专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

41. 发明申请

US20110167494A1 METHODS, SYSTEMS, AND MEDIA FOR DETECTING COVERT MALWARE 有权
标题翻译：检测覆盖恶意软件的方法，系统和媒体
公开(公告)号：US20110167494A1
公开(公告)日：2011-07-07
申请号：US12982984
申请日：2010-12-31
申请人： Brian M. Bowen , Pratap V. Prabhu , Vasileios P. Kemerlis , Stylianos Sidiroglou , Salvatore J. Stolfo , Angelos D. Keromytis
发明人： Brian M. Bowen , Pratap V. Prabhu , Vasileios P. Kemerlis , Stylianos Sidiroglou , Salvatore J. Stolfo , Angelos D. Keromytis
IPC分类号： G06F21/00
CPC分类号： G06F21/56 , G06F21/566 , G06F21/577 , H04L63/1441 , H04L63/1491
摘要： Methods, systems, and media for detecting covert malware are provided. In accordance with some embodiments, a method for detecting covert malware in a computing environment is provided, the method comprising: generating simulated user activity outside of the computing environment; conveying the simulated user activity to an application inside the computing environment; and determining whether a decoy corresponding to the simulated user activity has been accessed by an unauthorized entity.
摘要翻译：提供了用于检测隐蔽恶意软件的方法，系统和媒体。根据一些实施例，提供了一种用于在计算环境中检测隐匿恶意软件的方法，所述方法包括：在所述计算环境之外生成模拟用户活动; 将所述模拟用户活动传达到所述计算环境内的应用; 以及确定是否已经被未经授权的实体访问与所述模拟用户活动相对应的诱饵。

42. 发明申请

US20100281541A1 Systems and Methods for Correlating and Distributing Intrusion Alert Information Among Collaborating Computer Systems 有权
标题翻译：在协作计算机系统中关联和分发入侵警报信息的系统和方法
公开(公告)号：US20100281541A1
公开(公告)日：2010-11-04
申请号：US12833743
申请日：2010-07-09
申请人： Salvatore J. Stolfo , Tal Malkin , Angelos D. Keromytis , Vishal Misra , Michael Locasto , Janak Parekh
发明人： Salvatore J. Stolfo , Tal Malkin , Angelos D. Keromytis , Vishal Misra , Michael Locasto , Janak Parekh
IPC分类号： G06F11/00
CPC分类号： H04L63/1416 , G06F21/552 , G06F21/554 , H04L63/145 , H04L63/1475 , H04L63/1491
摘要： Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems are provided. These systems and methods provide an alert correlator and an alert distributor that enable early signs of an attack to be detected and rapidly disseminated to collaborating systems. The alert correlator utilizes data structures to correlate alert detections and provide a mechanism through which threat information can be revealed to other collaborating systems. The alert distributor uses an efficient technique to group collaborating systems and then pass data between certain members of those groups according to a schedule. In this way data can be routinely distributed without generating excess traffic loads.
摘要翻译：提供了在协作计算机系统之间关联和分发入侵警报信息的系统和方法。这些系统和方法提供警报相关器和警报分发器，其使得能够检测到攻击的早期迹象并且迅速地传播到协作系统。警报相关器利用数据结构来关联警报检测，并提供可以向其他协作系统透露威胁信息的机制。警报分配器使用有效的技术来对协作系统进行分组，然后根据时间表在某些成员之间传递数据。以这种方式，数据可以定期分布，而不会产生过多的流量负载。

43. 发明授权

US07779463B2 Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems 有权
公开(公告)号：US07779463B2
公开(公告)日：2010-08-17
申请号：US10864226
申请日：2004-06-09
申请人： Salvatore J. Stolfo , Tal Malkin , Angelos D. Keromytis , Vishal Misra , Michael Locasto , Janak Parekh
发明人： Salvatore J. Stolfo , Tal Malkin , Angelos D. Keromytis , Vishal Misra , Michael Locasto , Janak Parekh
IPC分类号： G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00 , G06F11/30 , B41K3/38 , G06F15/16 , G06F15/177
CPC分类号： H04L63/1416 , G06F21/552 , G06F21/554 , H04L63/145 , H04L63/1475 , H04L63/1491
摘要： Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems are provided. These systems and methods provide an alert correlator and an alert distributor that enable early signs of an attack to be detected and rapidly disseminated to collaborating systems. The alert correlator utilizes data structures to correlate alert detections and provide a mechanism through which threat information can be revealed to other collaborating systems. The alert distributor uses an efficient technique to group collaborating systems and then pass data between certain members of those groups according to a schedule. In this way data can be routinely distributed without generating excess traffic loads.

44. 发明申请

US20100077483A1 METHODS, SYSTEMS, AND MEDIA FOR BAITING INSIDE ATTACKERS 有权
标题翻译：用于打击攻击者的方法，系统和媒体
公开(公告)号：US20100077483A1
公开(公告)日：2010-03-25
申请号：US12565394
申请日：2009-09-23
申请人： Salvatore J. Stolfo , Angelos D. Keromytis , Brian M. Bowen , Shlomo Hershkop , Vasileios P. Kemerlis , Pratap V. Prabhu , Malek Ben Salem
发明人： Salvatore J. Stolfo , Angelos D. Keromytis , Brian M. Bowen , Shlomo Hershkop , Vasileios P. Kemerlis , Pratap V. Prabhu , Malek Ben Salem
IPC分类号： G06F11/00
CPC分类号： G06F21/554 , G06F21/552 , G06F21/566 , G06F2221/034 , G06F2221/2123 , H04L63/1466
摘要： Methods, systems, and media for providing trap-based defenses are provided. In accordance with some embodiments, a method for providing trap-based defenses is provided, the method comprising: generating decoy information based at least in part on actual information in a computing environment, wherein the decoy information is generated to comply with one or more document properties; embedding a beacon into the decoy information; and inserting the decoy information with the embedded beacon into the computing environment, wherein the embedded beacon provides a first indication that the decoy information has been accessed by an attacker and wherein the embedded beacon provides a second indication that differentiates between the decoy information and the actual information.
摘要翻译：提供了用于提供基于陷阱的防御的方法，系统和媒体。根据一些实施例，提供了一种用于提供基于陷阱的防御的方法，所述方法包括：至少部分地基于计算环境中的实际信息生成诱饵信息，其中所述诱饵信息被生成以符合一个或多个文档属性; 将信标嵌入诱饵信息中; 以及将具有所嵌入的信标的诱饵信息插入所述计算环境中，其中所述嵌入式信标提供所述诱饵信息已被攻击者访问的第一指示，并且其中所述嵌入信标提供区分所述诱饵信息和所述实际信息之间的第二指示信息。

45. 发明申请

US20090241191A1 SYSTEMS, METHODS, AND MEDIA FOR GENERATING BAIT INFORMATION FOR TRAP-BASED DEFENSES 有权
标题翻译：用于生成基于陷阱的防御信号的系统，方法和媒体
公开(公告)号：US20090241191A1
公开(公告)日：2009-09-24
申请号：US12302774
申请日：2007-05-31
申请人： Angelos D. Keromytis , Salvatore J. Stolfo
发明人： Angelos D. Keromytis , Salvatore J. Stolfo
IPC分类号： G06F15/173 , G06F21/00
CPC分类号： H04L63/1491 , H04L43/0876 , H04L51/22 , H04L63/1408 , H04L63/145
摘要： Systems, methods, and media for generating bait information for trap-based defenses are provided. In some embodiments, methods for generating bait information for trap-based defenses include: recording historical information of a network; translating the historical information; and generating bait information by tailoring the translated historical information.
摘要翻译：提供了用于生成基于陷阱的防御的诱饵信息的系统，方法和媒体。在一些实施例中，用于产生用于基于陷阱的防御的诱饵信息的方法包括：记录网络的历史信息; 翻译历史信息; 并通过定制翻译的历史信息产生诱饵信息。

46. 发明申请

US20150058982A1 Methods of unsupervised anomaly detection using a geometric framework 审中-公开
标题翻译：使用几何框架进行无监督异常检测的方法
公开(公告)号：US20150058982A1
公开(公告)日：2015-02-26
申请号：US13987690
申请日：2013-08-20
申请人： Eleazar Eskin , Andrew Arnold , Michael Prerau , Leonid Portnoy , Salvatore J. Stolfo
发明人： Eleazar Eskin , Andrew Arnold , Michael Prerau , Leonid Portnoy , Salvatore J. Stolfo
IPC分类号： H04L29/06
CPC分类号： H04L63/1425 , G06F17/30914
摘要： A method for unsupervised anomaly detection, which are algorithms that are designed to process unlabeled data. Data elements are mapped to a feature space which is typically a vector space d. Anomalies are detected by determining which points lies in sparse regions of the feature space. Two feature maps are used for mapping data elements to a feature apace. A first map is a data-dependent normalization feature map which we apply to network connections. A second feature map is a spectrum kernel which we apply to system call traces.
摘要翻译：一种用于无监督异常检测的方法，它们是用于处理未标记数据的算法。数据元素被映射到通常是向量空间d的特征空间。通过确定哪些点位于特征空间的稀疏区域来检测异常。两个特征图用于将数据元素映射到特征空间。第一张地图是我们适用于网络连接的依赖于数据的规范化特征图。第二个特征图是我们应用于系统调用轨迹的频谱内核。

47. 发明授权

US08769684B2 Methods, systems, and media for masquerade attack detection by monitoring computer user behavior 有权
标题翻译：通过监控计算机用户行为进行伪装攻击检测的方法，系统和媒体
公开(公告)号：US08769684B2
公开(公告)日：2014-07-01
申请号：US12628587
申请日：2009-12-01
申请人： Salvatore J. Stolfo , Malek Ben Salem , Shlomo Hershkop
发明人： Salvatore J. Stolfo , Malek Ben Salem , Shlomo Hershkop
IPC分类号： G06F21/00 , G06F21/55 , G06F21/50 , H04L29/06 , G06F21/56
CPC分类号： H04L63/1416 , G06F21/50 , G06F21/55 , G06F21/552 , G06F21/554 , G06F21/566 , H04L29/06884 , H04L29/06897 , H04L63/1408 , H04L63/1425 , H04L63/1491
摘要： Methods, systems, and media for masquerade attack detection by monitoring computer user behavior are provided. In accordance with some embodiments, a method for detecting masquerade attacks is provided, the method comprising: monitoring a first plurality of user actions and access of decoy information in a computing environment; generating a user intent model for a category that includes at least one of the first plurality of user actions; monitoring a second plurality of user actions; comparing the second plurality of user actions with the user intent model by determining deviation from the generated user intent model; identifying whether the second plurality of user actions is a masquerade attack based at least in part on the comparison; and generating an alert in response to identifying that the second plurality of user actions is the masquerade attack and in response to determining that the second plurality of user actions includes accessing the decoy information in the computing environment.
摘要翻译：提供了通过监控计算机用户行为进行伪装攻击检测的方法，系统和媒体。根据一些实施例，提供了一种用于检测伪装攻击的方法，所述方法包括：在计算环境中监视第一多个用户动作和诱捕信息的访问; 为包括所述第一多个用户动作中的至少一个的类别生成用户意图模型; 监视第二多个用户动作; 通过确定与所生成的用户意图模型的偏差来比较第二多个用户动作与用户意图模型; 至少部分地基于所述比较来识别所述第二多个用户动作是否是伪装攻击; 以及响应于识别所述第二多个用户动作是所述伪装攻击而响应于响应于确定所述第二多个用户动作包括访问所述计算环境中的诱饵信息而产生警报。

48. 发明申请

US20130326332A1 SYSTEMS AND METHODS FOR CONTENT EXTRACTION 有权
标题翻译：用于内容提取的系统和方法
公开(公告)号：US20130326332A1
公开(公告)日：2013-12-05
申请号：US13900912
申请日：2013-05-23
申请人： Suhit Gupta , Gail Kaiser , Salvatore J. Stolfo
发明人： Suhit Gupta , Gail Kaiser , Salvatore J. Stolfo
IPC分类号： G06F17/22
CPC分类号： G06F17/2247 , G06F17/30864 , G06F17/30908 , G06F17/30914
摘要： Systems and methods are presented for content extraction from markup language text. The content extraction process may parse markup language text into a hierarchical data model and then apply one or more filters. Output filters may be used to make the process more versatile. The operation of the content extraction process and the one or more filters may be controlled by one or more settings set by a user, or automatically by a classifier. The classifier may automatically enter settings by classifying markup language text and entering settings based on this classification. Automatic classification may be performed by clustering unclassified markup language texts with previously classified markup language texts.
摘要翻译：介绍了从标记语言文本中提取内容的系统和方法。内容提取过程可以将标记语言文本解析成分层数据模型，然后应用一个或多个过滤器。输出滤波器可用于使该过程更加通用。内容提取处理和一个或多个过滤器的操作可以由用户设置的一个或多个设置或由分类器自动地控制。分类器可以通过分类标记语言文本并基于此分类输入设置来自动输入设置。可以通过将未分类的标记语言文本与先前分类的标记语言文本进行聚类来执行自动分类。

49. 发明申请

US20090083855A1 System and methods for detecting intrusions in a computer system by monitoring operating system registry accesses 有权
标题翻译：通过监视操作系统注册表访问来检测计算机系统中的入侵的系统和方法
公开(公告)号：US20090083855A1
公开(公告)日：2009-03-26
申请号：US12154405
申请日：2008-05-21
申请人： Frank Apap , Andrew Honig , Hershkop Shlomo , Eleazar Eskin , Salvatore J. Stolfo
发明人： Frank Apap , Andrew Honig , Hershkop Shlomo , Eleazar Eskin , Salvatore J. Stolfo
IPC分类号： G06F21/22 , G06F11/30
CPC分类号： G06F21/552 , H04L63/1416
摘要： A method for detecting intrusions in the operation of a computer system is disclosed which comprises gathering features from records of normal processes that access the files system of the computer, such as the Windows registry, and generating a probabilistic model of normal computer system usage based on occurrences of said features. The features of a record of a process that accesses the Windows registry are analyzed to determine whether said access to the Windows registry is an anomaly. A system is disclosed, comprising a registry auditing module configured to gather records regarding processes that access the Windows registry; a model generator configured to generate a probabilistic model of normal computer system usage based on records of a plurality of processes that access the Windows registry and that are indicative of normal computer system usage; and a model comparator configured to determine whether the access of the Windows registry is an anomaly.
摘要翻译：公开了一种用于检测计算机系统操作中的入侵的方法，其包括从访问诸如Windows注册表的计算机的文件系统的正常进程的记录中收集特征，并且基于以下方式生成基于计算机系统的正常计算机系统使用的概率模型：出现所述特征。分析访问Windows注册表的进程记录的功能，以确定对Windows注册表的访问是否为异常。公开了一种系统，其包括注册表审核模块，其被配置为收集关于访问所述Windows注册表的进程的记录; 模型生成器，其被配置为基于访问Windows注册表并且指示正常的计算机系统使用的多个进程的记录来生成正常计算机系统使用的概率模型; 以及配置为确定Windows注册表的访问是否是异常的模型比较器。

50. 发明授权

US07448084B1 System and methods for detecting intrusions in a computer system by monitoring operating system registry accesses 有权
标题翻译：通过监视操作系统注册表访问来检测计算机系统中的入侵的系统和方法
公开(公告)号：US07448084B1
公开(公告)日：2008-11-04
申请号：US10352343
申请日：2003-01-27
申请人： Frank Apap , Andrew Honig , Hershkop Shlomo , Eleazar Eskin , Salvatore J. Stolfo
发明人： Frank Apap , Andrew Honig , Hershkop Shlomo , Eleazar Eskin , Salvatore J. Stolfo
IPC分类号： G06F21/22 , G06F11/30
CPC分类号： G06F21/552 , H04L63/1416
摘要： A method for detecting intrusions in the operation of a computer system is disclosed which comprises gathering features from records of normal processes that access the files system of the computer, such as the Windows registry, and generating a probabilistic model of normal computer system usage based on occurrences of said features. The features of a record of a process that accesses the Windows registry are analyzed to determine whether said access to the Windows registry is an anomaly. A system is disclosed, comprising a registry auditing module configured to gather records regarding processes that access the Windows registry; a model generator configured to generate a probabilistic model of normal computer system usage based on records of a plurality of processes that access the Windows registry and that are indicative of normal computer system usage; and a model comparator configured to determine whether the access of the Windows registry is an anomaly.
摘要翻译：公开了一种用于检测计算机系统操作中的入侵的方法，其包括从访问诸如Windows注册表的计算机的文件系统的正常进程的记录中收集特征，并且基于以下方式生成基于计算机系统的正常计算机系统使用的概率模型：出现所述特征。分析访问Windows注册表的进程记录的功能，以确定对Windows注册表的访问是否为异常。公开了一种系统，其包括注册表审核模块，其被配置为收集关于访问所述Windows注册表的进程的记录; 模型生成器，其被配置为基于访问Windows注册表并且指示正常的计算机系统使用的多个进程的记录来生成正常计算机系统使用的概率模型; 以及配置为确定Windows注册表的访问是否是异常的模型比较器。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式