公开(公告)号：US08924782B2

公开(公告)日：2014-12-30

申请号：US12523989

申请日：2008-01-28

申请人： Michael E. Locasto ,  Angelos D. Keromytis ,  Angelos Stavrou ,  Gabriela F. Ciocarlie

发明人： Michael E. Locasto ,  Angelos D. Keromytis ,  Angelos Stavrou ,  Gabriela F. Ciocarlie

IPC分类号： G06F11/00 ,  G06F11/36

CPC分类号： G06F11/1469 ,  G06F11/1471 ,  G06F11/3604 ,  G06F11/3612 ,  G06F11/3672 ,  G06F2201/84

摘要： Systems, methods, and media for recovering an application from a fault or an attack are disclosed herein. In some embodiments, a method is provided for enabling a software application to recover from a fault condition. The method includes specifying constrained data items and assigning a set of repair procedures to the constrained data items. The method further includes detecting a fault condition on the constrained data items during execution of the software application, which triggers at least one repair procedure. The triggered repair procedures are executed and the execution of the software application is restored. In some embodiments, the restoring comprises providing memory rollback to a point of execution of the software application before the fault condition was detected.

摘要翻译： 本文公开了用于从故障或攻击中恢复应用的系统，方法和媒体。 在一些实施例中，提供了一种使软件应用程序能够从故障状态恢复的方法。 该方法包括指定受约束的数据项，并将一组修复过程分配给受约束的数据项。 该方法还包括在执行软件应用期间检测受限数据项上的故障状况，其触发至少一个修复过程。 执行触发的修复过程，并恢复软件应用程序的执行。 在一些实施例中，恢复包括在检测到故障状况之前向软件应用的执行点提供内存回滚。

公开(公告)号：US20100011243A1

公开(公告)日：2010-01-14

申请号：US11785317

申请日：2007-04-17

申请人： Michael E. Locasto ,  Angelos D. Keromytis ,  Salvatore J. Stolfo ,  Angelos Stavrou ,  Gabriela Cretu ,  Stylianos Sidiroglou ,  Jason Nieh ,  Oren Laadan

发明人： Michael E. Locasto ,  Angelos D. Keromytis ,  Salvatore J. Stolfo ,  Angelos Stavrou ,  Gabriela Cretu ,  Stylianos Sidiroglou ,  Jason Nieh ,  Oren Laadan

IPC分类号： G06F11/14

CPC分类号： G06F11/1438

摘要： Methods, systems, and media for enabling a software application to recover from a fault condition, and for protecting a software application from a fault condition, are provided. In some embodiments, methods include detecting a fault condition during execution of the software application, restoring execution of the software application to a previous point of execution, the previous point of execution occurring during execution of a first subroutine in the software application, and forcing the first subroutine to forego further execution and return to a caller of the first subroutine.

摘要翻译： 提供了用于使软件应用程序从故障状态恢复并用于保护软件应用程序免受故障状况的方法，系统和媒体。 在一些实施例中，方法包括在执行软件应用期间检测故障状况，将软件应用程序的执行恢复到先前的执行点，在执行软件应用程序中的第一子程序期间发生的先前执行点，并强制执行 第一个子程序放弃进一步执行并返回第一个子程序的调用者。

公开(公告)号：US20090144827A1

公开(公告)日：2009-06-04

申请号：US11948681

申请日：2007-11-30

申请人： Marcus Peinado ,  Weidong Cui ,  Jiahe Helen Wang ,  Michael E. Locasto

发明人： Marcus Peinado ,  Weidong Cui ,  Jiahe Helen Wang ,  Michael E. Locasto

IPC分类号： G06F15/18

CPC分类号： H04L63/1433 ,  G06F21/577

摘要： The claimed subject matter provides a system and/or method that generates data patches for vulnerabilities. The system can include devices and components that examine exploits received or obtained from data streams, constructs probes and determines whether the probes take advantage of vulnerabilities. Based at least in part on such determinations data patches are dynamically generated to remedy the hitherto vulnerabilities.

摘要翻译： 所要求保护的主题提供了生成用于漏洞的数据补丁的系统和/或方法。 该系统可以包括检查从数据流接收或获取的漏洞的设备和组件，构建探测并确定探针是否利用漏洞。 至少部分地基于这样的确定，动态地产生数据补丁以补救迄今为止的漏洞。

公开(公告)号：US08763103B2

公开(公告)日：2014-06-24

申请号：US12297730

申请日：2006-04-21

申请人： Michael E. Locasto ,  Salvatore J. Stolfo ,  Angelos D. Keromytis ,  Ke Wang

发明人： Michael E. Locasto ,  Salvatore J. Stolfo ,  Angelos D. Keromytis ,  Ke Wang

IPC分类号： H04L29/06 ,  G06F21/41

CPC分类号： H04L63/1416 ,  G06F21/41 ,  H04L63/0815 ,  H04L63/1408 ,  H04L63/1441

摘要： In accordance with some embodiments of the present invention, systems and methods that protect an application from attacks are provided. In some embodiments of the present invention, input from an input source, such as traffic from a communication network, can be routed through a filtering proxy that includes one or more filters, classifiers, and/or detectors. In response to the input passing through the filtering proxy to the application, a supervision framework monitors the input for attacks (e.g., code injection attacks). The supervision framework can provide feedback to tune the components of the filtering proxy.

摘要翻译： 根据本发明的一些实施例，提供了保护应用免受攻击的系统和方法。 在本发明的一些实施例中，可以通过包括一个或多个过滤器，分类器和/或检测器的过滤代理来路由来自诸如来自通信网络的业务的输入源的输入。 响应于通过过滤代理的输入到应用程序，监督框架监视输入的攻击（例如代码注入攻击）。 监督框架可以提供反馈来调整过滤代理的组件。

公开(公告)号：US08407160B2

公开(公告)日：2013-03-26

申请号：US11940790

申请日：2007-11-15

申请人： Gabriela Cretu ,  Angelos Stavrou ,  Salvatore J. Stolfo ,  Angelos D. Keromytis ,  Michael E. Locasto

发明人： Gabriela Cretu ,  Angelos Stavrou ,  Salvatore J. Stolfo ,  Angelos D. Keromytis ,  Michael E. Locasto

IPC分类号： G06F15/18

CPC分类号： H04L63/1425 ,  G06N99/005 ,  H04L63/14

摘要： Systems, methods, and media for generating sanitized data, sanitizing anomaly detection models, and generating anomaly detection models are provided. In some embodiments, methods for generating sanitized data are provided. The methods including: dividing a first training dataset comprised of a plurality of training data items into a plurality of data subsets each including at least one training data item of the plurality of training data items of the first training dataset; based on the plurality of data subsets, generating a plurality of distinct anomaly detection micro-models; testing at least one data item of the plurality of data items of a second training dataset of training data items against each of the plurality of micro-models to produce a score for the at least one tested data item; and generating at least one output dataset based on the score for the at least one tested data item.

摘要翻译： 提供了生成消毒数据，消毒异常检测模型和生成异常检测模型的系统，方法和介质。 在一些实施例中，提供了生成消毒数据的方法。 所述方法包括：将由多个训练数据项组成的第一训练数据集划分成多个数据子集，每个数据子集包括第一训练数据集的多个训练数据项中的至少一个训练数据项; 基于所述多个数据子集，生成多个不同的异常检测微模型; 针对所述多个微模型中的每一个测试训练数据项的第二训练数据集的所述多个数据项中的至少一个数据项，以产生所述至少一个测试数据项的分数; 以及基于所述至少一个测试数据项的得分来生成至少一个输出数据集。

公开(公告)号：US20100146615A1

公开(公告)日：2010-06-10

申请号：US12297730

申请日：2006-04-21

申请人： Michael E. Locasto ,  Salvatore J. Stolfo ,  Angelos D. Keromytis ,  Ke Wang

发明人： Michael E. Locasto ,  Salvatore J. Stolfo ,  Angelos D. Keromytis ,  Ke Wang

IPC分类号： H04L9/00 ,  H04K1/00

CPC分类号： H04L63/1416 ,  G06F21/41 ,  H04L63/0815 ,  H04L63/1408 ,  H04L63/1441

摘要： In accordance with some embodiments of the present invention, systems and methods that protect an application from attacks are provided. In some embodiments of the present invention, input from an input source, such as traffic from a communication network, can be routed through a filtering proxy that includes one or more filters, classifiers, and/or detectors. In response to the input passing through the filtering proxy to the application, a supervision framework monitors the input for attacks (e.g., code injection attacks). The supervision framework can provide feedback to tune the components of the filtering proxy.

摘要翻译： 根据本发明的一些实施例，提供了保护应用免受攻击的系统和方法。 在本发明的一些实施例中，可以通过包括一个或多个过滤器，分类器和/或检测器的过滤代理来路由来自诸如来自通信网络的业务的输入源的输入。 响应于通过过滤代理的输入到应用程序，监督框架监视输入的攻击（例如代码注入攻击）。 监督框架可以提供反馈来调整过滤代理的组件。

公开(公告)号：US20080262985A1

公开(公告)日：2008-10-23

申请号：US11940790

申请日：2007-11-15

申请人： Gabriela CRETU ,  Angelos STAVROU ,  Salvatore J. STOLFO ,  Angelos D. KEROMYTIS ,  Michael E. LOCASTO

发明人： Gabriela CRETU ,  Angelos STAVROU ,  Salvatore J. STOLFO ,  Angelos D. KEROMYTIS ,  Michael E. LOCASTO

IPC分类号： G06F15/18 ,  G06N5/02

CPC分类号： H04L63/1425 ,  G06N99/005 ,  H04L63/14

摘要： Systems, methods, and media for generating sanitized data, sanitizing anomaly detection models, and generating anomaly detection models are provided. In some embodiments, methods for generating sanitized data are provided. The methods including: dividing a first training dataset comprised of a plurality of training data items into a plurality of data subsets each including at least one training data item of the plurality of training data items of the first training dataset; based on the plurality of data subsets, generating a plurality of distinct anomaly detection micro-models; testing at least one data item of the plurality of data items of a second training dataset of training data items against each of the plurality of micro-models to produce a score for the at least one tested data item; and generating at least one output dataset based on the score for the at least one tested data item.

摘要翻译： 提供了生成消毒数据，消毒异常检测模型和生成异常检测模型的系统，方法和介质。 在一些实施例中，提供了生成消毒数据的方法。 所述方法包括：将由多个训练数据项组成的第一训练数据集划分成多个数据子集，每个数据子集包括第一训练数据集的多个训练数据项中的至少一个训练数据项; 基于所述多个数据子集，生成多个不同的异常检测微模型; 针对所述多个微模型中的每一个测试训练数据项的第二训练数据集的所述多个数据项中的至少一个数据项，以产生所述至少一个测试数据项的分数; 以及基于所述至少一个测试数据项的得分来生成至少一个输出数据集。

公开(公告)号：US08667588B2

公开(公告)日：2014-03-04

申请号：US12837302

申请日：2010-07-15

申请人： Salvatore J. Stolfo ,  Angelos D. Keromytis ,  Vishal Misra ,  Michael E. Locasto ,  Janak Parekh

发明人： Salvatore J. Stolfo ,  Angelos D. Keromytis ,  Vishal Misra ,  Michael E. Locasto ,  Janak Parekh

IPC分类号： H04L29/06

CPC分类号： H04L63/1408

摘要： Systems and methods provide an alert correlator and an alert distributor that enable early signs of an attack to be detected and rapidly disseminated to collaborating systems. The alert correlator utilizes data structures to correlate alert detections and provide a mechanism through which threat information can be revealed to other collaborating systems. The alert distributor uses an efficient technique to group collaborating systems and then pass data between certain members of those groups according to a schedule. In this way data can be routinely distributed without generating excess traffic loads.

摘要翻译： 系统和方法提供警报相关器和警报分发器，其能够检测到攻击的早期迹象并且迅速地传播到协作系统。 警报相关器利用数据结构来关联警报检测，并提供可以向其他协作系统透露威胁信息的机制。 警报分配器使用有效的技术来对协作系统进行分组，然后根据时间表在某些成员之间传递数据。 以这种方式，数据可以定期分布，而不会产生过多的流量负载。

公开(公告)号：US08613096B2

公开(公告)日：2013-12-17

申请号：US11948681

申请日：2007-11-30

申请人： Marcus Peinado ,  Weidong Cui ,  Jiahe Helen Wang ,  Michael E. Locasto

发明人： Marcus Peinado ,  Weidong Cui ,  Jiahe Helen Wang ,  Michael E. Locasto

IPC分类号： H04L29/06

CPC分类号： H04L63/1433 ,  G06F21/577

摘要： The claimed subject matter provides a system and/or method that generates data patches for vulnerabilities. The system can include devices and components that examine exploits received or obtained from data streams, constructs probes and determines whether the probes take advantage of vulnerabilities. Based at least in part on such determinations data patches are dynamically generated to remedy the hitherto vulnerabilities.

摘要翻译： 所要求保护的主题提供了生成用于漏洞的数据补丁的系统和/或方法。 该系统可以包括检查从数据流接收或获取的漏洞的设备和组件，构建探测并确定探针是否利用漏洞。 至少部分地基于这样的确定，动态地产生数据补丁以补救迄今为止的漏洞。

公开(公告)号：US20100281542A1

公开(公告)日：2010-11-04

申请号：US12837302

申请日：2010-07-15

申请人： Salvatore J. Stolfo ,  Angelos D. Keromytis ,  Vishal Misra ,  Michael E. Locasto ,  Janak Parekh

发明人： Salvatore J. Stolfo ,  Angelos D. Keromytis ,  Vishal Misra ,  Michael E. Locasto ,  Janak Parekh

IPC分类号： G06F11/00 ,  G06F15/16

CPC分类号： H04L63/1408

摘要： Systems and methods provide an alert correlator and an alert distributor that enable early signs of an attack to be detected and rapidly disseminated to collaborating systems. The alert correlator utilizes data structures to correlate alert detections and provide a mechanism through which threat information can be revealed to other collaborating systems. The alert distributor uses an efficient technique to group collaborating systems and then pass data between certain members of those groups according to a schedule. In this way data can be routinely distributed without generating excess traffic loads.

摘要翻译： 系统和方法提供警报相关器和警报分发器，其能够检测到攻击的早期迹象并且迅速地传播到协作系统。 警报相关器利用数据结构来关联警报检测，并提供可以向其他协作系统透露威胁信息的机制。 警报分配器使用有效的技术来对协作系统进行分组，然后根据时间表在某些成员之间传递数据。 以这种方式，数据可以定期分布，而不会产生过多的流量负载。