专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US10013694B1 Open data collection for threat intelligence posture assessment 有权
公开(公告)号：US10013694B1
公开(公告)日：2018-07-03
申请号：US14144007
申请日：2013-12-30
申请人： EMC Corporation
发明人： Shachar Israeli , Ereli Eran , Alex Zaslavsky , Marcelo Blatt
IPC分类号： G06Q20/40 , G06Q50/00
CPC分类号： G06Q20/4016 , G06Q50/01
摘要： An improved technique involves inputting data in postings from social media or news websites into a risk engine. A posting extraction device continually observes postings aggregated in social media and news websites, such as Twitter, Facebook, CNN, and the like. The posting extraction device parses postings that contain specified keywords such as “credit card,” “account number,” and the like. The posting extraction device also parses these postings for metadata such as user identifiers, times, and locations. The posting extraction device then stores the parsed information in a transaction database that is accessed by an adaptive authentication engine for risk score assignment.

2. 发明授权

US09722996B1 Partial password-based authentication using per-request risk scores 有权
公开(公告)号：US09722996B1
公开(公告)日：2017-08-01
申请号：US14665276
申请日：2015-03-23
申请人： EMC Corporation
发明人： Eyal Kolman , Alon Kaufman , Ereli Eran , Eyal Gruss
IPC分类号： H04L29/06 , G06F15/16 , G06F17/30
CPC分类号： H04L63/083 , G06F21/31 , G06F21/46
摘要： A system that permits authentication based on a partial password, in which a risk score is assigned to an authentication request, and a minimum partial password size is generated based on the risk score. User-entered password characters are compared to one or more partial passwords having lengths equal to or greater than the minimum partial password size. If a match is found, the user is authenticated. A password similarity threshold for the request may also be generated based on the risk score, indicating a minimum level of similarity required between the user-entered password characters and the characters in a partial password, in order for there to be a match. When the user-entered password characters match a partial password, and the requesting user is authenticated, the system may stop inputting user-entered password characters, and/or transmitting the user-entered password characters to a server computer.

3. 发明授权

US09154516B1 Detecting risky network communications based on evaluation using normal and abnormal behavior profiles 有权
标题翻译：基于使用正常和异常行为特征的评估来检测风险网络通信
公开(公告)号：US09154516B1
公开(公告)日：2015-10-06
申请号：US14039881
申请日：2013-09-27
申请人： EMC Corporation
发明人： Alex Vaystikh , Ereli Eran , Eyal Kolman
IPC分类号： G06F15/173 , H04L29/06
CPC分类号： H04L63/1425
摘要： A technique detects riskiness of a communication in a network based on behavior profiling. The technique involves generating a network history baseline (e.g., normal and abnormal behavior profiles) from prior network communications occurring in the network. The technique further involves, for a new network communication, assigning the new network communication a risk score based on a comparison of the new network communication to the network history baseline. The risk score is a numerical measure of behavioral normalcy relative to the prior network communications occurring in the network. The technique further involves providing an output signal having a first value when the risk score is above a predefined risk threshold to indicate that the communication is risky, and a second value which is different than the first value when the risk score is below the predefined risk threshold to indicate that the communication is not risky.
摘要翻译：一种技术可以基于行为分析来检测网络中的通信风险。该技术涉及从网络中发生的先前网络通信产生网络历史基线（例如，正常和异常行为简档）。该技术还涉及对于新的网络通信，基于新的网络通信与网络历史基线的比较来分配新的网络通信风险评分。风险分数是相对于在网络中发生的先前网络通信的行为正常性的数值测量。所述技术还涉及当所述风险评分高于预定风险阈值时提供具有第一值的输出信号，以指示所述通信是有风险的，以及当所述风险评分低于所述预定风险时所述第二值与所述第一值不同的第二值表示通信没有风险的阈值。

4. 发明授权

US09130985B1 Data driven device detection 有权
标题翻译：数据驱动器件检测
公开(公告)号：US09130985B1
公开(公告)日：2015-09-08
申请号：US13931830
申请日：2013-06-29
申请人： EMC Corporation
发明人： Eyal Kolman , Alon Kaufman , Yael Villa , Alex Vaystikh , Ereli Eran , Eyal Yehowa Gruss
IPC分类号： G06F7/00 , H04L29/06 , G06F17/30 , G06N5/02
CPC分类号： H04L63/1433 , G06F7/00 , G06F17/30 , G06F21/44 , G06F2221/2129 , G06N5/02 , G06N7/005 , H04L63/0876 , H04L63/205
摘要： Data driven device detection is provided, whereby a device is detected by obtaining a plurality of feature values for a given device; obtaining a set of device attributes for a plurality of potential devices; calculating a probability value that the given device is each potential device within the plurality of potential devices; identifying a candidate device associated with a maximum probability value among the calculated probability values; and labeling the given device as the candidate device if the associated maximum probability value satisfies a predefined threshold. The predefined threshold can be a function, for example, of whether the given user has previously used this device. The obtained feature values can be obtained for a selected set of features satisfying one or more predefined characteristic criteria. The device attributes can be obtained, for example, from a profile for each of the plurality of potential devices.
摘要翻译：提供数据驱动装置检测，由此通过获得给定装置的多个特征值来检测装置; 获得一组用于多个潜在设备的设备属性; 计算所述给定设备是所述多个潜在设备内的每个潜在设备的概率值; 识别在所计算的概率值中与最大概率值相关联的候选设备; 以及如果所述相关联的最大概率值满足预定阈值，则将所述给定设备标记为候选设备。预定义的阈值可以是例如给定用户先前使用该设备的功能。可以针对满足一个或多个预定特征标准的所选择的特征集获得所获得的特征值。可以例如从多个潜在设备中的每一个的配置文件获得设备属性。

5. 发明授权

US09601000B1 Data-driven alert prioritization 有权
公开(公告)号：US09601000B1
公开(公告)日：2017-03-21
申请号：US14039875
申请日：2013-09-27
申请人： EMC Corporation
发明人： Eyal Gruss , Alex Vaystikh , Eyal Kolman , Alon Kaufman , Yael Villa , Ereli Eran
IPC分类号： G08B23/00 , G06F11/00
CPC分类号： G06Q20/40 , G06F21/31 , G06F21/45 , G06F21/552 , G06Q20/4016 , G06Q20/405
摘要： A technique provides alert prioritization. The technique involves selecting attributes to use as alert scoring factors. The technique further involves updating, for an incoming alert having particular attribute values for the selected attributes, count data to represent encounter of the incoming alert from perspectives of the selected attributes. The technique further involves generating an overall significance score for the incoming alert based on the updated count data. The overall significance score is a measure of alert significance relative to other alerts. Scored alerts then can be sorted so that investigators focus on the alerts with the highest significance scores. Such a technique is well suited for adaptive authentication (AA) and Security Information and Event Management (SIEM) systems among other alert-based systems such as churn analysis systems, malfunction detection systems, and the like.

6. 发明授权

US09426168B1 Fast-flux detection utilizing domain name system information 有权
标题翻译：利用域名系统信息进行快速通量检测
公开(公告)号：US09426168B1
公开(公告)日：2016-08-23
申请号：US14471540
申请日：2014-08-28
申请人： EMC Corporation
发明人： Eyal Yehowa Gruss , Ereli Eran , Alex Vaystikh , Eyal Kolman , Alon Kaufman
IPC分类号： G06F15/173 , H04L29/06 , H04L12/26
CPC分类号： H04L63/1408 , H04L63/101 , H04L2463/144
摘要： A processing device comprises a processor coupled to a memory and is configured to determine a first set of features from domain name system (DNS) information, the first set of features being defined over a domain, and to determine a second set of features from the DNS information, the second set of features being defined over internet protocol (IP) addresses returned for the domain. The processing device is further configured to compute a fast-flux score based on the first and second sets of features, and to utilize the fast-flux score to characterize fast-flux activity relating to the domain. For example, the processing device can be configured to compare the fast-flux score to a threshold, and to generate an indicator of the presence or absence of fast-flux activity based on a result of the comparison. The processing device may be implemented in a computer network or network security system.
摘要翻译：处理设备包括处理器，其耦合到存储器并且被配置为从域名系统（DNS）信息确定第一组特征，所述第一组特征是通过域定义的，并且从所述第一组特征确定来自 DNS信息，第二组功能是通过为域返回的互联网协议（IP）地址定义的。处理装置还被配置为基于第一和第二特征集来计算快速通量分数，并且利用快速通量分数来表征与该域相关的快速通量活动。例如，处理装置可以被配置为将快速通量分数与阈值进行比较，并且基于比较的结果生成快速通量活动的存在或不存在的指标。处理设备可以在计算机网络或网络安全系统中实现。

7. 发明授权

US09325733B1 Unsupervised aggregation of security rules 有权
标题翻译：无监督的安全规则汇总
公开(公告)号：US09325733B1
公开(公告)日：2016-04-26
申请号：US14530061
申请日：2014-10-31
申请人： EMC Corporation
发明人： Eyal Kolman , Eyal Yehowa Gruss , Alon Kaufman , Ereli Eran
IPC分类号： H04L29/00 , H04L29/06
CPC分类号： H04L63/1441 , H04L63/02 , H04L63/0227 , H04L63/0263 , H04L63/1416 , H04L63/20
摘要： A processing device comprises a processor coupled to a memory and is configured to obtain at least one rule set utilized to detect malicious activity in a computer network, to determine one or more trigger conditions for each of a plurality of rules of the at least one rule set, to identify alerts generated responsive to the determined trigger conditions, to compute correlations between respective pairs of the plurality of rules based on the identified alerts, and to aggregate groups of two or more of the plurality of rules into respective aggregated rules based at least in part on the computed correlations. The aggregated rules are illustratively applied in conjunction with remaining unaggregated ones of the plurality of rules of the one or more rule sets to detect malicious activity in the computer network. The processing device may be implemented in a computer network or network security system.
摘要翻译：处理设备包括处理器，其耦合到存储器并且被配置为获得用于检测计算机网络中的恶意活动的至少一个规则集，以确定所述至少一个规则的多个规则中的每一个的一个或多个触发条件设置以识别响应于所确定的触发条件而生成的警报，以基于所识别的警报来计算所述多个规则的相应对之间的相关性，并且至少将所述多个规则中的两个或多个规则的组聚集到相应的聚合规则中部分归结于计算的相关性。汇总的规则被示意性地应用于一个或多个规则集的多个规则中的剩余的未分组的规则，以检测计算机网络中的恶意活动。处理设备可以在计算机网络或网络安全系统中实现。

8. 发明授权

US09560027B1 User authentication 有权
标题翻译：用户认证
公开(公告)号：US09560027B1
公开(公告)日：2017-01-31
申请号：US13852187
申请日：2013-03-28
申请人： EMC Corporation
发明人： Eyal Kolman , Alon Kaufman , Yael Villa , Alex Vaystikh , Ereli Eran , Liron Liptz
IPC分类号： G06Q40/02 , H04L29/06
CPC分类号： H04L63/08 , H04W4/027 , H04W12/06
摘要： There is disclosed some techniques for processing an authentication request. In one example, a method comprises the step of determining the velocity between authentication requests of a user associated with the requests. Additionally, the method determines the likelihood that a location associated with one of the requests is associated with the user location. Furthermore, the method generates an authentication result based on the likelihood that a location associated with one of the requests is associated with the user location.
摘要翻译：公开了一些用于处理认证请求的技术。在一个示例中，方法包括确定与请求相关联的用户的认证请求之间的速度的步骤。此外，该方法确定与一个请求相关联的位置与用户位置相关联的可能性。此外，该方法基于与一个请求相关联的位置与用户位置相关联的可能性来生成认证结果。

9. 发明授权

US09558346B1 Information processing systems with security-related feedback 有权
标题翻译：具有安全相关反馈的信息处理系统
公开(公告)号：US09558346B1
公开(公告)日：2017-01-31
申请号：US13903390
申请日：2013-05-28
申请人： EMC Corporation
发明人： Eyal Kolman , Alon Kaufman , Yael Villa , Alex Vaystikh , Ereli Eran
IPC分类号： G06F21/50 , G06F21/55 , G06F21/51 , G06F21/57
CPC分类号： G06F21/50 , G06F21/51 , G06F21/552 , G06F21/554 , G06F21/57 , G06F21/577 , G06F2221/2101 , H04L63/1441
摘要： An information processing system implements a security system. The security system comprises a classifier configured to process information characterizing events in order to generate respective risk scores, and a data store coupled to the classifier and configured to store feedback relating to one or more attributes associated with an assessment of the risk scores by one or more users. The classifier is configured to utilize the feedback regarding the risk scores to learn riskiness of particular events and to adjust its operation based on the learned riskiness, such that the risk score generated by the classifier for a given one of the events is based at least in part on the feedback received regarding risk scores generated for one or more previous ones of the events.
摘要翻译：信息处理系统实现安全系统。安全系统包括分类器，其被配置为处理表征事件的信息以产生相应的风险分数;以及数据存储，其耦合到分类器并且被配置为存储与风险评分的评估相关联的一个或多个属性的反馈，更多用户分类器被配置为利用关于风险分数的反馈来学习特定事件的风险，并且基于所学习的风险来调整其操作，使得分类器为给定的一个事件产生的风险评分至少基于部分收到关于为一个或多个以前的事件产生的风险分数的反馈。

10. 发明授权

US09462009B1 Detecting risky domains 有权
标题翻译：检测风险领域
公开(公告)号：US09462009B1
公开(公告)日：2016-10-04
申请号：US14501485
申请日：2014-09-30
申请人： EMC Corporation
发明人： Eyal Kolman , Alex Vaystikh , Alon Kaufman , Ereli Eran , Eyal Gruss
IPC分类号： H04L29/06
CPC分类号： H04L63/1425
摘要： There is disclosed a technique for detecting risky domains. The technique comprises collecting information in connection with a domain. The technique also comprises generating a profile comprising at least one metric associated with the domain based on the collected information. The technique further comprises determining the riskiness in connection with the domain based on the generated profile.
摘要翻译：公开了一种用于检测风险域的技术。该技术包括收集与域相关的信息。该技术还包括基于所收集的信息生成包括与域相关联的至少一个度量的简档。该技术还包括基于所生成的简档来确定与域相关联的风险。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式