-
1.发明授权公开(公告)号:US08341737B1
公开(公告)日:2012-12-25
申请号:US12059741
申请日:2008-03-31
IPC分类号: H04L29/06
CPC分类号: H04L63/1483
摘要: A callback component embedded on a web site determines a current location of the web site. The current location is compared to a known legitimate location of the web site to determine if the web site has been copied to a different host location. Responsive to determining that the web site has been copied to a different location, the callback component alerts a central authority that the web site may be a fraudulent web site set up to launch phishing attacks. If the central authority determines that the web site is fraudulent, the central authority alerts appropriate entities to take down the fraudulent web site. The callback component generates a visual component viewable on the web site to deter phishing attackers from removing the callback component when the web site is copied.
摘要翻译: 嵌入在网站上的回调元件确定网站的当前位置。 将当前位置与网站的已知合法位置进行比较,以确定网站是否已被复制到不同的主机位置。 响应于确定网站已经被复制到不同的位置,回调组件警告中央机构网站可能是设置为发起网络钓鱼攻击的欺诈性网站。 如果中央当局确定网站是欺诈性的,中央机关警告适当的实体取消欺诈性网站。 回调组件生成可视化组件,可在网站上查看,以防止网络钓鱼攻击者在复制网站时删除回调组件。
-
公开(公告)号:US08103875B1
公开(公告)日:2012-01-24
申请号:US11755708
申请日:2007-05-30
IPC分类号: H04L9/32
CPC分类号: H04L51/12 , H04L63/0236 , H04L63/126
摘要: Methods, systems, and products for detecting phishing attempts through fingerprinting are provided. In an embodiment, there is a computer program product that comprises a computer-readable medium and computer program instructions encoded on the medium for deterring fraud perpetrated through an incoming electronic message containing an address for responding to the incoming electronic message. The instructions are for extracting the address from the incoming electronic message and generating a fingerprint based on the extracted address. It is then determined whether the generated fingerprint matches a plurality of stored legitimate fingerprints. When there is a lack of a match, an action is taken to prevent use of the address.
摘要翻译: 提供了用于通过指纹识别来检测网络钓鱼尝试的方法,系统和产品。 在一个实施例中,存在计算机程序产品,其包括计算机可读介质和编码在介质上的计算机程序指令,用于阻止通过包含用于响应于传入电子消息的地址的传入电子消息进行的欺诈。 这些指令用于从输入的电子消息中提取地址,并根据提取的地址生成指纹。 然后确定生成的指纹是否与多个存储的合法指纹匹配。 当缺乏比赛时,采取行动来防止使用地址。
-
3.发明授权公开(公告)号:US08495096B1
公开(公告)日:2013-07-23
申请号:US13450390
申请日:2012-04-18
申请人: Shane Pereira , Zulfikar Ramzan , Sourabh Satish
发明人: Shane Pereira , Zulfikar Ramzan , Sourabh Satish
IPC分类号: G06F17/30
CPC分类号: G06F21/566 , G06F21/562
摘要: A decision tree for classifying computer files is constructed. Computational complexities of a set of candidate attributes are determined. A set of attribute vectors are created for a set of training files with known classification. A node is created to represent the set. A weighted impurity reduction score is calculated for each candidate attribute based on the computational complexity of the attribute. If a stopping criterion is satisfied then the node is set as a leaf node. Otherwise the node is set as a branch node and the attribute with the highest weighted impurity reduction score is selected as the splitting attribute for the branch node. The set of attribute vectors are split into subsets based on their attribute values of the splitting attribute. The above process is repeated for each subset. The tree is then pruned based on the computational complexities of the splitting attributes.
摘要翻译: 构建了用于分类计算机文件的决策树。 确定一组候选属性的计算复杂度。 为一组具有已知分类的训练文件创建一组属性向量。 创建一个节点来表示集合。 基于属性的计算复杂度,为每个候选属性计算加权杂质减少分数。 如果满足停止条件,则将节点设置为叶节点。 否则将节点设置为分支节点,并将具有最高加权杂质减少分数的属性选为分支节点的分割属性。 基于分割属性的属性值,将属性向量集分为子集。 对于每个子集重复上述过程。 然后根据分割属性的计算复杂度修剪树。
-
4.发明授权公开(公告)号:US08190647B1
公开(公告)日:2012-05-29
申请号:US12560298
申请日:2009-09-15
申请人: Shane Pereira , Zulfikar Ramzan , Sourabh Satish
发明人: Shane Pereira , Zulfikar Ramzan , Sourabh Satish
IPC分类号: G06F17/30
CPC分类号: G06F21/566 , G06F21/562
摘要: A decision tree for classifying computer files is constructed. Computational complexities of a set of candidate attributes are determined. A set of attribute vectors are created for a set of training files with known classification. A node is created to represent the set. A weighted impurity reduction score is calculated for each candidate attribute based on the computational complexity of the attribute. If a stopping criterion is satisfied then the node is set as a leaf node. Otherwise the node is set as a branch node and the attribute with the highest weighted impurity reduction score is selected as the splitting attribute for the branch node. The set of attribute vectors are split into subsets based on their attribute values of the splitting attribute. The above process is repeated for each subset. The tree is then pruned based on the computational complexities of the splitting attributes.
摘要翻译: 构建了用于分类计算机文件的决策树。 确定一组候选属性的计算复杂度。 为一组具有已知分类的训练文件创建一组属性向量。 创建一个节点来表示集合。 基于属性的计算复杂度,为每个候选属性计算加权杂质减少分数。 如果满足停止条件,则将节点设置为叶节点。 否则将节点设置为分支节点,并将具有最高加权杂质减少分数的属性选为分支节点的分割属性。 基于分割属性的属性值,将属性向量集分为子集。 对于每个子集重复上述过程。 然后根据分割属性的计算复杂度修剪树。
-
公开(公告)号:US08977764B1
公开(公告)日:2015-03-10
申请号:US12039515
申请日:2008-02-28
申请人: Zulfikar Ramzan , Sourabh Satish , Brian Hernacki
发明人: Zulfikar Ramzan , Sourabh Satish , Brian Hernacki
IPC分类号: G06F15/16
CPC分类号: G06F11/3466 , G06F9/44521 , G06F11/3409 , G06F2201/865
摘要: Application usage is profiled based on application streaming. Code pages of multiple applications are streamed from a server to multiple client computers (endpoints) for execution. The streaming of the code pages is monitored, and usage data is collected such as which pages are streamed to which endpoints, under what circumstances and when. By referencing the streamed code pages and the underlying source code, the code pages are mapped (at least approximately) to corresponding application features. The collected usage data usage and the relevant mapping are analyzed, to create application usage profile data for streamed applications. The application usage profile data can include such information as how often, when, where and by whom application components are being executed, as well as which components cause errors, are most popular, confuse users, etc.
摘要翻译: 应用程序使用情况基于应用程序流式进行分析。 多个应用程序的代码页从服务器流式传输到多个客户端计算机(端点)以供执行。 监视代码页的流式传输,并收集使用数据,例如哪些页面被流式传输到哪个端点,在什么情况下和什么时候。 通过引用流传输的代码页和底层的源代码,代码页被映射(至少近似)到相应的应用程序特征。 分析收集的使用数据用法和相关映射,以创建流应用程序的应用程序使用情况数据。 应用程序使用情况数据可以包括诸如应用组件的执行频率,何时何地以及由哪个应用组件执行的信息以及哪些组件导致错误,最受欢迎的,混淆用户等的信息。
-
6.发明授权Using sequencing and timing information of behavior events in machine learning to detect malware 有权使用机器学习中的行为事件的排序和时间信息来检测恶意软件公开(公告)号:US08401982B1
公开(公告)日:2013-03-19
申请号:US12687767
申请日:2010-01-14
申请人: Sourabh Satish , Zulfikar Ramzan
发明人: Sourabh Satish , Zulfikar Ramzan
CPC分类号: G06F21/566 , G06N99/005
摘要: A decision tree for classifying computer files is constructed. A set of training files known to be legitimate or malicious are executed and their runtime behaviors are monitored. When a behavior event is detected for one of the training file at a point in time, a feature vector is generated for that training file. Behavior sequencing and timing information for the training file at that point in time is identified and encoded in the feature vector. Feature vectors for each of the training files at various points in time are fed into a decision tree induction algorithm to construct a decision tree that takes into account of the sequencing and timing information.
摘要翻译: 构建了用于分类计算机文件的决策树。 一组已知是合法或恶意的训练文件被执行,并监视其运行时行为。 当在某个时间点检测到训练文件之一的行为事件时,为该训练文件生成特征向量。 在该时间点的训练文件的行为排序和定时信息被识别并在特征向量中编码。 将不同时间点的每个训练文件的特征向量馈送到决策树感应算法中,以构建考虑到排序和定时信息的决策树。
-
7.发明授权Application streaming and network file system optimization via integration with identity management solutions 有权通过与身份管理解决方案的集成,应用流和网络文件系统优化公开(公告)号:US08806046B1
公开(公告)日:2014-08-12
申请号:US12059727
申请日:2008-03-31
申请人: Sourabh Satish , Brian Hernacki , Zulfikar Ramzan
发明人: Sourabh Satish , Brian Hernacki , Zulfikar Ramzan
IPC分类号: G06F15/16
CPC分类号: H04L67/2842 , G06F9/54
摘要: By placing computer specific remotely originated application data under control of a central identity management system, users can seamlessly run remotely originated applications after logging on to different computers in the enterprise. Cached application content received from a streaming server or network file system, as well as additional application specific data (e.g., files created by the application, configuration changes made by the application on the local computer, etc.), can be configured as central identity management system profile object, using a central identity management system such as Active Directory. This data is thus automatically treated as part of the user settings/profile, and made available on any computer within the enterprise. This results in an optimal application experience for users, regardless of which managed computer they logon to within the enterprise.
摘要翻译: 通过将计算机专用的远程发起的应用程序数据置于中央身份管理系统的控制下,用户可以在登录到企业中的不同计算机之后无缝地运行远程发起的应用程序。 从流媒体服务器或网络文件系统接收到的缓存的应用内容,以及附加的应用程序特定数据(例如,由应用程序创建的文件,由本地计算机上的应用程序进行的配置更改等)可以被配置为中心身份 管理系统配置文件对象,使用中央身份管理系统,如Active Directory。 因此,这些数据被自动处理为用户设置/配置文件的一部分,并可在企业内的任何计算机上使用。 无论他们在企业内登录哪台托管计算机,都能为用户带来最佳的应用体验。
-
公开(公告)号:US08434149B1
公开(公告)日:2013-04-30
申请号:US12004594
申请日:2007-12-21
申请人: Sourabh Satish , Zulfikar Ramzan
发明人: Sourabh Satish , Zulfikar Ramzan
CPC分类号: G06F21/6227 , G06F2221/2119 , H04L63/12 , H04L63/1466 , H04L63/168
摘要: A method and apparatus for identifying web attacks is described. In one embodiment, a method of securing a computer comprises generating origin information for a portion of a web page and identifying a modification in the origin information. The identified modification is used to determine an indicia of suspicious behavior at a computer.
摘要翻译: 描述了用于识别web攻击的方法和装置。 在一个实施例中,一种保护计算机的方法包括生成网页的一部分的原始信息并且识别原始信息中的修改。 识别的修改用于确定计算机上可疑行为的标记。
-
公开(公告)号:US08799494B1
公开(公告)日:2014-08-05
申请号:US12025590
申请日:2008-02-04
申请人: Zulfikar Ramzan , Sourabh Satish , Brian Hernacki
发明人: Zulfikar Ramzan , Sourabh Satish , Brian Hernacki
CPC分类号: H04L67/2847 , G06F17/30132 , H04L67/34 , H04L67/36 , H04L69/40
摘要: A streaming server which streams an application to a client computer (“endpoint”), as well as the client on which the streamed application runs, makes predictions as to what sections of the application the client is likely to execute in the future. Upon receipt of an indication (e.g., from a system administrator) of a planned service outage of the server or the network, the server transmits the application content that is predicted to be needed by the client during the outage in order to continue executing the application without interruption. The client receives and caches the content. Provided that the prediction is sufficiently accurate, the client can continue to seamlessly execute the application during the service outage.
摘要翻译: 将应用程序流式传输到客户端计算机(“端点”)以及运行流式应用程序的客户端的流服务器可以预测客户端将来可能执行的应用程序的哪些部分。 在接收到服务器或网络的计划服务中断的指示(例如,来自系统管理员)时,服务器在中断期间发送预测为客户端需要的应用内容,以便继续执行应用 不间断 客户端接收并缓存内容。 如果预测足够准确,则客户端可以在服务中断期间继续无缝地执行应用程序。
-
10.发明授权Using machine infection characteristics for behavior-based detection of malware 有权使用机器感染特征进行基于行为的恶意软件检测公开(公告)号:US08266698B1
公开(公告)日:2012-09-11
申请号:US12400699
申请日:2009-03-09
IPC分类号: G06F21/00
CPC分类号: G06F21/53 , G06F2221/2101
摘要: One or more behavior-based features describing an execution of an application on a client are generated. One or more client-specific features are generated, wherein the client-specific features describe aspects of the client. A malware score is generated based on the behavior-based features and the client-specific features. Whether the application is a malware threat is determined based on the malware score and a result of the determination is stored.
摘要翻译: 生成描述客户机上的应用程序的一个或多个基于行为的特征。 生成一个或多个客户端特定的特征,其中客户端特定的特征描述了客户端的各个方面。 基于基于行为的功能和客户端特定功能生成恶意软件得分。 基于恶意软件得分确定应用程序是否是恶意软件威胁,并存储确定结果。
-
-
-
-
-
-
-
-
-
搜索结果
177 条记录 (耗时 0.038 秒)
