-
公开(公告)号:US08555388B1
公开(公告)日:2013-10-08
申请号:US13115016
申请日:2011-05-24
申请人: Xinran Wang , Huagang Xie
发明人: Xinran Wang , Huagang Xie
IPC分类号: G06F7/04
CPC分类号: H04L63/1416 , G06F21/552 , H04L63/0236 , H04L63/1425 , H04L63/1433 , H04L67/02 , H04L69/22 , H04L2463/144
摘要: In some embodiments, heuristic botnet detection is provided. In some embodiments, heuristic botnet detection includes monitoring network traffic to identify suspicious network traffic; and detecting a bot based on a heuristic analysis of the suspicious network traffic behavior using a processor, in which the suspicious network traffic behavior includes command and control traffic associated with a bot master. In some embodiments, heuristic botnet detection further includes assigning a score to the monitored network traffic, in which the score corresponds to a botnet risk characterization of the monitored network traffic (e.g., based on one or more heuristic botnet detection techniques); increasing the score based on a correlation of additional suspicious behaviors associated with the monitored network traffic (e.g., based on one or more heuristic botnet detection techniques); and determining the suspicious behavior is associated with a botnet based on the score.
-
公开(公告)号:US09467421B2
公开(公告)日:2016-10-11
申请号:US13115050
申请日:2011-05-24
申请人: Huagang Xie
发明人: Huagang Xie
CPC分类号: H04L63/0236 , H04L61/1511 , H04L63/101 , H04L63/1416 , H04L63/1441 , H04L63/20 , H04L67/02 , H04L67/42
摘要: Using DNS communications to filter domain names is disclosed. A domain name is extracted from a received DNS request. The received DNS request is blocked in response to determining based on a policy that access to the domain name of the DNS request is not permitted. In some cases, such a DNS request is responded to with a spoofed DNS response.
摘要翻译: 透露使用DNS通讯过滤域名。 从接收的DNS请求中提取域名。 响应于根据不允许访问DNS请求的域名的策略来确定接收的DNS请求被阻止。 在某些情况下,这样一个DNS请求将被欺骗DNS响应。
-
3.发明授权Identification of malware sites using unknown URL sites and newly registered DNS addresses 有权使用未知网址和新注册的DNS地址识别恶意软件站点公开(公告)号:US08966625B1
公开(公告)日:2015-02-24
申请号:US13115014
申请日:2011-05-24
申请人: Nir Zuk , Renzo Lazzarato , Huagang Xie
发明人: Nir Zuk , Renzo Lazzarato , Huagang Xie
IPC分类号: G06F11/00
CPC分类号: H04L63/145 , G06F21/57 , G06F2221/034 , G06F2221/2111 , H04L63/1408 , H04L63/168
摘要: In some embodiments, identification of malware sites using unknown URL sites and newly registered DNS addresses includes performing a heuristic analysis for information associated with a network site; and assigning a score based on the heuristic analysis, in which the score indicates whether the network site is potentially malicious. In some embodiments, the system includes a security appliance that is in communication with the Internet. In some embodiments, the network site is associated with a network domain and/or a network uniform resource locator (URL). In some embodiments, performing a heuristic analysis for information associated with a network site further includes determining if a network site has recently been registered. In some embodiments, performing a heuristic analysis for information associated with a network site further includes determining if a network site is associated with recently changed DNS information. In some embodiments, performing a heuristic analysis for information associated with a network site further includes determining geographical information as well as an IP network location associated with the network site.
摘要翻译: 在一些实施例中,使用未知URL站点和新注册的DNS地址来识别恶意软件站点包括对与网络站点相关联的信息执行启发式分析; 并且基于启发式分析来分配分数,其中分数指示网络站点是否是潜在的恶意的。 在一些实施例中,系统包括与互联网通信的安全设备。 在一些实施例中,网络站点与网络域和/或网络统一资源定位符(URL)相关联。 在一些实施例中,对与网络站点相关联的信息执行启发式分析还包括确定网络站点是否最近已被注册。 在一些实施例中,对与网络站点相关联的信息执行启发式分析还包括确定网络站点是否与最近更改的DNS信息相关联。 在一些实施例中,对与网络站点相关联的信息执行启发式分析还包括确定地理信息以及与网络站点相关联的IP网络位置。
-
公开(公告)号:US20120304244A1
公开(公告)日:2012-11-29
申请号:US13115032
申请日:2011-05-24
申请人: Huagang Xie , Xinran Wang , Jiangxia Liu
发明人: Huagang Xie , Xinran Wang , Jiangxia Liu
CPC分类号: H04L63/0227 , G06F21/00 , G06F21/53 , H04L63/0263 , H04L63/0428 , H04L63/1408 , H04L63/1425 , H04L63/145
摘要: In some embodiments, a malware analysis system includes receiving a potential malware sample from a firewall; analyzing the potential malware sample using a virtual machine to determine if the potential malware sample is malware; and automatically generating a signature if the potential malware sample is determined to be malware. In some embodiments, the potential malware sample does not match a preexisting signature, and the malware is a zero-day attack.
摘要翻译: 在一些实施例中,恶意软件分析系统包括从防火墙接收潜在的恶意软件样本; 使用虚拟机分析潜在的恶意软件样本,以确定潜在的恶意软件样本是否为恶意软件; 并且如果潜在恶意软件样本被确定为恶意软件,则自动生成签名。 在一些实施例中,潜在恶意软件样本与预先存在的签名不匹配,并且恶意软件是零日攻击。
-
公开(公告)号:US09047441B2
公开(公告)日:2015-06-02
申请号:US13115032
申请日:2011-05-24
申请人: Huagang Xie , Xinran Wang , Jiangxia Liu
发明人: Huagang Xie , Xinran Wang , Jiangxia Liu
CPC分类号: H04L63/0227 , G06F21/00 , G06F21/53 , H04L63/0263 , H04L63/0428 , H04L63/1408 , H04L63/1425 , H04L63/145
摘要: In some embodiments, a malware analysis system includes receiving a potential malware sample from a firewall; analyzing the potential malware sample using a virtual machine to determine if the potential malware sample is malware; and automatically generating a signature if the potential malware sample is determined to be malware. In some embodiments, the potential malware sample does not match a preexisting signature, and the malware is a zero-day attack.
摘要翻译: 在一些实施例中,恶意软件分析系统包括从防火墙接收潜在的恶意软件样本; 使用虚拟机分析潜在的恶意软件样本,以确定潜在的恶意软件样本是否为恶意软件; 并且如果潜在恶意软件样本被确定为恶意软件,则自动生成签名。 在一些实施例中,潜在恶意软件样本与预先存在的签名不匹配,并且恶意软件是零日攻击。
-
公开(公告)号:US09461878B1
公开(公告)日:2016-10-04
申请号:US13019218
申请日:2011-02-01
申请人: Huagang Xie
发明人: Huagang Xie
CPC分类号: H04L41/0627 , H04L63/1408 , H04L65/1069
摘要: At least initially blocking client download of certain content and injecting a user verification step for such downloads is disclosed. In some embodiments, client download of a response from a server to a client request is blocked, and instead a notification page with options to accept or decline the server response is provided to the client.
摘要翻译: 公开了至少最初阻止某些内容的客户端下载并注入用于此类下载的用户验证步骤。 在一些实施例中,客户端从服务器下载客户端请求的响应被阻止,而具有接受或拒绝服务器响应的选项的通知页被提供给客户端。
-
公开(公告)号:US08892665B1
公开(公告)日:2014-11-18
申请号:US13115025
申请日:2011-05-24
CPC分类号: H04L63/0227 , H04L29/06557 , H04L43/08 , H04L63/0428 , H04L63/1491 , H04L67/104
摘要: Encrypted peer-to-peer detection is provided. In some embodiments, encrypted peer-to-peer detection includes monitoring network traffic from a first client to determine whether the first client is executing a peer-to-peer application; and generating network traffic that emulates peer-to-peer network traffic sent from the peer-to-peer application executing on the first client to a second client after detecting unknown network traffic sent from the first client to the second client. In some embodiments, encrypted peer-to-peer detection includes monitoring network traffic from a client to determine that the client is sending a request for information for a peer-to-peer application executing on the client; and generating a network traffic response to the client that emulates peer-to-peer network traffic.
摘要翻译: 提供加密的对等检测。 在一些实施例中,加密的对等检测包括监视来自第一客户端的网络业务以确定第一客户端是否正在执行对等应用; 以及在检测到从第一客户端发送到第二客户端的未知网络流量之后,生成模拟从在第一客户端上执行的对等应用发送到第二客户端的对等网络流量的网络流量。 在一些实施例中,加密的对等检测包括监视来自客户端的网络流量,以确定客户端正在发送对客户端上执行的对等应用程序的信息的请求; 以及生成模拟对等网络流量的客户端的网络流量响应。
-
公开(公告)号:US20120303808A1
公开(公告)日:2012-11-29
申请号:US13115050
申请日:2011-05-24
申请人: Huagang Xie
发明人: Huagang Xie
IPC分类号: G06F15/16
CPC分类号: H04L63/0236 , H04L61/1511 , H04L63/101 , H04L63/1416 , H04L63/1441 , H04L63/20 , H04L67/02 , H04L67/42
摘要: Using DNS communications to filter domain names is disclosed. A domain name is extracted from a received DNS request. The received DNS request is blocked in response to determining based on a policy that access to the domain name of the DNS request is not permitted. In some cases, such a DNS request is responded to with a spoofed DNS response.
摘要翻译: 透露使用DNS通讯过滤域名。 从接收的DNS请求中提取域名。 响应于根据不允许访问DNS请求的域名的策略来确定接收的DNS请求被阻止。 在某些情况下,这样一个DNS请求将被欺骗DNS响应。
-
-
-
-
-
-
-
搜索结果
8 条记录 (耗时 0.012 秒)
