-
公开(公告)号:US07979907B2
公开(公告)日:2011-07-12
申请号:US12338479
申请日:2008-12-18
CPC分类号: H04L63/145 , G06F21/562
摘要: A system and methods for detecting malicious executable attachments at an email processing application of a computer system using data mining techniques. The email processing application may be located at the server or at the client or host. The executable attachments are filtered from said email, and byte sequence features are extracted from the executable attachment. The executable attachments are classified by comparing the byte sequence feature of the executable attachment to a classification rule set derived from byte sequence features of a data set of known executables having a predetermined class in a set of classes, e.g., malicious or benign. The system is also able to classify executable attachments as borderline when the difference between the probability that the executable is malicious and the probability that the executable is benign are within a predetermined threshold. The system can notify the user when the number of borderline attachments exceeds the threshold in order to refine the classification rule set.
摘要翻译: 一种用于在使用数据挖掘技术的计算机系统的电子邮件处理应用中检测恶意可执行附件的系统和方法。 电子邮件处理应用程序可能位于服务器或客户端或主机。 从所述电子邮件过滤可执行附件,并从可执行附件中提取字节序列特征。 可执行附件通过将可执行附件的字节序列特征与从一组类别(例如恶意或良性)中具有预定类别的已知可执行程序的数据集的字节序列特征导出的分类规则集进行比较来分类。 当可执行文件的恶意程度与可执行文件的良性概率在预定的阈值内时,系统还能将可执行附件分类为边界。 为了优化分类规则集,系统可以通知用户边界附件的数量超过阈值。
-
公开(公告)号:US20090254992A1
公开(公告)日:2009-10-08
申请号:US12338479
申请日:2008-12-18
IPC分类号: G06F21/00
CPC分类号: H04L63/145 , G06F21/562
摘要: A system and methods for detecting malicious executable attachments at an email processing application of a computer system using data mining techniques. The email processing application may be located at the server or at the client or host. The executable attachments are filtered from said email, and byte sequence features are extracted from the executable attachment. The executable attachments are classified by comparing the byte sequence feature of the executable attachment to a classification rule set derived from byte sequence features of a data set of known executables having a predetermined class in a set of classes, e.g., malicious or benign. The system is also able to classify executable attachments as borderline when the difference between the probability that the executable is malicious and the probability that the executable is benign are within a predetermined threshold. The system can notify the user when the number of borderline attachments exceeds the threshold in order to refine the classification rule set.
摘要翻译: 一种用于在使用数据挖掘技术的计算机系统的电子邮件处理应用中检测恶意可执行附件的系统和方法。 电子邮件处理应用程序可能位于服务器或客户端或主机。 从所述电子邮件过滤可执行附件,并从可执行附件中提取字节序列特征。 可执行附件通过将可执行附件的字节序列特征与从一组类别(例如恶意或良性)中具有预定类别的已知可执行程序的数据集的字节序列特征导出的分类规则集进行比较来分类。 当可执行文件的恶意程度与可执行文件的良性概率在预定的阈值内时,系统还能将可执行附件分类为边界。 为了优化分类规则集,系统可以通知用户边界附件的数量超过阈值。
-
公开(公告)号:US07487544B2
公开(公告)日:2009-02-03
申请号:US10208432
申请日:2002-07-30
IPC分类号: G06F21/00
CPC分类号: H04L63/145 , G06F21/562
摘要: A system and methods for detecting malicious executable attachments at an email processing application of a computer system using data mining techniques. The email processing application may be located at the server or at the client or host. The executable attachments are filtered from said email, and byte sequence features are extracted from the executable attachment. The executable attachments are classified by comparing the byte sequence feature of the executable attachment to a classification rule set derived from byte sequence features of a data set of known executables having a predetermined class in a set of classes, e.g., malicious or benign. The system is also able to classify executable attachments as borderline when the difference between the probability that the executable is malicious and the probability that the executable is benign are within a predetermined threshold. The system can notify the user when the number of borderline attachments exceeds the threshold in order to refine the classification rule set.
摘要翻译: 一种用于在使用数据挖掘技术的计算机系统的电子邮件处理应用中检测恶意可执行附件的系统和方法。 电子邮件处理应用程序可能位于服务器或客户端或主机。 从所述电子邮件过滤可执行附件,并从可执行附件中提取字节序列特征。 可执行附件通过将可执行附件的字节序列特征与从一组类别(例如恶意或良性)中具有预定类别的已知可执行程序的数据集的字节序列特征导出的分类规则集进行比较来分类。 当可执行文件的恶意程度与可执行文件的良性概率在预定的阈值内时,系统还能将可执行附件分类为边界。 为了优化分类规则集,系统可以通知用户边界附件的数量超过阈值。
-
公开(公告)号:US08443441B2
公开(公告)日:2013-05-14
申请号:US12633493
申请日:2009-12-08
IPC分类号: G06F21/00
CPC分类号: H04L63/1425 , H04L51/12 , H04L63/145
摘要: A system and methods of detecting an occurrence of a violation of an email security policy of a computer system. A model relating to the transmission of prior emails through the computer system is defined which is derived from statistics relating to the prior emails. For selected emails to be analyzed, statistics concerning the selected email are gathered. Such statistics may refer to the behavior or other features of the selected emails, attachments to emails, or email accounts. The determination of whether a violation of an email security policy has occurred is performed by applying the model of prior email transmission to the statistics relating to the selected email. The model may be statistical or probabilistic. A model of prior email transmission may include grouping email recipients into cliques. A determination of a violation of a security policy may occur if email recipients for a particular email are in more than one clique.
-
公开(公告)号:US20100169970A1
公开(公告)日:2010-07-01
申请号:US12633493
申请日:2009-12-08
CPC分类号: H04L63/1425 , H04L51/12 , H04L63/145
摘要: A system and methods of detecting an occurrence of a violation of an email security policy of a computer system. A model relating to the transmission of prior emails through the computer system is defined which is derived from statistics relating to the prior emails. For selected emails to be analyzed, statistics concerning the selected email are gathered. Such statistics may refer to the behavior or other features of the selected emails, attachments to emails, or email accounts. The determination of whether a violation of an email security policy has occurred is performed by applying the model of prior email transmission to the statistics relating to the selected email. The model may be statistical or probabilistic. A model of prior email transmission may include grouping email recipients into cliques. A determination of a violation of a security policy may occur if email recipients for a particular email are in more than one clique.
摘要翻译: 检测违反计算机系统的电子邮件安全策略的发生的系统和方法。 与通过计算机系统传输以前的电子邮件相关的模型被定义为从与先前的电子邮件相关的统计数据得出的。 对于要分析的所选电子邮件,将收集有关所选电子邮件的统计信息。 这样的统计数据可以指所选电子邮件的行为或其他功能,附件到电子邮件或电子邮件帐户。 通过将先前的电子邮件传输模型应用于与所选择的电子邮件相关的统计数据来确定是否发生了电子邮件安全策略的违规。 该模型可能是统计或概率。 先前电子邮件传输的模型可以包括将电子邮件收件人分组成团体。 如果特定电子邮件的电子邮件收件人在多个集团中,则可能会发生违反安全政策的决定。
-
公开(公告)号:US07657935B2
公开(公告)日:2010-02-02
申请号:US10222632
申请日:2002-08-16
CPC分类号: H04L63/1425 , H04L51/12 , H04L63/145
摘要: A system and methods of detecting an occurrence of a violation of an email security policy of a computer system. A model relating to the transmission of prior emails through the computer system is defined which is derived from statistics relating to the prior emails. For selected emails to be analyzed, statistics concerning the selected email are gathered. Such statistics may refer to the behavior or other features of the selected emails, attachments to emails, or email accounts. The determination of whether a violation of an email security policy has occurred is performed by applying the model of prior email transmission to the statistics relating to the selected email. The model may be statistical or probabilistic. A model of prior email transmission may include grouping email recipients into cliques. A determination of a violation of a security policy may occur if email recipients for a particular email are in more than one clique.
摘要翻译: 检测违反计算机系统的电子邮件安全策略的发生的系统和方法。 与通过计算机系统传输以前的电子邮件相关的模型被定义为从与先前的电子邮件相关的统计数据得出的。 对于要分析的所选电子邮件,将收集有关所选电子邮件的统计信息。 这样的统计数据可以指所选电子邮件的行为或其他功能,附件到电子邮件或电子邮件帐户。 通过将先前的电子邮件传输模型应用于与所选择的电子邮件相关的统计数据来确定是否发生了电子邮件安全策略的违规。 该模型可能是统计或概率。 先前电子邮件传输的模型可以包括将电子邮件收件人分组成团体。 如果特定电子邮件的电子邮件收件人在多个集团中,则可能会发生违反安全政策的决定。
-
公开(公告)号:US20080039020A1
公开(公告)日:2008-02-14
申请号:US11974208
申请日:2007-10-11
申请人: Eleazar Eskin
发明人: Eleazar Eskin
IPC分类号: H04B7/00
CPC分类号: H04W4/80 , G01S1/68 , H04L29/06 , H04L67/04 , H04L67/18 , H04L67/303 , H04L67/306 , H04L69/329 , H04W4/00 , H04W4/12 , H04W84/10 , H04W88/02 , H04W88/14
摘要: An application development platform enables applications to be created easily for, e.g., mobile devices that have short-range wireless communication capability. The development platform exposes a carefully chosen core set of services through an API. Each of the applications can broadcast its services to local and remote devices. Message delivery between devices is guaranteed even for messages that cannot be delivered directly by local short-range wireless transmission. Message delivery through other channels, including the Internet, can occur transparently to the user. Each device can be associated with an “owner”, which can be a person or a entity. Services can be customized to the owner based on stored information that maps owners to devices. Information associated with each of the owners of devices can be stored centrally and used in connection with providing the services at each of the mobile devices. Virtual GPS capabilities can be provided for mobile devices that do not have GPS chips.
-
8.发明授权Systems and methods for adaptive model generation for detecting intrusions in computer systems 有权用于检测计算机系统中入侵的自适应模型生成的系统和方法公开(公告)号:US08893273B2
公开(公告)日:2014-11-18
申请号:US11805946
申请日:2007-05-25
CPC分类号: H04L63/14 , G06F17/30091 , G06F17/30294 , G06F17/30477 , G06F21/554 , G06F21/566 , G06N7/005 , G06N99/005 , H04L63/1416 , H04L63/1425 , H04L63/1433
摘要: A system and methods for detecting intrusions in the operation of a computer system comprises a sensor configured to gather information regarding the operation of the computer system, to format the information in a data record having a predetermined format, and to transmit the data in the predetermined data format. A data warehouse is configured to receive the data record from the sensor in the predetermined data format and to store the data in a SQL database. A detection model generator is configured to request data records from the data warehouse in the predetermined data format, to generate an intrusion detection model based on said data records, and to transmit the intrusion detection model to the data warehouse according to the predetermined data format. A detector is configured to receive a data record in the predetermined data format from the sensor and to classify the data record in real-time as one of normal operation and an attack based on said intrusion detection model. A data analysis engine is configured to request data records from the data warehouse according to the predetermined data format and to perform a data processing function on the data records.
摘要翻译: 一种用于在计算机系统的操作中检测入侵的系统和方法,包括:传感器,被配置为收集关于计算机系统的操作的信息,将信息格式化成具有预定格式的数据记录,并且以预定的方式发送数据 数据格式。 数据仓库配置为以预定数据格式从传感器接收数据记录,并将数据存储在SQL数据库中。 检测模型生成器被配置为以预定数据格式从数据仓库请求数据记录,以基于所述数据记录生成入侵检测模型,并根据预定数据格式将入侵检测模型发送到数据仓库。 检测器被配置为从传感器接收预定数据格式的数据记录,并且将数据记录实时地分类为正常操作之一和基于所述入侵检测模型的攻击。 数据分析引擎被配置为根据预定数据格式从数据仓库请求数据记录,并对数据记录执行数据处理功能。
-
9.发明授权System and methods for adaptive model generation for detecting intrusion in computer systems 有权用于检测计算机系统入侵的自适应模型生成的系统和方法公开(公告)号:US08887281B2
公开(公告)日:2014-11-11
申请号:US13573314
申请日:2012-09-10
CPC分类号: H04L63/14 , G06F17/30091 , G06F17/30294 , G06F17/30477 , G06F21/554 , G06F21/566 , G06N7/005 , G06N99/005 , H04L63/1416 , H04L63/1425 , H04L63/1433
摘要: A system and methods for detecting intrusions in the operation of a computer system comprising a sensor configured to gather information regarding the operation of the computer system, to format the information in a data record, and to transmit the data record. A database is configured to receive the data record from the sensor and to store the data record. A detection model generator is configured to request data records from the database, to generate an intrusion detection model, and to transmit the intrusion detection model to the database. A detector is configured to receive a data record from the sensor and to classify the data record in real-time as one of normal operation and an attack. A data analysis engine is configured to request data records from the database and to perform a data processing function on the data records.
摘要翻译: 一种用于在计算机系统的操作中检测入侵的系统和方法,包括:传感器,被配置为收集关于所述计算机系统的操作的信息,将所述信息格式化在数据记录中,并传送所述数据记录。 数据库被配置为从传感器接收数据记录并存储数据记录。 检测模型生成器被配置为从数据库请求数据记录,生成入侵检测模型,并将入侵检测模型发送到数据库。 检测器被配置为从传感器接收数据记录并将数据记录实时分类为正常操作和攻击之一。 数据分析引擎被配置为从数据库请求数据记录并对数据记录执行数据处理功能。
-
公开(公告)号:US20080040272A1
公开(公告)日:2008-02-14
申请号:US11974094
申请日:2007-10-11
申请人: Eleazar Eskin
发明人: Eleazar Eskin
IPC分类号: G06Q40/00
CPC分类号: H04L12/282 , F25B2600/07 , F25D29/00 , F25D2400/36 , F25D2700/12 , G05B19/00 , G06Q20/105 , H02J13/001 , H02J13/002 , H02J13/0062 , H02J13/0072 , H02J13/0075 , H04B2203/5445 , H04B2203/5454 , H04B2203/5495 , H04L12/2803 , H04L2012/285 , Y02B30/765 , Y02B70/3216 , Y02B70/325 , Y02B70/3266 , Y02B70/3275 , Y02B90/2615 , Y02B90/2638 , Y02B90/2646 , Y02B90/2653 , Y02E60/7815 , Y04S10/40 , Y04S20/221 , Y04S20/228 , Y04S20/242 , Y04S20/244 , Y04S40/121 , Y04S40/124 , Y04S40/125 , Y04S40/126 , Y04S50/12
摘要: An application development platform enables applications to be created easily for, e.g., mobile devices that have short-range wireless communication capability. The development platform exposes a carefully chosen core set of services through an API. Each of the applications can broadcast its services to local and remote devices. Message delivery between devices is guaranteed even for messages that cannot be delivered directly by local short-range wireless transmission. Message delivery through other channels, including the Internet, can occur transparently to the user. Each device can be associated with an “owner”, which can be a person or a entity. Services can be customized to the owner based on stored information that maps owners to devices. Information associated with each of the owners of devices can be stored centrally and used in connection with providing the services at each of the mobile devices. Virtual GPS capabilities can be provided for mobile devices that do not have GPS chips.
-
-
-
-
-
-
-
-
-
搜索结果
22 条记录 (耗时 0.086 秒)
