Field
This disclosure relates to systems for detecting malicious software in a computing system and methods and computer-related media related thereto.
Description of the Related Art
With millions of online resources that are available via millions of corresponding uniform resource locators (URLs), organizations have difficulty monitoring and identifying those information access requests that are associated with malicious content, such as malware or other malicious code. For example, tens of thousands of new malicious software programs are discovered each day, many of which are spread to users via online resources and, when executed, may transmit sensitive information from an organizations computer network to external (malicious) computing system. Thus, such malicious programs can compromise the security of computing systems.
Disclosed herein are various systems, methods, and computer-readable media for detecting malicious software and/or otherwise undesirable access of online resources in a computing system, such as among a network of computers of an organization. At least some of the systems, methods, and media can analyze data, such as URL data items, transmitted by computing systems within a local network in order to identify the infected systems and/or systems that have or are likely to access undesirable online resources, thereby improving functioning of the local network. The disclosed systems, methods, and media also improve functioning of at least one computing system by reducing the data to be analyzed to those data items most likely associated with malicious software, significantly improving processing speed when determining potentially malicious addresses. It should be appreciated that the systems, methods, and media involve processing large pluralities of data that could not be done by a human. For example, a log of URLs transmitted by computing systems within a local network may include hundreds of thousands, millions, tens of millions, hundreds of millions, or even billions of data items, and may consume significant storage and/or memory. Parsing of URLs, obtaining additional information regarding URLs from external data sources, scoring the URLs based on multiple criteria, and selecting URLs potentially associated with malicious behavior, as well as other processes described herein, cannot feasibly be performed manually, especially in a time frame wherein potentially malicious URLs may be identified early enough to reduce impact of the malicious behavior.
The systems, methods, and devices described herein each have several aspects, no single one of which is solely responsible for its desirable attributes. Without limiting the scope of this disclosure, several non-limiting features will now be discussed briefly.
In at least one embodiment, a computer system to identify malicious Uniform Resource Locator (URL) data items from a plurality of unscreened data items that have not been previously identified as associated with malicious URLs is described. The system can have one, some, or all of the following features as well as other features described herein. The system can comprise one or more computer readable storage devices configured to store one or more software modules including computer executable instructions. The plurality of unscreened data items can be associated with communications between computerized devices within a local network and external resources. The unscreened data items can comprise a plurality of device identifiers for the computerized devices and a plurality of URLs referencing the external resources. The system can comprise a network connection configured to access, from a remote network not within the local network, a list of domain names satisfying a ranking condition based on Internet traffic data.
The foregoing systems also can have one, some, or all of the following features as well as other features described herein. The system can comprise one or more hardware computer processors in communication with the one or more computer readable storage devices and configured to execute the one or more software modules in order to cause the computer system to access, from the one or more computer readable storage devices, the plurality of unscreened data items. The computer processors can be configured to execute the one or more software modules in order to cause the computer system to identify, from the plurality of unscreened data items, a plurality of connection records, each of the connection records indicating a communication from a computerized device to an external resource at a specific time, such that each of the connection records is associated with a device identifier and a URL. The computer processors can be configured to execute the one or more software modules in order to cause the computer system to identify, from the plurality of connection records, one or more connection records having a common device identifier, the identified one or more connection records associated with one or more URLs. The computer processors can be configured to execute the one or more software modules in order to cause the computer system to parse the one or more URLs for one or more domain names, each of the one or more URLs associated with a domain name. The computer processors can be configured to execute the one or more software modules in order to cause the computer system to, based on a determination that none of the one or more domain names satisfies a threshold position in the list of domain names, designate the one or more URLs as possible malicious URL data items. The computer processors can be configured to execute the one or more software modules in order to cause the computer system to assign a score based on a plurality of factors relating to the possible malicious URL data items, the factors comprising the determination that none of the one or more domain names satisfies the threshold position in the list of domain names.
The foregoing systems also can have one, some, or all of the following features as well as other features described herein. The plurality of unscreened data items can comprise a plurality of beaconing malware-related data items and the one or more hardware computer processors further can be configured to execute the one or more software modules in order to cause the computer system to access, from the one or more computer readable storage devices, the plurality of beaconing malware-related data items. The computer processors can be configured to execute the one or more software modules in order to cause the computer system to generate, based on the accessed beaconing malware-related data items, a plurality of connection pairs, each of the connection pairs indicating communications between an internal source within the local network and an external destination that is not within the local network. The computer processors can be configured to execute the one or more software modules in order to cause the computer system to identify a plurality of connection pairs having a common internal source and a common external destination. The computer processors can be configured to execute the one or more software modules in order to cause the computer system to generate a time series of connection pairs based on the identified plurality of connection pairs. The computer processors can be configured to execute the one or more software modules in order to cause the computer system to filter out noise from the at least one time series to generate a filtered at least one time series. The computer processors can be configured to execute the one or more software modules in order to cause the computer system to compute a variance in the filtered at least one time series. The computer processors can be configured to execute the one or more software modules in order to cause the computer system to, based on a determination that the variance satisfies a threshold, designate a connection pair associated with the filtered at least one time series as a seed, the designated connection pair including the common internal source and the common external source. The computer processors can be configured to execute the one or more software modules in order to cause the computer system to generate a data item cluster based on the designated seed. Generating the data item cluster can comprise adding the designated seed to the data item cluster. Generating the data item cluster can comprise accessing, from the one or more computer readable storage devices, the clustering strategy. Generating the data item cluster can comprise adding to the data item cluster, based on the clustering strategy, one or more beaconing malware-related data items determined to be associated with the designated seed. The computer processors can be configured to execute the one or more software modules in order to cause the computer system to score the generated data item cluster, the factors comprising the data item cluster score.
The foregoing systems also can have one, some, or all of the following features as well as other features described herein. The one or more computer readable storage devices can be configured to store a plurality of domain names associated with URLs in communications from computerized devices within a local network from a period of time. The one or more hardware computer processors further can be configured to execute the one or more software modules in order to cause the computer system to access, from the one or more computer readable storage devices, the plurality of domain names. The one or more hardware computer processors further can be configured to execute the one or more software modules in order to cause the computer system to, based on a determination that none of the one or more domain names is included in the plurality of domain names, designate the one or more URLs as possible malicious URL data items. The factors can comprise the determination that none of the one or more domain names is included in the plurality of domain names.
The foregoing systems also can have one, some, or all of the following features as well as other features described herein. The one or more computer readable storage devices can be configured to store a plurality of dictionary words. The one or more hardware computer processors further can be configured to execute the one or more software modules in order to cause the computer system to access, from the one or more computer readable storage devices, the plurality of dictionary words. The one or more hardware computer processors further can be configured to execute the one or more software modules in order to cause the computer system to, based on a determination that none of the one or more domain names is included in the plurality of dictionary words, designate the one or more URLs as possible malicious URL data items. The factors can comprise the determination that none of the one or more domain names is included in the plurality of dictionary words.
The foregoing systems also can have one, some, or all of the following features as well as other features described herein. The one or more computer readable storage devices can be configured to store a plurality of filepaths associated with URLs in communications from computerized devices within a local network from a period of time. The one or more hardware computer processors further can be configured to execute the one or more software modules in order to cause the computer system to access, from the one or more computer readable storage devices, the plurality of filepaths. The one or more hardware computer processors further can be configured to execute the one or more software modules in order to cause the computer system to parse a URL for an associated filepath. The one or more hardware computer processors further can be configured to execute the one or more software modules in order to cause the computer system to, based on a determination that the filepath is included in the plurality of filepaths, designate the URL as a possible malicious URL data item. The factors can comprise the determination that the filepath is included in the plurality of filepaths.
The foregoing systems also can have one, some, or all of the following features as well as other features described herein. The one or more computer readable storage devices can be configured to store a distribution of n-grams for filepaths associated with a domain name having a rank indicating that the domain name is associated with a amount of Internet traffic. The one or more computer readable storage devices can be configured to store a second distribution of n-grams for filepaths associated with the domain name. The one or more hardware computer processors further can be configured to execute the one or more software modules in order to cause the computer system to compare the expected distribution of n-grams to the actual distribution of n-grams. The factors can comprise a variance between the distributions.
The foregoing systems also can have one, some, or all of the following features as well as other features described herein. The network connection can be configured to access, from a remote network not within the local network, an Internet search engine providing an autocomplete function that automatically displays words to complete a query entered into the search engine. The network connection can be configured to receive from the remote network the words suggested by the autocomplete function. The one or more computer readable storage devices can be configured to store a list of words associated with malicious software. The one or more hardware computer processors further can be configured to execute the one or more software modules in order to cause the computer system to transmit to the Internet search engine a query comprising a domain name associated with a URL. The one or more hardware computer processors further can be configured to execute the one or more software modules in order to cause the computer system to receive words displayed by the search engine in response to the query. The factors can comprise the received words that are also included in the list of words.
The foregoing systems also can have one, some, or all of the following features as well as other features described herein. The network connection can be configured to access, from a remote network not within the local network, an Internet service providing WHOIS and/or DNS registration data to receive from the remote network domain registration data. The one or more hardware computer processors further can be configured to execute the one or more software modules in order to cause the computer system to transmit to the Internet search engine a query comprising a domain name associated with a URL. The one or more hardware computer processors further can be configured to execute the one or more software modules in order to cause the computer system to receive a domain registration date in response to the query. The factors can comprise the received domain registration date.
The foregoing systems also can have one, some, or all of the following features as well as other features described herein. The score can be based on a Support Vector Machine model, a Neural Network model, a Decision Tree model, a Naïve Bayes model, or a Logistic Regression model.
A general architecture that implements the various features of the disclosed systems, methods, and media will now be described with reference to the drawings. The drawings and the associated descriptions are provided to illustrate embodiments and not to limit the scope of the disclosure. For instance, the flow charts described herein do not imply a fixed order to the steps, and embodiments of may be practiced in any order that is practicable.
In the drawings, the first one or two digits of each reference number typically indicate the figure in which the element first appears. Throughout the drawings, reference numbers may be reused to indicate correspondence between referenced elements. Nevertheless, use of different numbers does not necessarily indicate a lack of correspondence between elements. And, conversely, reuse of a number does not necessarily indicate that the elements are the same.
This disclosure relates to computing systems for detecting activities that are indicative of cyber threats, such as beaconing activities, phishing activities, denial of service (DOS) activities, and/or other malicious software execution. As used herein, “malicious software” refers to unwanted software, such as software that causes an internal resource within a local network to transmit data and/or communicate with an external resource, e.g., outside the local network, without authorization by a user or administrator of the internal resource. For example, a computing system can identify malicious URL data items from a large plurality of unscreened data items that have not been previously identified as associated with malicious URLs, such as in a proxy log. As used herein, “malicious URL” refers to a character string including alphabetic, numeric, and punctuation characters transmitted by an internal resource within a local network. The term “external resource” is a broad term and is to be given its ordinary and customary meaning to a person of ordinary skill in the art (i.e., it is not to be limited to a special or customized meaning) and includes, without limitation, physical and virtual computers, networks, servers, machines, and cloud computing resources.
In general, and as discussed in greater detail in relation to
System Structure
The outbound data connection log 102 includes a large plurality of data items, such as thousands, millions, tens of millions, hundreds of millions, or even billions of data items. In one embodiment, such data items include the IP addresses of internal resources, within the local network, that have attempted to communicate with an external resource outside the local network. The outbound data connection log 102 can also include a time, such as a time stamp indicating year, month, day, hour, minute, and/or second, associated with each attempted connection. The outbound data connection log 102 can also include a character string relating to the attempted connection. An example character string may be a URL. Such a URL can generally resemble the form: schm://3LD.2LD.TLD/filepath. The portion “schm” represents the scheme or prefix, such as ftp, http, mailto, and the like. The portion “3LD” is a combination of alphabetic characters, numbers, and/or hyphens representing the third level domain. The portion “2LD” is a combination of alphabetic characters, numbers, and/or hyphens representing the second level domain. The portion “TLD” represents the top level domain, such as com, org, edu, gov, and the like. The portion “filepath” is a textual string that can include numeric, alphabetic, and punctuation characters such as backslashes, hyphens, question marks, periods, and the like. As used herein, and unless specified otherwise, the term “domain name” refers to the combination of the 2LD and the TLD. An example domain name has the form example.com.
Suitable program instructions are also executed by a computer processor in order to cause the computing system of
A scoring processor 106 executes a scoring process on the identified subset of data items. The scoring process can implement machine learning. The score indicates the relative likelihood that a particular data item is associated with a cyber threat, such as being transmitted in response to a command by malicious software. For example, data items with a high score can be more likely to be malicious than items with a low score, or vice versa.
Optionally, suitable program instructions stored on a non-transitory computer readable storage medium can be executed by a computer processor in order to cause the computing system of
An output group of data items from the subset of the post-filters 108A, 108B is then passed to output 110. If post-filtering is not performed the scored data items, the scored data items from scoring processor 106 can be passed to output 110. The output 110 can be used, for example, to alert system administrators when a computer is likely to be infected with malicious software. The output 110 can also be used to improve as feedback for improving the scoring process.
Timing Pre-Filter
An optional pre-filter of the one or more pre-filters 104A, 104B, 104C, 104D is a timing pre-filter. When implemented in the foregoing system 100 of
As explained above, if a computing system becomes infected by malicious software, the computing system may attempt to connect to an external resource outside the local network by transmitting a malicious URL (or a group of such URLs) at some regular interval. Ordinarily, these malicious URLs are sent during a time of the computing system is likely to be used (such as during the work day), in order to camouflage the unwanted connection attempt among ordinary network traffic. Certain embodiments include the inventive realization that a system can identify possibly malicious URLs transmitted by a computing system by inferring whether a user is actively using the computer system. If the computing system attempted to connect to a particular external resource when the user was not inferred to be actively using the computer system, the external resource is more likely to be malicious. The external resource is even more likely to be malicious when the external resource is not inferred to be benign. As used here, benign refers to external resources providing safe or wanted connections or services.
There are a number of methods for inferring whether a user is actively using a computing system. An example method is discussed with reference to
The local IP addresses, URLs, and times can be logically associated as connection records indicating a particular communication from a particular computerized device to a particular external resource at a particular time, such that each of the connection records is associated with a particular device identifier, a particular URL, and a particular time.
As shown in block 204 of
According to block 206, the system can execute suitable program instructions for determining if the communication occurred at a time when the computer was communicating with known, good external resource(s). In this regard, the connection records can be limited to those connection records occurring within a certain period of time (e.g., a 1 minute block, a 5 minute block, a 15 minute block, an hour block etc.). Each of the identified connection records will have an associated URL. The system can parse the one or more URLs for one or more domain names, such that each of the one or more URLs is associated with a particular first domain name. Suitable parsing techniques are known in the art and include regular expression matching. A network connection of the system accesses, from a remote network not within the local network, a list of domain names satisfying a ranking condition based on Internet traffic data. Example networks and lists include the “top websites” ranking provided by Alexa Internet, Inc. and the Google Display Network Ad Planner ranking provided by Google, Inc. In a non-limiting embodiment, the program instructions can allow the system to evaluate whether a particular connection occurred during a period of time when a particular device identifier (such as an IP address) also transmitted a URL to a domain name within the top 10,000 Alexa traffic rank. Suitable ranking conditions include, but are not limited to, inclusion in the Alexa traffic rank or Google Display Network Ad Planner, or inclusion above a particular position in the Alexa traffic rank or Google Display Network Ad Planner. For example, a domain name may appear in the top-10,000 Alexa traffic rank or the top-1,000 Alexa traffic rank.
Referring next to block 208, if a particular communication did not occur at a time when the computer was communicating with ranked external resources, the system software can designate the associated URL as a possibly malicious URL data item.
The designated URL (along with other URLs similarly identified) can then be passed to the scoring processor 106 of
Beaconing Malware Pre-Filter
An optional pre-filter of the one or more pre-filters 104A, 104B, 104C, 104D is a beaconing malware pre-filter. When implemented in the foregoing system 100 of
According to various embodiments, beaconing malware-related data entity seeds (referred to herein as “beaconing seeds”) may be generated by the system as described below in reference to
In an embodiment, and as described below, the beaconing malware pre-filter system may be used in a network environment in which an internal network is in communication with an external network. The system may be used to determine whether any computer systems of the internal network have been infected by beaconing malware that is communicating with computer systems of the external network. Various computerized devices may be included in the internal network that may be capable to capturing and/or logging data traffic between the internal network and the external network including, for example, network routers and/or switches.
Beaconing Malware Pre-Filter: Seed Generation
Referring to
At block 313, the system may generate internal-external connection pairs. Each of the internal-external connection pairs may include a particular internal IP address and a particular external IP address and/or domain that was contacted by the internal IP address. At block 314, time series of the generated internal-external connection pairs may be generated. For example, the system may determine sets of connection pairs that have common internal IP addresses and external IP addresses or domains. Then, for each set, a time series may be generated that represents each point in time that the same or a similar connection is made between a particular internal IP address and external IP address or domains. Each of the time series may span a particular time period. For example, each time series may span a number of days, weeks, months, or years. Thus, a connection pair time-series (or simply “connection pair series” or “connection series”), may indicate multiple connections made between a particular internal and external IP address (or domain or other device identifier) and/or a periodicity or other pattern indicating when the connections were made. The internal-external connection pairs may be plotted along each time series for the particular time period.
At block 316, the beaconing malware pre-filter system may filter out any noise in each time series. For example, the connection pairs in each connection series may be analyzed in order to identify any connection pairs of the particular connection series that should be indicated as noise. Noise in a connection series may include, for example, any internal-external connection pairs that have a low likelihood of being related to beaconing activity and/or to malicious activity. Various filter criteria may be applied to filter out noise. Examples of noise filtering criteria may include, but are not limited to: filter 316A, which detects frequently established connections, such as the same or similar connection pairs (for example, multiple connection pairs from the same internal IP to the same external IP and/or domain) that occur with short intervals (or deltas) of time between them (for example, intervals on the order of seconds, or intervals that are shorter than are typically employed by beaconing malware); filter 316B, which detects connection pairs that have only been occurring for a short period of time (for example, for a week or less); filter 316C, which detects connection pairs with popular or well-known legitimate external domains (for example, a third-party produced list of popular domains may be used by the system); and/or filter 316D, which detects connection pairs made by legitimate software for, for example, software updates (in an embodiment, this filter criteria may be applied on a per-computer system basis, such that a determination may be made regarding the legitimacy of particular pieces of software on each individual computer system).
Once connection pairs that include noise, or which are not likely related to beaconing malware, are filtered from each connection series, at block 317 a beaconing score may be computed for each connection pair series. A beaconing score may be computed in any of various ways. One example of computing a beaconing score is shown in block 317A. In the example of block 317A, the system may calculate a variance of the particular connection pair series. The variance may, for example, provide an indication of the regularity, or periodicity, of the connection pairs over time. Higher variances may indicate that the connection pair is less likely to be related to malware beaconing activity, as malware beaconing activity may generally occur at very regular intervals. Thus, lower variances may indicate that the connection pair is more likely to be related to malware beaconing activity. Another example of computing a beaconing score is shown in block 317B. In the example of block 317B, the system may calculate a mean of the particular connection pair series. The mean may, for example, provide an indication of the average time between each connection pair over time. Particular mean values, for example, a particular number of days, weeks, and/or months, may indicate higher or lower likelihood that the connection series is related to malware beaconing activity. In another example, some combination of a variance and a mean of a connection pair series may be used by the system as a beaconing score (for example, a variance divided or normalized by a mean or a mean squared). In an embodiment, the variance is calculated based on an average of squared differences from the mean time between connections in a time series.
At block 318, the system may determine which connection pairs have beaconing scores that satisfy a particular threshold. For example, the system may determine that any beaconing pairs having beaconing scores below a particular variance are likely to represent malware beaconing activity. Accordingly, the beaconing malware pre-filter system may designate and use those connection pairs as seeds. Thus, the method 310B may be used to generate seeds including a connection pair (e.g., an internal IP address and an external IP address or domain) that may be used by the beaconing malware pre-filter system in a beaconing malware detection application.
Beaconing Malware Pre-Filter: Cluster Generation
Turning now to
At block 324, any data entities that are related to the seed may be clustered. Clustering of data entities may be accomplished as generally described above, in which data bindings are executed and/or searching and filtering are performed (through, for example, a generic interface to various data sources) as part of a clustering strategy. Additionally, as described above, clustered data entities may be related by, for example, sharing the same or similar properties, characteristics, and/or metadata. Examples of data entities that may be clustered include, but are not limited to: users (for example, persons having accounts on particular computer systems), internal IP addresses, internal IP addresses that connect to external domains, internal computer systems, internal computer systems that connect to external domains, external IP addresses, external domains, external IP addresses associated with external domains, other data feed data entities (for example, data entities drawn from public and/or private whitelists or blacklists, such as data entities representing known bad domains, known good domains, known bad IP addresses, and the like), host-based events (such as, for example, virus scan alerts and/or logged events, intrusion prevention system alerts and/or logged events, and the like), and the like.
Returning again to
In an embodiment, the various clustered data entities may include various properties and characteristics, including information regarding data communications and requests between internal and external computer systems. For example, a given connection pair (or seed) may represent multiple connections over a period of time (as described above in reference to
Beaconing Malware Pre-Filter: Cluster Scoring
Turning now to
At block 334, the beaconing malware pre-filter system may access and/or receive beaconing scoring criteria. The beaconing scoring criteria may include any number of rules or scoring strategies such that multiple scores may be generated for each cluster. Several non-limiting examples of beaconing scoring criteria may include: a number of external domains in the cluster known to be malicious; a number of blacklists on which an external domain in the cluster appears; a trustworthiness (and/or number) of blacklists on which external domains in the cluster appear; a number and/or severity of host-based events in the cluster (such as, for example, virus scan alerts and/or logged events, intrusion prevention system alerts and/or logged events, and the like); a number of requests and/or connections between internal and external network devices associated with the cluster that were blocked by a proxy, router, or other appliance linking the internal network to the external network; and/or an average request size (for example, an amount of data transmitted) between the internal and external devices associated with the cluster (for example, smaller request sizes may indicate a higher likelihood that the activity is related to beaconing activity).
At block 336, the beaconing scoring criteria may be applied to the clusters and cluster scores may be generated. In an embodiment, each cluster score may include an absolute value and/or a weighted value as described above in reference to
At block 342, a metascore may be generated for the clusters. The cluster metascore may be based on a combination or aggregation of the individual scores generated in block 336. Alternatively, the metascores may be separately determined scores. In an embodiment, a metascore may be calculated by summing, multiplying, and/or otherwise aggregating or averaging the various individual scores together. The metascore may, in an embodiment, capture the relative importance of each of the individual scores by weighting each of the individual scores in a manner similar to that described above with reference to
In an embodiment, the beaconing malware pre-filter system may automatically evaluate the generated clusters to determine a likelihood that a given cluster represents beaconing malware activity. For example, the system may determine that a cluster having a metascore below a particular threshold is likely not related to beaconing malware activity, while a cluster having a metascore above another particular threshold likely is beaconing malware activity. In other words, based on the various score and metascores, a cluster that is more likely to be associated with beaconing malware can be passed to the scoring processor of
“New” Pre-Filters
Optional pre-filters of the one or more pre-filters 104A, 104B, 104C, 104D are designated herein as “new” pre-filters. When implemented in the foregoing system 100 of
New Pre-Filters: New Domain Names
As shown in block 402, suitable program instructions stored on a non-transitory computer readable storage medium are executed by a computer processor in order to cause the computing system of
Referring next to block 408, if a particular communication is associated with a “new” domain name, that is, a domain name that has not been accessed by the local network for a period of time, the system software can designate the associated URL as a possibly malicious URL data item.
New Pre-Filters: New Filepath
As shown in block 422, suitable program instructions stored on a non-transitory computer readable storage medium are executed by a computer processor in order to cause the computing system of
Referring next to block 428, if a particular communication is the same as or similar to an “old” filepath, that is, a filepath that already has been accessed by the local network, the system software can designate the associated URL as a possibly malicious URL data item.
After completing the generalized processes of
Domain Pre-Filters
Other optional pre-filters of the one or more pre-filters 104A, 104B, 104C, 104D are referred to herein as “domain” pre-filters. When implemented in the foregoing system 100 of
Domain Pre-Filters: Dictionary Filtering
As shown in block 502, suitable program instructions stored on a non-transitory computer readable storage medium are executed by a computer processor in order to cause the computing system of
Referring next to block 508, if a particular communication is not associated with any dictionary words, for example, if the 2LD consists of a random string of alphabetic characters and numbers, the system software can designate the associated URL as a possibly malicious URL data item. In certain embodiments, the system software can designated an associated URL as a possibly malicious URL data item if it contains a number of non-English words.
Domain Pre-Filters: Rank Filtering
As shown in block 522, suitable program instructions stored on a non-transitory computer readable storage medium are executed by a computer processor in order to cause the computing system of
Referring next to block 548, if a particular communication is not associated a ranked domain name or a domain name that does not meet a particular ranking threshold, the system software can designate the associated URL as a possibly malicious URL data item.
After completing the generalized processes of
Byte Count Pre-Filter
An optional pre-filter of the one or more pre-filters 104A, 104B, 104C, 104D is a byte count pre-filter. When implemented in the foregoing system 100 of
The designated URL (along with other URLs similarly identified) can then be passed to the scoring processor 106 of
Other Pre-Filters
The foregoing pre-filters are provided by way of example. Additional pre-filters can be incorporated in various embodiments. For example, a number of vectors are described below. Any or all of such vectors can be applied as pre-filters to improve processing speed by reducing the number of data items passed to the scoring processor. Additional pre-filters include the following (which can also or alternatively be applied as vectors): URL length less than a threshold value and whether the filepath for the URL contains a particular substring, such as “cmd,” that can be associated with potentially malicious URLs.
Scoring
As explained above with reference to
Vector: N-Grams
An optional vector is an n-gram vector. When implemented in the foregoing scoring processor 106 of
An n-gram is a unique sequence of N consecutive characters. URL 700 of
In at least one embodiment, suitable program instructions stored on a non-transitory computer readable storage medium are executed by a computer processor in order to cause the computing system of
Suitable program instructions stored on a non-transitory computer readable storage medium are further executed by a computer processor in order to cause the computing system of
As shown in block 722, the system can access data for an expected n-gram distribution for a benign domain name. In block 724, the system determines the actual distribution for a particular domain name. In block 726, the expected n-gram distribution and actual distribution are compared. As shown in block 728, if the variance between the distributions exceeds a threshold, the URL associated with that domain name can be identified as possibly malicious. The variance and/or other suitable parameters relating to the n-grams can be output to the scoring processor discussed below.
Vector: Autocomplete
An optional vector is an autocomplete vector. When implemented in the foregoing scoring processor 106 of
As shown in block 802, suitable program instructions stored on a non-transitory computer readable storage medium are executed by a computer processor in order to cause the computing system of
As shown in
According to block 808 of
Vector: Registration Date
An optional vector is a domain name registration date vector. When implemented in the foregoing scoring processor 106 of
As shown in block 902, suitable program instructions stored on a non-transitory computer readable storage medium are executed by a computer processor in order to cause the computing system of
The system can parse the response to the query to identify the value associated with the “created” or “creation” date or another suitable field reflecting the domain name registration date. According to block 906 of
Vector: Additional Examples
Table 1 includes additional examples of vectors. When implemented in the foregoing scoring processor 106 of
It should be understood that the foregoing vectors are provided as examples. Additional or alternative vectors can be incorporated in the scoring process. For example, still other additional or alternative vectors include the following (which can also or alternatively be applied as pre-filters): number of destination IP addresses; total number of connections; the number of connections made to “good” or ranked domains in the period of time a URL was transmitted; the percentage of connections made to “good” or ranked domains the period of time a URL was transmitted; the number of potentially malicious connections for a computer; the percentage of potentially malicious connections compared to all connections for a computer; the number of time period blocks (e.g., 10-minute blocks, 1-hour blocks) with potentially malicious connections; the percentage of connections to a domain name or IP address that have a URL path; the average number of “I” characters in a filepath; and the variance in connections per unit time (such as connections per hour) for a particular domain name or IP address.
Scoring: Machine Learning
In at least one embodiment, the system uses machine learning techniques to identify a URL as malicious. Machine learning comprises at least two phases: training and evaluation.
It is desirable for the data inputted to the machine learning to be representative of the real world scenarios in which the machine learning techniques will ultimately be applied. Thus, as discussed above, the data used to derive the model can be taken directly from actual proxy logs.
The model also takes as input a disposition determined by a human analyst with expertise in diagnosing a URL as benign or malicious. The human analyst reviews the vectors, makes a determination that the URL is benign, malicious, or unknown, and enters the disposition into the machine learning algorithm along with the vectors. It is desirable to have fewer unknown samples, though at the same time is understood in the art that conclusively resolved benign/malicious dispositions can be difficult and expensive to obtain.
Next, as shown in block 1004, a machine learning method is applied to the corpus. The methods by which training can be done include, but are not limited to Support Vector Machines, Neural Networks, Decision Trees, Naïve Bayes, Logistic Regression, and other techniques from supervised, semi-supervised, and unsupervised training. The training or “model-derivation” may be practiced with any of the above techniques so long as they can yield a method for classifying URLs as benign or malicious. The corpus need not be analyzed in one batch. Machine learning can be refined over time by inputting additional vectors and associated dispositions. In block 1006, suitable program instructions stored on a non-transitory computer readable storage medium are executed by a computer processor in order to cause the computing system of
Once the training is sufficient and a model is derived, the model can be used to automatically evaluate new instances of URLs that are presented to the computer or computer network in practice. In this regard, there is a second evaluation phase, wherein the model is applied to the vectors to determine whether a URL is likely malicious or benign.
Scoring: Example User Interfaces
As discussed in the preceding section, URLs and vectors associated with the URLs can be presented to a human analyst. Such data can be presented via one or more user interfaces. The data can be displayed to facilitate disposition of the data for training the machine learning model. The data can also be displayed to allow for review of model output when URLs are automatically evaluated by the computing system.
Beaconing Malware Pre-Filter: Example User Interface
An example user interface is discussed with reference to
At optional block 344, analyst (or other user) feedback may optionally be used in future scoring by the beaconing malware pre-filter system. For example, if the analyst determines that a particular domain, identified by the system as potentially malicious, is not malicious, this information may be used by the system in future scoring of clusters. For example, the domain determined by the analyst to not be malicious may be whitelisted, or less weight may be applied to scores related to that domain.
In the example user interface of
According to an embodiment, various items of information may be included in the user interface that may be useful to an analyst in evaluating and/or investigating the generated clusters. For example, metascores associated with each of the generated clusters may be shown in the list of clusters 382, and/or the clusters may be prioritized according to the metascores. In another example, absolute values and/or weighted values may be displayed in the list of scores 384 for each score. In another example, the detailed view 386 may include a graph that shows additional information related to the selected score. For example, in
According to various embodiments, the beaconing malware pre-filter system as applied to beaconing malware detection may advantageously enable an analyst to detect and proactively remove an item of malware from various computer systems. Further, according to various embodiments the beaconing malware pre-filter system as applied to beaconing malware detection may advantageously enable an analyst to block particular domains determined to be related to beaconing malware, and/or take other step to protect and internal network from attack.
As explained above, in an embodiment, the beaconing malware pre-filter system may automatically evaluate the generated clusters to determine a likelihood that a given cluster represents beaconing malware activity. For example, the system may determine that a cluster having a metascore below a particular threshold is likely not related to beaconing malware activity, while a cluster having a metascore above another particular threshold likely is beaconing malware activity. In an embodiment, the system may determine that a cluster having a metascore within a particular range of thresholds requires additional analysis by an analyst as the likelihood of beaconing malware activity is not conclusive. In an embodiment, an analyst may adjust the thresholds, the metadata calculations, and/or the weighting applied to the scores. Further, the analyst may marks various clusters as, for example, beaconing malware, likely beaconing malware, likely not beaconing malware, and/or not beaconing malware. Additionally, the analyst may dispatch other analysts to review particular clusters and/or mark particular clusters for further analysis.
Additionally, in an embodiment a cluster graph similar to the cluster illustration of
Malicious Software Detection: Example User Interfaces
An example user interface for the computer-implemented malicious software detection system is discussed with reference to
With the table of
Additionally, in certain embodiments a drill down view similar to the illustration of
Post-Filters
As discussed above with reference to
Post-filters are particularly advantageous to improve the accuracy of the machine learning model. For example, an analyst may desire to increase the number of potentially malicious URLs passed to scoring processor 106 to provide more data points for machine learning training. After the potentially malicious URLs are scored, the scored URLs can be filtered with a post-filter to reduce the number of URLs passed to a human analyst for quality assurance checks. The human analyst can create a disposition for each of the filtered URLs and feed the disposition back into the machine learning model.
Post-filters are also useful to reduce costs or increase processing speed associated with scoring. For instance, executing queries to third-party services such as VirusTotal and WHOIS lookups take significant time and, in some instance, incur additional expense for pay services. Accordingly, in some embodiments, vectors associated with third-party services can be excluded from the scoring process and selectively implemented in post-filters, e.g., by a human analyst.
A computer-implemented system accesses a server's proxy log. The system is configured to execute the timing pre-filter and the beaconing malware pre-filter to identify potentially malicious URLs. An additional pre-filter is executed on the URLs identified by the beaconing malware pre-filer to filter out domain names that are not ranked in Alexa Internet's list of the top-1000 or top-10,000 websites. This subset of data items is likely to have been transmitted in response to a command by malicious software than items that are not in the subset.
The scoring processor executes a scoring process on the subset of data items, using at least four vectors including n-grams (e.g., variance from expected distribution), dictionary filtering (contains at least one word in dictionary), autocomplete (autocomplete results include at least one malware-related keyword), and pre-filter hit count. The score calculated according to the machine learning model indicates the relative likelihood that a particular data item was transmitted in response to a command by malicious software.
After scoring, a post-filter can automatically filter out data items to reduce the number of data items sent to a human analyst. For example, because uncommonly accessed domain names are more likely to be malicious than commonly accessed domain names, a post-filter can automatically filter out data items where fewer than ten computers on the network (for example, ten distinct IP addresses) have attempted to access the domain name. Additional post-filters can then be executed by a human analyst reviewing the filtered data items on a user interface. For example, the human analyst can execute VirusTotal and DNS queries as post-filters to assist disposition of URLs that the scoring process could not conclusively resolve as malicious or benign. The human analyst can create a disposition for each of the filtered URLs and feed the disposition back into the machine learning model.
Implementation Mechanisms
According to one embodiment, the techniques described herein are implemented by one or more special-purpose computing devices. The special-purpose computing devices may be hard-wired to perform the techniques, or may include digital electronic devices such as one or more application-specific integrated circuits (ASICs) or field programmable gate arrays (FPGAs) that are persistently programmed to perform the techniques, or may include one or more general purpose hardware processors programmed to perform the techniques pursuant to program instructions in firmware, memory, other storage, or a combination. Such special-purpose computing devices may also combine custom hard-wired logic, ASICs, or FPGAs with custom programming to accomplish the techniques. The special-purpose computing devices may be desktop computer systems, server computer systems, portable computer systems, handheld devices, networking devices or any other device or combination of devices that incorporate hard-wired and/or program logic to implement the techniques.
Computing device(s) are generally controlled and coordinated by operating system software, such as iOS, Android, Chrome OS, Windows XP, Windows Vista, Windows 7, Windows 8, Windows Server, Windows CE, Unix, Linux, SunOS, Solaris, iOS, Blackberry OS, VxWorks, or other compatible operating systems. In other embodiments, the computing device may be controlled by a proprietary operating system. Conventional operating systems control and schedule computer processes for execution, perform memory management, provide file system, networking, I/O services, and provide a user interface functionality, such as a graphical user interface (“GUI”), among other things.
For example,
Computer system 1200 includes a bus 1202 or other communication mechanism for communicating information, and a hardware processor, or multiple processors, 1204 coupled with bus 1202 for processing information. Hardware processor(s) 1204 may be, for example, one or more general purpose microprocessors.
Computer system 1200 also includes a main memory 1206, such as a random access memory (RAM), cache and/or other dynamic storage devices, coupled to bus 1202 for storing information and instructions to be executed by processor 1204. Main memory 1206 also may be used for storing temporary variables or other intermediate information during execution of instructions to be executed by processor 1204. Such instructions, when stored in storage media accessible to processor 1204, render computer system 1200 into a special-purpose machine that is customized to perform the operations specified in the instructions.
Computer system 120 further includes a read only memory (ROM) 1208 or other static storage device coupled to bus 1202 for storing static information and instructions for processor 1204. A storage device 1210, such as a magnetic disk, optical disk, or USB thumb drive (Flash drive), etc., is provided and coupled to bus 1202 for storing information and instructions.
Computer system 1200 may be coupled via bus 1202 to a display 1212, such as a cathode ray tube (CRT) or LCD display (or touch screen), for displaying information to a computer user. An input device 1214, including alphanumeric and other keys, is coupled to bus 1202 for communicating information and command selections to processor 1204. Another type of user input device is cursor control 1216, such as a mouse, a trackball, or cursor direction keys for communicating direction information and command selections to processor 1204 and for controlling cursor movement on display 1212. This input device typically has two degrees of freedom in two axes, a first axis (e.g., x) and a second axis (e.g., y), that allows the device to specify positions in a plane. In some embodiments, the same direction information and command selections as cursor control may be implemented via receiving touches on a touch screen without a cursor.
Computing system 1200 may include a user interface module to implement a GUI that may be stored in a mass storage device as executable software codes that are executed by the computing device(s). This and other modules may include, by way of example, components, such as software components, object-oriented software components, class components and task components, processes, functions, attributes, procedures, subroutines, segments of program code, drivers, firmware, microcode, circuitry, data, databases, data structures, tables, arrays, and variables.
In general, the word “module,” as used herein, refers to logic embodied in hardware or firmware, or to a collection of software instructions, possibly having entry and exit points, written in a programming language, such as, for example, Java, Lua, C or C++. A software module may be compiled and linked into an executable program, installed in a dynamic link library, or may be written in an interpreted programming language such as, for example, BASIC, Perl, or Python. It will be appreciated that software modules may be callable from other modules or from themselves, and/or may be invoked in response to detected events or interrupts. Software modules configured for execution on computing devices may be provided on a computer readable medium, such as a compact disc, digital video disc, flash drive, magnetic disc, or any other tangible medium, or as a digital download (and may be originally stored in a compressed or installable format that requires installation, decompression or decryption prior to execution). Such software code may be stored, partially or fully, on a memory device of the executing computing device, for execution by the computing device. Software instructions may be embedded in firmware, such as an EPROM. It will be further appreciated that hardware modules may be comprised of connected logic units, such as gates and flip-flops, and/or may be comprised of programmable units, such as programmable gate arrays or processors. The modules or computing device functionality described herein are preferably implemented as software modules, but may be represented in hardware or firmware. Generally, the modules described herein refer to logical modules that may be combined with other modules or divided into sub-modules despite their physical organization or storage
Computer system 1200 may implement the techniques described herein using customized hard-wired logic, one or more ASICs or FPGAs, firmware and/or program logic which in combination with the computer system causes or programs computer system 1200 to be a special-purpose machine. According to one embodiment, the techniques herein are performed by computer system 1200 in response to processor(s) 1204 executing one or more sequences of one or more instructions contained in main memory 1206. Such instructions may be read into main memory 1206 from another storage medium, such as storage device 1210. Execution of the sequences of instructions contained in main memory 1206 causes processor(s) 1204 to perform the process steps described herein. In alternative embodiments, hard-wired circuitry may be used in place of or in combination with software instructions.
The term “non-transitory media,” and similar terms, as used herein refers to any media that store data and/or instructions that cause a machine to operate in a specific fashion. Such non-transitory media may comprise non-volatile media and/or volatile media. Non-volatile media includes, for example, optical or magnetic disks, such as storage device 1210. Volatile media includes dynamic memory, such as main memory 1206. Common forms of non-transitory media include, for example, a floppy disk, a flexible disk, hard disk, solid state drive, magnetic tape, or any other magnetic data storage medium, a CD-ROM, any other optical data storage medium, any physical medium with patterns of holes, a RAM, a PROM, and EPROM, a FLASH-EPROM, NVRAM, any other memory chip or cartridge, and networked versions of the same.
Non-transitory media is distinct from but may be used in conjunction with transmission media. Transmission media participates in transferring information between non-transitory media. For example, transmission media includes coaxial cables, copper wire and fiber optics, including the wires that comprise bus 1202. Transmission media can also take the form of acoustic or light waves, such as those generated during radio-wave and infra-red data communications.
Various forms of media may be involved in carrying one or more sequences of one or more instructions to processor 1204 for execution. For example, the instructions may initially be carried on a magnetic disk or solid state drive of a remote computer. The remote computer can load the instructions into its dynamic memory and send the instructions over a telephone line using a modem. A modem local to computer system 1200 can receive the data on the telephone line and use an infra-red transmitter to convert the data to an infra-red signal. An infra-red detector can receive the data carried in the infra-red signal and appropriate circuitry can place the data on bus 1202. Bus 1202 carries the data to main memory 1206, from which processor 1204 retrieves and executes the instructions. The instructions received by main memory 1206 may retrieve and execute the instructions. The instructions received by main memory 1206 may optionally be stored on storage device 1210 either before or after execution by processor 1204.
Computer system 1200 also includes a communication interface 1218 coupled to bus 1202. Communication interface 1218 provides a two-way data communication coupling to a network link 1220 that is connected to a local network 1222. For example, communication interface 1218 may be an integrated services digital network (ISDN) card, cable modem, satellite modem, or a modem to provide a data communication connection to a corresponding type of telephone line. As another example, communication interface 1218 may be a local area network (LAN) card to provide a data communication connection to a compatible LAN (or WAN component to communicated with a WAN). Wireless links may also be implemented. In any such implementation, communication interface 1218 sends and receives electrical, electromagnetic or optical signals that carry digital data streams representing various types of information.
Network link 1220 typically provides data communication through one or more networks to other data devices. For example, network link 1220 may provide a connection through local network 1222 to a host computer 1224 or to data equipment operated by an Internet Service Provider (ISP) 1226. ISP 1226 in turn provides data communication services through the world wide packet data communication network now commonly referred to as the “Internet” 1228. Local network 1222 and Internet 1228 both use electrical, electromagnetic or optical signals that carry digital data streams. The signals through the various networks and the signals on network link 1220 and through communication interface 1218, which carry the digital data to and from computer system 1200, are example forms of transmission media.
Computer system 1200 can send messages and receive data, including program code, through the network(s), network link 1220 and communication interface 1218. In the Internet example, a server 1230 might transmit a requested code for an application program through Internet 1228, ISP 1226, local network 1222 and communication interface 1218.
The received code may be executed by processor 1204 as it is received, and/or stored in storage device 1210, or other non-volatile storage for later execution.
Each of the processes, methods, and algorithms described in the preceding sections may be embodied in, and fully or partially automated by, code modules executed by one or more computer systems or computer processors comprising computer hardware. The processes and algorithms may be implemented partially or wholly in application-specific circuitry.
The various features and processes described above may be used independently of one another, or may be combined in various ways. All possible combinations and subcombinations are intended to fall within the scope of this disclosure. In addition, certain method or process blocks may be omitted in some implementations. The methods and processes described herein are also not limited to any particular sequence, and the blocks or states relating thereto can be performed in other sequences that are appropriate. For example, described blocks or states may be performed in an order other than that specifically disclosed, or multiple blocks or states may be combined in a single block or state. The example blocks or states may be performed in serial, in parallel, or in some other manner. Blocks or states may be added to or removed from the disclosed example embodiments. The example systems and components described herein may be configured differently than described. For example, elements may be added to, removed from, or rearranged compared to the disclosed example embodiments. In addition, the inventions illustratively disclosed herein suitably may be practiced in the absence of any element which is not specifically disclosed herein.
Conditional language, such as, among others, “can,” “could,” “might,” or “may,” unless specifically stated otherwise, or otherwise understood within the context as used, is generally intended to convey that certain embodiments include, while other embodiments do not include, certain features, elements and/or steps. Thus, such conditional language is not generally intended to imply that features, elements and/or steps are in any way required for one or more embodiments or that one or more embodiments necessarily include logic for deciding, with or without user input or prompting, whether these features, elements and/or steps are included or are to be performed in any particular embodiment.
Any process descriptions, elements, or blocks in the flow diagrams described herein and/or depicted in the attached figures should be understood as potentially representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps in the process. Alternate implementations are included within the scope of the embodiments described herein in which elements or functions may be deleted, executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those skilled in the art.
It should be emphasized that many variations and modifications may be made to the above-described embodiments, the elements of which are to be understood as being among other acceptable examples. All such modifications and variations are intended to be included herein within the scope of this disclosure. The foregoing description details certain embodiments of the invention. It will be appreciated, however, that no matter how detailed the foregoing appears in text, the invention can be practiced in many ways. As is also stated above, it should be noted that the use of particular terminology when describing certain features or aspects of the invention should not be taken to imply that the terminology is being re-defined herein to be restricted to including any specific characteristics of the features or aspects of the invention with which that terminology is associated. The scope of the invention should therefore be construed in accordance with the appended claims and any equivalents thereof.
This application is a continuation of U.S. patent application Ser. No. 14/698,432, filed Apr. 28, 2015, which claims the benefit of U.S. patent application Ser. No. 14/616,080 (now U.S. Pat. No. 9,043,894), filed Feb. 6, 2015, which claims the benefit of U.S. Provisional Application No. 62/076,314, filed Nov. 6, 2014, the entire contents of each of which are hereby expressly incorporated by reference herein in their entirety and for all purposes. In addition, any and all applications for which a foreign or domestic priority claim is identified in the Application Data Sheet as filed with the present application are also expressly incorporated by reference.
Number | Name | Date | Kind |
---|---|---|---|
5109399 | Thompson | Apr 1992 | A |
5329108 | Lamoure | Jul 1994 | A |
5632009 | Rao et al. | May 1997 | A |
5670987 | Doi et al. | Sep 1997 | A |
5781704 | Rossmo | Jul 1998 | A |
5798769 | Chiu et al. | Aug 1998 | A |
5845300 | Comer | Dec 1998 | A |
5978475 | Schneier et al. | Nov 1999 | A |
6057757 | Arrowsmith et al. | May 2000 | A |
6091956 | Hollenberg | Jul 2000 | A |
6161098 | Wallman | Dec 2000 | A |
6219053 | Tachibana et al. | Apr 2001 | B1 |
6232971 | Haynes | May 2001 | B1 |
6247019 | Davies | Jun 2001 | B1 |
6253203 | O'Flaherty et al. | Jun 2001 | B1 |
6279018 | Kudrolli et al. | Aug 2001 | B1 |
6341310 | Leshem et al. | Jan 2002 | B1 |
6366933 | Ball et al. | Apr 2002 | B1 |
6369835 | Lin | Apr 2002 | B1 |
6374251 | Fayyad et al. | Apr 2002 | B1 |
6456997 | Shukla | Sep 2002 | B1 |
6549944 | Weinberg et al. | Apr 2003 | B1 |
6560620 | Ching | May 2003 | B1 |
6567936 | Yang et al. | May 2003 | B1 |
6581068 | Bensoussan et al. | Jun 2003 | B1 |
6594672 | Lampson et al. | Jul 2003 | B1 |
6631496 | Li et al. | Oct 2003 | B1 |
6642945 | Sharpe | Nov 2003 | B1 |
6674434 | Chojnacki et al. | Jan 2004 | B1 |
6714936 | Nevin, III | Mar 2004 | B1 |
6725240 | Asad et al. | Apr 2004 | B1 |
6775675 | Nwabueze et al. | Aug 2004 | B1 |
6807569 | Bhimani et al. | Oct 2004 | B1 |
6820135 | Dingman | Nov 2004 | B1 |
6828920 | Owen et al. | Dec 2004 | B2 |
6839745 | Dingari et al. | Jan 2005 | B1 |
6877137 | Rivette et al. | Apr 2005 | B1 |
6976210 | Silva et al. | Dec 2005 | B1 |
6978419 | Kantrowitz | Dec 2005 | B1 |
6980984 | Huffman et al. | Dec 2005 | B1 |
6985950 | Hanson et al. | Jan 2006 | B1 |
7017046 | Doyle et al. | Mar 2006 | B2 |
7036085 | Barros | Apr 2006 | B2 |
7043702 | Chi et al. | May 2006 | B2 |
7055110 | Kupka et al. | May 2006 | B2 |
7069586 | Winneg et al. | Jun 2006 | B1 |
7139800 | Bellotti et al. | Nov 2006 | B2 |
7158878 | Rasmussen et al. | Jan 2007 | B2 |
7162475 | Ackerman | Jan 2007 | B2 |
7168039 | Bertram | Jan 2007 | B2 |
7171427 | Witowski et al. | Jan 2007 | B2 |
7225468 | Waisman et al. | May 2007 | B2 |
7269786 | Malloy et al. | Sep 2007 | B1 |
7278105 | Kitts | Oct 2007 | B1 |
7290698 | Poslinski et al. | Nov 2007 | B2 |
7333998 | Heckerman et al. | Feb 2008 | B2 |
7370047 | Gorman | May 2008 | B2 |
7373669 | Eisen | May 2008 | B2 |
7379811 | Rasmussen et al. | May 2008 | B2 |
7379903 | Caballero et al. | May 2008 | B2 |
7426654 | Adams et al. | Sep 2008 | B2 |
7451397 | Weber et al. | Nov 2008 | B2 |
7454466 | Bellotti et al. | Nov 2008 | B2 |
7467375 | Tondreau et al. | Dec 2008 | B2 |
7487139 | Fraleigh et al. | Feb 2009 | B2 |
7502786 | Liu et al. | Mar 2009 | B2 |
7525422 | Bishop et al. | Apr 2009 | B2 |
7529727 | Arning et al. | May 2009 | B2 |
7529734 | Dirisala | May 2009 | B2 |
7546245 | Surpin et al. | Jun 2009 | B2 |
7558677 | Jones | Jul 2009 | B2 |
7574409 | Patinkin | Aug 2009 | B2 |
7574428 | Leiserowitz et al. | Aug 2009 | B2 |
7579965 | Bucholz | Aug 2009 | B2 |
7593995 | He et al. | Sep 2009 | B1 |
7596285 | Brown et al. | Sep 2009 | B2 |
7614006 | Molander | Nov 2009 | B2 |
7617232 | Gabbert et al. | Nov 2009 | B2 |
7620628 | Kapur et al. | Nov 2009 | B2 |
7627812 | Chamberlain et al. | Dec 2009 | B2 |
7634717 | Chamberlain et al. | Dec 2009 | B2 |
7640173 | Surpin et al. | Dec 2009 | B2 |
7703021 | Flam | Apr 2010 | B1 |
7706817 | Bamrah et al. | Apr 2010 | B2 |
7712049 | Williams et al. | May 2010 | B2 |
7716067 | Surpin et al. | May 2010 | B2 |
7716077 | Mikurak | May 2010 | B1 |
7725530 | Sah et al. | May 2010 | B2 |
7725547 | Albertson et al. | May 2010 | B2 |
7730082 | Sah et al. | Jun 2010 | B2 |
7730109 | Rohrs et al. | Jun 2010 | B2 |
7752665 | Robertson | Jul 2010 | B1 |
7770032 | Nesta et al. | Aug 2010 | B2 |
7770100 | Chamberlain et al. | Aug 2010 | B2 |
7783658 | Bayliss | Aug 2010 | B1 |
7801871 | Gosnell | Sep 2010 | B2 |
7805457 | Viola et al. | Sep 2010 | B1 |
7809703 | Balabhadrapatruni et al. | Oct 2010 | B2 |
7814102 | Miller et al. | Oct 2010 | B2 |
7818658 | Chen | Oct 2010 | B2 |
7870493 | Pall et al. | Jan 2011 | B2 |
7894984 | Rasmussen et al. | Feb 2011 | B2 |
7899611 | Downs et al. | Mar 2011 | B2 |
7917376 | Bellin et al. | Mar 2011 | B2 |
7920963 | Jouline et al. | Apr 2011 | B2 |
7933862 | Chamberlain et al. | Apr 2011 | B2 |
7941321 | Greenstein et al. | May 2011 | B2 |
7962281 | Rasmussen et al. | Jun 2011 | B2 |
7962495 | Jain et al. | Jun 2011 | B2 |
7962848 | Bertram | Jun 2011 | B2 |
7970240 | Chao et al. | Jun 2011 | B1 |
7971150 | Raskutti et al. | Jun 2011 | B2 |
7984374 | Caro et al. | Jun 2011 | B2 |
8001465 | Kudrolli et al. | Aug 2011 | B2 |
8001482 | Bhattiprolu et al. | Aug 2011 | B2 |
8010545 | Stefik et al. | Aug 2011 | B2 |
8010886 | Gusmorino et al. | Aug 2011 | B2 |
8015487 | Roy et al. | Sep 2011 | B2 |
8019709 | Norton et al. | Sep 2011 | B2 |
8024778 | Cash et al. | Sep 2011 | B2 |
8036632 | Cona et al. | Oct 2011 | B1 |
8036971 | Aymeloglu et al. | Oct 2011 | B2 |
8046283 | Burns | Oct 2011 | B2 |
8046362 | Bayliss | Oct 2011 | B2 |
8054756 | Chand et al. | Nov 2011 | B2 |
8082172 | Chao et al. | Dec 2011 | B2 |
8103543 | Zwicky | Jan 2012 | B1 |
8134457 | Velipasalar et al. | Mar 2012 | B2 |
8135679 | Bayliss | Mar 2012 | B2 |
8135719 | Bayliss | Mar 2012 | B2 |
8145703 | Frishert et al. | Mar 2012 | B2 |
8181253 | Zaitsev et al. | May 2012 | B1 |
8185819 | Sah et al. | May 2012 | B2 |
8190893 | Benson et al. | May 2012 | B2 |
8196184 | Amirov et al. | Jun 2012 | B2 |
8214361 | Sandler et al. | Jul 2012 | B1 |
8214490 | Vos et al. | Jul 2012 | B1 |
8214764 | Gemmell et al. | Jul 2012 | B2 |
8225201 | Michael | Jul 2012 | B2 |
8229902 | Vishniac et al. | Jul 2012 | B2 |
8229947 | Fujinaga | Jul 2012 | B2 |
8230333 | Decherd et al. | Jul 2012 | B2 |
8239668 | Chen et al. | Aug 2012 | B1 |
8266168 | Bayliss | Sep 2012 | B2 |
8271461 | Pike et al. | Sep 2012 | B2 |
8271598 | Guy et al. | Sep 2012 | B2 |
8280880 | Aymeloglu et al. | Oct 2012 | B1 |
8290926 | Ozzie et al. | Oct 2012 | B2 |
8290942 | Jones et al. | Oct 2012 | B2 |
8301464 | Cave et al. | Oct 2012 | B1 |
8301904 | Gryaznov | Oct 2012 | B1 |
8302855 | Ma et al. | Nov 2012 | B2 |
8312367 | Foster | Nov 2012 | B2 |
8312546 | Alme | Nov 2012 | B2 |
8321943 | Walters et al. | Nov 2012 | B1 |
8347398 | Weber | Jan 2013 | B1 |
8352881 | Champion et al. | Jan 2013 | B2 |
8368695 | Howell et al. | Feb 2013 | B2 |
8397171 | Klassen et al. | Mar 2013 | B2 |
8411046 | Kruzeniski et al. | Apr 2013 | B2 |
8412707 | Mianji | Apr 2013 | B1 |
8447674 | Choudhuri et al. | May 2013 | B2 |
8447722 | Ahuja et al. | May 2013 | B1 |
8452790 | Mianji | May 2013 | B1 |
8463036 | Ramesh et al. | Jun 2013 | B1 |
8473454 | Evanitsky et al. | Jun 2013 | B2 |
8484115 | Aymeloglu et al. | Jul 2013 | B2 |
8484168 | Bayliss | Jul 2013 | B2 |
8489331 | Kopf et al. | Jul 2013 | B2 |
8489641 | Seefeld et al. | Jul 2013 | B1 |
8495077 | Bayliss | Jul 2013 | B2 |
8498969 | Bayliss | Jul 2013 | B2 |
8498984 | Hwang et al. | Jul 2013 | B1 |
8510743 | Hackborn et al. | Aug 2013 | B2 |
8514082 | Cova et al. | Aug 2013 | B2 |
8515207 | Chau | Aug 2013 | B2 |
8554579 | Tribble et al. | Oct 2013 | B2 |
8554653 | Falkenborg et al. | Oct 2013 | B2 |
8554709 | Goodson et al. | Oct 2013 | B2 |
8560413 | Quarterman | Oct 2013 | B1 |
8577911 | Stepinski et al. | Nov 2013 | B1 |
8589273 | Creeden et al. | Nov 2013 | B2 |
8595234 | Siripuapu et al. | Nov 2013 | B2 |
8600872 | Yan | Dec 2013 | B1 |
8620641 | Farnsworth et al. | Dec 2013 | B2 |
8639757 | Zang et al. | Jan 2014 | B1 |
8646080 | Williamson et al. | Feb 2014 | B2 |
8676597 | Buehler et al. | Mar 2014 | B2 |
8676857 | Adams et al. | Mar 2014 | B1 |
8682812 | Ranjan | Mar 2014 | B1 |
8683322 | Cooper | Mar 2014 | B1 |
8689108 | Duffield et al. | Apr 2014 | B1 |
8700547 | Long et al. | Apr 2014 | B2 |
8707185 | Robinson et al. | Apr 2014 | B2 |
8713018 | Knight et al. | Apr 2014 | B2 |
8713467 | Goldenberg et al. | Apr 2014 | B1 |
8726379 | Stiansen et al. | May 2014 | B1 |
8739278 | Varghese | May 2014 | B2 |
8742934 | Sarpy et al. | Jun 2014 | B1 |
8744890 | Bernier | Jun 2014 | B1 |
8745516 | Mason et al. | Jun 2014 | B2 |
8756244 | Dassa et al. | Jun 2014 | B2 |
8769412 | Gill et al. | Jul 2014 | B2 |
8781169 | Jackson et al. | Jul 2014 | B2 |
8782794 | Ramcharran | Jul 2014 | B2 |
8787939 | Papakipos et al. | Jul 2014 | B2 |
8788405 | Sprague et al. | Jul 2014 | B1 |
8788407 | Singh et al. | Jul 2014 | B1 |
8799190 | Stokes et al. | Aug 2014 | B2 |
8799799 | Cervelli et al. | Aug 2014 | B1 |
8799812 | Parker | Aug 2014 | B2 |
8812960 | Sun et al. | Aug 2014 | B1 |
8813050 | Watters et al. | Aug 2014 | B2 |
8818892 | Sprague et al. | Aug 2014 | B1 |
8830322 | Nerayoff et al. | Sep 2014 | B2 |
8832594 | Thompson et al. | Sep 2014 | B1 |
8832832 | Visbal | Sep 2014 | B1 |
8839434 | McDougal et al. | Sep 2014 | B2 |
8868486 | Tamayo | Oct 2014 | B2 |
8868537 | Colgrove et al. | Oct 2014 | B1 |
8917274 | Ma et al. | Dec 2014 | B2 |
8924388 | Elliot et al. | Dec 2014 | B2 |
8924389 | Elliot et al. | Dec 2014 | B2 |
8924872 | Bogomolov et al. | Dec 2014 | B1 |
8937619 | Sharma et al. | Jan 2015 | B2 |
8938686 | Erenrich et al. | Jan 2015 | B1 |
9009171 | Grossman et al. | Apr 2015 | B1 |
9009827 | Albertson et al. | Apr 2015 | B1 |
9021260 | Falk et al. | Apr 2015 | B1 |
9021384 | Beard et al. | Apr 2015 | B1 |
9043696 | Meiklejohn et al. | May 2015 | B1 |
9043894 | Dennison et al. | May 2015 | B1 |
9047441 | Xie et al. | Jun 2015 | B2 |
9049117 | Nucci et al. | Jun 2015 | B1 |
9100428 | Visbal | Aug 2015 | B1 |
9116975 | Shankar et al. | Aug 2015 | B2 |
9135658 | Sprague et al. | Sep 2015 | B2 |
9165299 | Stowe et al. | Oct 2015 | B1 |
9171334 | Visbal et al. | Oct 2015 | B1 |
9177014 | Gross | Nov 2015 | B2 |
9177344 | Singh et al. | Nov 2015 | B1 |
9202249 | Cohen et al. | Dec 2015 | B1 |
9215240 | Merza et al. | Dec 2015 | B2 |
9230280 | Maag et al. | Jan 2016 | B1 |
9235638 | Gattiker et al. | Jan 2016 | B2 |
9256664 | Chakerian et al. | Feb 2016 | B2 |
9335897 | Goldenberg | May 2016 | B2 |
9338013 | Castellucci et al. | May 2016 | B2 |
9344447 | Cohen et al. | May 2016 | B2 |
9367872 | Visbal et al. | Jun 2016 | B1 |
9558352 | Dennison et al. | Jan 2017 | B1 |
9560066 | Visbal | Jan 2017 | B2 |
9635046 | Spiro et al. | Apr 2017 | B2 |
20010021936 | Bertram | Sep 2001 | A1 |
20020033848 | Sciammarella et al. | Mar 2002 | A1 |
20020065708 | Senay et al. | May 2002 | A1 |
20020091707 | Keller | Jul 2002 | A1 |
20020095360 | Joao | Jul 2002 | A1 |
20020095658 | Shulman | Jul 2002 | A1 |
20020103705 | Brady | Aug 2002 | A1 |
20020112157 | Doyle et al. | Aug 2002 | A1 |
20020116120 | Ruiz et al. | Aug 2002 | A1 |
20020130907 | Chi et al. | Sep 2002 | A1 |
20020147805 | Leshem et al. | Oct 2002 | A1 |
20020174201 | Ramer et al. | Nov 2002 | A1 |
20020194119 | Wright et al. | Dec 2002 | A1 |
20030028560 | Kudrolli et al. | Feb 2003 | A1 |
20030033228 | Bosworth-Davies et al. | Feb 2003 | A1 |
20030039948 | Donahue | Feb 2003 | A1 |
20030074368 | Schuetze et al. | Apr 2003 | A1 |
20030097330 | Hillmer et al. | May 2003 | A1 |
20030140106 | Raguseo | Jul 2003 | A1 |
20030144868 | MacIntyre et al. | Jul 2003 | A1 |
20030154044 | Lundstedt et al. | Aug 2003 | A1 |
20030163352 | Surpin et al. | Aug 2003 | A1 |
20030200217 | Ackerman | Oct 2003 | A1 |
20030225755 | Iwayama et al. | Dec 2003 | A1 |
20030229848 | Arend et al. | Dec 2003 | A1 |
20040032432 | Baynger | Feb 2004 | A1 |
20040034570 | Davis | Feb 2004 | A1 |
20040044912 | Connary et al. | Mar 2004 | A1 |
20040064256 | Barinek et al. | Apr 2004 | A1 |
20040085318 | Hassler et al. | May 2004 | A1 |
20040095349 | Bito et al. | May 2004 | A1 |
20040111410 | Burgoon et al. | Jun 2004 | A1 |
20040123139 | Aiello et al. | Jun 2004 | A1 |
20040126840 | Cheng et al. | Jul 2004 | A1 |
20040143602 | Ruiz et al. | Jul 2004 | A1 |
20040143796 | Lerner et al. | Jul 2004 | A1 |
20040153418 | Hanweck | Aug 2004 | A1 |
20040163039 | McPherson et al. | Aug 2004 | A1 |
20040181554 | Heckerman et al. | Sep 2004 | A1 |
20040193600 | Kaasten et al. | Sep 2004 | A1 |
20040205524 | Richter et al. | Oct 2004 | A1 |
20040221223 | Yu et al. | Nov 2004 | A1 |
20040250124 | Chesla et al. | Dec 2004 | A1 |
20040260702 | Cragun et al. | Dec 2004 | A1 |
20040267746 | Marcjan et al. | Dec 2004 | A1 |
20050010472 | Quatse et al. | Jan 2005 | A1 |
20050027705 | Sadri et al. | Feb 2005 | A1 |
20050028094 | Allyn | Feb 2005 | A1 |
20050039119 | Parks et al. | Feb 2005 | A1 |
20050065811 | Chu et al. | Mar 2005 | A1 |
20050080769 | Gemmell | Apr 2005 | A1 |
20050086207 | Heuer et al. | Apr 2005 | A1 |
20050108063 | Madill et al. | May 2005 | A1 |
20050125715 | Franco et al. | Jun 2005 | A1 |
20050157662 | Bingham et al. | Jul 2005 | A1 |
20050162523 | Darrell et al. | Jul 2005 | A1 |
20050166144 | Gross | Jul 2005 | A1 |
20050180330 | Shapiro | Aug 2005 | A1 |
20050182793 | Keenan et al. | Aug 2005 | A1 |
20050183005 | Denoue et al. | Aug 2005 | A1 |
20050204001 | Stein et al. | Sep 2005 | A1 |
20050210409 | Jou | Sep 2005 | A1 |
20050222928 | Steier et al. | Oct 2005 | A1 |
20050229256 | Banzhof | Oct 2005 | A2 |
20050246327 | Yeung et al. | Nov 2005 | A1 |
20050251786 | Citron et al. | Nov 2005 | A1 |
20050262556 | Waisman et al. | Nov 2005 | A1 |
20050275638 | Kolmykov-Zotov et al. | Dec 2005 | A1 |
20060026120 | Carolan et al. | Feb 2006 | A1 |
20060026170 | Kreitler et al. | Feb 2006 | A1 |
20060026688 | Shah | Feb 2006 | A1 |
20060031928 | Conley et al. | Feb 2006 | A1 |
20060045470 | Poslinski et al. | Mar 2006 | A1 |
20060059139 | Robinson | Mar 2006 | A1 |
20060059238 | Slater et al. | Mar 2006 | A1 |
20060069912 | Zheng et al. | Mar 2006 | A1 |
20060074866 | Chamberlain et al. | Apr 2006 | A1 |
20060074881 | Vembu et al. | Apr 2006 | A1 |
20060080619 | Carlson et al. | Apr 2006 | A1 |
20060093222 | Saffer et al. | May 2006 | A1 |
20060095521 | Patinkin | May 2006 | A1 |
20060129746 | Porter | Jun 2006 | A1 |
20060139375 | Rasmussen et al. | Jun 2006 | A1 |
20060142949 | Helt | Jun 2006 | A1 |
20060143034 | Rothermel | Jun 2006 | A1 |
20060143075 | Carr et al. | Jun 2006 | A1 |
20060143079 | Basak et al. | Jun 2006 | A1 |
20060149596 | Surpin et al. | Jul 2006 | A1 |
20060179003 | Steele et al. | Aug 2006 | A1 |
20060203337 | White | Sep 2006 | A1 |
20060212931 | Shull et al. | Sep 2006 | A1 |
20060218637 | Thomas et al. | Sep 2006 | A1 |
20060241974 | Chao et al. | Oct 2006 | A1 |
20060242040 | Rader | Oct 2006 | A1 |
20060242630 | Koike et al. | Oct 2006 | A1 |
20060265747 | Judge | Nov 2006 | A1 |
20060271277 | Hu et al. | Nov 2006 | A1 |
20060279630 | Aggarwal et al. | Dec 2006 | A1 |
20070000999 | Kubo et al. | Jan 2007 | A1 |
20070011150 | Frank | Jan 2007 | A1 |
20070011304 | Error | Jan 2007 | A1 |
20070016363 | Huang et al. | Jan 2007 | A1 |
20070038646 | Thota | Feb 2007 | A1 |
20070038962 | Fuchs et al. | Feb 2007 | A1 |
20070057966 | Ohno et al. | Mar 2007 | A1 |
20070078832 | Ott et al. | Apr 2007 | A1 |
20070083541 | Fraleigh et al. | Apr 2007 | A1 |
20070094389 | Nussey et al. | Apr 2007 | A1 |
20070094500 | Shannon et al. | Apr 2007 | A1 |
20070106582 | Baker et al. | May 2007 | A1 |
20070143851 | Nicodemus | Jun 2007 | A1 |
20070150369 | Zivin | Jun 2007 | A1 |
20070174760 | Chamberlain et al. | Jul 2007 | A1 |
20070192265 | Chopin et al. | Aug 2007 | A1 |
20070198571 | Ferguson et al. | Aug 2007 | A1 |
20070208497 | Downs et al. | Sep 2007 | A1 |
20070208498 | Barker et al. | Sep 2007 | A1 |
20070208736 | Tanigawa et al. | Sep 2007 | A1 |
20070233709 | Abnous | Oct 2007 | A1 |
20070240062 | Christena et al. | Oct 2007 | A1 |
20070266336 | Nojima et al. | Nov 2007 | A1 |
20070284433 | Domenica et al. | Dec 2007 | A1 |
20070294200 | Au | Dec 2007 | A1 |
20070294643 | Kyle | Dec 2007 | A1 |
20070294766 | Mir et al. | Dec 2007 | A1 |
20080016216 | Worley et al. | Jan 2008 | A1 |
20080040684 | Crump | Feb 2008 | A1 |
20080051989 | Welsh | Feb 2008 | A1 |
20080052142 | Bailey et al. | Feb 2008 | A1 |
20080069081 | Chand et al. | Mar 2008 | A1 |
20080077597 | Butler | Mar 2008 | A1 |
20080077642 | Carbone et al. | Mar 2008 | A1 |
20080082486 | Lermant et al. | Apr 2008 | A1 |
20080104019 | Nath | May 2008 | A1 |
20080104407 | Horne et al. | May 2008 | A1 |
20080126951 | Sood et al. | May 2008 | A1 |
20080133567 | Ames et al. | Jun 2008 | A1 |
20080148398 | Mezack et al. | Jun 2008 | A1 |
20080155440 | Trevor et al. | Jun 2008 | A1 |
20080162616 | Gross et al. | Jul 2008 | A1 |
20080175266 | Alperovitch et al. | Jul 2008 | A1 |
20080195417 | Surpin et al. | Aug 2008 | A1 |
20080195608 | Clover | Aug 2008 | A1 |
20080201580 | Savitzky et al. | Aug 2008 | A1 |
20080222295 | Robinson et al. | Sep 2008 | A1 |
20080222706 | Renaud et al. | Sep 2008 | A1 |
20080229422 | Hudis et al. | Sep 2008 | A1 |
20080255973 | El Wade et al. | Oct 2008 | A1 |
20080263468 | Cappione et al. | Oct 2008 | A1 |
20080267107 | Rosenberg | Oct 2008 | A1 |
20080276167 | Michael | Nov 2008 | A1 |
20080278311 | Grange et al. | Nov 2008 | A1 |
20080288306 | MacIntyre et al. | Nov 2008 | A1 |
20080288425 | Posse et al. | Nov 2008 | A1 |
20080301643 | Appleton et al. | Dec 2008 | A1 |
20080313132 | Hao et al. | Dec 2008 | A1 |
20090002492 | Velipasalar et al. | Jan 2009 | A1 |
20090018940 | Wang et al. | Jan 2009 | A1 |
20090024505 | Patel et al. | Jan 2009 | A1 |
20090027418 | Maru et al. | Jan 2009 | A1 |
20090030915 | Winter et al. | Jan 2009 | A1 |
20090044279 | Crawford et al. | Feb 2009 | A1 |
20090055251 | Shah et al. | Feb 2009 | A1 |
20090076845 | Bellin et al. | Mar 2009 | A1 |
20090082997 | Tokman et al. | Mar 2009 | A1 |
20090083184 | Eisen | Mar 2009 | A1 |
20090088964 | Schaaf et al. | Apr 2009 | A1 |
20090094166 | Aymeloglu et al. | Apr 2009 | A1 |
20090103442 | Douville | Apr 2009 | A1 |
20090106178 | Chu | Apr 2009 | A1 |
20090112745 | Stefanescu | Apr 2009 | A1 |
20090119309 | Gibson et al. | May 2009 | A1 |
20090125359 | Knapic | May 2009 | A1 |
20090125369 | Kloosstra et al. | May 2009 | A1 |
20090125459 | Norton et al. | May 2009 | A1 |
20090132921 | Hwangbo et al. | May 2009 | A1 |
20090132953 | Reed et al. | May 2009 | A1 |
20090143052 | Bates et al. | Jun 2009 | A1 |
20090144262 | White et al. | Jun 2009 | A1 |
20090144274 | Fraleigh et al. | Jun 2009 | A1 |
20090164934 | Bhattiprolu et al. | Jun 2009 | A1 |
20090171939 | Athsani et al. | Jul 2009 | A1 |
20090172511 | Decherd et al. | Jul 2009 | A1 |
20090172821 | Daira et al. | Jul 2009 | A1 |
20090177962 | Gusmorino et al. | Jul 2009 | A1 |
20090179892 | Tsuda et al. | Jul 2009 | A1 |
20090187464 | Bai et al. | Jul 2009 | A1 |
20090187546 | Whyte et al. | Jul 2009 | A1 |
20090187548 | Ji et al. | Jul 2009 | A1 |
20090192957 | Subramanian et al. | Jul 2009 | A1 |
20090222400 | Kupershmidt et al. | Sep 2009 | A1 |
20090222759 | Drieschner | Sep 2009 | A1 |
20090222760 | Halverson et al. | Sep 2009 | A1 |
20090228701 | Lin | Sep 2009 | A1 |
20090234720 | George et al. | Sep 2009 | A1 |
20090249244 | Robinson et al. | Oct 2009 | A1 |
20090254970 | Agarwal et al. | Oct 2009 | A1 |
20090254971 | Herz | Oct 2009 | A1 |
20090271343 | Vaiciulis et al. | Oct 2009 | A1 |
20090271359 | Bayliss | Oct 2009 | A1 |
20090281839 | Lynn et al. | Nov 2009 | A1 |
20090287470 | Farnsworth et al. | Nov 2009 | A1 |
20090292626 | Oxford | Nov 2009 | A1 |
20090300589 | Watters et al. | Dec 2009 | A1 |
20090313463 | Pang et al. | Dec 2009 | A1 |
20090318775 | Michelson et al. | Dec 2009 | A1 |
20090319418 | Herz | Dec 2009 | A1 |
20090328222 | Helman et al. | Dec 2009 | A1 |
20100011282 | Dollard et al. | Jan 2010 | A1 |
20100042922 | Bradateanu et al. | Feb 2010 | A1 |
20100057622 | Faith et al. | Mar 2010 | A1 |
20100057716 | Stefik et al. | Mar 2010 | A1 |
20100070523 | Delgo et al. | Mar 2010 | A1 |
20100070842 | Aymeloglu et al. | Mar 2010 | A1 |
20100070845 | Facemire et al. | Mar 2010 | A1 |
20100070897 | Aymeloglu et al. | Mar 2010 | A1 |
20100077481 | Polyakov et al. | Mar 2010 | A1 |
20100077483 | Stolfo et al. | Mar 2010 | A1 |
20100098318 | Anderson | Apr 2010 | A1 |
20100100963 | Mahaffey | Apr 2010 | A1 |
20100103124 | Kruzeniski et al. | Apr 2010 | A1 |
20100106611 | Paulsen et al. | Apr 2010 | A1 |
20100114887 | Conway et al. | May 2010 | A1 |
20100122152 | Chamberlain et al. | May 2010 | A1 |
20100125546 | Barrett et al. | May 2010 | A1 |
20100131457 | Heimendinger | May 2010 | A1 |
20100162176 | Dunton | Jun 2010 | A1 |
20100169237 | Howard et al. | Jul 2010 | A1 |
20100185691 | Irmak et al. | Jul 2010 | A1 |
20100191563 | Schlaifer et al. | Jul 2010 | A1 |
20100198684 | Eraker et al. | Aug 2010 | A1 |
20100199225 | Coleman et al. | Aug 2010 | A1 |
20100211578 | Lundberg | Aug 2010 | A1 |
20100228812 | Uomini | Sep 2010 | A1 |
20100235915 | Memon et al. | Sep 2010 | A1 |
20100250412 | Wagner | Sep 2010 | A1 |
20100262688 | Hussain et al. | Oct 2010 | A1 |
20100280857 | Liu et al. | Nov 2010 | A1 |
20100293174 | Bennett et al. | Nov 2010 | A1 |
20100306029 | Jolley | Dec 2010 | A1 |
20100306713 | Geisner et al. | Dec 2010 | A1 |
20100313119 | Baldwin et al. | Dec 2010 | A1 |
20100318924 | Frankel et al. | Dec 2010 | A1 |
20100321399 | Ellren et al. | Dec 2010 | A1 |
20100325526 | Ellis et al. | Dec 2010 | A1 |
20100325581 | Finkelstein et al. | Dec 2010 | A1 |
20100330801 | Rouh | Dec 2010 | A1 |
20110029526 | Knight et al. | Feb 2011 | A1 |
20110047159 | Baid et al. | Feb 2011 | A1 |
20110055140 | Roychowdhury | Mar 2011 | A1 |
20110060753 | Shaked | Mar 2011 | A1 |
20110060910 | Gormish et al. | Mar 2011 | A1 |
20110061013 | Bilicki et al. | Mar 2011 | A1 |
20110066933 | Ludwig | Mar 2011 | A1 |
20110074811 | Hanson et al. | Mar 2011 | A1 |
20110078055 | Faribault et al. | Mar 2011 | A1 |
20110078173 | Seligmann et al. | Mar 2011 | A1 |
20110087519 | Fordyce, III et al. | Apr 2011 | A1 |
20110093327 | Fordyce, III et al. | Apr 2011 | A1 |
20110099133 | Chang et al. | Apr 2011 | A1 |
20110117878 | Barash et al. | May 2011 | A1 |
20110119100 | Ruhl et al. | May 2011 | A1 |
20110131122 | Griffin et al. | Jun 2011 | A1 |
20110137766 | Rasmussen et al. | Jun 2011 | A1 |
20110153384 | Horne et al. | Jun 2011 | A1 |
20110161096 | Buehler et al. | Jun 2011 | A1 |
20110167054 | Bailey et al. | Jul 2011 | A1 |
20110167105 | Ramakrishnan et al. | Jul 2011 | A1 |
20110167493 | Song et al. | Jul 2011 | A1 |
20110170799 | Carrino et al. | Jul 2011 | A1 |
20110173032 | Payne et al. | Jul 2011 | A1 |
20110173093 | Psota et al. | Jul 2011 | A1 |
20110178842 | Rane et al. | Jul 2011 | A1 |
20110185316 | Reid et al. | Jul 2011 | A1 |
20110202555 | Cordover et al. | Aug 2011 | A1 |
20110208724 | Jones et al. | Aug 2011 | A1 |
20110213655 | Henkin | Sep 2011 | A1 |
20110218934 | Elser | Sep 2011 | A1 |
20110219450 | McDougal et al. | Sep 2011 | A1 |
20110225198 | Edwards et al. | Sep 2011 | A1 |
20110225650 | Margolies et al. | Sep 2011 | A1 |
20110231223 | Winters | Sep 2011 | A1 |
20110238495 | Kang | Sep 2011 | A1 |
20110238510 | Rowen et al. | Sep 2011 | A1 |
20110238553 | Raj et al. | Sep 2011 | A1 |
20110238570 | Li et al. | Sep 2011 | A1 |
20110246229 | Pacha | Oct 2011 | A1 |
20110251951 | Kolkowtiz | Oct 2011 | A1 |
20110258158 | Resende et al. | Oct 2011 | A1 |
20110270604 | Qi et al. | Nov 2011 | A1 |
20110270705 | Parker | Nov 2011 | A1 |
20110289397 | Eastmond et al. | Nov 2011 | A1 |
20110289407 | Naik et al. | Nov 2011 | A1 |
20110289420 | Morioka et al. | Nov 2011 | A1 |
20110291851 | Whisenant | Dec 2011 | A1 |
20110307382 | Siegel et al. | Dec 2011 | A1 |
20110310005 | Chen et al. | Dec 2011 | A1 |
20110314007 | Dassa et al. | Dec 2011 | A1 |
20110314546 | Aziz et al. | Dec 2011 | A1 |
20120004904 | Shin et al. | Jan 2012 | A1 |
20120011238 | Rathod | Jan 2012 | A1 |
20120019559 | Siler et al. | Jan 2012 | A1 |
20120036013 | Neuhaus et al. | Feb 2012 | A1 |
20120036434 | Oberstein | Feb 2012 | A1 |
20120050293 | Carlhian et al. | Mar 2012 | A1 |
20120066166 | Curbera et al. | Mar 2012 | A1 |
20120066296 | Appleton et al. | Mar 2012 | A1 |
20120072825 | Sherkin et al. | Mar 2012 | A1 |
20120079363 | Folting et al. | Mar 2012 | A1 |
20120079592 | Pandrangi | Mar 2012 | A1 |
20120084118 | Bai et al. | Apr 2012 | A1 |
20120084135 | Nissan et al. | Apr 2012 | A1 |
20120084866 | Stolfo | Apr 2012 | A1 |
20120106801 | Jackson | May 2012 | A1 |
20120110633 | An et al. | May 2012 | A1 |
20120110674 | Belani et al. | May 2012 | A1 |
20120117082 | Koperda et al. | May 2012 | A1 |
20120131107 | Yost | May 2012 | A1 |
20120131512 | Takeuchi et al. | May 2012 | A1 |
20120137235 | TS et al. | May 2012 | A1 |
20120144335 | Abeln et al. | Jun 2012 | A1 |
20120158626 | Zhu et al. | Jun 2012 | A1 |
20120159307 | Chung et al. | Jun 2012 | A1 |
20120159362 | Brown et al. | Jun 2012 | A1 |
20120159399 | Bastide et al. | Jun 2012 | A1 |
20120169593 | Mak et al. | Jul 2012 | A1 |
20120170847 | Tsukidate | Jul 2012 | A1 |
20120173381 | Smith | Jul 2012 | A1 |
20120173985 | Peppel | Jul 2012 | A1 |
20120180002 | Campbell et al. | Jul 2012 | A1 |
20120196557 | Reich et al. | Aug 2012 | A1 |
20120196558 | Reich et al. | Aug 2012 | A1 |
20120197651 | Robinson et al. | Aug 2012 | A1 |
20120203708 | Psota et al. | Aug 2012 | A1 |
20120208636 | Feige | Aug 2012 | A1 |
20120215898 | Shah et al. | Aug 2012 | A1 |
20120218305 | Patterson et al. | Aug 2012 | A1 |
20120221511 | Gibson et al. | Aug 2012 | A1 |
20120221553 | Wittmer et al. | Aug 2012 | A1 |
20120221580 | Barney | Aug 2012 | A1 |
20120245976 | Kumar et al. | Sep 2012 | A1 |
20120246148 | Dror | Sep 2012 | A1 |
20120254129 | Wheeler et al. | Oct 2012 | A1 |
20120254947 | Dheap et al. | Oct 2012 | A1 |
20120266245 | McDougal et al. | Oct 2012 | A1 |
20120284345 | Costenaro et al. | Nov 2012 | A1 |
20120284791 | Miller et al. | Nov 2012 | A1 |
20120290879 | Shibuya et al. | Nov 2012 | A1 |
20120296907 | Long et al. | Nov 2012 | A1 |
20120304244 | Xie et al. | Nov 2012 | A1 |
20120310831 | Harris et al. | Dec 2012 | A1 |
20120310838 | Harris et al. | Dec 2012 | A1 |
20120311684 | Paulsen et al. | Dec 2012 | A1 |
20120323829 | Stokes et al. | Dec 2012 | A1 |
20120323888 | Osann, Jr. | Dec 2012 | A1 |
20120330801 | McDougal et al. | Dec 2012 | A1 |
20120330973 | Ghuneim et al. | Dec 2012 | A1 |
20130006426 | Healey et al. | Jan 2013 | A1 |
20130006655 | Van Arkel et al. | Jan 2013 | A1 |
20130006668 | Van Arkel et al. | Jan 2013 | A1 |
20130006725 | Simanek et al. | Jan 2013 | A1 |
20130006916 | McBride et al. | Jan 2013 | A1 |
20130018796 | Kolhatkar et al. | Jan 2013 | A1 |
20130019306 | Lagar-Cavilla et al. | Jan 2013 | A1 |
20130024268 | Manickavelu | Jan 2013 | A1 |
20130024307 | Fuerstenberg et al. | Jan 2013 | A1 |
20130024339 | Choudhuri et al. | Jan 2013 | A1 |
20130046635 | Grigg et al. | Feb 2013 | A1 |
20130046842 | Muntz et al. | Feb 2013 | A1 |
20130060786 | Serrano et al. | Mar 2013 | A1 |
20130061169 | Pearcy et al. | Mar 2013 | A1 |
20130073377 | Heath | Mar 2013 | A1 |
20130073454 | Busch | Mar 2013 | A1 |
20130078943 | Biage et al. | Mar 2013 | A1 |
20130086482 | Parsons | Apr 2013 | A1 |
20130096988 | Grossman et al. | Apr 2013 | A1 |
20130097482 | Marantz et al. | Apr 2013 | A1 |
20130097709 | Basavapatna et al. | Apr 2013 | A1 |
20130101159 | Chao et al. | Apr 2013 | A1 |
20130110822 | Ikeda et al. | May 2013 | A1 |
20130110876 | Meijer et al. | May 2013 | A1 |
20130110877 | Bonham et al. | May 2013 | A1 |
20130111320 | Campbell et al. | May 2013 | A1 |
20130117651 | Waldman et al. | May 2013 | A1 |
20130139261 | Friedrichs | May 2013 | A1 |
20130139268 | An et al. | May 2013 | A1 |
20130150004 | Rosen | Jun 2013 | A1 |
20130151148 | Parundekar et al. | Jun 2013 | A1 |
20130151388 | Falkenborg et al. | Jun 2013 | A1 |
20130151453 | Bhanot et al. | Jun 2013 | A1 |
20130157234 | Gulli et al. | Jun 2013 | A1 |
20130160120 | Malaviya et al. | Jun 2013 | A1 |
20130166480 | Popescu et al. | Jun 2013 | A1 |
20130166550 | Buchmann et al. | Jun 2013 | A1 |
20130176321 | Mitchell et al. | Jul 2013 | A1 |
20130179420 | Park et al. | Jul 2013 | A1 |
20130185307 | El-Yaniv et al. | Jul 2013 | A1 |
20130185320 | Iwasaki et al. | Jul 2013 | A1 |
20130197925 | Blue | Aug 2013 | A1 |
20130211985 | Clark et al. | Aug 2013 | A1 |
20130224696 | Wolfe et al. | Aug 2013 | A1 |
20130225212 | Khan | Aug 2013 | A1 |
20130226318 | Procyk | Aug 2013 | A1 |
20130226953 | Markovich et al. | Aug 2013 | A1 |
20130232045 | Tai et al. | Sep 2013 | A1 |
20130238616 | Rose et al. | Sep 2013 | A1 |
20130239217 | Kindler et al. | Sep 2013 | A1 |
20130246170 | Gross et al. | Sep 2013 | A1 |
20130251233 | Yang et al. | Sep 2013 | A1 |
20130262527 | Hunter et al. | Oct 2013 | A1 |
20130263019 | Castellanos et al. | Oct 2013 | A1 |
20130267207 | Hao et al. | Oct 2013 | A1 |
20130268520 | Fisher et al. | Oct 2013 | A1 |
20130268994 | Cooper et al. | Oct 2013 | A1 |
20130276799 | Davidson | Oct 2013 | A1 |
20130279757 | Kephart | Oct 2013 | A1 |
20130282696 | John et al. | Oct 2013 | A1 |
20130290011 | Lynn et al. | Oct 2013 | A1 |
20130290825 | Arndt et al. | Oct 2013 | A1 |
20130297619 | Chandrasekaran et al. | Nov 2013 | A1 |
20130311375 | Priebatsch | Nov 2013 | A1 |
20130318594 | Hoy et al. | Nov 2013 | A1 |
20130339218 | Subramanian et al. | Dec 2013 | A1 |
20130339514 | Crank et al. | Dec 2013 | A1 |
20140006109 | Callioni et al. | Jan 2014 | A1 |
20140012796 | Petersen et al. | Jan 2014 | A1 |
20140013451 | Kulka et al. | Jan 2014 | A1 |
20140019936 | Cohanoff | Jan 2014 | A1 |
20140032506 | Hoey et al. | Jan 2014 | A1 |
20140033010 | Richardt et al. | Jan 2014 | A1 |
20140040371 | Gurevich et al. | Feb 2014 | A1 |
20140047319 | Eberlein | Feb 2014 | A1 |
20140047357 | Alfaro et al. | Feb 2014 | A1 |
20140058763 | Zizzamia et al. | Feb 2014 | A1 |
20140059038 | McPherson et al. | Feb 2014 | A1 |
20140059683 | Ashley | Feb 2014 | A1 |
20140067611 | Adachi et al. | Mar 2014 | A1 |
20140068487 | Steiger et al. | Mar 2014 | A1 |
20140074855 | Zhao et al. | Mar 2014 | A1 |
20140081652 | Klindworth | Mar 2014 | A1 |
20140095273 | Tang et al. | Apr 2014 | A1 |
20140095509 | Patton | Apr 2014 | A1 |
20140108068 | Williams | Apr 2014 | A1 |
20140108380 | Gotz et al. | Apr 2014 | A1 |
20140108985 | Scott et al. | Apr 2014 | A1 |
20140123279 | Bishop et al. | May 2014 | A1 |
20140129261 | Bothwell et al. | May 2014 | A1 |
20140136285 | Carvalho | May 2014 | A1 |
20140143009 | Brice et al. | May 2014 | A1 |
20140149130 | Getchius | May 2014 | A1 |
20140149272 | Hirani et al. | May 2014 | A1 |
20140149436 | Bahrami et al. | May 2014 | A1 |
20140156484 | Chan et al. | Jun 2014 | A1 |
20140156527 | Grigg et al. | Jun 2014 | A1 |
20140157172 | Peery et al. | Jun 2014 | A1 |
20140164502 | Khodorenko et al. | Jun 2014 | A1 |
20140173712 | Ferdinand | Jun 2014 | A1 |
20140173738 | Condry et al. | Jun 2014 | A1 |
20140188895 | Wang et al. | Jul 2014 | A1 |
20140189536 | Lange et al. | Jul 2014 | A1 |
20140195515 | Baker et al. | Jul 2014 | A1 |
20140195887 | Ellis et al. | Jul 2014 | A1 |
20140214579 | Shen et al. | Jul 2014 | A1 |
20140222521 | Chait | Aug 2014 | A1 |
20140222793 | Sadkin et al. | Aug 2014 | A1 |
20140229422 | Jain et al. | Aug 2014 | A1 |
20140244388 | Manouchehri et al. | Aug 2014 | A1 |
20140267294 | Ma | Sep 2014 | A1 |
20140267295 | Sharma | Sep 2014 | A1 |
20140279824 | Tamayo | Sep 2014 | A1 |
20140283067 | Call et al. | Sep 2014 | A1 |
20140283107 | Walton et al. | Sep 2014 | A1 |
20140310266 | Greenfield | Oct 2014 | A1 |
20140310282 | Sprague et al. | Oct 2014 | A1 |
20140316911 | Gross | Oct 2014 | A1 |
20140325643 | Bart et al. | Oct 2014 | A1 |
20140331119 | Dixon et al. | Nov 2014 | A1 |
20140333651 | Cervelli et al. | Nov 2014 | A1 |
20140337772 | Cervelli et al. | Nov 2014 | A1 |
20140344230 | Krause et al. | Nov 2014 | A1 |
20140366132 | Stiansen et al. | Dec 2014 | A1 |
20140379812 | Bastide et al. | Dec 2014 | A1 |
20150019394 | Unser et al. | Jan 2015 | A1 |
20150039565 | Lucas | Feb 2015 | A1 |
20150046791 | Isaacson | Feb 2015 | A1 |
20150046844 | Lee et al. | Feb 2015 | A1 |
20150046845 | Lee et al. | Feb 2015 | A1 |
20150046870 | Goldenberg et al. | Feb 2015 | A1 |
20150046876 | Goldenberg | Feb 2015 | A1 |
20150067533 | Volach | Mar 2015 | A1 |
20150089424 | Duffield et al. | Mar 2015 | A1 |
20150100897 | Sun et al. | Apr 2015 | A1 |
20150100907 | Erenrich et al. | Apr 2015 | A1 |
20150106379 | Elliot et al. | Apr 2015 | A1 |
20150128274 | Giokas | May 2015 | A1 |
20150134666 | Gattiker et al. | May 2015 | A1 |
20150169709 | Kara et al. | Jun 2015 | A1 |
20150169726 | Kara et al. | Jun 2015 | A1 |
20150170077 | Kara et al. | Jun 2015 | A1 |
20150178825 | Huerta | Jun 2015 | A1 |
20150178877 | Bogomolov et al. | Jun 2015 | A1 |
20150186821 | Wang et al. | Jul 2015 | A1 |
20150187036 | Wang et al. | Jul 2015 | A1 |
20150188715 | Castelluci et al. | Jul 2015 | A1 |
20150207809 | Macaulay | Jul 2015 | A1 |
20150223158 | McCann | Aug 2015 | A1 |
20150227295 | Meiklejohn et al. | Aug 2015 | A1 |
20150229664 | Hawthorn et al. | Aug 2015 | A1 |
20150235334 | Wang et al. | Aug 2015 | A1 |
20150248563 | Alfarano et al. | Sep 2015 | A1 |
20150256498 | Snider et al. | Sep 2015 | A1 |
20150261847 | Ducott et al. | Sep 2015 | A1 |
20150309719 | Ma et al. | Oct 2015 | A1 |
20150317342 | Grossman et al. | Nov 2015 | A1 |
20150324868 | Kaftan et al. | Nov 2015 | A1 |
20150326601 | Grondin et al. | Nov 2015 | A1 |
20150347558 | Blaas | Dec 2015 | A1 |
20160004764 | Chakerian et al. | Jan 2016 | A1 |
20160004864 | Falk et al. | Jan 2016 | A1 |
20160028759 | Visbal | Jan 2016 | A1 |
20160034470 | Sprague et al. | Feb 2016 | A1 |
20160048937 | Mathura et al. | Feb 2016 | A1 |
20170041335 | Spiro et al. | Feb 2017 | A1 |
20170187739 | Spiro et al. | Jun 2017 | A1 |
20170237755 | Visbal | Aug 2017 | A1 |
Number | Date | Country |
---|---|---|
101729531 | Jun 2010 | CN |
103281301 | Sep 2013 | CN |
102054015 | May 2014 | CN |
102014103482 | Sep 2014 | DE |
102014204827 | Sep 2014 | DE |
102014204830 | Sep 2014 | DE |
102014204834 | Sep 2014 | DE |
102014215621 | Feb 2015 | DE |
1191463 | Mar 2002 | EP |
1672527 | Jun 2006 | EP |
1962222 | Aug 2008 | EP |
2551799 | Jan 2013 | EP |
2555153 | Feb 2013 | EP |
2560134 | Feb 2013 | EP |
2778977 | Sep 2014 | EP |
2778983 | Sep 2014 | EP |
2779082 | Sep 2014 | EP |
2835745 | Feb 2015 | EP |
2835770 | Feb 2015 | EP |
2838039 | Feb 2015 | EP |
2846241 | Mar 2015 | EP |
2851852 | Mar 2015 | EP |
2858014 | Apr 2015 | EP |
2858018 | Apr 2015 | EP |
2863326 | Apr 2015 | EP |
2863346 | Apr 2015 | EP |
2869211 | May 2015 | EP |
2881868 | Jun 2015 | EP |
2884439 | Jun 2015 | EP |
2884440 | Jun 2015 | EP |
2891992 | Jul 2015 | EP |
2892197 | Jul 2015 | EP |
2897051 | Jul 2015 | EP |
2911078 | Aug 2015 | EP |
2911100 | Aug 2015 | EP |
2940603 | Nov 2015 | EP |
2940609 | Nov 2015 | EP |
2963577 | Jan 2016 | EP |
2963578 | Jan 2016 | EP |
2985729 | Feb 2016 | EP |
2985974 | Feb 2016 | EP |
3018879 | May 2016 | EP |
2513247 | Oct 2014 | GB |
2516155 | Jan 2015 | GB |
2518745 | Apr 2015 | GB |
2012778 | Nov 2014 | NL |
2013306 | Feb 2015 | NL |
2011642 | Aug 2015 | NL |
624557 | Dec 2014 | NZ |
WO 00009529 | Feb 2000 | WO |
WO 02065353 | Aug 2002 | WO |
WO 2005010685 | Feb 2005 | WO |
WO 2005104736 | Nov 2005 | WO |
WO 2005116851 | Dec 2005 | WO |
WO 2008011728 | Jan 2008 | WO |
WO 2008064207 | May 2008 | WO |
WO 2008113059 | Sep 2008 | WO |
WO 2009061501 | May 2009 | WO |
WO 2010000014 | Jan 2010 | WO |
WO 2010030913 | Mar 2010 | WO |
WO 2013010157 | Jan 2013 | WO |
WO 2013102892 | Jul 2013 | WO |
WO 2013126281 | Aug 2013 | WO |
Entry |
---|
US 8,712,906, 04/2014, Sprague et al. (withdrawn) |
US 8,725,631, 05/2014, Sprague et al. (withdrawn) |
Bhuyan et al., “Network Anomaly Detection: Methods, Systems and Tools,” First Quarter 2014, IEEE. |
Notice of Allowance for U.S. Appl. No. 14/033,076 dated Mar. 11, 2016. |
Notice of Allowance for U.S. Appl. No. 14/148,568 dated Aug. 26, 2015. |
Notice of Allowance for U.S. Appl. No. 14/223,918 dated Jan. 6, 2016. |
Notice of Allowance for U.S. Appl. No. 14/473,860 dated Feb. 27, 2015. |
Notice of Allowance for U.S. Appl. No. 14/698,432 dated Sep. 28, 2016. |
Notice of Allowance for U.S. Appl. No. 14/816,748 dated Oct. 19, 2016. |
Notice of Allowance for U.S. Appl. No. 14/823,935 dated Apr. 25, 2016. |
Notice of Allowance for U.S. Appl. No. 14/970,317 dated May 26, 2016. |
Notice of Allowance for U.S. Appl. No. 15/072,174 dated Jul. 13, 2016. |
Official Communication for European Patent Application No. 14199180.2 dated Jun. 22, 2015. |
Official Communication for European Patent Application No. 14199180.2 dated Aug. 31, 2015. |
Official Communication for European Patent Application No. 15175171.8 dated Nov. 25, 2015. |
Official Communication for European Patent Application No. 15180985.2 dated Jan. 15, 2016. |
Official Communication for European Patent Application No. 16183052.6 dated Dec. 12, 2016. |
Official Communication for New Zealand Patent Application No. 622439 dated Mar. 24, 2014. |
Official Communication for New Zealand Patent Application No. 622439 dated Jun. 6, 2014. |
Official Communication for U.S. Appl. No. 14/139,628 dated Jan. 5, 2015. |
Official Communication for U.S. Appl. No. 14/139,640 dated Dec. 15, 2014. |
Official Communication for U.S. Appl. No. 14/139,713 dated Dec. 15, 2014. |
Official Communication for U.S. Appl. No. 14/473,860 dated Nov. 4, 2014. |
Official Communication for U.S. Appl. No. 14/698,432 dated Jun. 3, 2016. |
Official Communication for U.S. Appl. No. 14/731,312 dated Apr. 14, 2016. |
Official Communication for U.S. Appl. No. 14/823,935 dated Dec. 4, 2015. |
Official Communication for U.S. Appl. No. 14/923,712 dated Feb. 12, 2016. |
Official Communication for U.S. Appl. No. 14/970,317 dated Mar. 21, 2016. |
Official Communication for U.S. Appl. No. 14/982,699 dated Mar. 25, 2016. |
Official Communication for U.S. Appl. No. 15/071,064 dated Jun. 16, 2016. |
Official Communication for U.S. Appl. No. 15/253,717 dated Dec. 1, 2016. |
“A First Look: Predicting Market Demand for Food Retail using a Huff Analysis,” TRF Policy Solutions, Jul. 2012, pp. 30. |
“A Quick Guide to UniProtKB Swiss-Prot & TrEMBL,” Sep. 2011, pp. 2. |
“A Word About Banks and the Laundering of Drug Money,” Aug. 18, 2012, http://www.golemxiv.co.uk/2012/08/a-word-about-banks-and-the-laundering-of-drug-money/. |
“HunchLab: Heat Map and Kernel Density Calculation for Crime Analysis,” Azavea Journal, printed from www.azavea.com/blogs/newsletter/v4i4/kernel-density-capabilities-added-to-hunchlab/ on Sep. 9, 2014, 2 pages. |
“Money Laundering Risks and E-Gaming: A European Overview and Assessment,” 2009, http://www.cf.ac.uk/socsi/resources/Levi_Final_Money_Laundering_Risks_egaming.pdf. |
“Potential Money Laundering Warning Signs,” snapshot taken 2003, https://web.archive.org/web/20030816090055/http:/finsolinc.com/ANTI-MONEY%20LAUNDERING%20TRAINING%20GUIDES.pdf. |
“Refresh CSS Ellipsis When Resizing Container—Stack Overflow,” Jul. 31, 2013, retrieved from internet http://stackoverflow.com/questions/17964681/refresh-css-ellipsis-when-resizing-container, retrieved on May 18, 2015. |
“The FASTA Program Package,” fasta-36.3.4, Mar. 25, 2011, pp. 29. |
“Using Whois Based Geolocation and Google Maps API for Support Cybercrime Investigations,” http://wseas.us/e-library/conferences/2013/Dubrovnik/TELECIRC/TELECIRC-32.pdf. |
About 80 Minutes, “Palantir in a Number of Parts—Part 6—Graph,” Mar. 21, 2013, pp. 1-6. |
Acklen, Laura, “Absolute Beginner's Guide to Microsoft Word 2003,” Dec. 24, 2003, pp. 15-18, 34-41, 308-316. |
Alfred, Rayner “Summarizing Relational Data Using Semi-Supervised Genetic Algorithm-Based Clustering Techniques”, Journal of Computer Science, 2010, vol. 6, No. 7, pp. 775-784. |
Alur et al., “Chapter 2: IBM InfoSphere DataStage Stages,” IBM InfoSphere DataStage Data Flow and Job Design, Jul. 1, 2008, pp. 35-137. |
Amnet, “5 Great Tools for Visualizing Your Twitter Followers,” posted Aug. 4, 2010, http://www.amnetblog.com/component/content/article/115-5-grate-tools-for-visualizing-your-twitter-followers.html. |
Ananiev et al., “The New Modality API,” http://web.archive.org/web/20061211011958/http://java.sun.com/developer/technicalArticles/J2SE/Desktop/javase6/modality/ Jan. 21, 2006, pp. 8. |
APPACTS, “Smart Thinking for Super Apps,” http://www.appacts.com Printed Jul. 18, 2013 in 4 pages. |
APSALAR, “Data Powered Mobile Advertising,” “Free Mobile App Analytics” and various analytics related screen shots http://apsalar.com Printed Jul. 18, 2013 in 8 pages. |
Baker et al., “The Development of a Common Enumeration of Vulnerabilities and Exposures,” Presented at the Second International Workshop on Recent Advances in Intrusion Detection, Sep. 7-9, 1999, pp. 35. |
Bhosale, Safal V., “Holy Grail of Outlier Detection Technique: A Macro Level Take on the State of the Art,” International Journal of Computer Science & Information Technology, Aug. 1, 2014, retrieved from http://www.ijcsit.com/docs/Volume5/vol5issue04/ijcsit20140504226.pdf retrieved May 3, 2016. |
Bluttman et al., “Excel Formulas and Functions for Dummies,” 2005, Wiley Publishing, Inc., pp. 280, 284-286. |
Boyce, Jim, “Microsoft Outlook 2010 Inside Out,” Aug. 1, 2010, retrieved from the internet https://capdtron.files.wordpress.com/2013/01/outlook-2010-inside_out.pdf. |
Bugzilla@Mozilla, “Bug 18726—[feature] Long-click means of invoking contextual menus not supported,” http://bugzilla.mozilla.org/show_bug.cgi?id=18726 printed Jun. 13, 2013 in 11 pages. |
Canese et al., “Chapter 2: PubMed: The Bibliographic Database,” The NCBI Handbook, Oct. 2002, pp. 1-10. |
Capptain—Pilot Your Apps, http://www.capptain.com Printed Jul. 18, 2013 in 6 pages. |
Celik, Tantek, “CSS Basic User Interface Module Level 3 (CSS3 UI),” Section 8 Resizing and Overflow, Jan. 17, 2012, retrieved from internet http://www.w3.org/TR/2012/WD-css3-ui-20120117/#resizing-amp-overflow retrieved on May 18, 2015. |
Chen et al., “Bringing Order to the Web: Automatically Categorizing Search Results,” CHI 2000, Proceedings of the SIGCHI conference on Human Factors in Computing Systems, Apr. 1-6, 2000, The Hague, The Netherlands, pp. 145-152. |
Chung et al., “DATAPLEX: An Access to Heterogeneous Distributed Databases,” Communications of the ACM, Jan. 1990, vol. 33, No. 1, pp. 70-80. |
Conner, Nancy, “Google Apps: The Missing Manual,” Sharing and Collaborating on Documents, May 1, 2008, pp. 93-97, 106-113 & 120-121. |
Countly Mobile Analytics, http://count.ly/ Printed Jul. 18, 2013 in 9 pages. |
Crosby et al., “Efficient Data Structures for Tamper-Evident Logging,” Department of Computer Science, Rice University, 2009, pp. 17. |
Definition “Identify”, downloaded Jan. 22, 2015, 1 page. |
Definition “Overlay”, downloaded Jan. 22, 2015, 1 page. |
Delcher et al., “Identifying Bacterial Genes and Endosymbiont DNA with Glimmer,” BioInformatics, vol. 23, No. 6, 2007, pp. 673-679. |
DISTIMO—App Analytics, http://www.distimo.com/app-analytics Printed Jul. 18, 2013 in 5 pages. |
Dramowicz, Ela, “Retail Trade Area Analysis Using the Huff Model,” Directions Magazine http://www.directionsmag.com/articles/retail-trade-area-analysis-using-the-huff-mode1/123411, Jul. 2, 2005 in 10 pages. |
FireEye—Products and Solutions Overview, http://www.fireeye.com/products-and-solutions Printed Jun. 30, 2014 in 3 pages. |
FireEye, http://www.fireeye.com/ Printed Jun. 30, 2014 in 2 pages. |
Flurry Analytics, http://www.flurry.com/ Printed Jul. 18, 2013 in 14 pages. |
Gesher, Ari, “Palantir Screenshots in the Wild: Swing Sightings,” The Palantir Blog, Sep. 11, 2007, pp. 1-12. |
GIS-NET 3 Public—Department of Regional Planning. Planning & Zoning Information for Unincorporated LA County. Retrieved Oct. 2, 2013 from http://gis.planning.lacounty.gov/GIS-NET3_Public/Viewer.html. |
Glaab et al., “EnrichNet: Network-Based Gene Set Enrichment Analysis,” Bioinformatics 28.18 (2012): pp. i451-i457. |
Golmohammadi et al., “Data Mining Applications for Fraud Detection in Securities Market,” Intelligence and Security Informatics Conference (EISIC), 2012 European, IEEE, Aug. 22, 2012, pp. 107-114. |
Google Analytics Official Website—Web Analytics & Reporting, http://www.google.com/analytics.index.html Printed Jul. 18, 2013 in 22 pages. |
Gorr et al., “Crime Hot Spot Forecasting: Modeling and Comparative Evaluation”, Grant 98-IJ-CX-K005, May 6, 2002, 37 pages. |
Goswami, Gautam, “Quite ‘Writely’ Said!” One Brick at a Time, Aug. 21, 2005, pp. 7. |
Griffith, Daniel A., “A Generalized Huff Model,” Geographical Analysis, Apr. 1982, vol. 14, No. 2, pp. 135-144. |
Gu et al., “Record Linkage: Current Practice and Future Directions,” Jan. 15, 2004, pp. 32. |
Gu et al., “BotMiner: Clustering Analysis of Network Traffice for Protocol-and-Structure-Independent Botnet Detection,” USENIX Security Symposium, 2008, 17 pages. |
Hansen et al., “Analyzing Social Media Networks with NodeXL: Insights from a Connected World”, Elsevier Science, Sep. 2010, Ch. 4 & 10, pp. 53-67 & 143-164. |
Hardesty, “Privacy Challenges: Analysis: It's Surprisingly Easy to Identify Individuals from Credit-Card Metadata,” MIT News on Campus and Around the World, MIT News Office, Jan. 29, 2015, 3 pages. |
Hibbert et al., “Prediction of Shopping Behavior Using a Huff Model Within a GIS Framework,” Healthy Eating in Context, Mar. 18, 2011, pp. 16. |
Hodge et al., “A Survey of Outlier Detection Methodologies,” Artificial Intelligence Review, vol. 22, No. 2, Oct. 1, 2004. |
Hogue et al., “Thresher: Automating the Unwrapping of Semantic Content from the World Wide Web,” 14th International Conference on World Wide Web, WWW 2005: Chiba, Japan, May 10-14, 2005, pp. 86-95. |
Hua et al., “A Multi-attribute Data Structure with Parallel Bloom Filters for Network Services”, HiPC 2006, LNCS 4297, pp. 277-288, 2006. |
Huang et al., “Systematic and Integrative Analysis of Large Gene Lists Using DAVID Bioinformatics Resources,” Nature Protocols, 4.1, 2008, 44-57. |
Huff et al., “Calibrating the Huff Model Using ArcGIS Business Analyst,” ESRI, Sep. 2008, pp. 33. |
Huff, David L., “Parameter Estimation in the Huff Model,” ESRI, ArcUser, Oct.-Dec. 2003, pp. 34-36. |
Hur et al., “SciMiner: web-based literature mining tool for target identification and functional enrichment analysis,” Bioinformatics 25.6 (2009): pp. 838-840. |
Kahan et al., “Annotea: An Open RDF Infrastructure for Shared WEB Annotations”, Computer Networks, 2002, vol. 39, pp. 589-608. |
Keylines.com, “An Introduction to KeyLines and Network Visualization,” Mar. 2014, http://keylines.com/wp-content/uploads/2014/03/KeyLines-White-Paper.pdf downloaded May 12, 2014 in 8 pages. |
Keylines.com, “KeyLines Datasheet,” Mar. 2014, http://keylines.com/wp-content/uploads/2014/03/KeyLines-datasheet.pdf downloaded May 12, 2014 in 2 pages. |
Keylines.com, “Visualizing Threats: Improved Cyber Security Through Network Visualization,” Apr. 2014, http://keylines.com/wp-content/uploads/2014/04/Visualizing-Threats1.pdf downloaded May 12, 2014 in 10 pages. |
Kitts, Paul, “Chapter 14: Genome Assembly and Annotation Process,” The NCBI Handbook, Oct. 2002, pp. 1-21. |
Kontagent Mobile Analytics, http://www.kontagent.com/ Printed Jul. 18, 2013 in 9 pages. |
Lee et al., “A Data Mining and CIDF Based Approach for Detecting Novel and Distributed Intrusions,” Lecture Notes in Computer Science, vol. 1907 Nov. 11, 2000, pp. 49-65. |
Li et al., “Interactive Multimodal Visual Search on Mobile Device,” IEEE Transactions on Multimedia, vol. 15, No. 3, Apr. 1, 2013, pp. 594-607. |
Li et al., “Identifying the Signs of Fraudulent Accounts using Data Mining Techniques,” Computers in Human Behavior, vol. 28, No. 3, Jan. 16, 2012. |
Liu, Tianshun, “Combining GIS and the Huff Model to Analyze Suitable Locations for a New Asian Supermarket in the Minneapolis and St. Paul, Minnesota USA,” Papers in Resource Analysis, 2012, vol. 14, pp. 8. |
Localytics—Mobile App Marketing & Analytics, http://www.localytics.com/ Printed Jul. 18, 2013 in 12 pages. |
Ma et al.,“A New Approach to Secure Logging,” ACM Transactions on Storage, vol. 5, No. 1, Article 2, Published Mar. 2009, 21 pages. |
Madden, Tom, “Chapter 16: The BLAST Sequence Analysis Tool,” The NCBI Handbook, Oct. 2002, pp. 1-15. |
Manno et al., “Introducing Collaboration in Single-user Applications through the Centralized Control Architecture,” 2010, pp. 10. |
Manske, “File Saving Dialogs,” http://www.mozilla.org/editor/ui_specs/FileSaveDialogs.html, Jan. 20, 1999, pp. 7. |
Map Builder, “Rapid Mashup Development Tool for Google and Yahoo Maps!” <http://web.archive.org/web/20090626224734/http://www.mapbuilder.net/> printed Jul. 20, 2012 in 2 pages. |
Map of San Jose, CA. Retrieved Oct. 2, 2013 from http://maps.yahoo.com. |
Map of San Jose, CA. Retrieved Oct. 2, 2013 from http://maps.bing.com. |
Map of San Jose, CA. Retrieved Oct. 2, 2013 from http://maps.google.com. |
Microsoft—Developer Network, “Getting Started with VBA in Word 2010,” Apr. 2010, http://msdn.microsoft.com/en-us/library/ff604039%28v=office.14%29.aspx as printed Apr. 4, 2014 in 17 pages. |
Microsoft Office—Visio, “About connecting shapes,” http://office.microsoft.com/en-us/visio-help/about-connecting-shapes-HP085050369.aspx printed Aug. 4, 2011 in 6 pages. |
Microsoft Office—Visio, “Add and glue connectors with the Connector tool,” http://office.microsoft.com/en-us/visio-help/add-and-glue-connectors-with-the-connector-tool-HA010048532.aspx?CTT=1 printed Aug. 4, 2011 in 1 page. |
Mixpanel—Mobile Analytics, https://mixpanel.com/ Printed Jul. 18, 2013 in 13 pages. |
Mizrachi, Ilene, “Chapter 1: GenBank: The Nuckeotide Sequence Database,” The NCBI Handbook, Oct. 2002, pp. 1-14. |
Ngai et al., “The Application of Data Mining Techniques in Financial Fraud Detection: A Classification Frameworok and an Academic Review of Literature,” Decision Support Systems, Elsevier Science Publishers, Amsterdam, Netherlands, vol. 50, No. 3, Feb. 1, 2011. |
Nierman, “Evaluating Structural Similarity in XML Documents”, 6 pages, 2002. |
Nolan et al., “MCARTA: A Malicious Code Automated Run-Time Analysis Framework,” Homeland Security (HST) 2012 IEEE Conference on Technologies for, Nov. 13, 2012, pp. 13-17. |
Olanoff, Drew, “Deep Dive With the New Google Maps for Desktop With Google Earth Integration, It's More Than Just a Utility,” May 15, 2013, pp. 8, http://web.archive.org/web/20130515230641/http://techcrunch.com/2013/05/15/deep-dive-with-the-new-google-maps-for-desktop-with-google-earth-integration-its-more-than-just-a-utility/. |
Open Web Analytics (OWA), http://www.openwebanalytics.com/ Printed Jul. 19, 2013 in 5 pages. |
Palantir Technologies, “Palantir Labs _ Timeline,” Oct. 1, 2010, retrieved from the internet https://www.youtube.com/watch?v=JCgDW5bru9M. |
Palmas, et al., “An Edge-Bundling Layout for Interactive Parallel Coordinates,” Proceedings of the 2014 IEEE Pacific Visualization Symposium, Mar. 2014, pp. 57-64. |
Perdisci et al., “Behavioral Clustering of HTTP-Based Malware and Signature Generation Using Malicious Network Traces,” USENIX, Mar. 18, 2010, pp. 1-14. |
Piwik—Free Web Analytics Software. http://piwik.org/ Printed Jul. 19, 2013 in18 pages. |
Quartert FS “Managing Business Performance and Detecting Outliers in Financial Services,” Oct. 16, 2014, retrieved from https://quartetfs.com/images/pdf/white-papers/Quartet_FS_White_Paper_-_ActivePivot_Sentinel.pdf retrieved on May 3, 2016. |
Quartert FS “Resource Center,” Oct. 16, 2014, retrieved from https://web.archive.org/web/20141016044306/http://quartetfs.com/resource-center/white-papers retrieved May 3, 2016. |
Quest, “Toad for ORACLE 11.6—Guide to Using Toad,” Sep. 24, 2012, pp. 1-162. |
Rouse, Margaret, “OLAP Cube,” http://searchdatamanagement.techtarget.com/definition/OLAP-cube, Apr. 28, 2012, pp. 16. |
Schneier et al., “Automatic Event Stream Notarization Using Digital Signatures,” Security Protocols, International Workshop Apr. 1996 Proceedings, Springer-Veriag, 1997, pp. 155-169, https://schneier.com/paper-event-stream.pdf. |
Schneier et al., “Cryptographic Support for Secure Logs on Untrusted Machines,” The Seventh USENIX Security Symposium Proceedings, USENIX Press, Jan. 1998, pp. 53-62, https://www.schneier.com/paper-secure-logs.pdf. |
Shah, Chintan, “Periodic Connections to Control Server Offer New Way to Detect Botnets,” Oct. 24, 2013 in 6 pages, http://www.blogs.mcafee.com/mcafee-labs/periodic-links-to-control-server-offer-new-way-to-detect-botnets. |
Shi et al., “A Scalable Implementation of Malware Detection Based on Network Connection Behaviors,” 2013 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, IEEE, Oct. 10, 2013, pp. 59-66. |
Sigrist, et al., “PROSITE, a Protein Domain Database for Functional Characterization and Annotation,” Nucleic Acids Research, 2010, vol. 38, pp. D161-D166. |
Sirotkin et al., “Chapter 13: The Processing of Biological Sequence Data at NCBI,” The NCBI Handbook, Oct. 2002, pp. 1-11. |
StatCounter—Free Invisible Web Tracker, Hit Counter and Web Stats, http://statcounter.com/ Printed Jul. 19, 2013 in 17 pages. |
Symantec Corporation, “E-Security Begins with Sound Security Policies,” Announcement Symantec, Jun. 14, 2001. |
TestFlight—Beta Testing on the Fly, http://testflightapp.com/ Printed Jul. 18, 2013 in 3 pages. |
Thompson, Mick, “Getting Started with GEO,” Getting Started with GEO, Jul. 26, 2011. |
trak.io, http://trak.io/ printed Jul. 18, 2013 in 3 pages. |
Umagandhi et al., “Search Query Recommendations Using Hybrid User Profile with Query Logs,” International Journal of Computer Applications, vol. 80, No. 10, Oct. 1, 2013, pp. 7-18. |
UserMetrix, http://usermetrix.com/android-analytics printed Jul. 18, 2013 in 3 pages. |
Valentini et al., “Ensembles of Learning Machines”, M. Marinaro and R. Tagliaferri (Eds.): WIRN VIETRI 2002, LNCS 2486, pp. 3-20. |
VirusTotal—About, http://www.virustotal.com/en/about/ Printed Jun. 30, 2014 in 8 pages. |
Vose et al., “Help File for ModelRisk Version 5,” 2007, Vose Software, pp. 349-353. [Uploaded in 2 Parts]. |
Waters et al., “Building an Encrypted and Searchable Audit Log,” Published Jan. 9, 2004, 11 pages, http://www.parc.com/content/attachments/building_encrypted_searchable_5059_parc.pdf. |
Wiggerts, T.A., “Using Clustering Algorithms in Legacy Systems Remodularization,” Reverse Engineering, Proceedings of the Fourth Working Conference, Netherlands, Oct. 6-8, 1997, IEEE Computer Soc., pp. 33-43. |
Wikipedia, “Federated Database System,” Sep. 7, 2013, retrieved from the internet on Jan. 27, 2015 http://en.wikipedia.org/w/index.php?title=Federated_database_system&oldid=571954221. |
Wright et al., “Palantir Technologies VAST 2010 Challenge Text Records _ Investigations into Arms Dealing,” Oct. 29, 2010, pp. 1-10. |
Yang et al., “HTML Page Analysis Based on Visual Cues”, A129, pp. 859-864, 2001. |
Zheng et al., “GOEST: a web-based software toolkit for Gene Ontology enrichment analysis,” Nucleic acids research 36.suppl 2 (2008): pp. W385-W363. |
International Search Report and Written Opinion for Application No. PCT/US2009/056703, dated Mar. 15, 2010. |
Notice of Acceptance for Australian Patent Application No. 2014250678 dated Oct. 7, 2015. |
Notice of Allowance for U.S. Appl. No. 12/556,318 dated Nov. 2, 2015. |
Notice of Allowance for U.S. Appl. No. 14/102,394 dated Aug. 25, 2014. |
Notice of Allowance for U.S. Appl. No. 14/108,187 dated Aug. 29, 2014. |
Notice of Allowance for U.S. Appl. No. 14/135,289 dated Oct. 14, 2014. |
Notice of Allowance for U.S. Appl. No. 14/139,628, dated Jun. 24, 2015. |
Notice of Allowance for U.S. Appl. No. 14/139,640 dated Jun. 17, 2015. |
Notice of Allowance for U.S. Appl. No. 14/139,713 dated Jun. 12, 2015. |
Notice of Allowance for U.S. Appl. No. 14/192,767 dated Dec. 16, 2014. |
Notice of Allowance for U.S. Appl. No. 14/225,084 dated May 4, 2015. |
Notice of Allowance for U.S. Appl. No. 14/264,445 dated May 14, 2015. |
Notice of Allowance for U.S. Appl. No. 14/268,964 dated Dec. 3, 2014. |
Notice of Allowance for U.S. Appl. No. 14/278,963 dated Sep. 2, 2015. |
Notice of Allowance for U.S. Appl. No. 14/294,098 dated Dec. 29, 2014. |
Notice of Allowance for U.S. Appl. No. 14/323,935 dated Oct. 1, 2015. |
Notice of Allowance for U.S. Appl. No. 14/326,738 dated Nov. 18, 2015. |
Notice of Allowance for U.S. Appl. No. 14/473,552 dated Jul. 24, 2015. |
Notice of Allowance for U.S. Appl. No. 14/473,860 dated Jan. 5, 2015. |
Notice of Allowance for U.S. Appl. No. 14/479,863 dated Mar. 31, 2015. |
Notice of Allowance for U.S. Appl. No. 14/486,991 dated May 1, 2015. |
Notice of Allowance for U.S. Appl. No. 14/504,103 dated May 18, 2015. |
Notice of Allowance for U.S. Appl. No. 14/579,752 dated Apr. 4, 2016. |
Notice of Allowance for U.S. Appl. No. 14/616,080 dated Apr. 2, 2015. |
Official Communication for Australian Patent Application No. 2014201511 dated Feb. 27, 2015. |
Official Communication for Australian Patent Application No. 2014202442 dated Mar. 19, 2015. |
Official Communication for Australian Patent Application No. 2014210604 dated Jun. 5, 2015. |
Official Communication for Australian Patent Application No. 2014210614 dated Jun. 5, 2015. |
Official Communication for Australian Patent Application No. 2014213553 dated May 7, 2015. |
Official Communication for Australian Patent Application No. 2014250678 dated Jun. 17, 2015. |
Official Communication for European Patent Application No. 14158861.6 dated Jun. 16, 2014. |
Official Communication for European Patent Application No. 14159464.8 dated Jul. 31, 2014. |
Official Communication for European Patent Application No. 14159535.5 dated May 22, 2014. |
Official Communication for European Patent Application No. 14180142.3 dated Feb. 6, 2015. |
Official Communication for European Patent Application No. 14180281.9 dated Jan. 26, 2015. |
Official Communication for European Patent Application No. 14180321.3 dated Apr. 17, 2015. |
Official Communication for European Patent Application No. 14180432.8 dated Jun. 23, 2015. |
Official Communication for European Patent Application No. 14186225.0 dated Feb. 13, 2015. |
Official Communication for European Patent Application No. 14187739.9 dated Jul. 6, 2015. |
Official Communication for European Patent Application No. 14187996.5 dated Feb. 12, 2015. |
Official Communication for European Patent Application No. 14189344.6 dated Feb. 20, 2015. |
Official Communication for European Patent Application No. 14189347.9 dated Mar. 4, 2015. |
Official Communication for European Patent Application No. 14189802.3 dated May 11, 2015. |
Official Communication for European Patent Application No. 14191540.5 dated May 27, 2015. |
Official Communication for European Patent Application No. 14197879.1 dated Apr. 28, 2015. |
Official Communication for European Patent Application No. 14197895.7 dated Apr. 28, 2015. |
Official Communication for European Patent Application No. 14197938.5 dated Apr. 28, 2015. |
Official Communication for European Patent Application No. 14199182.8 dated Mar. 13, 2015. |
Official Communication for European Patent Application No. 15155845.9 dated Oct. 6, 2015. |
Official Communication for European Patent Application No. 15155846.7 dated Jul. 8, 2015. |
Official Communication for European Patent Application No. 15156004.2 dated Aug. 24, 2015. |
Official Communication for European Patent Application No. 15165244.3 dated Aug. 27, 2015. |
Official Communication for European Patent Application No. 15175106.2 dated Nov. 5, 2015. |
Official Communication for European Patent Application No. 15175151.8 dated Nov. 25, 2015. |
Official Communication for European Patent Application No. 15180515.7 dated Dec. 14, 2015. |
Official Communication for European Patent Application No. 15183721.8 dated Nov. 23, 2015. |
Official Communication for European Patent Application No. 15193287.8 dated Apr. 1, 2016. |
Official Communication for European Patent Application No. 15201727.3 dated May 23, 2016. |
Official Communication for European Patent Application No. 15202090.5 dated May 13, 2016. |
Official Communication for Great Britain Patent Application No. 1404457.2 dated Aug. 14, 2014. |
Official Communication for Great Britain Patent Application No. 1404486.1 dated May 21, 2015. |
Official Communication for Great Britain Patent Application No. 1404486.1 dated Aug. 27, 2014. |
Official Communication for Great Britain Patent Application No. 1404489.5 dated May 21, 2015. |
Official Communication for Great Britain Patent Application No. 1404489.5 dated Aug. 27, 2014. |
Official Communication for Great Britain Patent Application No. 1404499.4 dated Aug. 20, 2014. |
Official Communication for Great Britain Patent Application No. 1404574.4 dated Dec. 18, 2014. |
Official Communication for Great Britain Patent Application No. 1408025.3 dated Nov. 6, 2014. |
Official Communication for Great Britain Patent Application No. 1411984.6 dated Dec. 22, 2014. |
Official Communication for Great Britain Patent Application No. 1413935.9 dated Jan. 27, 2015. |
Official Communication for Netherlands Patent Application No. 2012433 dated Mar. 11, 2016. |
Official Communication for Netherlands Patent Application No. 2012437 dated Sep. 18, 2015. |
Official Communication for Netherlands Patent Application No. 2013306 dated Apr. 24, 2015. |
Official Communication for New Zealand Patent Application No. 622181 dated Mar. 24, 2014. |
Official Communication for New Zealand Patent Application No. 622473 dated Jun. 19, 2014. |
Official Communication for New Zealand Patent Application No. 622473 dated Mar. 27, 2014. |
Official Communication for New Zealand Patent Application No. 622513 dated Apr. 3, 2014. |
Official Communication for New Zealand Patent Application No. 622517 dated Apr. 3, 2014. |
Official communication for New Zealand Patent Application No. 624557 dated May 14, 2014. |
Official Communication for New Zealand Patent Application No. 627061 dated Jul. 14, 2014. |
Official Communication for New Zealand Patent Application No. 627962 dated Aug. 5, 2014. |
Official Communication for New Zealand Patent Application No. 628150 dated Aug. 15, 2014. |
Official Communication for New Zealand Patent Application No. 628161 dated Aug. 25, 2014. |
Official Communication for New Zealand Patent Application No. 628263 dated Aug. 12, 2014. |
Official Communication for New Zealand Patent Application No. 628495 dated Aug. 19, 2014. |
Official Communication for New Zealand Patent Application No. 628585 dated Aug. 26, 2014. |
Official Communication for New Zealand Patent Application No. 628840 dated Aug. 28, 2014. |
Official Communication for U.S. Appl. No. 12/556,318 dated Jul. 2, 2015. |
Official Communication for U.S. Appl. No. 13/247,987 dated Apr. 2, 2015. |
Official Communication for U.S. Appl. No. 13/247,987 dated Sep. 22, 2015. |
Official Communication for U.S. Appl. No. 13/827,491 dated Dec. 1, 2014. |
Official Communication for U.S. Appl. No. 13/831,791 dated Mar. 4, 2015. |
Official Communication for U.S. Appl. No. 13/831,791 dated Aug. 6, 2015. |
Official Communication for U.S. Appl. No. 13/835,688 dated Jun. 17, 2015. |
Official Communication for U.S. Appl. No. 13/839,026 dated Aug. 4, 2015. |
Official Communication for U.S. Appl. No. 14/134,558 dated Oct. 7, 2015. |
Official Communication for U.S. Appl. No. 14/148,568 dated Oct. 22, 2014. |
Official Communication for U.S. Appl. No. 14/148,568 dated Mar. 26, 2015. |
Official Communication for U.S. Appl. No. 14/196,814 dated May 5, 2015. |
Official Communication for U.S. Appl. No. 14/223,918 dated Jun. 8, 2015. |
Official Communication for U.S. Appl. No. 14/225,006 dated Sep. 10, 2014. |
Official Communication for U.S. Appl. No. 14/225,006 dated Sep. 2, 2015. |
Official Communication for U.S. Appl. No. 14/225,006 dated Feb. 27, 2015. |
Official Communication for U.S. Appl. No. 14/225,084 dated Sep. 11, 2015. |
Official Communication for U.S. Appl. No. 14/225,084 dated Sep. 2, 2014. |
Official Communication for U.S. Appl. No. 14/225,084 dated Feb. 20, 2015. |
Official Communication for U.S. Appl. No. 14/225,160 dated Feb. 11, 2015. |
Official Communication for U.S. Appl. No. 14/225,160 dated Aug. 12, 2015. |
Official Communication for U.S. Appl. No. 14/225,160 dated May 20, 2015. |
Official Communication for U.S. Appl. No. 14/225,160 dated Oct. 22, 2014. |
Official Communication for U.S. Appl. No. 14/225,160 dated Jul. 29, 2014. |
Official Communication for U.S. Appl. No. 14/251,485 dated Oct. 1, 2015. |
Official Communication for U.S. Appl. No. 14/264,445 dated Apr. 17, 2015. |
Official Communication for U.S. Appl. No. 14/268,964 dated Sep. 3, 2014. |
Official Communication for U.S. Appl. No. 14/278,963 dated Jan. 30, 2015. |
Official Communication for U.S. Appl. No. 14/280,490 dated Jul. 24, 2014. |
Official Communication for U.S. Appl. No. 14/289,596 dated Jul. 18, 2014. |
Official Communication for U.S. Appl. No. 14/289,596 dated Jan. 26, 2015. |
Official Communication for U.S. Appl. No. 14/289,596 dated Apr. 30, 2015. |
Official Communication for U.S. Appl. No. 14/289,599 dated Jul. 22, 2014. |
Official Communication for U.S. Appl. No. 14/289,599 dated May 29, 2015. |
Official Communication for U.S. Appl. No. 14/289,599 dated Sep. 4, 2015. |
Official Communication for U.S. Appl. No. 14/294,098 dated Aug. 15, 2014. |
Official Communication for U.S. Appl. No. 14/294,098 dated Nov. 6, 2014. |
Official Communication for U.S. Appl. No. 14/306,138 dated Sep. 14, 2015. |
Official Communication for U.S. Appl. No. 14/306,138 dated Feb. 18, 2015. |
Official Communication for U.S. Appl. No. 14/306,138 dated Sep. 23, 2014. |
Official Communication for U.S. Appl. No. 14/306,138 dated May 26, 2015. |
Official Communication for U.S. Appl. No. 14/306,138 dated Dec. 3, 2015. |
Official Communication for U.S. Appl. No. 14/306,147 dated Feb. 19, 2015. |
Official Communication for U.S. Appl. No. 14/306,147 dated Aug. 7, 2015. |
Official Communication for U.S. Appl. No. 14/306,147 dated Sep. 9, 2014. |
Official Communication for U.S. Appl. No. 14/306,154 dated Mar. 11, 2015. |
Official Communication for U.S. Appl. No. 14/306,154 dated May 15, 2015. |
Official Communication for U.S. Appl. No. 14/306,154 dated Nov. 16, 2015. |
Official Communication for U.S. Appl. No. 14/306,154 dated Jul. 6, 2015. |
Official Communication for U.S. Appl. No. 14/306,154 dated Sep. 9, 2014. |
Official Communication for U.S. Appl. No. 14/319,161 dated Jan. 23, 2015. |
Official Communication for U.S. Appl. No. 14/319,765 dated Sep. 10, 2015. |
Official Communication for U.S. Appl. No. 14/319,765 dated Jun. 16, 2015. |
Official Communication for U.S. Appl. No. 14/319,765 dated Nov. 25, 2014. |
Official Communication for U.S. Appl. No. 14/319,765 dated Feb. 4, 2015. |
Official Communication for U.S. Appl. No. 14/323,935 dated Jun. 22, 2015. |
Official Communication for U.S. Appl. No. 14/323,935 dated Nov. 28, 2014. |
Official Communication for U.S. Appl. No. 14/323,935 dated Mar. 31, 2015. |
Official Communication for U.S. Appl. No. 14/326,738 dated Dec. 2, 2014. |
Official Communication for U.S. Appl. No. 14/326,738 dated Jul. 31, 2015. |
Official Communication for U.S. Appl. No. 14/326,738 dated Mar. 31, 2015. |
Official Communication for U.S. Appl. No. 14/451,221 dated Oct. 21, 2014. |
Official Communication for U.S. Appl. No. 14/463,615 dated Nov. 13, 2014. |
Official Communication for U.S. Appl. No. 14/463,615 dated May 21, 2015. |
Official Communication for U.S. Appl. No. 14/463,615 dated Jan. 28, 2015. |
Official Communication for U.S. Appl. No. 14/473,552 dated Feb. 24, 2015. |
Official Communication for U.S. Appl. No. 14/479,863 dated Dec. 26, 2014. |
Official Communication for U.S. Appl. No. 14/483,527 dated Jan. 28, 2015. |
Official Communication for U.S. Appl. No. 14/486,991 dated Mar. 10, 2015. |
Official Communication for U.S. Appl. No. 14/490,612 dated Aug. 18, 2015. |
Official Communication for U.S. Appl. No. 14/490,612 dated Jan. 27, 2015. |
Official Communication for U.S. Appl. No. 14/490,612 dated Mar. 31, 2015. |
Official Communication for U.S. Appl. No. 14/504,103 dated Mar. 31, 2015. |
Official Communication for U.S. Appl. No. 14/504,103 dated Feb. 5, 2015. |
Official Communication for U.S. Appl. No. 14/518,757 dated Dec. 1, 2015. |
Official Communication for U.S. Appl. No. 14/518,757 dated Apr. 2, 2015. |
Official Communication for U.S. Appl. No. 14/518,757 dated Jul. 20, 2015. |
Official Communication for U.S. Appl. No. 14/571,098 dated Mar. 11, 2015. |
Official Communication for U.S. Appl. No. 14/579,752 dated Aug. 19, 2015. |
Official Communication for U.S. Appl. No. 14/579,752 dated May 26, 2015. |
Official Communication for U.S. Appl. No. 14/579,752 dated Dec. 9, 2015. |
Official Communication for U.S. Appl. No. 14/581,920 dated Mar. 1, 2016. |
Official Communication for U.S. Appl. No. 14/581,920 dated Jun. 13, 2016. |
Official Communication for U.S. Appl. No. 14/581,920 dated May 3, 2016. |
Official Communication for U.S. Appl. No. 14/631,633 dated Sep. 10, 2015. |
Official Communication for U.S. Appl. No. 14/639,606 dated Oct. 16, 2015. |
Official Communication for U.S. Appl. No. 14/639,606 dated May 18, 2015. |
Official Communication for U.S. Appl. No. 14/639,606 dated Jul. 24, 2015. |
Official Communication for U.S. Appl. No. 14/639,606 dated Apr. 5, 2016. |
Official Communication for U.S. Appl. No. 14/726,353 dated Mar. 1, 2016. |
Official Communication for U.S. Appl. No. 14/726,353 dated Sep. 10, 2015. |
Official Communication for U.S. Appl. No. 14/813,749 dated Sep. 28, 2015. |
Official Communication for U.S. Appl. No. 14/816,748 dated Apr. 1, 2016. |
Official Communication for U.S. Appl. No. 14/816,748 dated May 24, 2016. |
Official Communication for U.S. Appl. No. 14/857,071 dated Mar. 2, 2016. |
Official Communication for U.S. Appl. No. 15/072,174 dated Jun. 1, 2016. |
Restriction Requirement for U.S. Appl. No. 13/839,026 dated Apr. 2, 2015. |
Restriction Requirement for U.S. Appl. No. 14/857,071 dated Dec. 11, 2015. |
Official Communication for European Patent Application No. 14200246.8 dated Oct. 19, 2017. |
Official Communication for European Patent Application No. 15193287.8 dated Oct. 19, 2017. |
Official Communication for U.S. Appl. No. 15/419,718 dated Aug. 14, 2017. |
Official Communication for U.S. Appl. No. 15/419,718 dated Oct. 17, 2017. |
Official Communication for European Patent Application No. 14200246.8 dated May 29, 2015. |
Official Communication for U.S. Appl. No. 15/419,718 dated Jun. 6, 2018. |
Number | Date | Country | |
---|---|---|---|
20170134397 A1 | May 2017 | US |
Number | Date | Country | |
---|---|---|---|
62076314 | Nov 2014 | US |
Number | Date | Country | |
---|---|---|---|
Parent | 14698432 | Apr 2015 | US |
Child | 15378567 | US | |
Parent | 14616080 | Feb 2015 | US |
Child | 14698432 | US |