会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 1. 发明授权
    • Systems and methods for using reputation information to evaluate the trustworthiness of files obtained via torrent transactions
    • 使用信誉信息评估通过洪流交易获得的文件的可信赖性的系统和方法
    • US08627463B1
    • 2014-01-07
    • US12880581
    • 2010-09-13
    • Adam GlickNicholas GrafSpencer Smith
    • Adam GlickNicholas GrafSpencer Smith
    • G06F11/00
    • H04L63/1408G06F17/30206G06F21/56G06F2221/033H04L63/12H04L63/1416H04L63/145
    • A computer-implemented method for using reputation information to evaluate the trustworthiness of files obtained via torrent transactions may include (1) identifying a torrent file that includes metadata for facilitating a torrent transaction for obtaining a target file via a peer-to-peer file-sharing protocol, (2) identifying at least one entity involved in the torrent transaction, (3) obtaining reputation information associated with the entity involved in the torrent transaction, wherein the reputation information identifies a community's opinion on the trustworthiness of the entity, (4) determining, based at least in part on the reputation information associated with the entity involved in the torrent transaction, that the target file represents a potential security risk, and then (5) performing a security action on the target file. Various other methods, systems, and computer-readable media are also disclosed.
    • 用于使用信誉信息来评估通过种子事务获得的文件的可信赖性的计算机实现的方法可以包括(1)识别包括元数据的torrent文件,以便于通过点对点文件获取目标文件的洪流事务, (2)确定洪流交易中涉及到的至少一个实体,(3)获取与洪流交易相关的实体相关的信誉信息,其中信誉信息识别社区对该实体的可信度的意见(4 )至少部分地基于与所述洪流事务中涉及的实体相关联的信誉信息确定所述目标文件表示潜在的安全风险,然后(5)对所述目标文件执行安全动作。 还公开了各种其它方法,系统和计算机可读介质。
    • 2. 发明授权
    • Systems and methods for detecting malware
    • 用于检测恶意软件的系统和方法
    • US08402539B1
    • 2013-03-19
    • US13227997
    • 2011-09-08
    • Joseph ChenAdam GlickJeffrey Wilhelm
    • Joseph ChenAdam GlickJeffrey Wilhelm
    • H04L29/06G06F15/16G06F11/30
    • G06F21/566H04L63/1416
    • A method for detecting malware may include 1) receiving a request to determine whether a connection from a client device to a server is being blocked, 2) attempting to connect to the server from a kernel mode of the client device, 3) determining that the client device successfully connected to the server from the kernel mode, 4) attempting to connect to the server from a user mode of the client device, 5) determining that the client device did not successfully connect to the server from the user mode, 6) determining, based on the client device successfully connecting to the server from the kernel mode and failing to connect to the server from the user mode, that malware is blocking the connection from the client device to the server, and 7) in response to determining that the malware is blocking the connection, performing at least one security action.
    • 用于检测恶意软件的方法可以包括:1)接收确定从客户端设备到服务器的连接是否被阻止的请求,2)尝试从客户端设备的内核模式连接到服务器,3) 客户端设备从内核模式成功连接到服务器,4)尝试从客户端设备的用户模式连接到服务器; 5)确定客户端设备没有从用户模式成功连接到服务器; 6) 基于客户端设备从内核模式成功地连接到服务器并且未能从用户模式连接到服务器,该恶意软件阻止从客户端设备到服务器的连接,以及7)响应于确定 恶意软件阻止连接,执行至少一个安全措施。
    • 3. 发明授权
    • Replace malicious driver at boot time
    • 在启动时更换恶意驱动程序
    • US07917952B1
    • 2011-03-29
    • US11873583
    • 2007-10-17
    • Adam GlickDavid KaneYung-Shuo Lin
    • Adam GlickDavid KaneYung-Shuo Lin
    • G06F11/00G06F12/14G06F12/16G08B23/00G06F11/30
    • G06F21/568G06F21/575
    • A malicious driver replacement application is installed on a host computer system and registered as a boot execute application. On notification of a malicious driver detection, the malicious driver replacement application reboots the host computer system and locks the volume of a storage disk containing the malicious driver. The malicious driver is replaced directly on the storage disk with a dummy driver having innocuous code. The malicious driver replacement application reboots the host computer system, and on reboot of the host computer system, the dummy driver is loaded rather than the malicious driver thus preventing the malicious driver from interfering with the standard operating system routines and allowing the malicious driver to be remediated.
    • 恶意的驱动程序更换应用程序安装在主机系统上并注册为启动执行应用程序。 在通知恶意驱动程序检测时,恶意驱动程序替换应用程序重新启动主机系统,并锁定包含恶意驱动程序的存储磁盘的卷。 恶意驱动程序直接在存储磁盘上替换为具有无害代码的虚拟驱动程序。 恶意驱动程序更换应用程序重新启动主机系统,并且在重新启动主机系统时,加载虚拟驱动程序而不是恶意驱动程序,从而防止恶意驱动程序干扰标准操作系统程序,并允许恶意驱动程序 补救
    • 5. 发明授权
    • Method and apparatus for accelerating load-point scanning
    • 用于加速加载点扫描的方法和装置
    • US08656489B1
    • 2014-02-18
    • US11864955
    • 2007-09-29
    • Adam Glick
    • Adam Glick
    • G06F21/00
    • G06F21/562G06F21/564
    • A method and apparatus for accelerating a load point scanning process. In one embodiment, the method and apparatus comprise creating, at an initial scan, a detection area map identifying files referenced by detection areas. Upon a subsequent scan, determining whether the detection area has changed with respect to the detection area map. If the detection area map has changed, re-evaluating the detection area and repopulating the detection area map entry. In another embodiment, the method and apparatus avoid rescanning files as allowed using information in a file attribute cache.
    • 一种用于加速加载点扫描过程的方法和装置。 在一个实施例中,所述方法和装置包括在初始扫描时创建识别由检测区域引用的文件的检测区域图。 在随后的扫描中,确定检测区域是否相对于检测区域图变化。 如果检测区域图已经改变,重新评估检测区域并重新填充检测区域图条目。 在另一个实施例中,该方法和装置避免使用文件属性高速缓存中的信息来允许重新扫描文件。
    • 9. 发明授权
    • Signature creation for malicious network traffic
    • 恶意网络流量的签名创建
    • US08782790B1
    • 2014-07-15
    • US12709432
    • 2010-02-19
    • Spencer SmithAdam GlickNicholas GrafUriel Mann
    • Spencer SmithAdam GlickNicholas GrafUriel Mann
    • H04L29/06
    • H04L63/1441H04L63/1416
    • An endpoint on a network uses detection data to detect a malicious software attack. The endpoint identifies content associated with the attack, such as a component of a web page, and generates a description of the content. The endpoint sends the description to a security server. The security server analyzes the content and identifies characteristics of the content that are present when the content is carried by network traffic. The security server generates a traffic signature that specifies the identified characteristics and provides the traffic signature to inspection points. The inspection points, in turn, use the traffic signature to examine network traffic passing through the inspection points to detect network traffic carrying the content. The attack detection at the endpoint thus informs the traffic signature-based detection at the inspection points and reduces the spread of malicious software.
    • 网络上的端点使用检测数据来检测恶意软件攻击。 端点识别与攻击相关联的内容,例如网页的组件,并生成内容的描述。 端点将说明发送到安全服务器。 安全服务器分析内容并识别内容由网络流量携带时存在的内容的特征。 安全服务器生成指定已识别特征的流量签名,并向检查点提供流量签名。 检查点依次使用流量签名来检查通过检查点的网络流量,以检测携带内容的网络流量。 因此,端点的攻击检测通知了检查点的基于流量签名的检测,减少了恶意软件的传播。
    • 10. 发明授权
    • Systems and methods for locating malware
    • 查找恶意软件的系统和方法
    • US08621632B1
    • 2013-12-31
    • US12470312
    • 2009-05-21
    • Spencer SmithAdam GlickNicholas Graf
    • Spencer SmithAdam GlickNicholas Graf
    • H04L29/06
    • G06F21/566H04L63/1425
    • A computer-implemented method for locating malware may include identifying a malicious behavior in a computing system. The computer-implemented method may also include determining that the malicious behavior arises from a set of interrelated executable objects. The computer-implemented method may further include identifying an executable object recently added to the set of interrelated executable objects. The computer-implemented method may additionally include attributing the malicious behavior to the recently added executable object based on when the recently added executable object was added to the set of interrelated executable objects. The computer-implemented method may also include performing a security action on the recently added executable object. Various other methods, systems, and computer-readable media are also disclosed.
    • 用于定位恶意软件的计算机实现的方法可以包括识别计算系统中的恶意行为。 计算机实现的方法还可以包括确定恶意行为是由一组相互关联的可执行对象产生的。 计算机实现的方法还可以包括识别最近添加到相关联的可执行对象集合中的可执行对象。 计算机实现的方法可以另外包括基于最近添加的可执行对象何时添加到相关联的可执行对象的集合,将恶意行为归因于最近添加的可执行对象。 计算机实现的方法还可以包括对最近添加的可执行对象执行安全动作。 还公开了各种其它方法,系统和计算机可读介质。