专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08819049B1 Frame injection blocking 有权
标题翻译：框架注入阻塞
公开(公告)号：US08819049B1
公开(公告)日：2014-08-26
申请号：US11243479
申请日：2005-10-03
申请人： Matthew Yeo , Jeffrey Wilhelm , Frank Barajas , Pak Wai Yung , James Croall
发明人： Matthew Yeo , Jeffrey Wilhelm , Frank Barajas , Pak Wai Yung , James Croall
IPC分类号： G06F7/00 , G06F17/30
CPC分类号： H04L63/1483 , G06F21/64 , G06F2221/2119
摘要： A parsing module identifies a framed page within a web page received from a network. The parsing module further identifies information regarding the frame such as the framed page's uniform resource locator. A lookup module accesses a memory module to determine if the identified information regarding the frame is included in a protection list stored in the memory module. A notification module notifies a client's user that the framing web page is fraudulent if the identified information regarding the frame is included in the protection list. Alternatively, the parsing module is adapted to identify a security tag within the framed page indicating that the framed page is not permitted to be displayed within a frame. If the framed page includes a security tag, the notification module notifies the client's user that the framing web page is fraudulent.
摘要翻译：解析模块识别从网络接收的网页内的框架页面。解析模块进一步识别关于帧的信息，例如框架页的统一资源定位符。查找模块访问存储器模块以确定关于帧的所识别的信息是否被包括在存储在存储器模块中的保护列表中。如果关于帧的识别信息被包括在保护列表中，则通知模块通知客户用户该成帧网页是欺诈性的。或者，解析模块适于识别框架页面内的安全标签，指示框架页面不被允许在帧内显示。如果框架页面包含安全标签，通知模块通知客户的用户框架网页是欺诈性的。

2. 发明授权

US08627469B1 Systems and methods for using acquisitional contexts to prevent false-positive malware classifications 有权
标题翻译：使用获取性上下文来防止虚假的恶意软件分类的系统和方法
公开(公告)号：US08627469B1
公开(公告)日：2014-01-07
申请号：US13420492
申请日：2012-03-14
申请人： Joseph Chen , Jeffrey Wilhelm
发明人： Joseph Chen , Jeffrey Wilhelm
IPC分类号： G06F11/00
CPC分类号： G06F21/567 , H04L63/145
摘要： A method for using acquisitional contexts to prevent false-positive malware classifications. The method may include (1) receiving, from at least one client-side computing device within a community of users, contextual information associated with a file, (2) determining, based at least in part on the contextual information received from the client-side computing device, a reputation rating for the file, and (3) providing the reputation rating for the file to at least one additional client-side computing device within the community in order to prevent the additional client-side computing device from falsely classifying the file as untrustworthy due to acquiring an additional instance of the file via a context that is insufficient to determine that the additional instance of the file is trustworthy. Various other methods and systems are also disclosed.
摘要翻译：一种使用获取性上下文来防止假阳性恶意软件分类的方法。该方法可以包括（1）从用户社区内的至少一个客户端计算设备接收与文件相关联的上下文信息，（2）至少部分地基于从客户端接收的上下文信息来确定，侧面计算设备，文件的信誉评级，以及（3）向社区内的至少一个附加的客户端计算设备提供该文件的信誉评级，以防止附加的客户端计算设备被错误地分类由于通过不足以确定文件的附加实例是可信赖的上下文获取文件的附加实例，因此文件不可信。还公开了各种其它方法和系统。

3. 发明授权

US07814544B1 API-profile guided unpacking 有权
标题翻译： API-profile引导拆包
公开(公告)号：US07814544B1
公开(公告)日：2010-10-12
申请号：US11473457
申请日：2006-06-22
申请人： Jeffrey Wilhelm
发明人： Jeffrey Wilhelm
IPC分类号： G06F11/00 , G06F13/00
CPC分类号： G06F21/566
摘要： An executable program including packed code is launched in an API-monitored environment, such as a sandboxed environment, in which each call to an API issued by the executable program is intercepted. A packer API profile list including one or more packer API profiles identifying associated sets of one or more APIs utilized by an associated known packer to unpack packed code is accessed. The executable program is allowed to run so long as the executable program issues calls to APIs within an API set of a packer API profile in the packer API profile list. When the executable program issues a call to an API not within an API set of a packer API profile in said packer API profile list, the packed code is assumed to be unpacked in memory as a memory image. The memory image is evaluated, e.g., scanned, for malicious code, and upon detection of malicious code, protective action is taken.
摘要翻译：包含打包代码的可执行程序在API监视的环境中启动，例如沙盒环境，其中每个对由可执行程序发出的API的调用被截取。封装器API简档列表包括一个或多个封装API简档，其识别由相关联的已知封隔器利用来解包打包代码的一个或多个API的关联集合。允许可执行程序运行，只要可执行程序在打包程序API配置文件列表中的打包程序API配置文件的API集中对API发出调用即可。当可执行程序发出对API的调用，而不是在所述打包器API配置文件列表中的封装器API配置文件的API集合内时，打包代码被假定为作为存储器映像在存储器中解包。对恶意代码评估，例如扫描存储器图像，并且在检测到恶意代码时，采取保护动作。

4. 发明授权

US08127360B1 Method and apparatus for detecting leakage of sensitive information 有权
标题翻译：检测敏感信息泄漏的方法和装置
公开(公告)号：US08127360B1
公开(公告)日：2012-02-28
申请号：US11477231
申请日：2006-06-29
申请人： Jeffrey Wilhelm , Carey Nachenberg
发明人： Jeffrey Wilhelm , Carey Nachenberg
IPC分类号： H04L29/06
CPC分类号： G06F21/552
摘要： A method and apparatus for preventing leakage of sensitive information from a computer is described. The method includes identifying data entered into the computer system as sensitive data, tainting the sensitive data with at least one taint bit to form a tainted data, tracking the tainted data within the computer system and identifying at least one condition that compromises the security of the tainted data. The system is a computer system including taint analysis software for identifying data entered into the computer system as sensitive data, tainting the sensitive data with at least one taint bit to form a tainted data, tracking the tainted data within the computer system and identifying at least one condition that compromises the security of the tainted data.
摘要翻译：描述了一种用于防止敏感信息从计算机泄露的方法和装置。该方法包括将输入到计算机系统中的数据识别为敏感数据，用至少一个污染位污染敏感数据以形成污染数据，跟踪计算机系统内的污染数据，并且识别至少一种损害安全性的条件污染数据。该系统是包括污染分析软件的计算机系统，用于将输入到计算机系统中的数据识别为敏感数据，用至少一个污染位污染敏感数据以形成污染数据，跟踪计算机系统内的污染数据并至少识别损害数据的安全性的一个条件。

5. 发明授权

US09088604B1 Systems and methods for treating locally created files as trustworthy 有权
标题翻译：将本地创建的文件视为可靠的系统和方法
公开(公告)号：US09088604B1
公开(公告)日：2015-07-21
申请号：US13517537
申请日：2012-06-13
申请人： Joseph Chen , Jeffrey Wilhelm
发明人： Joseph Chen , Jeffrey Wilhelm
IPC分类号： H04L29/06 , G06F21/56
CPC分类号： H04L63/1433 , G06F21/562 , G06F21/566 , H04L63/12 , H04L63/1441
摘要： A computer-implemented method for treating locally created files as trustworthy may include identifying at least one file created on a computing system protected by a security system that determines whether files encountered by the computing system are trustworthy. The method may also include identifying a software application used to create the file on the computing system. The method may further include determining that the software application used to create the file on the computing system comprises a reputable software application used to create trustworthy files within a user community comprising users of computing systems protected by the security system. In addition, the method may include establishing a trustworthiness exception that causes the security system to treat the file as trustworthy on the computing system that created the file. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译：用于将本地创建的文件视为可信赖的计算机实现的方法可以包括识别在由安全系统保护的计算系统上创建的至少一个文件，其确定计算系统遇到的文件是否可信任。该方法还可以包括识别用于在计算系统上创建文件的软件应用。该方法还可以包括确定用于在计算系统上创建文件的软件应用程序包括用于在由安全系统保护的计算系统的用户的用户社区内创建可信赖的文件的信誉良好的软件应用。此外，该方法可以包括建立可信赖异常，其导致安全系统在创建该文件的计算系统上将该文件视为可信赖的。还公开了各种其它方法，系统和计算机可读介质。

6. 发明授权

US08402539B1 Systems and methods for detecting malware 有权
标题翻译：用于检测恶意软件的系统和方法
公开(公告)号：US08402539B1
公开(公告)日：2013-03-19
申请号：US13227997
申请日：2011-09-08
申请人： Joseph Chen , Adam Glick , Jeffrey Wilhelm
发明人： Joseph Chen , Adam Glick , Jeffrey Wilhelm
IPC分类号： H04L29/06 , G06F15/16 , G06F11/30
CPC分类号： G06F21/566 , H04L63/1416
摘要： A method for detecting malware may include 1) receiving a request to determine whether a connection from a client device to a server is being blocked, 2) attempting to connect to the server from a kernel mode of the client device, 3) determining that the client device successfully connected to the server from the kernel mode, 4) attempting to connect to the server from a user mode of the client device, 5) determining that the client device did not successfully connect to the server from the user mode, 6) determining, based on the client device successfully connecting to the server from the kernel mode and failing to connect to the server from the user mode, that malware is blocking the connection from the client device to the server, and 7) in response to determining that the malware is blocking the connection, performing at least one security action.
摘要翻译：用于检测恶意软件的方法可以包括：1）接收确定从客户端设备到服务器的连接是否被阻止的请求，2）尝试从客户端设备的内核模式连接到服务器，3）客户端设备从内核模式成功连接到服务器，4）尝试从客户端设备的用户模式连接到服务器; 5）确定客户端设备没有从用户模式成功连接到服务器; 6）基于客户端设备从内核模式成功地连接到服务器并且未能从用户模式连接到服务器，该恶意软件阻止从客户端设备到服务器的连接，以及7）响应于确定恶意软件阻止连接，执行至少一个安全措施。

7. 发明授权

US07739740B1 Detecting polymorphic threats 有权
标题翻译：检测多态性威胁
公开(公告)号：US07739740B1
公开(公告)日：2010-06-15
申请号：US11233195
申请日：2005-09-22
申请人： Carey Nachenberg , Jeffrey Wilhelm
发明人： Carey Nachenberg , Jeffrey Wilhelm
IPC分类号： G06F11/30 , G06F12/14 , G08B23/00
CPC分类号： G06F21/566
摘要： A polymorphic threat manager monitors an incoming email stream, and identifies incoming email messages to which executable files are attached. The polymorphic threat manager characterizes incoming executable files according to at least one metric. For example, the polymorphic threat manager can decompose an executable file into fragments, hash some or all of these, and use the hashes as characterization metrics. The polymorphic threat manager subsequently de-obfuscates executable files, and creates corresponding characterization metrics for the de-obfuscated images. The characterizations of executable files before and after de-obfuscation are compared, and if they differ sufficiently, the polymorphic threat manager determines that the file in question is polymorphic. The characterization metrics of such an executable file after de-obfuscation can be used as a signature for that file.
摘要翻译：多态威胁管理器监视传入的电子邮件流，并标识可执行文件所附加的传入电子邮件。多态威胁管理器根据至少一个度量来表征传入的可执行文件。例如，多态威胁管理器可以将可执行文件分解为片段，散列其中的一些或全部，并将哈希值用作特征度量。多态威胁管理器随后对可执行文件进行模糊处理，并为去混淆图像创建相应的表征度量。比较在去混淆之前和之后的可执行文件的特征，并且如果它们不同，则多态性威胁管理器确定所述文件是多态的。解除混淆后的这种可执行文件的表征度量可以用作该文件的签名。

8. 发明授权

US07721330B1 Utility computing firewall 有权
标题翻译：实用计算防火墙
公开(公告)号：US07721330B1
公开(公告)日：2010-05-18
申请号：US11199759
申请日：2005-08-08
申请人： Carey S. Nachenberg , Alfred C. Hartmann , Jeffrey Wilhelm , Frank Barajas
发明人： Carey S. Nachenberg , Alfred C. Hartmann , Jeffrey Wilhelm , Frank Barajas
IPC分类号： H04L9/32 , H04L9/00 , G06F7/04
CPC分类号： H04L63/0227
摘要： A firewall dynamically adapts to changes in a utility computing system. The utility computing system has multiple nodes that are dynamically provisioned in different roles. The different roles are best served by different security and/or Quality-of-Service (QoS) policies. The firewall selects and applies security and/or QoS policies to a node or group of nodes based on the roles provisioned to the node or group. The firewall detects when the provisioning of a node changes, and dynamically applies a new security and/or QoS policy to the node based on the new provisioning. The firewall thus provides adaptive network-level security and QoS functionality to a utility computing system.
摘要翻译：防火墙动态地适应公用事业计算系统的变化。实用计算系统具有以不同角色动态配置的多个节点。不同的角色最好由不同的安全和/或服务质量（QoS）策略来实现。防火墙根据提供给节点或组的角色，为节点或节点组选择并应用安全和/或QoS策略。防火墙检测节点的配置何时改变，并且基于新的配置动态地将新的安全和/或QoS策略应用于节点。因此，防火墙为公用事业计算系统提供了自适应的网络级安全性和QoS功能。

9. 发明授权

US07558796B1 Determining origins of queries for a database intrusion detection system 有权
标题翻译：确定数据库入侵检测系统查询的起源
公开(公告)号：US07558796B1
公开(公告)日：2009-07-07
申请号：US11133498
申请日：2005-05-19
申请人： Adam Bromwich , Jeffrey Wilhelm
发明人： Adam Bromwich , Jeffrey Wilhelm
IPC分类号： G06F17/30
CPC分类号： G06F17/30386 , G06F17/30368 , Y10S707/99936
摘要： A database intrusion detection system (DIDS) monitors database queries to detect anomalous queries that might by symptomatic of a code injection attack on the database. A proxy server intercepts HTTP messages from clients that contain query data used to generate database queries. The proxy server extracts the query data from a message and determines origin data describing the origin of the message, such as the IP address of the client that sent the message. The proxy server stores the query and origin data in a cache. Upon detecting an anomalous query, the DIDS extracts a portion of the query, such as the literals. The DIDS searches the cache to identify entries having query data that match the extracted portions of the query. The DIDS reports the origin data of the matching cache entries.
摘要翻译：数据库入侵检测系统（DIDS）监视数据库查询，以检测可能通过对数据库的代码注入攻击的症状的异常查询。代理服务器拦截来自客户端的HTTP消息，其中包含用于生成数据库查询的查询数据。代理服务器从消息中提取查询数据，并确定描述消息原点的原始数据，例如发送消息的客户端的IP地址。代理服务器将查询和源数据存储在缓存中。在检测到异常查询时，DIDS会提取查询的一部分，例如文字。 DIDS搜索缓存以识别具有与查询的提取部分匹配的查询数据的条目。 DIDS报告匹配的缓存条目的原始数据。

10. 发明授权

US09124472B1 Providing file information to a client responsive to a file download stability prediction 有权
标题翻译：响应于文件下载稳定性预测，向客户端提供文件信息
公开(公告)号：US09124472B1
公开(公告)日：2015-09-01
申请号：US13558177
申请日：2012-07-25
申请人： Scott Schneider , Jeffrey Wilhelm
发明人： Scott Schneider , Jeffrey Wilhelm
IPC分类号： G06F13/00 , H04L29/08
CPC分类号： H04L29/08072 , G06F21/567 , H04L63/1425 , H04L67/06
摘要： A client sends a file information request to a security server, where the file information request identifies a URL from which the client is attempting to download a file. Upon receiving the request, the security server determines the stability information of the identified URL and provides the requested file information for the file provided by the URL. The security server determines the stability information of a URL by analyzing the file identifiers and URLs identified in downloaded file reports received from multiple clients. The determination of the stability information of a URL may be based on a variety of factors, such as stability of a URL over time, a textual analysis of the URL, and the set of files provided by the URL. A user of the client can review the file information and decide whether to expend the resources to download the file.
摘要翻译：客户端向安全服务器发送文件信息请求，其中文件信息请求标识客户端尝试下载文件的URL。在接收到请求时，安全服务器确定所识别的URL的稳定性信息，并提供由URL提供的文件的所请求的文件信息。安全服务器通过分析从多个客户端接收的下载文件报告中识别的文件标识符和URL来确定URL的稳定性信息。 URL的稳定性信息的确定可以基于各种因素，例如URL随时间的稳定性，URL的文本分析以及由URL提供的文件集合。客户端的用户可以查看文件信息，并决定是否花费资源下载文件。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式