-
公开(公告)号:US09996693B2
公开(公告)日:2018-06-12
申请号:US13486518
申请日:2012-06-01
申请人: Ning Sun , Patrick Winkler , Chengyun Chu , Hong Jia , Jason Geffner , Tony Lee , Jigar Mody , Frank Swiderski
发明人: Ning Sun , Patrick Winkler , Chengyun Chu , Hong Jia , Jason Geffner , Tony Lee , Jigar Mody , Frank Swiderski
CPC分类号: G06F21/566 , G06F21/564
摘要: Automated malware signature generation is disclosed. Automated malware signature generation includes monitoring incoming unknown files for the presence of malware and analyzing the incoming unknown files based on both a plurality of classifiers of file behavior and a plurality of classifiers of file content. An incoming file is classified as having a particular malware classification based on the analyzing of incoming unknown files and a malware signature is generated for the incoming unknown file based on the particular malware classification. Access is provided to the malware signature.
-
公开(公告)号:US07802299B2
公开(公告)日:2010-09-21
申请号:US11784801
申请日:2007-04-09
申请人: Jason Geffner , Ning Sun , Brad Albrecht , Tony Lee , Pat Winkler , Chengyun Chu
发明人: Jason Geffner , Ning Sun , Brad Albrecht , Tony Lee , Pat Winkler , Chengyun Chu
IPC分类号: G06F11/00
CPC分类号: G06F21/564 , G06F21/566
摘要: A binary function database system is provided in which binary functions are extracted from compiled and linked program files and stored in a database as robust abstractions which can be matched with others using one or more function matching heuristics. Such abstraction allows for minor variations in function implementation while still enabling matching with an identical stored function in the database, or with a stored function with a given level of confidence. Metadata associated with each function is also typically generated and stored in the database. In an illustrative example, a structured query language database is utilized that runs on a central database server, and that tracks function names, the program file from which the function is extracted, comments and other associated information as metadata during an analyst's live analysis session to enable known function information that is stored in the database to be applied to binary functions of interest that are disassembled from the program file.
摘要翻译: 提供了一种二进制功能数据库系统,其中从编译和链接的程序文件中提取二进制函数,并将其存储在数据库中作为鲁棒抽象,可以使用一个或多个函数匹配启发式与其他抽象匹配。 这种抽象允许功能实现中的微小变化,同时仍然能够与数据库中的相同存储功能匹配,或者具有给定的置信度的存储的功能。 与每个功能相关联的元数据也通常生成并存储在数据库中。 在说明性的示例中,使用在中央数据库服务器上运行的结构化查询语言数据库,并且在分析人员的实时分析会话期间跟踪功能名称,提取功能的程序文件,作为元数据的其他关联信息作为元数据 使得存储在数据库中的已知功能信息能够应用于从程序文件反汇编的感兴趣的二进制功能。
-
公开(公告)号:US20080127336A1
公开(公告)日:2008-05-29
申请号:US11523199
申请日:2006-09-19
申请人: Ning Sun , Patrick Winkler , Chengyun Chu , Hong Jia , Jason Geffner , Tony Lee , Jigar Mody , Frank Swiderski
发明人: Ning Sun , Patrick Winkler , Chengyun Chu , Hong Jia , Jason Geffner , Tony Lee , Jigar Mody , Frank Swiderski
IPC分类号: G06F21/00
CPC分类号: G06F21/566 , G06F21/564
摘要: Automated malware signature generation is disclosed. Automated malware signature generation includes monitoring incoming unknown files for the presence of malware and analyzing the incoming unknown files based on both a plurality of classifiers of file behavior and a plurality of classifiers of file content. An incoming file is classified as having a particular malware classification based on the analyzing of incoming unknown files and a malware signature is generated for the incoming unknown file based on the particular malware classification. Access is provided to the malware signature.
摘要翻译: 公开了自动恶意软件签名生成。 自动恶意软件签名生成包括监视传入的未知文件以存在恶意软件,并基于文件行为的多个分类器和文件内容的多个分类器分析传入的未知文件。 根据传入的未知文件的分析,传入文件被分类为具有特定的恶意软件分类,并且基于特定恶意软件分类为传入的未知文件生成恶意软件签名。 访问被提供给恶意软件签名。
-
公开(公告)号:US20120260343A1
公开(公告)日:2012-10-11
申请号:US13486518
申请日:2012-06-01
申请人: Ning Sun , Patrick Winkler , Chengyun Chu , Hong Jia , Jason Geffner , Tony Lee , Jigar Mody , Frank Swiderski
发明人: Ning Sun , Patrick Winkler , Chengyun Chu , Hong Jia , Jason Geffner , Tony Lee , Jigar Mody , Frank Swiderski
IPC分类号: G06F21/00
CPC分类号: G06F21/566 , G06F21/564
摘要: Automated malware signature generation is disclosed. Automated malware signature generation includes monitoring incoming unknown files for the presence of malware and analyzing the incoming unknown files based on both a plurality of classifiers of file behavior and a plurality of classifiers of file content. An incoming file is classified as having a particular malware classification based on the analyzing of incoming unknown files and a malware signature is generated for the incoming unknown file based on the particular malware classification. Access is provided to the malware signature.
摘要翻译: 公开了自动恶意软件签名生成。 自动恶意软件签名生成包括监视传入的未知文件以存在恶意软件,并基于文件行为的多个分类器和文件内容的多个分类器分析传入的未知文件。 根据传入的未知文件的分析,传入文件被分类为具有特定的恶意软件分类,并且基于特定恶意软件分类为传入的未知文件生成恶意软件签名。 访问被提供给恶意软件签名。
-
公开(公告)号:US20070079366A1
公开(公告)日:2007-04-05
申请号:US11242562
申请日:2005-10-03
申请人: Jason Geffner
发明人: Jason Geffner
IPC分类号: G06F15/16
CPC分类号: H04L63/02 , H04L63/1441
摘要: A system and a method for redirecting data packets, the system comprising a stateless bi-directional proxy for redirecting data packets, said data packets including a header and a body, said header including a source address that identifies the source of the data packet and a destination address that identifies the destination of the data packet. The stateless bi-directional proxy comprises: a first and second input/output interfaces for receiving and sending data packets; a storage component for storing source and destination addresses; and a processing component for changing the source and destination addresses of the received data packets to stored source and destination addresses.
摘要翻译: 一种用于重定向数据分组的系统和方法,所述系统包括用于重定向数据分组的无状态双向代理,所述数据分组包括报头和主体,所述报头包括标识数据分组的源的源地址和 标识数据包目的地的目标地址。 无状态双向代理包括:用于接收和发送数据分组的第一和第二输入/输出接口; 用于存储源和目的地址的存储组件; 以及用于将接收的数据分组的源和目的地地址改变为存储的源和目的地址的处理组件。
-
公开(公告)号:US08201244B2
公开(公告)日:2012-06-12
申请号:US11523199
申请日:2006-09-19
申请人: Ning Sun , Patrick Winkler , Chengyun Chu , Hong Jia , Jason Geffner , Tony Lee , Jigar Mody , Frank Swiderski
发明人: Ning Sun , Patrick Winkler , Chengyun Chu , Hong Jia , Jason Geffner , Tony Lee , Jigar Mody , Frank Swiderski
CPC分类号: G06F21/566 , G06F21/564
摘要: Automated malware signature generation is disclosed. Automated malware signature generation includes monitoring incoming unknown files for the presence of malware and analyzing the incoming unknown files based on both a plurality of classifiers of file behavior and a plurality of classifiers of file content. An incoming file is classified as having a particular malware classification based on the analyzing of incoming unknown files and a malware signature is generated for the incoming unknown file based on the particular malware classification. Access is provided to the malware signature.
摘要翻译: 公开了自动恶意软件签名生成。 自动恶意软件签名生成包括监视传入的未知文件以存在恶意软件,并基于文件行为的多个分类器和文件内容的多个分类器分析传入的未知文件。 根据传入的未知文件的分析,传入文件被分类为具有特定的恶意软件分类,并且基于特定恶意软件分类为传入的未知文件生成恶意软件签名。 访问被提供给恶意软件签名。
-
公开(公告)号:US20080250018A1
公开(公告)日:2008-10-09
申请号:US11784801
申请日:2007-04-09
申请人: Jason Geffner , Ning Sun , Brad Albrecht , Tony Lee , Pat Winkler , Chengyun Chu
发明人: Jason Geffner , Ning Sun , Brad Albrecht , Tony Lee , Pat Winkler , Chengyun Chu
IPC分类号: G06F17/30
CPC分类号: G06F21/564 , G06F21/566
摘要: A binary function database system is provided in which binary functions are extracted from compiled and linked program files and stored in a database as robust abstractions which can be matched with others using one or more function matching heuristics. Such abstraction allows for minor variations in function implementation while still enabling matching with an identical stored function in the database, or with a stored function with a given level of confidence. Metadata associated with each function is also typically generated and stored in the database. In an illustrative example, a structured query language database is utilized that runs on a central database server, and that tracks function names, the program file from which the function is extracted, comments and other associated information as metadata during an analyst's live analysis session to enable known function information that is stored in the database to be applied to binary functions of interest that are disassembled from the program file.
摘要翻译: 提供了一种二进制功能数据库系统,其中从编译和链接的程序文件中提取二进制函数,并将其存储在数据库中作为鲁棒抽象,可以使用一个或多个函数匹配启发式与其他抽象匹配。 这种抽象允许功能实现中的微小变化,同时仍然能够与数据库中的相同存储功能匹配,或者具有给定的置信度的存储的功能。 与每个功能相关联的元数据也通常生成并存储在数据库中。 在说明性的示例中,使用在中央数据库服务器上运行的结构化查询语言数据库,并且在分析人员的实时分析会话期间跟踪功能名称,提取功能的程序文件,作为元数据的其他关联信息作为元数据 使得存储在数据库中的已知功能信息能够应用于从程序文件反汇编的感兴趣的二进制功能。
-
-
-
-
-
-
搜索结果
7 条记录 (耗时 0.011 秒)