专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20160065614A1 METHODS, SYSTEMS, AND MEDIA FOR MASQUERADE ATTACK DETECTION BY MONITORING COMPUTER USER BEHAVIOR 审中-公开
标题翻译：监控计算机用户行为的MASTERERADE攻击检测方法，系统和媒体
公开(公告)号：US20160065614A1
公开(公告)日：2016-03-03
申请号：US14272099
申请日：2014-05-07
申请人： The Trustees of Columbia University in the City of New York
发明人： Salvatore J. Stolfo , Malek Ben Salem , Shlomo Hershkop
IPC分类号： H04L29/06
CPC分类号： H04L63/1416 , G06F21/50 , G06F21/55 , G06F21/552 , G06F21/554 , G06F21/566 , H04L29/06884 , H04L29/06897 , H04L63/1408 , H04L63/1425 , H04L63/1491
摘要： Methods, systems, and media for masquerade attack detection by monitoring computer user behavior are provided. In accordance with some embodiments, a method for detecting masquerade attacks is provided, the method comprising: monitoring, using a hardware processor, a first plurality of user actions in a computing environment; generating a user intent model based on the first plurality of user actions; monitoring a second plurality of user actions in the computing environment; determining whether at least one of the second plurality of user actions deviates from the generated user intent model; determining whether the second plurality of user actions include performing an action on a file in the computing environment that contains decoy information in response to determining that at least one of the second plurality of user actions deviates from the generated user intent model; and generating an alert in response to determining that the second plurality of user actions include performing an action on a file in the computing environment that contains decoy information.
摘要翻译：提供了通过监控计算机用户行为进行伪装攻击检测的方法，系统和媒体。根据一些实施例，提供了一种用于检测伪装攻击的方法，所述方法包括：使用硬件处理器监视计算环境中的第一多个用户动作; 基于所述第一多个用户动作生成用户意图模型; 在所述计算环境中监视第二多个用户动作; 确定所述第二多个用户动作中的至少一个是否偏离所生成的用户意图模型; 确定所述第二多个用户动作是否包括响应于确定所述第二多个用户动作中的至少一个偏离所生成的用户意图模型而对包含诱饵信息的所述计算环境中的文件执行动作; 以及响应于确定所述第二多个用户动作包括对包含诱饵信息的所述计算环境中的文件执行动作来生成警报。

2. 发明申请

US20160182545A1 METHODS, SYSTEMS, AND MEDIA FOR MASQUERADE ATTACK DETECTION BY MONITORING COMPUTER USER BEHAVIOR 审中-公开
公开(公告)号：US20160182545A1
公开(公告)日：2016-06-23
申请号：US15056627
申请日：2016-02-29
申请人： The Trustees of Columbia University in the City of New York
发明人： Salvatore J. Stolfo , Malek Ben Salem , Shlomo Hershkop
IPC分类号： H04L29/06
CPC分类号： H04L63/1416 , G06F21/50 , G06F21/55 , G06F21/552 , G06F21/554 , G06F21/566 , H04L29/06884 , H04L29/06897 , H04L63/1408 , H04L63/1425 , H04L63/1491
摘要： Methods, systems, and media for masquerade attack detection by monitoring computer user behavior are provided. In accordance with some embodiments, a method for detecting masquerade attacks is provided, the method comprising: monitoring, using a hardware processor, a first plurality of user actions in a computing environment; generating a user intent model based on the first plurality of user actions; monitoring a second plurality of user actions in the computing environment; determining whether at least one of the second plurality of user actions deviates from the generated user intent model; determining whether the second plurality of user actions include performing an action on a file in the computing environment that contains decoy information in response to determining that at least one of the second plurality of user actions deviates from the generated user intent model; and generating an alert in response to determining that the second plurality of user actions include performing an action on a file in the computing environment that contains decoy information.

3. 发明申请

US20160012222A1 METHODS, SYSTEMS, AND MEDIA FOR BAITING INSIDE ATTACKERS 审中-公开
标题翻译：用于打击攻击者的方法，系统和媒体
公开(公告)号：US20160012222A1
公开(公告)日：2016-01-14
申请号：US14642401
申请日：2015-03-09
申请人： The Trustees of Columbia University in the City of New York
发明人： Salvatore J. Stolfo , Angelos D. Keromytis , Brian M. Bowen , Shlomo Hershkop , Vasileios P. Kemerlis , Pratap V. Prabhu , Malek Ben Salem
IPC分类号： G06F21/55
CPC分类号： G06F21/554 , G06F21/552 , G06F21/566 , G06F2221/034 , G06F2221/2123 , H04L63/1466
摘要： Methods, systems, and media for providing trap-based defenses are provided. In accordance with some embodiments, a method for providing trap-based defenses is provided, the method comprising: generating decoy information based at least in part on actual information in a computing environment, wherein the decoy information is generated to comply with one or more document properties; embedding a beacon into the decoy information; and inserting the decoy information with the embedded beacon into the computing environment, wherein the embedded beacon provides a first indication that the decoy information has been accessed by an attacker and wherein the embedded beacon provides a second indication that differentiates between the decoy information and the actual information.
摘要翻译：提供了用于提供基于陷阱的防御的方法，系统和媒体。根据一些实施例，提供了一种用于提供基于陷阱的防御的方法，所述方法包括：至少部分地基于计算环境中的实际信息生成诱饵信息，其中所述诱饵信息被生成以符合一个或多个文档属性; 将信标嵌入诱饵信息中; 以及将具有所嵌入的信标的诱饵信息插入所述计算环境中，其中所述嵌入式信标提供所述诱饵信息已经被攻击者访问的第一指示，并且其中所述嵌入信标提供区分所述诱饵信息和所述实际信息之间的第二指示信息。

4. 发明授权

US09501639B2 Methods, systems, and media for baiting inside attackers 有权
公开(公告)号：US09501639B2
公开(公告)日：2016-11-22
申请号：US14642401
申请日：2015-03-09
申请人： The Trustees of Columbia University in the City of New York
发明人： Salvatore J. Stolfo , Angelos D. Keromytis , Brian M. Bowen , Shlomo Hershkop , Vasileios P. Kemerlis , Pratap V. Prabhu , Malek Ben Salem
IPC分类号： G06F11/00 , G06F21/55 , G06F21/56 , H04L29/06
CPC分类号： G06F21/554 , G06F21/552 , G06F21/566 , G06F2221/034 , G06F2221/2123 , H04L63/1466
摘要： Methods, systems, and media for providing trap-based defenses are provided. In accordance with some embodiments, a method for providing trap-based defenses is provided, the method comprising: generating decoy information based at least in part on actual information in a computing environment, wherein the decoy information is generated to comply with one or more document properties; embedding a beacon into the decoy information; and inserting the decoy information with the embedded beacon into the computing environment, wherein the embedded beacon provides a first indication that the decoy information has been accessed by an attacker and wherein the embedded beacon provides a second indication that differentiates between the decoy information and the actual information.

5. 发明授权

US09311476B2 Methods, systems, and media for masquerade attack detection by monitoring computer user behavior 有权
标题翻译：通过监控计算机用户行为进行伪装攻击检测的方法，系统和媒体
公开(公告)号：US09311476B2
公开(公告)日：2016-04-12
申请号：US14272099
申请日：2014-05-07
申请人： The Trustees of Columbia University in the City of New York
发明人： Salvatore J. Stolfo , Malek Ben Salem , Shlomo Hershkop
IPC分类号： G06F21/00 , G06F21/55 , H04L29/06 , G06F21/50 , G06F21/56
CPC分类号： H04L63/1416 , G06F21/50 , G06F21/55 , G06F21/552 , G06F21/554 , G06F21/566 , H04L29/06884 , H04L29/06897 , H04L63/1408 , H04L63/1425 , H04L63/1491
摘要： Methods, systems, and media for masquerade attack detection by monitoring computer user behavior are provided. In accordance with some embodiments, a method for detecting masquerade attacks is provided, the method comprising: monitoring, using a hardware processor, a first plurality of user actions in a computing environment; generating a user intent model based on the first plurality of user actions; monitoring a second plurality of user actions in the computing environment; determining whether at least one of the second plurality of user actions deviates from the generated user intent model; determining whether the second plurality of user actions include performing an action on a file in the computing environment that contains decoy information in response to determining that at least one of the second plurality of user actions deviates from the generated user intent model; and generating an alert in response to determining that the second plurality of user actions include performing an action on a file in the computing environment that contains decoy information.
摘要翻译：提供了通过监控计算机用户行为进行伪装攻击检测的方法，系统和媒体。根据一些实施例，提供了一种用于检测伪装攻击的方法，所述方法包括：使用硬件处理器监视计算环境中的第一多个用户动作; 基于所述第一多个用户动作生成用户意图模型; 在所述计算环境中监视第二多个用户动作; 确定所述第二多个用户动作中的至少一个是否偏离所生成的用户意图模型; 确定所述第二多个用户动作是否包括响应于确定所述第二多个用户动作中的至少一个偏离所生成的用户意图模型而对包含诱饵信息的所述计算环境中的文件执行动作; 以及响应于确定所述第二多个用户动作包括对包含诱饵信息的所述计算环境中的文件执行动作来生成警报。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式