会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 71. 发明申请
    • METHODS, MEDIA, AND SYSTEMS FOR DETECTING AN ANOMALOUS SEQUENCE OF FUNCTION CALLS
    • 用于检测功能调用异常序列的方法,媒体和系统
    • US20100153785A1
    • 2010-06-17
    • US12447946
    • 2007-10-30
    • Angelos D. KeromytisSalvatore J. Stolfo
    • Angelos D. KeromytisSalvatore J. Stolfo
    • G06F11/07G06F9/44
    • G06F21/566G06F11/08G06F11/3688G06F2221/033G06N7/005H04L63/1425
    • Methods, media, and systems for detecting an anomalous sequence of function calls are provided. The methods can include compressing a sequence of function calls made by the execution of a program using a compression model; and determining the presence of an anomalous sequence of function calls in the sequence of function calls based on the extent to which the sequence of function calls is compressed. The methods can further include executing at least one known program; observing at least one sequence of function calls made by the execution of the at least one known program; assigning each type of function call in the at least one sequence of function calls made by the at least one known program a unique identifier; and creating at least part of the compression model by recording at least one sequence of unique identifiers.
    • 提供了用于检测函数调用异常序列的方法,介质和系统。 该方法可以包括通过使用压缩模型来压缩由程序执行所产生的函数调用序列; 以及基于函数调用序列被压缩的程度来确定功能调用序列中函数调用的异常序列的存在。 所述方法还可以包括执行至少一个已知程序; 观察由所述至少一个已知节目的执行而进行的至少一个函数调用序列; 在由所述至少一个已知程序进行的所述至少一个功能调用序列中分配每种类型的功能调用唯一标识符; 以及通过记录至少一个唯一标识符序列来创建所述压缩模型的至少一部分。
    • 74. 发明授权
    • System and methods for adaptive model generation for detecting intrusions in computer systems
    • 用于检测计算机系统入侵的自适应模型生成的系统和方法
    • US07225343B1
    • 2007-05-29
    • US10352342
    • 2003-01-27
    • Andrew HonigAndrew HowardEleazar EskinSalvatore J. Stolfo
    • Andrew HonigAndrew HowardEleazar EskinSalvatore J. Stolfo
    • H04L9/00
    • H04L63/14G06F17/30091G06F17/30294G06F17/30477G06F21/554G06F21/566G06N7/005G06N99/005H04L63/1416H04L63/1425H04L63/1433
    • A system and methods for detecting intrusions in the operation of a computer system comprises a sensor configured to gather information regarding the operation of the computer system, to format the information in a data record having a predetermined format, and to transmit the data in the predetermined data format. A data warehouse is configured to receive the data record from the sensor in the predetermined data format and to store the data in a database. A detection model generator is configured to request data records from the data warehouse in the predetermined data format, to generate an intrusion detection model based on said data records, and to transmit the intrusion detection model to the data warehouse according to the predetermined data format. A detector is configured to receive a data record in the predetermined data format from the sensor and to classify the data record in real-time as one of normal operation and an attack based on said intrusion detection model. A data analysis engine is configured to request data records from the data warehouse according to the predetermined data format and to perform a data processing function on the data records.
    • 一种用于在计算机系统的操作中检测入侵的系统和方法,包括:传感器,被配置为收集关于计算机系统的操作的信息,将信息格式化成具有预定格式的数据记录,并且以预定的方式发送数据 数据格式。 数据仓库被配置为以预定数据格式从传感器接收数据记录,并将数据存储在数据库中。 检测模型生成器被配置为以预定数据格式从数据仓库请求数据记录,以基于所述数据记录生成入侵检测模型,并根据预定数据格式将入侵检测模型发送到数据仓库。 检测器被配置为从传感器接收预定数据格式的数据记录,并且将数据记录实时地分类为正常操作之一和基于所述入侵检测模型的攻击。 数据分析引擎被配置为根据预定数据格式从数据仓库请求数据记录,并对数据记录执行数据处理功能。
    • 75. 发明授权
    • System and methods for intrusion detection with dynamic window sizes
    • 具有动态窗口大小的入侵检测系统和方法
    • US07162741B2
    • 2007-01-09
    • US10208402
    • 2002-07-30
    • Eleazar EskinSalvatore J. Stolfo
    • Eleazar EskinSalvatore J. Stolfo
    • H04L9/32G06F11/00G06F11/22G06F11/30G06F11/32G06F11/34G06F11/36G06F12/14G06F12/16G06F7/04G06F7/58
    • H04L63/1416Y10S707/99953Y10S707/99956
    • A system and methods of monitoring sequences of operations in a process running on a computer system. A probabilistic detection model is defined which is configured to determine a predictive probability of an occurrence of a final operation in the sequence of operations that is conditional on a calculated number of previous operations in the sequence of operations. The probabilistic detection model is trained from a plurality of predetermined sequences of operations to calculate the number of previous operations evaluated in the probabilistic detection model. The predictive probability for the final operation in the sequence of operations is determined by using the probabilistic detection model. If the predictive probability is below a predetermined threshold, the sequence of operations is identified as an intrusion. The probabilistic detection model may use sparse distribution trees to generate a model which determines the optimal number of previous operations to be evaluated (i.e., the window size) and position of wildcards. The system and methods may be used to monitor sequences of system calls, application function calls, and machine code instructions, for example.
    • 在计算机系统上运行的进程中监视操作顺序的系统和方法。 定义概率检测模型,其被配置为确定在所述操作序列中出现最终操作的预测概率,其以所计算的操作序列中的先前操作的数量为条件。 从多个预定的操作序列训练概率检测模型,以计算在概率检测模型中评估的先前操作的数量。 通过使用概率检测模型来确定操作顺序中的最终操作的预测概率。 如果预测概率低于预定阈值,则将该操作序列识别为入侵。 概率检测模型可以使用稀疏分布树来生成确定要评估的先前操作的最佳数量(即,窗口大小)和通配符的位置的模型。 例如,系统和方法可以用于监视系统调用,应用程序函数调用和机器代码指令的顺序。
    • 76. 发明授权
    • Method and apparatus for imaging, image processing and data compression
    • 用于成像,图像处理和数据压缩的方法和装置
    • US5748780A
    • 1998-05-05
    • US259527
    • 1994-06-14
    • Salvatore J. Stolfo
    • Salvatore J. Stolfo
    • G06F17/30G06K9/00G06K9/36
    • G06Q20/042G06F17/30256G06K9/00G06K2209/015
    • A method for processing an image, consisting of a foreground and a background, to produce a highly compressed and accurate representation of the image, including the steps of scanning the image to create a digital image of the image, comparing the digital image against a codebook of stored digital images; matching the digital image with one of the stored digital images of the codebook; producing an index code identifying the background of the stored digital image as having matched the digital image; subtracting the stored digital image from the digital image to produce a second digital image representing the foreground of the stored digital image; and storing the second digital image with the index code. An apparatus is also provided for compressing images having a foreground and a background, consisting of an image scanner, a template image storage device for storing background templates, a processor system for matching a scanned image of the image with one of the background templates, resulting in a template identifier, a processor system for compensating the scanned image for the matched template to produce a foreground image, and a data compression system for compressing the foreground image.
    • 一种用于处理由前景和背景组成的图像以产生图像的高度压缩和精确表示的方法,包括扫描图像以创建图像的数字图像的步骤,将数字图像与码本进行比较 存储的数字图像; 将数字图像与码本的所存储的数字图像之一进行匹配; 产生将所存储的数字图像的背景识别为与数字图像相匹配的索引码; 从数字图像中减去所存储的数字图像,以产生表示所存储的数字图像的前景的第二数字图像; 并存储具有索引码的第二数字图像。 还提供了一种用于压缩具有前景和背景的图像的装置,包括图像扫描器,用于存储背景模板的模板图像存储装置,用于将图像的扫描图像与背景模板之一匹配的处理器系统,产生 在模板标识符中,用于补偿用于匹配模板的扫描图像以产生前景图像的处理器系统,以及用于压缩前景图像的数据压缩系统。
    • 77. 发明授权
    • Method of merging large databases in parallel
    • 并行大型数据库的合并方法
    • US5497486A
    • 1996-03-05
    • US213795
    • 1994-03-15
    • Salvatore J. StolfoMauricio A. Herna/ ndez
    • Salvatore J. StolfoMauricio A. Herna/ ndez
    • G06F7/14G06F7/32G06F17/30G06F7/06G06F7/20
    • G06F7/14G06F17/30256G06F17/30489G06F7/32Y10S707/99935Y10S707/99937
    • The semantic integration problem for merging multiple databases of very large size, the merge/purge problem, can be solved by multiple runs of the sorted neighborhood method or the clustering method with small windows followed by the computation of the transitive closure over the results of each run. The sorted neighborhood method works well under this scheme but is computationally expensive due to the sorting phase. An alternative method based on data clustering that reduces the complexity to linear time making multiple runs followed by transitive closure feasible and efficient. A method is provided for identifying duplicate records in a database, each record having at least one field and a plurality of keys, including the steps of sorting the records according to a criteria applied to a first key; comparing a number of consecutive sorted records to each other, wherein the number is less than a number of records in said database and identifying a first group of duplicate records; storing the identity of the first group; sorting the records according to a criteria applied to a second key; comparing a number of consecutive sorted records to each other, wherein the number is less than a number of records in said database and identifying a second group of duplicate records; storing the identity of the second group; and subjecting the union of the first and second groups to transitive closure.
    • 合并/清除问题的多个数据库的语义集成问题可以通过多次运行的排序邻域方法或使用小窗口的聚类方法来解决,然后计算每个结果的传递闭包 跑。 排序的邻域方法在该方案下工作良好,但是由于分类阶段,计算费用很高。 一种基于数据聚类的替代方法,可以将复杂度降低到线性时间,从而实现多次运行,然后传递闭包可行且高效。 提供了一种用于识别数据库中的重复记录的方法,每个记录具有至少一个字段和多个密钥,包括根据应用于第一密钥的准则对记录进行排序的步骤; 将多个连续排序的记录彼此进行比较,其中所述数目小于所述数据库中的记录数量,并且识别第一组重复记录; 存储第一组的身份; 根据应用于第二个键的标准对记录进行排序; 将多个连续排序的记录彼此进行比较,其中所述数量小于所述数据库中的记录数量,并且识别第二组重复记录; 存储第二组的身份; 并使第一组和第二组的联合进行传递闭合。