专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

41. 发明授权

US08516575B2 Systems, methods, and media for enforcing a security policy in a network including a plurality of components 有权
标题翻译：用于在包括多个组件的网络中执行安全策略的系统，方法和媒体
公开(公告)号：US08516575B2
公开(公告)日：2013-08-20
申请号：US12632934
申请日：2009-12-08
申请人： Matthew Burnside , Angelos D. Keromytis
发明人： Matthew Burnside , Angelos D. Keromytis
IPC分类号： H04L29/06 , G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00
CPC分类号： H04L63/0263 , G06F2221/2101 , H04L63/1416 , H04L63/1425
摘要： Systems, methods, and media for enforcing a security policy in a network are provided, including, for example, receiving a plurality of events describing component behavior detected by a plurality of sensors, each sensor monitoring a different component of a plurality of components; attributing a first event of the plurality of events to a first principal; attributing a second event of the plurality of events to a second principal; determining whether the first and second events are correlated; storing a data structure that attributes each of the first and second events to the first principal, if it is determined that the first and second events are correlated; comparing the second event to the security policy; and modifying network behavior to enforce the security policy against the first principal based on the comparison of the second event to the security policy and the attribution of the second event to the first principal.
摘要翻译：提供了用于在网络中实施安全策略的系统，方法和媒体，包括例如接收描述由多个传感器检测到的组件行为的多个事件，每个传感器监视多个组件的不同组件; 将所述多个事件的第一事件归因于第一主体; 将所述多个事件的第二事件归因于第二主体; 确定所述第一和第二事件是否相关; 如果确定所述第一和第二事件相关，则存储将所述第一和第二事件中的每一个归属于所述第一主体的数据结构; 将第二个事件与安全策略进行比较; 以及基于所述第二事件与所述安全策略的比较以及所述第二事件对所述第一主体的归属，修改网络行为以对所述第一主体执行所述安全策略。

42. 发明授权

US08228815B2 Systems and methods for computing data transmission characteristics of a network path based on single-ended measurements 有权
标题翻译：基于单端测量计算网络路径的数据传输特性的系统和方法
公开(公告)号：US08228815B2
公开(公告)日：2012-07-24
申请号：US12648091
申请日：2009-12-28
申请人： Angelos D. Keromytis , Sambuddho Chakravarty , Angelos Stavrou
发明人： Angelos D. Keromytis , Sambuddho Chakravarty , Angelos Stavrou
IPC分类号： H04L12/28
CPC分类号： H04L43/0882 , H04L41/0896 , H04L41/5003 , H04L45/00 , H04L47/10
摘要： Systems and methods for computing data transmission characteristics of a network path are disclosed. In some embodiments, the network path has a sending host, at least one intermediate host, and a receiving host, and the data transmission characteristics are computed based on single-ended measurements performed at the sending host.
摘要翻译：公开了一种用于计算网络路径的数据传输特性的系统和方法。在一些实施例中，网络路径具有发送主机，至少一个中间主机和接收主机，并且基于在发送主机处执行的单端测量来计算数据传输特性。

43. 发明申请

US20120151270A1 METHODS, MEDIA, AND SYSTEMS FOR DETECTING ANOMALOUS PROGRAM EXECUTIONS 有权
标题翻译：检测异常程序执行的方法，媒体和系统
公开(公告)号：US20120151270A1
公开(公告)日：2012-06-14
申请号：US13301741
申请日：2011-11-21
申请人： Salvatore J. Stolfo , Angelos D. Keromytis , Stylianos Sidiroglou
发明人： Salvatore J. Stolfo , Angelos D. Keromytis , Stylianos Sidiroglou
IPC分类号： G06F11/00
CPC分类号： G06F11/0772 , G06F11/0718 , G06F11/0751 , G06F11/079 , G06F11/3652
摘要： Methods, media, and systems for detecting anomalous program executions are provided. In some embodiments, methods for detecting anomalous program executions are provided, comprising: executing at least a part of a program in an emulator; comparing a function call made in the emulator to a model of function calls for the at least a part of the program; and identifying the function call as anomalous based on the comparison. In some embodiments, methods for detecting anomalous program executions are provided, comprising: modifying a program to include indicators of program-level function calls being made during execution of the program; comparing at least one of the indicators of program-level function calls made in the emulator to a model of function calls for the at least a part of the program; and identifying a function call corresponding to the at least one of the indicators as anomalous based on the comparison.
摘要翻译：提供了用于检测异常程序执行的方法，介质和系统。在一些实施例中，提供了用于检测异常程序执行的方法，包括：在仿真器中执行程序的至少一部分; 将在仿真器中产生的函数调用与所述程序的至少一部分的函数调用模型进行比较; 并根据比较将功能调用识别为异常。在一些实施例中，提供了用于检测异常程序执行的方法，包括：修改程序以包括程序执行期间进行的程序级函数调用的指示; 将在仿真器中进行的程序级功能调用的至少一个指标与所述程序的至少一部分的函数调用模型进行比较; 以及基于所述比较，将与所述至少一个所述指示符相对应的功能调用识别为异常。

44. 发明申请

US20110167494A1 METHODS, SYSTEMS, AND MEDIA FOR DETECTING COVERT MALWARE 有权
标题翻译：检测覆盖恶意软件的方法，系统和媒体
公开(公告)号：US20110167494A1
公开(公告)日：2011-07-07
申请号：US12982984
申请日：2010-12-31
申请人： Brian M. Bowen , Pratap V. Prabhu , Vasileios P. Kemerlis , Stylianos Sidiroglou , Salvatore J. Stolfo , Angelos D. Keromytis
发明人： Brian M. Bowen , Pratap V. Prabhu , Vasileios P. Kemerlis , Stylianos Sidiroglou , Salvatore J. Stolfo , Angelos D. Keromytis
IPC分类号： G06F21/00
CPC分类号： G06F21/56 , G06F21/566 , G06F21/577 , H04L63/1441 , H04L63/1491
摘要： Methods, systems, and media for detecting covert malware are provided. In accordance with some embodiments, a method for detecting covert malware in a computing environment is provided, the method comprising: generating simulated user activity outside of the computing environment; conveying the simulated user activity to an application inside the computing environment; and determining whether a decoy corresponding to the simulated user activity has been accessed by an unauthorized entity.
摘要翻译：提供了用于检测隐蔽恶意软件的方法，系统和媒体。根据一些实施例，提供了一种用于在计算环境中检测隐匿恶意软件的方法，所述方法包括：在所述计算环境之外生成模拟用户活动; 将所述模拟用户活动传达到所述计算环境内的应用; 以及确定是否已经被未经授权的实体访问与所述模拟用户活动相对应的诱饵。

45. 发明授权

US07962798B2 Methods, systems and media for software self-healing 有权
标题翻译：用于软件自愈的方法，系统和媒体
公开(公告)号：US07962798B2
公开(公告)日：2011-06-14
申请号：US11785317
申请日：2007-04-17
申请人： Michael E. Locasto , Angelos D. Keromytis , Salvatore J. Stolfo , Angelos Stavrou , Gabriela Cretu , Stylianos Sidiroglou , Jason Nieh , Oren Laadan
发明人： Michael E. Locasto , Angelos D. Keromytis , Salvatore J. Stolfo , Angelos Stavrou , Gabriela Cretu , Stylianos Sidiroglou , Jason Nieh , Oren Laadan
IPC分类号： G06F11/00
CPC分类号： G06F11/1438
摘要： Methods, systems, and media for enabling a software application to recover from a fault condition, and for protecting a software application from a fault condition, are provided. In some embodiments, methods include detecting a fault condition during execution of the software application, restoring execution of the software application to a previous point of execution, the previous point of execution occurring during execution of a first subroutine in the software application, and forcing the first subroutine to forego further execution and return to a caller of the first subroutine.
摘要翻译：提供了用于使软件应用程序从故障状态恢复并用于保护软件应用程序免受故障状况的方法，系统和媒体。在一些实施例中，方法包括在执行软件应用期间检测故障状况，将软件应用程序的执行恢复到先前的执行点，在执行软件应用程序中的第一子程序期间发生的先前执行点，并强制执行第一个子程序放弃进一步执行并返回第一个子程序的调用者。

46. 发明申请

US20100293407A1 Systems, Methods, and Media for Recovering an Application from a Fault or Attack 有权
标题翻译：用于从故障或攻击中恢复应用程序的系统，方法和介质
公开(公告)号：US20100293407A1
公开(公告)日：2010-11-18
申请号：US12523989
申请日：2008-01-28
申请人： Michael E. Locasto , Angelos D. Keromytis , Angelos Stavrou , Gabriela F. Ciocarlie
发明人： Michael E. Locasto , Angelos D. Keromytis , Angelos Stavrou , Gabriela F. Ciocarlie
IPC分类号： G06F11/07
CPC分类号： G06F11/1469 , G06F11/1471 , G06F11/3604 , G06F11/3612 , G06F11/3672 , G06F2201/84
摘要： Systems, methods, and media for recovering an application from a fault or an attack are disclosed herein. In some embodiments, a method is provided for enabling a software application to recover from a fault condition. The method includes specifying constrained data items and assigning a set of repair procedures to the constrained data items. The method further includes detecting a fault condition on the constrained data items during execution of the software application, which triggers at least one repair procedure. The triggered repair procedures are executed and the execution of the software application is restored. In some embodiments, the restoring comprises providing memory rollback to a point of execution of the software application before the fault condition was detected.
摘要翻译：本文公开了用于从故障或攻击中恢复应用的系统，方法和媒体。在一些实施例中，提供了一种使软件应用程序能够从故障状态恢复的方法。该方法包括指定受约束的数据项，并将一组修复过程分配给受约束的数据项。该方法还包括在执行软件应用期间检测受限数据项上的故障状况，其触发至少一个修复过程。执行触发的修复过程，并恢复软件应用程序的执行。在一些实施例中，恢复包括在检测到故障状况之前向软件应用的执行点提供内存回滚。

47. 发明申请

US20100281541A1 Systems and Methods for Correlating and Distributing Intrusion Alert Information Among Collaborating Computer Systems 有权
标题翻译：在协作计算机系统中关联和分发入侵警报信息的系统和方法
公开(公告)号：US20100281541A1
公开(公告)日：2010-11-04
申请号：US12833743
申请日：2010-07-09
申请人： Salvatore J. Stolfo , Tal Malkin , Angelos D. Keromytis , Vishal Misra , Michael Locasto , Janak Parekh
发明人： Salvatore J. Stolfo , Tal Malkin , Angelos D. Keromytis , Vishal Misra , Michael Locasto , Janak Parekh
IPC分类号： G06F11/00
CPC分类号： H04L63/1416 , G06F21/552 , G06F21/554 , H04L63/145 , H04L63/1475 , H04L63/1491
摘要： Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems are provided. These systems and methods provide an alert correlator and an alert distributor that enable early signs of an attack to be detected and rapidly disseminated to collaborating systems. The alert correlator utilizes data structures to correlate alert detections and provide a mechanism through which threat information can be revealed to other collaborating systems. The alert distributor uses an efficient technique to group collaborating systems and then pass data between certain members of those groups according to a schedule. In this way data can be routinely distributed without generating excess traffic loads.
摘要翻译：提供了在协作计算机系统之间关联和分发入侵警报信息的系统和方法。这些系统和方法提供警报相关器和警报分发器，其使得能够检测到攻击的早期迹象并且迅速地传播到协作系统。警报相关器利用数据结构来关联警报检测，并提供可以向其他协作系统透露威胁信息的机制。警报分配器使用有效的技术来对协作系统进行分组，然后根据时间表在某些成员之间传递数据。以这种方式，数据可以定期分布，而不会产生过多的流量负载。

48. 发明授权

US07779463B2 Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems 有权
公开(公告)号：US07779463B2
公开(公告)日：2010-08-17
申请号：US10864226
申请日：2004-06-09
申请人： Salvatore J. Stolfo , Tal Malkin , Angelos D. Keromytis , Vishal Misra , Michael Locasto , Janak Parekh
发明人： Salvatore J. Stolfo , Tal Malkin , Angelos D. Keromytis , Vishal Misra , Michael Locasto , Janak Parekh
IPC分类号： G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00 , G06F11/30 , B41K3/38 , G06F15/16 , G06F15/177
CPC分类号： H04L63/1416 , G06F21/552 , G06F21/554 , H04L63/145 , H04L63/1475 , H04L63/1491
摘要： Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems are provided. These systems and methods provide an alert correlator and an alert distributor that enable early signs of an attack to be detected and rapidly disseminated to collaborating systems. The alert correlator utilizes data structures to correlate alert detections and provide a mechanism through which threat information can be revealed to other collaborating systems. The alert distributor uses an efficient technique to group collaborating systems and then pass data between certain members of those groups according to a schedule. In this way data can be routinely distributed without generating excess traffic loads.

49. 发明申请

US20100157834A1 SYSTEMS AND METHODS FOR COMPUTING DATA TRANSMISSION CHARACTERISTICS OF A NETWORK PATH BASED ON SINGLE-ENDED MEASUREMENTS 有权
标题翻译：基于单端测量的网路路径数据传输特性的系统与方法
公开(公告)号：US20100157834A1
公开(公告)日：2010-06-24
申请号：US12648091
申请日：2009-12-28
申请人： Angelos D. Keromytis , Sambuddho Chakravarty , Angelos Stavrou
发明人： Angelos D. Keromytis , Sambuddho Chakravarty , Angelos Stavrou
IPC分类号： H04L12/26
CPC分类号： H04L43/0882 , H04L41/0896 , H04L41/5003 , H04L45/00 , H04L47/10
摘要： Systems and methods for computing data transmission characteristics of a network path are disclosed. In some embodiments, the network path has a sending host, at least one intermediate host, and a receiving host, and the data transmission characteristics are computed based on single-ended measurements performed at the sending host.
摘要翻译：公开了一种用于计算网络路径的数据传输特性的系统和方法。在一些实施例中，网络路径具有发送主机，至少一个中间主机和接收主机，并且基于在发送主机处执行的单端测量来计算数据传输特性。

50. 发明申请

US20100077483A1 METHODS, SYSTEMS, AND MEDIA FOR BAITING INSIDE ATTACKERS 有权
标题翻译：用于打击攻击者的方法，系统和媒体
公开(公告)号：US20100077483A1
公开(公告)日：2010-03-25
申请号：US12565394
申请日：2009-09-23
申请人： Salvatore J. Stolfo , Angelos D. Keromytis , Brian M. Bowen , Shlomo Hershkop , Vasileios P. Kemerlis , Pratap V. Prabhu , Malek Ben Salem
发明人： Salvatore J. Stolfo , Angelos D. Keromytis , Brian M. Bowen , Shlomo Hershkop , Vasileios P. Kemerlis , Pratap V. Prabhu , Malek Ben Salem
IPC分类号： G06F11/00
CPC分类号： G06F21/554 , G06F21/552 , G06F21/566 , G06F2221/034 , G06F2221/2123 , H04L63/1466
摘要： Methods, systems, and media for providing trap-based defenses are provided. In accordance with some embodiments, a method for providing trap-based defenses is provided, the method comprising: generating decoy information based at least in part on actual information in a computing environment, wherein the decoy information is generated to comply with one or more document properties; embedding a beacon into the decoy information; and inserting the decoy information with the embedded beacon into the computing environment, wherein the embedded beacon provides a first indication that the decoy information has been accessed by an attacker and wherein the embedded beacon provides a second indication that differentiates between the decoy information and the actual information.
摘要翻译：提供了用于提供基于陷阱的防御的方法，系统和媒体。根据一些实施例，提供了一种用于提供基于陷阱的防御的方法，所述方法包括：至少部分地基于计算环境中的实际信息生成诱饵信息，其中所述诱饵信息被生成以符合一个或多个文档属性; 将信标嵌入诱饵信息中; 以及将具有所嵌入的信标的诱饵信息插入所述计算环境中，其中所述嵌入式信标提供所述诱饵信息已被攻击者访问的第一指示，并且其中所述嵌入信标提供区分所述诱饵信息和所述实际信息之间的第二指示信息。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式