公开(公告)号：US09609015B2

公开(公告)日：2017-03-28

申请号：US14796422

申请日：2015-07-10

申请人： Sriram Natarajan ,  Narinder Paul ,  Julien Sobrier ,  Karthikeyan Thamilarasu ,  Balakrishna Bayar ,  Michael Andrew William Sutton

发明人： Sriram Natarajan ,  Narinder Paul ,  Julien Sobrier ,  Karthikeyan Thamilarasu ,  Balakrishna Bayar ,  Michael Andrew William Sutton

IPC分类号： H04L29/06 ,  G06F21/56 ,  G06F21/53

CPC分类号： H04L63/145 ,  G06F21/53 ,  G06F21/566 ,  G06F2221/03 ,  H04L51/12 ,  H04L63/0218 ,  H04L63/083 ,  H04L63/1408 ,  H04L63/1458

摘要： A cloud-based method, a behavioral analysis system, and a cloud-based security system can include a plurality of nodes communicatively coupled to one or more users, wherein the plurality of nodes each perform inline monitoring for one of the one or more users for security comprising malware detection and preclusion; and a behavioral analysis system communicatively coupled to the plurality of nodes, wherein the behavioral analysis system performs offline analysis for any suspicious content from the one or more users which is flagged by the plurality of nodes; wherein the plurality of nodes each comprise a set of known malware signatures for the inline monitoring that is periodically updated by the behavioral analysis system based on the offline analysis for the suspicious content.

公开(公告)号：US09152789B2

公开(公告)日：2015-10-06

申请号：US14225557

申请日：2014-03-26

申请人： Sriram Natarajan ,  Narinder Paul ,  Julien Sobrier ,  Karthikeyan Thamilarasu ,  Balakrishna Bayar ,  Michael Andrew William Sutton

发明人： Sriram Natarajan ,  Narinder Paul ,  Julien Sobrier ,  Karthikeyan Thamilarasu ,  Balakrishna Bayar ,  Michael Andrew William Sutton

IPC分类号： G06F21/56 ,  H04L29/06

CPC分类号： G06F21/56 ,  G06F21/562 ,  G06F21/566 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1441

摘要： A cloud-based method, a behavioral analysis system, and a cloud-based security system can include a plurality of nodes communicatively coupled to one or more users, wherein the plurality of nodes each perform inline monitoring for one of the one or more users for security comprising malware detection and preclusion; and a behavioral analysis system communicatively coupled to the plurality of nodes, wherein the behavioral analysis system performs offline analysis for any suspicious content from the one or more users which is flagged by the plurality of nodes; wherein the plurality of nodes each comprise a set of known malware signatures for the inline monitoring that is periodically updated by the behavioral analysis system based on the offline analysis for the suspicious content.

摘要翻译： 基于云的方法，行为分析系统和基于云的安全系统可以包括通信地耦合到一个或多个用户的多个节点，其中所述多个节点各自对一个或多个用户中的一个进行内联监视， 安全性包括恶意软件检测和排除; 以及通信地耦合到所述多个节点的行为分析系统，其中所述行为分析系统对来自所述多个节点标记的所述一个或多个用户的任何可疑内容执行离线分析; 其中所述多个节点各自包括用于所述在线监测的一组已知恶意软件签名，所述一组已知恶意软件签名由所述行为分析系统基于所述可疑内容的离线分析周期性地更新。

公开(公告)号：US09065850B1

公开(公告)日：2015-06-23

申请号：US13022352

申请日：2011-02-07

申请人： Julien Sobrier

发明人： Julien Sobrier

IPC分类号： H04L29/06

CPC分类号： H04L63/1483

摘要： The present disclosure provides phishing heuristic systems and methods that detect phishing sites. The present invention may be implemented via a server connected to the Internet, via a distributed security system, and the like. Phishing sites may be detected in a single transaction, i.e. client request plus server reply, while knowing as little as possible about the site being masqueraded. In an exemplary embodiment, a phishing site detection system and method utilized three steps—whitelisting, blacklisting, and scoring. For example, if a particular page meets all requirements of blacklisting without any elements of whitelisting and has a score over a particular threshold, that particular site may be designated as a phishing page.

摘要翻译： 本公开提供了网络钓鱼启发式系统和检测网络钓鱼站点的方法。 本发明可以通过经由分布式安全系统等连接到因特网的服务器来实现。 在单个事务中可能会检测到网络钓鱼站点，即客户端请求加服务器回复，同时尽可能少地知道伪装的站点。 在示例性实施例中，网络钓鱼站点检测系统和方法使用三个步骤 - 白名单，黑名单和评分。 例如，如果特定页面满足黑名单的所有要求，而没有任何白名单元素并且具有超过特定阈值的分数，则该特定站点可被指定​​为网络钓鱼页面。

公开(公告)号：US08291495B1

公开(公告)日：2012-10-16

申请号：US11835923

申请日：2007-08-08

申请人： Bryan Burns ,  Siying Yang ,  Julien Sobrier

发明人： Bryan Burns ,  Siying Yang ,  Julien Sobrier

IPC分类号： G06F11/00

CPC分类号： H04L63/0254 ,  H04L63/1441 ,  H04L63/168

摘要： An intrusion detection system (“IDS”) device is described that includes a flow analysis module to receive a first packet flow from a client and to receive a second packet flow from a server. The IDS includes a forwarding component to send the first packet flow to the server and the second packet flow to the client and a stateful inspection engine to apply one or more sets of patterns to the first packet flow to determine whether the first packet flow represents a network attack. The IDS also includes an application identification module to perform an initial identification of a type of software application and communication protocol associated with the first packet flow and to reevaluate the identification of the type of software application and protocol according to the second packet flow. The IDS may help eliminate false positive and false negative attack identifications.

摘要翻译： 描述了入侵检测系统（IDS）设备，其包括用于从客户端接收第一分组流并从服务器接收第二分组流的流分析模块。 IDS包括将第一分组流发送到服务器的转发组件和到客户端的第二分组流以及状态检查引擎，以将一组或多组模式应用于第一分组流，以确定第一分组流是否代表 网络攻击 IDS还包括应用识别模块，用于执行与第一分组流相关联的软件应用和通信协议的类型的初始识别，并且根据第二分组流来重新评估软件应用和协议的类型的标识。 IDS可能有助于消除假阳性和假阴性攻击识别。