公开(公告)号：US20250138819A1

公开(公告)日：2025-05-01

申请号：US18496722

申请日：2023-10-27

Applicant: CrowdStrike, Inc.

Inventor： Damian Monea ,  Paul Sumedrea ,  Mihaela-Petruta Gaman ,  Alexandru Dinu

IPC: G06F8/75 ,  G06F21/56 ,  G06F40/30

Abstract: An approach is provided that provides a plurality of source code samples to an artificial intelligence model (AIM) trained to describe source code based on performing semantic analysis on the source code. The approach produces, using the AIM, a plurality of semantic descriptions that describe the plurality of source code samples. Then, the approach converts the plurality of semantic descriptions into a plurality of semantic embeddings. In turn, the approach creates a plurality of clusters from the plurality of semantic embeddings, wherein each one of the plurality of clusters corresponds to two or more of the plurality of source code samples.

公开(公告)号：US20250005154A1

公开(公告)日：2025-01-02

申请号：US18216833

申请日：2023-06-30

Applicant: CrowdStrike, Inc.

Inventor： Vasile-Daniel Sava ,  Paul Sumedrea ,  Cristian Viorel Popa

IPC: G06F21/56

Abstract: A process tree embedding is generated corresponding to a process tree. The process tree comprises a plurality of processes. The process tree embedding is processed with a machine learning model to generate an identification of malware associated with the process tree. In some embodiments, processing the process tree embedding with the machine learning model to generate the identification of malware associated with the process tree includes: processing the process tree embedding with the machine learning model to generate a classification of the process tree as being associated with malware; and, responsive to the classification indicating that the process tree is associated with malware, generating the identification of a first process of the plurality of processes that is relevant to the classification of the process tree as being associated with malware.

公开(公告)号：US20240146734A1

公开(公告)日：2024-05-02

申请号：US18478006

申请日：2023-09-29

Applicant: CrowdStrike, Inc.

Inventor： Andrew Southgate ,  Paul Sumedrea ,  Cristian Viorel Popa ,  Dragos Georgian Corlatescu

IPC: H04L9/40 ,  G06F21/62 ,  G06N5/02

CPC classification number: H04L63/10 ,  G06F21/6227 ,  G06N5/02 ,  H04L63/08

Abstract: Systems and methods of authentication utilizing a large language model (LLM) are provided. The method includes accessing a knowledge base comprising user-specific data of a user device associated with a domain. In response to a request from the user device for access to a resource of the domain, the method includes generating one or more authentication challenges based on the user-specific data. The one or more authentication challenges are generated by an LLM trained on the user-specific data and contextual interactions associated with the user device. In response to determining that a response to the one or more authentication challenges matches the user-specific data of the knowledge base and the contextual interactions, the method includes providing the user device access to the resource of the domain.

公开(公告)号：US20250139233A1

公开(公告)日：2025-05-01

申请号：US18494509

申请日：2023-10-25

Applicant: CrowdStrike, Inc.

Inventor： Paul Sumedrea ,  Cristian Viorel Popa ,  Dragos Corlatescu ,  Vasile-Daniel Sava

IPC: G06F21/55

Abstract: An approach is provided that trains an artificial intelligence model (AIM) using training data to produce a generalized AIM, wherein the training data comprises log-collected data corresponding to multiple application types and the generalized AIM is trained to detect one or more cross-platform cybersecurity threats. The approach identifies multiple application-specific training data sets, wherein each one of the application-specific training data sets includes labeled application logs corresponding to one of the multiple application types. The approach then fine-tunes the generalized AIM using the multiple application-specific training data sets to produce multiple dedicated AIMs, wherein each one of the dedicated AIMs is trained to detect one or more application-centric cybersecurity threats targeted at a corresponding one of the application types.

公开(公告)号：US20250023779A1

公开(公告)日：2025-01-16

申请号：US18405749

申请日：2024-01-05

Applicant: CrowdStrike, Inc.

Inventor： Paul Sumedrea ,  Damian Monea

IPC: H04L41/084 ,  G06F40/20

Abstract: A system and method of using generative AI to recommend and validate asset and/or cloud configurations. The method includes acquiring a set of parameters associated with one or more network entities of a computing network. The method includes providing the set of parameters to a configuration model trained to generate, based on semantic matching, recommended configurations for network entities and validated configurations for the network entities. The method includes generating, by a processing device using the configuration model, one or more recommended configurations for the one or more network entities based on the set of parameters.

公开(公告)号：US20240338445A1

公开(公告)日：2024-10-10

申请号：US18132340

申请日：2023-04-07

Applicant: CrowdStrike, Inc.

Inventor： Cristian Viorel Popa ,  Stefan-Bogdan Cocea ,  Alexandru Dinu ,  Paul Sumedrea

IPC: G06F21/56

CPC classification number: G06F21/564 ,  G06F21/568

Abstract: Methods and systems for applying a diffusion model to adversarial purification and generating adversarial samples in malware detection are disclosed. According to an example, a malware file is inputted to a diffusion model to obtain an adversarial sample by altering content of the malware file. The adversarial sample is further tested by a malware detector. In some examples, the content of an input file may be encoded prior to be processed by the diffusion model. If the malware detector can identify the adversarial sample as a malware file, the diffusion model is updated to further alter the content until the adversarial sample successfully deceives the malware detector. According to another example, an executable file is purified using a diffusion model prior to be inputted to a malware detector. The diffusion model may remove potential malware content from the executable file, thus improving the performance of the malware detector.

公开(公告)号：US20250139251A1

公开(公告)日：2025-05-01

申请号：US18495626

申请日：2023-10-26

Applicant: CrowdStrike, Inc.

Inventor： Paul Sumedrea ,  Cristian Viorel Popa ,  Vasile-Daniel Sava

IPC: G06F21/57 ,  G06F8/72 ,  G06F21/56

Abstract: An approach is provided that identifies a vulnerability corresponding to an initial source code. Then, the approach generates a prompt comprising the initial source code and the vulnerability. The approach inputs the prompt into an artificial intelligence model (AIM) that is trained to determine whether the initial source code comprises the vulnerability. In turn, the approach removes, using the AIM, the vulnerability from the initial source code to produce a refactored source code in response to determining that the initial source code comprises the vulnerability.

公开(公告)号：US20250023893A1

公开(公告)日：2025-01-16

申请号：US18523581

申请日：2023-11-29

Applicant: CrowdStrike, Inc.

Inventor： Paul Sumedrea ,  Damian Monea

IPC: H04L9/40 ,  H04L41/16

Abstract: A system and method of using generative AI to identify exposures of computing devices on computing networks to actual and/or potential threats. The method includes collecting a plurality of responses from a plurality of devices to a target device on a private network. The method includes providing the plurality of responses to a classification model trained to assign device descriptions for device responses based on semantic matching of the device responses to database data. The method includes assigning, by the processing device using the classification model, a plurality of device descriptions for the plurality of responses to the target device, each response is respectively associated with one or more device descriptions of the plurality of device descriptions. The method includes generating, based on the plurality of device descriptions, a status report comprising a list of network addresses associated with a group of devices having access to the target device.

公开(公告)号：US20250007926A1

公开(公告)日：2025-01-02

申请号：US18477241

申请日：2023-09-28

Applicant: CrowdStrike, Inc.

Inventor： Andrew Southgate ,  Paul Sumedrea ,  Stefan-Bogdan Cocea ,  Dragos Georgian Corlatescu

IPC: H04L9/40 ,  H04L41/16

Abstract: Systems and methods of actor attribution utilizing a machine learning (ML) model, such as a large language model (LLM), are provided. The method includes generating a first ML model based on first data associated with a first cybersecurity incident of a plurality of cybersecurity incidents. The method includes training the first ML model based on actor attribution associated with the first cybersecurity incident to generate a second ML model. The method includes receiving second data that is associated with a second cybersecurity incident of the plurality of cybersecurity incidents. The method includes producing, by a processing device for the second ML model using the second data, an attribution of the second cybersecurity incident to an actor.

公开(公告)号：US20250005175A1

公开(公告)日：2025-01-02

申请号：US18375112

申请日：2023-09-29

Applicant: Crowdstrike, Inc.

Inventor： Paul Sumedrea ,  Cristian Viorel Popa ,  Stefan-Bogdan Cocea ,  Mihaela-Petruta Gaman

IPC: G06F21/60 ,  G06F40/284 ,  G06N20/00

Abstract: A system and method of scrubbing sensitive data from records using patterns and large language models (LLM). The method includes receiving a request to process a record comprising data including sensitive data. The method includes identifying, based on one or more regex rules, a first set of scrubbing candidates associated with the record. The method includes identifying, by a processing device and based on a large language model (LLM), a second set of scrubbing candidates associated with the record. The method includes generating, based on the first set of scrubbing candidates and the second set of scrubbing candidates, a scrubbed record by scrubbing the record to remove the sensitive data.