会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 4. 发明申请
    • METHODS, MEDIA, AND SYSTEMS FOR DETECTING AN ANOMALOUS SEQUENCE OF FUNCTION CALLS
    • 用于检测功能调用异常序列的方法,媒体和系统
    • US20140173734A1
    • 2014-06-19
    • US14185175
    • 2014-02-20
    • Angelos D. KeromytisSalvatore J. Stolfo
    • Angelos D. KeromytisSalvatore J. Stolfo
    • H04L29/06
    • G06F21/566G06F11/08G06F11/3688G06F2221/033G06N7/005H04L63/1425
    • Methods, media, and systems for detecting an anomalous sequence of function calls are provided. The methods can include compressing a sequence of function calls made by the execution of a program using a compression model; and determining the presence of an anomalous sequence of function calls in the sequence of function calls based on the extent to which the sequence of function calls is compressed. The methods can further include executing at least one known program; observing at least one sequence of function calls made by the execution of the at least one known program; assigning each type of function call in the at least one sequence of function calls made by the at least one known program a unique identifier; and creating at least part of the compression model by recording at least one sequence of unique identifiers.
    • 提供了用于检测函数调用异常序列的方法,介质和系统。 该方法可以包括通过使用压缩模型来压缩由程序执行所产生的函数调用序列; 以及基于函数调用序列被压缩的程度来确定功能调用序列中函数调用的异常序列的存在。 所述方法还可以包括执行至少一个已知程序; 观察由所述至少一个已知节目的执行而进行的至少一个函数调用序列; 在由所述至少一个已知程序进行的所述至少一个功能调用序列中分配每种类型的功能调用唯一标识符; 以及通过记录至少一个唯一标识符序列来创建所述压缩模型的至少一部分。
    • 6. 发明授权
    • Systems and methods for inhibiting attacks with a network
    • 用于抑制网络攻击的系统和方法
    • US08631484B2
    • 2014-01-14
    • US12048533
    • 2008-03-14
    • Angelos StavrouAngelos D. Keromytis
    • Angelos StavrouAngelos D. Keromytis
    • G06F9/00H04L29/06
    • H04L63/1458H04L63/08H04L63/0823H04L63/12H04L63/123H04L63/1416H04L2463/141
    • Systems and methods for inhibiting attacks with a network are provided. In some embodiments, methods for inhibiting attacks by forwarding packets through a plurality of intermediate nodes when being transmitted from a source node to a destination node are provided, the methods comprising: receiving a packet at one of the plurality of intermediate nodes; determining at the selected intermediate node whether the packet has been sent to the correct one of the plurality of intermediate nodes based on a pseudo random function; and forwarding the packet to the destination node, based on the determining. In some embodiments an intermediate node is selected based on a pseudo random function. In some embodiments, systems and methods for establishing access to a multi-path network are provided.
    • 提供了用于抑制网络攻击的系统和方法。 在一些实施例中,提供了当从源节点发送到目的地节点时通过将多个中间节点转发分组来抑制攻击的方法,所述方法包括:在所述多个中间节点之一处接收分组; 在所选择的中间节点处,确定所述分组是否已经基于伪随机函数发送到所述多个中间节点中的正确的一个; 以及基于所述确定将所述分组转发到所述目的地节点。 在一些实施例中,基于伪随机函数来选择中间节点。 在一些实施例中,提供了用于建立对多路径网络的访问的系统和方法。
    • 9. 发明授权
    • Methods, media and systems for detecting anomalous program executions
    • 用于检测异常程序执行的方法,媒体和系统
    • US08074115B2
    • 2011-12-06
    • US12091150
    • 2006-10-25
    • Salvatore J. StolfoAngelos D. KeromytisStelios Sidiroglou
    • Salvatore J. StolfoAngelos D. KeromytisStelios Sidiroglou
    • G06F11/00
    • G06F11/0772G06F11/0718G06F11/0751G06F11/079G06F11/3652
    • Methods, media, and systems for detecting anomalous program executions are provided. In some embodiments, methods for detecting anomalous program executions are provided, comprising: executing at least a part of a program in an emulator; comparing a function call made in the emulator to a model of function calls for the at least a part of the program; and identifying the function call as anomalous based on the comparison. In some embodiments, methods for detecting anomalous program executions are provided, comprising: modifying a program to include indicators of program-level function calls being made during execution of the program; comparing at least one of the indicators of program-level function calls made in the emulator to a model of function calls for the at least a part of the program; and identifying a function call corresponding to the at least one of the indicators as anomalous based on the comparison.
    • 提供了用于检测异常程序执行的方法,介质和系统。 在一些实施例中,提供了用于检测异常程序执行的方法,包括:在仿真器中执行程序的至少一部分; 将在仿真器中产生的函数调用与所述程序的至少一部分的函数调用模型进行比较; 并根据比较将功能调用识别为异常。 在一些实施例中,提供了用于检测异常程序执行的方法,包括:修改程序以包括程序执行期间进行的程序级函数调用的指示; 将在仿真器中进行的程序级功能调用的至少一个指标与所述程序的至少一部分的函数调用模型进行比较; 以及基于所述比较,将与所述至少一个所述指示符相对应的功能调用识别为异常。