专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08904531B1 Detecting advanced persistent threats 有权
标题翻译：检测高级持续威胁
公开(公告)号：US08904531B1
公开(公告)日：2014-12-02
申请号：US13172979
申请日：2011-06-30
申请人： Samir D. Saklikar , Aditya Kuppa , Dennis Ray Moreau , Riaz Zolfonoon
发明人： Samir D. Saklikar , Aditya Kuppa , Dennis Ray Moreau , Riaz Zolfonoon
IPC分类号： G06F12/14
CPC分类号： G06F21/552 , H04L63/1416
摘要： Techniques are provided for detecting the source of an APT-based leaked document by iteratively or recursively evaluating a set of network security logs (e.g., SIEM logs and FPC logs) for events consistent with APT behavior according to a set of heuristics to generate a reduced set of security events for consideration by the CIRT. A method of detecting an APT attack on an enterprise system is provided. The method includes (a) receiving, in a computerized device, an indication that a document has been leaked outside the enterprise system, (b) evaluating a log of security events of the enterprise system using a set of heuristics to produce a reduced set of events potentially relevant to the APT attack, and (c) outputting the reduced set of events over a user interface for consideration by a security analysis team. A system and computer program product for performing this method are also provided.
摘要翻译：提供了用于通过根据一组启发式反复地或递归地评估一组网络安全日志（例如，SIEM日志和FPC日志）以用于与APT行为一致的事件来产生减少的基于APT的泄露文档的源的技术一套安全事件供CIRT考虑。提供了一种检测企业系统上APT攻击的方法。该方法包括（a）在计算机化的设备中接收文档已经泄漏到企业系统之外的指示，（b）使用一组启发式方法来评估企业系统的安全事件的日志，以产生一组减少的与APT攻击有潜在关联的事件，（c）通过用户界面输出减少的事件集，供安全分析小组考虑。还提供了用于执行该方法的系统和计算机程序产品。

2. 发明授权

US08904525B1 Techniques for detecting malware on a mobile device 有权
标题翻译：在移动设备上检测恶意软件的技术
公开(公告)号：US08904525B1
公开(公告)日：2014-12-02
申请号：US13536355
申请日：2012-06-28
申请人： Roy Hodgman , Samir D. Saklikar , Kevin D. Bowers
发明人： Roy Hodgman , Samir D. Saklikar , Kevin D. Bowers
IPC分类号： G06F12/14 , G06F21/56
CPC分类号： G06F21/562 , G06F21/56 , G06F21/566 , G06F21/567 , G06F2201/815
摘要： A technique to detect malware on a mobile device which stores a virtual machine image involves establishing a connection from an electronic malware detection apparatus to the mobile device, the electronic malware detection apparatus being external to the mobile device. The technique further involves transferring mobile device data from the mobile device to the electronic malware detection apparatus through the connection to form a copy of the virtual machine image within the electronic malware detection apparatus. The technique further involves performing, by the electronic detection apparatus, a set of malware detection operations on the copy of the virtual machine image to determine whether the mobile device is infected with malware.
摘要翻译：一种用于检测存储虚拟机图像的移动设备上的恶意软件的技术涉及建立从电子恶意软件检测设备到移动设备的连接，电子恶意软件检测设备在移动设备外部。该技术还涉及通过连接将移动设备数据从移动设备传送到电子恶意软件检测设备，以在电子恶意软件检测设备内形成虚拟机映像的副本。该技术还包括通过电子检测设备对虚拟机映像的副本执行一组恶意软件检测操作，以确定移动设备是否被恶意软件感染。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式