Joseph I Chen

US Patent:

6917708, Jul 12, 2005

Filed:

Jan 19, 2001

Appl. No.:

09/765772

Inventors:

Rodney M. Goodman - Altadena CA, US
Donal J. Woods - Los Angeles CA, US
Patricia A. Keaton - Woodland Hills CA, US
Joseph Chen - Pasadena CA, US

Assignee:

California Institute of Technology - Pasadena CA

International Classification:

G06K009/72

US Classification:

382186, 382229

Abstract:

A method of automatically recognizing text. The text is divided into whole words which are each recognize. Each whole word is characterized according to its silhouette. The silhouette is characterized by features in the silhouette such as upwardly extending “polls” and downwardly extending “holes”. The silhouette may also be characterized by its first syllable blends. Numbers are assigned to each of the different characteristics, and numbers may also be assigned based on analysis of a database of different kinds of cursive words. Recognition may be automatically carry out prior recognizing system which recognizes in this way.

US Patent:

8099784, Jan 17, 2012

Filed:

Feb 13, 2009

Appl. No.:

12/371501

Inventors:

Joseph Chen - Los Angeles CA, US
Jamie Jooyoung Park - Los Angeles CA, US

Assignee:

Symantec Corporation - Mountain View CA

International Classification:

G06F 11/00

US Classification:

726 23

Abstract:

To evade heuristic detection, malware is often designed to trick users into installing the malware by being packaged in a standard installer known to the user's computer for typically installing legitimate software. To prevent removal of the malware, the malware modifies or removes its uninstaller. A security module manages this type of evasion technique by monitoring and detecting installations performed on a computer. The module detects attempts to remove or modify the uninstaller for the application to render the uninstaller incapable of uninstalling the application. The module can intercept and block such attempts, and then analyze the application for malicious code. Where the application is determined to be malware, the module prevents malicious activity. The module can also use the malware's own uninstaller to uninstall the malware from the computer.

US Patent:

8135617, Mar 13, 2012

Filed:

Oct 18, 2007

Appl. No.:

11/975362

Inventors:

Michael N. Agostino - Glendale CA, US
Jason P. Fields - Los Angeles CA, US
Joseph Chen - Los Angeles CA, US
Yovav Meydad - Los Angeles CA, US
Jason Levine - Los Angeles CA, US
Michael Radford - Sierra Madre CA, US
David E. Benson - Pasadena CA, US
Christopher Starace - Pasadena CA, US
Eric J. Kim - Sherman Oaks CA, US

Assignee:

Snap Technologies, Inc. - Pasadena CA

International Classification:

G06Q 30/00

US Classification:

705 144, 705 11

Abstract:

The invention in some embodiments features a contextual content delivery system (CCDS) for enhancing conventional web content with pop-up bubbles that display information when a cursor hovers over a word, link, or icon. The CCDS is configured to identify words or links in a document, determine their context, select the appropriate bubble from a plural of bubble types for each of the words or links, select content for each bubble based, in part, on the context in which the words and hyperlinks are used. The context can be determined from various sources including the resource in which the word or link appears and the target resource to which the link points. Thereafter, the CCDS enhances the words or links so that bubbles are automatically invoked in response to the appropriate trigger.

US Patent:

8176556, May 8, 2012

Filed:

Oct 31, 2008

Appl. No.:

12/263128

Inventors:

Kamron Farrokh - Beverly Hills CA, US
Jamie Jooyoung Park - Los Angeles CA, US
Joseph Chen - Los Angeles CA, US

Assignee:

Symantec Corporation - Mountain View CA

International Classification:

H04L 29/06

US Classification:

726 23, 713188

Abstract:

A computer-implemented method for tracing attacks. The method may include identifying a first website and determining that the first website loads an attack remotely through a second website. The method may also include determining that the second website hosts the attack. The method may include performing a security action, such as blocking downloads from the second website, with respect to the second website. The attack may be a drive-by download. Corresponding systems and computer-readable media are also disclosed.

US Patent:

8225405, Jul 17, 2012

Filed:

Jan 29, 2009

Appl. No.:

12/362352

Inventors:

Christopher Peterson - Culver City CA, US
Joseph H. Chen - Los Angeles CA, US

Assignee:

Symantec Corporation - Mountain View CA

International Classification:

H04L 29/06

US Classification:

726 24, 726 23, 726 25, 713187, 713188

Abstract:

Unknown malicious code is heuristically detected on a host computer system. A virus signature for the malicious code is created locally on the host computer system. A blacklist on the host computer system is updated with the virus signature for the heuristically detected malicious code. Accordingly, the blacklist is updated with the virus signature of the heuristically detected malicious code without distribution of the virus signature to the general public. Further, the host computer system is scanned for other instances of the heuristically detected malicious code using the created virus signature. Accordingly, file based detection and remediation of the malicious code is achieved without requiring execution of the malicious code for detection and the associated risks.

US Patent:

8281399, Oct 2, 2012

Filed:

Mar 28, 2012

Appl. No.:

13/433259

Inventors:

Joseph Chen - Los Angeles CA, US
Allen Hair - Los Angeles CA, US

Assignee:

Symantec Corporation - Mountain View CA

International Classification:

G06F 21/00

US Classification:

726 24

Abstract:

A computer-implemented method for using property tables to perform non-iterative malware scans may include (1) obtaining at least one malware signature from a security software provider that identifies at least one property value for an item of malware, (2) accessing a property table for a computing device that identifies property values shared by one or more application packages installed on the computing device and, for each property value, each application package that shares the property value in question, and (3) determining, by comparing each property value identified in the malware signature with the property table, whether any of the application packages match the malware signature without having to iterate through the individual property values of each application package. Various other methods, systems, and computer-readable media are also disclosed.

US Patent:

8302191, Oct 30, 2012

Filed:

Mar 13, 2009

Appl. No.:

12/404249

Inventors:

Robert Conrad - Culver City CA, US
Christopher Peterson - Culver City CA, US
Joseph H. Chen - Los Angeles CA, US

Assignee:

Symantec Corporation - Mountain View CA

International Classification:

G06F 21/00

US Classification:

726 23, 726 22

Abstract:

A submission filtering component filters malware related content received for analysis. The submission filtering component determines an analysis priority rating for each source from which malware related content is received. An analysis priority ratings is based on various factors indicative of how likely the source is to transmit malware related content that is important to analyze. The malware filtering component transforms the received stream of malware related content into a subset to be analyzed, based on the analysis priority ratings associated with sources from which malware related content is received. A malware analysis component analyzes the subset of malware related content.

US Patent:

8302194, Oct 30, 2012

Filed:

Oct 26, 2009

Appl. No.:

12/606163

Inventors:

Robert Conrad - Culver City CA, US
Joseph Chen - Los Angeles CA, US

Assignee:

Symantec Corporation - Mountain View CA

International Classification:

G06F 12/14
G06F 7/04
G06F 11/30
G06F 15/173
G06F 15/16
H04L 29/06
H04L 9/32

US Classification:

726 24, 726 25, 726 26, 713151, 713165, 713168, 713187, 713188, 709224, 709225, 709232

Abstract:

The prevalence rate of a file to be subject to behavior based heuristics analysis is determined, and the aggressiveness level to use in the analysis is adjusted, responsive to the prevalence rate. The aggressiveness is set to higher levels for lower prevalence files and to lower levels for higher prevalence files. Behavior based heuristics analysis is applied to the file, using the set aggressiveness level. In addition to setting the aggressiveness level, the heuristic analysis can also comprise dynamically weighing lower prevalence files as being more likely to be malicious and higher prevalence files as being less likely. Based on the applied behavior based heuristics analysis, it is determined whether or not the file comprises malware. If it is determined that the file comprises malware, appropriate steps can be taken, such as blocking, deleting, quarantining and/or disinfecting the file.