专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08443095B1 User space data stream parsing using TCP/IP information 失效
标题翻译：用户空间数据流解析使用TCP / IP信息
公开(公告)号：US08443095B1
公开(公告)日：2013-05-14
申请号：US11315949
申请日：2005-12-21
申请人： Chun-Da Wu , Chia-Chi Chang
发明人： Chun-Da Wu , Chia-Chi Chang
IPC分类号： G06F15/16 , G06F15/173
CPC分类号： H04L67/02 , H04L69/16 , H04L69/22
摘要： Techniques for efficiently determining the boundary between files and for ascertaining the difference between a HEAD response and a GET response. Embodiments of the invention only need to check the responses from the server, instead of having to check to both the responses from the server and the requests from the client, in order to ascertain the boundary between files and to ascertain whether a response from the server is a HEAD response or a GET response.
摘要翻译：用于有效地确定文件之间的边界并确定HEAD响应和GET响应之间的差异的技术。本发明的实施例仅需要检查来自服务器的响应，而不是必须检查来自服务器的响应和来自客户端的请求，以便确定文件之间的边界并且确定来自服务器的响应是HEAD响应或GET响应。

2. 发明授权

US08370931B1 Multi-behavior policy matching for malware detection 有权
标题翻译：用于恶意软件检测的多行为策略匹配
公开(公告)号：US08370931B1
公开(公告)日：2013-02-05
申请号：US12212250
申请日：2008-09-17
申请人： Hao-Liang Chien , Ming-Chang Shih , Chun-Da Wu
发明人： Hao-Liang Chien , Ming-Chang Shih , Chun-Da Wu
IPC分类号： G06F11/00
CPC分类号： G06F11/3072 , G06F21/566
摘要： Multi-behavior matching in a computer system is performed in order to identify suspicious sequences of activities. System behavior is captured using driver hooks. A behavior monitoring system determines the process to which the system behavior belongs by processing a table. This includes using the process ID and thread ID of the system behavior as lookups into the table. A multi-behavior matching algorithm is applied to determine if there is any matching suspicious behavior by matching sets of rules (a policy) to system events caused by a particular process. A state machine is used to keep track of matching policies. Options to the rules and policies (such as “offset,” “depth,” “distance,” “within,” “ordered” and “occurrence/interval”) are used to refine when a rule or policy is allowed to produce a positive match, reducing false positives.
摘要翻译：执行计算机系统中的多行为匹配以便识别活动的可疑序列。使用驱动程序钩子捕获系统行为。行为监控系统通过处理表来确定系统行为所属的过程。这包括将进程ID和系统行为的线程ID用作表中的查找。应用多行为匹配算法来确定是否存在与特定进程引起的系统事件匹配的规则集（策略）是否存在任何匹配的可疑行为。状态机用于跟踪匹配策略。使用规则和策略的选项（如偏移量，深度，距离，内部，有序和出现/间隔）来优化何时允许规则或策略产生正匹配，从而减少误报。

3. 发明授权

US08079085B1 Reducing false positives during behavior monitoring 有权
标题翻译：行为监测期间减少误报
公开(公告)号：US08079085B1
公开(公告)日：2011-12-13
申请号：US12254599
申请日：2008-10-20
申请人： Chun-Da Wu , Ming-Yan Sun , Chien-Hua Lu
发明人： Chun-Da Wu , Ming-Yan Sun , Chien-Hua Lu
IPC分类号： G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00 , G06F7/04 , G06F17/30 , G06F11/30 , H04N7/16
CPC分类号： G06F21/56 , G06F21/55 , G06F21/566
摘要： A program installed on a computer system registers and is placed on an installed program list or an uninstall software list. A check of the uninstall software list (USL) is added as a secondary verification mechanism to a behavior monitoring engine. A signature-based malware scan engine may be used. If the scan engine does not flag the file as malware, then the behavior monitoring engine monitors the activities performed by the underlying application. When the behavior monitoring engine flags an activity as potentially suspicious, the USL is checked to determine if the application running the process is on the USL. If so, then the process is treated as legitimate and there is no need to alert the user. Only if both the behavior is flagged as suspicious and the application performing the behavior is not on the USL will the user receive an alert as to the potential malware.
摘要翻译：安装在计算机系统上的程序注册并放置在已安装的程序列表或卸载软件列表中。将卸载软件列表（USL）的检查作为辅助验证机制添加到行为监视引擎。可以使用基于签名的恶意软件扫描引擎。如果扫描引擎不将文件标记为恶意软件，则行为监视引擎将监视底层应用程序执行的活动。当行为监视引擎将活动标记为潜在可疑时，将检查USL以确定运行该进程的应用程序是否在USL上。如果是这样，那么该过程被视为合法的，并且不需要提醒用户。只有当这两个行为被标记为可疑且执行该行为的应用程序不在USL上时，用户将收到关于潜在恶意软件的警报。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式