专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

WO2005059720A1 METHOD AND APPARATUS FOR MONITORING OPERATION OF PROCESSING SYSTEMS, RELATED NETWORK AND COMPUTER PROGRAM PRODUCT THEREFOR 审中-公开
标题翻译：用于监控处理系统运行的方法和装置，相关网络和计算机程序产品
公开(公告)号：WO2005059720A1
公开(公告)日：2005-06-30
申请号：PCT/EP2003/014385
申请日：2003-12-17
申请人： TELECOM ITALIA S.P.A. , CANGINI, Gianluca , LAMASTRA, Gerardo , CODA ZABETTA, Francesco , ABENI, Paolo , BALTATU, Madalina , D'ALESSANDRO, Rosalia , BRUSOTTI, Stefano , DI PAOLA, Sebastiano , LEONE, Manuel , FROSALI, Federico
发明人： CANGINI, Gianluca , LAMASTRA, Gerardo , CODA ZABETTA, Francesco , ABENI, Paolo , BALTATU, Madalina , D'ALESSANDRO, Rosalia , BRUSOTTI, Stefano , DI PAOLA, Sebastiano , LEONE, Manuel , FROSALI, Federico
IPC分类号： G06F1/00
CPC分类号： G06F21/554 , G06F21/55
摘要： Apparatus for monitoring operation of a processing system (A, B, ... ., X) includes a set of modules (105) for monitoring operation of a set of system primitives that allocate or release the system resources and are used by different processes running on the system. Preferably, the modules include: at least one application knowledge module (105a, 105b) tracking the processes running on the system and monitoring the resources used thereby, a network knowledge module (105c) monitoring connections by the processes running on the system, a file-system analysis module (105d) monitoring the file-related operations performed within the system, and a device monitoring module (105a) monitoring operation of commonly used modules with said system. A preferred field of application is in host-based intrusion detection systems (HIDS).
摘要翻译：用于监视处理系统（A，B，...，X）的操作的装置包括一组模块（105），用于监视分配或释放系统资源并被不同进程使用的一组系统原语的操作在系统上运行优选地，模块包括：至少一个应用知识模块（105a，105b），跟踪在系统上运行的进程并监视由此使用的资源;网络知识模块（105c），通过系统上运行的进程来监视连接;文件 - 系统分析模块（105d），监视在系统内执行的文件相关操作;以及设备监视模块（105a），监视所述系统常用模块的操作。优选的应用领域是基于主机的入侵检测系统（HIDS）。

2. 发明申请

WO2007110105A1 METHOD AND SYSTEM FOR MOBILE NETWORK SECURITY, RELATED NETWORK AND COMPUTER PROGRAM PRODUCT 审中-公开
标题翻译：移动网络安全，相关网络和计算机程序产品的方法和系统
公开(公告)号：WO2007110105A1
公开(公告)日：2007-10-04
申请号：PCT/EP2006/010448
申请日：2006-10-31
申请人： TELECOM ITALIA S.p.A. , LAMASTRA, Gerardo , ABENI, Paolo , CANGINI, Gianluca , CODA ZABETTA, Francesco
发明人： LAMASTRA, Gerardo , ABENI, Paolo , CANGINI, Gianluca , CODA ZABETTA, Francesco
IPC分类号： G06F21/00 , H04L29/06
CPC分类号： H04L51/12 , H04L51/38 , H04L63/0227 , H04L63/1491 , H04W12/12
摘要： A honeypot system (100) for protecting a mobile communication network against malware includes one or more user-less mobile devices (101 ) including a monitoring module (104) for monitoring the events conveying software applications in the associated mobile device (101 ) as well as a controller client module (107) that emulates human-like interaction with the user-less devices (101 ) as a function of the events monitored (104). The system (100) controllably performs, for the applications conveyed by the events monitored (104), one or more of the following steps: - i) installing the application on the device (101 ); - ii) executing the application installed on the device (101 ); and - iii) de-installing the application from the device (101 ). After any of these steps performed, the state of the device (101 ) is checked in order to detect if any anomalous variation has occurred in the state of the device (101 ) indicative of said at the device (101 ) being exposed to the risk of malware. If any said anomalous variation is detected, the system issues a malware alert message.
摘要翻译：用于保护移动通信网络免受恶意软件的蜜罐系统（100）包括一个或多个无用户移动设备（101），其包括监视模块（104），用于监视传送相关移动设备（101）中的软件应用的事件作为控制器客户端模块（107），其根据所监视的事件（104）模拟与无用户设备（101）的类似人的交互。所述系统（100）可控制地对由所监视的事件（104）传送的应用执行以下一个或多个步骤：i）将所述应用安装在所述设备（101）上; - ii）执行安装在设备（101）上的应用程序; 以及 - iii）从所述设备（101）去除所述应用程序。在执行了这些步骤之一之后，检查设备（101）的状态，以便检测在设备（101）处的指示所述设备（101）暴露于风险的设备（101）的状态是否发生任何异常变化的恶意软件。如果检测到任何所述异常变化，则系统发出恶意软件警报消息。

3. 发明申请

WO2006056223A1 INSTRUSION DETECTION METHOD AND SYSTEM, RELATED NETWORK AND COMPUTER PROGRAM PRODUCT THEREFOR 审中-公开
标题翻译： INSTRUSION检测方法和系统，相关网络和计算机程序产品
公开(公告)号：WO2006056223A1
公开(公告)日：2006-06-01
申请号：PCT/EP2004/013424
申请日：2004-11-26
申请人： TELECOM ITALIA S.P.A. , CANGINI, Gianluca , CODA ZABETTA, Francesco , LAMASTRA, Gerardo
发明人： CANGINI, Gianluca , CODA ZABETTA, Francesco , LAMASTRA, Gerardo
IPC分类号： G06F1/00
CPC分类号： H04L63/1408 , G06F21/552 , G06F21/554 , G06F2221/2135 , G06F2221/2151
摘要： Intrusions in a system under surveillance are detected by matching (108) the events occurring during operation of said system against a knowledge base including information on events occurred during a learning phase (101). The detection technique disclosed includes the steps of: recording, during the learning phase (101), temporal data related to the events during said learning phase (101); identifying (103), as a function of said temporal data recorded, a dynamic part of the knowledge base; discovering (106) patterns that cover the dynamic part of the knowledge base; and using, during the analysis phase (108), a regular expression match at least in respect of said dynamic part of the knowledge base.
摘要翻译：通过在所述系统的操作期间发生的事件与知识库（包括关于在学习阶段期间发生的事件的信息）（101）匹配（108）来检测被监视的系统中的入侵。所公开的检测技术包括以下步骤：在学习阶段（101）期间记录与所述学习阶段（101）期间的事件相关的时间数据; 识别（103）作为所记录的所述时间数据的函数，知识库的动态部分; 发现（106）覆盖知识库动态部分的模式; 以及在所述分析阶段（108）期间至少针对所述知识库的所述动态部分使用正则表达式匹配。

4. 发明申请

WO2007110093A1 A METHOD AND SYSTEM FOR IDENTIFYING MALICIOUS MESSAGES IN MOBILE COMMUNICATION NETWORKS, RELATED NETWORK AND COMPUTER PROGRAM PRODUCT THEREFOR 审中-公开
标题翻译：用于识别移动通信网络中的恶意消息的方法和系统，其相关网络和计算机程序产品
公开(公告)号：WO2007110093A1
公开(公告)日：2007-10-04
申请号：PCT/EP2006/002787
申请日：2006-03-27
申请人： TELECOM ITALIA S.p.A. , LAMASTRA, Gerardo , CANGINI, Gianluca , CODA ZABETTA, Francesco , SPERTI, Luigi
发明人： LAMASTRA, Gerardo , CANGINI, Gianluca , CODA ZABETTA, Francesco , SPERTI, Luigi
IPC分类号： H04L29/06 , H04Q7/38
CPC分类号： H04L51/12 , H04L51/38 , H04L63/0227 , H04L63/1491 , H04W12/12
摘要： A system for identifying malicious messages transmitted over a mobile communication network includes: sentinel modules (100) associated with respective mobile terminals (101) in the network for monitoring messages passing therethrough; the sentinel modules (100) identify as a candidate malicious message any message passing through the mobile terminals (101) and failing to comply with a first set of patterns and issue a corresponding sentinel identification message; a set of probe modules (105, 106) for monitoring messages transmitted over the network (401); the probe modules (105, 106) identify as a candidate malicious message any message transmitted over the network and failing to comply with a second set of patterns and issue a corresponding probe identification message; and preferably at least one client honeypot module (104) for receiving and processing any messages sent thereto to produce corresponding processing results; the client honeypot module (104) identifies as a candidate malicious message any message producing a processing result failing to comply with a third set of patterns and issues a corresponding client honeypot identification message. The system also includes a correlation subsystem (102) for receiving the identification messages from the various sentinel (100), probe (105, 106) and client honeypot (104) modules and identifying as a malicious message any message for which identification messages are received from a plurality of these modules (100; 105, 106; 104).
摘要翻译：用于识别通过移动通信网络发送的恶意消息的系统包括：与网络中的相应移动终端（101）相关联的哨兵模块（100），用于监视通过其的消息; 哨兵模块（100）将通过移动终端（101）的任何消息识别为候选恶意消息，并且不符合第一组模式并发出相应的哨兵识别消息; 一组用于监视通过网络传输的消息的探测模块（105,106）; 探测模块（105,106）将通过网络发送的任何消息识别为候选恶意消息，并且不符合第二组模式并发出相应的探测器识别消息; 并且优选地至少一个客户端蜜罐模块（104）用于接收和处理发送到其上的任何消息以产生相应的处理结果; 客户端蜜罐模块（104）将产生未能符合第三组模式的处理结果的消息识别为候选恶意消息，并且发出相应的客户端蜜罐识别消息。该系统还包括用于从各种前哨（100），探测（105,106）和客户机蜜罐（104）模块接收标识消息的相关子系统（102），并将用于识别消息的任何消息标识为恶意消息来自多个这些模块（100; 105,106; 104）。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式