专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08424091B1 Automatic local detection of computer security threats 有权
标题翻译：自动本地检测计算机安全威胁
公开(公告)号：US08424091B1
公开(公告)日：2013-04-16
申请号：US12686238
申请日：2010-01-12
申请人： Chung-Tsai Su , Wen-Kwang Tsao , Chung-Chi Wu , Ming-Tai Chang , Yun-Chian Cheng
发明人： Chung-Tsai Su , Wen-Kwang Tsao , Chung-Chi Wu , Ming-Tai Chang , Yun-Chian Cheng
IPC分类号： G06F21/00
CPC分类号： H04L51/12 , G06F21/55 , H04L63/145
摘要： A system for locally detecting computer security threats in a computer network includes a processing engine, a fingerprint engine, and a detection engine. Data samples are received in the computer network and grouped by the processing engine into clusters. Clusters that do not have high false alarm rates are passed to the fingerprint engine, which generates fingerprints for the clusters. The detection engine scans incoming data for computer security threats using the fingerprints.
摘要翻译：用于本地检测计算机网络中的计算机安全威胁的系统包括处理引擎，指纹引擎和检测引擎。数据样本在计算机网络中接收并由处理引擎分组成簇。没有高错误警报率的群集将传递给指纹引擎，指纹引擎会为群集生成指纹。检测引擎使用指纹扫描传入数据以获取计算机安全威胁。

2. 发明授权

US08495733B1 Content fingerprinting using context offset sequences 有权
标题翻译：内容指纹使用上下文偏移序列
公开(公告)号：US08495733B1
公开(公告)日：2013-07-23
申请号：US12410658
申请日：2009-03-25
申请人： Yun-Chian Cheng , Ming-Tai Chang , Chung-Chih Wu
发明人： Yun-Chian Cheng , Ming-Tai Chang , Chung-Chih Wu
IPC分类号： G06F11/00 , G06F17/15
CPC分类号： H04L63/0227 , G06F21/10 , G06F2221/0737 , H04W12/12
摘要： One embodiment relates to a computer-implemented process of content fingerprinting. A context and a content for fingerprinting are received. The context comprises a set of context components for use in generation of content fingerprints. The content includes instances of at least some of the context components. The content is processed to generate context offset sequences, and a fingerprint for the content is formed from at least a portion of the context offset sequences. Another embodiment relates to a computer-implemented process for comparing a target content against a pool of contents. The process includes constructing an automata data structure based on the fingerprints in the pool. Context offset sequences of a target fingerprint are scanned against the automata data structure to determine matched offset subsequences. Other embodiments, aspects and features are also disclosed.
摘要翻译：一个实施例涉及计算机实现的内容指纹识别过程。接收到指纹的上下文和内容。上下文包括用于生成内容指纹的一组上下文组件。内容包括至少一些上下文组件的实例。处理内容以生成上下文偏移序列，并且内容的指纹由上下文偏移序列的至少一部分形成。另一实施例涉及用于将目标内容与内容池进行比较的计算机实现的过程。该过程包括基于池中的指纹构建自动机数据结构。根据自动机数据结构扫描目标指纹的上下文偏移序列，以确定匹配的偏移子序列。还公开了其它实施例，方面和特征。

3. 发明授权

US08056132B1 Client-side technique for detecting software robots 有权
标题翻译：用于检测软件机器人的客户端技术
公开(公告)号：US08056132B1
公开(公告)日：2011-11-08
申请号：US12260347
申请日：2008-10-29
申请人： Ming-Tai Chang , Jui-Pang Casper Wang , Lio Cheng , Kuan-Hua Chen
发明人： Ming-Tai Chang , Jui-Pang Casper Wang , Lio Cheng , Kuan-Hua Chen
IPC分类号： G06F11/00 , G06F12/14 , H04L9/32
CPC分类号： H04L63/1425 , G06F21/552 , G06F21/566 , G06F2221/2129 , G06F2221/2151 , H04L2463/144
摘要： Software robots (“bots”) may be detected in a client computer using a client-side bot detector. The client-side bot detector may be configured to receive bot event profiles indicating IP (Internet Protocol) addresses involved in malicious online activities perpetrated by bots and time frames when the malicious online activities occurred. The client-side bot detector may determine dynamic IP addresses that have been dynamically assigned to the client computer by consulting a dynamic IP assignment profile of the client computer. The client-side bot detector may compare the bot event profiles against the dynamic IP assignment profile of the client computer to determine if the client computer is infected by a bot.
摘要翻译：可以使用客户端机器人检测器在客户端计算机中检测软件机器人（“bot”）。客户端机器人检测器可以被配置为接收指示当发生恶意的在线活动时机器人和时间框架所引起的恶意在线活动中涉及的IP（因特网协议）地址的bot事件简档。客户机bot检测器可以通过咨询客户端计算机的动态IP分配简档来确定动态分配给客户端计算机的动态IP地址。客户端机器人检测器可以将机器人事件概况与客户端计算机的动态IP分配配置文件进行比较，以确定客户端计算机是否被机器人感染。

4. 发明授权

US08561188B1 Command and control channel detection with query string signature 有权
标题翻译：命令和控制通道检测与查询字符串签名
公开(公告)号：US08561188B1
公开(公告)日：2013-10-15
申请号：US13250928
申请日：2011-09-30
申请人： Jui Pang Wang , Ming-Tai Chang , Jui-Chieh Wu
发明人： Jui Pang Wang , Ming-Tai Chang , Jui-Chieh Wu
IPC分类号： G06F21/00
CPC分类号： H04L63/1425
摘要： Detection and prevention of botnet behavior is accomplished by monitoring access request in a network. Each request includes a domain of content to access and a path of content to access, and each path includes a file name and query string. Once obtained, the query strings for each of these requests are normalized. A signature is then created for each of the normalized query strings. The obtained requests can then be grouped by signature. Once the requests have been grouped by signature, each grouping is examined to identify suspicious signatures based on common botnet behavior. Suspicious requests are used in back-end and front-end defenses against botnets.
摘要翻译：通过监控网络中的访问请求来实现僵尸网络行为的检测和预防。每个请求都包括要访问的内容的域和要访问的内容的路径，并且每个路径都包含文件名和查询字符串。一旦获得，这些请求中的每一个的查询字符串被归一化。然后为每个规范化查询字符串创建一个签名。所获得的请求可以通过签名分组。一旦通过签名对请求进行了分组，则根据常见的僵尸网络行为检查每个分组以识别可疑签名。可疑请求用于后端和前端针对僵尸网络的防御。

5. 发明授权

US08205258B1 Methods and apparatus for detecting web threat infection chains 有权
标题翻译：用于检测网络威胁感染链的方法和装置
公开(公告)号：US08205258B1
公开(公告)日：2012-06-19
申请号：US12627152
申请日：2009-11-30
申请人： Ming-Tai Chang , Casper Wang , Peng-Shih Pu
发明人： Ming-Tai Chang , Casper Wang , Peng-Shih Pu
IPC分类号： G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00 , H04L29/06 , G06F11/30 , G06F15/16
CPC分类号： G06F21/566 , G06F17/30684 , G06F17/30887 , H04L63/1441 , H04L63/168
摘要： Uniform resource locator (URL) patterns are found in browsing histories of client computers. The URL patterns are employed to find URL browsing chains for particular client computers. A URL browsing chain includes URL requests that match URL patterns arranged in sequential order by time stamp. The URL browsing chains may be normalized and then evaluated for web threat infection chains. URL browsing chains that are deemed to be web threat infection chains are built into a model. The model may be deployed locally in a client computer or in a remotely located server computer to detect web threat infection chains.
摘要翻译：在客户端计算机的浏览历史中找到统一的资源定位符（URL）模式。使用URL模式来查找特定客户端计算机的URL浏览链。 URL浏览链包含与按照时间戳顺序排列的URL模式相匹配的URL请求。网址浏览链可以被归一化，然后对Web威胁感染链进行评估。被认为是Web威胁感染链的URL浏览链被内置到模型中。该模型可以在本地部署在客户端计算机或位于远程的服务器计算机中，以检测Web威胁感染链。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式