公开(公告)号：US20110035398A1

公开(公告)日：2011-02-10

申请号：US12842622

申请日：2010-07-23

Applicant: Hahn-Ming Lee ,  Li-Zhen Liu ,  Chieh-Hung Lin ,  Jerome Yeh ,  Chia-Hsin Huang

Inventor： Hahn-Ming Lee ,  Li-Zhen Liu ,  Chieh-Hung Lin ,  Jerome Yeh ,  Chia-Hsin Huang

IPC: G06F17/30

CPC classification number: G06F17/30911

Abstract: A streaming query system for extensible markup language is provided. An XPath query translator receives and analyzes a user-input XPath document. An abstract syntax tree analyzer establishes an abstract syntax tree. A XML parser receives and parses an XML document. An index generator generates an index for the XML document. A computation module performs a format calculation based on the abstract syntax tree and the index, and generates a query result accordingly.

Abstract translation: 提供了一种用于可扩展标记语言的流式查询系统。 XPath查询翻译器接收并分析用户输入的XPath文档。 抽象语法树分析器建立抽象语法树。 XML解析器接收并解析XML文档。 索引生成器生成XML文档的索引。 计算模块基于抽象语法树和索引执行格式计算，并相应地生成查询结果。

公开(公告)号：US20110185425A1

公开(公告)日：2011-07-28

申请号：US12837986

申请日：2010-07-16

Applicant: Hahn-Ming LEE ,  Si-Yu HUANG ,  Jerome YEH ,  Ching-Hao MAO

Inventor： Hahn-Ming LEE ,  Si-Yu HUANG ,  Jerome YEH ,  Ching-Hao MAO

IPC: G06F21/00

CPC classification number: H04L63/1416 ,  H04L29/12066 ,  H04L61/1511

Abstract: A network attack detection device is provided, including a spatial coordinate database for storing spatial coordinate data; a standard time zone database for storing standard time zone data; a domain name system packet collector for collecting a domain name system packet; a spatial snapshot feature extractor for extracting internet protocol address corresponding to the domain name system packet according to the domain name system packet, and generating spatial feature data corresponding to the internet protocol address according to the internet protocol address, the spatial coordinate data and the standard time zone data; and an attack detector for determining whether the domain name system packet is an attack according to the spatial feature data and a spatial snapshot detection model, and when determining that the domain name system packet is an attack, sending a warning to indicate the attack.

Abstract translation: 提供一种网络攻击检测装置，包括用于存储空间坐标数据的空间坐标数据库; 用于存储标准时区数据的标准时区数据库; 用于收集域名系统包的域名系统包收集器; 空间快照特征提取器，用于根据域名系统分组提取与域名系统分组对应的互联网协议地址，并根据因特网协议地址，空间坐标数据和标准产生与互联网协议地址对应的空间特征数据 时区数据; 以及用于根据空间特征数据和空间快照检测模型来确定域名系统分组是否是攻击的攻击检测器，并且当确定域名系统分组是攻击时，发送指示攻击的警告。

公开(公告)号：US20110184926A1

公开(公告)日：2011-07-28

申请号：US12823181

申请日：2010-06-25

Applicant: Hahn-Ming LEE ,  Jan-Ming HO ,  Jerome YEH ,  Kai-Hsiang YANG ,  Tai-Liang KUO ,  Chun-Han CHEN

Inventor： Hahn-Ming LEE ,  Jan-Ming HO ,  Jerome YEH ,  Kai-Hsiang YANG ,  Tai-Liang KUO ,  Chun-Han CHEN

IPC: G06F17/30

CPC classification number: G06Q10/00 ,  G06F16/334

Abstract: An expert list recommendation system is provided, including: a domain modeler for establishing an expert knowledge database according to a plurality of expert publications in different domains, receiving an inquired proposal, determining the academic field of the inquired proposal according to keywords of the inquired proposal and keyword sets of the expert publications in different domains stored in the expert knowledge database, and outputting a first domain expert list corresponding to the inquired proposal, wherein the first domain expert list comprises a first group of expert publications and a first group of expert names; and an expertise matcher for receiving the first domain expert list, comparing semantic relatedness between keywords of the inquired proposal and keywords corresponding to the first group of the expert publications of the first domain expert list to output a first expert list to a display device.

Abstract translation: 提供专家列表推荐系统，包括：根据不同领域的多个专家出版物建立专家知识数据库的领域建模者，接收询问的提案，根据询问的提案的关键字确定被查询的提案的学术领域 以及存储在专家知识数据库中的不同领域中的专家出版物的关键字集合，以及输出与所询问的提案相对应的第一域专家列表，其中第一域专家列表包括第一组专家出版物和第一组专家名 ; 以及用于接收第一域专家列表的专业匹配器，比较所询问的提议的关键词与对应于第一域专家列表的第一组专家出版物的关键词之间的语义相关性，以将第一专家列表输出到显示设备。

公开(公告)号：US20110004936A1

公开(公告)日：2011-01-06

申请号：US12726272

申请日：2010-03-17

Applicant: Hahn-Ming Lee ,  Ching-Hao Mao ,  Yu-Jie Chen ,  Yi-Hsun Wang ,  Jerome Yeh ,  Tsu-Han Chen

Inventor： Hahn-Ming Lee ,  Ching-Hao Mao ,  Yu-Jie Chen ,  Yi-Hsun Wang ,  Jerome Yeh ,  Tsu-Han Chen

IPC: G06F21/00

CPC classification number: H04L63/1441 ,  H04L2463/144

Abstract: A botnet detection system is provided. A bursty feature extractor receives an Internet Relay Chat (IRC) packet value from a detection object network, and determines a bursty feature accordingly. A Hybrid Hidden Markov Model (HHMM) parameter estimator determines probability parameters for a Hybrid Hidden Markov Model according to the bursty feature. A traffic profile generator establishes a probability sequential model for the Hybrid Hidden Markov Model according to the probability parameters and pre-defined network traffic categories. A dubious state detector determines a traffic state corresponding to a network relaying the IRC packet in response to reception of a new IRC packet, determines whether the IRC packet flow of the object network is dubious by applying the bursty feature to the probability sequential model for the Hybrid Hidden Markov Model, and generates a warning signal when the IRC packet flow is regarded as having a dubious traffic state.

Abstract translation: 提供僵尸网络检测系统。 突发特征提取器从检测对象网络接收因特网中继聊天（IRC）分组值，并相应地确定突发特征。 混合隐马尔可夫模型（HHMM）参数估计器根据突发特征确定混合隐马尔可夫模型的概率参数。 流量简档生成器根据概率参数和预定义的网络流量类别建立混合隐马尔可夫模型的概率序列模型。 可疑状态检测器响应于接收到新的IRC分组而确定与中继IRC分组的网络相对应的业务状态，通过将突发特征应用于概率序列模型来确定对象网络的IRC分组流是否可疑， 混合隐马尔可夫模型，并且当IRC分组流被认为具有可疑业务状态时，生成警告信号。

公开(公告)号：US20100319031A1

公开(公告)日：2010-12-16

申请号：US12612436

申请日：2009-11-04

Applicant: Hahn-Ming Lee ,  Hui-Ju Cheng ,  Ching-Hao Mao ,  Chao-Wen Li ,  Shou-Wei Ho ,  Jerome Yeh

Inventor： Hahn-Ming Lee ,  Hui-Ju Cheng ,  Ching-Hao Mao ,  Chao-Wen Li ,  Shou-Wei Ho ,  Jerome Yeh

IPC: H04N5/445 ,  G06F17/00

CPC classification number: H04N7/17336 ,  G06Q50/01 ,  H04N21/252 ,  H04N21/254 ,  H04N21/26603 ,  H04N21/4667 ,  H04N21/4756 ,  H04N21/6582

Abstract: A hot video prediction system is provided. A video comments database stores video comments submitted by a plurality of users. A user social network constructor establishes a user social network according to the video comments. When new comments of a new video are received, a hot video predictor uses the user social network to determine a similar theme between the new video and hot videos that have been hot for a period of time, and predicts whether the new video will become popular accordingly. A social network adaptor checks the prediction, and modifies the user social network accordingly.

Abstract translation: 提供一种热视频预测系统。 视频评论数据库存储由多个用户提交的视频评论。 用户社交网络构造器根据视频注释建立用户社交网络。 当接收到新视频的新评论时，热门视频预测器使用用户社交网络来确定新视频和热视频在一段时间之间的类似主题，并预测新视频是否变得流行 相应地。 社交网络适配器检查预测，并相应地修改用户社交网络。

公开(公告)号：US20130055400A1

公开(公告)日：2013-02-28

申请号：US13298295

申请日：2011-11-17

Applicant: Hahn-Ming Lee ,  Yi-Hsun Wang ,  Kuo-Ping Wu ,  Ching-Hao Mao ,  Jerome Yeh

Inventor： Hahn-Ming Lee ,  Yi-Hsun Wang ,  Kuo-Ping Wu ,  Ching-Hao Mao ,  Jerome Yeh

IPC: G06F11/00

CPC classification number: H04L63/1466 ,  H04L63/1433

Abstract: A method for generating a cross-site scripting attack is provided. An attack string sample is analyzed for obtaining a token sequence. A string word corresponding to each token is used to replace the token for generating a cross-site scripting attack string. Accordingly, a large number of cross-site scripting attacks are generated automatically, so as to execute a penetration test for a website.

Abstract translation: 提供了一种生成跨站点脚本攻击的方法。 分析攻击字符串样本以获得令牌序列。 对应于每个令牌的字符串字用于替换用于生成跨站点脚本攻击字符串的令牌。 因此，自动生成大量的跨站点脚本攻击，以便对网站执行渗透测试。

公开(公告)号：US08275774B2

公开(公告)日：2012-09-25

申请号：US12842622

申请日：2010-07-23

Applicant: Hahn-Ming Lee ,  Li-Zhen Liu ,  Chieh-Hung Lin ,  Jerome Yeh ,  Chia-Hsin Huang

Inventor： Hahn-Ming Lee ,  Li-Zhen Liu ,  Chieh-Hung Lin ,  Jerome Yeh ,  Chia-Hsin Huang

IPC: G06F7/00 ,  G06F17/30

CPC classification number: G06F17/30911

Abstract: A streaming query system for extensible markup language is provided. An XPath query translator receives and analyzes a user-input XPath document. An abstract syntax tree analyzer establishes an abstract syntax tree. A XML parser receives and parses an XML document. An index generator generates an index for the XML document. A computation module performs a format calculation based on the abstract syntax tree and the index, and generates a query result accordingly.

Abstract translation: 提供了一种用于可扩展标记语言的流式查询系统。 XPath查询翻译器接收并分析用户输入的XPath文档。 抽象语法树分析器建立抽象语法树。 XML解析器接收并解析XML文档。 索引生成器生成XML文档的索引。 计算模块基于抽象语法树和索引执行格式计算，并相应地生成查询结果。

公开(公告)号：US20120096551A1

公开(公告)日：2012-04-19

申请号：US13107956

申请日：2011-05-15

Applicant: Hahn-Ming Lee ,  Jerome Yeh ,  Wei-Yi Yu

Inventor： Hahn-Ming Lee ,  Jerome Yeh ,  Wei-Yi Yu

IPC: G06F21/00 ,  G06F15/18

CPC classification number: G06F21/55

Abstract: A method for establishing classifying rules of an intrusion detecting system is provided with the following steps. First, at least one decision tree is provided. Internal nodes of the decision tree respectively represent an attribute judgment condition, and leaf nodes respectively represent an attack event or non-attack event. Next, a plurality of attribute data of at least one new attack event is received. Then, a tree structure of the decision tree is adjusted according to the attribute data. Afterwards, at least one attack rule or at least one non-attack rule is outputted according to the adjusted decision tree. Further, the intrusion detection system is also provided.

Abstract translation: 提供了一种建立入侵检测系统分类规则的方法，具有以下步骤。 首先，提供至少一个决策树。 决策树的内部节点分别表示属性判断条件，叶节点分别表示攻击事件或非攻击事件。 接下来，接收至少一个新的攻击事件的多个属性数据。 然后，根据属性数据调整决策树的树结构。 之后，根据调整后的决策树，输出至少一个攻击规则或至少一个非攻击规则。 此外，还提供入侵检测系统。