Method and system for mobile network security, related network and computer program product
    2.
    发明授权
    Method and system for mobile network security, related network and computer program product 有权
    移动网络安全,相关网络和计算机程序产品的方法和系统

    公开(公告)号:US08443439B2

    公开(公告)日:2013-05-14

    申请号:US12225686

    申请日:2006-10-31

    IPC分类号: G06F12/14

    摘要: A honeypot system for protecting a mobile communication network against malware includes one or more user-less mobile devices including a monitoring module for monitoring the events conveying software applications in the associated mobile device as well as a controller client module that emulates human-like interaction with the user-less devices as a function of the events monitored. The system controllably performs, for the applications conveyed by the events monitored, one or more of the following steps: i) installing the application on the device; ii) executing the application installed on the device; and iii) de-installing the application from the device. After any of these steps, the state of the device is checked in order to detect if any anomalous variation has occurred in the state of the device indicative of the device being exposed to the risk of malware. If any anomalous variation is detected, the system issues a malware alert message.

    摘要翻译: 用于保护移动通信网络免受恶意软件的蜜罐系统包括一个或多个无用户移动设备,包括用于监视传送相关联的移动设备中的软件应用程序的事件的监视模块以及模拟与人类的交互的控制器客户端模块 作为监视事件的函数的无用户设备。 该系统可控制地执行由所监视的事件传送的应用程序中的一个或多个以下步骤:i)将应用程序安装在设备上; ii)执行安装在设备上的应用程序; 以及iii)从所述设备中去除所述应用。 在这些步骤中的任一步骤之后,检查设备的状态,以便检测在设备的状态下是否发生任何异常变化,指示设备被暴露于恶意软件的风险。 如果检测到任何异常变化,系统将发出恶意软件警报消息。

    Method and System for Mobile Network Security, Related Network and Computer Program Product
    3.
    发明申请
    Method and System for Mobile Network Security, Related Network and Computer Program Product 有权
    移动网络安全方法与系统,相关网络和计算机程序产品

    公开(公告)号:US20090144823A1

    公开(公告)日:2009-06-04

    申请号:US12225686

    申请日:2006-10-31

    IPC分类号: H04L9/00

    摘要: A honeypot system for protecting a mobile communication network against malware includes one or more user-less mobile devices including a monitoring module for monitoring the events conveying software applications in the associated mobile device as well as a controller client module that emulates human-like interaction with the user-less devices as a function of the events monitored. The system controllably performs, for the applications conveyed by the events monitored, one or more of the following steps: i) installing the application on the device; ii) executing the application installed on the device; and iii) de-installing the application from the- device. After any of these steps, the state of the device is checked in order to detect if any anomalous variation has occurred in the state of the device indicative of the device being exposed to the risk of malware. If any anomalous variation is detected, the system issues a malware alert message.

    摘要翻译: 用于保护移动通信网络免受恶意软件的蜜罐系统包括一个或多个无用户移动设备,包括用于监视传送相关联的移动设备中的软件应用程序的事件的监视模块以及模拟与人类的交互的控制器客户端模块 作为监视事件的函数的无用户设备。 该系统可控制地执行由所监视的事件传送的应用程序中的一个或多个以下步骤:i)将应用程序安装在设备上; ii)执行安装在设备上的应用程序; 以及iii)从设备中去除应用程序。 在这些步骤中的任一步骤之后,检查设备的状态,以便检测在设备的状态下是否发生任何异常变化,指示设备被暴露于恶意软件的风险。 如果检测到任何异常变化,系统将发出恶意软件警报消息。

    Method and system for identifying malicious messages in mobile communication networks, related network and computer program product therefor
    4.
    发明授权
    Method and system for identifying malicious messages in mobile communication networks, related network and computer program product therefor 有权
    用于识别移动通信网络中的恶意消息的方法和系统,相关网络和计算机程序产品

    公开(公告)号:US08443446B2

    公开(公告)日:2013-05-14

    申请号:US12225684

    申请日:2006-03-27

    IPC分类号: H04L29/06

    摘要: A system for identifying malicious messages transmitted over a mobile communication network includes: sentinel modules associated with respective mobile terminals in the network for monitoring messages passing therethrough, wherein the sentinel modules identify as a candidate malicious message, any message passing through the mobile terminals and failing to comply with a first set of patterns and issue a corresponding sentinel identification message; a set of probe modules for monitoring messages transmitted over the network, wherein the probe modules identify as a candidate malicious message any message transmitted over the network and failing to comply with a second set of patterns and issue a corresponding probe identification message; and preferably at least one client honeypot module for receiving and processing any messages sent thereto to produce corresponding processing results, wherein the client honeypot module identifies as a candidate malicious message any message producing a processing result failing to comply with a third set of patterns and issues a corresponding client honeypot identification message.

    摘要翻译: 用于识别通过移动通信网络发送的恶意消息的系统包括:与网络中的相应移动终端相关联的哨兵模块,用于监视通过其中的消息,其中,所述哨兵模块标识为候选恶意消息,通过所述移动终端的任何消息失败 遵守第一组模式并发出相应的哨兵识别信息; 一组用于监视通过网络发送的消息的探测模块,其中探测模块将通过网络发送的任何消息标识为候选恶意消息,并且不符合第二组模式并发出相应的探测器识别消息; 并且优选地是至少一个客户端蜜罐模块,用于接收和处理发送到其上的任何消息以产生相应的处理结果,其中客户端蜜罐模块将任何消息产生为不符合第三组模式和问题的处理结果的任何消息 相应的客户端蜜罐识别消息。

    Instrusion Detection Method and System, Related Network and Computer Program Product Therefor
    5.
    发明申请
    Instrusion Detection Method and System, Related Network and Computer Program Product Therefor 有权
    入侵检测方法与系统,相关网络及其计算机程序产品

    公开(公告)号:US20070300301A1

    公开(公告)日:2007-12-27

    申请号:US11791609

    申请日:2004-11-26

    IPC分类号: G06F1/00

    摘要: Intrusions in a system under surveillance are detected by matching the events occurring during operation of the system against a knowledge base including information on events which occurred during a learning phase. The detection technique includes the steps of: recording, during the learning phase, temporal data related to the events during the learning phase; identifying, as a function of the temporal data recorded, a dynamic part of the knowledge base; discovering patterns that cover the dynamic part of the knowledge base; and using, during the analysis phase, a regular expression match at least with respect to the dynamic part of the knowledge base.

    摘要翻译: 通过将系统运行期间发生的事件与包括在学习阶段发生的事件的信息相关的知识库相匹配来检测被监视的系统中的入侵。 检测技术包括以下步骤:在学习阶段记录与学习阶段期间的事件有关的时间数据; 根据记录的时间数据识别知识库的动态部分; 发现涵盖知识库动态部分的模式; 并且在分析阶段期间使用至少相对于知识库的动态部分的正则表达式匹配。

    Method and System for Identifying Malicious Messages in Mobile Communication Networks, Related Network and Computer Program Product Therefor
    6.
    发明申请
    Method and System for Identifying Malicious Messages in Mobile Communication Networks, Related Network and Computer Program Product Therefor 有权
    用于识别移动通信网络中的恶意消息的方法和系统,相关网络和计算机程序产品

    公开(公告)号:US20120151585A1

    公开(公告)日:2012-06-14

    申请号:US12225684

    申请日:2006-03-27

    IPC分类号: G06F21/00

    摘要: A system for identifying malicious messages transmitted over a mobile communication network includes: sentinel modules associated with respective mobile terminals in the network for monitoring messages passing therethrough, wherein the sentinel modules identify as a candidate malicious message, any message passing through the mobile terminals and failing to comply with a first set of patterns and issue a corresponding sentinel identification message; a set of probe modules for monitoring messages transmitted over the network, wherein the probe modules identify as a candidate malicious message any message transmitted over the network and failing to comply with a second set of patterns and issue a corresponding probe identification message; and preferably at least one client honeypot module for receiving and processing any messages sent thereto to produce corresponding processing results, wherein the client honeypot module identifies as a candidate malicious message any message producing a processing result failing to comply with a third set of patterns and issues a corresponding client honeypot identification message.

    摘要翻译: 用于识别通过移动通信网络发送的恶意消息的系统包括:与网络中的相应移动终端相关联的哨兵模块,用于监视通过其中的消息,其中,所述哨兵模块标识为候选恶意消息,通过所述移动终端的任何消息失败 遵守第一组模式并发出相应的哨兵识别信息; 一组用于监视通过网络发送的消息的探测模块,其中探测模块将通过网络发送的任何消息标识为候选恶意消息,并且不符合第二组模式并发出相应的探测器识别消息; 并且优选地是至少一个客户端蜜罐模块,用于接收和处理发送到其上的任何消息以产生相应的处理结果,其中客户端蜜罐模块将任何消息产生为不符合第三组模式和问题的处理结果的任何消息 相应的客户端蜜罐识别消息。

    Method and system for processing packet flows, and computer program product therefor
    8.
    发明申请
    Method and system for processing packet flows, and computer program product therefor 审中-公开
    处理数据包流的方法和系统及其计算机程序产品

    公开(公告)号:US20090217369A1

    公开(公告)日:2009-08-27

    申请号:US11919906

    申请日:2005-05-04

    IPC分类号: G06F21/00 H04L12/26

    摘要: Packet flows are processed, e.g. to perform an intrusion detection function in a communication network, by means of a multiprocessor system including a plurality of processing units. The packets are distributed for processing among the processing units via a distribution function. Such a distribution function is selectively allotted to one of the processing units of the plurality. A preferred embodiment of the arrangement involves using a single Symmetric Multi-Processor machine with a single network port to Gigabit/sec link. The corresponding system architecture does not require any intermediate device, or any external load balancing mechanism. All the processing work is performed on a single system, which is able to dynamically balance the traffic load among the several independent CPUs. By resorting to a specific scheduling arrangement, such a system is able to effectively distribute the computations required to perform both the loadbalancing and the detection operations.

    摘要翻译: 处理数据包流,例如 通过包括多个处理单元的多处理器系统在通信网络中执行入侵检测功能。 这些分组被分配用于经由分发功能在处理单元之间进行处理。 这种分配功能被选择性地分配给多个处理单元之一。 该布置的优选实施例涉及使用具有单个网络端口到千兆/秒链路的单个对称多处理器机器。 相应的系统架构不需要任何中间设备或任何外部负载平衡机制。 所有的处理工作都在单个系统上执行,能够动态平衡多个独立CPU之间的流量负载。 通过采用特定的调度安排,这样的系统能够有效地分配执行负载平衡和检测操作所需的计算。