专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

11. 发明授权

US07895652B2 System to enable detecting attacks within encrypted traffic 有权
标题翻译：系统能够检测加密流量内的攻击
公开(公告)号：US07895652B2
公开(公告)日：2011-02-22
申请号：US11325234
申请日：2006-01-04
申请人： Doron Kolton , Adi Stav , Asaf Wexler , Ariel Ernesto Frydman , Yoram Zahavi
发明人： Doron Kolton , Adi Stav , Asaf Wexler , Ariel Ernesto Frydman , Yoram Zahavi
IPC分类号： G06F15/16
CPC分类号： H04L63/0428 , G06F21/552 , H04L63/1408 , H04L63/1416
摘要： A system and method for detecting network attacks within encrypted network traffic received by a protected network includes a decryption module and an adaptor module. This system and method can be inserted and used with multiple types of operating systems.
摘要翻译：用于检测由受保护网络接收的加密网络流量内的网络攻击的系统和方法包括解密模块和适配器模块。该系统和方法可以插入和使用多种类型的操作系统。

12. 发明公开

US20240223576A1 AUTOMATED INCIDENT RESPONSE TRACKING AND ENHANCED FRAMEWORK FOR CYBER THREAT ANALYSIS 审中-公开
公开(公告)号：US20240223576A1
公开(公告)日：2024-07-04
申请号：US18090581
申请日：2022-12-29
申请人： Trustwave Holdings Inc
发明人： Brian McNelly
IPC分类号： H04L9/40 , H04L43/045 , H04L43/067
CPC分类号： H04L63/1416 , H04L43/045 , H04L43/067
摘要： Several features of cybersecurity frameworks are disclosed. In one example, a computing platform receives, from an enterprise user device, cyber threat investigation information indicating actions performed to address an identified threat for a client through an incident response lifecycle of the identified threat. This computing platform receives, from a client user device, a request for the cyber threat investigation information, and generates, using this cyber threat investigation information, a client interface, which includes a time-series graphical representation of the actions performed to address the identified threat and a play button, selection of which may cause automated progression through the time-series graphical representation within the client interface. This computing platform sends, to the client user device, the client interface and commands to display the client interface, which may cause the client user device to display the client interface. In another example, a computing platform may install incident response documentation software, configured to record actions performed at the computing platform to remediate threats through various incident response lifecycles. The computing platform may display a graphical user interface including one or more actions to be performed by an analyst, corresponding to the computing platform, to address a threat throughout an incident response lifecycle. The computing platform may receive, via the graphical user interface, user input corresponding to the one or more actions. The computing platform may automatically record, using the incident response documentation software, the user input. The computing platform may automatically compile, based on the user input, an incident response log. The computing platform may send, to a central threat framework platform, the incident response log, where additional graphical user interfaces are generated based on the incident response log.

13. 发明公开

US20240098105A1 TACTICS, TECHNIQUES, AND PROCEDURES (TTP) BASED THREAT HUNTING 审中-公开
公开(公告)号：US20240098105A1
公开(公告)日：2024-03-21
申请号：US17988256
申请日：2022-11-16
申请人： Trustwave Holdings Inc
发明人： Shawn D. Kanady , Grzegorz Adam Janowski
IPC分类号： H04L9/40
CPC分类号： H04L63/1425 , H04L63/1416
摘要： Aspects of the disclosure relate to TTP based threat hunting. A computing platform may store a plurality of threat actor profiles, each threat actor profile including TTP information characteristic of the corresponding threat actor. The computing platform may execute, for a first threat actor and on behalf of a plurality of individuals, a threat hunt, where: 1) executing the threat hunt comprises searching for a presence of the first threat actor based on the threat actor profile for the first threat actor, and 2) executing the threat hunt produces metadata corresponding to the first threat actor. The computing platform may send, to a SOAR computing system, commands directing the SOAR computing system to execute SOAR actions for the metadata, which may cause the SOAR computing system to execute the SOAR actions.

14. 发明授权

US10200398B2 Distributed client-side user monitoring and attack system 有权
公开(公告)号：US10200398B2
公开(公告)日：2019-02-05
申请号：US15713214
申请日：2017-09-22
申请人： TRUSTWAVE HOLDINGS, INC.
发明人： Tyler Rorabaugh , Quoc Quach , Matthew Batema , Jim Hong , Scott Parcel
IPC分类号： H04L29/06 , G06F21/57
摘要： Methods, systems, and apparatus for use in a distributed client-side user monitoring and attack system are disclosed herein. An example method includes providing a first set of instructions from a security application server to a target application server, the first set of instructions to, when executed, cause a client device to transmit a request for an image to the security application server. In response to the request for the image, a connection is opened between the client device and the security application server. Via the connection opened in response to the request for the image, a second set of instructions is provided to cause the client device to perform a vulnerability test on the target application server and communicate a result of the vulnerability test via the connection.

15. 发明授权

US10121005B2 Virus detection by executing electronic message code in a virtual machine 有权
公开(公告)号：US10121005B2
公开(公告)日：2018-11-06
申请号：US15595001
申请日：2017-05-15
申请人： TRUSTWAVE HOLDINGS, INC.
发明人： Walter L. Marsden , David L. Green
IPC分类号： G06F21/56 , G06F21/53
摘要： Virus detection by executing electronic message code in a virtual machine is disclosed. An example method includes detecting that an electronic message includes executable code, the electronic message designating a destination recipient. Two or more destination computing systems are identified for the electronic message corresponding to the destination recipient specified in the electronic message prior to delivery of the electronic message to the two or more destination computing systems, the two or more destination computing systems including a first destination computing system and a second destination computing system different from the first destination computing system. Two or more simulation environments corresponding to the two or more destination computing systems are identified. The executable code is executed in the two or more simulation environments. The two or more simulation environments are monitored for a malicious action. The electronic message is delivered to the destination recipient if the action is detected.

16. 发明授权

US09081961B2 System and method for analyzing malicious code using a static analyzer 有权
标题翻译：使用静态分析仪分析恶意代码的系统和方法
公开(公告)号：US09081961B2
公开(公告)日：2015-07-14
申请号：US13156971
申请日：2011-06-09
申请人： Alexander Yermakov , Mark Kaplan
发明人： Alexander Yermakov , Mark Kaplan
IPC分类号： G06F21/56 , G06F17/22 , H04L29/06 , G06F21/55
CPC分类号： G06F21/563 , G06F17/227 , G06F21/554 , G06F21/56 , H04L63/0227 , H04L63/1408 , H04L63/168
摘要： Analyzing computer code using a tree is described. For example, a client device generates a data request for retrieving data from a non-trusted entity via a network. A gateway is communicatively coupled to the client device and to the network. The gateway is configured to receive computer code from the non-trusted entity via the network. The gateway builds a tree representing the computer code. The tree has one or more nodes. A node of the tree represents a statement from the computer code. The gateway analyzes the statement to identify symbol data. The symbol data describes a name of the variable and the value of the variable. The gateway stores the symbol data in a symbol table.
摘要翻译：描述使用树分析计算机代码。例如，客户机设备经由网络生成用于从不可信实体检索数据的数据请求。网关通信地耦合到客户端设备和网络。网关被配置为经由网络从不可信实体接收计算机代码。网关构建代表计算机代码的树。树有一个或多个节点。树的一个节点表示计算机代码中的一个语句。网关分析语句以识别符号数据。符号数据描述变量的名称和变量的值。网关将符号数据存储在符号表中。

17. 发明授权

US08893278B1 Detecting malware communication on an infected computing device 有权
标题翻译：检测受感染计算设备上的恶意软件通信
公开(公告)号：US08893278B1
公开(公告)日：2014-11-18
申请号：US13181106
申请日：2011-07-12
申请人： Daniel Chechik
发明人： Daniel Chechik
IPC分类号： G06F11/00 , H04L29/06 , G06F21/56
CPC分类号： H04L63/145 , G06F21/56 , G06F21/566 , H04L63/0236 , H04L63/1425 , H04L63/1491
摘要： Rules describing attributes of malicious data requests, commonly generated by malware, are determined and stored. For example, a behavior server executes different types of malware and analyzes the data requests produced by the malware to identify attributes common to different malicious data requests. The rules describing malicious data request attributes are stored and subsequent data requests are compared to the stored rules to identify malicious data requests. If a data request has one or more attributes in common with attributes of malicious data requests, the data request is blocked. This allows attributes of a data request to be used to prevent malware executing on a client device from communicating with a malicious server.
摘要翻译：确定并存储通常由恶意软件生成的恶意数据请求属性的规则。例如，行为服务器执行不同类型的恶意软件，并分析恶意软件产生的数据请求，以识别不同恶意数据请求所共有的属性。存储描述恶意数据请求属性的规则，并将后续数据请求与存储的规则进行比较以识别恶意数据请求。如果数据请求具有与恶意数据请求的属性相同的一个或多个属性，则数据请求被阻止。这允许使用数据请求的属性来防止在客户端设备上执行的恶意软件与恶意服务器通信。

18. 发明授权

US08832466B1 Methods for augmentation and interpretation of data objects 有权
标题翻译：增加和解释数据对象的方法
公开(公告)号：US08832466B1
公开(公告)日：2014-09-09
申请号：US11668462
申请日：2007-01-29
申请人： John Patrick McGregor, Jr. , Matthew N. White
发明人： John Patrick McGregor, Jr. , Matthew N. White
IPC分类号： G06F11/30
CPC分类号： H04L9/0643 , G06F21/6227 , H04L9/0618 , H04L9/0836 , H04L9/0861 , H04L9/14 , H04L9/3242 , H04L2209/24
摘要： Efficient methods for implementing security and manageability for stored data objects involve logical object reorganization, computation and injection of metadata, and specialized data access operations. Methods for utilization and incorporation of cryptographic key hierarchies and security functions for data objects are disclosed. Cryptographic keying and other data management operations may be performed for individual blocks within a data object rather than only for the entire data object in order to achieve performance objectives.
摘要翻译：用于实现存储数据对象的安全性和可管理性的高效方法涉及逻辑对象重组，元数据的计算和注入以及专门的数据访问操作。公开了用于数据对象的加密密钥层次和安全功能的使用和并入的方法。为了实现性能目标，可以对数据对象内的各个块执行加密密钥和其他数据管理操作，而不仅仅针对整个数据对象。

19. 发明授权

US08620642B2 Apparatus and method for linguistic scoring 有权
公开(公告)号：US08620642B2
公开(公告)日：2013-12-31
申请号：US13535332
申请日：2012-06-27
申请人： Daisuke Baba , Charles Douglas Phillips
发明人： Daisuke Baba , Charles Douglas Phillips
IPC分类号： G06F17/27
CPC分类号： G06F17/30705 , G06F17/30699
摘要： In embodiments of the invention, a system receives selections from a user based on a list of pre-defined monitoring categories and/or optionally receives custom category definitions from the user. The option for custom category definitions may be advantageous due to the flexibility provided to a system administrator or other user. In embodiments of the invention, the pre-defined and/or custom monitoring categories may be or include complex hierarchical behavior. Such an approach provides monitoring algorithms that can achieve improved accuracy compared to known methods. In embodiments of the invention, the order of computations used in resolving a monitoring category may be re-ordered, statically and/or dynamically, to improve the efficiency of monitoring operations.

20. 发明授权

US08180886B2 Method and apparatus for detection of information transmission abnormalities 有权
标题翻译：检测信息传输异常的方法和装置
公开(公告)号：US08180886B2
公开(公告)日：2012-05-15
申请号：US12270635
申请日：2008-11-13
申请人： Kevin Overcash , Doron Kolton , Rami Mizrahi
发明人： Kevin Overcash , Doron Kolton , Rami Mizrahi
IPC分类号： G06F15/16
CPC分类号： H04L63/1425 , H04L41/142 , H04L43/16
摘要： In one embodiment, a method for securing a network application is described. The method for securing a network application includes receiving network information within a network application and assigning a probability value to an independent aspect of the network information. The probability value is based on a verification of the independent aspect of the information against a profile of acceptable behavior. The method for securing a network application also includes aggregating the probability values of the independent aspects of the network information to determine the probability of the entire network traffic. In addition, the method for securing a network application includes determining whether the probability value of the entire network information is above or below a threshold probability value. The entire network information is screened out based on the probability value of the entire message with respect to the threshold probability value.
摘要翻译：在一个实施例中，描述了用于保护网络应用的方法。用于保护网络应用的方法包括在网络应用内接收网络信息，并将概率值分配给网络信息的独立方面。概率值是基于信息的独立方面对可接受行为概况的验证。用于保护网络应用的方法还包括聚合网络信息的独立方面的概率值以确定整个网络业务的概率。此外，用于确保网络应用的方法包括确定整个网络信息的概率值是否高于或低于阈值概率值。基于整个消息的概率值相对于阈值概率值来筛选整个网络信息。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式