专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

71. 发明申请

US20160330224A1 APPARATUS METHOD AND MEDIUM FOR DETECTING PAYLOAD ANOMALY USING N-GRAM DISTRIBUTION OF NORMAL DATA 审中-公开
标题翻译：使用正常数据的N-GRAM分布检测负载异常的装置方法和介质
公开(公告)号：US20160330224A1
公开(公告)日：2016-11-10
申请号：US15017325
申请日：2016-02-05
申请人： Salvatore J. Stolfo , Ke Wang
发明人： Salvatore J. Stolfo , Ke Wang
IPC分类号： H04L29/06
CPC分类号： H04L63/1425 , G06F21/55 , G06F21/552 , G06F21/554 , G06F21/56 , G06F21/562 , G06F21/563 , G06F21/564 , H04L43/00 , H04L43/0876 , H04L63/0218 , H04L63/0245 , H04L63/0263 , H04L63/029 , H04L63/145
摘要： A method, apparatus and medium are provided for detecting anomalous payloads transmitted through a network. The system receives payloads within the network and determines a length for data contained in each payload. A statistical distribution is generated for data contained in each payload received within the network, and compared to a selected model distribution representative of normal payloads transmitted through the network. The model payload can be selected such that it has a predetermined length range that encompasses the length for data contained in the received payload. Anomalous payloads are then identified based on differences detected between the statistical distribution of received payloads and the model distribution. The system can also provide for automatic training and incremental updating of models.
摘要翻译：提供了一种用于检测通过网络发送的异常有效载荷的方法，装置和介质。系统在网络内接收有效载荷并确定每个载荷中包含的数据的长度。为包含在网络中接收的每个有效载荷内的数据生成统计分布，并与代表通过网络传输的正常有效载荷的所选模型分布进行比较。可以选择模型有效载荷，使得其具有预定的长度范围，其包含包含在接收到的有效载荷中的数据的长度。然后根据接收到的有效载荷的统计分布和模型分布之间检测到的差异来识别异常有效载荷。该系统还可以提供模型的自动训练和增量更新。

72. 发明申请

US20150186647A1 SYSTEMS, METHODS, AND MEDIA FOR OUTPUTTING DATA BASED ON ANOMALY DETECTION 审中-公开
标题翻译：基于异常检测的输出数据的系统，方法和媒体
公开(公告)号：US20150186647A1
公开(公告)日：2015-07-02
申请号：US14634101
申请日：2015-02-27
申请人： Salvatore J. Stolfo , Ke Wang , Janak Parekh
发明人： Salvatore J. Stolfo , Ke Wang , Janak Parekh
IPC分类号： G06F21/56
CPC分类号： G06F21/56 , G06F21/564 , G06F2221/034 , H04L63/1416 , H04L63/1425
摘要： Systems, methods, and media for outputting data based on anomaly detection are provided. In some embodiments, a method for outputting data based on anomaly detection is provided, the method comprising: receiving, using a hardware processor, an input dataset; identifying grams in the input dataset that substantially include distinct byte values; creating an input subset by removing the identified grams from the input dataset; determining whether the input dataset is likely to be anomalous based on the identified grams, and determining whether the input dataset is likely to be anomalous by applying the input subset to a binary anomaly detection model to check for an n-gram in the input subset; and outputting the input dataset based on the likelihood that the input dataset is anomalous.
摘要翻译：提供了基于异常检测输出数据的系统，方法和媒体。在一些实施例中，提供了一种用于基于异常检测输出数据的方法，所述方法包括：使用硬件处理器接收输入数据集; 识别基本上包含不同字节值的输入数据集中的克数; 通过从输入数据集中移除所识别的克来创建输入子集; 基于所识别的克确定输入数据集是否可能是异常的，并且通过将输入子集应用于二进制异常检测模型来确定输入数据集是否可能是异常的，以检查输入子集中的n-gram; 并且基于输入数据集是异常的可能性来输出输入数据集。

73. 发明申请

US20150180895A1 APPARATUS METHOD AND MEDIUM FOR TRACING THE ORIGIN OF NETWORK TRANSMISSIONS USING N-GRAM DISTRIBUTION OF DATA 审中-公开
标题翻译：使用N-GRAM分布数据来跟踪网络传输原理的装置方法和介质
公开(公告)号：US20150180895A1
公开(公告)日：2015-06-25
申请号：US14638705
申请日：2015-03-04
申请人： Salvatore J. Stolfo
发明人： Salvatore J. Stolfo
IPC分类号： H04L29/06 , H04L12/26
CPC分类号： H04L63/1425 , G06F21/55 , G06F21/552 , G06F21/554 , G06F21/56 , G06F21/562 , G06F21/563 , G06F21/564 , H04L43/00 , H04L43/0876 , H04L63/0218 , H04L63/0245 , H04L63/0263 , H04L63/029 , H04L63/145
摘要： A method, apparatus, and medium are provided for tracing the origin of network transmissions. Connection records are maintained at computer system for storing source and destination addresses. The connection records also maintain a statistical distribution of data corresponding to the data payload being transmitted. The statistical distribution can be compared to that of the connection records in order to identify the sender. The location of the sender can subsequently be determined from the source address stored in the connection record. The process can be repeated multiple times until the location of the original sender has been traced.
摘要翻译：提供了一种用于跟踪网络传输来源的方法，装置和介质。在计算机系统中维护连接记录，用于存储源和目的地址。连接记录还保持对应于正在发送的数据有效载荷的数据的统计分布。可以将统计分布与连接记录的统计分布进行比较，以便识别发送者。随后可以从存储在连接记录中的源地址确定发送者的位置。该过程可以重复多次，直到原始发送者的位置被跟踪为止。

74. 发明授权

US09003528B2 Apparatus method and medium for tracing the origin of network transmissions using N-gram distribution of data 有权
标题翻译：使用N-gram分布数据跟踪网络传输来源的装置方法和介质
公开(公告)号：US09003528B2
公开(公告)日：2015-04-07
申请号：US13550711
申请日：2012-07-17
申请人： Salvatore J. Stolfo
发明人： Salvatore J. Stolfo
IPC分类号： G06F11/00 , G06F21/55 , G06F21/56 , H04L12/26 , H04L29/06
CPC分类号： H04L63/1425 , G06F21/55 , G06F21/552 , G06F21/554 , G06F21/56 , G06F21/562 , G06F21/563 , G06F21/564 , H04L43/00 , H04L43/0876 , H04L63/0218 , H04L63/0245 , H04L63/0263 , H04L63/029 , H04L63/145
摘要： A method, apparatus, and medium are provided for tracing the origin of network transmissions. Connection records are maintained at computer system for storing source and destination addresses. The connection records also maintain a statistical distribution of data corresponding to the data payload being transmitted. The statistical distribution can be compared to that of the connection records in order to identify the sender. The location of the sender can subsequently be determined from the source address stored in the connection record. The process can be repeated multiple times until the location of the original sender has been traced.
摘要翻译：提供了一种用于跟踪网络传输来源的方法，装置和介质。在计算机系统中维护连接记录，用于存储源和目的地址。连接记录还保持对应于正在发送的数据有效载荷的数据的统计分布。可以将统计分布与连接记录的统计分布进行比较，以便识别发送者。随后可以从存储在连接记录中的源地址确定发送者的位置。该过程可以重复多次，直到原始发送者的位置被跟踪为止。

75. 发明授权

US08893273B2 Systems and methods for adaptive model generation for detecting intrusions in computer systems 有权
标题翻译：用于检测计算机系统中入侵的自适应模型生成的系统和方法
公开(公告)号：US08893273B2
公开(公告)日：2014-11-18
申请号：US11805946
申请日：2007-05-25
申请人： Andrew Honig , Andrew Howard , Eleazar Eskin , Salvatore J. Stolfo
发明人： Andrew Honig , Andrew Howard , Eleazar Eskin , Salvatore J. Stolfo
IPC分类号： G06F21/72 , H04L29/06 , G06F21/55 , G06F21/56
CPC分类号： H04L63/14 , G06F17/30091 , G06F17/30294 , G06F17/30477 , G06F21/554 , G06F21/566 , G06N7/005 , G06N99/005 , H04L63/1416 , H04L63/1425 , H04L63/1433
摘要： A system and methods for detecting intrusions in the operation of a computer system comprises a sensor configured to gather information regarding the operation of the computer system, to format the information in a data record having a predetermined format, and to transmit the data in the predetermined data format. A data warehouse is configured to receive the data record from the sensor in the predetermined data format and to store the data in a SQL database. A detection model generator is configured to request data records from the data warehouse in the predetermined data format, to generate an intrusion detection model based on said data records, and to transmit the intrusion detection model to the data warehouse according to the predetermined data format. A detector is configured to receive a data record in the predetermined data format from the sensor and to classify the data record in real-time as one of normal operation and an attack based on said intrusion detection model. A data analysis engine is configured to request data records from the data warehouse according to the predetermined data format and to perform a data processing function on the data records.
摘要翻译：一种用于在计算机系统的操作中检测入侵的系统和方法，包括：传感器，被配置为收集关于计算机系统的操作的信息，将信息格式化成具有预定格式的数据记录，并且以预定的方式发送数据数据格式。数据仓库配置为以预定数据格式从传感器接收数据记录，并将数据存储在SQL数据库中。检测模型生成器被配置为以预定数据格式从数据仓库请求数据记录，以基于所述数据记录生成入侵检测模型，并根据预定数据格式将入侵检测模型发送到数据仓库。检测器被配置为从传感器接收预定数据格式的数据记录，并且将数据记录实时地分类为正常操作之一和基于所述入侵检测模型的攻击。数据分析引擎被配置为根据预定数据格式从数据仓库请求数据记录，并对数据记录执行数据处理功能。

76. 发明授权

US08887281B2 System and methods for adaptive model generation for detecting intrusion in computer systems 有权
标题翻译：用于检测计算机系统入侵的自适应模型生成的系统和方法
公开(公告)号：US08887281B2
公开(公告)日：2014-11-11
申请号：US13573314
申请日：2012-09-10
申请人： Andrew Honig , Andrew Howard , Eleazar Eskin , Salvatore J. Stolfo
发明人： Andrew Honig , Andrew Howard , Eleazar Eskin , Salvatore J. Stolfo
IPC分类号： H04L29/06 , G06F21/55 , G06F21/56
CPC分类号： H04L63/14 , G06F17/30091 , G06F17/30294 , G06F17/30477 , G06F21/554 , G06F21/566 , G06N7/005 , G06N99/005 , H04L63/1416 , H04L63/1425 , H04L63/1433
摘要： A system and methods for detecting intrusions in the operation of a computer system comprising a sensor configured to gather information regarding the operation of the computer system, to format the information in a data record, and to transmit the data record. A database is configured to receive the data record from the sensor and to store the data record. A detection model generator is configured to request data records from the database, to generate an intrusion detection model, and to transmit the intrusion detection model to the database. A detector is configured to receive a data record from the sensor and to classify the data record in real-time as one of normal operation and an attack. A data analysis engine is configured to request data records from the database and to perform a data processing function on the data records.
摘要翻译：一种用于在计算机系统的操作中检测入侵的系统和方法，包括：传感器，被配置为收集关于所述计算机系统的操作的信息，将所述信息格式化在数据记录中，并传送所述数据记录。数据库被配置为从传感器接收数据记录并存储数据记录。检测模型生成器被配置为从数据库请求数据记录，生成入侵检测模型，并将入侵检测模型发送到数据库。检测器被配置为从传感器接收数据记录并将数据记录实时分类为正常操作和攻击之一。数据分析引擎被配置为从数据库请求数据记录并对数据记录执行数据处理功能。

77. 发明申请

US20100064369A1 METHODS, MEDIA, AND SYSTEMS FOR DETECTING ATTACK ON A DIGITAL PROCESSING DEVICE 有权
标题翻译：用于检测数字处理设备上的攻击的方法，媒体和系统
公开(公告)号：US20100064369A1
公开(公告)日：2010-03-11
申请号：US12406814
申请日：2009-03-18
申请人： Salvatore J. Stolfo , Wei-Jen Li , Angelos D. Keromylis , Elli Androulaki
发明人： Salvatore J. Stolfo , Wei-Jen Li , Angelos D. Keromylis , Elli Androulaki
IPC分类号： G06F21/00
CPC分类号： G06F21/50 , G06F21/56 , G06F21/562 , G06F21/566
摘要： Methods, media, and systems for detecting attack are provided. In some embodiments, the methods include: comparing at least part of a document to a static detection model; determining whether attacking code is included in the document based on the comparison of the document to the static detection model; executing at least part of the document; determining whether attacking code is included in the document based on the execution of the at least part of the document; and if attacking code is determined to be included in the document based on at least one of the comparison of the document to the static detection model and the execution of the at least part of the document, reporting the presence of an attack. In some embodiments, the methods include: selecting a data segment in at least one portion of an electronic document; determining whether the arbitrarily selected data segment can be altered without causing the electronic document to result in an error when processed by a corresponding program; in response to determining that the arbitrarily selected data segment can be altered, arbitrarily altering the data segment in the at least one portion of the electronic document to produce an altered electronic document; and determining whether the corresponding program produces an error state when the altered electronic document is processed by the corresponding program.
摘要翻译：提供了检测攻击的方法，媒体和系统。在一些实施例中，所述方法包括：将文档的至少一部分与静态检测模型进行比较; 基于文档与静态检测模型的比较来确定攻击代码是否包括在文档中; 执行文档的至少一部分; 基于所述文档的至少一部分的执行来确定所述文档中是否包含攻击代码; 并且如果基于文档与静态检测模型的比较和文档的至少部分的执行中的至少一个来确定攻击代码被包括在文档中，则报告攻击的存在。在一些实施例中，所述方法包括：在电子文档的至少一部分中选择数据段; 确定是否可以改变任意选择的数据段，而不会导致电子文档在由相应的程序处理时导致错误; 响应于确定可以改变任意选择的数据段，任意地更改电子文档的至少一部分中的数据段以产生改变的电子文档; 以及当所述改变的电子文档被相应的程序处理时，确定相应的程序是否产生错误状态。

78. 发明申请

US20090193293A1 Systems, Methods, and Media for Outputting Data Based Upon Anomaly Detection 有权
标题翻译：基于异常检测输出数据的系统，方法和媒体
公开(公告)号：US20090193293A1
公开(公告)日：2009-07-30
申请号：US12280970
申请日：2007-02-28
申请人： Salvatore J. Stolfo , Ke Wang , Janak Parekh
发明人： Salvatore J. Stolfo , Ke Wang , Janak Parekh
IPC分类号： G06F11/00
CPC分类号： G06F21/56 , G06F21/564 , G06F2221/034 , H04L63/1416 , H04L63/1425
摘要： Systems, methods, and media for outputting data based on anomaly detection are provided. In some embodiments, methods for outputting data based on anomaly detection include: receiving a known-good dataset; storing distinct n-grams from the known-good dataset to form a binary anomaly detection model; receiving known-good new n-grams; computing a rate of receipt of distinct n-grams in the new n-grams; determining whether further training of the anomaly detection model is necessary based on the rate of receipt on distinct n-grams; using the binary anomaly detection model to determine whether an input dataset contains an anomaly; and outputting the input dataset based on whether the input dataset contains an anomaly.
摘要翻译：提供了基于异常检测输出数据的系统，方法和媒体。在一些实施例中，用于基于异常检测输出数据的方法包括：接收已知的数据集; 从已知的数据集中存储不同的n-gram，形成二进制异常检测模型; 接收已知好的新n克; 计算在新的n克中收到不同n克的比率; 根据不同n-gram的收货率确定是否需要进一步训练异常检测模型; 使用二进制异常检测模型来确定输入数据集是否包含异常; 以及基于输入数据集是否包含异常来输出输入数据集。

79. 发明授权

US07277961B1 Method and system for obscuring user access patterns using a buffer memory 失效
标题翻译：使用缓冲存储器模糊用户访问模式的方法和系统
公开(公告)号：US07277961B1
公开(公告)日：2007-10-02
申请号：US09703213
申请日：2000-10-31
申请人： Jonathan M. Smith , Salvatore J. Stolfo , Jeffrey C. Sherwin , Jeffrey D. Chung , Andreas L. Prodromidis
发明人： Jonathan M. Smith , Salvatore J. Stolfo , Jeffrey C. Sherwin , Jeffrey D. Chung , Andreas L. Prodromidis
IPC分类号： G06F15/173
CPC分类号： G06Q20/20 , G06F21/6245 , H04L63/0407
摘要： A method and system for obscuring user requests for information in a computer network. A user request for information, aimed at another network member, is routed to a first cache memory. If the first cache memory contains the requested information, the cache returns the requested information in response to the user request without releasing the user request to the network member. If the first cache memory does not contain the requested information, a first reference editing function edits user identity information contained in the request, resulting in an edited request with obscured identity information. The edited request is then released to the network member and the requested information is received by the user from the network member. A copy of the requested information is stored in the first cache memory. In this method and system, user privacy is enhanced because user requests for information that can be satisfied by information stored in the cache memory are not revealed to other network members, and user requests that cannot be satisfied by the cache memory are obscured by the reference editing function prior to release to other network members. A software program and system for implementing the method are also disclosed.
摘要翻译：一种用于遮蔽用户在计算机网络中的信息请求的方法和系统。针对另一网络成员的用户对信息的请求被路由到第一高速缓冲存储器。如果第一高速缓存存储器包含所请求的信息，则高速缓存响应于用户请求返回所请求的信息，而不向网络成员释放用户请求。如果第一高速缓冲存储器不包含所请求的信息，则第一参考编辑功能编辑包含在请求中的用户身份信息，导致编辑的请求具有隐蔽的身份信息。所编辑的请求然后被释放到网络成员，并且所请求的信息被用户从网络成员接收。所请求信息的副本存储在第一高速缓冲存储器中。在该方法和系统中，增强了用户隐私，因为用户对存储在高速缓冲存储器中的信息可以满足的信息请求不会被其他网络成员泄露，并且高速缓冲存储器不能满足的用户请求被参考编辑功能之前发布给其他网络成员。还公开了一种用于实现该方法的软件程序和系统。

80. 发明申请

US20190190943A1 Methods, Systems and Media for Evaluating Layered Computer Security Products 审中-公开
公开(公告)号：US20190190943A1
公开(公告)日：2019-06-20
申请号：US16047427
申请日：2018-07-27
申请人： Nathaniel Gordon Boggs , Salvatore J. Stolfo
发明人： Nathaniel Gordon Boggs , Salvatore J. Stolfo
IPC分类号： H04L29/06 , H04L9/08
CPC分类号： H04L63/1433 , H04L9/08 , H04L43/028 , H04L63/1416 , H04L63/1425 , H04L63/1491
摘要： Methods, systems and media for evaluating layered computer security products are provided. In some embodiments, the method comprises: (a) identifying portions of attack data associated with an attack; (b) linking the portions of attack data; (c) testing security products using the linked attack data, at least two of the security products using different portions of the linked attack data; (d) storing the results of the testing; (e) repeating (a)-(d) for multiple attacks; receiving information identifying a subset of the security products from a remote computing device; identifying a first set of detected attacks for each of the plurality of security product using the stored results; determining a number of attacks in a union of each of the first sets of identified attacks; determining a detection rate for the identified security products based on the union and the number of tested attacks; and causing the detection rate to be presented.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式