专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

21. 发明申请

US20080244742A1 Detecting adversaries by correlating detected malware with web access logs 审中-公开
标题翻译：通过将检测到的恶意软件与Web访问日志相关联来检测对手
公开(公告)号：US20080244742A1
公开(公告)日：2008-10-02
申请号：US11824718
申请日：2007-06-30
申请人： John Neystadt , Efim Hudis , Yair Helman , Alexandra Faynburd
发明人： John Neystadt , Efim Hudis , Yair Helman , Alexandra Faynburd
IPC分类号： G06F12/14
CPC分类号： H04L63/1425 , H04L63/308
摘要： An automated arrangement for detecting adversaries is provided by examining a log that contains records of communications into and out of the enterprise network upon the detection of a security incident by which a host computer on an enterprise network becomes compromised. The log is analyzed over a window of time starting before the occurrence of the detected security incident to identify the web site URIs (Uniform Resource Identifiers) and IP (Internet Protocol) addresses (collectively “resources”) that were respectively accessed by the compromised host and/or from which traffic was received by the compromised host. When other host computers in the enterprise are detected as being compromised, a similar analysis is performed and the results of all the analyses are correlated to identify one or more resources that are common to the logged communications of all the compromised machines.
摘要翻译：通过在检测到企业网络上的主计算机被破坏的安全事件的检测时，通过检查包含进出企业网络的通信记录的日志来提供用于检测对手的自动化安排。在检测到的安全事件发生之前的时间窗口分析日志，以识别受损主机分别访问的网站URI（统一资源标识符）和IP（因特网协议）地址（统称为“资源”）和/或由受损主机接收到的流量。当企业中的其他主机被检测为被泄露时，执行类似的分析，并且将所有分析的结果相关联以识别所有受损机器的记录通信共同的一个或多个资源。

22. 发明授权

US06505190B1 Incremental filtering in a persistent query system 有权
标题翻译：持续查询系统中的增量过滤
公开(公告)号：US06505190B1
公开(公告)日：2003-01-07
申请号：US09606431
申请日：2000-06-28
申请人： Dov Harel , Yair Helman , Uri Barash
发明人： Dov Harel , Yair Helman , Uri Barash
IPC分类号： G06F1730
CPC分类号： G06F17/30699 , G06F17/30693 , Y10S707/99932
摘要： A system and method track changes to a document and analyze the changes to the document against a set of predefined queries without re-analyzing the entire document. Hence, after a document has been processed in the system (i.e., had its terms matched against the set of predefined queries), only a small subset of the document needs to be reprocessed and analyzed after changes (i.e., edits) are made. The analysis of the small subset is accomplished by maintaining an incremental-results data set for each document. The incremental-results data set is much smaller than the actual document, only comprising a set of unique words found in a document. After a document is changed, only the words deleted or added to the changed portion are used to update the incremental-results data set.
摘要翻译：系统和方法跟踪文档的更改，并根据一组预定义查询分析文档的更改，而无需重新分析整个文档。因此，在系统中处理了文档（即，其术语与预定义查询集合匹配）之后，在进行改变（即，编辑）之后，仅需要对文档的一小部分进行再处理和分析。通过维护每个文档的增量结果数据集来实现小子集的分析。增量结果数据集远小于实际文档，只包含文档中找到的一组唯一字。更改文档后，仅使用删除或添加到更改的部分的单词来更新增量结果数据集。

23. 发明申请

US20100125912A1 ESTIMATING AND VISUALIZING SECURITY RISK IN INFORMATION TECHNOLOGY SYSTEMS 有权
标题翻译：信息技术系统的安全风险估算和可视化
公开(公告)号：US20100125912A1
公开(公告)日：2010-05-20
申请号：US12274309
申请日：2008-11-19
申请人： Adar Greenshpon , Ron Karidi , Yair Helman , Shai Aharon Rubin
发明人： Adar Greenshpon , Ron Karidi , Yair Helman , Shai Aharon Rubin
IPC分类号： G06F12/14 , G06N5/04
CPC分类号： H04L63/1433 , G06F21/577
摘要： Security risk for a single IT asset and/or a set of IT assets in a network such as an enterprise or corporate network may be estimated and represented in a visual form by categorizing risk into different discrete levels. The IT assets may include both computing devices and users. The risk categorization uses a security assessment of an IT asset that is generated to indicate the type of security problem encountered, the severity of the problem, and the fidelity of the assessment. The asset value of an IT asset to the enterprise is also assigned. Security risk is then categorized (and a numeric risk value provided) for each IT asset for different problem types by considering the IT asset value along with the severity and fidelity of the security assessment. The security risk for the enterprise is estimated using the numeric risk value and then displayed in visual form.
摘要翻译：通过将风险分为不同的离散级别，可以以视觉形式估计和表示单个IT资产和/或网络中企业或公司网络中的一组IT资产的安全风险。 IT资产可能包括计算设备和用户。风险分类使用IT资产的安全评估来产生，以指示遇到的安全问题的类型，问题的严重性和评估的忠实度。 IT资产对企业的资产价值也被分配。然后通过考虑IT资产价值以及安全性评估的严重性和保真度，为不同问题类型的每个IT资产对安全风险进行分类（并提供数值风险值）。使用数字风险值估算企业的安全风险，然后以视觉形式显示。

24. 发明授权

US08402546B2 Estimating and visualizing security risk in information technology systems 有权
标题翻译：估计和可视化信息技术系统中的安全风险
公开(公告)号：US08402546B2
公开(公告)日：2013-03-19
申请号：US12274309
申请日：2008-11-19
申请人： Adar Greenshpon , Ron Karidi , Yair Helman , Shai Aharon Rubin
发明人： Adar Greenshpon , Ron Karidi , Yair Helman , Shai Aharon Rubin
IPC分类号： H04L29/06
CPC分类号： H04L63/1433 , G06F21/577
摘要： Security risk for a single IT asset and/or a set of IT assets in a network such as an enterprise or corporate network may be estimated and represented in a visual form by categorizing risk into different discrete levels. The IT assets may include both computing devices and users. The risk categorization uses a security assessment of an IT asset that is generated to indicate the type of security problem encountered, the severity of the problem, and the fidelity of the assessment. The asset value of an IT asset to the enterprise is also assigned. Security risk is then categorized (and a numeric risk value provided) for each IT asset for different problem types by considering the IT asset value along with the severity and fidelity of the security assessment. The security risk for the enterprise is estimated using the numeric risk value and then displayed in visual form.
摘要翻译：通过将风险分为不同的离散级别，可以以视觉形式估计和表示单个IT资产和/或网络中企业或公司网络中的一组IT资产的安全风险。 IT资产可能包括计算设备和用户。风险分类使用IT资产的安全评估来产生，以指示遇到的安全问题的类型，问题的严重性和评估的忠实度。 IT资产对企业的资产价值也被分配。然后通过考虑IT资产价值以及安全性评估的严重性和保真度，为不同问题类型的每个IT资产对安全风险进行分类（并提供数值风险值）。使用数字风险值估算企业的安全风险，然后以视觉形式显示。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式