1
Tzi cker Chiueh, Fanglu Guo: Automated unpacking of executables packed by multiple layers of arbitrary packers. Symantec Corporation, Fenwick & West, August 9, 2011: US07996904 (94 worldwide citation)

The packing manager provides an automated method that allows existing AV scanning technology to be applied to detect known malware samples packed by one or more packers that are potentially proprietary. The packing manager tracks the memory areas to which an executable binary writes and executes, an ...


2
Fanglu Guo, Tzi cker Chiueh: Enforcing the execution exception to prevent packers from evading the scanning of dynamically created code. Symantec Corporation, Fenwick & West, August 13, 2013: US08510828 (88 worldwide citation)

To detect possible malicious code that is unpacked at runtime before it is executed, antivirus software requires that any dynamically created code be scanned before it can be executed by a host computer system. This requirement may be enforced by requiring memory pages to be either executable or wri ...


3
Petros Efstathopoulos, Fanglu Guo: System and method for high performance deduplication indexing. Symantec Corporation, Rory D Rankin, Meyertons Hood Kivlin Kowert & Kowert & Goetzel P C, February 5, 2013: US08370315 (42 worldwide citation)

A system and method for efficiently reducing latency of accessing an index for a data segment stored on a server. A server both removes duplicate data and prevents duplicate data from being stored in a shared data storage. The file server is coupled to an index storage subsystem holding fingerprint ...


4
Fanglu Guo: Network protocol with damage loss resilient congestion control algorithm. Symantec Corporation, Meyertons Hood Kivlin Kowert & Goetzel P C, October 26, 2010: US07821937 (19 worldwide citation)

Various embodiments of a network protocol that utilizes a congestion control algorithm that distinguishes between congestion loss and damage loss are described. In response to a packet loss on a network, a delay-based detection algorithm may be performed based on RTT (Round-Trip Time) information to ...


5
Petros Efstathopoulos, Fanglu Guo, Dharmesh Shah: Progressive sampling for deduplication indexing. Symantec Corporation, Rory D Rankin, Meyertons Hood Kivlin Kowert & Goetzel P C, November 13, 2012: US08311964 (18 worldwide citation)

A system and method for efficiently reducing a number of duplicate blocks of stored data. A file server both removes duplicate data and prevents duplicate data from being stored in the shared storage. A sampling rate may be used to determine which fingerprints, or hash values, are stored in an index ...


6
Mark Christiaens, Fanglu Guo, Weibao Wu: Systems and methods for removing unreferenced data segments from deduplicated data systems. Symantec Corporation, Advantedge Law Group, July 17, 2012: US08224875 (14 worldwide citation)

A computer-implemented method for removing unreferenced data segments from deduplicated data systems may include: 1) identifying a deduplicated data system that contains a plurality of data segments, 2) identifying a plurality of containers within the deduplicated data system, with each container co ...


7
Fanglu Guo, Sandeep Bhatkar, Kevin Roundy: Systems and methods for reducing false positives when using event-correlation graphs to detect attacks on computing systems. Symantec Corporation, ALG Intellectual Property, October 20, 2015: US09166997 (13 worldwide citation)

A computer-implemented method for reducing false positives when using event-correlation graphs to detect attacks on computing systems may include (1) detecting a suspicious event involving a first actor within a computing system, (2) constructing an event-correlation graph that includes a first node ...


8
Fanglu Guo, Tzi Cker Chiueh: Tracking memory mapping to prevent packers from evading the scanning of dynamically created code. Symantec Corporation, Fenwick & West, January 24, 2012: US08104089 (11 worldwide citation)

To detect possible malicious code that is unpacked at runtime before it is executed, antivirus software requires that any dynamically created code be scanned before it can be executed by a host computer system. This requirement may be enforced by requiring memory pages to be either executable or wri ...


9
Kevin Roundy, Fanglu Guo, Sandeep Bhatkar, Tao Cheng, Jie Fu, Zhi Kai Li, Darren Shou, Sanjay Sawhney, Acar Tamersoy, Elias Khalil: Systems and methods for using event-correlation graphs to detect attacks on computing systems. Symantec Corporation, ALG Intellectual Property, September 22, 2015: US09141790 (10 worldwide citation)

A computer-implemented method for using event-correlation graphs to detect attacks on computing systems may include (1) detecting a suspicious event involving a first actor within a computing system, (2) constructing an event-correlation graph that includes a first node that represents the first act ...


10
Fanglu Guo, Sandeep Bhatkar, Kevin Roundy: Systems and methods for detecting security threats based on user profiles. Symantec Corporation, ALG Intellectual Property, July 26, 2016: US09401925 (7 worldwide citation)

A computer-implemented method for detecting security threats based on user profiles may include 1) identifying behavior on a computing system that is potentially indicative of a security threat, 2) identifying a user profile for a user of the computing system that estimates a level of the user's tec ...