公开(公告)号：US08352409B1

公开(公告)日：2013-01-08

申请号：US12495621

申请日：2009-06-30

申请人： Sourabh Satish ,  Nicholas Graf ,  Lachlan Orr ,  Shane Pereira ,  Scott Sullivan

发明人： Sourabh Satish ,  Nicholas Graf ,  Lachlan Orr ,  Shane Pereira ,  Scott Sullivan

IPC分类号： G06N7/02 ,  G06N7/00

CPC分类号： G06N99/005

摘要： Systems and methods for improving the effectiveness of decision trees are disclosed. In one example, an exemplary method for performing such a task may include: 1) receiving, from at least one computing device, a) a sample, b) a classification assigned to the sample by a decision tree employed by the computing device, and c) identification information for a branch configuration that resulted in the classification, 2) determining that the decision tree incorrectly classified the sample, and then 3) excluding the offending branch configuration from future decision trees. An exemplary method for dynamically adjusting the confidence of decision-tree classifications based on community-supplied data, along with corresponding systems and computer-readable media, are also described.

摘要翻译： 公开了提高决策树有效性的系统和方法。 在一个示例中，用于执行这样的任务的示例性方法可以包括：1）从至少一个计算设备接收a）样本，b）由计算设备使用的决策树分配给样本的分类，以及 c）导致分类的分支配置的识别信息，2）确定决策树不正确地对样本进行分类，然后3）从未来的决策树中排除违规分支配置。 还描述了用于基于社区提供的数据以及对应的系统和计算机可读介质来动态地调整决策树分类的置信度的示例性方法。

公开(公告)号：US20200344113A1

公开(公告)日：2020-10-29

申请号：US16926907

申请日：2020-07-13

申请人： Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas ,  Sourabh Satish

发明人： Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas ,  Sourabh Satish

IPC分类号： H04L12/24 ,  H04L29/06

摘要： Described herein are systems, methods, and software to enhance the management of responses to incidents. In one example, a method of improving incident response comprises identifying an incident in an information technology (IT) environment associated with a first entity of a plurality of entities, and identifying action implementation information related to the incident. The method further anonymizes the action implementation information for the incident, and determines action suggestions based at least on the anonymized action implementation information.

公开(公告)号：US09959404B2

公开(公告)日：2018-05-01

申请号：US11865073

申请日：2007-10-01

申请人： Carey Nachenberg ,  Michael Spertus ,  Sourabh Satish ,  Gerry Egan

发明人： Carey Nachenberg ,  Michael Spertus ,  Sourabh Satish ,  Gerry Egan

IPC分类号： G06F21/51 ,  G06F21/56 ,  H04L29/06

CPC分类号： G06F21/51 ,  G06F21/56 ,  H04L63/1416

摘要： Computer-implemented methods and systems for creating or updating approved-file and trusted-domain databases and verifying the legitimacy of files are disclosed. A method for creating or updating an approved-file database may include intercepting a first file, identifying a source domain associated with the first file, identifying a trusted-domain database, determining whether a database record for the source domain associated with the first file exists within the trusted-domain database, creating a hash value for the first file if a database record for the source domain associated with the first file exists within the trusted-domain database, and storing the hash value for the first file in an approved-file database. Methods and systems for verifying the legitimacy of a file and for creating or updating a trusted-domain database are also disclosed.

公开(公告)号：US09077715B1

公开(公告)日：2015-07-07

申请号：US11394846

申请日：2006-03-31

申请人： Sourabh Satish ,  Brian Hernacki

发明人： Sourabh Satish ,  Brian Hernacki

IPC分类号： G06F21/00 ,  H04L29/06

CPC分类号： H04L63/10 ,  G06F21/00 ,  G06F21/552 ,  H04L63/1425 ,  H04L63/145

摘要： Making a trust decision is disclosed. One or more members of a social trust network are polled for information associated with a trust decision about a computing environment. The information includes information collected automatically with respect to activities of one or more of the one or more members of the social trust network. At least one action is taken based at least in part on the information.

摘要翻译： 披露信任决定。 针对与关于计算环境的信任决策相关联的信息，轮询社会信任网络的一个或多个成员。 该信息包括针对一个或多个一个或多个社会信任网络成员的活动而自动收集的信息。 至少部分地基于该信息采取至少一个动作。

公开(公告)号：US08977764B1

公开(公告)日：2015-03-10

申请号：US12039515

申请日：2008-02-28

申请人： Zulfikar Ramzan ,  Sourabh Satish ,  Brian Hernacki

发明人： Zulfikar Ramzan ,  Sourabh Satish ,  Brian Hernacki

IPC分类号： G06F15/16

CPC分类号： G06F11/3466 ,  G06F9/44521 ,  G06F11/3409 ,  G06F2201/865

摘要： Application usage is profiled based on application streaming. Code pages of multiple applications are streamed from a server to multiple client computers (endpoints) for execution. The streaming of the code pages is monitored, and usage data is collected such as which pages are streamed to which endpoints, under what circumstances and when. By referencing the streamed code pages and the underlying source code, the code pages are mapped (at least approximately) to corresponding application features. The collected usage data usage and the relevant mapping are analyzed, to create application usage profile data for streamed applications. The application usage profile data can include such information as how often, when, where and by whom application components are being executed, as well as which components cause errors, are most popular, confuse users, etc.

摘要翻译： 应用程序使用情况基于应用程序流式进行分析。 多个应用程序的代码页从服务器流式传输到多个客户端计算机（端点）以供执行。 监视代码页的流式传输，并收集使用数据，例如哪些页面被流式传输到哪个端点，在什么情况下和什么时候。 通过引用流传输的代码页和底层的源代码，代码页被映射（至少近似）到相应的应用程序特征。 分析收集的使用数据用法和相关映射，以创建流应用程序的应用程序使用情况数据。 应用程序使用情况数据可以包括诸如应用组件的执行频率，何时何地以及由哪个应用组件执行的信息以及哪些组件导致错误，最受欢迎的，混淆用户等的信息。

公开(公告)号：US08955109B1

公开(公告)日：2015-02-10

申请号：US12771980

申请日：2010-04-30

申请人： Sourabh Satish

发明人： Sourabh Satish

IPC分类号： G06F11/00

CPC分类号： G06F21/577 ,  G06F21/50 ,  G06F2221/034 ,  G09B5/00 ,  G09B19/0053

摘要： Social engineering attacks are simulated to a user, by performing the steps of the attacks without actually performing any malicious activity. Educational security information is displayed to the user, based on the user's response to simulated social engineering attacks. If the user responds to a simulated social engineering attack in a manner indicating that the user is vulnerable, educational security information can be displayed that educates the user as to how to avoid being victimized. One or more security settings for protecting the user's computer from malware can be adjusted, based on the user's response to the simulating of social engineering attacks. Additionally, other factors can be adjusted based on the user's response to the simulating of social engineering attacks, such as a security hygiene rating and/or a level of monitoring activity concerning the user.

摘要翻译： 通过在不实际执行任何恶意活动的情况下执行攻击步骤，向用户模拟社会工程攻击。 根据用户对模拟社会工程攻击的反应，向用户显示教育安全信息。 如果用户以表示用户易受攻击的方式对模拟的社会工程攻击做出响应，则可以显示教育安全信息，教育用户如何避免受害。 可以根据用户对模拟社会工程攻击的反应来调整用于保护用户计算机免受恶意软件的一个或多个安全设置。 另外，还可以根据用户对模拟社会工程攻击的反应来调整其他因素，例如安全卫生评级和/或关于用户的监视活动级别。

公开(公告)号：US08949187B1

公开(公告)日：2015-02-03

申请号：US12130786

申请日：2008-05-30

申请人： Sourabh Satish ,  William E. Sobel

发明人： Sourabh Satish ,  William E. Sobel

IPC分类号： G06F7/00 ,  G06F17/30

CPC分类号： G06F11/1461 ,  G01R31/3679 ,  G06F11/1441

摘要： A computer-implemented method may include performing an evaluation of the computing system's health. The computer-implemented method may also include comparing results of the evaluation with the results of at least one prior evaluation of the computing system's health and then determining, based on the comparison, that a current state of health of the computing system is healthier than at least one prior state of health of the computing system. In addition, the computer-implemented method may include creating a backup of the computing system. A computer-implemented method for managing backups of a computing system based on health information is also disclosed. Corresponding systems and computer-readable media are also disclosed.

摘要翻译： 计算机实现的方法可以包括对计算系统的健康进行评估。 计算机实现的方法还可以包括将评估的结果与计算系统的健康的至少一个先前评估的结果进行比较，然后基于比较来确定计算系统的当前健康状况比在 至少一个计算系统的健康状况。 此外，计算机实现的方法可以包括创建计算系统的备份。 还公开了一种用于管理基于健康信息的计算系统的备份的计算机实现的方法。 还公开了相应的系统和计算机可读介质。

公开(公告)号：US08862730B1

公开(公告)日：2014-10-14

申请号：US11392093

申请日：2006-03-28

申请人： Brian Hernacki ,  Sourabh Satish

发明人： Brian Hernacki ,  Sourabh Satish

IPC分类号： G06F15/173 ,  H04L29/06 ,  H04L12/24

CPC分类号： H04L63/1433 ,  H04L29/06551 ,  H04L29/06884 ,  H04L29/06904 ,  H04L41/08 ,  H04L41/0803 ,  H04L63/10 ,  H04L63/1408 ,  H04L63/20

摘要： Providing security for a network is disclosed. Network traffic associated with a host is monitored. If an activity pattern associated with a configuration change of the host is observed, access by the host to the network is restricted based at least in part on the observed activity pattern.

摘要翻译： 披露了网络的安全性。 监控与主机相关联的网络流量。 如果观察到与主机的配置更改相关联的活动模式，则至少部分地基于观察到的活动模式来限制主机对网络的访问。

公开(公告)号：US08788845B1

公开(公告)日：2014-07-22

申请号：US13525105

申请日：2012-06-15

申请人： Sourabh Satish

发明人： Sourabh Satish

IPC分类号： G06F21/00 ,  G06F21/54 ,  G06F21/62 ,  H04L9/32

CPC分类号： G06F21/00 ,  G06F21/53 ,  G06F21/54 ,  G06F21/62 ,  G06F2221/2141 ,  H04L9/32

摘要： An execution environment of a computer computes an initial effective permissions set for managed code based on user identity evidence, code evidence and/or a security policy and executes the code with this permissions set. If the managed code requests a data access, the execution environment considers data evidence that indicates the trustworthiness of the requested data. The data evidence can be based on the source of the data, the location of the data, the content of the data itself, or other factors. The execution environment computes a new effective permissions set for the managed code based on the data evidence and the security policy. This new effective permissions set is applied to the managed code while the code accesses the data. The execution environment restores the initial permissions set once the managed code completes the data access.

摘要翻译： 计算机的执行环境根据用户身份证据，代码证据和/或安全策略计算托管代码的初始有效权限集，并使用该权限集执行代码。 如果托管代码请求数据访问，则执行环境会考虑指示所请求数据的可信赖性的数据证据。 数据证据可以基于数据的来源，数据的位置，数据本身的内容或其他因素。 执行环境根据数据证据和安全策略计算托管代码的新的有效权限集。 当代码访问数据时，这个新的有效权限集应用于托管代码。 一旦托管代码完成数据访问，执行环境将恢复初始权限集。

公开(公告)号：US08667592B2

公开(公告)日：2014-03-04

申请号：US13048380

申请日：2011-03-15

申请人： William E. Sobel ,  Sourabh Satish

发明人： William E. Sobel ,  Sourabh Satish

IPC分类号： G06F11/00

CPC分类号： G06F21/564

摘要： A computer-implemented method for looking up anti-malware metadata may include identifying a plurality of executable objects to be scanned for malware before execution. The computer-implemented method may also include, for each executable object within the plurality of executable objects, assessing an imminence of execution of the executable object. The computer-implemented method may further include prioritizing, based on the assessments, a retrieval order for anti-malware metadata corresponding to the plurality of executable objects. The computer-implemented method may additionally include retrieving anti-malware metadata corresponding to an executable object within the plurality of executable objects based on the retrieval order. Various other methods, systems, and computer-readable media are also disclosed.

摘要翻译： 用于查找反恶意软件元数据的计算机实现的方法可以包括在执行之前识别要扫描恶意软件的多个可执行对象。 对于多个可执行对象中的每个可执行对象，计算机实现的方法还可以包括执行可执行对象的即将来临。 计算机实现的方法还可以包括基于评估来优先考虑与多个可执行对象相对应的反恶意软件元数据的检索顺序。 计算机实现的方法可以另外包括基于检索顺序检索对应于多个可执行对象内的可执行对象的反恶意软件元数据。 还公开了各种其它方法，系统和计算机可读介质。