-
公开(公告)号:US08195953B1
公开(公告)日:2012-06-05
申请号:US11260030
申请日:2005-10-25
Applicant: DaJiong Yue , Xiaodong Yuan
Inventor: DaJiong Yue , Xiaodong Yuan
IPC: G06F21/00
CPC classification number: G06F21/566
Abstract: A method of creating a protected software program operates upon an executable program that has a number of sections. The sections include an entry section and any number of user sections. An ability set for the executable program is defined that describes allowed behaviors of said executable program and behaviors that are not allowed. The ability set is inserted into the executable program as an ability section. A vaccine code section is inserted into the executable program; the vaccine code section is arranged to monitor behaviors of said executable program for comparison with the allowed and not allowed behaviors of the ability section. A hash value is calculated for the executable program; the hash value is stored in the program itself or in another secure location.
Abstract translation: 创建受保护的软件程序的方法对具有多个部分的可执行程序进行操作。 这些部分包括一个条目部分和任何数量的用户部分。 定义了可执行程序的能力集,其描述了所述可执行程序的允许行为和不允许的行为。 能力集作为能力部分插入到可执行程序中。 将疫苗代码部分插入到可执行程序中; 疫苗代码部分被设置为监视所述可执行程序的行为以与能力部分的允许和不允许的行为进行比较。 为可执行程序计算哈希值; 散列值存储在程序本身或其他安全位置。
-
公开(公告)号:US08161552B1
公开(公告)日:2012-04-17
申请号:US12565585
申请日:2009-09-23
Applicant: Chih Yao Sun , Yi Lu , Dibin Tang , Ruifeng Yang , Peng Shu , Rong Yang
Inventor: Chih Yao Sun , Yi Lu , Dibin Tang , Ruifeng Yang , Peng Shu , Rong Yang
IPC: G06F11/00
CPC classification number: G06F21/566 , G06F2221/033 , H04L63/145
Abstract: A white list (or exception list) for a behavior monitoring system for detecting unknown malware on a computing device is maintained automatically without human intervention. A white list contains process IDs and other data relating to processes that are determined to be (or very likely be) free of malware. If a process is on this list, the rule matching operations of a conventional behavior monitor are not performed, thereby saving processing resources on the computing device. When a process start up is detected, the behavior monitor performs a series of checks or tests. If the process has all valid digital signatures and is not launched from a removable storage device (such as a USB key) and is not enabled to make any inbound or outbound connections, it is eligible for being on the white list. The white list is also automatically maintained by removing process IDs for processes that have terminated or which attempt to make a new outbound or inbound connection, such as a TCP/UDP connection. Scheduled integrity checks on the white list are also performed by examining the process stack for each process to ensure that there are no abnormal files in the process stack.
Abstract translation: 用于检测计算设备上的未知恶意软件的行为监视系统的白名单(或例外列表)在没有人为干预的情况下自动维护。 白名单包含与被确定为(或很可能)没有恶意软件的进程有关的进程ID和其他数据。 如果一个进程在该列表中,则不执行常规行为监视器的规则匹配操作,从而在计算设备上保存处理资源。 当检测到进程启动时,行为监视器执行一系列检查或测试。 如果该进程具有所有有效的数字签名,并且未从可移动存储设备(例如USB密钥)启动,并且未启用进行任何入站或出站连接,则它有资格进入白名单。 白名单也通过删除已终止或尝试进行新的出站或入站连接(如TCP / UDP连接)的进程的进程ID自动维护。 白名单上的计划完整性检查也通过检查每个进程的进程堆栈来确保进程堆栈中没有异常文件。
-
公开(公告)号:US07886043B1
公开(公告)日:2011-02-08
申请号:US11693386
申请日:2007-03-29
Applicant: Kong Yew Chan , Shuosen Robert Liu , Jianda Li , Bharath Kumar Chandra Sekhar , Pei-wei Wu
Inventor: Kong Yew Chan , Shuosen Robert Liu , Jianda Li , Bharath Kumar Chandra Sekhar , Pei-wei Wu
IPC: G06F15/173 , G06F12/00 , G06F7/00 , H04W4/00
CPC classification number: H04L29/12066 , H04L61/1511 , H04L63/0263
Abstract: Methods and apparatus for rating Uniform Resource Locators (URLs) are disclosed. The method includes determining a request size pertaining to a length of the URL to be rated and for generating a rating request message containing the URL. The rating request message is a DNS (domain name system) message if the request size is less than or equal to a predefined size limitation, and the rating request message is a HTTP (hypertext transfer protocol) message if the request size is greater than the predefined size limitation.
Abstract translation: 公开了评估统一资源定位符(URL)的方法和装置。 该方法包括确定与要评级的URL的长度有关的请求大小,以及生成包含URL的评级请求消息。 如果请求大小小于或等于预定义的大小限制,则评级请求消息是DNS(域名系统)消息,如果请求大小大于所述等级请求消息,则评级请求消息是HTTP(超文本传输协议)消息 预定义大小限制。
-
公开(公告)号:US07865953B1
公开(公告)日:2011-01-04
申请号:US11756572
申请日:2007-05-31
Applicant: Sheng-chi Hsieh , Tse-Min Chen , Yi-Yun Tseng
Inventor: Sheng-chi Hsieh , Tse-Min Chen , Yi-Yun Tseng
CPC classification number: H04L63/1416 , G06F17/30887 , G06F21/566 , G06F2221/2101 , H04L63/101 , H04L63/1483 , H04L67/02
Abstract: An arrangement for performing active malicious web page discovery is provided. The arrangement includes a web monitor module, which is configured to monitor a plurality of potential suspicious unified resource locators (URLs). The arrangement also includes a crawler module, which is configured to download the plurality of potential suspicious URLs. The arrangement further includes a malicious page identifier (MPI), which is configured to verify a set of risk statuses for the plurality of potential suspicious URLs.
Abstract translation: 提供了用于执行主动恶意网页发现的安排。 该安排包括web监视器模块,其被配置为监视多个潜在的可疑统一资源定位符(URL)。 该装置还包括爬行器模块,其被配置为下载多个潜在的可疑URL。 该安排还包括恶意页面标识符(MPI),其被配置为验证多个潜在可疑URL的一组风险状态。
-
公开(公告)号:US07823201B1
公开(公告)日:2010-10-26
申请号:US11394791
申请日:2006-03-31
Applicant: Yelie Xu
Inventor: Yelie Xu
CPC classification number: G06F21/554 , G06F21/83
Abstract: Installing a detection hook function aids in the detection of keylogger software on a computer. A request to install a hook procedure via the system service function is intercepted by the detection hook function. The detection hook function determines whether the request indicates that the hook procedure is keylogger software. If so, an action is taken such as denying the request or alerting the user. A detection hook function also intercepts a request to remove a hook procedure. A dynamic detection function intercepts a call to a hook chain function attempting to pass an event to a hook procedure.
Abstract translation: 安装检测钩功能有助于在计算机上检测键盘记录软件。 通过系统服务功能安装挂接过程的请求被检测钩子功能拦截。 检测钩功能确定请求是否指示挂钩过程是键盘记录软件。 如果是这样,则采取行动,例如拒绝该请求或提醒用户。 检测钩子功能也拦截了一个删除挂钩过程的请求。 一个动态检测功能拦截了一个挂钩链函数的调用,试图将一个事件传递给一个挂钩过程。
-
Patent Agency Ranking
公开(公告)号:US07814540B1
公开(公告)日:2010-10-12
申请号:US11318361
申请日:2005-12-23
Applicant: En-Yi Liao , Cheng-Lin Hou , Jerry Chinghsien Liao
Inventor: En-Yi Liao , Cheng-Lin Hou , Jerry Chinghsien Liao
CPC classification number: H04L51/066
Abstract: Methods and arrangements for implementing new email handling policies in gateway logic that is inserted upstream of the existing email system (which may or may not have an existing email gateway). By inserting the gateway logic upstream of the existing email system, it is unnecessary to reconfigure existing email handling logic since the remainder of the email system downstream of the newly inserted gateway logic is substantially undisturbed. Techniques and arrangements are proposed to ensure the remainder of the email system continues to function correctly after the insertion of the new gateway logic.
Abstract translation: 在现有电子邮件系统(可能已经或可能没有现有的电子邮件网关)上游的网关逻辑中实施新的电子邮件处理策略的方法和安排。 通过在现有的电子邮件系统的上游插入网关逻辑,不需要重新配置现有的电子邮件处理逻辑,因为新插入的网关逻辑的下游的电子邮件系统的其余部分基本上是不受干扰的。 提出了技术和安排,以确保电子邮件系统的其余部分在插入新网关逻辑后继续正常运行。
-
公开(公告)号:US07634262B1
公开(公告)日:2009-12-15
申请号:US11369704
申请日:2006-03-07
Applicant: Zhonglei Li
Inventor: Zhonglei Li
CPC classification number: H04M1/72525 , H04L51/12 , H04L51/38
Abstract: An updated virus pattern file is developed at an update server. A mobile management center (MMC) has a list of mobile telephone numbers and receives the new virus pattern from the update server. A Multimedia Message Service Center receives the new virus pattern and the list of mobile telephone numbers from the MMC and sends an MMS message to each of the wireless devices, including the new virus pattern as an attachment. Each wireless device replaces the old virus pattern with the new virus pattern. A unique identifier (a cryptographic signature or magic number) is added to each MMS message to enable the wireless device to recognize a new virus pattern. The pattern version and the pattern itself are merged into a single file. The file is also encrypted at the MMC and decrypted at the wireless device.
Abstract translation: 在更新服务器上开发更新的病毒码文件。 移动管理中心(MMC)具有移动电话号码列表,并从更新服务器接收新的病毒码。 多媒体消息服务中心从MMC接收新的病毒模式和移动电话号码列表,并将MMS消息发送到每个无线设备,包括新的病毒模式作为附件。 每个无线设备用新的病毒码替换旧病毒码。 将每个MMS消息中添加唯一标识符(加密签名或魔术数字),以使无线设备能够识别新的病毒码。 模式版本和模式本身合并为单个文件。 该文件也在MMC处加密,并在无线设备处解密。
-
68.发明授权公开(公告)号:US07565550B2
公开(公告)日:2009-07-21
申请号:US10683582
申请日:2003-10-09
Applicant: Yung Chang Liang , Yi Fen Chen
Inventor: Yung Chang Liang , Yi Fen Chen
CPC classification number: H04L63/145 , G06F21/56 , G06F21/566 , H04L29/06 , H04L63/0218 , H04L63/0227 , H04L63/108 , H04L63/1408 , H04L63/20 , H04L67/34 , H04L69/329
Abstract: A network level virus monitoring system capable of monitoring a flow of network traffic in any of a number of inspection modes depending upon the particular needs of a system administrator. The system includes a network virus sensor self registration module coupled to a network virus/worm sensor arranged to automatically self register the associated network virus/worm sensor. The monitoring provides an early warning of a virus attack thereby facilitating quarantine procedures directed at containing a virus outbreak. By providing such an early warning, the network virus monitor reduces the number of computers ultimately affected by the virus attack resulting in a concomitant reduction in both the cost of repair to the system and the amount of downtime. In this way, the inventive network virus monitor provides a great improvement in system uptime and reduction in system losses.
Abstract translation: 一种网络级病毒监视系统,其能够根据系统管理员的特定需要监视任何多种检查模式中的网络流量流。 该系统包括网络病毒传感器自注册模块,其耦合到网络病毒/蠕虫传感器,其被布置为自动自动注册相关联的网络病毒/蠕虫传感器。 该监测提供病毒攻击的早期警告,从而促进针对包含病毒爆发的检疫程序。 通过提供这样的早期警告,网络病毒监视器减少最终受病毒攻击影响的计算机的数量,从而同时降低系统的维修成本和停机时间。 以这种方式,本发明的网络病毒监视器提供了系统正常运行时间的极大改进和系统损失的减少。
-
公开(公告)号:US07523501B2
公开(公告)日:2009-04-21
申请号:US10890395
申请日:2004-07-12
Applicant: Jeremy G. Liang
Inventor: Jeremy G. Liang
CPC classification number: H04L63/1416 , H04L63/145
Abstract: A system identifies computer worms associated with published, or otherwise, known security holes. The system uses a worm pattern developed to identify those data packets most likely to be a computer worm designed to take advantage of a particular security hole. The worm pattern includes a portion used to functionally characterize the computer worm and another portion used to provide a defense mechanism used to thwart the worm attack. In some cases, the defense action is truncating the suspected data word, while in other cases, the suspect data word is stored in a buffer for later investigation. In a particular implementation, the worm patterns are retrieved from a worm pattern update server.
Abstract translation: 系统识别与发布的或其他已知的安全漏洞相关联的计算机蠕虫。 该系统使用开发的蠕虫模式来识别最可能是计算机蠕虫的那些数据包,以利用特定的安全漏洞。 蠕虫模式包括用于功能表征计算机蠕虫的部分,以及用于提供用于阻止蠕虫攻击的防御机制的另一部分。 在某些情况下,防御动作是截断疑似的数据字,而在其他情况下,可疑数据字存储在缓冲区中供以后调查。 在特定实现中,从蠕虫模式更新服务器检索蠕虫模式。
-
公开(公告)号:US07496960B1
公开(公告)日:2009-02-24
申请号:US09702289
申请日:2000-10-30
Applicant: Eva Chen , Jimmy Sun , Terrence Chou , Steven Deutsch , Mark Havran
Inventor: Eva Chen , Jimmy Sun , Terrence Chou , Steven Deutsch , Mark Havran
CPC classification number: G06F21/56 , G06F21/564 , G06F2221/2101 , G06F2221/2115
Abstract: An apparatus and method for providing real-time tracking of virus information as reported from various computers on a distributed computer network. Each client computer on the distributed network contacts an anti-virus scanning site. The site provides a small program or applet that resides in temporary memory of the client computer. The client-user invokes the scan with supplied pattern updates for detecting recent viruses. When the scan has been completed, the user is prompted to supply a country of origin. The name of the virus, its frequency of occurrence, and the country are forwarded as a virus scan log to a virus tracking server, which receives the virus information and thereafter stores it in a database server, which is used to further calculate virus trace display information. A tracking user contacts the virus tracking server and receives map information, which traces the virus activity. The maps show, according to user preference, the names of the viruses encountered in each country, and their frequencies of occurrence.
Abstract translation: 一种用于提供从分布式计算机网络上的各种计算机报告的病毒信息的实时跟踪的装置和方法。 分布式网络上的每台客户端计算机都会接触到一个防病毒扫描站点。 该站点提供了一个驻留在客户端计算机的临时内存中的小程序或小程序。 客户端用户通过提供的模式更新来调用扫描,以检测最近的病毒。 扫描完成后,系统会提示用户提供原产国。 将病毒的名称,其发生频率和国家作为病毒扫描日志转发到病毒跟踪服务器,病毒跟踪服务器接收病毒信息,然后将其存储在数据库服务器中,用于进一步计算病毒跟踪显示 信息。 跟踪用户联系病毒跟踪服务器并接收跟踪病毒活动的地图信息。 地图根据用户偏好显示每个国家遇到的病毒名称及其发生频率。
-
-
-
-
-
-
-
-
-
Search Results
140
records
(took 0.032 seconds)
