Gaurav M Dalal

US Patent:

20220237293, Jul 28, 2022

Filed:

Apr 19, 2022

Appl. No.:

17/724419

Inventors:

- Broomfield CO, US
Gaurav Dalal - San Jose CA, US
Reza Yoosoofmiya - San Diego CA, US

International Classification:

G06F 21/56
G06N 20/00
G06N 20/10

Abstract:

Aspects of the present disclosure relate to threat detection of executable files. A plurality of static data points may be extracted from an executable file without decrypting or unpacking the executable file. The executable file may then be analyzed without decrypting or unpacking the executable file. Analysis of the executable file may comprise applying a classifier to the plurality of extracted static data points. The classifier may be trained from data comprising known malicious executable files, known benign executable files and known unwanted executable files. Based upon analysis of the executable file, a determination can be made as to whether the executable file is harmful.

US Patent:

20230079326, Mar 16, 2023

Filed:

Nov 22, 2022

Appl. No.:

17/992180

Inventors:

- Sunnyvale CA, US
Gaurav Mitesh Dalal - Fremont CA, US
Ali Mesdaq - San Jose CA, US

International Classification:

H04L 9/40
G06N 20/00
G06F 16/957
G06F 40/205
H04L 61/4511

Abstract:

Aspects of the disclosure relate to identifying legitimate websites and removing false positives from domain discovery analysis. Based on a list of known legitimate domains, a computing platform may generate a baseline dataset of feature vectors corresponding to the known legitimate domains. Subsequently, the computing platform may receive information identifying a first domain for analysis and may execute one or more machine learning algorithms to compare the first domain to the baseline dataset. Based on execution of the one or more machine learning algorithms, the computing platform may generate first domain classification information indicating that the first domain is a legitimate domain. In response to determining that the first domain is a legitimate domain, the computing platform may send one or more commands directing a domain identification system to remove the first domain from a list of indeterminate domains maintained by the domain identification system.

US Patent:

20210374526, Dec 2, 2021

Filed:

Mar 30, 2021

Appl. No.:

17/217903

Inventors:

- Sunnyvale CA, US
Gaurav Mitesh Dalal - Fremont CA, US
Ali Mesdaq - San Jose CA, US

International Classification:

G06N 3/08
G06F 16/28
G06N 3/04

Abstract:

A domain processing system receives or collects raw data containing sample domains each having a known class identity indicating whether a domain is conducting an email campaign. The domain processing system extracts features from each of the sample domains and selects features of interest from the features, including at least a feature particular to a seed domain and features particular to email activities over a time line that includes days before and after a domain creation date. The features of interest are used to create feature vectors which, in turn, are used to train a machine learning model, the training including optimizing a neural network structure iteratively until stopping criteria are satisfied. The trained model functions as an email campaign domain classifier operable to classify candidate domains with unknown class identities such that each of the candidate domain is classified as conducting or not conducting an email campaign.

US Patent:

20210250327, Aug 12, 2021

Filed:

Sep 21, 2020

Appl. No.:

17/027575

Inventors:

- Sunnyvale CA, US
Ali Mesdaq - San Jose CA, US
Kevin Dedon - Austin TX, US
Michael Fox - Lago Vista TX, US
Gaurav Dalal - Fremont CA, US

International Classification:

H04L 29/12
G06F 16/9535

Abstract:

Disclosed is a domain filter capable of determining an n-gram distance between a seed domain and each of a plurality of candidate domains. The domain filter loads a seed domain n-gram for the seed domain and a candidate domain n-gram for each candidate domain in memory, compares the seed domain n-gram and the candidate domain n-gram to identify any identical grams, removes any identical grams from the seed domain n-gram, and determines how many grams are left in the seed domain n-gram, representing the n-gram distance between the seed domain and the candidate domain. The domain filter then compares n-gram distances thus determined with a predetermined threshold, eliminates any candidate domain having an n-gram distance from the seed domain that exceeds the predetermined threshold, and provides remaining candidate domains to a downstream computing facility such as a user interface or an analytical module operating in an enterprise computing environment.

US Patent:

20200304540, Sep 24, 2020

Filed:

Dec 18, 2019

Appl. No.:

16/718809

Inventors:

- Sunnyvale CA, US
Gaurav Mitesh Dalal - Fremont CA, US
Ali Mesdaq - San Jose CA, US

International Classification:

H04L 29/06
G06N 20/00
G06F 40/205
H04L 29/12
G06F 16/957

Abstract:

Aspects of the disclosure relate to identifying legitimate websites and removing false positives from domain discovery analysis. Based on a list of known legitimate domains, a computing platform may generate a baseline dataset of feature vectors corresponding to the known legitimate domains. Subsequently, the computing platform may receive information identifying a first domain for analysis and may execute one or more machine learning algorithms to compare the first domain to the baseline dataset. Based on execution of the one or more machine learning algorithms, the computing platform may generate first domain classification information indicating that the first domain is a legitimate domain. In response to determining that the first domain is a legitimate domain, the computing platform may send one or more commands directing a domain identification system to remove the first domain from a list of indeterminate domains maintained by the domain identification system.

US Patent:

20200184073, Jun 11, 2020

Filed:

Feb 14, 2020

Appl. No.:

16/791649

Inventors:

- Broomfield CO, US
Gaurav Dalal - San Jose CA, US
Reza Yoosoofmiya - San Diego CA, US

International Classification:

G06F 21/56
G06N 20/00

Abstract:

Aspects of the present disclosure relate to threat detection of executable files. A plurality of static data points may be extracted from an executable file without decrypting or unpacking the executable file. The executable file may then be analyzed without decrypting or unpacking the executable file. Analysis of the executable file may comprise applying a classifier to the plurality of extracted static data points. The classifier may be trained from data comprising known malicious executable files, known benign executable files and known unwanted executable files. Based upon analysis of the executable file, a determination can be made as to whether the executable file is harmful.

US Patent:

20160335435, Nov 17, 2016

Filed:

May 12, 2015

Appl. No.:

14/709875

Inventors:

- Broomfield CO, US
Gaurav Dalal - San Jose CA, US
Reza Yoosoofmiya - San Diego CA, US

International Classification:

G06F 21/56
G06N 99/00

Abstract:

Aspects of the present disclosure relate to threat detection of executable files. A plurality of static data points may be extracted from an executable file without decrypting or unpacking the executable file. The executable file may then be analyzed without decrypting or unpacking the executable file. Analysis of the executable file may comprise applying a classifier to the plurality of extracted static data points. The classifier may be trained from data comprising known malicious executable files, known benign executable files and known unwanted executable files. Based upon analysis of the executable file, a determination can be made as to whether the executable file is harmful.

US Patent:

20150033341, Jan 29, 2015

Filed:

Jul 24, 2014

Appl. No.:

14/340297

Inventors:

- Broomfield CO, US
Gaurav Dalal - Carlsbad CA, US
Timur Kovalev - Broomfield CO, US

International Classification:

H04L 29/06
G06N 99/00

US Classification:

726 23

Abstract:

Aspects of the present disclosure relate to systems and methods for detecting a threat of a computing system. In one aspect, a plurality of instances of input data may be received from at least one sensor. A feature vector based upon at least one instance of the plurality of instances of input data may be generated. The feature vector may be sent to a classifier component, where a threat assessment score is determined for the feature vector. The threat assessment score may be determined by combining information associated with the plurality of instances of input data. A threat assignment may be assigned to the at least one instance of data based on the determined threat assessment score. The threat assignment and threat assessment score may be disseminated.