专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

81. 发明授权

US11106799B2 Methods, media, and systems for detecting an anomalous sequence of function calls 有权
公开(公告)号：US11106799B2
公开(公告)日：2021-08-31
申请号：US16579318
申请日：2019-09-23
申请人： Angelos D. Keromytis , Salvatore J. Stolfo
发明人： Angelos D. Keromytis , Salvatore J. Stolfo
IPC分类号： G06F21/56 , G06F21/57 , G06F11/08 , G06F21/55 , G06F11/36 , G06N7/00 , H04L29/06
摘要： Methods, media, and systems for detecting an anomalous sequence of function calls are provided. The methods can include compressing a sequence of function calls made by the execution of a program using a compression model; and determining the presence of an anomalous sequence of function calls in the sequence of function calls based on the extent to which the sequence of function calls is compressed. The methods can further include executing at least one known program; observing at least one sequence of function calls made by the execution of the at least one known program; assigning each type of function call in the at least one sequence of function calls made by the at least one known program a unique identifier; and creating at least part of the compression model by recording at least one sequence of unique identifiers.

82. 发明申请

US20210051176A1 SYSTEMS AND METHODS FOR PROTECTION FROM PHISHING ATTACKS 有权
公开(公告)号：US20210051176A1
公开(公告)日：2021-02-18
申请号：US16995783
申请日：2020-08-17
申请人： Salvatore J. Stolfo , Shlomo Hershkop
发明人： Salvatore J. Stolfo , Shlomo Hershkop
IPC分类号： H04L29/06 , G06N20/00 , G06K9/62
摘要： Systems and methods used to thwart attackers' attempts to steal digital credentials from computer network users and protect users from credential and identity theft via website spoofing and phishing campaigns.

83. 发明申请

US20180077165A1 METHODS, MEDIA, AND SYSTEMS FOR SECURING COMMUNICATIONS BETWEEN A FIRST NODE AND A SECOND NODE 审中-公开
公开(公告)号：US20180077165A1
公开(公告)日：2018-03-15
申请号：US15587763
申请日：2017-05-05
申请人： Salvatore J. Stolfo , Gabriela F. Ciocarlie , Vanessa Frias-Martinez , Janak Parekh , Angelos D. Keromytis , Joseph Sherrick
发明人： Salvatore J. Stolfo , Gabriela F. Ciocarlie , Vanessa Frias-Martinez , Janak Parekh , Angelos D. Keromytis , Joseph Sherrick
IPC分类号： H04L29/06
CPC分类号： H04L63/102 , H04L63/145
摘要： Methods, media, and systems for securing communications between a first node and a second node are provided. In some embodiments, methods for securing communication between a first node and a second node are provided. The methods comprising: receiving at least one model of behavior of the second node at the first node; and authorizing the first node to receive traffic from the second node based on the difference between the at least one model of behavior of the second node and at least one model of behavior of the first node.

84. 发明申请

US20170031883A1 SYSTEMS AND METHODS FOR CONTENT EXTRACTION FROM A MARK-UP LANGUAGE TEXT ACCESSIBLE AT AN INTERNET DOMAIN 审中-公开
标题翻译：用于在互联网域可访问的标记语言文本的内容提取的系统和方法
公开(公告)号：US20170031883A1
公开(公告)日：2017-02-02
申请号：US15187577
申请日：2016-06-20
申请人： Suhit Gupta , Gail Kaiser , Salvatore J. Stolfo
发明人： Suhit Gupta , Gail Kaiser , Salvatore J. Stolfo
IPC分类号： G06F17/22 , G06F17/30
CPC分类号： G06F17/2247 , G06F17/30864 , G06F17/30908 , G06F17/30914
摘要： Systems and methods are presented for content extraction from markup language text. The content extraction process may parse markup language text into a hierarchical data model and then apply one or more filters. Output filters may be used to make the process more versatile. The operation of the content extraction process and the one or more filters may be controlled by one or more settings set by a user, or automatically by a classifier. The classifier may automatically enter settings by classifying markup language text and entering settings based on this classification. Automatic classification may be performed by clustering unclassified markup language texts with previously classified markup language texts.
摘要翻译：介绍了从标记语言文本中提取内容的系统和方法。内容提取过程可以将标记语言文本解析成分层数据模型，然后应用一个或多个过滤器。输出滤波器可用于使该过程更加通用。内容提取处理和一个或多个过滤器的操作可以由用户设置的一个或多个设置或由分类器自动地控制。分类器可以通过分类标记语言文本并根据此分类输入设置来自动输入设置。可以通过将未分类的标记语言文本与先前分类的标记语言文本进行聚类来执行自动分类。

85. 发明申请

US20150326597A1 SYSTEMS, METHODS, AND MEDIA FOR GENERATING SANITIZED DATA, SANITIZING ANOMALY DETECTION MODELS, AND/OR GENERATING SANITIZED ANOMALY DETECTION MODELS 审中-公开
标题翻译：用于生成消毒数据的系统，方法和媒体，消除异常检测模型和/或生成经过化验的异常检测模型
公开(公告)号：US20150326597A1
公开(公告)日：2015-11-12
申请号：US14798006
申请日：2015-07-13
申请人： Gabriela F. Ciocarlie , Angelos Stavrou , Salvatore J. Stolfo , Angelos D. Keromytis
发明人： Gabriela F. Ciocarlie , Angelos Stavrou , Salvatore J. Stolfo , Angelos D. Keromytis
IPC分类号： H04L29/06
CPC分类号： H04L63/1425 , G06N99/005 , H04L63/14
摘要： Systems, methods, and media for generating sanitized data, sanitizing anomaly detection models, and generating anomaly detection models are provided. In some embodiments, methods for sanitizing anomaly detection models are provided. The methods including: receiving at least one abnormal anomaly detection model from at least one remote location; comparing at least one of the at least one abnormal anomaly detection model to a local normal detection model to produce a common set of features common to both the at least one abnormal anomaly detection model and the local normal detection model; and generating a sanitized normal anomaly detection model by removing the common set of features from the local normal detection model.
摘要翻译：提供了生成消毒数据，消毒异常检测模型和生成异常检测模型的系统，方法和介质。在一些实施例中，提供了用于消毒异常检测模型的方法。所述方法包括：从至少一个远程位置接收至少一个异常异常检测模型; 将所述至少一个异常异常检测模型中的至少一个与本地正常检测模型进行比较，以产生所述至少一个异常异常检测模型和所述局部正常检测模型共同的共同特征集合; 并通过从局部正态检测模型中去掉共同的特征集，产生消毒的正常异常检测模型。

86. 发明授权

US08601322B2 Methods, media, and systems for detecting anomalous program executions 有权
标题翻译：用于检测异常程序执行的方法，介质和系统
公开(公告)号：US08601322B2
公开(公告)日：2013-12-03
申请号：US13301741
申请日：2011-11-21
申请人： Salvatore J. Stolfo , Angelos D. Keromytis , Stylianos Sidiroglou
发明人： Salvatore J. Stolfo , Angelos D. Keromytis , Stylianos Sidiroglou
IPC分类号： G06F11/00
CPC分类号： G06F11/0772 , G06F11/0718 , G06F11/0751 , G06F11/079 , G06F11/3652
摘要： Methods, media, and systems for detecting anomalous program executions are provided. In some embodiments, methods for detecting anomalous program executions are provided, comprising: executing at least a part of a program in an emulator; comparing a function call made in the emulator to a model of function calls for the at least a part of the program; and identifying the function call as anomalous based on the comparison. In some embodiments, methods for detecting anomalous program executions are provided, comprising: modifying a program to include indicators of program-level function calls being made during execution of the program; comparing at least one of the indicators of program-level function calls made in the emulator to a model of function calls for the at least a part of the program; and identifying a function call corresponding to the at least one of the indicators as anomalous based on the comparison.
摘要翻译：提供了用于检测异常程序执行的方法，介质和系统。在一些实施例中，提供了用于检测异常程序执行的方法，包括：在仿真器中执行程序的至少一部分; 将在仿真器中产生的函数调用与所述程序的至少一部分的函数调用模型进行比较; 并根据比较将功能调用识别为异常。在一些实施例中，提供了用于检测异常程序执行的方法，包括：修改程序以包括程序执行期间进行的程序级函数调用的指示; 将在仿真器中进行的程序级功能调用的至少一个指标与所述程序的至少一部分的函数调用模型进行比较; 以及基于所述比较，将与所述至少一个所述指示符相对应的功能调用识别为异常。

87. 发明申请

US20130305098A1 METHODS, MEDIA, AND SYSTEMS FOR DETECTING AN ANOMALOUS SEQUENCE OF FUNCTION CALLS 有权
标题翻译：用于检测功能调用异常序列的方法，媒体和系统
公开(公告)号：US20130305098A1
公开(公告)日：2013-11-14
申请号：US13942632
申请日：2013-07-15
申请人： Angelos D. Keromytis , Salvatore J. Stolfo
发明人： Angelos D. Keromytis , Salvatore J. Stolfo
IPC分类号： G06F11/36
CPC分类号： G06F21/566 , G06F11/08 , G06F11/3688 , G06F2221/033 , G06N7/005 , H04L63/1425
摘要： Methods, media, and systems for detecting an anomalous sequence of function calls are provided. The methods can include compressing a sequence of function calls made by the execution of a program using a compression model; and determining the presence of an anomalous sequence of function calls in the sequence of function calls based on the extent to which the sequence of function calls is compressed. The methods can further include executing at least one known program; observing at least one sequence of function calls made by the execution of the at least one known program; assigning each type of function call in the at least one sequence of function calls made by the at least one known program a unique identifier; and creating at least part of the compression model by recording at least one sequence of unique identifiers.
摘要翻译：提供了用于检测函数调用异常序列的方法，介质和系统。该方法可以包括通过使用压缩模型来压缩由程序执行所产生的函数调用序列; 以及基于函数调用序列被压缩的程度来确定功能调用序列中函数调用的异常序列的存在。所述方法还可以包括执行至少一个已知程序; 观察由所述至少一个已知节目的执行而进行的至少一个函数调用序列; 在由所述至少一个已知程序进行的所述至少一个功能调用序列中分配每种类型的功能调用唯一标识符; 以及通过记录至少一个唯一标识符序列来创建所述压缩模型的至少一部分。

88. 发明授权

US08544087B1 Methods of unsupervised anomaly detection using a geometric framework 有权
标题翻译：使用几何框架进行无监督异常检测的方法
公开(公告)号：US08544087B1
公开(公告)日：2013-09-24
申请号：US12022425
申请日：2008-01-30
申请人： Eleazar Eskin , Andrew Oliver Arnold , Michael Prerau , Leonid Portnoy , Salvatore J. Stolfo
发明人： Eleazar Eskin , Andrew Oliver Arnold , Michael Prerau , Leonid Portnoy , Salvatore J. Stolfo
IPC分类号： G06F12/14 , G06F12/16
CPC分类号： H04L41/06 , G06F21/552 , H04L41/142 , H04L63/1416
摘要： A method for unsupervised anomaly detection, which are algorithms that are designed to process unlabeled data. Data elements are mapped to a feature space which is typically a vector space . Anomalies are detected by determining which points lies in sparse regions of the feature space. Two feature maps are used for mapping data elements to a feature apace. A first map is a data-dependent normalization feature map which we apply to network connections. A second feature map is a spectrum kernel which we apply to system call traces.
摘要翻译：一种用于无监督异常检测的方法，它们是用于处理未标记数据的算法。数据元素被映射到通常是向量空间的特征空间。通过确定哪些点位于特征空间的稀疏区域来检测异常。两个特征图用于将数据元素映射到特征空间。第一张地图是我们适用于网络连接的依赖于数据的规范化特征图。第二个特征图是我们应用于系统调用轨迹的频谱内核。

89. 发明申请

US20120151270A1 METHODS, MEDIA, AND SYSTEMS FOR DETECTING ANOMALOUS PROGRAM EXECUTIONS 有权
标题翻译：检测异常程序执行的方法，媒体和系统
公开(公告)号：US20120151270A1
公开(公告)日：2012-06-14
申请号：US13301741
申请日：2011-11-21
申请人： Salvatore J. Stolfo , Angelos D. Keromytis , Stylianos Sidiroglou
发明人： Salvatore J. Stolfo , Angelos D. Keromytis , Stylianos Sidiroglou
IPC分类号： G06F11/00
CPC分类号： G06F11/0772 , G06F11/0718 , G06F11/0751 , G06F11/079 , G06F11/3652
摘要： Methods, media, and systems for detecting anomalous program executions are provided. In some embodiments, methods for detecting anomalous program executions are provided, comprising: executing at least a part of a program in an emulator; comparing a function call made in the emulator to a model of function calls for the at least a part of the program; and identifying the function call as anomalous based on the comparison. In some embodiments, methods for detecting anomalous program executions are provided, comprising: modifying a program to include indicators of program-level function calls being made during execution of the program; comparing at least one of the indicators of program-level function calls made in the emulator to a model of function calls for the at least a part of the program; and identifying a function call corresponding to the at least one of the indicators as anomalous based on the comparison.
摘要翻译：提供了用于检测异常程序执行的方法，介质和系统。在一些实施例中，提供了用于检测异常程序执行的方法，包括：在仿真器中执行程序的至少一部分; 将在仿真器中产生的函数调用与所述程序的至少一部分的函数调用模型进行比较; 并根据比较将功能调用识别为异常。在一些实施例中，提供了用于检测异常程序执行的方法，包括：修改程序以包括程序执行期间进行的程序级函数调用的指示; 将在仿真器中进行的程序级功能调用的至少一个指标与所述程序的至少一部分的函数调用模型进行比较; 以及基于所述比较，将与所述至少一个所述指示符相对应的功能调用识别为异常。

90. 发明申请

US20110167494A1 METHODS, SYSTEMS, AND MEDIA FOR DETECTING COVERT MALWARE 有权
标题翻译：检测覆盖恶意软件的方法，系统和媒体
公开(公告)号：US20110167494A1
公开(公告)日：2011-07-07
申请号：US12982984
申请日：2010-12-31
申请人： Brian M. Bowen , Pratap V. Prabhu , Vasileios P. Kemerlis , Stylianos Sidiroglou , Salvatore J. Stolfo , Angelos D. Keromytis
发明人： Brian M. Bowen , Pratap V. Prabhu , Vasileios P. Kemerlis , Stylianos Sidiroglou , Salvatore J. Stolfo , Angelos D. Keromytis
IPC分类号： G06F21/00
CPC分类号： G06F21/56 , G06F21/566 , G06F21/577 , H04L63/1441 , H04L63/1491
摘要： Methods, systems, and media for detecting covert malware are provided. In accordance with some embodiments, a method for detecting covert malware in a computing environment is provided, the method comprising: generating simulated user activity outside of the computing environment; conveying the simulated user activity to an application inside the computing environment; and determining whether a decoy corresponding to the simulated user activity has been accessed by an unauthorized entity.
摘要翻译：提供了用于检测隐蔽恶意软件的方法，系统和媒体。根据一些实施例，提供了一种用于在计算环境中检测隐匿恶意软件的方法，所述方法包括：在所述计算环境之外生成模拟用户活动; 将所述模拟用户活动传达到所述计算环境内的应用; 以及确定是否已经被未经授权的实体访问与所述模拟用户活动相对应的诱饵。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式