专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

11. 发明授权

US09350757B1 Detecting computer security threats in electronic documents based on structure 有权
标题翻译：基于结构检测电子文档中的计算机安全威胁
公开(公告)号：US09350757B1
公开(公告)日：2016-05-24
申请号：US14723251
申请日：2015-05-27
申请人： AREA 1 SECURITY, INC.
发明人： Oren Falkowitz , Philip Syme
IPC分类号： H04L29/06 , H04L12/935 , H04L29/12
CPC分类号： H04L63/145 , G06F17/30861 , H04L63/02 , H04L63/0227 , H04L63/0254 , H04L63/1433 , H04L63/1458 , H04L63/1483 , H04L67/02 , H04L67/14 , H04L67/141 , H04L67/142 , H04L67/143 , H04L69/161 , H04L69/22
摘要： In an embodiment, a method providing an improvement in remediating vulnerabilities in computer security comprising: receiving, using a network tap of a sensor computer that is coupled to a compromised computer, a communication packet that was sent from the compromised computer to a target computer; using the sensor computer, determining that the target computer is one of a plurality of enterprise computers; reading, at the sensor computer, a plurality of fields within a header of the communication packet; and performing a remediation measure by generating a header of an action packet, wherein the header comprises duplicates of at least some fields of the plurality of fields so as to appear to be generated by the target computer, generating a payload of the action packet, and sending the action packet comprising the generated header and the generated payload to the compromised computer.
摘要翻译：在一个实施例中，提供了修复计算机安全性中的漏洞的方法，包括：使用耦合到受感染计算机的传感器计算机的网络抽头，将从受感染计算机发送到目标计算机的通信分组; 使用传感器计算机，确定目标计算机是多个企业计算机之一; 在所述传感器计算机处读取所述通信分组的报头内的多个字段; 以及通过生成动作分组的报头来执行修复措施，其中所述报头包括所述多个字段中的至少一些字段的重复，以便看起来由所述目标计算机生成，生成所述动作分组的有效载荷，以及将包括所生成的报头和所生成的有效载荷的动作分组发送到受感染的计算机。

12. 发明申请

US20160134588A1 REMEDIATING COMPUTER SECURITY THREATS USING DISTRIBUTED SENSOR COMPUTERS 审中-公开
标题翻译：使用分布式传感器计算机来补救计算机安全威胁
公开(公告)号：US20160134588A1
公开(公告)日：2016-05-12
申请号：US14723285
申请日：2015-05-27
申请人： AREA 1 SECURITY, INC.
发明人： OREN FALKOWITZ , PHILIP SYME , BLAKE DARCHE
IPC分类号： H04L29/06 , H04L12/24
CPC分类号： H04L63/145 , H04L63/02 , H04L63/0227 , H04L63/1441
摘要： A data processing system comprising: a sensor computer that is coupled to and co-located with a compromised computer, the compromised computer comprising at least one malware item that is configured to direct unauthorized network activity toward one or more enterprise networks or enterprise computers, wherein the compromised computer is coupled to a firewall that is configured to control ingress of packets to the compromised computer and is logically between one or more attacker computers and the one or more enterprise networks or enterprise computers; a security control computer that is coupled to the sensor computer; one or more non-transitory data storage media in the security control computer storing security logic comprising one or more sequences of instructions which when executed cause the security control computer to perform: obtaining, from the sensor computer, detection data relating to network messages that the compromised computer emits, as the compromised computer emits the network messages; using the detection data, identifying one or more security threats that are indicated by the network messages; determining a specified remediation measure to remediate one or more of the security threats; providing the specified remediation measure to one or more of the compromised computer, the sensor computer, the firewall, and an enterprise computer.
摘要翻译：一种数据处理系统，包括：传感器计算机，其耦合到受感染的计算机并与其位于一起，所述受损的计算机包括被配置为将未经授权的网络活动引向一个或多个企业网络或企业计算机的至少一个恶意软件项目，其中受损计算机耦合到防火墙，防火墙被配置为控制分组到入侵的计算机的入口，并且逻辑上在一个或多个攻击者计算机与一个或多个企业网络或企业计算机之间; 耦合到所述传感器计算机的安全控制计算机; 存储安全逻辑的安全控制计算机中的一个或多个非暂时性数据存储介质包括一个或多个指令序列，所述指令序列在执行时导致安全控制计算机执行：从传感器计算机获得与网络消息有关的检测数据，受感染的计算机发射网络消息; 使用所述检测数据，识别由所述网络消息指示的一个或多个安全威胁; 确定指定的补救措施来修复一个或多个安全威胁; 向一个或多个受损计算机，传感器计算机，防火墙和企业计算机提供指定的修复措施。

13. 发明授权

US10574669B1 Packet filters in security appliances with modes and intervals 有权
公开(公告)号：US10574669B1
公开(公告)日：2020-02-25
申请号：US16251992
申请日：2019-01-18
申请人： AREA 1 SECURITY, INC.
发明人： Javier Castro , Blake Darche , Chiraag Aval
IPC分类号： H04L29/06 , H04L12/26
摘要： A computer system programmed to provide improved packet capture comprises: a plurality of sensor computers each programmed to capture data packets directed to a different compromised computer; a command server that is programmed to determine an expiration time for capturing a first set of data packets that have been routed toward a first compromised computer, to determine a time interval indicating an interval for capturing the first set of data packets, to identify a first packet capture filter of a plurality of packet capture filters for a first sensor computer of the plurality of sensor computers, to transmit, via a communications network, the first packet capture filter and a message, which comprises the time interval and the expiration time, to the first sensor computer of the plurality of sensor computers to capture the first set of data packets every the time interval and until the expiration time expires.

14. 发明授权

US10104113B1 Using machine learning for classification of benign and malicious webpages 有权
公开(公告)号：US10104113B1
公开(公告)日：2018-10-16
申请号：US15166135
申请日：2016-05-26
申请人： AREA 1 SECURITY, INC.
发明人： Peter Stein , Andrea Li , Tamar Weseley , Jesse Collins , Ali Soylemezoglu
IPC分类号： H04L29/06
摘要： In an embodiment, a data processing method providing an improvement in computer security, comprises selecting a uniform resource location (URL) for classification wherein the selected URL is associated with a webpage; determining a URL risk score for the selected URL; comparing the URL risk score to a URL risk threshold; in response to determining that the URL risk score exceeds the URL risk threshold, determining a maliciousness risk score for the webpage content associated with the selected URL; comparing the maliciousness risk score to a maliciousness risk threshold; and classifying the URL based on the comparison between the maliciousness risk score and the maliciousness risk threshold; in response to determining that the maliciousness risk score exceeds the maliciousness risk threshold, classifying the URL as malicious; in response to determining that the maliciousness risk score does not exceed the maliciousness risk threshold, classifying the URL as benign.

15. 发明授权

US10084815B2 Remediating computer security threats using distributed sensor computers 有权
公开(公告)号：US10084815B2
公开(公告)日：2018-09-25
申请号：US15621975
申请日：2017-06-13
申请人： Area 1 Security, Inc.
发明人： Oren Falkowitz , Philip Syme , Blake Darche
IPC分类号： G06F11/00 , H04L29/06
CPC分类号： H04L63/145 , H04L63/02 , H04L63/0227 , H04L63/1441
摘要： A computer-implemented method, comprising: detecting network messages that are emitted by a compromised computer, wherein the compromised computer comprises at least one malware item that is configured to direct unauthorized network activity toward one or more enterprise networks or enterprise computers; queuing copies of the network messages in a queue; forwarding the network messages to original destinations; determining whether the number of network messages exceeds a specified threshold associated with an attack vector; filtering by the processor, the copies that do not include one of a set of port values associated with known computer attacks; analyzing, by the processor, timing of the copies with respect to a predetermined schedule including active hours and inactive hours, detecting one or more security threats caused by the comprised computer based on the determining, filtering, and the analyzing, sending a result of the detecting to a security control computer over a communication network.

16. 发明授权

US09923920B1 Detecting computer security threats in electronic documents based on structure 有权
公开(公告)号：US09923920B1
公开(公告)日：2018-03-20
申请号：US15416334
申请日：2017-01-26
申请人： AREA 1 SECURITY, INC.
发明人： Oren Falkowitz , Philip Syme
IPC分类号： H04L29/06
CPC分类号： H04L63/145 , G06F17/30861 , H04L63/02 , H04L63/0227 , H04L63/0254 , H04L63/1433 , H04L63/1458 , H04L63/1483 , H04L67/02 , H04L67/14 , H04L67/141 , H04L67/142 , H04L67/143 , H04L69/161 , H04L69/22
摘要： In an embodiment, a method providing an improvement in remediating vulnerabilities in computer security comprising: receiving, using a network tap of a sensor computer that is coupled to a compromised computer, a communication packet that was sent from the compromised computer to a target computer; using the sensor computer, determining that the target computer is one of a plurality of enterprise computers; reading, at the sensor computer, a plurality of fields within a header of the communication packet; and performing a remediation measure by generating a header of an action packet, wherein the header comprises duplicates of at least some fields of the plurality of fields so as to appear to be generated by the target computer, generating a payload of the action packet, and sending the action packet comprising the generated header and the generated payload to the compromised computer.

17. 发明授权

US09560070B1 Distribution of security rules among sensor computers 有权
标题翻译：传感器计算机之间的安全规则分布
公开(公告)号：US09560070B1
公开(公告)日：2017-01-31
申请号：US15162239
申请日：2016-05-23
申请人： AREA 1 SECURITY, INC.
发明人： Chiraag Aval , Sandeep Mandala
IPC分类号： H04L29/06 , H04L29/08
CPC分类号： H04L63/145 , H04L63/1416 , H04L63/1425 , H04L63/1466 , H04L67/02 , H04L67/06 , H04L67/34 , H04L2463/146
摘要： Systems and methods for generating rules in a networking environment having one or more sensor computers logically connected to compromised computers are provided. The rules comprise detection data used by a sensor computer to detect a potential security threat and a specified remediation measure that is caused to be performed when the security threat is detected. A security control computer generates the rules from record of series of actions created by the sensor computer, generates a rule, and distributes the rule to the sensor computers. The sensor computers periodically poll a central database for new rules and store a copy of each rule locally. Using the locally stored rules, the sensor computers can more efficiently and accurately respond to security threats.
摘要翻译：提供了在具有逻辑上连接到受损计算机的一个或多个传感器计算机的网络环境中生成规则的系统和方法。规则包括由传感器计算机使用以检测潜在的安全威胁的检测数据和当检测到安全威胁时被执行的指定的修复措施。安全控制计算机从传感器计算机创建的一系列动作的记录生成规则，生成规则，并将规则分发给传感器计算机。传感器计算机定期轮询中央数据库以获取新规则，并在本地存储每个规则的副本。使用本地存储的规则，传感器计算机可以更有效和准确地响应安全威胁。

18. 发明授权

US11050698B1 Message processing system with business email compromise detection 有权
公开(公告)号：US11050698B1
公开(公告)日：2021-06-29
申请号：US17026131
申请日：2020-09-18
申请人： Area 1 Security, Inc.
发明人： Umalatha N. Batchu , YenHsiang Chang , Torsten Zeppenfeld , Debashri Mukherjee , Paul East
IPC分类号： H04L12/58 , G06N20/00 , G06Q10/10
摘要： In an embodiment, the disclosed technologies monitor electronic message traffic between a network and a recipient computer system. An embodiment includes extracting, from an electronic message received from the network, a sending domain and message data, computing a lookalike score based on the sending domain, and assigning a message type to the electronic message based on the message data. The lookalike score and the message type may be used to determine whether the electronic message is a spoofing attack such as a business email compromise (BEC) attack. In response to determining that the electronic message is malicious, an embodiment may cause the network to at least one of modify, delay, re-route, or block transmission of the electronic message to the recipient computer system.

19. 发明授权

US10581883B1 In-transit visual content analysis for selective message transfer 有权
公开(公告)号：US10581883B1
公开(公告)日：2020-03-03
申请号：US15968733
申请日：2018-05-01
申请人： Area 1 Security, Inc.
发明人： Philip Syme , Michael Flester , Umalatha Batchu , Rajiv Jain
IPC分类号： H04L29/06 , H04L12/58
摘要： In an embodiment, a computer system comprises one or more computer processors configured with a message transfer application; a message transfer/vision processing (MT/VP) interface coupled to the one or more computer processors and interposed between the message transfer application and a vision processing computer, wherein the MT/VP interface performs operations comprising: extracting risk indicator data from a message that is in transit to a recipient computer on a computer network; in response to the risk indicator data matching a message risk criterion, transmitting an image address for an image of interest coupled to the message or the image of interest to the vision processing computer; receiving, from the vision processing computer, a label that semantically describes visual content of the image of interest; using the label, querying a set of correlation data to determine a reference address that is associated with the label; in response to the image address matching the reference address, transmitting the message to the recipient computer; in response to the image address not matching the reference address, modifying, delaying or blocking the transmitting of the message to the recipient computer.

20. 发明授权

US10440042B1 Domain feature classification and autonomous system vulnerability scanning 有权
公开(公告)号：US10440042B1
公开(公告)日：2019-10-08
申请号：US15158253
申请日：2016-05-18
申请人： AREA 1 SECURITY, INC.
发明人： Peter Stein , Connie Siu , Donghyun Michael Choi , Rahul Sridhar , Hunter van Adelsberg
IPC分类号： H04L9/00 , H04L29/06 , H04L29/08 , H04L29/12 , G06N20/00
摘要： In an embodiment, a data processing method providing an improvement in computer security, comprises selecting, from a domain name queue comprising a plurality of domain names, a particular domain name to analyze; extracting one or more features of the particular domain name; determining a particular risk priority score of the particular domain name based on analyzing the one or more features of the particular domain name by applying a classifier to the one or more features of the particular domain name; inserting the particular risk priority score and an identifier associated with the particular domain name into a priority queue comprising a plurality of risk priority scores and a plurality of domain names; repeating the selecting, extracting, determining, and inserting steps for the remaining domain names in the domain name queue; retrieving from the priority queue, based upon the risk priority score, the identifier associated with the particular domain name; determining the particular domain name associated with the identifier; scanning the particular domain name for malicious content or security vulnerabilities; and outputting results of the scanning to a system, database, or report.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式