-
公开(公告)号:US08726005B2
公开(公告)日:2014-05-13
申请号:US12965413
申请日:2010-12-10
IPC分类号: H04L29/06
CPC分类号: H04L63/1408 , G06F21/6209 , G06F2221/0737
摘要: A website fingerprint is generated that characterizes network traffic associated with a website as a website traffic fingerprint that includes size description(s), order description(s), and timing description(s) of packet traffic for the website. A website monitor generates website trace(s) of packet statistics. A correlation processor correlates a sequence of packet statistics from the website trace(s) with the size description, the order description, and timing description found in the website traffic fingerprint(s).
摘要翻译: 生成网站指纹,其将与网站相关联的网络流量表征为网站流量指纹,其包括网站的分组流量的大小描述,订单描述和时间描述。 网站监视器生成数据包统计信息的网站跟踪。 相关处理器将来自网站痕迹的分组统计序列与在网站流量指纹中找到的大小描述,顺序描述和时间描述相关联。
-
公开(公告)号:US20120297057A1
公开(公告)日:2012-11-22
申请号:US13296312
申请日:2011-11-15
申请人: Anup K. Ghosh , Kun Sun , Jiang Wang , Angelos Stavrou
发明人: Anup K. Ghosh , Kun Sun , Jiang Wang , Angelos Stavrou
IPC分类号: G06F15/173
CPC分类号: H04L63/1441 , G06F9/45558 , G06F21/575 , G06F2009/45587 , G06F2221/2105
摘要: A hardware-assisted integrity monitor may include one or more target machines and/or monitor machines. A target machine may include one or more processors, which may include one or more system management modes (SMM). A SMM may include one or more register checking modules, which may be configured to determine one or more current CPU register states. A SMM may include one or more acquiring modules, which may be configured to determine one or more current memory states. A SMM may include one or more network modules, which may be configured to direct one or more communications, for example of one or more current CPU register states and/or current memory states, to a monitor machine. A monitor machine may include one or more network modules and/or analysis modules. An analysis module may be configured to determine memory state differences and/or determine CPU register states differences.
摘要翻译: 硬件辅助完整性监视器可以包括一个或多个目标机器和/或监视器机器。 目标机器可以包括一个或多个处理器,其可以包括一个或多个系统管理模式(SMM)。 SMM可以包括一个或多个寄存器检查模块,其可以被配置为确定一个或多个当前CPU寄存器状态。 SMM可以包括一个或多个获取模块,其可以被配置为确定一个或多个当前存储器状态。 SMM可以包括一个或多个网络模块,其可以被配置为将一个或多个通信(例如一个或多个当前CPU寄存器状态和/或当前存储器状态)引导到监视器机器。 监视器机器可以包括一个或多个网络模块和/或分析模块。 分析模块可以被配置为确定存储器状态差异和/或确定CPU寄存器状态差异。
-
公开(公告)号:US20110099620A1
公开(公告)日:2011-04-28
申请号:US12757675
申请日:2010-04-09
IPC分类号: G06F21/00
CPC分类号: H04L63/1416 , G06F21/566 , G06F2221/2103 , G06F2221/2119 , H04L63/08 , H04L63/0884 , H04L63/145 , H04L67/02
摘要: A transparent proxy for malware detection includes a monitor module, a protocol determination module, a challenge generation module, a response determination module, and a data control module. The monitor module examines data originating from an application towards a remote server. The protocol determination module identifies the protocol type used for the data. The challenge generation module produces a challenge for the application based upon the protocol type, sends the challenge to the application, and maintains a state related to the data and the challenge. The response determination module makes a determination if an automatic non-interactive application response is received in response to the challenge from the application. The data control module allows the first data to continue to the remote server when the determination is valid. The data control module reports malware detection and blocks the data to continue to the remote server when the determination is invalid.
摘要翻译: 用于恶意软件检测的透明代理包括监视器模块,协议确定模块,质询生成模块,响应确定模块和数据控制模块。 监视器模块将从应用程序发送到远程服务器的数据进行检查。 协议确定模块识别用于数据的协议类型。 挑战生成模块基于协议类型为应用程序产生挑战,向应用程序发送挑战,并维护与数据和挑战相关的状态。 响应确定模块确定响应于来自应用的挑战是否接收到自动非交互式应用响应。 当确定有效时,数据控制模块允许第一数据继续到远程服务器。 当确定无效时,数据控制模块报告恶意软件检测并阻止数据继续到远程服务器。
-
公开(公告)号:US20100186074A1
公开(公告)日:2010-07-22
申请号:US12688037
申请日:2010-01-15
CPC分类号: H04L9/3271 , G06F21/36 , H04L9/3226 , H04L63/083 , H04L63/18 , H04L2209/80 , H04W12/06
摘要: An authenticator may include graphical passwords. An authenticator may include a password image, which may include one or more clickable areas, and/or a key image, which may include click point data. An authenticator may include a mobile computing resource, a terminal computing resource and/or a challenger, which may be configured to communicate with each other. A mobile computing resource may be configured to receive and/or display a key image, such that click point data may be presented, determined, and/or input to a password image. A challenger may be configured to compare input click point data and a key image.
摘要翻译: 认证者可能包括图形密码。 认证者可以包括可以包括一个或多个可点击区域的密码图像和/或可以包括点击数据的密钥图像。 认证器可以包括可以被配置为彼此通信的移动计算资源,终端计算资源和/或挑战者。 移动计算资源可以被配置为接收和/或显示关键图像,使得点击点数据可以被呈现,确定和/或输入到密码图像。 可以将挑战者配置为比较输入点击数据和关键图像。
-
公开(公告)号:US10127137B2
公开(公告)日:2018-11-13
申请号:US15173462
申请日:2016-06-03
申请人: Fengwei Zhang , Kevin Leach , Angelos Stavrou , Haining Wang
发明人: Fengwei Zhang , Kevin Leach , Angelos Stavrou , Haining Wang
摘要: Embodiments herein disclose a debugging framework that employs a mode in the processor (for example, a processor using x86 architecture), to transparently study armored malware. Embodiments herein perform stealthy debugging by leveraging System Management Mode (SMM) to transparently debug software on bare-metal.
-
公开(公告)号:US20110314269A1
公开(公告)日:2011-12-22
申请号:US12965413
申请日:2010-12-10
IPC分类号: H04L9/00
CPC分类号: H04L63/1408 , G06F21/6209 , G06F2221/0737
摘要: A website fingerprint is generated that characterizes network traffic associated with a website as a website traffic fingerprint that includes size description(s), order description(s), and timing description(s) of packet traffic for the website. A website monitor generates website trace(s) of packet statistics. A correlation processor correlates a sequence of packet statistics from the website trace(s) with the size description, the order description, and timing description found in the website traffic fingerprint(s).
摘要翻译: 生成网站指纹,其将与网站相关联的网络流量表征为网站流量指纹,其包括网站的分组流量的大小描述,订单描述和时间描述。 网站监视器生成数据包统计信息的网站跟踪。 相关处理器将来自网站痕迹的分组统计序列与在网站流量指纹中找到的大小描述,顺序描述和时间描述相关联。
-
公开(公告)号:US20110164506A1
公开(公告)日:2011-07-07
申请号:US12835228
申请日:2010-07-13
IPC分类号: H04L12/56
CPC分类号: H04L43/12 , H04L41/0803
摘要: Embodiments of the present invention include a system or method for inferring packet management rules of a packet management device. A probing device is used to extract at least one of port number and IP address from a packet management configuration file. The probing device classifies extracted numbers and selectively transmits packets to a packet management device. A packet analyzer notifies the probing device when a packet passes through the packet management device. Based on the notification, the probing device is able to transmit packets to the packet management device in a non-exhaustive manner and determine a port range corresponding to a packet management rule.
摘要翻译: 本发明的实施例包括用于推断分组管理设备的分组管理规则的系统或方法。 探测设备用于从分组管理配置文件中提取端口号和IP地址中的至少一个。 探测设备对提取的号码进行分类,并选择性地将数据包发送到数据包管理设备。 分组分析器在分组通过分组管理设备时通知探测设备。 基于该通知,探测装置能够以非穷尽的方式向分组管理装置发送分组,并且确定与分组管理规则相对应的端口范围。
-
公开(公告)号:US20160357657A1
公开(公告)日:2016-12-08
申请号:US15173462
申请日:2016-06-03
申请人: Fengwei Zhang , Kevin Leach , Angelos Stavrou , Haining Wang
发明人: Fengwei Zhang , Kevin Leach , Angelos Stavrou , Haining Wang
CPC分类号: G06F11/362 , G06F21/567 , H04L63/1425 , H04L63/145 , H04L67/42
摘要: Embodiments herein disclose a debugging framework that employs a mode in the processor (for example, a processor using x86 architecture), to transparently study armored malware. Embodiments herein perform stealthy debugging by leveraging System Management Mode (SMM) to transparently debug software on bare-metal.
摘要翻译: 本文的实施例公开了在处理器(例如,使用x86架构的处理器)中采用模式的调试框架,以透明地研究装甲恶意软件。 本文的实施例通过利用系统管理模式(SMM)在裸机上透明地调试软件来执行隐形调试。
-
公开(公告)号:US08819225B2
公开(公告)日:2014-08-26
申请号:US13296312
申请日:2011-11-15
申请人: Jiang Wang , Angelos Stavrou , Anup Ghosh , Kun Sun
发明人: Jiang Wang , Angelos Stavrou , Anup Ghosh , Kun Sun
IPC分类号: G06F15/173 , G06F11/00
CPC分类号: H04L63/1441 , G06F9/45558 , G06F21/575 , G06F2009/45587 , G06F2221/2105
摘要: A hardware-assisted integrity monitor may include one or more target machines and/or monitor machines. A target machine may include one or more processors, which may include one or more system management modes (SMM). A SMM may include one or more register checking modules, which may be configured to determine one or more current CPU register states. A SMM may include one or more acquiring modules, which may be configured to determine one or more current memory states. A SMM may include one or more network modules, which may be configured to direct one or more communications, for example of one or more current CPU register states and/or current memory states, to a monitor machine. A monitor machine may include one or more network modules and/or analysis modules. An analysis module may be configured to determine memory state differences and/or determine CPU register states differences.
摘要翻译: 硬件辅助完整性监视器可以包括一个或多个目标机器和/或监视器机器。 目标机器可以包括一个或多个处理器,其可以包括一个或多个系统管理模式(SMM)。 SMM可以包括一个或多个寄存器检查模块,其可以被配置为确定一个或多个当前CPU寄存器状态。 SMM可以包括一个或多个获取模块,其可以被配置为确定一个或多个当前存储器状态。 SMM可以包括一个或多个网络模块,其可以被配置为将一个或多个通信(例如一个或多个当前CPU寄存器状态和/或当前存储器状态)引导到监视器机器。 监视器机器可以包括一个或多个网络模块和/或分析模块。 分析模块可以被配置为确定存储器状态差异和/或确定CPU寄存器状态差异。
-
公开(公告)号:US20120297457A1
公开(公告)日:2012-11-22
申请号:US13296319
申请日:2011-11-15
IPC分类号: G06F21/00
CPC分类号: G06F21/56 , H04L63/0281 , H04L63/1416 , H04L63/145 , H04L65/1006 , H04L65/1069 , H04L65/1076 , H04L65/1079
摘要: An interactive detector that includes a challenger and authorizer. The challenger may send a challenge to a source application in response to an intercepted request intended for a destination application from the source application. The challenge may be configured to invoke an expected challenge response from component(s) of the source application. The authorizer may allow the request to proceed to the destination application if a received challenge response generated by the source application satisfies the expected challenge response.
摘要翻译: 交互式检测器,包括挑战者和授权者。 响应于来自源应用程序的针对目的地应用的拦截请求,挑战者可以向源应用发送挑战。 挑战可以被配置为从源应用的组件调用预期的挑战响应。 如果源应用程序生成的接收到的质询响应满足预期的挑战响应,则授权者可以允许请求进行到目的地应用。
-
-
-
-
-
-
-
-
-
搜索结果
32 条记录 (耗时 0.023 秒)
