公开(公告)号：US20090019546A1

公开(公告)日：2009-01-15

申请号：US12106144

申请日：2008-04-18

申请人： Taejoon Park ,  Kang Guen SHIN ,  Xin Hu ,  Abhijit Bose

发明人： Taejoon Park ,  Kang Guen SHIN ,  Xin Hu ,  Abhijit Bose

IPC分类号： G06F21/00

CPC分类号： G06F21/55 ,  G06F21/552 ,  G06F21/57

摘要： A method and apparatus for modeling a behavior of a computer program that is executed in a computer system is described. The method and apparatus for modeling a behavior of a computer program may be used to detect a malicious program based on the behavior of the computer program. A method includes collecting system use information about resources of the computer system the computer program uses; extracting a behavior signature of the computer program from the collected system use information; and encoding the extracted behavior signature to generate a behavior vector. As a result, behaviors of a particular computer program may be modeled to enable a malicious program detection program and to determine whether the computer program is either normal or malicious.

摘要翻译： 描述了用于对在计算机系统中执行的计算机程序的行为进行建模的方法和装置。 用于对计算机程序的行为建模的方法和装置可以用于基于计算机程序的行为来检测恶意程序。 一种方法包括收集关于计算机程序使用的计算机系统的资源的系统使用信息; 从收集的系统使用信息中提取计算机程序的行为签名; 并对所提取的行为签名进行编码以生成行为向量。 因此，可以对特定计算机程序的行为进行建模以实现恶意程序检测程序并确定计算机程序是正常还是恶意。

公开(公告)号：US08448248B2

公开(公告)日：2013-05-21

申请号：US12056236

申请日：2008-03-26

申请人： Abhijit Bose ,  Taejoon Park ,  Kang Geun Shin ,  Xin Hu

发明人： Abhijit Bose ,  Taejoon Park ,  Kang Geun Shin ,  Xin Hu

IPC分类号： G06F11/00

CPC分类号： G06F21/568 ,  G06F21/566

摘要： An apparatus and method of diagnosing whether a program executed in a computer system is malware and repairing the computer system infected by malware. The apparatus includes a receiving unit which receives a first behavior vector for the malware from a malware control server; a determination unit which determines whether a diagnostic target program corresponds to malware based on the received first behavior vector and a second behavior vector for the diagnostic target program; and a repair unit which repairs the computer system based on a result of the determination.A behavior of a computer program executed in the computer system may be modeled in real time.

摘要翻译： 诊断在计算机系统中执行的程序是否是恶意软件并修复被恶意软件感染的计算机系统的装置和方法。 该装置包括从恶意软件控制服务器接收恶意软件的第一行为向量的接收单元; 确定单元，其基于所接收的第一行为向量和用于诊断目标程序的第二行为向量来确定诊断目标程序是否对应​​于恶意软件; 以及基于确定结果修复计算机系统的修理单元。 计算机系统中执行的计算机程序的行为可以被实时建模。

公开(公告)号：US20090049549A1

公开(公告)日：2009-02-19

申请号：US12099649

申请日：2008-04-08

申请人： Taejoon Park ,  Kang Geun Shin ,  Xin Hu ,  Abhijit Bose

发明人： Taejoon Park ,  Kang Geun Shin ,  Xin Hu ,  Abhijit Bose

IPC分类号： G06F11/30 ,  G06F7/04

CPC分类号： G06F21/552 ,  G06F21/55 ,  G06F21/56

摘要： An apparatus and method of diagnosing whether a computer program executed in a computer system is a malicious program and more particularly, an apparatus and method of diagnosing whether a computer program is a malicious program using a behavior of a computer program, and an apparatus and method of generating malicious code diagnostic data is provided. The apparatus for diagnosing a malicious code may include a behavior vector generation unit which generates a first behavior vector based on a behavior signature extracted from a diagnostic target program; a diagnostic data storage unit which stores a plurality of second behavior vectors for a plurality of sample programs predetermined to be malicious or normal; and a code diagnostic unit which diagnoses whether the diagnostic target program is a malicious code by comparing the first behavior vector with the plurality of second behavior vectors.

摘要翻译： 一种用于诊断在计算机系统中执行的计算机程序是否是恶意程序的装置和方法，更具体地，涉及使用计算机程序的行为来诊断计算机程序是恶意程序的装置和方法，以及装置和方法 提供了生成恶意代码诊断数据。 用于诊断恶意代码的装置可以包括行为向量生成单元，其基于从诊断目标程序提取的行为签名来生成第一行为向量; 诊断数据存储单元，其存储预定为恶意或正常的多个样本程序的多个第二行为向量; 以及代码诊断单元，其通过将所述第一行为向量与所述多个第二行为向量进行比较来诊断所述诊断对象程序是否是恶意代码。

公开(公告)号：US08713680B2

公开(公告)日：2014-04-29

申请号：US12106144

申请日：2008-04-18

申请人： Taejoon Park ,  Kang Geun Shin ,  Xin Hu ,  Abhijit Bose

发明人： Taejoon Park ,  Kang Geun Shin ,  Xin Hu ,  Abhijit Bose

IPC分类号： H04L29/06 ,  G06F21/55

CPC分类号： G06F21/55 ,  G06F21/552 ,  G06F21/57

摘要： A method and apparatus for modeling a behavior of a computer program that is executed in a computer system is described. The method and apparatus for modeling a behavior of a computer program may be used to detect a malicious program based on the behavior of the computer program. A method includes collecting system use information about resources of the computer system the computer program uses; extracting a behavior signature of the computer program from the collected system use information; and encoding the extracted behavior signature to generate a behavior vector. As a result, behaviors of a particular computer program may be modeled to enable a malicious program detection program and to determine whether the computer program is either normal or malicious.

摘要翻译： 描述了用于对在计算机系统中执行的计算机程序的行为进行建模的方法和装置。 用于对计算机程序的行为建模的方法和装置可以用于基于计算机程序的行为来检测恶意程序。 一种方法包括收集关于计算机程序使用的计算机系统的资源的系统使用信息; 从收集的系统使用信息中提取计算机程序的行为签名; 并对所提取的行为签名进行编码以生成行为向量。 因此，可以对特定计算机程序的行为进行建模以实现恶意程序检测程序并确定计算机程序是正常还是恶意。

公开(公告)号：US08245295B2

公开(公告)日：2012-08-14

申请号：US12099649

申请日：2008-04-08

申请人： Taejoon Park ,  Kang Geun Shin ,  Xin Hu ,  Abhijit Bose

发明人： Taejoon Park ,  Kang Geun Shin ,  Xin Hu ,  Abhijit Bose

IPC分类号： H04L29/06 ,  G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G06F21/00 ,  G08B23/00 ,  H04L9/32

CPC分类号： G06F21/552 ,  G06F21/55 ,  G06F21/56

摘要： An apparatus and method of diagnosing whether a computer program executed in a computer system is a malicious program and more particularly, an apparatus and method of diagnosing whether a computer program is a malicious program using a behavior of a computer program, and an apparatus and method of generating malicious code diagnostic data is provided. The apparatus for diagnosing a malicious code may include a behavior vector generation unit which generates a first behavior vector based on a behavior signature extracted from a diagnostic target program; a diagnostic data storage unit which stores a plurality of second behavior vectors for a plurality of sample programs predetermined to be malicious or normal; and a code diagnostic unit which diagnoses whether the diagnostic target program is a malicious code by comparing the first behavior vector with the plurality of second behavior vectors.

摘要翻译： 一种用于诊断在计算机系统中执行的计算机程序是否是恶意程序的装置和方法，更具体地，涉及使用计算机程序的行为来诊断计算机程序是恶意程序的装置和方法，以及装置和方法 提供了生成恶意代码诊断数据。 用于诊断恶意代码的装置可以包括行为向量生成单元，其基于从诊断目标程序提取的行为签名来生成第一行为向量; 诊断数据存储单元，其存储预定为恶意或正常的多个样本程序的多个第二行为向量; 以及代码诊断单元，其通过将所述第一行为向量与所述多个第二行为向量进行比较来诊断所述诊断对象程序是否是恶意代码。

公开(公告)号：US08380838B2

公开(公告)日：2013-02-19

申请号：US13082786

申请日：2011-04-08

申请人： Abhijit Bose ,  Winnie Wing-Yee Cheng ,  Shang Qing Guo ,  Sang Kyum Kim ,  Laura Zaihua Luan ,  Dennis Anthony Perpetua, Jr. ,  Daniela Rosu ,  Mithkal M. Smadi

发明人： Abhijit Bose ,  Winnie Wing-Yee Cheng ,  Shang Qing Guo ,  Sang Kyum Kim ,  Laura Zaihua Luan ,  Dennis Anthony Perpetua, Jr. ,  Daniela Rosu ,  Mithkal M. Smadi

IPC分类号： G06F15/16

CPC分类号： H04L41/50 ,  G06F11/0709 ,  G06F11/076 ,  G06F11/3006 ,  G06F11/3072 ,  G06F11/3476 ,  G06F11/3495

摘要： Aspects of the present invention dynamically reduce a frequency at which IT infrastructure automatically generates alerts. Historical data across a plurality of data sources in the IT infrastructure is analyzed. An opportunity to reduce the frequency at which the IT infrastructure automatically generates the alerts is identified. A new alert policy addressing the opportunity to reduce alert frequency is generated. An impact of the new alert policy on a set of predefined service level objectives (SLOs) and service level agreements (SLAs) is evaluated. The new alert policy is deployed in the IT infrastructure.

摘要翻译： 本发明的方面动态地降低IT基础设施自动生成​​警报的频率。 分析IT基础设施中多个数据源的历史数据。 确定了降低IT基础架构自动生成警报的频率的机会。 产生了一个新的提醒策略来解决降低警报频率的机会。 评估新警报策略对一组预定义服务级别目标（SLO）和服务级别协议（SLA）的影响。 新的警报策略部署在IT基础架构中。

公开(公告)号：US08126753B2

公开(公告)日：2012-02-28

申请号：US11834328

申请日：2007-08-06

申请人： Nikolaos Anerousis ,  Abhijit Bose ,  Genady Grabarnik ,  Debanjan Saha ,  Larisa Shwartz ,  Shu Tao

发明人： Nikolaos Anerousis ,  Abhijit Bose ,  Genady Grabarnik ,  Debanjan Saha ,  Larisa Shwartz ,  Shu Tao

IPC分类号： G06F17/60

CPC分类号： G06Q10/06 ,  G06Q10/04 ,  G06Q10/063 ,  G06Q10/06395

摘要： An exemplary method of responding to a request for a value of at least one metric associated with at least one process includes a step of determining whether responding to the request requires updating the value of the at least one metric. When responding to the request does not require updating the value of the at least one metric, a response is determined based at least in part on at least one stored value of the at least one metric. When responding to the request does require updating the value of the at least one metric, the value of the at least one metric is updated and a response is determined based at least in part on the at least one updated value of the at least one metric. Updating the value of the at least one metric, at least when responding to the request requires updating the value of the at least one metric, includes steps of determining at least one new value of the at least one metric based at least in part on at least one stored value of the at least one metric and storing the at least one new value of the at least one metric. The method also includes a step of responding to the request with the determined response.

摘要翻译： 响应对与至少一个过程相关联的至少一个度量的值的请求的示例性方法包括确定对该请求的响应是否需要更新该至少一个度量的值的步骤。 当响应于请求不需要更新至少一个度量的值时，至少部分地基于至少一个度量的至少一个存储的值来确定响应。 当响应于请求确实需要更新至少一个度量的值时，更新至少一个度量的值，并且至少部分地基于至少一个度量的至少一个更新值来确定响应 。 至少在响应于该请求需要更新至少一个度量的值时，更新该至少一个度量的值包括以下步骤：至少部分地基于以下内容来确定至少一个度量的至少一个新值： 所述至少一个度量的至少一个存储值并且存储所述至少一个度量的所述至少一个新值。 该方法还包括以确定的响应来响应请求的步骤。

公开(公告)号：US20110202484A1

公开(公告)日：2011-08-18

申请号：US12708053

申请日：2010-02-18

申请人： Nikolaos Anerousis ,  Abhijit Bose ,  Jimeng Sun ,  Duo Zhang

发明人： Nikolaos Anerousis ,  Abhijit Bose ,  Jimeng Sun ,  Duo Zhang

IPC分类号： G06F15/18 ,  G06N5/02

CPC分类号： G06N7/005

摘要： Access is obtained to a parallel corpus including a problem corpus and a solution corpus. A first plurality of topics are mined from the problem corpus and a second plurality of topics are mined from the solution corpus. A transition probability from the first plurality of topics to the second plurality of topics is determined, to identify a most appropriate one of the topics from the solution corpus for a given one of the topics from the problem corpus.

摘要翻译： 获取包含问题语料库和解决方案语料库的并行语料库。 从问题语料库中挖掘出第一多个主题，并从解决方案语料库中挖掘出第二个主题。 确定从第一多个主题到第二多个主题的转移概率，以从问题语料库中的给定一个主题的解语料库中识别最合适的一个主题。

公开(公告)号：US20090043619A1

公开(公告)日：2009-02-12

申请号：US11834328

申请日：2007-08-06

申请人： Nikolaos Anerousis ,  Abhijit Bose ,  Genady Grabamik ,  Debanjan Saha ,  Larisa Shwartz ,  Shu Tao

发明人： Nikolaos Anerousis ,  Abhijit Bose ,  Genady Grabamik ,  Debanjan Saha ,  Larisa Shwartz ,  Shu Tao

IPC分类号： G06Q10/00

CPC分类号： G06Q10/06 ,  G06Q10/04 ,  G06Q10/063 ,  G06Q10/06395

摘要： An exemplary method of responding to a request for a value of at least one metric associated with at least one process includes a step of determining whether responding to the request requires updating the value of the at least one metric. When responding to the request does not require updating the value of the at least one metric, a response is determined based at least in part on at least one stored value of the at least one metric. When responding to the request does require updating the value of the at least one metric, the value of the at least one metric is updated and a response is determined based at least in part on the at least one updated value of the at least one metric. Updating the value of the at least one metric, at least when responding to the request requires updating the value of the at least one metric, includes steps of determining at least one new value of the at least one metric based at least in part on at least one stored value of the at least one metric and storing the at least one new value of the at least one metric. The method also includes a step of responding to the request with the determined response.

摘要翻译： 响应对与至少一个过程相关联的至少一个度量的值的请求的示例性方法包括确定对该请求的响应是否需要更新该至少一个度量的值的步骤。 当响应于请求不需要更新至少一个度量的值时，至少部分地基于至少一个度量的至少一个存储的值来确定响应。 当响应于请求确实需要更新至少一个度量的值时，更新至少一个度量的值，并且至少部分地基于至少一个度量的至少一个更新值来确定响应 。 至少在响应于该请求需要更新至少一个度量的值时，更新该至少一个度量的值包括以下步骤：至少部分地基于以下内容来确定至少一个度量的至少一个新值： 所述至少一个度量的至少一个存储值并且存储所述至少一个度量的所述至少一个新值。 该方法还包括以确定的响应响应该请求的步骤。

公开(公告)号：US08706733B1

公开(公告)日：2014-04-22

申请号：US13560874

申请日：2012-07-27

申请人： Zach Yeskel ,  David Andrew Huffaker ,  Rachel Ida Rosenthal Schutt ,  Andrew Stephen Tomkins ,  David Andrew Gibson ,  Abhijit Bose ,  Alexander Fabrikant ,  Makoto Uchida

发明人： Zach Yeskel ,  David Andrew Huffaker ,  Rachel Ida Rosenthal Schutt ,  Andrew Stephen Tomkins ,  David Andrew Gibson ,  Abhijit Bose ,  Alexander Fabrikant ,  Makoto Uchida

IPC分类号： G06F7/00 ,  G06F17/30

CPC分类号： G06Q10/10

摘要： A system and method for facilitating automatic objective-based feature improvement, the method including receiving a request to identify an optimal alternative for each of one or more features of a computer-implemented entity, determining an alternative feature range for each of the one or more features, the alternative feature range defining a range of possible alternative features available with respect to the feature, selecting one or more alternative features for each feature from the alternative feature range of the feature, generating a plurality of alternative sets, each including an alternative feature for at least one of the one or more features, selecting a plurality of user groups from a pool of users and assigning each user group of the plurality of users groups to one of the plurality of alternative sets based on user characteristics of the users and historical information regarding the interaction of the user with the computer-implemented entity.

摘要翻译： 一种用于促进自动基于目标的特征改进的系统和方法，所述方法包括接收用于为计算机实现的实体的一个或多个特征中的每一个标识最佳替代的请求，确定所述一个或多个特征中的每一个的替代特征范围 特征，所述替代特征范围定义相对于所述特征可用的可能替代特征的范围，从所述特征的替代特征范围中为每个特征选择一个或多个替代特征，生成多个备选集合，每个替代集合包括替代特征 对于所述一个或多个特征中的至少一个，从用户池中选择多个用户组，并且基于所述用户的用户特征和所述多个用户组的历史，将所述多个用户组中的每个用户组分配给所述多个替代集合中的一个 关于用户与计算机实现的实体的交互的信息。