专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20070180529A1 Bypassing software services to detect malware 有权
标题翻译：绕过软件服务来检测恶意软件
公开(公告)号：US20070180529A1
公开(公告)日：2007-08-02
申请号：US11344360
申请日：2006-01-30
申请人： Mihai Costea , Yun Lin
发明人： Mihai Costea , Yun Lin
IPC分类号： G06F12/14
CPC分类号： G06F21/567
摘要： A method, apparatus, and computer readable medium are provided by aspects of the present invention to determine whether a malware is resident on a host computer. In one embodiment, a method determines whether data that is characteristic of malware is loaded in the system memory of a host computer. More specifically, the method includes causing a device communicatively connected to a host computer to issue a request to obtain data loaded in the system memory. Then, when the requested data is received, a determination is made regarding whether the data is characteristic of malware. Since, the method causes data to be obtained directly from system memory without relying on software services on the host computer, malware that employs certain stealth techniques will be identified.
摘要翻译：通过本发明的方面提供方法，装置和计算机可读介质，以确定恶意软件是否驻留在主计算机上。在一个实施例中，一种方法确定是否将具有恶意软件特征的数据加载到主计算机的系统存储器中。更具体地，该方法包括使通信地连接到主计算机的设备发出获取加载到系统存储器中的数据的请求。然后，当接收到所请求的数据时，确定数据是否是恶意软件的特征。由于该方法可以直接从系统内存中获取数据，而不依赖主机上的软件服务，因此会识别采用某些隐身技术的恶意软件。

2. 发明授权

US07757290B2 Bypassing software services to detect malware 有权
标题翻译：绕过软件服务来检测恶意软件
公开(公告)号：US07757290B2
公开(公告)日：2010-07-13
申请号：US11344360
申请日：2006-01-30
申请人： Mihai Costea , Yun Lin
发明人： Mihai Costea , Yun Lin
IPC分类号： G06F17/00 , G06F12/14 , G06F12/16 , G08B23/00
CPC分类号： G06F21/567
摘要： A method, apparatus, and computer readable medium are provided by aspects of the present invention to determine whether a malware is resident on a host computer. In one embodiment, a method determines whether data that is characteristic of malware is loaded in the system memory of a host computer. More specifically, the method includes causing a device communicatively connected to a host computer to issue a request to obtain data loaded in the system memory. Then, when the requested data is received, a determination is made regarding whether the data is characteristic of malware. Since, the method causes data to be obtained directly from system memory without relying on software services on the host computer, malware that employs certain stealth techniques will be identified.
摘要翻译：通过本发明的方面提供方法，装置和计算机可读介质，以确定恶意软件是否驻留在主计算机上。在一个实施例中，一种方法确定是否将具有恶意软件特征的数据加载到主计算机的系统存储器中。更具体地，该方法包括使通信地连接到主计算机的设备发出获取加载到系统存储器中的数据的请求。然后，当接收到所请求的数据时，确定数据是否是恶意软件的特性。由于该方法可以直接从系统内存中获取数据，而不依赖主机上的软件服务，因此会识别采用某些隐身技术的恶意软件。

3. 发明授权

US07571482B2 Automated rootkit detector 有权
标题翻译：自动Rootkit检测器
公开(公告)号：US07571482B2
公开(公告)日：2009-08-04
申请号：US11170792
申请日：2005-06-28
申请人： Alexey A. Polyakov , Gretchen L. Loihle , Mihai Costea , Robert J. Hensing, Jr. , Scott A. Field , Vincent R. Orgovan , Yi-Min Wang , Yun Lin
发明人： Alexey A. Polyakov , Gretchen L. Loihle , Mihai Costea , Robert J. Hensing, Jr. , Scott A. Field , Vincent R. Orgovan , Yi-Min Wang , Yun Lin
IPC分类号： G06F12/14 , G06F11/00
CPC分类号： G06F21/566
摘要： Embodiments of a RootKit detector are directed to identifying a RootKit on a computer that is designed to conceal malware. Aspects of the RootKit detector leverage services provided by kernel debugger facilities to automatically obtain data in specified data structures that are maintained by an operating system. Then the data obtained from the kernel debugger facilities is processed with an integrity checker that determines whether the data contains properties sufficient to declare that a RootKit is resident on the computer.
摘要翻译： RootKit检测器的实施例旨在识别被设计为隐藏恶意软件的计算机上的RootKit。 RootKit检测器的各个方面利用内核调试工具提供的服务来自动获取由操作系统维护的指定数据结构中的数据。然后，使用完整性检查器处理从内核调试器设备获取的数据，该检查器确定数据是否包含足以声明RootKit驻留在计算机上的属性。

4. 发明申请

US20060294592A1 Automated rootkit detector 有权
公开(公告)号：US20060294592A1
公开(公告)日：2006-12-28
申请号：US11170792
申请日：2005-06-28
申请人： Alexey Polyakov , Gretchen Loihle , Mihai Costea , Robert Hensing , Scott Field , Vincent Orgovan , Yi-Min Wang , Yun Lin
发明人： Alexey Polyakov , Gretchen Loihle , Mihai Costea , Robert Hensing , Scott Field , Vincent Orgovan , Yi-Min Wang , Yun Lin
IPC分类号： G06F12/14
CPC分类号： G06F21/566
摘要： Embodiments of a RootKit detector are directed to identifying a RootKit on a computer that is designed to conceal malware. Aspects of the RootKit detector leverage services provided by kernel debugger facilities to automatically obtain data in specified data structures that are maintained by an operating system. Then the data obtained from the kernel debugger facilities is processed with an integrity checker that determines whether the data contains properties sufficient to declare that a RootKit is resident on the computer.

5. 发明申请

US20130086180A1 Message Classification and Management 有权
标题翻译：消息分类与管理
公开(公告)号：US20130086180A1
公开(公告)日：2013-04-04
申请号：US13250664
申请日：2011-09-30
申请人： Paul M. Midgen , Vasantha K. Vemula , Krishna Vitaldevara , Jason D. Walter , Eliot C. Gillum , Mihai Costea , Douglas J. Hines , Wei Jiang , Malcolm H. Davis , Samuel J. L. Albert , Michael James Ahiakpor
发明人： Paul M. Midgen , Vasantha K. Vemula , Krishna Vitaldevara , Jason D. Walter , Eliot C. Gillum , Mihai Costea , Douglas J. Hines , Wei Jiang , Malcolm H. Davis , Samuel J. L. Albert , Michael James Ahiakpor
IPC分类号： G06F15/16
CPC分类号： H04L51/22 , G06F3/0482 , G06F3/04842 , G06F17/30601 , G06F17/30707 , G06Q10/107 , H04L51/14
摘要： Message management and classification techniques are described. In one or more implementations, a message received from a sender for delivery via a user account is examined to extract one or more features of the message. A determination is then made as to whether the message corresponds to one or more categories based on the extracted features, the categories usable to enable features to be applied to the message in a user interface.
摘要翻译：描述消息管理和分类技术。在一个或多个实现中，检查从发送者接收的用于经由用户帐户递送的消息以提取消息的一个或多个特征。然后，基于所提取的特征，确定消息是否对应于一个或多个类别，可用于使特征能够应用于用户界面中的消息的类别。

6. 发明授权

US08028026B2 Perimeter message filtering with extracted user-specific preferences 有权
标题翻译：提取用户特定偏好的周边消息过滤
公开(公告)号：US08028026B2
公开(公告)日：2011-09-27
申请号：US11421367
申请日：2006-05-31
申请人： Chandresh K. Jain , Malcolm E. Pearson , Nathan F. Waddoups , Mihai Costea , Eric D. Tribble
发明人： Chandresh K. Jain , Malcolm E. Pearson , Nathan F. Waddoups , Mihai Costea , Eric D. Tribble
IPC分类号： G06F15/16
CPC分类号： G06Q10/107 , H04L51/12 , H04L63/0227 , H04L67/306
摘要： Propagating messaging preferences of one or more users from a recipient mailbox to a perimeter network administering e-mail content blocking and routing. A content filtering application located outside a trusted network receives messaging preferences information from within the trusted network regarding the mail recipients. This messaging preferences information may be utilized to allow certain pre-authorized messages from particular senders to bypass content filtering. Moreover, the messaging preferences information may be hashed to further protect the information on the perimeter network and to speed in review and comparison of the messaging preferences information. In addition, other types of user-specific information may be propagated to the perimeter network for use with other applications other than messaging.
摘要翻译：将一个或多个用户的邮件偏好从收件人邮箱传播到管理电子邮件内容阻止和路由的外部网络。位于可信网络之外的内容过滤应用从可信网络内接收关于邮件接收者的消息收发偏好信息。可以利用该消息收发偏好信息来允许来自特定发送者的某些预授权消息来绕过内容过滤。此外，消息收发偏好信息可以被散列以进一步保护外围网络上的信息，并且加速审查和比较消息收发偏好信息。此外，可以将其他类型的用户特定信息传播到周边网络以与除消息传送之外的其他应用一起使用。

7. 发明申请

US20110173272A1 FILTERING OF ELECTONIC MAIL MESSAGES DESTINED FOR AN INTERNAL NETWORK 有权
标题翻译：针对内部网络过滤电子邮件消息
公开(公告)号：US20110173272A1
公开(公告)日：2011-07-14
申请号：US12687259
申请日：2010-01-14
申请人： Mayerber L. Carvalho Neto , Chandresh K. Jain , Mayank Mehta , Mihai Costea
发明人： Mayerber L. Carvalho Neto , Chandresh K. Jain , Mayank Mehta , Mihai Costea
IPC分类号： G06F15/16
CPC分类号： G06Q10/107
摘要： A perimeter network may be utilized to filter electronic mail messages destined for an internal network. A computer may be utilized to monitor an electronic mail mailbox for changes to a safe recipients list and/or a blocked senders list. The computer may further be utilized to automatically copy the safe recipients list and/or the blocked senders list to a network directory in the internal network. The computer may further be utilized to automatically send the safe recipients list and/or the blocked senders list to a network directory in the perimeter network for utilization by one or more agents executing on a computer in the perimeter network. The one or more agents may be configured to utilize the safe recipients list and/or the blocked senders list to filter electronic mail messages received by the perimeter network which are destined for delivery to the internal network.
摘要翻译：外围网络可以用于过滤去往内部网络的电子邮件消息。可以使用计算机来监视电子邮箱，以改变安全的收件人列表和/或阻止的发件人列表。该计算机还可用于将安全接收者列表和/或被阻止的发送者列表自动复制到内部网络中的网络目录。该计算机还可被用于将安全接收者列表和/或被阻止的发送者列表自动发送到外围网络中的网络目录，以供在周边网络中的计算机上执行的一个或多个代理人使用。一个或多个代理可以被配置为利用安全收件人列表和/或被阻止的发件人列表来过滤由外部网络接收的电子邮件消息，这些邮件消息旨在传送到内部网络。

8. 发明授权

US07861296B2 System and method for efficiently scanning a file for malware 有权
标题翻译：用于高效扫描恶意软件文件的系统和方法
公开(公告)号：US07861296B2
公开(公告)日：2010-12-28
申请号：US11154267
申请日：2005-06-16
申请人： Mihai Costea , Adrian Bivol , Adrian M. Marinescu , Anil Francis Thomas , Cenk Ergan , David Goebel , George C. Chicioreanu , Marius Gheorghe Gheorghescu , Michael R. Fortin
发明人： Mihai Costea , Adrian Bivol , Adrian M. Marinescu , Anil Francis Thomas , Cenk Ergan , David Goebel , George C. Chicioreanu , Marius Gheorghe Gheorghescu , Michael R. Fortin
IPC分类号： G06F11/00
CPC分类号： G06F21/51 , G06F21/566
摘要： The present invention is directed toward a system, method, and a computer-readable medium for efficiently loading data into memory in order to scan the data for malware. The logic provided in the present invention improves the experience of a user when operating a computer protected with antivirus software. One aspect of the present invention is a method that identifies a pattern in which data in a file is loaded into memory from a computer-readable medium. Then the method identifies a pattern in which data in the file may be loaded into memory in a way that minimizes the time required to read data in the file. When a subsequent scan of the file is scheduled to occur, the method causes data in the file to be loaded in memory using the pattern that minimizes the time required to read data in the file.
摘要翻译：本发明涉及一种用于将数据有效地加载到存储器中以便扫描恶意软件的数据的系统，方法和计算机可读介质。本发明提供的逻辑提高了用户在操作受防病毒软件保护的计算机时的体验。本发明的一个方面是从计算机可读介质中识别文件中的数据被加载到存储器中的模式的方法。然后，该方法识别可以以最小化在文件中读取数据所需的时间的方式将文件中的数据加载到存储器中的模式。当调度文件的后续扫描时，该方法会使文件中的数据使用最小化文件中读取数据所需的时间的模式加载到内存中。

9. 发明授权

US07689795B2 Smart card with volatile memory file subsystem 有权
标题翻译：智能卡带有易失性存储器文件子系统
公开(公告)号：US07689795B2
公开(公告)日：2010-03-30
申请号：US11095203
申请日：2005-03-31
申请人： Vinay Deo , Mihai Costea , Mahesh Sharad Lotlikar , Tak Chung Lung , David Milstein , Gilad Odinak
发明人： Vinay Deo , Mihai Costea , Mahesh Sharad Lotlikar , Tak Chung Lung , David Milstein , Gilad Odinak
IPC分类号： G06F13/00
CPC分类号： G07F7/1008 , G06F17/30067 , G06Q20/341 , G06Q20/3576 , Y10S707/99956
摘要： An integrated circuit (IC) module allows volatile data generated by applications to be stored within volatile data files in the volatile memory. A file system tracks the location of all data files as residing in either volatile memory or nonvolatile memory and facilitates access to the volatile data files in volatile memory in a similar manner to accessing nonvolatile data files in nonvolatile memory. The file system exposes a set of application program interfaces (APIs) to allow applications to access the data files. The same APIs are used to access both volatile data files and nonvolatile data files. When an application requests access to a data file, the file system initially determines whether the application is authorized to gain access to the data file. If it is, the file system next determines whether the data file resides in volatile memory or nonvolatile memory. Once the memory region is identified, the file system identifies the physical location of the data file.
摘要翻译：集成电路（IC）模块允许由应用产生的易失性数据存储在易失性存储器中的易失性数据文件中。文件系统跟踪驻留在易失性存储器或非易失性存储器中的所有数据文件的位置，并且以与在非易失性存储器中访问非易失性数据文件相似的方式便于访问易失性存储器中的易失性数据文件。文件系统公开了一组应用程序接口（API），以允许应用程序访问数据文件。使用相同的API来访问易失性数据文件和非易失性数据文件。当应用程序请求访问数据文件时，文件系统最初确定应用程序是否被授权访问数据文件。如果是，则文件系统接下来确定数据文件是驻留在易失性存储器还是非易失性存储器中。一旦存储区域被识别，文件系统就会识别数据文件的物理位置。

10. 发明申请

US20080313285A1 POST TRANSIT SPAM FILTERING 审中-公开
标题翻译：过帐垃圾邮件过滤
公开(公告)号：US20080313285A1
公开(公告)日：2008-12-18
申请号：US11763256
申请日：2007-06-14
申请人： Mihai Costea
发明人： Mihai Costea
IPC分类号： G06F15/16
CPC分类号： G06Q10/107 , G06F21/55 , G06F2221/2101 , H04L51/12 , H04L63/0227
摘要： A system filters for electronic messages received from recently identified sources of unsolicited spam. A database comprises information regarding electronic messages that were previously received. The information may comprise an identification of the source of the electronic message. A server is programmed to identify sources of unsolicited electronic messages and search the database for electronic messages previously received from the identified source. The server is programmed to attempt to remove the previously received electronic messages originating from the identified source of spam from users' electronic message boxes prior to being viewed by the intended recipients.
摘要翻译：系统过滤从最近确定的未经请求的垃圾邮件来源收到的电子信息。数据库包括关于先前接收的电子消息的信息。信息可以包括电子消息的来源的标识。服务器被编程为识别未经请求的电子消息的来源，并且搜索数据库中先前从所识别的源接收到的电子消息。服务器被编程为在预期的接收者被查看之前尝试从用户的电子消息盒中去除先前接收到的来自所识别的垃圾邮件源的电子消息。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式