专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US06981279B1 Method and apparatus for replicating and analyzing worm programs 有权
标题翻译：用于复制和分析蠕虫程序的方法和装置
公开(公告)号：US06981279B1
公开(公告)日：2005-12-27
申请号：US09640453
申请日：2000-08-17
申请人： William C. Arnold , David M. Chess , John F. Morar , Alla Segal , Morton G. Swimmer , Ian N. Whalley , Steve R. White
发明人： William C. Arnold , David M. Chess , John F. Morar , Alla Segal , Morton G. Swimmer , Ian N. Whalley , Steve R. White
IPC分类号： G06F7/04 , G06F9/44 , G06F9/455 , G06F11/00 , G06F21/00
CPC分类号： G06F21/566
摘要： A system and a method are disclosed for dynamically analyzing software, some of whose potentially-important behaviors (such as worm-like behavior) may only be displayed when the software is executed in an environment where it has, or appears to have, access to a production network and/or to the global Internet. The software can be executed in a real or an emulated network environment that includes a monitoring component and an emulation component. The monitoring component serves to capture and/or record the behaviors displayed by the software and/or other components of the system, and the emulation component gives the software being analyzed the impression that it is executing with access to a production network and/or to the global Internet. The software being analyzed is effectively confined to the analysis network environment, and cannot in fact read information from, or alter any information on, any production network or the global Internet.
摘要翻译：公开了一种用于动态分析软件的系统和方法，其中一些可能重要的行为（例如蠕虫状行为）可能仅在软件在具有或似乎具有生产网络和/或全球互联网。该软件可以在包含监视组件和仿真组件的真实或仿真网络环境中执行。监视组件用于捕获和/或记录由软件和/或系统的其他组件显示的行为，并且仿真组件给予被分析的软件正在通过访问生产网络执行的印象和/或全球互联网。正在分析的软件有效地限于分析网络环境，实际上不能从任何生产网络或全球互联网上读取信息或更改任何信息。

2. 发明授权

US07996905B2 Method and apparatus for the automatic determination of potentially worm-like behavior of a program 有权
标题翻译：用于自动确定程序潜在的蠕虫状行为的方法和装置
公开(公告)号：US07996905B2
公开(公告)日：2011-08-09
申请号：US12062152
申请日：2008-04-03
申请人： William C. Arnold , David M. Chess , John F. Morar , Alla Segal , Ian N. Whalley , Steve R. White
发明人： William C. Arnold , David M. Chess , John F. Morar , Alla Segal , Ian N. Whalley , Steve R. White
IPC分类号： G06F12/14 , H04L29/06 , G06F11/30
CPC分类号： G06F21/51
摘要： A method and system for the automatic determination of the behavioral profile of a program suspected of having worm-like characteristics includes analyzing data processing system resources required by the program and, if the required resources are not indicative of the program having worm-like characteristics, running the program in a controlled non-network environment while monitoring and logging accesses to system resources to determine the behavior of the program in the non-network environment. A logged record of the observed behavior is analyzed to determine if the behavior is indicative of the program having worm-like characteristics. The non-network environment may simulate the appearance of a network to the program, without emulating the operation of the network.
摘要翻译：用于自动确定涉嫌具有蠕虫特征的程序的行为特征的方法和系统包括分析程序所需的数据处理系统资源，并且如果所需资源不表示具有蠕虫状特征的程序，在受控的非网络环境中运行程序，同时监视和记录对系统资源的访问，以确定非网络环境中程序的行为。分析观察行为的记录记录，以确定行为是否表明具有蠕虫状特征的程序。非网络环境可以模拟网络对程序的外观，而不模拟网络的操作。

3. 发明申请

US20080189787A1 Method and Apparatus for the Automatic Determination of Potentially Worm-Like Behavior of a Program 有权
标题翻译：用于自动确定程序的潜在蠕虫样行为的方法和装置
公开(公告)号：US20080189787A1
公开(公告)日：2008-08-07
申请号：US12062152
申请日：2008-04-03
申请人： William C. Arnold , David M. Chess , John F. Morar , Alla Segal , Ian N. Whalley , Steve R. White
发明人： William C. Arnold , David M. Chess , John F. Morar , Alla Segal , Ian N. Whalley , Steve R. White
IPC分类号： G06F21/00
CPC分类号： G06F21/51
摘要： A method and system for the automatic determination of the behavioral profile of a program suspected of having worm-like characteristics includes analyzing data processing system resources required by the program and, if the required resources are not indicative of the program having worm-like characteristics, running the program in a controlled non-network environment while monitoring and logging accesses to system resources to determine the behavior of the program in the non-network environment. A logged record of the observed behavior is analyzed to determine if the behavior is indicative of the program having worm-like characteristics. The non-network environment may simulate the appearance of a network to the program, without emulating the operation of the network.
摘要翻译：用于自动确定涉嫌具有蠕虫特征的程序的行为特征的方法和系统包括分析程序所需的数据处理系统资源，并且如果所需资源不表示具有蠕虫状特征的程序，在受控的非网络环境中运行程序，同时监视和记录对系统资源的访问，以确定非网络环境中程序的行为。分析观察行为的记录记录，以确定行为是否表明具有蠕虫状特征的程序。非网络环境可以模拟网络对程序的外观，而不模拟网络的操作。

4. 发明授权

US07861300B2 Method and apparatus for determination of the non-replicative behavior of a malicious program 有权
标题翻译：用于确定恶意程序的非复制行为的方法和装置
公开(公告)号：US07861300B2
公开(公告)日：2010-12-28
申请号：US12141165
申请日：2008-06-18
申请人： William C. Arnold , David M. Chess , John F. Morar , Alla Segal , Ian N. Whalley , Steve R. White
发明人： William C. Arnold , David M. Chess , John F. Morar , Alla Segal , Ian N. Whalley , Steve R. White
IPC分类号： G06F11/00
CPC分类号： G06F21/566
摘要： Disclosed is a method, a computer system and a computer readable media product that contains a set of computer executable software instructions for directing the computer system to execute a process for determining a non-replicative behavior of a program that is suspected of containing an undesirable software entity. The process causes execution of the program in at least one known environment and automatically examines the at least one known environment to detect if a change has occurred in the environment as a result of the execution of the program. If a change is detected, the process automatically analyzes the detected change (i.e., the process performs a side effects analysis) to determine if the change resulted from execution of the program or from execution of the undesirable software entity. The process then uses the result of the analysis at least for undoing a detected change that results from execution of the undesirable software entity. The result of the analysis can also be used for informing a user of an anti-virus system of the non-replicative changes made to the environment.
摘要翻译：公开了一种方法，计算机系统和计算机可读介质产品，其包含一组计算机可执行软件指令，用于指导计算机系统执行用于确定怀疑含有不期望的软件的程序的非复制行为的过程实体。该过程导致在至少一个已知环境中执行该程序，并且自动检查该至少一个已知环境以检测由于该程序的执行而在该环境中是否发生了改变。如果检测到改变，则该过程自动分析检测到的变化（即，过程执行副作用分析），以确定改变是由执行程序还是由不期望的软件实体的执行引起。该过程然后使用分析结果至少用于撤销由不期望的软件实体的执行导致的检测到的改变。分析的结果也可以用于向用户通知反病毒系统对环境的非复制变化。

5. 发明授权

US07487543B2 Method and apparatus for the automatic determination of potentially worm-like behavior of a program 有权
标题翻译：用于自动确定程序的潜在蠕虫状行为的方法和装置
公开(公告)号：US07487543B2
公开(公告)日：2009-02-03
申请号：US10202517
申请日：2002-07-23
申请人： William C. Arnold , David M. Chess , John F. Morar , Alla Segal , Ian N. Whalley , Steve R. White
发明人： William C. Arnold , David M. Chess , John F. Morar , Alla Segal , Ian N. Whalley , Steve R. White
IPC分类号： G08B23/00 , G06F15/18 , G06F12/14 , H04L9/00
CPC分类号： G06F21/51
摘要： A method and system for the automatic determination of the behavioral profile of a program suspected of having worm-like characteristics includes analyzing data processing system resources required by the program and, if the required resources are not indicative of the program having worm-like characteristics, running the program in a controlled non-network environment while monitoring and logging accesses to system resources to determine the behavior of the program in the non-network environment. A logged record of the observed behavior is analyzed to determine if the behavior is indicative of the program having worm-like characteristics. The non-network environment may simulate the appearance of a network to the program, without emulating the operation of the network.
摘要翻译：用于自动确定涉嫌具有蠕虫特征的程序的行为特征的方法和系统包括分析程序所需的数据处理系统资源，并且如果所需资源不表示具有蠕虫状特征的程序，在受控的非网络环境中运行程序，同时监视和记录对系统资源的访问，以确定非网络环境中程序的行为。分析观察行为的记录记录，以确定行为是否表明具有蠕虫状特征的程序。非网络环境可以模拟网络对程序的外观，而不模拟网络的操作。

6. 发明授权

US07103913B2 Method and apparatus for determination of the non-replicative behavior of a malicious program 有权
公开(公告)号：US07103913B2
公开(公告)日：2006-09-05
申请号：US10141896
申请日：2002-05-08
申请人： William C. Arnold , David M. Chess , John F. Morar , Alla Segal , Ian N. Whalley , Steve R. White
发明人： William C. Arnold , David M. Chess , John F. Morar , Alla Segal , Ian N. Whalley , Steve R. White
IPC分类号： G06F11/00
CPC分类号： G06F21/566
摘要： Disclosed is a method, a computer system and a computer readable media product that contains a set of computer executable software instructions for directing the computer system to execute a process for determining a non-replicative behavior of a program that is suspected of containing an undesirable software entity. The process causes execution of the program in at least one known environment and automatically examines the at least one known environment to detect if a change has occurred in the environment as a result of the execution of the program. If a change is detected, the process automatically analyzes the detected change (i.e., the process performs a side effects analysis) to determine if the change resulted from execution of the program or from execution of the undesirable software entity. The process then uses the result of the analysis at least for undoing a detected change that results from execution of the undesirable software entity. The result of the analysis can also be used for informing a user of an anti-virus system of the non-replicative changes made to the environment.

7. 发明授权

US07480912B2 Method for policy-based, autonomically allocated storage 失效
标题翻译：基于策略的自动分配存储方法
公开(公告)号：US07480912B2
公开(公告)日：2009-01-20
申请号：US10449269
申请日：2003-05-29
申请人： William C. Arnold , David M. Chess , Murthy V. Devarakonda , Alla Segal , Ian N. Whalley
发明人： William C. Arnold , David M. Chess , Murthy V. Devarakonda , Alla Segal , Ian N. Whalley
IPC分类号： G06F9/46 , G06F11/00 , G06F12/00 , G06F13/00 , G06F13/28
CPC分类号： G06F9/5016 , H04L67/1002 , H04L67/1008 , H04L67/101 , H04L67/1097 , H04L67/22 , H04L69/329
摘要： Methods for allocation of storage resources, performance monitoring, and reallocation of resources to eliminate hot spots, by specifying high-level goals, rather than by means of low-level manual steps. Policies are specified as administrator specified constraints under which the resources are managed. Goals are specified in terms of performance, availability, and security requirements of the desired storage. As a part of the automation, this invention provides a method for analyzing capabilities of the computer storage system and forming analysis results, which are later used for determining an allocation of resources that will meet the high-level goals specified. This invention also provides methods for automatic monitoring of performance, availability, and security goals for allocated resources. If goals are not met, resources are reallocated so that the goals can be met with the allocation. The invention reduces human involvement, allows policy control, minimizes error, and provides efficient service delivery specified by policies.
摘要翻译：通过指定高层次目标而不是通过低级手动步骤，分配存储资源的方法，性能监测和重新分配资源以消除热点。策略被指定为管理员指定的约束，资源被管理。根据所需存储的性能，可用性和安全性要求指定目标。作为自动化的一部分，本发明提供了一种用于分析计算机存储系统的能力并形成分析结果的方法，其后来用于确定将满足指定的高级目标的资源分配。本发明还提供了用于自动监视分配资源的性能，可用性和安全目标的方法。如果目标没有得到满足，则重新分配资源，以便能够通过分配来满足目标。本发明减少人的参与，允许策略控制，最小化错误，并提供由策略指定的有效的服务提供。

8. 发明申请

US20090307747A1 System To Establish Trust Between Policy Systems And Users 失效
标题翻译：在政策制度和用户之间建立信任的系统
公开(公告)号：US20090307747A1
公开(公告)日：2009-12-10
申请号：US12545167
申请日：2009-08-21
申请人： William C. Arnold , Hoi Yeung Chan , Alla Segal , Ian N. Whalley
发明人： William C. Arnold , Hoi Yeung Chan , Alla Segal , Ian N. Whalley
IPC分类号： G06F21/00
CPC分类号： G06F21/62
摘要： A system and method are provided to establish trust between a user and a policy system that generates recommended actions in accordance with specified policies. Trust is introduced into the policy-based system by assigning a value to each execution of each policy with respect to the policy-based system, called the instantaneous trust index. The instantaneous trust indices for each one of the policies, for the each execution of a given policy or for both are combined into the overall trust index for a given policy or for a given policy-based system. The recommended actions are processed in accordance with the level or trust associated with a given policy as expressed by the trust indices. Manual user input is provided to monitor or change the recommended actions. In addition, reinforcement learning algorithms are used to further enhance the level of trust between the user and the policy-based system.
摘要翻译：提供了一种系统和方法，用于在用户和策略系统之间建立信任，该策略系统根据指定的策略生成推荐的操作。通过为相关于基于策略的系统（称为即时信任索引）为每个策略的每个执行分配值，将信任引入到基于策略的系统中。对于每个执行给定策略或两者的策略，每个策略的即时信任指数被合并到给定策略或给定基于策略的系统的整体信任指数中。建议的行动根据信托指数所表示的给定政策的级别或信任进行处理。提供手动用户输入以监视或更改建议的操作。另外，强化学习算法被用于进一步增强用户与基于策略的系统之间的信任度。

9. 发明授权

US07958552B2 System to establish trust between policy systems and users 失效
标题翻译：在政策制度和用户之间建立信任的制度
公开(公告)号：US07958552B2
公开(公告)日：2011-06-07
申请号：US12545167
申请日：2009-08-21
申请人： William C. Arnold , Hoi Yeung Chan , Alla Segal , Ian N. Whalley
发明人： William C. Arnold , Hoi Yeung Chan , Alla Segal , Ian N. Whalley
IPC分类号： G06F21/00
CPC分类号： G06F21/62
摘要： A system and method are provided to establish trust between a user and a policy system that generates recommended actions in accordance with specified policies. Trust is introduced into the policy-based system by assigning a value to each execution of each policy with respect to the policy-based system, called the instantaneous trust index. The instantaneous trust indices for each one of the policies, for the each execution of a given policy or for both are combined into the overall trust index for a given policy or for a given policy-based system. The recommended actions are processed in accordance with the level or trust associated with a given policy as expressed by the trust indices. Manual user input is provided to monitor or change the recommended actions. In addition, reinforcement learning algorithms are used to further enhance the level of trust between the user and the policy-based system.
摘要翻译：提供了一种系统和方法，用于在用户和策略系统之间建立信任，该策略系统根据指定的策略生成推荐的操作。通过为基于策略的系统（称为即时信任索引）为每个策略的每个执行分配一个值，将信任引入到基于策略的系统中。对于每个执行给定策略或两者的策略，每个策略的即时信任指数被合并到给定策略或给定基于策略的系统的整体信任指数中。建议的行动根据信托指数所表示的给定政策的级别或信任进行处理。提供手动用户输入以监视或更改建议的操作。另外，强化学习算法被用于进一步增强用户与基于策略的系统之间的信任度。

10. 发明授权

US5442699A Searching for patterns in encrypted data 失效
标题翻译：搜索加密数据中的模式
公开(公告)号：US5442699A
公开(公告)日：1995-08-15
申请号：US342519
申请日：1994-11-21
申请人： William C. Arnold , David M. Chess , Jeffrey O. Kephart , Gregory B. Sorkin , Steve R. White
发明人： William C. Arnold , David M. Chess , Jeffrey O. Kephart , Gregory B. Sorkin , Steve R. White
IPC分类号： G06F1/00 , G06F21/00 , G11B23/28
CPC分类号： G11B23/284 , G06F21/564
摘要： A searching method determines, given a specified encryption method (or set of encryption methods) and a specified pattern (or set of patterns), whether a given text contains an encryption, with any key, of anything fitting the pattern or patterns. The procedure detects and locates patterns that are present within data that has been encrypted, provided that the encryption method is one of a variety of simple methods that are often employed by computer programs such as computer viruses. The method includes:1. applying an invariance transformation to the chosen pattern (or set of patterns) to be matched, to obtain a "reduced pattern";2. applying the same reduction to the encrypted data to obtain "reduced data";3. using standard string searching techniques to detect the existence of a match between the reduced pattern and the reduced data, thereby signalling the likely existence of the pattern in encrypted form within the encrypted data;4. corroborating any such likely matches by using techniques specialized to the particular form of encryption; and5. providing information about the match.Depending on the nature of the encryption method and the desired degree of certainty about the match, item 4 may not be necessary. In one embodiment, the patterns and an indication of the encryption method(s) for which they are appropriate are incorporated into the database of a computer virus searcher. The searcher applies each of several different invariant transformations to the searched data (one for each encryption method of interest), and uses search techniques, such as parallel search techniques currently employed by virus searchers, to detect any patterns that may be encrypted within the searched data.
摘要翻译：一种搜索方法确定了给定的加密方法（或一组加密方法）和指定的模式（或一组模式），给定的文本是否包含任何适合该模式或任何模式的任何密钥的加密。该过程检测和定位存在于已经被加密的数据内的模式，前提是加密方法是计算机程序（例如计算机病毒）经常使用的各种简单方法之一。该方法包括：1.将不变性变换应用于要匹配的所选模式（或模式集合），以获得“缩减模式”; 2.对加密数据应用相同的缩减以获得“减少的数据”; 3.使用标准字符串搜索技术来检测缩减模式和缩减数据之间的匹配的存在，从而以加密形式在加密数据内发信号通知模式的可能存在; 4.通过使用专门针对特定加密形式的技术来证实任何这样的可能的匹配; 和5.提供有关比赛的信息。根据加密方法的性质以及所需的确定度，可能不需要项目4。在一个实施例中，将它们合适的模式和加密方法的指示并入计算机病毒搜索器的数据库中。搜索者对搜索到的数据（对于每个感兴趣的加密方法一个）应用几种不变的变换中的每一种，并且使用诸如病毒搜索者当前使用的并行搜索技术的搜索技术来检测可以在被搜索的内容中被加密的任何模式数据。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式