公开(公告)号：US10171892B2

公开(公告)日：2019-01-01

申请号：US15347409

申请日：2016-11-09

申请人： John Petrachek ,  Xuewen Zhu ,  Jiang Li ,  Jianbin Xiao

发明人： John Petrachek ,  Xuewen Zhu ,  Jiang Li ,  Jianbin Xiao

IPC分类号： H04Q9/00 ,  G01F23/30 ,  H04L29/08 ,  E04D5/14 ,  E04D13/00 ,  G01K1/02 ,  G01K1/14 ,  G08B21/18 ,  G08B17/06

摘要： A drain monitor, a system, and a method monitor water level on a roof. The drain monitor includes a base for attaching to the roof, a riser attached to the base and projecting from the roof, a water level sensor attached to the riser for measuring water level on the roof, and a communication system positioned on the riser for transmitting measurement data received from the water level sensor.

公开(公告)号：US09049222B1

公开(公告)日：2015-06-02

申请号：US13365161

申请日：2012-02-02

申请人： Juan He ,  Jialai Zhu ,  Xuewen Zhu ,  Xiaochuan Wan

发明人： Juan He ,  Jialai Zhu ,  Xuewen Zhu ,  Xiaochuan Wan

IPC分类号： H04L29/06 ,  G06F21/56 ,  G06F21/57

CPC分类号： H04L63/1416 ,  G06F21/566 ,  G06F21/577 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/145

摘要： Cross-site scripting vulnerabilities in a Web browser that may lead to malware execution on a computing device are reduced. The specific vulnerabilities arise from HTML-based e-mails using e-mail service providers (e.g., Hotmail, Gmail, Yahoo) that have unknown or malformed HTML elements and Javascripts. These unknown elements may execute in a browser and cause harm to the computing device. To prevent this, the e-mail is parsed to create a DOM tree. The DOM tree is filtered using a normal element filter. The modified DOM tree is filtered a second time using a script analyzer filter to isolate potentially harmful HTML and Javascript elements. These elements are then emulated to determine which of them are in fact malicious. These malicious elements are then prevented from executing, for example, by preventing the e-mail recipient from opening the e-mail in the browser.

摘要翻译： Web浏览器中可能导致计算设备上恶意软件执行的跨站点脚本漏洞减少。 特定的漏洞源自使用电子邮件服务提供商（例如Hotmail，Gmail，Yahoo）的HTML电子邮件，其中包含未知或格式错误的HTML元素和Javascript。 这些未知元素可能在浏览器中执行，并对计算设备造成危害。 为了防止这种情况，电子邮件被解析为创建一个DOM树。 使用普通元素过滤器过滤DOM树。 修改后的DOM树第二次使用脚本分析器过滤器进行过滤，以隔离可能有害的HTML和Javascript元素。 然后将这些元素模拟以确定其中哪些实际上是恶意的。 然后，例如通过防止电子邮件接收者在浏览器中打开电子邮件来防止这些恶意元素的执行。

公开(公告)号：US08838992B1

公开(公告)日：2014-09-16

申请号：US13096453

申请日：2011-04-28

申请人： Xuewen Zhu ,  Lili Diao ,  Da Li ,  Dibin Tang

发明人： Xuewen Zhu ,  Lili Diao ,  Da Li ,  Dibin Tang

IPC分类号： G06F21/00 ,  G06F21/56

CPC分类号： G06F21/56 ,  G06F21/563 ,  G06F2221/2119

摘要： A machine learning model is used to identify normal scripts in a client computer. The machine learning model may be built by training using samples of known normal scripts and samples of known potentially malicious scripts and may take into account lexical and semantic characteristics of the sample scripts. The machine learning model and a feature set may be provided to the client computer by a server computer. In the client computer, the machine learning model may be used to classify a target script. The target script does not have to be evaluated for malicious content when classified as a normal script. Otherwise, when the target script is classified as a potentially malicious script, the target script may have to be further evaluated by an anti-malware or sent to a back-end system.

摘要翻译： 机器学习模型用于识别客户端计算机中的正常脚本。 机器学习模型可以通过使用已知正常脚本的样本和已知潜在恶意脚本的样本的训练来构建，并且可以考虑示例脚本的词汇和语义特征。 机器学习模型和特征集可以由服务器计算机提供给客户端计算机。 在客户端计算机中，机器学习模型可用于对目标脚本进行分类。 当分类为普通脚本时，目标脚本不必对恶意内容进行评估。 否则，当目标脚本被分类为潜在的恶意脚本时，目标脚本可能必须由反恶意软件进一步评估或发送到后端系统。

公开(公告)号：US09239922B1

公开(公告)日：2016-01-19

申请号：US13794400

申请日：2013-03-11

申请人： Xuewen Zhu ,  Xinfeng Liu ,  Xuebin Chen ,  Qiang Huang

发明人： Xuewen Zhu ,  Xinfeng Liu ,  Xuebin Chen ,  Qiang Huang

IPC分类号： G06F21/56 ,  G06F21/55

CPC分类号： G06F21/56 ,  G06F21/55 ,  G06F21/564

摘要： An application document known to include malware (such as a document exploit) is opened and executed by its corresponding software application. Behaviors of this document (such as registry, file system, network and process) are monitored and recorded using internal software drivers and hook modules. A behavior report is generated and a baseline pattern is created including a number of regular expressions. A suspicious document of the same type as the monitored document is opened and executed by the same corresponding software application. Behaviors are monitored in the same way and a behavior report is generated. This behavior report is compared to the baseline pattern and a determination is made as to whether a document exploit is present. Known benign documents may also be opened, monitored and their behavior recorded, resulting in creation of a known benign pattern for the corresponding software application.

摘要翻译： 已知包括恶意软件（例如文档漏洞）的应用程序文档由相应的软件应用程序打开并执行。 使用内部软件驱动程序和挂钩模块监视和记录本文档的行为（如注册表，文件系统，网络和进程）。 生成行为报告，并创建一个基准模式，其中包含许多正则表达式。 与受监控文档相同类型的可疑文档由相同的相应软件应用程序打开和执行。 以相同的方式监视行为，并生成行为报告。 将该行为报告与基线模式进行比较，并确定文档漏洞是否存在。 已知的良性文件也可能被打开，监视并记录其行为，导致为相应的软件应用程序创建已知的良性模式。

公开(公告)号：US08776240B1

公开(公告)日：2014-07-08

申请号：US13105379

申请日：2011-05-11

申请人： Weimin Wu ,  Kai Yu ,  Yiping Shen ,  Xuewen Zhu ,  Xingqi Ding

发明人： Weimin Wu ,  Kai Yu ,  Yiping Shen ,  Xuewen Zhu ,  Xingqi Ding

IPC分类号： G06F11/00

CPC分类号： G06F21/567 ,  G06F21/568 ,  G06F2221/2115 ,  G06F2221/2119

摘要： A Web browser or operating system of a computer maintains a historical URL list of Web sites and Web pages that have been accessed in the past. When a prescan module of antivirus software performs an initial prescan of a computer before the antivirus software is installed, it queries this historical URL list to obtain the URLs that have been accessed in the past. These URLs are sent to a URL online query service located remotely over the Internet in order to determine the status of any of these URLs. Each URL is attempted to be matched with a database of known malicious URLs including associated malicious files and associated cleanup patterns. The query service then informs the requesting computer of the status of a particular URL sent, sending back any related malicious files and any appropriate cleanup pattern. A time period associated with each URL in the database indicates when it is known that the URL was malicious.

摘要翻译： 计算机的Web浏览器或操作系统维护过去访问过的网站和网页的历史URL列表。 当防病毒软件的预扫描模块在安装防病毒软件之前执行计算机的初始预扫描时，它会查询此历史URL列表以获取过去访问过的URL。 这些URL被发送到通过Internet远程位置的URL在线查询服务，以便确定这些URL中的任何一个的状态。 尝试将每个URL与已知恶意URL的数据库进行匹配，包括相关联的恶意文件和关联的清理模式。 查询服务然后通知请求计算机发送的特定URL的状态，发回任何相关的恶意文件和任何适当的清理模式。 与数据库中的每个URL相关联的时间段指示何时知道URL是恶意的。