-
公开(公告)号:US20100162391A1
公开(公告)日:2010-06-24
申请号:US12342981
申请日:2008-12-23
CPC分类号: G06F11/1461 , G06F11/1458
摘要: Online risk mitigation techniques are described. In an implementation, a service is queried for a reputation associated with an object from an online source in response to selection of the object. A backup of a client that is to receive the object is stored prior to obtaining the object when the reputation does not meet a threshold reputation level.
摘要翻译: 描述在线风险缓解技术。 在实现中,响应于对象的选择,查询与来自在线源的对象相关联的信誉的服务。 当信誉不满足阈值信誉级别时,在获取对象之前存储要接收对象的客户端的备份。
-
公开(公告)号:US08429743B2
公开(公告)日:2013-04-23
申请号:US12342981
申请日:2008-12-23
IPC分类号: G06F21/00
CPC分类号: G06F11/1461 , G06F11/1458
摘要: Online risk mitigation techniques are described. In an implementation, a service is queried for a reputation associated with an object from an online source in response to selection of the object. A backup of a client that is to receive the object is stored prior to obtaining the object when the reputation does not meet a threshold reputation level.
摘要翻译: 描述在线风险缓解技术。 在实现中,响应于对象的选择,查询与来自在线源的对象相关联的信誉的服务。 当信誉不满足阈值信誉级别时,在获取对象之前存储要接收对象的客户端的备份。
-
公开(公告)号:US09235586B2
公开(公告)日:2016-01-12
申请号:US12880363
申请日:2010-09-13
申请人: Ritika Virmani , Ryan C. Colvin , Elliott Jeb Haber , Warren G. Stevens , Jane T. Kim , Jess S. Holbrook , Sarah J. Bowers , John L. Scarrow , Jeffrey R. McKune
发明人: Ritika Virmani , Ryan C. Colvin , Elliott Jeb Haber , Warren G. Stevens , Jane T. Kim , Jess S. Holbrook , Sarah J. Bowers , John L. Scarrow , Jeffrey R. McKune
CPC分类号: G06F17/3012 , G06F21/552
摘要: A Web browser of a computing device downloads or otherwise obtains a file. File information identifying the file is obtained and is sent to a remote reputation service. Client information identifying aspects of the computing device can also optionally be sent to the remote reputation service. In response to the file information (and optionally client information), a reputation indication for the file is received from the remote reputation service. A user interface for the Web browser to present at the computing device is determined, based at least in part on the reputation indication, and presented at the computing device.
摘要翻译: 计算设备的Web浏览器下载或以其他方式获取文件。 识别文件的文件信息被获取并被发送到远程信誉服务。 识别计算设备的各个方面的客户端信息也可以可选地被发送到远程信誉服务。 响应于文件信息(以及可选的客户端信息),从远程信誉服务接收该文件的信誉指示。 至少部分地基于声誉指示并在计算设备处呈现用于Web浏览器呈现在计算设备处的用户界面。
-
公开(公告)号:US20120066346A1
公开(公告)日:2012-03-15
申请号:US12880363
申请日:2010-09-13
申请人: Ritika Virmani , Ryan C. Colvin , Elliott Jeb Haber , Warren G. Stevens , Jane T. Kim , Jess S. Holbrook , Sarah J. Bowers , John L. Scarrow , Jeffrey R. McKune
发明人: Ritika Virmani , Ryan C. Colvin , Elliott Jeb Haber , Warren G. Stevens , Jane T. Kim , Jess S. Holbrook , Sarah J. Bowers , John L. Scarrow , Jeffrey R. McKune
IPC分类号: G06F15/16
CPC分类号: G06F17/3012 , G06F21/552
摘要: A Web browser of a computing device downloads or otherwise obtains a file. File information identifying the file is obtained and is sent to a remote reputation service. Client information identifying aspects of the computing device can also optionally be sent to the remote reputation service. In response to the file information (and optionally client information), a reputation indication for the file is received from the remote reputation service. A user interface for the Web browser to present at the computing device is determined, based at least in part on the reputation indication, and presented at the computing device.
摘要翻译: 计算设备的Web浏览器下载或以其他方式获取文件。 识别文件的文件信息被获取并被发送到远程信誉服务。 识别计算设备的各个方面的客户端信息也可以可选地被发送到远程信誉服务。 响应于文件信息(以及可选的客户端信息),从远程信誉服务接收该文件的信誉指示。 至少部分地基于声誉指示并在计算设备处呈现用于Web浏览器呈现在计算设备处的用户界面。
-
公开(公告)号:US20130042294A1
公开(公告)日:2013-02-14
申请号:US13205136
申请日:2011-08-08
CPC分类号: H04L63/10 , G06F21/53 , G06F21/6218 , G06F2221/2141 , H04L41/0893 , H04L63/145
摘要: Malware detection is often based on monitoring a local application binary and/or process, such as detecting patterns of malicious code, unusual local resource utilization, or suspicious application behavior. However, the volume of available software, variety of malware, and sophistication of evasion techniques may reduce the effectiveness of detection based on monitoring local resources. Presented herein are techniques for identifying malware based on the reputations of remote resources (e.g., web content, files, databases, IP addresses, services, and users) accessed by an application. Remote resource accesses may be reported to a reputation service, which may identify reputations of remote resources, and application reputations of applications that utilize such remote resources. These application reputations may be used to adjust the application policies of the applications executed by devices and servers. These techniques thereby achieve rapid detection and mitigation of newly identified malware through application telemetry in a predominantly automated manner.
摘要翻译: 恶意软件检测通常基于监视本地应用程序二进制和/或进程,例如检测恶意代码的模式,异常的本地资源利用率或可疑应用程序行为。 然而,可用软件的数量,各种恶意软件和复杂的逃避技术可能会降低基于监视本地资源的检测的有效性。 这里提出的是基于由应用访问的远程资源(例如,web内容,文件,数据库,IP地址,服务和用户)的声誉来识别恶意软件的技术。 远程资源访问可以被报告给信誉服务,信誉服务可以识别远程资源的信誉,以及利用这种远程资源的应用程序的应用程序信誉。 这些应用程序信誉可以用于调整由设备和服务器执行的应用程序的应用程序策略。 这些技术从而通过主要以自动化的方式通过应用遥测来实现对新识别的恶意软件的快速检测和缓解。
-
公开(公告)号:US08839418B2
公开(公告)日:2014-09-16
申请号:US11335902
申请日:2006-01-18
申请人: Geoffrey John Hulten , Paul Stephen Rehfuss , Robert Rounthwaite , Joshua Theodore Goodman , Gopalakrishnan Seshadrinathan , Anthony P. Penta , Manav Mishra , Roderic C. Deyo , Elliott Jeb Haber , David Aaron Ward Snelling
发明人: Geoffrey John Hulten , Paul Stephen Rehfuss , Robert Rounthwaite , Joshua Theodore Goodman , Gopalakrishnan Seshadrinathan , Anthony P. Penta , Manav Mishra , Roderic C. Deyo , Elliott Jeb Haber , David Aaron Ward Snelling
CPC分类号: H04L63/1483 , G06F17/30887 , H04L63/08 , H04L63/1441
摘要: Described is a technology by which phishing-related data sources are processed into aggregated data and a given site evaluated the aggregated data using a predictive model to automatically determine whether the given site is likely to be a phishing site. The predictive model may be built using machine learning based on training data, e.g., including known phishing sites and/or known non-phishing sites. To determine whether an object corresponding to a site is likely a phishing-related object are described, various criteria are evaluated, including one or more features of the object when evaluated. The determination is output in some way, e.g., made available to a reputation service, used to block access to a site or warn a user before allowing access, and/or used to assist a hand grader in being more efficient in evaluating sites.
摘要翻译: 描述了一种将钓鱼相关数据源处理为聚合数据的技术,给定的站点使用预测模型评估聚合数据,以自动确定给定站点是否可能是钓鱼站点。 可以使用基于训练数据的机器学习来构建预测模型,例如包括已知的网络钓鱼站点和/或已知的非网络钓鱼站点。 为了确定对应于站点的对象是否可能是与钓鱼相关的对象,评估了各种标准,包括评估时对象的一个或多个特征。 该确定以某种方式输出,例如可用于信誉服务,用于阻止对站点的访问或在允许访问之前警告用户,和/或用于帮助平手机更有效地评估站点。
-
公开(公告)号:US09065826B2
公开(公告)日:2015-06-23
申请号:US13205136
申请日:2011-08-08
CPC分类号: H04L63/10 , G06F21/53 , G06F21/6218 , G06F2221/2141 , H04L41/0893 , H04L63/145
摘要: Malware detection is often based on monitoring a local application binary and/or process, such as detecting patterns of malicious code, unusual local resource utilization, or suspicious application behavior. However, the volume of available software, variety of malware, and sophistication of evasion techniques may reduce the effectiveness of detection based on monitoring local resources. Presented herein are techniques for identifying malware based on the reputations of remote resources (e.g., web content, files, databases, IP addresses, services, and users) accessed by an application. Remote resource accesses may be reported to a reputation service, which may identify reputations of remote resources, and application reputations of applications that utilize such remote resources. These application reputations may be used to adjust the application policies of the applications executed by devices and servers. These techniques thereby achieve rapid detection and mitigation of newly identified malware through application telemetry in a predominantly automated manner.
摘要翻译: 恶意软件检测通常基于监视本地应用程序二进制和/或进程,例如检测恶意代码的模式,异常的本地资源利用率或可疑应用程序行为。 然而,可用软件的数量,各种恶意软件和复杂的逃避技术可能会降低基于监视本地资源的检测的有效性。 这里提出的是基于由应用访问的远程资源(例如,web内容,文件,数据库,IP地址,服务和用户)的声誉来识别恶意软件的技术。 远程资源访问可以被报告给信誉服务,信誉服务可以识别远程资源的信誉,以及利用这种远程资源的应用程序的应用程序信誉。 这些应用程序信誉可以用于调整由设备和服务器执行的应用程序的应用程序策略。 这些技术从而通过主要以自动化的方式通过应用遥测来实现对新识别的恶意软件的快速检测和缓解。
-
公开(公告)号:US08863291B2
公开(公告)日:2014-10-14
申请号:US13010189
申请日:2011-01-20
申请人: Daniel Oliver , Anshul Rawat , Xiang Tu , Ryan Colvin , James Dooley , Elliott Jeb Haber , Ameya Bhatawdekar , Andy Davidson , Jay Dave , Paul Leach , Karanbir Singh , Chris Guzak , Crispin Cowan
发明人: Daniel Oliver , Anshul Rawat , Xiang Tu , Ryan Colvin , James Dooley , Elliott Jeb Haber , Ameya Bhatawdekar , Andy Davidson , Jay Dave , Paul Leach , Karanbir Singh , Chris Guzak , Crispin Cowan
CPC分类号: G06F21/51
摘要: The reputation of an executable computer program is checked when a user input to a computing device initiates a program launch, thus triggering a check of a local cache of reputation information. If the local cache confirms that the program is safe, it is permitted to launch, typically without notifying the user that a reputation check has been made. If the local cache cannot confirm the safety of the program, a reputation check is made by accessing a reputation service in the cloud. If the reputation service identifies the program as safe, it returns an indication to the computing device and the program is permitted to be launched, again without notifying the user that a reputation check has been made. If the reputation service identifies the program as unsafe or potentially unsafe, or does not recognize it at all, a warning is displayed to the user.
摘要翻译: 当输入到计算设备的用户启动程序启动时,检查可执行计算机程序的声誉,从而触发对本地缓存信誉信息的检查。 如果本地缓存确认程序是安全的,则允许启动,通常不通知用户进行了声誉检查。 如果本地缓存无法确认程序的安全性,则通过访问云中的声誉服务进行声誉检查。 如果信誉服务将该程序识别为安全的,则将该指示返回给计算设备,并且允许程序被启动,而不通知用户进行了信誉检查。 如果声誉服务将程序识别为不安全或可能不安全,或者根本不识别该程序,则向用户显示警告。
-
公开(公告)号:US20130036466A1
公开(公告)日:2013-02-07
申请号:US13195245
申请日:2011-08-01
申请人: Anthony P. Penta , Elliott Jeb Haber , Ameya Bhatawdekar , Ryan Charles Colvin , David Douglas DeBarr , Geoffrey John Hulten
发明人: Anthony P. Penta , Elliott Jeb Haber , Ameya Bhatawdekar , Ryan Charles Colvin , David Douglas DeBarr , Geoffrey John Hulten
IPC分类号: G06F21/00 , G06F15/173
CPC分类号: H04L63/102 , G06F16/9566 , H04L63/1483
摘要: One or more techniques and/or systems are provided for internet connectivity protection. In particular, reputational information assigned to infrastructure components (e.g., IP addresses, name servers, domains, etc.) may be leveraged to determine whether an infrastructure component associated with a user navigating to content of a URL is malicious or safe. For example, infrastructure component data associated with a web browser navigating to a website of a URL may be collected and sent to a reputation server. The reputation server may return reputation information associated with the infrastructure component data (e.g., an IP address may be known as malicious even though the URL may not yet have a reputation). In this way, the user may be provided with notifications, such as warnings, when various unsafe conditions arise, such as interacting with an infrastructure component with a bad reputation, a resolved IP address not matching the URL, etc.
摘要翻译: 提供一种或多种技术和/或系统用于互联网连接保护。 特别地,可以利用分配给基础设施组件(例如,IP地址,名称服务器,域等)的声誉信息来确定与导航到URL的内容的用户相关联的基础设施组件是否是恶意或安全的。 例如,可以收集与浏览到URL的网站的web浏览器相关联的基础设施组件数据并将其发送到信誉服务器。 信誉服务器可以返回与基础结构组件数据相关联的信誉信息(例如,即使URL可能还没有信誉,IP地址也可能被称为恶意的)。 以这种方式,当出现各种不安全的情况时,例如与不良信誉的基础设施组件交互,不符合URL的已解决的IP地址等,可以向用户提供诸如警告之类的通知。
-
公开(公告)号:US20120192275A1
公开(公告)日:2012-07-26
申请号:US13010189
申请日:2011-01-20
申请人: Daniel Oliver , Anshul Rawat , Xiang Tu , Ryan Colvin , James Dooley , Elliott Jeb Haber , Ameya Bhatawdekar , Andy Davidson , Jay Dave , Paul Leach , Karanbir Singh , Chris Guzak , Crispin Cowan
发明人: Daniel Oliver , Anshul Rawat , Xiang Tu , Ryan Colvin , James Dooley , Elliott Jeb Haber , Ameya Bhatawdekar , Andy Davidson , Jay Dave , Paul Leach , Karanbir Singh , Chris Guzak , Crispin Cowan
IPC分类号: G06F21/22
CPC分类号: G06F21/51
摘要: The reputation of an executable computer program is checked when a user input to a computing device initiates a program launch, thus triggering a check of a local cache of reputation information. If the local cache confirms that the program is safe, it is permitted to launch, typically without notifying the user that a reputation check has been made. If the local cache cannot confirm the safety of the program, a reputation check is made by accessing a reputation service in the cloud. If the reputation service identifies the program as safe, it returns an indication to the computing device and the program is permitted to be launched, again without notifying the user that a reputation check has been made. If the reputation service identifies the program as unsafe or potentially unsafe, or does not recognize it at all, a warning is displayed to the user.
摘要翻译: 当输入到计算设备的用户启动程序启动时,检查可执行计算机程序的声誉,从而触发对本地缓存信誉信息的检查。 如果本地缓存确认程序是安全的,则允许启动,通常不通知用户进行了声誉检查。 如果本地缓存无法确认程序的安全性,则通过访问云中的声誉服务进行声誉检查。 如果信誉服务将该程序识别为安全的,则将该指示返回给计算设备,并且允许程序被启动,而不通知用户进行了信誉检查。 如果声誉服务将程序识别为不安全或可能不安全,或者根本不识别该程序,则向用户显示警告。
-
-
-
-
-
-
-
-
-
搜索结果
10 条记录 (耗时 0.024 秒)