-
公开(公告)号:US09646159B2
公开(公告)日:2017-05-09
申请号:US14675460
申请日:2015-03-31
CPC分类号: G06F21/566 , G06F21/53 , G06F21/567 , G06F2221/034
摘要: A device may identify a plurality of files for a multi-file malware analysis. The device may execute the plurality of files in a malware testing environment. The device may monitor the malware testing environment for behavior indicative of malware. The device may detect the behavior indicative of malware. The device may perform a first multi-file malware analysis or a second multi-file malware analysis based on detecting the behavior indicative of malware. The first multi-file malware analysis may include a partitioning technique that partitions the plurality of files into two or more segments of files to identify a file, included in the plurality of files, that includes malware. The second multi-file malware analysis may include a scoring technique that modifies a plurality of malware scores, corresponding to the plurality of files, to identify the file, included in the plurality of files, that includes malware.
-
72.发明申请公开(公告)号:US20170039054A1
公开(公告)日:2017-02-09
申请号:US15332507
申请日:2016-10-24
摘要: A device may receive an instruction to automatically install a program using a click area prediction model. The click area prediction model may be associated with predicting a click area of a user interface that, when selected, causes a program installation procedure to proceed. The device may identify an installation user interface associated with installing the program. The device may determine a group of regions included in the installation user interface. The device may identify sets of features associated with the group of regions. The device may determine, based on the sets of features and the click area prediction model, a group of scores associated with the group of regions. The device may identify a particular region as a predicted click area based on the group of scores. The device may select the predicted click area to attempt to cause the program installation procedure to proceed.
摘要翻译: 设备可以接收使用点击区域预测模型自动安装程序的指令。 点击区域预测模型可以与预测用户界面的点击区域相关联,所述点击区域在被选择时导致程序安装过程继续进行。 设备可以识别与安装程序相关联的安装用户界面。 设备可以确定包括在安装用户界面中的一组区域。 设备可以识别与该组区域相关联的特征集合。 设备可以基于特征集合和点击区域预测模型来确定与该组区域相关联的一组分数。 设备可以基于该分数组将特定区域识别为预测点击区域。 设备可以选择预测的点击区域来尝试使程序安装过程继续进行。
-
公开(公告)号:US09477457B1
公开(公告)日:2016-10-25
申请号:US14230122
申请日:2014-03-31
CPC分类号: G06F8/61 , G06F9/451 , G06N5/04 , G06N5/048 , G06N99/005
摘要: A device may receive an instruction to automatically install a program using a click area prediction model. The click area prediction model may be associated with predicting a click area of a user interface that, when selected, causes a program installation procedure to proceed. The device may identify an installation user interface associated with installing the program. The device may determine a group of regions included in the installation user interface. The device may identify sets of features associated with the group of regions. The device may determine, based on the sets of features and the click area prediction model, a group of scores associated with the group of regions. The device may identify a particular region as a predicted click area based on the group of scores. The device may select the predicted click area to attempt to cause the program installation procedure to proceed.
摘要翻译: 设备可以接收使用点击区域预测模型自动安装程序的指令。 点击区域预测模型可以与预测用户界面的点击区域相关联,所述点击区域在被选择时导致程序安装过程继续进行。 设备可以识别与安装程序相关联的安装用户界面。 设备可以确定包括在安装用户界面中的一组区域。 设备可以识别与该组区域相关联的特征集合。 设备可以基于特征集合和点击区域预测模型来确定与该组区域相关联的一组分数。 设备可以基于该分数组将特定区域识别为预测点击区域。 设备可以选择预测的点击区域来尝试使程序安装过程继续进行。
-
公开(公告)号:US20160294849A1
公开(公告)日:2016-10-06
申请号:US14674113
申请日:2015-03-31
IPC分类号: H04L29/06
CPC分类号: H04L63/1408 , G06F21/56 , G06F21/564 , G06F21/577 , H04L63/0876
摘要: A device may determine a first set of hash values corresponding to a first set of files stored by a plurality of client devices. The device may analyze information associated with the first set of hash values to determine a second set of hash values corresponding to a second set of files to be analyzed. The second set of hash values may be different from the first set of hash values. The device may prioritize the second set of hash values to form a prioritized set of hash values corresponding to a prioritized set of files, of the second set of files, to be analyzed. The device may request the prioritized set of files from one or more client devices of the plurality of client devices. The device may receive the prioritized set of files, and may cause the prioritized set of files to be analyzed.
摘要翻译: 设备可以确定对应于由多个客户端设备存储的第一组文件的第一组哈希值。 设备可以分析与第一组哈希值相关联的信息,以确定与要分析的第二组文件相对应的第二组哈希值。 第二组哈希值可能与第一组哈希值不同。 设备可以对第二组散列值进行优先级排列,以形成对应于要分析的第二组文件的优先化文件集的散列值的优先集合。 设备可以从多个客户端设备中的一个或多个客户端设备请求优先的文件集合。 设备可以接收优先级的文件集合,并且可以导致分析优先级的文件集合。
-
公开(公告)号:US09411959B2
公开(公告)日:2016-08-09
申请号:US14502713
申请日:2014-09-30
发明人: Kyle Adams , Daniel J. Quinlan
CPC分类号: G06F21/566 , G06F11/3688 , G06F11/3692 , G06F21/53 , G06F21/56 , G06F21/567 , G06F2221/034
摘要: A security device may receive actual behavior information associated with an object. The actual behavior information may identify a first set of behaviors associated with executing the object in a live environment. The security device may determine test behavior information associated with the object. The test behavior information may identify a second set of behaviors associated with testing the object in a test environment. The security device may compare the first set of behaviors and the second set of behaviors to determine a difference between the first set of behaviors and the second set of behaviors. The security device may identify whether the object is an evasive malicious object based on the difference between the first set of behaviors and the second set of behaviors. The security device may provide an indication of whether the object is an evasive malicious object.
摘要翻译: 安全设备可以接收与对象相关联的实际行为信息。 实际行为信息可以标识与在活的环境中执行对象相关联的第一组行为。 安全设备可以确定与对象相关联的测试行为信息。 测试行为信息可以标识与在测试环境中测试对象相关联的第二组行为。 安全设备可以比较第一组行为和第二组行为以确定第一组行为与第二组行为之间的差异。 安全设备可以基于第一组行为和第二组行为之间的差异来识别对象是否是回避的恶意对象。 安全设备可以提供对象是否是回避恶意对象的指示。
-
公开(公告)号:US09106693B2
公开(公告)日:2015-08-11
申请号:US13910019
申请日:2013-06-04
发明人: Daniel J. Quinlan , Kyle Adams , Oskar Ibatullin , Yuly Tenorio Morales , Robert W. Cameron , Bryan Burns
CPC分类号: H04L63/1441 , H04L63/1408 , H04L67/02
摘要: This disclosure describes a global attacker database that utilizes device fingerprinting to uniquely identify devices. For example, a device includes one or more processors and network interface cards to receive network traffic directed to one or more computing devices protected by the device, send, to the remote device, a request for data points of the remote device, wherein the data points include characteristics associated with the remote device, and receive at least a portion of the requested data points. The device also includes a fingerprint module to compare the received portion of the data points to sets of data points associated with known attacker devices, and determine, based on the comparison, whether a first set of data points of a first known attacker device satisfies a similarity threshold. The device also includes an security module to selectively manage, based on the determination, additional network traffic directed to the computing devices.
摘要翻译: 本公开描述了使用设备指纹识别设备的全局攻击者数据库。 例如,设备包括一个或多个处理器和网络接口卡,以接收指向由设备保护的一个或多个计算设备的网络流量,向远程设备发送对远程设备的数据点的请求,其中数据 点包括与远程设备相关联的特征,并且接收所请求的数据点的至少一部分。 所述设备还包括指纹模块,用于将接收到的数据点部分与已知攻击者设备相关联的数据点集合进行比较,并且基于比较确定第一已知攻击者设备的第一组数据点是否满足 相似性阈值。 该设备还包括安全模块,用于基于确定选择性地管理针对计算设备的附加网络流量。
-
公开(公告)号:US20150222661A1
公开(公告)日:2015-08-06
申请号:US14689255
申请日:2015-04-17
发明人: Oskar Ibatullin , Kyle Adams , Daniel J. Quinlan
CPC分类号: H04L63/1466 , G06F21/554 , H04L63/0209 , H04L63/1425 , H04L63/1441 , H04L67/10
摘要: This disclosure describes techniques for proactively identifying possible attackers based on a profile of a device. For example, a device includes one or more processors and network interface cards to receive, from a remote device, network traffic directed to one or more computing devices protected by the device, determine, based on content of the network traffic, a first set of data points for the device, send a response to the remote device to ascertain a second set of data points for the device, and receive, from the remote device, at least a portion of the second set of data points. The device also includes a security module operable by the processors to determine a maliciousness rating, and selectively manage, based on the maliciousness rating, additional network traffic directed to the one or more computing devices protected by the security device and received from the remote device.
摘要翻译: 本公开描述了基于设备的轮廓主动地识别可能的攻击者的技术。 例如,设备包括一个或多个处理器和网络接口卡,用于从远程设备接收指向由设备保护的一个或多个计算设备的网络流量,基于网络业务的内容来确定第一组 发送对远程设备的响应以确定设备的第二组数据点,并从远程设备接收第二组数据点的至少一部分。 该设备还包括可由处理器操作以确定恶意等级的安全模块,并且基于恶意等级选择性地管理针对由安全设备保护并从远程设备接收的一个或多个计算设备的附加网络流量。
-
公开(公告)号:US09015839B2
公开(公告)日:2015-04-21
申请号:US14014537
申请日:2013-08-30
发明人: Oskar Ibatullin , Kyle Adams , Daniel J. Quinlan
CPC分类号: H04L63/1466 , G06F21/554 , H04L63/0209 , H04L63/1425 , H04L63/1441 , H04L67/10
摘要: This disclosure describes techniques for proactively identifying possible attackers based on a profile of a device. For example, a device includes one or more processors and network interface cards to receive, from a remote device, network traffic directed to one or more computing devices protected by the device, determine, based on content of the network traffic, a first set of data points for the device, send a response to the remote device to ascertain a second set of data points for the device, and receive, from the remote device, at least a portion of the second set of data points. The device also includes a security module operable by the processors to determine a maliciousness rating, and selectively manage, based on the maliciousness rating, additional network traffic directed to the one or more computing devices protected by the security device and received from the remote device.
摘要翻译: 本公开描述了基于设备的轮廓主动地识别可能的攻击者的技术。 例如,设备包括一个或多个处理器和网络接口卡,用于从远程设备接收指向由设备保护的一个或多个计算设备的网络流量,基于网络业务的内容来确定第一组 发送对远程设备的响应以确定设备的第二组数据点,并从远程设备接收第二组数据点的至少一部分。 该设备还包括可由处理器操作以确定恶意等级的安全模块,并且基于恶意等级选择性地管理针对由安全设备保护并从远程设备接收的一个或多个计算设备的附加网络流量。
-
-
-
-
-
-
-
搜索结果
78 条记录 (耗时 0.132 秒)
