专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08881287B1 Systems and methods for library function identification in automatic malware signature generation 有权
标题翻译：用于自动恶意软件签名生成的库函数识别的系统和方法
公开(公告)号：US08881287B1
公开(公告)日：2014-11-04
申请号：US12408277
申请日：2009-03-20
申请人： Kent Griffin , Xin Hu , Tzi-cker Chiueh , Scott Schneider
发明人： Kent Griffin , Xin Hu , Tzi-cker Chiueh , Scott Schneider
IPC分类号： G06F11/00
CPC分类号： G06F21/564 , H04L63/145
摘要： A computer-implemented method for facilitating automatic malware signature generation may comprise disassembling a malware program, identifying one or more byte sequences within the disassembled malware program that have a likelihood of being representative of one or more library functions contained within the malware program, and preventing the one or more byte sequences from being included within one or more malware signatures. Corresponding systems and computer-readable storage media are also disclosed.
摘要翻译：用于促进自动恶意软件签名生成的计算机实现的方法可以包括拆卸恶意软件程序，识别反汇编的恶意软件程序中可能代表包含在恶意软件程序中的一个或多个库功能的可能性的一个或多个字节序列，并且防止一个或多个字节序列被包括在一个或多个恶意软件签名内。还公开了相应的系统和计算机可读存储介质。

2. 发明授权

US08291497B1 Systems and methods for byte-level context diversity-based automatic malware signature generation 有权
标题翻译：基于字节级上下文分集的自动恶意软件签名生成系统和方法
公开(公告)号：US08291497B1
公开(公告)日：2012-10-16
申请号：US12408306
申请日：2009-03-20
申请人： Kent Griffin , Tzi-cker Chiueh , Scott Schneider
发明人： Kent Griffin , Tzi-cker Chiueh , Scott Schneider
IPC分类号： G06F11/00 , G06F12/14 , G06F12/16 , G06F11/30 , G06F15/173 , G08B23/00
CPC分类号： G06F21/564
摘要： A computer-implemented method for facilitating automatic malware signature generation may comprise providing a byte sequence marked for possible inclusion within one or more malware signatures, determining a context diversity of the byte sequence within malware files each containing the byte sequence in accordance with a diversity-based heuristic, and preventing the byte sequence from being included within the one or more malware signatures in accordance with the determined context diversity. Corresponding systems and computer-readable storage media are also disclosed.
摘要翻译：用于促进自动恶意软件签名生成的计算机实现的方法可以包括提供标记为可能包含在一个或多个恶意软件签名内的字节序列，根据分集式标识确定每个包含字节序列的恶意软件文件内的字节序列的上下文分集，基于启发式，并且根据确定的上下文分集，防止字节序列被包括在一个或多个恶意软件签名内。还公开了相应的系统和计算机可读存储介质。

3. 发明授权

US08239948B1 Selecting malware signatures to reduce false-positive detections 有权
标题翻译：选择恶意软件签名以减少假阳性检测
公开(公告)号：US08239948B1
公开(公告)日：2012-08-07
申请号：US12340420
申请日：2008-12-19
申请人： Kent E. Griffin , Tzi-cker Chiueh , Scott Schneider , Xin Hu
发明人： Kent E. Griffin , Tzi-cker Chiueh , Scott Schneider , Xin Hu
IPC分类号： G06F11/00
CPC分类号： H04L63/1416 , G06F21/564 , G06F21/577 , H04L63/1433
摘要： A set of candidate signatures for a malicious software (malware) is generated. The candidate signatures in the set are scored based on features that indicate the signatures are more unique and thus less likely to generically occur non-malicious programs. A malware signature for the malware entity is selected from among the candidate malware signatures based on the scores. The selected malware signature is stored.
摘要翻译：生成一组恶意软件（恶意软件）的候选签名。基于表示签名更加独特，因此不太可能普遍发生非恶意程序的特征，对该集合中的候选签名进行评分。基于分数从候选恶意软件签名中选择恶意软件实体的恶意软件签名。所选的恶意软件签名被存储。

4. 发明授权

US08321942B1 Selecting malware signatures based on malware diversity 有权
标题翻译：根据恶意软件多样性选择恶意软件签名
公开(公告)号：US08321942B1
公开(公告)日：2012-11-27
申请号：US12403335
申请日：2009-03-12
申请人： Tzi-cker Chiueh , Kent E. Griffin , Scott Schneider , Xin Hu
发明人： Tzi-cker Chiueh , Kent E. Griffin , Scott Schneider , Xin Hu
IPC分类号： G06F21/56
CPC分类号： G06F21/564
摘要： A candidate signature for a known malware entity is selected for analysis. A set of malware entities that contain the candidate signature is identified. A diversity measurement for the candidate signature is determined. The diversity measurement describes the diversity of the set of malware entities that contain the candidate signature. A determination is made whether to use the candidate signature to identify the known malware entity based at least in part on the diversity measurement. Responsive to the determination, the candidate malware signature is stored as a signature for the known malware entity.
摘要翻译：选择已知恶意软件实体的候选签名进行分析。识别包含候选签名的一组恶意软件实体。确定候选签名的分集测量。多样性测量描述了包含候选签名的一组恶意软件实体的多样性。确定是否至少部分地基于分集测量来使用候选签名来识别已知的恶意软件实体。响应于确定，候选恶意软件签名被存储为已知恶意软件实体的签名。

5. 发明授权

US08225317B1 Insertion and invocation of virtual appliance agents through exception handling regions of virtual machines 有权
标题翻译：通过虚拟机的异常处理区域插入和调用虚拟设备代理
公开(公告)号：US08225317B1
公开(公告)日：2012-07-17
申请号：US12477810
申请日：2009-06-03
申请人： Tzi-cker Chiueh , Matthew Conover
发明人： Tzi-cker Chiueh , Matthew Conover
IPC分类号： G06F9/455 , G06F11/00 , H04L29/06
CPC分类号： G06F9/455
摘要： A method for inserting an agent of a virtual appliance into a virtual machine. The method may include inserting, into an exception handler memory location of a virtual machine, one or more computer-executable instructions configured to facilitate transfer of control from the virtual machine to an agent-insertion module. The method may also include triggering an exception during execution of the virtual machine to cause the one or more computer-executable instructions in the exception handler memory location to be executed. The method may further include obtaining control from the virtual machine after the at least one computer-executable instruction executes. The method may include inserting the agent of the virtual appliance into the virtual machine. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译：一种将虚拟设备的代理插入到虚拟机中的方法。该方法可以包括将虚拟机的异常处理程序存储器位置插入到一个或多个计算机可执行指令中，该指令被配置为便于将控制从虚拟机传送到代理插入模块。该方法还可以包括在执行虚拟机期间触发异常以使执行异常处理程序存储器位置中的一个或多个计算机可执行指令。所述方法还可以包括在所述至少一个计算机可执行指令执行之后从所述虚拟机获得控制。该方法可以包括将虚拟设备的代理插入到虚拟机中。还公开了各种其它方法，系统和计算机可读介质。

6. 发明授权

US08065567B1 Systems and methods for recording behavioral information of an unverified component 有权
标题翻译：用于记录未验证组件的行为信息的系统和方法
公开(公告)号：US08065567B1
公开(公告)日：2011-11-22
申请号：US12397009
申请日：2009-03-03
申请人： Matthew Conover , Tzi-cker Chiueh
发明人： Matthew Conover , Tzi-cker Chiueh
IPC分类号： G06F21/00
CPC分类号： G06F21/566 , G06F21/577
摘要： A computer-implemented method for recording behavioral information of an unverified component is described. Interactions between a first process and an unverified component loaded in the first process are monitored. A fault is detected from the monitored interactions. Information associated with an event is sent to a proxy module loaded in a second process. The execution of the event in the second process is verified. Information associated with the behavior of the unverified component during the execution of the event is recorded.
摘要翻译：描述用于记录未验证组件的行为信息的计算机实现的方法。监视第一进程和加载在第一进程中的未验证组件之间的交互。从监控的交互中检测到故障。与事件相关联的信息被发送到在第二进程中加载的代理模块。验证第二个进程中事件的执行。记录在执行事件期间与未验证组件的行为相关联的信息。

7. 发明授权

US08037529B1 Buffer overflow vulnerability detection and patch generation system and method 有权
标题翻译：缓冲区溢出漏洞检测和补丁生成系统及方法
公开(公告)号：US08037529B1
公开(公告)日：2011-10-11
申请号：US12051441
申请日：2008-03-19
申请人： Tzi-cker Chiueh , Kent “E” Griffin
发明人： Tzi-cker Chiueh , Kent “E” Griffin
IPC分类号： G06F12/14 , G06F17/30
CPC分类号： G06F11/3604 , G06F21/577
摘要： A computer-implemented method includes identifying a buffer overflow vulnerability in a vulnerable program including identifying a victim buffer creation site that created a victim buffer and identifying a vulnerability site that overflowed the victim buffer. A patch is created for the vulnerable program to prevent the vulnerability site from overflowing a potential victim buffer created by the victim buffer creation site. In this manner, the information obtained in identifying the buffer overflow vulnerability is used to automatically derive a patch that accurately seals the vulnerability, greatly reduces the false positive and negative rate, while at the same time shortens the response time to new threats.
摘要翻译：计算机实现的方法包括识别脆弱程序中的缓冲区溢出漏洞，包括识别创建受害缓冲区的受害缓冲区创建站点，并识别溢出受害缓冲区的漏洞站点。为易受攻击的程序创建修补程序，以防止漏洞站点溢出由受害缓冲区创建站点创建的潜在的受害者缓冲区。以这种方式，在识别缓冲区溢出漏洞中获得的信息被用于自动导出准确地密封漏洞的补丁，大大减少了错误的正负率，同时缩短了对新威胁的响应时间。

8. 发明授权

US08914324B1 De-duplication storage system with improved reference update efficiency 有权
标题翻译：重复数据删除存储系统具有改进的参考更新效率
公开(公告)号：US08914324B1
公开(公告)日：2014-12-16
申请号：US12580785
申请日：2009-10-16
申请人： Fanglu Guo , Weibao Wu , Tzi-cker Chiueh , Petros Efstathopoulos
发明人： Fanglu Guo , Weibao Wu , Tzi-cker Chiueh , Petros Efstathopoulos
IPC分类号： G06F17/30
CPC分类号： G06F11/1453 , G06F17/30156
摘要： A system and method for backing up files to a single-instance storage system are disclosed. The files may be split into segments, and the file data may be stored in the single-instance storage system as individual segments. The single-instance storage system uses the concept of a file region which covers multiple segments of the file. If a region of a file is unchanged from one backup to the next, the system may use a region object to refer to the unchanged region. This avoids the need to update the reference information for each of the segments within the region, thus increasing the efficiency of backing up the new version of the file.
摘要翻译：公开了将文件备份到单实例存储系统的系统和方法。文件可以被分割成段，并且文件数据可以作为单个段存储在单实例存储系统中。单实例存储系统使用涵盖文件多个段的文件区域的概念。如果文件的一个区域从一个备份到下一个备份不变，则系统可以使用区域对象来引用未更改的区域。这避免了需要更新区域内每个段的参考信息，从而提高了备份新版本文件的效率。

9. 发明授权

US08880784B2 Random write optimization techniques for flash disks 有权
标题翻译：闪存盘的随机写入优化技术
公开(公告)号：US08880784B2
公开(公告)日：2014-11-04
申请号：US13512783
申请日：2010-05-18
申请人： Tzi-cker Chiueh , Maohua Lu , Pi-Yuan Cheng , Goutham Meruva
发明人： Tzi-cker Chiueh , Maohua Lu , Pi-Yuan Cheng , Goutham Meruva
IPC分类号： G06F12/00 , G06F12/02
CPC分类号： G06F12/0246 , G06F2212/1016 , G06F2212/7201 , G06F2212/7202 , G06F2212/7203 , G06F2212/7205
摘要： Disclosed is a method for managing logical block write requests for a flash drive. The method includes receiving a logical block write request from a file system; assigning a category to the logical block; and generating at least three writes from the logical block write request, a first write writes the logical block to an Erasure Unit (EU) according to the category assigned to each logical block, a second write inserts a Block Mapping Table (BMT) update entry to a BMT update log, and a third write commits the BMT update entry to an on-disk BMT, wherein the first and second writes are performed synchronously and the third write is performed asynchronously and in a batched fashion.
摘要翻译：公开了一种用于管理闪存驱动器的逻辑块写入请求的方法。该方法包括从文件系统接收逻辑块写入请求; 将类别分配给逻辑块; 并且从逻辑块写入请求产生至少三次写入，第一次写入根据分配给每个逻辑块的类别将逻辑块写入擦除单元（EU），第二次写入插入块映射表（BMT）更新条目到BMT更新日志，并且第三次写入将BMT更新条目提交到磁盘BMT，其中第一和第二写入被同步地执行，并且以批量方式异步地执行第三写入。

10. 发明授权

US07962961B1 Responding to detected application vulnerability exploits 有权
标题翻译：响应检测到的应用程序漏洞利用
公开(公告)号：US07962961B1
公开(公告)日：2011-06-14
申请号：US11956172
申请日：2007-12-13
申请人： Kent E. Griffin , Tzi-cker Chiueh , Sourabh Satish
发明人： Kent E. Griffin , Tzi-cker Chiueh , Sourabh Satish
IPC分类号： G06F21/22 , G06F15/16 , G06F11/30
CPC分类号： H04L63/1433 , G06F21/566 , G06F21/577 , G06F2221/2101
摘要： A security module detects attempted exploitations of vulnerabilities of an application executing on a computer. A robust function of the application having native error handling functionality is identified. The security module wraps the robust function with an exception handler that catches a “security violation” exception. The exception handler returns an error code of a type that is handled by the application's native error handling functionality. The security module also hooks the application. When a hook is followed, the security module determines whether a vulnerability in the application is being exploited. If an attempted exploit is detected, the security module throws the security violation exception. The application's native error handling functionality unwinds the call stack for the application until it reaches the exception handler wrapping the robust function. The exception handler catches the security violation exception and returns the error code to the application's native error handling functionality.
摘要翻译：安全模块检测在计算机上执行的应用程序的漏洞的尝试利用。识别具有本机错误处理功能的应用的鲁棒功能。安全模块使用捕获“安全冲突”异常的异常处理程序来包装强大的功能。异常处理程序返回由应用程序的本机错误处理功能处理的类型的错误代码。安全模块还挂接应用程序。当遵循挂钩时，安全模块确定应用程序中的漏洞是否被利用。如果检测到尝试的漏洞利用，安全模块将抛出安全冲突异常。应用程序的本机错误处理功能解除应用程序的调用堆栈，直到它到达包含强大功能的异常处理程序。异常处理程序捕获安全冲突异常，并将错误代码返回到应用程序的本机错误处理功能。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式