Patent application number | Description | Published |
20080240413 | CROSS-CORRELATION BASED ECHO CANCELLER CONTROLLERS - Cross-correlation based echo canceller controllers are described herein. By way of example, a system for controlling an echo canceller having one or more adaptive filters can include one or more adaptive filter controllers each corresponding to one of the one or more adaptive filters and each configured to halt adaptation of its corresponding adaptive filter according to the cross-correlation of its corresponding corrupted signal and its corresponding error signal of its corresponding adaptive filter. | 10-02-2008 |
20080240414 | HYBRID ECHO CANCELLER CONTROLLERS - Hybrid echo canceller controllers are described herein. By way of example, a system for controlling an echo canceller can include a signal indicator and an echo canceller controller. The signal indicator can be configured to indicate periods of near-end signal and to indicate periods of echo only with echo-path change in the corrupted signal based at least in part on cross-correlation between two signals associated with the echo canceller. The echo canceller controller can be configured to control the echo canceller according to indications from the signal indicator. | 10-02-2008 |
20080240415 | HYBRID ECHO CANCELLER CONTROLLERS - Hybrid echo canceller controllers are described herein. By way of example, a system for controlling an echo canceller can include a cross-correlator, a discriminator and an echo canceller controller. The cross-correlator can be configured to produce a cross-correlation based output that facilitates controlling the echo canceller by cross-correlating two signals associated with the echo canceller. The discriminator can be configured to produce a discriminator output that discriminates between near-end signal and echo in a corrupted signal. The echo canceller controller can be configured to control the echo canceller according to the cross-correlation based output and the discriminator output. | 10-02-2008 |
20090099988 | ACTIVE LEARNING USING A DISCRIMINATIVE CLASSIFIER AND A GENERATIVE MODEL TO DETECT AND/OR PREVENT MALICIOUS BEHAVIOR - A malicious behavior detection/prevention system, such as an intrusion detection system, is provided that uses active learning to classify entries into multiple classes. A single entry can correspond to either the occurrence of one or more events or the non-occurrence of one or more events. During a training phase, entries are automatically classified into one of multiple classes. After classifying the entry, a generated model for the determined class is utilized to determine how well an entry corresponds to the model. Ambiguous classifications along with entries that do not fit the model well for the determined class are selected for labeling by a human analyst The selected entries are presented to a human analyst for labeling. These labels are used to further train the classifier and the models. During an evaluation phase, entries are automatically classified using the trained classifier and a policy associated with determined class is applied. | 04-16-2009 |
20090265317 | CLASSIFYING SEARCH QUERY TRAFFIC - A method for classifying search query traffic can involve receiving a plurality of labeled sample search query traffic and generating a feature set partitioned into human physical limit features and query stream behavioral features. A model can be generated using the plurality of labeled sample search query traffic and the feature set. Search query traffic can be received and the model can be utilized to classify the received search query traffic as generated by a human or automatically generated. | 10-22-2009 |
20100192222 | MALWARE DETECTION USING MULTIPLE CLASSIFIERS - A method of identifying a malware file using multiple classifiers is disclosed. The method includes receiving a file at a client computer. The file includes static metadata. A set of metadata classifier weights are applied to the static metadata to generate a first classifier output. A dynamic classifier is initiated to evaluate the file and to generate a second classifier output. The method includes automatically identifying the file as potential malware based on at least the first classifier output and the second classifier output. | 07-29-2010 |
20100262693 | BOTTOM-UP ANALYSIS OF NETWORK SITES - An approach for identifying suspect network sites in a network environment entails using one or more malware analysis modules to identify distribution sites that host malicious content and/or benign content. The approach then uses a linking analysis module to identify landing sites that are linked to the distribution sites. These linked sites are identified as suspect sites for further analysis. This analysis can be characterized as “bottom up” because it is initiated by the detection of potentially problematic distribution sites. The approach can also perform linking analysis to identify a suspect network site based on a number of alternating paths between that network site and a set of distribution sites that are known to host malicious content. The approach can also train a classifier module to predict whether an unknown landing site is a malicious landing site or a benign landing site. | 10-14-2010 |
20110252032 | ANALYSIS OF COMPUTER NETWORK ACTIVITY BY SUCCESSIVELY REMOVING ACCEPTED TYPES OF ACCESS EVENTS - An analysis system is described for identifying potentially malicious activity within a computer network. It performs this task by interacting with a user to successively remove known instances of non-malicious activity, to eventually reveal potentially malicious activity. The analysis system interacts with the user by inviting the user to apply labels to identified examples of network behavior; upon response by the user, the analysis system supplies new examples of network behavior to the user. In one implementation, the analysis system generates such examples using a combination of feature-based analysis and graph-based analysis. The graph-based analysis relies on analysis of graph structure associated with access events, such as by identifying entropy scores for respective portions of the graph structure. | 10-13-2011 |
20120084859 | REALTIME MULTIPLE ENGINE SELECTION AND COMBINING - Architecture that selects a classification engine based on the expertise of the engine to process a given entity (e.g., a file). Selection of an engine is based on a probability that the engine will detect an unknown entity classification using properties of the entity. One or more of the highest ranked engines are activated in order to achieve the desired performance. A statistical, performance-light module is employed to skip or select several performance-demanding processes. Methods and algorithms are utilized for learning based on matching the best classification engine(s) to detect the entity class based on the entity properties. A user selection option is provided for specifying a maximum number of ranked, classification engines to consider for each state of the machine. A user can also select the minimum probability of detection for a specific entity (e.g., unknown file). The best classifications are re-evaluated over time as the classification engines are updated. | 04-05-2012 |
20120323829 | GRAPH-BASED CLASSIFICATION BASED ON FILE RELATIONSHIPS - A reliable automated malware classification approach with substantially low false positive rates is provided. Graph-based local and/or global file relationships are used to improve malware classification along with a feature selection algorithm. File relationships such as containing, creating, copying, downloading, modifying, etc. are used to assign malware probabilities and simultaneously reduce the false positive and false negative rates on executable files. | 12-20-2012 |
20140189864 | IDENTIFYING WEB PAGES IN MALWARE DISTRIBUTION NETWORKS - Technologies pertaining to analyzing content extracted from web pages by a static crawler to determine whether respective web pages are members of a malware distribution network (MDN) are described. A set of features is learned based upon output of a dynamic crawler over known landing pages of a particular MDN, wherein the set of features are indicative of membership in the MDN. Using such set of features, additional members of the MDN (not subjected to crawling by a dynamic crawler) are identified. | 07-03-2014 |