专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08402539B1 Systems and methods for detecting malware 有权
标题翻译：用于检测恶意软件的系统和方法
公开(公告)号：US08402539B1
公开(公告)日：2013-03-19
申请号：US13227997
申请日：2011-09-08
申请人： Joseph Chen , Adam Glick , Jeffrey Wilhelm
发明人： Joseph Chen , Adam Glick , Jeffrey Wilhelm
IPC分类号： H04L29/06 , G06F15/16 , G06F11/30
CPC分类号： G06F21/566 , H04L63/1416
摘要： A method for detecting malware may include 1) receiving a request to determine whether a connection from a client device to a server is being blocked, 2) attempting to connect to the server from a kernel mode of the client device, 3) determining that the client device successfully connected to the server from the kernel mode, 4) attempting to connect to the server from a user mode of the client device, 5) determining that the client device did not successfully connect to the server from the user mode, 6) determining, based on the client device successfully connecting to the server from the kernel mode and failing to connect to the server from the user mode, that malware is blocking the connection from the client device to the server, and 7) in response to determining that the malware is blocking the connection, performing at least one security action.
摘要翻译：用于检测恶意软件的方法可以包括：1）接收确定从客户端设备到服务器的连接是否被阻止的请求，2）尝试从客户端设备的内核模式连接到服务器，3）客户端设备从内核模式成功连接到服务器，4）尝试从客户端设备的用户模式连接到服务器; 5）确定客户端设备没有从用户模式成功连接到服务器; 6）基于客户端设备从内核模式成功地连接到服务器并且未能从用户模式连接到服务器，该恶意软件阻止从客户端设备到服务器的连接，以及7）响应于确定恶意软件阻止连接，执行至少一个安全措施。

2. 发明授权

US09088604B1 Systems and methods for treating locally created files as trustworthy 有权
标题翻译：将本地创建的文件视为可靠的系统和方法
公开(公告)号：US09088604B1
公开(公告)日：2015-07-21
申请号：US13517537
申请日：2012-06-13
申请人： Joseph Chen , Jeffrey Wilhelm
发明人： Joseph Chen , Jeffrey Wilhelm
IPC分类号： H04L29/06 , G06F21/56
CPC分类号： H04L63/1433 , G06F21/562 , G06F21/566 , H04L63/12 , H04L63/1441
摘要： A computer-implemented method for treating locally created files as trustworthy may include identifying at least one file created on a computing system protected by a security system that determines whether files encountered by the computing system are trustworthy. The method may also include identifying a software application used to create the file on the computing system. The method may further include determining that the software application used to create the file on the computing system comprises a reputable software application used to create trustworthy files within a user community comprising users of computing systems protected by the security system. In addition, the method may include establishing a trustworthiness exception that causes the security system to treat the file as trustworthy on the computing system that created the file. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译：用于将本地创建的文件视为可信赖的计算机实现的方法可以包括识别在由安全系统保护的计算系统上创建的至少一个文件，其确定计算系统遇到的文件是否可信任。该方法还可以包括识别用于在计算系统上创建文件的软件应用。该方法还可以包括确定用于在计算系统上创建文件的软件应用程序包括用于在由安全系统保护的计算系统的用户的用户社区内创建可信赖的文件的信誉良好的软件应用。此外，该方法可以包括建立可信赖异常，其导致安全系统在创建该文件的计算系统上将该文件视为可信赖的。还公开了各种其它方法，系统和计算机可读介质。

3. 发明授权

US08627469B1 Systems and methods for using acquisitional contexts to prevent false-positive malware classifications 有权
标题翻译：使用获取性上下文来防止虚假的恶意软件分类的系统和方法
公开(公告)号：US08627469B1
公开(公告)日：2014-01-07
申请号：US13420492
申请日：2012-03-14
申请人： Joseph Chen , Jeffrey Wilhelm
发明人： Joseph Chen , Jeffrey Wilhelm
IPC分类号： G06F11/00
CPC分类号： G06F21/567 , H04L63/145
摘要： A method for using acquisitional contexts to prevent false-positive malware classifications. The method may include (1) receiving, from at least one client-side computing device within a community of users, contextual information associated with a file, (2) determining, based at least in part on the contextual information received from the client-side computing device, a reputation rating for the file, and (3) providing the reputation rating for the file to at least one additional client-side computing device within the community in order to prevent the additional client-side computing device from falsely classifying the file as untrustworthy due to acquiring an additional instance of the file via a context that is insufficient to determine that the additional instance of the file is trustworthy. Various other methods and systems are also disclosed.
摘要翻译：一种使用获取性上下文来防止假阳性恶意软件分类的方法。该方法可以包括（1）从用户社区内的至少一个客户端计算设备接收与文件相关联的上下文信息，（2）至少部分地基于从客户端接收的上下文信息来确定，侧面计算设备，文件的信誉评级，以及（3）向社区内的至少一个附加的客户端计算设备提供该文件的信誉评级，以防止附加的客户端计算设备被错误地分类由于通过不足以确定文件的附加实例是可信赖的上下文获取文件的附加实例，因此文件不可信。还公开了各种其它方法和系统。

4. 发明授权

US08127360B1 Method and apparatus for detecting leakage of sensitive information 有权
标题翻译：检测敏感信息泄漏的方法和装置
公开(公告)号：US08127360B1
公开(公告)日：2012-02-28
申请号：US11477231
申请日：2006-06-29
申请人： Jeffrey Wilhelm , Carey Nachenberg
发明人： Jeffrey Wilhelm , Carey Nachenberg
IPC分类号： H04L29/06
CPC分类号： G06F21/552
摘要： A method and apparatus for preventing leakage of sensitive information from a computer is described. The method includes identifying data entered into the computer system as sensitive data, tainting the sensitive data with at least one taint bit to form a tainted data, tracking the tainted data within the computer system and identifying at least one condition that compromises the security of the tainted data. The system is a computer system including taint analysis software for identifying data entered into the computer system as sensitive data, tainting the sensitive data with at least one taint bit to form a tainted data, tracking the tainted data within the computer system and identifying at least one condition that compromises the security of the tainted data.
摘要翻译：描述了一种用于防止敏感信息从计算机泄露的方法和装置。该方法包括将输入到计算机系统中的数据识别为敏感数据，用至少一个污染位污染敏感数据以形成污染数据，跟踪计算机系统内的污染数据，并且识别至少一种损害安全性的条件污染数据。该系统是包括污染分析软件的计算机系统，用于将输入到计算机系统中的数据识别为敏感数据，用至少一个污染位污染敏感数据以形成污染数据，跟踪计算机系统内的污染数据并至少识别损害数据的安全性的一个条件。

5. 发明授权

US09124472B1 Providing file information to a client responsive to a file download stability prediction 有权
标题翻译：响应于文件下载稳定性预测，向客户端提供文件信息
公开(公告)号：US09124472B1
公开(公告)日：2015-09-01
申请号：US13558177
申请日：2012-07-25
申请人： Scott Schneider , Jeffrey Wilhelm
发明人： Scott Schneider , Jeffrey Wilhelm
IPC分类号： G06F13/00 , H04L29/08
CPC分类号： H04L29/08072 , G06F21/567 , H04L63/1425 , H04L67/06
摘要： A client sends a file information request to a security server, where the file information request identifies a URL from which the client is attempting to download a file. Upon receiving the request, the security server determines the stability information of the identified URL and provides the requested file information for the file provided by the URL. The security server determines the stability information of a URL by analyzing the file identifiers and URLs identified in downloaded file reports received from multiple clients. The determination of the stability information of a URL may be based on a variety of factors, such as stability of a URL over time, a textual analysis of the URL, and the set of files provided by the URL. A user of the client can review the file information and decide whether to expend the resources to download the file.
摘要翻译：客户端向安全服务器发送文件信息请求，其中文件信息请求标识客户端尝试下载文件的URL。在接收到请求时，安全服务器确定所识别的URL的稳定性信息，并提供由URL提供的文件的所请求的文件信息。安全服务器通过分析从多个客户端接收的下载文件报告中识别的文件标识符和URL来确定URL的稳定性信息。 URL的稳定性信息的确定可以基于各种因素，例如URL随时间的稳定性，URL的文本分析以及由URL提供的文件集合。客户端的用户可以查看文件信息，并决定是否花费资源下载文件。

6. 发明授权

US08925088B1 Method and apparatus for automatically excluding false positives from detection as malware 有权
标题翻译：用于自动排除检测中的误报的恶意软件的方法和装置
公开(公告)号：US08925088B1
公开(公告)日：2014-12-30
申请号：US12534171
申请日：2009-08-03
申请人： Jeffrey Wilhelm , Abubakar Wawda
发明人： Jeffrey Wilhelm , Abubakar Wawda
IPC分类号： G06F12/14
CPC分类号： G06F21/561 , G06F21/552
摘要： A method and apparatus for automatically excluding false positives from detection as malware is described. In one embodiments, a method for using one or more processors to provide false positive reduction for heuristic-based malware detection of a plurality of files in memory includes accessing global first appearance information associated with a plurality of files, accessing global malware information comprising heuristics and an emergence date associated with each malware group of a plurality of malware groups, comparing the global malware information with the global first appearance information to identify at least one false positive amongst the plurality of files and preventing detection of the at least one false positive as malware.
摘要翻译：描述了用于自动排除检测中的误报的恶意软件的方法和装置。在一个实施例中，使用一个或多个处理器为存储器中的多个文件的基于启发式的恶意软件检测提供假阳性减少的方法包括访问与多个文件相关联的全局第一出现信息，访问包括启发式的全局恶意软件信息，与多个恶意软件组的每个恶意软件组相关联的出现日期，将全局恶意软件信息与全局第一外观信息进行比较，以识别多个文件中的至少一个假阳性，并防止将至少一个假阳性检测为恶意软件。

7. 发明授权

US08201254B1 Detection of e-mail threat acceleration 有权
标题翻译：检测电子邮件威胁加速
公开(公告)号：US08201254B1
公开(公告)日：2012-06-12
申请号：US11214631
申请日：2005-08-30
申请人： Jeffrey Wilhelm , Carey Nachenberg
发明人： Jeffrey Wilhelm , Carey Nachenberg
IPC分类号： G06F11/00
CPC分类号： H04L51/12 , H04L63/1416
摘要： A plurality of queuing components each monitor an incoming email stream, and identify incoming email messages with suspicious attachments. Each queuing component generates signatures of the suspicious attachments, and submits periodic reports to a correlation component. The reports list signatures and receipt times for suspicious attachments received since a last submitted report. The queuing component queues the suspicious attachments for a specified hold time, and further processes queued attachments based upon information concerning attachment acceleration rates received from the correlation component. The correlation component receives reports from the plurality of queuing components, and uses information in the submitted reports to maintain a system wide receipt history for each suspicious attachment. The correlation component uses the receipt histories to calculate receipt acceleration rates for suspicious attachments, which it provides to the queuing components, to be used to manage the queued attachments.
摘要翻译：多个排队组件各自监视传入的电子邮件流，并且识别具有可疑附件的传入电子邮件消息。每个排队组件生成可疑附件的签名，并向相关组件提交定期报告。报告列出自上次提交报告以来收到的可疑附件的签名和收据时间。排队组件将可疑附件排队指定的保留时间，并且基于从相关组件接收的关于附加加速率的信息进一步处理排队的附件。相关分量从多个排队组件接收报告，并使用所提交的报告中的信息来维护每个可疑附件的系统广泛的接收历史。相关组件使用收据历史来计算可用于管理排队的附件的可排除组件的可疑附件的接收加速率。

8. 发明授权

US08650214B1 Dynamic frame buster injection 失效
标题翻译：动态框架破碎机注射
公开(公告)号：US08650214B1
公开(公告)日：2014-02-11
申请号：US11121786
申请日：2005-05-03
申请人： Jeffrey Wilhelm
发明人： Jeffrey Wilhelm
IPC分类号： G06F7/00 , G06F17/30 , G06F17/00
CPC分类号： H04L63/1483 , G06F17/30867 , G06F17/30905 , G06F21/554 , H04L63/0245
摘要： A parsing module receives a web page from a network. The parsing module identifies a frame embedded within the intercepted web page. The parsing module identifies information regarding the embedded frame. A collection module collects the identified information regarding the embedded frame and maintains such information in an exclusion list stored in a memory module. A lookup module intercepts a web page from the network before the web page reaches the client. The lookup module identifies information regarding this web page and accesses the memory module to determine if the identified information is included in the exclusion list. If the identified information regarding the web page is not included in the exclusion list, a modification module modifies the web page such that the web page will not be loaded on the client within a frame.
摘要翻译：解析模块从网络接收网页。解析模块识别嵌入被拦截的网页内的帧。解析模块识别有关嵌入式帧的信息。收集模块收集关于嵌入帧的识别信息，并将这些信息保存在存储在存储器模块中的排除列表中。查找模块在网页到达客户端之前从网络拦截网页。查找模块识别关于该网页的信息并访问存储器模块以确定所识别的信息是否包括在排除列表中。如果关于网页的识别信息不包括在排除列表中，则修改模块修改网页，使得网页将不被加载到一个帧内的客户端上。

9. 发明授权

US08286241B1 Identifying legitimate content using user-agent-based white listing 有权
标题翻译：使用基于用户代理的白名单来识别合法内容
公开(公告)号：US08286241B1
公开(公告)日：2012-10-09
申请号：US12553010
申请日：2009-09-02
申请人： Matthew Yeo , Jeffrey Wilhelm
发明人： Matthew Yeo , Jeffrey Wilhelm
IPC分类号： H04L29/06
CPC分类号： H04L63/101 , H04L63/1416 , H04L63/168
摘要： Known legitimate applications are analyzed to establish a list of trusted user-agent strings used by the applications to download content from a network. Traffic interception modules connected to the network examine traffic exchanged between clients and servers on the network, recognize traffic associated with downloads of content from the network, and create content download descriptions describing the downloads. The content download descriptions are analyzed to identify content downloads using the trusted user-agent strings. Identifiers of the content downloaded using the trusted user-agent strings are added to a white list of legitimate content. Access to the white list is provided to clients and the clients use the white list to identify legitimate content.
摘要翻译：分析已知的合法应用以建立应用程序使用的可信用户代理字符串列表，以从网络下载内容。连接到网络的流量拦截模块检查客户端和网络上的服务器之间交换的流量，识别与从网络下载内容相关联的流量，并创建描述下载的内容下载描述。分析内容下载描述，以使用可信用户代理字符串来识别内容下载。使用受信任用户代理字符串下载的内容的标识符将添加到合法内容的白名单中。访问白名单提供给客户端，客户端使用白名单来识别合法内容。

10. 发明授权

US07624446B1 Efficient signature packing for an intrusion detection system 有权
标题翻译：入侵检测系统的高效签名打包
公开(公告)号：US07624446B1
公开(公告)日：2009-11-24
申请号：US11043649
申请日：2005-01-25
申请人： Jeffrey Wilhelm
发明人： Jeffrey Wilhelm
IPC分类号： G06F11/00
CPC分类号： H04L63/1416 , H04L63/1441
摘要： A flow assignment module identifies different network flows' characteristics and the characteristics of the signatures for the different network flows. Based on the identified characteristics, the flow assignment module assigns a network flow to a hash table among a small set of hash tables for storing signatures for that network flow. The flow assignment module assigns the network flow in such a way to minimize the likelihood that a signature for the network flow is hashed to a table entry that frequently occurs in a different network flow assigned to the same hash table. The flow assignment module identifies a hash table for the network flow where there is the least overlap between a signature for that network flow and a frequent byte in another network flow.
摘要翻译：流分配模块识别不同网络流的特征和不同网络流的签名特征。基于所识别的特征，流分配模块将网络流分配到用于存储该网络流的签名的一小组散列表中的散列表。流分配模块以这样一种方式分配网络流，以将网络流的签名散列到频繁发生在分配给相同散列表的不同网络流中的表条目的可能性最小化。流分配模块识别网络流的散列表，其中在该网络流的签名与另一网络流中的频繁字节之间存在最小重叠。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式