Ho Fai Sean Lam

US Patent:

20220217164, Jul 7, 2022

Filed:

Mar 23, 2022

Appl. No.:

17/702687

Inventors:

- Santa Clara CA, US
Suiqiang Deng - Fremont CA, US
Sheng Yang - Santa Clara CA, US
Ho Yu Lam - Santa Clara CA, US

International Classification:

H04L 9/40
G06N 5/02

Abstract:

Detection of malicious files is disclosed. A set comprising a plurality of sample classification models is received and stored. A determination is made that n-gram analysis should be performed on a sequence of received packets associated with a received file. Performing the n-gram analysis includes using a determined filetype associated with the sequence of received packets to select at least one stored sample classification model included in the set for use in performing the n-gram analysis. A determination is made that the received file is malicious based at least in part on the n-gram analysis of the sequence of received packets. In response to determining that the file is malicious, propagation of the received file is prevented.

US Patent:

20210019412, Jan 21, 2021

Filed:

Jul 19, 2019

Appl. No.:

16/517465

Inventors:

- Santa Clara CA, US
Suiqiang Deng - Fremont CA, US
Sheng Yang - Santa Clara CA, US
Ho Yu Lam - Santa Clara CA, US

International Classification:

G06F 21/56
G06N 20/00

Abstract:

Generating models usable by data appliances to perform inline malware analysis is disclosed. A set of features, including a plurality of n-grams, extracted from a set of files is received. A reduced set of features is determined that includes at least some of the plurality of n-grams. The reduced set of features is used to generate a model usable by a data appliance to perform inline malware analysis.

US Patent:

20210021611, Jan 21, 2021

Filed:

Jul 19, 2019

Appl. No.:

16/517463

Inventors:

- Santa Clara CA, US
Suiqiang Deng - Fremont CA, US
Sheng Yang - Santa Clara CA, US
Ho Yu Lam - Santa Clara CA, US

International Classification:

H04L 29/06
G06N 5/02

Abstract:

Detection of malicious files is disclosed. A set comprising one or more sample classification models is stored on a networked device. N-gram analysis is performed on a sequence of received packets associated with a received file. Performing the n-gram analysis includes using at least one stored sample classification model. A determination is made that the received file is malicious based at least in part on the n-gram analysis of the sequence of received packets. In response to determining that the file is malicious, propagation of the received file is prevented.

US Patent:

20190089677, Mar 21, 2019

Filed:

Sep 15, 2017

Appl. No.:

15/705512

Inventors:

- Santa Clara CA, US
Ho Yu Lam - Santa Clara CA, US
Robert Tesh - Morgan Hill CA, US
Xuanyu Jin - San Jose CA, US
Paul Theodore Mathison - San Jose CA, US
Qiuming Li - San Jose CA, US
Taylor Ettema - San Jose CA, US

International Classification:

H04L 29/06

Abstract:

Techniques for fine-grained firewall policy enforcement using session APP ID and endpoint process ID correlation are disclosed. In some embodiments, a system/process/computer program product for fine-grained firewall policy enforcement using session APP ID and endpoint process ID correlation includes receiving, at a network device on an enterprise network, process identification (ID) information from an endpoint (EP) agent executed on an EP device, in which the process identification information identifies a process that is initiating a network session from the EP device on the enterprise network; monitoring network communications associated with the network session at the network device to identify an application identification (APP ID) for the network session; and performing an action based on a security policy using the process ID information and the APP ID.

US Patent:

20180332079, Nov 15, 2018

Filed:

Jul 9, 2018

Appl. No.:

16/030594

Inventors:

- Santa Clara CA, US
Ho Yu Lam - Santa Clara CA, US
Xuanyu Jin - San Jose CA, US
Suiqiang Deng - Fremont CA, US
Taylor Ettema - San Jose CA, US
Robert Tesh - Morgan Hill CA, US

International Classification:

H04L 29/06
G06F 17/30

Abstract:

Techniques for an efficient and secure store for credentials enforcement using a firewall are disclosed. In some embodiments, a system, process, and/or computer program product for an efficient and secure store for credentials enforcement using a firewall includes receiving a space-efficient and secure data structure, such as bloom filter, from an agent executed on an authentication server, in which the bloom filter is generated by the agent based on a transformation of a plurality of user credentials extracted from the authentication server and/or intercepted at the authentication server; storing the bloom filter on the network device (e.g., in a cache on the network device); and monitoring network traffic at the network device to perform credentials enforcement using the bloom filter.

US Patent:

20180309721, Oct 25, 2018

Filed:

Apr 4, 2018

Appl. No.:

15/945129

Inventors:

- Santa Clara CA, US
Ho Yu Lam - Santa Clara CA, US
Xuanyu Jin - San Jose CA, US
Suiqiang Deng - Fremont CA, US
Taylor Ettema - San Jose CA, US
Robert Tesh - Morgan Hill CA, US

International Classification:

H04L 29/06
G06F 21/31
G06F 21/55

Abstract:

Techniques for credentials enforcement using a firewall are disclosed. In some embodiments, a system, process, and/or computer program product for enforcement using a firewall includes storing a plurality of user credentials at a network device; monitoring network traffic at the network device to determine if there is a match with one or more of the plurality of user credentials; and performing an action if the match is determined.