公开(公告)号：US08468445B2

公开(公告)日：2013-06-18

申请号：US11395579

申请日：2006-03-30

申请人： Suhit Gupta ,  Gail Kaiser ,  Salvatore J. Stolfo

发明人： Suhit Gupta ,  Gail Kaiser ,  Salvatore J. Stolfo

IPC分类号： G06F17/00 ,  G06F9/45

CPC分类号： G06F17/2247 ,  G06F17/30864 ,  G06F17/30908 ,  G06F17/30914

摘要： A content extraction process may parse markup language text into a hierarchical data model and then apply one or more filters. Output filters may be used to make the process more versatile. The operation of the content extraction process and the one or more filters may be controlled by one or more settings set by a user, or automatically by a classifier. The classifier may automatically enter settings by classifying markup language text and entering settings based on this classification. Automatic classification may be performed by clustering unclassified markup language texts with previously classified markup language texts.

摘要翻译： 内容提取过程可以将标记语言文本解析成分层数据模型，然后应用一个或多个过滤器。 输出滤波器可用于使该过程更加通用。 内容提取处理和一个或多个过滤器的操作可以由用户设置的一个或多个设置或由分类器自动地控制。 分类器可以通过分类标记语言文本并根据此分类输入设置来自动输入设置。 可以通过将未分类的标记语言文本与先前分类的标记语言文本进行聚类来执行自动分类。

公开(公告)号：US08443441B2

公开(公告)日：2013-05-14

申请号：US12633493

申请日：2009-12-08

申请人： Salvatore J. Stolfo ,  Eleazar Eskin ,  Shlomo Herskop ,  Manasi Bhattacharyya

发明人： Salvatore J. Stolfo ,  Eleazar Eskin ,  Shlomo Herskop ,  Manasi Bhattacharyya

IPC分类号： G06F21/00

CPC分类号： H04L63/1425 ,  H04L51/12 ,  H04L63/145

摘要： A system and methods of detecting an occurrence of a violation of an email security policy of a computer system. A model relating to the transmission of prior emails through the computer system is defined which is derived from statistics relating to the prior emails. For selected emails to be analyzed, statistics concerning the selected email are gathered. Such statistics may refer to the behavior or other features of the selected emails, attachments to emails, or email accounts. The determination of whether a violation of an email security policy has occurred is performed by applying the model of prior email transmission to the statistics relating to the selected email. The model may be statistical or probabilistic. A model of prior email transmission may include grouping email recipients into cliques. A determination of a violation of a security policy may occur if email recipients for a particular email are in more than one clique.

公开(公告)号：US08239687B2

公开(公告)日：2012-08-07

申请号：US10986467

申请日：2004-11-12

申请人： Salvatore J. Stolfo

发明人： Salvatore J. Stolfo

IPC分类号： H04L29/06

CPC分类号： H04L63/1425 ,  G06F21/55 ,  G06F21/552 ,  G06F21/554 ,  G06F21/56 ,  G06F21/562 ,  G06F21/563 ,  G06F21/564 ,  H04L43/00 ,  H04L43/0876 ,  H04L63/0218 ,  H04L63/0245 ,  H04L63/0263 ,  H04L63/029 ,  H04L63/145

摘要： A method, apparatus, and medium are provided for tracing the origin of network transmissions. Connection records are maintained at computer system for storing source and destination addresses. The connection records also maintain a statistical distribution of data corresponding to the data payload being transmitted. The statistical distribution can be compared to that of the connection records in order to identify the sender. The location of the sender can subsequently be determined from the source address stored in the connection record. The process can be repeated multiple times until the location of the original sender has been traced.

摘要翻译： 提供了一种用于跟踪网络传输来源的方法，装置和介质。 在计算机系统中维护连接记录，用于存储源和目的地址。 连接记录还保持对应于正在发送的数据有效载荷的数据的统计分布。 可以将统计分布与连接记录的统计分布进行比较，以便识别发送者。 随后可以从存储在连接记录中的源地址确定发送者的位置。 该过程可以重复多次，直到原始发送者的位置被跟踪为止。

公开(公告)号：US20120084866A1

公开(公告)日：2012-04-05

申请号：US13166723

申请日：2011-06-22

申请人： Salvatore J. Stolfo

发明人： Salvatore J. Stolfo

IPC分类号： G06F21/00

CPC分类号： G06F21/554 ,  G06F21/566 ,  H04L63/1416 ,  H04L63/1491

摘要： Methods, systems, and media for measuring computer security are provided. In accordance with some embodiments, methods for measuring computer security are provided, the methods comprising: making at least one of decoys and non-threatening access violations accessible to a first user using a computer programmed to do so; maintaining statistics on security violations and non-violations of the first user using a computer programmed to do so; and presenting the statistics on a display.

摘要翻译： 提供了用于测量计算机安全性的方法，系统和介质。 根据一些实施例，提供了用于测量计算机安全性的方法，所述方法包括：使用被编程为这样做的计算机，使第一用户可访问的诱饵和非威胁访问冲突中的至少一个; 使用计划编程的计算机维护关于安全违规和不违反第一用户的统计数据; 并在显示器上显示统计信息。

公开(公告)号：US07996288B1

公开(公告)日：2011-08-09

申请号：US09713506

申请日：2000-11-15

申请人： Salvatore J. Stolfo

发明人： Salvatore J. Stolfo

IPC分类号： G06Q40/00

CPC分类号： G06Q30/06 ,  G06Q20/04 ,  G06Q20/12 ,  G06Q20/385 ,  G06Q40/00 ,  G06Q40/025

摘要： In a communications network-based system, a method for securely processing recurrent consumer transactions. Merchant-specific proxy financial account information is provided to a user and maintained in a database, the proxy financial account information valid for transactions at a single merchant only. A request for transaction approval is received from a merchant, the request including a merchant identifier and a user's proxy financial account information. The database is queried to determine if the proxy financial account is valid for the merchant seeking transaction approval. The proxy financial account information may include a credit card account number and/or a proxy billing address linked to a financial account. A merchant identifier string, identifying the authorized merchant, may be encoded in the credit card number and/or proxy billing address. A communications network-based system and software program for implementing the present invention are also disclosed.

摘要翻译： 在基于通信网络的系统中，用于安全地处理经常性的消费者交易的方法。 特定于商户的代理金融账户信息被提供给用户并维护在数据库中，代理金融账户信息仅对单个商家的交易有效。 从商家接收到交易批准请求，该请求包括商家标识符和用户代理金融帐户信息。 查询数据库以确定代理财务帐户是否对寻求交易批准的商户有效。 代理金融账户信息可以包括链接到金融账户的信用卡帐号和/或代理帐单地址。 识别授权商家的商家标识符字符串可以被编码在信用卡号码和/或代理帐单地址中。 还公开了用于实现本发明的基于通信网络的系统和软件程序。

公开(公告)号：US07818797B1

公开(公告)日：2010-10-19

申请号：US10269718

申请日：2002-10-11

申请人： Wei Fan ,  Wenke Lee ,  Matthew Miller ,  Salvatore J. Stolfo

发明人： Wei Fan ,  Wenke Lee ,  Matthew Miller ,  Salvatore J. Stolfo

IPC分类号： G06F12/16

CPC分类号： H04L63/1425 ,  G06F21/55

摘要： A method of detecting an intrusion in the operation of a computer system based on a plurality of events. A rule set is determined for a training set of data comprising a set of features having associated costs. For each of a plurality of events, the set of features is computed and a class is predicted for the features with a rule of the rule set. For each event predicted as an intrusion, a response cost and a damage cost are determined, wherein the damage cost is determined based on such factors as the technique of the intrusion, the criticality of the component of the computer system subject to the intrusion, and a measure of progress of the intrusion. If the damage cost is greater than or equal to the response cost, a response to the event.

摘要翻译： 一种基于多个事件来检测计算机系统的操作中的入侵的方法。 对于包括具有相关联的成本的一组特征的训练数据集来确定规则集。 对于多个事件中的每一个，计算特征集合，并且针对具有规则集合的规则的特征预测类。 对于作为入侵预测的每个事件，确定响应成本和损害成本，其中损害成本基于入侵技术，受入侵的计算机系统的组件的关键性以及 入侵进度的度量。 如果损害成本大于或等于响应成本，则对事件做出回应。

公开(公告)号：US20100169970A1

公开(公告)日：2010-07-01

申请号：US12633493

申请日：2009-12-08

申请人： Salvatore J. Stolfo ,  Eleazar Eskin ,  Shlomo Herskop ,  Manasi Bhattacharyya

发明人： Salvatore J. Stolfo ,  Eleazar Eskin ,  Shlomo Herskop ,  Manasi Bhattacharyya

IPC分类号： G06F21/00 ,  G06F15/16

CPC分类号： H04L63/1425 ,  H04L51/12 ,  H04L63/145

摘要： A system and methods of detecting an occurrence of a violation of an email security policy of a computer system. A model relating to the transmission of prior emails through the computer system is defined which is derived from statistics relating to the prior emails. For selected emails to be analyzed, statistics concerning the selected email are gathered. Such statistics may refer to the behavior or other features of the selected emails, attachments to emails, or email accounts. The determination of whether a violation of an email security policy has occurred is performed by applying the model of prior email transmission to the statistics relating to the selected email. The model may be statistical or probabilistic. A model of prior email transmission may include grouping email recipients into cliques. A determination of a violation of a security policy may occur if email recipients for a particular email are in more than one clique.

摘要翻译： 检测违反计算机系统的电子邮件安全策略的发生的系统和方法。 与通过计算机系统传输以前的电子邮件相关的模型被定义为从与先前的电子邮件相关的统计数据得出的。 对于要分析的所选电子邮件，将收集有关所选电子邮件的统计信息。 这样的统计数据可以指所选电子邮件的行为或其他功能，附件到电子邮件或电子邮件帐户。 通过将先前的电子邮件传输模型应用于与所选择的电子邮件相关的统计数据来确定是否发生了电子邮件安全策略的违规。 该模型可能是统计或概率。 先前电子邮件传输的模型可以包括将电子邮件收件人分组成团体。 如果特定电子邮件的电子邮件收件人在多个集团中，则可能会发生违反安全政策的决定。

公开(公告)号：US20100054278A1

公开(公告)日：2010-03-04

申请号：US12615917

申请日：2009-11-10

申请人： Salvatore J. Stolfo ,  Ke Wang

发明人： Salvatore J. Stolfo ,  Ke Wang

IPC分类号： H04J3/24

CPC分类号： H04L63/1425 ,  G06F21/55 ,  G06F21/552 ,  G06F21/554 ,  G06F21/56 ,  G06F21/562 ,  G06F21/563 ,  G06F21/564 ,  H04L43/00 ,  H04L43/0876 ,  H04L63/0218 ,  H04L63/0245 ,  H04L63/0263 ,  H04L63/029 ,  H04L63/145

摘要： A method, apparatus and medium are provided for detecting anomalous payloads transmitted through a network. The system receives payloads within the network and determines a length for data contained in each payload. A statistical distribution is generated for data contained in each payload received within the network, and compared to a selected model distribution representative of normal payloads transmitted through the network. The model payload can be selected such that it has a predetermined length range that encompasses the length for data contained in the received payload. Anomalous payloads are then identified based on differences detected between the statistical distribution of received payloads and the model distribution. The system can also provide for automatic training and incremental updating of models.

摘要翻译： 提供了一种用于检测通过网络发送的异常有效载荷的方法，装置和介质。 系统在网络内接收有效载荷并确定每个载荷中包含的数据的长度。 为包含在网络中接收的每个有效载荷中的数据生成统计分布，并与代表通过网络传输的正常有效载荷的所选模型分布进行比较。 可以选择模型有效载荷，使得其具有预定的长度范围，其包含包含在接收到的有效载荷中的数据的长度。 然后根据接收到的有效载荷的统计分布和模型分布之间检测到的差异来识别异常有效载荷。 该系统还可以提供模型的自动训练和增量更新。

公开(公告)号：US5563783A

公开(公告)日：1996-10-08

申请号：US416493

申请日：1995-04-04

申请人： Salvatore J. Stolfo ,  Yechiam Yemini ,  Eugene Pinsky

发明人： Salvatore J. Stolfo ,  Yechiam Yemini ,  Eugene Pinsky

IPC分类号： G06Q10/06 ,  G06F153/00

CPC分类号： G06Q10/06315 ,  G06Q10/06375 ,  G06Q40/04

摘要： Trading in pooled securities (e.g., pooled mortgages) requires allocation of securities from pools to contracts subject to certain rules or constraints. To improve upon manual allocation procedures, computer techniques for fast and profitable allocation have been developed. Advantageously, a locally optimal allocation can be found by a rule-based greedy algorithm, and the locally optimal allocation can be improved upon further by a simulated annealing technique which is more likely to produce a globally optimal allocation.

摘要翻译： 合并证券的交易（如合并抵押）要求将资产从池中分配到合同的某些规则或约束条件下。 为了改进手工分配程序，已经开发了用于快速和有利可图的分配的计算机技术。 有利地，可以通过基于规则的贪心算法找到局部最佳分配，并且可以通过更有可能产生全局最优分配的模拟退火技术进一步改善局部最佳分配。

公开(公告)号：US5363473A

公开(公告)日：1994-11-08

申请号：US706401

申请日：1991-05-28

申请人： Salvatore J. Stolfo ,  Ouri Wolfson ,  Hasanat Dewan

发明人： Salvatore J. Stolfo ,  Ouri Wolfson ,  Hasanat Dewan

IPC分类号： G06N5/02 ,  G06N5/04 ,  G06F15/18

CPC分类号： G06N5/046 ,  G06N5/022

摘要： A technique is provided in the present invention for updating a current database without restarting a knowledge-based system (rule-based system, inference system, expert system). The technique allows for the receipt of updates to an earlier database after an inference procedure has started or even after it has ended. The technique calls for the performance of actions necessary to incrementally bring the database to a consistent state by selectively undoing the inferential consequences of not having had the updated fact in the prior inference procedures and redoing the inferential consequences of having the newly received updated fact.

摘要翻译： 本发明提供了一种用于更新当前数据库而不重新启动基于知识的系统（基于规则的系统，推理系统，专家系统）的技术。 该技术允许在推理过程已经开始或甚至在其结束之后接收到较早数据库的更新。 该技术要求采取必要的行动来逐步将数据库带入一致的状态，方法是有选择地消除在先前的推理程序中没有更新事实的推理后果，并重新获得新收到的更新事实的推论后果。