公开(公告)号：US08230497B2

公开(公告)日：2012-07-24

申请号：US10287125

申请日：2002-11-04

申请人： Andrew Patrick Norman ,  John Melvin Brawn ,  John P Scrimsher ,  Jonathan Griffin

发明人： Andrew Patrick Norman ,  John Melvin Brawn ,  John P Scrimsher ,  Jonathan Griffin

IPC分类号： G06F12/14 ,  G06F21/00

CPC分类号： H04L63/1433

摘要： A method of identifying a software vulnerability on a computer system is disclosed in which the computer system has software stored thereon and is connected to a management system over a computer network. The method comprises the steps of: applying an interrogation program to the software, the interrogation program being capable of exploiting a known software vulnerability if it is present in the software to which the interrogation program is applied; in the event that the software vulnerability is exploited by the interrogation program, operating the interrogation program to generate a set of management information from which can be derived the identification of the computer system; and sending the management information to the management system.

摘要翻译： 公开了一种在计算机系统上识别软件漏洞的方法，其中计算机系统具有存储在其上的软件，并且通过计算机网络连接到管理系统。 该方法包括以下步骤：向软件应用询问程序，询问程序能够利用已知的软件漏洞（如果存在于应用询问程序的软件中）; 在询问程序利用软件漏洞的情况下，操作询问程序以生成一组管理信息，从中可以导出计算机系统的识别; 并将管理信息发送到管理系统。

公开(公告)号：US20080044018A1

公开(公告)日：2008-02-21

申请号：US11497156

申请日：2006-07-31

申请人： John P. Scrimsher ,  Daniel Madden

发明人： John P. Scrimsher ,  Daniel Madden

IPC分类号： H04N7/167

CPC分类号： H04L63/1441 ,  G06F21/554 ,  H04L63/1416

摘要： A method and system for detecting and preventing network intrusion by generating an intrusion signature formatted using an intrusion signature template, the signature for use with an intrusion engine that allows adding new and/or modifying existing intrusion signatures. A packet analysis engine samples packets on the network, analyzes the sampled packets, and recognizes suspicious packets generated by malicious code. An intrusion signature generator then generates an intrusion signature using the template, and the signature is imported into an intrusion engine, which uses it to block the suspicious packets. The template can be provided by a network administrator, and the signature can be imported into the intrusion engine with or without human intervention.

摘要翻译： 一种用于通过生成使用入侵签名模板格式化的入侵签名来检测和防止网络入侵的方法和系统，所述入侵签名与允许添加新的和/或修改现有入侵签名的入侵引擎一起使用。 分组分析引擎对网络上的数据包进行采样，分析采样的数据包，并识别恶意代码产生的可疑数据包。 入侵签名生成器然后使用模板生成入侵签名，并将签名导入到入侵引擎中，该入侵引擎使用它来阻止可疑数据包。 模板可以由网络管理员提供，并且签名可以在有或没有人为干预的情况下导入入侵引擎。