-
1.发明授权Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems 有权在协作计算机系统之间关联和分发入侵警报信息的系统和方法公开(公告)号:US08667588B2
公开(公告)日:2014-03-04
申请号:US12837302
申请日:2010-07-15
IPC分类号: H04L29/06
CPC分类号: H04L63/1408
摘要: Systems and methods provide an alert correlator and an alert distributor that enable early signs of an attack to be detected and rapidly disseminated to collaborating systems. The alert correlator utilizes data structures to correlate alert detections and provide a mechanism through which threat information can be revealed to other collaborating systems. The alert distributor uses an efficient technique to group collaborating systems and then pass data between certain members of those groups according to a schedule. In this way data can be routinely distributed without generating excess traffic loads.
摘要翻译: 系统和方法提供警报相关器和警报分发器,其能够检测到攻击的早期迹象并且迅速地传播到协作系统。 警报相关器利用数据结构来关联警报检测,并提供可以向其他协作系统透露威胁信息的机制。 警报分配器使用有效的技术来对协作系统进行分组,然后根据时间表在某些成员之间传递数据。 以这种方式,数据可以定期分布,而不会产生过多的流量负载。
-
2.发明申请Systems and Methods for Correlating and Distributing Intrusion Alert Information Among Collaborating Computer Systems 有权在协作计算机系统中关联和分发入侵警报信息的系统和方法公开(公告)号:US20100281542A1
公开(公告)日:2010-11-04
申请号:US12837302
申请日:2010-07-15
CPC分类号: H04L63/1408
摘要: Systems and methods provide an alert correlator and an alert distributor that enable early signs of an attack to be detected and rapidly disseminated to collaborating systems. The alert correlator utilizes data structures to correlate alert detections and provide a mechanism through which threat information can be revealed to other collaborating systems. The alert distributor uses an efficient technique to group collaborating systems and then pass data between certain members of those groups according to a schedule. In this way data can be routinely distributed without generating excess traffic loads.
摘要翻译: 系统和方法提供警报相关器和警报分发器,其能够检测到攻击的早期迹象并且迅速地传播到协作系统。 警报相关器利用数据结构来关联警报检测,并提供可以向其他协作系统透露威胁信息的机制。 警报分配器使用有效的技术来对协作系统进行分组,然后根据时间表在某些成员之间传递数据。 以这种方式,数据可以定期分布,而不会产生过多的流量负载。
-
3.发明授权Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems 有权在协作计算机系统之间关联和分发入侵警报信息的系统和方法公开(公告)号:US07784097B1
公开(公告)日:2010-08-24
申请号:US10996574
申请日:2004-11-24
IPC分类号: G06F11/00 , G06F12/14 , G06F12/16 , G06F11/30 , G06F15/16 , G06F15/177 , G08B23/00 , B41K3/38
CPC分类号: H04L63/1408
摘要: Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems are provided. These systems and methods provide an alert correlator and an alert distributor that enable early signs of an attack to be detected and rapidly disseminated to collaborating systems. The alert correlator utilizes data structures to correlate alert detections and provide a mechanism through which threat information can be revealed to other collaborating systems. The alert distributor uses an efficient technique to group collaborating systems and then pass data between certain members of those groups according to a schedule. In this way data can be routinely distributed without generating excess traffic loads.
摘要翻译: 提供了在协作计算机系统之间关联和分发入侵警报信息的系统和方法。 这些系统和方法提供警报相关器和警报分发器,其使得能够检测到攻击的早期迹象并且迅速地传播到协作系统。 警报相关器利用数据结构来关联警报检测,并提供可以向其他协作系统透露威胁信息的机制。 警报分配器使用有效的技术来对协作系统进行分组,然后根据时间表在某些成员之间传递数据。 以这种方式,数据可以定期分布,而不会产生过多的流量负载。
-
4.发明申请Systems and Methods for Correlating and Distributing Intrusion Alert Information Among Collaborating Computer Systems 有权在协作计算机系统中关联和分发入侵警报信息的系统和方法公开(公告)号:US20100281541A1
公开(公告)日:2010-11-04
申请号:US12833743
申请日:2010-07-09
申请人: Salvatore J. Stolfo , Tal Malkin , Angelos D. Keromytis , Vishal Misra , Michael Locasto , Janak Parekh
发明人: Salvatore J. Stolfo , Tal Malkin , Angelos D. Keromytis , Vishal Misra , Michael Locasto , Janak Parekh
IPC分类号: G06F11/00
CPC分类号: H04L63/1416 , G06F21/552 , G06F21/554 , H04L63/145 , H04L63/1475 , H04L63/1491
摘要: Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems are provided. These systems and methods provide an alert correlator and an alert distributor that enable early signs of an attack to be detected and rapidly disseminated to collaborating systems. The alert correlator utilizes data structures to correlate alert detections and provide a mechanism through which threat information can be revealed to other collaborating systems. The alert distributor uses an efficient technique to group collaborating systems and then pass data between certain members of those groups according to a schedule. In this way data can be routinely distributed without generating excess traffic loads.
摘要翻译: 提供了在协作计算机系统之间关联和分发入侵警报信息的系统和方法。 这些系统和方法提供警报相关器和警报分发器,其使得能够检测到攻击的早期迹象并且迅速地传播到协作系统。 警报相关器利用数据结构来关联警报检测,并提供可以向其他协作系统透露威胁信息的机制。 警报分配器使用有效的技术来对协作系统进行分组,然后根据时间表在某些成员之间传递数据。 以这种方式,数据可以定期分布,而不会产生过多的流量负载。
-
公开(公告)号:US07779463B2
公开(公告)日:2010-08-17
申请号:US10864226
申请日:2004-06-09
申请人: Salvatore J. Stolfo , Tal Malkin , Angelos D. Keromytis , Vishal Misra , Michael Locasto , Janak Parekh
发明人: Salvatore J. Stolfo , Tal Malkin , Angelos D. Keromytis , Vishal Misra , Michael Locasto , Janak Parekh
IPC分类号: G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00 , G06F11/30 , B41K3/38 , G06F15/16 , G06F15/177
CPC分类号: H04L63/1416 , G06F21/552 , G06F21/554 , H04L63/145 , H04L63/1475 , H04L63/1491
摘要: Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems are provided. These systems and methods provide an alert correlator and an alert distributor that enable early signs of an attack to be detected and rapidly disseminated to collaborating systems. The alert correlator utilizes data structures to correlate alert detections and provide a mechanism through which threat information can be revealed to other collaborating systems. The alert distributor uses an efficient technique to group collaborating systems and then pass data between certain members of those groups according to a schedule. In this way data can be routinely distributed without generating excess traffic loads.
-
6.发明授权Methods, media, and systems for securing communications between a first node and a second node 有权用于保护第一节点和第二节点之间的通信的方法,媒体和系统公开(公告)号:US09419981B2
公开(公告)日:2016-08-16
申请号:US12092224
申请日:2006-10-31
申请人: Salvatore J. Stolfo , Gabriela F. Ciocarlie , Vanessa Frias-Martinez , Janak Parekh , Angelos D. Keromytis , Joseph Sherrick
发明人: Salvatore J. Stolfo , Gabriela F. Ciocarlie , Vanessa Frias-Martinez , Janak Parekh , Angelos D. Keromytis , Joseph Sherrick
IPC分类号: H04L29/06
CPC分类号: H04L63/102 , H04L63/145
摘要: Methods, media, and systems for securing communications between a first node and a second node are provided. In some embodiments, methods for securing communication between a first node and a second node are provided. The methods comprising: receiving at least one model of behavior of the second node at the first node; and authorizing the first node to receive traffic from the second node based on the difference between the at least one model of behavior of the second node and at least one model of behavior of the first node.
摘要翻译: 提供了用于保护第一节点和第二节点之间的通信的方法,媒体和系统。 在一些实施例中,提供了用于确保第一节点和第二节点之间的通信的方法。 所述方法包括:在所述第一节点处接收所述第二节点的至少一个行为模型; 并且基于所述第二节点的所述至少一个行为模型与所述第一节点的行为的至少一个模型之间的差异,授权所述第一节点从所述第二节点接收流量。
-
公开(公告)号:US08763103B2
公开(公告)日:2014-06-24
申请号:US12297730
申请日:2006-04-21
CPC分类号: H04L63/1416 , G06F21/41 , H04L63/0815 , H04L63/1408 , H04L63/1441
摘要: In accordance with some embodiments of the present invention, systems and methods that protect an application from attacks are provided. In some embodiments of the present invention, input from an input source, such as traffic from a communication network, can be routed through a filtering proxy that includes one or more filters, classifiers, and/or detectors. In response to the input passing through the filtering proxy to the application, a supervision framework monitors the input for attacks (e.g., code injection attacks). The supervision framework can provide feedback to tune the components of the filtering proxy.
摘要翻译: 根据本发明的一些实施例,提供了保护应用免受攻击的系统和方法。 在本发明的一些实施例中,可以通过包括一个或多个过滤器,分类器和/或检测器的过滤代理来路由来自诸如来自通信网络的业务的输入源的输入。 响应于通过过滤代理的输入到应用程序,监督框架监视输入的攻击(例如代码注入攻击)。 监督框架可以提供反馈来调整过滤代理的组件。
-
8.发明授权Systems, methods, and media for generating sanitized data, sanitizing anomaly detection models, and/or generating sanitized anomaly detection models 有权用于生成消毒数据,消毒异常检测模型和/或生成消毒异常检测模型的系统,方法和介质公开(公告)号:US08407160B2
公开(公告)日:2013-03-26
申请号:US11940790
申请日:2007-11-15
申请人: Gabriela Cretu , Angelos Stavrou , Salvatore J. Stolfo , Angelos D. Keromytis , Michael E. Locasto
发明人: Gabriela Cretu , Angelos Stavrou , Salvatore J. Stolfo , Angelos D. Keromytis , Michael E. Locasto
IPC分类号: G06F15/18
CPC分类号: H04L63/1425 , G06N99/005 , H04L63/14
摘要: Systems, methods, and media for generating sanitized data, sanitizing anomaly detection models, and generating anomaly detection models are provided. In some embodiments, methods for generating sanitized data are provided. The methods including: dividing a first training dataset comprised of a plurality of training data items into a plurality of data subsets each including at least one training data item of the plurality of training data items of the first training dataset; based on the plurality of data subsets, generating a plurality of distinct anomaly detection micro-models; testing at least one data item of the plurality of data items of a second training dataset of training data items against each of the plurality of micro-models to produce a score for the at least one tested data item; and generating at least one output dataset based on the score for the at least one tested data item.
摘要翻译: 提供了生成消毒数据,消毒异常检测模型和生成异常检测模型的系统,方法和介质。 在一些实施例中,提供了生成消毒数据的方法。 所述方法包括:将由多个训练数据项组成的第一训练数据集划分成多个数据子集,每个数据子集包括第一训练数据集的多个训练数据项中的至少一个训练数据项; 基于所述多个数据子集,生成多个不同的异常检测微模型; 针对所述多个微模型中的每一个测试训练数据项的第二训练数据集的所述多个数据项中的至少一个数据项,以产生所述至少一个测试数据项的分数; 以及基于所述至少一个测试数据项的得分来生成至少一个输出数据集。
-
公开(公告)号:US20100146615A1
公开(公告)日:2010-06-10
申请号:US12297730
申请日:2006-04-21
CPC分类号: H04L63/1416 , G06F21/41 , H04L63/0815 , H04L63/1408 , H04L63/1441
摘要: In accordance with some embodiments of the present invention, systems and methods that protect an application from attacks are provided. In some embodiments of the present invention, input from an input source, such as traffic from a communication network, can be routed through a filtering proxy that includes one or more filters, classifiers, and/or detectors. In response to the input passing through the filtering proxy to the application, a supervision framework monitors the input for attacks (e.g., code injection attacks). The supervision framework can provide feedback to tune the components of the filtering proxy.
摘要翻译: 根据本发明的一些实施例,提供了保护应用免受攻击的系统和方法。 在本发明的一些实施例中,可以通过包括一个或多个过滤器,分类器和/或检测器的过滤代理来路由来自诸如来自通信网络的业务的输入源的输入。 响应于通过过滤代理的输入到应用程序,监督框架监视输入的攻击(例如代码注入攻击)。 监督框架可以提供反馈来调整过滤代理的组件。
-
10.发明申请METHODS, MEDIA, AND SYSTEMS FOR SECURING COMMUNICATIONS BETWEEN A FIRST NODE AND A SECOND NODE 有权用于保护第一个节点和第二个节点之间的通信的方法,媒体和系统公开(公告)号:US20110214161A1
公开(公告)日:2011-09-01
申请号:US12092224
申请日:2006-10-31
申请人: Salvatore J. Stolfo , Gabriela F. Ciocarlie , Vanessa Frias-Martinez , Janak Parekh , Angelos D. Keromytis , Joseph Sherrick
发明人: Salvatore J. Stolfo , Gabriela F. Ciocarlie , Vanessa Frias-Martinez , Janak Parekh , Angelos D. Keromytis , Joseph Sherrick
IPC分类号: G06F21/20
CPC分类号: H04L63/102 , H04L63/145
摘要: Methods, media, and systems for securing communications between a first node and a second node are provided. In some embodiments, methods for securing communication between a first node and a second node are provided. The methods comprising: receiving at least one model of behavior of the second node at the first node; and authorizing the first node to receive traffic from the second node based on the difference between the at least one model of behavior of the second node and at least one model of behavior of the first node.
摘要翻译: 提供了用于保护第一节点和第二节点之间的通信的方法,媒体和系统。 在一些实施例中,提供了用于确保第一节点和第二节点之间的通信的方法。 所述方法包括:在所述第一节点处接收所述第二节点的至少一个行为模型; 并且基于所述第二节点的所述至少一个行为模型与所述第一节点的行为的至少一个模型之间的差异,授权所述第一节点从所述第二节点接收流量。
-
-
-
-
-
-
-
-
-
搜索结果
99 条记录 (耗时 0.026 秒)
