专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20110185425A1 NETWORK ATTACK DETECTION DEVICES AND METHODS 有权
标题翻译：网络攻击检测设备和方法
公开(公告)号：US20110185425A1
公开(公告)日：2011-07-28
申请号：US12837986
申请日：2010-07-16
申请人： Hahn-Ming LEE , Si-Yu HUANG , Jerome YEH , Ching-Hao MAO
发明人： Hahn-Ming LEE , Si-Yu HUANG , Jerome YEH , Ching-Hao MAO
IPC分类号： G06F21/00
CPC分类号： H04L63/1416 , H04L29/12066 , H04L61/1511
摘要： A network attack detection device is provided, including a spatial coordinate database for storing spatial coordinate data; a standard time zone database for storing standard time zone data; a domain name system packet collector for collecting a domain name system packet; a spatial snapshot feature extractor for extracting internet protocol address corresponding to the domain name system packet according to the domain name system packet, and generating spatial feature data corresponding to the internet protocol address according to the internet protocol address, the spatial coordinate data and the standard time zone data; and an attack detector for determining whether the domain name system packet is an attack according to the spatial feature data and a spatial snapshot detection model, and when determining that the domain name system packet is an attack, sending a warning to indicate the attack.
摘要翻译：提供一种网络攻击检测装置，包括用于存储空间坐标数据的空间坐标数据库; 用于存储标准时区数据的标准时区数据库; 用于收集域名系统包的域名系统包收集器; 空间快照特征提取器，用于根据域名系统分组提取与域名系统分组对应的互联网协议地址，并根据因特网协议地址，空间坐标数据和标准产生与互联网协议地址对应的空间特征数据时区数据; 以及用于根据空间特征数据和空间快照检测模型来确定域名系统分组是否是攻击的攻击检测器，并且当确定域名系统分组是攻击时，发送指示攻击的警告。

2. 发明申请

US20110004936A1 BOTNET EARLY DETECTION USING HYBRID HIDDEN MARKOV MODEL ALGORITHM 有权
标题翻译： BOTNET早期检测使用混合隐马尔可夫模型算法
公开(公告)号：US20110004936A1
公开(公告)日：2011-01-06
申请号：US12726272
申请日：2010-03-17
申请人： Hahn-Ming Lee , Ching-Hao Mao , Yu-Jie Chen , Yi-Hsun Wang , Jerome Yeh , Tsu-Han Chen
发明人： Hahn-Ming Lee , Ching-Hao Mao , Yu-Jie Chen , Yi-Hsun Wang , Jerome Yeh , Tsu-Han Chen
IPC分类号： G06F21/00
CPC分类号： H04L63/1441 , H04L2463/144
摘要： A botnet detection system is provided. A bursty feature extractor receives an Internet Relay Chat (IRC) packet value from a detection object network, and determines a bursty feature accordingly. A Hybrid Hidden Markov Model (HHMM) parameter estimator determines probability parameters for a Hybrid Hidden Markov Model according to the bursty feature. A traffic profile generator establishes a probability sequential model for the Hybrid Hidden Markov Model according to the probability parameters and pre-defined network traffic categories. A dubious state detector determines a traffic state corresponding to a network relaying the IRC packet in response to reception of a new IRC packet, determines whether the IRC packet flow of the object network is dubious by applying the bursty feature to the probability sequential model for the Hybrid Hidden Markov Model, and generates a warning signal when the IRC packet flow is regarded as having a dubious traffic state.
摘要翻译：提供僵尸网络检测系统。突发特征提取器从检测对象网络接收因特网中继聊天（IRC）分组值，并相应地确定突发特征。混合隐马尔可夫模型（HHMM）参数估计器根据突发特征确定混合隐马尔可夫模型的概率参数。流量简档生成器根据概率参数和预定义的网络流量类别建立混合隐马尔可夫模型的概率序列模型。可疑状态检测器响应于接收到新的IRC分组而确定与中继IRC分组的网络相对应的业务状态，通过将突发特征应用于概率序列模型来确定对象网络的IRC分组流是否可疑，混合隐马尔可夫模型，并且当IRC分组流被认为具有可疑业务状态时，生成警告信号。

3. 发明申请

US20100319031A1 HOT VIDEO PREDICTION SYSTEM BASED ON USER INTERESTS SOCIAL NETWORK 有权
标题翻译：基于用户兴趣的热点视频预测系统社会网络
公开(公告)号：US20100319031A1
公开(公告)日：2010-12-16
申请号：US12612436
申请日：2009-11-04
申请人： Hahn-Ming Lee , Hui-Ju Cheng , Ching-Hao Mao , Chao-Wen Li , Shou-Wei Ho , Jerome Yeh
发明人： Hahn-Ming Lee , Hui-Ju Cheng , Ching-Hao Mao , Chao-Wen Li , Shou-Wei Ho , Jerome Yeh
IPC分类号： H04N5/445 , G06F17/00
CPC分类号： H04N7/17336 , G06Q50/01 , H04N21/252 , H04N21/254 , H04N21/26603 , H04N21/4667 , H04N21/4756 , H04N21/6582
摘要： A hot video prediction system is provided. A video comments database stores video comments submitted by a plurality of users. A user social network constructor establishes a user social network according to the video comments. When new comments of a new video are received, a hot video predictor uses the user social network to determine a similar theme between the new video and hot videos that have been hot for a period of time, and predicts whether the new video will become popular accordingly. A social network adaptor checks the prediction, and modifies the user social network accordingly.
摘要翻译：提供一种热视频预测系统。视频评论数据库存储由多个用户提交的视频评论。用户社交网络构造器根据视频注释建立用户社交网络。当接收到新视频的新评论时，热门视频预测器使用用户社交网络来确定新视频和热视频在一段时间之间的类似主题，并预测新视频是否变得流行相应地。社交网络适配器检查预测，并相应地修改用户社交网络。

4. 发明申请

US20130268675A1 Method and System for Tracing Domain Names and Computer Readable Storage Medium Storing the Method 审中-公开
标题翻译：跟踪域名和计算机可读存储介质的方法和系统存储方法
公开(公告)号：US20130268675A1
公开(公告)日：2013-10-10
申请号：US13544068
申请日：2012-07-09
申请人： Meng-Han Tsai , Chang-Cheng Lin , Kai-Chi Chang , Ching-Hao Mao
发明人： Meng-Han Tsai , Chang-Cheng Lin , Kai-Chi Chang , Ching-Hao Mao
IPC分类号： G06F15/173
CPC分类号： H04L61/1511 , H04L63/1408
摘要： A method for tracing at least one domain name is disclosed. In the method, several DNS resource records of candidate domain names are queried from at least one DNS name server. The candidate domain names are domain names that need to be traced. Internet Protocol (IP) addresses associated with the candidate domain names are retrieved from the DNS resource records of the candidate domain names. At least one external resource server is connected to retrieve corresponding registration information of the respective IP addresses of the candidate domain names. A tracing weight of each of the candidate domain names is calculated according to the DNS resource records, the IP addresses and the corresponding registration information of the candidate domain names. The candidate domain names are traced according to their respective tracing weights. A system for tracing at least one domain name is also disclosed.
摘要翻译：公开了一种追踪至少一个域名的方法。在该方法中，从至少一个DNS名称服务器查询候选域名的若干DNS资源记录。候选域名是需要追踪的域名。从候选域名的DNS资源记录中检索与候选域名相关联的因特网协议（IP）地址。连接至少一个外部资源服务器以检索候选域名的相应IP地址的对应注册信息。根据DNS资源记录，IP地址和候选域名的相应注册信息计算每个候选域名的跟踪权重。候选域名根据其各自的追踪权重进行跟踪。还公开了用于追踪至少一个域名的系统。

5. 发明申请

US20130055400A1 METHOD FOR GENERATING CROSS-SITE SCRIPTING ATTACK 有权
标题翻译：用于生成跨站脚本攻击的方法
公开(公告)号：US20130055400A1
公开(公告)日：2013-02-28
申请号：US13298295
申请日：2011-11-17
申请人： Hahn-Ming Lee , Yi-Hsun Wang , Kuo-Ping Wu , Ching-Hao Mao , Jerome Yeh
发明人： Hahn-Ming Lee , Yi-Hsun Wang , Kuo-Ping Wu , Ching-Hao Mao , Jerome Yeh
IPC分类号： G06F11/00
CPC分类号： H04L63/1466 , H04L63/1433
摘要： A method for generating a cross-site scripting attack is provided. An attack string sample is analyzed for obtaining a token sequence. A string word corresponding to each token is used to replace the token for generating a cross-site scripting attack string. Accordingly, a large number of cross-site scripting attacks are generated automatically, so as to execute a penetration test for a website.
摘要翻译：提供了一种生成跨站点脚本攻击的方法。分析攻击字符串样本以获得令牌序列。对应于每个令牌的字符串字用于替换用于生成跨站点脚本攻击字符串的令牌。因此，自动生成大量的跨站点脚本攻击，以便对网站执行渗透测试。

6. 发明授权

US08505080B2 Method for generating cross-site scripting attack 有权
标题翻译：生成跨站点脚本攻击的方法
公开(公告)号：US08505080B2
公开(公告)日：2013-08-06
申请号：US13298295
申请日：2011-11-17
申请人： Hahn-Ming Lee , Yi-Hsun Wang , Kuo-Ping Wu , Ching-Hao Mao , Jerome Yeh
发明人： Hahn-Ming Lee , Yi-Hsun Wang , Kuo-Ping Wu , Ching-Hao Mao , Jerome Yeh
IPC分类号： G06F11/00
CPC分类号： H04L63/1466 , H04L63/1433
摘要： A method for generating a cross-site scripting attack is provided. An attack string sample is analyzed for obtaining a token sequence. A string word corresponding to each token is used to replace the token for generating a cross-site scripting attack string. Accordingly, a large number of cross-site scripting attacks are generated automatically, so as to execute a penetration test for a website.
摘要翻译：提供了一种生成跨站点脚本攻击的方法。分析攻击字符串样本以获得令牌序列。对应于每个令牌的字符串字用于替换用于生成跨站点脚本攻击字符串的令牌。因此，自动生成大量的跨站点脚本攻击，以便对网站执行渗透测试。

7. 发明申请

US20120159629A1 METHOD AND SYSTEM FOR DETECTING MALICIOUS SCRIPT 审中-公开
标题翻译：检测恶性症状的方法和系统
公开(公告)号：US20120159629A1
公开(公告)日：2012-06-21
申请号：US13165787
申请日：2011-06-21
申请人： Hahn-Ming Lee , Jerome Yeh , Hung-Chang Chen , Ching-Hao Mao
发明人： Hahn-Ming Lee , Jerome Yeh , Hung-Chang Chen , Ching-Hao Mao
IPC分类号： G06F11/00
CPC分类号： G06F21/566 , G06F2221/2105 , H04L63/1416 , H04L63/168
摘要： A method for detecting a malicious script is provided. A plurality of distribution eigenvalues are generated according to a plurality of function names of a web script. After the distribution eigenvalues are inputted to a hidden markov model (HMM), probabilities respectively corresponding to a normal state and an abnormal state are calculated. Accordingly, whether the web script is malicious or not can be determined according to the probabilities. Even an attacker attempts to change the event order, insert a new event or replace an event with a new one to avoid detection, the method can still recognize the intent hidden in the web script by using the HMM for event modeling. As such, the method may be applied in detection of obfuscated malicious scripts.
摘要翻译：提供了一种用于检测恶意脚本的方法。根据web脚本的多个功能名称生成多个分布特征值。在将分布特征值输入到隐马尔可夫模型（HMM）之后，计算分别对应于正常状态和异常状态的概率。因此，可以根据概率来确定web脚本是否是恶意的。即使攻击者也尝试更改事件顺序，插入新事件或替换事件以避免检测，该方法仍然可以通过使用HMM进行事件建模来识别隐藏在Web脚本中的意图。因此，该方法可以应用于检测模糊的恶意脚本。

8. 发明申请

US20110185420A1 DETECTION METHODS AND DEVICES OF WEB MIMICRY ATTACKS 审中-公开
标题翻译： WEB MIMICRY攻击的检测方法和设备
公开(公告)号：US20110185420A1
公开(公告)日：2011-07-28
申请号：US12820564
申请日：2010-06-22
申请人： Hahn-Ming LEE , En-Sih LIOU , Jerome YEH , Ching-Hao MAO
发明人： Hahn-Ming LEE , En-Sih LIOU , Jerome YEH , Ching-Hao MAO
IPC分类号： G06F11/00
CPC分类号： H04L63/1416 , G06F21/31 , H04L63/168
摘要： A web mimicry attack detection device is provided, including: a first token sequence collector receiving a hypertext transfer protocol request and extracting string content of the hypertext transfer protocol request according to a token collection method to generate a token sequence corresponding to the hypertext transfer protocol request, wherein the token sequence comprises a plurality of the tokens; and a mimicry attack detector generating a label and a confidence score corresponding individually to the tokens according to the tokens and a conditional random field probability model, summing the confidence score individually corresponding to the tokens in the token sequence by a summary rule to generate a summary confidence score, and determining whether the hypertext transfer protocol request is an attack according to the summary confidence score and the label individually corresponding to the tokens.
摘要翻译：提供一种网络模拟攻击检测装置，包括：第一令牌序列收集器，接收超文本传输协议请求，并根据令牌收集方法提取超文本传输协议请求的字符串内容，以生成与超文本传输协议请求对应的令牌序列，其中所述令牌序列包括多个所述令牌; 以及模拟攻击检测器，其根据所述令牌和条件随机场概率模型，生成与所述令牌单独对应的标签和置信度分数，所述随机场概率模型通过总结规则将令牌序列中的所述令牌各自对应的置信度得分相加，以生成摘要置信度得分，以及根据总结置信度得分和单独对应于令牌的标签来确定超文本传输协议请求是否是攻击。

9. 发明授权

US08341742B2 Network attack detection devices and methods 有权
标题翻译：网络攻击检测设备和方法
公开(公告)号：US08341742B2
公开(公告)日：2012-12-25
申请号：US12837986
申请日：2010-07-16
申请人： Hahn-Ming Lee , Si-Yu Huang , Jerome Yeh , Ching-Hao Mao
发明人： Hahn-Ming Lee , Si-Yu Huang , Jerome Yeh , Ching-Hao Mao
IPC分类号： H04L29/06
CPC分类号： H04L63/1416 , H04L29/12066 , H04L61/1511
摘要： A network attack detection device is provided, including a spatial coordinate database for storing spatial coordinate data; a standard time zone database for storing standard time zone data; a domain name system packet collector for collecting a domain name system packet; a spatial snapshot feature extractor for extracting internet protocol address corresponding to the domain name system packet according to the domain name system packet, and generating spatial feature data corresponding to the internet protocol address according to the internet protocol address, the spatial coordinate data and the standard time zone data; and an attack detector for determining whether the domain name system packet is an attack according to the spatial feature data and a spatial snapshot detection model, and when determining that the domain name system packet is an attack, sending a warning to indicate the attack.
摘要翻译：提供一种网络攻击检测装置，包括用于存储空间坐标数据的空间坐标数据库; 用于存储标准时区数据的标准时区数据库; 用于收集域名系统包的域名系统包收集器; 空间快照特征提取器，用于根据域名系统分组提取与域名系统分组对应的互联网协议地址，并根据因特网协议地址，空间坐标数据和标准产生与互联网协议地址对应的空间特征数据时区数据; 以及用于根据空间特征数据和空间快照检测模型来确定域名系统分组是否是攻击的攻击检测器，并且当确定域名系统分组是攻击时，发送指示攻击的警告。

10. 发明授权

US08307459B2 Botnet early detection using hybrid hidden markov model algorithm 有权
标题翻译：僵尸网络早期检测使用混合隐马尔可夫模型算法
公开(公告)号：US08307459B2
公开(公告)日：2012-11-06
申请号：US12726272
申请日：2010-03-17
申请人： Hahn-Ming Lee , Ching-Hao Mao , Yu-Jie Chen , Yi-Hsun Wang , Jerome Yeh , Tsu-Han Chen
发明人： Hahn-Ming Lee , Ching-Hao Mao , Yu-Jie Chen , Yi-Hsun Wang , Jerome Yeh , Tsu-Han Chen
IPC分类号： G06F7/04 , G06F11/00
CPC分类号： H04L63/1441 , H04L2463/144
摘要： A botnet detection system is provided. A bursty feature extractor receives an Internet Relay Chat (IRC) packet value from a detection object network, and determines a bursty feature accordingly. A Hybrid Hidden Markov Model (HHMM) parameter estimator determines probability parameters for a Hybrid Hidden Markov Model according to the bursty feature. A traffic profile generator establishes a probability sequential model for the Hybrid Hidden Markov Model according to the probability parameters and pre-defined network traffic categories. A dubious state detector determines a traffic state corresponding to a network relaying the IRC packet in response to reception of a new IRC packet, determines whether the IRC packet flow of the object network is dubious by applying the bursty feature to the probability sequential model for the Hybrid Hidden Markov Model, and generates a warning signal when the IRC packet flow is regarded as having a dubious traffic state.
摘要翻译：提供僵尸网络检测系统。突发特征提取器从检测对象网络接收因特网中继聊天（IRC）分组值，并相应地确定突发特征。混合隐马尔可夫模型（HHMM）参数估计器根据突发特征确定混合隐马尔可夫模型的概率参数。流量简档生成器根据概率参数和预定义的网络流量类别建立混合隐马尔可夫模型的概率序列模型。可疑状态检测器响应于接收到新的IRC分组而确定与中继IRC分组的网络相对应的业务状态，通过将突发特征应用于概率序列模型来确定对象网络的IRC分组流是否可疑，混合隐马尔可夫模型，并且当IRC分组流被认为具有可疑业务状态时，生成警告信号。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式