利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

62 条记录 (耗时 0.028 秒)

    System and method for malware and network reputation correlation
    1.
    发明授权
    System and method for malware and network reputation correlation 有权
    恶意软件和网络信誉相关的系统和方法

    公开(公告)号:US09122877B2

    公开(公告)日:2015-09-01

    申请号:US13052739

    申请日:2011-03-21

    申请人: Dmitri Alperovitch Sven Krasser

    发明人: Dmitri Alperovitch Sven Krasser

    IPC分类号: H04L29/06 G06F21/57

    CPC分类号: H04L63/145 G06F17/30106 G06F21/577 G06F2221/034 H04L63/14 H04L2463/144

    摘要: A method is provided in one example embodiment and includes receiving a reputation value based on a hash of a file making a network connection and on a network address of a remote end of the network connection. The network connection may be blocked if the reputation value indicates the hash or the network address is associated with malicious activity. In more specific embodiments, the method may also include sending a query to a threat analysis host to request the reputation value. Additionally or alternatively the reputation value may be based on query patterns in particular embodiments. In yet more specific embodiments, the network connection may be an inbound connection and/or an outbound connection, and the reputation value may be based on a file reputation associated with the hash and a connection reputation associated with the network address of the remote end of the network connection.

    摘要翻译: 在一个示例实施例中提供了一种方法,并且包括基于构成网络连接的文件的散列以及网络连接的远程端的网络地址来接收信誉值。 如果信誉值指示哈希或网络地址与恶意活动相关联,则可能会阻止网络连接。 在更具体的实施例中,该方法还可以包括向威胁分析主机发送查询请求信誉值。 附加地或替代地,信誉值可以基于特定实施例中的查询模式。 在更具体的实施例中,网络连接可以是入站连接和/或出站连接,并且信誉值可以基于与散列相关联的文件信誉以及与远程端的网络地址相关联的连接信誉 网络连接。

    SYSTEM AND METHOD FOR MALWARE AND NETWORK REPUTATION CORRELATION
    5.
    发明申请
    SYSTEM AND METHOD FOR MALWARE AND NETWORK REPUTATION CORRELATION 有权

    公开(公告)号:US20130247201A1

    公开(公告)日:2013-09-19

    申请号:US13052739

    申请日:2011-03-21

    申请人: Dmitri Alperovitch Sven Krasser

    发明人: Dmitri Alperovitch Sven Krasser

    IPC分类号: G06F21/20

    CPC分类号: H04L63/145 G06F17/30106 G06F21/577 G06F2221/034 H04L63/14 H04L2463/144

    摘要: A method is provided in one example embodiment and includes receiving a reputation value based on a hash of a file making a network connection and on a network address of a remote end of the network connection. The network connection may be blocked if the reputation value indicates the hash or the network address is associated with malicious activity. In more specific embodiments, the method may also include sending a query to a threat analysis host to request the reputation value. Additionally or alternatively the reputation value may be based on query patterns in particular embodiments. In yet more specific embodiments, the network connection may be an inbound connection and/or an outbound connection, and the reputation value may be based on a file reputation associated with the hash and a connection reputation associated with the network address of the remote end of the network connection.

    SYSTEM AND METHOD FOR BOTNET DETECTION BY COMPREHENSIVE EMAIL BEHAVIORAL ANALYSIS
    6.
    发明申请
    SYSTEM AND METHOD FOR BOTNET DETECTION BY COMPREHENSIVE EMAIL BEHAVIORAL ANALYSIS 审中-公开
    通过综合电子邮件行为分析进行网络检测的系统和方法

    公开(公告)号:US20130247192A1

    公开(公告)日:2013-09-19

    申请号:US13037988

    申请日:2011-03-01

    申请人: Sven Krasser Yuchun Tang Zhenyu Zhong

    发明人: Sven Krasser Yuchun Tang Zhenyu Zhong

    IPC分类号: G06F21/00

    CPC分类号: H04L63/1425 H04L2463/144

    摘要: A method is provided in one example embodiment that includes receiving message sender traits associated with email senders, and receiving a dataset of known malware identifiers and network addresses from a spamtrap. The message sender traits may include behavior features and/or content resemblance factors in various embodiments. The method further includes classifying the email senders as malicious or benign based on the behavior features, and further classifying the malicious senders by malware identifiers based on similarity of content resemblance factors and the dataset of known malware identifiers and network addresses. In certain specific embodiments, a supervised classifier, such as a support vector machine, may be used to classify the malicious senders by malware identifiers.

    摘要翻译: 在一个示例实施例中提供了一种方法,其包括接收与电子邮件发送者相关联的消息发送者特征,以及从垃圾邮件捕获接收已知恶意软件标识符和网络地址的数据集。 消息发送者特征可以包括各种实施例中的行为特征和/或内容相似性因素。 该方法还包括基于行为特征将电子邮件发送者分类为恶意或良性,并且基于内容相似性因素与已知恶意软件标识符和网络地址的数据集的恶意软件标识符进一步对恶意发送者进行分类。 在某些具体实施例中,监督分类器(例如支持向量机)可用于通过恶意软件标识符对恶意发送者进行分类。

    Message profiling systems and methods
    7.
    发明授权
    Message profiling systems and methods 有权
    消息分析系统和方法

    公开(公告)号:US08132250B2

    公开(公告)日:2012-03-06

    申请号:US11173941

    申请日:2005-07-01

    申请人: Paul Judge Guru Rajan Dmitri Alperovitch Matt Moyer Sven Krasser

    发明人: Paul Judge Guru Rajan Dmitri Alperovitch Matt Moyer Sven Krasser

    IPC分类号: G06F15/16

    CPC分类号: G06Q10/107 H04L51/12

    摘要: Methods and systems for operation upon one or more data processors that classify communications from messaging entities. A method can include receiving a communication that was sent from a messaging entity. A plurality of message classification techniques is used to classify the communication. Each message classification technique is associated with a confidence value which is used in generating a message classification output from the message classification technique. The message classification outputs are combined in order to generate a message profile score. The message profile score is used in deciding what action is to be taken with respect to the communication associated with the messaging entity.

    摘要翻译: 用于对一个或多个数据处理器进行操作的方法和系统,用于对通信实体进行分类。 一种方法可以包括接收从消息传送实体发送的通信。 使用多种消息分类技术对通信进行分类。 每个消息分类技术与用于从消息分类技术生成消息分类输出中使用的置信度值相关联。 消息分类输出被组合以便生成消息简档得分。 消息简档分数用于决定对于与消息传递实体相关联的通信采取什么动作。

    WEB HOSTED SECURITY SYSTEM COMMUNICATION
    8.
    发明申请
    WEB HOSTED SECURITY SYSTEM COMMUNICATION 有权
    WEB主机安全系统通信

    公开(公告)号:US20120047259A1

    公开(公告)日:2012-02-23

    申请号:US12987730

    申请日:2011-01-10

    申请人: Sven Krasser Dmitri Alperovitch Martin Stecher Peter Borgolte

    发明人: Sven Krasser Dmitri Alperovitch Martin Stecher Peter Borgolte

    IPC分类号: G06F15/16

    CPC分类号: H04L67/02 H04L51/12 H04L63/02 H04L63/08 H04L63/145 H04L67/2823 H04L69/04

    摘要: A distributed proxy server system is operable to receive a request for Internet data from a user, obtain the user's identity, store at least one cookie on the user's web browser identifying the user, and filter undesired content before forwarding requested Internet data to the user. A master cookie is associated with the proxy server including user identity information, and an injected domain cookie is associated with the domain of the requested Internet data including user identity information.

    摘要翻译: 分布式代理服务器系统可操作以从用户接收对因特网数据的请求,获取用户的身份,在用户的web浏览器上存储识别用户的至少一个cookie,并且在将所请求的因特网数据转发给用户之前过滤不需要的内容。 主cookie与代理服务器相关联,包括用户身份信息,并且注入的域cookie与所请求的因特网数据的域相关联,包括用户身份信息。