公开(公告)号：US20240362338A1

公开(公告)日：2024-10-31

申请号：US18309249

申请日：2023-04-28

申请人： Dell Products L.P.

发明人： OFIR EZRIELEV ,  TOMER KUSHNIR ,  MAXIM BALIN

IPC分类号： G06F21/57 ,  G06F21/55 ,  H04L9/40

CPC分类号： G06F21/577 ,  G06F21/554 ,  H04L63/1416

摘要： Methods and systems for monitoring security of data processing systems throughout a distributed environment are disclosed. To monitor security of data processing systems, a system may include a security manager and one or more data processing systems. The security manager may host a digital twin of each data processing system to simulate operations performed by the corresponding data processing system. The security manager may compare operations performed by a data processing system to operations performed by a digital twin of the data processing system. Differences in the operations performed by the data processing system and the digital twin may indicate the presence of adversarial interference with the data processing system. Data processing systems found to be performing unexpected operations may be subject to further analysis and, if needed, remedial action.

公开(公告)号：US12130920B2

公开(公告)日：2024-10-29

申请号：US18374188

申请日：2023-09-28

申请人： Shape Security, Inc.

发明人： Tim Disney ,  Madhukar Kedlaya ,  Claire Schlenker ,  Nitish Khadke

IPC分类号： G06F21/56 ,  G06F21/55 ,  H04L67/02

CPC分类号： G06F21/563 ,  G06F21/554 ,  G06F21/568 ,  H04L67/02

摘要： Techniques are provided for detecting a malicious script in a web page. Instrumentation code is provided for serving to a client computing device with a web page. The instrumentation code is configured to monitor web code execution at the client computing device when a script referenced by the web page is processed. Script activity data generated by the instrumentation code is received. The script activity data describes one or more script actions detected by the instrumentation code at the client computing device. Prior script activity data generated by a prior instance of the instrumentation code is obtained. A malicious change in the script is detected based on comparing the script activity data and the prior script activity data. In response to detecting the malicious change in the script, a threat response action is performed.

公开(公告)号：US12130909B1

公开(公告)日：2024-10-29

申请号：US17063618

申请日：2020-10-05

申请人： FireEye, Inc.

发明人： Steven Antonio Ross ,  Ai Quoc Duong ,  Larry Alan King ,  John Patrick Young

IPC分类号： G06F21/55 ,  G06F21/56

CPC分类号： G06F21/552 ,  G06F21/561

摘要： A method performed by an enterprise search system to conduct an automated, computerized search for select operational attributes of a plurality of network devices is shown. The method comprises initiating the search via a user interface based on receipt of input information, which is used to form a query. The method then determines based on the query, one or more audits each specifying one or more tasks to be performed by at least a first network device to search for the select operational attributes. Subsequently, the method makes the one or more audits available to the first network device via a network, and receives, from the first network device, one or more responses to the query. The method may include generating one or more filter conditions to apply to results of executing the one or more tasks to yield the select operational attributes when included in the results.

公开(公告)号：US20240356971A1

公开(公告)日：2024-10-24

申请号：US18637358

申请日：2024-04-16

申请人： Sentinelone, Inc.

发明人： Venu Vissamsetty ,  Anil Gupta ,  Harinath Vishwanath Ramchetty

IPC分类号： H04L9/40 ,  G06F21/55 ,  G06F21/56 ,  H04L41/12 ,  H04L61/4505 ,  H04L61/4523 ,  H04L61/5007

CPC分类号： H04L63/1491 ,  G06F21/554 ,  G06F21/566 ,  H04L41/12 ,  H04L61/4505 ,  H04L61/5007 ,  H04L63/1416 ,  G06F2221/2123 ,  H04L61/4523

摘要： Endpoints in a network execute a sensor module that intercepts commands. The sensor module compares a source of commands to a sanctioned list of applications received from a management server. If the source does not match a sanctioned application and the command is a write or delete command, the command is ignored and a simulated acknowledgment is sent. If the command is a read command, deception data is returned instead. In some embodiments, certain data is protected such that commands will be ignored or modified to refer to deception data where the source is not a sanctioned application. The source may be verified to be a sanctioned application by evaluating a certificate, hash, or path of the source. Responses from an active directory server may be intercepted and modified to reference a decoy server when not addressed to a sanctioned application. Requests to view network resources may be responded to with references to a decoy server.

公开(公告)号：US20240354411A1

公开(公告)日：2024-10-24

申请号：US18335130

申请日：2023-06-15

申请人： VMware, Inc.

发明人： Zhe WANG ,  Wenguang WANG ,  Enning XIANG ,  Jianhan ZHAN ,  Rajesh JOSEPH ,  Bing JIAO

IPC分类号： G06F21/56 ,  G06F9/455 ,  G06F21/55

CPC分类号： G06F21/566 ,  G06F9/45558 ,  G06F21/554 ,  G06F2009/45587 ,  G06F2221/034

摘要： Solutions for rapid ransomware detection and recovery include: receiving a first set of in-memory changed data blocks; identifying, within the first set of in-memory changed data blocks, a second set of in-memory changed data blocks addressed for storage within a file index for a virtual machine (VM) disk; determining, relative to a change history of the file index, an anomalous condition; based on at least determining the anomalous condition, identifying a third set of blocks within the file index that are changed between two versions of the VM disk; determining that changes in the third set of blocks indicate ransomware; and based on at least determining that changes in the third set of blocks indicate ransomware, generating an alert. Machine learning (ML) models may perform anomaly/ransomware detection. Remediation activities may include disk restoration storing the VM memory.

公开(公告)号：US20240354404A1

公开(公告)日：2024-10-24

申请号：US18302354

申请日：2023-04-18

申请人： Arm Limited

发明人： Dominic Phillip Mulligan ,  Brendan James Moran ,  Michael Bartling ,  Matthias Lothar Boettcher

IPC分类号： G06F21/55 ,  G06F21/53

CPC分类号： G06F21/554 ,  G06F21/53 ,  G06F21/552

摘要： A method to mitigate an attack initiated by a malicious actor by migration of the attacked process is provided. The method includes monitoring a process being executed from a first computing location on a computing device for a trigger indicating a potential attack and detecting the trigger indicating the potential attack. Responsive to detecting the trigger indicating the potential attack, initiating an attack countermeasure by migrating the process to execute in a second computing location isolated from the first computing location, thereby breaking access to information at the first computing location. A computing device is also provided that includes a processor, a memory, and instructions stored on the memory that when executed by the processor direct the computing device to monitor a process being executed from a first computing location on the computing device for a trigger indicating a potential attack and detect the trigger indicating the potential attack.

公开(公告)号：US12126636B2

公开(公告)日：2024-10-22

申请号：US17137193

申请日：2020-12-29

申请人： Darktrace Limited

发明人： Tom Dean ,  Jack Stockdale

IPC分类号： H04L9/40 ,  G06F21/55

CPC分类号： H04L63/1425 ,  G06F21/552 ,  H04L63/1441

摘要： Disclosed herein is a method for use in detection of anomalous behavior of a device of a computer system. The method is arranged to be performed by a processing system. The method includes deriving values, m1, . . . , mN, of a metric, M, representative of data associated with the device; modeling a distribution of the values; and determining, in accordance with the distribution of the values, the probability of observing a more extreme value of the metric than a given value, in, of the metric, wherein the probability is used to determine whether the device is behaving anomalously. Also disclosed is an equivalent computer readable medium and anomalous behavior detection system.

公开(公告)号：US12124573B1

公开(公告)日：2024-10-22

申请号：US18420905

申请日：2024-01-24

申请人： KOREA INTERNET & SECURITY AGENCY

发明人： Joon Hyung Lim ,  Tae Eun Kim ,  Ki Jong Son ,  Sae Woom Lee ,  Seul Ki Choi ,  Tae Hyeon Kim

IPC分类号： G06F21/55

CPC分类号： G06F21/554

摘要： An event processing method performed by a computing device is provided. The method may comprise receiving a plurality of events and generating a first event sequence in which the received events are sequentially arranged, determining first priorities for the events included in the first event sequence, using data output from a previously trained priority decision model, verifying the first priorities by comparing the first priorities with second priorities for the events included in the first event sequence, determining a feedback score for the first priorities based on results of the verification; and reinforcing the training of the priority decision model using the feedback score.

公开(公告)号：US12124570B2

公开(公告)日：2024-10-22

申请号：US17392449

申请日：2021-08-03

申请人： VMWARE, INC.

发明人： Sachin Pandurang Bochare ,  Amol Shivram Katkar ,  Vasantha Kumar Dhanasekar

IPC分类号： G06F21/55 ,  G06F21/56

CPC分类号： G06F21/552 ,  G06F21/554 ,  G06F21/565 ,  G06F21/566

摘要： Example methods are provided to build a smart file reputation cache at a cloud, and to provide the smart file reputation cache to an antivirus (AV) endpoint such as a virtualized computing instance in a virtualized computing environment. Training techniques can be used to build the smart file reputation cache at the cloud, based on information learned from existing AV endpoints and a management server. The smart file reputation can then be provided to newly installed AV endpoints for local access, instead of the AV endpoints sending file reputation requests to the cloud.

公开(公告)号：US12124314B2

公开(公告)日：2024-10-22

申请号：US17207299

申请日：2021-03-19

申请人： Intel Corporation

发明人： Alexander Gendler ,  Adwait Purandare ,  Ankush Varma ,  Nazar Haider ,  Daniela Kaufman ,  Gilad Bomstein ,  Shlomo Attias ,  Amit Gabai ,  Ariel Szapiro

IPC分类号： G06F1/324 ,  G06F1/28 ,  G06F21/55 ,  G06F21/56 ,  G06F21/71 ,  G06F21/81

CPC分类号： G06F1/324 ,  G06F1/28 ,  G06F21/554 ,  G06F21/566 ,  G06F21/71 ,  G06F21/81 ,  G06F2221/034

摘要： An adaptive or dynamic power virus control scheme (hardware and/or software) that dynamically adjusts maximum dynamic capacitance (CdynMax) and corresponding maximum frequency (P0nMax) setting per application executed on a processor core. A power management unit monitors telemetry such as a number of throttled cycles due to CdynMax threshold excursions cycles for the processor core and a cost of average cycle Cdyn cost for the processor core. As the number of throttling cycles increases for the processor core, the aCode firmware of the power management unit decides to increase the Cdyn level or threshold for that core (e.g., to make the threshold less aggressive). As the average Cdyn cost over a number of cycles becomes lower than a threshold, aCode adjusts the threshold to a lower threshold (e.g., more aggressive threshold) and lower Cdyn.