会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 1. 发明授权
    • Identification of normal scripts in computer systems
    • 识别计算机系统中的正常脚本
    • US08838992B1
    • 2014-09-16
    • US13096453
    • 2011-04-28
    • Xuewen ZhuLili DiaoDa LiDibin Tang
    • Xuewen ZhuLili DiaoDa LiDibin Tang
    • G06F21/00G06F21/56
    • G06F21/56G06F21/563G06F2221/2119
    • A machine learning model is used to identify normal scripts in a client computer. The machine learning model may be built by training using samples of known normal scripts and samples of known potentially malicious scripts and may take into account lexical and semantic characteristics of the sample scripts. The machine learning model and a feature set may be provided to the client computer by a server computer. In the client computer, the machine learning model may be used to classify a target script. The target script does not have to be evaluated for malicious content when classified as a normal script. Otherwise, when the target script is classified as a potentially malicious script, the target script may have to be further evaluated by an anti-malware or sent to a back-end system.
    • 机器学习模型用于识别客户端计算机中的正常脚本。 机器学习模型可以通过使用已知正常脚本的样本和已知潜在恶意脚本的样本的训练来构建,并且可以考虑示例脚本的词汇和语义特征。 机器学习模型和特征集可以由服务器计算机提供给客户端计算机。 在客户端计算机中,机器学习模型可用于对目标脚本进行分类。 当分类为普通脚本时,目标脚本不必对恶意内容进行评估。 否则,当目标脚本被分类为潜在的恶意脚本时,目标脚本可能必须由反恶意软件进一步评估或发送到后端系统。
    • 2. 发明授权
    • White list creation in behavior monitoring system
    • 白名单创建行为监控系统
    • US08161552B1
    • 2012-04-17
    • US12565585
    • 2009-09-23
    • Chih Yao SunYi LuDibin TangRuifeng YangPeng ShuRong Yang
    • Chih Yao SunYi LuDibin TangRuifeng YangPeng ShuRong Yang
    • G06F11/00
    • G06F21/566G06F2221/033H04L63/145
    • A white list (or exception list) for a behavior monitoring system for detecting unknown malware on a computing device is maintained automatically without human intervention. A white list contains process IDs and other data relating to processes that are determined to be (or very likely be) free of malware. If a process is on this list, the rule matching operations of a conventional behavior monitor are not performed, thereby saving processing resources on the computing device. When a process start up is detected, the behavior monitor performs a series of checks or tests. If the process has all valid digital signatures and is not launched from a removable storage device (such as a USB key) and is not enabled to make any inbound or outbound connections, it is eligible for being on the white list. The white list is also automatically maintained by removing process IDs for processes that have terminated or which attempt to make a new outbound or inbound connection, such as a TCP/UDP connection. Scheduled integrity checks on the white list are also performed by examining the process stack for each process to ensure that there are no abnormal files in the process stack.
    • 用于检测计算设备上的未知恶意软件的行为监视系统的白名单(或例外列表)在没有人为干预的情况下自动维护。 白名单包含与被确定为(或很可能)没有恶意软件的进程有关的进程ID和其他数据。 如果一个进程在该列表中,则不执行常规行为监视器的规则匹配操作,从而在计算设备上保存处理资源。 当检测到进程启动时,行为监视器执行一系列检查或测试。 如果该进程具有所有有效的数字签名,并且未从可移动存储设备(例如USB密钥)启动,并且未启用进行任何入站或出站连接,则它有资格进入白名单。 白名单也通过删除已终止或尝试进行新的出站或入站连接(如TCP / UDP连接)的进程的进程ID自动维护。 白名单上的计划完整性检查也通过检查每个进程的进程堆栈来确保进程堆栈中没有异常文件。