专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20100077481A1 COLLECTING AND ANALYZING MALWARE DATA 有权
标题翻译：收集和分析恶意软件数据
公开(公告)号：US20100077481A1
公开(公告)日：2010-03-25
申请号：US12234717
申请日：2008-09-22
申请人： Alexey Polyakov , Marc Seinfeld , Jigar J. Mody , Ning Sun , Tony Lee , Chengyun Chu
发明人： Alexey Polyakov , Marc Seinfeld , Jigar J. Mody , Ning Sun , Tony Lee , Chengyun Chu
IPC分类号： G06F21/00
CPC分类号： G06F21/552 , G06F21/568
摘要： A malware analysis system is described that provides information about malware execution history on a client computer and allows automated back-end analysis for faster creation of identification signatures and removal instructions. The malware analysis system collects threat information on client computers and sends the threat information to a back-end analysis component for automated analysis. The back-end analysis component analyzes the threat information by comparing the threat information to information about known threats. The system builds a signature for identifying the threat family and a mitigation script for neutralizing the threat. The system sends the signature and mitigation data to client computers, which use the information to mitigate the threat. Thus, the malware analysis system detects and mitigates threats more quickly than previous systems by reducing the burden on technicians to manually create environments for reproducing the threats and manually analyze the threat behavior.
摘要翻译：描述了恶意软件分析系统，其提供关于客户端计算机上的恶意软件执行历史的信息，并允许自动后端分析，以更快地创建身份签名和删除指令。恶意软件分析系统在客户端计算机上收集威胁信息，并将威胁信息发送到后端分析组件进行自动分析。后端分析组件通过将威胁信息与已知威胁信息进行比较来分析威胁信息。该系统构建一个用于识别威胁系列的签名和用于中和威胁的缓解脚本。系统将签名和缓解数据发送到客户端计算机，客户端计算机使用该信息来减轻威胁。因此，恶意软件分析系统通过减轻技术人员手动创建用于再现威胁的环境并手动分析威胁行为的负担，可以更快地检测和减轻威胁。

2. 发明申请

US20070162975A1 Efficient collection of data 审中-公开
标题翻译：高效收集数据
公开(公告)号：US20070162975A1
公开(公告)日：2007-07-12
申请号：US11326890
申请日：2006-01-06
申请人： Adam Overton , Alexey Polyakov , Andrew Newman , Jason Garms , Ronald Franczyk , Scott Field , Sterling Reasor
发明人： Adam Overton , Alexey Polyakov , Andrew Newman , Jason Garms , Ronald Franczyk , Scott Field , Sterling Reasor
IPC分类号： G06F12/14
CPC分类号： H04L63/1416 , G06F21/561
摘要： Generally described, a method, software system, and computer-readable medium are provided for efficiently collecting data this useful in developing software systems to identify and protect against malware. In accordance with one embodiment, a method for collecting data to determine whether a malware is propagating in a networking environment is provided. More specifically, the method includes receiving preliminary data sets at a server computer from a plurality of client computers that describes attributes of a potential malware. Then a determination is made regarding whether secondary data is needed to implement systems for protecting against the potential malware. If secondary data is needed, the method causes the secondary data to be collected when an additional preliminary data set is received from a client computer.
摘要翻译：通常描述，提供了一种方法，软件系统和计算机可读介质，用于有效地收集在开发软件系统中有用的数据，以识别和防止恶意软件。根据一个实施例，提供了一种用于收集数据以确定恶意软件是否在网络环境中传播的方法。更具体地说，该方法包括从描述潜在恶意软件的属性的多个客户端计算机在服务器计算机处接收初始数据集。然后确定是否需要辅助数据来实施防止潜在恶意软件的系统。如果需要辅助数据，则当从客户端计算机接收到附加的初始数据集时，该方法将导致辅助数据被收集。

3. 发明申请

US20080016572A1 Malicious software detection via memory analysis 审中-公开
标题翻译：通过内存分析进行恶意软件检测
公开(公告)号：US20080016572A1
公开(公告)日：2008-01-17
申请号：US11485066
申请日：2006-07-12
申请人： Ryan M. Burkhardt , Alexey Polyakov
发明人： Ryan M. Burkhardt , Alexey Polyakov
IPC分类号： G06F12/14
CPC分类号： G06F21/57
摘要： To detect the presence of malicious software in a system, selected data in memory of the system is stored in a designated storage location and analyzed by a known safe operating system. In an example configuration, a snapshot of system memory is downloaded to a dedicated device coupled to the motherboard of the system. A clean, uncorrupted operating system is loaded into the dedicated device, and the snapshot is analyzed utilizing the clean operating system. If malicious software is detected, the system is repaired using the clean operating system. In an example embodiment, this process is initiated when the system goes into a hibernation state, and/or during a system restoration operation.
摘要翻译：为了检测系统中是否存在恶意软件，系统存储器中的选定数据被存储在指定的存储位置并由已知的安全操作系统进行分析。在示例配置中，将系统存储器的快照下载到耦合到系统主板的专用设备。一个干净，不破坏的操作系统被加载到专用设备中，并且使用干净的操作系统来分析快照。如果检测到恶意软件，则使用干净的操作系统修复系统。在示例实施例中，当系统进入休眠状态时和/或在系统恢复操作期间启动该过程。

4. 发明申请

US20070055711A1 Generic rootkit detector 有权
标题翻译：通用rootkit检测器
公开(公告)号：US20070055711A1
公开(公告)日：2007-03-08
申请号：US11210565
申请日：2005-08-24
申请人： Alexey Polyakov , Neil Cowie
发明人： Alexey Polyakov , Neil Cowie
IPC分类号： G06F17/30
CPC分类号： G06F21/566
摘要： A generic RootKit detector is disclosed that identifies when a malware, commonly known as RootKit, is resident on a computer. In one embodiment, the generic RootKit detector performs a method that compares the properties of different versions of a library used by the operating system to provide services to an application program. In this regard, when a library is loaded into memory, an aspect of the generic RootKit detector compares two versions of the library; a potentially infected version in memory and a second version stored in a protected state on a storage device. If certain properties of the first version of the library are different from the second version, a determination is made that a RootKit is infection the computer.
摘要翻译：公开了通用的RootKit检测器，其识别通常称为RootKit的恶意软件何时驻留在计算机上。在一个实施例中，通用RootKit检测器执行一种比较操作系统使用的库的不同版本的属性以向应用程序提供服务的方法。在这方面，当一个库加载到内存中时，通用RootKit检测器的一个方面比较了库的两个版本; 存储器中的潜在受感染版本和存储在存储设备上的受保护状态的第二版本。如果库的第一个版本的某些属性与第二个版本不同，则确定RootKit会感染计算机。

5. 发明授权

US08667583B2 Collecting and analyzing malware data 有权
标题翻译：收集和分析恶意软件数据
公开(公告)号：US08667583B2
公开(公告)日：2014-03-04
申请号：US12234717
申请日：2008-09-22
申请人： Alexey Polyakov , Marc Seinfeld , Jigar J. Mody , Ning Sun , Tony Lee , Chengyun Chu
发明人： Alexey Polyakov , Marc Seinfeld , Jigar J. Mody , Ning Sun , Tony Lee , Chengyun Chu
IPC分类号： G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00
CPC分类号： G06F21/552 , G06F21/568
摘要： A malware analysis system is described that provides information about malware execution history on a client computer and allows automated back-end analysis for faster creation of identification signatures and removal instructions. The malware analysis system collects threat information on client computers and sends the threat information to a back-end analysis component for automated analysis. The back-end analysis component analyzes the threat information by comparing the threat information to information about known threats. The system builds a signature for identifying the threat family and a mitigation script for neutralizing the threat. The system sends the signature and mitigation data to client computers, which use the information to mitigate the threat. Thus, the malware analysis system detects and mitigates threats more quickly than previous systems by reducing the burden on technicians to manually create environments for reproducing the threats and manually analyze the threat behavior.
摘要翻译：描述了恶意软件分析系统，其提供关于客户端计算机上的恶意软件执行历史的信息，并允许自动后端分析，以更快地创建身份签名和删除指令。恶意软件分析系统在客户端计算机上收集威胁信息，并将威胁信息发送到后端分析组件进行自动分析。后端分析组件通过将威胁信息与已知威胁信息进行比较来分析威胁信息。该系统构建一个用于识别威胁系列的签名和用于中和威胁的缓解脚本。系统将签名和缓解数据发送到客户端计算机，客户端计算机使用该信息来减轻威胁。因此，恶意软件分析系统通过减轻技术人员手动创建用于再现威胁的环境并手动分析威胁行为的负担，可以更快地检测和减轻威胁。

6. 发明申请

US20060294592A1 Automated rootkit detector 有权
公开(公告)号：US20060294592A1
公开(公告)日：2006-12-28
申请号：US11170792
申请日：2005-06-28
申请人： Alexey Polyakov , Gretchen Loihle , Mihai Costea , Robert Hensing , Scott Field , Vincent Orgovan , Yi-Min Wang , Yun Lin
发明人： Alexey Polyakov , Gretchen Loihle , Mihai Costea , Robert Hensing , Scott Field , Vincent Orgovan , Yi-Min Wang , Yun Lin
IPC分类号： G06F12/14
CPC分类号： G06F21/566
摘要： Embodiments of a RootKit detector are directed to identifying a RootKit on a computer that is designed to conceal malware. Aspects of the RootKit detector leverage services provided by kernel debugger facilities to automatically obtain data in specified data structures that are maintained by an operating system. Then the data obtained from the kernel debugger facilities is processed with an integrity checker that determines whether the data contains properties sufficient to declare that a RootKit is resident on the computer.

7. 发明申请

US20070180530A1 Unwanted file modification and transactions 有权
标题翻译：不需要的文件修改和事务
公开(公告)号：US20070180530A1
公开(公告)日：2007-08-02
申请号：US11377713
申请日：2006-03-15
申请人： Surendra Verma , Dana Groff , Jonathan Cargille , Andrew Herron , Christian Allred , Neal Christiansen , Alexey Polyakov
发明人： Surendra Verma , Dana Groff , Jonathan Cargille , Andrew Herron , Christian Allred , Neal Christiansen , Alexey Polyakov
IPC分类号： G06F12/14
CPC分类号： G06F21/566 , G06F21/56 , Y10S707/99945 , Y10S707/99953
摘要： Aspects of the subject matter described herein relate to antivirus protection and transactions. In aspects, a filter detects that a file is participating in a transaction and then may cause the file to be scanned together with any changes that have made to the file during the transaction. After a file is scanned, a cache entry may be updated to indicate that the file is clean. The cache entry may be used subsequently for like-type states. For example, if the file was scanned inside a transaction, the cache entry may be used later in the transaction. If the file was scanned outside a transaction, the cache entry may be used later for requests pertaining to files not in a transaction. Cache entries may be discarded when they are invalid or no longer useful.
摘要翻译：本文所述主题的方面涉及防病毒保护和交易。在方面，过滤器检测到文件正在参与事务，然后可能导致文件与事务中对文件所做的任何更改一起进行扫描。扫描文件后，可能会更新缓存条目以指示文件干净。缓存条目可以随后用于类型状态。例如，如果文件在事务中被扫描，则高速缓存条目可以在事务中稍后使用。如果文件在事务之外被扫描，则缓存条目可以稍后用于与不在事务中的文件相关的请求。缓存条目无效或不再有用时可能会被丢弃。

8. 发明申请

US20070136455A1 APPLICATION BEHAVIORAL CLASSIFICATION 有权
标题翻译：应用行为分类
公开(公告)号：US20070136455A1
公开(公告)日：2007-06-14
申请号：US11608625
申请日：2006-12-08
申请人： Tony Lee , Jigar Mody , Ying Lin , Adrian Marinescu , Alexey Polyakov
发明人： Tony Lee , Jigar Mody , Ying Lin , Adrian Marinescu , Alexey Polyakov
IPC分类号： G06F15/173
CPC分类号： G06F21/564
摘要： The present invention is directed to a method and system for automatically classifying an application into an application group which is previously classified in a knowledge base. More specifically, a runtime behavior of an application is captured as a series of events which are monitored and recorded during the execution of the application. The series of events are analyzed to find a proper application group which shares common runtime behavior patterns with the application. The knowledge base of application groups is previously constructed based on a large number of sample applications. The construction of the knowledge base is done in such a manner that each sample application can be classified into application groups based on a set of classification rules in the knowledge base. The set of classification rules are applied to a new application in order to classify the new application into one of the application groups.
摘要翻译：本发明涉及一种用于将应用程序自动分类为先前分类到知识库中的应用组的方法和系统。更具体地，应用程序的运行时行为被捕获为在应用程序的执行期间被监视和记录的一系列事件。分析一系列事件，以找到与应用程序共享公共运行时行为模式的正确应用程序组。基于大量示例应用程序，先前构建了应用程序组的知识库。以知识库中的一组分类规则将每个样本应用程序分类到应用组中的方式进行知识库的构建。将一组分类规则应用于新应用程序，以便将新应用程序分类到其中一个应用程序组中。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式