Method and apparatus to secure user confidential data from untrusted browser extensions
    1.
    发明授权
    Method and apparatus to secure user confidential data from untrusted browser extensions 有权
    从不受信任的浏览器扩展中保护用户机密数据的方法和装置

    公开(公告)号:US07975308B1

    公开(公告)日:2011-07-05

    申请号:US11864346

    申请日:2007-09-28

    摘要: Embodiments in accordance with the invention install a primary security browser extension first in the browser event notification order list and a secondary security browser extension last in the event notification order list. On receipt of a user data event including user confidential data at the primary security browser extension, the user confidential data is obfuscated by the primary security browser extension and the user data event including the obfuscated data is released to a next browser extension in the browser event notification order list. Upon receipt of the user data event at the secondary security browser extension, the obfuscated data is restored with the original user confidential data and the user data event is released for further processing.

    摘要翻译: 根据本发明的实施例首先在浏览器事件通知顺序列表中安装主安全浏览器扩展,并且在事件通知顺序列表中最后安装辅助安全浏览器扩展。 在主安全浏览器扩展接收到包括用户机密数据的用户数据事件时,用户机密数据被主安全浏览器扩展模糊,包括混淆数据的用户数据事件被释放到浏览器事件中的下一个浏览器扩展 通知单列表。 在辅助安全浏览器扩展接收到用户数据事件时,用原始用户机密数据恢复混淆的数据,并释放用户数据事件以便进一步处理。

    Decision tree induction that is sensitive to attribute computational complexity
    2.
    发明授权
    Decision tree induction that is sensitive to attribute computational complexity 有权
    对属性计算复杂度敏感的决策树归纳

    公开(公告)号:US08495096B1

    公开(公告)日:2013-07-23

    申请号:US13450390

    申请日:2012-04-18

    IPC分类号: G06F17/30

    CPC分类号: G06F21/566 G06F21/562

    摘要: A decision tree for classifying computer files is constructed. Computational complexities of a set of candidate attributes are determined. A set of attribute vectors are created for a set of training files with known classification. A node is created to represent the set. A weighted impurity reduction score is calculated for each candidate attribute based on the computational complexity of the attribute. If a stopping criterion is satisfied then the node is set as a leaf node. Otherwise the node is set as a branch node and the attribute with the highest weighted impurity reduction score is selected as the splitting attribute for the branch node. The set of attribute vectors are split into subsets based on their attribute values of the splitting attribute. The above process is repeated for each subset. The tree is then pruned based on the computational complexities of the splitting attributes.

    摘要翻译: 构建了用于分类计算机文件的决策树。 确定一组候选属性的计算复杂度。 为一组具有已知分类的训练文件创建一组属性向量。 创建一个节点来表示集合。 基于属性的计算复杂度,为每个候选属性计算加权杂质减少分数。 如果满足停止条件,则将节点设置为叶节点。 否则将节点设置为分支节点,并将具有最高加权杂质减少分数的属性选为分支节点的分割属性。 基于分割属性的属性值,将属性向量集分为子集。 对于每个子集重复上述过程。 然后根据分割属性的计算复杂度修剪树。

    Decision tree induction that is sensitive to attribute computational complexity
    3.
    发明授权
    Decision tree induction that is sensitive to attribute computational complexity 有权
    对属性计算复杂度敏感的决策树归纳

    公开(公告)号:US08190647B1

    公开(公告)日:2012-05-29

    申请号:US12560298

    申请日:2009-09-15

    IPC分类号: G06F17/30

    CPC分类号: G06F21/566 G06F21/562

    摘要: A decision tree for classifying computer files is constructed. Computational complexities of a set of candidate attributes are determined. A set of attribute vectors are created for a set of training files with known classification. A node is created to represent the set. A weighted impurity reduction score is calculated for each candidate attribute based on the computational complexity of the attribute. If a stopping criterion is satisfied then the node is set as a leaf node. Otherwise the node is set as a branch node and the attribute with the highest weighted impurity reduction score is selected as the splitting attribute for the branch node. The set of attribute vectors are split into subsets based on their attribute values of the splitting attribute. The above process is repeated for each subset. The tree is then pruned based on the computational complexities of the splitting attributes.

    摘要翻译: 构建了用于分类计算机文件的决策树。 确定一组候选属性的计算复杂度。 为一组具有已知分类的训练文件创建一组属性向量。 创建一个节点来表示集合。 基于属性的计算复杂度,为每个候选属性计算加权杂质减少分数。 如果满足停止条件,则将节点设置为叶节点。 否则将节点设置为分支节点,并将具有最高加权杂质减少分数的属性选为分支节点的分割属性。 基于分割属性的属性值,将属性向量集分为子集。 对于每个子集重复上述过程。 然后根据分割属性的计算复杂度修剪树。

    Profiling application usage from application streaming
    4.
    发明授权
    Profiling application usage from application streaming 有权
    从应用程序流分析应用程序的使用情况

    公开(公告)号:US08977764B1

    公开(公告)日:2015-03-10

    申请号:US12039515

    申请日:2008-02-28

    IPC分类号: G06F15/16

    摘要: Application usage is profiled based on application streaming. Code pages of multiple applications are streamed from a server to multiple client computers (endpoints) for execution. The streaming of the code pages is monitored, and usage data is collected such as which pages are streamed to which endpoints, under what circumstances and when. By referencing the streamed code pages and the underlying source code, the code pages are mapped (at least approximately) to corresponding application features. The collected usage data usage and the relevant mapping are analyzed, to create application usage profile data for streamed applications. The application usage profile data can include such information as how often, when, where and by whom application components are being executed, as well as which components cause errors, are most popular, confuse users, etc.

    摘要翻译: 应用程序使用情况基于应用程序流式进行分析。 多个应用程序的代码页从服务器流式传输到多个客户端计算机(端点)以供执行。 监视代码页的流式传输,并收集使用数据,例如哪些页面被流式传输到哪个端点,在什么情况下和什么时候。 通过引用流传输的代码页和底层的源代码,代码页被映射(至少近似)到相应的应用程序特征。 分析收集的使用数据用法和相关映射,以创建流应用程序的应用程序使用情况数据。 应用程序使用情况数据可以包括诸如应用组件的执行频率,何时何地以及由哪个应用组件执行的信息以及哪些组件导致错误,最受欢迎的,混淆用户等的信息。

    Using sequencing and timing information of behavior events in machine learning to detect malware
    5.
    发明授权
    Using sequencing and timing information of behavior events in machine learning to detect malware 有权
    使用机器学习中的行为事件的排序和时间信息来检测恶意软件

    公开(公告)号:US08401982B1

    公开(公告)日:2013-03-19

    申请号:US12687767

    申请日:2010-01-14

    IPC分类号: G06F11/00 G06F15/18

    CPC分类号: G06F21/566 G06N99/005

    摘要: A decision tree for classifying computer files is constructed. A set of training files known to be legitimate or malicious are executed and their runtime behaviors are monitored. When a behavior event is detected for one of the training file at a point in time, a feature vector is generated for that training file. Behavior sequencing and timing information for the training file at that point in time is identified and encoded in the feature vector. Feature vectors for each of the training files at various points in time are fed into a decision tree induction algorithm to construct a decision tree that takes into account of the sequencing and timing information.

    摘要翻译: 构建了用于分类计算机文件的决策树。 一组已知是合法或恶意的训练文件被执行,并监视其运行时行为。 当在某个时间点检测到训练文件之一的行为事件时,为该训练文件生成特征向量。 在该时间点的训练文件的行为排序和定时信息被识别并在特征向量中编码。 将不同时间点的每个训练文件的特征向量馈送到决策树感应算法中,以构建考虑到排序和定时信息的决策树。

    Detecting email fraud through fingerprinting
    6.
    发明授权
    Detecting email fraud through fingerprinting 有权
    通过指纹识别电子邮件欺诈

    公开(公告)号:US08103875B1

    公开(公告)日:2012-01-24

    申请号:US11755708

    申请日:2007-05-30

    IPC分类号: H04L9/32

    摘要: Methods, systems, and products for detecting phishing attempts through fingerprinting are provided. In an embodiment, there is a computer program product that comprises a computer-readable medium and computer program instructions encoded on the medium for deterring fraud perpetrated through an incoming electronic message containing an address for responding to the incoming electronic message. The instructions are for extracting the address from the incoming electronic message and generating a fingerprint based on the extracted address. It is then determined whether the generated fingerprint matches a plurality of stored legitimate fingerprints. When there is a lack of a match, an action is taken to prevent use of the address.

    摘要翻译: 提供了用于通过指纹识别来检测网络钓鱼尝试的方法,系统和产品。 在一个实施例中,存在计算机程序产品,其包括计算机可读介质和编码在介质上的计算机程序指令,用于阻止通过包含用于响应于传入电子消息的地址的传入电子消息进行的欺诈。 这些指令用于从输入的电子消息中提取地址,并根据提取的地址生成指纹。 然后确定生成的指纹是否与多个存储的合法指纹匹配。 当缺乏比赛时,采取行动来防止使用地址。

    Application streaming and network file system optimization via integration with identity management solutions
    7.
    发明授权
    Application streaming and network file system optimization via integration with identity management solutions 有权
    通过与身份管理解决方案的集成,应用流和网络文件系统优化

    公开(公告)号:US08806046B1

    公开(公告)日:2014-08-12

    申请号:US12059727

    申请日:2008-03-31

    IPC分类号: G06F15/16

    CPC分类号: H04L67/2842 G06F9/54

    摘要: By placing computer specific remotely originated application data under control of a central identity management system, users can seamlessly run remotely originated applications after logging on to different computers in the enterprise. Cached application content received from a streaming server or network file system, as well as additional application specific data (e.g., files created by the application, configuration changes made by the application on the local computer, etc.), can be configured as central identity management system profile object, using a central identity management system such as Active Directory. This data is thus automatically treated as part of the user settings/profile, and made available on any computer within the enterprise. This results in an optimal application experience for users, regardless of which managed computer they logon to within the enterprise.

    摘要翻译: 通过将计算机专用的远程发起的应用程序数据置于中央身份管理系统的控制下,用户可以在登录到企业中的不同计算机之后无缝地运行远程发起的应用程序。 从流媒体服务器或网络文件系统接收到的缓存的应用内容,以及附加的应用程序特定数据(例如,由应用程序创建的文件,由本地计算机上的应用程序进行的配置更改等)可以被配置为中心身份 管理系统配置文件对象,使用中央身份管理系统,如Active Directory。 因此,这些数据被自动处理为用户设置/配置文件的一部分,并可在企业内的任何计算机上使用。 无论他们在企业内登录哪台托管计算机,都能为用户带来最佳的应用体验。

    Method and apparatus for identifying web attacks
    8.
    发明授权
    Method and apparatus for identifying web attacks 有权
    用于识别Web攻击的方法和装置

    公开(公告)号:US08434149B1

    公开(公告)日:2013-04-30

    申请号:US12004594

    申请日:2007-12-21

    IPC分类号: G06F12/14 G06F12/04

    摘要: A method and apparatus for identifying web attacks is described. In one embodiment, a method of securing a computer comprises generating origin information for a portion of a web page and identifying a modification in the origin information. The identified modification is used to determine an indicia of suspicious behavior at a computer.

    摘要翻译: 描述了用于识别web攻击的方法和装置。 在一个实施例中,一种保护计算机的方法包括生成网页的一部分的原始信息并且识别原始信息中的修改。 识别的修改用于确定计算机上可疑行为的标记。

    Application streaming proactive failover
    9.
    发明授权
    Application streaming proactive failover 有权
    应用程序流主动故障切换

    公开(公告)号:US08799494B1

    公开(公告)日:2014-08-05

    申请号:US12025590

    申请日:2008-02-04

    IPC分类号: G06F15/16 H04L29/08 G06F17/30

    摘要: A streaming server which streams an application to a client computer (“endpoint”), as well as the client on which the streamed application runs, makes predictions as to what sections of the application the client is likely to execute in the future. Upon receipt of an indication (e.g., from a system administrator) of a planned service outage of the server or the network, the server transmits the application content that is predicted to be needed by the client during the outage in order to continue executing the application without interruption. The client receives and caches the content. Provided that the prediction is sufficiently accurate, the client can continue to seamlessly execute the application during the service outage.

    摘要翻译: 将应用程序流式传输到客户端计算机(“端点”)以及运行流式应用程序的客户端的流服务器可以预测客户端将来可能执行的应用程序的哪些部分。 在接收到服务器或网络的计划服务中断的指示(例如,来自系统管理员)时,服务器在中断期间发送预测为客户端需要的应用内容,以便继续执行应用 不间断 客户端接收并缓存内容。 如果预测足够准确,则客户端可以在服务中断期间继续无缝地执行应用程序。

    Detecting fraudulent web sites through an obfuscated reporting mechanism
    10.
    发明授权
    Detecting fraudulent web sites through an obfuscated reporting mechanism 有权
    通过混淆的报告机制来检测欺诈性网站

    公开(公告)号:US08341737B1

    公开(公告)日:2012-12-25

    申请号:US12059741

    申请日:2008-03-31

    IPC分类号: H04L29/06

    CPC分类号: H04L63/1483

    摘要: A callback component embedded on a web site determines a current location of the web site. The current location is compared to a known legitimate location of the web site to determine if the web site has been copied to a different host location. Responsive to determining that the web site has been copied to a different location, the callback component alerts a central authority that the web site may be a fraudulent web site set up to launch phishing attacks. If the central authority determines that the web site is fraudulent, the central authority alerts appropriate entities to take down the fraudulent web site. The callback component generates a visual component viewable on the web site to deter phishing attackers from removing the callback component when the web site is copied.

    摘要翻译: 嵌入在网站上的回调元件确定网站的当前位置。 将当前位置与网站的已知合法位置进行比较,以确定网站是否已被复制到不同的主机位置。 响应于确定网站已经被复制到不同的位置,回调组件警告中央机构网站可能是设置为发起网络钓鱼攻击的欺诈性网站。 如果中央当局确定网站是欺诈性的,中央机关警告适当的实体取消欺诈性网站。 回调组件生成可视化组件,可在网站上查看,以防止网络钓鱼攻击者在复制网站时删除回调组件。