会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 4. 发明申请
    • SYSTEM AND METHODS FOR DETECTING MALICIOUS EMAIL TRANSMISSION
    • 用于检测恶意电子邮件传输的系统和方法
    • US20100169970A1
    • 2010-07-01
    • US12633493
    • 2009-12-08
    • Salvatore J. StolfoEleazar EskinShlomo HerskopManasi Bhattacharyya
    • Salvatore J. StolfoEleazar EskinShlomo HerskopManasi Bhattacharyya
    • G06F21/00G06F15/16
    • H04L63/1425H04L51/12H04L63/145
    • A system and methods of detecting an occurrence of a violation of an email security policy of a computer system. A model relating to the transmission of prior emails through the computer system is defined which is derived from statistics relating to the prior emails. For selected emails to be analyzed, statistics concerning the selected email are gathered. Such statistics may refer to the behavior or other features of the selected emails, attachments to emails, or email accounts. The determination of whether a violation of an email security policy has occurred is performed by applying the model of prior email transmission to the statistics relating to the selected email. The model may be statistical or probabilistic. A model of prior email transmission may include grouping email recipients into cliques. A determination of a violation of a security policy may occur if email recipients for a particular email are in more than one clique.
    • 检测违反计算机系统的电子邮件安全策略的发生的系统和方法。 与通过计算机系统传输以前的电子邮件相关的模型被定义为从与先前的电子邮件相关的统计数据得出的。 对于要分析的所选电子邮件,将收集有关所选电子邮件的统计信息。 这样的统计数据可以指所选电子邮件的行为或其他功能,附件到电子邮件或电子邮件帐户。 通过将先前的电子邮件传输模型应用于与所选择的电子邮件相关的统计数据来确定是否发生了电子邮件安全策略的违规。 该模型可能是统计或概率。 先前电子邮件传输的模型可以包括将电子邮件收件人分组成团体。 如果特定电子邮件的电子邮件收件人在多个集团中,则可能会发生违反安全政策的决定。
    • 5. 发明授权
    • Systems and methods for adaptive model generation for detecting intrusions in computer systems
    • 用于检测计算机系统中入侵的自适应模型生成的系统和方法
    • US08893273B2
    • 2014-11-18
    • US11805946
    • 2007-05-25
    • Andrew HonigAndrew HowardEleazar EskinSalvatore J. Stolfo
    • Andrew HonigAndrew HowardEleazar EskinSalvatore J. Stolfo
    • G06F21/72H04L29/06G06F21/55G06F21/56
    • H04L63/14G06F17/30091G06F17/30294G06F17/30477G06F21/554G06F21/566G06N7/005G06N99/005H04L63/1416H04L63/1425H04L63/1433
    • A system and methods for detecting intrusions in the operation of a computer system comprises a sensor configured to gather information regarding the operation of the computer system, to format the information in a data record having a predetermined format, and to transmit the data in the predetermined data format. A data warehouse is configured to receive the data record from the sensor in the predetermined data format and to store the data in a SQL database. A detection model generator is configured to request data records from the data warehouse in the predetermined data format, to generate an intrusion detection model based on said data records, and to transmit the intrusion detection model to the data warehouse according to the predetermined data format. A detector is configured to receive a data record in the predetermined data format from the sensor and to classify the data record in real-time as one of normal operation and an attack based on said intrusion detection model. A data analysis engine is configured to request data records from the data warehouse according to the predetermined data format and to perform a data processing function on the data records.
    • 一种用于在计算机系统的操作中检测入侵的系统和方法,包括:传感器,被配置为收集关于计算机系统的操作的信息,将信息格式化成具有预定格式的数据记录,并且以预定的方式发送数据 数据格式。 数据仓库配置为以预定数据格式从传感器接收数据记录,并将数据存储在SQL数据库中。 检测模型生成器被配置为以预定数据格式从数据仓库请求数据记录,以基于所述数据记录生成入侵检测模型,并根据预定数据格式将入侵检测模型发送到数据仓库。 检测器被配置为从传感器接收预定数据格式的数据记录,并且将数据记录实时地分类为正常操作之一和基于所述入侵检测模型的攻击。 数据分析引擎被配置为根据预定数据格式从数据仓库请求数据记录,并对数据记录执行数据处理功能。
    • 7. 发明授权
    • System and methods for detecting intrusions in a computer system by monitoring operating system registry accesses
    • 通过监视操作系统注册表访问来检测计算机系统中的入侵的系统和方法
    • US07913306B2
    • 2011-03-22
    • US12154405
    • 2008-05-21
    • Frank ApapAndrew HonigHershkop ShlomoEleazar EskinSalvatore J. Stolfo
    • Frank ApapAndrew HonigHershkop ShlomoEleazar EskinSalvatore J. Stolfo
    • G06F21/22G06F11/30
    • G06F21/552H04L63/1416
    • A method for detecting intrusions in the operation of a computer system is disclosed which comprises gathering features from records of normal processes that access the files system of the computer, such as the Windows registry, and generating a probabilistic model of normal computer system usage based on occurrences of said features. The features of a record of a process that accesses the Windows registry are analyzed to determine whether said access to the Windows registry is an anomaly. A system is disclosed, comprising a registry auditing module configured to gather records regarding processes that access the Windows registry; a model generator configured to generate a probabilistic model of normal computer system usage based on records of a plurality of processes that access the Windows registry and that are indicative of normal computer system usage; and a model comparator configured to determine whether the access of the Windows registry is an anomaly.
    • 公开了一种用于检测计算机系统操作中的入侵的方法,其包括从访问诸如Windows注册表的计算机的文件系统的正常进程的记录中收集特征,并且基于以下方式生成基于计算机系统的正常计算机系统使用的概率模型: 出现所述特征。 分析访问Windows注册表的进程记录的功能,以确定对Windows注册表的访问是否为异常。 公开了一种系统,其包括注册表审核模块,其被配置为收集关于访问所述Windows注册表的进程的记录; 模型生成器,其被配置为基于访问Windows注册表并且指示正常的计算机系统使用的多个进程的记录来生成正常计算机系统使用的概率模型; 以及配置为确定Windows注册表的访问是否是异常的模型比较器。
    • 8. 发明授权
    • System and methods for detecting malicious email transmission
    • 用于检测恶意电子邮件传输的系统和方法
    • US07657935B2
    • 2010-02-02
    • US10222632
    • 2002-08-16
    • Salvatore J. StolfoEleazar EskinShlomo HerskopManasi Bhattacharyya
    • Salvatore J. StolfoEleazar EskinShlomo HerskopManasi Bhattacharyya
    • G06F11/00G06F12/14
    • H04L63/1425H04L51/12H04L63/145
    • A system and methods of detecting an occurrence of a violation of an email security policy of a computer system. A model relating to the transmission of prior emails through the computer system is defined which is derived from statistics relating to the prior emails. For selected emails to be analyzed, statistics concerning the selected email are gathered. Such statistics may refer to the behavior or other features of the selected emails, attachments to emails, or email accounts. The determination of whether a violation of an email security policy has occurred is performed by applying the model of prior email transmission to the statistics relating to the selected email. The model may be statistical or probabilistic. A model of prior email transmission may include grouping email recipients into cliques. A determination of a violation of a security policy may occur if email recipients for a particular email are in more than one clique.
    • 检测违反计算机系统的电子邮件安全策略的发生的系统和方法。 与通过计算机系统传输以前的电子邮件相关的模型被定义为从与先前的电子邮件相关的统计数据得出的。 对于要分析的所选电子邮件,将收集有关所选电子邮件的统计信息。 这样的统计数据可以指所选电子邮件的行为或其他功能,附件到电子邮件或电子邮件帐户。 通过将先前的电子邮件传输模型应用于与所选择的电子邮件相关的统计数据来确定是否发生了电子邮件安全策略的违规。 该模型可能是统计或概率。 先前电子邮件传输的模型可以包括将电子邮件收件人分组成团体。 如果特定电子邮件的电子邮件收件人在多个集团中,则可能会发生违反安全政策的决定。
    • 9. 发明申请
    • System and methods for adaptive model generation for detecting intrusion in computer systems
    • 用于检测计算机系统入侵的自适应模型生成的系统和方法
    • US20130031633A1
    • 2013-01-31
    • US13573314
    • 2012-09-10
    • Andrew HonigAndrew HowardEleazar EskinSalvatore J. Stolfo
    • Andrew HonigAndrew HowardEleazar EskinSalvatore J. Stolfo
    • G06F21/00
    • H04L63/14G06F17/30091G06F17/30294G06F17/30477G06F21/554G06F21/566G06N7/005G06N99/005H04L63/1416H04L63/1425H04L63/1433
    • A system and methods for detecting intrusions in the operation of a computer system comprises a sensor configured to gather information regarding the operation of the computer system, to format the information in a data record having a predetermined format, and to transmit the data in the predetermined data format. A data warehouse is configured to receive the data record from the sensor in the predetermined data format and to store the data in a SQL database. A detection model generator is configured to request data records from the data warehouse in the predetermined data format, to generate an intrusion detection model based on said data records, and to transmit the intrusion detection model to the data warehouse according to the predetermined data format. A detector is configured to receive a data record in the predetermined data format from the sensor and to classify the data record in real-time as one of normal operation and an attack based on said intrusion detection model. A data analysis engine is configured to request data records from the data warehouse according to the predetermined data format and to perform a data processing function on the data records.
    • 一种用于在计算机系统的操作中检测入侵的系统和方法,包括:传感器,被配置为收集关于计算机系统的操作的信息,将信息格式化成具有预定格式的数据记录,并且以预定的方式发送数据 数据格式。 数据仓库配置为以预定数据格式从传感器接收数据记录,并将数据存储在SQL数据库中。 检测模型生成器被配置为以预定数据格式从数据仓库请求数据记录,以基于所述数据记录生成入侵检测模型,并根据预定数据格式将入侵检测模型发送到数据仓库。 检测器被配置为从传感器接收预定数据格式的数据记录,并且将数据记录实时地分类为正常操作之一和基于所述入侵检测模型的攻击。 数据分析引擎被配置为根据预定数据格式从数据仓库请求数据记录,并对数据记录执行数据处理功能。
    • 10. 发明授权
    • System and methods for adaptive model generation for detecting intrusions in computer systems
    • 用于检测计算机系统入侵的自适应模型生成的系统和方法
    • US07225343B1
    • 2007-05-29
    • US10352342
    • 2003-01-27
    • Andrew HonigAndrew HowardEleazar EskinSalvatore J. Stolfo
    • Andrew HonigAndrew HowardEleazar EskinSalvatore J. Stolfo
    • H04L9/00
    • H04L63/14G06F17/30091G06F17/30294G06F17/30477G06F21/554G06F21/566G06N7/005G06N99/005H04L63/1416H04L63/1425H04L63/1433
    • A system and methods for detecting intrusions in the operation of a computer system comprises a sensor configured to gather information regarding the operation of the computer system, to format the information in a data record having a predetermined format, and to transmit the data in the predetermined data format. A data warehouse is configured to receive the data record from the sensor in the predetermined data format and to store the data in a database. A detection model generator is configured to request data records from the data warehouse in the predetermined data format, to generate an intrusion detection model based on said data records, and to transmit the intrusion detection model to the data warehouse according to the predetermined data format. A detector is configured to receive a data record in the predetermined data format from the sensor and to classify the data record in real-time as one of normal operation and an attack based on said intrusion detection model. A data analysis engine is configured to request data records from the data warehouse according to the predetermined data format and to perform a data processing function on the data records.
    • 一种用于在计算机系统的操作中检测入侵的系统和方法,包括:传感器,被配置为收集关于计算机系统的操作的信息,将信息格式化成具有预定格式的数据记录,并且以预定的方式发送数据 数据格式。 数据仓库被配置为以预定数据格式从传感器接收数据记录,并将数据存储在数据库中。 检测模型生成器被配置为以预定数据格式从数据仓库请求数据记录,以基于所述数据记录生成入侵检测模型,并根据预定数据格式将入侵检测模型发送到数据仓库。 检测器被配置为从传感器接收预定数据格式的数据记录,并且将数据记录实时地分类为正常操作之一和基于所述入侵检测模型的攻击。 数据分析引擎被配置为根据预定数据格式从数据仓库请求数据记录,并对数据记录执行数据处理功能。