公开(公告)号：US08997219B2

公开(公告)日：2015-03-31

申请号：US13011344

申请日：2011-01-21

Applicant: Stuart Gresley Staniford ,  Ashar Aziz

Inventor： Stuart Gresley Staniford ,  Ashar Aziz

IPC: H04L29/06 ,  G06F21/56

CPC classification number: H04L63/145 ,  G06F21/562 ,  G06F21/566 ,  G06F2221/033 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1491 ,  H04L2463/144

Abstract: Systems and methods for detecting malicious PDF network content are provided herein. According to some embodiments, the methods may include at least the steps of examining received PDF network content to determine if one or more suspicious characteristics indicative of malicious network content are included in the PDF network content, providing PDF network content determined to include at least one suspicious characteristic to one or more virtual machines, and analyzing responses received from the one or more virtual machines to verify the inclusion of malicious network content in the PDF network content determined to include at least one suspicious characteristic.

公开(公告)号：US08584239B2

公开(公告)日：2013-11-12

申请号：US11471072

申请日：2006-06-19

Applicant: Ashar Aziz ,  Ramesh Radhakrishnan ,  Osman Ismael

Inventor： Ashar Aziz ,  Ramesh Radhakrishnan ,  Osman Ismael

IPC: G06F12/14 ,  G06F11/30

CPC classification number: H04L63/1433 ,  G06F9/45533 ,  G06F21/554 ,  G06F21/56 ,  H04L63/14 ,  H04L63/145 ,  H04L63/1491 ,  H04L63/20

Abstract: A suspicious activity capture system can comprise a tap configured to copy network data from a communication network, and a controller coupled to the tap. The controller is configured to receive the copy of the network data from the tap, analyze the copy of the network data with a heuristic to determine if the network data is suspicious, flag the network data as suspicious based on the heuristic determination, and concurrently simulate transmission of the network data to a plurality of destination devices.

Abstract translation: 可疑活动捕获系统可以包括被配置为从通信网络复制网络数据的抽头以及耦合到水龙头的控制器。 控制器被配置为从抽头接收网络数据的副本，用启发式分析网络数据的副本以确定网络数据是否可疑，基于启发式确定将网络数据标记为可疑，并同时模拟 将网络数据传输到多个目的地设备。

公开(公告)号：US20130047257A1

公开(公告)日：2013-02-21

申请号：US13651331

申请日：2012-10-12

Applicant: Ashar Aziz

Inventor： Ashar Aziz

IPC: G06F21/00

CPC classification number: H04L63/1425 ,  G06F9/45537 ,  G06F9/45558 ,  G06F21/53 ,  G06F21/55 ,  G06F21/554 ,  G06F21/56 ,  G06F21/566 ,  G06F2009/45587 ,  G06F2009/45591 ,  G06F2009/45595 ,  G06F2221/034 ,  H04L63/0227 ,  H04L63/10 ,  H04L63/101 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1433 ,  H04L63/145 ,  H04L63/1491 ,  H04L63/20

Abstract: A computer worm defense system comprises multiple containment systems tied together by a management system. Each containment system is deployed on a separate communication network and contains a worm sensor and a blocking system. In various embodiments, the computer worm may be transported from a production network, where the computer worm is not readily identifiable, to an alternate network in the worm sensor where the computer worm may be readily identifiable. Computer worm identifiers generated by a worm sensor of one containment system can be provided not only to the blocking system of the same containment system, but can also be distributed by the management system to blocking systems of other containment systems.

Abstract translation: 计算机蠕虫防御系统包括由管理系统捆绑在一起的多个遏制系统。 每个收容系统部署在单独的通信网络上，并包含蠕虫传感器和阻塞系统。 在各种实施例中，计算机蠕虫可以从计算机蠕虫不易识别的生产网络传输到蠕虫传感器中的可替代网络，其中计算机蠕虫可以容易地被识别。 由一个遏制系统的蠕虫传感器产生的计算机蠕虫标识符不仅可以被提供给相同遏制系统的阻塞系统，而且还可以由管理系统分配给其他遏制系统的阻塞系统。

公开(公告)号：US08375444B2

公开(公告)日：2013-02-12

申请号：US11494990

申请日：2006-07-28

Applicant: Ashar Aziz ,  Ramesh Radhakrishnan ,  Wei-Lung Lai ,  Jayaraman Manni

Inventor： Ashar Aziz ,  Ramesh Radhakrishnan ,  Wei-Lung Lai ,  Jayaraman Manni

IPC: G06F12/16 ,  G06F11/30

CPC classification number: G06F21/554 ,  G06F9/455 ,  G06F21/56 ,  H04L63/145 ,  H04L63/1491

Abstract: A dynamic signature creation and enforcement system can comprise a tap configured to copy network data from a communication network, and a controller coupled to the tap. The controller is configured to receive the copy of the network data from the tap, analyze the copy of the network data with a heuristic to determine if the network data is suspicious, flag the network data as suspicious based on the heuristic determination, simulate transmission of the network data to a destination device to identify unauthorized activity, generate an unauthorized activity signature based on the identification, and transmit the unauthorized activity signature to a digital device configured to enforce the unauthorized activity signature.

Abstract translation: 动态签名创建和执行系统可以包括被配置为从通信网络复制网络数据的抽头以及耦合到抽头的控制器。 控制器被配置为从抽头接收网络数据的副本，用启发式分析网络数据的副本以确定网络数据是否可疑，基于启发式确定将网络数据标记为可疑，模拟传输 将目标设备的网络数据发送到目的地设备以识别未经授权的活动，基于所述标识生成未经授权的活动签名，并将未经授权的活动签名发送到被配置为执行未经授权的活动签名的数字设备。

公开(公告)号：US20120331553A1

公开(公告)日：2012-12-27

申请号：US11494990

申请日：2006-07-28

Applicant: Ashar Aziz ,  Ramesh Radhakrishnan ,  Wei-Lung Lai ,  Jayaraman Manni

Inventor： Ashar Aziz ,  Ramesh Radhakrishnan ,  Wei-Lung Lai ,  Jayaraman Manni

IPC: G06F21/20

CPC classification number: G06F21/554 ,  G06F9/455 ,  G06F21/56 ,  H04L63/145 ,  H04L63/1491

Abstract: A dynamic signature creation and enforcement system can comprise a tap configured to copy network data from a communication network, and a controller coupled to the tap. The controller is configured to receive the copy of the network data from the tap, analyze the copy of the network data with a heuristic to determine if the network data is suspicious, flag the network data as suspicious based on the heuristic determination, simulate transmission of the network data to a destination device to identify unauthorized activity, generate an unauthorized activity signature based on the identification, and transmit the unauthorized activity signature to a digital device configured to enforce the unauthorized activity signature.

Abstract translation: 动态签名创建和执行系统可以包括被配置为从通信网络复制网络数据的抽头以及耦合到抽头的控制器。 控制器被配置为从抽头接收网络数据的副本，用启发式分析网络数据的副本以确定网络数据是否可疑，基于启发式确定将网络数据标记为可疑，模拟传输 将目标设备的网络数据发送到目的地设备以识别未经授权的活动，基于所述标识生成未经授权的活动签名，并将未经授权的活动签名发送到被配置为执行未经授权的活动签名的数字设备。

公开(公告)号：US07463648B1

公开(公告)日：2008-12-09

申请号：US11042813

申请日：2005-01-24

Applicant: Christopher M. Eppstein ,  Ashar Aziz ,  Thomas Markson ,  Martin Patterson

Inventor： Christopher M. Eppstein ,  Ashar Aziz ,  Thomas Markson ,  Martin Patterson

IPC: H04J3/16 ,  G06F15/16

CPC classification number: G06F9/5011 ,  H04L29/06 ,  H04L41/22 ,  H04L63/02 ,  H04L67/1097 ,  H04L67/34 ,  H04L69/329

Abstract: An approach for allocating resources to an apparatus based on resource requirements generally involves a resource allocator receiving a request that specifies resource requirements for the apparatus. A resource allocator determines whether resources are available that satisfy the resource requirements. If resources are available that satisfy a resource requirement, the resource allocator indicates that the resource requirement is fulfilled and the resources are allocated to the apparatus. If resources are not available that satisfy a resource requirement, the resource allocator indicates that the resource requirement is not fulfilled and the resources are not allocated to the apparatus. The apparatus is implemented based on the allocated resources. A resource requirement can be optional so that if the optional resource requirement is not fulfilled, the apparatus can still be implemented. Conversely, a resource requirement can be necessary so that if the necessary resource requirement is not fulfilled, the apparatus is not implemented.

Abstract translation: 基于资源需求向设备分配资源的方法通常涉及资源分配器，其接收指定该设备资源需求的请求。 资源分配器确定资源是否满足资源需求。 如果资源满足资源需求，则资源分配器指示满足资源需求并将资源分配给设备。 如果不能满足资源需求的资源，则资源分配器指示资源需求不满足，资源未分配给设备。 该装置基于分配的资源来实现。 资源需求可以是可选的，以便如果不满足可选资源需求，则该设备仍然可以被实现。 相反，资源需求可能是必要的，因此如果不满足必要的资源需求，则不实现该设备。

公开(公告)号：US07103647B2

公开(公告)日：2006-09-05

申请号：US09818424

申请日：2001-03-26

Applicant: Ashar Aziz

Inventor： Ashar Aziz

IPC: G06F15/177

CPC classification number: H04L29/06 ,  H04L41/22 ,  H04L67/34 ,  H04L69/329

Abstract: A method and apparatus for defining and deploying a networked computer system features creating and storing a textual representation of a logical configuration of the networked computer system according to a structured markup language. Based on the textual representation, one or more commands are generated for configuring an operable computer system that conforms to the logical configuration. The commands may be directed to devices that are interconnected to one or more computing elements and storage devices, to instruct the devices to logically connect the computing elements and storage devices into the computer system. As a result, a real-world virtual server farm or data center may be created and deployed substantially instantly.

公开(公告)号：US6026167A

公开(公告)日：2000-02-15

申请号：US863035

申请日：1997-05-23

Applicant: Ashar Aziz

Inventor： Ashar Aziz

IPC: H04L9/08 ,  H04L12/18 ,  H04L12/46 ,  H04L29/06 ,  H04K1/00

CPC classification number: H04L63/04 ,  H04L12/18 ,  H04L12/4604 ,  H04L29/06 ,  H04L63/0435 ,  H04L63/0442 ,  H04L63/061 ,  H04L63/0823 ,  H04L9/0822 ,  H04L9/0844

Abstract: A method and apparatus for generating additional implicit keys from a key [K.sub.ij ].sub.N without the necessity of generating a new Diffie-Helman (DH) certificate or requiring communication between nodes to change implicit master keys is disclosed. A first data processing device (node I) is coupled to a private network which is in turn coupled to the Internet. A second data processing device (node J) is coupled to the same, or to a different network, which is also coupled to the Internet, such that node I communicates with node J using the Internet protocol. Node I is provided with a secret value i and a public value. Data packets (referred to as "datagrams") are encrypted to enhance network security. Each node maintains an internal value of N which is incremented based on time and upon the receipt of a data packet from another node. The key [K.sub.ij ].sub.N.sbsb.i is derived from the appropriate quantity of .varies..sup.Nij by using high order key-sized bits of the respective quantity. The present invention then utilizes the key [K.sub.ij ].sub.N.sbsb.i to encrypt a transient key which is referred to as K.sub.p. Node I encrypts the IP data in K.sub.p and encrypts K.sub.p in [K.sub.ij ].sub.N.sbsb.i. Node I transmits the encrypted IP datagram packet in the encrypted key K.sub.p to the receiving node J. Node I further includes its current internal value of N.sub.i in the outgoing packet. The present invention also provides for the application of one-way functions to the shared secret to enhance security. Thus, either node I or node J may change the context such that if in the future [K.sub.ij ].sub.Ni is compromised, or is not useable by a cracker to either decrypt prior encrypted packets. The present invention discloses methods and apparatus for achieving perfect forward security for closed user groups, and for the application of the SKIP methodology to datagram multicast protocols.

Abstract translation: 公开了一种用于从密钥生成附加隐式密钥的方法和装置，而不需要生成新的Diffie-Helman（DH）证书或需要节点之间的通信来改变隐式主密钥。 第一数据处理设备（节点I）耦合到专用网络，专用网络又耦合到因特网。 第二数据处理设备（节点J）被耦合到同一网络，或耦合到也耦合到因特网的不同网络，使得节点I使用因特网协议与节点J进行通信。 节点I被提供有秘密值i和公共值。 数据包（简称“数据报”）被加密以增强网络安全性。 每个节点保持内部值N，该内部值根据时间和从另一个节点接收到数据包而递增。 密钥[Kij] Ni是通过使用相应数量的高阶密钥大小的比特来从适当数量的比例Nij导出的。 然后，本发明利用密钥[Kij] Ni加密被称为Kp的瞬时密钥。 节点I以Kp加密IP数据，并加密[Kij] Ni中的Kp。 节点I将加密的密钥Kp中的加密的IP数据包分组发送到接收节点J.节点I还包括其在输出分组中的Ni的当前内部值。 本发明还提供将单向功能应用于共享秘密以增强安全性。 因此，节点I或节点J可以改变上下文，使得如果将来[Kij] Ni被破坏，或者破解者无法对先前加密的分组进行解密。 本发明公开了用于实现封闭用户组的完美前向安全的方法和装置，以及将SKIP方法应用于数据报组播协议。

公开(公告)号：US20160127393A1

公开(公告)日：2016-05-05

申请号：US14745903

申请日：2015-06-22

Applicant: Ashar Aziz ,  Henry Uyeno ,  Jay Manni ,  Amin Sukhera ,  Stuart Staniford

Inventor： Ashar Aziz ,  Henry Uyeno ,  Jay Manni ,  Amin Sukhera ,  Stuart Staniford

IPC: H04L29/06 ,  H04L12/58

CPC classification number: H04L63/1416 ,  G06F21/56 ,  G06F21/562 ,  H04L51/12 ,  H04L63/123 ,  H04L63/126 ,  H04L63/1425 ,  H04L63/145 ,  H04L63/168

Abstract: An electronic message is analyzed for malware contained in the message. Text of an electronic message may be analyzed to detect and process malware content in the electronic message itself. The present technology may analyze an electronic message and attachments to electronic messages to detect a uniform resource location (URL), identify whether the URL is suspicious, and analyze all suspicious URLs to determine if they are malware. The analysis may include re-playing the suspicious URL in a virtual environment which simulates the intended computing device to receive the electronic message. If the re-played URL is determined to be malicious, the malicious URL is added to a black list which is updated throughout the computer system.

Abstract translation: 分析消息中包含的恶意软件的电子消息。 可以分析电子消息的文本以检测和处理电子消息本身中的恶意软件内容。 本技术可以分析电子消息和电子消息的附件以检测统一的资源位置（URL），识别URL是否可疑，并分析所有可疑URL以确定它们是否是恶意软件。 分析可以包括在虚拟环境中重新播放可疑URL，虚拟环境模拟预期的计算设备以接收电子消息。 如果确定重播的URL是恶意的，恶意URL将添加到整个计算机系统中更新的黑名单中。

公开(公告)号：US09118715B2

公开(公告)日：2015-08-25

申请号：US13469046

申请日：2012-05-10

Applicant: Stuart Gresley Staniford ,  Ashar Aziz

Inventor： Stuart Gresley Staniford ,  Ashar Aziz

IPC: H04L29/06 ,  G06F21/56

CPC classification number: H04L63/145 ,  G06F21/562 ,  G06F21/566 ,  G06F2221/033 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1491 ,  H04L2463/144

Abstract: Systems and methods for detecting malicious PDF network content are provided herein. According to some embodiments, the methods may include at least the steps of examining received PDF network content to determine if one or more suspicious characteristics indicative of malicious network content are included in the PDF network content, providing PDF network content determined to include at least one suspicious characteristic to one or more virtual machines, and analyzing responses received from the one or more virtual machines to verify the inclusion of malicious network content in the PDF network content determined to include at least one suspicious characteristic.

Abstract translation: 本文提供了检测恶意PDF网络内容的系统和方法。 根据一些实施例，所述方法可以至少包括检查所接收的PDF网络内容以确定指示恶意网络内容的一个或多个可疑特征是否包括在所述PDF网络内容中的步骤，提供被确定为包括至少一个 一个或多个虚拟机的可疑特征，以及分析从一个或多个虚拟机接收到的响应，以验证被确定为包括至少一个可疑特征的PDF网络内容中包含恶意网络内容。