-
公开(公告)号:US20100057869A1
公开(公告)日:2010-03-04
申请号:US12548175
申请日:2009-08-26
申请人: Angelos Stavrou , Sushil Jajodia , Lei Zhang
发明人: Angelos Stavrou , Sushil Jajodia , Lei Zhang
IPC分类号: G06F15/16
CPC分类号: G06Q10/107 , H04L51/22
摘要: An email revocation in which transmitted email can be recalled before a recipient is able to read the transmitted email is provided. An event server stores a transmitted email for a given time period or until being retrieved by a receiving email client. If the given time period expires or the email is recalled, the receiving email client is unable to retrieve the email.
摘要翻译: 提供电子邮件撤销,其中发送的电子邮件可以在收件人能够阅读发送的电子邮件之前被召回。 事件服务器在给定时间段内存储发送的电子邮件,或者直到由接收邮件客户端检索。 如果给定的时间段到期或电子邮件被召回,则接收电子邮件客户端无法检索电子邮件。
-
公开(公告)号:US08935773B2
公开(公告)日:2015-01-13
申请号:US12757675
申请日:2010-04-09
CPC分类号: H04L63/1416 , G06F21/566 , G06F2221/2103 , G06F2221/2119 , H04L63/08 , H04L63/0884 , H04L63/145 , H04L67/02
摘要: A transparent proxy for malware detection includes a monitor module, a protocol determination module, a challenge generation module, a response determination module, and a data control module. The monitor module examines data originating from an application towards a remote server. The protocol determination module identifies the protocol type used for the data. The challenge generation module produces a challenge for the application based upon the protocol type, sends the challenge to the application, and maintains a state related to the data and the challenge. The response determination module makes a determination if an automatic non-interactive application response is received in response to the challenge from the application. The data control module allows the first data to continue to the remote server when the determination is valid. The data control module reports malware detection and blocks the data to continue to the remote server when the determination is invalid.
摘要翻译: 用于恶意软件检测的透明代理包括监视器模块,协议确定模块,质询生成模块,响应确定模块和数据控制模块。 监视器模块将从应用程序发送到远程服务器的数据进行检查。 协议确定模块识别用于数据的协议类型。 挑战生成模块基于协议类型为应用程序产生挑战,向应用程序发送挑战,并维护与数据和挑战相关的状态。 响应确定模块确定响应于来自应用的挑战是否接收到自动非交互式应用响应。 当确定有效时,数据控制模块允许第一数据继续到远程服务器。 当确定无效时,数据控制模块报告恶意软件检测并阻止数据继续到远程服务器。
-
公开(公告)号:US20110099620A1
公开(公告)日:2011-04-28
申请号:US12757675
申请日:2010-04-09
IPC分类号: G06F21/00
CPC分类号: H04L63/1416 , G06F21/566 , G06F2221/2103 , G06F2221/2119 , H04L63/08 , H04L63/0884 , H04L63/145 , H04L67/02
摘要: A transparent proxy for malware detection includes a monitor module, a protocol determination module, a challenge generation module, a response determination module, and a data control module. The monitor module examines data originating from an application towards a remote server. The protocol determination module identifies the protocol type used for the data. The challenge generation module produces a challenge for the application based upon the protocol type, sends the challenge to the application, and maintains a state related to the data and the challenge. The response determination module makes a determination if an automatic non-interactive application response is received in response to the challenge from the application. The data control module allows the first data to continue to the remote server when the determination is valid. The data control module reports malware detection and blocks the data to continue to the remote server when the determination is invalid.
摘要翻译: 用于恶意软件检测的透明代理包括监视器模块,协议确定模块,质询生成模块,响应确定模块和数据控制模块。 监视器模块将从应用程序发送到远程服务器的数据进行检查。 协议确定模块识别用于数据的协议类型。 挑战生成模块基于协议类型为应用程序产生挑战,向应用程序发送挑战,并维护与数据和挑战相关的状态。 响应确定模块确定响应于来自应用的挑战是否接收到自动非交互式应用响应。 当确定有效时,数据控制模块允许第一数据继续到远程服务器。 当确定无效时,数据控制模块报告恶意软件检测并阻止数据继续到远程服务器。
-
公开(公告)号:US20110164506A1
公开(公告)日:2011-07-07
申请号:US12835228
申请日:2010-07-13
IPC分类号: H04L12/56
CPC分类号: H04L43/12 , H04L41/0803
摘要: Embodiments of the present invention include a system or method for inferring packet management rules of a packet management device. A probing device is used to extract at least one of port number and IP address from a packet management configuration file. The probing device classifies extracted numbers and selectively transmits packets to a packet management device. A packet analyzer notifies the probing device when a packet passes through the packet management device. Based on the notification, the probing device is able to transmit packets to the packet management device in a non-exhaustive manner and determine a port range corresponding to a packet management rule.
摘要翻译: 本发明的实施例包括用于推断分组管理设备的分组管理规则的系统或方法。 探测设备用于从分组管理配置文件中提取端口号和IP地址中的至少一个。 探测设备对提取的号码进行分类,并选择性地将数据包发送到数据包管理设备。 分组分析器在分组通过分组管理设备时通知探测设备。 基于该通知,探测装置能够以非穷尽的方式向分组管理装置发送分组,并且确定与分组管理规则相对应的端口范围。
-
公开(公告)号:US08719943B2
公开(公告)日:2014-05-06
申请号:US13466706
申请日:2012-05-08
申请人: Steven E Noel , Sushil Jajodia , Eric B Robertson
发明人: Steven E Noel , Sushil Jajodia , Eric B Robertson
IPC分类号: H04L29/06
CPC分类号: H04L41/12 , H04L63/1425
摘要: Disclosed is a system for correlating intrusion events using attack graph distances. The system includes an attack graph generator, an exploit distance calculator, an intrusion detector, an event report/exploit associator, an event graph creator, an event graph distance calculator, a correlation value calculator, and a coordinated attack analyzer. An attack graph is constructed for exploits and conditions in a network. The exploit distance calculator determines exploit distances for exploit pair(s). The intrusion detector generates event. Events are associated with exploits. Event graph distances are calculated. Correlation values are calculated for event pair(s) using event graph distances. The correlation values are analyzed using a correlation threshold to detect coordinated attacks.
摘要翻译: 公开了一种使用攻击图距离来相关入侵事件的系统。 该系统包括攻击图生成器,利用距离计算器,入侵检测器,事件报告/利用关联器,事件图形创建器,事件图距离计算器,相关值计算器和协调攻击分析器。 为网络中的利用和条件构建攻击图。 利用距离计算器确定漏洞利用距离。 入侵检测器生成事件。 事件与漏洞相关联。 计算事件图距离。 使用事件图距离计算事件对的相关值。 使用相关阈值分析相关值以检测协调的攻击。
-
公开(公告)号:US20100192226A1
公开(公告)日:2010-07-29
申请号:US12758135
申请日:2010-04-12
IPC分类号: G06F11/00
CPC分类号: H04L41/12 , H04L63/1425
摘要: Disclosed is a system for correlating intrusion events using attack graph distances. The system includes an attack graph generator, an exploit distance calculator, an intrusion detector, an event report/exploit associator, an event graph creator, an event graph distance calculator, a correlation value calculator, and a coordinated attack analyzer. An attack graph is constructed for exploits and conditions in a network. The exploit distance calculator determines exploit distances for exploit pair(s). The intrusion detector generates event. Events are associated with exploits. Event graph distances are calculated. Correlation values are calculated for event pair(s) using event graph distances. The correlation values are analyzed using a correlation threshold to detect coordinated attacks.
摘要翻译: 公开了一种使用攻击图距离来相关入侵事件的系统。 该系统包括攻击图生成器,利用距离计算器,入侵检测器,事件报告/利用关联器,事件图形创建器,事件图距离计算器,相关值计算器和协调攻击分析器。 为网络中的利用和条件构建攻击图。 利用距离计算器确定漏洞利用距离。 入侵检测器生成事件。 事件与漏洞相关联。 计算事件图距离。 使用事件图距离计算事件对的相关值。 使用相关阈值分析相关值以检测协调的攻击。
-
公开(公告)号:US20100054481A1
公开(公告)日:2010-03-04
申请号:US12548975
申请日:2009-08-27
申请人: Sushil Jajodia , Witold Litwin , Thomas Schwarz
发明人: Sushil Jajodia , Witold Litwin , Thomas Schwarz
CPC分类号: H04L9/085 , H04L9/0897
摘要: Embodiments of the present invention store application data and associated encryption key(s) on at least k+1 remote servers using LH* addressing. At least k+1 buckets are created on separate remote servers. At least k+1 key shares are generated for each of at least one encryption key. Each encryption key has a unique key number. Each key share is stored in a different key share record. Each of the key share records is stored in a different bucket using LH* addressing. Encrypted application data is generated by encrypting the application data with the encryption key(s). The encrypted application data is stored in encrypted data record(s). Each of the encrypted data records is stored in a different bucket among the buckets using LH* addressing.
摘要翻译: 本发明的实施例使用LH *寻址在至少k + 1个远程服务器上存储应用数据和相关联的加密密钥。 在单独的远程服务器上至少创建k + 1个桶。 为至少一个加密密钥中的每一个产生至少k + 1个密钥份额。 每个加密密钥都有唯一的密钥号码。 每个密钥共享存储在不同的密钥共享记录中。 每个密钥共享记录使用LH *寻址存储在不同的存储桶中。 通过使用加密密钥加密应用数据来生成加密的应用数据。 加密的应用数据被存储在加密的数据记录中。 使用LH *寻址将每个加密的数据记录存储在桶中的不同桶中。
-
公开(公告)号:US07627900B1
公开(公告)日:2009-12-01
申请号:US11371930
申请日:2006-03-10
申请人: Steven E. Noel , Sushil Jajodia
发明人: Steven E. Noel , Sushil Jajodia
CPC分类号: H04L41/12 , H04L63/1425
摘要: Disclosed is framework for aggregating network attack graphs. A network may be represented as a dependency graph. Condition set(s), exploit set(s) and machine set(s) may be generated using information from the dependency graph. Exploit-condition set(s) may be generated using the condition set(s) and the exploit set(s). Machine-exploit set(s) may be generated using the exploit-condition set(s) and machine set(s).
摘要翻译: 披露了用于聚合网络攻击图的框架。 网络可以表示为依赖图。 可以使用来自依赖图的信息来生成条件集合,利用集合和机器集合。 可以使用条件集和漏洞集来生成漏洞利用条件集。 可以使用漏洞利用条件集和机器集来生成机器漏洞集。
-
公开(公告)号:US08566269B2
公开(公告)日:2013-10-22
申请号:US11831914
申请日:2007-07-31
申请人: Sushil Jajodia , Lingyu Wang , Anoop Singhal
发明人: Sushil Jajodia , Lingyu Wang , Anoop Singhal
IPC分类号: G06F21/06 , G06F19/28 , G06F15/163
CPC分类号: H04L63/1441
摘要: An attack graph analysis tool that includes a network configuration information input module, a domain knowledge input module, a network configuration information storage module, a domain knowledge storage module, and a result generation module. The network configuration information input module inputs network configuration information. The domain knowledge input module inputs domain knowledge for the network. The network configuration information storage module stores network configuration information in a network database table. The domain knowledge storage module stores the domain knowledge in an exploit database table. The result generation module generates a result using the network database table and exploit database table. The result may be generated in response to a query to a database management system that has access to the network database table and exploit database table. The network may be reconfigured to decrease the likelihood of future attacks using the attack information learned from the result.
摘要翻译: 一种攻击图分析工具,包括网络配置信息输入模块,域知识输入模块,网络配置信息存储模块,域知识存储模块和结果生成模块。 网络配置信息输入模块输入网络配置信息。 域知识输入模块为网络输入域知识。 网络配置信息存储模块将网络配置信息存储在网络数据库表中。 领域知识存储模块将领域知识存储在漏洞利用数据库表中。 结果生成模块使用网络数据库表生成结果并利用数据库表。 响应于对具有访问网络数据库表并利用数据库表的数据库管理系统的查询,可以生成结果。 可以重新配置网络,以使用从结果中学习的攻击信息来减少未来攻击的可能性。
-
公开(公告)号:US08181252B2
公开(公告)日:2012-05-15
申请号:US12758135
申请日:2010-04-12
申请人: Sushil Jajodia , Steven E Noel , Eric B Robertson
发明人: Sushil Jajodia , Steven E Noel , Eric B Robertson
IPC分类号: H04L29/06
CPC分类号: H04L41/12 , H04L63/1425
摘要: Disclosed is a system for correlating intrusion events using attack graph distances. The system includes an attack graph generator, an exploit distance calculator, an intrusion detector, an event report/exploit associator, an event graph creator, an event graph distance calculator, a correlation value calculator, and a coordinated attack analyzer. An attack graph is constructed for exploits and conditions in a network. The exploit distance calculator determines exploit distances for exploit pair(s). The intrusion detector generates event. Events are associated with exploits. Event graph distances are calculated. Correlation values are calculated for event pair(s) using event graph distances. The correlation values are analyzed using a correlation threshold to detect coordinated attacks.
摘要翻译: 公开了一种使用攻击图距离来相关入侵事件的系统。 该系统包括攻击图生成器,利用距离计算器,入侵检测器,事件报告/利用关联器,事件图形创建器,事件图距离计算器,相关值计算器和协调攻击分析器。 为网络中的利用和条件构建攻击图。 利用距离计算器确定漏洞利用距离。 入侵检测器生成事件。 事件与漏洞相关联。 计算事件图距离。 使用事件图距离计算事件对的相关值。 使用相关阈值分析相关值以检测协调的攻击。
-
-
-
-
-
-
-
-
-
搜索结果
32 条记录 (耗时 0.021 秒)
