-
1.发明申请公开(公告)号:US20120311708A1
公开(公告)日:2012-12-06
申请号:US13151173
申请日:2011-06-01
申请人: Romanch Agarwal , Prabhat Kumar Singh , Nitin Jyoti , Harinath Ramachetty Vishwanath , Palasamudram Ramagopal Prashanth
发明人: Romanch Agarwal , Prabhat Kumar Singh , Nitin Jyoti , Harinath Ramachetty Vishwanath , Palasamudram Ramagopal Prashanth
IPC分类号: G06F21/00
CPC分类号: G06F21/56 , G06F17/3053 , G06F17/30598 , G06F19/24 , G06F21/55 , G06F21/566 , H04L63/145
摘要: Systems and methods for detecting malicious processes in a non-signature based manner are disclosed. The system and method may include gathering features of processes running on an electronic device, applying a set of rules to the features, and applying a statistical analysis to the results of the rules application to determine whether a process should be classified into one or more of a plurality of process categories.
摘要翻译: 公开了以非签名方式检测恶意进程的系统和方法。 系统和方法可以包括收集在电子设备上运行的进程的特征,对特征应用一组规则,以及对规则应用的结果应用统计分析,以确定进程是否应该分为以下 多个进程类别。
-
2.发明授权公开(公告)号:US09323928B2
公开(公告)日:2016-04-26
申请号:US13151173
申请日:2011-06-01
申请人: Romanch Agarwal , Prabhat Kumar Singh , Nitin Jyoti , Harinath Ramachetty Vishwanath , Palasamudram Ramagopal Prashanth
发明人: Romanch Agarwal , Prabhat Kumar Singh , Nitin Jyoti , Harinath Ramachetty Vishwanath , Palasamudram Ramagopal Prashanth
CPC分类号: G06F21/56 , G06F17/3053 , G06F17/30598 , G06F19/24 , G06F21/55 , G06F21/566 , H04L63/145
摘要: Systems and methods for detecting malicious processes in a non-signature based manner are disclosed. The system and method may include gathering features of processes running on an electronic device, applying a set of rules to the features, and applying a statistical analysis to the results of the rules application to determine whether a process should be classified into one or more of a plurality of process categories.
摘要翻译: 公开了以非签名方式检测恶意进程的系统和方法。 系统和方法可以包括收集在电子设备上运行的进程的特征,对特征应用一组规则,以及对规则应用的结果应用统计分析,以确定进程是否应该分为以下 多个进程类别。
-
公开(公告)号:US08677493B2
公开(公告)日:2014-03-18
申请号:US13227407
申请日:2011-09-07
IPC分类号: G08B23/00
CPC分类号: H04L63/145 , G06F21/56 , G06F21/568
摘要: A method for providing malware cleaning includes detecting potential malware on a first device connected to a network. A request including information to allow a second device connected to the network to determine an appropriate cleaning response is sent from the first device to the second device over the network. Upon receiving the request, the second device attempts to identify an appropriate cleaning response and, if a response is identified, sends the cleaning response over the network to the first device. The cleaning response is usable by the first device to address the detected potential malware.
摘要翻译: 用于提供恶意软件清理的方法包括检测连接到网络的第一设备上的潜在恶意软件。 包括用于允许连接到网络的第二设备以确定适当的清洁响应的信息的请求通过网络从第一设备发送到第二设备。 在接收到请求时,第二设备尝试识别适当的清洁响应,并且如果识别出响应,则通过网络将清洁响应发送到第一设备。 清洁响应可由第一设备用来解决检测到的潜在恶意软件。
-
公开(公告)号:US20130061325A1
公开(公告)日:2013-03-07
申请号:US13227407
申请日:2011-09-07
CPC分类号: H04L63/145 , G06F21/56 , G06F21/568
摘要: A method for providing malware cleaning includes detecting potential malware on a first device connected to a network. A request including information to allow a second device connected to the network to determine an appropriate cleaning response is sent from the first device to the second device over the network. Upon receiving the request, the second device attempts to identify an appropriate cleaning response and, if a response is identified, sends the cleaning response over the network to the first device. The cleaning response is usable by the first device to address the detected potential malware.
摘要翻译: 用于提供恶意软件清理的方法包括检测连接到网络的第一设备上的潜在恶意软件。 包括用于允许连接到网络的第二设备以确定适当的清洁响应的信息的请求通过网络从第一设备发送到第二设备。 在接收到请求时,第二设备尝试识别适当的清洁响应,并且如果识别出响应,则通过网络将清洁响应发送到第一设备。 清洁响应可由第一设备用来解决检测到的潜在恶意软件。
-
5.发明授权System, method, and computer program product for segmenting a database based, at least in part, on a prevalence associated with known objects included in the database 有权至少部分地基于与数据库中包括的已知对象相关联的流行率来分割数据库的系统,方法和计算机程序产品公开(公告)号:US08306988B1
公开(公告)日:2012-11-06
申请号:US12605678
申请日:2009-10-26
申请人: Nitin Jyoti , Prabhat Kumar Singh , Zhenyu Zhong , Guy William Welch Roberts , Jeffrey Martin Green , Sven Krasser
发明人: Nitin Jyoti , Prabhat Kumar Singh , Zhenyu Zhong , Guy William Welch Roberts , Jeffrey Martin Green , Sven Krasser
IPC分类号: G06F7/00
CPC分类号: G06F21/57 , G06F17/30584
摘要: A system, method, and computer program product are provided for segmenting a database based, at least in part, on a prevalence associated with known objects included in the database. In operation, a database including a plurality of known objects is identified. Additionally, the database is segmented into a plurality of segments. Furthermore, each of the plurality of known objects are assigned to one of the plurality of segments, based at least in part on a prevalence associated with each of the plurality of known objects.
摘要翻译: 提供了系统,方法和计算机程序产品,用于至少部分地基于与包括在数据库中的已知对象相关联的流行率来分割数据库。 在操作中,识别包括多个已知对象的数据库。 此外,数据库被分割成多个段。 此外,至少部分地基于与多个已知对象中的每一个相关联的流行率将多个已知对象中的每一个分配给多个段中的一个。
-
公开(公告)号:US20110107424A1
公开(公告)日:2011-05-05
申请号:US12611375
申请日:2009-11-03
IPC分类号: G06F21/22
CPC分类号: G06F21/565 , G06F11/1417 , G06F11/1446 , G06F11/1451 , G06F17/30109 , G06F17/30117 , G06F21/56 , G06F21/562 , G06F21/568 , G06F2201/84 , G06F2221/034 , H04L63/1416 , H04L63/1441 , H04L67/10
摘要: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for rolling back protection processes. In one aspect, a method includes determining that a file is a malicious file, storing a duplicate of the file in a quarantine area, performing one or more protection processes on the file, if the determination that the file is a malicious file is a false positive determination, restoring the file by a pre-boot rollback process to a state prior to the one or more protection processes performed on the file, and booting the computer with the restored file, and if the determination that the file is a malicious file is not a false positive determination, not restoring the file to a state prior to the one or more protection processes performed on the file, and booting the computer.
摘要翻译: 方法,系统和装置,包括在计算机存储介质上编码的计算机程序,用于回滚保护过程。 在一个方面,一种方法包括确定文件是恶意文件,将文件的副本存储在隔离区域中,对该文件执行一个或多个保护处理,如果该文件是恶意文件的确定是假的 肯定的确定,通过预引导回滚过程将文件恢复到对文件执行的一个或多个保护过程之前的状态,以及使用恢复的文件引导计算机,并且如果文件是恶意文件的确定是 不是错误的肯定决定,不将文件恢复到在文件执行的一个或多个保护过程之前的状态,以及引导计算机。
-
7.发明申请SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR SEGMENTING A DATABASE BASED, AT LEAST IN PART, ON A PREVALENCE ASSOCIATED WITH KNOWN OBJECTS INCLUDED IN THE DATABASE 审中-公开基于数据库的系统,方法和计算机程序产品,至少部分在与数据库中包含的已知对象相关的预防性公开(公告)号:US20130031111A1
公开(公告)日:2013-01-31
申请号:US13645164
申请日:2012-10-04
申请人: Nitin Jyoti , Prabhat Kumar Singh , Zhenyu Zhong , Guy William Welch Roberts , Jeffrey Martin Green , Sven Krasser
发明人: Nitin Jyoti , Prabhat Kumar Singh , Zhenyu Zhong , Guy William Welch Roberts , Jeffrey Martin Green , Sven Krasser
IPC分类号: G06F17/30
CPC分类号: G06F21/57 , G06F16/278
摘要: A system, method, and computer program product are provided for segmenting a database based, at least in part, on a prevalence associated with known objects included in the database. In operation, a database including a plurality of known objects is identified. Additionally, the database is segmented into a plurality of segments. Furthermore, each of the plurality of known objects are assigned to one of the plurality of segments, based at least in part on a prevalence associated with each of the plurality of known objects.
摘要翻译: 提供了系统,方法和计算机程序产品,用于至少部分地基于与包括在数据库中的已知对象相关联的流行率来分割数据库。 在操作中,识别包括多个已知对象的数据库。 此外,数据库被分割成多个段。 此外,至少部分地基于与多个已知对象中的每一个相关联的流行率将多个已知对象中的每一个分配给多个段中的一个。
-
公开(公告)号:US08539583B2
公开(公告)日:2013-09-17
申请号:US12611375
申请日:2009-11-03
IPC分类号: H04L29/06
CPC分类号: G06F21/565 , G06F11/1417 , G06F11/1446 , G06F11/1451 , G06F17/30109 , G06F17/30117 , G06F21/56 , G06F21/562 , G06F21/568 , G06F2201/84 , G06F2221/034 , H04L63/1416 , H04L63/1441 , H04L67/10
摘要: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for rolling back protection processes. In one aspect, a method includes determining that a file is a malicious file, storing a duplicate of the file in a quarantine area, performing one or more protection processes on the file, if the determination that the file is a malicious file is a false positive determination, restoring the file by a pre-boot rollback process to a state prior to the one or more protection processes performed on the file, and booting the computer with the restored file, and if the determination that the file is a malicious file is not a false positive determination, not restoring the file to a state prior to the one or more protection processes performed on the file, and booting the computer.
摘要翻译: 方法,系统和装置,包括在计算机存储介质上编码的计算机程序,用于回滚保护过程。 在一个方面,一种方法包括确定文件是恶意文件,将文件的副本存储在隔离区域中,对该文件执行一个或多个保护处理,如果该文件是恶意文件的确定是假的 肯定的确定,通过预引导回滚过程将文件恢复到对文件执行的一个或多个保护过程之前的状态,以及使用恢复的文件引导计算机,并且如果文件是恶意文件的确定是 不是错误的肯定决定,不将文件恢复到在文件执行的一个或多个保护过程之前的状态,以及引导计算机。
-
9.发明授权System, method, and computer program product for redirecting IRC traffic identified utilizing a port-independent algorithm and controlling IRC based malware 有权系统,方法和计算机程序产品,用于重定向使用与端口无关的算法识别的IRC流量并控制基于IRC的恶意软件公开(公告)号:US08732296B1
公开(公告)日:2014-05-20
申请号:US12436723
申请日:2009-05-06
申请人: Vinoo Thomas , Nitin Jyoti , Cedric Cochin , Rachit Mathur
发明人: Vinoo Thomas , Nitin Jyoti , Cedric Cochin , Rachit Mathur
CPC分类号: H04L63/1491 , H04L51/04 , H04L51/12 , H04L63/0227 , H04L63/1441 , H04L2463/144
摘要: A system, method, and computer program product are provided for redirecting internet relay chat (IRC) traffic identified utilizing a port-independent algorithm and controlling IRC based malware. In use, IRC traffic communicated via a network is identified utilizing a port-independent algorithm. Furthermore, the IRC traffic is redirected to a honeypot.
摘要翻译: 提供了一种系统,方法和计算机程序产品,用于重定向使用与端口无关的算法识别的互联网中继聊天(IRC)流量并控制基于IRC的恶意软件。 在使用中,通过网络传送的IRC流量通过端口独立算法来识别。 此外,IRC流量被重定向到蜜罐。
-
10.发明申请SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR IDENTIFYING UNWANTED ACTIVITY UTILIZING A HONEYPOT DEVICE ACCESSIBLE VIA VLAN TRUNKING 有权系统,方法和计算机程序产品,用于识别使用通过VLAN传输访问的蜂窝设备的无用活动公开(公告)号:US20120180131A1
公开(公告)日:2012-07-12
申请号:US13415418
申请日:2012-03-08
申请人: Vinoo Thomas , Nitin Jyoti
发明人: Vinoo Thomas , Nitin Jyoti
CPC分类号: H04L63/1491
摘要: A system, method, and computer program product are provided for identifying unwanted activity utilizing a honeypot accessible via virtual local area network (VLAN) trunking. In use, a honeypot device is allowed to be accessed via VLAN trunking. Furthermore, unwanted data is identified, utilizing the honeypot device.
摘要翻译: 提供了一种系统,方法和计算机程序产品,用于通过经由虚拟局域网(VLAN)集群可访问的蜜罐识别不需要的活动。 在使用中,允许通过VLAN中继访问蜜罐设备。 此外,利用蜜罐设备来识别不想要的数据。
-
-
-
-
-
-
-
-
-
搜索结果
14 条记录 (耗时 0.024 秒)
