-
公开(公告)号:US20120210425A1
公开(公告)日:2012-08-16
申请号:US13452627
申请日:2012-04-20
IPC分类号: G06F21/00
CPC分类号: H04L41/142 , H04L43/00 , H04L43/06 , H04L43/0811 , H04L43/0888 , H04L43/12 , H04L43/16 , H04L63/1408 , H04L63/1416 , H04L63/145 , H04L63/1458
摘要: A method of network surveillance includes receiving network packets handled by a network entity and building at least one long-term and at least one short-term statistical profile from a measure of the network packets that monitors data transfers, errors, or network connections. A comparison of the statistical profiles is used to determine whether the difference between the statistical profiles indicates suspicious network activity.
摘要翻译: 网络监视的方法包括接收由网络实体处理的网络分组,并从监视数据传输,错误或网络连接的网络分组的测量中构建至少一个长期和至少一个短期统计简档。 统计概况的比较用于确定统计概况之间的差异是否表明可疑的网络活动。
-
公开(公告)号:US20090172815A1
公开(公告)日:2009-07-02
申请号:US12098334
申请日:2008-04-04
申请人: Guofei Gu , Phillip Andrew Porras , Martin Fong
发明人: Guofei Gu , Phillip Andrew Porras , Martin Fong
IPC分类号: G06F21/00
CPC分类号: H04L63/145 , G06F11/3495 , G06F21/552 , G06F21/564 , G06F21/566 , G06F21/577 , G06F2221/2101 , H04L63/1416 , H04L63/1458 , H04L2463/144
摘要: In one embodiment, the present invention is a method and apparatus for detecting malware infection. One embodiment of a method for detecting a malware infection at a local host in a network, includes monitoring communications between the local host and one or more entities external to the network, generating a dialog warning if the communications include a transaction indicative of a malware infection, declaring a malware infection if, within a predefined period of time, the dialog warnings includes at least one dialog warning indicating a transaction initiated at the local host and at least one dialog warning indicating an additional transaction indicative of a malware infection, and outputting an infection profile for the local host.
摘要翻译: 在一个实施例中,本发明是用于检测恶意软件感染的方法和装置。 用于检测网络中的本地主机的恶意软件感染的方法的一个实施例包括监视本地主机与网络外部的一个或多个实体之间的通信,如果通信包括指示恶意软件感染的交易,则产生对话警告 如果在预定义的时间段内,对话警告包括至少一个对话框警告,指示在本地主机发起的交易和至少一个对话框警告,指示表示恶意软件感染的附加事务,并且输出 本地主机的感染配置文件。
-
公开(公告)号:US20090064332A1
公开(公告)日:2009-03-05
申请号:US12098345
申请日:2008-04-04
申请人: Phillip Andrew Porras , Jian Zhang
发明人: Phillip Andrew Porras , Jian Zhang
IPC分类号: G06F21/00
CPC分类号: H04L63/101 , H04L63/0236 , H04L63/105 , H04L63/1425 , H04L2463/146 , H04W12/10
摘要: In one embodiment, the present invention is a method and apparatus for generating highly predictive blacklists. One embodiment of a method for generating a blacklist of network addresses for a user of a network includes collecting security log data from users of the network, the security log data identifying observed attacks by attack sources, assigning the attack sources to the blacklist based on a combination of the relevance each attack source to the user and the maliciousness of the attack source, and outputting the blacklist.
摘要翻译: 在一个实施例中,本发明是用于生成高度预测黑名单的方法和装置。 用于生成网络用户的网络地址黑名单的方法的一个实施例包括从网络的用户收集安全日志数据,所述安全日志数据识别攻击源的观察到的攻击,基于攻击源将攻击源分配给黑名单 将每个攻击源与用户的相关性与攻击源的恶意的组合,并输出黑名单。
-
公开(公告)号:US06711615B2
公开(公告)日:2004-03-23
申请号:US10254457
申请日:2002-09-25
IPC分类号: G06F1130
CPC分类号: H04L41/142 , H04L43/00 , H04L43/06 , H04L43/0811 , H04L43/0888 , H04L43/12 , H04L43/16 , H04L63/1408 , H04L63/1416 , H04L63/145 , H04L63/1458
摘要: A method of network surveillance includes receiving network packets handled by a network entity and building at least one long-term and a least one short-term statistical profile from a measure of the network packets that monitors data transfers, errors, or network connections. A comparison of the statistical profiles is used to determine whether the difference between the statistical profiles indicates suspicious network activity.
摘要翻译: 网络监控的方法包括接收由网络实体处理的网络分组,并从监测数据传输,错误或网络连接的网络分组的测量中建立至少一个长期和至少一个短期统计简档。 统计概况的比较用于确定统计概况之间的差异是否表明可疑的网络活动。
-
公开(公告)号:US06708212B2
公开(公告)日:2004-03-16
申请号:US10429607
申请日:2003-05-05
IPC分类号: G06F1130
CPC分类号: H04L41/142 , H04L43/00 , H04L43/06 , H04L43/0811 , H04L43/0888 , H04L43/12 , H04L43/16 , H04L63/1408 , H04L63/1416 , H04L63/145 , H04L63/1458
摘要: A method of network surveillance includes receiving network packets handled by a network entity and building at least one long-term and a least one short-term statistical profile from a measure of the network packets that monitors data transfers, errors, or network connections. A comparison of the statistical profiles is used to determine whether the difference between the statistical profiles indicates suspicious network activity.
-
公开(公告)号:US09407509B2
公开(公告)日:2016-08-02
申请号:US12563875
申请日:2009-09-21
CPC分类号: H04L41/142 , H04L43/00 , H04L43/06 , H04L43/0811 , H04L43/0888 , H04L43/12 , H04L43/16 , H04L63/1408 , H04L63/1416 , H04L63/145 , H04L63/1458
摘要: A method of network surveillance includes receiving network packets handled by a network entity and building at least one long-term and at least one short-term statistical profile from a measure of the network packets that monitors data transfers, errors, or network connections. A comparison of the statistical profiles is used to determine whether the difference between the statistical profiles indicates suspicious network activity.
摘要翻译: 网络监视的方法包括接收由网络实体处理的网络分组,并从监视数据传输,错误或网络连接的网络分组的测量中构建至少一个长期和至少一个短期统计简档。 统计概况的比较用于确定统计概况之间的差异是否表明可疑的网络活动。
-
公开(公告)号:US09083712B2
公开(公告)日:2015-07-14
申请号:US12098345
申请日:2008-04-04
申请人: Phillip Andrew Porras , Jian Zhang
发明人: Phillip Andrew Porras , Jian Zhang
CPC分类号: H04L63/101 , H04L63/0236 , H04L63/105 , H04L63/1425 , H04L2463/146 , H04W12/10
摘要: In one embodiment, the present invention is a method and apparatus for generating highly predictive blacklists. One embodiment of a method for generating a blacklist of network addresses for a user of a network includes collecting security log data from users of the network, the security log data identifying observed attacks by attack sources, assigning the attack sources to the blacklist based on a combination of the relevance each attack source to the user and the maliciousness of the attack source, and outputting the blacklist.
摘要翻译: 在一个实施例中,本发明是用于生成高度预测黑名单的方法和装置。 用于生成网络用户的网络地址黑名单的方法的一个实施例包括从网络的用户收集安全日志数据,所述安全日志数据识别攻击源的观察到的攻击,基于攻击源将攻击源分配给黑名单 将每个攻击源与用户的相关性与攻击源的恶意的组合,并输出黑名单。
-
公开(公告)号:US08249028B2
公开(公告)日:2012-08-21
申请号:US11492398
申请日:2006-07-24
申请人: Phillip Andrew Porras , Michael G. Corr , Steven Mark Dawson , David Watt , David Manseau , John Peter Marcotullio
发明人: Phillip Andrew Porras , Michael G. Corr , Steven Mark Dawson , David Watt , David Manseau , John Peter Marcotullio
IPC分类号: H04B7/216
CPC分类号: H04W99/00 , H04L63/0236
摘要: In one embodiment, the present invention is a method and apparatus for identifying wireless transmitters. In one embodiment, a method for identifying a transmitter in a wireless computing network includes extracting one or more radio frequency signal characteristics from a communication from the transmitter and generating a fingerprint of the transmitter in accordance at least one of the extracted radio frequency signal characteristics.
摘要翻译: 在一个实施例中,本发明是用于识别无线发射机的方法和装置。 在一个实施例中,用于在无线计算网络中识别发射机的方法包括从发射机的通信中提取一个或多个射频信号特征,并根据提取的射频信号特性中的至少一个产生发射机的指纹。
-
9.发明授权Network surveillance using long-term and short-term statistical profiles to determine suspicious network activity 有权网络监控使用长期和短期统计资料来确定可疑的网络活动公开(公告)号:US07594260B2
公开(公告)日:2009-09-22
申请号:US10429611
申请日:2003-05-05
IPC分类号: G06F15/173 , G06F15/00
CPC分类号: H04L41/142 , H04L43/00 , H04L43/06 , H04L43/0811 , H04L43/0888 , H04L43/12 , H04L43/16 , H04L63/1408 , H04L63/1416 , H04L63/145 , H04L63/1458
摘要: A method of network surveillance includes receiving network packets handled by a network entity and building at least one long-term and a least one short-term statistical profile from a measure of the network packets that monitors data transfers, errors, or network connections. A comparison of the statistical profiles is used to determine whether the difference between the statistical profiles indicates suspicious network activity.
摘要翻译: 网络监视的方法包括接收由网络实体处理的网络分组,并从监视数据传输,错误或网络连接的网络分组的测量中构建至少一个长期和至少一个短期统计简档。 统计概况的比较用于确定统计概况之间的差异是否表明可疑的网络活动。
-
公开(公告)号:US07379993B2
公开(公告)日:2008-05-27
申请号:US09952080
申请日:2001-09-13
IPC分类号: G06F15/16
CPC分类号: H04L41/16 , H04L41/142 , H04L63/1416 , H04L63/20
摘要: This invention uses Bayesian techniques to prioritize alerts or alert groups generated by intrusion detection systems and other information security devices, such as network analyzers, network monitors, firewalls, antivirus software, authentication services, host and application security services, etc. In a preferred embodiment, alerts are examined for the presence of one or more relevant features, such as the type of an attack, the target of an attack, the outcome of an attack, etc. At least a subset of the features is then provided to a real-time Bayes network, which assigns relevance scores to the received alerts or alert groups. In another embodiment, a network manager (a person) can disagree with the relevance score assigned by the Bayes network, and give an alert or alert group a different relevance score. The Bayes network is then modified so that similar future alerts or alert groups will be assigned a relevance score that more closely matches the score given by the network manager.
摘要翻译: 本发明使用贝叶斯技术对由入侵检测系统和其他信息安全设备(诸如网络分析器,网络监视器,防火墙,防病毒软件,认证服务,主机和应用安全服务等)生成的警报或警报组进行优先级排序。在优选实施例中 检查警报是否存在一个或多个相关特征,例如攻击的类型,攻击的目标,攻击的结果等。然后,将至少一个特征的子集提供给实时的, 时间贝叶斯网络,其将相关性分数分配给接收到的警报或警报组。 在另一个实施例中,网络管理员(个人)可以不同意由贝叶斯网络分配的相关性得分,并给予警报或警报组不同的相关性得分。 然后修改贝叶斯网络,以便将类似的未来警报或警报组分配给与网络管理员给出的得分更接近的相关性分数。
-
-
-
-
-
-
-
-
-
搜索结果
17 条记录 (耗时 0.024 秒)
