专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US09047441B2 Malware analysis system 有权
标题翻译：恶意软件分析系统
公开(公告)号：US09047441B2
公开(公告)日：2015-06-02
申请号：US13115032
申请日：2011-05-24
申请人： Huagang Xie , Xinran Wang , Jiangxia Liu
发明人： Huagang Xie , Xinran Wang , Jiangxia Liu
IPC分类号： G06F17/00 , G06F21/00 , G06F21/53 , H04L29/06
CPC分类号： H04L63/0227 , G06F21/00 , G06F21/53 , H04L63/0263 , H04L63/0428 , H04L63/1408 , H04L63/1425 , H04L63/145
摘要： In some embodiments, a malware analysis system includes receiving a potential malware sample from a firewall; analyzing the potential malware sample using a virtual machine to determine if the potential malware sample is malware; and automatically generating a signature if the potential malware sample is determined to be malware. In some embodiments, the potential malware sample does not match a preexisting signature, and the malware is a zero-day attack.
摘要翻译：在一些实施例中，恶意软件分析系统包括从防火墙接收潜在的恶意软件样本; 使用虚拟机分析潜在的恶意软件样本，以确定潜在的恶意软件样本是否为恶意软件; 并且如果潜在恶意软件样本被确定为恶意软件，则自动生成签名。在一些实施例中，潜在恶意软件样本与预先存在的签名不匹配，并且恶意软件是零日攻击。

2. 发明授权

US08555388B1 Heuristic botnet detection 有权
公开(公告)号：US08555388B1
公开(公告)日：2013-10-08
申请号：US13115016
申请日：2011-05-24
申请人： Xinran Wang , Huagang Xie
发明人： Xinran Wang , Huagang Xie
IPC分类号： G06F7/04
CPC分类号： H04L63/1416 , G06F21/552 , H04L63/0236 , H04L63/1425 , H04L63/1433 , H04L67/02 , H04L69/22 , H04L2463/144
摘要： In some embodiments, heuristic botnet detection is provided. In some embodiments, heuristic botnet detection includes monitoring network traffic to identify suspicious network traffic; and detecting a bot based on a heuristic analysis of the suspicious network traffic behavior using a processor, in which the suspicious network traffic behavior includes command and control traffic associated with a bot master. In some embodiments, heuristic botnet detection further includes assigning a score to the monitored network traffic, in which the score corresponds to a botnet risk characterization of the monitored network traffic (e.g., based on one or more heuristic botnet detection techniques); increasing the score based on a correlation of additional suspicious behaviors associated with the monitored network traffic (e.g., based on one or more heuristic botnet detection techniques); and determining the suspicious behavior is associated with a botnet based on the score.

3. 发明申请

US20120304244A1 MALWARE ANALYSIS SYSTEM 有权
标题翻译：恶意软件分析系统
公开(公告)号：US20120304244A1
公开(公告)日：2012-11-29
申请号：US13115032
申请日：2011-05-24
申请人： Huagang Xie , Xinran Wang , Jiangxia Liu
发明人： Huagang Xie , Xinran Wang , Jiangxia Liu
IPC分类号： G06F11/00 , G06F21/20 , G06F17/00
CPC分类号： H04L63/0227 , G06F21/00 , G06F21/53 , H04L63/0263 , H04L63/0428 , H04L63/1408 , H04L63/1425 , H04L63/145
摘要： In some embodiments, a malware analysis system includes receiving a potential malware sample from a firewall; analyzing the potential malware sample using a virtual machine to determine if the potential malware sample is malware; and automatically generating a signature if the potential malware sample is determined to be malware. In some embodiments, the potential malware sample does not match a preexisting signature, and the malware is a zero-day attack.
摘要翻译：在一些实施例中，恶意软件分析系统包括从防火墙接收潜在的恶意软件样本; 使用虚拟机分析潜在的恶意软件样本，以确定潜在的恶意软件样本是否为恶意软件; 并且如果潜在恶意软件样本被确定为恶意软件，则自动生成签名。在一些实施例中，潜在恶意软件样本与预先存在的签名不匹配，并且恶意软件是零日攻击。

4. 发明授权

US08443442B2 Signature-free buffer overflow attack blocker 有权
标题翻译：无签名缓冲区溢出攻击拦截器
公开(公告)号：US08443442B2
公开(公告)日：2013-05-14
申请号：US11668699
申请日：2007-01-30
申请人： Xinran Wang , Chi-Chun Pan , Peng Liu , Sencun Zhu
发明人： Xinran Wang , Chi-Chun Pan , Peng Liu , Sencun Zhu
IPC分类号： H04L29/06
CPC分类号： H04L63/1441
摘要： A real-time, signature-free, blocker prevents buffer overflow attacks. The system and method, called SigFree, can filter out code injection buffer overflow attack packets targeting at various Internet services such as web services. Motivated by the observation that buffer overflow attacks typically contain executables whereas legitimate client requests never contain executables in most Internet services, SigFree blocks attacks by checking, without any preknowledge of the real attacks, if “executable” instruction sequences can be blindly disassembled and extracted from a packet. Being signature-free, the invention can block new and unknown buffer overflow attacks. It is immunized from almost every attack-side code obfuscation method, and transparent to the servers being protected. The approach is therefore suited to economical Internet-wide deployment with very low deployment and maintenance costs. SigFree can also handle encrypted SSL packets. An experimental study shows that SigFree can block all types of code-injection attack packets without yielding any false positives or false negatives. Moreover, SigFree causes negligible throughput degradation to normal client requests.
摘要翻译：实时，无签名的阻止程序可以防止缓冲区溢出攻击。称为SigFree的系统和方法可以过滤掉针对各种互联网服务（如Web服务）的代码注入缓冲区溢出攻击包。由于缓冲区溢出攻击通常包含可执行文件，而合法的客户端请求在大多数Internet服务中从不包含可执行文件，SigFree阻止了攻击，如果“可执行”指令序列可以被盲目地拆卸并从一包。无签名，本发明可以阻止新的和未知的缓冲区溢出攻击。几乎每个攻击方代码混淆方法都可以免疫，对被保护的服务器是透明的。因此，该方法适用于经济的互联网部署，部署和维护成本极低。 SigFree还可以处理加密的SSL数据包。一项实验研究表明，SigFree可以阻止所有类型的代码注入攻击包，而不会产生任何假阳性或假阴性。此外，SigFree对通常客户端请求的吞吐量降低可以忽略不计。

5. 发明申请

US20080022405A1 SIGNATURE-FREE BUFFER OVERFLOW ATTACK BLOCKER 有权
标题翻译：免签式缓冲区溢出攻击拦截器
公开(公告)号：US20080022405A1
公开(公告)日：2008-01-24
申请号：US11668699
申请日：2007-01-30
申请人： Xinran Wang , Chi-Chun Pan , Peng Liu , Sencun Zhu
发明人： Xinran Wang , Chi-Chun Pan , Peng Liu , Sencun Zhu
IPC分类号： G08B23/00
CPC分类号： H04L63/1441
摘要： A real-time, signature-free, blocker prevents buffer overflow attacks. The system and method, called SigFree, can filter out code injection buffer overflow attack packets targeting at various Internet services such as web services. Motivated by the observation that buffer overflow attacks typically contain executables whereas legitimate client requests never contain executables in most Internet services, SigFree blocks attacks by checking, without any preknowledge of the real attacks, if “executable” instruction sequences can be blindly disassembled and extracted from a packet. Being signature-free, the invention can block new and unknown buffer overflow attacks. It is immunized from almost every attack-side code obfuscation method, and transparent to the servers being protected. The approach is therefore suited to economical Internet-wide deployment with very low deployment and maintenance costs. SigFree can also handle encrypted SSL packets. An experimental study shows that SigFree can block all types of code-injection attack packets without yielding any false positives or false negatives. Moreover, SigFree causes negligible throughput degradation to normal client requests.
摘要翻译：实时，无签名的阻止程序可以防止缓冲区溢出攻击。称为SigFree的系统和方法可以过滤掉针对各种互联网服务（如Web服务）的代码注入缓冲区溢出攻击包。由于缓冲区溢出攻击通常包含可执行文件，而合法的客户端请求在大多数Internet服务中从不包含可执行文件，SigFree阻止了攻击，如果“可执行”指令序列可以被盲目地拆卸并从一包。无签名，本发明可以阻止新的和未知的缓冲区溢出攻击。几乎每个攻击方代码混淆方法都可以免疫，对被保护的服务器是透明的。因此，该方法适用于经济的互联网部署，部署和维护成本极低。 SigFree还可以处理加密的SSL数据包。一项实验研究表明，SigFree可以阻止所有类型的代码注入攻击包，而不会产生任何假阳性或假阴性。此外，SigFree对通常客户端请求的吞吐量降低可以忽略不计。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式