专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07685639B1 Using inserted e-mail headers to enforce a security policy 有权
标题翻译：使用插入的电子邮件标头来执行安全策略
公开(公告)号：US07685639B1
公开(公告)日：2010-03-23
申请号：US10881194
申请日：2004-06-29
申请人： Bruce McCorkendale , William E. Sobel , Carey Nachenberg , Mark Kennedy
发明人： Bruce McCorkendale , William E. Sobel , Carey Nachenberg , Mark Kennedy
IPC分类号： G06F17/00 , G06F11/00 , G06F15/16 , G06F15/173 , H04L9/10 , H04L9/08 , H04L9/32 , G06F13/00
CPC分类号： H04L63/145 , H04L51/12 , H04L63/20
摘要： An outgoing e-mail manager inserts headers into outgoing e-mail messages originating from at least one source on a computer. Each header includes data concerning the source of the e-mail. An e-mail header manager monitors an e-mail stream, and reads headers inserted into e-mail messages. The e-mail header manager applies a security policy to e-mail messages, responsive to the contents of the inserted headers.
摘要翻译：传出的电子邮件管理器将标头插入源自计算机上至少一个源的传出电子邮件。每个标题包括有关电子邮件来源的数据。电子邮件头管理器监视电子邮件流，并读取插入到电子邮件中的标题。电子邮件头管理器根据插入的头部的内容对安全策略应用电子邮件消息。

2. 发明授权

US07490244B1 Blocking e-mail propagation of suspected malicious computer code 有权
标题翻译：阻止可疑恶意计算机代码的电子邮件传播
公开(公告)号：US07490244B1
公开(公告)日：2009-02-10
申请号：US10941527
申请日：2004-09-14
申请人： Mark Kennedy , William E. Sobel , Bruce McCorkendale , Carey Nachenberg
发明人： Mark Kennedy , William E. Sobel , Bruce McCorkendale , Carey Nachenberg
IPC分类号： H04L9/00
CPC分类号： H04L63/1408 , G06F21/566 , H04L51/12
摘要： Methods, apparatuses, and computer-readable media for preventing the spread of malicious computer code. An embodiment of the inventive method comprises the steps of: identifying (110) a computer application that is data mining an e-mail address; determining (130) whether the computer application associates at least one executable application and the data mined e-mail address with an e-mail message (120); and blocking (140) the transmission of the e-mail message when the e-mail message is associated with the at least one executable application and the data mined e-mail address.
摘要翻译：用于防止恶意计算机代码扩散的方法，装置和计算机可读介质。本发明方法的实施例包括以下步骤：识别（110）数据挖掘电子邮件地址的计算机应用程序; 确定（130）计算机应用程序是否将至少一个可执行应用程序和数据挖掘的电子邮件地址与电子邮件消息（120）相关联; 以及当所述电子邮件消息与所述至少一个可执行应用程序和所述数据挖掘的电子邮件地址相关联时，阻止（140）所述电子邮件消息的发送。

3. 发明授权

US08176555B1 Systems and methods for detecting malicious processes by analyzing process names and process characteristics 有权
标题翻译：通过分析过程名称和过程特征来检测恶意进程的系统和方法
公开(公告)号：US08176555B1
公开(公告)日：2012-05-08
申请号：US12130812
申请日：2008-05-30
申请人： Anthony Schreiner , Brian Hernacki , Christopher Peterson , William E. Sobel , Mark Kennedy
发明人： Anthony Schreiner , Brian Hernacki , Christopher Peterson , William E. Sobel , Mark Kennedy
IPC分类号： G06F21/00
CPC分类号： G06F21/566
摘要： A computer-implemented method for detecting a malicious process using file-name heuristics may comprise: 1) identifying a process, 2) identifying a process name for the process, 3) identifying a list of process names for non-malicious processes, and 4) determining, by comparing the process name for the process with the list of process names for non-malicious processes, whether to allow the process to execute. A method for maintaining a database containing information about non-malicious processes is also disclosed. Corresponding systems and computer-readable media are also disclosed.
摘要翻译：用于使用文件名启发式检测恶意进程的计算机实现的方法可以包括：1）识别进程，2）识别该进程的进程名称，3）识别非恶意进程的进程名称列表，4 ）通过将进程的进程名称与非恶意进程的进程名称列表进行比较来确定是否允许进程执行。还公开了一种维护包含有关非恶意进程信息的数据库的方法。还公开了相应的系统和计算机可读介质。

4. 发明授权

US07950060B1 Method and apparatus for suppressing e-mail security artifacts 有权
标题翻译：用于抑制电子邮件安全伪像的方法和装置
公开(公告)号：US07950060B1
公开(公告)日：2011-05-24
申请号：US11864867
申请日：2007-09-28
申请人： Mark Kennedy , Bruce McCorkendale
发明人： Mark Kennedy , Bruce McCorkendale
IPC分类号： G06F12/14
CPC分类号： G06F21/56 , G06F2221/2123 , G06Q10/107
摘要： Method and apparatus for suppressing e-mail security artifacts is described. An aspect of the invention relates to processing e-mail addresses stored in an address book repository on a computer. A request for one or more e-mail addresses is received from a source. Authenticity of the source is verified. The one or more e-mail addresses is (are) obtained from the address book repository. The one or more e-mail addresses is (are) filtered to remove one or more honeypot e-mail addresses. The one or more e-mail addresses is (are) forwarded as filtered to the source if the source is authentic. The one or more e-mail addresses is (are) forwarded as obtained to the source if the source is not authentic. Accordingly, the honeypot addresses are not filtered if the source is not authentic.
摘要翻译：描述了用于抑制电子邮件安全伪像的方法和装置。本发明的一个方面涉及处理存储在计算机上的地址簿存储库中的电子邮件地址。从源接收到一个或多个电子邮件地址的请求。验证来源的真实性。一个或多个电子邮件地址从地址簿存储库获得。一个或多个电子邮件地址被过滤以去除一个或多个蜜罐电子邮件地址。如果源是可信的，那么一个或多个电子邮件地址被转发为源。如果源不是真实的，那么一个或多个电子邮件地址被转发到源。因此，如果源不可信，则蜜罐地址不被过滤。

5. 发明授权

US07950057B1 Driver load manager and method 有权
标题翻译：驱动程序负载管理器和方法
公开(公告)号：US07950057B1
公开(公告)日：2011-05-24
申请号：US11614758
申请日：2006-12-21
申请人： Mark Kennedy , Bruce McCorkendale
发明人： Mark Kennedy , Bruce McCorkendale
IPC分类号： G06F11/00
CPC分类号： G06F21/53
摘要： A method includes determining that a driver load address is in a system service dispatch table (SSDT) addressable area. The method further includes determining whether the driver is authorized to be in the SSDT addressable area. If the driver is authorized to be in the SSDT addressable area, the driver is loaded in the SSDT addressable area and is able to hook operating system functions. Conversely, if the driver is not authorized to be in the SSDT addressable area, the driver is loaded outside the SSDT addressable area and is not able to hook operating system functions. In this manner, only authorized drivers are allowed to hook operating system functions.
摘要翻译：一种方法包括确定驱动程序加载地址在系统服务调度表（SSDT）可寻址区域中。该方法还包括确定驾驶员是否被授权在SSDT可寻址区域中。如果驱动程序被授权在SSDT可寻址区域，则驱动程序加载到SSDT可寻址区域，并且能够挂接操作系统功能。相反，如果驱动程序没有被授权在SSDT可寻址区域，驱动程序将被加载到SSDT可寻址区域之外，并且不能挂起操作系统功能。以这种方式，只允许授权的驱动程序挂起操作系统功能。

6. 发明授权

US09183377B1 Unauthorized account monitoring system and method 有权
标题翻译：未经授权的账户监控系统和方法
公开(公告)号：US09183377B1
公开(公告)日：2015-11-10
申请号：US12141736
申请日：2008-06-18
申请人： William E. Sobel , Brian Hernacki , Mark Kennedy
发明人： William E. Sobel , Brian Hernacki , Mark Kennedy
IPC分类号： G06F11/00 , G06F21/50 , G06F21/55
CPC分类号： G06F21/554 , G06F21/55 , G06F2221/034
摘要： A possibly pre-infected system is inspected for the existence of tracked application-specific accounts. In a tracked application-specific account is found, the system is further audited to verify that only authorized processes are using the account and that the authorized account creation application is installed on the host computer system.
摘要翻译：检查可能的预先感染的系统是否存在跟踪的特定于应用程序的帐户。在被跟踪的应用程序特定帐户中，系统被进一步审核，以验证只有授权的进程正在使用该帐户，并且授权的帐户创建应用程序安装在主机系统上。

7. 发明授权

US07565686B1 Preventing unauthorized loading of late binding code into a process 有权
标题翻译：防止未经授权的将后期绑定代码加载到进程中
公开(公告)号：US07565686B1
公开(公告)日：2009-07-21
申请号：US10983374
申请日：2004-11-08
申请人： William E. Sobel , Mark Kennedy
发明人： William E. Sobel , Mark Kennedy
IPC分类号： G06F11/30 , G06F12/14 , H04L12/22
CPC分类号： H04L63/101 , G06F21/51 , G06F21/554
摘要： A late binding code manager prevents the unauthorized loading of late binding code into a process. The late binding code manager detects an attempt to load late binding code into a process's address space. Subsequently, the late binding code manager determines whether a detected attempt to load late binding code into a process's address space is permitted. Responsive to the results of a determination as to whether an attempt to load late binding code into a process's address space is permitted, the late binding code manager executes at least one additional step affecting the loading of the late binding code into the process's address space. Such a step can comprise permitting, blocking or modifying the attempt to load the late binding code.
摘要翻译：后期绑定代码管理器防止未经授权的后期绑定代码加载到进程中。后期绑定代码管理器检测到将晚期绑定代码加载到进程的地址空间中的尝试。随后，后期绑定代码管理器确定是否允许检测到将后期绑定代码加载到进程的地址空间中的尝试。响应于确定是否允许将晚期绑定代码加载到进程的地址空间的结果，后期绑定代码管理器执行影响后期绑定代码加载到进程的地址空间中的至少一个附加步骤。这样的步骤可以包括允许，阻止或修改加载后期绑定码的尝试。

8. 发明授权

US09135442B1 Methods and systems for detecting obfuscated executables 有权
标题翻译：检测模糊可执行文件的方法和系统
公开(公告)号：US09135442B1
公开(公告)日：2015-09-15
申请号：US12130827
申请日：2008-05-30
申请人： Mark Kennedy
发明人： Mark Kennedy
IPC分类号： G06F9/44 , G06F21/56 , G06F9/445
CPC分类号： G06F21/563 , G06F9/44589
摘要： A computer-implemented method for detecting an obfuscated executable may include identifying an executable file programmed to execute on a target architecture. The method may also include disassembling a first section of the executable file and determining whether the first section of the executable file comprises a valid instruction. The method may further include determining, based on whether the first section of the executable file comprises a valid instruction, whether the executable file poses a security risk. Various other methods, computer-readable media, and systems are also disclosed.
摘要翻译：用于检测混淆的可执行程序的计算机实现的方法可以包括识别被编程为在目标架构上执行的可执行文件。该方法还可以包括拆卸可执行文件的第一部分并确定可执行文件的第一部分是否包括有效指令。该方法还可以包括基于可执行文件的第一部分是否包括有效指令来确定可执行文件是否构成安全风险。还公开了各种其它方法，计算机可读介质和系统。

9. 发明授权

US08635171B1 Systems and methods for reducing false positives produced by heuristics 有权
标题翻译：用于减少启发式产生的假阳性的系统和方法
公开(公告)号：US08635171B1
公开(公告)日：2014-01-21
申请号：US12542099
申请日：2009-08-17
申请人： Mark Kennedy
发明人： Mark Kennedy
IPC分类号： G06F15/18
CPC分类号： G06K9/6256 , G06F21/55 , G06F21/56
摘要： An exemplary method for reducing false positives produced by heuristics may include: 1) training a heuristic using a set of training data, 2) deploying the heuristic, 3) identifying false positives produced by the heuristic during deployment, and then 4) tuning the heuristic by: a) duplicating at least a portion of the false positives, b) modifying the training data to include the duplicate false positives, and c) re-training the heuristic using the modified training data. Corresponding systems and computer-readable media are also disclosed.
摘要翻译：用于减少启发式产生的假阳性的示例性方法可以包括：1）使用一组训练数据训练启发式，2）部署启发式，3）识别在部署期间由启发式产生的误报，然后4）调整启发式通过：a）复制至少一部分假阳性，b）修改训练数据以包括重复的假阳性，以及c）使用修改的训练数据重新训练启发式。还公开了相应的系统和计算机可读介质。

10. 发明授权

US08578345B1 Malware detection efficacy by identifying installation and uninstallation scenarios 有权
标题翻译：通过识别安装和卸载方案来检测恶意软件的功能
公开(公告)号：US08578345B1
公开(公告)日：2013-11-05
申请号：US12761364
申请日：2010-04-15
申请人： Mark Kennedy , Sourabh Satish , Alexander Danileiko , Ming-Jen Wang
发明人： Mark Kennedy , Sourabh Satish , Alexander Danileiko , Ming-Jen Wang
IPC分类号： G06F9/44 , G06F9/445 , G06F11/00
CPC分类号： G06F21/566 , G06F21/57
摘要： The launch of an installer or uninstaller is detected. A process lineage tree is created representing the detected launched installer/uninstaller process, and all processes launched directly and indirectly thereby. The detected installer/uninstaller process is represented by the root node in the process lineage tree. Launches of child processes by the installer/uninstaller process and by any subsequently launched child processes are detected. The launched child processes are represented by child nodes in the tree. As long as the installer/uninstaller process represented by the root node in the tree is running, the processes represented by nodes in tree are exempted from anti-malware analysis. The termination of the installer/uninstaller process is detected, after which the processes represented by nodes in the process lineage tree are no longer exempted from anti-malware analysis.
摘要翻译：检测到启动安装程序或卸载程序。创建一个进程谱系树，表示检测到的启动的安装程序/卸载程序进程，以及由此直接和间接启动的所有进程。检测到的安装程序/卸载程序进程由进程谱系树中的根节点表示。检测到安装程序/卸载程序进程和任何后续启动的子进程启动子进程。启动的子进程由树中的子节点表示。只要树中的根节点所表示的安装程序/卸载程序进程正在运行，树中节点所代表的进程将被免除防恶意软件分析。检测到安装程序/卸载程序进程的终止，之后，进程谱系树中由节点表示的进程不再被免除防恶意软件分析。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式