公开(公告)号：US07945953B1

公开(公告)日：2011-05-17

申请号：US11176855

申请日：2005-07-06

申请人： Govind Salinas ,  Matthew Conover ,  Sourabh Satish

发明人： Govind Salinas ,  Matthew Conover ,  Sourabh Satish

IPC分类号： H04L29/00

CPC分类号： G06F21/54 ,  G06F12/1441 ,  G06F21/52 ,  G06F21/577

摘要： A method and system detect buffer overflows and RLIBC attacks by determining if a critical call initiating function is a “potential threat”. In one embodiment, a critical call initiating function is considered a potential threat if the value of the return address of the critical call initiating function points to a location in memory between the location of the highest Thread Environment Block (TEB) or Process Environment Block (PEB) and the location of the lowest Thread Environment Block (TEB) or PEB. In another embodiment, a critical call initiating function making a call to a predefined critical operating system function is considered a potential threat if the value of the return address of the critical call initiating function points to the beginning of a new function with a zero offset.

摘要翻译： 通过确定关键呼叫发起功能是否是“潜在威胁”，方法和系统检测缓冲区溢出和RLIBC攻击。 在一个实施例中，如果临界呼叫发起功能的返回地址的值指向存储器中最高线程环境块（TEB）或过程环境块（TEB）的位置之间的位置，则将关键呼叫发起功能视为潜在威胁 PEB）和最低线程环境块（TEB）或PEB的位置。 在另一个实施例中，如果临时呼叫发起功能的返回地址的值指向具有零偏移的新功能的开始，则对呼叫预定义的关键操作系统功能的关键呼叫发起功能被认为是潜在的威胁。

公开(公告)号：US20200344113A1

公开(公告)日：2020-10-29

申请号：US16926907

申请日：2020-07-13

申请人： Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas ,  Sourabh Satish

发明人： Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas ,  Sourabh Satish

IPC分类号： H04L12/24 ,  H04L29/06

摘要： Described herein are systems, methods, and software to enhance the management of responses to incidents. In one example, a method of improving incident response comprises identifying an incident in an information technology (IT) environment associated with a first entity of a plurality of entities, and identifying action implementation information related to the incident. The method further anonymizes the action implementation information for the incident, and determines action suggestions based at least on the anonymized action implementation information.

公开(公告)号：US20140201208A1

公开(公告)日：2014-07-17

申请号：US13742218

申请日：2013-01-15

申请人： Sourabh Satish ,  Govind Salinas ,  Vincent Cheong ,  Symantec Corporation

发明人： Sourabh Satish ,  Govind Salinas ,  Vincent Cheong ,  Symantec Corporation

IPC分类号： G06F17/30

CPC分类号： G06F21/564

摘要： An unlabeled sample is classified using clustering. A set of samples containing labeled and unlabeled samples is established. Values of features are gathered from the samples contained in the datasets and a subset of features are selected. The labeled and unlabeled samples are clustered together based on similarity of the gathered values for the selected subset of features to produce a set of clusters, each cluster having a subset of samples from the set of samples. The selecting and clustering steps are recursively iterated on the subset of samples in each cluster in the set of clusters until at least one stopping condition is reached. The iterations produce a cluster having a labeled sample and an unlabeled sample. A label is propagated from the labeled sample in the cluster to the unlabeled sample in the cluster to classify the unlabeled sample.

摘要翻译： 未标记的样本使用聚类进行分类。 建立了一套含标签和未标记样品的样品。 从数据集中包含的样本中收集特征值，并选择一组特征。 基于所选择的特征子集的收集值的相似性，将标记和未标记的样本聚类在一起，以产生一组聚类，每个聚类具有来自该组样本的样本子集。 在集群中的每个集群中的样本子集上递归迭代选择和聚类步骤，直到达到至少一个停止条件。 迭代产生具有标记样品和未标记样品的簇。 标签从群集中标记的样本传播到群集中的未标记样本，以对未标记的样本进行分类。

公开(公告)号：US07975308B1

公开(公告)日：2011-07-05

申请号：US11864346

申请日：2007-09-28

申请人： Sourabh Satish ,  Govind Salinas ,  Zulfikar Ramzan

发明人： Sourabh Satish ,  Govind Salinas ,  Zulfikar Ramzan

IPC分类号： G06F7/04 ,  G06F12/00 ,  G06F12/14 ,  G06F13/00 ,  G06F17/30 ,  G11C7/00

CPC分类号： G06F17/30867 ,  G06F21/6254 ,  G06F21/6263

摘要： Embodiments in accordance with the invention install a primary security browser extension first in the browser event notification order list and a secondary security browser extension last in the event notification order list. On receipt of a user data event including user confidential data at the primary security browser extension, the user confidential data is obfuscated by the primary security browser extension and the user data event including the obfuscated data is released to a next browser extension in the browser event notification order list. Upon receipt of the user data event at the secondary security browser extension, the obfuscated data is restored with the original user confidential data and the user data event is released for further processing.

摘要翻译： 根据本发明的实施例首先在浏览器事件通知顺序列表中安装主安全浏览器扩展，并且在事件通知顺序列表中最后安装辅助安全浏览器扩展。 在主安全浏览器扩展接收到包括用户机密数据的用户数据事件时，用户机密数据被主安全浏览器扩展模糊，包括混淆数据的用户数据事件被释放到浏览器事件中的下一个浏览器扩展 通知单列表。 在辅助安全浏览器扩展接收到用户数据事件时，用原始用户机密数据恢复混淆的数据，并释放用户数据事件以便进一步处理。