System and method for detecting keyboard logging
    1.
    发明授权
    System and method for detecting keyboard logging 有权
    检测键盘记录的系统和方法

    公开(公告)号:US07523470B2

    公开(公告)日:2009-04-21

    申请号:US11021139

    申请日:2004-12-23

    IPC分类号: G06F13/00

    CPC分类号: G06F21/566

    摘要: A kernel based detection of keyboard logger applications is achieved by configuring a call interface to the kernel to characterize a system call pattern for processes accessing a keyboard. A monitor thread iteratively examines a plurality of threads to test open( ), read( ), write( ), and syscall( ) system routines for conditions indicative of presence of a keyboard logger application. A thread whose system call pattern is characterized by such conditions is marked as a keyboard logger.

    摘要翻译: 基于内核的键盘记录器应用的检测是通过配置到内核的调用接口来表征访问键盘的进程的系统调用模式来实现的。 监视器线程迭代地检查多个线程以测试用于指示键盘记录器应用存在的条件的open(),read(),write()和syscall()系统例程。 其系统调用模式的特征在于这样的条件的线程被标记为键盘记录器。

    Determining blocking measures for processing communication traffic anomalies
    2.
    发明授权
    Determining blocking measures for processing communication traffic anomalies 失效
    确定处理通信流量异常的阻塞措施

    公开(公告)号:US07523494B2

    公开(公告)日:2009-04-21

    申请号:US10774140

    申请日:2004-02-05

    IPC分类号: G06F7/00

    CPC分类号: H04L63/1408 H04L63/1441

    摘要: Communication traffic is processed by detecting an anomaly in the communication traffic. A first blocking measure A is applied to the anomalous traffic that stops the anomalous traffic. A second blocking measure is determined such that application of a logical combination of the first blocking measure A and the second blocking measure to the anomalous traffic stops the anomalous traffic.

    摘要翻译: 通过检测通信流量中的异常来处理通信流量。 第一个阻塞措施A应用于阻止异常交通的异常交通。 确定第二阻塞措施,使得将第一阻塞措施A和第二阻塞措施的逻辑组合应用于异常交通停止异常业务。

    System and Method to Record Environmental Condition on an RFID Tag
    4.
    发明申请
    System and Method to Record Environmental Condition on an RFID Tag 失效
    记录RFID标签环境条件的系统和方法

    公开(公告)号:US20070241905A1

    公开(公告)日:2007-10-18

    申请号:US11766883

    申请日:2007-06-22

    IPC分类号: G08B13/14

    CPC分类号: G06K19/0723 G06K19/0717

    摘要: System and method for recording temperature on an RFID tag. A first RFID tag is attached to a container. The first RFID tag includes a temperature sensor. The container contains a multiplicity of packages. A multiplicity of second RFID tags are attached to the multiplicity of packages, respectively. The first RFID tag transmits temperature information to the multiplicity of second RFID tags. In response, the multiplicity of second RFID tags record the temperature information. Consequently, there is no need for expensive temperature sensors on the multiplicity of RFID tags on the packages. According to features of the present invention, the first RFID tag is an active RFID tag, and the multiplicity of second RFID tags are passive RFID tags. The first RFID tag also transmits other information to the multiplicity of second RFID tags to enable the second RFID tags to authenticate the temperature information. Other types of environmental sensors such as a humidity sensor or vibration sensor can substitute for the temperature sensor.

    摘要翻译: 记录RFID标签温度的系统和方法。 第一个RFID标签连接到容器。 第一RFID标签包括温度传感器。 容器包含多个包。 多个第二RFID标签分别附接到多个包装。 第一RFID标签将温度信息传送到多个第二RFID标签。 作为响应,第二RFID标签的多个记录温度信息。 因此,不需要在包装上的RFID标签上的昂贵的温度传感器。 根据本发明的特征,第一RFID标签是有源RFID标签,多个第二RFID标签是无源RFID标签。 第一RFID标签还向多个第二RFID标签传送其他信息,以使第二RFID标签能够认证温度信息。 其他类型的环境传感器,如湿度传感器或振动传感器可以代替温度传感器。

    System and method for detection and mitigation of distributed denial of service attacks
    5.
    发明申请
    System and method for detection and mitigation of distributed denial of service attacks 失效
    用于检测和减轻分布式拒绝服务攻击的系统和方法

    公开(公告)号:US20070011740A1

    公开(公告)日:2007-01-11

    申请号:US11176079

    申请日:2005-07-07

    IPC分类号: G06F12/14

    摘要: A router includes a relatively low bandwidth communication connection to a small computer, a relatively high bandwidth communication connection to a communication network; and a processing unit for executing in the router a set of permit rules for permitting flow of communication packets with respect to the connections for user initiated sessions, the permit rules including a default rule for discarding all packets with respect to the small computer in traffic not pertaining to sessions initiated by the small computer.

    摘要翻译: 路由器包括到小计算机的相对低带宽通信连接,到通信网络的相对高带宽通信连接; 以及处理单元,用于在路由器中执行用于允许关于用于用户发起的会话的连接的通信分组的流的一组允许规则,所述许可规则包括用于丢弃相对于流量中的小型计算机的所有分组的默认规则, 涉及小型电脑发起的会议。

    Method of assuring enterprise security standards compliance
    6.
    发明申请
    Method of assuring enterprise security standards compliance 有权
    确保企业安全标准合规的方法

    公开(公告)号:US20060156408A1

    公开(公告)日:2006-07-13

    申请号:US11033436

    申请日:2005-01-11

    摘要: A method, apparatus, and computer instructions for providing a current and complete security compliance view of an enterprise system. The present invention provides the ability to gain a real-time security posture and security compliance view of an enterprise and to assess the risk impact of known threats and attacks to continued business operations at various levels is provided. Responsive to a change to an enterprise environment, a request, or an external threat, an administrator loads or updates at least one of a Critical Application Operations database, a Historical database, an Access Control database, a Connectivity database, and a Threat database. Based on a comparison of information in the databases against similar security data elements from company or external policies, the administrator may generate a Security Compliance view of the enterprise. A Security Posture view may also be generated by comparing the Security Compliance view against data in the Threat database.

    摘要翻译: 一种用于提供企业系统的当前和完整的安全合规性视图的方法,装置和计算机指令。 本发明提供获得企业的实时安全状态和安全合规性视图的能力,并且评估已知威胁和攻击对于各个级别的持续业务操作的风险影响。 响应企业环境,请求或外部威胁的更改,管理员加载或更新关键应用程序操作数据库,历史数据库,访问控制数据库,连接数据库和威胁数据库中的至少一个。 基于数据库中的信息与公司或外部策略中类似的安全数据元素的比较,管理员可以生成企业的安全合规性视图。 通过将安全合规性视图与威胁数据库中的数据进行比较,也可以生成安全性状态视图。

    Technique for detecting and blocking unwanted instant messages
    7.
    发明申请
    Technique for detecting and blocking unwanted instant messages 有权
    检测和阻止不需要的即时消息的技术

    公开(公告)号:US20060101021A1

    公开(公告)日:2006-05-11

    申请号:US10984299

    申请日:2004-11-09

    IPC分类号: G06F17/30

    摘要: A technique for tracking one or more thresholds relating to the blocking of a particular screen name used on an IM system is disclosed. If the number of people who have blocked a particular screen name reaches a threshold amount, a determination is made that the screen name is being used by a spimmer or other bothersome person, and disciplinary action can be taken. In a preferred embodiment, the email address associated with a user name of a suspected spimmer is identified and all screen names associated with that email address are also subjected to disciplinary action, if desired. Thus, an IM company can suspend all screen names of a spimmer that are tied to the same email address, even though not all (or even none) of the screen names individually have reached a threshold level for discipline/suspension.

    摘要翻译: 公开了一种用于跟踪与在IM系统上使用的特定屏幕名称的阻塞相关的一个或多个阈值的技术。 如果阻止特定屏幕名称的人数达到阈值数量,则确定屏幕名称正被微笑者或其他麻烦的人使用,并且可以采取纪律处分。 在优选实施例中,如果需要,识别与疑似微分器的用户名相关联的电子邮件地址,并且与该电子邮件地址相关联的所有屏幕名称也受到纪律处分。 因此,即使不是所有(甚至没有)屏幕名称的个人都已达到纪律/暂停的阈值水平,因此IM公司可以暂停连接到相同电子邮件地址的所有屏幕快照的屏幕名称。

    Methods, systems, and computer program products for determining blocking measures for processing communication traffic anomalies
    8.
    发明申请
    Methods, systems, and computer program products for determining blocking measures for processing communication traffic anomalies 失效
    用于确定处理通信流量异常的阻塞措施的方法,系统和计算机程序产品

    公开(公告)号:US20050177870A1

    公开(公告)日:2005-08-11

    申请号:US10774140

    申请日:2004-02-05

    IPC分类号: G06F11/30

    CPC分类号: H04L63/1408 H04L63/1441

    摘要: Communication traffic is processed by detecting an anomaly in the communication traffic. A first blocking measure A is applied to the anomalous traffic that stops the anomalous traffic. A second blocking measure is determined such that application of a logical combination of the first blocking measure A and the second blocking measure to the anomalous traffic stops the anomalous traffic.

    摘要翻译: 通过检测通信流量中的异常来处理通信流量。 第一个阻塞措施A应用于阻止异常交通的异常交通。 确定第二阻塞措施,使得将第一阻塞措施A和第二阻塞措施的逻辑组合应用于异常交通停止异常业务。

    Method, system and program for automatically detecting distributed port scans in computer networks
    10.
    发明申请
    Method, system and program for automatically detecting distributed port scans in computer networks 失效
    自动检测计算机网络中分布式端口扫描的方法,系统和程序

    公开(公告)号:US20060018262A1

    公开(公告)日:2006-01-26

    申请号:US10896733

    申请日:2004-07-22

    IPC分类号: H04L12/26

    CPC分类号: H04L63/1416 H04L63/1466

    摘要: A detection and response system including a set of algorithms for detecting within a stream of normal computer traffic a subset of (should focus on network traffic eliciting a response) TCP or UDP packets with one IP Source Address (SA) value, one or a few Destination Address (DA) values, and a number exceeding a threshold of distinct Destination Port (DP) values. A lookup mechanism such as a Direct Table and Patricia search tree record and trace sets of packets with one SA and one DA as well as the set of DP values observed for the given SA, DA combination. The detection and response system reports the existence of such a subset and the header values including SA, DA, and multiple DPs of the subset. The detection and response system also includes various administrative responses to reports.

    摘要翻译: 一种检测和响应系统,包括一组用于在正常计算机业务流内检测的一组算法(应该侧重于引发响应的网络业务)具有一个IP源地址(SA)值的TCP或UDP分组,一个或几个 目标地址(DA)值和超过不同目标端口(DP)值阈值的数字。 一个查找机制,如直接表和帕特里夏搜索树记录,跟踪一组SA和一个DA的数据包以及给定SA,DA组合观察到的一组DP值。 检测和响应系统报告这样的子集的存在以及包括SA,DA和子集的多个DP的标题值。 检测和响应系统还包括对报告的各种管理响应。