公开(公告)号：US08019700B2

公开(公告)日：2011-09-13

申请号：US11868321

申请日：2007-10-05

申请人： Niels Provos ,  Yunkai Zhou ,  Clayton W. Bavor, Jr. ,  Eric L. Davis ,  Mark Palatucci ,  Kamal P. Nigam ,  Christopher K. Monson ,  Panayiotis Mavrommatis ,  Rachel Nakauchi

发明人： Niels Provos ,  Yunkai Zhou ,  Clayton W. Bavor, Jr. ,  Eric L. Davis ,  Mark Palatucci ,  Kamal P. Nigam ,  Christopher K. Monson ,  Panayiotis Mavrommatis ,  Rachel Nakauchi

IPC分类号： G06F15/18

CPC分类号： H04L63/145 ,  G06F21/564 ,  G06F21/577 ,  G06F2221/2119 ,  G06N99/005 ,  H04L43/0876 ,  H04L67/02

摘要： Intrusion features of a landing page associated with sponsored content are identified. A feature score for the landing page based on the identified intrusion features is generated, and if the feature score for the landing page exceeds a feature threshold, the landing page is classified as a candidate landing page. A sponsor account associated with the candidate landing page can be suspended, or sponsored content associated with the candidate landing page can be suspended.

摘要翻译： 识别与赞助内容相关联的着陆页的入侵特征。 生成基于所识别入侵特征的着陆页的特征得分，并且如果着陆页的特征得分超过特征阈值，则着陆页被分类为候选着陆页。 可以暂停与候选目标网页相关联的赞助商帐户，或者可以暂停与候选目标网页相关联的赞助内容。

公开(公告)号：US20090094175A1

公开(公告)日：2009-04-09

申请号：US11868321

申请日：2007-10-05

申请人： Niels Provos ,  Yunkai Zhou ,  Clayton W. Bavor, JR. ,  Eric L. Davis ,  Mark Palatucci ,  Kamal P. Nigam ,  Christopher K. Monson ,  Panayiotis Mavrommatis ,  Rachel Nakauchi

发明人： Niels Provos ,  Yunkai Zhou ,  Clayton W. Bavor, JR. ,  Eric L. Davis ,  Mark Palatucci ,  Kamal P. Nigam ,  Christopher K. Monson ,  Panayiotis Mavrommatis ,  Rachel Nakauchi

IPC分类号： G06F15/18 ,  G06F21/00

CPC分类号： H04L63/145 ,  G06F21/564 ,  G06F21/577 ,  G06F2221/2119 ,  G06N99/005 ,  H04L43/0876 ,  H04L67/02

摘要： Intrusion features of a landing page associated with sponsored content are identified. A feature score for the landing page based on the identified intrusion features is generated, and if the feature score for the landing page exceeds a feature threshold, the landing page is classified as a candidate landing page. A sponsor account associated with the candidate landing page can be suspended, or sponsored content associated with the candidate landing page can be suspended.

摘要翻译： 识别与赞助内容相关联的着陆页的入侵特征。 生成基于所识别入侵特征的着陆页的特征得分，并且如果着陆页的特征得分超过特征阈值，则着陆页被分类为候选着陆页。 可以暂停与候选目标网页相关联的赞助商帐户，或者可以暂停与候选目标网页相关联的赞助内容。

公开(公告)号：US08875303B2

公开(公告)日：2014-10-28

申请号：US13565304

申请日：2012-08-02

申请人： Ashish Bhatia ,  Min Gyung Kang ,  Monirul Islam Sharif ,  Niels Provos ,  Panayiotis Mavrommatis ,  Sruthi Bandhakavi

发明人： Ashish Bhatia ,  Min Gyung Kang ,  Monirul Islam Sharif ,  Niels Provos ,  Panayiotis Mavrommatis ,  Sruthi Bandhakavi

IPC分类号： G06F7/04 ,  G06F7/00 ,  G06F21/10 ,  G06F21/60 ,  G06Q50/18 ,  G06F21/12

CPC分类号： G06F21/10 ,  G06F21/105 ,  G06F21/121 ,  G06F21/60 ,  G06Q50/184 ,  H04L2463/101

摘要： A method includes receiving a plurality of trusted assets, generating a first signature set for a known software application, and generating a second signature set for a subject software application. Each trusted asset is associated with at least a threshold number of trusted authors. Each signature in the first signature set corresponds to a known asset that is associated with the known software application. Each signature in the second signature set corresponds to a subject asset that is associated with the subject software application. The method further includes generating first and second filtered signature set based on the first and second signature sets, respectively, by excluding signatures corresponding to the trusted assets. The method also includes generating a similarity rating for the subject application based on a comparison of the first filtered signature set and the second filtered signature set.

摘要翻译： 一种方法包括接收多个可信资产，为已知软件应用生成第一签名集，以及为主题软件应用生成第二签名集。 每个可信资产与至少一个阈值数量的可信作者相关联。 第一签名集中的每个签名对应于与已知软件应用相关联的已知资产。 第二签名集中的每个签名对应于与主题软件应用相关联的主题资产。 该方法还包括通过排除与可信资产相对应的签名，分别基于第一和第二签名集来生成第一和第二过滤签名集。 该方法还包括基于第一过滤签名集和第二过滤签名集的比较来生成针对主题应用的相似性等级。

公开(公告)号：US20090094697A1

公开(公告)日：2009-04-09

申请号：US12041309

申请日：2008-03-03

申请人： Niels Provos ,  Yunkai Zhou ,  Clayton W. Bavor, JR. ,  Eric L. Davis ,  Mark Palatucci ,  Kamal P. Nigam ,  Christopher K. Monson ,  Panayiotis Mavrommatis ,  Rachel Nakauchi

发明人： Niels Provos ,  Yunkai Zhou ,  Clayton W. Bavor, JR. ,  Eric L. Davis ,  Mark Palatucci ,  Kamal P. Nigam ,  Christopher K. Monson ,  Panayiotis Mavrommatis ,  Rachel Nakauchi

IPC分类号： G08B23/00 ,  G06F15/18

CPC分类号： H04L63/145 ,  G06F21/564 ,  G06F21/577 ,  G06F2221/2119 ,  G06N99/005 ,  H04L43/0876 ,  H04L67/02

摘要： Landing pages associated with advertisements are partitioned into training landing pages and testing landing pages. Iterative training and testing of a classification mode on intrusion features of the partitioned landing pages is conducted until the occurrence of a cessation event. Feature weights are derived from the iterative training and testing, and are associated with the intrusion features. The associated feature weights and intrusion features can be used to classify other landing pages.

摘要翻译： 与广告相关联的目标网页被分为训练着陆页和测试着陆页。 分级登陆页面的入侵特征的分类模式的迭代训练和测试进行到发生停止事件。 特征权重来自迭代训练和测试，并与入侵特征相关联。 相关联的特征权重和入侵特征可用于对其他着陆页进行分类。

公开(公告)号：US20070226801A1

公开(公告)日：2007-09-27

申请号：US11387092

申请日：2006-03-21

申请人： Prem Gopalan ,  Kyle Jamieson ,  Panayiotis Mavrommatis

发明人： Prem Gopalan ,  Kyle Jamieson ,  Panayiotis Mavrommatis

IPC分类号： G06F12/14

CPC分类号： H04L63/145 ,  G06F21/564

摘要： A system, method, and computer program product for identifying a worm are disclosed. The system, method, and computer product are configured to generate a signature for a computer worm by identifying a set of bits representing the signature, generate a first worm signature based on the signature, and generate a second worm signature based on the signature. The first worm signature is formatted for a first device and the second worm signature is formatted for a second, different device. The first worm signature and the second worm signature are different.

摘要翻译： 公开了一种用于识别蠕虫的系统，方法和计算机程序产品。 系统，方法和计算机产品被配置为通过标识表示签名的一组位来生成针对计算机蠕虫的签名，基于签名生成第一蠕虫签名，并且基于签名生成第二蠕虫签名。 第一个蠕虫签名被格式化为第一个设备，第二个蠕虫签名被格式化为第二个不同的设备。 第一个蠕虫签名和第二个蠕虫签名是不同的。

公开(公告)号：US08578479B2

公开(公告)日：2013-11-05

申请号：US11387092

申请日：2006-03-21

申请人： Prem Gopalan ,  Kyle Jamieson ,  Panayiotis Mavrommatis

发明人： Prem Gopalan ,  Kyle Jamieson ,  Panayiotis Mavrommatis

IPC分类号： G06F11/00

CPC分类号： H04L63/145 ,  G06F21/564

摘要： A system, method, and computer program product for identifying a worm are disclosed. The system, method, and computer product are configured to generate a signature for a computer worm by identifying a set of bits representing the signature, generate a first worm signature based on the signature, and generate a second worm signature based on the signature. The first worm signature is formatted for a first device and the second worm signature is formatted for a second, different device. The first worm signature and the second worm signature are different.

摘要翻译： 公开了一种用于识别蠕虫的系统，方法和计算机程序产品。 系统，方法和计算机产品被配置为通过标识表示签名的一组位来生成针对计算机蠕虫的签名，基于签名生成第一蠕虫签名，并且基于签名生成第二蠕虫签名。 第一个蠕虫签名被格式化为第一个设备，第二个蠕虫签名被格式化为第二个不同的设备。 第一个蠕虫签名和第二个蠕虫签名是不同的。

公开(公告)号：US20120005753A1

公开(公告)日：2012-01-05

申请号：US13230544

申请日：2011-09-12

申请人： Niels Provos ,  Yunkai Zhou ,  Clayton W. Bavor, JR. ,  Eric L. Davis ,  Mark Palatucci ,  Kamal P. Nigam ,  Christopher K. Monson ,  Panayiotis Mavrommatis ,  Rachel Nakauchi

发明人： Niels Provos ,  Yunkai Zhou ,  Clayton W. Bavor, JR. ,  Eric L. Davis ,  Mark Palatucci ,  Kamal P. Nigam ,  Christopher K. Monson ,  Panayiotis Mavrommatis ,  Rachel Nakauchi

IPC分类号： G06F12/14

CPC分类号： H04L63/145 ,  G06F21/564 ,  G06F21/577 ,  G06F2221/2119 ,  G06N99/005 ,  H04L43/0876 ,  H04L67/02

摘要： Intrusion features of a landing page associated with sponsored content are identified. A feature score for the landing page based on the identified intrusion features is generated, and if the feature score for the landing page exceeds a feature threshold, the landing page is classified as a candidate landing page. A sponsor account associated with the candidate landing page can be suspended, or sponsored content associated with the candidate landing page can be suspended.

摘要翻译： 识别与赞助内容相关联的着陆页的入侵特征。 生成基于所识别入侵特征的着陆页的特征得分，并且如果着陆页的特征得分超过特征阈值，则着陆页被分类为候选着陆页。 可以暂停与候选目标网页相关联的赞助商帐户，或者可以暂停与候选目标网页相关联的赞助内容。

公开(公告)号：US20070226802A1

公开(公告)日：2007-09-27

申请号：US11387114

申请日：2006-03-21

申请人： Prem Gopalan ,  Kyle Jamieson ,  Panayiotis Mavrommatis

发明人： Prem Gopalan ,  Kyle Jamieson ,  Panayiotis Mavrommatis

IPC分类号： G06F12/14

CPC分类号： H04L63/1416 ,  G06F21/564 ,  H04L63/145 ,  H04L63/1458

摘要： A system, method and computer program product for exploit-based worm detection and mitigation are disclosed. The system, method, and computer program product are configured to identify a signature representing content prevalent in network traffic, determine if the traffic including the signature exhibits propagation, determine if the traffic including the signature exhibits connectedness, and generate a worm signature based on the signature if the signature exhibits both connectedness and propagation.

摘要翻译： 公开了一种用于基于漏洞的蠕虫检测和缓解的系统，方法和计算机程序产品。 系统，方法和计算机程序产品被配置为标识表示网络流量中普遍存在的内容的签名，确定包括签名的流量是否展现传播，确定包括签名的流量是否呈现连续性，并且基于 签名如果签名具有连接性和传播性。

公开(公告)号：US08006306B2

公开(公告)日：2011-08-23

申请号：US11387114

申请日：2006-03-21

申请人： Prem Gopalan ,  Kyle Jamieson ,  Panayiotis Mavrommatis

发明人： Prem Gopalan ,  Kyle Jamieson ,  Panayiotis Mavrommatis

IPC分类号： G06F21/00

CPC分类号： H04L63/1416 ,  G06F21/564 ,  H04L63/145 ,  H04L63/1458

摘要： A system, method and computer program product for exploit-based worm detection and mitigation are disclosed. The system, method, and computer program product are configured to identify a signature representing content prevalent in network traffic, determine if the traffic including the signature exhibits propagation, determine if the traffic including the signature exhibits connectedness, and generate a worm signature based on the signature if the signature exhibits both connectedness and propagation.

摘要翻译： 公开了一种用于基于漏洞的蠕虫检测和缓解的系统，方法和计算机程序产品。 系统，方法和计算机程序产品被配置为标识表示网络流量中普遍存在的内容的签名，确定包括签名的流量是否展现传播，确定包括签名的流量是否呈现连续性，并且基于 签名如果签名具有连接性和传播性。

公开(公告)号：US07991710B2

公开(公告)日：2011-08-02

申请号：US12041309

申请日：2008-03-03

申请人： Mark Palatucci ,  Panayiotis Mavrommatis ,  Niels Provos ,  Christopher K. Monson ,  Yunkai Zhou ,  Kamal P. Nigam ,  Clayton W. Bavor, Jr. ,  Eric L. Davis ,  Rachel Nakauchi

发明人： Mark Palatucci ,  Panayiotis Mavrommatis ,  Niels Provos ,  Christopher K. Monson ,  Yunkai Zhou ,  Kamal P. Nigam ,  Clayton W. Bavor, Jr. ,  Eric L. Davis ,  Rachel Nakauchi

IPC分类号： G06F15/18

CPC分类号： H04L63/145 ,  G06F21/564 ,  G06F21/577 ,  G06F2221/2119 ,  G06N99/005 ,  H04L43/0876 ,  H04L67/02

摘要： Landing pages associated with advertisements are partitioned into training landing pages and testing landing pages. Iterative training and testing of a classification mode on intrusion features of the partitioned landing pages is conducted until the occurrence of a cessation event. Feature weights are derived from the iterative training and testing, and are associated with the intrusion features. The associated feature weights and intrusion features can be used to classify other landing pages.

摘要翻译： 与广告相关联的目标网页被分为训练着陆页和测试着陆页。 分级登陆页面的入侵特征的分类模式的迭代训练和测试进行到发生停止事件。 特征权重来自迭代训练和测试，并与入侵特征相关联。 相关联的特征权重和入侵特征可用于对其他着陆页进行分类。