专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

51. 发明申请

WO2017208241A3 AUDIT LOG ENHANCEMENT 审中-公开
公开(公告)号：WO2017208241A3
公开(公告)日：2017-12-07
申请号：PCT/IL2017/050608
申请日：2017-06-01
申请人： VARONIS SYSTEMS LTD.
发明人： FAITELSON, Yakov
IPC分类号： G06F21/55 , G06F21/60 , G06F21/71 , G06F21/78 , G06F21/50
摘要： A system for monitoring actual access to data elements in an enterprise computer network and providing associated data, the system including an at least near real time data element audit subsystem providing audit output data including at least one of a time stamp, identification of an accessor, user depository stored data regarding the accessor, accessed data element data, affected data element data, type of access operation, source IP address of access and access outcome data, in at least near real time, relating to actual access to data elements in the enterprise computer network, and an additional data providing subsystem receiving in at least near real time at least a part of the audit output data and utilizing the at least part of the audit output data for providing additional data which is not part of the audit output data.

52. 发明申请

WO2017196463A1 SYSTEMS AND METHODS FOR DETERMINING SECURITY RISK PROFILES 审中-公开
标题翻译：确定安全风险特征的系统和方法
公开(公告)号：WO2017196463A1
公开(公告)日：2017-11-16
申请号：PCT/US2017/026181
申请日：2017-04-05
申请人： SYMANTEC CORPORATION
发明人： RANJAN, Gyan
IPC分类号： G06F21/50
摘要： A computer-implemented method for determining security risk profiles may include (1) detecting a security breach of an entity within a set of entities, (2) constructing a peer-similarity graph that identifies an incentive to attack the entity in comparison to other entities within the set of entities, (3) creating, using the peer-similarity graph, a security risk profile for each entity in the set of entities, (4) automatically adjusting at least one security risk profile based on the detected security breach, and (5) updating a security database with the adjusted security risk profile. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译：用于确定安全风险简档的计算机实现的方法可以包括（1）检测一组实体内的实体的安全违规，（2）构建识别对（3）使用同级相似度图创建该组实体中的每个实体的安全风险简档，（4）自动调整至少一个安全风险简档基于检测到的安全漏洞，以及（5）用调整后的安全风险简档更新安全数据库。还公开了各种其他方法，系统和计算机可读介质。

53. 发明申请

WO2017180057A1 SYSTEM AND METHOD FOR THREAT INCIDENTS CORROBORATION IN DISCRETE TEMPORAL REFERENCE USING 3D ABSTRACT MODELLING 审中-公开
标题翻译：使用3D抽象建模在离散时间参考中对威胁事件进行校正的系统和方法
公开(公告)号：WO2017180057A1
公开(公告)日：2017-10-19
申请号：PCT/SG2016/050175
申请日：2016-04-11
申请人： CERTIS CISCO SECURITY PTE LTD
发明人： LIM, Keng Leng Albert
IPC分类号： G06F21/00 , G06F21/50
摘要： A system and method for evaluating cyber-security threat incidents of a computer network is described in this document. In particular, it is described that cyber-security threat incidents of a computer network may be visualized by displaying these threat incidents as a plurality of graphical objects on a display of a device. A subset of these graphical objects or threat incidents may then be selected by applying a single continuous touch input to a touch interface of the device. A risk score will then be generated and displayed based on the threat incidents that are contained within the subset of graphical objects. Mitigation actions addressing the cyber-security threats that triggered these threat incidents are then implemented by the device.
摘要翻译：本文描述了用于评估计算机网络的网络安全威胁事件的系统和方法。具体而言，描述了通过将这些威胁事件显示为设备的显示器上的多个图形对象，可以使计算机网络的网络安全威胁事件可视化。然后可以通过将单个连续触摸输入应用于设备的触摸界面来选择这些图形对象或威胁事件的子集。然后基于包含在图形对象子集内的威胁事件生成并显示风险评分。针对触发这些威胁事件的网络安全威胁的缓解措施随后由设备实施。

54. 发明申请

WO2017165288A1 SYSTEMS, METHODS, AND DEVICES FOR SECURELY MANAGING NETWORK CONNECTIONS 审中-公开
标题翻译：用于安全地管理网络连接的系统，方法和设备
公开(公告)号：WO2017165288A1
公开(公告)日：2017-09-28
申请号：PCT/US2017/023196
申请日：2017-03-20
申请人： SNOWFLAKE COMPUTING INC.
发明人： ARMSTRONG, James, Calvin , CLAYBAUGH, Jonathan
IPC分类号： G06F21/50
摘要： The disclosure relates generally to methods, systems, and apparatuses for managing network connections. A system for managing network connections includes a storage component, a decoding component, a rule manager component, and a notification component. The storage component is configured to store a list of expected connections for a plurality of networked machines, wherein each connection in the list of expected connections defines a start point and an end point for the connection. The decoding component is configured to decode messages from the plurality of networked machines indicating one or more connections for a corresponding machine. The rule manager component is configured to identify an unexpected presence or absence of a connection on at least one of the plurality of network machines based on the list of expected connections. The notification component is configured to provide a notification or indication of the unexpected presence or absence.
摘要翻译：本公开一般涉及用于管理网络连接的方法，系统和设备。一种用于管理网络连接的系统包括存储组件，解码组件，规则管理器组件和通知组件。存储组件被配置为存储多个联网机器的预期连接的列表，其中预期连接的列表中的每个连接定义该连接的起点和终点。解码组件被配置为解码来自多个联网机器的指示对应机器的一个或多个连接的消息。规则管理器组件被配置为基于预期连接的列表来识别多个网络机器中的至少一个上的连接的意外存在或不存在。通知组件被配置为提供意外存在或不存在的通知或指示。

55. 发明申请

WO2017165074A1 METHODS AND SYSTEMS FOR UTILIZING INFORMATION COLLECTED FROM MULTIPLE SENSORS TO PROTECT A VEHICLE FROM MALWARE AND ATTACKS 审中-公开
标题翻译：利用从多个传感器收集的信息保护来自恶魔的车辆和攻击的方法和系统
公开(公告)号：WO2017165074A1
公开(公告)日：2017-09-28
申请号：PCT/US2017/019403
申请日：2017-02-24
申请人： QUALCOMM INCORPORATED
发明人： GUPTA, Rajarshi , DAS, Saumitra Mohan , KRISHNAMURTHI, Govindarajan , AHMADZADEH, Seyed Ali
IPC分类号： G06F21/50 , B60W50/14
摘要： Various embodiments include methods, and computing devices implementing the methods, for analyzing sensor information to identify an abnormal vehicle behavior. A computing device may monitor sensors (e.g., a closely-integrated vehicle sensor, a loosely-integrated vehicle sensor, a non-vehicle sensor, etc.) in the vehicle to collect the sensor information, analyze the collected sensor information to generate an analysis result, and use the generated analysis result to determine whether a behavior of the vehicle is abnormal. The computing device may also generate a communication message in response to determining that the behavior of the vehicle is abnormal, and send the generated communication message to an external entity.
摘要翻译：各种实施例包括实现这些方法的方法和计算设备，用于分析传感器信息以识别异常车辆行为。计算设备可以监测车辆中的传感器（例如，紧密集成的车辆传感器，松散集成的车辆传感器，非车辆传感器等）以收集传感器信息，分析收集的传感器信息以生成分析结果，并使用生成的分析结果来确定车辆的行为是否异常。计算设备还可以响应于确定车辆的行为异常而生成通信消息，并将生成的通信消息发送给外部实体。

56. 发明申请

WO2017112337A1 SYSTEM AND METHOD FOR ENABLING SECURE MEMORY TRANSACTIONS USING ENCLAVES 审中-公开
标题翻译：用于使用ENCLAVES来启用安全存储器事务的系统和方法
公开(公告)号：WO2017112337A1
公开(公告)日：2017-06-29
申请号：PCT/US2016/063764
申请日：2016-11-25
申请人： INTEL CORPORATION
发明人： NARENDRA TRIVEDI, Alpa , SAHITA, Ravi , DURHAM, David , GREWAL, Karanvir , DEWAN, Prashant , CHHABRA, Siddhartha
IPC分类号： G06F21/50 , G06F21/78
CPC分类号： G06F21/53 , G06F9/5077 , G06F9/544 , G06F12/1009 , G06F12/1081 , G06F13/28 , G06F21/606 , G06F21/6218 , G06F2212/1052 , G06F2212/152 , G06F2212/251 , G06F2213/28 , G06F2221/034
摘要： Various embodiments are generally directed to an apparatus, method, and other techniques to provide direct-memory access, memory-mapped input-output, and/or other memory transactions between devices designated for use by an enclave and the enclave itself. A secure device address map may be configured to map addresses for the enslave device and the enclave, and a register filter component may grant access to the enclave device to the enclave.
摘要翻译：各种实施例通常涉及用于在指定供飞地使用的设备之间提供直接存储器访问，存储器映射的输入输出和/或其它存储器事务的设备，方法和其他技术和飞地本身。安全设备地址映射可以被配置为映射奴役设备和飞地的地址，并且寄存器过滤器组件可以授予飞地设备对飞地的访问。

57. 发明申请

WO2017090045A1 SYSTEM AND METHOD FOR DETECTING A CYBER-ATTACK AT SCADA/ICS MANAGED PLANTS 审中-公开
标题翻译：用于检测SCADA / ICS管理工厂中的网络攻击的系统和方法
公开(公告)号：WO2017090045A1
公开(公告)日：2017-06-01
申请号：PCT/IL2016/051268
申请日：2016-11-25
申请人： RAFAEL ADVANCED DEFENSE SYSTEMS LTD.
发明人： AROV, Michael , OCHMAN, Ronen , COHEN, Moshe
IPC分类号： G06F21/50 , G06F11/00 , H04L12/12
CPC分类号： G06F21/85 , G06F21/552 , G06F21/577 , H04L12/12 , H04L63/1416 , H04L67/12
摘要： System for detecting a cyber-attack inflicted by an attacker seeking to cause physical damage to, or harm functionality of, a SCADA system managed plant, comprising passively connected to the SCADA system. Each of the industrial computerized devices comprises a processor that is configured with a data validation module to determine whether data flow outputted from a SCADA- connected controller, adapted to command operation of each electromechanical component of a corresponding controlled subsystem of the plant, is authentic, and with an alert issuing mechanism that is activated following detection that the outputted data flow is indicative of a cyber-attack perpetrated with respect to the controller. The at least one dedicated industrial computerized device is operable to passively monitor in parallel, by the one or more dedicated industrial computerized device, data communicated between each of the controllers and the SCADA system including the outputted data at the nearest points of each of the controllers; seek, by the one or more dedicated industrial computerized devices, mismatches between the plant state and the physical operation model; if a mismatch is detected, determine by the dedicated industrial computerized device whether the mismatch is indicative of a cyber-attack perpetrated with respect to one of the controllers or an operational malfunction; and upon detecting a cyber- attack, activate the alert issuing mechanism to issue a security alert.
摘要翻译：用于检测由攻击者造成的网络攻击的系统，该攻击者试图对SCADA系统管理的工厂造成物理损坏或损害其功能，包括被动地连接到SCADA系统。每个工业计算机化设备包括处理器，该处理器配置有数据验证模块以确定从SCADA连接的控制器输出的数据流是否可信，该数据流适用于命令该设备的相应受控子系统的每个机电组件的操作，并且具有在检测到输出的数据流指示针对控制器进行的网络攻击之后激活的警报发布机构。所述至少一个专用工业计算机化设备可操作以被动地并行地由所述一个或多个专用工业计算机化设备监视在每个所述控制器与所述SCADA系统之间传送的包括在每个所述控制器的最近点处输出的数据的数据 ; 通过一个或多个专用工业计算机化设备寻找工厂状态与物理操作模型之间的不匹配; 如果检测到不匹配，则由专用工业计算机化装置确定该不匹配是否指示针对一个控制器进行的网络攻击或操作故障; 并在检测到网络攻击时，激活警报发布机制以发出安全警报。

58. 发明申请

WO2017074402A1 METHODS FOR PREVENTING COMPUTER ATTACKS IN TWO-PHASE FILTERING AND APPARATUSES USING THE SAME 审中-公开
标题翻译：防止计算机攻击的方法在两相过滤和设备使用相同
公开(公告)号：WO2017074402A1
公开(公告)日：2017-05-04
申请号：PCT/US2015/058158
申请日：2015-10-29
申请人： CLOUDCOFFER LLC , CHIANG, Kuo
发明人： CHIANG, Kuo
IPC分类号： G06F21/56 , G06F21/50
CPC分类号： G06F21/56
摘要： The invention introduces a method for preventing computer attacks in two-phase filtering, performed by a processing unit of an apparatus, which contains at least the following steps. A service request is received from a client system, which requests a service to a protected computer-asset. The phase one filtering is performed to forward the service request to the protected computer-asset when a white-list pattern is discovered from the service request. The phase two filtering is performed subsequent to a completion of the phase one filtering.
摘要翻译：本发明引入了一种用于防止由设备的处理单元执行的两阶段过滤中的计算机攻击的方法，该方法至少包括以下步骤。从客户端系统接收服务请求，客户端系统向受保护的计算机资产请求服务。当从服务请求中发现白名单模式时，执行阶段1过滤以将服务请求转发到受保护的计算机资产。第二阶段滤波是在完成第一阶段滤波之后执行的。

59. 发明申请

WO2016022556A3 METHOD AND SYSTEM FOR RUNTIME INJECTION OF SECURE APPLICATIONS 审中-公开
标题翻译：运行时注入安全应用程序的方法和系统
公开(公告)号：WO2016022556A3
公开(公告)日：2017-05-04
申请号：PCT/US2015043603
申请日：2015-08-04
申请人： OPENPEAK INC
发明人： DOBSON ANDREW JAMES
IPC分类号： G06F21/51 , G06F21/50
CPC分类号： G06F21/52 , G06F21/51 , G06F21/54 , G06F2221/033 , G06F2221/2105
摘要： A method and system of runtime injection for a secure application are described herein. During runtime of the secure application, a conventional request from the secure application can be intercepted. The intercepted conventional request can be modified such that the request is unrecognizable to an unsecure application, which can create a secure request. In addition, the secure request can be passed to a system process to enable the system process to process the secure request.
摘要翻译：这里描述了用于安全应用的运行时注入的方法和系统。在安全应用程序运行期间，可以拦截来自安全应用程序的常规请求。截取的传统请求可以被修改，使得请求对于不安全的应用程序是不可识别的，这可以创建安全的请求。另外，可以将安全请求传递给系统进程以使系统进程能够处理安全请求。

60. 发明申请

WO2017003593A1 CUSTOMIZED NETWORK TRAFFIC MODELS TO DETECT APPLICATION ANOMALIES 审中-公开
标题翻译：定制的网络交通模式来检测应用异常
公开(公告)号：WO2017003593A1
公开(公告)日：2017-01-05
申请号：PCT/US2016/034060
申请日：2016-05-25
申请人： QUALCOMM INCORPORATED
发明人： DAS, Saumitra Mohan , MAHMOUDI, Mona , SRIDHARA, Vinay , GUPTA, Rajarshi , CHEN, Yin
IPC分类号： H04L12/26 , G06F21/50 , H04L29/06
CPC分类号： H04L63/1425 , G06F21/552 , H04L41/0631 , H04L43/0817 , H04L63/1416
摘要： Systems, methods, and devices of the various aspects enable identification of anomalous application behavior. A computing device processor may detect network communication activity of an application on the computing device. The processor may identify one or more device states of the computing device, and one or more categories of the application. The processor may determine whether the application is behaving anomalously based on a correlation of the detected network communication activity of the application, the identified one or more device states of the computing device, and the identified one or more categories of the application.
摘要翻译：各个方面的系统，方法和设备能够识别异常的应用行为。计算设备处理器可以检测计算设备上的应用的网络通信活动。处理器可以识别计算设备的一个或多个设备状态，以及应用的一个或多个类别。处理器可以基于检测到的应用的网络通信活动，所识别的计算设备的一个或多个设备状态与所识别的一个或多个应用类别之间的相关性，来确定应用是否是异常行为。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式