专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08769684B2 Methods, systems, and media for masquerade attack detection by monitoring computer user behavior 有权
标题翻译：通过监控计算机用户行为进行伪装攻击检测的方法，系统和媒体
公开(公告)号：US08769684B2
公开(公告)日：2014-07-01
申请号：US12628587
申请日：2009-12-01
申请人： Salvatore J. Stolfo , Malek Ben Salem , Shlomo Hershkop
发明人： Salvatore J. Stolfo , Malek Ben Salem , Shlomo Hershkop
IPC分类号： G06F21/00 , G06F21/55 , G06F21/50 , H04L29/06 , G06F21/56
CPC分类号： H04L63/1416 , G06F21/50 , G06F21/55 , G06F21/552 , G06F21/554 , G06F21/566 , H04L29/06884 , H04L29/06897 , H04L63/1408 , H04L63/1425 , H04L63/1491
摘要： Methods, systems, and media for masquerade attack detection by monitoring computer user behavior are provided. In accordance with some embodiments, a method for detecting masquerade attacks is provided, the method comprising: monitoring a first plurality of user actions and access of decoy information in a computing environment; generating a user intent model for a category that includes at least one of the first plurality of user actions; monitoring a second plurality of user actions; comparing the second plurality of user actions with the user intent model by determining deviation from the generated user intent model; identifying whether the second plurality of user actions is a masquerade attack based at least in part on the comparison; and generating an alert in response to identifying that the second plurality of user actions is the masquerade attack and in response to determining that the second plurality of user actions includes accessing the decoy information in the computing environment.
摘要翻译：提供了通过监控计算机用户行为进行伪装攻击检测的方法，系统和媒体。根据一些实施例，提供了一种用于检测伪装攻击的方法，所述方法包括：在计算环境中监视第一多个用户动作和诱捕信息的访问; 为包括所述第一多个用户动作中的至少一个的类别生成用户意图模型; 监视第二多个用户动作; 通过确定与所生成的用户意图模型的偏差来比较第二多个用户动作与用户意图模型; 至少部分地基于所述比较来识别所述第二多个用户动作是否是伪装攻击; 以及响应于识别所述第二多个用户动作是所述伪装攻击而响应于响应于确定所述第二多个用户动作包括访问所述计算环境中的诱饵信息而产生警报。

2. 发明授权

US09009829B2 Methods, systems, and media for baiting inside attackers 有权
标题翻译：攻击者的诱饵方法，系统和媒体
公开(公告)号：US09009829B2
公开(公告)日：2015-04-14
申请号：US12565394
申请日：2009-09-23
申请人： Salvatore J. Stolfo , Angelos D. Keromytis , Brian M. Bowen , Shlomo Hershkop , Vasileios P. Kemerlis , Pratap V. Prabhu , Malek Ben Salem
发明人： Salvatore J. Stolfo , Angelos D. Keromytis , Brian M. Bowen , Shlomo Hershkop , Vasileios P. Kemerlis , Pratap V. Prabhu , Malek Ben Salem
IPC分类号： G06F11/00 , G06F21/55 , G06F21/56 , H04L29/06
CPC分类号： G06F21/554 , G06F21/552 , G06F21/566 , G06F2221/034 , G06F2221/2123 , H04L63/1466
摘要： Methods, systems, and media for providing trap-based defenses are provided. In accordance with some embodiments, a method for providing trap-based defenses is provided, the method comprising: generating decoy information based at least in part on actual information in a computing environment, wherein the decoy information is generated to comply with one or more document properties; embedding a beacon into the decoy information; and inserting the decoy information with the embedded beacon into the computing environment, wherein the embedded beacon provides a first indication that the decoy information has been accessed by an attacker and wherein the embedded beacon provides a second indication that differentiates between the decoy information and the actual information.
摘要翻译：提供了用于提供基于陷阱的防御的方法，系统和媒体。根据一些实施例，提供了一种用于提供基于陷阱的防御的方法，所述方法包括：至少部分地基于计算环境中的实际信息生成诱饵信息，其中所述诱饵信息被生成以符合一个或多个文档属性; 将信标嵌入诱饵信息中; 以及将具有所嵌入的信标的诱饵信息插入所述计算环境中，其中所述嵌入式信标提供所述诱饵信息已被攻击者访问的第一指示，并且其中所述嵌入信标提供区分所述诱饵信息和所述实际信息之间的第二指示信息。

3. 发明申请

US20220070215A1 Method and Apparatus for Evaluating Phishing Sites to Determine Their Level of Danger and Profile Phisher Behavior 有权
公开(公告)号：US20220070215A1
公开(公告)日：2022-03-03
申请号：US17462585
申请日：2021-08-31
申请人： Salvatore J. Stolfo , Shlomo Hershkop
发明人： Salvatore J. Stolfo , Shlomo Hershkop
IPC分类号： H04L29/06
摘要： Enhanced attribution of phishers and assessment of the danger level posed by phishing campaigns by applying machine learning techniques to analyze the contents of phishing websites. The danger level may be determined as a function of the amount and kind of sensitive personal information the site attempts to steal. Profiling phisher behavior may be used as advanced threat intelligence to help predict targeted website for spoofing and/or phishing campaigns. Profiling phisher behavior may be accomplished by a focused analysis of the displayed items or words generated by the code with which the phisher labels webform input fields across different websites. The model of phisher behavior may reveal a phisher's motive and intent and may be used to investigate organized phishing teams. Rating phishing sites may inform response strategies and provide more informed critical browser messaging to the user.

4. 发明申请

US20210051176A1 SYSTEMS AND METHODS FOR PROTECTION FROM PHISHING ATTACKS 有权
公开(公告)号：US20210051176A1
公开(公告)日：2021-02-18
申请号：US16995783
申请日：2020-08-17
申请人： Salvatore J. Stolfo , Shlomo Hershkop
发明人： Salvatore J. Stolfo , Shlomo Hershkop
IPC分类号： H04L29/06 , G06N20/00 , G06K9/62
摘要： Systems and methods used to thwart attackers' attempts to steal digital credentials from computer network users and protect users from credential and identity theft via website spoofing and phishing campaigns.

5. 发明申请

US20100269175A1 METHODS, SYSTEMS, AND MEDIA FOR MASQUERADE ATTACK DETECTION BY MONITORING COMPUTER USER BEHAVIOR 有权
标题翻译：监控计算机用户行为的MASTERERADE攻击检测方法，系统和媒体
公开(公告)号：US20100269175A1
公开(公告)日：2010-10-21
申请号：US12628587
申请日：2009-12-01
申请人： Salvatore J. Stolfo , Malek Ben Salem , Shlomo Hershkop
发明人： Salvatore J. Stolfo , Malek Ben Salem , Shlomo Hershkop
IPC分类号： G06F11/00
CPC分类号： H04L63/1416 , G06F21/50 , G06F21/55 , G06F21/552 , G06F21/554 , G06F21/566 , H04L29/06884 , H04L29/06897 , H04L63/1408 , H04L63/1425 , H04L63/1491
摘要： Methods, systems, and media for masquerade attack detection by monitoring computer user behavior are provided. In accordance with some embodiments, a method for detecting masquerade attacks is provided, the method comprising: monitoring a first plurality of user actions and access of decoy information in a computing environment; generating a user intent model for a category that includes at least one of the first plurality of user actions; monitoring a second plurality of user actions; comparing the second plurality of user actions with the user intent model by determining deviation from the generated user intent model; identifying whether the second plurality of user actions is a masquerade attack based at least in part on the comparison; and generating an alert in response to identifying that the second plurality of user actions is the masquerade attack and in response to determining that the second plurality of user actions includes accessing the decoy information in the computing environment.
摘要翻译：提供了通过监控计算机用户行为进行伪装攻击检测的方法，系统和媒体。根据一些实施例，提供了一种用于检测伪装攻击的方法，所述方法包括：在计算环境中监视第一多个用户动作和诱捕信息的访问; 为包括所述第一多个用户动作中的至少一个的类别生成用户意图模型; 监视第二多个用户动作; 通过确定与所生成的用户意图模型的偏差来比较第二多个用户动作与用户意图模型; 至少部分地基于所述比较来识别所述第二多个用户动作是否是伪装攻击; 以及响应于识别所述第二多个用户动作是所述伪装攻击而响应于响应于确定所述第二多个用户动作包括访问所述计算环境中的诱饵信息而产生警报。

6. 发明申请

US20100077483A1 METHODS, SYSTEMS, AND MEDIA FOR BAITING INSIDE ATTACKERS 有权
标题翻译：用于打击攻击者的方法，系统和媒体
公开(公告)号：US20100077483A1
公开(公告)日：2010-03-25
申请号：US12565394
申请日：2009-09-23
申请人： Salvatore J. Stolfo , Angelos D. Keromytis , Brian M. Bowen , Shlomo Hershkop , Vasileios P. Kemerlis , Pratap V. Prabhu , Malek Ben Salem
发明人： Salvatore J. Stolfo , Angelos D. Keromytis , Brian M. Bowen , Shlomo Hershkop , Vasileios P. Kemerlis , Pratap V. Prabhu , Malek Ben Salem
IPC分类号： G06F11/00
CPC分类号： G06F21/554 , G06F21/552 , G06F21/566 , G06F2221/034 , G06F2221/2123 , H04L63/1466
摘要： Methods, systems, and media for providing trap-based defenses are provided. In accordance with some embodiments, a method for providing trap-based defenses is provided, the method comprising: generating decoy information based at least in part on actual information in a computing environment, wherein the decoy information is generated to comply with one or more document properties; embedding a beacon into the decoy information; and inserting the decoy information with the embedded beacon into the computing environment, wherein the embedded beacon provides a first indication that the decoy information has been accessed by an attacker and wherein the embedded beacon provides a second indication that differentiates between the decoy information and the actual information.
摘要翻译：提供了用于提供基于陷阱的防御的方法，系统和媒体。根据一些实施例，提供了一种用于提供基于陷阱的防御的方法，所述方法包括：至少部分地基于计算环境中的实际信息生成诱饵信息，其中所述诱饵信息被生成以符合一个或多个文档属性; 将信标嵌入诱饵信息中; 以及将具有所嵌入的信标的诱饵信息插入所述计算环境中，其中所述嵌入式信标提供所述诱饵信息已被攻击者访问的第一指示，并且其中所述嵌入信标提供区分所述诱饵信息和所述实际信息之间的第二指示信息。

7. 发明申请

US20060149821A1 Detecting spam email using multiple spam classifiers 审中-公开
标题翻译：使用多个垃圾邮件分类器检测垃圾邮件
公开(公告)号：US20060149821A1
公开(公告)日：2006-07-06
申请号：US11029069
申请日：2005-01-04
申请人： Vadakkedathu Rajan , Mark Wegman , Richard Segal , Jason Crawford , Jeffrey Kephart , Shlomo Hershkop
发明人： Vadakkedathu Rajan , Mark Wegman , Richard Segal , Jason Crawford , Jeffrey Kephart , Shlomo Hershkop
IPC分类号： G06F15/16
CPC分类号： H04L51/12 , G06Q10/107
摘要： A method for detecting undesirable emails is disclosed. The method combines input from two or more spam classifiers to provide improved classification effectiveness and robustness. The method's effectiveness is improved over that of any one constituent classifier in the sense that the detection rate is increased and/or the false positive rate is decreased. The method's robustness is improved in the sense that, if spammers temporarily elude any one constituent classifier, the other constituent classifiers will still be likely to catch the spam. The method includes obtaining a score from each of a plurality of constituent spam classifiers by applying them to a given input email. The method further includes obtaining a combined spam score from a combined spam classifier that takes as input the plurality of constituent spam classifier scores, the combined spam classifier being computed automatically in accordance with a specified false-positive vs. false-negative tradeoff. The method further includes identifying the given input email as an undesirable email if the combined spam score indicates that the input e-mail is undesirable.
摘要翻译：公开了一种用于检测不期望的电子邮件的方法。该方法结合了两个或更多个垃圾邮件分类器的输入，以提供改进的分类有效性和鲁棒性。在检测率提高和/或假阳性率降低的意义上，该方法的有效性比任何一个构成分类器的有效性得到改善。该方法的鲁棒性得到改善，因为如果垃圾邮件发送者暂时排除任何一个构成分类器，则其他组成分类器仍然可能会捕获垃圾邮件。该方法包括通过将其应用于给定的输入电子邮件来从多个组成垃圾邮件分类器中的每一个获得分数。所述方法还包括从组合的垃圾邮件分类器获得组合的垃圾邮件分数，所述组合垃圾邮件分类器将所述多个组成垃圾邮件分类器分数作为输入，所述组合的垃圾邮件分类器根据指定的假阳性与假阴性权衡自动计算。如果组合的垃圾邮件评分指示输入的电子邮件是不期望的，该方法还包括将给定的输入电子邮件识别为不期望的电子邮件。

8. 发明授权

US07882192B2 Detecting spam email using multiple spam classifiers 失效
标题翻译：使用多个垃圾邮件分类器检测垃圾邮件
公开(公告)号：US07882192B2
公开(公告)日：2011-02-01
申请号：US12541843
申请日：2009-08-14
申请人： Vadakkedathu T. Rajan , Mark N. Wegman , Richard B. Segal , Jason L. Crawford , Jeffrey O. Kephart , Shlomo Hershkop
发明人： Vadakkedathu T. Rajan , Mark N. Wegman , Richard B. Segal , Jason L. Crawford , Jeffrey O. Kephart , Shlomo Hershkop
IPC分类号： G06F15/16
CPC分类号： H04L51/12 , G06Q10/107
摘要： A method for detecting undesirable emails combines input from two or more spam classifiers to provide improved classification effectiveness and robustness. The method includes obtaining a score from each of a plurality of constituent spam classifiers by applying them to a given input email. The method further includes obtaining a combined spam score from a combined spam classifier that takes as input the plurality of constituent spam classifier scores, the combined spam classifier being computed automatically in accordance with a specified false-positive vs. false-negative tradeoff. The method further includes identifying the given input email as an undesirable email if the combined spam score indicates that the input e-mail is undesirable.
摘要翻译：用于检测不期望的电子邮件的方法组合来自两个或更多个垃圾邮件分类器的输入，以提供改进的分类有效性和鲁棒性。该方法包括通过将其应用于给定的输入电子邮件来从多个组成垃圾邮件分类器中的每一个获得分数。所述方法还包括从组合的垃圾邮件分类器获得组合的垃圾邮件分数，所述组合垃圾邮件分类器将所述多个组成垃圾邮件分类器分数作为输入，所述组合垃圾邮件分类器根据指定的假阳性与假阴性权衡自动计算。如果组合的垃圾邮件评分指示输入的电子邮件是不期望的，该方法还包括将给定的输入电子邮件识别为不期望的电子邮件。

9. 发明申请

US20090307771A1 DETECTING SPAM EMAIL USING MULTIPLE SPAM CLASSIFIERS 失效
标题翻译：使用多个垃圾邮件分类器检测垃圾邮件
公开(公告)号：US20090307771A1
公开(公告)日：2009-12-10
申请号：US12541843
申请日：2009-08-14
申请人： Vadakkedathu T. Rajan , Mark N. Wegman , Richard B. Segal , Jason L. Crawford , Jeffrey O. Kephart , Shlomo Hershkop
发明人： Vadakkedathu T. Rajan , Mark N. Wegman , Richard B. Segal , Jason L. Crawford , Jeffrey O. Kephart , Shlomo Hershkop
IPC分类号： G06F15/16 , G06F21/00
CPC分类号： H04L51/12 , G06Q10/107
摘要： A method for detecting undesirable emails combines input from two or more spam classifiers to provide improved classification effectiveness and robustness. The method includes obtaining a score from each of a plurality of constituent spam classifiers by applying them to a given input email. The method further includes obtaining a combined spam score from a combined spam classifier that takes as input the plurality of constituent spam classifier scores, the combined spam classifier being computed automatically in accordance with a specified false-positive vs. false-negative tradeoff. The method further includes identifying the given input email as an undesirable email if the combined spam score indicates that the input e-mail is undesirable.
摘要翻译：用于检测不期望的电子邮件的方法组合来自两个或更多个垃圾邮件分类器的输入，以提供改进的分类有效性和鲁棒性。该方法包括通过将其应用于给定的输入电子邮件来从多个组成垃圾邮件分类器中的每一个获得分数。所述方法还包括从组合的垃圾邮件分类器获得组合的垃圾邮件分数，所述组合垃圾邮件分类器将所述多个组成垃圾邮件分类器分数作为输入，所述组合垃圾邮件分类器根据指定的假阳性与假阴性权衡自动计算。如果组合的垃圾邮件评分指示输入的电子邮件是不期望的，该方法还包括将给定的输入电子邮件识别为不期望的电子邮件。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式