专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US09009820B1 System and method for malware detection using multiple techniques 有权
标题翻译：使用多种技术检测恶意软件的系统和方法
公开(公告)号：US09009820B1
公开(公告)日：2015-04-14
申请号：US13027046
申请日：2011-02-14
申请人： Monty D. McDougal , William E. Sterns , Randy S. Jennings
发明人： Monty D. McDougal , William E. Sterns , Randy S. Jennings
IPC分类号： G06F11/00 , G06F21/56
CPC分类号： G06F21/566 , G06F21/56 , G06F21/567 , H04L63/1416
摘要： In certain embodiments, a method includes receiving, at a first malware detection node, from a malware detection system a request to apply a first malware detection technique to a file. The malware detection system is configured to determine whether the file is suspected malware by analyzing a plurality of predefined result states received in response to the first malware detection node applying the first malware detection technique to the file and a second malware detection node applying a second malware detection technique to the file. The method includes receiving at least one result from a malware detection engine of applying the first malware detection technique to the file and determining at least one predefined result state based on the received at least one result. The method includes reporting, by the first malware detection node, the at least one predefined result state to the malware detection system.
摘要翻译：在某些实施例中，一种方法包括在第一恶意软件检测节点处从恶意软件检测系统接收将第一恶意软件检测技术应用于文件的请求。所述恶意软件检测系统被配置为通过分析响应于将所述第一恶意软件检测技术应用于所述文件而接收到的多个预定义结果状态来确定所述文件是否是可疑的恶意软件;以及第二恶意软件检测节点应用第二恶意软件检测技术到文件。该方法包括从恶意软件检测引擎接收至少一个结果，该引擎将第一恶意软件检测技术应用于该文件，并且基于接收到的至少一个结果来确定至少一个预定义的结果状态。该方法包括由第一恶意软件检测节点向恶意软件检测系统报告至少一个预定义的结果状态。

2. 发明授权

US08640246B2 Distributed malware detection 有权
标题翻译：分布式恶意软件检测
公开(公告)号：US08640246B2
公开(公告)日：2014-01-28
申请号：US13169574
申请日：2011-06-27
申请人： Monty D. McDougal , William E. Sterns , Randy S. Jennings
发明人： Monty D. McDougal , William E. Sterns , Randy S. Jennings
IPC分类号： G06F21/00 , G06F11/00 , G06F21/57 , G06F21/56
CPC分类号： G06F21/577 , G06F21/56
摘要： According to one embodiment, a computer-implemented method includes accessing, using one or more processing units, a first file of a plurality of files requested to be analyzed for malware. Each of the plurality of files corresponds to a respective remote client of a plurality of remote clients. Further, the method includes: processing, using the one or more processing units, an analysis of the first file for malware; and generating an output comprising an indication of whether the first file comprises malware. The method also includes accessing, using the one or more processing units, an address for a first remote client of the plurality of remote clients. The first remote client is the respective remote client corresponding to the first file. In addition, the method includes: sending, using the one or more processing units, the output in a communication addressed to the first remote client corresponding to the first file.
摘要翻译：根据一个实施例，计算机实现的方法包括使用一个或多个处理单元访问请求分析恶意软件的多个文件的第一文件。多个文件中的每一个对应于多个远程客户端的相应的远程客户端。此外，该方法包括：使用所述一个或多个处理单元处理第一文件的恶意软件的分析; 以及生成包括所述第一文件是否包括恶意软件的指示的输出。该方法还包括使用一个或多个处理单元访问多个远程客户端中的第一远程客户端的地址。第一个远程客户端是对应于第一个文件的相应的远程客户端。此外，该方法包括：使用一个或多个处理单元，在对应于第一文件的寻址到第一远程客户端的通信中发送输出。

3. 发明申请

US20130074185A1 Providing a Network-Accessible Malware Analysis 有权
标题翻译：提供网络可访问恶意软件分析
公开(公告)号：US20130074185A1
公开(公告)日：2013-03-21
申请号：US13233804
申请日：2011-09-15
申请人： Monty D. McDougal , Bradley T. Ford , William E. Sterns
发明人： Monty D. McDougal , Bradley T. Ford , William E. Sterns
IPC分类号： G06F21/00 , G06F15/16
CPC分类号： G06F21/561
摘要： In certain embodiments, a computer-implemented method comprises receiving, via a computer network and from a first computer system, a first malware analysis request. The first malware analysis request comprises a file to be analyzed for malware by a malware analysis system. The method includes initiating a malware analysis by the malware analysis system of the first file for malware. The method includes communicating to the first computer system a response for the first file determined by the malware analysis system to the first computer system. The response comprises an indication of whether the first file comprises malware.
摘要翻译：在某些实施例中，计算机实现的方法包括经由计算机网络和第一计算机系统接收第一恶意软件分析请求。第一个恶意软件分析请求包括恶意软件分析系统要分析恶意软件的文件。该方法包括通过恶意软件分析系统对恶意软件的第一个文件进行恶意软件分析。该方法包括向第一计算机系统传送由恶意软件分析系统确定到第一计算机系统的第一文件的响应。响应包括第一个文件是否包含恶意软件的指示。

4. 发明授权

US08875293B2 System, method, and logic for classifying communications 有权
标题翻译：用于分类通信的系统，方法和逻辑
公开(公告)号：US08875293B2
公开(公告)日：2014-10-28
申请号：US13240567
申请日：2011-09-22
申请人： Monty D. McDougal , William E. Sterns , Randy S. Jennings
发明人： Monty D. McDougal , William E. Sterns , Randy S. Jennings
IPC分类号： H04L29/06 , G06F21/56 , G06F21/55
CPC分类号： G06F21/554 , G06F21/56
摘要： In accordance with particular embodiments, a method includes intercepting a communication and extracting metadata associated with the communication. The extracted metadata comprises a plurality of different fields from communication metadata and file metadata. The method further includes determining a score, based on previous communications, for each field of the extracted metadata. The score is indicative of a likelihood that the communication is a malicious communication. The method additionally includes combining the scores to generate a combined score for the communication based on an algorithm developed from the previous communications. The method also includes generating, based on the combined score at a first time, a predicted classification as to whether the communication is a malicious communication. The method further includes receiving, at a second time subsequent to the first time, an indication of whether the communication is a malicious communication and updating the algorithm based on the indication.
摘要翻译：根据特定实施例，一种方法包括拦截通信并提取与通信相关联的元数据。所提取的元数据包括来自通信元数据和文件元数据的多个不同的字段。该方法还包括基于先前的通信确定所提取的元数据的每个字段的得分。该分数表示通信是恶意通信的可能性。该方法还包括组合分数以基于从先前通信开发的算法生成用于通信的组合分数。该方法还包括基于第一次的组合得分，生成关于通信是恶意通信的预测分类。该方法还包括在第一次之后的第二时间接收关于通信是恶意通信的指示，还是基于该指示来更新算法。

5. 发明授权

US08839434B2 Multi-nodal malware analysis 有权
标题翻译：多节点恶意软件分析
公开(公告)号：US08839434B2
公开(公告)日：2014-09-16
申请号：US13087447
申请日：2011-04-15
申请人： Monty D. McDougal , William E. Sterns , Randy S. Jennings , Jesse J. Lee , Darin J. DeRita
发明人： Monty D. McDougal , William E. Sterns , Randy S. Jennings , Jesse J. Lee , Darin J. DeRita
IPC分类号： G06F21/56
CPC分类号： G06F21/567
摘要： A computer-implemented method includes accessing, by an analysis console, information related to a first file received at a first host of a plurality of hosts. Each host is capable of running a corresponding set of malware detection processes. The information includes: an identifier of the first file; and data indicating a first result of the first host applying the set of malware detection processes to the first file. The identifier is generated by the first host and is usable by each of the hosts to determine whether a second file comprises content substantially equivalent to content of the first file. The analysis console generates a first output including: the identifier of the first file; and a second result indicating whether the first file comprises malware. The second result is usable by each of the hosts to determine whether the second file comprises malware. The first output is propagated to the hosts.
摘要翻译：计算机实现的方法包括通过分析控制台访问与在多个主机的第一主机处接收到的第一文件相关的信息。每个主机都能够运行相应的恶意软件检测过程。该信息包括：第一文件的标识符; 以及指示将所述一组恶意软件检测处理应用于所述第一文件的所述第一主机的第一结果的数据。标识符由第一主机生成，并且可由每个主机使用，以确定第二文件是否包含与第一文件的内容基本相同的内容。分析控制台生成第一输出，包括：第一文件的标识符; 以及指示第一文件是否包括恶意软件的第二结果。每个主机可以使用第二个结果来确定第二个文件是否包含恶意软件。第一个输出传播到主机。

6. 发明申请

US20080082960A1 Method and System For Controlling The Release of Data For Multiple-Level Security Systems 审中-公开
标题翻译：用于控制多级安全系统数据发布的方法和系统
公开(公告)号：US20080082960A1
公开(公告)日：2008-04-03
申请号：US11537350
申请日：2006-09-29
申请人： Monty D. McDougal , William E. Sterns , Jason E. Ostermann
发明人： Monty D. McDougal , William E. Sterns , Jason E. Ostermann
IPC分类号： G06F9/44
CPC分类号： H04L63/105 , G06Q10/06
摘要： In a method embodiment, a method for controlling the release of data includes providing a list of a plurality of modules. Each module is operable to perform a task related to releasing data. The method further includes receiving a selection of an ordered set of the plurality of modules to use in a workflow. The workflow defines a procedure for releasing the data. The method also includes automatically generating a program implementing the workflow.
摘要翻译：在方法实施例中，用于控制数据释放的方法包括提供多个模块的列表。每个模块可操作以执行与释放数据有关的任务。该方法还包括接收在工作流中使用的多个模块的有序集合的选择。工作流程定义了释放数据的过程。该方法还包括自动生成实现工作流的程序。

7. 发明授权

US08787567B2 System and method for decrypting files 有权
标题翻译：用于解密文件的系统和方法
公开(公告)号：US08787567B2
公开(公告)日：2014-07-22
申请号：US13031948
申请日：2011-02-22
申请人： Monty D. McDougal , Randy S. Jennings , William E. Sterns
发明人： Monty D. McDougal , Randy S. Jennings , William E. Sterns
IPC分类号： G06F21/00
CPC分类号： H04L63/0428 , G06F21/56 , H04L63/1441 , H04L2463/041
摘要： In accordance with particular embodiments, a computer-implemented method for execution by one or more processors includes intercepting a communication comprising a message. The method also includes identifying words from within the message. The method further includes storing in a dictionary words from within the message of the communication and one or more parameters of the communication for each of the words. The dictionary comprises a plurality of words from a plurality of intercepted text-based communications. The method also includes receiving an encrypted file that is configured to be decrypted using a password. The method additionally includes identifying words from the dictionary to be used to attempt to decrypt the encrypted file. The identified words are identified based on at least one parameter associated with the encrypted file and the one or more parameters stored in the dictionary. The method further includes attempting to decrypt the encrypted file using at least a portion of the identified words from the dictionary as the password for decrypting the encrypted attachment.
摘要翻译：根据特定实施例，用于由一个或多个处理器执行的计算机实现的方法包括拦截包括消息的通信。该方法还包括从消息内识别单词。该方法还包括在通信消息内的词典中存储词，并且为每个单词存储通信的一个或多个参数。字典包括来自多个截取的基于文本的通信中的多个单词。该方法还包括接收被配置为使用密码解密的加密文件。该方法还包括识别要用于尝试解密加密文件的字典中的字。基于与加密文件相关联的至少一个参数和存储在字典中的一个或多个参数来识别所识别的词。该方法还包括尝试使用来自字典的所识别的字的至少一部分来解密加密文件作为用于解密加密附件的密码。

8. 发明申请

US20130145466A1 System And Method For Detecting Malware In Documents 有权
标题翻译：文件中检测恶意软件的系统和方法
公开(公告)号：US20130145466A1
公开(公告)日：2013-06-06
申请号：US13312767
申请日：2011-12-06
申请人： Matthew Richard , Jesse J. Lee , Monty D. McDougal , Randy S. Jennings , William E. Sterns
发明人： Matthew Richard , Jesse J. Lee , Monty D. McDougal , Randy S. Jennings , William E. Sterns
IPC分类号： G06F21/00
CPC分类号： G06F21/562
摘要： In one embodiment, a method includes identifying, using one or more processors, a plurality of characteristics of a Portable Document Format (PDF) file. The method also includes determining, using the one or more processors, for each of the plurality of characteristics, a score corresponding to the characteristic. In addition, the method includes comparing, using the one or more processors, the determined scores to a first threshold. Based at least on the comparison of the determined scores to the first threshold, the method includes determining, using the one or more processors, that the PDF file is potential malware.
摘要翻译：在一个实施例中，一种方法包括使用一个或多个处理器识别便携式文档格式（PDF）文件的多个特征。该方法还包括使用一个或多个处理器对于多个特征中的每一个来确定对应于该特征的得分。另外，该方法包括将所确定的分数与第一阈值进行比较。至少基于所确定的分数与第一阈值的比较，该方法包括使用一个或多个处理器来确定该PDF文件是潜在的恶意软件。

9. 发明申请

US20120330801A1 Distributed Malware Detection 有权
标题翻译：分布式恶意软件检测
公开(公告)号：US20120330801A1
公开(公告)日：2012-12-27
申请号：US13169574
申请日：2011-06-27
申请人： Monty D. McDougal , William E. Sterns , Randy S. Jennings
发明人： Monty D. McDougal , William E. Sterns , Randy S. Jennings
IPC分类号： G06F21/00 , G06Q30/00
CPC分类号： G06F21/577 , G06F21/56
摘要： According to one embodiment, a computer-implemented method includes accessing, using one or more processing units, a first file of a plurality of files requested to be analyzed for malware. Each of the plurality of files corresponds to a respective remote client of a plurality of remote clients. Further, the method includes: processing, using the one or more processing units, an analysis of the first file for malware; and generating an output comprising an indication of whether the first file comprises malware. The method also includes accessing, using the one or more processing units, an address for a first remote client of the plurality of remote clients. The first remote client is the respective remote client corresponding to the first file. In addition, the method includes: sending, using the one or more processing units, the output in a communication addressed to the first remote client corresponding to the first file.
摘要翻译：根据一个实施例，计算机实现的方法包括使用一个或多个处理单元访问请求分析恶意软件的多个文件的第一文件。多个文件中的每一个对应于多个远程客户端的相应的远程客户端。此外，该方法包括：使用所述一个或多个处理单元处理第一文件的恶意软件的分析; 以及生成包括所述第一文件是否包括恶意软件的指示的输出。该方法还包括使用一个或多个处理单元访问多个远程客户端中的第一远程客户端的地址。第一个远程客户端是对应于第一个文件的相应的远程客户端。此外，该方法包括：使用一个或多个处理单元，在与第一文件相对应的通向寻址到第一远程客户端的通信中发送输出。

10. 发明授权

US08863279B2 System and method for malware detection 有权
标题翻译：用于恶意软件检测的系统和方法
公开(公告)号：US08863279B2
公开(公告)日：2014-10-14
申请号：US12719535
申请日：2010-03-08
申请人： Monty D. McDougal , Randy S. Jennings , Jeffrey C. Brown , Jesse J. Lee , Brian N. Smith , Darin J. De Rita , Kevin L. Cariker , William E. Sterns , Michael K. Daly
发明人： Monty D. McDougal , Randy S. Jennings , Jeffrey C. Brown , Jesse J. Lee , Brian N. Smith , Darin J. De Rita , Kevin L. Cariker , William E. Sterns , Michael K. Daly
IPC分类号： G06F21/00 , H04L29/06 , G06F21/56
CPC分类号： H04L63/1416 , G06F21/56
摘要： According to one embodiment, a computer-implemented method for execution on one or more processors includes receiving a first file and determining a file type of the first file. The method also includes determining, according to a first policy, a plurality of malware detection schemes to apply to the first file based on the determined file type of the first file. In addition, the method includes scheduling the application of the determined plurality of malware detection schemes to the first file amongst a plurality of detection nodes according to a second policy. Further, the method includes determining, in response to determining the results of applying the plurality of malware detection schemes, that the first file is malware or determining that the first file is suspected malware according to a third policy.
摘要翻译：根据一个实施例，用于在一个或多个处理器上执行的计算机实现的方法包括接收第一文件并确定第一文件的文件类型。该方法还包括根据第一策略确定多个恶意软件检测方案，以基于所确定的第一文件的文件类型来应用于第一文件。此外，该方法包括根据第二策略在多个检测节点之中对所确定的多个恶意软件检测方案的应用调度到第一文件。此外，该方法包括响应于确定应用多个恶意软件检测方案的结果，确定第一文件是恶意软件，或者根据第三策略确定第一文件是可疑的恶意软件。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式