会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 1. 发明申请
    • Generic rootkit detector
    • 通用rootkit检测器
    • US20070055711A1
    • 2007-03-08
    • US11210565
    • 2005-08-24
    • Alexey PolyakovNeil Cowie
    • Alexey PolyakovNeil Cowie
    • G06F17/30
    • G06F21/566
    • A generic RootKit detector is disclosed that identifies when a malware, commonly known as RootKit, is resident on a computer. In one embodiment, the generic RootKit detector performs a method that compares the properties of different versions of a library used by the operating system to provide services to an application program. In this regard, when a library is loaded into memory, an aspect of the generic RootKit detector compares two versions of the library; a potentially infected version in memory and a second version stored in a protected state on a storage device. If certain properties of the first version of the library are different from the second version, a determination is made that a RootKit is infection the computer.
    • 公开了通用的RootKit检测器,其识别通常称为RootKit的恶意软件何时驻留在计算机上。 在一个实施例中,通用RootKit检测器执行一种比较操作系统使用的库的不同版本的属性以向应用程序提供服务的方法。 在这方面,当一个库加载到内存中时,通用RootKit检测器的一个方面比较了库的两个版本; 存储器中的潜在受感染版本和存储在存储设备上的受保护状态的第二版本。 如果库的第一个版本的某些属性与第二个版本不同,则确定RootKit会感染计算机。
    • 2. 发明申请
    • COLLECTING AND ANALYZING MALWARE DATA
    • 收集和分析恶意软件数据
    • US20100077481A1
    • 2010-03-25
    • US12234717
    • 2008-09-22
    • Alexey PolyakovMarc SeinfeldJigar J. ModyNing SunTony LeeChengyun Chu
    • Alexey PolyakovMarc SeinfeldJigar J. ModyNing SunTony LeeChengyun Chu
    • G06F21/00
    • G06F21/552G06F21/568
    • A malware analysis system is described that provides information about malware execution history on a client computer and allows automated back-end analysis for faster creation of identification signatures and removal instructions. The malware analysis system collects threat information on client computers and sends the threat information to a back-end analysis component for automated analysis. The back-end analysis component analyzes the threat information by comparing the threat information to information about known threats. The system builds a signature for identifying the threat family and a mitigation script for neutralizing the threat. The system sends the signature and mitigation data to client computers, which use the information to mitigate the threat. Thus, the malware analysis system detects and mitigates threats more quickly than previous systems by reducing the burden on technicians to manually create environments for reproducing the threats and manually analyze the threat behavior.
    • 描述了恶意软件分析系统,其提供关于客户端计算机上的恶意软件执行历史的信息,并允许自动后端分析,以更快地创建身份签名和删除指令。 恶意软件分析系统在客户端计算机上收集威胁信息,并将威胁信息发送到后端分析组件进行自动分析。 后端分析组件通过将威胁信息与已知威胁信息进行比较来分析威胁信息。 该系统构建一个用于识别威胁系列的签名和用于中和威胁的缓解脚本。 系统将签名和缓解数据发送到客户端计算机,客户端计算机使用该信息来减轻威胁。 因此,恶意软件分析系统通过减轻技术人员手动创建用于再现威胁的环境并手动分析威胁行为的负担,可以更快地检测和减轻威胁。
    • 4. 发明授权
    • Collecting and analyzing malware data
    • 收集和分析恶意软件数据
    • US08667583B2
    • 2014-03-04
    • US12234717
    • 2008-09-22
    • Alexey PolyakovMarc SeinfeldJigar J. ModyNing SunTony LeeChengyun Chu
    • Alexey PolyakovMarc SeinfeldJigar J. ModyNing SunTony LeeChengyun Chu
    • G06F11/00G06F12/14G06F12/16G08B23/00
    • G06F21/552G06F21/568
    • A malware analysis system is described that provides information about malware execution history on a client computer and allows automated back-end analysis for faster creation of identification signatures and removal instructions. The malware analysis system collects threat information on client computers and sends the threat information to a back-end analysis component for automated analysis. The back-end analysis component analyzes the threat information by comparing the threat information to information about known threats. The system builds a signature for identifying the threat family and a mitigation script for neutralizing the threat. The system sends the signature and mitigation data to client computers, which use the information to mitigate the threat. Thus, the malware analysis system detects and mitigates threats more quickly than previous systems by reducing the burden on technicians to manually create environments for reproducing the threats and manually analyze the threat behavior.
    • 描述了恶意软件分析系统,其提供关于客户端计算机上的恶意软件执行历史的信息,并允许自动后端分析,以更快地创建身份签名和删除指令。 恶意软件分析系统在客户端计算机上收集威胁信息,并将威胁信息发送到后端分析组件进行自动分析。 后端分析组件通过将威胁信息与已知威胁信息进行比较来分析威胁信息。 该系统构建一个用于识别威胁系列的签名和用于中和威胁的缓解脚本。 系统将签名和缓解数据发送到客户端计算机,客户端计算机使用该信息来减轻威胁。 因此,恶意软件分析系统通过减轻技术人员手动创建用于再现威胁的环境并手动分析威胁行为的负担,可以更快地检测和减轻威胁。
    • 7. 发明申请
    • APPLICATION BEHAVIORAL CLASSIFICATION
    • 应用行为分类
    • US20070136455A1
    • 2007-06-14
    • US11608625
    • 2006-12-08
    • Tony LeeJigar ModyYing LinAdrian MarinescuAlexey Polyakov
    • Tony LeeJigar ModyYing LinAdrian MarinescuAlexey Polyakov
    • G06F15/173
    • G06F21/564
    • The present invention is directed to a method and system for automatically classifying an application into an application group which is previously classified in a knowledge base. More specifically, a runtime behavior of an application is captured as a series of events which are monitored and recorded during the execution of the application. The series of events are analyzed to find a proper application group which shares common runtime behavior patterns with the application. The knowledge base of application groups is previously constructed based on a large number of sample applications. The construction of the knowledge base is done in such a manner that each sample application can be classified into application groups based on a set of classification rules in the knowledge base. The set of classification rules are applied to a new application in order to classify the new application into one of the application groups.
    • 本发明涉及一种用于将应用程序自动分类为先前分类到知识库中的应用组的方法和系统。 更具体地,应用程序的运行时行为被捕获为在应用程序的执行期间被监视和记录的一系列事件。 分析一系列事件,以找到与应用程序共享公共运行时行为模式的正确应用程序组。 基于大量示例应用程序,先前构建了应用程序组的知识库。 以知识库中的一组分类规则将每个样本应用程序分类到应用组中的方式进行知识库的构建。 将一组分类规则应用于新应用程序,以便将新应用程序分类到其中一个应用程序组中。
    • 8. 发明申请
    • Malicious software detection via memory analysis
    • 通过内存分析进行恶意软件检测
    • US20080016572A1
    • 2008-01-17
    • US11485066
    • 2006-07-12
    • Ryan M. BurkhardtAlexey Polyakov
    • Ryan M. BurkhardtAlexey Polyakov
    • G06F12/14
    • G06F21/57
    • To detect the presence of malicious software in a system, selected data in memory of the system is stored in a designated storage location and analyzed by a known safe operating system. In an example configuration, a snapshot of system memory is downloaded to a dedicated device coupled to the motherboard of the system. A clean, uncorrupted operating system is loaded into the dedicated device, and the snapshot is analyzed utilizing the clean operating system. If malicious software is detected, the system is repaired using the clean operating system. In an example embodiment, this process is initiated when the system goes into a hibernation state, and/or during a system restoration operation.
    • 为了检测系统中是否存在恶意软件,系统存储器中的选定数据被存储在指定的存储位置并由已知的安全操作系统进行分析。 在示例配置中,将系统存储器的快照下载到耦合到系统主板的专用设备。 一个干净,不破坏的操作系统被加载到专用设备中,并且使用干净的操作系统来分析快照。 如果检测到恶意软件,则使用干净的操作系统修复系统。 在示例实施例中,当系统进入休眠状态时和/或在系统恢复操作期间启动该过程。