专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08893273B2 Systems and methods for adaptive model generation for detecting intrusions in computer systems 有权
标题翻译：用于检测计算机系统中入侵的自适应模型生成的系统和方法
公开(公告)号：US08893273B2
公开(公告)日：2014-11-18
申请号：US11805946
申请日：2007-05-25
申请人： Andrew Honig , Andrew Howard , Eleazar Eskin , Salvatore J. Stolfo
发明人： Andrew Honig , Andrew Howard , Eleazar Eskin , Salvatore J. Stolfo
IPC分类号： G06F21/72 , H04L29/06 , G06F21/55 , G06F21/56
CPC分类号： H04L63/14 , G06F17/30091 , G06F17/30294 , G06F17/30477 , G06F21/554 , G06F21/566 , G06N7/005 , G06N99/005 , H04L63/1416 , H04L63/1425 , H04L63/1433
摘要： A system and methods for detecting intrusions in the operation of a computer system comprises a sensor configured to gather information regarding the operation of the computer system, to format the information in a data record having a predetermined format, and to transmit the data in the predetermined data format. A data warehouse is configured to receive the data record from the sensor in the predetermined data format and to store the data in a SQL database. A detection model generator is configured to request data records from the data warehouse in the predetermined data format, to generate an intrusion detection model based on said data records, and to transmit the intrusion detection model to the data warehouse according to the predetermined data format. A detector is configured to receive a data record in the predetermined data format from the sensor and to classify the data record in real-time as one of normal operation and an attack based on said intrusion detection model. A data analysis engine is configured to request data records from the data warehouse according to the predetermined data format and to perform a data processing function on the data records.
摘要翻译：一种用于在计算机系统的操作中检测入侵的系统和方法，包括：传感器，被配置为收集关于计算机系统的操作的信息，将信息格式化成具有预定格式的数据记录，并且以预定的方式发送数据数据格式。数据仓库配置为以预定数据格式从传感器接收数据记录，并将数据存储在SQL数据库中。检测模型生成器被配置为以预定数据格式从数据仓库请求数据记录，以基于所述数据记录生成入侵检测模型，并根据预定数据格式将入侵检测模型发送到数据仓库。检测器被配置为从传感器接收预定数据格式的数据记录，并且将数据记录实时地分类为正常操作之一和基于所述入侵检测模型的攻击。数据分析引擎被配置为根据预定数据格式从数据仓库请求数据记录，并对数据记录执行数据处理功能。

2. 发明授权

US08887281B2 System and methods for adaptive model generation for detecting intrusion in computer systems 有权
标题翻译：用于检测计算机系统入侵的自适应模型生成的系统和方法
公开(公告)号：US08887281B2
公开(公告)日：2014-11-11
申请号：US13573314
申请日：2012-09-10
申请人： Andrew Honig , Andrew Howard , Eleazar Eskin , Salvatore J. Stolfo
发明人： Andrew Honig , Andrew Howard , Eleazar Eskin , Salvatore J. Stolfo
IPC分类号： H04L29/06 , G06F21/55 , G06F21/56
CPC分类号： H04L63/14 , G06F17/30091 , G06F17/30294 , G06F17/30477 , G06F21/554 , G06F21/566 , G06N7/005 , G06N99/005 , H04L63/1416 , H04L63/1425 , H04L63/1433
摘要： A system and methods for detecting intrusions in the operation of a computer system comprising a sensor configured to gather information regarding the operation of the computer system, to format the information in a data record, and to transmit the data record. A database is configured to receive the data record from the sensor and to store the data record. A detection model generator is configured to request data records from the database, to generate an intrusion detection model, and to transmit the intrusion detection model to the database. A detector is configured to receive a data record from the sensor and to classify the data record in real-time as one of normal operation and an attack. A data analysis engine is configured to request data records from the database and to perform a data processing function on the data records.
摘要翻译：一种用于在计算机系统的操作中检测入侵的系统和方法，包括：传感器，被配置为收集关于所述计算机系统的操作的信息，将所述信息格式化在数据记录中，并传送所述数据记录。数据库被配置为从传感器接收数据记录并存储数据记录。检测模型生成器被配置为从数据库请求数据记录，生成入侵检测模型，并将入侵检测模型发送到数据库。检测器被配置为从传感器接收数据记录并将数据记录实时分类为正常操作和攻击之一。数据分析引擎被配置为从数据库请求数据记录并对数据记录执行数据处理功能。

3. 发明申请

US20130031633A1 System and methods for adaptive model generation for detecting intrusion in computer systems 有权
标题翻译：用于检测计算机系统入侵的自适应模型生成的系统和方法
公开(公告)号：US20130031633A1
公开(公告)日：2013-01-31
申请号：US13573314
申请日：2012-09-10
申请人： Andrew Honig , Andrew Howard , Eleazar Eskin , Salvatore J. Stolfo
发明人： Andrew Honig , Andrew Howard , Eleazar Eskin , Salvatore J. Stolfo
IPC分类号： G06F21/00
CPC分类号： H04L63/14 , G06F17/30091 , G06F17/30294 , G06F17/30477 , G06F21/554 , G06F21/566 , G06N7/005 , G06N99/005 , H04L63/1416 , H04L63/1425 , H04L63/1433
摘要： A system and methods for detecting intrusions in the operation of a computer system comprises a sensor configured to gather information regarding the operation of the computer system, to format the information in a data record having a predetermined format, and to transmit the data in the predetermined data format. A data warehouse is configured to receive the data record from the sensor in the predetermined data format and to store the data in a SQL database. A detection model generator is configured to request data records from the data warehouse in the predetermined data format, to generate an intrusion detection model based on said data records, and to transmit the intrusion detection model to the data warehouse according to the predetermined data format. A detector is configured to receive a data record in the predetermined data format from the sensor and to classify the data record in real-time as one of normal operation and an attack based on said intrusion detection model. A data analysis engine is configured to request data records from the data warehouse according to the predetermined data format and to perform a data processing function on the data records.
摘要翻译：一种用于在计算机系统的操作中检测入侵的系统和方法，包括：传感器，被配置为收集关于计算机系统的操作的信息，将信息格式化成具有预定格式的数据记录，并且以预定的方式发送数据数据格式。数据仓库配置为以预定数据格式从传感器接收数据记录，并将数据存储在SQL数据库中。检测模型生成器被配置为以预定数据格式从数据仓库请求数据记录，以基于所述数据记录生成入侵检测模型，并根据预定数据格式将入侵检测模型发送到数据仓库。检测器被配置为从传感器接收预定数据格式的数据记录，并且将数据记录实时地分类为正常操作之一和基于所述入侵检测模型的攻击。数据分析引擎被配置为根据预定数据格式从数据仓库请求数据记录，并对数据记录执行数据处理功能。

4. 发明授权

US07225343B1 System and methods for adaptive model generation for detecting intrusions in computer systems 有权
标题翻译：用于检测计算机系统入侵的自适应模型生成的系统和方法
公开(公告)号：US07225343B1
公开(公告)日：2007-05-29
申请号：US10352342
申请日：2003-01-27
申请人： Andrew Honig , Andrew Howard , Eleazar Eskin , Salvatore J. Stolfo
发明人： Andrew Honig , Andrew Howard , Eleazar Eskin , Salvatore J. Stolfo
IPC分类号： H04L9/00
CPC分类号： H04L63/14 , G06F17/30091 , G06F17/30294 , G06F17/30477 , G06F21/554 , G06F21/566 , G06N7/005 , G06N99/005 , H04L63/1416 , H04L63/1425 , H04L63/1433
摘要： A system and methods for detecting intrusions in the operation of a computer system comprises a sensor configured to gather information regarding the operation of the computer system, to format the information in a data record having a predetermined format, and to transmit the data in the predetermined data format. A data warehouse is configured to receive the data record from the sensor in the predetermined data format and to store the data in a database. A detection model generator is configured to request data records from the data warehouse in the predetermined data format, to generate an intrusion detection model based on said data records, and to transmit the intrusion detection model to the data warehouse according to the predetermined data format. A detector is configured to receive a data record in the predetermined data format from the sensor and to classify the data record in real-time as one of normal operation and an attack based on said intrusion detection model. A data analysis engine is configured to request data records from the data warehouse according to the predetermined data format and to perform a data processing function on the data records.
摘要翻译：一种用于在计算机系统的操作中检测入侵的系统和方法，包括：传感器，被配置为收集关于计算机系统的操作的信息，将信息格式化成具有预定格式的数据记录，并且以预定的方式发送数据数据格式。数据仓库被配置为以预定数据格式从传感器接收数据记录，并将数据存储在数据库中。检测模型生成器被配置为以预定数据格式从数据仓库请求数据记录，以基于所述数据记录生成入侵检测模型，并根据预定数据格式将入侵检测模型发送到数据仓库。检测器被配置为从传感器接收预定数据格式的数据记录，并且将数据记录实时地分类为正常操作之一和基于所述入侵检测模型的攻击。数据分析引擎被配置为根据预定数据格式从数据仓库请求数据记录，并对数据记录执行数据处理功能。

5. 发明授权

US07913306B2 System and methods for detecting intrusions in a computer system by monitoring operating system registry accesses 有权
标题翻译：通过监视操作系统注册表访问来检测计算机系统中的入侵的系统和方法
公开(公告)号：US07913306B2
公开(公告)日：2011-03-22
申请号：US12154405
申请日：2008-05-21
申请人： Frank Apap , Andrew Honig , Hershkop Shlomo , Eleazar Eskin , Salvatore J. Stolfo
发明人： Frank Apap , Andrew Honig , Hershkop Shlomo , Eleazar Eskin , Salvatore J. Stolfo
IPC分类号： G06F21/22 , G06F11/30
CPC分类号： G06F21/552 , H04L63/1416
摘要： A method for detecting intrusions in the operation of a computer system is disclosed which comprises gathering features from records of normal processes that access the files system of the computer, such as the Windows registry, and generating a probabilistic model of normal computer system usage based on occurrences of said features. The features of a record of a process that accesses the Windows registry are analyzed to determine whether said access to the Windows registry is an anomaly. A system is disclosed, comprising a registry auditing module configured to gather records regarding processes that access the Windows registry; a model generator configured to generate a probabilistic model of normal computer system usage based on records of a plurality of processes that access the Windows registry and that are indicative of normal computer system usage; and a model comparator configured to determine whether the access of the Windows registry is an anomaly.
摘要翻译：公开了一种用于检测计算机系统操作中的入侵的方法，其包括从访问诸如Windows注册表的计算机的文件系统的正常进程的记录中收集特征，并且基于以下方式生成基于计算机系统的正常计算机系统使用的概率模型：出现所述特征。分析访问Windows注册表的进程记录的功能，以确定对Windows注册表的访问是否为异常。公开了一种系统，其包括注册表审核模块，其被配置为收集关于访问所述Windows注册表的进程的记录; 模型生成器，其被配置为基于访问Windows注册表并且指示正常的计算机系统使用的多个进程的记录来生成正常计算机系统使用的概率模型; 以及配置为确定Windows注册表的访问是否是异常的模型比较器。

6. 发明申请

US20090083855A1 System and methods for detecting intrusions in a computer system by monitoring operating system registry accesses 有权
标题翻译：通过监视操作系统注册表访问来检测计算机系统中的入侵的系统和方法
公开(公告)号：US20090083855A1
公开(公告)日：2009-03-26
申请号：US12154405
申请日：2008-05-21
申请人： Frank Apap , Andrew Honig , Hershkop Shlomo , Eleazar Eskin , Salvatore J. Stolfo
发明人： Frank Apap , Andrew Honig , Hershkop Shlomo , Eleazar Eskin , Salvatore J. Stolfo
IPC分类号： G06F21/22 , G06F11/30
CPC分类号： G06F21/552 , H04L63/1416
摘要： A method for detecting intrusions in the operation of a computer system is disclosed which comprises gathering features from records of normal processes that access the files system of the computer, such as the Windows registry, and generating a probabilistic model of normal computer system usage based on occurrences of said features. The features of a record of a process that accesses the Windows registry are analyzed to determine whether said access to the Windows registry is an anomaly. A system is disclosed, comprising a registry auditing module configured to gather records regarding processes that access the Windows registry; a model generator configured to generate a probabilistic model of normal computer system usage based on records of a plurality of processes that access the Windows registry and that are indicative of normal computer system usage; and a model comparator configured to determine whether the access of the Windows registry is an anomaly.
摘要翻译：公开了一种用于检测计算机系统操作中的入侵的方法，其包括从访问诸如Windows注册表的计算机的文件系统的正常进程的记录中收集特征，并且基于以下方式生成基于计算机系统的正常计算机系统使用的概率模型：出现所述特征。分析访问Windows注册表的进程记录的功能，以确定对Windows注册表的访问是否为异常。公开了一种系统，其包括注册表审核模块，其被配置为收集关于访问所述Windows注册表的进程的记录; 模型生成器，其被配置为基于访问Windows注册表并且指示正常的计算机系统使用的多个进程的记录来生成正常计算机系统使用的概率模型; 以及配置为确定Windows注册表的访问是否是异常的模型比较器。

7. 发明授权

US07448084B1 System and methods for detecting intrusions in a computer system by monitoring operating system registry accesses 有权
标题翻译：通过监视操作系统注册表访问来检测计算机系统中的入侵的系统和方法
公开(公告)号：US07448084B1
公开(公告)日：2008-11-04
申请号：US10352343
申请日：2003-01-27
申请人： Frank Apap , Andrew Honig , Hershkop Shlomo , Eleazar Eskin , Salvatore J. Stolfo
发明人： Frank Apap , Andrew Honig , Hershkop Shlomo , Eleazar Eskin , Salvatore J. Stolfo
IPC分类号： G06F21/22 , G06F11/30
CPC分类号： G06F21/552 , H04L63/1416
摘要： A method for detecting intrusions in the operation of a computer system is disclosed which comprises gathering features from records of normal processes that access the files system of the computer, such as the Windows registry, and generating a probabilistic model of normal computer system usage based on occurrences of said features. The features of a record of a process that accesses the Windows registry are analyzed to determine whether said access to the Windows registry is an anomaly. A system is disclosed, comprising a registry auditing module configured to gather records regarding processes that access the Windows registry; a model generator configured to generate a probabilistic model of normal computer system usage based on records of a plurality of processes that access the Windows registry and that are indicative of normal computer system usage; and a model comparator configured to determine whether the access of the Windows registry is an anomaly.
摘要翻译：公开了一种用于检测计算机系统操作中的入侵的方法，其包括从访问诸如Windows注册表的计算机的文件系统的正常进程的记录中收集特征，并且基于以下方式生成基于计算机系统的正常计算机系统使用的概率模型：出现所述特征。分析访问Windows注册表的进程记录的功能，以确定对Windows注册表的访问是否为异常。公开了一种系统，其包括注册表审核模块，其被配置为收集关于访问所述Windows注册表的进程的记录; 模型生成器，其被配置为基于访问Windows注册表并且指示正常的计算机系统使用的多个进程的记录来生成正常计算机系统使用的概率模型; 以及配置为确定Windows注册表的访问是否是异常的模型比较器。

8. 发明授权

US08443441B2 System and methods for detecting malicious email transmission 有权
公开(公告)号：US08443441B2
公开(公告)日：2013-05-14
申请号：US12633493
申请日：2009-12-08
申请人： Salvatore J. Stolfo , Eleazar Eskin , Shlomo Herskop , Manasi Bhattacharyya
发明人： Salvatore J. Stolfo , Eleazar Eskin , Shlomo Herskop , Manasi Bhattacharyya
IPC分类号： G06F21/00
CPC分类号： H04L63/1425 , H04L51/12 , H04L63/145
摘要： A system and methods of detecting an occurrence of a violation of an email security policy of a computer system. A model relating to the transmission of prior emails through the computer system is defined which is derived from statistics relating to the prior emails. For selected emails to be analyzed, statistics concerning the selected email are gathered. Such statistics may refer to the behavior or other features of the selected emails, attachments to emails, or email accounts. The determination of whether a violation of an email security policy has occurred is performed by applying the model of prior email transmission to the statistics relating to the selected email. The model may be statistical or probabilistic. A model of prior email transmission may include grouping email recipients into cliques. A determination of a violation of a security policy may occur if email recipients for a particular email are in more than one clique.

9. 发明申请

US20100169970A1 SYSTEM AND METHODS FOR DETECTING MALICIOUS EMAIL TRANSMISSION 有权
标题翻译：用于检测恶意电子邮件传输的系统和方法
公开(公告)号：US20100169970A1
公开(公告)日：2010-07-01
申请号：US12633493
申请日：2009-12-08
申请人： Salvatore J. Stolfo , Eleazar Eskin , Shlomo Herskop , Manasi Bhattacharyya
发明人： Salvatore J. Stolfo , Eleazar Eskin , Shlomo Herskop , Manasi Bhattacharyya
IPC分类号： G06F21/00 , G06F15/16
CPC分类号： H04L63/1425 , H04L51/12 , H04L63/145
摘要： A system and methods of detecting an occurrence of a violation of an email security policy of a computer system. A model relating to the transmission of prior emails through the computer system is defined which is derived from statistics relating to the prior emails. For selected emails to be analyzed, statistics concerning the selected email are gathered. Such statistics may refer to the behavior or other features of the selected emails, attachments to emails, or email accounts. The determination of whether a violation of an email security policy has occurred is performed by applying the model of prior email transmission to the statistics relating to the selected email. The model may be statistical or probabilistic. A model of prior email transmission may include grouping email recipients into cliques. A determination of a violation of a security policy may occur if email recipients for a particular email are in more than one clique.
摘要翻译：检测违反计算机系统的电子邮件安全策略的发生的系统和方法。与通过计算机系统传输以前的电子邮件相关的模型被定义为从与先前的电子邮件相关的统计数据得出的。对于要分析的所选电子邮件，将收集有关所选电子邮件的统计信息。这样的统计数据可以指所选电子邮件的行为或其他功能，附件到电子邮件或电子邮件帐户。通过将先前的电子邮件传输模型应用于与所选择的电子邮件相关的统计数据来确定是否发生了电子邮件安全策略的违规。该模型可能是统计或概率。先前电子邮件传输的模型可以包括将电子邮件收件人分组成团体。如果特定电子邮件的电子邮件收件人在多个集团中，则可能会发生违反安全政策的决定。

10. 发明授权

US07162741B2 System and methods for intrusion detection with dynamic window sizes 有权
标题翻译：具有动态窗口大小的入侵检测系统和方法
公开(公告)号：US07162741B2
公开(公告)日：2007-01-09
申请号：US10208402
申请日：2002-07-30
申请人： Eleazar Eskin , Salvatore J. Stolfo
发明人： Eleazar Eskin , Salvatore J. Stolfo
IPC分类号： H04L9/32 , G06F11/00 , G06F11/22 , G06F11/30 , G06F11/32 , G06F11/34 , G06F11/36 , G06F12/14 , G06F12/16 , G06F7/04 , G06F7/58
CPC分类号： H04L63/1416 , Y10S707/99953 , Y10S707/99956
摘要： A system and methods of monitoring sequences of operations in a process running on a computer system. A probabilistic detection model is defined which is configured to determine a predictive probability of an occurrence of a final operation in the sequence of operations that is conditional on a calculated number of previous operations in the sequence of operations. The probabilistic detection model is trained from a plurality of predetermined sequences of operations to calculate the number of previous operations evaluated in the probabilistic detection model. The predictive probability for the final operation in the sequence of operations is determined by using the probabilistic detection model. If the predictive probability is below a predetermined threshold, the sequence of operations is identified as an intrusion. The probabilistic detection model may use sparse distribution trees to generate a model which determines the optimal number of previous operations to be evaluated (i.e., the window size) and position of wildcards. The system and methods may be used to monitor sequences of system calls, application function calls, and machine code instructions, for example.
摘要翻译：在计算机系统上运行的进程中监视操作顺序的系统和方法。定义概率检测模型，其被配置为确定在所述操作序列中出现最终操作的预测概率，其以所计算的操作序列中的先前操作的数量为条件。从多个预定的操作序列训练概率检测模型，以计算在概率检测模型中评估的先前操作的数量。通过使用概率检测模型来确定操作顺序中的最终操作的预测概率。如果预测概率低于预定阈值，则将该操作序列识别为入侵。概率检测模型可以使用稀疏分布树来生成确定要评估的先前操作的最佳数量（即，窗口大小）和通配符的位置的模型。例如，系统和方法可以用于监视系统调用，应用程序函数调用和机器代码指令的顺序。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式