专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

81. 发明授权

US09152791B1 Removal of fake anti-virus software 有权
标题翻译：删除假杀毒软件
公开(公告)号：US09152791B1
公开(公告)日：2015-10-06
申请号：US13105496
申请日：2011-05-11
申请人： Ming-Chang Shih , Ping Ju Kuo , Shuang-Fu Han
发明人： Ming-Chang Shih , Ping Ju Kuo , Shuang-Fu Han
IPC分类号： G06F21/56 , G06F21/51
CPC分类号： G06F21/566 , G06F21/51 , G06F21/554 , G06F21/56 , G06F21/561 , G06F21/568 , G06F2221/2101
摘要： Lists of keywords by type are collected that are associated with fake antivirus software. One more rules are created including the keywords that likely indicate fake antivirus software. The keywords and rules are stored in a local database on a computer. Each executing process of a computer is scanned using the rules. A match indicates that the scanned process is likely fake antivirus software. A check is then performed to determine if the scanned process is actually legitimate antivirus software (using a digital certificate, a white list, or a call to a function). If the check fails a determination is made that the identified process is fake antivirus software. The process may then be displayed, cleaned, quarantined, or permanently removed from the computer. The cursor may be dragged into the window of an executing process in order to selectively scan that process only. Or, any number of executing processes may be selected to be scanned by the rules. A log function allows a computer user to view a history of actions taken by the above technique.
摘要翻译：收集与假杀毒软件相关联的按类型列出的关键字列表。创建了另外一个规则，包括可能指示假杀毒软件的关键字。关键字和规则存储在计算机上的本地数据库中。使用规则扫描计算机的每个执行过程。匹配表示扫描过程可能是假杀毒软件。然后执行检查以确定扫描过程是否实际上是合法的防病毒软件（使用数字证书，白名单或对功能的调用）。如果检查失败，则确定所识别的过程是假的防病毒软件。然后可以显示，清洁，隔离或永久从计算机中移除该过程。光标可以被拖动到执行过程的窗口中，以便仅选择性地扫描该过程。或者，可以选择任何数量的执行过程以由规则扫描。日志功能允许计算机用户查看通过上述技术采取的动作的历史记录。

82. 发明授权

US09117079B1 Multiple application versions in a single virtual machine 有权
标题翻译：单个虚拟机中的多个应用程序版本
公开(公告)号：US09117079B1
公开(公告)日：2015-08-25
申请号：US13770554
申请日：2013-02-19
申请人： Ben Huang , Xiaochuan Wan , Xinfeng Liu , Qiang Huang
发明人： Ben Huang , Xiaochuan Wan , Xinfeng Liu , Qiang Huang
IPC分类号： G06F21/00 , G06F21/56 , G06F9/445
CPC分类号： G06F21/566 , G06F8/61 , G06F8/62 , G06F9/44505 , G06F21/56 , G06F21/565
摘要： A single virtual machine is implemented upon a computer and an operating system executes within this virtual machine. A sample file suspected of being malware is received and any number of versions of the software application corresponding to the sample file are installed. Each version of the software application is executed within the operating system, each version opening the sample file. Behavior of each version and of the sample file is collected while each version is executing. A score indicating malicious behavior for each version with respect to the sample file is determined and reported. The versions may execute serially in the happening system, each version terminating before the next version begins executing. Or, all versions may execute concurrently within the operating system. Files and registries are hidden to facilitate installation. System information is changed to facilitate execution.
摘要翻译：在计算机上实现单个虚拟机，并在该虚拟机内执行操作系统。接收到疑似恶意软件的示例文件，并安装与示例文件相对应的任意数量的软件应用程序版本。软件应用程序的每个版本都在操作系统中执行，每个版本打开示例文件。每个版本执行时收集每个版本和示例文件的行为。确定并报告每个版本相对于示例文件的恶意行为的分数。版本可以在发生的系统中连续执行，每个版本在下一个版本开始执行之前终止。或者，所有版本可能在操作系统中并发执行。隐藏文件和注册表以方便安装。更改系统信息以便于执行。

83. 发明授权

US08887152B1 Android application virtual environment 有权
标题翻译： Android应用虚拟环境
公开(公告)号：US08887152B1
公开(公告)日：2014-11-11
申请号：US13289313
申请日：2011-11-04
申请人： Shuhua Chen , Jinzhi Guo , Yinfeng Qiu
发明人： Shuhua Chen , Jinzhi Guo , Yinfeng Qiu
IPC分类号： G06F9/445
CPC分类号： G06F9/44568 , G06F9/45504
摘要： The behavior of an installed application within the Android device is modified. The program code is modified to allow a security application to load and run the application within its own context. The modified program code is repacked into a modified APK file, executed within the context of the security application. A component within a target application includes APIs for starting other components. These APIs are modified to use a new intent object which points to a proxy component. A modified target application is executed. The security application loads the target application into memory without installing it. The security application includes a component of each type and creates a proxy component instance for each component in the target application. A proxy component under control of the security application is created for each component within the target application. The target application is executed under the control of the security application.
摘要翻译： Android设备中已安装的应用程序的行为已被修改。修改程序代码以允许安全应用程序在其上下文中加载和运行应用程序。经修改的程序代码被重新打包成经修改的APK文件，在安全应用程序的上下文中执行。目标应用程序中的组件包括用于启动其他组件的API。这些API被修改为使用指向代理组件的新意图对象。执行修改的目标应用程序。安全应用程序将目标应用程序加载到内存中而不安装它。安全应用程序包括每种类型的组件，并为目标应用程序中的每个组件创建代理组件实例。为目标应用程序中的每个组件创建一个由安全应用程序控制的代理组件。目标应用程序在安全应用程序的控制下执行。

84. 发明授权

US08776240B1 Pre-scan by historical URL access 有权
标题翻译：按历史URL访问进行预扫描
公开(公告)号：US08776240B1
公开(公告)日：2014-07-08
申请号：US13105379
申请日：2011-05-11
申请人： Weimin Wu , Kai Yu , Yiping Shen , Xuewen Zhu , Xingqi Ding
发明人： Weimin Wu , Kai Yu , Yiping Shen , Xuewen Zhu , Xingqi Ding
IPC分类号： G06F11/00
CPC分类号： G06F21/567 , G06F21/568 , G06F2221/2115 , G06F2221/2119
摘要： A Web browser or operating system of a computer maintains a historical URL list of Web sites and Web pages that have been accessed in the past. When a prescan module of antivirus software performs an initial prescan of a computer before the antivirus software is installed, it queries this historical URL list to obtain the URLs that have been accessed in the past. These URLs are sent to a URL online query service located remotely over the Internet in order to determine the status of any of these URLs. Each URL is attempted to be matched with a database of known malicious URLs including associated malicious files and associated cleanup patterns. The query service then informs the requesting computer of the status of a particular URL sent, sending back any related malicious files and any appropriate cleanup pattern. A time period associated with each URL in the database indicates when it is known that the URL was malicious.
摘要翻译：计算机的Web浏览器或操作系统维护过去访问过的网站和网页的历史URL列表。当防病毒软件的预扫描模块在安装防病毒软件之前执行计算机的初始预扫描时，它会查询此历史URL列表以获取过去访问过的URL。这些URL被发送到通过Internet远程位置的URL在线查询服务，以便确定这些URL中的任何一个的状态。尝试将每个URL与已知恶意URL的数据库进行匹配，包括相关联的恶意文件和关联的清理模式。查询服务然后通知请求计算机发送的特定URL的状态，发回任何相关的恶意文件和任何适当的清理模式。与数据库中的每个URL相关联的时间段指示何时知道URL是恶意的。

85. 发明授权

US08763125B1 Disabling execution of malware having a self-defense mechanism 有权
标题翻译：禁用执行具有自卫机制的恶意软件
公开(公告)号：US08763125B1
公开(公告)日：2014-06-24
申请号：US12238606
申请日：2008-09-26
申请人： Hsiang-an Feng
发明人： Hsiang-an Feng
IPC分类号： G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00 , G06F17/30 , G06F7/04 , H04N7/16 , G06F9/44
CPC分类号： G06F21/53 , G06F11/3624 , G06F21/56 , G06F2221/2127
摘要： A dummy debugger program is installed within the user computer system. The dummy program is registered with the operating system as a debugger and may also be registered as a system service as if it is a kernel mode debugger. The dummy debugger program may have the name of a popular debugging program. Dummy registry keys are created that are typically used by a debugger to make it appear as if a debugger is present within the operating system of the user computer. Dummy program folders or dummy program names are created to make it appear as if a debugger is present within the operating system of the user computer. API calls are intercepted by using API hooks and modified to always return a meaningful value indicating that a debugger is present. Malware performing any checks to see if a debugger is present will be informed that a debugger is present and will then shutdown, sleep, terminate, etc. Or, in order to trick malware into thinking that an emulator is present, any API call is intercepted and the sleep time passed in is raised by a couple of milliseconds. Malware will determine that the time parameter passed in is not equivalent to the elapsed time from before the API call to after the call and the malware will determine that an emulator is present and will terminate.
摘要翻译：虚拟调试器程序安装在用户计算机系统内。虚拟程序作为调试器在操作系统中注册，并且也可以被注册为系统服务，就像它是内核模式调试器一样。虚拟调试程序可能具有受欢迎的调试程序的名称。创建虚拟注册表项，通常由调试器使用，以使其看起来像在用户计算机的操作系统中存在调试器。创建虚拟程序文件夹或虚拟程序名称，以使其看起来像在用户计算机的操作系统中存在调试器。通过使用API钩子拦截API调用，并修改为始终返回一个有意义的值，指示调试器存在。执行任何检查以查看调试器是否存在的恶意软件将被通知调试器存在，然后将关闭，休眠，终止等。或者，为了欺骗恶意软件认为存在仿真器，任何API调用都被拦截并且传入的睡眠时间提高了几毫秒。恶意软件将确定传入的时间参数不等于从API调用之前到调用后的经过时间，并且恶意软件将确定仿真器存在并将终止。

86. 发明授权

US08707417B1 Driver domain as security monitor in virtualization environment 有权
标题翻译：驱动程序域作为虚拟化环境中的安全监视器
公开(公告)号：US08707417B1
公开(公告)日：2014-04-22
申请号：US13396516
申请日：2012-02-14
申请人： Po-Cheng Liang , Kun-Shan Lin , Chien-Ta Chu
发明人： Po-Cheng Liang , Kun-Shan Lin , Chien-Ta Chu
IPC分类号： G06F21/00 , G06F21/53 , G06F21/56 , H04L29/06
CPC分类号： G06F21/53 , G06F9/45558 , G06F21/56 , G06F2009/45591 , G06F2009/45595 , H04L63/0263 , H04L63/1416
摘要： A virtualization platform includes a number of virtual machines, one of which is configured as a driver domain and includes the network service control for routing network traffic between the other virtual machines. The privileged domain does not include the network service control. The network service control includes network backend interfaces and a virtual switch or bridge. The driver domain includes a PCI driver for direct communication with a network interface card. The driver domain includes hooking software and an inspection agent. Packets passing between the other virtual machines pass through the driver domain, are hooked, and are inspected by inspection agent to determine if they are malicious or not. Malicious packets are blocked. The driver domain may also utilize a PCI driver of the privileged domain for access to the network interface card. Platforms with or without pass-through mode may be used.
摘要翻译：虚拟化平台包括许多虚拟机，其中之一被配置为驱动器域，并且包括用于在其他虚拟机之间路由网络流量的网络服务控制。特权域不包括网络服务控制。网络服务控制包括网络后端接口和虚拟交换机或网桥。驱动器域包括用于与网络接口卡直接通信的PCI驱动器。驱动程序域包括挂钩软件和检查代理。在其他虚拟机之间传递的数据包通过驱动程序域，被挂接，并由检查代理进行检查，以确定它们是否是恶意的。恶意数据包被阻止。驱动器域还可以利用特权域的PCI驱动器来访问网络接口卡。可以使用具有或不具有通过模式的平台。

87. 发明授权

US08499170B1 SQL injection prevention 有权
标题翻译：防止SQL注入
公开(公告)号：US08499170B1
公开(公告)日：2013-07-30
申请号：US12247659
申请日：2008-10-08
申请人： Li Tongshu , Zheng Jing , Lin Jianzheng
发明人： Li Tongshu , Zheng Jing , Lin Jianzheng
IPC分类号： G06F12/14
CPC分类号： G06F21/6218 , G06F21/54 , G06F21/566
摘要： Hackers and other malicious users are prevented from injecting harmful SQL into a database and from retrieving confidential data. SQL statements formed by an application in response to user input (e.g., user Id and password), are scanned and compared to patterns of SQL commands and data embodied in one or more anti-SQL injection policies. If there is a match, the SQL statement is in violation of the policy. A severity level of the violation may be checked, for example, it may be determined whether the violation is critical or non-critical (normal). Different actions are taken depending on the severity of the violation. If the violation is critical, the SQL statement is dropped and the administrator is notified immediately and a trace of the violation is provided. If the violation is not critical, the data is retrieved and is compared against data in a confidential data registry. If any of the data is found to be confidential, that data is encrypted and then sent to the hacker. The hacker is not able to use or read the encrypted confidential data.
摘要翻译：黑客和其他恶意用户被阻止将有害的SQL注入数据库并检索机密数据。由应用程序响应于用户输入（例如，用户ID和密码）形成的SQL语句被扫描，并与一个或多个反SQL注入策略中体现的SQL命令和数据模式进行比较。如果有匹配，则SQL语句违反策略。可以检查违规的严重性级别，例如，可以确定违规是关键还是非关键（正常）。根据违规的严重程度采取不同的行动。如果违规行为至关重要，则会删除SQL语句，并立即通知管理员，并提供违规行为。如果违规行为不重要，则将检索数据并与机密数据注册表中的数据进行比较。如果发现任何数据是机密的，那么该数据被加密，然后发送给黑客。黑客无法使用或读取加密的机密数据。

88. 发明授权

US08443449B1 Silent detection of malware and feedback over a network 有权
标题翻译：通过网络静默检测恶意软件和反馈
公开(公告)号：US08443449B1
公开(公告)日：2013-05-14
申请号：US12614879
申请日：2009-11-09
申请人： Chi-Huang Fan , Chang-Hsing Ho , Yi-Hung Cheng , Kun-Wei Lee
发明人： Chi-Huang Fan , Chang-Hsing Ho , Yi-Hung Cheng , Kun-Wei Lee
IPC分类号： G06F21/00
CPC分类号： G06F21/564
摘要： Upon detection of a suspicious file, a client computer sends feedback data to an anti-malware service over the Internet. Files that are not suspicious or that are known clean are not reported; files that are known malware are acted upon immediately without needing to report them to the anti-malware service. Upon detection, no alert or warning is provided to the user of the client computer. The anti-malware service correlates data from other detection engines on the client computer or from other client computers and determines whether the file is malware or not. A new virus pattern is generated if the file is malware and includes the virus signature of the file; the new virus pattern is distributed back to the client computers. If not malware, no action need be taken, or, the virus signature of the file is removed from existing pattern files.
摘要翻译：在检测到可疑文件时，客户端计算机通过因特网向反恶意软件服务发送反馈数据。不可疑或已知干净的文件不报告; 已知恶意软件的文件立即执行，无需将其报告给反恶意软件服务。在检测到时，不向客户端计算机的用户提供警报或警告。反恶意软件服务将来自客户端计算机或其他客户端计算机上的其他检测引擎的数据相关联，并确定该文件是否为恶意软件。如果文件是恶意软件并且包含文件的病毒签名，则会生成新的病毒码。新的病毒模式被分发回客户端计算机。如果不是恶意软件，则不需要执行任何操作，或者从现有模式文件中删除该文件的病毒签名。

89. 发明授权

US08321910B1 Determining the source of malware 有权
标题翻译：确定恶意软件的来源
公开(公告)号：US08321910B1
公开(公告)日：2012-11-27
申请号：US11337054
申请日：2006-01-20
申请人： Edward D. English , Geoffrey B. Grindrod
发明人： Edward D. English , Geoffrey B. Grindrod
IPC分类号： G06F12/14
CPC分类号： G06F21/568 , G06F17/30144 , G06F2221/2145
摘要： A malware detection system capable of detecting and removing malware from a computer system. The malware detection system determines whether there are files potentially related to a selected malware file using a time-based embodiment based on whether files were installed around the time of the malware. A cache-based embodiment searches an Internet cache to determine the URLs that might be the source of the malware. A location-based embodiment dissects the file system path to determine an application related to the malware. Results are displayed to the user for action.
摘要翻译：一种能够从计算机系统检测和删除恶意软件的恶意软件检测系统。恶意软件检测系统基于是否在恶意软件的时间内安装文件，确定是否存在与所选恶意软件文件可能相关的文件。基于缓存的实施例搜索因特网缓存以确定可能是恶意软件源的URL。基于位置的实施例解剖文件系统路径以确定与恶意软件相关的应用。结果将显示给用户以进行操作。

90. 发明授权

US08316440B1 System for detecting change of name-to-IP resolution 有权
标题翻译：用于检测名称到IP分辨率的更改的系统
公开(公告)号：US08316440B1
公开(公告)日：2012-11-20
申请号：US11929305
申请日：2007-10-30
申请人： Sheng-Chi Hsieh , Chao-Yu Chen , Chih-Chia Chen
发明人： Sheng-Chi Hsieh , Chao-Yu Chen , Chih-Chia Chen
IPC分类号： G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00
CPC分类号： G06F11/108 , G06F11/302 , G06F11/3051 , H04L63/1416 , H04L63/1425 , H04L63/1483
摘要： Detection for pharming attacks and specifically for changes in name-to-IP resolutions on a computer system using rules is described. The DNS settings and the Hosts file on a computer system are monitored and their modification information is saved as a part of the historical data over time. When an IP address is determined for a host name, various rules are applied to the IP address in connection with the saved historical data, such that each rule produces a score based on various criteria. Different rules may have different weights assigned to their scores. The scores of all the rules are summed up to produce a final score. If the final score is above a predefined value, then there is a suspicious change in the IP address, and an alert is sent. Otherwise, the host name and the IP address are saved as a part of the historical data.
摘要翻译：描述了使用规则检测计算机系统上的制毒攻击，特别是在名称到IP分辨率上的更改。监视计算机系统上的DNS设置和主机文件，并将其修改信息作为历史数据的一部分保存。当为主机名确定IP地址时，将与保存的历史数据相关联的IP地址应用各种规则，使得每个规则基于各种标准产生分数。不同的规则可能具有不同的权重分配给他们的分数。所有规则的得分总结出来，以产生最终得分。如果最终得分高于预定值，则IP地址中存在可疑的更改，并发送警报。否则，主机名和IP地址将作为历史数据的一部分进行保存。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式