专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08949797B2 Optimizing performance of integrity monitoring 有权
标题翻译：优化完整性监控的性能
公开(公告)号：US08949797B2
公开(公告)日：2015-02-03
申请号：US12761952
申请日：2010-04-16
申请人： Najwa Aaraj , Mihai Christodorescu , Dimitrios Pendarakis , Reiner Sailer , Douglas L. Schales
发明人： Najwa Aaraj , Mihai Christodorescu , Dimitrios Pendarakis , Reiner Sailer , Douglas L. Schales
IPC分类号： G06F9/44 , G06F9/45 , G06F21/56 , G06F21/55
CPC分类号： G06F21/566 , G06F21/554 , G06F21/563
摘要： A system, method and computer program product for verifying integrity of a running application program on a computing device. The method comprises: determining entry points into an application programs processing space that impact proper execution impact program integrity; mapping data elements reachable from the determined entry points into a memory space of a host system where the application to verify is running; run-time monitoring, in the memory space, potential modification of the data elements in a manner potentially breaching program integrity; and initiating a response to the potential modification. The run-time monitoring detects when a data transaction, e.g., a write event, reaches a malicious agent's entry point, a corresponding memory hook is triggered and control is passed to a security agent running outside the monitored system. This agent requests the values of the data elements, and determines if invariants that have been previously computed hold true or not under the set of retrieved data values.
摘要翻译：一种用于验证计算设备上正在运行的应用程序的完整性的系统，方法和计算机程序产品。该方法包括：将入口点确定为影响适当执行影响程序完整性的应用程序处理空间; 将从所确定的入口点到达的数据元素映射到要验证的应用正在运行的主机系统的存储器空间中; 在存储器空间中的运行时监视，以潜在地破坏程序完整性的方式潜在地修改数据元素; 并启动对潜在修改的响应。运行时监视检测数据事务（例如写入事件）何时到达恶意代理的入口点，触发对应的存储器钩子，并将控制传递到在被监视系统外部运行的安全代理。该代理请求数据元素的值，并确定先前计算的不变量是否在检索的数据值集合之前成立。

2. 发明申请

US20110258610A1 OPTIMIZING PERFORMANCE OF INTEGRITY MONITORING 有权
标题翻译：优化性能监测
公开(公告)号：US20110258610A1
公开(公告)日：2011-10-20
申请号：US12761952
申请日：2010-04-16
申请人： Najwa Aaraj , Mihai Christodorescu , Dimitrios Pendarakis , Reiner Sailer , Douglas L. Schales
发明人： Najwa Aaraj , Mihai Christodorescu , Dimitrios Pendarakis , Reiner Sailer , Douglas L. Schales
IPC分类号： G06F11/30 , G06F9/44
CPC分类号： G06F21/566 , G06F21/554 , G06F21/563
摘要： A system, method and computer program product for verifying integrity of a running application program on a computing device. The method comprises: determining entry points into an application programs processing space that impact proper execution impact program integrity; mapping data elements reachable from the determined entry points into a memory space of a host system where the application to verify is running; run-time monitoring, in the memory space, potential modification of the data elements in a manner potentially breaching program integrity; and initiating a response to the potential modification. The run-time monitoring detects when a data transaction, e.g., a write event, reaches a malicious agent's entry point, a corresponding memory hook is triggered and control is passed to a security agent running outside the monitored system. This agent requests the values of the data elements, and determines if invariants that have been previously computed hold true or not under the set of retrieved data values.
摘要翻译：一种用于验证计算设备上正在运行的应用程序的完整性的系统，方法和计算机程序产品。该方法包括：将入口点确定为影响适当执行影响程序完整性的应用程序处理空间; 将从所确定的入口点到达的数据元素映射到要验证的应用正在运行的主机系统的存储器空间中; 在存储器空间中的运行时监视，以潜在地破坏程序完整性的方式潜在地修改数据元素; 并启动对潜在修改的响应。运行时监视检测数据事务（例如写入事件）何时到达恶意代理的入口点，触发对应的存储器钩子，并将控制传递到在被监视系统外部运行的安全代理。该代理请求数据元素的值，并确定先前计算的不变量是否在检索的数据值集合下保持为真。

3. 发明申请

US20120096549A1 ADAPTIVE CYBER-SECURITY ANALYTICS 有权
标题翻译：自适应安全分析
公开(公告)号：US20120096549A1
公开(公告)日：2012-04-19
申请号：US12903525
申请日：2010-10-13
申请人： Lisa Amini , Mihai Christodorescu , Mitchell A. Cohen , Srinivasan Parthasarathy , Josyula Rao , Reiner Sailer , Douglas L. Schales , Wietse Z. Venema , Olivier Verscheure
发明人： Lisa Amini , Mihai Christodorescu , Mitchell A. Cohen , Srinivasan Parthasarathy , Josyula Rao , Reiner Sailer , Douglas L. Schales , Wietse Z. Venema , Olivier Verscheure
IPC分类号： G06F21/00
CPC分类号： H04L63/1433
摘要： Performing adaptive cyber-security analytics including a computer implemented method that includes receiving a report on a network activity. A score responsive to the network activity and to a scoring model is computed at a computer. The score indicates a likelihood of a security violation. The score is validated and the scoring model is automatically updated responsive to results of the validating. The network activity is reported as suspicious in response to the score being within a threshold of a security violation value.
摘要翻译：执行自适应网络安全分析，包括计算机实现的方法，包括接收关于网络活动的报告。在计算机上计算响应于网络活动和评分模型的评分。分数表示安全违规的可能性。评分得到验证，评分模型会根据验证结果自动更新。响应于分数在安全违规值的阈值内，网络活动被报告为可疑。

4. 发明申请

US20130318616A1 PREDICTING ATTACKS BASED ON PROBABILISTIC GAME-THEORY 审中-公开
标题翻译：基于概率游戏理论预测攻击
公开(公告)号：US20130318616A1
公开(公告)日：2013-11-28
申请号：US13487774
申请日：2012-06-04
申请人： Mihai Christodorescu , Dmytro Korzhyk , Reiner Sailer , Douglas L Schales , Marc Ph Stoecklin , Ting Wang
发明人： Mihai Christodorescu , Dmytro Korzhyk , Reiner Sailer , Douglas L Schales , Marc Ph Stoecklin , Ting Wang
IPC分类号： G06F21/00
CPC分类号： G06F21/00 , G06F21/552 , G06Q10/06375 , H04L63/1408 , H04L63/20
摘要： Systems for determining cyber-attack target include a network monitor module configured to collect network event information from sensors in one or more network nodes; a processor configured to extract information regarding an attacker from the network event information, to form an attack scenario tree that encodes network topology and vulnerability information including a plurality of paths from known compromised nodes to a set of potential targets, to calculate a likelihood for each of the paths, to calculate a probability distribution for the set of potential targets to determine which potential targets are most likely pursued by the attacker, to calculate a probability distribution over a set of nodes and node vulnerability types already accessed by the attacker, and to determine a network graph edge to remove that minimizes a defender's expected uncertainty over the potential targets; and a network management module configured to remove the determined network graph edge.
摘要翻译：用于确定网络攻击目标的系统包括被配置为从一个或多个网络节点中的传感器收集网络事件信息的网络监视器模块; 处理器，其被配置为从网络事件信息中提取关于攻击者的信息，以形成将网络拓扑和脆弱性信息编码的攻击场景树，所述攻击场景树包括从已知的受损节点到一组潜在目标的多个路径，以计算每个的路径，以计算潜在目标集合的概率分布，以确定攻击者最有可能追查哪些潜在目标，以计算攻击者已经访问的一组节点和节点漏洞类型的概率分布，以及确定一个网络图边缘去除，使防守者对潜在目标的预期不确定性最小化; 以及被配置为去除所确定的网络图边缘的网络管理模块。

5. 发明授权

US09032521B2 Adaptive cyber-security analytics 有权
标题翻译：自适应网络安全分析
公开(公告)号：US09032521B2
公开(公告)日：2015-05-12
申请号：US12903525
申请日：2010-10-13
申请人： Lisa Amini , Mihai Christodorescu , Mitchell A. Cohen , Srinivasan Parthasarathy , Josyula Rao , Reiner Sailer , Douglas L. Schales , Wietse Z. Venema , Oliver Verscheure
发明人： Lisa Amini , Mihai Christodorescu , Mitchell A. Cohen , Srinivasan Parthasarathy , Josyula Rao , Reiner Sailer , Douglas L. Schales , Wietse Z. Venema , Oliver Verscheure
IPC分类号： H04L29/06
CPC分类号： H04L63/1433
摘要： Performing adaptive cyber-security analytics including a computer implemented method that includes receiving a report on a network activity. A score responsive to the network activity and to a scoring model is computed at a computer. The score indicates a likelihood of a security violation. The score is validated and the scoring model is automatically updated responsive to results of the validating. The network activity is reported as suspicious in response to the score being within a threshold of a security violation value.
摘要翻译：执行自适应网络安全分析，包括计算机实现的方法，包括接收关于网络活动的报告。在计算机上计算响应于网络活动和评分模型的评分。分数表示安全违规的可能性。评分得到验证，评分模型会根据验证结果自动更新。响应于分数在安全违规值的阈值内，网络活动被报告为可疑。

6. 发明授权

US08863293B2 Predicting attacks based on probabilistic game-theory 有权
标题翻译：基于概率博弈理论预测攻击
公开(公告)号：US08863293B2
公开(公告)日：2014-10-14
申请号：US13478290
申请日：2012-05-23
申请人： Mihai Christodorescu , Dmytro Korzhyk , Reiner Sailer , Douglas L. Schales , Marc Ph Stoecklin , Ting Wang
发明人： Mihai Christodorescu , Dmytro Korzhyk , Reiner Sailer , Douglas L. Schales , Marc Ph Stoecklin , Ting Wang
IPC分类号： G06F21/00 , G06F21/55 , H04L29/06 , G06Q10/06
CPC分类号： G06F21/00 , G06F21/552 , G06Q10/06375 , H04L63/1408 , H04L63/20
摘要： Methods for determining cyber-attack targets include collecting and storing network event information from sensors to extract information regarding an attacker; forming an attack scenario tree that encodes network topology and vulnerability information including paths from known compromised nodes to a set of potential targets; calculating a likelihood for each of the paths using a processor; calculating a probability distribution for the set of potential targets to determine which potential targets are most likely pursued by the attacker; calculating a probability distribution over a set of nodes and node vulnerability types already accessed by the attacker; determining a network graph edge to remove which minimizes a defender's expected uncertainty over the potential targets; and removing the determined network graph edge.
摘要翻译：用于确定网络攻击目标的方法包括从传感器收集和存储网络事件信息以提取关于攻击者的信息; 形成攻击场景树，其编码网络拓扑和脆弱性信息，包括从已知的受感染节点到一组潜在目标的路径; 使用处理器计算每个路径的可能性; 计算一组潜在目标的概率分布，以确定攻击者最有可能追查哪些潜在目标; 计算攻击者已经访问的一组节点和节点漏洞类型的概率分布; 确定要除去的网络图边缘，使防守者对潜在目标的预期不确定性最小化; 并删除确定的网络图边缘。

7. 发明申请

US20130318615A1 PREDICTING ATTACKS BASED ON PROBABILISTIC GAME-THEORY 有权
标题翻译：基于概率游戏理论预测攻击
公开(公告)号：US20130318615A1
公开(公告)日：2013-11-28
申请号：US13478290
申请日：2012-05-23
申请人： Mihai Christodorescu , Dmytro Korzhyk , Reiner Sailer , Douglas L. Schales , Marc Ph. Stoecklin , Ting Wang
发明人： Mihai Christodorescu , Dmytro Korzhyk , Reiner Sailer , Douglas L. Schales , Marc Ph. Stoecklin , Ting Wang
IPC分类号： G06F21/00 , G06F17/10
CPC分类号： G06F21/00 , G06F21/552 , G06Q10/06375 , H04L63/1408 , H04L63/20
摘要： Methods for determining cyber-attack targets include collecting and storing network event information from sensors to extract information regarding an attacker; forming an attack scenario tree that encodes network topology and vulnerability information including paths from known compromised nodes to a set of potential targets; calculating a likelihood for each of the paths using a processor; calculating a probability distribution for the set of potential targets to determine which potential targets are most likely pursued by the attacker; calculating a probability distribution over a set of nodes and node vulnerability types already accessed by the attacker; determining a network graph edge to remove which minimizes a defender's expected uncertainty over the potential targets; and removing the determined network graph edge.
摘要翻译：用于确定网络攻击目标的方法包括从传感器收集和存储网络事件信息以提取关于攻击者的信息; 形成攻击场景树，其编码网络拓扑和脆弱性信息，包括从已知的受感染节点到一组潜在目标的路径; 使用处理器计算每个路径的可能性; 计算一组潜在目标的概率分布，以确定攻击者最有可能追查哪些潜在目标; 计算攻击者已经访问的一组节点和节点漏洞类型的概率分布; 确定要除去的网络图边缘，使防守者对潜在目标的预期不确定性最小化; 并删除确定的网络图边缘。

8. 发明授权

US09003025B2 User identification using multifaceted footprints 有权
标题翻译：用户识别使用多面脚印
公开(公告)号：US09003025B2
公开(公告)日：2015-04-07
申请号：US13542422
申请日：2012-07-05
申请人： Mihai Christodorescu , Reiner Sailer , Douglas Lee Schales , Marc Stoecklin , Ting Wang
发明人： Mihai Christodorescu , Reiner Sailer , Douglas Lee Schales , Marc Stoecklin , Ting Wang
IPC分类号： G06F15/173 , G06F21/32
CPC分类号： G06F21/32 , G06F2221/2101 , G06F2221/2117 , H04L41/5058 , H04L41/5096 , H04L67/22 , H04L67/306
摘要： A method for identifying an unknown user according to a plurality of facets of user activity in a plurality of contexts includes receiving a plurality of priors for the facets with respect to the contexts, receiving a plurality of footprints of known users, aggregating the footprints of the users to determine an ensemble prior, receiving a plurality of network traces relevant to an unknown user in a computer environment, matching the network traces against each of the footprints to determine a plurality of matches, aggregating the matches using the ensemble prior according to the facets and the contexts, and outputting a probable user identity for the unknown user.
摘要翻译：根据多个上下文中的用户活动的多个方面来识别未知用户的方法包括：针对所述上下文接收所述方面的多个先验，接收已知用户的多个覆盖区，用户在先前确定集合，在计算机环境中接收与未知用户相关的多个网络迹线，将网络跟踪与每个足迹匹配以确定多个匹配，以根据小平面先前使用集合聚合匹配和上下文，并为未知用户输出可能的用户身份。

9. 发明授权

US08938511B2 Method and apparatus for detecting unauthorized bulk forwarding of sensitive data over a network 有权
标题翻译：用于检测通过网络的敏感数据的未经批准转发的方法和装置
公开(公告)号：US08938511B2
公开(公告)日：2015-01-20
申请号：US13494101
申请日：2012-06-12
申请人： Mihai Christodorescu , Josyula R. Rao , Reiner Sailer , Douglas Lee Schales
发明人： Mihai Christodorescu , Josyula R. Rao , Reiner Sailer , Douglas Lee Schales
IPC分类号： G06F15/16 , H04L12/58
CPC分类号： H04L51/32 , G06Q10/107 , H04L51/12
摘要： Methods and apparatus are provided for detecting unauthorized bulk forwarding of sensitive data over a network. A bulk forwarding of email from a first network environment is automatically detected by determining an arrival rate for internal emails received from within the first network environment into one or more user accounts; determining a sending rate for external emails sent from the one or more user accounts to a second network environment; and detecting the bulk forwarding of email from a given user account by comparing the arrival rate for internal emails and the sending rate for external emails. The bulk forwarding of email from a given user account can be detected by determining whether statistical models of the arrival rate for internal emails and of the sending rate for external emails are correlated in time.
摘要翻译：提供了用于检测通过网络的敏感数据的未授权批量转发的方法和装置。通过确定从第一网络环境中接收的内部电子邮件的到达率到一个或多个用户帐户，自动检测来自第一网络环境的电子邮件的批量转发; 确定从所述一个或多个用户帐户发送到第二网络环境的外部电子邮件的发送速率; 并通过比较内部电子邮件的到达率和外部电子邮件的发送速率来检测来自给定用户帐户的电子邮件的批量转发。通过确定内部电子邮件到达率的统计模型和外部电子邮件的发送速率是否及时相关，可以检测到来自给定用户帐户的电子邮件的批量转发。

10. 发明申请

US20130333041A1 Method and Apparatus for Automatic Identification of Affected Network Resources After a Computer Intrusion 审中-公开
标题翻译：计算机入侵后影响网络资源自动识别的方法与装置
公开(公告)号：US20130333041A1
公开(公告)日：2013-12-12
申请号：US13494108
申请日：2012-06-12
申请人： Mihai Christodorescu , Josyula R. Rao , Reiner Sailer , Douglas Lee Schales
发明人： Mihai Christodorescu , Josyula R. Rao , Reiner Sailer , Douglas Lee Schales
IPC分类号： G06F21/00
CPC分类号： G06F21/55 , G06F21/568
摘要： Methods and apparatus are provided for automatic identification of affected network resources after a computer intrusion. The network resources affected by a computer intrusion can be identified by collecting information about an external system from an external source; deriving a list of one or more affected internal systems on an internal network by correlating the information with internal information about internal systems that interacted with the external system; and identifying one or more user accounts associated with the one or more affected internal systems. Data residing on systems accessible by the one or more user accounts can also optionally be identified. A list can optionally be presented of the network resources that may be affected by the computer intrusion. The affected network resources can be, for example, servers, services and/or client machines.
摘要翻译：提供了方法和装置，用于在计算机入侵之后自动识别受影响的网络资源。可以通过从外部源收集有关外部系统的信息来识别受计算机入侵影响的网络资源; 通过将信息与与外部系统交互的内部系统的内部信息相关联，得出内部网络上的一个或多个受影响的内部系统的列表; 以及识别与所述一个或多个受影响的内部系统相关联的一个或多个用户帐户。还可以可选地识别驻留在由一个或多个用户帐户访问的系统上的数据。可以选择性地呈现可能受到计算机入侵影响的网络资源的列表。受影响的网络资源可以是例如服务器，服务和/或客户端机器。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式