会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 1. 发明授权
    • Whitelist and blacklist identification data
    • 白名单和黑名单识别数据
    • US08214895B2
    • 2012-07-03
    • US11861489
    • 2007-09-26
    • Chengi Jimmy KuoJigar J. Mody
    • Chengi Jimmy KuoJigar J. Mody
    • H04L29/06
    • G06F21/564
    • Aspects of the subject matter described herein relate to identifying good files and malware based on whitelists and blacklists. In aspects, a node starts a scan of files on a data store. In conjunction with starting the scan, the node creates a data structure that indicates the directories on the data store. The node sends the data structure to a whitelist server and a blacklist server and an indication of a last successful time of communication. The whitelist and blacklist servers respond to the node with information about any new files that have been added to the directories since the last successful communication. The node may subsequently use the information to identify known good files and malware.
    • 本文描述的主题的方面涉及基于白名单和黑名单来识别良好文件和恶意软件。 在方面,节点开始对数据存储上的文件进行扫描。 结合开始扫描,节点创建一个数据结构,指示数据存储上的目录。 节点将数据结构发送到白名单服务器和黑名单服务器,并指示最后一次成功通信时间。 白名单和黑名单服务器响应节点,其中包含自上次成功通信以来添加到目录中的任何新文件的信息。 节点可以随后使用该信息来识别已知的良好文件和恶意软件。
    • 2. 发明申请
    • Whitelist and Blacklist Identification Data
    • 白名单和黑名单识别数据
    • US20090083852A1
    • 2009-03-26
    • US11861489
    • 2007-09-26
    • Chengi Jimmy KuoJigar J. Mody
    • Chengi Jimmy KuoJigar J. Mody
    • G06F11/00
    • G06F21/564
    • Aspects of the subject matter described herein relate to identifying good files and malware based on whitelists and blacklists. In aspects, a node starts a scan of files on a data store. In conjunction with starting the scan, the node creates a data structure that indicates the directories on the data store. The node sends the data structure to a whitelist server and a blacklist server and an indication of a last successful time of communication. The whitelist and blacklist servers respond to the node with information about any new files that have been added to the directories since the last successful communication. The node may subsequently use the information to identify known good files and malware.
    • 本文描述的主题的方面涉及基于白名单和黑名单来识别良好文件和恶意软件。 在方面,节点开始对数据存储上的文件进行扫描。 结合开始扫描,节点创建一个数据结构,指示数据存储上的目录。 节点将数据结构发送到白名单服务器和黑名单服务器,并指示最后一次成功通信时间。 白名单和黑名单服务器响应节点,其中包含自上次成功通信以来添加到目录中的任何新文件的信息。 节点可以随后使用该信息来识别已知的良好文件和恶意软件。
    • 4. 发明授权
    • Method of treating whitespace during virus detection
    • 病毒检测期间处理空白的方法
    • US06230288B1
    • 2001-05-08
    • US09181880
    • 1998-10-29
    • Chengi Jimmy KuoJivko KoltchevDao-Chen ZhengJoseph Peter
    • Chengi Jimmy KuoJivko KoltchevDao-Chen ZhengJoseph Peter
    • H02H305
    • G06F21/564
    • A method is provided for detecting computer viruses that infect text-based files. In accordance with a preferred embodiment, a collection of virus signatures reflecting sequences of characters or instructions known to be found in such viruses is maintained on a computer system. A virus detection program is also maintained for the purpose of comparing the contents of computer files to the virus signatures. Upon execution of the virus detection program, whitespace within text-based files is transformed such that each sequence of whitespace characters is replaced by a single whitespace character. Virus signatures of viruses known to infect text files are similarly transformed. A transformed text-based file is then searched for at least one of said virus signatures. The user is alerted to a possible virus infection if any of the virus signatures are found in a file. In another preferred embodiment, an additional collection of at least one virus signature containing sequences of characters or instructions known to be found in viruses that infect executable computer files is maintained on the computer system. A transformed text-based file is searched for at least one of the additional virus signature, which are not transformed before the search.
    • 提供了一种用于检测感染基于文本的文件的计算机病毒的方法。 根据优选实施例,在计算机系统上保持反映了在这种病毒中已知的字符序列或指令的病毒签名的集合。 还维护病毒检测程序,以便将计算机文件的内容与病毒签名进行比较。 一旦执行病毒检测程序,基于文本的文件中的空格将被转换,使得空白字符的每个序列都被单个空格字符替换。 已知感染文本文件的病毒的病毒签名也被类似地转换。 然后搜索经变换的基于文本的文件中的至少一个所述病毒签名。 如果在文件中找到任何病毒签名,用户将被警告可能的病毒感染。 在另一个优选实施例中,在计算机系统上保留了包含感染可执行计算机文件的病毒中已知存在的字符序列或指令的至少一个病毒签名的附加集合。 搜索经变换的基于文本的文件中的至少一个额外的病毒签名,其在搜索之前未被转换。
    • 7. 发明申请
    • SHARED REPOSITORY OF MALWARE DATA
    • 共享恶意数据记录
    • US20100169972A1
    • 2010-07-01
    • US12347103
    • 2008-12-31
    • Chengi Jimmy KuoMarc SeinfeldJeff Williams
    • Chengi Jimmy KuoMarc SeinfeldJeff Williams
    • G06F21/00G06F17/00
    • H04L63/145G06F21/564
    • Various principles for maintaining a shared repository of authorization scanning results, which may be populated with results of authorization scans of particular files (and other content units) as well as a signature for those particular files. When a particular file is to be scanned by a client computing device to determine whether it contains unauthorized software, a signature for the file may be calculated and provided to the shared repository. If the repository has a result for that file—as indicated by a signature for the file being present in the repository—the result in the repository may be provided to the client computing device that issued the query, and the client computing device may accept the answer in the shared repository. If the result is not in the repository (i.e., the file has not been scanned), then the file may be scanned, and a result may be placed in the repository.
    • 用于维护授权扫描结果的共享存储库的各种原则,其可以用特定文件(和其他内容单元)的授权扫描结果以及这些特定文件的签名来填充。 当客户端计算设备扫描特定文件以确定其是否包含未授权的软件时,可以计算文件的签名并将其提供给共享存储库。 如果存储库具有该文件的结果(如存储在存储库中的文件的签名所示),则存储库中的结果可以被提供给发出查询的客户端计算设备,并且客户端计算设备可以接受 在共享存储库中回答。 如果结果不在存储库中(即文件未被扫描),则可以扫描该文件,并将结果放置在存储库中。
    • 8. 发明授权
    • System and method for partitioned distributed scanning of a large dataset for viruses and other malware
    • 用于病毒和其他恶意软件的大型数据集的分区扫描的系统和方法
    • US06748534B1
    • 2004-06-08
    • US09540849
    • 2000-03-31
    • Dmitry O. GryaznovChengi Jimmy Kuo
    • Dmitry O. GryaznovChengi Jimmy Kuo
    • G06F1130
    • H04L63/14G06F21/564G06F21/567
    • A system and a method for performing partitioned scanning of a dataset for malware in a distributed computing environment is disclosed. A dataset is maintained in a plurality of structured databases in the distributed computing environment. Each database stores a plurality of data item groups which each include a plurality of individual data items. Each such data item is uniquely identified within the dataset by a data item identifier. A set of indices is stored in a centralized database. The set of indices includes a list of scanned data item identifiers for each data item within the dataset scanned for malware and a list of last entry numbers for each data item group stored in each database. Each last entry number corresponds to one such data item within the data item group last scanned for malware. A plurality of malware scanners are executed in substantial concurrency. For each malware scanner, one such database and each such data item group within the selected database having data items not appearing in the list of last entry numbers are selected. Each such data item having a data item identifier not appearing in the list of scanned data item identifiers is obtained. Each such obtained data item is scanned for malware.
    • 公开了一种用于在分布式计算环境中执行用于恶意软件的数据集的分区扫描的系统和方法。 数据集被保存在分布式计算环境中的多个结构化数据库中。 每个数据库存储多个数据项目组,每个数据项目组包括多个单独的数据项。 每个这样的数据项在数据集中由数据项标识符唯一地标识。 一组索引存储在集中式数据库中。 该组索引包括扫描的恶意软件的数据集中的每个数据项的扫描数据项标识符的列表以及存储在每个数据库中的每个数据项组的最后一个条目号的列表。 每个最后一个条目号码对应于上一次扫描的恶意软件的数据项目组中的一个这样的数据项。 多个恶意软件扫描器以大量并发执行。 对于每个恶意软件扫描器,选择一个这样的数据库和所选择的数据库中的每个这样的数据项组,其中没有出现在最后条目列表中的数据项。 获得具有不出现在扫描数据项标识符的列表中的数据项标识符的每个这样的数据项。 每个这样获得的数据项被扫描恶意软件。