-
公开(公告)号:US11477236B2
公开(公告)日:2022-10-18
申请号:US16884176
申请日:2020-05-27
发明人: Pablo Salvador Loyola Heufemann , Kugamoorthy Gajananan , Hirokuni Kitahara , Yuji Watanabe , Fumiko Akiyama
IPC分类号: H04L51/046 , H04L9/40 , G06N3/04 , G06N7/00 , H04L67/01
摘要: A computer-implemented method is provided for identifying words likely to be used in new combo-squatted domains of a target domain. The method includes selecting the target domain. The method further includes storing, in a memory device, a sequence of previously detected combo-squatted domains from period [t-W, t-1]. The sequence includes a set of words W. The method also includes obtaining trends associated with the target domain at time t. The method additionally includes obtaining, by a hardware processor responsive to the trends, a trend distribution associated with the target domain at time t. The method further includes ranking, by a likelihood, a set of words E that have been extracted from the trend distribution and are expected to be used in the future in the new combo-squatting domains, responsive to the set of words W.
-
公开(公告)号:US10938779B2
公开(公告)日:2021-03-02
申请号:US16440150
申请日:2019-06-13
IPC分类号: H04L29/12 , G06F16/955 , G06F16/951
摘要: Guided word association based domain name detection may be performed by obtaining an original domain name, constructing a feature space from a corpus of text, wherein each word appearing in the corpus is represented as a vector in the feature space, detecting whether a domain name registration exists for each combination of the original domain name and each of a plurality of seed words from the feature space, determining, for each seed word included in an existing domain name registration, a plurality of nearest neighbor candidate words, based on vector distance in the feature space, and repeating, for one or more repetitions, the detecting and the determining, wherein the plurality of nearest neighbor candidate words are utilized as the plurality of seed words.
-
公开(公告)号:US20210051174A1
公开(公告)日:2021-02-18
申请号:US16542561
申请日:2019-08-16
发明人: Hirokuni Kitahara , Yuji Watanabe , Fumiko Akiyama , Alisa Arno
IPC分类号: H04L29/06
摘要: A computer-implemented method for linking combo-squatting domains is provided. The method includes grouping domain names into nameserver groups based on a nameserver for each of the domains. Each of the domain names contain valued words. The method also includes splitting words in each domain name and generating a wordlist for each of the nameserver groups. The method further includes finding feature words among the nameserver groups, and extracting malicious domain names which contain the feature words in each of the nameserver groups. The method further includes outputting, for each of the nameserver groups, the malicious domain names and corresponding registrant identifying data based on the feature words.
-
公开(公告)号:US10572320B2
公开(公告)日:2020-02-25
申请号:US15828585
申请日:2017-12-01
发明人: Alisa Arno , Yuji Watanabe , Ai Yoshino
摘要: In an approach to detection of co-location of container services, a method may include receiving, by a first program in a first cloud container on a first host, a bit string over a side channel within a trial period of time. The method may also include determining whether a key corresponding to the bit string matches a pre-determined key corresponding to a second program in a second cloud container. The method may further include determining whether the second cloud container is located on the first host based, at least in part, on whether the key corresponding to the bit string matches the pre-determined key. The side channel may include a first resource on the first host that is accessible by cloud containers located on the first host and the bit string is received by monitoring the first resource for activity indicative of bit values.
-
5.发明授权公开(公告)号:US10305936B2
公开(公告)日:2019-05-28
申请号:US15959979
申请日:2018-04-23
发明人: Masayoshi Mizutani , Takahide Nogayama , Raymond H. P. Rudy , Scott R. Trent , Yuta Tsuboi , Yuji Watanabe
摘要: A method and system are provided for performing a security inspection of a set of virtual images. The method includes merging the virtual images into a tree structure having a root and a plurality of leaves such that child leaves and a parent leaf to the child leaves have common ones of the virtual images. The method further includes applying a bisection method against a path in the tree from the root to a given one of the plurality of leaves having a given one of the virtual images in which a security violation has been identified to find a particular one of the virtual images that is a root cause of the security violation. The method also includes performing a corrective action for any of the plurality of images having the security violation.
-
公开(公告)号:US20150039882A1
公开(公告)日:2015-02-05
申请号:US14446710
申请日:2014-07-30
发明人: Yuji Watanabe
IPC分类号: H04L29/06
CPC分类号: H04L63/0428 , G06F17/30241 , H04L63/30
摘要: Provided is an identifying device for identifying request content from an encrypted request to a server, the identifying device including: a target acquiring unit for acquiring the data size of an encrypted response returned from the server for the encrypted request to the server to be identified; a candidate acquiring unit for acquiring the data size of each of a plurality of encrypted response candidates returned by the server in response to a plurality of encrypted request candidates to be identified sent to the server corresponding to a plurality of known request content candidates; and an identifying unit for identifying the request content to be identified from the plurality of request candidates on the basis of results obtained by comparing the data size of an encrypted response for an encrypted request to be identified to the data sizes of a plurality of encrypted response candidates.
摘要翻译: 提供了一种用于从对加密请求到服务器识别请求内容的识别装置,所述识别装置包括:目标获取单元,用于获取从所述服务器返回的加密请求到被识别的服务器的加密响应的数据大小; 候选获取单元,用于响应于与多个已知请求内容候选对应的发送到服务器的要识别的多个加密请求候选,获取服务器返回的多个加密应答候选中的每一个的数据大小; 以及识别单元,其基于通过将要识别的加密请求的加密响应的数据大小与多个加密响应的数据大小进行比较而获得的结果来从多个请求候选中识别要识别的请求内容 候选人。
-
公开(公告)号:US08891760B2
公开(公告)日:2014-11-18
申请号:US13716440
申请日:2012-12-17
发明人: Takaaki Tateishi , Yuji Watanabe
CPC分类号: H04L9/28 , H04L9/008 , H04L2209/34
摘要: A server having an automaton whose state transitions in accordance with received characters, determines whether the automaton has transitioned to a final state on the basis of the characters. The server receives a coding sequence from the client in the characters included in the string. The coding sequence elements corresponding to the characters are values encrypting a non-unity using a first encryption scheme having homomorphism, and whose elements not corresponding to the characters are values encrypting a unity using the first encrypting scheme. The server generates, in response to receiving the coding sequence, exchange data encrypting a subsequent state key corresponding to each of a plurality of previous states of the automaton on the basis of the coding sequence using the first encryption scheme; encrypts exchange data with the corresponding previous state key and sends the encrypted exchange data to the client.
摘要翻译: 具有根据接收字符的状态转换的自动机的服务器基于字符来确定自动机是否已经转换到最终状态。 服务器从字符串中包含的字符中接收客户端的编码序列。 对应于字符的编码序列元素是使用具有同态的第一加密方案加密非一体的值,并且其不对应于该字符的元素是使用第一加密方案加密单位的值。 响应于接收到编码序列,服务器基于使用第一加密方案的编码序列生成加密与自动机的多个先前状态中的每一个相对应的后续状态密钥的数据; 使用相应的先前状态密钥加密交换数据,并将加密的交换数据发送给客户端。
-
公开(公告)号:US20130159696A1
公开(公告)日:2013-06-20
申请号:US13706672
申请日:2012-12-06
发明人: Takaaki Tateishi , Yuji Watanabe
IPC分类号: H04L9/08
CPC分类号: H04L9/08 , G06F17/30598 , H04L9/14 , H04L9/3006 , H04L63/06 , H04L2209/50
摘要: A system includes a server connectable to a client, the server configured to allow the client to acquire a message of an index designated by the client among N messages held by the server where N is an integer of two or more. The server includes a classification unit configured to classify the N messages into M classified messages by contents of the messages; a message encryption unit configured to encrypt each of the M classified messages; a message provision unit configured to provide the M encrypted classified messages to the client; and a key sending unit configured to send the client, by oblivious transfer, a message key for decrypting the classified message corresponding to the message of the index designated by the client.
-
公开(公告)号:US11704413B2
公开(公告)日:2023-07-18
申请号:US17237241
申请日:2021-04-22
CPC分类号: G06F21/577 , G06F21/54 , G06F21/56 , G06F21/62
摘要: A computer-implemented method for assessing latent security risks in Kubernetes clusters is provided including selecting a service account from a plurality of service accounts defined in namespaces of a cluster, binding a role to the selected service account based on predetermined role-binding data, and determining if the role meets at least one of a first, second, and third conditions based on predetermined role data defining permitted operations for roles, the first condition being that the role can receive secret tokens for pods within a namespace of the namespaces, the second condition being that the role can perform execution operation to other pods, and the third condition being that the role can create DaemonSet, Deployment, StatefulSet, and additional pods on the namespace.
-
公开(公告)号:US11122031B2
公开(公告)日:2021-09-14
申请号:US16671778
申请日:2019-11-01
发明人: Miki Ishikawa , Yuji Watanabe
摘要: At least one processor device is configured to receive a first authentication request for authenticating a first user, the first user having been authenticated on a first application with a first user identification (ID) using a first ID federation between the first application and a federation server, determine that the first user is authorized to access information of a second user on a second application based on the first user ID, the second user being associated with a second user ID, and send a second authentication request for authenticating the first user to the second application with the second user ID using a second ID federation between the federation server and the second application.
-
-
-
-
-
-
-
-
-
搜索结果
61 条记录 (耗时 0.026 秒)
