会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 1. 发明授权
    • Optimizing performance of integrity monitoring
    • 优化完整性监控的性能
    • US08949797B2
    • 2015-02-03
    • US12761952
    • 2010-04-16
    • Najwa AarajMihai ChristodorescuDimitrios PendarakisReiner SailerDouglas L. Schales
    • Najwa AarajMihai ChristodorescuDimitrios PendarakisReiner SailerDouglas L. Schales
    • G06F9/44G06F9/45G06F21/56G06F21/55
    • G06F21/566G06F21/554G06F21/563
    • A system, method and computer program product for verifying integrity of a running application program on a computing device. The method comprises: determining entry points into an application programs processing space that impact proper execution impact program integrity; mapping data elements reachable from the determined entry points into a memory space of a host system where the application to verify is running; run-time monitoring, in the memory space, potential modification of the data elements in a manner potentially breaching program integrity; and initiating a response to the potential modification. The run-time monitoring detects when a data transaction, e.g., a write event, reaches a malicious agent's entry point, a corresponding memory hook is triggered and control is passed to a security agent running outside the monitored system. This agent requests the values of the data elements, and determines if invariants that have been previously computed hold true or not under the set of retrieved data values.
    • 一种用于验证计算设备上正在运行的应用程序的完整性的系统,方法和计算机程序产品。 该方法包括:将入口点确定为影响适当执行影响程序完整性的应用程序处理空间; 将从所确定的入口点到达的数据元素映射到要验证的应用正在运行的主机系统的存储器空间中; 在存储器空间中的运行时监视,以潜在地破坏程序完整性的方式潜在地修改数据元素; 并启动对潜在修改的响应。 运行时监视检测数据事务(例如写入事件)何时到达恶意代理的入口点,触发对应的存储器钩子,并将控制传递到在被监视系统外部运行的安全代理。 该代理请求数据元素的值,并确定先前计算的不变量是否在检索的数据值集合之前成立。
    • 2. 发明申请
    • PREDICTING ATTACKS BASED ON PROBABILISTIC GAME-THEORY
    • 基于概率游戏理论预测攻击
    • US20130318616A1
    • 2013-11-28
    • US13487774
    • 2012-06-04
    • Mihai ChristodorescuDmytro KorzhykReiner SailerDouglas L SchalesMarc Ph StoecklinTing Wang
    • Mihai ChristodorescuDmytro KorzhykReiner SailerDouglas L SchalesMarc Ph StoecklinTing Wang
    • G06F21/00
    • G06F21/00G06F21/552G06Q10/06375H04L63/1408H04L63/20
    • Systems for determining cyber-attack target include a network monitor module configured to collect network event information from sensors in one or more network nodes; a processor configured to extract information regarding an attacker from the network event information, to form an attack scenario tree that encodes network topology and vulnerability information including a plurality of paths from known compromised nodes to a set of potential targets, to calculate a likelihood for each of the paths, to calculate a probability distribution for the set of potential targets to determine which potential targets are most likely pursued by the attacker, to calculate a probability distribution over a set of nodes and node vulnerability types already accessed by the attacker, and to determine a network graph edge to remove that minimizes a defender's expected uncertainty over the potential targets; and a network management module configured to remove the determined network graph edge.
    • 用于确定网络攻击目标的系统包括被配置为从一个或多个网络节点中的传感器收集网络事件信息的网络监视器模块; 处理器,其被配置为从网络事件信息中提取关于攻击者的信息,以形成将网络拓扑和脆弱性信息编码的攻击场景树,所述攻击场景树包括从已知的受损节点到一组潜在目标的多个路径,以计算每个 的路径,以计算潜在目标集合的概率分布,以确定攻击者最有可能追查哪些潜在目标,以计算攻击者已经访问的一组节点和节点漏洞类型的概率分布,以及 确定一个网络图边缘去除,使防守者对潜在目标的预期不确定性最小化; 以及被配置为去除所确定的网络图边缘的网络管理模块。
    • 4. 发明申请
    • OPTIMIZING PERFORMANCE OF INTEGRITY MONITORING
    • 优化性能监测
    • US20110258610A1
    • 2011-10-20
    • US12761952
    • 2010-04-16
    • Najwa AarajMihai ChristodorescuDimitrios PendarakisReiner SailerDouglas L. Schales
    • Najwa AarajMihai ChristodorescuDimitrios PendarakisReiner SailerDouglas L. Schales
    • G06F11/30G06F9/44
    • G06F21/566G06F21/554G06F21/563
    • A system, method and computer program product for verifying integrity of a running application program on a computing device. The method comprises: determining entry points into an application programs processing space that impact proper execution impact program integrity; mapping data elements reachable from the determined entry points into a memory space of a host system where the application to verify is running; run-time monitoring, in the memory space, potential modification of the data elements in a manner potentially breaching program integrity; and initiating a response to the potential modification. The run-time monitoring detects when a data transaction, e.g., a write event, reaches a malicious agent's entry point, a corresponding memory hook is triggered and control is passed to a security agent running outside the monitored system. This agent requests the values of the data elements, and determines if invariants that have been previously computed hold true or not under the set of retrieved data values.
    • 一种用于验证计算设备上正在运行的应用程序的完整性的系统,方法和计算机程序产品。 该方法包括:将入口点确定为影响适当执行影响程序完整性的应用程序处理空间; 将从所确定的入口点到达的数据元素映射到要验证的应用正在运行的主机系统的存储器空间中; 在存储器空间中的运行时监视,以潜在地破坏程序完整性的方式潜在地修改数据元素; 并启动对潜在修改的响应。 运行时监视检测数据事务(例如写入事件)何时到达恶意代理的入口点,触发对应的存储器钩子,并将控制传递到在被监视系统外部运行的安全代理。 该代理请求数据元素的值,并确定先前计算的不变量是否在检索的数据值集合下保持为真。