-
公开(公告)号:US07941854B2
公开(公告)日:2011-05-10
申请号:US10313732
申请日:2002-12-05
CPC分类号: H04L63/1408 , G06F21/316 , G06F21/552 , G06F21/554 , G06F21/566 , G06F2221/2101 , H04L63/1458
摘要: A method and system for managing an intrusion on a computer by graphically representing an intrusion pattern of a known past intrusion, and then comparing the intrusion pattern of the known intrusion with a current intrusion. The intrusion pattern may either be based on intrusion events, which are the effects of the intrusion or activities that provide a signature of the type of intrusion, or the intrusion pattern may be based on hardware topology that is affected by the intrusion. The intrusion pattern is graphically displayed with scripted responses, which in a preferred embodiment are presented in pop-up windows associated with each node in the intrusion pattern. Alternatively, the response to the intrusion may be automatic, based on a pre-determined percentage of common features in the intrusion pattern of the known past intrusion and the current intrusion.
摘要翻译: 用于通过图形地表示已知过去入侵的入侵模式来管理计算机上的入侵的方法和系统,然后将已知入侵的入侵模式与当前入侵进行比较。 入侵模式可以基于入侵事件,这是入侵或提供入侵类型的签名的活动的影响,或者入侵模式可能基于受入侵影响的硬件拓扑。 入侵模式以图形方式显示脚本响应,其在优选实施例中以与入侵模式中的每个节点相关联的弹出窗口中呈现。 或者,基于已知的过去入侵和当前入侵的入侵模式中的共同特征的预定百分比,对入侵的响应可以是自动的。
-
22.发明授权Developing and assuring policy documents through a process of refinement and classification 失效通过细化和分类的过程开发和确保政策文件公开(公告)号:US07552472B2
公开(公告)日:2009-06-23
申请号:US10324502
申请日:2002-12-19
IPC分类号: G06F15/177
CPC分类号: H04L63/1416 , H04L63/20
摘要: A system and method for developing network policy document and assuring up-to-date monitoring and automated refinement and classification of the network policy. The system administrator defines an initial policy document that is provided as the initial symbolic classifier. The classification rules remain in human readable form throughout the process. Network system data is fed through the classifier, which labels the data according to whether a policy constraint is violated. The labels are tagged to the data. The user then reviews the labels to determine whether the classification is satisfactory. If the classification of the data is satisfactory, the label is unaltered; However, if the classification is not satisfactory, the data is re-labeled. The re-labeled data is then introduced into a refinement algorithm, which determines what policy must be modified to correct classification of network events in accordance with the re-labeling. The network administrator then inspects the resulting new policy and modifies it if necessary. An updated classifier replaces the previous classifier.
摘要翻译: 一种用于开发网络策略文档并确保最新监控和网络策略的自动细化和分类的系统和方法。 系统管理员定义作为初始符号分类器提供的初始策略文档。 分类规则在整个过程中保持以人类可读的形式。 网络系统数据通过分类器馈送,分类器根据是否违反策略约束来标记数据。 标签被标记为数据。 用户然后审查标签以确定分类是否令人满意。 如果数据分类令人满意,则标签不变; 然而,如果分类不令人满意,则重新标记数据。 然后将重新标记的数据引入到细化算法中,该算法确定根据重新标记来确定哪些策略必须被修改以校正网络事件的分类。 然后,网络管理员检查生成的新策略,并在必要时对其进行修改。 更新的分类器将替换以前的分类器。
-
公开(公告)号:US07549166B2
公开(公告)日:2009-06-16
申请号:US10313728
申请日:2002-12-05
申请人: Paul T. Baffes , John Michael Garrison , Michael Gilfix , Allan Hsu , Tyron Jerrod Stading , Ronald S. Woan , John D. Wolpert , Shawn L. Young
发明人: Paul T. Baffes , John Michael Garrison , Michael Gilfix , Allan Hsu , Tyron Jerrod Stading , Ronald S. Woan , John D. Wolpert , Shawn L. Young
CPC分类号: G06F21/554 , G06F2221/2127
摘要: A method and system for handling a malicious intrusion to a machine in a networked group of computers. The malicious intrusion is an unauthorized access to the machine, such as a server in a server farm. When the intrusion is detected, the machine is isolated from the rest of the server farm, and the machine is reprovisioned as a decoy system having access to only data that is ersatz or at least non-sensitive. If the intrusion is determined to be non-malicious, then the machine is functionally reconnected to the server farm, and the machine is reprovisioned to a state held before the reprovisioning of the machine as a decoy machine.
摘要翻译: 一种用于处理对联网计算机组中的机器的恶意入侵的方法和系统。 恶意入侵是对机器的未经授权的访问,例如服务器场中的服务器。 当检测到入侵时,机器与服务器场的其余部分隔离,并且机器被重新配置为只能访问ersatz或至少不敏感的数据的诱饵系统。 如果入侵被确定为非恶意的,则机器在功能上重新连接到服务器场,并且机器被重新设置为在作为诱饵机器重新配置机器之前所持有的状态。
-
24.发明申请METHOD AND APPARATUS FOR A DRAG AND DROP OPERATION IMPLEMENTING A HIERARCHICAL PATH NAME 审中-公开用于执行分层路径名称的DRAG和DROP操作的方法和装置公开(公告)号:US20080307367A1
公开(公告)日:2008-12-11
申请号:US11759371
申请日:2007-06-07
IPC分类号: G06F3/048
CPC分类号: G06F3/0486
摘要: A computer implemented method, apparatus, and computer program product for transferring a file item. The process selects a file item in response to receiving a first input command. The process selects a file item in response to receiving a first input command. The process then identifies a file path name from a hierarchical file path to form a selected file path name. The file path name is identified by detecting a pointer passing over the file path name. In response to receiving a second input command, the process transfers the file item to a storage location associated with the selected file path name.
摘要翻译: 一种用于传送文件项目的计算机实现的方法,装置和计算机程序产品。 响应于接收到第一输入命令,该过程选择文件项。 响应于接收到第一输入命令,该过程选择文件项。 然后,进程从分层文件路径识别文件路径名,以形成选定的文件路径名。 通过检测通过文件路径名称的指针来标识文件路径名。 响应于接收到第二输入命令,该过程将文件项传送到与所选文件路径名相关联的存储位置。
-
公开(公告)号:US07412723B2
公开(公告)日:2008-08-12
申请号:US10334421
申请日:2002-12-31
IPC分类号: G08B23/00 , G06F12/14 , G06F15/18 , G06F15/173
CPC分类号: H04L63/1408 , H04L63/0227 , H04L63/1433 , H04L63/1491
摘要: A method, system, apparatus, or computer program product is presented for morphing a honeypot system on a dynamic and configurable basis. The morphing honeypot emulates a variety of services while falsely presenting information about potential vulnerabilities within the system that supports the honeypot. The morphing honeypot has the ability to dynamically change its personality or displayed characteristics using a variety of algorithms and a database of known operating system and service vulnerabilities. The morphing honeypot's personality can be changed on a timed or scheduled basis, on the basis of activity that is generated by the presented honeypot personality, or on some other basis. The morphing honeypot can also be integrated with intrusion detection systems and other types of computer security incident recognition systems to correlate its personality with detected nefarious activities.
-
公开(公告)号:US20090328213A1
公开(公告)日:2009-12-31
申请号:US12108236
申请日:2008-04-23
IPC分类号: G06F12/14 , G06F15/18 , G08B23/00 , G06F15/173
CPC分类号: H04L63/1441 , H04L63/1491
摘要: A method, system, apparatus, or computer program product is presented for morphing a honeypot system on a dynamic and configurable basis. The morphing honeypot emulates a variety of services while falsely presenting information about potential vulnerabilities within the system that supports the honeypot. The morphing honeypot has the ability to dynamically change its personality or displayed characteristics using a variety of algorithms and a database of known operating system and service vulnerabilities. The morphing honeypot's personality can be changed on a timed or scheduled basis, on the basis of activity that is generated by the presented honeypot personality, or on some other basis.
摘要翻译: 提出了一种方法,系统,装置或计算机程序产品,用于在动态和可配置的基础上变形蜜罐系统。 变形蜜罐模拟各种服务,同时虚假呈现系统中支持蜜罐的潜在漏洞信息。 变形蜜罐能够使用各种算法和已知操作系统和服务漏洞的数据库动态地改变其个性或显示特征。 变形蜜罐的个性可以根据所提供的蜜罐人格或其他基础产生的活动,定时或定期更改。
-
27.发明申请公开(公告)号:US20090113330A1
公开(公告)日:2009-04-30
申请号:US11928405
申请日:2007-10-30
IPC分类号: G06F3/048
CPC分类号: G06F3/0486
摘要: A method simplified drag and drop operations of display icons. This method calculates a projected path for an icon based on the past movement of the icon. The method highlights the “best fit” target icon as the mouse pointer moves across the screen. As the mouse pointer moves, or changes direction, the “best fit” target icon can change, with the current best-fit icon being highlighted. In addition to highlighting the target icon, a line or arrow from the mouse pointer to the target icon is maintained. The line presents the predicted path in a very noticeable, visual way. As the best-fit target icon changes, the line is re-drawn to point to the current best-fit icon. Regardless of how the target icon is visually indicated, releasing the mouse button will cause the drop operation to be completed “into” target. Completion of the drop could be instantaneous, or could be rendered with animation of some sort to indicate moving from the source to the target.
摘要翻译: 一种方法简化了显示图标的拖放操作。 该方法基于图标的过去运动来计算图标的投影路径。 该方法突出显示“最佳拟合”目标图标,鼠标指针移动到屏幕上。 当鼠标指针移动或改变方向时,“最佳拟合”目标图标可以改变,当前最佳拟合图标被突出显示。 除了突出显示目标图标之外,维护从鼠标指针到目标图标的线或箭头。 该线以非常明显的视觉方式呈现预测的路径。 当最佳拟合目标图标更改时,该线条将被重新绘制,以指向当前最佳拟合图标。 无论目标图标如何被视觉指示,释放鼠标按钮将使得drop操作完成“into”目标。 完成下降可能是瞬时的,或者可以使用某种动画来表示从源到目标的移动。
-
28.发明申请公开(公告)号:US20080216164A1
公开(公告)日:2008-09-04
申请号:US12104146
申请日:2008-04-16
IPC分类号: H04L9/32
CPC分类号: H04L63/102 , H04L63/0815
摘要: A method for providing access control to a single sign-on computer network is disclosed. A user is assigned to multiple groups within a computer network. In response to an access request by the user, the computer network determines a group pass count based on a user profile of the user. The group pass count is a number of groups in which the access request meets all their access requirements. The computer network grants the access request if the group pass count is greater than a predetermined high group pass threshold value.
摘要翻译: 公开了一种用于向单点登录计算机网络提供访问控制的方法。 用户被分配到计算机网络内的多个组。 响应于用户的访问请求,计算机网络基于用户的用户简档确定组通过计数。 组传递计数是访问请求满足其所有访问要求的一组组。 如果组通过计数大于预定的高组通过阈值,则计算机网络授予访问请求。
-
29.发明授权Method, apparatus, and program for associating related heterogeneous events in an event handler 有权用于在事件处理程序中关联相关异构事件的方法,装置和程序公开(公告)号:US07308689B2
公开(公告)日:2007-12-11
申请号:US10324569
申请日:2002-12-18
IPC分类号: G06F13/00
CPC分类号: H04L41/06 , G06F9/542 , G06F11/3495 , G06F2201/86 , H04L41/0213 , H04L41/0631 , H04L41/069 , H04L43/0876
摘要: An event handler is provided that associates events from heterogeneous data sources. In a first phase, incoming events are translated to vectors of event attributes. Based on the data source, implicit information about the event and its attributes may be available. This information is used to normalize the information provided by the event. Normalization actions may include renaming the attributes, deriving new attributes from given attributes, and transforming attribute value ranges. In a second phase, a determination is made as to whether two or more events are considered to be associated based on the vectors. Different vectors of core attributes may be created in order to create associations with different semantics.
摘要翻译: 提供了一个事件处理程序,用于将来自异构数据源的事件关联起来。 在第一阶段,传入事件被转换为事件属性的向量。 基于数据源,有关事件及其属性的隐含信息可能可用。 此信息用于规范事件提供的信息。 归一化动作可以包括重命名属性,从给定属性导出新属性,以及变换属性值范围。 在第二阶段中,基于向量确定两个或更多个事件是否被认为是相关联的。 可以创建不同的核心属性向量,以便创建与不同语义的关联。
-
公开(公告)号:US07278160B2
公开(公告)日:2007-10-02
申请号:US09931301
申请日:2001-08-16
申请人: Steven Black , Herve Debar , John Michael Garrison
发明人: Steven Black , Herve Debar , John Michael Garrison
CPC分类号: H04L63/1425
摘要: A method, computer program product, and apparatus for presenting data about security-related events that puts the data into a concise form is disclosed. Events are abstracted into a set data-type. Sets with common elements are grouped together, and summaries of the groups—“situations”—are presented to a user or administrator.
摘要翻译: 公开了一种方法,计算机程序产品和用于呈现关于将数据简化形式的安全相关事件的数据的装置。 事件被抽象为集合数据类型。 具有公共元素的集合被分组在一起,并且组 - “情况”的摘要被呈现给用户或管理员。
-
-
-
-
-
-
-
-
-
搜索结果
32 条记录 (耗时 0.03 秒)
