公开(公告)号：US20080301281A1

公开(公告)日：2008-12-04

申请号：US11756603

申请日：2007-05-31

申请人： Yi-Min Wang ,  Ming Ma

发明人： Yi-Min Wang ,  Ming Ma

IPC分类号： G06F15/173

CPC分类号： H04L63/1416 ,  G06F21/56 ,  G06F2221/2119 ,  H04L51/12 ,  H04L63/0227

摘要： An exemplary method for defeating server-side click-through cloaking includes retrieving a search results page to set a browser variable, inserting a link to a page into the search results page and clicking through to the page using the inserted link. An exemplary method for investigating client-side cloaking includes providing script associated with a suspected spam URL, modifying the script to de-obfuscate the script and executing the modified script to reveal cloaking logic associated with the script. Other methods, systems, etc., are also disclosed.

摘要翻译： 用于击败服务器端点击覆盖的示例性方法包括检索搜索结果页面以设置浏览器变量，将链接到页面插入到搜索结果页面中，并使用插入的链接点击页面。 用于调查客户端伪装的示例性方法包括提供与可疑垃圾邮件URL相关联的脚本，修改脚本以对脚本进行去模糊并执行修改的脚本以显示与该脚本相关联的伪装逻辑。 还公开了其它方法，系统等。

公开(公告)号：US20070208822A1

公开(公告)日：2007-09-06

申请号：US11276483

申请日：2006-03-01

申请人： Yi-Min Wang ,  Douglas Beck

发明人： Yi-Min Wang ,  Douglas Beck

IPC分类号： G06F15/16

CPC分类号： H04L63/1433 ,  G06F17/30887 ,  G06F21/566 ,  G06F21/567 ,  G06F21/577 ,  G06F2221/034 ,  H04L63/1416 ,  H04L67/02 ,  H04L67/125 ,  H04L67/22

摘要： A network can be explored to investigate exploitive behavior. For example, network sites may be actively explored by a honey monkey system to detect if they are capable of accomplishing exploits, including browser-based exploits, on a machine. Also, the accomplishment of exploits may be detected by tracing events occurring on a machine after visiting a network site and analyzing the traced events for illicit behavior. Alternatively, site redirections between and among uniform resource locators (URLs) may be explored to discover relationships between sites that are visited.

摘要翻译： 可以探索一个网络来调查剥削行为。 例如，网络站点可以由蜂蜜猴系统积极探索，以检测它们是否能够在机器上完成包括基于浏览器的漏洞的利用。 此外，通过在访问网站后跟踪机器上发生的事件并分析违规行为的跟踪事件，可以检测到攻击的完成。 或者，可以探索统一资源定位符（URL）之间的站点重定向以发现被访问的站点之间的关系。

公开(公告)号：US20070006323A1

公开(公告)日：2007-01-04

申请号：US11214131

申请日：2005-08-29

申请人： Chad Verbowski ,  John Dunagan ,  Shuo Chen ,  Yi-Min Wang

发明人： Chad Verbowski ,  John Dunagan ,  Shuo Chen ,  Yi-Min Wang

IPC分类号： H04L9/32 ,  H04N7/16 ,  G06F17/30 ,  H04L9/00 ,  G06F7/04 ,  G06K9/00 ,  H03M1/68 ,  H04K1/00

CPC分类号： G06F21/6218 ,  G06F2221/2101

摘要： A technique for identifying dependencies of an application upon a given security context includes monitoring security checks generated by the application. The security checks requiring elevated rights are identified and the state of execution of the application corresponding to the identified security checks may be logged. The security checks requiring elevated rights may be identified by monitoring access checks, monitoring privilege checks, checking user/group identifiers against a list of known identifiers associated with elevated rights, or the like.

公开(公告)号：US07133729B1

公开(公告)日：2006-11-07

申请号：US09641556

申请日：2000-08-17

申请人： Yi-Min Wang ,  Wilf G. Russell ,  Anish K. Arora

发明人： Yi-Min Wang ,  Wilf G. Russell ,  Anish K. Arora

IPC分类号： G05B15/00

CPC分类号： G05B15/02 ,  G05B2219/2642 ,  G05B2223/06

摘要： Power line monitoring is disclosed. The monitoring can be performed in conjunction with an automation system designed to control and monitor devices and sensors. Model-based power line monitoring uses a model of acceptable power line activity. Activity that does not conform to the model is tagged as indicating a potential problem. Pattern-based power line monitoring uses patterns of unacceptable power line activity. Activity that matches one of the patterns is also tagged as indicating a potential problem.

摘要翻译： 公开了电力线监测。 监控可以与设计用于控制和监视设备和传感器的自动化系统一起执行。 基于模型的电力线监测使用可接受的电力线活动模型。 不符合模型的活动被标记为指示潜在的问题。 基于模式的电力线监测使用不可接受的电力线活动模式。 匹配其中一个模式的活动也被标记为指示潜在的问题。

公开(公告)号：US07096200B2

公开(公告)日：2006-08-22

申请号：US10127893

申请日：2002-04-23

申请人： Yi-Min Wang ,  Qixiang Sun ,  Daniel R. Simon ,  Wilfred Russell ,  Lili Qiu ,  Venkata N. Padmanabhan

发明人： Yi-Min Wang ,  Qixiang Sun ,  Daniel R. Simon ,  Wilfred Russell ,  Lili Qiu ,  Venkata N. Padmanabhan

IPC分类号： G06Q99/00 ,  H04K1/00 ,  H04L9/00

CPC分类号： H04L63/0407 ,  G06F2221/2107 ,  G06F2221/2119 ,  G06Q20/10 ,  G06Q20/102 ,  G06Q20/1085 ,  G06Q20/40 ,  H04L63/1408

摘要： A system and method is provided for evaluating the effectiveness of data encryption for hiding the identity of the source of Web traffic. A signature is constructed from encrypted Web traffic for a Web page sent by a target Web site, and the signature is compared with archived traffic signatures obtained by accessing various Web pages of interest in advance. If the signature of the detected encrypted Web traffic matches a stored traffic signature beyond a pre-set statistical threshold, a positive match is found, and the source of the traffic is identified. Countermeasures for reducing the reliability of source identification based on traffic signature matching are provided.

公开(公告)号：US20060031673A1

公开(公告)日：2006-02-09

申请号：US10997768

申请日：2004-11-23

申请人： Douglas Beck ,  Aaron Johnson ,  Roussi Roussev ,  Chad Verbowski ,  Binh Vo ,  Yi-Min Wang

发明人： Douglas Beck ,  Aaron Johnson ,  Roussi Roussev ,  Chad Verbowski ,  Binh Vo ,  Yi-Min Wang

IPC分类号： H04L9/00

CPC分类号： G06F21/565

摘要： A method and system for detecting that a software system has been infected by software that attempts to hide properties related to the software system is provided. A detection system identifies that a suspect operating system has been infected by malware by comparing properties related to the suspect operating system as reported by the suspect operating system to properties as reported by another operating system that is assumed to be clean. The detection system compares the reported properties to the actual properties to identify any significant differences. A significant difference, such as the presence of an actual file not reported by the suspect operating system, may indicate that the suspect storage device is infected.

公开(公告)号：US06986036B2

公开(公告)日：2006-01-10

申请号：US10102036

申请日：2002-03-20

申请人： Yi-Min Wang ,  Qixiang Sun ,  Daniel R. Simon ,  Wilfred Russell

发明人： Yi-Min Wang ,  Qixiang Sun ,  Daniel R. Simon ,  Wilfred Russell

IPC分类号： G06F1/26

CPC分类号： H04L63/0442 ,  G06Q20/3821 ,  H04L29/06 ,  H04L63/062 ,  H04L67/02 ,  H04L67/327 ,  H04L69/329

摘要： A system and method is provided for handling network communications between a client and a target server on the Internet to protect the privacy and anonymity of the client. For a session between the client and the target server, a routing control server sets up a routing chain using a plurality of Web servers randomly selected from a pool of participating Web servers as routers for routing messages between the client and the target server. To prevent traffic analysis, an “onion encryption” scheme is applied to the messages as they are forwarded along the routing chain. A payment service cooperating with the routing control server allows a user to pay for the privacy protection service without revealing her real identity.

公开(公告)号：US20050268112A1

公开(公告)日：2005-12-01

申请号：US10952336

申请日：2004-09-28

申请人： Yi-Min Wang ,  Chad Verbowski ,  Aaron Johnson ,  Roussi Roussev

发明人： Yi-Min Wang ,  Chad Verbowski ,  Aaron Johnson ,  Roussi Roussev

IPC分类号： G06F21/22 ,  G06F1/00 ,  G06F9/445 ,  G06F11/00 ,  G06F11/30 ,  G06F12/14 ,  G06F21/00 ,  H04L9/00 ,  H04L9/32

CPC分类号： G06F21/51 ,  G06F21/554

摘要： A monitoring service is provided that detects spyware or other unwanted software at the time it is installed and/or allows for the spyware's removal. The service monitors “Auto-Start Extensibility Points” (“ASEPs”) to detect spyware installations. ASEPs refer to the configuration points that can be “hooked” to allow programs to be auto-started without explicit user invocation. Such a service is particularly effective because an overwhelming majority of spyware programs infect systems in such a way that they are automatically started upon reboot and the launch of many commonly used applications. The monitoring service can thus lead to the subsequent complete removal of the spyware installation, and does not require a frequent signature-based cleaning. Spyware that is bundled with other software such as freeware or shareware can also be removed.

摘要翻译： 提供了一种监视服务，用于在安装时检测间谍软件或其他不需要的软件和/或允许间谍软件的删除。 该服务监视“自动启动扩展点”（“ASEP”）以检测间谍软件安装。 ASEP是指可以“挂钩”以允许程序在没有显式用户调用的情况下自动启动的配置点。 这样的服务是特别有效的，因为绝大多数间谍软件程序以这样的方式感染系统，使得它们在重新启动时自动启动并启动许多常用的应用程序。 因此，监视服务可以导致间谍软件安装的后续完全删除，并且不需要频繁的基于签名的清理。 与其他软件（如免费软件或共享软件）捆绑在一起的间谍软件也可以被删除。

公开(公告)号：US20050157706A1

公开(公告)日：2005-07-21

申请号：US11064677

申请日：2005-02-24

申请人： Yi-Min Wang ,  Oixiang Sun ,  Daniel Simon ,  Wilfred Russell ,  Lili Qiu ,  Venkata Padmanabhan

发明人： Yi-Min Wang ,  Oixiang Sun ,  Daniel Simon ,  Wilfred Russell ,  Lili Qiu ,  Venkata Padmanabhan

IPC分类号： H04L29/06 ,  H04L12/66

CPC分类号： H04L63/0407 ,  G06F2221/2107 ,  G06F2221/2119 ,  G06Q20/10 ,  G06Q20/102 ,  G06Q20/1085 ,  G06Q20/40 ,  H04L63/1408

摘要： A system and method is provided for evaluating the effectiveness of data encryption for hiding the identity of the source of Web traffic. A signature is constructed from encrypted Web traffic for a Web page sent by a target Web site, and the signature is compared with archived traffic signatures obtained by accessing various Web pages of interest in advance. If the signature of the detected encrypted Web traffic matches a stored traffic signature beyond a pre-set statistical threshold, a positive match is found, and the source of the traffic is identified. Countermeasures for reducing the reliability of source identification based on traffic signature matching are provided.

摘要翻译： 提供了一种系统和方法，用于评估数据加密的有效性，以隐藏Web流量来源的身份。 由目标网站发送的网页的加密Web流量构建签名，并将签名与通过预先访问各种感兴趣的网页获得的归档流量签名进行比较。 如果检测到的加密Web流量的签名与存储的流量签名匹配超过预定的统计阈值，则找到正匹配，并且识别流量的来源。 提供了基于流量特征匹配降低源识别可靠性的对策。

公开(公告)号：US20050071857A1

公开(公告)日：2005-03-31

申请号：US10966508

申请日：2004-10-14

申请人： Yi-Min Wang ,  Galen Hunt ,  Alessandro Forin

发明人： Yi-Min Wang ,  Galen Hunt ,  Alessandro Forin

IPC分类号： G06F3/00 ,  G06F9/44 ,  G06F9/46

CPC分类号： G06F9/547 ,  G06F9/465

摘要： A method for improving the performance of a distributed object model over a network is disclosed. A client computer contains a client object which can call an interface on a server object located on a server computer. Rather than copying all of the call parameters into an RPC buffer for transmission across the network, a network interface card with scatter-gather capability can be used. The RPC data can contain only a list of pointers into the client memory and a size of each parameter. The network interface card can then grab the parameters directly from the client memory using the list in the RPC buffer without the need to copy the data itself. At the server side, the network interface card can place the parameters into an RPC buffer, or if the size is known beforehand, directly into the server memory. The server can also access the parameters directly from the RPC buffer. On the return, the server can use a callback function to indicate when its network interface card has finished sending the response data so that the server does not clear its memory prematurely. At the client side, if the size of the response is not known, and the data is placed into the RPC buffers, it can be copied from the RPC buffer into the client memory.

摘要翻译： 公开了一种通过网络改善分布式对象模型的性能的方法。 客户端计算机包含可以调用位于服务器计算机上的服务器对象上的接口的客户端对象。 可以使用具有分散收集功能的网络接口卡，而不是将所有呼叫参数复制到RPC缓冲区中，以便通过网络进行传输。 RPC数据只能包含指向客户机内存的指针列表和每个参数的大小。 然后，网络接口卡可以使用RPC缓冲区中的列表直接从客户端存储器中获取参数，而无需复制数据本身。 在服务器端，网络接口卡可以将参数放入RPC缓冲区，或者如果事先知道大小，则直接进入服务器内存。 服务器也可以直接从RPC缓冲区访问参数。 返回时，服务器可以使用回调函数来指示其网络接口卡何时完成发送响应数据，以致服务器不能过早清除其内存。 在客户端，如果响应的大小不知道，并且数据被放置到RPC缓冲区中，则可以将其从RPC缓冲区复制到客户端存储器中。