专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

51. 发明授权

US08938611B1 Enterprise cloud security gateway 有权
标题翻译：企业云安全网关
公开(公告)号：US08938611B1
公开(公告)日：2015-01-20
申请号：US13365151
申请日：2012-02-02
申请人： Minhang Zhu , Bin Shi
发明人： Minhang Zhu , Bin Shi
IPC分类号： H04L29/06 , H04L12/931
CPC分类号： H04L63/0485 , G06F21/575 , H04L49/70 , H04L63/0884
摘要： A security virtual machine is provided in a network including a resource shared among two or more virtual machines. All data traffic from each virtual machine to or from the shared resource is transmitted over an encrypted channel to the security virtual machine. Each connection between a virtual machine and the security virtual machine is maintained as a separate encrypted channel, preventing one virtual machine from accessing data sent to or from another virtual machine, even though the virtual machines are all sharing the same resource.
摘要翻译：在包括在两个或更多个虚拟机之间共享的资源的网络中提供安全虚拟机。从每个虚拟机到共享资源或从共享资源的所有数据流量通过加密通道传输到安全虚拟机。虚拟机和安全虚拟机之间的每个连接都被维护为单独的加密通道，即使虚拟机共享相同的资源，也可以防止一个虚拟机访问发送到另一个虚拟机的数据。

52. 发明授权

US08850567B1 Unauthorized URL requests detection 有权
标题翻译：未经授权的URL请求检测
公开(公告)号：US08850567B1
公开(公告)日：2014-09-30
申请号：US12025559
申请日：2008-02-04
申请人： Sheng-Chi Hsieh , Jui-Pang Wang , Chao-Yu Chen
发明人： Sheng-Chi Hsieh , Jui-Pang Wang , Chao-Yu Chen
IPC分类号： H04L29/00 , G06F11/00 , H04L29/06
CPC分类号： H04L63/1483 , G06F21/552 , G06F2221/2119 , G06F2221/2151 , H04L63/10 , H04L63/14 , H04L63/1441
摘要： Unauthorized URL requests are detected based on individual user's access map(s). An access map describes legitimate paths that a user may be led from one URL to another URL. Additional information on individual URLs forming the paths, such as whether a particular URL is a start URL or a critical URL, is also included in the access map. The access map may be updated based on the most currently available information. When a URL request is made from a client device associated with a user, and it if is determined that the requested URL may potentially suffer from CSRF attacks, then the requested URL and its referral URL are compared against the URL paths in the user's access map to determine whether the URL request is unauthorized. If so, then an alert may be raised.
摘要翻译：未经授权的URL请求将根据个人用户的访问映射进行检测。访问地图描述了用户可能从一个URL引导到另一个URL的合法路径。形成路径的各个URL（例如特定URL是起始URL还是关键URL）的附加信息也包含在访问映射中。访问地图可以基于当前最可用的信息来更新。当从与用户相关联的客户端设备进行URL请求时，如果确定所请求的URL可能潜在地遭受CSRF攻击，则将所请求的URL及其引用URL与用户访问映射中的URL路径进行比较以确定URL请求是否是未经授权的。如果是这样，那么可能会提醒一下。

53. 发明授权

US08769691B1 Network traffic reduction 有权
标题翻译：网络流量减少
公开(公告)号：US08769691B1
公开(公告)日：2014-07-01
申请号：US13027178
申请日：2011-02-14
申请人： Gary Hsueh , Jeff Kuo , Sam Chang , Shako Ho , Norman Wang
发明人： Gary Hsueh , Jeff Kuo , Sam Chang , Shako Ho , Norman Wang
IPC分类号： G06F7/04 , G08B23/00
CPC分类号： H04L63/1441
摘要： A server access log includes data records each describing a previous query regarding a suspect computer file of a client computer. Each record includes the CRC code for the suspect computer file, the result of the malware analysis performed on the backend server and other attributes and values. The log is analyzed to retrieve relevant attributes and values from each record. Key attributes and values are generated such as region and continuous query. All CRC codes are grouped according to attribute values. Each group is analyzed to determine the network traffic associated with downloading the entire group to all user computers and the network traffic associated with not downloading the group but responding to future malware queries regarding CRC codes in the group. CRC codes are removed from each group if necessary. CRC code-result pairs for each group are downloaded to all user computers as a pre-fetch cache.
摘要翻译：服务器访问日志包括每个描述关于客户端计算机的可疑计算机文件的先前查询的数据记录。每个记录包括可疑计算机文件的CRC代码，对后端服务器执行的恶意软件分析的结果以及其他属性和值。分析日志以从每个记录检索相关属性和值。生成关键属性和值，如区域和连续查询。所有CRC码根据属性值分组。对每个组进行分析，以确定与将整个组下载到所有用户计算机相关联的网络流量以及与未下载组相关的网络流量，但是响应未来关于组中CRC码的恶意软件查询。如果需要，可以从每个组中删除CRC代码。每个组的CRC码 - 结果对作为预取缓存下载到所有用户计算机。

54. 发明授权

US08677118B1 Automated kernel hook module building 有权
标题翻译：自动内核挂钩模块构建
公开(公告)号：US08677118B1
公开(公告)日：2014-03-18
申请号：US11047786
申请日：2005-02-01
申请人： Allen S. H. Liu , Eric Chao , Morris Chen
发明人： Allen S. H. Liu , Eric Chao , Morris Chen
IPC分类号： H04L29/06
CPC分类号： G06F9/44521 , G06F8/30 , G06F9/4401 , G06F21/56
摘要： Building a kernel hook module (KHM) on a build machine in an automated manner uses a script file to control the process. A user requests a KHM for a particular Linux kernel of a Linux distribution. The build machine is rebooted if necessary to run the target Linux distribution. Kernel source files for the Linux distribution are loaded and installed on the build machine. Various parameters are set and source code representing the functionality of the KHM (or that of a related software product) are loaded onto the build machine. The KHM is then built automatically under direction of the script file. A control machine receives the user request for a particular KHM over the Internet and directs operation of the build machine. A test machine tests the KHM once built. The KHM works in conjunction with anti-virus software or other software.
摘要翻译：以自动方式在构建机器上构建内核挂钩模块（KHM）使用脚本文件来控制进程。用户向Linux发行版的特定Linux内核请求KHM。如果需要运行目标Linux发行版，则重新启动构建机。 Linux发行版的内核源文件将加载并安装在构建机器上。设置各种参数，并将代表KHM（或相关软件产品的功能）的源代码加载到构建机器上。然后在脚本文件的指导下自动构建KHM。控制机器通过因特网接收特定KHM的用户请求并指导构建机器的操作。一台测试机器一旦测试了KHM。 KHM与反病毒软件或其他软件配合使用。

55. 发明授权

US08505094B1 Detection of malicious URLs in a web page 有权
标题翻译：检测网页中的恶意URL
公开(公告)号：US08505094B1
公开(公告)日：2013-08-06
申请号：US12686458
申请日：2010-01-13
申请人： Zhu Xuewen , Wan Xinochuan , Ye Hua
发明人： Zhu Xuewen , Wan Xinochuan , Ye Hua
IPC分类号： G06F21/00 , G06F11/00 , G06F12/16 , G06F15/16 , G06F15/173 , G06F17/30 , G06F13/00 , H04L29/06
CPC分类号： H04L67/2819 , G06F21/566 , G06F2221/2119 , H04L63/1416 , H04L63/168 , H04L67/02
摘要： Detection of malicious URLs in a Web page retrieved by a computer user is based in a backend security service or upon the user's computer. The HTML code download by the user is first scanned to detect any embedded links such as URLs found in frames or scripts. Features related to the layout of such a URL (position, visibility) are identified. Features related to the referring nature of the URL (page rank of parent, page rank of child) are identified. Features indicating the relevancy between the content of the parent Web page and the content of the Web page identified by the embedded URL identified. Each set of features is transformed into a binary vector and these vectors are fed into a decision engine such as a classifier algorithm. The classifier algorithm outputs a score indicating whether or not the suspect URL (and the Web page to which it links) is malicious or not. The user may be warned by a display message.
摘要翻译：由计算机用户检索的网页中的恶意URL的检测基于后端安全服务或用户的计算机。首先扫描用户下载的HTML代码，以检测任何嵌入的链接，例如在帧或脚本中找到的URL。识别与这样的URL（位置，可见性）的布局相关的特征。识别与URL的参考性质相关的特征（父级的页面排名，小孩的页面排名）。表明父网页的内容与所识别的嵌入式网页所标识的网页的内容之间的相关性。每组特征被转换成二进制向量，并且这些向量被馈送到诸如分类器算法的决策引擎中。分类器算法输出一个分数，表示可疑URL（和链接到的网页）是否是恶意的。用户可能会受到显示消息的警告。

56. 发明授权

US08499349B1 Detection and restoration of files patched by malware 有权
标题翻译：检测和恢复恶意软件修补的文件
公开(公告)号：US08499349B1
公开(公告)日：2013-07-30
申请号：US12428161
申请日：2009-04-22
申请人： Marvin Ubaldo Cruz , Kerr Bryner Ang , Marilyn Melliang , Benjamin Rivera
发明人： Marvin Ubaldo Cruz , Kerr Bryner Ang , Marilyn Melliang , Benjamin Rivera
IPC分类号： G06F21/00
CPC分类号： G06F21/566 , G06F21/568
摘要： A monitor agent monitors every write request for files that are capable of being patched (executable files). Once a write request is requested for one of these files, the agent creates a copy of the file and also saves the original file version number. If the program that is requesting the write access has not been digitally signed then that program is flagged as being suspicious. The write request is allowed to proceed and the file is modified by the requesting program. After the modification, if the file version number is not higher then the write is flagged as being suspicious. If both the requesting program has been flagged as suspicious and the file version number has been flagged as suspicious, then the requesting program is labeled as being malware. The monitor agent restores the modified file using the original copy. If either the requesting program is flagged as suspicious or the file version number is flagged as suspicious, then the requesting program is labeled as being suspicious.
摘要翻译：监视器代理监视能够修补的文件（可执行文件）的每个写入请求。一旦对这些文件之一请求了写请求，代理将创建该文件的副本，并保存原始文件版本号。如果请求写入访问的程序没有被数字签名，则该程序被标记为可疑。允许写入请求继续，并且请求程序修改该文件。修改后，如果文件版本号不高于写入被标记为可疑。如果请求程序都被标记为可疑，并且文件版本号已被标记为可疑，则请求程序被标记为恶意软件。监视器代理使用原始副本恢复修改的文件。如果请求程序被标记为可疑或文件版本号被标记为可疑，则请求程序被标记为可疑。

57. 发明授权

US08495060B1 Prioritization of reports using content data change from baseline 有权
标题翻译：使用内容数据的报告的优先级从基线改变
公开(公告)号：US08495060B1
公开(公告)日：2013-07-23
申请号：US12961904
申请日：2010-12-07
申请人： Hung-Jen Chang
发明人： Hung-Jen Chang
IPC分类号： G06F17/30
CPC分类号： G06F21/56 , G06Q10/00
摘要： The raw data for a plurality of numerical reports (distributions or histograms) concerning malware infection in a computer network are stored in a data source. The data source is queried to produce any number of reports. Each report's content comes from a distribution of data within a time interval, and a baseline distribution is formed for comparison by the corresponding historical data. The shape change for the distributions is determined by using Kullback-Leibler divergence. The change of volume (i.e., total sample count) for the distributions is determined using the L1 norm ratio. A cutoff threshold is determined for the K-L divergence and the volume ratio threshold is determined for the count change. A measure value for each report is determined by multiplying the shape change by the volume change (modified by raising it to a particular power). The reports are ranked based upon their measure values. A report is determined to be important if its shape change is greater than the cutoff threshold, if it's volume change is greater than the count ratio threshold, or if the measure value is greater than a measure threshold. The invention can be applied to all kinds of reports suitable for a distribution or histogram, and also provides one approach to detect anomalous behaviors.
摘要翻译：关于计算机网络中的恶意软件感染的多个数字报告（分布或直方图）的原始数据被存储在数据源中。查询数据源以生成任意数量的报告。每个报告的内容来自于一段时间间隔内的数据分布，并且形成基线分布以便通过相应的历史数据进行比较。分布的形状变化通过使用Kullback-Leibler发散来确定。使用L1范数比来确定分布的体积变化（即总样本计数）。确定K-L发散的截止阈值，并确定计数变化的体积比阈值。每个报告的度量值通过将形状变化乘以体积变化（通过将其提高到特定功率而进行修改）来确定。报告根据其测量值进行排名。如果体积变化大于计数比阈值，或者如果测量值大于测量阈值，则其形状变化大于截止阈值的报告被确定为重要。本发明可应用于适用于分布或直方图的各种报告，并提供一种检测异常行为的方法。

58. 发明授权

US08392539B1 Operating system banking and portability 有权
标题翻译：操作系统银行和可移植性
公开(公告)号：US08392539B1
公开(公告)日：2013-03-05
申请号：US12051660
申请日：2008-03-19
申请人： Shih-Yun Chen , Chun-Chieh Wang , Wei-Chin Chen
发明人： Shih-Yun Chen , Chun-Chieh Wang , Wei-Chin Chen
IPC分类号： G06F15/177 , G06F9/00 , G06F11/00
CPC分类号： G06F9/4406 , G06F9/4411 , G06F11/1456 , G06F11/1464 , G06F11/1469
摘要： A user is able to save his operating system settings to a web server. The user may then download these known, clean operating system over the Internet to the same computer in the future or to a different computer. Or, a user is able to save a known, good restore point to a secure site on the web. If the user suspects that his computer has been compromised by malware, the user downloads this original restore point from over the Internet. The computer is then restored to a known, good state prior to the malware infection. In addition, an entire operating system is present on a USB drive and the user runs his computer from the USB drive. The USB drive is inserted into a publicly-accessible computer. Drivers and network settings from the computer are installed on the USB drive and the operating system on the USB drive then reboots and executes on the computer.
摘要翻译：用户能够将其操作系统设置保存到Web服务器。然后，用户可以将这些已知的，干净的操作系统通过因特网下载到将来的同一台计算机上或者连接到不同的计算机。或者，用户能够将已知的良好恢复点保存到网络上的安全站点。如果用户怀疑他的计算机已被恶意软件攻破，用户将通过Internet下载此原始恢复点。然后，计算机在恶意软件感染之前恢复到已知的良好状态。此外，USB驱动器上存在整个操作系统，用户从USB驱动器运行他的计算机。将USB驱动器插入可公共访问的计算机。计算机上的驱动程序和网络设置安装在USB驱动器上，USB驱动器上的操作系统将重新启动并在计算机上执行。

59. 发明授权

US08365243B1 Image leak prevention using geotagging 有权
标题翻译：图像泄漏预防使用地理标记
公开(公告)号：US08365243B1
公开(公告)日：2013-01-29
申请号：US12835763
申请日：2010-07-14
申请人： Minggang Lu , Pei Zhang , Jing Li , Wen Zhu
发明人： Minggang Lu , Pei Zhang , Jing Li , Wen Zhu
IPC分类号： G06F21/00
CPC分类号： G06F21/6209 , G06F21/10 , G06F2221/2111
摘要： Prevention of sensitive images such as photographs and video clips from being leaked from an organization uses geo-tagging metadata. A mobile computing device includes a software agent that implements a data loss prevention policy and a database of sensitive geographic areas defined by latitude and longitude coordinates. When an image is attempted to be stored on the device (or sent, received, renamed, copied, etc.) a software hook module detects the operation and obtains the geo-tagging metadata from the image for the agent. The agent compares the metadata of the image with each sensitive area found in its database to determine if the image was taken at a location within a sensitive area. If not, the operation is allowed, if so, the operation may be blocked, restricted or a warning may be sent to the user of the device or to another computer within the organization.
摘要翻译：防止从组织泄漏的敏感图像（如照片和视频剪辑）使用地理标记元数据。移动计算设备包括实现数据丢失预防策略的软件代理和由纬度和经度坐标定义的敏感地理区域的数据库。当尝试将图像存储在设备上（或发送，接收，重命名，复制等）时，软件挂钩模块检测操作，并从代理的图像中获取地理标记元数据。代理将图像的元数据与其数据库中找到的每个敏感区域进行比较，以确定图像是否在敏感区域内的某个位置拍摄。如果没有，则允许操作，如果是，可能会阻止，限制操作或向设备的用户或组织内的其他计算机发送警告。

60. 发明授权

US08327446B2 Antivirus stand-alone network or internet appliance and methods therefor 有权
标题翻译：防毒软件独立网络或互联网设备及其方法
公开(公告)号：US08327446B2
公开(公告)日：2012-12-04
申请号：US10138478
申请日：2002-05-06
申请人： Jeremy Liang , Jin-Shi Lee , Tsung-Lin Yu
发明人： Jeremy Liang , Jin-Shi Lee , Tsung-Lin Yu
IPC分类号： G06F11/00
CPC分类号： H04L63/145 , G06F21/56 , H04L63/16
摘要： The invention provides an antivirus network or Internet appliance and methods therefor. A preferred embodiment of the Internet appliance according to the invention comprises an interface connecting the Internet appliance to a terminal, a memory, and a network connection connecting the Internet appliance to a network (such as a wide area network (WAN) or the Internet) wherein data in the network are operable with a corresponding network protocol (such as TCP/IP). Protocol-level programs are stored in the memory for receiving data being transmitted from the network to the terminal through the Internet appliance wherein the protocol-level programs are compatibly operable with the network protocol. Application-level antivirus programs are stored in the memory for detecting computer viruses in the received data serving as a firewall against the detected computer viruses for the terminal. The Internet appliance according to this particular embodiment of the invention further includes a processor (such as a central processor unit or CPU) and an operating system for implementing the protocol-level programs and the antivirus programs, wherein the antivirus programs are advantageously transparent to the terminal.
摘要翻译：本发明提供了一种防病毒网络或因特网设备及其方法。根据本发明的因特网设备的优选实施例包括将因特网设备连接到终端的接口，存储器和将因特网设备连接到网络（例如广域网（WAN）或因特网）的网络连接）其中网络中的数据可以使用相应的网络协议（例如TCP / IP）操作。协议级程序存储在存储器中，用于接收通过因特网设备从网络发送到终端的数据，其中协议级程序与网络协议兼容地操作。应用级防病毒程序存储在存储器中，用于检测接收到的数据中的计算机病毒，作为防火墙的检测计算机病毒。根据本发明的该特定实施例的因特网设备还包括处理器（例如中央处理器单元或CPU）和用于实现协议级程序和防病毒程序的操作系统，其中防病毒程序有利地对终奌站。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式