-
公开(公告)号:US07424619B1
公开(公告)日:2008-09-09
申请号:US10269694
申请日:2002-10-11
申请人: Wei Fan , Salvatore J. Stolfo
发明人: Wei Fan , Salvatore J. Stolfo
IPC分类号: G06F11/30 , G06F11/00 , G06F17/30 , H04L9/32 , H04L12/56 , H04L12/26 , H04L12/24 , G05B13/02
CPC分类号: H04L63/1425 , G06F21/552 , H04L41/16 , H04L43/00
摘要: In a method of generating an anomaly detection model for classifying activities of a computer system, using a training set of data corresponding to activity on the computer system, the training set comprising a plurality of instances of data having features, and wherein each feature in said plurality of features has a plurality of values. For a selected feature and a selected value of the selected feature, a quantity is determined which corresponds to the relative sparsity of such value. The quantity may correspond to the difference between the number occurrences of the selected value and the number of occurrences of the most frequently occurring value. These instances are classified as anomaly and added to the training set of normal data to generate a rule set or other detection model.
摘要翻译: 在产生用于对计算机系统的活动进行分类的异常检测模型的方法中,使用与计算机系统上的活动相对应的数据的训练集合,所述训练集合包括具有特征的多个数据实例,并且其中所述 多个特征具有多个值。 对于所选特征和所选特征的选定值,确定与该值相对稀疏度对应的数量。 数量可以对应于所选值的出现次数与最常发生值的出现次数之间的差异。 这些实例被分类为异常,并添加到正常数据的训练集中以生成规则集或其他检测模型。
-
2.发明授权Method and system for using intelligent agents for financial transactions, services, accounting, and advice 失效使用智能代理进行金融交易,服务,会计和咨询的方法和系统
公开(公告)号:US5920848A
公开(公告)日:1999-07-06
申请号:US10677
申请日:1998-01-22
申请人: Daniel Schutzer , William Hull Forster, Jr. , Huanrui Hu , Wenke Lee , Salvatore J. Stolfo , Wei Fan
发明人: Daniel Schutzer , William Hull Forster, Jr. , Huanrui Hu , Wenke Lee , Salvatore J. Stolfo , Wei Fan
CPC分类号: G06Q40/02 , G06Q20/10 , G06Q20/108 , G06Q20/18 , G06Q40/128
摘要: The present invention relates to the use of computerized intelligent agents to facilitate the integration of networked performance of financial transactions with computerized methods of financial accounting. Incorporated into this combined financial transaction/financial accounting system are intelligent agents that automatically analyze the system information to provide users with financial advice. This invention permits the automated performance on-line of a wide variety of financial transactions and integrates these transactions with computerized financial accounting. All of this information is collated and analyzed automatically by intelligent agents, which generate user-specific financial reports, profiles, and advice, and under appropriate conditions take action.
摘要翻译: 本发明涉及使用计算机智能代理来促进金融交易的联网绩效与计算机化的财务会计方法的整合。 并入该组合的金融交易/财务会计系统是智能代理,可自动分析系统信息,为用户提供财务咨询。 本发明允许在线进行各种金融交易的自动化表现,并将这些交易与计算机化的财务会计相结合。 所有这些信息都由智能代理自动整理和分析,这些代理生成用户特定的财务报告,配置文件和建议,并在适当的条件下采取行动。
-
3.发明授权公开(公告)号:US07818797B1
公开(公告)日:2010-10-19
申请号:US10269718
申请日:2002-10-11
申请人: Wei Fan , Wenke Lee , Matthew Miller , Salvatore J. Stolfo
发明人: Wei Fan , Wenke Lee , Matthew Miller , Salvatore J. Stolfo
IPC分类号: G06F12/16
CPC分类号: H04L63/1425 , G06F21/55
摘要: A method of detecting an intrusion in the operation of a computer system based on a plurality of events. A rule set is determined for a training set of data comprising a set of features having associated costs. For each of a plurality of events, the set of features is computed and a class is predicted for the features with a rule of the rule set. For each event predicted as an intrusion, a response cost and a damage cost are determined, wherein the damage cost is determined based on such factors as the technique of the intrusion, the criticality of the component of the computer system subject to the intrusion, and a measure of progress of the intrusion. If the damage cost is greater than or equal to the response cost, a response to the event.
摘要翻译: 一种基于多个事件来检测计算机系统的操作中的入侵的方法。 对于包括具有相关联的成本的一组特征的训练数据集来确定规则集。 对于多个事件中的每一个,计算特征集合,并且针对具有规则集合的规则的特征预测类。 对于作为入侵预测的每个事件,确定响应成本和损害成本,其中损害成本基于入侵技术,受入侵的计算机系统的组件的关键性以及 入侵进度的度量。 如果损害成本大于或等于响应成本,则对事件做出回应。
-
公开(公告)号:US20200019705A1
公开(公告)日:2020-01-16
申请号:US16579318
申请日:2019-09-23
摘要: Methods, media, and systems for detecting an anomalous sequence of function calls are provided. The methods can include compressing a sequence of function calls made by the execution of a program using a compression model; and determining the presence of an anomalous sequence of function calls in the sequence of function calls based on the extent to which the sequence of function calls is compressed. The methods can further include executing at least one known program; observing at least one sequence of function calls made by the execution of the at least one known program; assigning each type of function call in the at least one sequence of function calls made by the at least one known program a unique identifier; and creating at least part of the compression model by recording at least one sequence of unique identifiers.
-
公开(公告)号:US10178113B2
公开(公告)日:2019-01-08
申请号:US14798006
申请日:2015-07-13
摘要: Systems, methods, and media for generating sanitized data, sanitizing anomaly detection models, and generating anomaly detection models are provided. In some embodiments, methods for sanitizing anomaly detection models are provided. The methods including: receiving at least one abnormal anomaly detection model from at least one remote location; comparing at least one of the at least one abnormal anomaly detection model to a local normal detection model to produce a common set of features common to both the at least one abnormal anomaly detection model and the local normal detection model; and generating a sanitized normal anomaly detection model by removing the common set of features from the local normal detection model.
-
公开(公告)号:US20160364568A1
公开(公告)日:2016-12-15
申请号:US15247154
申请日:2016-08-25
摘要: Methods, media, and systems for detecting an anomalous sequence of function calls are provided. The methods can include compressing a sequence of function calls made by the execution of a program using a compression model; and determining the presence of an anomalous sequence of function calls in the sequence of function calls based on the extent to which the sequence of function calls is compressed. The methods can further include executing at least one known program; observing at least one sequence of function calls made by the execution of the at least one known program; assigning each type of function call in the at least one sequence of function calls made by the at least one known program a unique identifier; and creating at least part of the compression model by recording at least one sequence of unique identifiers.
-
公开(公告)号:US09450979B2
公开(公告)日:2016-09-20
申请号:US14185175
申请日:2014-02-20
CPC分类号: G06F21/566 , G06F11/08 , G06F11/3688 , G06F2221/033 , G06N7/005 , H04L63/1425
摘要: Methods, media, and systems for detecting an anomalous sequence of function calls are provided. The methods can include compressing a sequence of function calls made by the execution of a program using a compression model; and determining the presence of an anomalous sequence of function calls in the sequence of function calls based on the extent to which the sequence of function calls is compressed. The methods can further include executing at least one known program; observing at least one sequence of function calls made by the execution of the at least one known program; assigning each type of function call in the at least one sequence of function calls made by the at least one known program a unique identifier; and creating at least part of the compression model by recording at least one sequence of unique identifiers.
-
8.发明申请公开(公告)号:US20150058982A1
公开(公告)日:2015-02-26
申请号:US13987690
申请日:2013-08-20
IPC分类号: H04L29/06
CPC分类号: H04L63/1425 , G06F17/30914
摘要: A method for unsupervised anomaly detection, which are algorithms that are designed to process unlabeled data. Data elements are mapped to a feature space which is typically a vector space d. Anomalies are detected by determining which points lies in sparse regions of the feature space. Two feature maps are used for mapping data elements to a feature apace. A first map is a data-dependent normalization feature map which we apply to network connections. A second feature map is a spectrum kernel which we apply to system call traces.
摘要翻译: 一种用于无监督异常检测的方法,它们是用于处理未标记数据的算法。 数据元素被映射到通常是向量空间d的特征空间。 通过确定哪些点位于特征空间的稀疏区域来检测异常。 两个特征图用于将数据元素映射到特征空间。 第一张地图是我们适用于网络连接的依赖于数据的规范化特征图。 第二个特征图是我们应用于系统调用轨迹的频谱内核。
-
9.发明授权Systems, methods, and media for detecting network anomalies using a trained probabilistic model 有权使用训练有素的概率模型检测网络异常的系统,方法和媒体公开(公告)号:US08844033B2
公开(公告)日:2014-09-23
申请号:US12994550
申请日:2009-05-27
CPC分类号: H04L63/1425 , H04L63/1416 , H04L63/1466 , H04L67/02 , H04L69/16
摘要: Systems, methods, and media for detecting network anomalies are provided. In some embodiments, a training dataset of communication protocol messages having argument strings is received. The content and structure associated with each of the argument strings is determined and a probabilistic model is trained using the determined content and structure of each of the argument strings. A communication protocol message having an argument string that is transmitted from a first processor to a second processor across a computer network is received. The received communication protocol message is compared to the probabilistic model and then it is determined whether the communication protocol message is anomalous.
摘要翻译: 提供了检测网络异常的系统,方法和介质。 在一些实施例中,接收具有参数串的通信协议消息的训练数据集。 确定与每个参数串相关联的内容和结构,并且使用确定的每个参数串的内容和结构来训练概率模型。 接收具有通过计算机网络从第一处理器发送到第二处理器的参数串的通信协议消息。 将接收到的通信协议消息与概率模型进行比较,然后确定通信协议消息是否是异常的。
-
10.发明授权Methods, systems, and media for masquerade attack detection by monitoring computer user behavior 有权通过监控计算机用户行为进行伪装攻击检测的方法,系统和媒体公开(公告)号:US08769684B2
公开(公告)日:2014-07-01
申请号:US12628587
申请日:2009-12-01
CPC分类号: H04L63/1416 , G06F21/50 , G06F21/55 , G06F21/552 , G06F21/554 , G06F21/566 , H04L29/06884 , H04L29/06897 , H04L63/1408 , H04L63/1425 , H04L63/1491
摘要: Methods, systems, and media for masquerade attack detection by monitoring computer user behavior are provided. In accordance with some embodiments, a method for detecting masquerade attacks is provided, the method comprising: monitoring a first plurality of user actions and access of decoy information in a computing environment; generating a user intent model for a category that includes at least one of the first plurality of user actions; monitoring a second plurality of user actions; comparing the second plurality of user actions with the user intent model by determining deviation from the generated user intent model; identifying whether the second plurality of user actions is a masquerade attack based at least in part on the comparison; and generating an alert in response to identifying that the second plurality of user actions is the masquerade attack and in response to determining that the second plurality of user actions includes accessing the decoy information in the computing environment.
摘要翻译: 提供了通过监控计算机用户行为进行伪装攻击检测的方法,系统和媒体。 根据一些实施例,提供了一种用于检测伪装攻击的方法,所述方法包括:在计算环境中监视第一多个用户动作和诱捕信息的访问; 为包括所述第一多个用户动作中的至少一个的类别生成用户意图模型; 监视第二多个用户动作; 通过确定与所生成的用户意图模型的偏差来比较第二多个用户动作与用户意图模型; 至少部分地基于所述比较来识别所述第二多个用户动作是否是伪装攻击; 以及响应于识别所述第二多个用户动作是所述伪装攻击而响应于响应于确定所述第二多个用户动作包括访问所述计算环境中的诱饵信息而产生警报。
-
-
-
-
-
-
-
-
-
搜索结果
99 条记录 (耗时 0.033 秒)
