专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20090265786A1 AUTOMATIC BOTNET SPAM SIGNATURE GENERATION 审中-公开
标题翻译：自动BOTNET垃圾邮件签名生成
公开(公告)号：US20090265786A1
公开(公告)日：2009-10-22
申请号：US12104441
申请日：2008-04-17
申请人： Yinglian Xie , Fang Yu , Kannan Achan , Rina Panigrahy , Ivan Osipkov , Geoffrey J. Hulten
发明人： Yinglian Xie , Fang Yu , Kannan Achan , Rina Panigrahy , Ivan Osipkov , Geoffrey J. Hulten
IPC分类号： G06F21/00
CPC分类号： H04L63/1441 , G06F21/564 , G06F2221/2145 , H04L51/12 , H04L63/126 , H04L2463/144
摘要： A framework may be used for generating URL signatures to identify botnet spam and membership. The framework may take a set of unlabeled emails as input that are grouped based on URLs contained within the emails. The framework may return a set of spam URL signatures and a list of corresponding botnet host IP addresses by analyzing the URLs within the emails that are contained within the groups. Each URL signature may be in the form of either a complete URL string or a URL regular expression. The signatures may be used to identify spam emails launched from botnets, while the knowledge of botnet host identities can help filter other spam emails also sent by them.
摘要翻译：一个框架可以用于生成URL签名来识别僵尸网络垃圾邮件和会员资格。框架可以采用一组未标记的电子邮件作为基于邮件中包含的URL分组的输入。框架可以通过分析包含在组内的电子邮件中的URL来返回一组垃圾邮件URL签名和相应僵尸网络主机IP地址的列表。每个URL签名可以是完整的URL字符串或URL正则表达式的形式。签名可用于识别从僵尸网络发起的垃圾邮件，而僵尸网络主机身份的知识可以帮助过滤他们发送的其他垃圾邮件。

2. 发明授权

US08745731B2 Clustering botnet behavior using parameterized models 有权
标题翻译：使用参数化模型集群僵尸网络行为
公开(公告)号：US08745731B2
公开(公告)日：2014-06-03
申请号：US12061664
申请日：2008-04-03
申请人： Kannan Achan , Yinglian Xie , Fang Yu
发明人： Kannan Achan , Yinglian Xie , Fang Yu
IPC分类号： G06F11/00 , G06F12/14 , G06F12/16 , G06F7/04
CPC分类号： H04L63/1441 , H04L2463/144
摘要： Identification and prevention of email spam that originates from botnets may be performed by finding similarity in their host property and behavior patterns using a set of labeled data. Clustering models of host properties pertaining to previously identified and appropriately tagged botnet hosts may be learned. Given labeled data, each botnet may be examined individually and a clustering model learned to reflect upon a set of selected host properties. Once a model has been learned for every botnet, clustering behavior may be used to look for host properties that fit into a profile. Such traffic can be either discarded or tagged for subsequent analysis and can also be used to profile botnets preventing them from launching other attacks. In addition, models of individual botnets can be further clustered to form superclusters, which can help understand botnet behavior and detect future attacks.
摘要翻译：识别和预防来自僵尸网络的电子邮件垃圾邮件可以通过使用一组标签数据来查找其主机属性和行为模式的相似性来执行。可以了解与以前识别和适当标记的僵尸网络主机相关的主机属性的聚类模型。给定标签数据，可以单独检查每个僵尸网络，并且学习聚类模型以反映一组选定的主机属性。一旦为每个僵尸网络学习了一个模型，可以使用聚类行为来查找适合于配置文件的主机属性。这样的流量可以被丢弃或被标记用于后续分析，并且还可以用于描述僵尸网络，防止他们发起其他攻击。另外，个人僵尸网络的模型可以进一步集群以形成超级集群，这可以帮助了解僵尸网络行为并检测未来的攻击。

3. 发明授权

US08856360B2 Automatically identifying dynamic internet protocol addresses 有权
标题翻译：自动识别动态互联网协议地址
公开(公告)号：US08856360B2
公开(公告)日：2014-10-07
申请号：US11821211
申请日：2007-06-22
申请人： Kannan Achan , Eliot Gillum , Yinglian Xie , Fang Yu
发明人： Kannan Achan , Eliot Gillum , Yinglian Xie , Fang Yu
IPC分类号： G06F15/16 , H04L29/06 , H04L29/12
CPC分类号： H04L63/1408 , H04L29/12783 , H04L61/35
摘要： Dynamic IP addresses may be automatically identified and their dynamics patterns may be analyzed. Multi-user IP address blocks are determined as candidates for further analysis. An entropy score is determined for each IP address in every candidate block to distinguish between a dynamic IP and a static IP shared by multiple users. IP addresses with high entropy scores are grouped, and then analyzed, and may be used in various applications, such as spam filtering.
摘要翻译：可以自动识别动态IP地址，并且可以分析其动态模式。多用户IP地址块被确定为进一步分析的候选者。为每个候选块中的每个IP地址确定熵分数，以区分动态IP和由多个用户共享的静态IP。具有高熵分数的IP地址被分组，然后分析，并且可以用于各种应用中，例如垃圾邮件过滤。

4. 发明申请

US20090254989A1 CLUSTERING BOTNET BEHAVIOR USING PARAMETERIZED MODELS 有权
标题翻译：使用参数化模型聚合BOTNET行为
公开(公告)号：US20090254989A1
公开(公告)日：2009-10-08
申请号：US12061664
申请日：2008-04-03
申请人： Kannan Achan , Yinglian Xie , Fang Yu
发明人： Kannan Achan , Yinglian Xie , Fang Yu
IPC分类号： G06F11/00 , G06F9/455
CPC分类号： H04L63/1441 , H04L2463/144
摘要： Identification and prevention of email spam that originates from botnets may be performed by finding similarity in their host property and behavior patterns using a set of labeled data. Clustering models of host properties pertaining to previously identified and appropriately tagged botnet hosts may be learned. Given labeled data, each botnet may be examined individually and a clustering model learned to reflect upon a set of selected host properties. Once a model has been learned for every botnet, clustering behavior may be used to look for host properties that fit into a profile. Such traffic can be either discarded or tagged for subsequent analysis and can also be used to profile botnets preventing them from launching other attacks. In addition, models of individual botnets can be further clustered to form superclusters, which can help understand botnet behavior and detect future attacks.
摘要翻译：识别和预防来自僵尸网络的电子邮件垃圾邮件可以通过使用一组标签数据来查找其主机属性和行为模式的相似性来执行。可以了解与以前识别和适当标记的僵尸网络主机相关的主机属性的聚类模型。给定标签数据，可以单独检查每个僵尸网络，并且学习聚类模型以反映一组选定的主机属性。一旦为每个僵尸网络学习了一个模型，可以使用聚类行为来查找适合于配置文件的主机属性。这样的流量可以被丢弃或被标记用于后续分析，并且还可以用于描述僵尸网络，防止他们发起其他攻击。另外，个人僵尸网络的模型可以进一步集群以形成超级集群，这可以帮助了解僵尸网络行为并检测未来的攻击。

5. 发明申请

US20080320119A1 Automatically identifying dynamic Internet protocol addresses 有权
标题翻译：自动识别动态互联网协议地址
公开(公告)号：US20080320119A1
公开(公告)日：2008-12-25
申请号：US11821211
申请日：2007-06-22
申请人： Kannan Achan , Eliot Gillum , Yinglian Xie , Fang Yu
发明人： Kannan Achan , Eliot Gillum , Yinglian Xie , Fang Yu
IPC分类号： G06F15/177
CPC分类号： H04L63/1408 , H04L29/12783 , H04L61/35
摘要： Dynamic IP addresses may be automatically identified and their dynamics patterns may be analyzed. Multi-user IP address blocks are determined as candidates for further analysis. An entropy score is determined for each IP address in every candidate block to distinguish between a dynamic IP and a static IP shared by multiple users. IP addresses with high entropy scores are grouped, and then analyzed, and may be used in various applications, such as spam filtering.
摘要翻译：可以自动识别动态IP地址，并且可以分析其动态模式。多用户IP地址块被确定为进一步分析的候选者。为每个候选块中的每个IP地址确定熵分数，以区分动态IP和由多个用户共享的静态IP。具有高熵分数的IP地址被分组，然后分析，并且可以用于各种应用中，例如垃圾邮件过滤。

6. 发明授权

US08789171B2 Mining user behavior data for IP address space intelligence 有权
标题翻译：挖掘IP地址空间智能的用户行为数据
公开(公告)号：US08789171B2
公开(公告)日：2014-07-22
申请号：US12055321
申请日：2008-03-26
申请人： Ivan Osipkov , Geoffrey Hulten , John Mehr , Yinglian Xie , Fang Yu
发明人： Ivan Osipkov , Geoffrey Hulten , John Mehr , Yinglian Xie , Fang Yu
IPC分类号： H04L29/06
CPC分类号： H04L67/22 , H04L61/2061 , H04L63/1408 , H04L2463/144
摘要： The claimed subject matter is directed to mining user behavior data for increasing Internet Protocol (“IP”) space intelligence. Specifically, the claimed subject matter provides a method and system of mining user behavior within an IP address space and the application of the IP address space intelligence derived from the mined user behavior.In one embodiment, the IP address space intelligence is formed and/or increased with information obtained from the mined user behavior data. A system of uniquely-identified users is monitored and their behavior within the IP address space is recorded. Further data is mined from estimated characteristics about the user, including the nature of the IP address the user uses to log into the service, and characterizing the IP address according to a network type.
摘要翻译：所要求保护的主题涉及用于增加因特网协议（“IP”）空间智能的采矿用户行为数据。具体地，所要求保护的主题提供了在IP地址空间内挖掘用户行为的方法和系统，以及从开采的用户行为导出的IP地址空间智能的应用。在一个实施例中，使用从开采的用户行为数据获得的信息来形成和/或增加IP地址空间智能。监视唯一标识的用户的系统，并记录其在IP地址空间内的行为。进一步的数据从关于用户的估计特征开始，包括用户用于登录服务的IP地址的性质，以及根据网络类型表征IP地址。

7. 发明申请

US20090249480A1 MINING USER BEHAVIOR DATA FOR IP ADDRESS SPACE INTELLIGENCE 有权
标题翻译：挖掘用户行为数据进行IP地址空间智能
公开(公告)号：US20090249480A1
公开(公告)日：2009-10-01
申请号：US12055321
申请日：2008-03-26
申请人： Ivan Osipkov , Geoffrey Hulten , John Mehr , Yinglian Xie , Fang Yu
发明人： Ivan Osipkov , Geoffrey Hulten , John Mehr , Yinglian Xie , Fang Yu
IPC分类号： G06F11/00
CPC分类号： H04L67/22 , H04L61/2061 , H04L63/1408 , H04L2463/144
摘要： The claimed subject matter is directed to mining user behavior data for increasing Internet Protocol (“IP”) space intelligence. Specifically, the claimed subject matter provides a method and system of mining user behavior within an IP address space and the application of the IP address space intelligence derived from the mined user behavior.In one embodiment, the IP address space intelligence is formed and/or increased with information obtained from the mined user behavior data. A system of uniquely-identified users is monitored and their behavior within the IP address space is recorded. Further data is mined from estimated characteristics about the user, including the nature of the IP address the user uses to log into the service, and characterizing the IP address according to a network type.
摘要翻译：所要求保护的主题涉及用于增加因特网协议（“IP”）空间智能的采矿用户行为数据。具体地，所要求保护的主题提供了在IP地址空间内挖掘用户行为的方法和系统，以及从开采的用户行为导出的IP地址空间智能的应用。在一个实施例中，使用从开采的用户行为数据获得的信息来形成和/或增加IP地址空间智能。监视唯一标识的用户的系统，并记录其在IP地址空间内的行为。进一步的数据从关于用户的估计特征开始，包括用户用于登录服务的IP地址的性质，以及根据网络类型表征IP地址。

8. 发明申请

US20100223499A1 FINGERPRINTING EVENT LOGS FOR SYSTEM MANAGEMENT TROUBLESHOOTING 有权
标题翻译：指示事件日志用于系统管理故障排除
公开(公告)号：US20100223499A1
公开(公告)日：2010-09-02
申请号：US12394451
申请日：2009-02-27
申请人： Rina Panigrahy , Chad Verbowski , Yinglian Xie , Junfeng Yang , Ding Yuan
发明人： Rina Panigrahy , Chad Verbowski , Yinglian Xie , Junfeng Yang , Ding Yuan
IPC分类号： G06F11/28 , G06F11/07 , G06F17/30
CPC分类号： G06F11/079 , G06F11/0709 , G06F11/0715 , H04L41/16
摘要： A technique for automatically detecting and correcting configuration errors in a computing system. In a learning process, recurring event sequences, including e.g., registry access events, are identified from event logs, and corresponding rules are developed. In a detecting phase, the rules are applied to detected event sequences to identify violations and to recover from failures. Event sequences across multiple hosts can be analyzed. The recurring event sequences are identified efficiently by flattening a hierarchical sequence of the events such as is obtained from the Sequitur algorithm. A trie is generated from the recurring event sequences and edges of nodes of the trie are marked as rule edges or non-rule edges. A rule is formed from a set of nodes connected by rule edges. The rules can be updated as additional event sequences are analyzed. False positive suppression policies include a violation- consistency policy and an expected event disappearance policy.
摘要翻译：一种自动检测和纠正计算系统中配置错误的技术。在学习过程中，从事件日志中识别循环事件序列，包括例如注册表访问事件，并且开发相应的规则。在检测阶段，将规则应用于检测到的事件序列以识别违例行为并从故障中恢复。可以分析多个主机的事件序列。通过对诸如从Sequitur算法获得的事件的分层序列进行平坦化来有效地识别循环事件序列。从循环事件序列生成特里（trie），并将特里斯的节点的边缘标记为规则边缘或非规则边缘。规则是由一组通过规则边连接的节点形成的。当分析附加事件序列时，可以更新规则。虚假的积极抑制政策包括违规行为政策和预期的事件消失政策。

9. 发明授权

US08069374B2 Fingerprinting event logs for system management troubleshooting 有权
标题翻译：指纹事件日志用于系统管理故障排除
公开(公告)号：US08069374B2
公开(公告)日：2011-11-29
申请号：US12394451
申请日：2009-02-27
申请人： Rina Panigrahy , Chad Verbowski , Yinglian Xie , Junfeng Yang , Ding Yuan
发明人： Rina Panigrahy , Chad Verbowski , Yinglian Xie , Junfeng Yang , Ding Yuan
IPC分类号： G06F11/00
CPC分类号： G06F11/079 , G06F11/0709 , G06F11/0715 , H04L41/16
摘要： A technique for automatically detecting and correcting configuration errors in a computing system. In a learning process, recurring event sequences, including e.g., registry access events, are identified from event logs, and corresponding rules are developed. In a detecting phase, the rules are applied to detected event sequences to identify violations and to recover from failures. Event sequences across multiple hosts can be analyzed. The recurring event sequences are identified efficiently by flattening a hierarchical sequence of the events such as is obtained from the Sequitur algorithm. A trie is generated from the recurring event sequences and edges of nodes of the trie are marked as rule edges or non-rule edges. A rule is formed from a set of nodes connected by rule edges. The rules can be updated as additional event sequences are analyzed. False positive suppression policies include a violation-consistency policy and an expected event disappearance policy.
摘要翻译：一种自动检测和纠正计算系统中配置错误的技术。在学习过程中，从事件日志中识别循环事件序列，包括例如注册表访问事件，并且开发相应的规则。在检测阶段，将规则应用于检测到的事件序列以识别违例行为并从故障中恢复。可以分析多个主机的事件序列。通过对诸如从Sequitur算法获得的事件的分层序列进行平坦化来有效地识别循环事件序列。从循环事件序列生成特里（trie），并将特里斯的节点的边缘标记为规则边缘或非规则边缘。规则是由一组通过规则边连接的节点形成的。当分析附加事件序列时，可以更新规则。虚假的积极抑制政策包括违规一致性政策和预期的事件消失政策。

10. 发明授权

US08434150B2 Using social graphs to combat malicious attacks 有权
标题翻译：使用社交图来对抗恶意攻击
公开(公告)号：US08434150B2
公开(公告)日：2013-04-30
申请号：US13070497
申请日：2011-03-24
申请人： Yinglian Xie , Fang Yu , Martin Abadi , Eliot C. Gillum , Junxian Huang , Zhuoqing Morley Mao , Jason D. Walter , Krishna Vitaldevara
发明人： Yinglian Xie , Fang Yu , Martin Abadi , Eliot C. Gillum , Junxian Huang , Zhuoqing Morley Mao , Jason D. Walter , Krishna Vitaldevara
IPC分类号： H04L29/06
CPC分类号： H04L63/145 , H04L51/12
摘要： Detection of user accounts associated with spammer attacks may be performed by constructing a social graph of email users. Biggest connected components (BCC) of the social graph may be used to identify legitimate user accounts, as the majority of the users in the biggest connected components are legitimate users. BCC users may be used to identify more legitimate users. Using degree-based detection techniques and PageRank based detection techniques, the hijacked user accounts and spammer user accounts may be identified. The users' email sending and receiving behaviors may also be examined, and the subgraph structure may be used to detect stealthy attackers. From the social graph analysis, legitimate user accounts, malicious user accounts, and compromised user accounts can be identified.
摘要翻译：可以通过构建电子邮件用户的社交图来执行与垃圾邮件发送者攻击相关联的用户帐户的检测。社交图的最大连接组件（BCC）可用于识别合法用户帐户，因为最大连接组件中的大多数用户是合法用户。 BCC用户可能用于识别更多的合法用户。使用基于程度的检测技术和基于PageRank的检测技术，可以识别被劫持的用户帐户和垃圾邮件发送者用户帐户。还可以检查用户的电子邮件发送和接收行为，并且子图结构可以用于检测隐身攻击者。从社交图分析，可以识别合法用户帐户，恶意用户帐户和受影响的用户帐户。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式