专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08893273B2 Systems and methods for adaptive model generation for detecting intrusions in computer systems 有权
标题翻译：用于检测计算机系统中入侵的自适应模型生成的系统和方法
公开(公告)号：US08893273B2
公开(公告)日：2014-11-18
申请号：US11805946
申请日：2007-05-25
申请人： Andrew Honig , Andrew Howard , Eleazar Eskin , Salvatore J. Stolfo
发明人： Andrew Honig , Andrew Howard , Eleazar Eskin , Salvatore J. Stolfo
IPC分类号： G06F21/72 , H04L29/06 , G06F21/55 , G06F21/56
CPC分类号： H04L63/14 , G06F17/30091 , G06F17/30294 , G06F17/30477 , G06F21/554 , G06F21/566 , G06N7/005 , G06N99/005 , H04L63/1416 , H04L63/1425 , H04L63/1433
摘要： A system and methods for detecting intrusions in the operation of a computer system comprises a sensor configured to gather information regarding the operation of the computer system, to format the information in a data record having a predetermined format, and to transmit the data in the predetermined data format. A data warehouse is configured to receive the data record from the sensor in the predetermined data format and to store the data in a SQL database. A detection model generator is configured to request data records from the data warehouse in the predetermined data format, to generate an intrusion detection model based on said data records, and to transmit the intrusion detection model to the data warehouse according to the predetermined data format. A detector is configured to receive a data record in the predetermined data format from the sensor and to classify the data record in real-time as one of normal operation and an attack based on said intrusion detection model. A data analysis engine is configured to request data records from the data warehouse according to the predetermined data format and to perform a data processing function on the data records.
摘要翻译：一种用于在计算机系统的操作中检测入侵的系统和方法，包括：传感器，被配置为收集关于计算机系统的操作的信息，将信息格式化成具有预定格式的数据记录，并且以预定的方式发送数据数据格式。数据仓库配置为以预定数据格式从传感器接收数据记录，并将数据存储在SQL数据库中。检测模型生成器被配置为以预定数据格式从数据仓库请求数据记录，以基于所述数据记录生成入侵检测模型，并根据预定数据格式将入侵检测模型发送到数据仓库。检测器被配置为从传感器接收预定数据格式的数据记录，并且将数据记录实时地分类为正常操作之一和基于所述入侵检测模型的攻击。数据分析引擎被配置为根据预定数据格式从数据仓库请求数据记录，并对数据记录执行数据处理功能。

2. 发明授权

US08887281B2 System and methods for adaptive model generation for detecting intrusion in computer systems 有权
标题翻译：用于检测计算机系统入侵的自适应模型生成的系统和方法
公开(公告)号：US08887281B2
公开(公告)日：2014-11-11
申请号：US13573314
申请日：2012-09-10
申请人： Andrew Honig , Andrew Howard , Eleazar Eskin , Salvatore J. Stolfo
发明人： Andrew Honig , Andrew Howard , Eleazar Eskin , Salvatore J. Stolfo
IPC分类号： H04L29/06 , G06F21/55 , G06F21/56
CPC分类号： H04L63/14 , G06F17/30091 , G06F17/30294 , G06F17/30477 , G06F21/554 , G06F21/566 , G06N7/005 , G06N99/005 , H04L63/1416 , H04L63/1425 , H04L63/1433
摘要： A system and methods for detecting intrusions in the operation of a computer system comprising a sensor configured to gather information regarding the operation of the computer system, to format the information in a data record, and to transmit the data record. A database is configured to receive the data record from the sensor and to store the data record. A detection model generator is configured to request data records from the database, to generate an intrusion detection model, and to transmit the intrusion detection model to the database. A detector is configured to receive a data record from the sensor and to classify the data record in real-time as one of normal operation and an attack. A data analysis engine is configured to request data records from the database and to perform a data processing function on the data records.
摘要翻译：一种用于在计算机系统的操作中检测入侵的系统和方法，包括：传感器，被配置为收集关于所述计算机系统的操作的信息，将所述信息格式化在数据记录中，并传送所述数据记录。数据库被配置为从传感器接收数据记录并存储数据记录。检测模型生成器被配置为从数据库请求数据记录，生成入侵检测模型，并将入侵检测模型发送到数据库。检测器被配置为从传感器接收数据记录并将数据记录实时分类为正常操作和攻击之一。数据分析引擎被配置为从数据库请求数据记录并对数据记录执行数据处理功能。

3. 发明申请

US20080040272A1 Mobile computing and communication 审中-公开
公开(公告)号：US20080040272A1
公开(公告)日：2008-02-14
申请号：US11974094
申请日：2007-10-11
申请人： Eleazar Eskin
发明人： Eleazar Eskin
IPC分类号： G06Q40/00
CPC分类号： H04L12/282 , F25B2600/07 , F25D29/00 , F25D2400/36 , F25D2700/12 , G05B19/00 , G06Q20/105 , H02J13/001 , H02J13/002 , H02J13/0062 , H02J13/0072 , H02J13/0075 , H04B2203/5445 , H04B2203/5454 , H04B2203/5495 , H04L12/2803 , H04L2012/285 , Y02B30/765 , Y02B70/3216 , Y02B70/325 , Y02B70/3266 , Y02B70/3275 , Y02B90/2615 , Y02B90/2638 , Y02B90/2646 , Y02B90/2653 , Y02E60/7815 , Y04S10/40 , Y04S20/221 , Y04S20/228 , Y04S20/242 , Y04S20/244 , Y04S40/121 , Y04S40/124 , Y04S40/125 , Y04S40/126 , Y04S50/12
摘要： An application development platform enables applications to be created easily for, e.g., mobile devices that have short-range wireless communication capability. The development platform exposes a carefully chosen core set of services through an API. Each of the applications can broadcast its services to local and remote devices. Message delivery between devices is guaranteed even for messages that cannot be delivered directly by local short-range wireless transmission. Message delivery through other channels, including the Internet, can occur transparently to the user. Each device can be associated with an “owner”, which can be a person or a entity. Services can be customized to the owner based on stored information that maps owners to devices. Information associated with each of the owners of devices can be stored centrally and used in connection with providing the services at each of the mobile devices. Virtual GPS capabilities can be provided for mobile devices that do not have GPS chips.

4. 发明申请

US20130031633A1 System and methods for adaptive model generation for detecting intrusion in computer systems 有权
标题翻译：用于检测计算机系统入侵的自适应模型生成的系统和方法
公开(公告)号：US20130031633A1
公开(公告)日：2013-01-31
申请号：US13573314
申请日：2012-09-10
申请人： Andrew Honig , Andrew Howard , Eleazar Eskin , Salvatore J. Stolfo
发明人： Andrew Honig , Andrew Howard , Eleazar Eskin , Salvatore J. Stolfo
IPC分类号： G06F21/00
CPC分类号： H04L63/14 , G06F17/30091 , G06F17/30294 , G06F17/30477 , G06F21/554 , G06F21/566 , G06N7/005 , G06N99/005 , H04L63/1416 , H04L63/1425 , H04L63/1433
摘要： A system and methods for detecting intrusions in the operation of a computer system comprises a sensor configured to gather information regarding the operation of the computer system, to format the information in a data record having a predetermined format, and to transmit the data in the predetermined data format. A data warehouse is configured to receive the data record from the sensor in the predetermined data format and to store the data in a SQL database. A detection model generator is configured to request data records from the data warehouse in the predetermined data format, to generate an intrusion detection model based on said data records, and to transmit the intrusion detection model to the data warehouse according to the predetermined data format. A detector is configured to receive a data record in the predetermined data format from the sensor and to classify the data record in real-time as one of normal operation and an attack based on said intrusion detection model. A data analysis engine is configured to request data records from the data warehouse according to the predetermined data format and to perform a data processing function on the data records.
摘要翻译：一种用于在计算机系统的操作中检测入侵的系统和方法，包括：传感器，被配置为收集关于计算机系统的操作的信息，将信息格式化成具有预定格式的数据记录，并且以预定的方式发送数据数据格式。数据仓库配置为以预定数据格式从传感器接收数据记录，并将数据存储在SQL数据库中。检测模型生成器被配置为以预定数据格式从数据仓库请求数据记录，以基于所述数据记录生成入侵检测模型，并根据预定数据格式将入侵检测模型发送到数据仓库。检测器被配置为从传感器接收预定数据格式的数据记录，并且将数据记录实时地分类为正常操作之一和基于所述入侵检测模型的攻击。数据分析引擎被配置为根据预定数据格式从数据仓库请求数据记录，并对数据记录执行数据处理功能。

5. 发明授权

US07979907B2 Systems and methods for detection of new malicious executables 有权
标题翻译：用于检测新的恶意可执行文件的系统和方法
公开(公告)号：US07979907B2
公开(公告)日：2011-07-12
申请号：US12338479
申请日：2008-12-18
申请人： Matthew G. Schultz , Eleazar Eskin , Erez Zadok , Manasi Bhattacharyya , Stolfo Salvatore J.
发明人： Matthew G. Schultz , Eleazar Eskin , Erez Zadok , Manasi Bhattacharyya , Stolfo Salvatore J.
IPC分类号： G06F11/00 , G06F12/14
CPC分类号： H04L63/145 , G06F21/562
摘要： A system and methods for detecting malicious executable attachments at an email processing application of a computer system using data mining techniques. The email processing application may be located at the server or at the client or host. The executable attachments are filtered from said email, and byte sequence features are extracted from the executable attachment. The executable attachments are classified by comparing the byte sequence feature of the executable attachment to a classification rule set derived from byte sequence features of a data set of known executables having a predetermined class in a set of classes, e.g., malicious or benign. The system is also able to classify executable attachments as borderline when the difference between the probability that the executable is malicious and the probability that the executable is benign are within a predetermined threshold. The system can notify the user when the number of borderline attachments exceeds the threshold in order to refine the classification rule set.
摘要翻译：一种用于在使用数据挖掘技术的计算机系统的电子邮件处理应用中检测恶意可执行附件的系统和方法。电子邮件处理应用程序可能位于服务器或客户端或主机。从所述电子邮件过滤可执行附件，并从可执行附件中提取字节序列特征。可执行附件通过将可执行附件的字节序列特征与从一组类别（例如恶意或良性）中具有预定类别的已知可执行程序的数据集的字节序列特征导出的分类规则集进行比较来分类。当可执行文件的恶意程度与可执行文件的良性概率在预定的阈值内时，系统还能将可执行附件分类为边界。为了优化分类规则集，系统可以通知用户边界附件的数量超过阈值。

6. 发明授权

US07299007B2 Mobile computing and communication 有权
标题翻译：移动计算和通信
公开(公告)号：US07299007B2
公开(公告)日：2007-11-20
申请号：US09775194
申请日：2001-02-01
申请人： Eleazar Eskin
发明人： Eleazar Eskin
IPC分类号： H04B7/00
CPC分类号： H04W4/02 , G01S1/68 , H04L29/06 , H04L67/04 , H04L67/18 , H04L67/303 , H04L67/306 , H04L69/329 , H04W4/00 , H04W4/12 , H04W84/10 , H04W88/02 , H04W88/14
摘要： An application development platform enables applications to be created easily for, e.g., mobile devices that have short-range wireless communication capability. The development platform exposes a carefully chosen core set of services through an API. Each of the applications can broadcast its services to local and remote devices. Message delivery between devices is guaranteed even for messages that cannot be delivered directly by local short-range wireless transmission. Message delivery through other channels, including the Internet, can occur transparently to the user. Each device can be associated with an “owner”, which can be a person or a entity. Services can be customized to the owner based on stored information that maps owners to devices. Information associated with each of the owners of devices can be stored centrally and used in connection with providing the services at each of the mobile devices. Virtual GPS capabilities can be provided for mobile devices that do not have GPS chips.
摘要翻译：应用开发平台使得能够容易地为例如具有短距离无线通信能力的移动设备创建应用。开发平台通过API公开了精心挑选的核心服务集。每个应用程序可以将其服务广播到本地和远程设备。即使对于无法通过本地短距离无线传输直接传送的消息，也保证设备之间的消息传送。通过其他渠道（包括互联网）发送的邮件可以透明地发送给用户。每个设备可以与“所有者”相关联，“所有者”可以是个人或实体。可以根据将所有者映射到设备的存储信息，为所有者定制服务。与设备所有者中的每一个相关联的信息可以集中存储并与在每个移动设备处提供服务相结合使用。可以为没有GPS芯片的移动设备提供虚拟GPS功能。

7. 发明授权

US07225343B1 System and methods for adaptive model generation for detecting intrusions in computer systems 有权
标题翻译：用于检测计算机系统入侵的自适应模型生成的系统和方法
公开(公告)号：US07225343B1
公开(公告)日：2007-05-29
申请号：US10352342
申请日：2003-01-27
申请人： Andrew Honig , Andrew Howard , Eleazar Eskin , Salvatore J. Stolfo
发明人： Andrew Honig , Andrew Howard , Eleazar Eskin , Salvatore J. Stolfo
IPC分类号： H04L9/00
CPC分类号： H04L63/14 , G06F17/30091 , G06F17/30294 , G06F17/30477 , G06F21/554 , G06F21/566 , G06N7/005 , G06N99/005 , H04L63/1416 , H04L63/1425 , H04L63/1433
摘要： A system and methods for detecting intrusions in the operation of a computer system comprises a sensor configured to gather information regarding the operation of the computer system, to format the information in a data record having a predetermined format, and to transmit the data in the predetermined data format. A data warehouse is configured to receive the data record from the sensor in the predetermined data format and to store the data in a database. A detection model generator is configured to request data records from the data warehouse in the predetermined data format, to generate an intrusion detection model based on said data records, and to transmit the intrusion detection model to the data warehouse according to the predetermined data format. A detector is configured to receive a data record in the predetermined data format from the sensor and to classify the data record in real-time as one of normal operation and an attack based on said intrusion detection model. A data analysis engine is configured to request data records from the data warehouse according to the predetermined data format and to perform a data processing function on the data records.
摘要翻译：一种用于在计算机系统的操作中检测入侵的系统和方法，包括：传感器，被配置为收集关于计算机系统的操作的信息，将信息格式化成具有预定格式的数据记录，并且以预定的方式发送数据数据格式。数据仓库被配置为以预定数据格式从传感器接收数据记录，并将数据存储在数据库中。检测模型生成器被配置为以预定数据格式从数据仓库请求数据记录，以基于所述数据记录生成入侵检测模型，并根据预定数据格式将入侵检测模型发送到数据仓库。检测器被配置为从传感器接收预定数据格式的数据记录，并且将数据记录实时地分类为正常操作之一和基于所述入侵检测模型的攻击。数据分析引擎被配置为根据预定数据格式从数据仓库请求数据记录，并对数据记录执行数据处理功能。

8. 发明授权

US07162741B2 System and methods for intrusion detection with dynamic window sizes 有权
标题翻译：具有动态窗口大小的入侵检测系统和方法
公开(公告)号：US07162741B2
公开(公告)日：2007-01-09
申请号：US10208402
申请日：2002-07-30
申请人： Eleazar Eskin , Salvatore J. Stolfo
发明人： Eleazar Eskin , Salvatore J. Stolfo
IPC分类号： H04L9/32 , G06F11/00 , G06F11/22 , G06F11/30 , G06F11/32 , G06F11/34 , G06F11/36 , G06F12/14 , G06F12/16 , G06F7/04 , G06F7/58
CPC分类号： H04L63/1416 , Y10S707/99953 , Y10S707/99956
摘要： A system and methods of monitoring sequences of operations in a process running on a computer system. A probabilistic detection model is defined which is configured to determine a predictive probability of an occurrence of a final operation in the sequence of operations that is conditional on a calculated number of previous operations in the sequence of operations. The probabilistic detection model is trained from a plurality of predetermined sequences of operations to calculate the number of previous operations evaluated in the probabilistic detection model. The predictive probability for the final operation in the sequence of operations is determined by using the probabilistic detection model. If the predictive probability is below a predetermined threshold, the sequence of operations is identified as an intrusion. The probabilistic detection model may use sparse distribution trees to generate a model which determines the optimal number of previous operations to be evaluated (i.e., the window size) and position of wildcards. The system and methods may be used to monitor sequences of system calls, application function calls, and machine code instructions, for example.
摘要翻译：在计算机系统上运行的进程中监视操作顺序的系统和方法。定义概率检测模型，其被配置为确定在所述操作序列中出现最终操作的预测概率，其以所计算的操作序列中的先前操作的数量为条件。从多个预定的操作序列训练概率检测模型，以计算在概率检测模型中评估的先前操作的数量。通过使用概率检测模型来确定操作顺序中的最终操作的预测概率。如果预测概率低于预定阈值，则将该操作序列识别为入侵。概率检测模型可以使用稀疏分布树来生成确定要评估的先前操作的最佳数量（即，窗口大小）和通配符的位置的模型。例如，系统和方法可以用于监视系统调用，应用程序函数调用和机器代码指令的顺序。

9. 发明授权

US08443441B2 System and methods for detecting malicious email transmission 有权
公开(公告)号：US08443441B2
公开(公告)日：2013-05-14
申请号：US12633493
申请日：2009-12-08
申请人： Salvatore J. Stolfo , Eleazar Eskin , Shlomo Herskop , Manasi Bhattacharyya
发明人： Salvatore J. Stolfo , Eleazar Eskin , Shlomo Herskop , Manasi Bhattacharyya
IPC分类号： G06F21/00
CPC分类号： H04L63/1425 , H04L51/12 , H04L63/145
摘要： A system and methods of detecting an occurrence of a violation of an email security policy of a computer system. A model relating to the transmission of prior emails through the computer system is defined which is derived from statistics relating to the prior emails. For selected emails to be analyzed, statistics concerning the selected email are gathered. Such statistics may refer to the behavior or other features of the selected emails, attachments to emails, or email accounts. The determination of whether a violation of an email security policy has occurred is performed by applying the model of prior email transmission to the statistics relating to the selected email. The model may be statistical or probabilistic. A model of prior email transmission may include grouping email recipients into cliques. A determination of a violation of a security policy may occur if email recipients for a particular email are in more than one clique.

10. 发明申请

US20100169970A1 SYSTEM AND METHODS FOR DETECTING MALICIOUS EMAIL TRANSMISSION 有权
标题翻译：用于检测恶意电子邮件传输的系统和方法
公开(公告)号：US20100169970A1
公开(公告)日：2010-07-01
申请号：US12633493
申请日：2009-12-08
申请人： Salvatore J. Stolfo , Eleazar Eskin , Shlomo Herskop , Manasi Bhattacharyya
发明人： Salvatore J. Stolfo , Eleazar Eskin , Shlomo Herskop , Manasi Bhattacharyya
IPC分类号： G06F21/00 , G06F15/16
CPC分类号： H04L63/1425 , H04L51/12 , H04L63/145
摘要： A system and methods of detecting an occurrence of a violation of an email security policy of a computer system. A model relating to the transmission of prior emails through the computer system is defined which is derived from statistics relating to the prior emails. For selected emails to be analyzed, statistics concerning the selected email are gathered. Such statistics may refer to the behavior or other features of the selected emails, attachments to emails, or email accounts. The determination of whether a violation of an email security policy has occurred is performed by applying the model of prior email transmission to the statistics relating to the selected email. The model may be statistical or probabilistic. A model of prior email transmission may include grouping email recipients into cliques. A determination of a violation of a security policy may occur if email recipients for a particular email are in more than one clique.
摘要翻译：检测违反计算机系统的电子邮件安全策略的发生的系统和方法。与通过计算机系统传输以前的电子邮件相关的模型被定义为从与先前的电子邮件相关的统计数据得出的。对于要分析的所选电子邮件，将收集有关所选电子邮件的统计信息。这样的统计数据可以指所选电子邮件的行为或其他功能，附件到电子邮件或电子邮件帐户。通过将先前的电子邮件传输模型应用于与所选择的电子邮件相关的统计数据来确定是否发生了电子邮件安全策略的违规。该模型可能是统计或概率。先前电子邮件传输的模型可以包括将电子邮件收件人分组成团体。如果特定电子邮件的电子邮件收件人在多个集团中，则可能会发生违反安全政策的决定。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式