公开(公告)号：US20160105454A1

公开(公告)日：2016-04-14

申请号：US14879876

申请日：2015-10-09

Applicant: NEC Laboratories America, Inc.

Inventor： Zhichun Li ,  Zhenyu Wu ,  Zhiyun Qian ,  Guofei Jiang ,  Masoud Akhoondi ,  Markus Kusano

IPC: H04L29/06 ,  G06F17/30

CPC classification number: H04L63/1416 ,  G06F17/30958 ,  H04L63/1425 ,  H04L63/1441 ,  H04L2463/146

Abstract: Methods and systems for intrusion attack recovery include monitoring two or more hosts in a network to generate audit logs of system events. One or more dependency graphs (DGraphs) is generated based on the audit logs. A relevancy score for each edge of the DGraphs is determined. Irrelevant events from the DGraphs are pruned to generate a condensed backtracking graph. An origin is located by backtracking from an attack detection point in the condensed backtracking graph.

Abstract translation: 入侵攻击恢复的方法和系统包括监控网络中的两个或多个主机以生成系统事件的审核日志。 基于审计日志生成一个或多个依赖关系图（DGraphs）。 确定DGraph的每个边缘的相关性得分。 修剪来自DGraphs的不相关事件，以生成一个浓缩回溯图。 原点是通过从浓缩回溯图中的攻击检测点进行回溯定位。

公开(公告)号：US09602528B2

公开(公告)日：2017-03-21

申请号：US14712421

申请日：2015-05-14

Applicant: NEC Laboratories America, Inc.

Inventor： Zhiyun Qian ,  Jun Wang ,  Zhichun Li ,  Zhenyu Wu ,  Junghwan Rhee ,  Xia Ning ,  Guofei Jiang

IPC: G06F21/00 ,  H04L29/06 ,  G06N99/00 ,  G06F11/30 ,  G06F21/50 ,  G06F21/55

CPC classification number: H04L63/1425 ,  G06F11/30 ,  G06F21/50 ,  G06F21/552 ,  G06F21/554 ,  G06N99/005 ,  H04L63/1441

Abstract: Methods and systems for process constraint include collecting system call information for a process. It is detected whether the process is idle based on the system call information and then whether the process is repeating using autocorrelation to determine whether the process issues system calls in a periodic fashion. The process is constrained if it is idle or repeating to limit an attack surface presented by the process.

公开(公告)号：US09736173B2

公开(公告)日：2017-08-15

申请号：US14879876

申请日：2015-10-09

Applicant: NEC Laboratories America, Inc.

Inventor： Zhichun Li ,  Zhenyu Wu ,  Zhiyun Qian ,  Guofei Jiang ,  Masoud Akhoondi ,  Markus Kusano

IPC: G06F21/55 ,  H04L29/06 ,  G06F17/30

CPC classification number: H04L63/1416 ,  G06F17/30958 ,  H04L63/1425 ,  H04L63/1441 ,  H04L2463/146

Abstract: Methods and systems for intrusion attack recovery include monitoring two or more hosts in a network to generate audit logs of system events. One or more dependency graphs (DGraphs) is generated based on the audit logs. A relevancy score for each edge of the DGraphs is determined. Irrelevant events from the DGraphs are pruned to generate a condensed backtracking graph. An origin is located by backtracking from an attack detection point in the condensed backtracking graph.

公开(公告)号：US09245125B2

公开(公告)日：2016-01-26

申请号：US14552470

申请日：2014-11-24

Applicant: NEC Laboratories America, Inc.

Inventor： Zhichun Li ,  Zhenyu Wu ,  Zhiyun Qian ,  Guofei Jiang ,  Kangjie Lu ,  Vasileios Kemerlis

IPC: G06F12/16 ,  G06F21/57

CPC classification number: G06F21/577 ,  G06F21/554 ,  G06F21/6263 ,  G06F2221/033

Abstract: Systems and methods are disclosed for protecting privacy in an application software (app) by detecting application repacking; detecting application tainting, including: detecting descrying information leakage; detecting vulnerability espial; and detecting a privacy leak.

Abstract translation: 公开了通过检测应用重新打包来保护应用软件（app）中的隐私的系统和方法; 检测应用程序污染，包括：检测信息泄漏; 检测脆弱性; 并检测隐私泄漏。

公开(公告)号：US20150334128A1

公开(公告)日：2015-11-19

申请号：US14712421

申请日：2015-05-14

Applicant: NEC Laboratories America, Inc.

Inventor： Zhiyun Qian ,  Jun Wang ,  Zhichun Li ,  Zhenyu Wu ,  Junghwan Rhee ,  Xia Ning ,  Guofei Jiang

IPC: H04L29/06 ,  G06N99/00

CPC classification number: H04L63/1425 ,  G06F11/30 ,  G06F21/50 ,  G06F21/552 ,  G06F21/554 ,  G06N99/005 ,  H04L63/1441

Abstract: Methods and systems for process constraint include collecting system call information for a process. It is detected whether the process is idle based on the system call information and then whether the process is repeating using autocorrelation to determine whether the process issues system calls in a periodic fashion. The process is constrained if it is idle or repeating to limit an attack surface presented by the process.

Abstract translation: 过程约束的方法和系统包括收集过程的系统调用信息。 基于系统调用信息检测进程是否空闲，然后检查进程是否使用自相关重复以确定进程是否以周期性方式发出系统调用。 如果空闲或重复限制进程所呈现的攻击面，则该进程受到约束。

公开(公告)号：US20150242635A1

公开(公告)日：2015-08-27

申请号：US14552470

申请日：2014-11-24

Applicant: NEC Laboratories America, Inc.

Inventor： Zhichun Li ,  Zhenyu Wu ,  Zhiyun Qian ,  Guofei Jiang ,  Kangjie Lu ,  Vasileios Kemerlis

IPC: G06F21/57

CPC classification number: G06F21/577 ,  G06F21/554 ,  G06F21/6263 ,  G06F2221/033

Abstract: Systems and methods are disclosed for protecting privacy in an application software (app) by detecting application repacking; detecting application tainting, including: detecting descrying information leakage; detecting vulnerability espial; and detecting a privacy leak.

Abstract translation: 公开了通过检测应用重新打包来保护应用软件（app）中的隐私的系统和方法; 检测应用程序污染，包括：检测信息泄漏; 检测脆弱性; 并检测隐私泄漏。