专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08321935B1 Identifying originators of malware 有权
标题翻译：识别恶意软件的发起者
公开(公告)号：US08321935B1
公开(公告)日：2012-11-27
申请号：US12393957
申请日：2009-02-26
申请人： Joseph H. Chen , Christopher Peterson , Robert Conrad
发明人： Joseph H. Chen , Christopher Peterson , Robert Conrad
IPC分类号： G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00
CPC分类号： G06F21/56
摘要： A malware analysis component receives information concerning malware infections on a large plurality of client computers, as detected by an anti-malware product or submitted directly by users. The malware analysis component analyzes this wide array of information, and identifies suspicious malware detection and submission activity associated with specific sources. Where identified suspicious patterns of malware detection and submission activity associated with a specific source meet a given threshold over time, the malware analysis component determines that the source is an originator of malware.
摘要翻译：恶意软件分析组件接收有关恶意软件产品或用户直接提交的大型客户端计算机上的恶意软件感染信息。恶意软件分析组件分析这些广泛的信息，并识别与特定来源相关的可疑恶意软件检测和提交活动。在与特定来源相关联的恶意软件检测和提交活动的可疑模式随时间满足给定阈值的地方，恶意软件分析组件确定源是恶意软件的发起者。

2. 发明授权

US08370942B1 Proactively analyzing binary files from suspicious sources 有权
标题翻译：从可疑来源主动分析二进制文件
公开(公告)号：US08370942B1
公开(公告)日：2013-02-05
申请号：US12403321
申请日：2009-03-12
申请人： Christopher Peterson , Robert Conrad , Joseph H. Chen
发明人： Christopher Peterson , Robert Conrad , Joseph H. Chen
IPC分类号： H04L29/06
CPC分类号： G06F21/562 , G06F21/577 , H04L63/145
摘要： A malware source analysis component determines which sources of malware are sufficiently suspicious such that all binary files located thereon should be analyzed. In order to makes such determinations, the malware source analysis component receives information concerning malware infections from a plurality of sources. The malware source analysis component analyzes the received information, and determines suspiciousness levels associated with specific sources. Responsive to identifying a given threshold suspiciousness level associated with a source, the malware source analysis component adjudicates that source to be suspicious. Where a source is adjudicated to be suspicious, the malware source analysis component submits submission instructions to that source, directing it to identify binary files thereon and submit them to be analyzed. The malware source analysis component receives binary files from suspicious sources according to the submission instructions, and analyzes the received binary files.
摘要翻译：恶意软件源分析组件确定哪些恶意软件来源充分可疑，以便分析位于其上的所有二进制文件。为了做出这样的确定，恶意软件源分析组件从多个源接收关于恶意软件感染的信息。恶意软件源分析组件分析收到的信息，并确定与特定来源相关的可疑级别。响应于识别与源相关联的给定阈值可疑性级别，恶意软件源分析组件将该来源判断为可疑。如果来源被裁定为可疑，则恶意软件源分析组件将提交指令提交给该来源，指示其识别二进制文件并将其提交进行分析。恶意软件源分析组件根据提交指令从可疑来源接收二进制文件，并分析收到的二进制文件。

3. 发明授权

US08302191B1 Filtering malware related content 有权
标题翻译：过滤恶意软件相关内容
公开(公告)号：US08302191B1
公开(公告)日：2012-10-30
申请号：US12404249
申请日：2009-03-13
申请人： Robert Conrad , Christopher Peterson , Joseph H. Chen
发明人： Robert Conrad , Christopher Peterson , Joseph H. Chen
IPC分类号： G06F21/00
CPC分类号： G06F21/577 , G06F21/56 , H04L63/145
摘要： A submission filtering component filters malware related content received for analysis. The submission filtering component determines an analysis priority rating for each source from which malware related content is received. An analysis priority ratings is based on various factors indicative of how likely the source is to transmit malware related content that is important to analyze. The malware filtering component transforms the received stream of malware related content into a subset to be analyzed, based on the analysis priority ratings associated with sources from which malware related content is received. A malware analysis component analyzes the subset of malware related content.
摘要翻译：提交过滤组件过滤收到的用于分析的恶意软件相关内容。提交过滤组件确定从其接收恶意软件相关内容的每个来源的分析优先级。分析优先级等级基于各种因素，指示源传输对分析重要的恶意软件相关内容的可能性。恶意软件过滤组件基于与从其接收恶意软件相关内容的源相关联的分析优先等级，将所接收的恶意软件相关内容流转换为要分析的子集。恶意软件分析组件分析恶意软件相关内容的子集。

4. 发明授权

US08225405B1 Heuristic detection malicious code blacklist updating and protection system and method 有权
标题翻译：启发式检测恶意代码黑名单更新和保护系统及方法
公开(公告)号：US08225405B1
公开(公告)日：2012-07-17
申请号：US12362352
申请日：2009-01-29
申请人： Christopher Peterson , Joseph H. Chen
发明人： Christopher Peterson , Joseph H. Chen
IPC分类号： H04L29/06
CPC分类号： H04L63/145 , H04L63/205
摘要： Unknown malicious code is heuristically detected on a host computer system. A virus signature for the malicious code is created locally on the host computer system. A blacklist on the host computer system is updated with the virus signature for the heuristically detected malicious code. Accordingly, the blacklist is updated with the virus signature of the heuristically detected malicious code without distribution of the virus signature to the general public. Further, the host computer system is scanned for other instances of the heuristically detected malicious code using the created virus signature. Accordingly, file based detection and remediation of the malicious code is achieved without requiring execution of the malicious code for detection and the associated risks.
摘要翻译：在主机系统上启发式地检测到未知的恶意代码。恶意代码的病毒签名在主机计算机系统上本地创建。使用启发式检测到的恶意代码的病毒签名更新主机计算机系统上的黑名单。因此，利用启发式检测的恶意代码的病毒签名更新黑名单，而不向该公众分发病毒签名。此外，使用所创建的病毒签名扫描主计算机系统的启发式检测的恶意代码的其他实例。因此，可以实现恶意代码的基于文件的检测和修复，而不需要执行用于检测的恶意代码和相关联的风险。

5. 发明授权

US08683585B1 Using file reputations to identify malicious file sources in real time 有权
标题翻译：使用文件信誉来实时识别恶意文件源
公开(公告)号：US08683585B1
公开(公告)日：2014-03-25
申请号：US13025109
申请日：2011-02-10
申请人： Joseph H. Chen , Brendon V. Woirhaye
发明人： Joseph H. Chen , Brendon V. Woirhaye
IPC分类号： G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00
CPC分类号： G06F21/56 , G06F2221/034 , H04L63/145
摘要： File reputations are used to identify malicious file sources. Attempts to access files from external sources are monitored. For each monitored attempt to access a file, a reputation of the specific file is determined. Responsive to a determined reputation of a file meeting a threshold, the file is adjudicated to be malicious. Attempts by sources to distribute malicious files are tracked. Responsive to tracked attempts by sources to distribute malicious files, reputations of file sources are determined. Responsive to a determined reputation of a source meeting a threshold, the source is adjudicated to be malicious, and files the source distributes are analyzed to determine whether they comprise malware. Malicious sources are blocked. Malware and malicious sources are analyzed to identify exploits and distribution patterns.
摘要翻译：文件名称用于识别恶意文件源。监视从外部来源访问文件的尝试。对于每个被监视的访问文件的尝试，确定特定文件的声誉。响应于满足阈值的文件的确定声誉，该文件被判定为恶意的。跟踪来源分发恶意文件的尝试。响应追踪来源分发恶意文件的尝试，确定文件源的声誉。响应于满足阈值的源的确定声誉，源被判定为恶意的，并且分析源分发的文件以确定它们是否包括恶意软件。恶意来源被阻止。分析恶意软件和恶意软件来识别漏洞和分发模式。

6. 发明授权

US08650649B1 Systems and methods for determining whether to evaluate the trustworthiness of digitally signed files based on signer reputation 有权
标题翻译：基于签名者信誉确定是否评估数字签名文件的可信度的系统和方法
公开(公告)号：US08650649B1
公开(公告)日：2014-02-11
申请号：US13214514
申请日：2011-08-22
申请人： Joseph H. Chen , Brendon V Woirhaye
发明人： Joseph H. Chen , Brendon V Woirhaye
IPC分类号： G06F7/04
CPC分类号： G06F21/64
摘要： A computer-implemented method for determining whether to evaluate the trustworthiness of digitally signed files based on signer reputation may include (1) identifying a file, (2) determining that the file has been digitally signed, (3) identifying a signer responsible for digitally signing the file, (4) identifying the signer's reputation, and then (5) determining whether to evaluate the trustworthiness of the file based at least in part on the signer's reputation. In one example, the signer's reputation may be based at least in part on the determined trustworthiness of at least one additional file that was previously signed by the signer. Various other methods, systems, and encoded computer-readable media are also disclosed.
摘要翻译：用于基于签名者信誉确定是否评估数字签名的文件的可信度的计算机实现方法可以包括（1）识别文件，（2）确定文件已被数字签名，（3）识别负责数字签名的签名者签名文件，（4）识别签名者的声誉，然后（5）至少部分基于签名者的声誉来确定是否评估文件的可信度。在一个示例中，签名者的声誉可以至少部分地基于由签名者先前签名的至少一个附加文件的确定的可信度。还公开了各种其他方法，系统和编码的计算机可读介质。

7. 发明授权

US09275231B1 Method and apparatus for securing a computer using an optimal configuration for security software based on user behavior 有权
标题翻译：基于用户行为，使用安全软件的最佳配置来保护计算机的方法和装置
公开(公告)号：US09275231B1
公开(公告)日：2016-03-01
申请号：US12401422
申请日：2009-03-10
申请人： Joseph H. Chen , Brendon V. Woirhaye
发明人： Joseph H. Chen , Brendon V. Woirhaye
IPC分类号： G06F21/57 , G06F21/56
CPC分类号： G06F21/577 , G06F21/56 , G06F21/564 , G06F2221/2149
摘要： A method and apparatus for securing a computer using an optimal configuration for security software based on user behavior is described. In one embodiment, the method for providing an optimal configuration to secure a computer based on user behavior includes examining computer user activity to produce behavior indicia with respect to computer security from malicious threats and determining an optimal configuration for security software based on the behavior indicia.
摘要翻译：描述了一种用于基于用户行为使用用于安全软件的最佳配置来保护计算机的方法和装置。在一个实施例中，用于提供基于用户行为来保护计算机的最佳配置的方法包括检查计算机用户活动以产生相对于来自恶意威胁的计算机安全性的行为标记，并且基于行为标记确定安全软件的最佳配置。

8. 发明授权

US08832835B1 Detecting and remediating malware dropped by files 有权
标题翻译：检测并修复文件丢失的恶意软件
公开(公告)号：US08832835B1
公开(公告)日：2014-09-09
申请号：US12914949
申请日：2010-10-28
申请人： Joseph H. Chen , Zhongning Chen
发明人： Joseph H. Chen , Zhongning Chen
IPC分类号： G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00 , G06F21/00 , H04L29/06
CPC分类号： H04L63/1441 , H04L63/1408 , H04L63/145
摘要： A security module detects and remediates malware from suspicious hosts. A file arrives at an endpoint from a host. The security module detects the arrival of the file and determines the host from which the file arrived. The security module also determines whether the host is suspicious. If the host is suspicious, the security module observes the operation of the file and identifies a set of files dropped by the received file. The security module monitors the files in the set using heuristics to detect whether any of the files engage in malicious behavior. If a file engages in malicious behavior, the security module responds to the malware detection by remediating the malware, which may include removing system changes caused by the set.
摘要翻译：安全模块检测并修复来自可疑主机的恶意软件。文件从主机到达端点。安全模块检测文件的到达并确定文件到达的主机。安全模块还确定主机是否可疑。如果主机是可疑的，则安全模块观察文件的操作，并标识由接收文件丢弃的一组文件。安全模块使用启发式方式来监视集合中的文件，以检测任何文件是否涉及恶意行为。如果文件遇到恶意行为，则安全模块将通过修复恶意软件来响应恶意软件检测，这可能包括删除由该集合引起的系统更改。

9. 发明授权

US08490195B1 Method and apparatus for behavioral detection of malware in a computer system 有权
标题翻译：用于在计算机系统中行为检测恶意软件的方法和装置
公开(公告)号：US08490195B1
公开(公告)日：2013-07-16
申请号：US12340125
申请日：2008-12-19
申请人： Joseph H. Chen , Jamie J. Park
发明人： Joseph H. Chen , Jamie J. Park
IPC分类号： G06F12/14
CPC分类号： G06F21/725 , G06F21/554
摘要： Method and apparatus for behavioral detection of malware in a computer system are described. In some embodiments, a request by a process executing on a computer to change time of a clock managed by the computer is detected. The process is identified as a potential threat. At least one attribute associated with the process is analyzed to determine a threat level. The request to change the time of the clock is blocked and the process is designated as a true positive threat if the threat level satisfies a threshold level.
摘要翻译：描述了用于计算机系统中的恶意软件的行为检测的方法和装置。在一些实施例中，检测由在计算机上执行以改变由计算机管理的时钟的时间的处理的请求。这个过程被认为是潜在的威胁。分析与该过程相关联的至少一个属性以确定威胁级别。如果威胁级别满足阈值级别，则会阻止更改时钟时间的请求，并将进程指定为真正的正面威胁。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式