-
公开(公告)号:US20160179706A1
公开(公告)日:2016-06-23
申请号:US14579689
申请日:2014-12-22
申请人: Cedric Cochin , Jonathan Edwards , Aditya Kapoor
发明人: Cedric Cochin , Jonathan Edwards , Aditya Kapoor
CPC分类号: G06F13/126 , G06F9/4411 , G06F13/385 , G06F21/35 , G06F21/44 , G06F21/445 , G06F21/53 , G06F21/566 , G06F21/85 , H04W12/04 , H04W12/06
摘要: Certain embodiments herein relate to pairing an external device and a computer using a random user action. The random user action may be generated based on the type of device. After an external device is connected to the computer, the external device is segregated from one or more resources of the computer. A random user action based on the device type, and to be received from the external device, is generated and requested. If the random user action is received, the external device is paired with the computer and provided access to the one or more resources of the computer.
摘要翻译: 本文中的某些实施例涉及使用随机用户动作来配对外部设备和计算机。 可以基于设备的类型来生成随机用户动作。 外部设备连接到计算机后,外部设备与计算机的一个或多个资源隔离。 生成并请求基于设备类型并从外部设备接收的随机用户动作。 如果接收到随机用户操作,则外部设备与计算机配对,并提供对计算机的一个或多个资源的访问。
-
公开(公告)号:US20160180087A1
公开(公告)日:2016-06-23
申请号:US14580784
申请日:2014-12-23
申请人: Jonathan L. Edwards , Joel R. Spurlock , Aditya Kapoor , James Bean , Cedric Cochin , Craig D. Schmugar
发明人: Jonathan L. Edwards , Joel R. Spurlock , Aditya Kapoor , James Bean , Cedric Cochin , Craig D. Schmugar
IPC分类号: G06F21/56
CPC分类号: G06F21/566 , G06F21/568 , H04L63/1416 , H04L63/145 , H04L63/1491
摘要: Provided in some embodiments are systems and methods for remediating malware. Embodiments include receiving (from a process) a request to access data, determining that the process is an unknown process, providing the process with access to one or more data tokens in response to determining that the process is an unknown process, determining whether the process is engaging in suspicious activity with the one or more data tokens, and inhibiting execution of the process in response to determining that the process is engaging in suspicious activity with the one or more data tokens.
摘要翻译: 在一些实施例中提供了用于修复恶意软件的系统和方法。 实施例包括:(从处理)接收访问数据的请求,确定该进程是未知进程,响应于确定该进程是未知进程,向该进程提供对一个或多个数据令牌的访问,确定进程 正在与一个或多个数据令牌进行可疑活动,并且响应于确定该进程与一个或多个数据令牌进行可疑活动而禁止该进程的执行。
-
3.发明申请METHOD AND SYSTEM TO DETECT MALWARE THAT REMOVES ANTI-VIRUS FILE SYSTEM FILTER DRIVER FROM A DEVICE STACK 审中-公开检测从设备堆栈中移除病毒文件系统过滤器驱动程序的恶意软件的方法和系统公开(公告)号:US20110283358A1
公开(公告)日:2011-11-17
申请号:US12781263
申请日:2010-05-17
申请人: Cedric Cochin , Rachit Mathur , Tracy E. Camp
发明人: Cedric Cochin , Rachit Mathur , Tracy E. Camp
CPC分类号: G06F21/56 , G06F21/554 , G06F2221/033
摘要: A method for detecting removal of a filter driver includes performing an operation on an element of a kernel mode of an operating system, the operation initiated by a user mode entity, obtaining the result of performing the operation, and comparing the result of performing the operation against an expected result of the operation. If the result of performing the operation matches the expected result of the operation, it is determined that a file system filter driver in the kernel mode of the operating system is working correctly. If the result of performing the operation does not match the expected result of the operation, it is determined that a file system filter driver in the kernel mode of the operating system has been compromised by malware.
摘要翻译: 用于检测去除过滤器驱动器的方法包括对操作系统的内核模式的元素执行操作,由用户模式实体发起的操作,获得执行操作的结果以及执行操作的结果 反对预期的操作结果。 如果执行操作的结果与操作的预期结果相符合,则确定操作系统的内核模式中的文件系统过滤驱动器正常工作。 如果执行操作的结果与操作的预期结果不符,则确定操作系统的内核模式中的文件系统过滤器驱动程序已被恶意软件破坏。
-
4.发明申请SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR APPLYING A REGULAR EXPRESSION TO CONTENT BASED ON REQUIRED STRINGS OF THE REGULAR EXPRESSION 有权根据正常表达要求将正常表达适用于内容的系统,方法和计算机程序产品公开(公告)号:US20120311529A1
公开(公告)日:2012-12-06
申请号:US12714324
申请日:2010-02-26
CPC分类号: G06F17/30985
摘要: A system, method, and computer program product are provided for applying a regular expression to content based on required strings of the regular expression. In use, all required strings included in a regular expression are identified, the required strings including strings required by the regular expression. Additionally, it is determined whether the required strings match content. Furthermore, the regular expression is applied to the content, based on the determination.
摘要翻译: 提供了一种系统,方法和计算机程序产品,用于根据正则表达式的所需字符串将正则表达式应用于内容。 在使用中,正则表达式中包含的所有必需字符串都将被标识,所需字符串包括正则表达式所需的字符串。 另外,确定所需的字符串是否匹配内容。 此外,基于确定,将正则表达式应用于内容。
-
公开(公告)号:US08176559B2
公开(公告)日:2012-05-08
申请号:US12639465
申请日:2009-12-16
申请人: Rachit Mathur , Cedric Cochin
发明人: Rachit Mathur , Cedric Cochin
CPC分类号: G06F21/52 , G06F21/577
摘要: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for obfuscated malware. In one aspect, a method includes executing from a binary executable a call instruction and a plurality of instruction subsequent to a target of the call instruction, determining if the value identified by the stack pointer of the call stack is equal to a default value stored in the call stack prior to emulation, determining if there is a non-obfuscation signal resulting from the execution of the call instructions and the plurality of instructions, and if the value identified by the stack pointer is the default value and there is no obfuscation signal, identifying the call instruction as a possibly obfuscated call instruction; Additionally, the method includes determining that if the number of call instructions identified as possibly obfuscated call instructions exceeds a threshold number, identifying the binary executable as an obfuscated executable.
摘要翻译: 方法,系统和装置,包括在计算机存储介质上编码的计算机程序,用于混淆的恶意软件。 一方面,一种方法包括从二进制可执行程序执行呼叫指令和跟随呼叫指令的目标之后的多个指令,确定由所述调用堆栈的堆栈指针识别的值是否等于存储在所述调用堆栈中的默认值 在仿真之前的呼叫堆栈,确定是否存在由执行呼叫指令和多个指令而产生的非混淆信号,并且如果由堆栈指针识别的值是默认值并且没有混淆信号, 将呼叫指令识别为可能的模糊化呼叫指令。 另外,该方法包括确定被识别为可能的模糊化呼叫指令的呼叫指令的数量是否超过阈值数,将二进制可执行文件识别为混淆的可执行文件。
-
公开(公告)号:US20180181761A1
公开(公告)日:2018-06-28
申请号:US15392848
申请日:2016-12-28
申请人: Bidan Sinha , Arun Chundiriyil Pullat , Arpit Pradhan , German Lancioni , Priyadarshini Rao Rajan , Cedric Cochin , Craig Schmugar
发明人: Bidan Sinha , Arun Chundiriyil Pullat , Arpit Pradhan , German Lancioni , Priyadarshini Rao Rajan , Cedric Cochin , Craig Schmugar
CPC分类号: G06F21/577 , G06F21/56 , G06F21/565 , G06F21/568 , H04L63/12 , H04L63/1433 , H04L63/145
摘要: Assessing ransomware impact includes receiving an indication of a first plurality of files stored on a user device and a classification for each of the first plurality of files, determining a second plurality of files stored in a remote storage, wherein the second plurality of files corresponds to an indication of files stored on the user device at a first prior time, wherein each of the second plurality of files are associated with a second classification, determining a third plurality of files comprising files included in the first plurality of files and not included in the second plurality of files, and calculating a risk assessment based on classifications for each of the third plurality of files.
-
公开(公告)号:US08499352B2
公开(公告)日:2013-07-30
申请号:US13440595
申请日:2012-04-05
申请人: Rachit Mathur , Cedric Cochin
发明人: Rachit Mathur , Cedric Cochin
CPC分类号: G06F21/52 , G06F21/577
摘要: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for detecting obfuscated malware. In one aspect, a method includes identifying call instructions in a binary executable; executing the call instruction; executing instructions subsequent to a target of the call instruction; determining that an address identified by a stack pointer is different from the return address; in response to the determination that the address is different, determining if there is a non-obfuscation signal; if there is a non-obfuscation signal, identifying the call instruction as a non-obfuscated call instruction; if there is not a non-obfuscation signal, identifying the call instruction as a possibly obfuscated call instruction; determining whether the call instructions identified as possibly obfuscated call instructions exceeds a threshold; in response to the determination that the call instructions identified as possibly obfuscated call instructions exceeds the threshold, identifying the executable as an obfuscated executable.
摘要翻译: 方法,系统和装置,包括在计算机存储介质上编码的计算机程序,用于检测混淆的恶意软件。 一方面,一种方法包括识别二进制可执行文件中的调用指令; 执行呼叫指令; 执行所述呼叫指令的目标之后的指令; 确定由堆栈指针识别的地址不同于返回地址; 响应于地址不同的确定,确定是否存在非混淆信号; 如果存在非混淆信号,则将该呼叫指令识别为非混淆呼叫指令; 如果没有非混淆信号,则将该呼叫指令识别为可能的模糊化呼叫指令; 确定被识别为可能的模糊化呼叫指令的呼叫指令是否超过阈值; 响应于确定被识别为可能的模糊化呼叫指令的呼叫指令超过阈值,将可执行文件识别为混淆的可执行文件。
-
8.发明授权System, method, and computer program product for redirecting IRC traffic identified utilizing a port-independent algorithm and controlling IRC based malware 有权系统,方法和计算机程序产品,用于重定向使用与端口无关的算法识别的IRC流量并控制基于IRC的恶意软件公开(公告)号:US08732296B1
公开(公告)日:2014-05-20
申请号:US12436723
申请日:2009-05-06
申请人: Vinoo Thomas , Nitin Jyoti , Cedric Cochin , Rachit Mathur
发明人: Vinoo Thomas , Nitin Jyoti , Cedric Cochin , Rachit Mathur
CPC分类号: H04L63/1491 , H04L51/04 , H04L51/12 , H04L63/0227 , H04L63/1441 , H04L2463/144
摘要: A system, method, and computer program product are provided for redirecting internet relay chat (IRC) traffic identified utilizing a port-independent algorithm and controlling IRC based malware. In use, IRC traffic communicated via a network is identified utilizing a port-independent algorithm. Furthermore, the IRC traffic is redirected to a honeypot.
摘要翻译: 提供了一种系统,方法和计算机程序产品,用于重定向使用与端口无关的算法识别的互联网中继聊天(IRC)流量并控制基于IRC的恶意软件。 在使用中,通过网络传送的IRC流量通过端口独立算法来识别。 此外,IRC流量被重定向到蜜罐。
-
9.发明授权System, method, and computer program product for applying a regular expression to content based on required strings of the regular expression 有权基于正则表达式的所需字符串将正则表达式应用于内容的系统,方法和计算机程序产品公开(公告)号:US08522199B2
公开(公告)日:2013-08-27
申请号:US12714324
申请日:2010-02-26
IPC分类号: G06F9/44
CPC分类号: G06F17/30985
摘要: A system, method, and computer program product are provided for applying a regular expression to content based on required strings of the regular expression. In use, all required strings included in a regular expression are identified, the required strings including strings required by the regular expression. Additionally, it is determined whether the required strings match content. Furthermore, the regular expression is applied to the content, based on the determination.
摘要翻译: 提供了一种基于正则表达式的所需字符串将正则表达式应用于内容的系统,方法和计算机程序产品。 在使用中,正则表达式中包含的所有必需字符串都将被标识,所需字符串包括正则表达式所需的字符串。 另外,确定所需的字符串是否匹配内容。 此外,基于确定,将正则表达式应用于内容。
-
公开(公告)号:US20160182508A1
公开(公告)日:2016-06-23
申请号:US14580985
申请日:2014-12-23
申请人: Timothy J. Gresham , Tobias M. Kohlenberg , Ravi L. Sahita , Tracy E. Camp , Harvir Singh , Robert L. Vaughn , Ned M. Smith , Cedric Cochin
发明人: Timothy J. Gresham , Tobias M. Kohlenberg , Ravi L. Sahita , Tracy E. Camp , Harvir Singh , Robert L. Vaughn , Ned M. Smith , Cedric Cochin
IPC分类号: H04L29/06
CPC分类号: H04L63/0807 , H04L63/0861 , H04L63/102
摘要: A technique allows a parentally attested security token to serve as authentication for a minor using identifying attributes of the minor child. The security token may include personally identifiable information about the child, a description of authorized activity as well as specifications of intended use of the security token. The security token may include provisions for authentication to be revoked by a parent or guardian and/or expire after a predetermined time. The security token may be stored inside a trusted execution environment of a portable computing device that may be carried by the minor and presented at physical locations where authentication is required.
摘要翻译: 一种技术允许父母认证的安全令牌作为未成年人的身份认证的身份验证。 安全令牌可以包括关于孩子的个人身份信息,授权活动的描述以及安全令牌的预期用途的规范。 安全令牌可以包括由父母或监护人撤销认证和/或在预定时间之后到期的规定。 安全令牌可以存储在便携式计算设备的可信执行环境中,该便携式计算设备可由未成年人携带并在需要认证的物理位置处呈现。
-
-
-
-
-
-
-
-
-
搜索结果
12 条记录 (耗时 0.02 秒)
