专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

21. 发明申请

US20210006585A1 Distributed Client-Side User Monitoring and Attack System 有权
公开(公告)号：US20210006585A1
公开(公告)日：2021-01-07
申请号：US17025434
申请日：2020-09-18
申请人： Trustwave Holdings Inc.
发明人： Tyler Rorabaugh , Quoc Quach , Matthew Batema , Jim Hong , Scott Parcel
IPC分类号： H04L29/06 , G06F21/57
摘要： Methods, systems, and apparatus for use in a distributed client-side user monitoring and attack system are disclosed herein. An example method includes providing a first set of instructions from a security application server to a target application server, the first set of instructions to, when executed, cause a client device to transmit a request for an image to the security application server. In response to the request for the image, a connection is opened between the client device and the security application server. Via the connection opened in response to the request for the image, a second set of instructions is provided to cause the client device to perform a vulnerability test on the target application server and communicate a result of the vulnerability test via the connection.

22. 发明授权

US09652613B1 Virus detection by executing electronic message code in a virtual machine 有权
公开(公告)号：US09652613B1
公开(公告)日：2017-05-16
申请号：US12113010
申请日：2008-04-30
申请人： Walter L. Marsden , David E. Green
发明人： Walter L. Marsden , David E. Green
IPC分类号： G06F21/56 , G06F21/53
CPC分类号： G06F21/566 , G06F21/53 , G06F21/56 , G06F21/567 , G06F2221/033 , G06F2221/2149
摘要： An intermediary isolation server receives electronic messages and isolates any viral behavior from harming its intended destination. After the intermediary receives an electronic message, it determines that the electronic message has associated executable code, and then identifies the environment in which the electronic message code would be executed if delivered. The intermediary then executes the code by emulating how it would be executed in its ultimate environment. If a viral-like behavior is detected, appropriate action is taken to prevent the execution of the code at its intended destination. The attachment is executed in a contained environment that allows for the contained environment to be easily restarted in a clean state.

23. 发明授权

US09544324B2 System and method for managed security assessment and mitigation 有权
标题翻译：管理安全评估和减轻的系统和方法
公开(公告)号：US09544324B2
公开(公告)日：2017-01-10
申请号：US13786314
申请日：2013-03-05
申请人： Trustwave Holdings, Inc.
发明人： Scott Parcel
IPC分类号： H04L29/06 , G06F21/55 , G06F21/70 , G06F21/57 , H04L29/08
CPC分类号： H04L63/1433 , G06F21/55 , G06F21/577 , G06F21/70 , G06F2221/03 , G06F2221/034 , H04L43/50 , H04L63/0227 , H04L63/029 , H04L63/1408 , H04L67/02 , H04L67/10
摘要： In an embodiment of the invention, a system for assessing vulnerabilities includes: a security management system; a network device in a system under test (SUT), wherein the network device is privy to traffic in the SUT; and wherein the SMS is privy to traffic that is known by the network device and/or to one or more traffic observations that is known by the network device.
摘要翻译：在本发明的实施例中，用于评估漏洞的系统包括：安全管理系统; 在被测系统（SUT）中的网络设备，其中所述网络设备不能在所述SUT中通信; 并且其中所述SMS对于由所述网络设备已知的业务和/或所述网络设备已知的一个或多个业务观测是隐私的。

24. 发明授权

US09489515B2 System and method for blocking the transmission of sensitive data using dynamic data tainting 有权
标题翻译：使用动态数据污染来阻止敏感数据传输的系统和方法
公开(公告)号：US09489515B2
公开(公告)日：2016-11-08
申请号：US13156952
申请日：2011-06-09
申请人： Alexander Yermakov , Mark Kaplan
发明人： Alexander Yermakov , Mark Kaplan
IPC分类号： G06F21/56 , G06F17/22 , H04L29/06 , G06F21/55
CPC分类号： G06F21/563 , G06F17/227 , G06F21/554 , G06F21/56 , H04L63/0227 , H04L63/1408 , H04L63/168
摘要： Blocking transmission of tainted data using dynamic data tainting is described. For example, sensitive information is stored on a client device as tainted data. The client device generates a data request for retrieving data from a non-trusted entity via a network. A gateway is communicatively coupled to the client device and the network. The gateway receives computer code from the non-trusted entity via the network. The gateway executes the computer code. The gateway tracks the execution of the computer code to determine whether the computer code attempts to access tainted data and transmit the tainted data to an outside entity. The gateway blocks the transmission of the tainted data to the outside entity responsive to determining that the computer code has attempted to access tainted data and transmit the tainted data to an outside entity.
摘要翻译：描述了使用动态数据污染来阻止污染数据的传输。例如，敏感信息作为污染数据存储在客户端设备上。客户机设备经由网络产生用于从不可信实体检索数据的数据请求。网关通信地耦合到客户端设备和网络。网关通过网络从不可信实体接收计算机代码。网关执行计算机代码。网关跟踪计算机代码的执行，以确定计算机代码是否尝试访问污染的数据并将污染的数据传输到外部实体。响应于确定计算机代码已经尝试访问污染的数据并将污染的数据发送到外部实体，网关阻止将污染的数据传输到外部实体。

25. 发明授权

US08881278B2 System and method for detecting malicious content 有权
标题翻译：用于检测恶意内容的系统和方法
公开(公告)号：US08881278B2
公开(公告)日：2014-11-04
申请号：US13158106
申请日：2011-06-10
申请人： Mark Kaplan , Alexander Friger , Peter Novikov
发明人： Mark Kaplan , Alexander Friger , Peter Novikov
IPC分类号： G06F11/00 , H04L29/06 , G06F21/55
CPC分类号： G06F21/563 , G06F17/227 , G06F21/554 , G06F21/56 , H04L63/0227 , H04L63/1408 , H04L63/168
摘要： A system and method for detecting malicious code in web content is described. A controller receives information, routes the information to the appropriate module and determines whether a user receives the web content or a report of a detection of malicious code. A vulnerability definition generator generates vulnerability definitions. A parser parses web content into static language constructions. A translation engine translates the static language constructions into trap rules, translates the web content into application programming interface (API) calls and determines whether the API calls trigger any of the trap rules. A sandbox engine generates an environment that mimics a browser and executes dynamic parts of the web content and determines whether a dynamic part triggers a trap rule.
摘要翻译：描述了用于检测web内容中的恶意代码的系统和方法。控制器接收信息，将信息路由到适当的模块，并确定用户是否接收到网页内容，还是检测到恶意代码的报告。漏洞定义生成器生成漏洞定义。解析器将Web内容解析为静态语言结构。翻译引擎将静态语言结构转换为陷阱规则，将Web内容转换为应用程序编程接口（API）调用，并确定API调用是否触发任何陷阱规则。沙箱引擎生成模拟浏览器并执行Web内容的动态部分的环境，并确定动态部分是否触发陷阱规则。

26. 发明授权

US08260961B1 Logical / physical address state lifecycle management 有权
标题翻译：逻辑/物理地址状态生命周期管理
公开(公告)号：US08260961B1
公开(公告)日：2012-09-04
申请号：US10676505
申请日：2003-10-01
申请人： Mark L. Wilkinson , Ronald J. Miller , Michael J. McDaniels
发明人： Mark L. Wilkinson , Ronald J. Miller , Michael J. McDaniels
IPC分类号： G06F15/16 , G06F15/173 , G06F12/16
CPC分类号： H04L61/10 , H04L29/12028 , H04L61/103 , H04L63/1433
摘要： A system and method for managing logical and physical address state lifecycles. A state of unknown can be assigned to an address when the state has not been assigned. The state of the address is changed when communication is targeted to the address. The state can be changed to unfulfilled when the communication includes an address resolution protocol request sent to a device having the address when a time limit for a response to the address resolution protocol request has not expired. The state can be changed to virtual when the communication is received at the address when the state of the address is unfulfilled, and a time limit for responding to the communication expires before a response is sent. The state can be changed to unknown when the state of the address is not unknown, and the address does not participate in the communication within a time limit.
摘要翻译：一种用于管理逻辑和物理地址状态生命周期的系统和方法。当状态未分配时，可以将未知状态分配给地址。当通信针对地址时，地址的状态会发生变化。当通信包括发送到具有地址的设备的地址解析协议请求时，当对地址解析协议请求的响应的时间限制未过期时，可以将状态改变为未实现。当地址的状态未被满足时在地址处接收到通信时，可以将状态改变为虚拟状态，并且响应通信的时间限制在发送响应之前到期。当地址的状态不知道时，状态可以改变为未知，并且地址在一定期限内不参与通信。

27. 发明授权

US08234328B2 Apparatus and method for linguistic scoring 有权
标题翻译：语言评分的装置和方法
公开(公告)号：US08234328B2
公开(公告)日：2012-07-31
申请号：US12233323
申请日：2008-09-18
申请人： Daisuke Baba , Charles Douglas Phillips
发明人： Daisuke Baba , Charles Douglas Phillips
IPC分类号： G06F15/16
CPC分类号： G06F17/30705 , G06F17/30699
摘要： In embodiments of the invention, a system receives selections from a user based on a list of pre-defined monitoring categories and/or optionally receives custom category definitions from the user. The option for custom category definitions may be advantageous due to the flexibility provided to a system administrator or other user. In embodiments of the invention, the pre-defined and/or custom monitoring categories may be or include complex hierarchical behavior. Such an approach provides monitoring algorithms that can achieve improved accuracy compared to known methods. In embodiments of the invention, the order of computations used in resolving a monitoring category may be re-ordered, statically and/or dynamically, to improve the efficiency of monitoring operations.
摘要翻译：在本发明的实施例中，系统基于预定义的监视类别的列表接收来自用户的选择和/或可选地从用户接收定制类别定义。由于提供给系统管理员或其他用户的灵活性，自定义类别定义的选项可能是有利的。在本发明的实施例中，预定义和/或定制的监视类别可以是或包括复杂的分层行为。这种方法提供了与已知方法相比可以实现提高的精度的监视算法。在本发明的实施例中，用于解决监视类别的计算顺序可以重新排序，静态和/或动态地改进监视操作的效率。

28. 发明授权

US07934253B2 System and method of securing web applications across an enterprise 有权
标题翻译：跨企业保护Web应用程序的系统和方法
公开(公告)号：US07934253B2
公开(公告)日：2011-04-26
申请号：US11532060
申请日：2006-09-14
申请人： Kevin Overcash , Kate Delikat , Rami Mizrahi , Galit Efron , Doron Kolton , Asaf Wexler , Netta Gavrieli , Yoram Zahavi
发明人： Kevin Overcash , Kate Delikat , Rami Mizrahi , Galit Efron , Doron Kolton , Asaf Wexler , Netta Gavrieli , Yoram Zahavi
IPC分类号： G06F11/00
CPC分类号： H04L63/1425 , G06F21/55 , H04L63/20
摘要： A system and method for protection of Web based applications are described. The techniques described provide an enterprise wide approach to preventing attacks of Web based applications. Individual computer networks within the enterprise monitor network traffic to identify anomalous traffic. The anomalous traffic can be identified by comparing the traffic to a profile of acceptable user traffic when interacting with the application. The anomalous traffic, or security events, identified at the individual computer networks are communicated to a central security manager. The central security manager correlates the security events at the individual computer networks to determine if there is an enterprise wide security threat. The central security manager can then communicate instructions to the individual computer networks so as to provide an enterprise wide solution to the threat.
摘要翻译：描述了一种用于保护基于Web的应用程序的系统和方法。所描述的技术提供了一种企业级的方法来防止基于Web的应用程序的攻击。企业内的个人计算机网络监控网络流量，以识别异常流量。通过在与应用程序交互时将流量与可接受用户流量的配置文件进行比较，可以识别异常流量。在个别计算机网络上识别的异常流量或安全事件被传送给中央安全管理员。中央安全经理将各个计算机网络上的安全事件相关联，以确定是否存在企业级的安全威胁。然后，中央安全经理可以向各个计算机网络传达指令，从而为威胁提供企业级的解决方案。

29. 发明授权

US07788150B2 Method for assessing risk in a business 有权
标题翻译：评估企业风险的方法
公开(公告)号：US07788150B2
公开(公告)日：2010-08-31
申请号：US11764000
申请日：2007-06-15
申请人： Sean Molloy , Matthew R. Alderman
发明人： Sean Molloy , Matthew R. Alderman
IPC分类号： G06Q40/00
CPC分类号： G06Q10/06 , G06Q10/0635 , G06Q40/00 , G06Q40/025
摘要： Embodiments of the invention are directed to systems and methods for determining risk associated with a business. The risk determination calculates risk with one or more policy controls associated with one or more business objects in a business object tree. Risk calculated for the policy controls is rolled-up to a business object using an algorithm that does not dilute the risk associated with the policy controls. Likewise, the risk for a business object is rolled-up to the parents of the business object. Risk is finally rolled-up to a highest order business object, which represents the risk associated with the business.
摘要翻译：本发明的实施例涉及用于确定与业务相关联的风险的系统和方法。风险确定通过与业务对象树中的一个或多个业务对象相关联的一个或多个策略控制来计算风险。为政策控制计算的风险使用不稀释与策略控制相关联的风险的算法汇总到业务对象。同样，业务对象的风险也卷入了业务对象的父母。风险最终被卷入最高订单的业务对象，代表与业务相关的风险。

30. 发明授权

US10785253B2 Distributed client-side user monitoring and attack system 有权
公开(公告)号：US10785253B2
公开(公告)日：2020-09-22
申请号：US16266967
申请日：2019-02-04
申请人： TRUSTWAVE HOLDINGS, INC.
发明人： Tyler Rorabaugh , Quoc Quach , Matthew Batema , Jim Hong , Scott Parcel
IPC分类号： H04L29/06 , G06F21/57
摘要： Methods, systems, and apparatus for use in a distributed client-side user monitoring and attack system are disclosed herein. An example method includes providing a first set of instructions from a security application server to a target application server, the first set of instructions to, when executed, cause a client device to transmit a request for an image to the security application server. In response to the request for the image, a connection is opened between the client device and the security application server. Via the connection opened in response to the request for the image, a second set of instructions is provided to cause the client device to perform a vulnerability test on the target application server and communicate a result of the vulnerability test via the connection.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式