Determining Exploit Prevention using Machine Learning

US 20190319978A1
Filed: 04/13/2018
Published: 10/17/2019
Est. Priority Date: 04/13/2018
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

at least one processor; and

memory coupled to the at least one processor, the memory comprising computer executable instructions that, when executed by the at least one processor, performs a method comprising;

obtaining process information for a list of processes running on a computing device;

transmitting the process information to a machine learning system for exploit prevention;

applying, to the computing device, received process configuration settings from the machine learning system;

monitoring stability data for one or more processes corresponding to the applied process configuration settings; and

transmitting the stability data to the machine learning system.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Examples of the present disclosure describe systems and methods for determining exploit prevention software settings using machine learning. In aspects, exploit prevention software may be used to identify processes executing on a computing device. Metadata for the identified processes may be determined and transmitted to a machine learning system. The machine learning system may use an exploit prevention model to determine exploit prevention configuration settings for each of the processes, and may transmit the configuration setting to the computing device. The computing device may implement the configuration settings to protect the processes and monitor the stability of the protected processes as they execute. The computing device may transmit the stability data to the machine-learning system. The machine-learning system may then modify the exploit prevention model based on the stability data.

17 Citations

View as Search Results

20 Claims

1. A system comprising:
- at least one processor; and
  
  memory coupled to the at least one processor, the memory comprising computer executable instructions that, when executed by the at least one processor, performs a method comprising;
  
  obtaining process information for a list of processes running on a computing device;
  
  transmitting the process information to a machine learning system for exploit prevention;
  
  applying, to the computing device, received process configuration settings from the machine learning system;
  
  monitoring stability data for one or more processes corresponding to the applied process configuration settings; and
  
  transmitting the stability data to the machine learning system.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the process information comprises metadata for the one or more processes, wherein the metadata corresponds to at least one of a process identifier, methods or functions used by the one or more processes, and objects used during execution of the one or more processes.
  - 3. The system of claim 1, wherein obtaining the process information comprises generating one or more hash values for the list of processes, and wherein the one or more hash values are transmitted to the machine learning system.
  - 4. The system of claim 1, wherein the process configuration settings were generated using the process information, and comprise at least one configuration setting for each process identified in the process information.
  - 5. The system of claim 1, wherein applying the received process configuration settings comprises at least one of:
    - restarting the computing device, restarting one or more processes, modifying previously-configured configuration settings, and recompiling a file.
  - 6. The system of claim 1, wherein monitoring the stability data comprises at least one of:
    - collecting system health statistics for the computing device, collecting performance statistics for the one or more processes, evaluating process status, evaluating event files, and evaluating checkpoints in executing code.
  - 7. The system of claim 1, wherein the method further comprises:
    - evaluating the stability data; and
      
      when the stability data indicates a decrease in the stability of one or more processes, reducing, by the computing device, exploit protection provided by the process configuration settings.

8. A system comprising:
- at least one processor; and
  
  memory coupled to the at least one processor, the memory comprising computer executable instructions that, when executed by the at least one processor, performs a method comprising;
  
  receiving, at a machine learning system, process information for a list of processes running on a computing device;
  
  based on the process information, determining process configuration settings for one or more processes in the list of processes;
  
  transmitting the process configuration settings to the computing device;
  
  receiving stability data from the computing device, wherein the stability data represent process stability of the one or more processes in the list of processes; and
  
  adjusting a machine learning model using the stability data.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 9. The system of claim 8, wherein the process information comprises one or more hash values and metadata for one or more processes in the list of processes.
  - 10. The system of claim 9, wherein determining the process configuration settings comprises comparing the hash values to one or more data sources, wherein the one or more data sources comprise a set of hash values and corresponding process configuration settings.
  - 11. The system of claim 10, wherein, when the comparison determines a match between the one or more hash values and the set of hash values, the process configuration settings corresponding to the matched hash value in the set of hash values is assigned to the respective hash value in the one or more hash values.
  - 12. The system of claim 8, wherein determining the process configuration settings comprises providing the process information to a machine learning model configured to generate the process configuration settings.
  - 13. The system of claim 12, wherein generating the process configuration settings comprises:
    - determining a first hash value in the process information;
      
      using an approximation algorithm to determine at least a second hash value similar to the first hash value; and
      
      assigning a process configuration setting associated with the second hash value to the first hash value.
  - 14. The system of claim 8, wherein the determined process configuration settings are presented on a user interface, wherein the user interface is configured to receive a selection of one or more of the determined process configuration settings.
  - 15. The system of claim 8, wherein the stability data corresponds to at least one of:
    - process uptime, resource utilization, task execution speed, task completion satisfaction, and security events.
  - 16. The system of claim 8, wherein the method further comprises evaluating the stability data, wherein evaluating the stability data comprises at least one of:
    - comparing the stability data to previously received stability data, comparing the stability data to benchmark stability data, and performing trend analysis on the stability data.
  - 17. The system of claim 16, wherein evaluating the stability data further comprises:
    - generating one or more metrics for the stability data; and
      
      and applying the one or more metrics to the stability data, wherein the one or more metrics indicate at least one of a level of stability, a priority, and a recency for a process configuration setting.
  - 18. The system of claim 8, wherein adjusting the machine learning model comprises training the machine learning model to provide improved process configuration settings.
  - 19. The system of claim 18, wherein improved process configuration settings reduce at least one of:
    - a number of process crashes and a number of process errors generated.

20. A system comprising:
- at least one processor; and
  
  memory coupled to the at least one processor, the memory comprising computer executable instructions that, when executed by the at least one processor, performs a method comprising;
  
  obtaining process information for a list of processes running on a computing device;
  
  transmitting the process information to a machine learning system for exploit prevention;
  
  based on the process information, determining process configuration settings for one or more processes in the list of processes;
  
  transmitting the process configuration settings to the computing device;
  
  applying, to the computing device, the process configuration settings;
  
  monitoring stability data for the one or more processes corresponding to the applied process configuration settings, wherein the stability data represent process stability of the one or more processes;
  
  transmitting the stability data to the machine learning system; and
  
  adjusting a machine learning model using the stability data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Carbonite LLC (Open Text Corporation)
Original Assignee
Webroot Inc. (Open Text Corporation)
Inventors
Giffard, Jonathan

Granted Patent

US 11,159,553 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/2255   Hash tables

G06N 20/00   Machine learning

H04L 63/101   Access control lists [ACL]

H04L 63/1433   Vulnerability analysis

Determining Exploit Prevention using Machine Learning

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Determining Exploit Prevention using Machine Learning

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links