公开(公告)号：US08875292B1

公开(公告)日：2014-10-28

申请号：US12754586

申请日：2010-04-05

申请人： Walter Bogorad ,  Vadim Antonov

发明人： Walter Bogorad ,  Vadim Antonov

IPC分类号： G06F21/00 ,  G06F21/56

CPC分类号： G06F21/564 ,  G06F2221/2115 ,  H04L63/1416

摘要： A computer-implemented method for managing malware signatures. The method may include maintaining a set of active malware signatures and maintaining a set of dormant malware signatures. The method may also include providing the set of active malware signatures for use in malware detection more frequently than the set of dormant malware signatures and determining that a first malware signature from the set of dormant malware signatures triggers one or more positive malware detection responses. The method may further include, in response to the determination, moving the first malware signature from the set of dormant malware signatures to the set of active malware signatures. Various other methods, systems, and computer-readable media are also disclosed.

摘要翻译： 用于管理恶意软件签名的计算机实现的方法。 该方法可以包括维护一组主动恶意软件签名并维护一组休眠的恶意软件签名。 该方法还可以包括提供用于恶意软件检测的一组主动恶意软件签名，比一组休眠恶意软件签名更频繁，并且确定来自该组休眠恶意软件签名的第一恶意软件签名触发一个或多个正恶意软件检测响应。 该方法还可以包括响应于该确定，将第一恶意软件签名从该组休眠恶意软件签名移动到该组活动恶意软件签名。 还公开了各种其它方法，系统和计算机可读介质。

公开(公告)号：US08667587B1

公开(公告)日：2014-03-04

申请号：US13474973

申请日：2012-05-18

申请人： Walter Bogorad ,  Vadim Antonov

发明人： Walter Bogorad ,  Vadim Antonov

IPC分类号： G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G06F15/173

CPC分类号： H04L63/105

摘要： A mechanism is provided for determining a safety reputation for a network site in a manner that provides both wide coverage of potentially malicious sites as well as improves the freshness of information from which the safety reputation is derived. Community-based information, such as reports from users related to recently-visited network sites, malware detected by reporting network nodes, non-specific information such as unusual CPU usage and network activity of visiting nodes, and information received from other types of external feeds is used in determining the safety reputation and updating the safety reputation. Such information is analyzed in order to determine network sites that are potential sources of malware, which can then be subjected to more detailed analysis. Historical information as to a site's reputation and other factors such as commercial importance can also be reviewed to make a determination as to whether information being currently gathered by a community of users is sufficient to trigger additional analysis of the network site. Thus, resources used for detailed analysis of suspect network sites is conserved.

摘要翻译： 提供了一种用于以提供潜在恶意站点的广泛覆盖的方式来确定网络站点的安全信誉的机制，以及提高从其导出安全信誉的信息的新鲜度。 基于社区的信息，例如与最近访问的网站相关的用户的报告，由报告网络节点检测到的恶意软件，诸如异常CPU使用率和访问节点的网络活动之类的非特定信息以及从其他类型的外部馈送接收到的信息 用于确定安全声誉和更新安全声誉。 分析这些信息以便确定作为恶意软件潜在来源的网络站点，然后可以进行更详细的分析。 关于网站声誉和商业重要性等其他因素的历史信息也可以进行审查，以确定目前由用户社区收集的信息是否足以触发网站的额外分析。 因此，用于详细分析可疑网站的资源是保守的。

公开(公告)号：US08621625B1

公开(公告)日：2013-12-31

申请号：US12342607

申请日：2008-12-23

申请人： Walter Bogorad ,  Vadim Antonov

发明人： Walter Bogorad ,  Vadim Antonov

IPC分类号： G06F21/00

CPC分类号： G06F21/562

摘要： A computer-implemented method for detecting infected files may include identifying a set of known-clean files. The method may also include identifying a set of characteristics of an unchecked file. The method may further include determine that the unchecked file is related to a clean file in the set of known-clean files. The determination may be based on the set of characteristics of the unchecked file. The method may additionally include determining whether the unchecked file is functionally equivalent to the clean file. This determination may be based on the set of characteristics of the unchecked file. Various other methods, systems, and computer-readable media are also disclosed.

摘要翻译： 用于检测感染文件的计算机实现的方法可以包括识别一组已知干净的文件。 该方法还可以包括识别未检查文件的一组特征。 该方法还可以包括确定未经检查的文件与一组已知干净文件中的干净文件相关。 该确定可以基于未检查文件的特征集合。 该方法还可以包括确定未被检查的文件是否在功能上等同于干净的文件。 该确定可以基于未经检查的文件的特征集合。 还公开了各种其它方法，系统和计算机可读介质。

公开(公告)号：US08185956B1

公开(公告)日：2012-05-22

申请号：US12059471

申请日：2008-03-31

申请人： Walter Bogorad ,  Vadim Antonov

发明人： Walter Bogorad ,  Vadim Antonov

IPC分类号： H04L29/06 ,  G06F15/173 ,  G06F11/00

CPC分类号： H04L63/105

摘要： A mechanism is provided for determining a safety reputation for a network site in a manner that provides both wide coverage of potentially malicious sites as well as improves the freshness of information from which the safety reputation is derived. Community-based information, such as reports from users related to recently-visited network sites, malware detected by reporting network nodes, non-specific information such as unusual CPU usage and network activity of visiting nodes, and information received from other types of external feeds is used in determining the safety reputation and updating the safety reputation. Such information is analyzed in order to determine network sites that are potential sources of malware, which can then be subjected to more detailed analysis. Historical information as to a site's reputation and other factors such as commercial importance can also be reviewed to make a determination as to whether information being currently gathered by a community of users is sufficient to trigger additional analysis of the network site. Thus, resources used for detailed analysis of suspect network sites is conserved.

摘要翻译： 提供了一种用于以提供潜在恶意站点的广泛覆盖的方式来确定网络站点的安全信誉的机制，以及提高从其导出安全信誉的信息的新鲜度。 基于社区的信息，例如与最近访问的网站相关的用户的报告，由报告网络节点检测到的恶意软件，诸如异常CPU使用率和访问节点的网络活动之类的非特定信息以及从其他类型的外部馈送接收到的信息 用于确定安全声誉和更新安全声誉。 分析这些信息以便确定作为恶意软件潜在来源的网络站点，然后可以进行更详细的分析。 关于网站声誉和商业重要性等其他因素的历史信息也可以进行审查，以确定目前由用户社区收集的信息是否足以触发网站的额外分析。 因此，用于详细分析可疑网站的资源是保守的。

公开(公告)号：US09465921B1

公开(公告)日：2016-10-11

申请号：US12436630

申请日：2009-05-06

申请人： Zulfikar Ramzan ,  Walter Bogorad

发明人： Zulfikar Ramzan ,  Walter Bogorad

IPC分类号： H04L29/06 ,  G06F21/00

CPC分类号： G06F21/00 ,  G06F21/552 ,  G06F21/6227 ,  H04L63/0807 ,  H04L63/101

摘要： A computer-implemented method for selectively authenticating a request based on an authentication policy is described. A request is received from a client. A determination is made as to which authentication threshold is applied to the request based on an authentication policy. The request is authenticated if the authentication threshold is satisfied. The authentication threshold is modified if the request is not successfully authenticated.

摘要翻译： 描述了一种用于基于认证策略选择性地认证请求的计算机实现的方法。 从客户端收到请求。 确定基于认证策略对请求应用哪个认证阈值。 如果满足认证阈值，则认证该请求。 如果请求未成功认证，则会修改认证阈值。

公开(公告)号：US09081958B2

公开(公告)日：2015-07-14

申请号：US12540907

申请日：2009-08-13

申请人： Zulfikar Ramzan ,  Walter Bogorad ,  Ameet Zaveri ,  Vadim Antonov ,  Carey Nachenberg

发明人： Zulfikar Ramzan ,  Walter Bogorad ,  Ameet Zaveri ,  Vadim Antonov ,  Carey Nachenberg

IPC分类号： G06F15/16 ,  G06F21/56 ,  G06F21/55 ,  H04L12/58 ,  H04L29/06

CPC分类号： G06F21/56 ,  G06F21/55 ,  G06F2221/034 ,  H04L51/12 ,  H04L63/1441

摘要： Reputations of objects are determined by a reputation system using reports from clients identifying the objects. Confidence metrics for the clients are generated using information determined from the reports. Confidence metrics indicate the amounts of confidence in the veracity of the reports. Reputation scores of objects are calculated using the reports from the clients and the confidence metrics for the clients. Confidence metrics and reputation scores are stored in correlation with identifiers for the objects. An object's reputation score is provided to a client in response to a request.

摘要翻译： 对象的声明由使用来自识别对象的客户端的报告的信誉系统决定。 使用从报告确定的信息生成客户端的置信指标。 信心指标表明对报告的真实性的信心量。 使用客户端的报告和客户端的置信指标计算对象的声望分数。 置信度量度和信誉评分与对象的标识符相关联存储。 响应于请求，向客户端提供对象的声誉分数。

公开(公告)号：US08458494B1

公开(公告)日：2013-06-04

申请号：US13430607

申请日：2012-03-26

申请人： Walter Bogorad

发明人： Walter Bogorad

IPC分类号： H04L9/30 ,  H04L9/14

CPC分类号： H04L9/30 ,  G06F21/6209 ,  G06F21/6218 ,  G06F2221/2107 ,  H04L9/0822 ,  H04L9/14 ,  H04L63/0478 ,  H04L2463/062

摘要： A computer-implemented method for secure third-party data storage may include 1) identifying, at a server-side computing device, a request from a client system to access an encrypted file stored under a user account, 2) identifying, in response to the request, an asymmetric key pair designated for the user account that includes an encryption key and a decryption key that has been encrypted with a client-side key, 3) receiving, from the client system, the client-side key, 4) decrypting the decryption key with the client-side key, and 5) using the decryption key to access an unencrypted version of the encrypted file. Various other methods, systems, and computer-readable media are also disclosed.

公开(公告)号：US08412952B1

公开(公告)日：2013-04-02

申请号：US12436633

申请日：2009-05-06

申请人： Zulfikar Ramzan ,  Walter Bogorad ,  Vijay Seshadri ,  Vadim Antonov ,  Pieter Viljoen

发明人： Zulfikar Ramzan ,  Walter Bogorad ,  Vijay Seshadri ,  Vadim Antonov ,  Pieter Viljoen

IPC分类号： G06F11/30 ,  G06F12/14

CPC分类号： G06F21/121 ,  G06F21/00 ,  G06F2221/2137 ,  H04L9/0861 ,  H04L63/0807 ,  H04L63/123 ,  H04L63/20

摘要： A computer-implemented method for authenticating requests from a client running trialware through a proof of work protocol is described. A request received from a client running trialware is analyzed. A cryptographic puzzle is generated if an authentication token is not included with the request. The cryptographic puzzle is transmitted to the client. A solution to the cryptographic puzzle received from the client is analyzed. A response to the request is generated if the received solution to the puzzle is validated.

摘要翻译： 描述了一种用于通过工作协议证明来验证运行试用软件的客户端的请求的计算机实现的方法。 分析从运行试用软件的客户端收到的请求。 如果请求中不包含身份验证令牌，则会生成密码拼图。 密码拼图传输给客户端。 分析从客户端收到的加密难题的解决方案。 如果接收到的拼图解决方案得到验证，则会生成对该请求的响应。

公开(公告)号：US20110040825A1

公开(公告)日：2011-02-17

申请号：US12540907

申请日：2009-08-13

申请人： Zulfikar Ramzan ,  Walter Bogorad ,  Ameet Zaveri ,  Vadim Antonov ,  Carey Nachenberg

发明人： Zulfikar Ramzan ,  Walter Bogorad ,  Ameet Zaveri ,  Vadim Antonov ,  Carey Nachenberg

IPC分类号： G06F15/16

CPC分类号： G06F21/56 ,  G06F21/55 ,  G06F2221/034 ,  H04L51/12 ,  H04L63/1441

摘要： Reputations of objects are determined by a reputation system using reports from clients identifying the objects. Confidence metrics for the clients are generated using information determined from the reports. Confidence metrics indicate the amounts of confidence in the veracity of the reports. Reputation scores of objects are calculated using the reports from the clients and the confidence metrics for the clients. Confidence metrics and reputation scores are stored in correlation with identifiers for the objects. An object's reputation score is provided to a client in response to a request.

摘要翻译： 对象的声明由使用来自识别对象的客户端的报告的信誉系统决定。 使用从报告确定的信息生成客户端的置信指标。 信心指标表明对报告的真实性的信心量。 使用客户端的报告和客户端的置信指标计算对象的声望分数。 置信度量度和信誉评分与对象的标识符相关联存储。 响应于请求，向客户端提供对象的信誉分数。

公开(公告)号：US07774451B1

公开(公告)日：2010-08-10

申请号：US12165333

申请日：2008-06-30

申请人： Walter Bogorad ,  Valery A. Kanevsky

发明人： Walter Bogorad ,  Valery A. Kanevsky

IPC分类号： G06F15/173

CPC分类号： G06F15/173 ,  G06F17/30 ,  G06F21/56

摘要： Method, apparatus, and computer readable medium for classifying a file of interest in a computer network is described. File statistics are received over the network for a plurality of users and a plurality of files. The file statistics are processed to identify: (i) a set of users that received the file of interest; (ii) a group of shared files each of which was received by at least two users; and (iii) numbers of infected files received by respective users. An average ratio of a number of infected files to a total number of files in the group of shared files is computed using a Monte Carlo process constrained by: (i) indications of which users in received which files; and (ii) the numbers of infected files received by the respective users. A probability of infection is assigned to the file of interest based on the average ratio.

摘要翻译： 描述了用于对计算机网络中的感兴趣文件进行分类的方法，装置和计算机可读介质。 通过网络为多个用户和多个文件接收文件统计信息。 处理文件统计信息以识别：（i）一组收到感兴趣的文件的用户; （ii）一组共享文件，每个共享文件由至少两个用户接收; 和（iii）各个用户接收的感染文件的数量。 感染文件数量与共享文件组中文件总数的平均比例是使用蒙特卡罗过程计算的，该过程受以下限制：（i）指示哪些用户接收到哪些文件; 和（ii）各个用户接收的受感染文件的数量。 基于平均比例将感染的概率分配给感兴趣的文件。