-
公开(公告)号:US20120084866A1
公开(公告)日:2012-04-05
申请号:US13166723
申请日:2011-06-22
申请人: Salvatore J. Stolfo
发明人: Salvatore J. Stolfo
IPC分类号: G06F21/00
CPC分类号: G06F21/554 , G06F21/566 , H04L63/1416 , H04L63/1491
摘要: Methods, systems, and media for measuring computer security are provided. In accordance with some embodiments, methods for measuring computer security are provided, the methods comprising: making at least one of decoys and non-threatening access violations accessible to a first user using a computer programmed to do so; maintaining statistics on security violations and non-violations of the first user using a computer programmed to do so; and presenting the statistics on a display.
摘要翻译: 提供了用于测量计算机安全性的方法,系统和介质。 根据一些实施例,提供了用于测量计算机安全性的方法,所述方法包括:使用被编程为这样做的计算机,使第一用户可访问的诱饵和非威胁访问冲突中的至少一个; 使用计划编程的计算机维护关于安全违规和不违反第一用户的统计数据; 并在显示器上显示统计信息。
-
公开(公告)号:US07996288B1
公开(公告)日:2011-08-09
申请号:US09713506
申请日:2000-11-15
申请人: Salvatore J. Stolfo
发明人: Salvatore J. Stolfo
IPC分类号: G06Q40/00
CPC分类号: G06Q30/06 , G06Q20/04 , G06Q20/12 , G06Q20/385 , G06Q40/00 , G06Q40/025
摘要: In a communications network-based system, a method for securely processing recurrent consumer transactions. Merchant-specific proxy financial account information is provided to a user and maintained in a database, the proxy financial account information valid for transactions at a single merchant only. A request for transaction approval is received from a merchant, the request including a merchant identifier and a user's proxy financial account information. The database is queried to determine if the proxy financial account is valid for the merchant seeking transaction approval. The proxy financial account information may include a credit card account number and/or a proxy billing address linked to a financial account. A merchant identifier string, identifying the authorized merchant, may be encoded in the credit card number and/or proxy billing address. A communications network-based system and software program for implementing the present invention are also disclosed.
摘要翻译: 在基于通信网络的系统中,用于安全地处理经常性的消费者交易的方法。 特定于商户的代理金融账户信息被提供给用户并维护在数据库中,代理金融账户信息仅对单个商家的交易有效。 从商家接收到交易批准请求,该请求包括商家标识符和用户代理金融帐户信息。 查询数据库以确定代理财务帐户是否对寻求交易批准的商户有效。 代理金融账户信息可以包括链接到金融账户的信用卡帐号和/或代理帐单地址。 识别授权商家的商家标识符字符串可以被编码在信用卡号码和/或代理帐单地址中。 还公开了用于实现本发明的基于通信网络的系统和软件程序。
-
33.发明授权公开(公告)号:US07818797B1
公开(公告)日:2010-10-19
申请号:US10269718
申请日:2002-10-11
申请人: Wei Fan , Wenke Lee , Matthew Miller , Salvatore J. Stolfo
发明人: Wei Fan , Wenke Lee , Matthew Miller , Salvatore J. Stolfo
IPC分类号: G06F12/16
CPC分类号: H04L63/1425 , G06F21/55
摘要: A method of detecting an intrusion in the operation of a computer system based on a plurality of events. A rule set is determined for a training set of data comprising a set of features having associated costs. For each of a plurality of events, the set of features is computed and a class is predicted for the features with a rule of the rule set. For each event predicted as an intrusion, a response cost and a damage cost are determined, wherein the damage cost is determined based on such factors as the technique of the intrusion, the criticality of the component of the computer system subject to the intrusion, and a measure of progress of the intrusion. If the damage cost is greater than or equal to the response cost, a response to the event.
摘要翻译: 一种基于多个事件来检测计算机系统的操作中的入侵的方法。 对于包括具有相关联的成本的一组特征的训练数据集来确定规则集。 对于多个事件中的每一个,计算特征集合,并且针对具有规则集合的规则的特征预测类。 对于作为入侵预测的每个事件,确定响应成本和损害成本,其中损害成本基于入侵技术,受入侵的计算机系统的组件的关键性以及 入侵进度的度量。 如果损害成本大于或等于响应成本,则对事件做出回应。
-
公开(公告)号:US20100169970A1
公开(公告)日:2010-07-01
申请号:US12633493
申请日:2009-12-08
CPC分类号: H04L63/1425 , H04L51/12 , H04L63/145
摘要: A system and methods of detecting an occurrence of a violation of an email security policy of a computer system. A model relating to the transmission of prior emails through the computer system is defined which is derived from statistics relating to the prior emails. For selected emails to be analyzed, statistics concerning the selected email are gathered. Such statistics may refer to the behavior or other features of the selected emails, attachments to emails, or email accounts. The determination of whether a violation of an email security policy has occurred is performed by applying the model of prior email transmission to the statistics relating to the selected email. The model may be statistical or probabilistic. A model of prior email transmission may include grouping email recipients into cliques. A determination of a violation of a security policy may occur if email recipients for a particular email are in more than one clique.
摘要翻译: 检测违反计算机系统的电子邮件安全策略的发生的系统和方法。 与通过计算机系统传输以前的电子邮件相关的模型被定义为从与先前的电子邮件相关的统计数据得出的。 对于要分析的所选电子邮件,将收集有关所选电子邮件的统计信息。 这样的统计数据可以指所选电子邮件的行为或其他功能,附件到电子邮件或电子邮件帐户。 通过将先前的电子邮件传输模型应用于与所选择的电子邮件相关的统计数据来确定是否发生了电子邮件安全策略的违规。 该模型可能是统计或概率。 先前电子邮件传输的模型可以包括将电子邮件收件人分组成团体。 如果特定电子邮件的电子邮件收件人在多个集团中,则可能会发生违反安全政策的决定。
-
公开(公告)号:US20100146615A1
公开(公告)日:2010-06-10
申请号:US12297730
申请日:2006-04-21
CPC分类号: H04L63/1416 , G06F21/41 , H04L63/0815 , H04L63/1408 , H04L63/1441
摘要: In accordance with some embodiments of the present invention, systems and methods that protect an application from attacks are provided. In some embodiments of the present invention, input from an input source, such as traffic from a communication network, can be routed through a filtering proxy that includes one or more filters, classifiers, and/or detectors. In response to the input passing through the filtering proxy to the application, a supervision framework monitors the input for attacks (e.g., code injection attacks). The supervision framework can provide feedback to tune the components of the filtering proxy.
摘要翻译: 根据本发明的一些实施例,提供了保护应用免受攻击的系统和方法。 在本发明的一些实施例中,可以通过包括一个或多个过滤器,分类器和/或检测器的过滤代理来路由来自诸如来自通信网络的业务的输入源的输入。 响应于通过过滤代理的输入到应用程序,监督框架监视输入的攻击(例如代码注入攻击)。 监督框架可以提供反馈来调整过滤代理的组件。
-
36.发明申请APPARATUS METHOD AND MEDIUM FOR DETECTING PAYLOAD ANOMALY USING N-GRAM DISTRIBUTION OF NORMAL DATA 有权使用正常数据的N-GRAM分布检测负载异常的装置方法和介质公开(公告)号:US20100054278A1
公开(公告)日:2010-03-04
申请号:US12615917
申请日:2009-11-10
申请人: Salvatore J. Stolfo , Ke Wang
发明人: Salvatore J. Stolfo , Ke Wang
IPC分类号: H04J3/24
CPC分类号: H04L63/1425 , G06F21/55 , G06F21/552 , G06F21/554 , G06F21/56 , G06F21/562 , G06F21/563 , G06F21/564 , H04L43/00 , H04L43/0876 , H04L63/0218 , H04L63/0245 , H04L63/0263 , H04L63/029 , H04L63/145
摘要: A method, apparatus and medium are provided for detecting anomalous payloads transmitted through a network. The system receives payloads within the network and determines a length for data contained in each payload. A statistical distribution is generated for data contained in each payload received within the network, and compared to a selected model distribution representative of normal payloads transmitted through the network. The model payload can be selected such that it has a predetermined length range that encompasses the length for data contained in the received payload. Anomalous payloads are then identified based on differences detected between the statistical distribution of received payloads and the model distribution. The system can also provide for automatic training and incremental updating of models.
摘要翻译: 提供了一种用于检测通过网络发送的异常有效载荷的方法,装置和介质。 系统在网络内接收有效载荷并确定每个载荷中包含的数据的长度。 为包含在网络中接收的每个有效载荷中的数据生成统计分布,并与代表通过网络传输的正常有效载荷的所选模型分布进行比较。 可以选择模型有效载荷,使得其具有预定的长度范围,其包含包含在接收到的有效载荷中的数据的长度。 然后根据接收到的有效载荷的统计分布和模型分布之间检测到的差异来识别异常有效载荷。 该系统还可以提供模型的自动训练和增量更新。
-
公开(公告)号:US20100023810A1
公开(公告)日:2010-01-28
申请号:US12091150
申请日:2006-10-25
CPC分类号: G06F11/0772 , G06F11/0718 , G06F11/0751 , G06F11/079 , G06F11/3652
摘要: Methods, media, and systems for detecting anomalous program executions are provided. In some embodiments, methods for detecting anomalous program executions are provided, comprising: executing at least a part of a program in an emulator; comparing a function call made in the emulator to a model of function calls for the at least a part of the program; and identifying the function call as anomalous based on the comparison. In some embodiments, methods for detecting anomalous program executions are provided, comprising: modifying a program to include indicators of program-level function calls being made during execution of the program; comparing at least one of the indicators of program-level function calls made in the emulator to a model of function calls for the at least a part of the program; and identifying a function call corresponding to the at least one of the indicators as anomalous based on the comparison.
摘要翻译: 提供了用于检测异常程序执行的方法,介质和系统。 在一些实施例中,提供了用于检测异常程序执行的方法,包括:在仿真器中执行程序的至少一部分; 将在仿真器中产生的函数调用与所述程序的至少一部分的函数调用模型进行比较; 并根据比较将功能调用识别为异常。 在一些实施例中,提供了用于检测异常程序执行的方法,包括:修改程序以包括程序执行期间进行的程序级函数调用的指示; 将在仿真器中进行的程序级功能调用的至少一个指标与所述程序的至少一部分的函数调用模型进行比较; 以及基于所述比较,将与所述至少一个所述指示符相对应的功能调用识别为异常。
-
公开(公告)号:US5563783A
公开(公告)日:1996-10-08
申请号:US416493
申请日:1995-04-04
IPC分类号: G06Q10/06 , G06F153/00
CPC分类号: G06Q10/06315 , G06Q10/06375 , G06Q40/04
摘要: Trading in pooled securities (e.g., pooled mortgages) requires allocation of securities from pools to contracts subject to certain rules or constraints. To improve upon manual allocation procedures, computer techniques for fast and profitable allocation have been developed. Advantageously, a locally optimal allocation can be found by a rule-based greedy algorithm, and the locally optimal allocation can be improved upon further by a simulated annealing technique which is more likely to produce a globally optimal allocation.
摘要翻译: 合并证券的交易(如合并抵押)要求将资产从池中分配到合同的某些规则或约束条件下。 为了改进手工分配程序,已经开发了用于快速和有利可图的分配的计算机技术。 有利地,可以通过基于规则的贪心算法找到局部最佳分配,并且可以通过更有可能产生全局最优分配的模拟退火技术进一步改善局部最佳分配。
-
公开(公告)号:US5363473A
公开(公告)日:1994-11-08
申请号:US706401
申请日:1991-05-28
申请人: Salvatore J. Stolfo , Ouri Wolfson , Hasanat Dewan
发明人: Salvatore J. Stolfo , Ouri Wolfson , Hasanat Dewan
摘要: A technique is provided in the present invention for updating a current database without restarting a knowledge-based system (rule-based system, inference system, expert system). The technique allows for the receipt of updates to an earlier database after an inference procedure has started or even after it has ended. The technique calls for the performance of actions necessary to incrementally bring the database to a consistent state by selectively undoing the inferential consequences of not having had the updated fact in the prior inference procedures and redoing the inferential consequences of having the newly received updated fact.
摘要翻译: 本发明提供了一种用于更新当前数据库而不重新启动基于知识的系统(基于规则的系统,推理系统,专家系统)的技术。 该技术允许在推理过程已经开始或甚至在其结束之后接收到较早数据库的更新。 该技术要求采取必要的行动来逐步将数据库带入一致的状态,方法是有选择地消除在先前的推理程序中没有更新事实的推理后果,并重新获得新收到的更新事实的推论后果。
-
公开(公告)号:US4860201A
公开(公告)日:1989-08-22
申请号:US902547
申请日:1986-09-02
IPC分类号: G06F15/16 , G06F9/44 , G06F11/00 , G06F11/10 , G06F11/14 , G06F11/16 , G06F11/22 , G06F15/173 , G06F15/80 , G06F17/30 , G06N5/00
CPC分类号: G06F17/30988 , G06F11/0724 , G06F15/17337 , G06F15/8023 , G06F9/4436 , G06N5/00 , G06F11/0757 , G06F11/10 , G06F11/14 , G06F11/22
摘要: A plurality of parallel processing elements are connected in a binary tree configuration, with each processing element except those in the highest and lowest levels being in communication with a single parent processing element as well as first and second (or left and right) child processing elements. Each processing element comprises a processor, a read/write or random access memory, and an input/output (I/O) device. The I/O device provides interfacing between each processing element and its parent and children processing elements so as to provide significant improvements in propagation speeds through the binary tree. The I/O device allows the presently preferred embodiment of the invention to be clocked at 12 megahertz, producing in the case of a tree of 1023 processors, each having an average instruction cycle time of 1.8 .mu.s, a system with a raw computational throughput of approximately 570 million instructions per second. The I/O device communicates data and queries from the root processing element to all other N processing elements in the array in one processor instruction cycle instead of in O(log.sub.2 N) processor instruction cycles as in prior art binary tree arrays. Primitive queries are executed in parallel by each processing element and the results made available for reporting back to the root processing element. In several important cases, these results can be combined and reported back to the root processing element in a single processor instruction cycle instead of in O(log.sub.2 N) processor instruction cycles as in prior art binary tree arrays. Thus, the elapsed time for a broadcast and report operation is in effect a constant time regardless of the number of processors in the array.
摘要翻译: 多个并行处理元件以二叉树配置连接,除了最高和最低级中的每个处理元件与单个父处理元件以及第一和第二(或左和右)子处理元件 。 每个处理元件包括处理器,读/写或随机存取存储器以及输入/输出(I / O)设备。 I / O设备提供每个处理元件与其父和子处理元件之间的接口,以便通过二叉树提供传播速度的显着改进。 I / O设备允许将本发明的当前优选实施例定时为12兆赫,在1023个处理器的树的情况下产生,每个处理器的平均指令周期时间为1.8μs,具有原始计算吞吐量的系统 每秒约5.7亿条指令。 I / O设备在一个处理器指令周期内将数据和来自根处理元件的数据和查询传送到阵列中的所有其他N个处理元件,而不是象现有技术的二叉树阵列那样处于O(log2N)处理器指令周期中。 原始查询由每个处理元素并行执行,结果可用于向根处理元素报告。 在几个重要的情况下,这些结果可以在单个处理器指令周期中组合并返回给根处理元素,而不是像现有技术的二叉树数组那样在O(log2N)处理器指令周期内。 因此,与阵列中的处理器数量无关,广播和报告操作的经过时间实际上是恒定的时间。
-
-
-
-
-
-
-
-
-
搜索结果
99 条记录 (耗时 0.043 秒)
