专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US09491078B2 Identification and classification of web traffic inside encrypted network tunnels 有权
公开(公告)号：US09491078B2
公开(公告)日：2016-11-08
申请号：US14752139
申请日：2015-06-26
申请人： INTERNATIONAL BUSINESS MACHINES CORPORATION
发明人： Mihai Christodorescu , Xin Hu , Douglas L. Schales , Reiner Sailer , Marc Ph. Stoecklin , Ting Wang , Andrew M. White
IPC分类号： H04L12/26 , G06N5/02 , H04L29/06 , G06N5/00 , G06N99/00 , H04L12/24
CPC分类号： G06N5/04 , G06N5/003 , G06N5/022 , G06N99/005 , H04L41/142 , H04L41/147 , H04L41/16 , H04L43/04 , H04L43/0876 , H04L63/029 , H04L63/1408 , H04L67/02
摘要： The present principles are directed to identifying and classifying web traffic inside encrypted network tunnels. A method includes analyzing network traffic of unencrypted data packets to detect packet traffic, timing, and size patterns. The detected packet, timing, and size traffic patterns are correlated to at least a packet destination and a packet source of the unencrypted data packets to create at least one of a training corpus and a model built from the training corpus. The at least one of the corpus and model is stored in a memory device. Packet traffic, timing, and size patterns of encrypted data packets are observed. The observed packet traffic, timing, and size patterns of the encrypted data packets are compared to at least one of the training corpus and the model to classify the encrypted data packets with respect to at least one of a predicted network host and predicted path information.

2. 发明申请

US20140351226A1 Distributed Feature Collection and Correlation Engine 有权
标题翻译：分布式功能集合和相关引擎
公开(公告)号：US20140351226A1
公开(公告)日：2014-11-27
申请号：US13899784
申请日：2013-05-22
申请人： International Business Machines Corporation
发明人： Mihai Christodorescu , Xin Hu , Douglas Lee Schales , Reiner Sailer , Marc P. Stoecklin , Ting Wang
IPC分类号： G06F17/30
CPC分类号： G06F17/30489 , G06F17/30477
摘要： A distributed feature collection and correlation engine is provided, Feature extraction comprises obtaining one or more data records; extracting information from the one or more data records based on domain knowledge; transforming the extracted information into a key/value pair comprised of a key K and a value V, wherein the key comprises a feature identifier; and storing the key/value pair in a feature store database if the key/value pair does not already exist in the feature store database using a de-duplication mechanism. Features extracted from data records can be queried by obtaining a feature store database comprised of the extracted features stored as a key/value pair comprised of a key K and a value V, wherein the key comprises a feature identifier; receiving a query comprised of at least one query key; retrieving values from the feature store database that match the query key; and returning one or more retrieved key/value pairs.
摘要翻译：提供分布式特征收集和相关引擎，特征提取包括获得一个或多个数据记录; 基于域知识从一个或多个数据记录中提取信息; 将提取的信息变换成由密钥K和值V组成的密钥/值对，其中密钥包括特征标识符; 并且如果密钥/值对在使用重复数据删除机制的特征存储数据库中不存在，则将密钥/值对存储在特征库数据库中。从数据记录提取的特征可以通过获得由存储为由密钥K和值V组成的密钥/值对的提取特征组成的特征存储数据库进行查询，其中密钥包括特征标识符; 接收包括至少一个查询密钥的查询; 从特征库数据库检索与查询关键字匹配的值; 并返回一个或多个检索的键/值对。

3. 发明授权

US11533325B2 Automatic categorization of IDPS signatures from multiple different IDPS systems 有权
公开(公告)号：US11533325B2
公开(公告)日：2022-12-20
申请号：US17167330
申请日：2021-02-04
申请人： International Business Machines Corporation
发明人： Xin Hu , Jiyong Jang , Douglas Lee Schales , Marc Philippe Stoecklin , Ting Wang
IPC分类号： G06F21/00 , H04L9/40 , G06N20/00 , G06F16/28 , G06F16/901
摘要： Unknown and reference signatures are accessed. The unknown and reference signatures indicate patterns that correspond to known threats to resources (such as computer systems and/or computer networks) in a computer environment and comprise a multitude of descriptive elements having information describing different aspects of a corresponding signature. A set of similarity measures is created of the unknown and reference signatures from different perspectives, each perspective corresponding to a descriptive element. The set of similarity measures are integrated to generate an overall similarity metric. The overall similarity metric is used to find appropriate categories in the reference signatures into which the unknown signatures should be placed. The unknown signatures are placed into the appropriate categories to create a mapping from the unknown signatures to the reference signatures. The mapping is output for use by an IDPS for determining whether a threat has occurred to the resources in the computer environment.

4. 发明授权

US11362810B2 Method and system for rateless and pollution-attack-resilient network coding 有权
公开(公告)号：US11362810B2
公开(公告)日：2022-06-14
申请号：US16585835
申请日：2019-09-27
申请人： International Business Machines Corporation
发明人： Xin Hu , Wentao Huang , Jiyong Jang , Theodoros Salonidis , Marc Ph Stoecklin , Ting Wang
IPC分类号： H04L29/00 , H04L9/06 , H04L9/08 , H04L9/40
摘要： An encoder including a computer readable storage medium storing program instructions, and a processor executing the program instructions, the processor configured to construct an encoded message using a message and a random element, construct a hash using a shared secret, and transmit the encoded message and the hash to a destination, through a network.

5. 发明授权

US10652217B2 Method and system for rateless and pollution-attack-resilient network coding including decoder(s) 有权
公开(公告)号：US10652217B2
公开(公告)日：2020-05-12
申请号：US15141082
申请日：2016-04-28
申请人： International Business Machines Corporation
发明人： Xin Hu , Wentao Huang , Jiyong Jang , Theodoros Salonidis , Marc Ph Stoecklin , Ting Wang
IPC分类号： G06F15/173 , H04L29/06 , H04L12/931 , H04L12/741 , H04L1/00 , H04L9/32
摘要： A decoder deployed in one or more terminals, includes a computer readable storage medium storing program instructions, and a processor executing the program instructions, the processor configured to receiving a noisy message and a noisy hash from the network, searching for a pair of matching candidates for the hash and message from two row spaces of noisy message vectors using a shared secret with an encoder, and outputting, by the decoder, a decoded message if the searching is successful.

6. 发明授权

US10484171B2 Method for efficient and practical key distribution in network coding systems 有权
公开(公告)号：US10484171B2
公开(公告)日：2019-11-19
申请号：US15185743
申请日：2016-06-17
申请人： International Business Machines Corporation
发明人： Xin Hu , Wentao Huang , Jiyong Jang , Theodoros Salonidis , Marc Ph Stoecklin , Ting Wang
IPC分类号： G06F21/00 , H04L29/06 , H04L9/08 , H04L9/30
摘要： An encoder including a computer readable storage medium storing program instructions, and a processor executing the program instructions, the processor configured to generate a k-bit key, where k is a positive integer, estimate an upper bound of a number of eavesdropped links, encode each bit of the k-bit key using a random matrix of a selected rank, and transmit the encoded k-bit key through a network that performs linear operations on packets.

7. 发明授权

US10362044B2 Identifying command and control endpoint used by domain generation algorithm (DGA) malware 有权
公开(公告)号：US10362044B2
公开(公告)日：2019-07-23
申请号：US15671218
申请日：2017-08-08
申请人： International Business Machines Corporation
发明人： Xin Hu , Jiyong Jang , Douglas Lee Schales , Marc Philippe Stoecklin , Ting Wang
IPC分类号： H04L29/06 , G06F21/56 , G06F21/55 , G06F21/57
摘要： A command endpoint used by Domain Generation Algorithm (DGA) malware is identified using machine learning-based clustering. According to this technique, at least one attribute associated with a candidate resolved DNS name is identified. The candidate resolved DNS name has associated therewith a set of names that are failed DNS lookups but that cluster with the candidate resolved DNS name. A set of additional names that share the at least one attribute with the candidate resolved DNS name are then identified. For the set of additional names, an extent to which the set of additional names also clusters with the set of names that are failed DNS lookups is then determined. The candidate resolved DNS name is characterized as associated with the command endpoint when the set of additional names cluster with the set of names that are failed DNS lookups to a configurable degree.

8. 发明申请

US20190052650A1 Identifying command and control endpoint used by domain generation algorithm (DGA) malware 审中-公开
公开(公告)号：US20190052650A1
公开(公告)日：2019-02-14
申请号：US15671218
申请日：2017-08-08
申请人： International Business Machines Corporation
发明人： Xin Hu , Jiyong Jang , Douglas Lee Schales , Marc Philippe Stoecklin , Ting Wang
IPC分类号： H04L29/06 , G06F21/56 , G06F21/55
CPC分类号： H04L63/1408 , G06F21/55 , G06F21/552 , G06F21/566 , G06F21/577 , H04L61/1511 , H04L63/1416 , H04L63/1425 , H04L63/1433 , H04L63/145
摘要： A command endpoint used by Domain Generation Algorithm (DGA) malware is identified using machine learning-based clustering. According to this technique, at least one attribute associated with a candidate resolved DNS name is identified. The candidate resolved DNS name has associated therewith a set of names that are failed DNS lookups but that cluster with the candidate resolved DNS name. A set of additional names that share the at least one attribute with the candidate resolved DNS name are then identified. For the set of additional names, an extent to which the set of additional names also clusters with the set of names that are failed DNS lookups is then determined. The candidate resolved DNS name is characterized as associated with the command endpoint when the set of additional names cluster with the set of names that are failed DNS lookups to a configurable degree.

9. 发明申请

US20170054749A1 DETECTING WEB EXPLOIT KITS BY TREE-BASED STRUCTURAL SIMILARITY SEARCH 审中-公开
标题翻译：通过基于树的结构类似搜索来检测WEB开发工具
公开(公告)号：US20170054749A1
公开(公告)日：2017-02-23
申请号：US15344791
申请日：2016-11-07
申请人： International Business Machines Corporation
发明人： Xin Hu , Jiyong Jang , Fabian Monrose , Marc Philippe Stoecklin , Teryl Taylor , Ting Wang
IPC分类号： H04L29/06 , G06F17/30 , H04L29/08
CPC分类号： H04L63/1425 , G06F16/2246 , G06F16/245 , G06F16/285 , H04L63/1466 , H04L63/1491 , H04L63/168 , H04L67/02
摘要： A method includes receiving, at an input port of a computer, indication of HTTP (Hypertext Transfer Protocol) traffic and clustering, using a processor on the computer, the HTTP traffic according to a client IP (Internet Protocol) into a web session tree. A client tree structure of the web session tree is generated and the client tree structure is compared with tree structures of exploit kit samples
摘要翻译：一种方法包括：在计算机的输入端口处，使用计算机上的处理器将根据客户端IP（因特网协议）的HTTP流量的HTTP（超文本传输协议）业务和聚类的指示接收到web会话树中。生成Web会话树的客户端树结构，并将客户机树结构与开发套件样本的树结构进行比较

10. 发明申请

US20160261626A1 IDENTIFYING MALICIOUS WEB INFRASTRUCTURES 有权
标题翻译：识别恶意网络基础设施
公开(公告)号：US20160261626A1
公开(公告)日：2016-09-08
申请号：US14640658
申请日：2015-03-06
申请人： International Business Machines Corporation
发明人： Xin Hu , Jiyong Jang , Ting Wang , Jialong Zhang
IPC分类号： H04L29/06
CPC分类号： H04L63/1441 , H04L45/00 , H04L63/101 , H04L63/145 , H04L63/1466 , H04L63/1475
摘要： Identifying malicious servers is provided. Malicious edges between server vertices corresponding to visible servers and invisible servers involved in network traffic redirection chains are determined based on determined graph-based features within a bipartite graph corresponding to invisible server vertices involved in the network traffic redirection chains and determined distance-based features corresponding to the invisible server vertices involved in the network traffic redirection chains. Malicious server vertices are identified in the bipartite graph based on the determined malicious edges between the server vertices corresponding to the visible servers and invisible servers involved in the network traffic redirection chains. Access by client devices is blocked to malicious servers corresponding to the identified malicious server vertices in the bipartite graph.
摘要翻译：提供恶意服务器的识别。基于对应于网络流量重定向链中涉及的不可见服务器顶点的二分图中基于确定的基于图的特征确定了与可见服务器相对应的服务器顶点和与网络流量重定向链中涉及的不可见服务器之间的恶意边缘以及所确定的基于距离的特征对应到网络流量重定向链中涉及的隐形服务器顶点。基于在可见服务器对应的服务器顶点和网络流量重定向链中涉及的不可见服务器之间确定的恶意边缘，在二分图中识别恶意服务器顶点。客户端设备的访问被阻止到对应于二分图中识别的恶意服务器顶点的恶意服务器。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式