专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08214365B1 Measuring confidence of file clustering and clustering based file classification 有权
标题翻译：测量文件聚类和基于聚类的文件分类的置信度
公开(公告)号：US08214365B1
公开(公告)日：2012-07-03
申请号：US13036864
申请日：2011-02-28
申请人： Pratyusa Kumar Manadhata , Sandeep B. Bhatkar , Kent E. Griffin
发明人： Pratyusa Kumar Manadhata , Sandeep B. Bhatkar , Kent E. Griffin
IPC分类号： G06F7/00
CPC分类号： G06F21/566 , G06F21/577 , G06K9/6272 , G06K9/723
摘要： A uniformity of a cluster of samples is determined, and a corresponding raw confidence value is calculated. A confidence interval weight is calculated using a confidence interval to determine reliability of the uniformity. A trace length weight is calculated, as a function of traces of the samples. An n-gram weight is calculated, as a function of numbers of n-grams generated by the samples. A compactness weight is calculated, as a function of the similarity of the samples. A cluster weight is calculated as a function of the four above-described weights. A cluster confidence measurement is calculated as a function of the cluster weight and the raw confidence value. When a new sample is assigned to the cluster, an assignment confidence measurement is calculated, as a function of the cluster's confidence measurement and the sample's trace length, n-grams and similarity.
摘要翻译：确定样本簇的均匀性，并计算相应的原始置信度值。使用置信区间来计算置信区间权重，以确定均匀性的可靠性。计算痕量长度权重，作为样本痕迹的函数。根据样品产生的n克数，计算出n克重量。计算紧凑度权重，作为样本相似度的函数。根据上述四个权重的函数计算簇权重。根据簇权重和原始置信度值计算簇置信度测量。当将新样本分配给群集时，根据群集的置信度测量和样本的踪迹长度，n-gram和相似度计算分配置信度测量值。

2. 发明授权

US09652616B1 Techniques for classifying non-process threats 有权
公开(公告)号：US09652616B1
公开(公告)日：2017-05-16
申请号：US13047281
申请日：2011-03-14
申请人： Sandeep B. Bhatkar , Kent E. Griffin , Pratyusa Manadhata
发明人： Sandeep B. Bhatkar , Kent E. Griffin , Pratyusa Manadhata
IPC分类号： G06F21/56
CPC分类号： G06F21/566 , G06F21/556 , G06F21/56
摘要： Techniques for classifying non-process threats are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for classifying non-process threats comprising generating trace data of at least one observable event associated with execution of a process, representing a first feature of the at least one observable event of the trace data, calculating, using a computer processor, a similarity between the first feature and at least one sample feature, and classifying the process based on the similarity.

3. 发明授权

US08826439B1 Encoding machine code instructions for static feature based malware clustering 有权
标题翻译：编码基于静态功能的恶意软件集群的机器代码说明
公开(公告)号：US08826439B1
公开(公告)日：2014-09-02
申请号：US13014552
申请日：2011-01-26
申请人： Xin Hu , Kent E. Griffin , Sandeep B. Bhatkar
发明人： Xin Hu , Kent E. Griffin , Sandeep B. Bhatkar
IPC分类号： G06F11/00 , G06F21/56
CPC分类号： G06F21/56 , G06F21/563
摘要： Machine language instruction sequences of computer files are extracted and encoded into standardized opcode sequences. The standardized opcodes in the sequences are of the same length and do not include operands. A multi-dimension vector is generated as a static feature for each computer file, where each element in the vector corresponds to the number of occurrences of a unique N-gram (i.e., unique sequence of N consecutive standardized opcodes) in the standardized opcode sequence for that computer file. The computer files are clustered into clusters of similarly classified files based on similarities of their static features. An unknown computer file can be classified by first grouping the file into a cluster of files with similar static features (e.g., into the cluster with the shortest average distance), and then determining the classification of that file based on the classifications of other files that belong to the same cluster.
摘要翻译：计算机文件的机器语言指令序列被提取并编码成标准化的操作码序列。序列中的标准化操作码具有相同的长度，不包括操作数。生成多维向量作为每个计算机文件的静态特征，其中向量中的每个元素对应于标准化操作码序列中唯一N-gram（即，N个连续标准化操作码的唯一序列）的出现次数为该计算机文件。基于其静态特征的相似性，将计算机文件聚类成类似分类文件的群集。可以通过首先将文件分组成具有相似静态特征的文件集（例如，到具有最短平均距离的集群），然后基于其他文件的分类来确定该文件的分类，来分类未知的计算机文件属于同一个集群。

4. 发明授权

US08555385B1 Techniques for behavior based malware analysis 有权
标题翻译：基于行为的恶意软件分析技术
公开(公告)号：US08555385B1
公开(公告)日：2013-10-08
申请号：US13047338
申请日：2011-03-14
申请人： Sandeep B. Bhatkar , Susanta Nanda , Jeffrey Scott Wilhelm
发明人： Sandeep B. Bhatkar , Susanta Nanda , Jeffrey Scott Wilhelm
IPC分类号： G06F21/22 , G06F11/36
CPC分类号： G06F21/556 , G06F11/302 , G06F11/3072 , G06F11/3089 , G06F11/32
摘要： Techniques for behavior based malware analysis are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for behavior based analysis comprising receiving trace data, analyzing, using at least one computer processor, observable events to identify low level actions, analyzing a plurality of low level actions to identify at least one high level behavior, and providing an output of the at least one high level behavior.
摘要翻译：披露了基于行为的恶意软件分析技术。在一个特定的示例性实施例中，可以将技术实现为用于基于行为的分析的方法，包括接收跟踪数据，使用至少一个计算机处理器分析可观察事件以识别低级动作，分析多个低级动作以识别至少一个高级行为，以及提供所述至少一个高级行为的输出。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式