公开(公告)号：US11615056B2

公开(公告)日：2023-03-28

申请号：US16586400

申请日：2019-09-27

Applicant: Avast Software s.r.o.

Inventor： Pavel Cimbál

IPC: G06F16/174 ,  G06F21/56

Abstract: A method of compressing a string array comprising strings with similarity includes selecting a string compression method from among a plurality of available compression methods based on at least which of the available compression method yields the shortest compressed string. The string is then compressed using the selected string compression method. The array of strings to be compressed comprises text characters represented by a first range of values within a word, and compressed string comprises one or more words in a second range of values dedicated to compression and not overlapping with the first range of values. This process is repeated for additional strings in the string array, such that the compression method used for each of a plurality of strings is independently selected.

公开(公告)号：US11586962B2

公开(公告)日：2023-02-21

申请号：US16725906

申请日：2019-12-23

Applicant: Avast Software s.r.o.

Inventor： Galina Alperovich ,  Dmitry Kuznetsov ,  Rajarshi Gupta

IPC: G06N7/00 ,  G06N5/02 ,  G06N20/00

Abstract: Systems and methods for device type classification system include a rules engine and a machine learning engine. The machine learning engine can be trained using device type data from multiple networks. The machine learning engine and the rules engine can receive data for devices on a network at a first point in time. The data can be submitted to a rules engine and the machine learning engine, which each produce device type probabilities for devices on the network. The device type probabilities from the rules engine and the machine learning engine can be processed to determine device types for one or more devices on the network. As more data becomes available at later points in time, the additional data can be provided to the rules engine and the machine learning engine to update the device type determinations for the network.

公开(公告)号：US11586881B2

公开(公告)日：2023-02-21

申请号：US16799738

申请日：2020-02-24

Applicant: Avast Software s.r.o.

Inventor： Petr Gronát ,  Petr Kaderábek ,  Jakub Sanojca

IPC: H04L9/40 ,  G06N3/049 ,  G06N3/08 ,  G06K9/62

Abstract: A method of generating receiving a valid domain name comprises evaluating a received valid domain name in a neural network trained to generate similar domain names, and providing an output comprising at least one domain name similar to the received valid domain name generated by the neural network. In a further example, a recurrent neural network is trained using valid domain names and observed malicious similar domain names and/or linguistic rules. In another example, the output of the recurrent neural network further comprises a similarity score reflecting a degree of similarity between the valid domain name and the similar domain name, such that the similarity score can be used to generate a ranked list of domain names similar to the valid domain name.

公开(公告)号：US20230007324A1

公开(公告)日：2023-01-05

申请号：US17940066

申请日：2022-09-08

Applicant: Avast Software s.r.o.

Inventor： Bretislav Sopík

IPC: H04N21/24 ,  H04N21/258 ,  H04L65/612

Abstract: A method of providing a content feed. The method includes monitoring a plurality of user content streams of a plurality of users on a plurality of computing devices, the plurality of user content streams including a plurality of content instances accessible via a network. A plurality of archetypes are generated based on the plurality of user content streams. A selection of a particular archetype of the plurality of archetypes from a particular user is received on a particular computing device. A particular content stream is determined based on the particular archetype, and the particular content stream is delivered to the particular user via the particular computing device.

公开(公告)号：US11546365B2

公开(公告)日：2023-01-03

申请号：US16256418

申请日：2019-01-24

Applicant: Avast Software s.r.o.

Inventor： Alain G. Sauve ,  Syed Kamran Bilgrami

IPC: H04L9/40 ,  H04L41/22 ,  H04L43/50 ,  H04L41/046

Abstract: A network security assessment engine can assess security on a remote computer network. Agent programs on computing devices on the remote network can execute security tests. The network security assessment engine receives security test results produced by the security tests. The network security assessment engine can determine security test scores based, at least in part, on the security test results. The network security assessment engine can determine an overall network security score based, at least in part, on the security test scores and present the overall network security score. As an example, a network services provider can utilize the network security assessment engine to provide an adaptive, expressive scoring mechanism, allowing the network services provided to more efficiently digest, assess, and report network anomalies within a multitenant context.

公开(公告)号：US20220342985A1

公开(公告)日：2022-10-27

申请号：US17238854

申请日：2021-04-23

Applicant: Avast Software s.r.o.

Inventor： Galina Alperovich ,  Otakar Jasek

IPC: G06F21/55 ,  G06F21/62

Abstract: Anomalous or unexpected system permissions in applications in a computing environment are identified by generating a statistical model at least in part from application permissions granted across a plurality of application types. One or more of the application permissions granted across a plurality of application types are identified as potentially unexpected dangerous permissions. The statistical model is used to determine whether a target application has at least one potentially dangerous permission that is not statistically likely for a target application type of the target application.

公开(公告)号：US20220337488A1

公开(公告)日：2022-10-20

申请号：US17231802

申请日：2021-04-15

Applicant: Avast Software s.r.o.

Inventor： Michal Najman ,  Dmitry Kuznetsov

IPC: H04L12/24 ,  G06N5/02 ,  G06N20/00 ,  G06N5/04 ,  H04L29/06

Abstract: A method of identifying network devices includes transforming a first data set of feature-rich device characteristics of devices with known device identities to a second data set comprising feature-poor device characteristics with the known device identities. A third data set of feature-poor device characteristics of devices with known identities is collected. A statistical model is derived comprising one or more adjustments to the transformed data set, the statistical model reflecting a difference in statistical distribution between one or more characteristics of the second data set of transformed device characteristics and one or more corresponding and/or related characteristics of the third data set of feature-poor device characteristics. A device identification module is trained based on the second data set of feature-poor characteristics and the statistical model adjustments, the trained device identification module operable to use feature-poor device characteristics to identify network devices.

公开(公告)号：US11436331B2

公开(公告)日：2022-09-06

申请号：US16745230

申请日：2020-01-16

Applicant: Avast Software s.r.o.

Inventor： Peter Kovác ,  Jan Piskácek

IPC: G06F21/00 ,  G06F21/56 ,  H04L9/40

Abstract: A method of generating a similarity hash for an executable includes extracting a plurality of characteristics for one or more classes in the executable, and transforming the plurality of characteristics into a set of one or more class fingerprint strings corresponding to the one or more classes. The set of class fingerprint strings is transformed into a hash string using minwise hashing, such that a difference between hash strings for different executables is representative of the degree of difference between the executables. The hash of a target executable is compared with hashes of known malicious executables to determine whether the target executable is likely malicious.

公开(公告)号：US11368465B2

公开(公告)日：2022-06-21

申请号：US16796802

申请日：2020-02-20

Applicant: Avast Software s.r.o.

Inventor： Karel Fuka ,  Matús Baniar

IPC: G06F7/04 ,  H04L9/40 ,  H04L67/1097 ,  H04L9/06

Abstract: Systems and methods provide an entity identifier (EID) for use in distributed systems, where the entity identifier includes inherent privacy features and where an estimate of the distinct count of the entity identifiers in a distributed system can be determined. A unique identifier (e.g., a GUID) for an entity is received. A hash value can be generated for the unique identifier using a hash function that is not guaranteed to generate unique values. An EID is created using a portion of the bits of the hash value and stored in a database. An estimated distinct count of entities based on a count of EIDs in the database can be determined based on the count of EIDs in the database and the size of the EID space.

公开(公告)号：US11316880B2

公开(公告)日：2022-04-26

申请号：US16571945

申请日：2019-09-16

Applicant: Avast Software s.r.o.

Inventor： Deepali Garg ,  Armin Wasicek

IPC: H04L29/06

Abstract: A method of identifying cryptocurrency mining on a networked computerized device includes intercepting network traffic between the networked computerized device and a public network, and extracting Internet Protocol (IP) packet data of the intercepted network traffic. The IP packet data of the intercepted network traffic is evaluated such that if the intercepted network traffic is determined to be characteristic of communication with a cryptocurrency mining pool it is determined that the networked computerized device is mining cryptocurrency. One or more remedial actions are taken if it is determined that the networked computerized device is mining cryptocurrency, such as blocking traffic between the networked computerized device and the mining pool or notifying a user.