-
公开(公告)号:US10423788B2
公开(公告)日:2019-09-24
申请号:US15247154
申请日:2016-08-25
摘要: Methods, media, and systems for detecting an anomalous sequence of function calls are provided. The methods can include compressing a sequence of function calls made by the execution of a program using a compression model; and determining the presence of an anomalous sequence of function calls in the sequence of function calls based on the extent to which the sequence of function calls is compressed. The methods can further include executing at least one known program; observing at least one sequence of function calls made by the execution of the at least one known program; assigning each type of function call in the at least one sequence of function calls made by the at least one known program a unique identifier; and creating at least part of the compression model by recording at least one sequence of unique identifiers.
-
公开(公告)号:US20160366169A1
公开(公告)日:2016-12-15
申请号:US14982888
申请日:2015-12-29
IPC分类号: H04L29/06
CPC分类号: H04L63/1425 , H04L63/1416 , H04L63/1466 , H04L67/02 , H04L69/16
摘要: Systems, methods, and media for detecting network anomalies are provided. In some embodiments, a training dataset of communication protocol messages having argument strings is received. The content and structure associated with each of the argument strings is determined and a probabilistic model is trained using the determined content and structure of each of the argument strings. A communication protocol message having an argument string that is transmitted from a first processor to a second processor across a computer network is received. The received communication protocol message is compared to the probabilistic model and then it is determined whether the communication protocol message is anomalous.
摘要翻译: 提供了检测网络异常的系统,方法和介质。 在一些实施例中,接收具有参数串的通信协议消息的训练数据集。 确定与每个参数串相关联的内容和结构,并且使用确定的每个参数串的内容和结构来训练概率模型。 接收具有通过计算机网络从第一处理器发送到第二处理器的参数串的通信协议消息。 将接收到的通信协议消息与概率模型进行比较,然后确定通信协议消息是否是异常的。
-
13.发明授权Systems, methods, and media for generating bait information for trap-based defenses 有权用于产生基于陷阱的防御的诱饵信息的系统,方法和媒体公开(公告)号:US08819825B2
公开(公告)日:2014-08-26
申请号:US12302774
申请日:2007-05-31
IPC分类号: G06F21/00
CPC分类号: H04L63/1491 , H04L43/0876 , H04L51/22 , H04L63/1408 , H04L63/145
摘要: Systems, methods, and media for generating bait information for trap-based defenses are provided. In some embodiments, methods for generating bait information for trap-based defenses include: recording historical information of a network; translating the historical information; and generating bait information by tailoring the translated historical information.
摘要翻译: 提供了用于生成基于陷阱的防御的诱饵信息的系统,方法和媒体。 在一些实施例中,用于产生用于基于陷阱的防御的诱饵信息的方法包括:记录网络的历史信息; 翻译历史信息; 并通过定制翻译的历史信息产生诱饵信息。
-
14.发明申请METHODS, MEDIA, AND SYSTEMS FOR DETECTING AN ANOMALOUS SEQUENCE OF FUNCTION CALLS 审中-公开用于检测功能调用异常序列的方法,媒体和系统公开(公告)号:US20140173734A1
公开(公告)日:2014-06-19
申请号:US14185175
申请日:2014-02-20
IPC分类号: H04L29/06
CPC分类号: G06F21/566 , G06F11/08 , G06F11/3688 , G06F2221/033 , G06N7/005 , H04L63/1425
摘要: Methods, media, and systems for detecting an anomalous sequence of function calls are provided. The methods can include compressing a sequence of function calls made by the execution of a program using a compression model; and determining the presence of an anomalous sequence of function calls in the sequence of function calls based on the extent to which the sequence of function calls is compressed. The methods can further include executing at least one known program; observing at least one sequence of function calls made by the execution of the at least one known program; assigning each type of function call in the at least one sequence of function calls made by the at least one known program a unique identifier; and creating at least part of the compression model by recording at least one sequence of unique identifiers.
摘要翻译: 提供了用于检测函数调用异常序列的方法,介质和系统。 该方法可以包括通过使用压缩模型来压缩由程序执行所产生的函数调用序列; 以及基于函数调用序列被压缩的程度来确定功能调用序列中函数调用的异常序列的存在。 所述方法还可以包括执行至少一个已知程序; 观察由所述至少一个已知节目的执行而进行的至少一个函数调用序列; 在由所述至少一个已知程序进行的所述至少一个功能调用序列中分配每种类型的功能调用唯一标识符; 以及通过记录至少一个唯一标识符序列来创建所述压缩模型的至少一部分。
-
公开(公告)号:US08528091B2
公开(公告)日:2013-09-03
申请号:US12982984
申请日:2010-12-31
申请人: Brian M. Bowen , Pratap V. Prabhu , Vasileios P. Kemerlis , Stylianos Sidiroglou , Salvatore J. Stolfo , Angelos D. Keromytis
发明人: Brian M. Bowen , Pratap V. Prabhu , Vasileios P. Kemerlis , Stylianos Sidiroglou , Salvatore J. Stolfo , Angelos D. Keromytis
CPC分类号: G06F21/56 , G06F21/566 , G06F21/577 , H04L63/1441 , H04L63/1491
摘要: Methods, systems, and media for detecting covert malware are provided. In accordance with some embodiments, a method for detecting covert malware in a computing environment is provided, the method comprising: generating simulated user activity outside of the computing environment; conveying the simulated user activity to an application inside the computing environment; and determining whether a decoy corresponding to the simulated user activity has been accessed by an unauthorized entity.
摘要翻译: 提供了用于检测隐蔽恶意软件的方法,系统和媒体。 根据一些实施例,提供了一种用于在计算环境中检测隐匿恶意软件的方法,所述方法包括:在所述计算环境之外生成模拟用户活动; 将所述模拟用户活动传达到所述计算环境内的应用; 以及确定是否已经被未经授权的实体访问与所述模拟用户活动相对应的诱饵。
-
16.发明授权公开(公告)号:US08074115B2
公开(公告)日:2011-12-06
申请号:US12091150
申请日:2006-10-25
IPC分类号: G06F11/00
CPC分类号: G06F11/0772 , G06F11/0718 , G06F11/0751 , G06F11/079 , G06F11/3652
摘要: Methods, media, and systems for detecting anomalous program executions are provided. In some embodiments, methods for detecting anomalous program executions are provided, comprising: executing at least a part of a program in an emulator; comparing a function call made in the emulator to a model of function calls for the at least a part of the program; and identifying the function call as anomalous based on the comparison. In some embodiments, methods for detecting anomalous program executions are provided, comprising: modifying a program to include indicators of program-level function calls being made during execution of the program; comparing at least one of the indicators of program-level function calls made in the emulator to a model of function calls for the at least a part of the program; and identifying a function call corresponding to the at least one of the indicators as anomalous based on the comparison.
摘要翻译: 提供了用于检测异常程序执行的方法,介质和系统。 在一些实施例中,提供了用于检测异常程序执行的方法,包括:在仿真器中执行程序的至少一部分; 将在仿真器中产生的函数调用与所述程序的至少一部分的函数调用模型进行比较; 并根据比较将功能调用识别为异常。 在一些实施例中,提供了用于检测异常程序执行的方法,包括:修改程序以包括程序执行期间进行的程序级函数调用的指示; 将在仿真器中进行的程序级功能调用的至少一个指标与所述程序的至少一部分的函数调用模型进行比较; 以及基于所述比较,将与所述至少一个所述指示符相对应的功能调用识别为异常。
-
17.发明授权Detecting network anomalies by probabilistic modeling of argument strings with markov chains 有权通过使用马尔可夫链的参数串的概率建模来检测网络异常公开(公告)号:US09253201B2
公开(公告)日:2016-02-02
申请号:US14476142
申请日:2014-09-03
CPC分类号: H04L63/1425 , H04L63/1416 , H04L63/1466 , H04L67/02 , H04L69/16
摘要: Systems, methods, and media for detecting network anomalies are provided. In some embodiments, a training dataset of communication protocol messages having argument strings is received. The content and structure associated with each of the argument strings is determined and a probabilistic model is trained using the determined content and structure of each of the argument strings. A communication protocol message having an argument string that is transmitted from a first processor to a second processor across a computer network is received. The received communication protocol message is compared to the probabilistic model and then it is determined whether the communication protocol message is anomalous.
摘要翻译: 提供了检测网络异常的系统,方法和介质。 在一些实施例中,接收具有参数串的通信协议消息的训练数据集。 确定与每个参数串相关联的内容和结构,并且使用确定的每个参数串的内容和结构来训练概率模型。 接收具有通过计算机网络从第一处理器发送到第二处理器的参数串的通信协议消息。 将接收到的通信协议消息与概率模型进行比较,然后确定通信协议消息是否是异常的。
-
公开(公告)号:US08763103B2
公开(公告)日:2014-06-24
申请号:US12297730
申请日:2006-04-21
CPC分类号: H04L63/1416 , G06F21/41 , H04L63/0815 , H04L63/1408 , H04L63/1441
摘要: In accordance with some embodiments of the present invention, systems and methods that protect an application from attacks are provided. In some embodiments of the present invention, input from an input source, such as traffic from a communication network, can be routed through a filtering proxy that includes one or more filters, classifiers, and/or detectors. In response to the input passing through the filtering proxy to the application, a supervision framework monitors the input for attacks (e.g., code injection attacks). The supervision framework can provide feedback to tune the components of the filtering proxy.
摘要翻译: 根据本发明的一些实施例,提供了保护应用免受攻击的系统和方法。 在本发明的一些实施例中,可以通过包括一个或多个过滤器,分类器和/或检测器的过滤代理来路由来自诸如来自通信网络的业务的输入源的输入。 响应于通过过滤代理的输入到应用程序,监督框架监视输入的攻击(例如代码注入攻击)。 监督框架可以提供反馈来调整过滤代理的组件。
-
19.发明授权Systems, methods, and media protecting a digital data processing device from attack 有权保护数字数据处理设备免受攻击的系统,方法和媒体公开(公告)号:US08407785B2
公开(公告)日:2013-03-26
申请号:US12063733
申请日:2006-08-18
IPC分类号: G06F11/00
CPC分类号: H04L63/1425 , H04L51/08 , H04L51/12 , H04L63/1416 , H04L63/1466
摘要: In accordance with some embodiments of the disclosed subject matter, systems, methods, and media for protecting a digital data processing device from attack are provided. For example, in some embodiments, a method for protecting a digital data processing device from attack is provided, that includes, within a virtual environment: receiving at least one attachment to an electronic mail; and executing the at least one attachment; and based on the execution of the at least one attachment, determining whether anomalous behavior occurs.
摘要翻译: 根据所公开的主题的一些实施例,提供了用于保护数字数据处理装置免受攻击的系统,方法和媒体。 例如,在一些实施例中,提供了一种用于保护数字数据处理设备免受攻击的方法,其包括在虚拟环境内:接收至少一个附件到电子邮件; 以及执行所述至少一个附件; 并且基于所述至少一个附件的执行,确定是否发生异常行为。
-
20.发明授权Systems, methods, and media for generating sanitized data, sanitizing anomaly detection models, and/or generating sanitized anomaly detection models 有权用于生成消毒数据,消毒异常检测模型和/或生成消毒异常检测模型的系统,方法和介质公开(公告)号:US08407160B2
公开(公告)日:2013-03-26
申请号:US11940790
申请日:2007-11-15
申请人: Gabriela Cretu , Angelos Stavrou , Salvatore J. Stolfo , Angelos D. Keromytis , Michael E. Locasto
发明人: Gabriela Cretu , Angelos Stavrou , Salvatore J. Stolfo , Angelos D. Keromytis , Michael E. Locasto
IPC分类号: G06F15/18
CPC分类号: H04L63/1425 , G06N99/005 , H04L63/14
摘要: Systems, methods, and media for generating sanitized data, sanitizing anomaly detection models, and generating anomaly detection models are provided. In some embodiments, methods for generating sanitized data are provided. The methods including: dividing a first training dataset comprised of a plurality of training data items into a plurality of data subsets each including at least one training data item of the plurality of training data items of the first training dataset; based on the plurality of data subsets, generating a plurality of distinct anomaly detection micro-models; testing at least one data item of the plurality of data items of a second training dataset of training data items against each of the plurality of micro-models to produce a score for the at least one tested data item; and generating at least one output dataset based on the score for the at least one tested data item.
摘要翻译: 提供了生成消毒数据,消毒异常检测模型和生成异常检测模型的系统,方法和介质。 在一些实施例中,提供了生成消毒数据的方法。 所述方法包括:将由多个训练数据项组成的第一训练数据集划分成多个数据子集,每个数据子集包括第一训练数据集的多个训练数据项中的至少一个训练数据项; 基于所述多个数据子集,生成多个不同的异常检测微模型; 针对所述多个微模型中的每一个测试训练数据项的第二训练数据集的所述多个数据项中的至少一个数据项,以产生所述至少一个测试数据项的分数; 以及基于所述至少一个测试数据项的得分来生成至少一个输出数据集。
-
-
-
-
-
-
-
-
-
搜索结果
99 条记录 (耗时 0.036 秒)
