公开(公告)号：US09419981B2

公开(公告)日：2016-08-16

申请号：US12092224

申请日：2006-10-31

申请人： Salvatore J. Stolfo ,  Gabriela F. Ciocarlie ,  Vanessa Frias-Martinez ,  Janak Parekh ,  Angelos D. Keromytis ,  Joseph Sherrick

发明人： Salvatore J. Stolfo ,  Gabriela F. Ciocarlie ,  Vanessa Frias-Martinez ,  Janak Parekh ,  Angelos D. Keromytis ,  Joseph Sherrick

IPC分类号： H04L29/06

CPC分类号： H04L63/102 ,  H04L63/145

摘要： Methods, media, and systems for securing communications between a first node and a second node are provided. In some embodiments, methods for securing communication between a first node and a second node are provided. The methods comprising: receiving at least one model of behavior of the second node at the first node; and authorizing the first node to receive traffic from the second node based on the difference between the at least one model of behavior of the second node and at least one model of behavior of the first node.

摘要翻译： 提供了用于保护第一节点和第二节点之间的通信的方法，媒体和系统。 在一些实施例中，提供了用于确保第一节点和第二节点之间的通信的方法。 所述方法包括：在所述第一节点处接收所述第二节点的至少一个行为模型; 并且基于所述第二节点的所述至少一个行为模型与所述第一节点的行为的至少一个模型之间的差异，授权所述第一节点从所述第二节点接收流量。

公开(公告)号：US20110214161A1

公开(公告)日：2011-09-01

申请号：US12092224

申请日：2006-10-31

申请人： Salvatore J. Stolfo ,  Gabriela F. Ciocarlie ,  Vanessa Frias-Martinez ,  Janak Parekh ,  Angelos D. Keromytis ,  Joseph Sherrick

发明人： Salvatore J. Stolfo ,  Gabriela F. Ciocarlie ,  Vanessa Frias-Martinez ,  Janak Parekh ,  Angelos D. Keromytis ,  Joseph Sherrick

IPC分类号： G06F21/20

CPC分类号： H04L63/102 ,  H04L63/145

摘要： Methods, media, and systems for securing communications between a first node and a second node are provided. In some embodiments, methods for securing communication between a first node and a second node are provided. The methods comprising: receiving at least one model of behavior of the second node at the first node; and authorizing the first node to receive traffic from the second node based on the difference between the at least one model of behavior of the second node and at least one model of behavior of the first node.

摘要翻译： 提供了用于保护第一节点和第二节点之间的通信的方法，媒体和系统。 在一些实施例中，提供了用于确保第一节点和第二节点之间的通信的方法。 所述方法包括：在所述第一节点处接收所述第二节点的至少一个行为模型; 并且基于所述第二节点的所述至少一个行为模型与所述第一节点的行为的至少一个模型之间的差异，授权所述第一节点从所述第二节点接收流量。

公开(公告)号：US20180077165A1

公开(公告)日：2018-03-15

申请号：US15587763

申请日：2017-05-05

申请人： Salvatore J. Stolfo ,  Gabriela F. Ciocarlie ,  Vanessa Frias-Martinez ,  Janak Parekh ,  Angelos D. Keromytis ,  Joseph Sherrick

发明人： Salvatore J. Stolfo ,  Gabriela F. Ciocarlie ,  Vanessa Frias-Martinez ,  Janak Parekh ,  Angelos D. Keromytis ,  Joseph Sherrick

IPC分类号： H04L29/06

CPC分类号： H04L63/102 ,  H04L63/145

摘要： Methods, media, and systems for securing communications between a first node and a second node are provided. In some embodiments, methods for securing communication between a first node and a second node are provided. The methods comprising: receiving at least one model of behavior of the second node at the first node; and authorizing the first node to receive traffic from the second node based on the difference between the at least one model of behavior of the second node and at least one model of behavior of the first node.

公开(公告)号：US10178113B2

公开(公告)日：2019-01-08

申请号：US14798006

申请日：2015-07-13

申请人： Gabriela F. Ciocarlie ,  Angelos Stavrou ,  Salvatore J. Stolfo ,  Angelos D. Keromytis

发明人： Gabriela F. Ciocarlie ,  Angelos Stavrou ,  Salvatore J. Stolfo ,  Angelos D. Keromytis

IPC分类号： H04L29/06 ,  G06N99/00

摘要： Systems, methods, and media for generating sanitized data, sanitizing anomaly detection models, and generating anomaly detection models are provided. In some embodiments, methods for sanitizing anomaly detection models are provided. The methods including: receiving at least one abnormal anomaly detection model from at least one remote location; comparing at least one of the at least one abnormal anomaly detection model to a local normal detection model to produce a common set of features common to both the at least one abnormal anomaly detection model and the local normal detection model; and generating a sanitized normal anomaly detection model by removing the common set of features from the local normal detection model.

公开(公告)号：US20150326597A1

公开(公告)日：2015-11-12

申请号：US14798006

申请日：2015-07-13

申请人： Gabriela F. Ciocarlie ,  Angelos Stavrou ,  Salvatore J. Stolfo ,  Angelos D. Keromytis

发明人： Gabriela F. Ciocarlie ,  Angelos Stavrou ,  Salvatore J. Stolfo ,  Angelos D. Keromytis

IPC分类号： H04L29/06

CPC分类号： H04L63/1425 ,  G06N99/005 ,  H04L63/14

摘要： Systems, methods, and media for generating sanitized data, sanitizing anomaly detection models, and generating anomaly detection models are provided. In some embodiments, methods for sanitizing anomaly detection models are provided. The methods including: receiving at least one abnormal anomaly detection model from at least one remote location; comparing at least one of the at least one abnormal anomaly detection model to a local normal detection model to produce a common set of features common to both the at least one abnormal anomaly detection model and the local normal detection model; and generating a sanitized normal anomaly detection model by removing the common set of features from the local normal detection model.

摘要翻译： 提供了生成消毒数据，消毒异常检测模型和生成异常检测模型的系统，方法和介质。 在一些实施例中，提供了用于消毒异常检测模型的方法。 所述方法包括：从至少一个远程位置接收至少一个异常异常检测模型; 将所述至少一个异常异常检测模型中的至少一个与本地正常检测模型进行比较，以产生所述至少一个异常异常检测模型和所述局部正常检测模型共同的共同特征集合; 并通过从局部正态检测模型中去掉共同的特征集，产生消毒的正常异常检测模型。

公开(公告)号：US08667588B2

公开(公告)日：2014-03-04

申请号：US12837302

申请日：2010-07-15

申请人： Salvatore J. Stolfo ,  Angelos D. Keromytis ,  Vishal Misra ,  Michael E. Locasto ,  Janak Parekh

发明人： Salvatore J. Stolfo ,  Angelos D. Keromytis ,  Vishal Misra ,  Michael E. Locasto ,  Janak Parekh

IPC分类号： H04L29/06

CPC分类号： H04L63/1408

摘要： Systems and methods provide an alert correlator and an alert distributor that enable early signs of an attack to be detected and rapidly disseminated to collaborating systems. The alert correlator utilizes data structures to correlate alert detections and provide a mechanism through which threat information can be revealed to other collaborating systems. The alert distributor uses an efficient technique to group collaborating systems and then pass data between certain members of those groups according to a schedule. In this way data can be routinely distributed without generating excess traffic loads.

摘要翻译： 系统和方法提供警报相关器和警报分发器，其能够检测到攻击的早期迹象并且迅速地传播到协作系统。 警报相关器利用数据结构来关联警报检测，并提供可以向其他协作系统透露威胁信息的机制。 警报分配器使用有效的技术来对协作系统进行分组，然后根据时间表在某些成员之间传递数据。 以这种方式，数据可以定期分布，而不会产生过多的流量负载。

公开(公告)号：US20100281542A1

公开(公告)日：2010-11-04

申请号：US12837302

申请日：2010-07-15

申请人： Salvatore J. Stolfo ,  Angelos D. Keromytis ,  Vishal Misra ,  Michael E. Locasto ,  Janak Parekh

发明人： Salvatore J. Stolfo ,  Angelos D. Keromytis ,  Vishal Misra ,  Michael E. Locasto ,  Janak Parekh

IPC分类号： G06F11/00 ,  G06F15/16

CPC分类号： H04L63/1408

摘要： Systems and methods provide an alert correlator and an alert distributor that enable early signs of an attack to be detected and rapidly disseminated to collaborating systems. The alert correlator utilizes data structures to correlate alert detections and provide a mechanism through which threat information can be revealed to other collaborating systems. The alert distributor uses an efficient technique to group collaborating systems and then pass data between certain members of those groups according to a schedule. In this way data can be routinely distributed without generating excess traffic loads.

摘要翻译： 系统和方法提供警报相关器和警报分发器，其能够检测到攻击的早期迹象并且迅速地传播到协作系统。 警报相关器利用数据结构来关联警报检测，并提供可以向其他协作系统透露威胁信息的机制。 警报分配器使用有效的技术来对协作系统进行分组，然后根据时间表在某些成员之间传递数据。 以这种方式，数据可以定期分布，而不会产生过多的流量负载。

公开(公告)号：US07784097B1

公开(公告)日：2010-08-24

申请号：US10996574

申请日：2004-11-24

申请人： Salvatore J. Stolfo ,  Angelos D. Keromytis ,  Vishal Misra ,  Michael E. Locasto ,  Janak Parekh

发明人： Salvatore J. Stolfo ,  Angelos D. Keromytis ,  Vishal Misra ,  Michael E. Locasto ,  Janak Parekh

IPC分类号： G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G06F11/30 ,  G06F15/16 ,  G06F15/177 ,  G08B23/00 ,  B41K3/38

CPC分类号： H04L63/1408

摘要： Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems are provided. These systems and methods provide an alert correlator and an alert distributor that enable early signs of an attack to be detected and rapidly disseminated to collaborating systems. The alert correlator utilizes data structures to correlate alert detections and provide a mechanism through which threat information can be revealed to other collaborating systems. The alert distributor uses an efficient technique to group collaborating systems and then pass data between certain members of those groups according to a schedule. In this way data can be routinely distributed without generating excess traffic loads.

摘要翻译： 提供了在协作计算机系统之间关联和分发入侵警报信息的系统和方法。 这些系统和方法提供警报相关器和警报分发器，其使得能够检测到攻击的早期迹象并且迅速地传播到协作系统。 警报相关器利用数据结构来关联警报检测，并提供可以向其他协作系统透露威胁信息的机制。 警报分配器使用有效的技术来对协作系统进行分组，然后根据时间表在某些成员之间传递数据。 以这种方式，数据可以定期分布，而不会产生过多的流量负载。

公开(公告)号：US20100281541A1

公开(公告)日：2010-11-04

申请号：US12833743

申请日：2010-07-09

申请人： Salvatore J. Stolfo ,  Tal Malkin ,  Angelos D. Keromytis ,  Vishal Misra ,  Michael Locasto ,  Janak Parekh

发明人： Salvatore J. Stolfo ,  Tal Malkin ,  Angelos D. Keromytis ,  Vishal Misra ,  Michael Locasto ,  Janak Parekh

IPC分类号： G06F11/00

CPC分类号： H04L63/1416 ,  G06F21/552 ,  G06F21/554 ,  H04L63/145 ,  H04L63/1475 ,  H04L63/1491

摘要： Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems are provided. These systems and methods provide an alert correlator and an alert distributor that enable early signs of an attack to be detected and rapidly disseminated to collaborating systems. The alert correlator utilizes data structures to correlate alert detections and provide a mechanism through which threat information can be revealed to other collaborating systems. The alert distributor uses an efficient technique to group collaborating systems and then pass data between certain members of those groups according to a schedule. In this way data can be routinely distributed without generating excess traffic loads.

摘要翻译： 提供了在协作计算机系统之间关联和分发入侵警报信息的系统和方法。 这些系统和方法提供警报相关器和警报分发器，其使得能够检测到攻击的早期迹象并且迅速地传播到协作系统。 警报相关器利用数据结构来关联警报检测，并提供可以向其他协作系统透露威胁信息的机制。 警报分配器使用有效的技术来对协作系统进行分组，然后根据时间表在某些成员之间传递数据。 以这种方式，数据可以定期分布，而不会产生过多的流量负载。

公开(公告)号：US07779463B2

公开(公告)日：2010-08-17

申请号：US10864226

申请日：2004-06-09

申请人： Salvatore J. Stolfo ,  Tal Malkin ,  Angelos D. Keromytis ,  Vishal Misra ,  Michael Locasto ,  Janak Parekh

发明人： Salvatore J. Stolfo ,  Tal Malkin ,  Angelos D. Keromytis ,  Vishal Misra ,  Michael Locasto ,  Janak Parekh

IPC分类号： G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G08B23/00 ,  G06F11/30 ,  B41K3/38 ,  G06F15/16 ,  G06F15/177

CPC分类号： H04L63/1416 ,  G06F21/552 ,  G06F21/554 ,  H04L63/145 ,  H04L63/1475 ,  H04L63/1491

摘要： Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems are provided. These systems and methods provide an alert correlator and an alert distributor that enable early signs of an attack to be detected and rapidly disseminated to collaborating systems. The alert correlator utilizes data structures to correlate alert detections and provide a mechanism through which threat information can be revealed to other collaborating systems. The alert distributor uses an efficient technique to group collaborating systems and then pass data between certain members of those groups according to a schedule. In this way data can be routinely distributed without generating excess traffic loads.