and customization of computer software and middleware; computer security consultancy; providing temporary use of non-downloadable software for artificial intelligence, analytics based machine learning, and non-downloadable deep learning software, all for the purpose of the design, development, installation, deployment, analysis, monitoring of and maintenance of computer software; Platform as a service (PAAS) services featuring computer development platforms that enable software developers to design, test, deploy, manage, and monitor internet of things (IoT) and machine-to-machine (m2m) devices

24.

Bayesian continuous user authentication

      
Numéro d'application 17085984
Numéro de brevet 11544358
Statut Délivré - en vigueur
Date de dépôt 2020-10-30
Date de la première publication 2022-05-05
Date d'octroi 2023-01-03
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Wojnowicz, Michael Thomas
  • Nguyen, Dinh Huu
  • Kohn, Alexander Wolfe

Abrégé

Bayesian continuous user authentication can be obtained by receiving observed behavior data that collectively characterizes interaction of an active user with at least one computing device or software application. A sequence of events within the observed behavior data can be identified and scored using a universal background model that generates first scores that characterize an extent to which each event or history of events is anomalous for a particular population of users. Further, the events are scored using a user model that generates second scores that characterizes an extent to which each event or history of events is anomalous for the particular user who owns the account. The first scores and the second scores are smoothed using a smoothing function. A probability that the active user is the account owner associated with the user model is determined based on the smoothed first scores and the smoothed second scores.

Classes IPC  ?

  • G06F 21/31 - Authentification de l’utilisateur
  • G06N 7/00 - Agencements informatiques fondés sur des modèles mathématiques spécifiques

25.

Computer user authentication using machine learning

      
Numéro d'application 17541110
Numéro de brevet 11893096
Statut Délivré - en vigueur
Date de dépôt 2021-12-02
Date de la première publication 2022-03-24
Date d'octroi 2024-02-06
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Grajek, Garret Florian
  • Lo, Jeffrey
  • Wojnowicz, Michael Thomas
  • Nguyen, Dinh Huu
  • Slawinski, Michael Alan

Abrégé

Systems and methods are described herein for computer user authentication using machine learning. Authentication for a user is initiated based on an identification confidence score of the user. The identification confidence score is based on one or more characteristics of the user. Using a machine learning model for the user, user activity of the user is monitored for anomalous activity to generate first data. Based on the monitoring, differences between the first data and historical utilization data for the user determine whether the user's utilization of the one or more resources is anomalous. When the user's utilization of the one or more resource is anomalous, the user's access to the one or more resource is removed.

Classes IPC  ?

26.

Detecting malware with deep generative models

      
Numéro d'application 16887586
Numéro de brevet 11637858
Statut Délivré - en vigueur
Date de dépôt 2020-05-29
Date de la première publication 2021-12-02
Date d'octroi 2023-04-25
Propriétaire Cylance Inc. (USA)
Inventeur(s) Wojnowicz, Michael Thomas

Abrégé

Features are extracted from an artifact so that a vector can be populated. The vector is then inputted into an anomaly detection model comprising a deep generative model to generate a first score. The first score can characterize the artifact as being malicious or benign to access, execute, or continue to execute. In addition, the vector is inputted into a machine learning-based classification model to generate a second score. The second score can also characterize the artifact as being malicious or benign to access, execute, or continue to execute. The second score is then modified based on the first score to result in a final score. The final score can then be provided to a consuming application or process. Related apparatus, systems, techniques and articles are also described.

Classes IPC  ?

  • H04L 9/40 - Protocoles réseaux de sécurité
  • G06N 7/00 - Agencements informatiques fondés sur des modèles mathématiques spécifiques
  • H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES

27.

Projected vector modification as mitigation for machine learning model string stuffing

      
Numéro d'application 16832778
Numéro de brevet 11604871
Statut Délivré - en vigueur
Date de dépôt 2020-03-27
Date de la première publication 2021-09-30
Date d'octroi 2023-03-14
Propriétaire Cylance Inc. (USA)
Inventeur(s) Petersen, Eric Glen

Abrégé

An artifact is received from which features are extracted so as to populate a vector. The features in the vector can be reduced using a feature reduction operations to result in a modified vector having a plurality of buckets. A presence of predetermined types of features are identified within buckets of the modified vector influencing a score above a pre-determined threshold. A contribution of the identified features within the high influence buckets of the modified vector is then attenuated. The modified vector is input into a classification model to generate a score which can be provided to a consuming application or process. Related apparatus, systems, techniques and articles are also described.

Classes IPC  ?

  • G06F 21/52 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données
  • G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
  • G06N 20/00 - Apprentissage automatique
  • G06N 5/04 - Modèles d’inférence ou de raisonnement

28.

Projected vector overflow penalty as mitigation for machine learning model string stuffing

      
Numéro d'application 16798120
Numéro de brevet 11636202
Statut Délivré - en vigueur
Date de dépôt 2020-02-21
Date de la première publication 2021-08-26
Date d'octroi 2023-04-25
Propriétaire Cylance Inc. (USA)
Inventeur(s) Petersen, Eric Glen

Abrégé

An artifact is received from which features are extracted and used to populate a vector. The features in the vector are then reduced using a feature reduction operation to result in a modified vector having a plurality of buckets. Features within the buckets of the modified vector above a pre-determined projected bucket clipping threshold are then identified. Using the identified features, and overflow vector is then generated. The modified vector is then input into a classification model to generate a score. This score is adjusted based on the overflow vector and can then be provided to a consuming application or process. Related apparatus, systems, techniques and articles are also described.

Classes IPC  ?

  • G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
  • G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
  • G06N 20/00 - Apprentissage automatique
  • G06N 5/00 - Agencements informatiques utilisant des modèles fondés sur la connaissance
  • G06N 5/04 - Modèles d’inférence ou de raisonnement

29.

Machine learning model for analysis of instruction sequences

      
Numéro d'application 17127908
Numéro de brevet 11797826
Statut Délivré - en vigueur
Date de dépôt 2020-12-18
Date de la première publication 2021-08-19
Date d'octroi 2023-10-24
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Zhao, Xuan
  • Wolff, Matthew
  • Brock, John
  • Wallace, Brian
  • Wortman, Andy
  • Luan, Jian
  • Azarafrooz, Mahdi
  • Davis, Andrew
  • Wojnowicz, Michael
  • Soeder, Derek
  • Beveridge, David
  • Petersen, Eric
  • Jin, Ming
  • Permeh, Ryan

Abrégé

A system is provided for classifying an instruction sequence with a machine learning model. The system may include at least one processor and at least one memory. The memory may include program code that provides operations when executed by the at least one processor. The operations may include: processing an instruction sequence with a trained machine learning model configured to detect one or more interdependencies amongst a plurality of tokens in the instruction sequence and determine a classification for the instruction sequence based on the one or more interdependencies amongst the plurality of tokens; and providing, as an output, the classification of the instruction sequence. Related methods and articles of manufacture, including computer program products, are also provided.

Classes IPC  ?

  • G06N 3/044 - Réseaux récurrents, p.ex. réseaux de Hopfield
  • G06N 20/00 - Apprentissage automatique
  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus

30.

Machine learning model score obfuscation using step function, position-dependent noise

      
Numéro d'application 16951943
Numéro de brevet 11113579
Statut Délivré - en vigueur
Date de dépôt 2020-11-18
Date de la première publication 2021-03-11
Date d'octroi 2021-09-07
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Buckingham, Hailey
  • Beveridge, David N.

Abrégé

An artefact is received. Features are extracted from this artefact which are, in turn, used to populate a vector. The vector is then input into a classification model to generate a score. The score is then modified using a step function so that the true score is not obfuscated. Thereafter, the modified score can be provided to a consuming application or process. Related apparatus, systems, techniques and articles are also described.

Classes IPC  ?

  • G06K 9/62 - Méthodes ou dispositions pour la reconnaissance utilisant des moyens électroniques
  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
  • G06N 20/10 - Apprentissage automatique utilisant des méthodes à noyaux, p.ex. séparateurs à vaste marge [SVM]

31.

Prevention of hash-based API importing

      
Numéro d'application 16953154
Numéro de brevet 11403231
Statut Délivré - en vigueur
Date de dépôt 2020-11-19
Date de la première publication 2021-03-11
Date d'octroi 2022-08-02
Propriétaire Cylance Inc. (USA)
Inventeur(s) Tang, Jeffrey

Abrégé

Hash-based application programming interface (API) importing can be prevented by allocating a name page and a guard page in memory. The name page and the guard page being associated with (i) an address of names array, (ii) an address of name ordinal array, and (iii) an address of functions array that are all generated by an operating system upon initiation of an application. The name page can then be filled with valid non-zero characters. Thereafter, protections on the guard page can be changed to no access. An entry is inserted into the address of names array pointing to a relative virtual address corresponding to anywhere within the name page. Access to the guard page causes the requesting application to terminate. Related apparatus, systems, techniques and articles are also described.

Classes IPC  ?

  • G06F 12/00 - Accès à, adressage ou affectation dans des systèmes ou des architectures de mémoires
  • G06F 12/1018 - Traduction d'adresses avec tables de pages, p.ex. structures de table de page impliquant des techniques de hachage, p.ex. tables de page inversée
  • G06F 9/30 - Dispositions pour exécuter des instructions machines, p.ex. décodage d'instructions
  • G06F 9/54 - Communication interprogramme
  • G06F 9/50 - Allocation de ressources, p.ex. de l'unité centrale de traitement [UCT]

32.

Prevention of hash-based API importing

      
Numéro d'application 16516827
Numéro de brevet 10909042
Statut Délivré - en vigueur
Date de dépôt 2019-07-19
Date de la première publication 2021-01-21
Date d'octroi 2021-02-02
Propriétaire Cylance Inc. (USA)
Inventeur(s) Tang, Jeffrey

Abrégé

Hash-based application programming interface (API) importing can be prevented by allocating a name page and a guard page in memory. The name page and the guard page being associated with (i) an address of names array, (ii) an address of name ordinal array, and (iii) an address of functions array that are all generated by an operating system upon initiation of an application. The name page can then be filled with valid non-zero characters. Thereafter, protections on the guard page can be changed to no access. An entry is inserted into the address of names array pointing to a relative virtual address corresponding to anywhere within the name page. Access to the guard page causes the requesting application to terminate. Related apparatus, systems, techniques and articles are also described.

Classes IPC  ?

  • G06F 12/00 - Accès à, adressage ou affectation dans des systèmes ou des architectures de mémoires
  • G06F 12/1018 - Traduction d'adresses avec tables de pages, p.ex. structures de table de page impliquant des techniques de hachage, p.ex. tables de page inversée
  • G06F 9/50 - Allocation de ressources, p.ex. de l'unité centrale de traitement [UCT]
  • G06F 9/30 - Dispositions pour exécuter des instructions machines, p.ex. décodage d'instructions
  • G06F 9/54 - Communication interprogramme

33.

Memory space protection

      
Numéro d'application 17031616
Numéro de brevet 11409669
Statut Délivré - en vigueur
Date de dépôt 2020-09-24
Date de la première publication 2021-01-14
Date d'octroi 2022-08-09
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Norris, Michael Ray
  • Soeder, Derek A.

Abrégé

Executable memory space is protected by receiving, from a process, a request to configure a portion of memory with a memory protection attribute that allows the process to perform at least one memory operation on the portion of the memory. Thereafter, the request is responded to with a grant, configuring the portion of memory with a different memory protection attribute than the requested memory protection attribute. The different memory protection attribute restricting the at least one memory operation from being performed by the process on the portion of the memory. In addition, it is detected when the process attempts, in accordance with the grant, the at least one memory operation at the configured portion of memory. Related systems and articles of manufacture, including computer program products, are also disclosed.

Classes IPC  ?

  • G06F 12/14 - Protection contre l'utilisation non autorisée de mémoire
  • G06F 21/79 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du stockage de données dans les supports de stockage à semi-conducteurs, p.ex. les mémoires adressables directement
  • G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès

34.

Centroid for improving machine learning classification and info retrieval

      
Numéro d'application 17024439
Numéro de brevet 11568185
Statut Délivré - en vigueur
Date de dépôt 2020-09-17
Date de la première publication 2021-01-07
Date d'octroi 2023-01-31
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Luan, Jian
  • Wolff, Matthew
  • Wallace, Brian Michael

Abrégé

Centroids are used for improving machine learning classification and information retrieval. A plurality of files are classified as malicious or not malicious based on a function dividing a coordinate space into at least a first portion and a second portion such that the first portion includes a first subset of the plurality of files classified as malicious. One or more first centroids are defined in the first portion that classify files from the first subset as not malicious. A file is determined to be malicious based on whether the file is located within the one or more first centroids.

Classes IPC  ?

  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
  • G06K 9/62 - Méthodes ou dispositions pour la reconnaissance utilisant des moyens électroniques
  • G06T 7/60 - Analyse des attributs géométriques
  • G06N 20/00 - Apprentissage automatique
  • G06F 16/16 - Opérations sur les fichiers ou les dossiers, p.ex. détails des interfaces utilisateur spécialement adaptées aux systèmes de fichiers
  • G06N 3/04 - Architecture, p.ex. topologie d'interconnexion
  • G06N 3/08 - Méthodes d'apprentissage

35.

Endpoint detection and response system with endpoint-based artifact storage

      
Numéro d'application 17029996
Numéro de brevet 11528282
Statut Délivré - en vigueur
Date de dépôt 2020-09-23
Date de la première publication 2021-01-07
Date d'octroi 2022-12-13
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Strong, Homer Valentine
  • Permeh, Ryan
  • Oswald, Samuel John

Abrégé

Each of a plurality of endpoint computer systems monitors data relating to a plurality of events occurring within an operating environment of the corresponding endpoint computer system. The monitoring can include receiving and/or inferring the data using one or more sensors executing on the endpoint computer systems Thereafter, for each endpoint computer system, artifacts used in connection with the events are stored in a vault maintained on such endpoint computer system. A query is later received by at least a subset of the plurality of endpoint computer systems from a server. Such endpoint computer systems, in response, identify and retrieve artifacts within the corresponding vaults response to the query. Results responsive to the query including or characterizing the identified artifacts is then provided by the endpoint computer systems receiving the query to the server.

Classes IPC  ?

  • H04L 9/40 - Protocoles réseaux de sécurité
  • G06N 5/04 - Modèles d’inférence ou de raisonnement
  • G06N 20/00 - Apprentissage automatique
  • G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
  • G06F 21/31 - Authentification de l’utilisateur
  • G06F 16/28 - Bases de données caractérisées par leurs modèles, p.ex. des modèles relationnels ou objet
  • H04L 43/04 - Traitement des données de surveillance capturées, p.ex. pour la génération de fichiers journaux

36.

Machine learning model score obfuscation using multiple classifiers

      
Numéro d'application 16399665
Numéro de brevet 11586975
Statut Délivré - en vigueur
Date de dépôt 2019-04-30
Date de la première publication 2020-11-05
Date d'octroi 2023-02-21
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Beveridge, David N.
  • Buckingham, Hailey

Abrégé

An artefact is received. Thereafter, features are extracted from the artefact and a vector is populated. Later, one of a plurality of available classification models is selected. The classification models use different scoring paradigms while providing the same or substantially similar classifications. The vector is input into the selected classification model to generate a score. The score is later provided to a consuming application or process. The classification model can characterize the artefact as being malicious or benign to access, execute, or continue to execute so that appropriate remedial action can be taken or initiated by the consuming application or process. Related apparatus, systems, techniques and articles are also described.

Classes IPC  ?

  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
  • G06F 21/14 - Protection des logiciels exécutables contre l’analyse de logiciel ou l'ingénierie inverse, p.ex. par masquage
  • G06N 20/00 - Apprentissage automatique
  • G06N 5/048 - Inférence floue

37.

Machine learning model score obfuscation using step function, position-dependent noise

      
Numéro d'application 16399677
Numéro de brevet 10963752
Statut Délivré - en vigueur
Date de dépôt 2019-04-30
Date de la première publication 2020-11-05
Date d'octroi 2021-03-30
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Buckingham, Hailey
  • Beveridge, David N.

Abrégé

An artefact is received. Features are extracted from this artefact which are, in turn, used to populate a vector. The vector is then input into a classification model to generate a score. The score is then modified using a step function so that the true score is not obfuscated. Thereafter, the modified score can be provided to a consuming application or process. Related apparatus, systems, techniques and articles are also described.

Classes IPC  ?

  • G06K 9/62 - Méthodes ou dispositions pour la reconnaissance utilisant des moyens électroniques
  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
  • G06N 20/10 - Apprentissage automatique utilisant des méthodes à noyaux, p.ex. séparateurs à vaste marge [SVM]

38.

Machine learning model score obfuscation using time-based score oscillations

      
Numéro d'application 16399718
Numéro de brevet 11580442
Statut Délivré - en vigueur
Date de dépôt 2019-04-30
Date de la première publication 2020-11-05
Date d'octroi 2023-02-14
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Buckingham, Hailey
  • Beveridge, David N.

Abrégé

An artefact is received. Features are later extracted from the artefact and are used to populate a vector. The vector is input into a classification model to generate a score. This score is then modified using a time-based oscillation function and is provided to a consuming application or process. Related apparatus, systems, techniques and articles are also described.

Classes IPC  ?

  • G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
  • G06N 20/00 - Apprentissage automatique

39.

Machine learning model score obfuscation using coordinated interleaving

      
Numéro d'application 16399735
Numéro de brevet 11562290
Statut Délivré - en vigueur
Date de dépôt 2019-04-30
Date de la première publication 2020-11-05
Date d'octroi 2023-01-24
Propriétaire Cylance Inc. (USA)
Inventeur(s) Buckingham, Hailey

Abrégé

An artefact is received. Features are extracted from this artefact which are, in turn, used to populate a vector. The vector is then input into a classification model to generate a score. The score is then modified to result in a modified score by interleaving the generated score or a mapping thereof into digits of a pseudo-score. Thereafter, the modified score can be provided to a consuming application or process. Related apparatus, systems, techniques and articles are also described.

Classes IPC  ?

  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
  • G06N 20/00 - Apprentissage automatique
  • G06N 5/04 - Modèles d’inférence ou de raisonnement

40.

MACHINE LEARNING MODEL SCORE OBFUSCATION USING STEP-FUNCTION, POSITION-DEPENDENT NOISE

      
Numéro d'application US2020030247
Numéro de publication 2020/223222
Statut Délivré - en vigueur
Date de dépôt 2020-04-28
Date de publication 2020-11-05
Propriétaire CYLANCE INC. (USA)
Inventeur(s)
  • Buckingham, Hailey
  • Beveridge, David, N.

Abrégé

An artefact is received. Features are extracted from this artefact which are, in turn, used to populate a vector. The vector is then input into a classification model to generate a score. The score is then modified using a step function so that the true score is not obfuscated. Thereafter, the modified score can be provided to a consuming application or process. Related apparatus, systems, techniques and articles are also described.

Classes IPC  ?

  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
  • H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
  • G06N 3/02 - Réseaux neuronaux

41.

SYSTEM ABNORMALITY DETECTION USING SIGNAL FINGERPRINTING

      
Numéro d'application US2020030257
Numéro de publication 2020/223227
Statut Délivré - en vigueur
Date de dépôt 2020-04-28
Date de publication 2020-11-05
Propriétaire CYLANCE INC. (USA)
Inventeur(s)
  • Walthinsen, Erik
  • Carey, Mark
  • Bathurst, Donald

Abrégé

Systems, methods, and devices are described herein for detecting abnormalities within a system based on signal fingerprinting. A plurality of electrical signals are concurrently received from a transceiver over a time period. The time period is partitioned into a plurality of sampling windows. An electrical signal of the plurality of electrical signals is sequentially selected. For the sequentially selected electrical signal, a temporal snapshot of said electrical signal is iteratively captured over a sampling window of the plurality of sampling windows. This iterative capturing is repeated for remaining sampling windows of the plurality of sampling windows. Each captured temporal snapshot is temporally concatenated over the time period according to its respective temporal position of the time period to generate the signal fingerprint.

Classes IPC  ?

  • G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
  • G06F 21/85 - Protection des dispositifs de saisie, d’affichage de données ou d’interconnexion dispositifs d’interconnexion, p.ex. les dispositifs connectés à un bus ou les dispositifs en ligne
  • H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole

42.

Communications bus signal fingerprinting

      
Numéro d'application 16932335
Numéro de brevet 11316870
Statut Délivré - en vigueur
Date de dépôt 2020-07-17
Date de la première publication 2020-11-05
Date d'octroi 2022-04-26
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Bathurst, Donald
  • Carey, Mark

Abrégé

Systems are provided herein for communications bus signal fingerprinting. A security module monitors a plurality of voltage lines of at least one electronic control unit (ECU) electrically coupled to a communications bus. A voltage differential across at least two of the plurality of voltage lines of the at least one ECU is measured. The voltage differential is compared to a plurality of predetermined signal fingerprints associated with the at least one ECU. A variance in the compared voltage differential is identified relative to one or more of the plurality of predetermined signal fingerprints. Data characterizing the identified variance is provided.

Classes IPC  ?

  • H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole

43.

Machine learning model score obfuscation using vector modification techniques

      
Numéro d'application 16399701
Numéro de brevet 10997471
Statut Délivré - en vigueur
Date de dépôt 2019-04-30
Date de la première publication 2020-11-05
Date d'octroi 2021-05-04
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Beveridge, David N.
  • Buckingham, Hailey

Abrégé

An artefact is received. Features from such artefact are extracted and then populated in a vector. Subsequently, one of a plurality of available dimension reduction techniques are selected. Using the selected dimension reduction technique, the features in the vector are reduced. The vector is then input into a classification model and the score can be provided to a consuming application or process. Related apparatus, systems, techniques and articles are also described.

Classes IPC  ?

  • G06K 9/62 - Méthodes ou dispositions pour la reconnaissance utilisant des moyens électroniques
  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
  • G06N 20/10 - Apprentissage automatique utilisant des méthodes à noyaux, p.ex. séparateurs à vaste marge [SVM]
  • G06N 3/00 - Agencements informatiques fondés sur des modèles biologiques
  • G06F 21/14 - Protection des logiciels exécutables contre l’analyse de logiciel ou l'ingénierie inverse, p.ex. par masquage
  • G06N 3/04 - Architecture, p.ex. topologie d'interconnexion

44.

System abnormality detection using signal fingerprinting

      
Numéro d'application 16399812
Numéro de brevet 11182477
Statut Délivré - en vigueur
Date de dépôt 2019-04-30
Date de la première publication 2020-11-05
Date d'octroi 2021-11-23
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Walthinsen, Erik
  • Carey, Mark
  • Bathurst, Donald

Abrégé

Systems, methods, and devices are described herein for detecting abnormalities within a system based on signal fingerprinting. A plurality of electrical signals are concurrently received from a transceiver over a time period. The time period is partitioned into a plurality of sampling windows. An electrical signal of the plurality of electrical signals is sequentially selected. For the sequentially selected electrical signal, a temporal snapshot of said electrical signal is iteratively captured over a sampling window of the plurality of sampling windows. This iterative capturing is repeated for remaining sampling windows of the plurality of sampling windows. Each captured temporal snapshot is temporally concatenated over the time period according to its respective temporal position of the time period to generate the signal fingerprint.

Classes IPC  ?

  • G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
  • H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole

45.

Endpoint detection and response utilizing machine learning

      
Numéro d'application 16882309
Numéro de brevet 11494490
Statut Délivré - en vigueur
Date de dépôt 2020-05-22
Date de la première publication 2020-09-10
Date d'octroi 2022-11-08
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Kashyap, Rahul Chander
  • Kotov, Vadim Dmitriyevich
  • Oswald, Samuel John
  • Strong, Homer Valentine

Abrégé

A plurality of events associated with each of a plurality of computing nodes that form part of a network topology are monitored. The network topology includes antivirus tools to detect malicious software prior to it accessing one of the computing nodes. Thereafter, it is determined that, using at least one machine learning model, at least one of the events is indicative of malicious activity that has circumvented or bypassed the antivirus tools. Data is then provided that characterizes the determination. Related apparatus, systems, techniques and articles are also described.

Classes IPC  ?

  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
  • G06N 20/00 - Apprentissage automatique
  • H04L 9/40 - Protocoles réseaux de sécurité
  • G06F 21/53 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par exécution dans un environnement restreint, p.ex. "boîte à sable" ou machine virtuelle sécurisée
  • G06N 3/00 - Agencements informatiques fondés sur des modèles biologiques

46.

Machine learning model for malware dynamic analysis

      
Numéro d'application 16867440
Numéro de brevet 11556648
Statut Délivré - en vigueur
Date de dépôt 2020-05-05
Date de la première publication 2020-08-20
Date d'octroi 2023-01-17
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Zhao, Xuan
  • Kapoor, Aditya
  • Wolff, Matthew
  • Davis, Andrew
  • Soeder, Derek A.
  • Permeh, Ryan

Abrégé

In some implementations there may be provided a system. The system may include a processor and a memory. The memory may include program code which causes operations when executed by the processor. The operations may include analyzing a series of events contained in received data. The series of events may include events that occur during the execution of a data object. The series of events may be analyzed to at least extract, from the series of events, subsequences of events. A machine learning model may determine a classification for the received data. The machine learning model may classify the received data based at least on whether the subsequences of events are malicious. The classification indicative of whether the received data is malicious may be provided. Related methods and articles of manufacture, including computer program products, are also disclosed.

Classes IPC  ?

  • H04L 9/40 - Protocoles réseaux de sécurité
  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
  • G06N 3/08 - Méthodes d'apprentissage
  • G06N 20/00 - Apprentissage automatique
  • G06N 3/04 - Architecture, p.ex. topologie d'interconnexion
  • G06N 5/02 - Représentation de la connaissance; Représentation symbolique
  • G06N 7/00 - Agencements informatiques fondés sur des modèles mathématiques spécifiques
  • G06F 3/048 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI]
  • G06N 5/00 - Agencements informatiques utilisant des modèles fondés sur la connaissance
  • G06N 20/20 - Techniques d’ensemble en apprentissage automatique
  • G06N 20/10 - Apprentissage automatique utilisant des méthodes à noyaux, p.ex. séparateurs à vaste marge [SVM]

47.

Password-less software system user authentication

      
Numéro d'application 16862219
Numéro de brevet 11709922
Statut Délivré - en vigueur
Date de dépôt 2020-04-29
Date de la première publication 2020-08-13
Date d'octroi 2023-07-25
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Grajek, Garret Florian
  • Lo, Jeffrey
  • Strong, Homer Valentine
  • Dai, Wulun

Abrégé

Data is received as part of an authentication procedure to identify a user. Such data characterizes a user-generated biometric sequence that is generated by the user interacting with at least one input device according to a desired biometric sequence. Thereafter, using the received data and at least one machine learning model trained using empirically derived historical data generated by a plurality of user-generated biometric sequences (e.g., historical user-generated biometric sequences according to the desired biometric sequence, etc.), the user is authenticated if an output of the at least one machine learning model is above a threshold. Data can be provided that characterizes the authenticating. Related apparatus, systems, techniques and articles are also described.

Classes IPC  ?

  • H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
  • G06N 5/022 - Ingénierie de la connaissance; Acquisition de la connaissance
  • G06F 21/40 - Authentification de l’utilisateur sous réserve d’un quorum, c. à d. avec l’intervention nécessaire d’au moins deux responsables de la sécurité
  • G06K 9/62 - Méthodes ou dispositions pour la reconnaissance utilisant des moyens électroniques
  • G06F 21/32 - Authentification de l’utilisateur par données biométriques, p.ex. empreintes digitales, balayages de l’iris ou empreintes vocales
  • H04L 9/40 - Protocoles réseaux de sécurité
  • G06F 21/36 - Authentification de l’utilisateur par représentation graphique ou iconique
  • H04W 12/68 - Sécurité dépendant du contexte dépendant des gestes ou des comportements

48.

Container file analysis using machine learning model

      
Numéro d'application 16861026
Numéro de brevet 11283818
Statut Délivré - en vigueur
Date de dépôt 2020-04-28
Date de la première publication 2020-08-13
Date d'octroi 2022-03-22
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Zhao, Xuan
  • Wolff, Matthew
  • Brock, John
  • Wallace, Brian Michael
  • Wortman, Andy
  • Luan, Jian
  • Azarafrooz, Mahdi
  • Davis, Andrew
  • Wojnowicz, Michael Thomas
  • Soeder, Derek A.
  • Beveridge, David N.
  • Oliinyk, Yaroslav
  • Permeh, Ryan

Abrégé

A system is provided for training a machine learning model to detect malicious container files. The system may include at least one processor and at least one memory. The memory may include program code which when executed by the at least one processor provides operations including: processing a container file with a trained machine learning model, wherein the trained machine learning is trained to determine a classification for the container file indicative of whether the container file includes at least one file rendering the container file malicious; and providing, as an output by the trained machine learning model, an indication of whether the container file includes the at least one file rendering the container file malicious. Related methods and articles of manufacture, including computer program products, are also disclosed.

Classes IPC  ?

  • H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
  • G06N 3/08 - Méthodes d'apprentissage
  • G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
  • G06N 20/10 - Apprentissage automatique utilisant des méthodes à noyaux, p.ex. séparateurs à vaste marge [SVM]
  • G06N 3/04 - Architecture, p.ex. topologie d'interconnexion

49.

Malware detection

      
Numéro d'application 16826033
Numéro de brevet 11928213
Statut Délivré - en vigueur
Date de dépôt 2020-03-20
Date de la première publication 2020-07-09
Date d'octroi 2024-03-12
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Davis, Andrew
  • Wolff, Matthew
  • Soeder, Derek A.
  • Chisholm, Glenn
  • Permeh, Ryan

Abrégé

In one respect, there is provided a system for training a neural network adapted for classifying one or more scripts. The system may include at least one processor and at least one memory. The memory may include program code which when executed by the at least one memory provides operations including: receiving a disassembled binary file that includes a plurality of instructions; processing the disassembled binary file with a convolutional neural network configured to detect a presence of one or more sequences of instructions amongst the plurality of instructions and determine a classification for the disassembled binary file based at least in part on the presence of the one or more sequences of instructions; and providing, as an output, the classification of the disassembled binary file. Related computer-implemented methods are also disclosed.

Classes IPC  ?

  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
  • G06N 3/08 - Méthodes d'apprentissage

50.

Deployment of machine learning models for discernment of threats

      
Numéro d'application 16813529
Numéro de brevet 11113398
Statut Délivré - en vigueur
Date de dépôt 2020-03-09
Date de la première publication 2020-07-02
Date d'octroi 2021-09-07
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Harms, Kristopher William
  • Song, Renee
  • Rajamani, Raj
  • Rusell, Braden
  • Sohn, Yoojin
  • Ipsen, Kiefer

Abrégé

A mismatch between model-based classifications produced by a first version of a machine learning threat discernment model and a second version of a machine learning threat discernment model for a file is detected. The mismatch is analyzed to determine appropriate handling for the file, and taking an action based on the analyzing. The analyzing includes comparing a human-generated classification status for a file, a first model version status that reflects classification by the first version of the machine learning threat discernment model, and a second model version status that reflects classification by the second version of the machine learning threat discernment model. The analyzing can also include allowing the human-generated classification status to dominate when it is available.

Classes IPC  ?

  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
  • G06N 20/00 - Apprentissage automatique
  • G06F 21/51 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade du chargement de l’application, p.ex. en acceptant, en rejetant, en démarrant ou en inhibant un logiciel exécutable en fonction de l’intégrité ou de la fiabilité de la source
  • H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
  • G06F 3/048 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI]

51.

Machine learning classification using Markov modeling

      
Numéro d'application 16804904
Numéro de brevet 11381580
Statut Délivré - en vigueur
Date de dépôt 2020-02-28
Date de la première publication 2020-06-25
Date d'octroi 2022-07-05
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Luan, Jian
  • Soeder, Derek A.

Abrégé

Systems, methods, and articles of manufacture, including computer program products, are provided for classification systems and methods using modeling. In some example embodiments, there is provided a system that includes at least one processor and at least one memory including program code which when executed by the at least one memory provides operations. The operations can include generating a representation of a sequence of sections of a file and/or determining, from a model including conditional probabilities, a probability for each transition between at least two sequential sections in the representation. The operations can further include classifying the file based on the probabilities for each transition.

Classes IPC  ?

  • H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
  • H04L 9/40 - Protocoles réseaux de sécurité
  • G06N 3/04 - Architecture, p.ex. topologie d'interconnexion
  • G06N 20/00 - Apprentissage automatique
  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
  • G06N 7/00 - Agencements informatiques fondés sur des modèles mathématiques spécifiques

52.

Detection of malware using feature hashing

      
Numéro d'application 16799419
Numéro de brevet 11188650
Statut Délivré - en vigueur
Date de dépôt 2020-02-24
Date de la première publication 2020-06-18
Date d'octroi 2021-11-30
Propriétaire Cylance Inc. (USA)
Inventeur(s) Davis, Andrew

Abrégé

Data is analyzed using feature hashing to detect malware. A plurality of features in a feature set is hashed. The feature set is generated from a sample. The sample includes at least a portion of a file. Based on the hashing, one or more hashed features are indexed to generate an index vector. Each hashed feature corresponds to an index in the index vector. Using the index vector, a training dataset is generated. Using the training dataset, a machine learning model for identifying at least one file having a malicious code is trained.

Classes IPC  ?

  • H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
  • G06N 5/02 - Représentation de la connaissance; Représentation symbolique
  • G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
  • G06N 20/00 - Apprentissage automatique

53.

Artefact classification using xenospace centroids

      
Numéro d'application 16219616
Numéro de brevet 11386308
Statut Délivré - en vigueur
Date de dépôt 2018-12-13
Date de la première publication 2020-06-18
Date d'octroi 2022-07-12
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Beveridge, David N.
  • Buckingham, Hailey
  • Oliinyk, Yaroslav
  • Petersen, Eric

Abrégé

An artefact is received and parsed into a plurality of observations. A first subset of the observations are inputted into a machine learning model trained using historical data to classify the artefact. In addition, a second subset of the observations are inputted into a xenospace centroid configured to classify the artefact. Thereafter, the artefact is classified based on a combination of an output of the machine learning model and an output of xenospace centroid. Related apparatus, systems, techniques and articles are also described.

Classes IPC  ?

  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
  • G06K 9/62 - Méthodes ou dispositions pour la reconnaissance utilisant des moyens électroniques
  • G06N 20/00 - Apprentissage automatique

54.

ARTEFACT CLASSIFICATION USING XENOSPACE CENTROIDS

      
Numéro d'application US2019066286
Numéro de publication 2020/123979
Statut Délivré - en vigueur
Date de dépôt 2019-12-13
Date de publication 2020-06-18
Propriétaire CYLANCE INC. (USA)
Inventeur(s)
  • Beveridge, David, Neill
  • Buckingham, Hailey, Kristina
  • Oliinyk, Yaroslav
  • Petersen, Eric, Glen

Abrégé

An artefact is received and parsed into a plurality of observations. A first subset of the observations are inputted into a machine learning model trained using historical data to classify the artefact. In addition, a second subset of the observations are inputted into a xenospace centroid configured to classify the artefact. Thereafter, the artefact is classified based on a combination of an output of the machine learning model and an output of xenospace centroid. Related apparatus, systems, techniques and articles are also described.

Classes IPC  ?

  • G06N 20/20 - Techniques d’ensemble en apprentissage automatique

55.

Verifying user identity through human / computer interaction

      
Numéro d'application 16183411
Numéro de brevet 11095642
Statut Délivré - en vigueur
Date de dépôt 2018-11-07
Date de la première publication 2020-05-07
Date d'octroi 2021-08-17
Propriétaire Cylance Inc. (USA)
Inventeur(s) Mitzimberg, Justin A.

Abrégé

An identity of a user on a first computing node of a plurality of nodes within a computing environment is authenticated. A first authentication score for the user is calculated at the first computing node using at least one machine learning model. The first authentication score characterize interactions of the user with the first computing node. Subsequent to such authentication, traversal of the user from the first computing node to other computing nodes among the plurality of computing nodes are monitored. An authentication score characterizing interactions of the user with the corresponding computing node are calculated at each of the nodes using respective machine learning models executing on such nodes The respective machine learning models use, as an attribute, an authentication score calculated at a previously traversed computing node. Thereafter, an action is initiated at one of the computing nodes based on the calculated authentication scores.

Classes IPC  ?

  • H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
  • G06N 99/00 - Matière non prévue dans les autres groupes de la présente sous-classe
  • G06N 20/00 - Apprentissage automatique
  • G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures

56.

Anomaly based malware detection

      
Numéro d'application 16661933
Numéro de brevet 11210394
Statut Délivré - en vigueur
Date de dépôt 2019-10-23
Date de la première publication 2020-02-20
Date d'octroi 2021-12-28
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Wojnowicz, Michael
  • Wolff, Matthew
  • Kapoor, Aditya

Abrégé

In one respect, there is provided a system for training a neural network adapted for classifying one or more scripts. The system may include at least one processor and at least one memory. The memory may include program code that provides operations when executed by the at least one processor. The operations may include: reducing a dimensionality of a plurality of features representative of a file set; determining, based at least on a reduced dimensional representation of the file set, a distance between a file and the file set; and determining, based at least on the distance between the file and the file set, a classification for the file. Related methods and articles of manufacture, including computer program products, are also provided.

Classes IPC  ?

  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
  • G06N 7/00 - Agencements informatiques fondés sur des modèles mathématiques spécifiques

57.

Training a machine learning model for container file analysis

      
Numéro d'application 16663252
Numéro de brevet 11188646
Statut Délivré - en vigueur
Date de dépôt 2019-10-24
Date de la première publication 2020-02-20
Date d'octroi 2021-11-30
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Zhao, Xuan
  • Wolff, Matthew
  • Brock, John
  • Wallace, Brian
  • Wortman, Andy
  • Luan, Jian
  • Azarafrooz, Mahdi
  • Davis, Andrew
  • Wojnowicz, Michael
  • Soeder, Derek
  • Beveridge, David
  • Oliinyk, Yaroslav
  • Permeh, Ryan

Abrégé

In one respect, there is provided a system for training a machine learning model to detect malicious container files. The system may include at least one processor and at least one memory. The at least one memory may include program code that provides operations when executed by the at least one processor. The operations may include: training, based on a training data, a machine learning model to enable the machine learning model to determine whether at least one container file includes at least one file rendering the at least one container file malicious; and providing the trained machine learning model to enable the determination of whether the at least one container file includes at least one file rendering the at least one container file malicious. Related methods and articles of manufacture, including computer program products, are also disclosed.

Classes IPC  ?

  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
  • G06F 21/50 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation
  • G06N 20/20 - Techniques d’ensemble en apprentissage automatique
  • G06N 20/10 - Apprentissage automatique utilisant des méthodes à noyaux, p.ex. séparateurs à vaste marge [SVM]
  • G06N 20/00 - Apprentissage automatique
  • G06N 3/04 - Architecture, p.ex. topologie d'interconnexion

58.

Centroid for improving machine learning classification and info retrieval

      
Numéro d'application 16534683
Numéro de brevet 10810470
Statut Délivré - en vigueur
Date de dépôt 2019-08-07
Date de la première publication 2019-11-28
Date d'octroi 2020-10-20
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Luan, Jian
  • Wolff, Matthew
  • Wallace, Brian

Abrégé

Centroids are used for improving machine learning classification and information retrieval. A plurality of files are classified as malicious or not malicious based on a function dividing a coordinate space into at least a first portion and a second portion such that the first portion includes a first subset of the plurality of files classified as malicious. One or more first centroids are defined in the first portion that classify files from the first subset as not malicious. A file is determined to be malicious based on whether the file is located within the one or more first centroids.

Classes IPC  ?

  • H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
  • G06K 9/62 - Méthodes ou dispositions pour la reconnaissance utilisant des moyens électroniques
  • G06T 7/60 - Analyse des attributs géométriques
  • G06N 20/00 - Apprentissage automatique
  • G06F 16/16 - Opérations sur les fichiers ou les dossiers, p.ex. détails des interfaces utilisateur spécialement adaptées aux systèmes de fichiers
  • G06N 3/04 - Architecture, p.ex. topologie d'interconnexion
  • G06N 3/08 - Méthodes d'apprentissage

59.

Shellcode detection

      
Numéro d'application 16507958
Numéro de brevet 10664597
Statut Délivré - en vigueur
Date de dépôt 2019-07-10
Date de la première publication 2019-10-31
Date d'octroi 2020-05-26
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Azarafrooz, Mahdi
  • Soeder, Derek A.

Abrégé

Identifying shellcode in a sequence of instructions by identifying a first instruction, the first instruction identifying a first bound of a sequence of instructions, identifying a second instruction, the second instruction identifying a second bound of the sequence of instructions, and generating a distribution for the sequence of instructions, bounded by the first instruction and the second instructions, the distribution indicative of whether the sequence of instructions is likely to include shellcode.

Classes IPC  ?

  • G06F 12/14 - Protection contre l'utilisation non autorisée de mémoire
  • H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
  • G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures

60.

Avoidance of malicious content in nested files

      
Numéro d'application 16448679
Numéro de brevet 11093621
Statut Délivré - en vigueur
Date de dépôt 2019-06-21
Date de la première publication 2019-10-10
Date d'octroi 2021-08-17
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Petersen, Eric
  • Soeder, Derek A.

Abrégé

A nested file having a primary file and at least one secondary file embedded therein is parsed using at least one parser of a cell. The cell assigns a maliciousness score to each of the parsed primary file and each of the parsed at least one secondary file. Thereafter, the cell generates an overall maliciousness score for the nested file that indicates a level of confidence that the nested file contains malicious content. The overall maliciousness score is provided to a data consumer indicating whether to proceed with consuming the data contained within the nested file.

Classes IPC  ?

  • H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
  • G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
  • G06N 20/00 - Apprentissage automatique
  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus

61.

Retention and accessibility of data characterizing events on an endpoint computer

      
Numéro d'application 16426997
Numéro de brevet 11204997
Statut Délivré - en vigueur
Date de dépôt 2019-05-30
Date de la première publication 2019-10-03
Date d'octroi 2021-12-21
Propriétaire Cylance, Inc. (USA)
Inventeur(s)
  • Permeh, Ryan
  • Wolff, Matthew
  • Oswald, Samuel John
  • Zhao, Xuan
  • Culley, Mark
  • Polson, Steven

Abrégé

An endpoint computer system can harvest data relating to a plurality of events occurring within an operating environment of the endpoint computer system and can add the harvested data to a local data store maintained on the endpoint computer system. A query response can be generated, for example by identifying and retrieving responsive data from the local data store. The responsive data are related to an artifact on the endpoint computer system and/or to an event of the plurality of events. In some examples, the local data store can be an audit log and/or can include one or more tamper resistant features. Systems, methods, and computer program products are described.

Classes IPC  ?

  • G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
  • G06N 20/00 - Apprentissage automatique
  • G06F 21/64 - Protection de l’intégrité des données, p.ex. par sommes de contrôle, certificats ou signatures
  • G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
  • G06N 5/04 - Modèles d’inférence ou de raisonnement
  • H04L 9/30 - Clé publique, c. à d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret

62.

Deployment of machine learning models for discernment of threats

      
Numéro d'application 16425662
Numéro de brevet 10657258
Statut Délivré - en vigueur
Date de dépôt 2019-05-29
Date de la première publication 2019-09-26
Date d'octroi 2020-05-19
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Harms, Kristopher William
  • Song, Renee
  • Rajamani, Raj
  • Rusell, Braden
  • Sohn, Yoojin
  • Ipsen, Kiefer

Abrégé

A mismatch between model-based classifications produced by a first version of a machine learning threat discernment model and a second version of a machine learning threat discernment model for a file is detected. The mismatch is analyzed to determine appropriate handling for the file, and taking an action based on the analyzing. The analyzing includes comparing a human-generated classification status for a file, a first model version status that reflects classification by the first version of the machine learning threat discernment model, and a second model version status that reflects classification by the second version of the machine learning threat discernment model. The analyzing can also include allowing the human-generated classification status to dominate when it is available.

Classes IPC  ?

  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
  • G06N 20/00 - Apprentissage automatique
  • G06F 21/51 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade du chargement de l’application, p.ex. en acceptant, en rejetant, en démarrant ou en inhibant un logiciel exécutable en fonction de l’intégrité ou de la fiabilité de la source
  • H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
  • G06F 3/048 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI]

63.

Retention and accessibility of data characterizing events on an endpoint computer

      
Numéro d'application 16425479
Numéro de brevet 11204996
Statut Délivré - en vigueur
Date de dépôt 2019-05-29
Date de la première publication 2019-09-26
Date d'octroi 2021-12-21
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Permeh, Ryan
  • Wolff, Matthew
  • Oswald, Samuel John
  • Zhao, Xuan
  • Culley, Mark
  • Polson, Steve

Abrégé

An endpoint computer system can harvest data relating to a plurality of events occurring within an operating environment of the endpoint computer system and can add the harvested data to a local data store maintained on the endpoint computer system. In some examples, the local data store can be an audit log and/or can include one or more tamper resistant features. Systems, methods, and computer program products are described.

Classes IPC  ?

  • G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
  • G06N 20/00 - Apprentissage automatique
  • G06F 21/64 - Protection de l’intégrité des données, p.ex. par sommes de contrôle, certificats ou signatures
  • G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
  • G06N 5/04 - Modèles d’inférence ou de raisonnement
  • H04L 9/30 - Clé publique, c. à d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
  • G08B 13/14 - Déclenchement mécanique par l'enlèvement ou les essais de déplacement d'articles portatifs

64.

Advanced malware classification

      
Numéro d'application 16428406
Numéro de brevet 11126719
Statut Délivré - en vigueur
Date de dépôt 2019-05-31
Date de la première publication 2019-09-19
Date d'octroi 2021-09-21
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Maisel, Matthew
  • Permeh, Ryan
  • Wolff, Matthew
  • Acevedo, Gabriel
  • Davis, Andrew
  • Brock, John
  • Strong, Homer Valentine
  • Wojnowicz, Michael
  • Beets, Kevin

Abrégé

In one respect, there is provided a system for classifying malware. The system may include a data processor and a memory. The memory may include program code that provides operations when executed by the processor. The operations may include: providing, to a display, contextual information associated with a file to at least enable a classification of the file, when a malware classifier is unable to classify the file; receiving, in response to the providing of the contextual information, the classification of the file; and updating, based at least on the received classification of the file, the malware classifier to enable the malware classifier to classify the file. Methods and articles of manufacture, including computer program products, are also provided.

Classes IPC  ?

  • H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
  • G06N 7/00 - Agencements informatiques fondés sur des modèles mathématiques spécifiques
  • G06N 20/00 - Apprentissage automatique

65.

Icon based malware detection

      
Numéro d'application 16428449
Numéro de brevet 10885401
Statut Délivré - en vigueur
Date de dépôt 2019-05-31
Date de la première publication 2019-09-19
Date d'octroi 2021-01-05
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Wolff, Matthew
  • Silva Do Nascimento Neto, Pedro
  • Zhao, Xuan
  • Brock, John
  • Luan, Jian

Abrégé

In one respect, there is provided a system for training a neural network adapted for classifying one or more scripts. The system may include at least one processor and at least one memory. The memory may include program code that provides operations when executed by the at least one memory. The operations may include: extracting, from an icon associated with a file, one or more features; assigning, based at least on the one or more features, the icon to one of a plurality of clusters; and generating, based at least on the cluster to which the icon is assigned, a classification for the file associated with the icon. Related methods and articles of manufacture, including computer program products, are also provided.

Classes IPC  ?

  • G06K 9/66 - Méthodes ou dispositions pour la reconnaissance utilisant des moyens électroniques utilisant des comparaisons ou corrélations simultanées de signaux images avec une pluralité de références, p.ex. matrice de résistances avec des références réglables par une méthode adaptative, p.ex. en s'instruisant
  • G06K 9/46 - Extraction d'éléments ou de caractéristiques de l'image
  • G06N 20/00 - Apprentissage automatique
  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
  • G06K 9/62 - Méthodes ou dispositions pour la reconnaissance utilisant des moyens électroniques
  • G06N 3/04 - Architecture, p.ex. topologie d'interconnexion
  • G06N 3/08 - Méthodes d'apprentissage

66.

Static feature extraction from structured files

      
Numéro d'application 16424261
Numéro de brevet 10838844
Statut Délivré - en vigueur
Date de dépôt 2019-05-28
Date de la première publication 2019-09-12
Date d'octroi 2020-11-17
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Soeder, Derek A.
  • Permeh, Ryan
  • Golomb, Gary
  • Wolff, Matthew

Abrégé

Data is received or accessed that includes a structured file encapsulating data required by an execution environment to manage executable code wrapped within the structured file. Thereafter, code and data regions are iteratively identified in the structured file. Such identification is analyzed so that at least one feature can be extracted from the structured file. Related apparatus, systems, techniques and articles are also described.

Classes IPC  ?

  • G06F 11/36 - Prévention d'erreurs en effectuant des tests ou par débogage de logiciel
  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
  • G06F 16/11 - Administration des systèmes de fichiers, p.ex. détails de l’archivage ou d’instantanés
  • G06F 16/188 - Systèmes de fichiers virtuels
  • G06F 40/205 - Analyse syntaxique

67.

CylanceGUARD

      
Numéro d'application 018088261
Statut Enregistrée
Date de dépôt 2019-06-27
Date d'enregistrement 2020-01-17
Propriétaire Cylance Inc. (USA)
Classes de Nice  ?
  • 37 - Services de construction; extraction minière; installation et réparation
  • 42 - Services scientifiques, technologiques et industriels, recherche et conception

Produits et services

Consulting services in the field of implementation of computer hardware for preventing unauthorized access to computers and electronics systems. Providing online non-downloadable software for use in preventing unauthorized access to computer and electronics systems; providing online non-downloadable internet security software; consulting services in the field of downloadable and non-downloadable internet security software; consulting services in the fields of the design and development of computer hardware and software for preventing unauthorized access to computers and electronics systems; consulting services in the fields of the design, development, and implementation of computer software for preventing unauthorized access to computers and electronics systems; consulting services in the field of internet security software.

68.

Machine learning model for malware dynamic analysis

      
Numéro d'application 15588131
Numéro de brevet 10685112
Statut Délivré - en vigueur
Date de dépôt 2017-05-05
Date de la première publication 2019-06-20
Date d'octroi 2020-06-16
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Zhao, Xuan
  • Kapoor, Aditya
  • Wolff, Matthew
  • Davis, Andrew
  • Soeder, Derek
  • Permeh, Ryan

Abrégé

In some implementations there may be provided a system. The system may include a processor and a memory. The memory may include program code which causes operations when executed by the processor. The operations may include analyzing a series of events contained in received data. The series of events may include events that occur during the execution of a data object. The series of events may be analyzed to at least extract, from the series of events, subsequences of events. A machine learning model may determine a classification for the received data. The machine learning model may classify the received data based at least on whether the subsequences of events are malicious. The classification indicative of whether the received data is malicious may be provided. Related methods and articles of manufacture, including computer program products, are also disclosed.

Classes IPC  ?

  • H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
  • G06N 3/08 - Méthodes d'apprentissage
  • G06N 20/00 - Apprentissage automatique
  • G06N 3/04 - Architecture, p.ex. topologie d'interconnexion
  • G06N 5/02 - Représentation de la connaissance; Représentation symbolique
  • G06N 7/00 - Agencements informatiques fondés sur des modèles mathématiques spécifiques
  • G06F 3/048 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI]
  • G06N 5/00 - Agencements informatiques utilisant des modèles fondés sur la connaissance
  • G06N 20/20 - Techniques d’ensemble en apprentissage automatique
  • G06N 20/10 - Apprentissage automatique utilisant des méthodes à noyaux, p.ex. séparateurs à vaste marge [SVM]

69.

Application execution control utilizing ensemble machine learning for discernment

      
Numéro d'application 16256807
Numéro de brevet 10817599
Statut Délivré - en vigueur
Date de dépôt 2019-01-24
Date de la première publication 2019-06-20
Date d'octroi 2020-10-27
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Permeh, Ryan
  • Soeder, Derek A.
  • Chisholm, Glenn
  • Russell, Braden
  • Golomb, Gary
  • Wolff, Matthew
  • Mcclure, Stuart

Abrégé

Described are techniques to enable computers to efficiently determine if they should run a program based on an immediate (i.e., real-time, etc.) analysis of the program. Such an approach leverages highly trained ensemble machine learning algorithms to create a real-time discernment on a combination of static and dynamic features collected from the program, the computer's current environment, and external factors. Related apparatus, systems, techniques and articles are also described.

Classes IPC  ?

  • G06F 21/51 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade du chargement de l’application, p.ex. en acceptant, en rejetant, en démarrant ou en inhibant un logiciel exécutable en fonction de l’intégrité ou de la fiabilité de la source
  • G06N 20/00 - Apprentissage automatique
  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
  • H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
  • G06F 21/52 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données

70.

Communications bus data transmission using relative ground shifting

      
Numéro d'application 16284854
Numéro de brevet 10599875
Statut Délivré - en vigueur
Date de dépôt 2019-02-25
Date de la première publication 2019-06-20
Date d'octroi 2020-03-24
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Bathurst, Donald
  • Carey, Mark

Abrégé

Methods are described herein for communications bus data transmission using relative ground shifting. A plurality of voltage lines of at least one electronic control unit (ECU) are monitored. The at least one ECU electrically coupled to a communications bus. A voltage differential across at least two of the plurality of voltage lines of the at least one ECU is measured. A pulse or data stream is injected into the communications bus via one or two voltage lines based on the measured voltage differential having an amplitude lower than a predetermined voltage threshold.

Classes IPC  ?

  • G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
  • G06F 21/81 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur en agissant sur l’alimentation, p.ex. en branchant ou en débranchant l’alimentation, les fonctions de mise en veille ou de reprise
  • H04L 12/40 - Réseaux à ligne bus
  • G06F 21/75 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par inhibition de l’analyse de circuit ou du fonctionnement, p.ex. pour empêcher l'ingénierie inverse
  • H04L 5/16 - Systèmes semi-duplex; Commutation duplex-simplex; Transmission de signaux de rupture

71.

Malware detection

      
Numéro d'application 16183624
Numéro de brevet 10635814
Statut Délivré - en vigueur
Date de dépôt 2018-11-07
Date de la première publication 2019-05-23
Date d'octroi 2020-04-28
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Davis, Andrew
  • Wolff, Matthew
  • Soeder, Derek A.
  • Chisholm, Glenn
  • Permeh, Ryan

Abrégé

In one respect, there is provided a system for training a neural network adapted for classifying one or more scripts. The system may include at least one processor and at least one memory. The memory may include program code which when executed by the at least one memory provides operations including: receiving a disassembled binary file that includes a plurality of instructions; processing the disassembled binary file with a convolutional neural network configured to detect a presence of one or more sequences of instructions amongst the plurality of instructions and determine a classification for the disassembled binary file based at least in part on the presence of the one or more sequences of instructions; and providing, as an output, the classification of the disassembled binary file. Related computer-implemented methods are also disclosed.

Classes IPC  ?

  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
  • G06N 3/08 - Méthodes d'apprentissage

72.

PASSWORD-LESS SOFTWARE SYSTEM USER AUTHENTICATION

      
Numéro d'application US2018059202
Numéro de publication 2019/094331
Statut Délivré - en vigueur
Date de dépôt 2018-11-05
Date de publication 2019-05-16
Propriétaire CYLANCE INC. (USA)
Inventeur(s)
  • Grajek, Garret, Florian
  • Lo, Jeffrey
  • Strong, Homer, Valentine
  • Dai, Wulun

Abrégé

Data is received as part of an authentication procedure to identify a user. Such data characterizes a user-generated biometric sequence that is generated by the user interacting with at least one input device according to a desired biometric sequence. Thereafter, using the received data and at least one machine learning model trained using empirically derived historical data generated by a plurality of user-generated biometric sequences (e.g., historical user-generated biometric sequences according to the desired biometric sequence, etc.), the user is authenticated if an output of the at least one machine learning model is above a threshold. Data can be provided that characterizes the authenticating. Related apparatus, systems, techniques and articles are also described.

Classes IPC  ?

  • H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
  • G06F 21/32 - Authentification de l’utilisateur par données biométriques, p.ex. empreintes digitales, balayages de l’iris ou empreintes vocales

73.

Password-less software system user authentication

      
Numéro d'application 15808533
Numéro de brevet 10680823
Statut Délivré - en vigueur
Date de dépôt 2017-11-09
Date de la première publication 2019-05-09
Date d'octroi 2020-06-09
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Grajek, Garret Florian
  • Lo, Jeffrey
  • Strong, Homer Valentine
  • Dai, Wulun

Abrégé

Data is received as part of an authentication procedure to identify a user. Such data characterizes a user-generated biometric sequence that is generated by the user interacting with at least one input device according to a desired biometric sequence. Thereafter, using the received data and at least one machine learning model trained using empirically derived historical data generated by a plurality of user-generated biometric sequences (e.g., historical user-generated biometric sequences according to the desired biometric sequence, etc.), the user is authenticated if an output of the at least one machine learning model is above a threshold. Data can be provided that characterizes the authenticating. Related apparatus, systems, techniques and articles are also described.

Classes IPC  ?

  • G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
  • H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
  • G06N 5/02 - Représentation de la connaissance; Représentation symbolique
  • G06F 21/40 - Authentification de l’utilisateur sous réserve d’un quorum, c. à d. avec l’intervention nécessaire d’au moins deux responsables de la sécurité
  • G06K 9/62 - Méthodes ou dispositions pour la reconnaissance utilisant des moyens électroniques
  • G06F 21/32 - Authentification de l’utilisateur par données biométriques, p.ex. empreintes digitales, balayages de l’iris ou empreintes vocales
  • H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
  • G06F 21/36 - Authentification de l’utilisateur par représentation graphique ou iconique
  • H04W 12/00 - Dispositions de sécurité; Authentification; Protection de la confidentialité ou de l'anonymat

74.

Dimensionality reduction of computer programs

      
Numéro d'application 16095314
Numéro de brevet 11106790
Statut Délivré - en vigueur
Date de dépôt 2017-04-21
Date de la première publication 2019-05-09
Date d'octroi 2021-08-31
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Wojnowicz, Michael
  • Nguyen, Dinh Huu
  • Davis, Andrew
  • Chisholm, Glenn
  • Wolff, Matthew

Abrégé

In one aspect, a computer-implemented method is disclosed. The computer-implemented method may include determining a sketch matrix that approximates a matrix representative of a reference dataset. The reference dataset may include at least one computer program having a predetermined classification. A reduced dimension representation of the reference dataset may be generated based at least on the sketch matrix. The reduced dimension representation may have a fewer quantity of features than the reference dataset. A target computer program may be classified based on the reduced dimension representation. The target computer program may be classified to determine whether the target computer program is malicious. Related systems and articles of manufacture, including computer program products, are also disclosed.

Classes IPC  ?

  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
  • G06N 20/10 - Apprentissage automatique utilisant des méthodes à noyaux, p.ex. séparateurs à vaste marge [SVM]
  • G06F 17/16 - Calcul de matrice ou de vecteur
  • G06F 21/51 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade du chargement de l’application, p.ex. en acceptant, en rejetant, en démarrant ou en inhibant un logiciel exécutable en fonction de l’intégrité ou de la fiabilité de la source
  • G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
  • G06K 9/62 - Méthodes ou dispositions pour la reconnaissance utilisant des moyens électroniques

75.

Macro-script execution control

      
Numéro d'application 16204688
Numéro de brevet 10649877
Statut Délivré - en vigueur
Date de dépôt 2018-11-29
Date de la première publication 2019-03-28
Date d'octroi 2020-05-12
Propriétaire Cylance Inc. (USA)
Inventeur(s) Soeder, Derek A.

Abrégé

An agent inserts one or more hooks into a sub-execution runtime environment that is configured to include a script and/or targeted to include the script. The agent including the one or more hooks monitors a behavior of the sub-execution runtime environment and/or the script. The agent subsequently obtains context information regarding the sub-execution runtime environment and/or the script so that it can control the runtime of at least the sub-execution runtime environment. Related systems, methods, and articles of manufacture are also disclosed.

Classes IPC  ?

  • G06F 11/34 - Enregistrement ou évaluation statistique de l'activité du calculateur, p.ex. des interruptions ou des opérations d'entrée–sortie
  • G06F 21/54 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
  • G06F 9/448 - Paradigmes d’exécution, p.ex. implémentation de paradigmes de programmation
  • G06F 9/46 - Dispositions pour la multiprogrammation
  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus

76.

CYLANCEGUARD

      
Numéro de série 88248032
Statut Enregistrée
Date de dépôt 2019-01-03
Date d'enregistrement 2020-04-21
Propriétaire Cylance Inc. ()
Classes de Nice  ? 42 - Services scientifiques, technologiques et industriels, recherche et conception

Produits et services

providing online non-downloadable software for use in preventing unauthorized access to computer and electronics systems; providing online non-downloadable internet security software; consulting services in the field of downloadable and non-downloadable Internet security software; consulting services in the fields of the design, development, and implementation of computer hardware and software for preventing unauthorized access to computers and electronics systems; consulting services in the field of internet security software

77.

COMMUNICATIONS BUS DATA TRANSMISSION USING RELATIVE GROUND SHIFTING

      
Numéro d'application US2018019706
Numéro de publication 2018/208359
Statut Délivré - en vigueur
Date de dépôt 2018-02-26
Date de publication 2018-11-15
Propriétaire CYLANCE INC. (USA)
Inventeur(s)
  • Bathurst, Donald
  • Carey, Mark

Abrégé

Methods are described herein for communications bus data transmission using relative ground shifting. A plurality of voltage lines of at least one electronic control unit (ECU) are monitored. The at least one ECU electrically coupled to a communications bus. A voltage differential across at least two of the plurality of voltage lines of the at least one ECU is measured. A pulse or data stream is injected into the communications bus via one or two voltage lines based on the measured voltage differential having an amplitude lower than a predetermined voltage threshold.

Classes IPC  ?

  • G06F 13/40 - Structure du bus
  • G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée

78.

Endpoint detection and response system with endpoint-based artifact storage

      
Numéro d'application 15961659
Numéro de brevet 10819714
Statut Délivré - en vigueur
Date de dépôt 2018-04-24
Date de la première publication 2018-11-01
Date d'octroi 2020-10-27
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Strong, Homer Valentine
  • Permeh, Ryan
  • Oswald, Samuel John

Abrégé

Each of a plurality of endpoint computer systems monitors data relating to a plurality of events occurring within an operating environment of the corresponding endpoint computer system. The monitoring can include receiving and/or inferring the data using one or more sensors executing on the endpoint computer systems Thereafter, for each endpoint computer system, artifacts used in connection with the events are stored in a vault maintained on such endpoint computer system. A query is later received by at least a subset of the plurality of endpoint computer systems from a server. Such endpoint computer systems, in response, identify and retrieve artifacts within the corresponding vaults response to the query. Results responsive to the query including or characterizing the identified artifacts is then provided by the endpoint computer systems receiving the query to the server.

Classes IPC  ?

  • H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
  • G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
  • H04L 12/26 - Dispositions de surveillance; Dispositions de test
  • G06N 5/04 - Modèles d’inférence ou de raisonnement
  • G06N 20/00 - Apprentissage automatique
  • G06F 16/28 - Bases de données caractérisées par leurs modèles, p.ex. des modèles relationnels ou objet
  • G06F 21/31 - Authentification de l’utilisateur

79.

Endpoint detection and response system event characterization data transfer

      
Numéro d'application 15961685
Numéro de brevet 10944761
Statut Délivré - en vigueur
Date de dépôt 2018-04-24
Date de la première publication 2018-11-01
Date d'octroi 2021-03-09
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Strong, Homer Valentine
  • Permeh, Ryan
  • Oswald, Samuel John

Abrégé

An endpoint computer system monitors data relating to a plurality of events occurring within an operating environment of the endpoint computer system. The monitoring can include receiving and/or inferring the data using one or more sensors executing on the endpoint computer system. The endpoint computer system can store artifacts used in connection with the plurality of events in a vault maintained on such endpoint computer system. The endpoint computer system, in response to a trigger, identifies and retrieves metadata characterizing artifacts associated with the trigger from the vault. Such identified and retrieved metadata is then provided by the endpoint computer system to a remote server.

Classes IPC  ?

  • H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
  • G06N 5/04 - Modèles d’inférence ou de raisonnement
  • G06N 99/00 - Matière non prévue dans les autres groupes de la présente sous-classe
  • G06N 20/00 - Apprentissage automatique
  • G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
  • H04L 12/26 - Dispositions de surveillance; Dispositions de test
  • G06F 16/28 - Bases de données caractérisées par leurs modèles, p.ex. des modèles relationnels ou objet
  • G06F 21/31 - Authentification de l’utilisateur

80.

ENDPOINT DETECTION AND RESPONSE SYSTEM WITH ENDPOINT-BASED ARTIFACT STORAGE

      
Numéro d'application US2018029041
Numéro de publication 2018/200451
Statut Délivré - en vigueur
Date de dépôt 2018-04-24
Date de publication 2018-11-01
Propriétaire CYLANCE INC. (USA)
Inventeur(s)
  • Strong, Homer, Valentine
  • Permeh, Ryan
  • Oswald, Samuel, John

Abrégé

Each of a plurality of endpoint computer systems monitors data relating to a plurality of events occurring within an operating environment of the corresponding endpoint computer system. The monitoring can include receiving and/or inferring the data using one or more sensors executing on the endpoint computer systems Thereafter, for each endpoint computer system, artifacts used in connection with the events are stored in a vault maintained on such endpoint computer system. A query is later received by at least a subset of the plurality of endpoint computer systems from a server. Such endpoint computer systems, in response, identify and retrieve artifacts within the corresponding vaults response to the query. Results responsive to the query including or characterizing the identified artifacts is then provided by the endpoint computer systems receiving the query to the server.

Classes IPC  ?

  • G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures

81.

ENDPOINT DETECTION AND RESPONSE SYSTEM EVENT CHARACTERIZATION DATA TRANSFER

      
Numéro d'application US2018029051
Numéro de publication 2018/200458
Statut Délivré - en vigueur
Date de dépôt 2018-04-24
Date de publication 2018-11-01
Propriétaire CYLANCE INC. (USA)
Inventeur(s)
  • Strong, Homer, Valentine
  • Permeh, Ryan
  • Oswald, Samuel, John

Abrégé

An endpoint computer system monitors data relating to a plurality of events occurring within an operating environment of the endpoint computer system. The monitoring can include receiving and/or inferring the data using one or more sensors executing on the endpoint computer system. The endpoint computer system can store artifacts used in connection with the plurality of events in a vault maintained on such endpoint computer system. The endpoint computer system, in response to a trigger, identifies and retrieves metadata characterizing artifacts associated with the trigger from the vault. Such identified and retrieved metadata is then provided by the endpoint computer system to a remote server.

Classes IPC  ?

  • G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures

82.

Protecting devices from malicious files based on n-gram processing of sequential data

      
Numéro d'application 15490797
Numéro de brevet 10754948
Statut Délivré - en vigueur
Date de dépôt 2017-04-18
Date de la première publication 2018-10-18
Date d'octroi 2020-08-25
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Li, Li
  • Zhao, Xuan
  • Akhavan-Masouleh, Sepehr
  • Brock, John Hendershott
  • Oliinyk, Yaroslav
  • Wolff, Matthew

Abrégé

Under one aspect, a method is provided for protecting a device from a malicious file. The method can be implemented by one or more data processors forming part of at least one computing device and can include extracting from the file, by at least one data processor, sequential data comprising discrete tokens. The method also can include generating, by at least one data processor, n-grams of the discrete tokens. The method also can include generating, by at least one data processor, a vector of weights based on respective frequencies of the n-grams. The method also can include determining, by at least one data processor and based on a statistical analysis of the vector of weights, that the file is likely to be malicious. The method also can include initiating, by at least one data processor and responsive to determining that the file is likely to be malicious, a corrective action.

Classes IPC  ?

  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
  • G06N 20/00 - Apprentissage automatique

83.

Electronic control unit protection framework using security zones

      
Numéro d'application 15462565
Numéro de brevet 10462155
Statut Délivré - en vigueur
Date de dépôt 2017-03-17
Date de la première publication 2018-09-20
Date d'octroi 2019-10-29
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Bathurst, Donald
  • Carey, Mark

Abrégé

Systems are provided herein for a hardware protection framework. A security module monitors a plurality of voltage lines of at least one electronic control unit (ECU) electrically coupled to a communications bus. A voltage differential across at least two of the plurality of voltage lines of the at least one ECU is measured. The voltage differential is compared to a plurality of predetermined signal fingerprints associated with the at least one ECU. A variance in the compared voltage differential is identified relative to one or more of the plurality of predetermined signal fingerprints. Data characterizing the identified variance is provided. In some aspects, a pulse or a data stream is injected based on the voltage differential having an amplitude lower than a predetermined voltage threshold.

Classes IPC  ?

  • H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
  • G06F 11/00 - Détection d'erreurs; Correction d'erreurs; Contrôle de fonctionnement

84.

Communications bus signal fingerprinting

      
Numéro d'application 15462591
Numéro de brevet 10757113
Statut Délivré - en vigueur
Date de dépôt 2017-03-17
Date de la première publication 2018-09-20
Date d'octroi 2020-08-25
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Bathurst, Donald
  • Carey, Mark

Abrégé

Methods are provided herein for communications bus signal fingerprinting. A security module monitors a plurality of voltage lines of at least one electronic control unit (ECU) electrically coupled to a communications bus. A voltage differential across at least two of the plurality of voltage lines of the at least one ECU is measured. The voltage differential is compared to a plurality of predetermined signal fingerprints associated with the at least one ECU. A variance in the compared voltage differential is identified relative to one or more of the plurality of predetermined signal fingerprints. Data characterizing the identified variance is provided.

Classes IPC  ?

  • H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole

85.

Communications bus data transmission using relative ground shifting

      
Numéro d'application 15462611
Numéro de brevet 10275615
Statut Délivré - en vigueur
Date de dépôt 2017-03-17
Date de la première publication 2018-09-20
Date d'octroi 2019-04-30
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Bathurst, Donald
  • Carey, Mark

Abrégé

Methods are described herein for communications bus data transmission using relative ground shifting. A plurality of voltage lines of at least one electronic control unit (ECU) are monitored. The at least one ECU electrically coupled to a communications bus. A voltage differential across at least two of the plurality of voltage lines of the at least one ECU is measured. A pulse or data stream is injected into the communications bus via one or two voltage lines based on the measured voltage differential having an amplitude lower than a predetermined voltage threshold.

Classes IPC  ?

  • G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
  • G06F 21/81 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur en agissant sur l’alimentation, p.ex. en branchant ou en débranchant l’alimentation, les fonctions de mise en veille ou de reprise
  • H04L 12/40 - Réseaux à ligne bus
  • G06F 21/75 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par inhibition de l’analyse de circuit ou du fonctionnement, p.ex. pour empêcher l'ingénierie inverse
  • H04L 5/16 - Systèmes semi-duplex; Commutation duplex-simplex; Transmission de signaux de rupture

86.

ELECTRONIC CONTROL UNIT PROTECTION FRAMEWORK USING SECURITY ZONES

      
Numéro d'application US2018019692
Numéro de publication 2018/169666
Statut Délivré - en vigueur
Date de dépôt 2018-02-26
Date de publication 2018-09-20
Propriétaire CYLANCE INC. (USA)
Inventeur(s)
  • Bathurst, Donald
  • Carey, Mark

Abrégé

Systems are provided herein for a hardware protection framework. A security module monitors a plurality of voltage lines of at least one electronic control unit (ECU) electrically coupled to a communications bus. A voltage differential across at least two of the plurality of voltage lines of the at least one ECU is measured. The voltage differential is compared to a plurality of predetermined signal fingerprints associated with the at least one ECU. A variance in the compared voltage differential is identified relative to one or more of the plurality of predetermined signal fingerprints. Data characterizing the identified variance is provided. In some aspects, a pulse or a data stream is injected based on the voltage differential having an amplitude lower than a predetermined voltage threshold.

Classes IPC  ?

  • H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
  • H04W 12/08 - Sécurité d'accès

87.

COMMUNICATIONS BUS SIGNAL FINGERPRINTING

      
Numéro d'application US2018019699
Numéro de publication 2018/169667
Statut Délivré - en vigueur
Date de dépôt 2018-02-26
Date de publication 2018-09-20
Propriétaire CYLANCE INC. (USA)
Inventeur(s)
  • Bathurst, Donald
  • Carey, Mark

Abrégé

Methods are provided herein for communications bus signal fingerprinting. A security module monitors a plurality of voltage lines of at least one electronic control unit (ECU) electrically coupled to a communications bus. A voltage differential across at least two of the plurality of voltage lines of the at least one ECU is measured. The voltage differential is compared to a plurality of predetermined signal fingerprints associated with the at least one ECU. A variance in the compared voltage differential is identified relative to one or more of the plurality of predetermined signal fingerprints. Data characterizing the identified variance is provided.

Classes IPC  ?

  • G06F 21/85 - Protection des dispositifs de saisie, d’affichage de données ou d’interconnexion dispositifs d’interconnexion, p.ex. les dispositifs connectés à un bus ou les dispositifs en ligne

88.

Redaction of artificial intelligence training documents

      
Numéro d'application 15452623
Numéro de brevet 11436520
Statut Délivré - en vigueur
Date de dépôt 2017-03-07
Date de la première publication 2018-09-13
Date d'octroi 2022-09-06
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Beveridge, David Neill
  • Oliinyk, Yaroslav
  • Liebson, David Michael

Abrégé

Systems and methods are provided herein for redaction of artificial intelligence (AI) training documents. Data comprising an unredacted document is received. The unredacted document comprises a plurality of objects arranged according to a first topology. The unredacted document is parsed to identify objects either directly or relationally containing user sensitive information using a predetermined rule set based on the first topology. The user sensitive information within the unredacted document is substituted with placeholder information to generate a redacted document having a second topology. The second topology is substantially identical to the first topology. In some variations, the redacted document is provided to an AI model for training.

Classes IPC  ?

  • G06N 20/00 - Apprentissage automatique
  • G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès

89.

CYLANCEIDENTITY

      
Numéro d'application 017940988
Statut Enregistrée
Date de dépôt 2018-08-10
Date d'enregistrement 2018-12-20
Propriétaire Cylance Inc. (USA)
Classes de Nice  ?
  • 09 - Appareils et instruments scientifiques et électriques
  • 42 - Services scientifiques, technologiques et industriels, recherche et conception

Produits et services

Internet security software; software for identifying and authenticating users; downloadable software for use in preventing unauthorized access to computers and electronics systems. Providing temporary use of non-downloadable internet security software; providing temporary use of non-downloadable software for identifying and authenticating users; providing temporary use of non-downloadable software for preventing unauthorized access to computers and electronics systems.

90.

Dictionary based deduplication of training set samples for machine learning based computer threat analysis

      
Numéro d'application 15873673
Numéro de brevet 11373065
Statut Délivré - en vigueur
Date de dépôt 2018-01-17
Date de la première publication 2018-07-26
Date d'octroi 2022-06-28
Propriétaire Cylance Inc. (USA)
Inventeur(s) Davis, Andrew

Abrégé

Presence of malicious code can be identified in one or more data samples. A feature set extracted from a sample is vectorized to generate a sparse vector. A reduced dimension vector representing the sparse vector can be generated. A binary representation vector of reduced dimension vector can be created by converting each value of a plurality of values in the reduced dimension vector to a binary representation. The binary representation vector can be added as a new element in a dictionary structure if the binary representation is not equal to an existing element in the dictionary structure. A training set for use in training a machine learning model can be created to include one vector whose binary representation corresponds to each of a plurality of elements in the dictionary structure.

Classes IPC  ?

  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
  • G06N 20/00 - Apprentissage automatique
  • G06N 3/08 - Méthodes d'apprentissage
  • G06K 9/62 - Méthodes ou dispositions pour la reconnaissance utilisant des moyens électroniques
  • G06N 20/10 - Apprentissage automatique utilisant des méthodes à noyaux, p.ex. séparateurs à vaste marge [SVM]
  • G06N 20/20 - Techniques d’ensemble en apprentissage automatique
  • G06V 10/40 - Extraction de caractéristiques d’images ou de vidéos

91.

Detection of malware using feature hashing

      
Numéro d'application 15873746
Numéro de brevet 10621349
Statut Délivré - en vigueur
Date de dépôt 2018-01-17
Date de la première publication 2018-07-26
Date d'octroi 2020-04-14
Propriétaire Cylance Inc. (USA)
Inventeur(s) Davis, Andrew

Abrégé

Data is analyzed using feature hashing to detect malware. A plurality of features in a feature set is hashed. The feature set is generated from a sample. The sample includes at least a portion of a file. Based on the hashing, one or more hashed features are indexed to generate an index vector. Each hashed feature corresponds to an index in the index vector. Using the index vector, a training dataset is generated. Using the training dataset, a machine learning model for identifying at least one file having a malicious code is trained.

Classes IPC  ?

  • H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
  • G06N 5/02 - Représentation de la connaissance; Représentation symbolique
  • G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
  • G06N 20/00 - Apprentissage automatique

92.

ADVANCED MALWARE CLASSIFICATION

      
Numéro d'application US2018014507
Numéro de publication 2018/136788
Statut Délivré - en vigueur
Date de dépôt 2018-01-19
Date de publication 2018-07-26
Propriétaire CYLANCE INC. (USA)
Inventeur(s)
  • Maisel, Matthew
  • Permeh, Ryan
  • Wolff, Matthew
  • Acevedo, Gabriel
  • Davis, Andrew
  • Brock, John
  • Strong, Homer
  • Wojnowicz, Michael
  • Beets, Kevin

Abrégé

Contextual information associated with a file is provided to at least enable a classification of the file when a malware classifier is unable to classify the file. In response to the providing of the contextual information, the classification of the file is received. Based at least on the received classification of the file, the malware classifier is updated to enable the malware classifier to classify the file.

Classes IPC  ?

  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus

93.

Advanced malware classification

      
Numéro d'application 15410599
Numéro de brevet 10360380
Statut Délivré - en vigueur
Date de dépôt 2017-01-19
Date de la première publication 2018-07-19
Date d'octroi 2019-07-23
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Maisel, Matthew
  • Permeh, Ryan
  • Wolff, Matthew
  • Acevedo, Gabriel
  • Davis, Andrew
  • Brock, John
  • Strong, Homer
  • Wojnowicz, Michael
  • Beets, Kevin

Abrégé

In one respect, there is provided a system for classifying malware. The system may include a data processor and a memory. The memory may include program code that provides operations when executed by the processor. The operations may include: providing, to a display, contextual information associated with a file to at least enable a classification of the file, when a malware classifier is unable to classify the file; receiving, in response to the providing of the contextual information, the classification of the file; and updating, based at least on the received classification of the file, the malware classifier to enable the malware classifier to classify the file. Methods and articles of manufacture, including computer program products, are also provided.

Classes IPC  ?

  • H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
  • G06N 7/00 - Agencements informatiques fondés sur des modèles mathématiques spécifiques
  • G06N 20/00 - Apprentissage automatique

94.

ENDPOINT DETECTION AND RESPONSE UTILIZING MACHINE LEARNING

      
Numéro d'application US2018013093
Numéro de publication 2018/132425
Statut Délivré - en vigueur
Date de dépôt 2018-01-10
Date de publication 2018-07-19
Propriétaire CYLANCE INC. (USA)
Inventeur(s)
  • Kashyap, Rahul, Chander
  • Kotov, Vadim, Dmitriyevich
  • Oswald, Samuel, John
  • Strong, Homer, Valentine

Abrégé

A plurality of events associated with each of a plurality of computing nodes that form part of a network topology are monitored. The network topology includes antivirus tools to detect malicious software prior to it accessing one of the computing nodes. Thereafter, it is determined that, using at least one machine learning model, at least one of the events is indicative of malicious activity that has circumvented or bypassed the antivirus tools. Data is then provided that characterizes the determination. Related apparatus, systems, techniques and articles are also described.

Classes IPC  ?

  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
  • H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole

95.

Endpoint detection and response utilizing machine learning

      
Numéro d'application 15862067
Numéro de brevet 10699012
Statut Délivré - en vigueur
Date de dépôt 2018-01-04
Date de la première publication 2018-07-12
Date d'octroi 2020-06-30
Propriétaire Cylance Inc. (USA)
Inventeur(s)
  • Kashyap, Rahul Chander
  • Kotov, Vadim Dmitriyevich
  • Oswald, Samuel John
  • Strong, Homer Valentine

Abrégé

A plurality of events associated with each of a plurality of computing nodes that form part of a network topology are monitored. The network topology includes antivirus tools to detect malicious software prior to it accessing one of the computing nodes. Thereafter, it is determined that, using at least one machine learning model, at least one of the events is indicative of malicious activity that has circumvented or bypassed the antivirus tools. Data is then provided that characterizes the determination. Related apparatus, systems, techniques and articles are also described.

Classes IPC  ?

  • G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
  • G06N 20/00 - Apprentissage automatique
  • H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
  • G06F 21/53 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par exécution dans un environnement restreint, p.ex. "boîte à sable" ou machine virtuelle sécurisée
  • G06N 3/00 - Agencements informatiques fondés sur des modèles biologiques

96.

CYLANCEHYBRID

      
Numéro de série 88017088
Statut Enregistrée
Date de dépôt 2018-06-27
Date d'enregistrement 2019-08-13
Propriétaire Cylance Inc. ()
Classes de Nice  ?
  • 09 - Appareils et instruments scientifiques et électriques
  • 42 - Services scientifiques, technologiques et industriels, recherche et conception

Produits et services

Internet security software; software for preventing unauthorized access to computers and electronics systems; software for facilitating communications between a cloud and a local computing infrastructure providing online non-downloadable Internet security software; providing online non-downloadable software for preventing unauthorized access to computers and electronics systems; providing online non-downloadable software for facilitating communications between a cloud and a local computing infrastructure

97.

CYLANCEON-PREM

      
Numéro de série 88017100
Statut Enregistrée
Date de dépôt 2018-06-27
Date d'enregistrement 2019-08-13
Propriétaire Cylance Inc. ()
Classes de Nice  ?
  • 09 - Appareils et instruments scientifiques et électriques
  • 42 - Services scientifiques, technologiques et industriels, recherche et conception

Produits et services

Internet security software; software for preventing unauthorized access to computers and electronics systems; software for updating and managing software agents on endpoints providing online non-downloadable Internet security software; providing online non-downloadable software for preventing unauthorized access to computers and electronics systems; providing online non-downloadable software for updating and managing software agents on endpoints

98.

Miscellaneous Design

      
Numéro de série 88000779
Statut Enregistrée
Date de dépôt 2018-06-14
Date d'enregistrement 2019-08-13
Propriétaire Cylance Inc. ()
Classes de Nice  ? 42 - Services scientifiques, technologiques et industriels, recherche et conception

Produits et services

consulting services in the field of downloadable and non-downloadable Internet security software; consulting services in the fields of the design, development, and implementation of computer hardware and software for preventing unauthorized access to computers and electronics systems; consulting services in the field of internet security software

99.

Miscellaneous Design

      
Numéro de série 88000796
Statut Enregistrée
Date de dépôt 2018-06-14
Date d'enregistrement 2020-02-25
Propriétaire Cylance Inc. ()
Classes de Nice  ? 09 - Appareils et instruments scientifiques et électriques

Produits et services

downloadable software accessible via a web interface for preventing unauthorized access to computers and electronics systems; downloadable internet security software

100.

CYLANCE SMART ANTIVIRUS

      
Numéro de série 87954326
Statut Enregistrée
Date de dépôt 2018-06-08
Date d'enregistrement 2020-02-25
Propriétaire Cylance Inc. ()
Classes de Nice  ? 09 - Appareils et instruments scientifiques et électriques

Produits et services

Downloadable software accessible via a web interface for preventing unauthorized access to computers and electronics systems; downloadable internet security software
  1     2     3        Prochaine page