专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US10452841B1 Modeling malicious behavior that occurs in the absence of users 有权
公开(公告)号：US10452841B1
公开(公告)日：2019-10-22
申请号：US15583077
申请日：2017-05-01
申请人： SYMANTEC CORPORATION
发明人： Acar Tamersoy , Sandeep Bhatkar , Daniel Marino , Kevin Alejandro Roundy
IPC分类号： G06F21/55 , G06N5/04 , G06N20/00
摘要： Systems, apparatuses, methods, and computer readable mediums for modeling malicious behavior that occurs in the absence of users. A system trains an anomaly detection model using attributes associated with a first plurality of events representing system activity on one or more clean machines when users are not present. Next, the system utilizes the trained anomaly detection model to remove benign events from a second plurality of events captured from infected machines when users are not present. Then, the system utilizes malicious events, from the second plurality of events, to train a classifier. Next, the classifier identifies a first set of attributes which are able to predict if an event is caused by malware with a predictive power greater than a threshold.

2. 发明授权

US09116768B1 Systems and methods for deploying applications included in application containers 有权
标题翻译：用于部署应用程序容器中的应用程序的系统和方法
公开(公告)号：US09116768B1
公开(公告)日：2015-08-25
申请号：US14549218
申请日：2014-11-20
申请人： Symantec Corporation
发明人： Sanjay Sawhney , Petros Efstathopoulos , Daniel Marino
IPC分类号： G06F9/445
CPC分类号： G06F8/60
摘要： The disclosed computer-implemented method for deploying applications included in application containers may include (1) identifying an application container that includes an application and facilitates transferring the application to a deployment environment, (2) performing a reconnaissance analysis on the deployment environment by identifying one or more properties of the deployment environment, (3) determining, based at least in part on the reconnaissance analysis, that the deployment environment meets a predetermined threshold of requirements for securely executing the application, and then (4) transferring the application included in the application container to the deployment environment in response to determining that the deployment environment meets the predetermined threshold. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译：用于部署应用程序容器中的应用程序的公开的计算机实现的方法可以包括（1）识别包括应用的应用容器，并且有助于将应用传送到部署环境，（2）通过识别部署环境来执行对部署环境的侦察分析或更多的属性，（3）至少部分地基于侦察分析来确定部署环境满足用于安全地执行应用程序的预定的要求阈值，然后（4）将包括在所述部署环境中的应用程序响应于确定部署环境达到预定阈值，应用容器到部署环境。还公开了各种其它方法，系统和计算机可读介质。

3. 发明授权

US08925037B2 Systems and methods for enforcing data-loss-prevention policies using mobile sensors 有权
标题翻译：使用移动传感器实施数据丢失防范政策的系统和方法
公开(公告)号：US08925037B2
公开(公告)日：2014-12-30
申请号：US13733131
申请日：2013-01-02
申请人： Symantec Corporation
发明人： Daniel Marino , Darren Shou , Bruce McCorkendale
IPC分类号： G06F17/00 , G06F7/04 , G06F21/60
CPC分类号： G06F21/60
摘要： A computer-implemented method for enforcing data-loss-prevention policies using mobile sensors may include (1) detecting an attempt by a user to access sensitive data on a mobile computing device, (2) collecting, via at least one sensor of the mobile computing device, sensor data that indicates an environment in which the user is attempting to access the sensitive data, (3) determining, based at least in part on the sensor data, a privacy level of the environment, and (4) restricting, based at least in part on the privacy level of the environment, the attempt by the user to access the sensitive data according to a DLP policy. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译：用于使用移动传感器实施数据丢失防止策略的计算机实现的方法可以包括（1）检测用户尝试访问移动计算设备上的敏感数据，（2）经由移动台的至少一个传感器计算设备，指示用户尝试访问敏感数据的环境的传感器数据，（3）至少部分地基于传感器数据确定环境的隐私级别，以及（4）基于至少部分地基于环境的隐私级别，用户根据DLP策略尝试访问敏感数据。还公开了各种其它方法，系统和计算机可读介质。

4. 发明申请

US20140189784A1 SYSTEMS AND METHODS FOR ENFORCING DATA-LOSS-PREVENTION POLICIES USING MOBILE SENSORS 有权
标题翻译：使用移动传感器执行数据预防政策的系统和方法
公开(公告)号：US20140189784A1
公开(公告)日：2014-07-03
申请号：US13733131
申请日：2013-01-02
申请人： Symantec Corporation
发明人： Daniel Marino , Darren Shou , Bruce McCorkendale
IPC分类号： G06F21/60
CPC分类号： G06F21/60
摘要： A computer-implemented method for enforcing data-loss-prevention policies using mobile sensors may include (1) detecting an attempt by a user to access sensitive data on a mobile computing device, (2) collecting, via at least one sensor of the mobile computing device, sensor data that indicates an environment in which the user is attempting to access the sensitive data, (3) determining, based at least in part on the sensor data, a privacy level of the environment, and (4) restricting, based at least in part on the privacy level of the environment, the attempt by the user to access the sensitive data according to a DLP policy. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译：用于使用移动传感器实施数据丢失防止策略的计算机实现的方法可以包括（1）检测用户尝试访问移动计算设备上的敏感数据，（2）经由移动台的至少一个传感器计算设备，指示用户尝试访问敏感数据的环境的传感器数据，（3）至少部分地基于传感器数据确定环境的隐私级别，以及（4）基于至少部分地基于环境的隐私级别，用户根据DLP策略尝试访问敏感数据。还公开了各种其它方法，系统和计算机可读介质。

5. 发明授权

US11128473B1 Systems and methods for assuring authenticity of electronic sensor data 有权
公开(公告)号：US11128473B1
公开(公告)日：2021-09-21
申请号：US16359723
申请日：2019-03-20
申请人： Symantec Corporation
发明人： Daniel Kats , Christopher Gates , Acar Tamersoy , Daniel Marino
IPC分类号： H04L9/32 , G06F21/72 , G06F21/60
摘要： The disclosed method for assuring authenticity of electronic sensor data may include (i) capturing, using a sensor within a device, electronic sensor data, and (ii) digitally signing, using a cryptoprocessor embedded within the device, the electronic sensor data to create a digital signature that verifies that the signed electronic sensor data has not been modified since the electronic sensor data was captured by the sensor. Various other methods, systems, and computer-readable media are also disclosed.

6. 发明授权

US11012452B1 Systems and methods for establishing restricted interfaces for database applications 有权
公开(公告)号：US11012452B1
公开(公告)日：2021-05-18
申请号：US15865304
申请日：2018-01-09
申请人： Symantec Corporation
发明人： Daniel Kats , Daniel Marino
IPC分类号： H04L29/06 , G06F16/951
摘要： The disclosed computer-implemented method for establishing restricted interfaces for database applications may include analyzing, by a computing device, query behavior of an application for query requests from the application to a remote database in a computer system and identifying, based on the analysis, an expected query behavior for the application. The method may include establishing, between the application and the remote database, a restricted interface. The method may include receiving, at the restricted interface, a query request from the application to the remote database and limiting, by the restricted interface, the query request from the application to the remote database based on the expected query behavior. The method may include determining, by checking the query request against the expected query behavior, that the query request is anomalous query behavior and performing a security action with respect to the computer system. Various other methods, systems, and computer-readable media are also disclosed.

7. 发明授权

US09665715B1 Systems and methods for detecting malware-induced crashes 有权
公开(公告)号：US09665715B1
公开(公告)日：2017-05-30
申请号：US14138130
申请日：2013-12-23
申请人： Symantec Corporation
发明人： Kevin Roundy , Sandeep Bhatkar , Fanglu Guo , Daniel Marino
IPC分类号： G06F21/62 , G06F21/56
CPC分类号： G06F21/562 , G06F11/0766 , G06F21/552 , G06F21/561
摘要： A computer-implemented method for detecting malware-induced crashes may include (1) identifying, by analyzing a health log associated with a previously stable computing device, the occurrence of an unexpected stability problem on the previously stable computing device, (2) identifying, by analyzing an event log associated with the previously stable computing device, an event that is potentially responsible for the occurrence of the unexpected stability problem on the previously stable computing device, (3) determining, due at least in part to the event being potentially responsible for the occurrence of the unexpected stability problem on the previously stable computing device, that the event is potentially malicious, and (4) performing a security action in response to determining that the event is potentially malicious. Various other methods, systems, and computer-readable media are also disclosed.

8. 发明授权

US09185119B1 Systems and methods for detecting malware using file clustering 有权
标题翻译：使用文件集群检测恶意软件的系统和方法
公开(公告)号：US09185119B1
公开(公告)日：2015-11-10
申请号：US14273503
申请日：2014-05-08
申请人： Symantec Corporation
发明人： Acar Tamersoy , Kevin A. Roundy , Daniel Marino
IPC分类号： G08B23/00 , H04L29/06 , G06F17/30
CPC分类号： H04L63/20 , G06F17/30103 , G06F17/30115 , H04L63/14
摘要： The disclosed computer-implemented method for detecting malware using file clustering may include (1) identifying a file with an unknown reputation, (2) identifying at least one file with a known reputation that co-occurs with the unknown file, (3) identifying a malware classification assigned to the known file, (4) determining a probability that the unknown file is of the same classification as the known file, and (5) assigning, based on the probability that the unknown file is of the same classification as the known file, the classification of the known file to the unknown file. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译：用于使用文件聚类来检测恶意软件的公开的计算机实现的方法可以包括（1）识别具有未知信誉的文件，（2）识别具有与未知文件共存的已知信誉的至少一个文件，（3）识别分配给已知文件的恶意软件分类，（4）确定未知文件与已知文件具有相同分类的概率，以及（5）基于未知文件与已知文件，将已知文件分类到未知文件。还公开了各种其它方法，系统和计算机可读介质。

9. 发明申请

US20190253398A1 DECRYPTING NETWORK TRAFFIC ON A MIDDLEBOX DEVICE USING A TRUSTED EXECUTION ENVIRONMENT 审中-公开
公开(公告)号：US20190253398A1
公开(公告)日：2019-08-15
申请号：US16021950
申请日：2018-06-28
申请人： SYMANTEC CORPORATION
发明人： Yuqiong Sun , Daniel Marino , Susanta K. Nanda , Saurabh Shintre , Brian T. Witten , Ronald A. Frederick , Qing Li
IPC分类号： H04L29/06 , G06F21/62
CPC分类号： H04L63/0435 , G06F21/57 , G06F21/6263 , H04L63/0281
摘要： Decrypting network traffic on a middlebox device using a trusted execution environment (TEE). In one embodiment, a method may include loading a kernel application inside the TEE, loading a logic application outside the TEE, intercepting, by the logic application, encrypted network traffic, forwarding, from the logic application to the kernel application, the encrypted network traffic, decrypting, at the kernel application, the encrypted network traffic, inspecting, at the kernel application, the decrypted network traffic according to a sensitivity policy to determine whether the decrypted network traffic includes sensitive data, forwarding, from the kernel application to the logic application, filtered decrypted network traffic that excludes the sensitive data, processing, at the logic application, the filtered decrypted network traffic, forwarding, from the logic application to the kernel application, the filtered decrypted network traffic after the processing by the logic application, and forwarding, from the kernel application, the encrypted network traffic.

10. 发明授权

US10044691B1 Decrypting network traffic on a middlebox device using a trusted execution environment 有权
公开(公告)号：US10044691B1
公开(公告)日：2018-08-07
申请号：US15894619
申请日：2018-02-12
申请人： SYMANTEC CORPORATION
发明人： Yuqiong Sun , Daniel Marino , Susanta K. Nanda , Saurabh Shintre , Brian T. Witten , Ronald A. Frederick , Qing Li
IPC分类号： H04L29/06 , G06F21/62
摘要： Decrypting network traffic on a middlebox device using a trusted execution environment (TEE). In one embodiment, a method may include loading a kernel application inside the TEE, loading a logic application outside the TEE, intercepting, by the logic application, encrypted network traffic, forwarding, from the logic application to the kernel application, the encrypted network traffic, decrypting, at the kernel application, the encrypted network traffic, inspecting, at the kernel application, the decrypted network traffic according to a sensitivity policy to determine whether the decrypted network traffic includes sensitive data, forwarding, from the kernel application to the logic application, filtered decrypted network traffic that excludes the sensitive data, processing, at the logic application, the filtered decrypted network traffic, forwarding, from the logic application to the kernel application, the filtered decrypted network traffic after the processing by the logic application, and forwarding, from the kernel application, the encrypted network traffic.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式