会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 5. 发明申请
    • IDENTIFYING APPLICATION REPUTATION BASED ON RESOURCE ACCESSES
    • 基于资源访问识别应用程序信誉
    • US20130042294A1
    • 2013-02-14
    • US13205136
    • 2011-08-08
    • Ryan Charles ColvinElliott Jeb HaberAmeya BhatawdekarAnthony P. Penta
    • Ryan Charles ColvinElliott Jeb HaberAmeya BhatawdekarAnthony P. Penta
    • G06F21/00G06F17/00G06F11/00
    • H04L63/10G06F21/53G06F21/6218G06F2221/2141H04L41/0893H04L63/145
    • Malware detection is often based on monitoring a local application binary and/or process, such as detecting patterns of malicious code, unusual local resource utilization, or suspicious application behavior. However, the volume of available software, variety of malware, and sophistication of evasion techniques may reduce the effectiveness of detection based on monitoring local resources. Presented herein are techniques for identifying malware based on the reputations of remote resources (e.g., web content, files, databases, IP addresses, services, and users) accessed by an application. Remote resource accesses may be reported to a reputation service, which may identify reputations of remote resources, and application reputations of applications that utilize such remote resources. These application reputations may be used to adjust the application policies of the applications executed by devices and servers. These techniques thereby achieve rapid detection and mitigation of newly identified malware through application telemetry in a predominantly automated manner.
    • 恶意软件检测通常基于监视本地应用程序二进制和/或进程,例如检测恶意代码的模式,异常的本地资源利用率或可疑应用程序行为。 然而,可用软件的数量,各种恶意软件和复杂的逃避技术可能会降低基于监视本地资源的检测的有效性。 这里提出的是基于由应用访问的远程资源(例如,web内容,文件,数据库,IP地址,服务和用户)的声誉来识别恶意软件的技术。 远程资源访问可以被报告给信誉服务,信誉服务可以识别远程资源的信誉,以及利用这种远程资源的应用程序的应用程序信誉。 这些应用程序信誉可以用于调整由设备和服务器执行的应用程序的应用程序策略。 这些技术从而通过主要以自动化的方式通过应用遥测来实现对新识别的恶意软件的快速检测和缓解。
    • 7. 发明授权
    • Identifying application reputation based on resource accesses
    • 基于资源访问识别应用程序信誉
    • US09065826B2
    • 2015-06-23
    • US13205136
    • 2011-08-08
    • Ryan Charles ColvinElliott Jeb HaberAmeya BhatawdekarAnthony P. Penta
    • Ryan Charles ColvinElliott Jeb HaberAmeya BhatawdekarAnthony P. Penta
    • G06F21/00H04L29/06G06F21/53G06F21/62H04L12/24
    • H04L63/10G06F21/53G06F21/6218G06F2221/2141H04L41/0893H04L63/145
    • Malware detection is often based on monitoring a local application binary and/or process, such as detecting patterns of malicious code, unusual local resource utilization, or suspicious application behavior. However, the volume of available software, variety of malware, and sophistication of evasion techniques may reduce the effectiveness of detection based on monitoring local resources. Presented herein are techniques for identifying malware based on the reputations of remote resources (e.g., web content, files, databases, IP addresses, services, and users) accessed by an application. Remote resource accesses may be reported to a reputation service, which may identify reputations of remote resources, and application reputations of applications that utilize such remote resources. These application reputations may be used to adjust the application policies of the applications executed by devices and servers. These techniques thereby achieve rapid detection and mitigation of newly identified malware through application telemetry in a predominantly automated manner.
    • 恶意软件检测通常基于监视本地应用程序二进制和/或进程,例如检测恶意代码的模式,异常的本地资源利用率或可疑应用程序行为。 然而,可用软件的数量,各种恶意软件和复杂的逃避技术可能会降低基于监视本地资源的检测的有效性。 这里提出的是基于由应用访问的远程资源(例如,web内容,文件,数据库,IP地址,服务和用户)的声誉来识别恶意软件的技术。 远程资源访问可以被报告给信誉服务,信誉服务可以识别远程资源的信誉,以及利用这种远程资源的应用程序的应用程序信誉。 这些应用程序信誉可以用于调整由设备和服务器执行的应用程序的应用程序策略。 这些技术从而通过主要以自动化的方式通过应用遥测来实现对新识别的恶意软件的快速检测和缓解。