专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

91. 发明授权

US08868979B1 Host disaster recovery system 有权
标题翻译：主机灾难恢复系统
公开(公告)号：US08868979B1
公开(公告)日：2014-10-21
申请号：US13301604
申请日：2011-11-21
申请人： Zhihe Zhang , Zhifei Tao , Min Zhang , Yong An , Xiaodong Huang
发明人： Zhihe Zhang , Zhifei Tao , Min Zhang , Yong An , Xiaodong Huang
IPC分类号： G06F11/00
CPC分类号： G06F11/0706 , G06F11/079 , G06F11/1417 , G06F11/1446 , G06F21/56 , G06F21/575
摘要： Critical resources are identified within a computer system such as operating system files, drivers, modules and registry keys that are used to bootstrap the computer. During a successful bootstrap, these resources are saved into persistent storage during the bootstrap phase. Changes to critical resources are monitored and these resources are backed up if they are changed. Upon computer system failure, steps of identifying the type of failure and an analysis of its root cause are optionally performed. A user is presented with a bootstrap menu and critical resources necessary to bootstrap the computer are retrieved from persistent storage and saved into their appropriate locations. A successful bootstrap is then performed of the computer system in order to recover from the failure.
摘要翻译：在计算机系统中识别关键资源，例如用于引导计算机的操作系统文件，驱动程序，模块和注册表项。在成功的引导过程中，这些资源在引导阶段被保存到持久存储器中。监视对关键资源的更改，如果更改这些资源，则备份这些资源。在计算机系统故障时，可选地执行识别故障类型和分析其根本原因的步骤。向用户呈现引导菜单，并从永久存储器检索引导计算机所需的关键资源，并将其保存到适当的位置。然后对计算机系统执行成功的引导，以便从故障中恢复。

92. 发明授权

US08584233B1 Providing malware-free web content to end users using dynamic templates 有权
标题翻译：使用动态模板为最终用户提供无恶意软件的网页内容
公开(公告)号：US08584233B1
公开(公告)日：2013-11-12
申请号：US12115388
申请日：2008-05-05
申请人： Liulin Yang , Kun Lu , Shiyu Xie
发明人： Liulin Yang , Kun Lu , Shiyu Xie
IPC分类号： G06F11/00
CPC分类号： G06F21/51 , G06F21/56 , G06F2221/2119 , H04L63/145
摘要： Providing malware-free web content to a user is disclosed. The web content is any type of web content that may potentially be infected by any type of malware. Upon receiving a request for a piece of web content from the user, the requested piece of web content is obtained from the appropriate source, and a dynamic template for the piece of web content is retrieved. The dynamic template indicates whether the requested piece of web content includes any malware and what actions are to be performed if any malware is included in the piece of web content. The requested piece of web content is cleaned up by performing the actions indicated in the dynamic template. Thereafter, the piece of web content is provided to the user. The dynamic template is updated from time to time based on the currently available information regarding the piece of web content.
摘要翻译：公开了向用户提供无恶意软件的网页内容。网页内容是可能被任何类型的恶意软件感染的任何类型的网页内容。在从用户接收到一个网页内容的请求时，从适当的来源获得所请求的网页内容，并且检索用于该网页内容的动态模板。动态模板指示所请求的网页内容是否包含任何恶意软件，以及如果任何恶意软件包含在该网页内容中，将执行什么操作。通过执行动态模板中指示的操作来清除所请求的网页内容。此后，该网页内容被提供给用户。动态模板根据当前可用的有关该网页内容的信息不时更新。

93. 发明授权

US08578482B1 Cross-site script detection and prevention 有权
标题翻译：跨站脚本检测和预防
公开(公告)号：US08578482B1
公开(公告)日：2013-11-05
申请号：US11972823
申请日：2008-01-11
申请人： Shun-Fa Yang , Hsin-hsin Kuo
发明人： Shun-Fa Yang , Hsin-hsin Kuo
IPC分类号： G06F21/00
CPC分类号： G06F21/577 , G06F21/51 , H04L63/1441
摘要： A Web site uses a behavior monitor that operates as a gatekeeper for a browser. The attack injects Web content with malicious executable code that executes on an end user device when the code executes in a browser on the device. A message is received at the monitor from a browser for retrieving Web content; the browser executes on a computing device having sensitive information. The Web content is retrieved from a target Web server and analyzed for XSS. If found, the destination to which some or all of the sensitive information will be sent if the XSS executes is determined. A message is displayed in the browser regarding whether the Web content that was requested should be viewed in the browser. In this manner, execution of the XSS in the browser is prevented. The analyzing and determining steps are performed before the Web content is received by the browser.
摘要翻译：网站使用行为监视器作为浏览器的守门人。当代码在设备上的浏览器中执行时，攻击将使用在最终用户设备上执行的恶意可执行代码来注入Web内容。来自浏览器的监视器接收到用于检索Web内容的消息; 浏览器在具有敏感信息的计算设备上执行。从目标Web服务器检索Web内容并分析XSS。如果找到，则确定XSS执行时将发送一些或全部敏感信息的目的地。浏览器中会显示一条消息，指示是否应在浏览器中查看请求的Web内容。以这种方式，可以防止在浏览器中执行XSS。在浏览器接收到Web内容之前执行分析和确定步骤。

94. 发明授权

US08561188B1 Command and control channel detection with query string signature 有权
标题翻译：命令和控制通道检测与查询字符串签名
公开(公告)号：US08561188B1
公开(公告)日：2013-10-15
申请号：US13250928
申请日：2011-09-30
申请人： Jui Pang Wang , Ming-Tai Chang , Jui-Chieh Wu
发明人： Jui Pang Wang , Ming-Tai Chang , Jui-Chieh Wu
IPC分类号： G06F21/00
CPC分类号： H04L63/1425
摘要： Detection and prevention of botnet behavior is accomplished by monitoring access request in a network. Each request includes a domain of content to access and a path of content to access, and each path includes a file name and query string. Once obtained, the query strings for each of these requests are normalized. A signature is then created for each of the normalized query strings. The obtained requests can then be grouped by signature. Once the requests have been grouped by signature, each grouping is examined to identify suspicious signatures based on common botnet behavior. Suspicious requests are used in back-end and front-end defenses against botnets.
摘要翻译：通过监控网络中的访问请求来实现僵尸网络行为的检测和预防。每个请求都包括要访问的内容的域和要访问的内容的路径，并且每个路径都包含文件名和查询字符串。一旦获得，这些请求中的每一个的查询字符串被归一化。然后为每个规范化查询字符串创建一个签名。所获得的请求可以通过签名分组。一旦通过签名对请求进行了分组，则根据常见的僵尸网络行为检查每个分组以识别可疑签名。可疑请求用于后端和前端针对僵尸网络的防御。

95. 发明授权

US08554907B1 Reputation prediction of IP addresses 有权
标题翻译： IP地址的声望预测
公开(公告)号：US08554907B1
公开(公告)日：2013-10-08
申请号：US13027778
申请日：2011-02-15
申请人： RungChi Chen , Larrick Chen , Porter Chang
发明人： RungChi Chen , Larrick Chen , Porter Chang
IPC分类号： G06F7/20 , G06F7/02
CPC分类号： H04L63/1425 , H04L61/15
摘要： Daily query counts for e-mail messages sent from a number of IP addresses having unknown reputations are collected and logged, and optionally plotted. The logged query count data may optionally be normalized. The normalized query count data may also be plotted. The normalized data is divided into regions (numerically or graphically). Next, the divided regions are tagged (symbolically or graphically) with unique, symbolic identifiers such as letters, numbers, symbols or colors. Patterns for each unknown IP address are formed based upon the tagged regions. Common good and bad patterns are also identified for known good and bad IP addresses. The reputation of these unknown IP addresses are then predicted using these identified good and bad patterns using a suffix tree (for example). Finally, an output identifying the determined reputations of these unknown IP addresses is generated and output.
摘要翻译：收集和记录来自具有不明名誉的多个IP地址发送的电子邮件的每日查询计数，并且可选地绘制。记录的查询计数数据可以可选地被归一化。也可以绘制归一化查询计数数据。归一化数据被分为区域（数字或图形）。接下来，划分的区域被标记（符号地或图形地）与唯一的符号标识符，例如字母，数字，符号或颜色。基于标记区域形成每个未知IP地址的模式。也可以为已知的好的和不良的IP地址识别常见的好的和坏的模式。然后使用后缀树（例如）使用这些识别的好的和坏的模式来预测这些未知IP地址的声誉。最后，产生并输出识别这些未知IP地址的确定信誉的输出。

96. 发明授权

US08527631B1 Web site reputation service using proxy auto-configuration 有权
标题翻译：网站信誉服务使用代理自动配置
公开(公告)号：US08527631B1
公开(公告)日：2013-09-03
申请号：US12146899
申请日：2008-06-26
申请人： Han-Chang Liang
发明人： Han-Chang Liang
IPC分类号： G06F15/173 , G06F9/00
CPC分类号： G06Q10/0639 , H04L63/12 , H04L63/1441
摘要： A Web site reputation service automatically redirects a browsing request for analysis by a rating server. On the browsing request, a proxy autoconfiguration (PAC) file is downloaded from a PAC server to a Web browser of a user computer. The function of the PAC file is executed, sending a request to a rating server along with a host name of a target Web site. The function does not immediately return a proxy server, but first requests a rating of the Web site. A rating result associated with the Web site is produced by the rating server. The rating server returns the rating result and the function returns an address of a proxy server to the Web browser based upon the rating result. A user can enable the Web Proxy Autodiscovery Protocol to use the service. Access control may be implemented by applying an HTTP authentication mechanism on the Web server that hosts the PAC file.
摘要翻译：网站声誉服务会自动将浏览请求重定向到评级服务器进行分析。在浏览请求中，代理自动配置（PAC）文件从PAC服务器下载到用户计算机的Web浏览器。执行PAC文件的功能，向评级服务器发送请求以及目标网站的主机名。该功能不会立即返回代理服务器，但首先请求对该网站的评级。与网站相关的评级结果由评级服务器产生。评级服务器返回评级结果，该功能根据评级结果将代理服务器的地址返回给Web浏览器。用户可以启用Web代理自动发现协议来使用该服务。访问控制可以通过在承载PAC文件的Web服务器上应用HTTP认证机制来实现。

97. 发明授权

US08510838B1 Malware protection using file input/output virtualization 有权
标题翻译：使用文件输入/输出虚拟化的恶意软件保护
公开(公告)号：US08510838B1
公开(公告)日：2013-08-13
申请号：US12420508
申请日：2009-04-08
申请人： Mingyan Sun , Chi-Huang Fan
发明人： Mingyan Sun , Chi-Huang Fan
IPC分类号： G06F21/00
CPC分类号： G06F21/53 , G06F21/566 , G06F21/6281 , G06F21/78
摘要： Applications running in an API-proxy-based emulator are prevented from infecting a PC's hard disk when executing file I/O commands. Such commands are redirected to an I/O redirection engine instead of going directly to the PC's normal operating system where it can potentially harm files in on the hard disk. The redirection engine executes the file I/O command using a private storage area in the hard disk that is not accessible by the PC's normal operating system. If a file that is the subject of a file I/O command from an emulated application is not in the private storage area, a copy is made from the original that is presumed to exist in the public storage area. This copy is then acted on by the command and is stored in the private storage area, which can be described as a controlled, quarantined storage space on the hard disk. In this manner the PC's (or any computing device's) hard disk is defended from potential malware that may originate from applications running in emulated environments.
摘要翻译：在执行文件I / O命令时，在基于API代理的仿真器中运行的应用程序将被阻止感染PC的硬盘。这样的命令被重定向到I / O重定向引擎，而不是直接转到PC的正常操作系统，它可能会损坏硬盘上的文件。重定向引擎使用硬盘中的无法通过PC的普通操作系统访问的专用存储区域来执行文件I / O命令。如果作为模拟应用程序的文件I / O命令的主题的文件不在私有存储区域，则从假定存在于公共存储区域中的原件进行复制。该副本随后由命令执行，并存储在专用存储区域中，可以将其描述为硬盘上受控隔离的存储空间。以这种方式，PC（或任何计算设备的）硬盘可能来自可能源自在仿真环境中运行的应用程序的潜在恶意软件。

98. 发明授权

US08392357B1 Trust network to reduce e-mail spam 有权
标题翻译：信任网络来减少垃圾邮件
公开(公告)号：US08392357B1
公开(公告)日：2013-03-05
申请号：US12262441
申请日：2008-10-31
申请人： Fei Zou , Jianxin Guo
发明人： Fei Zou , Jianxin Guo
IPC分类号： G06F7/00 , G06F17/00
CPC分类号： H04L63/1416 , H04L51/12
摘要： A trust network database has any number of nodes, each node representing a user e-mail address. Links between nodes represent whether one user trusts another. Trust (that the recipient is trusted) is established when a sender sends an e-mail message to a recipient. The recipient is effectively placed on the white list for the sender. A legitimate e-mail address creates a strong trust link, otherwise it is weak. A spam count tracks by an amount of spam sent by each node. Outgoing e-mail messages are screened to make a determination that the sender trusts the recipient and that information is added to a local or remote trust network. Incoming e-mail messages are first screened to determine that the sender is legitimate. Then, the sender and recipient e-mail addresses are forwarded to the trust network to make a determination as to whether the recipient trusts the sender. A score (based upon number and type of links into or out of a node, the spam count for the node, etc.) for the sender is returned indicating whether or not the e-mail message is likely to be spam. An anti-spam engine is bypassed, used normally, or used aggressively based upon the score.
摘要翻译：信任网络数据库具有任意数量的节点，每个节点表示用户电子邮件地址。节点之间的链接表示一个用户是否信任另一个用户。当发件人向收件人发送电子邮件消息时，建立信任（收件人信任）。收件人有效地放在发件人的白名单上。一个合法的电子邮件地址创建一个强大的信任链接，否则它是弱的。垃圾邮件数量跟踪每个节点发送的垃圾邮件数量。筛选出外发电子邮件以确定发件人信任收件人，并将该信息添加到本地或远程信任网络。首先对接收的电子邮件进行筛选，以确定发件人是否合法。然后，将发送方和收件人电子邮件地址转发到信任网络，以确定收件人是否信任发件人。返回发送方的分数（基于进入或退出节点的数量和类型，节点的垃圾邮件计数等），指示电子邮件消息是否可能是垃圾邮件。基于分数，反垃圾邮件引擎被绕过，正常使用或积极使用。

99. 发明授权

US08375450B1 Zero day malware scanner 有权
标题翻译：零天恶意软件扫描仪
公开(公告)号：US08375450B1
公开(公告)日：2013-02-12
申请号：US12573300
申请日：2009-10-05
申请人： Jonathan James Oliver , Cheng-Lin Hou , Lili Diao , YiFun Liang , Jennifer Rihn
发明人： Jonathan James Oliver , Cheng-Lin Hou , Lili Diao , YiFun Liang , Jennifer Rihn
IPC分类号： G06F21/00
CPC分类号： H04L63/1416 , G06F21/564 , G06F21/565 , G06F21/567
摘要： A training model for malware detection is developed using common substrings extracted from known malware samples. The probability of each substring occurring within a malware family is determined and a decision tree is constructed using the substrings. An enterprise server receives indications from client machines that a particular file is suspected of being malware. The suspect file is retrieved and the decision tree is walked using the suspect file. A leaf node is reached that identifies a particular common substring, a byte offset within the suspect file at which it is likely that the common substring begins, and a probability distribution that the common substring appears in a number of malware families. A hash value of the common substring is compared (exact or approximate) against the corresponding substring in the suspect file. If positive, a result is returned to the enterprise server indicating the probability that the suspect file is a member of a particular malware family.
摘要翻译：使用从已知恶意软件样本中提取的常见子串开发恶意软件检测的培训模型。确定在恶意软件系列内发生每个子串的概率，并使用该子串构建一个决策树。企业服务器从客户机接收到特定文件被怀疑是恶意软件的指示。检索可疑文件，并使用可疑文件行进决策树。到达一个叶节点，标识一个特定的共同子串，可疑文件中可能是公共子串开始的字节偏移量，以及常见子字符串出现在多个恶意软件系列中的概率分布。将公共子串的哈希值与可疑文件中的相应子字符串进行比较（精确或近似）。如果为肯定，则返回给企业服务器的结果，指示可疑文件是特定恶意软件系列成员的概率。

100. 发明授权

US08347394B1 Detection of downloaded malware using DNS information 有权
标题翻译：使用DNS信息检测下载的恶意软件
公开(公告)号：US08347394B1
公开(公告)日：2013-01-01
申请号：US12503253
申请日：2009-07-15
申请人： Andrew Lee
发明人： Andrew Lee
IPC分类号： G08B23/00
CPC分类号： G06F21/566 , G06F21/554 , H04L61/1511 , H04L63/1425 , H04L63/145
摘要： A DNS engine monitors domain name system (DNS) network activity occurring between a user computer and a remote computer server. The engine collects DNS traffic information during a specified time window at the user computer using the monitored DNS network activity. The engine generates a local DNS reputation for the user computer and stores the local DNS reputation on the user computer. When a triggering event is received at the user computer the engine determines that the triggering event is abnormal in comparison to the stored local DNS reputation. An alert is issued to a software product on the user computer. The engine takes an action using a software product upon the alert. The reputation may be a frequency distribution for each accessed domain name and IP address. A triggering event may be an abnormal access to a domain name or IP address, or a mismatch between DNS queries and DNS responses of the user computer.
摘要翻译： DNS引擎监视在用户计算机和远程计算机服务器之间发生的域名系统（DNS）网络活动。引擎在用户计算机的指定时间窗口内使用监控的DNS网络活动收集DNS流量信息。引擎为用户计算机生成本地DNS信誉，并在用户计算机上存储本地DNS信誉。当在用户计算机上接收到触发事件时，与存储的本地DNS信誉相比，引擎确定触发事件是异常的。向用户计算机上的软件产品发出警报。引擎在警报时使用软件产品进行操作。声誉可能是每个访问的域名和IP地址的频率分布。触发事件可能是对域名或IP地址的异常访问，或DNS查询与用户计算机的DNS响应之间的不匹配。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式