公开(公告)号：US07240040B2

公开(公告)日：2007-07-03

申请号：US10217592

申请日：2002-08-08

申请人： Daniel Wyschogrod ,  Alain Arnaud ,  David Eric Berman Lees ,  Leonid Leibman

发明人： Daniel Wyschogrod ,  Alain Arnaud ,  David Eric Berman Lees ,  Leonid Leibman

IPC分类号： G06F17/00 ,  G06F7/06

CPC分类号： H04L45/742 ,  G06F17/30985 ,  H04L29/06 ,  H04L67/1002 ,  H04L67/327 ,  H04L69/03 ,  H04L69/22 ,  H04L69/327 ,  H04L2029/06054

摘要： A method for generating look-up tables for a high speed multi-bit Real-time Deterministic Finite state Automaton (hereinafter RDFA). The method begins with a DFA generated in accordance with the prior art. For each state in the DFA, and for each of the bytes recognized in parallel the following occurs. First an n-closure list is generated. An n-closure list is a list of states reachable in n-transitions from the current state. Next an alphabet transition list is generated for each state. An “alphabet transition list” is a list of the transitions out of a particular state for each of the characters in an alphabet. Finally, the transitions are grouped into classes. That is, the transitions that go to the same state are grouped into the same class. Each class is used to identify the next state. The result is a state machine that has less states than the original DFA.

摘要翻译： 一种用于产生高速多位实时有限状态自动机（以下称为RDFA）的查询表的方法。 该方法以根据现有技术生成的DFA开始。 对于DFA中的每个状态，并且对于并行识别的每个字节，将发生以下情况。 首先生成一个n关闭列表。 n关闭列表是从当前状态进行n次转换可达到的状态列表。 接下来，为每个状态生成字母转换列表。 “字母转换列表”是字母表中的每个字符的特定状态之间的转换的列表。 最后，转换被分组成类。 也就是说，进入同一状态的转换被分组到同一个类中。 每个类用于标识下一个状态。 结果是状态机的状态比原始的DFA少。

公开(公告)号：US20140059684A1

公开(公告)日：2014-02-27

申请号：US13592596

申请日：2012-08-23

申请人： Daniel Wyschogrod ,  Steven W. Jilcott ,  Jonathan Aron Rubin ,  John O. Everett

发明人： Daniel Wyschogrod ,  Steven W. Jilcott ,  Jonathan Aron Rubin ,  John O. Everett

IPC分类号： G06F21/00

CPC分类号： G06F21/562

摘要： Embodiments of a system and method for computer inspection of information objects, for example, executable software applications for common components that may include elements of computer viruses, items from hacker exploit libraries, or other malware components. Information objects may contain identified sequences of instructions, each of which may be identified and hierarchically grouped based on their structural relationship(s). In the software context, programming languages may include multiple components that include functional code; these components are often shared between programmers. In some embodiments, an inspection of the hierarchical relationship of components (e.g., constituent functions) in the information objects may allow for identification of common components shared between programs. In some embodiments, authorship of objects or components in the objects may be identified by comparisons between component samples. In some embodiments, inspection of the relationship between components is limited to component groups having a specified structural size, complexity, or eccentricity.

摘要翻译： 用于信息对象的计算机检查的系统和方法的实施例，例如可以包括计算机病毒的元件的常规组件的可执行软件应用，来自黑客利用库的项目或其他恶意软件组件。 信息对象可以包含指定的指令序列，每个指令可以基于它们的结构关系被识别和分层分组。 在软件环境中，编程语言可以包括包括功能代码的多个组件; 这些组件通常在程序员之间共享。 在一些实施例中，对信息对象中的组件（例如，组成功能）的分级关系的检查可以允许识别程序之间共享的公共组件。 在一些实施例中，可以通过组件样本之间的比较来识别对象中的对象或组件的作者身份。 在一些实施例中，组件之间的关系的检查限于具有特定结构尺寸，复杂性或偏心度的组件组。

公开(公告)号：US07461370B2

公开(公告)日：2008-12-02

申请号：US10359839

申请日：2003-02-07

申请人： Daniel Wyschogrod ,  Leonid Leibman

发明人： Daniel Wyschogrod ,  Leonid Leibman

IPC分类号： G06F9/45

CPC分类号： G06F8/427

摘要： A system for processing regular expressions containing one or more sub-expressions. Information regarding one or more regular expressions, each containing one or more sub-expressions, is stored. Data is compared to the stored information regarding expressions in only a single pass through the data. From the comparison, for any stored expression, the location within the data of the beginning and end of each sub-expression, and the end of the regular expression, are determined. From such determination, the presence within the data of any one or more stored regular expressions containing one or more sub-expressions is identified.

摘要翻译： 用于处理包含一个或多个子表达式的正则表达式的系统。 存储关于一个或多个正则表达式的信息，每个正则表达式包含一个或多个子表达式。 将数据与仅在通过数据的单次传递中的关于表达式的存储的信息进行比较。 从比较中，对于任何存储的表达式，确定每个子表达式的开始和结束的数据内的位置以及正则表达式的结束。 从这样的确定，识别包含一个或多个子表达式的任何一个或多个存储的正则表达式的数据内的存在。

公开(公告)号：US5374932A

公开(公告)日：1994-12-20

申请号：US101448

申请日：1993-08-02

申请人： Daniel Wyschogrod ,  Loren Wood ,  James L. Sturdy ,  Hayden B. Schultz ,  Richard J. Sasiela ,  Douglas V. Marquis ,  William H. Harman, III ,  James R. Eggert ,  Peter M. Daly

发明人： Daniel Wyschogrod ,  Loren Wood ,  James L. Sturdy ,  Hayden B. Schultz ,  Richard J. Sasiela ,  Douglas V. Marquis ,  William H. Harman, III ,  James R. Eggert ,  Peter M. Daly

IPC分类号： G01S7/06 ,  G01S7/20 ,  G01S7/22 ,  G01S7/28 ,  G01S7/292 ,  G01S13/72 ,  G01S13/76 ,  G01S13/89 ,  G01S13/91 ,  G01S13/93 ,  G08G5/06 ,  G01S13/56 ,  G01S13/66

CPC分类号： G08G5/0026 ,  G01S13/91 ,  G01S13/9303 ,  G08G5/0082 ,  G08G5/065 ,  G01S13/723 ,  G01S13/765 ,  G01S13/89 ,  G01S7/062 ,  G01S7/20 ,  G01S7/22 ,  G01S7/2806 ,  G01S7/2923

摘要： An airport surface traffic surveillance and automation system addresses a wide variety of airport surface conflict scenarios using a combination of runway-status lights, controller alerts, and enhanced controller displays. Runway-status lights, composed of runway-entrance lights and takeoff-hold lights, provide alerts directly to pilots and vehicle operators, to prevent runway incursions before they happen. Controller alerts are used to direct a controller's attention to existing conflicts between aircraft on or near the runways. Enhanced displays present symbology to describe aircraft position, size, direction and speed of motion, altitude, aircraft flight number, and equipment type. Aircraft on approach to runways are also depicted on the displays. The invention features an airport surveillance system, having a radar data interface for receiving radar data from a radar source at a first data rate and for outputting radar data at a second data rate less than the first data rate, and a radar target processor coupled to the radar data interface. The radar target processor includes a clutter rejecter for generating a clutter map of the clutter signals in the radar data, and for substantially removing the clutter signals from the radar data using the clutter map, a morphological processor to receive radar data from the clutter rejecter and for detecting from the radar data target objects using the morphology of the target object, a multipath processor to receive radar data from the morphological processor and for detecting and removing from the radar data false targets resulting from multipath radar reflections, and a target tracker to receive radar data from the multipath processor and for tracking the path of target objects on or near the airport surface.

摘要翻译： 机场地面交通监控和自动化系统使用跑道状态指示灯，控制器警报和增强型控制器显示的组合来解决各种机场表面冲突情况。 由跑道入口灯和起飞灯组成的跑道状态灯直接向飞行员和车辆操作员提供警报，以防止跑道入侵发生之前。 控制器警报用于引导控制器注意跑道上或附近的飞机之间的现有冲突。 增强型显示器提供符号体系来描述飞机的位置，大小，方向和运动速度，高度，飞机航班号和设备类型。 跑道上的飞机也在显示屏上进行了描述。 本发明的特征在于一种机场监视系统，具有用于以第一数据速率从雷达源接收雷达数据并用于以小于第一数据速率的第二数据速率输出雷达数据的雷达数据接口，以及耦合到 雷达数据接口。 雷达目标处理器包括用于产生雷达数据中杂波信号的杂波图的杂波抑制器，并且使用杂波图从雷达数据中基本上去除杂波信号;形态处理器，用于从杂波拒绝器接收雷达数据，以及 用于使用目标对象的形态从雷达数据目标对象检测;多径处理器，用于从形态处理器接收雷达数据，以及用于从雷达数据中检测和去除由多径雷达反射产生的假目标;以及目标跟踪器，用于接收 来自多路径处理器的雷达数据和用于跟踪机场表面上或附近的目标物体的路径。

公开(公告)号：US09003518B2

公开(公告)日：2015-04-07

申请号：US12873553

申请日：2010-09-01

申请人： Daniel Wyschogrod ,  David Patrick Mankins

发明人： Daniel Wyschogrod ,  David Patrick Mankins

IPC分类号： G06F12/14 ,  H04L29/06 ,  H04L29/12

CPC分类号： H04L63/1416 ,  H04L29/12066 ,  H04L61/1511 ,  H04L63/1441

摘要： Systems and methods are disclosed for detecting covert DNS tunnels using n-grams. The majority of legitimate DNS requests originate from network content itself, for example, through hyperlinks in websites. So, comparing data from incoming network communications to a hostname included in a DNS request can give an indication on whether the DNS request is a legitimate request or associated with a covert DNS tunnel. This process can be made computationally efficient by extracting n-grams from incoming network content and storing the n-grams in an efficient data structure, such as a Bloom filter. The stored n-grams are compared with n-grams extracted from outgoing DNS requests. If n-grams from an outgoing DNS request are not found in the data structure, the domain associated with the DNS request is determined to be associated with a suspected covert DNS tunnel.

摘要翻译： 公开了用于使用n-gram检测隐蔽DNS隧道的系统和方法。 大多数合法DNS请求源自网络内容本身，例如通过网站中的超链接。 因此，将来自传入网络通信的数据与包含在DNS请求中的主机名进行比较可以给出关于DNS请求是否是合法请求或与隐蔽DNS隧道相关联的指示。 通过从输入网络内容中提取n-gram并将n-gram存储在诸如Bloom过滤器的有效数据结构中，可以使计算效率高。 将存储的n-gram与从出站DNS请求中提取的n-gram进行比较。 如果在数据结构中没有找到来自出站DNS请求的n-gram，则与DNS请求相关联的域被确定为与可疑的隐蔽DNS隧道相关联。

公开(公告)号：US20120054860A1

公开(公告)日：2012-03-01

申请号：US12873553

申请日：2010-09-01

申请人： Daniel Wyschogrod ,  David Patrick Mankins

发明人： Daniel Wyschogrod ,  David Patrick Mankins

IPC分类号： G06F21/20

CPC分类号： H04L63/1416 ,  H04L29/12066 ,  H04L61/1511 ,  H04L63/1441

摘要： Systems and methods are disclosed for detecting covert DNS tunnels using n-grams. The majority of legitimate DNS requests originate from network content itself, for example, through hyperlinks in websites. So, comparing data from incoming network communications to a hostname included in a DNS request can give an indication on whether the DNS request is a legitimate request or associated with a covert DNS tunnel. This process can be made computationally efficient by extracting n-grams from incoming network content and storing the n-grams in an efficient data structure, such as a Bloom filter. The stored n-grams are compared with n-grams extracted from outgoing DNS requests. If n-grams from an outgoing DNS request are not found in the data structure, the domain associated with the DNS request is determined to be associated with a suspected covert DNS tunnel.

摘要翻译： 公开了用于使用n-gram检测隐蔽DNS隧道的系统和方法。 大多数合法DNS请求源自网络内容本身，例如通过网站中的超链接。 因此，将来自传入网络通信的数据与包含在DNS请求中的主机名进行比较可以给出关于DNS请求是否是合法请求或与隐蔽DNS隧道相关联的指示。 通过从输入网络内容中提取n-gram并将n-gram存储在诸如Bloom过滤器的有效数据结构中，可以使计算效率高。 将存储的n-gram与从出站DNS请求中提取的n-gram进行比较。 如果在数据结构中没有找到来自出站DNS请求的n-gram，则与DNS请求相关联的域被确定为与可疑的隐蔽DNS隧道相关联。

公开(公告)号：US06856981B2

公开(公告)日：2005-02-15

申请号：US10005462

申请日：2001-12-03

申请人： Daniel Wyschogrod ,  Alain Arnaud ,  David Eric Berman Lees ,  Leonid Leibman

发明人： Daniel Wyschogrod ,  Alain Arnaud ,  David Eric Berman Lees ,  Leonid Leibman

IPC分类号： G06F17/30 ,  H04L29/06 ,  G06F17/00

CPC分类号： G06F17/30985 ,  H04L45/742 ,  H04L69/03 ,  H04L69/22

摘要： A system and method in accordance with the present invention determines in real-time the portions of a set of characters from a data or character stream which satisfies one or more predetermined regular expressions. A Real-time Deterministic Finite state Automaton (RDFA) ensures that the set of characters is processed at high speeds with relatively small memory requirements. An optimized state machine models the regular expression(s) and state related alphabet lookup and next state tables are generated. Characters from the data stream are processed in parallel using the alphabet lookup and next state tables, to determine whether to transition to a next state or a terminal state, until the regular expression is satisfied or processing is terminated. Additional means may be implemented to determine a next action from satisfaction of the regular expression.

摘要翻译： 根据本发明的系统和方法实时地确定来自满足一个或多个预定正则表达式的数据或字符流的一组字符的部分。 实时确定性有限状态自动机（RDFA）可确保以较小的内存要求高速处理字符集。 优化的状态机对正则表达式和状态相关的字母查找进行建模，并生成下一个状态表。 使用字母查找和下一状态表并行地处理来自数据流的字符，以确定是否转换到下一状态或终端状态，直到正则表达式被满足或处理终止。 可以实现额外的手段来确定满足正则表达式的下一个动作。

公开(公告)号：US09043272B2

公开(公告)日：2015-05-26

申请号：US11901515

申请日：2007-09-18

申请人： Daniel Wyschogrod ,  Leonid Leibman

发明人： Daniel Wyschogrod ,  Leonid Leibman

IPC分类号： G06F17/30

CPC分类号： G06F17/30985 ,  Y10S707/99936

摘要： A system for determining the start of a match of a regular expression has a special state table which contains start state entries and terminal state entries; a plurality of start state registers for storing offset information indicative of the start of a match of the regular expression; a deterministic finite state automaton (DFA) next state table which, given the current state and an input character, returns the next state. The DFA next state table includes a settable indicator for any next state table entry which indicates whether to perform a lookup into the special state table. A compiler loads values into the special state table based on the regular expression.

摘要翻译： 用于确定正则表达式的匹配的开始的系统具有包含起始状态条目和终端状态条目的特殊状态表; 多个开始状态寄存器，用于存储指示正则表达式的匹配开始的偏移信息; 给定当前状态和输入字符的确定性有限状态自动机（DFA）下一状态表返回下一状态。 DFA下一状态表包括任何下一状态表条目的可设置指示符，指示是否对特殊状态表执行查找。 编译器根据正则表达式将值加载到特殊状态表中。

公开(公告)号：US08931092B2

公开(公告)日：2015-01-06

申请号：US13592596

申请日：2012-08-23

申请人： Daniel Wyschogrod ,  Steven W. Jilcott ,  Jonathan Aron Rubin ,  John O. Everett

发明人： Daniel Wyschogrod ,  Steven W. Jilcott ,  Jonathan Aron Rubin ,  John O. Everett

IPC分类号： G06F21/56

CPC分类号： G06F21/562

摘要： Embodiments of a system and method for computer inspection of information objects, for example, executable software applications for common components that may include elements of computer viruses, items from hacker exploit libraries, or other malware components. Information objects may contain identified sequences of instructions, each of which may be identified and hierarchically grouped based on their structural relationship(s). In the software context, programming languages may include multiple components that include functional code; these components are often shared between programmers. In some embodiments, an inspection of the hierarchical relationship of components (e.g., constituent functions) in the information objects may allow for identification of common components shared between programs. In some embodiments, authorship of objects or components in the objects may be identified by comparisons between component samples. In some embodiments, inspection of the relationship between components is limited to component groups having a specified structural size, complexity, or eccentricity.

摘要翻译： 用于信息对象的计算机检查的系统和方法的实施例，例如可以包括计算机病毒的元件的常规组件的可执行软件应用，来自黑客利用库的项目或其他恶意软件组件。 信息对象可以包含指定的指令序列，每个指令可以基于它们的结构关系被识别和分层分组。 在软件环境中，编程语言可以包括包括功能代码的多个组件; 这些组件通常在程序员之间共享。 在一些实施例中，对信息对象中的组件（例如，组成功能）的分级关系的检查可以允许识别程序之间共享的公共组件。 在一些实施例中，可以通过组件样本之间的比较来识别对象中的对象或组件的作者身份。 在一些实施例中，组件之间的关系的检查限于具有特定结构尺寸，复杂性或偏心度的组件组。

公开(公告)号：US20080077587A1

公开(公告)日：2008-03-27

申请号：US11901515

申请日：2007-09-18

申请人： Daniel Wyschogrod ,  Leonid Leibman

发明人： Daniel Wyschogrod ,  Leonid Leibman

IPC分类号： G06F7/06 ,  G06F17/30

CPC分类号： G06F17/30985 ,  Y10S707/99936

摘要： A system for determining the start of a match of a regular expression has a special state table which contains start state entries and terminal state entries; a plurality of start state registers for storing offset information indicative of the start of a match of the regular expression; a deterministic finite state automaton (DFA) next state table which, given the current state and an input character, returns the next state. The DFA next state table includes a settable indicator for any next state table entry which indicates whether to perform a lookup into the special state table. A compiler loads values into the special state table based on the regular expression.

摘要翻译： 用于确定正则表达式的匹配的开始的系统具有包含起始状态条目和终端状态条目的特殊状态表; 多个开始状态寄存器，用于存储指示正则表达式的匹配开始的偏移信息; 给定当前状态和输入字符的确定性有限状态自动机（DFA）下一状态表返回下一状态。 DFA下一状态表包括任何下一状态表条目的可设置指示符，指示是否对特殊状态表执行查找。 编译器根据正则表达式将值加载到特殊状态表中。