利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

99 条记录 (耗时 0.067 秒)

    Detecting network anomalies by probabilistic modeling of argument strings with markov chains
    23.
    发明授权
    Detecting network anomalies by probabilistic modeling of argument strings with markov chains 有权
    通过使用马尔可夫链的参数串的概率建模来检测网络异常

    公开(公告)号:US09253201B2

    公开(公告)日:2016-02-02

    申请号:US14476142

    申请日:2014-09-03

    申请人: Yingbo Song Angelos D. Keromytis Salvatore J. Stolfo

    发明人: Yingbo Song Angelos D. Keromytis Salvatore J. Stolfo

    IPC分类号: H04L29/06 H04L29/08

    CPC分类号: H04L63/1425 H04L63/1416 H04L63/1466 H04L67/02 H04L69/16

    摘要: Systems, methods, and media for detecting network anomalies are provided. In some embodiments, a training dataset of communication protocol messages having argument strings is received. The content and structure associated with each of the argument strings is determined and a probabilistic model is trained using the determined content and structure of each of the argument strings. A communication protocol message having an argument string that is transmitted from a first processor to a second processor across a computer network is received. The received communication protocol message is compared to the probabilistic model and then it is determined whether the communication protocol message is anomalous.

    摘要翻译: 提供了检测网络异常的系统,方法和介质。 在一些实施例中,接收具有参数串的通信协议消息的训练数据集。 确定与每个参数串相关联的内容和结构,并且使用确定的每个参数串的内容和结构来训练概率模型。 接收具有通过计算机网络从第一处理器发送到第二处理器的参数串的通信协议消息。 将接收到的通信协议消息与概率模型进行比较,然后确定通信协议消息是否是异常的。

    Systems and methods for inhibiting attacks on applications
    24.
    发明授权
    Systems and methods for inhibiting attacks on applications 有权
    抑制应用攻击的系统和方法

    公开(公告)号:US08763103B2

    公开(公告)日:2014-06-24

    申请号:US12297730

    申请日:2006-04-21

    申请人: Michael E. Locasto Salvatore J. Stolfo Angelos D. Keromytis Ke Wang

    发明人: Michael E. Locasto Salvatore J. Stolfo Angelos D. Keromytis Ke Wang

    IPC分类号: H04L29/06 G06F21/41

    CPC分类号: H04L63/1416 G06F21/41 H04L63/0815 H04L63/1408 H04L63/1441

    摘要: In accordance with some embodiments of the present invention, systems and methods that protect an application from attacks are provided. In some embodiments of the present invention, input from an input source, such as traffic from a communication network, can be routed through a filtering proxy that includes one or more filters, classifiers, and/or detectors. In response to the input passing through the filtering proxy to the application, a supervision framework monitors the input for attacks (e.g., code injection attacks). The supervision framework can provide feedback to tune the components of the filtering proxy.

    摘要翻译: 根据本发明的一些实施例,提供了保护应用免受攻击的系统和方法。 在本发明的一些实施例中,可以通过包括一个或多个过滤器,分类器和/或检测器的过滤代理来路由来自诸如来自通信网络的业务的输入源的输入。 响应于通过过滤代理的输入到应用程序,监督框架监视输入的攻击(例如代码注入攻击)。 监督框架可以提供反馈来调整过滤代理的组件。

    Systems and methods for content extraction
    26.
    发明授权
    Systems and methods for content extraction 有权
    内容提取的系统和方法

    公开(公告)号:US08468445B2

    公开(公告)日:2013-06-18

    申请号:US11395579

    申请日:2006-03-30

    申请人: Suhit Gupta Gail Kaiser Salvatore J. Stolfo

    发明人: Suhit Gupta Gail Kaiser Salvatore J. Stolfo

    IPC分类号: G06F17/00 G06F9/45

    CPC分类号: G06F17/2247 G06F17/30864 G06F17/30908 G06F17/30914

    摘要: A content extraction process may parse markup language text into a hierarchical data model and then apply one or more filters. Output filters may be used to make the process more versatile. The operation of the content extraction process and the one or more filters may be controlled by one or more settings set by a user, or automatically by a classifier. The classifier may automatically enter settings by classifying markup language text and entering settings based on this classification. Automatic classification may be performed by clustering unclassified markup language texts with previously classified markup language texts.

    摘要翻译: 内容提取过程可以将标记语言文本解析成分层数据模型,然后应用一个或多个过滤器。 输出滤波器可用于使该过程更加通用。 内容提取处理和一个或多个过滤器的操作可以由用户设置的一个或多个设置或由分类器自动地控制。 分类器可以通过分类标记语言文本并根据此分类输入设置来自动输入设置。 可以通过将未分类的标记语言文本与先前分类的标记语言文本进行聚类来执行自动分类。

    System and methods for detecting malicious email transmission
    27.
    发明授权
    System and methods for detecting malicious email transmission 有权

    公开(公告)号:US08443441B2

    公开(公告)日:2013-05-14

    申请号:US12633493

    申请日:2009-12-08

    申请人: Salvatore J. Stolfo Eleazar Eskin Shlomo Herskop Manasi Bhattacharyya

    发明人: Salvatore J. Stolfo Eleazar Eskin Shlomo Herskop Manasi Bhattacharyya

    IPC分类号: G06F21/00

    CPC分类号: H04L63/1425 H04L51/12 H04L63/145

    摘要: A system and methods of detecting an occurrence of a violation of an email security policy of a computer system. A model relating to the transmission of prior emails through the computer system is defined which is derived from statistics relating to the prior emails. For selected emails to be analyzed, statistics concerning the selected email are gathered. Such statistics may refer to the behavior or other features of the selected emails, attachments to emails, or email accounts. The determination of whether a violation of an email security policy has occurred is performed by applying the model of prior email transmission to the statistics relating to the selected email. The model may be statistical or probabilistic. A model of prior email transmission may include grouping email recipients into cliques. A determination of a violation of a security policy may occur if email recipients for a particular email are in more than one clique.

    Systems, methods, and media protecting a digital data processing device from attack
    28.
    发明授权
    Systems, methods, and media protecting a digital data processing device from attack 有权
    保护数字数据处理设备免受攻击的系统,方法和媒体

    公开(公告)号:US08407785B2

    公开(公告)日:2013-03-26

    申请号:US12063733

    申请日:2006-08-18

    申请人: Stylianos Sidiroglou Angelos D. Keromytis Salvatore J. Stolfo

    发明人: Stylianos Sidiroglou Angelos D. Keromytis Salvatore J. Stolfo

    IPC分类号: G06F11/00

    CPC分类号: H04L63/1425 H04L51/08 H04L51/12 H04L63/1416 H04L63/1466

    摘要: In accordance with some embodiments of the disclosed subject matter, systems, methods, and media for protecting a digital data processing device from attack are provided. For example, in some embodiments, a method for protecting a digital data processing device from attack is provided, that includes, within a virtual environment: receiving at least one attachment to an electronic mail; and executing the at least one attachment; and based on the execution of the at least one attachment, determining whether anomalous behavior occurs.

    摘要翻译: 根据所公开的主题的一些实施例,提供了用于保护数字数据处理装置免受攻击的系统,方法和媒体。 例如,在一些实施例中,提供了一种用于保护数字数据处理设备免受攻击的方法,其包括在虚拟环境内:接收至少一个附件到电子邮件; 以及执行所述至少一个附件; 并且基于所述至少一个附件的执行,确定是否发生异常行为。

    Systems, methods, and media for generating sanitized data, sanitizing anomaly detection models, and/or generating sanitized anomaly detection models
    29.
    发明授权
    Systems, methods, and media for generating sanitized data, sanitizing anomaly detection models, and/or generating sanitized anomaly detection models 有权
    用于生成消毒数据,消毒异常检测模型和/或生成消毒异常检测模型的系统,方法和介质

    公开(公告)号:US08407160B2

    公开(公告)日:2013-03-26

    申请号:US11940790

    申请日:2007-11-15

    申请人: Gabriela Cretu Angelos Stavrou Salvatore J. Stolfo Angelos D. Keromytis Michael E. Locasto

    发明人: Gabriela Cretu Angelos Stavrou Salvatore J. Stolfo Angelos D. Keromytis Michael E. Locasto

    IPC分类号: G06F15/18

    CPC分类号: H04L63/1425 G06N99/005 H04L63/14

    摘要: Systems, methods, and media for generating sanitized data, sanitizing anomaly detection models, and generating anomaly detection models are provided. In some embodiments, methods for generating sanitized data are provided. The methods including: dividing a first training dataset comprised of a plurality of training data items into a plurality of data subsets each including at least one training data item of the plurality of training data items of the first training dataset; based on the plurality of data subsets, generating a plurality of distinct anomaly detection micro-models; testing at least one data item of the plurality of data items of a second training dataset of training data items against each of the plurality of micro-models to produce a score for the at least one tested data item; and generating at least one output dataset based on the score for the at least one tested data item.

    摘要翻译: 提供了生成消毒数据,消毒异常检测模型和生成异常检测模型的系统,方法和介质。 在一些实施例中,提供了生成消毒数据的方法。 所述方法包括:将由多个训练数据项组成的第一训练数据集划分成多个数据子集,每个数据子集包括第一训练数据集的多个训练数据项中的至少一个训练数据项; 基于所述多个数据子集,生成多个不同的异常检测微模型; 针对所述多个微模型中的每一个测试训练数据项的第二训练数据集的所述多个数据项中的至少一个数据项,以产生所述至少一个测试数据项的分数; 以及基于所述至少一个测试数据项的得分来生成至少一个输出数据集。

    Apparatus method and medium for tracing the origin of network transmissions using n-gram distribution of data
    30.
    发明授权
    Apparatus method and medium for tracing the origin of network transmissions using n-gram distribution of data 有权
    用于使用n-gram分布的数据跟踪网络传输的来源的装置方法和介质

    公开(公告)号:US08239687B2

    公开(公告)日:2012-08-07

    申请号:US10986467

    申请日:2004-11-12

    申请人: Salvatore J. Stolfo

    发明人: Salvatore J. Stolfo

    IPC分类号: H04L29/06

    CPC分类号: H04L63/1425 G06F21/55 G06F21/552 G06F21/554 G06F21/56 G06F21/562 G06F21/563 G06F21/564 H04L43/00 H04L43/0876 H04L63/0218 H04L63/0245 H04L63/0263 H04L63/029 H04L63/145

    摘要: A method, apparatus, and medium are provided for tracing the origin of network transmissions. Connection records are maintained at computer system for storing source and destination addresses. The connection records also maintain a statistical distribution of data corresponding to the data payload being transmitted. The statistical distribution can be compared to that of the connection records in order to identify the sender. The location of the sender can subsequently be determined from the source address stored in the connection record. The process can be repeated multiple times until the location of the original sender has been traced.

    摘要翻译: 提供了一种用于跟踪网络传输来源的方法,装置和介质。 在计算机系统中维护连接记录,用于存储源和目的地址。 连接记录还保持对应于正在发送的数据有效载荷的数据的统计分布。 可以将统计分布与连接记录的统计分布进行比较,以便识别发送者。 随后可以从存储在连接记录中的源地址确定发送者的位置。 该过程可以重复多次,直到原始发送者的位置被跟踪为止。