利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

63 条记录 (耗时 0.025 秒)

    SEMANTIC NETWORKS FOR INTRUSION DETECTION
    1.
    发明申请
    SEMANTIC NETWORKS FOR INTRUSION DETECTION 审中-公开
    用于侵入检测的语义网络

    公开(公告)号:US20090328215A1

    公开(公告)日:2009-12-31

    申请号:US12165207

    申请日:2008-06-30

    申请人: Lior Arzi Ron Karidi Shai Aharon Rubin Efim Hudis

    发明人: Lior Arzi Ron Karidi Shai Aharon Rubin Efim Hudis

    IPC分类号: G06F21/00

    CPC分类号: H04L63/1433 G06F21/316 G06F21/552 G06F2221/2105 G06F2221/2145 H04L51/12 H04L63/1416

    摘要: Semantic networks are generated to model the operational behavior of an enterprise network to provide contextual interpretation of an event or a sequence of events that are observed in that specific enterprise network. In various illustrative examples, different semantic networks may be generated to model different behavior scenarios in the enterprise network. Without the context provided by these semantic networks malicious events may inherently be interpreted as benign events as there is typically always a scenario where such events could be part of normal operations of an enterprise network. Instead, the present semantic networks enable interpretation of events for a specific enterprise network. Such interpretation enables the conclusion that a sequence of events that could possibly be part of normal operations in a theoretical enterprise network is, in fact, abnormal for this specific enterprise network.

    摘要翻译: 生成语义网络以对企业网络的操作行为进行建模,以提供在该特定企业网络中观察到的事件或一系列事件的上下文解释。 在各种说明性示例中,可以生成不同的语义网络以对企业网络中的不同行为场景进行建模。 没有由这些语义网络提供的上下文,恶意事件可能固有地被解释为良性事件,因为通常总是存在这样的情况,其中这样的事件可以是企业网络的正常操作的一部分。 相反,现有的语义网络能够解释特定企业网络的事件。 这样的解释可以得出结论,在理论企业网络中可能成为正常运行的一部分事件序列实际上对于这个特定的企业网络是不正常的。

    ANALYTICS ENGINE
    2.
    发明申请
    ANALYTICS ENGINE 有权
    分析发动机

    公开(公告)号:US20090199265A1

    公开(公告)日:2009-08-06

    申请号:US12141897

    申请日:2008-06-18

    申请人: Efim Hudis Eyal Zangi Moshe Sapir Tomer Weisberg Yair Helman Shai Aharon Rubin Yosef Dinerstein Lior Arzi

    发明人: Efim Hudis Eyal Zangi Moshe Sapir Tomer Weisberg Yair Helman Shai Aharon Rubin Yosef Dinerstein Lior Arzi

    IPC分类号: H04L9/00 G06F12/14 G06N5/02

    CPC分类号: G06F21/577 G06F21/6209 G06F2221/2145 G06F2221/2151 G06N5/025 H04L63/1433

    摘要: Aspects of the subject matter described herein relate to a mechanism for assessing security. In aspects, an analytics engine is provided that manages execution, information storage, and data passing between various components of a security system. When data is available for analysis, the analytics engine determines which security components to execute and the order in which to execute the security components, where in some instances two or more components may be executed in parallel. The analytics engine then executes the components in the order determined and passes output from component to component as dictated by dependencies between the components. This is repeated until a security assessment is generated or updated. The analytics engine simplifies the work of creating and integrating various security components.

    摘要翻译: 本文描述的主题的方面涉及用于评估安全性的机制。 在一些方面,提供了分析引擎,其管理安全系统的各个组件之间的执行,信息存储和数据传递。 当数据可用于分析时,分析引擎确定要执行哪些安全组件以及执行安全组件的顺序,在某些情况下,并行执行两个或多个组件。 然后,分析引擎按照所确定的顺序执行组件,并将组件的输出传递到组件,这是由组件之间的依赖关系决定的。 直到产生或更新安全评估为止。 分析引擎简化了创建和集成各种安全组件的工作。

    Analytics engine
    3.
    发明授权
    Analytics engine 有权
    分析引擎

    公开(公告)号:US08990947B2

    公开(公告)日:2015-03-24

    申请号:US12141897

    申请日:2008-06-18

    申请人: Efim Hudis Eyal Zangi Moshe Sapir Tomer Weisberg Yair Helman Shai Aharon Rubin Yosef Dinerstein Lior Arzi

    发明人: Efim Hudis Eyal Zangi Moshe Sapir Tomer Weisberg Yair Helman Shai Aharon Rubin Yosef Dinerstein Lior Arzi

    IPC分类号: G06F21/57 G06F21/62 G06N5/02 H04L29/06

    CPC分类号: G06F21/577 G06F21/6209 G06F2221/2145 G06F2221/2151 G06N5/025 H04L63/1433

    摘要: Aspects of the subject matter described herein relate to a mechanism for assessing security. In aspects, an analytics engine is provided that manages execution, information storage, and data passing between various components of a security system. When data is available for analysis, the analytics engine determines which security components to execute and the order in which to execute the security components, where in some instances two or more components may be executed in parallel. The analytics engine then executes the components in the order determined and passes output from component to component as dictated by dependencies between the components. This is repeated until a security assessment is generated or updated. The analytics engine simplifies the work of creating and integrating various security components.

    摘要翻译: 本文描述的主题的方面涉及用于评估安全性的机制。 在一些方面,提供了分析引擎,其管理安全系统的各个组件之间的执行,信息存储和数据传递。 当数据可用于分析时,分析引擎确定要执行哪些安全组件以及执行安全组件的顺序,在某些情况下,并行执行两个或多个组件。 然后,分析引擎按照所确定的顺序执行组件,并将组件的输出传递到组件,这是由组件之间的依赖关系决定的。 直到产生或更新安全评估为止。 分析引擎简化了创建和集成各种安全组件的工作。

    Personalized honeypot for detecting information leaks and security breaches
    4.
    发明授权
    Personalized honeypot for detecting information leaks and security breaches 有权
    用于检测信息泄漏和安全漏洞的个性化蜜罐

    公开(公告)号:US08181250B2

    公开(公告)日:2012-05-15

    申请号:US12165460

    申请日:2008-06-30

    申请人: Ziv Rafalovich Lior Arzi Ron Karidi Efim Hudis

    发明人: Ziv Rafalovich Lior Arzi Ron Karidi Efim Hudis

    IPC分类号: G06F11/00 G06F12/14

    CPC分类号: H04L63/1441 G06F2221/2101 H04L43/0876 H04L63/1491

    摘要: A honeypot in a computer network is configured for use with a wide variety of computing resources that are defined by a network administrator or user which may include desktop and network resources such as address book contacts, instant messaging contacts, active directory user accounts, IP addresses, and files that contain particular content or that are stored in particular locations. The resources may be real for which protection against leakage is desired, or fake to operate as bait to lure and detect malicious attacks. The honeypot is implemented in an extensible manner so that virtually any resource may be honeypotted to apply honeypot benefits to resources beyond static IP addresses in order to improve both the breadth of information leakage prevention and the detection of malicious attacks.

    摘要翻译: 计算机网络中的蜜罐配置为与由网络管理员或用户定义的各种计算资源一起使用,网络管理员或用户可以包括桌面和网络资源,例如地址簿联系人,即时消息联系人,活动目录用户帐户,IP地址 ,以及包含特定内容或存储在特定位置的文件。 这些资源可能是真实的,为了防止泄漏而需要防止泄漏,或者假冒作为诱饵来诱骗和检测恶意攻击。 蜜罐以可扩展的方式实现,以便实际上任何资源都可以被蜜罐地用于将蜜罐的优点应用于超出静态IP地址的资源,以便改进信息泄漏预防的广度和恶意攻击的检测。

    PERSONALIZED HONEYPOT FOR DETECTING INFORMATION LEAKS AND SECURITY BREACHES
    5.
    发明申请
    PERSONALIZED HONEYPOT FOR DETECTING INFORMATION LEAKS AND SECURITY BREACHES 有权
    用于检测信息泄漏和安全性威胁的个性化蜂蜜

    公开(公告)号:US20090328216A1

    公开(公告)日:2009-12-31

    申请号:US12165460

    申请日:2008-06-30

    申请人: Ziv Rafalovich Lior Arzi Ron Karidi Efim Hudis

    发明人: Ziv Rafalovich Lior Arzi Ron Karidi Efim Hudis

    IPC分类号: G06F12/14 G06F11/00

    CPC分类号: H04L63/1441 G06F2221/2101 H04L43/0876 H04L63/1491

    摘要: A honeypot in a computer network is configured for use with a wide variety of computing resources that are defined by a network administrator or user which may include desktop and network resources such as address book contacts, instant messaging contacts, active directory user accounts, IP addresses, and files that contain particular content or that are stored in particular locations. The resources may be real for which protection against leakage is desired, or fake to operate as bait to lure and detect malicious attacks. The honeypot is implemented in an extensible manner so that virtually any resource may be honeypotted to apply honeypot benefits to resources beyond static IP addresses in order to improve both the breadth of information leakage prevention and the detection of malicious attacks.

    摘要翻译: 计算机网络中的蜜罐被配置为与由网络管理员或用户定义的各种计算资源一起使用,网络管理员或用户可以包括桌面和网络资源,例如地址簿联系人,即时消息联系人,活动目录用户帐户,IP地址 ,以及包含特定内容或存储在特定位置的文件。 这些资源可能是真实的,为了防止泄漏而需要防止泄漏,或者假冒作为诱饵来诱骗和检测恶意攻击。 蜜罐以可扩展的方式实现,以便实际上任何资源都可以被蜜罐地用于将蜜罐的优点应用于超出静态IP地址的资源,以便改进信息泄漏预防的广度和恶意攻击的检测。

    MAPPING BETWEEN USERS AND MACHINES IN AN ENTERPRISE SECURITY ASSESSMENT SHARING SYSTEM
    6.
    发明申请
    MAPPING BETWEEN USERS AND MACHINES IN AN ENTERPRISE SECURITY ASSESSMENT SHARING SYSTEM 有权
    企业安全评估系统中用户和机器之间的映射

    公开(公告)号:US20090328222A1

    公开(公告)日:2009-12-31

    申请号:US12146440

    申请日:2008-06-25

    申请人: Yair Helman Efim Hudis Lior Arzi

    发明人: Yair Helman Efim Hudis Lior Arzi

    IPC分类号: G06F21/00

    CPC分类号: H04L63/1425 G06F21/554

    摘要: Mapping between object types in an enterprise security assessment sharing (“ESAS”) system enables attacks on an enterprise network and security incidents to be better detected and capabilities to respond to be improved. The ESAS system is distributed among endpoints incorporating different security products in the enterprise network that share a commonly-utilized communications channel. An endpoint will generate a tentative assignment of contextual meaning called a security assessment that is published when a potential security incident is detected. The security assessment identifies the object of interest, the type of security incident and its severity. A level of confidence in the detection is also provided which is expressed by an attribute called the “fidelity”. ESAS is configured with the capabilities to map between objects, including users and machines in the enterprise network, so that security assessments applicable to one object domain can be used to generate security assessments in another object domain.

    摘要翻译: 在企业安全评估共享(“ESAS”)系统中的对象类型映射可以对企业网络进行攻击,并更好地检测安全事件,并提高响应能力。 ESAS系统分布在共享通用通信通道的企业网络中包含不同安全产品的端点之间。 端点将产生一个上下文意义的临时赋值,称为安全评估,当检测到潜在的安全事件时,该评估将被发布。 安全评估确定感兴趣的对象,安全事件的类型及其严重性。 还提供了一种由被称为“保真度”的属性表示的对检测的置信度。 配置ESAS配置能够在企业网络中的对象(包括用户和计算机)之间进行映射,以便可以使用适用于一个对象域的安全评估来生成另一对象域中的安全性评估。

    Mapping between users and machines in an enterprise security assessment sharing system
    7.
    发明授权
    Mapping between users and machines in an enterprise security assessment sharing system 有权
    在企业安全评估共享系统中的用户和机器之间进行映射

    公开(公告)号:US08689335B2

    公开(公告)日:2014-04-01

    申请号:US12146440

    申请日:2008-06-25

    申请人: Yair Helman Efim Hudis Lior Arzi

    发明人: Yair Helman Efim Hudis Lior Arzi

    IPC分类号: H04L29/06

    CPC分类号: H04L63/1425 G06F21/554

    摘要: Mapping between object types in an enterprise security assessment sharing (“ESAS”) system enables attacks on an enterprise network and security incidents to be better detected and capabilities to respond to be improved. The ESAS system is distributed among endpoints incorporating different security products in the enterprise network that share a commonly-utilized communications channel. An endpoint publishes a security assessment when a potential security incident is detected. The security assessment identifies the object of interest, the type of security incident and its severity. A level of confidence in the detection is also provided which is expressed by an attribute called the “fidelity”. ESAS is configured with the capabilities to map between objects, including users and machines in the enterprise network, so that security assessments applicable to one object domain can be used to generate security assessments in another object domain.

    摘要翻译: 在企业安全评估共享(“ESAS”)系统中的对象类型映射可以对企业网络进行攻击,并更好地检测安全事件,并提高响应能力。 ESAS系统分布在共享通用通信通道的企业网络中包含不同安全产品的端点之间。 当检测到潜在的安全事件时,端点会发布安全性评估。 安全评估确定感兴趣的对象,安全事件的类型及其严重性。 还提供了一种由被称为“保真度”的属性表示的对检测的置信度。 配置ESAS配置能够在企业网络中的对象(包括用户和计算机)之间进行映射,以便可以使用适用于一个对象域的安全评估来生成另一对象域中的安全性评估。

    Enterprise security assessment sharing
    10.
    发明授权
    Enterprise security assessment sharing 有权
    企业安全评估共享

    公开(公告)号:US08959568B2

    公开(公告)日:2015-02-17

    申请号:US11724061

    申请日:2007-03-14

    申请人: Efim Hudis Yair Helman Joseph Malka Uri Barash

    发明人: Efim Hudis Yair Helman Joseph Malka Uri Barash

    IPC分类号: G06F11/00

    CPC分类号: H04L63/20 G06F21/552 G06F21/577 H04L41/0803 H04L41/0893 H04L63/1425

    摘要: An enterprise-wide sharing arrangement uses a semantic abstraction, called a security assessment, to share security-related information between different security products, called endpoints. A security assessment is defined as a tentative assignment by an endpoint of broader contextual meaning to information that is collected about an object of interest. Its tentative nature is reflected in two of its components: a fidelity field used to express the level of confidence in the assessment, and a time-to-live field for an estimated time period for which the assessment is valid. Endpoints may publish security assessments onto a security assessment channel, as well as subscribe to a subset of security assessments published by other endpoints. A specialized endpoint is coupled to the channel that performs as a centralized audit point by subscribing to all security assessments, logging the security assessments, and also logging the local actions taken by endpoints in response to security threats.

    摘要翻译: 企业级共享安排使用称为安全评估的语义抽象来共享称为端点的不同安全产品之间的安全相关信息。 安全评估被定义为由更广泛的语境意义的端点对关于感兴趣的对象收集的信息的暂时分配。 其暂定性质体现在其两个组成部分:用于表达对评估的信心程度的忠实领域,以及评估有效的估计时间段的实时生存领域。 端点可以将安全评估发布到安全评估通道上,并订阅其他端点发布的安全评估子集。 通过订阅所有安全性评估,记录安全性评估以及记录端点响应安全威胁所采取的本地操作,专用端点与作为集中审核点执行的通道相连。