公开(公告)号：US08838992B1

公开(公告)日：2014-09-16

申请号：US13096453

申请日：2011-04-28

申请人： Xuewen Zhu ,  Lili Diao ,  Da Li ,  Dibin Tang

发明人： Xuewen Zhu ,  Lili Diao ,  Da Li ,  Dibin Tang

IPC分类号： G06F21/00 ,  G06F21/56

CPC分类号： G06F21/56 ,  G06F21/563 ,  G06F2221/2119

摘要： A machine learning model is used to identify normal scripts in a client computer. The machine learning model may be built by training using samples of known normal scripts and samples of known potentially malicious scripts and may take into account lexical and semantic characteristics of the sample scripts. The machine learning model and a feature set may be provided to the client computer by a server computer. In the client computer, the machine learning model may be used to classify a target script. The target script does not have to be evaluated for malicious content when classified as a normal script. Otherwise, when the target script is classified as a potentially malicious script, the target script may have to be further evaluated by an anti-malware or sent to a back-end system.

摘要翻译： 机器学习模型用于识别客户端计算机中的正常脚本。 机器学习模型可以通过使用已知正常脚本的样本和已知潜在恶意脚本的样本的训练来构建，并且可以考虑示例脚本的词汇和语义特征。 机器学习模型和特征集可以由服务器计算机提供给客户端计算机。 在客户端计算机中，机器学习模型可用于对目标脚本进行分类。 当分类为普通脚本时，目标脚本不必对恶意内容进行评估。 否则，当目标脚本被分类为潜在的恶意脚本时，目标脚本可能必须由反恶意软件进一步评估或发送到后端系统。

公开(公告)号：US08161552B1

公开(公告)日：2012-04-17

申请号：US12565585

申请日：2009-09-23

申请人： Chih Yao Sun ,  Yi Lu ,  Dibin Tang ,  Ruifeng Yang ,  Peng Shu ,  Rong Yang

发明人： Chih Yao Sun ,  Yi Lu ,  Dibin Tang ,  Ruifeng Yang ,  Peng Shu ,  Rong Yang

IPC分类号： G06F11/00

CPC分类号： G06F21/566 ,  G06F2221/033 ,  H04L63/145

摘要： A white list (or exception list) for a behavior monitoring system for detecting unknown malware on a computing device is maintained automatically without human intervention. A white list contains process IDs and other data relating to processes that are determined to be (or very likely be) free of malware. If a process is on this list, the rule matching operations of a conventional behavior monitor are not performed, thereby saving processing resources on the computing device. When a process start up is detected, the behavior monitor performs a series of checks or tests. If the process has all valid digital signatures and is not launched from a removable storage device (such as a USB key) and is not enabled to make any inbound or outbound connections, it is eligible for being on the white list. The white list is also automatically maintained by removing process IDs for processes that have terminated or which attempt to make a new outbound or inbound connection, such as a TCP/UDP connection. Scheduled integrity checks on the white list are also performed by examining the process stack for each process to ensure that there are no abnormal files in the process stack.

摘要翻译： 用于检测计算设备上的未知恶意软件的行为监视系统的白名单（或例外列表）在没有人为干预的情况下自动维护。 白名单包含与被确定为（或很可能）没有恶意软件的进程有关的进程ID和其他数据。 如果一个进程在该列表中，则不执行常规行为监视器的规则匹配操作，从而在计算设备上保存处理资源。 当检测到进程启动时，行为监视器执行一系列检查或测试。 如果该进程具有所有有效的数字签名，并且未从可移动存储设备（例如USB密钥）启动，并且未启用进行任何入站或出站连接，则它有资格进入白名单。 白名单也通过删除已终止或尝试进行新的出站或入站连接（如TCP / UDP连接）的进程的进程ID自动维护。 白名单上的计划完整性检查也通过检查每个进程的进程堆栈来确保进程堆栈中没有异常文件。

公开(公告)号：US08826452B1

公开(公告)日：2014-09-02

申请号：US13352634

申请日：2012-01-18

申请人： Juan He ,  Dibin Tang ,  Jialai Zhu ,  Laiqiang Ding

发明人： Juan He ,  Dibin Tang ,  Jialai Zhu ,  Laiqiang Ding

IPC分类号： G06F7/04

CPC分类号： G06F21/84

摘要： Disclosed are methods and apparatus for protecting computers from data loss involving screen capture. Screen capture events are detected in a computer. Documents that are visible on a computer screen are identified. Files of the visible documents are identified and scanned for sensitive data to determine whether the screen capture events are targeting contents of sensitive documents.

摘要翻译： 公开了用于保护计算机免遭涉及屏幕捕获的数据丢失的方法和装置。 在计算机中检测到屏幕捕获事件。 识别在计算机屏幕上可见的文档。 对可见文件的文件进行识别并扫描敏感数据，以确定屏幕捕获事件是否针对敏感文档的内容。