专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08402539B1 Systems and methods for detecting malware 有权
标题翻译：用于检测恶意软件的系统和方法
公开(公告)号：US08402539B1
公开(公告)日：2013-03-19
申请号：US13227997
申请日：2011-09-08
申请人： Joseph Chen , Adam Glick , Jeffrey Wilhelm
发明人： Joseph Chen , Adam Glick , Jeffrey Wilhelm
IPC分类号： H04L29/06 , G06F15/16 , G06F11/30
CPC分类号： G06F21/566 , H04L63/1416
摘要： A method for detecting malware may include 1) receiving a request to determine whether a connection from a client device to a server is being blocked, 2) attempting to connect to the server from a kernel mode of the client device, 3) determining that the client device successfully connected to the server from the kernel mode, 4) attempting to connect to the server from a user mode of the client device, 5) determining that the client device did not successfully connect to the server from the user mode, 6) determining, based on the client device successfully connecting to the server from the kernel mode and failing to connect to the server from the user mode, that malware is blocking the connection from the client device to the server, and 7) in response to determining that the malware is blocking the connection, performing at least one security action.
摘要翻译：用于检测恶意软件的方法可以包括：1）接收确定从客户端设备到服务器的连接是否被阻止的请求，2）尝试从客户端设备的内核模式连接到服务器，3）客户端设备从内核模式成功连接到服务器，4）尝试从客户端设备的用户模式连接到服务器; 5）确定客户端设备没有从用户模式成功连接到服务器; 6）基于客户端设备从内核模式成功地连接到服务器并且未能从用户模式连接到服务器，该恶意软件阻止从客户端设备到服务器的连接，以及7）响应于确定恶意软件阻止连接，执行至少一个安全措施。

2. 发明授权

US09088604B1 Systems and methods for treating locally created files as trustworthy 有权
标题翻译：将本地创建的文件视为可靠的系统和方法
公开(公告)号：US09088604B1
公开(公告)日：2015-07-21
申请号：US13517537
申请日：2012-06-13
申请人： Joseph Chen , Jeffrey Wilhelm
发明人： Joseph Chen , Jeffrey Wilhelm
IPC分类号： H04L29/06 , G06F21/56
CPC分类号： H04L63/1433 , G06F21/562 , G06F21/566 , H04L63/12 , H04L63/1441
摘要： A computer-implemented method for treating locally created files as trustworthy may include identifying at least one file created on a computing system protected by a security system that determines whether files encountered by the computing system are trustworthy. The method may also include identifying a software application used to create the file on the computing system. The method may further include determining that the software application used to create the file on the computing system comprises a reputable software application used to create trustworthy files within a user community comprising users of computing systems protected by the security system. In addition, the method may include establishing a trustworthiness exception that causes the security system to treat the file as trustworthy on the computing system that created the file. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译：用于将本地创建的文件视为可信赖的计算机实现的方法可以包括识别在由安全系统保护的计算系统上创建的至少一个文件，其确定计算系统遇到的文件是否可信任。该方法还可以包括识别用于在计算系统上创建文件的软件应用。该方法还可以包括确定用于在计算系统上创建文件的软件应用程序包括用于在由安全系统保护的计算系统的用户的用户社区内创建可信赖的文件的信誉良好的软件应用。此外，该方法可以包括建立可信赖异常，其导致安全系统在创建该文件的计算系统上将该文件视为可信赖的。还公开了各种其它方法，系统和计算机可读介质。

3. 发明授权

US08627469B1 Systems and methods for using acquisitional contexts to prevent false-positive malware classifications 有权
标题翻译：使用获取性上下文来防止虚假的恶意软件分类的系统和方法
公开(公告)号：US08627469B1
公开(公告)日：2014-01-07
申请号：US13420492
申请日：2012-03-14
申请人： Joseph Chen , Jeffrey Wilhelm
发明人： Joseph Chen , Jeffrey Wilhelm
IPC分类号： G06F11/00
CPC分类号： G06F21/567 , H04L63/145
摘要： A method for using acquisitional contexts to prevent false-positive malware classifications. The method may include (1) receiving, from at least one client-side computing device within a community of users, contextual information associated with a file, (2) determining, based at least in part on the contextual information received from the client-side computing device, a reputation rating for the file, and (3) providing the reputation rating for the file to at least one additional client-side computing device within the community in order to prevent the additional client-side computing device from falsely classifying the file as untrustworthy due to acquiring an additional instance of the file via a context that is insufficient to determine that the additional instance of the file is trustworthy. Various other methods and systems are also disclosed.
摘要翻译：一种使用获取性上下文来防止假阳性恶意软件分类的方法。该方法可以包括（1）从用户社区内的至少一个客户端计算设备接收与文件相关联的上下文信息，（2）至少部分地基于从客户端接收的上下文信息来确定，侧面计算设备，文件的信誉评级，以及（3）向社区内的至少一个附加的客户端计算设备提供该文件的信誉评级，以防止附加的客户端计算设备被错误地分类由于通过不足以确定文件的附加实例是可信赖的上下文获取文件的附加实例，因此文件不可信。还公开了各种其它方法和系统。

4. 发明授权

US08127360B1 Method and apparatus for detecting leakage of sensitive information 有权
标题翻译：检测敏感信息泄漏的方法和装置
公开(公告)号：US08127360B1
公开(公告)日：2012-02-28
申请号：US11477231
申请日：2006-06-29
申请人： Jeffrey Wilhelm , Carey Nachenberg
发明人： Jeffrey Wilhelm , Carey Nachenberg
IPC分类号： H04L29/06
CPC分类号： G06F21/552
摘要： A method and apparatus for preventing leakage of sensitive information from a computer is described. The method includes identifying data entered into the computer system as sensitive data, tainting the sensitive data with at least one taint bit to form a tainted data, tracking the tainted data within the computer system and identifying at least one condition that compromises the security of the tainted data. The system is a computer system including taint analysis software for identifying data entered into the computer system as sensitive data, tainting the sensitive data with at least one taint bit to form a tainted data, tracking the tainted data within the computer system and identifying at least one condition that compromises the security of the tainted data.
摘要翻译：描述了一种用于防止敏感信息从计算机泄露的方法和装置。该方法包括将输入到计算机系统中的数据识别为敏感数据，用至少一个污染位污染敏感数据以形成污染数据，跟踪计算机系统内的污染数据，并且识别至少一种损害安全性的条件污染数据。该系统是包括污染分析软件的计算机系统，用于将输入到计算机系统中的数据识别为敏感数据，用至少一个污染位污染敏感数据以形成污染数据，跟踪计算机系统内的污染数据并至少识别损害数据的安全性的一个条件。

5. 发明授权

US09124472B1 Providing file information to a client responsive to a file download stability prediction 有权
标题翻译：响应于文件下载稳定性预测，向客户端提供文件信息
公开(公告)号：US09124472B1
公开(公告)日：2015-09-01
申请号：US13558177
申请日：2012-07-25
申请人： Scott Schneider , Jeffrey Wilhelm
发明人： Scott Schneider , Jeffrey Wilhelm
IPC分类号： G06F13/00 , H04L29/08
CPC分类号： H04L29/08072 , G06F21/567 , H04L63/1425 , H04L67/06
摘要： A client sends a file information request to a security server, where the file information request identifies a URL from which the client is attempting to download a file. Upon receiving the request, the security server determines the stability information of the identified URL and provides the requested file information for the file provided by the URL. The security server determines the stability information of a URL by analyzing the file identifiers and URLs identified in downloaded file reports received from multiple clients. The determination of the stability information of a URL may be based on a variety of factors, such as stability of a URL over time, a textual analysis of the URL, and the set of files provided by the URL. A user of the client can review the file information and decide whether to expend the resources to download the file.
摘要翻译：客户端向安全服务器发送文件信息请求，其中文件信息请求标识客户端尝试下载文件的URL。在接收到请求时，安全服务器确定所识别的URL的稳定性信息，并提供由URL提供的文件的所请求的文件信息。安全服务器通过分析从多个客户端接收的下载文件报告中识别的文件标识符和URL来确定URL的稳定性信息。 URL的稳定性信息的确定可以基于各种因素，例如URL随时间的稳定性，URL的文本分析以及由URL提供的文件集合。客户端的用户可以查看文件信息，并决定是否花费资源下载文件。

6. 发明授权

US08925088B1 Method and apparatus for automatically excluding false positives from detection as malware 有权
标题翻译：用于自动排除检测中的误报的恶意软件的方法和装置
公开(公告)号：US08925088B1
公开(公告)日：2014-12-30
申请号：US12534171
申请日：2009-08-03
申请人： Jeffrey Wilhelm , Abubakar Wawda
发明人： Jeffrey Wilhelm , Abubakar Wawda
IPC分类号： G06F12/14
CPC分类号： G06F21/561 , G06F21/552
摘要： A method and apparatus for automatically excluding false positives from detection as malware is described. In one embodiments, a method for using one or more processors to provide false positive reduction for heuristic-based malware detection of a plurality of files in memory includes accessing global first appearance information associated with a plurality of files, accessing global malware information comprising heuristics and an emergence date associated with each malware group of a plurality of malware groups, comparing the global malware information with the global first appearance information to identify at least one false positive amongst the plurality of files and preventing detection of the at least one false positive as malware.
摘要翻译：描述了用于自动排除检测中的误报的恶意软件的方法和装置。在一个实施例中，使用一个或多个处理器为存储器中的多个文件的基于启发式的恶意软件检测提供假阳性减少的方法包括访问与多个文件相关联的全局第一出现信息，访问包括启发式的全局恶意软件信息，与多个恶意软件组的每个恶意软件组相关联的出现日期，将全局恶意软件信息与全局第一外观信息进行比较，以识别多个文件中的至少一个假阳性，并防止将至少一个假阳性检测为恶意软件。

7. 发明授权

US08201254B1 Detection of e-mail threat acceleration 有权
标题翻译：检测电子邮件威胁加速
公开(公告)号：US08201254B1
公开(公告)日：2012-06-12
申请号：US11214631
申请日：2005-08-30
申请人： Jeffrey Wilhelm , Carey Nachenberg
发明人： Jeffrey Wilhelm , Carey Nachenberg
IPC分类号： G06F11/00
CPC分类号： H04L51/12 , H04L63/1416
摘要： A plurality of queuing components each monitor an incoming email stream, and identify incoming email messages with suspicious attachments. Each queuing component generates signatures of the suspicious attachments, and submits periodic reports to a correlation component. The reports list signatures and receipt times for suspicious attachments received since a last submitted report. The queuing component queues the suspicious attachments for a specified hold time, and further processes queued attachments based upon information concerning attachment acceleration rates received from the correlation component. The correlation component receives reports from the plurality of queuing components, and uses information in the submitted reports to maintain a system wide receipt history for each suspicious attachment. The correlation component uses the receipt histories to calculate receipt acceleration rates for suspicious attachments, which it provides to the queuing components, to be used to manage the queued attachments.
摘要翻译：多个排队组件各自监视传入的电子邮件流，并且识别具有可疑附件的传入电子邮件消息。每个排队组件生成可疑附件的签名，并向相关组件提交定期报告。报告列出自上次提交报告以来收到的可疑附件的签名和收据时间。排队组件将可疑附件排队指定的保留时间，并且基于从相关组件接收的关于附加加速率的信息进一步处理排队的附件。相关分量从多个排队组件接收报告，并使用所提交的报告中的信息来维护每个可疑附件的系统广泛的接收历史。相关组件使用收据历史来计算可用于管理排队的附件的可排除组件的可疑附件的接收加速率。

8. 发明授权

US07739740B1 Detecting polymorphic threats 有权
标题翻译：检测多态性威胁
公开(公告)号：US07739740B1
公开(公告)日：2010-06-15
申请号：US11233195
申请日：2005-09-22
申请人： Carey Nachenberg , Jeffrey Wilhelm
发明人： Carey Nachenberg , Jeffrey Wilhelm
IPC分类号： G06F11/30 , G06F12/14 , G08B23/00
CPC分类号： G06F21/566
摘要： A polymorphic threat manager monitors an incoming email stream, and identifies incoming email messages to which executable files are attached. The polymorphic threat manager characterizes incoming executable files according to at least one metric. For example, the polymorphic threat manager can decompose an executable file into fragments, hash some or all of these, and use the hashes as characterization metrics. The polymorphic threat manager subsequently de-obfuscates executable files, and creates corresponding characterization metrics for the de-obfuscated images. The characterizations of executable files before and after de-obfuscation are compared, and if they differ sufficiently, the polymorphic threat manager determines that the file in question is polymorphic. The characterization metrics of such an executable file after de-obfuscation can be used as a signature for that file.
摘要翻译：多态威胁管理器监视传入的电子邮件流，并标识可执行文件所附加的传入电子邮件。多态威胁管理器根据至少一个度量来表征传入的可执行文件。例如，多态威胁管理器可以将可执行文件分解为片段，散列其中的一些或全部，并将哈希值用作特征度量。多态威胁管理器随后对可执行文件进行模糊处理，并为去混淆图像创建相应的表征度量。比较在去混淆之前和之后的可执行文件的特征，并且如果它们不同，则多态性威胁管理器确定所述文件是多态的。解除混淆后的这种可执行文件的表征度量可以用作该文件的签名。

9. 发明授权

US07721330B1 Utility computing firewall 有权
标题翻译：实用计算防火墙
公开(公告)号：US07721330B1
公开(公告)日：2010-05-18
申请号：US11199759
申请日：2005-08-08
申请人： Carey S. Nachenberg , Alfred C. Hartmann , Jeffrey Wilhelm , Frank Barajas
发明人： Carey S. Nachenberg , Alfred C. Hartmann , Jeffrey Wilhelm , Frank Barajas
IPC分类号： H04L9/32 , H04L9/00 , G06F7/04
CPC分类号： H04L63/0227
摘要： A firewall dynamically adapts to changes in a utility computing system. The utility computing system has multiple nodes that are dynamically provisioned in different roles. The different roles are best served by different security and/or Quality-of-Service (QoS) policies. The firewall selects and applies security and/or QoS policies to a node or group of nodes based on the roles provisioned to the node or group. The firewall detects when the provisioning of a node changes, and dynamically applies a new security and/or QoS policy to the node based on the new provisioning. The firewall thus provides adaptive network-level security and QoS functionality to a utility computing system.
摘要翻译：防火墙动态地适应公用事业计算系统的变化。实用计算系统具有以不同角色动态配置的多个节点。不同的角色最好由不同的安全和/或服务质量（QoS）策略来实现。防火墙根据提供给节点或组的角色，为节点或节点组选择并应用安全和/或QoS策略。防火墙检测节点的配置何时改变，并且基于新的配置动态地将新的安全和/或QoS策略应用于节点。因此，防火墙为公用事业计算系统提供了自适应的网络级安全性和QoS功能。

10. 发明授权

US07558796B1 Determining origins of queries for a database intrusion detection system 有权
标题翻译：确定数据库入侵检测系统查询的起源
公开(公告)号：US07558796B1
公开(公告)日：2009-07-07
申请号：US11133498
申请日：2005-05-19
申请人： Adam Bromwich , Jeffrey Wilhelm
发明人： Adam Bromwich , Jeffrey Wilhelm
IPC分类号： G06F17/30
CPC分类号： G06F17/30386 , G06F17/30368 , Y10S707/99936
摘要： A database intrusion detection system (DIDS) monitors database queries to detect anomalous queries that might by symptomatic of a code injection attack on the database. A proxy server intercepts HTTP messages from clients that contain query data used to generate database queries. The proxy server extracts the query data from a message and determines origin data describing the origin of the message, such as the IP address of the client that sent the message. The proxy server stores the query and origin data in a cache. Upon detecting an anomalous query, the DIDS extracts a portion of the query, such as the literals. The DIDS searches the cache to identify entries having query data that match the extracted portions of the query. The DIDS reports the origin data of the matching cache entries.
摘要翻译：数据库入侵检测系统（DIDS）监视数据库查询，以检测可能通过对数据库的代码注入攻击的症状的异常查询。代理服务器拦截来自客户端的HTTP消息，其中包含用于生成数据库查询的查询数据。代理服务器从消息中提取查询数据，并确定描述消息原点的原始数据，例如发送消息的客户端的IP地址。代理服务器将查询和源数据存储在缓存中。在检测到异常查询时，DIDS会提取查询的一部分，例如文字。 DIDS搜索缓存以识别具有与查询的提取部分匹配的查询数据的条目。 DIDS报告匹配的缓存条目的原始数据。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式