专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

WO2005059720A1 METHOD AND APPARATUS FOR MONITORING OPERATION OF PROCESSING SYSTEMS, RELATED NETWORK AND COMPUTER PROGRAM PRODUCT THEREFOR 审中-公开
标题翻译：用于监控处理系统运行的方法和装置，相关网络和计算机程序产品
公开(公告)号：WO2005059720A1
公开(公告)日：2005-06-30
申请号：PCT/EP2003/014385
申请日：2003-12-17
申请人： TELECOM ITALIA S.P.A. , CANGINI, Gianluca , LAMASTRA, Gerardo , CODA ZABETTA, Francesco , ABENI, Paolo , BALTATU, Madalina , D'ALESSANDRO, Rosalia , BRUSOTTI, Stefano , DI PAOLA, Sebastiano , LEONE, Manuel , FROSALI, Federico
发明人： CANGINI, Gianluca , LAMASTRA, Gerardo , CODA ZABETTA, Francesco , ABENI, Paolo , BALTATU, Madalina , D'ALESSANDRO, Rosalia , BRUSOTTI, Stefano , DI PAOLA, Sebastiano , LEONE, Manuel , FROSALI, Federico
IPC分类号： G06F1/00
CPC分类号： G06F21/554 , G06F21/55
摘要： Apparatus for monitoring operation of a processing system (A, B, ... ., X) includes a set of modules (105) for monitoring operation of a set of system primitives that allocate or release the system resources and are used by different processes running on the system. Preferably, the modules include: at least one application knowledge module (105a, 105b) tracking the processes running on the system and monitoring the resources used thereby, a network knowledge module (105c) monitoring connections by the processes running on the system, a file-system analysis module (105d) monitoring the file-related operations performed within the system, and a device monitoring module (105a) monitoring operation of commonly used modules with said system. A preferred field of application is in host-based intrusion detection systems (HIDS).
摘要翻译：用于监视处理系统（A，B，...，X）的操作的装置包括一组模块（105），用于监视分配或释放系统资源并被不同进程使用的一组系统原语的操作在系统上运行优选地，模块包括：至少一个应用知识模块（105a，105b），跟踪在系统上运行的进程并监视由此使用的资源;网络知识模块（105c），通过系统上运行的进程来监视连接;文件 - 系统分析模块（105d），监视在系统内执行的文件相关操作;以及设备监视模块（105a），监视所述系统常用模块的操作。优选的应用领域是基于主机的入侵检测系统（HIDS）。

2. 发明申请

WO2007110105A1 METHOD AND SYSTEM FOR MOBILE NETWORK SECURITY, RELATED NETWORK AND COMPUTER PROGRAM PRODUCT 审中-公开
标题翻译：移动网络安全，相关网络和计算机程序产品的方法和系统
公开(公告)号：WO2007110105A1
公开(公告)日：2007-10-04
申请号：PCT/EP2006/010448
申请日：2006-10-31
申请人： TELECOM ITALIA S.p.A. , LAMASTRA, Gerardo , ABENI, Paolo , CANGINI, Gianluca , CODA ZABETTA, Francesco
发明人： LAMASTRA, Gerardo , ABENI, Paolo , CANGINI, Gianluca , CODA ZABETTA, Francesco
IPC分类号： G06F21/00 , H04L29/06
CPC分类号： H04L51/12 , H04L51/38 , H04L63/0227 , H04L63/1491 , H04W12/12
摘要： A honeypot system (100) for protecting a mobile communication network against malware includes one or more user-less mobile devices (101 ) including a monitoring module (104) for monitoring the events conveying software applications in the associated mobile device (101 ) as well as a controller client module (107) that emulates human-like interaction with the user-less devices (101 ) as a function of the events monitored (104). The system (100) controllably performs, for the applications conveyed by the events monitored (104), one or more of the following steps: - i) installing the application on the device (101 ); - ii) executing the application installed on the device (101 ); and - iii) de-installing the application from the device (101 ). After any of these steps performed, the state of the device (101 ) is checked in order to detect if any anomalous variation has occurred in the state of the device (101 ) indicative of said at the device (101 ) being exposed to the risk of malware. If any said anomalous variation is detected, the system issues a malware alert message.
摘要翻译：用于保护移动通信网络免受恶意软件的蜜罐系统（100）包括一个或多个无用户移动设备（101），其包括监视模块（104），用于监视传送相关移动设备（101）中的软件应用的事件作为控制器客户端模块（107），其根据所监视的事件（104）模拟与无用户设备（101）的类似人的交互。所述系统（100）可控制地对由所监视的事件（104）传送的应用执行以下一个或多个步骤：i）将所述应用安装在所述设备（101）上; - ii）执行安装在设备（101）上的应用程序; 以及 - iii）从所述设备（101）去除所述应用程序。在执行了这些步骤之一之后，检查设备（101）的状态，以便检测在设备（101）处的指示所述设备（101）暴露于风险的设备（101）的状态是否发生任何异常变化的恶意软件。如果检测到任何所述异常变化，则系统发出恶意软件警报消息。

3. 发明申请

WO2006056223A1 INSTRUSION DETECTION METHOD AND SYSTEM, RELATED NETWORK AND COMPUTER PROGRAM PRODUCT THEREFOR 审中-公开
标题翻译： INSTRUSION检测方法和系统，相关网络和计算机程序产品
公开(公告)号：WO2006056223A1
公开(公告)日：2006-06-01
申请号：PCT/EP2004/013424
申请日：2004-11-26
申请人： TELECOM ITALIA S.P.A. , CANGINI, Gianluca , CODA ZABETTA, Francesco , LAMASTRA, Gerardo
发明人： CANGINI, Gianluca , CODA ZABETTA, Francesco , LAMASTRA, Gerardo
IPC分类号： G06F1/00
CPC分类号： H04L63/1408 , G06F21/552 , G06F21/554 , G06F2221/2135 , G06F2221/2151
摘要： Intrusions in a system under surveillance are detected by matching (108) the events occurring during operation of said system against a knowledge base including information on events occurred during a learning phase (101). The detection technique disclosed includes the steps of: recording, during the learning phase (101), temporal data related to the events during said learning phase (101); identifying (103), as a function of said temporal data recorded, a dynamic part of the knowledge base; discovering (106) patterns that cover the dynamic part of the knowledge base; and using, during the analysis phase (108), a regular expression match at least in respect of said dynamic part of the knowledge base.
摘要翻译：通过在所述系统的操作期间发生的事件与知识库（包括关于在学习阶段期间发生的事件的信息）（101）匹配（108）来检测被监视的系统中的入侵。所公开的检测技术包括以下步骤：在学习阶段（101）期间记录与所述学习阶段（101）期间的事件相关的时间数据; 识别（103）作为所记录的所述时间数据的函数，知识库的动态部分; 发现（106）覆盖知识库动态部分的模式; 以及在所述分析阶段（108）期间至少针对所述知识库的所述动态部分使用正则表达式匹配。

4. 发明申请

WO2007110093A1 A METHOD AND SYSTEM FOR IDENTIFYING MALICIOUS MESSAGES IN MOBILE COMMUNICATION NETWORKS, RELATED NETWORK AND COMPUTER PROGRAM PRODUCT THEREFOR 审中-公开
标题翻译：用于识别移动通信网络中的恶意消息的方法和系统，其相关网络和计算机程序产品
公开(公告)号：WO2007110093A1
公开(公告)日：2007-10-04
申请号：PCT/EP2006/002787
申请日：2006-03-27
申请人： TELECOM ITALIA S.p.A. , LAMASTRA, Gerardo , CANGINI, Gianluca , CODA ZABETTA, Francesco , SPERTI, Luigi
发明人： LAMASTRA, Gerardo , CANGINI, Gianluca , CODA ZABETTA, Francesco , SPERTI, Luigi
IPC分类号： H04L29/06 , H04Q7/38
CPC分类号： H04L51/12 , H04L51/38 , H04L63/0227 , H04L63/1491 , H04W12/12
摘要： A system for identifying malicious messages transmitted over a mobile communication network includes: sentinel modules (100) associated with respective mobile terminals (101) in the network for monitoring messages passing therethrough; the sentinel modules (100) identify as a candidate malicious message any message passing through the mobile terminals (101) and failing to comply with a first set of patterns and issue a corresponding sentinel identification message; a set of probe modules (105, 106) for monitoring messages transmitted over the network (401); the probe modules (105, 106) identify as a candidate malicious message any message transmitted over the network and failing to comply with a second set of patterns and issue a corresponding probe identification message; and preferably at least one client honeypot module (104) for receiving and processing any messages sent thereto to produce corresponding processing results; the client honeypot module (104) identifies as a candidate malicious message any message producing a processing result failing to comply with a third set of patterns and issues a corresponding client honeypot identification message. The system also includes a correlation subsystem (102) for receiving the identification messages from the various sentinel (100), probe (105, 106) and client honeypot (104) modules and identifying as a malicious message any message for which identification messages are received from a plurality of these modules (100; 105, 106; 104).
摘要翻译：用于识别通过移动通信网络发送的恶意消息的系统包括：与网络中的相应移动终端（101）相关联的哨兵模块（100），用于监视通过其的消息; 哨兵模块（100）将通过移动终端（101）的任何消息识别为候选恶意消息，并且不符合第一组模式并发出相应的哨兵识别消息; 一组用于监视通过网络传输的消息的探测模块（105,106）; 探测模块（105,106）将通过网络发送的任何消息识别为候选恶意消息，并且不符合第二组模式并发出相应的探测器识别消息; 并且优选地至少一个客户端蜜罐模块（104）用于接收和处理发送到其上的任何消息以产生相应的处理结果; 客户端蜜罐模块（104）将产生未能符合第三组模式的处理结果的消息识别为候选恶意消息，并且发出相应的客户端蜜罐识别消息。该系统还包括用于从各种前哨（100），探测（105,106）和客户机蜜罐（104）模块接收标识消息的相关子系统（102），并将用于识别消息的任何消息标识为恶意消息来自多个这些模块（100; 105,106; 104）。

5. 发明申请

WO2005050414A1 METHOD AND SYSTEM FOR INTRUSION PREVENTION AND DEFLECTION, 审中-公开
标题翻译：侵入和预防的方法和系统，
公开(公告)号：WO2005050414A1
公开(公告)日：2005-06-02
申请号：PCT/EP2003/012090
申请日：2003-10-30
申请人： TELECOM ITALIA S.P.A. , BRUSOTTI, Stefano , CODA ZABETTA, Francesco
发明人： BRUSOTTI, Stefano , CODA ZABETTA, Francesco
IPC分类号： G06F1/00
CPC分类号： H04L63/1408 , H04L43/00 , H04L63/02
摘要： A system for preventing intrusion in communication traffic with a set (130) of machines in a network includes a data base (415) having stored therein patterns representative of forbidden communication entities as well a firewall module (412a) configured for blocking forbidden communication entities in the traffic as identified by respective patterns included in the data base (415). The system further includes another data base (416) having stored therein patterns representative of allowed communication entities for communication with said set of machines (130) and a test system (420) including test facilities (421) replicating the machines in said set (130). A communication module (410) is provided configured for allowing (411b) communication of allowed communication entities as identified by respective patterns included in the other data base (416). Unknown communication entities as identified by respective unknown patterns not included in either of said data base (415) and said further data base (416) are directed (411d) to the test system (420) and run on the test facilities (421) therein to detect possible adverse effects of such unknown communication entities on the test system. The system is further configured so that: i) in the presence of an adverse effect, the unknown communication entity leading to the adverse effect is blocked by the firewall module (412a), and ii) in the absence of an adverse effect, communication of the unknown communication entity failing to lead to said adverse effect is allowed.
摘要翻译：一种用于防止在网络中的一组机器（130）入侵通信业务的系统包括：数据库（415），其中存储有表示禁止通信实体的模式，以及防火墙模块（412a），其被配置为阻止禁止的通信实体由数据库（415）中包括的相应模式识别的业务。该系统还包括另一数据库（416），其中存储有表示允许与所述机器组（130）通信的允许通信实体的模式和包括复制所述组中的机器的测试设备（421）的测试系统（420））。提供通信模块（410），其被配置为允许（411b）通过包括在其他数据库（416）中的各个模式所识别的允许的通信实体的通信。未包括在所述数据库（415）和所述另外的数据库（416）之一中的未知模式识别的未知通信实体被指向（411d）到测试系统（420）并且在其上的测试设施（421）上运行以检测这种未知通信实体对测试系统的可能的不利影响。该系统进一步配置为：i）在存在不利影响的情况下，导致不利影响的未知通信实体被防火墙模块（412a）阻止，以及ii）在没有不利影响的情况下，允许未知的通信实体不能导致所述不利影响。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式