专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08205257B1 Systems and methods for preventing threats originating from a non-process based component hosted by a trusted process 有权
标题翻译：用于防止由可信过程托管的基于非进程的组件引发的威胁的系统和方法
公开(公告)号：US08205257B1
公开(公告)日：2012-06-19
申请号：US12510828
申请日：2009-07-28
申请人： Sourabh Satish , Shane Pereira , Uri Mann
发明人： Sourabh Satish , Shane Pereira , Uri Mann
IPC分类号： H04K1/00
CPC分类号： H04L63/1416 , G06F21/566 , G06F21/577
摘要： A computer-implemented method for preventing threats originating from a non-process based component hosted by a trusted process is described. The loading activity of the trusted process is monitored. A trust level associated with the trusted process is altered when an unverified component is loaded into the trusted process. Events performed by the trusted process are monitored. An unverified component that originated the event is identified. The trusted process is terminated based on a security risk associated with the unverified component that originated the event.
摘要翻译：描述了用于防止由可信过程托管的基于非基于过程的组件引起的威胁的计算机实现的方法。监视可信过程的加载活动。当将未验证的组件加载到可信过程中时，与受信任进程相关联的信任级别会被更改。监视受信任进程执行的事件。确定发起事件的未验证组件。可信过程基于与发生事件的未验证组件相关联的安全风险而终止。

2. 发明授权

US08191147B1 Method for malware removal based on network signatures and file system artifacts 有权
标题翻译：基于网络签名和文件系统工件的恶意软件删除方法
公开(公告)号：US08191147B1
公开(公告)日：2012-05-29
申请号：US12109253
申请日：2008-04-24
申请人： Patrick Gardner , Shane Pereira
发明人： Patrick Gardner , Shane Pereira
IPC分类号： G06F12/14
CPC分类号： G06F21/552 , G06F21/564
摘要： A network communication corresponding to a malicious network signature associated with malicious code is detected on a host computer system. A determination is made whether or not the malicious network signature is validated as associated with a non-malicious code process. Upon a determination that the malicious network signature is not validated, the corresponding network communication is blocked, and the associated malicious code is located on the host computer system and removed from the host computer system. In some embodiments, the host computer system is further evaluated for the presence of residual artifacts of the malicious code on the host computer system.
摘要翻译：在主计算机系统上检测到与恶意代码相关联的恶意网络签名的网络通信。确定恶意网络签名是否被验证为与非恶意代码进程相关联。在确定恶意网络签名未被验证的情况下，相应的网络通信被阻止，并且相关联的恶意代码位于主机计算机系统上并从主机系统中移除。在一些实施例中，进一步评估主计算机系统在主计算机系统上是否存在恶意代码的残余伪影。

3. 发明申请

US20110271341A1 BEHAVIORAL SIGNATURE GENERATION USING CLUSTERING 有权
标题翻译：使用聚类的行为签名生成
公开(公告)号：US20110271341A1
公开(公告)日：2011-11-03
申请号：US12769262
申请日：2010-04-28
申请人： Sourabh Satish , Shane Pereira
发明人： Sourabh Satish , Shane Pereira
IPC分类号： G06F21/00
CPC分类号： G06F21/566 , G06F21/552 , G06F21/562 , H04L63/1416
摘要： A behavioral signature for detecting malware is generated. A computer is used to collect behavior traces of malware in a malware dataset. The behavior traces describe sequential behaviors performed by the malware. The behavior traces are normalized to produce malware behavior sequences. Similar malware behavior sequences are clustered together. The malware behavior sequences in a cluster describe behaviors of a malware family. The cluster is analyzed to identify a behavior subsequence common to the cluster's malware family. A behavior signature for the malware family is generated using the behavior subsequence. A trace of new malware is normalized and aligned with an existing cluster, if possible. The behavioral signature for that cluster is generated based on the behavior sequence of the new malware and the other sequences in the cluster.
摘要翻译：生成用于检测恶意软件的行为签名。计算机用于收集恶意软件数据集中恶意软件的行为痕迹。行为痕迹描述恶意软件执行的顺序行为。行为轨迹被归一化以产生恶意软件行为序列。类似的恶意软件行为序列聚集在一起。集群中的恶意软件行为序列描述恶意软件系列的行为。分析集群以识别集群恶意软件系列通用的行为子序列。使用行为子序列生成恶意软件系列的行为签名。如果可能，新的恶意软件的跟踪将被归一化并与现有集群对齐。基于新的恶意软件和群集中的其他序列的行为序列生成该群集的行为签名。

4. 发明授权

US08615805B1 Systems and methods for determining if a process is a malicious process 有权
标题翻译：用于确定进程是否是恶意进程的系统和方法
公开(公告)号：US08615805B1
公开(公告)日：2013-12-24
申请号：US12203788
申请日：2008-09-03
申请人： Mark Obrecht , Shane Pereira
发明人： Mark Obrecht , Shane Pereira
IPC分类号： G06F11/00
CPC分类号： G06F21/566 , G06F11/3003 , G06F11/3051 , G06F2201/865 , G06F2221/033 , G06F2221/034
摘要： A method for classifying a process that modifies a registry attribute is described. At least one attribute associated with a registry is monitored. A determination is made that the at least one attribute has been modified. The process that modified the at least one attribute is identified. One or more characteristics of the identified process is evaluated. The identified process is classified based on the evaluation of the one or more characteristics of the identified process.
摘要翻译：描述了一种用于分类修改注册表属性的进程的方法。与注册表关联的至少一个属性被监视。确定至少一个属性已被修改。识别修改至少一个属性的过程。评估识别过程的一个或多个特征。基于对所识别的过程的一个或多个特征的评估来对识别的过程进行分类。

5. 发明授权

US08918873B1 Systems and methods for exonerating untrusted software components 有权
标题翻译：免除不可信软件组件的系统和方法
公开(公告)号：US08918873B1
公开(公告)日：2014-12-23
申请号：US12550198
申请日：2009-08-28
申请人： Sourabh Satish , Shane Pereira , Wilson Meng , Yoshihiro Yasuda
发明人： Sourabh Satish , Shane Pereira , Wilson Meng , Yoshihiro Yasuda
IPC分类号： G06F12/14
CPC分类号： G06F21/57 , G06F2221/2145
摘要： The instant disclosure describes various exemplary systems and methods for exonerating an untrusted software component based solely on a trusted software component's non-optional or “hard” dependency on the untrusted software component. In one example, a method for exonerating untrusted software components in this manner may include: 1) identifying a dependent software component, 2) determining that the dependent software component is a non-optional dependent component of at least one trusted software component, and then 3) classifying the dependent software component as a trusted software component. As detailed herein, such a method may enable security software to quickly and efficiently exonerate untrusted components by association without having to scan or perform other intrusive and/or resource-intensive security operations on such untrusted software components.
摘要翻译：本公开描述了仅基于可信软件组件对不可信软件组件的非可选或“硬”依赖性来排除不可信软件组件的各种示例性系统和方法。在一个示例中，以这种方式排除不信任软件组件的方法可以包括：1）识别从属软件组件，2）确定依赖软件组件是至少一个可信软件组件的非可选依赖组件，然后 3）将依赖软件组件分类为可信软件组件。如这里所详细描述的，这种方法可以使得安全软件能够通过关联来快速有效地排除不信任的组件，而不必扫描或执行对这种不受信任的软件组件的其他侵入和/或资源密集型安全操作。

6. 发明授权

US08230499B1 Detecting and blocking unauthorized downloads 有权
标题翻译：检测和阻止未经授权的下载
公开(公告)号：US08230499B1
公开(公告)日：2012-07-24
申请号：US12129170
申请日：2008-05-29
申请人： Shane Pereira
发明人： Shane Pereira
IPC分类号： G06F21/00
CPC分类号： G06F21/51
摘要： A hook is set for one or more downloading functions. Subsequently, code is executed within an application process. Responsive to the executed code calling one of the hooked functions, a return address of the called function is examined. If the return address is within a heap memory area of the application process, a remedial action, such as returning an error code or displaying an alert, is taken.
摘要翻译：挂钩设置为一个或多个下载功能。随后，在应用程序进程中执行代码。响应于执行的代码调用一个挂钩函数，调用函数的返回地址。如果返回地址在应用程序进程的堆内存区域内，则会采取补救措施，如返回错误代码或显示警报。

7. 发明授权

US08209757B1 Direct call into system DLL detection system and method 有权
标题翻译：直接调用系统DLL检测系统和方法
公开(公告)号：US08209757B1
公开(公告)日：2012-06-26
申请号：US12163747
申请日：2008-06-27
申请人： Mark Kennedy , Shane Pereira
发明人： Mark Kennedy , Shane Pereira
IPC分类号： G06F21/00
CPC分类号： G06F21/53
摘要： A method includes creating an intercept function for a tracked DLL function of a DLL being loaded into a suspicious module. Upon a determination that the tracked DLL function is invoked, a determination is made as to whether a return address of a caller of the tracked DLL function is within a legitimate return address range. The legitimate return address range includes an address range of the intercept function and excludes an address range of the suspicious module. If the return address is within the suspicious module, the suspicious module called the tracked DLL function directly. This indicates that the suspicious module is malicious and so protective action is taken.
摘要翻译：一种方法包括为被加载到可疑模块中的DLL的跟踪DLL功能创建拦截函数。在确定跟踪的DLL功能被调用时，确定跟踪的DLL功能的调用者的返回地址是否在合法返回地址范围内。合法返回地址范围包括拦截功能的地址范围，并排除可疑模块的地址范围。如果返回地址在可疑模块内，则可疑模块直接称为跟踪DLL函数。这表明可疑模块是恶意的，因此采取了保护措施。

8. 发明申请

US20100083376A1 METHOD AND APPARATUS FOR REDUCING FALSE POSITIVE DETECTION OF MALWARE 有权
标题翻译：用于减少恶意积极检测恶意软件的方法和装置
公开(公告)号：US20100083376A1
公开(公告)日：2010-04-01
申请号：US12239185
申请日：2008-09-26
申请人： Shane Pereira , Mark Kennedy , Pieter Viljoen
发明人： Shane Pereira , Mark Kennedy , Pieter Viljoen
IPC分类号： G06F21/00
CPC分类号： G06F21/562
摘要： Method and apparatus for detecting malware are described. In some examples, files of unknown trustworthiness are identified as potential threats on the computer. A trustworthiness level for each of the files is received from a backend. The trustworthiness level of each of the files is compared to a threshold level. Each of the files where the trustworthiness level thereof satisfies the threshold level is designated as a false positive threat. Each of the files where the trustworthiness level thereof does not satisfy the threshold level is designated as a true positive threat.
摘要翻译：描述用于检测恶意软件的方法和装置。在一些示例中，未知可信性的文件被识别为计算机上的潜在威胁。从后端接收每个文件的可信度级别。将每个文件的可信度级别与阈值级别进行比较。其可信赖性级别满足阈值水平的每个文件被指定为假阳性威胁。其可信度级别不满足阈值水平的每个文件被指定为真正的正面威胁。

9. 发明授权

US08381289B1 Communication-based host reputation system 有权
标题翻译：基于通信的主机信誉系统
公开(公告)号：US08381289B1
公开(公告)日：2013-02-19
申请号：US12416020
申请日：2009-03-31
申请人： Shane Pereira , Sourabh Satish
发明人： Shane Pereira , Sourabh Satish
IPC分类号： H04L29/06
CPC分类号： H04L63/1408 , H04L63/145
摘要： A host reputation score indicating whether a host connected to the client by a network is malicious is received. An entity on the client that communicates with the host is identified. Whether the entity is a malware threat is determined based at least in part on the host reputation score.
摘要翻译：接收到主机信誉得分，表示网络连接到客户端的主机是否是恶意的。识别与主机通信的客户端上的实体。至少部分地基于主机信誉评分来确定实体是否是恶意软件威胁。

10. 发明授权

US08352409B1 Systems and methods for improving the effectiveness of decision trees 有权
标题翻译：提高决策树有效性的系统和方法
公开(公告)号：US08352409B1
公开(公告)日：2013-01-08
申请号：US12495621
申请日：2009-06-30
申请人： Sourabh Satish , Nicholas Graf , Lachlan Orr , Shane Pereira , Scott Sullivan
发明人： Sourabh Satish , Nicholas Graf , Lachlan Orr , Shane Pereira , Scott Sullivan
IPC分类号： G06N7/02 , G06N7/00
CPC分类号： G06N99/005
摘要： Systems and methods for improving the effectiveness of decision trees are disclosed. In one example, an exemplary method for performing such a task may include: 1) receiving, from at least one computing device, a) a sample, b) a classification assigned to the sample by a decision tree employed by the computing device, and c) identification information for a branch configuration that resulted in the classification, 2) determining that the decision tree incorrectly classified the sample, and then 3) excluding the offending branch configuration from future decision trees. An exemplary method for dynamically adjusting the confidence of decision-tree classifications based on community-supplied data, along with corresponding systems and computer-readable media, are also described.
摘要翻译：公开了提高决策树有效性的系统和方法。在一个示例中，用于执行这样的任务的示例性方法可以包括：1）从至少一个计算设备接收a）样本，b）由计算设备使用的决策树分配给样本的分类，以及 c）导致分类的分支配置的识别信息，2）确定决策树不正确地对样本进行分类，然后3）从未来的决策树中排除违规分支配置。还描述了用于基于社区提供的数据以及对应的系统和计算机可读介质来动态地调整决策树分类的置信度的示例性方法。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式