会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 1. 发明申请
    • REALTIME MULTIPLE ENGINE SELECTION AND COMBINING
    • 实时多发动机选择和组合
    • US20120084859A1
    • 2012-04-05
    • US12894185
    • 2010-09-30
    • Kira RadinskyRoy VarshavskyJack W. StokesVladimir HolostovEdward Schaefer
    • Kira RadinskyRoy VarshavskyJack W. StokesVladimir HolostovEdward Schaefer
    • G06F21/00G06F17/30
    • G06F21/563G06F21/56G06Q10/06G06Q30/00
    • Architecture that selects a classification engine based on the expertise of the engine to process a given entity (e.g., a file). Selection of an engine is based on a probability that the engine will detect an unknown entity classification using properties of the entity. One or more of the highest ranked engines are activated in order to achieve the desired performance. A statistical, performance-light module is employed to skip or select several performance-demanding processes. Methods and algorithms are utilized for learning based on matching the best classification engine(s) to detect the entity class based on the entity properties. A user selection option is provided for specifying a maximum number of ranked, classification engines to consider for each state of the machine. A user can also select the minimum probability of detection for a specific entity (e.g., unknown file). The best classifications are re-evaluated over time as the classification engines are updated.
    • 基于引擎的专长来选择分类引擎以处理给定实体(例如,文件)的架构。 引擎的选择是基于引擎将使用实体的属性来检测未知实体分类的概率。 一个或多个最高排名的引擎被激活以实现期望的性能。 采用统计的性能灯模块来跳过或选择若干性能要求高的过程。 基于匹配最佳分类引擎的方法和算法用于学习,以根据实体属性检测实体类。 提供用户选择选项,用于指定针对机器的每个状态考虑的排名最大的分类引擎。 用户还可以选择特定实体(例如,未知文件)的最小检测概率。 随着分类引擎的更新,最好的分类会随着时间的推移重新评估。
    • 2. 发明授权
    • Realtime multiple engine selection and combining
    • 实时多引擎选择和组合
    • US08869277B2
    • 2014-10-21
    • US12894185
    • 2010-09-30
    • Kira RadinskyRoy VarshavskyJack W. StokesVladimir HolostovEdward Schaefer
    • Kira RadinskyRoy VarshavskyJack W. StokesVladimir HolostovEdward Schaefer
    • G06F21/00G06Q30/00G06F21/56
    • G06F21/563G06F21/56G06Q10/06G06Q30/00
    • Architecture that selects a classification engine based on the expertise of the engine to process a given entity (e.g., a file). Selection of an engine is based on a probability that the engine will detect an unknown entity classification using properties of the entity. One or more of the highest ranked engines are activated in order to achieve the desired performance. A statistical, performance-light module is employed to skip or select several performance-demanding processes. Methods and algorithms are utilized for learning based on matching the best classification engine(s) to detect the entity class based on the entity properties. A user selection option is provided for specifying a maximum number of ranked, classification engines to consider for each state of the machine. A user can also select the minimum probability of detection for a specific entity (e.g., unknown file). The best classifications are re-evaluated over time as the classification engines are updated.
    • 基于引擎的专长来选择分类引擎以处理给定实体(例如,文件)的架构。 引擎的选择是基于引擎将使用实体的属性来检测未知实体分类的概率。 一个或多个最高排名的引擎被激活以实现期望的性能。 采用统计的性能灯模块来跳过或选择若干性能要求高的过程。 基于匹配最佳分类引擎的方法和算法用于学习,以根据实体属性检测实体类。 提供用户选择选项,用于指定针对机器的每个状态考虑的排名最大的分类引擎。 用户还可以选择特定实体(例如,未知文件)的最小检测概率。 随着分类引擎的更新,最好的分类会随着时间的推移重新评估。
    • 4. 发明申请
    • Automated identification of firewall malware scanner deficiencies
    • 自动识别防火墙恶意软件扫描程序的缺陷
    • US20080229419A1
    • 2008-09-18
    • US11724705
    • 2007-03-16
    • Vladimir HolostovJohn Neystadt
    • Vladimir HolostovJohn Neystadt
    • G06F12/14
    • H04L63/145G06F21/564G06F2221/2101G06F2221/2151H04L63/0263H04L63/1425
    • Automated identification of deficiencies in a malware scanner contained in a firewall is provided by correlating incident reports that are generated by desktop protection clients running on hosts in an enterprise that is protected by the firewall. A desktop protection client scans a host for malware incidents, and when detected, analyzes the host's file access log to extract one or more pieces of information about the incident (e.g., identification of a process that placed the infected file on disk, an associated timestamp, file or content type, malware type, hash of such information, or hash of the infected file). The firewall correlates this file access log information with data in its own log to enable the firewall to download the content again and inspect it. If malware is detected, then it is assumed that it was missed when the file first entered the enterprise because the firewall did not have an updated signature. However, if the malware is not detected, then there is a potential deficiency.
    • 通过关联由受防火墙保护的企业中的主机上运行的桌面防护客户端生成的事件报告,可以自动识别防火墙中包含的恶意软件扫描程序中的缺陷。 桌面保护客户端扫描主机以查找恶意软件事件,并在被检测到时分析主机的文件访问日志,以提取有关事件的一条或多条信息(例如,将受感染文件放在磁盘上的进程的标识,相关联的时间戳 ,文件或内容类型,恶意软件类型,此类信息的散列或受感染文件的散列)。 防火墙将该文件访问日志信息与其自己的日志中的数据相关联,以使防火墙能够再次下载内容并进行检查。 如果检测到恶意软件,则假设当文件首次进入企业时,因为防火墙没有更新的签名,所以它被遗漏。 但是,如果没有检测到恶意软件,那么存在潜在的缺陷。
    • 7. 发明授权
    • Host usability and security via an isolated environment
    • 通过孤立的环境主持可用性和安全性
    • US08732797B2
    • 2014-05-20
    • US12871919
    • 2010-08-31
    • Vladimir HolostovYigal EderyYair Geva
    • Vladimir HolostovYigal EderyYair Geva
    • G06F11/00
    • H04L63/1416G06F21/53H04L63/1441
    • Architecture that addresses security concerns while still providing transparent user experience with ability to perform tasks. When a user machine is considered incompliant or compromised due to, for example, a suspected infection, the user machine can be blocked from further access to a network or other computing hosts until the incompliance is resolved. A notification is presented that indicates the nature of the problem, and a way to access an automatically configured isolated environment via which to continue working. The user can be automatically routed to use the alternative isolated environment for temporary access to network resources. Once the user finishes activities in the isolated environment, the system hosting the isolated environment is reverted back to a known good state.
    • 解决安全问题的架构,同时仍然能够提供具有执行任务能力的透明用户体验。 当用户机器由于例如疑似感染而被认为是不合格或受损时,可以阻止用户机器进一步访问网络或其它计算机主机,直到解除不合规。 提供了一个指示问题性质的通知,以及访问自动配置的隔离环境以通过其继续工作的方式。 用户可以自动路由使用备用隔离环境来临时访问网络资源。 一旦用户在隔离的环境中完成活动,托管隔离环境的系统将恢复到已知的良好状态。
    • 9. 发明申请
    • CHAIN OF EVENTS TRACKING WITH DATA TAINTING FOR AUTOMATED SECURITY FEEDBACK
    • 用于自动安全反馈的数据跟踪事件链
    • US20090328210A1
    • 2009-12-31
    • US12165608
    • 2008-06-30
    • Vassilii KhachaturovVladimir HolostovJohn Neystadt
    • Vassilii KhachaturovVladimir HolostovJohn Neystadt
    • G06F21/00
    • G06F21/552
    • An automated security feedback arrangement is provided by which a specialized audit record called a tainting record is linked to data crossing the perimeter of a corpnet that comes from potentially untrusted sources. The linked tainting record operates to taint such data which may be received from external sources such as e-mail and websites or which may comprise data that is imported into the corpnet from mobile computing devices. Data that is derived from the original data is also tainted using a linked tainting record which includes a pointer back to the previous tainting record. The linking and pointing back are repeated for all subsequent derivations of data to thus create an audit trail that may be used to reconstruct the chain of events between the original data crossing the perimeter and any security compromise that may later be detected in the corpnet.
    • 提供了一种自动安全反馈安排,通过该安排,称为污染记录的专门审核记录与跨越可能不受信任的来源的公司的边界的数据相关联。 链接的污染记录用于污染可从诸如电子邮件和网站的外部来源接收的这些数据,或者可以包括从移动计算设备导入到该公司的数据。 从原始数据导出的数据也使用链接的污点记录来污染,该记录包括指向前一个污点记录的指针。 为了所有后续的数据导出重复链接和指向,从而创建可用于重建跨越周界的原始数据之间的事件链以及可能在公司网络中稍后被检测到的任何安全损害的审计跟踪。