-
公开(公告)号:US08103612B2
公开(公告)日:2012-01-24
申请号:US13100709
申请日:2011-05-04
申请人: Mian Zhou , Sean Kenric Catlett
发明人: Mian Zhou , Sean Kenric Catlett
CPC分类号: H04L63/1416
摘要: A system and method for analyzing Intrusion Detection System (IDS) alert data associated with a computer network is described. The method includes applying first association rules to obtained IDS alert data associated with a computer network and processing the obtained IDS alert data with the first association rules. Analyst feedback data associated with the processed obtained IDS alert data is received, and a training data set from the analyst feedback data is received. New association rules are determined based upon the training data set, and the new association rules are outputted to a display of a computing device. Outputting the new association rules may include outputting patterns within the IDS alert data of false positive alerts. The new association rules may be applied back to the obtained IDS alert data.
摘要翻译: 描述了一种用于分析与计算机网络相关联的入侵检测系统(IDS)警报数据的系统和方法。 该方法包括将第一关联规则应用于与计算机网络相关联的所获得的IDS警报数据,并使用第一关联规则处理获得的IDS警报数据。 接收到与所处理的所获得的IDS警报数据相关联的分析者反馈数据,并且接收到来自分析器反馈数据的训练数据集。 基于训练数据集来确定新的关联规则,并且将新的关联规则输出到计算设备的显示器。 输出新的关联规则可以包括在假阳性警报的IDS警报数据内输出模式。 新的关联规则可以被应用回所获得的IDS警报数据。
-
公开(公告)号:US07991726B2
公开(公告)日:2011-08-02
申请号:US11948538
申请日:2007-11-30
申请人: Mian Zhou , Sean Kenric Catlett
发明人: Mian Zhou , Sean Kenric Catlett
CPC分类号: H04L63/1416
摘要: A system and method for analyzing Intrusion Detection System (IDS) alert data associated with a computer network is described. The method includes applying first association rules to obtained IDS alert data associated with a computer network and processing the obtained IDS alert data with the first association rules. Analyst feedback data associated with the processed obtained IDS alert data is received, and a training data set from the analyst feedback data is received. New association rules are determined based upon the training data set, and the new association rules are outputted to a display of a computing device. Outputting the new association rules may include outputting patterns within the IDS alert data of false positive alerts. The new association rules may be applied back to the obtained IDS alert data.
摘要翻译: 描述了一种用于分析与计算机网络相关联的入侵检测系统(IDS)警报数据的系统和方法。 该方法包括将第一关联规则应用于与计算机网络相关联的所获得的IDS警报数据,并使用第一关联规则处理获得的IDS警报数据。 接收到与所处理的所获得的IDS警报数据相关联的分析者反馈数据,并且接收到来自分析器反馈数据的训练数据集。 基于训练数据集来确定新的关联规则,并且将新的关联规则输出到计算设备的显示器。 输出新的关联规则可以包括在假阳性警报的IDS警报数据内输出模式。 新的关联规则可以被应用回所获得的IDS警报数据。
-
公开(公告)号:US20110208677A1
公开(公告)日:2011-08-25
申请号:US13100709
申请日:2011-05-04
申请人: Mian Zhou , Sean Kenric Catlett
发明人: Mian Zhou , Sean Kenric Catlett
CPC分类号: H04L63/1416
摘要: A system and method for analyzing Intrusion Detection System (IDS) alert data associated with a computer network is described. The method includes applying first association rules to obtained IDS alert data associated with a computer network and processing the obtained IDS alert data with the first association rules. Analyst feedback data associated with the processed obtained IDS alert data is received, and a training data set from the analyst feedback data is received. New association rules are determined based upon the training data set, and the new association rules are outputted to a display of a computing device. Outputting the new association rules may include outputting patterns within the IDS alert data of false positive alerts. The new association rules may be applied back to the obtained IDS alert data.
摘要翻译: 描述了一种用于分析与计算机网络相关联的入侵检测系统(IDS)警报数据的系统和方法。 该方法包括将第一关联规则应用于与计算机网络相关联的所获得的IDS警报数据,并使用第一关联规则处理获得的IDS警报数据。 接收到与所处理的所获得的IDS警报数据相关联的分析者反馈数据,并且接收到来自分析器反馈数据的训练数据集。 基于训练数据集来确定新的关联规则,并且将新的关联规则输出到计算设备的显示器。 输出新的关联规则可以包括在假阳性警报的IDS警报数据内输出模式。 新的关联规则可以被应用回所获得的IDS警报数据。
-
公开(公告)号:US20090144216A1
公开(公告)日:2009-06-04
申请号:US11948538
申请日:2007-11-30
申请人: Mian Zhou , Sean Kenric Catlett
发明人: Mian Zhou , Sean Kenric Catlett
IPC分类号: G06N5/02
CPC分类号: H04L63/1416
摘要: A system and method for analyzing Intrusion Detection System (IDS) alert data associated with a computer network is described. The method includes applying first association rules to obtained IDS alert data associated with a computer network and processing the obtained IDS alert data with the first association rules. Analyst feedback data associated with the processed obtained IDS alert data is received, and a training data set from the analyst feedback data is received. New association rules are determined based upon the training data set, and the new association rules are outputted to a display of a computing device. Outputting the new association rules may include outputting patterns within the IDS alert data of false positive alerts. The new association rules may be applied back to the obtained IDS alert data.
摘要翻译: 描述了一种用于分析与计算机网络相关联的入侵检测系统(IDS)警报数据的系统和方法。 该方法包括将第一关联规则应用于与计算机网络相关联的所获得的IDS警报数据,并使用第一关联规则处理获得的IDS警报数据。 接收到与所处理的所获得的IDS警报数据相关联的分析者反馈数据,并且接收到来自分析器反馈数据的训练数据集。 基于训练数据集来确定新的关联规则,并且将新的关联规则输出到计算设备的显示器。 输出新的关联规则可以包括在假阳性警报的IDS警报数据内输出模式。 新的关联规则可以被应用回所获得的IDS警报数据。
-
公开(公告)号:US20090144121A1
公开(公告)日:2009-06-04
申请号:US11948735
申请日:2007-11-30
IPC分类号: G06Q10/00
CPC分类号: G06Q10/08 , G06Q50/265
摘要: The disclosure relates to a process which determines a cross-training plan in order to ensure a company or business unit will be better prepared for a pandemic event by cross-training additional employees in the most critical services or functions. The pandemic cross-training plan is determined by utilizing such criteria such as geography, experience-level, and employee preference to strategically and systematically cross-train an employee in a critical function. This can be completed either manually through a criteria matrix approach or automatically by a computing device and utilizing mathematical formulas.
摘要翻译: 本公开涉及确定交叉训练计划的过程,以确保公司或业务部门通过在最关键的服务或功能中交叉培训更多的员工来更好地为大流行病事件做好准备。 大流行的交叉训练计划是通过利用地理,经验层面和员工偏好等标准来确定的,以战略和系统地交叉训练一个关键职能的员工。 这可以通过标准矩阵方法手动完成,或者由计算设备自动完成,并利用数学公式。
-
公开(公告)号:US20090126012A1
公开(公告)日:2009-05-14
申请号:US11940062
申请日:2007-11-14
申请人: William Scott Treadwell , Mian Zhou
发明人: William Scott Treadwell , Mian Zhou
IPC分类号: G06F21/24
摘要: A method suitable for detecting malicious files includes several steps. A file that is received into a computer system is analyzed to determine a presence or absence of each of a plurality of predefined properties in the file. A score is calculated based on the presence or absence of the plurality of properties in the file. This score is reflective of the risk that the file is malicious. Once the score is calculated, the file can be further processed based on the score.
摘要翻译: 适用于检测恶意文件的方法包括几个步骤。 分析接收到计算机系统中的文件,以确定文件中是否存在多个预定义属性中的每一个。 基于文件中多个属性的存在或不存在来计算分数。 该分数反映了文件恶意的风险。 一旦计算得分,该文件可以根据得分进一步处理。
-
公开(公告)号:US08037536B2
公开(公告)日:2011-10-11
申请号:US11940062
申请日:2007-11-14
申请人: William Scott Treadwell , Mian Zhou
发明人: William Scott Treadwell , Mian Zhou
IPC分类号: G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00 , G06F15/173
摘要: A method suitable for detecting malicious files includes several steps. A file that is received into a computer system is analyzed to determine a presence or absence of each of a plurality of predefined properties in the file. A score is calculated based on the presence or absence of the plurality of properties in the file. This score is reflective of the risk that the file is malicious. Once the score is calculated, the file can be further processed based on the score.
摘要翻译: 适用于检测恶意文件的方法包括几个步骤。 分析接收到计算机系统中的文件,以确定文件中是否存在多个预定义属性中的每一个。 基于文件中多个属性的存在或不存在来计算分数。 该分数反映了文件恶意的风险。 一旦计算得分,该文件可以根据得分进一步处理。
-
公开(公告)号:US09104872B2
公开(公告)日:2015-08-11
申请号:US12695490
申请日:2010-01-28
申请人: Mian Zhou , William Scott Treadwell
发明人: Mian Zhou , William Scott Treadwell
CPC分类号: G06F21/566
摘要: An enhanced whitelisting module associated within a system whitelists unknown files for execution on the system. The whitelisting module may oversee the computation of a hash of a file loaded into the memory and comparison of the hash to hashes within a hash table generated from clean files located on a clean system. The whitelisting module may communicate to a device internal and/or external to the system to retrieve the hash table of clean files. In certain embodiments, a rolling hash (or other piecewise hash) may be used to determine the location and/or extent of the differences between a modified file and a clean file.
摘要翻译: 在系统中关联的增强型白名单模块会将未知文件列入白名单,以便在系统上执行。 白名单模块可以监督加载到存储器中的文件的散列的计算,并且将哈希与哈希表进行哈希比较,该哈希表是从位于清洁系统上的干净文件生成的。 白名单模块可以与系统内部和/或外部的设备进行通信,以检索干净文件的哈希表。 在某些实施例中,可以使用滚动散列(或其他分段哈希)来确定修改的文件和干净文件之间的差异的位置和/或程度。
-
公开(公告)号:US20110185417A1
公开(公告)日:2011-07-28
申请号:US12695490
申请日:2010-01-28
申请人: Mian Zhou , William Scott Treadwell
发明人: Mian Zhou , William Scott Treadwell
IPC分类号: G06F21/00
CPC分类号: G06F21/566
摘要: An enhanced whitelisting module associated within a system whitelists unknown files for execution on the system. The whitelisting module may oversee the computation of a hash of a file loaded into the memory and comparison of the hash to hashes within a hash table generated from clean files located on a clean system. The whitelisting module may communicate to a device internal and/or external to the system to retrieve the hash table of clean files. In certain embodiments, a rolling hash (or other piecewise hash) may be used to determine the location and/or extent of the differences between a modified file and a clean file.
摘要翻译: 在系统中关联的增强型白名单模块会将未知文件列入白名单,以便在系统上执行。 白名单模块可以监督加载到存储器中的文件的散列的计算,并且将哈希与哈希表进行哈希比较,该哈希表是从位于清洁系统上的干净文件生成的。 白名单模块可以与系统内部和/或外部的设备进行通信,以检索干净文件的哈希表。 在某些实施例中,可以使用滚动散列(或其他分段哈希)来确定修改的文件和干净文件之间的差异的位置和/或程度。
-
公开(公告)号:US07980464B1
公开(公告)日:2011-07-19
申请号:US12343036
申请日:2008-12-23
申请人: Helen Sarris , Timothy B. Byrd , Rhonna J. Clark , Chuan Bin Lin , Daniel P. Shnowske , William Treadwell , Mian Zhou
发明人: Helen Sarris , Timothy B. Byrd , Rhonna J. Clark , Chuan Bin Lin , Daniel P. Shnowske , William Treadwell , Mian Zhou
CPC分类号: G07F19/20 , G06Q20/1085 , G06Q20/40 , G06Q40/02 , G07F7/1016 , G07F7/1025
摘要: Systems and methods are provided for protecting against bank card fraud and related crimes by providing a distress/fraud trigger at bank card machines, such as automated teller machines and point-of-sale terminals. The trigger initiates certain heightened-security processes designed to stop the crime, control damage, and help apprehend the criminal. For example, in one embodiment, the trigger involves the cardholder inputting a “panic” personal identification code into the bank card machine. The panic personal identification code indicates to a party involved in the bank card transaction that a fraudulent transaction may be taking place. The heightened-security processes may include, for example, displaying that the bank card machine is out-of-order, dispensing money with a GPS tracking device, requesting additional identification steps, instituting delay tactics, notifying on-site personnel, or forwarding audio or video information from the bank card machine to a bank's command center in real time or near real time.
摘要翻译: 提供系统和方法,通过在银行卡机器(如自动柜员机和销售点终端)提供遇险/欺诈触发来防止银行卡欺诈和相关犯罪。 触发器启动了一些旨在阻止犯罪,控制伤害和帮助逮捕犯罪者的高度安全的过程。 例如,在一个实施例中,触发器涉及持卡人在银行卡机器中输入“紧急”的个人识别码。 恐慌的个人识别码向参与银行卡交易的一方指示可能发生欺诈性交易。 高度安全的处理可以包括例如显示银行卡机器是无序的,用GPS跟踪装置分配钱,请求附加的识别步骤,建立延迟策略,通知现场人员或转发音频 或视频信息从银行卡机器实时或接近实时的银行指挥中心。
-
-
-
-
-
-
-
-
-
搜索结果
11 条记录 (耗时 0.019 秒)
