-
公开(公告)号:US12130922B1
公开(公告)日:2024-10-29
申请号:US17967647
申请日:2022-10-17
发明人: Brendan M. Johnson
CPC分类号: G06F21/568 , G06F21/552 , G06F21/565
摘要: A cloud computing infrastructure hosts a web service with customer accounts. In a customer account, files of the customer account are listed in an index. Files indicated in the index are arranged in groups, with files in each group being scanned using scanning serverless functions in the customer account. The files in the customer account include a compressed tar archive of a software container. Member files of a compressed tar archive in a customer account are randomly-accessed by way of locators that indicate a tar offset, a logical offset, and a decompressor state for a corresponding member file. A member file is accessed by seeking to the tar offset in the compressed tar archive, restoring a decompressor to the decompressor state, decompressing the compressed tar archive using the decompressor, and moving to the logical offset in the decompressed data in memory.
-
公开(公告)号:US12019782B1
公开(公告)日:2024-06-25
申请号:US17530680
申请日:2021-11-19
CPC分类号: G06F21/6245 , H04L9/3255 , H04L63/1425
摘要: System and methods of analyzing customer events logs for cybersecurity with privacy protection are disclosed. Events logs of cybersecurity events are received from customer computers. Customers in the events logs are represented with ring signatures. Candidate features that occur in a group of events are identified in the events logs. A candidate feature is analyzed, based on corresponding ring signatures, to determine if the candidate feature can be attributed to a customer or a limited number of customers. If so, the candidate feature is considered private and is discarded. Otherwise, the candidate feature is retained as public data suitable for use in cybersecurity operations.
-
公开(公告)号:US11973791B1
公开(公告)日:2024-04-30
申请号:US17493494
申请日:2021-10-04
发明人: Zhijie Li , ZhengBao Zhang , Lili Diao
CPC分类号: H04L63/1433 , G06N5/02 , H04L63/1483
摘要: A risk knowledge graph is created from information on risk events involving network entities of a private computer network. Each of the risk events is represented as a node in the risk knowledge graph. The nodes are connected by edges that represent the risk events. The nodes are grouped into communities of related nodes. A response action is performed against a community to mitigate a cybersecurity risk posed by the community.
-
公开(公告)号:US11907368B1
公开(公告)日:2024-02-20
申请号:US17534727
申请日:2021-11-24
发明人: Peng Ye , Jingchen Ke
IPC分类号: G06F21/55
CPC分类号: G06F21/552 , G06F21/554 , G06F2221/2101
摘要: Anomalous activities on a computer network are detected from audit or sign-in activity information of a target entity as recorded in an audit or sign-in log. A baseline graph of the target entity is generated using information on activities of the target entity during a collection period. A predict graph of the target entity is generated with information on activities of the target entity during another collection period, which follows and is shorter than the earlier collection period. A residual graph that indicates nodes or edges that are in the predict graph but not in the baseline graph is generated. The residual graph is scored and the score is compared to a threshold to determine whether the target entity has performed an anomalous activity.
-
5.发明授权公开(公告)号:US11841918B1
公开(公告)日:2023-12-12
申请号:US16554211
申请日:2019-08-28
发明人: Chia Li
IPC分类号: G06F16/958 , G06F21/54 , G06F21/36 , G06F40/174 , H04L51/52
CPC分类号: G06F16/958 , G06F21/36 , G06F21/54 , G06F40/174 , H04L51/52
摘要: A method for preventing spam comments from populating a web site is provided. The method includes intercepting a HTTP (Hypertext Transfer Protocol) response, which includes a web page with a form for enabling a client's general comments to be published on the web site. The method also includes modifying the web page with the form to create a modified web page with a randomized form. The modifying includes randomly adding a set of randomized variable names to the web page with the form. The set of randomized variable names is a set of randomly generated character strings. The method further includes forwarding the modified web page with the randomized form to the client. The method yet also includes adding the set of randomized variable name to a form database, which is configured for storing data about the modified web page with the randomized form.
-
公开(公告)号:US11757816B1
公开(公告)日:2023-09-12
申请号:US16679567
申请日:2019-11-11
发明人: Tsung-Fu Lin , Jyh-Ying Peng , Che-Fu Yeh , Yen-Shuo Huang , Jeng-Yan Shen
IPC分类号: H04L51/212 , G06Q10/107 , H04L9/40
CPC分类号: H04L51/212 , G06Q10/107 , H04L63/08 , H04L63/12 , H04L63/1441
摘要: A scam detection system includes a user computer that runs a security application and a backend system that runs a scam detector. An email is received at the user computer. The security application extracts and forwards a content of the email, which includes a body of the email, to the backend system. The email body of the email is anonymized by removing personally identifiable information from the email body. A hash of the anonymized email body is generated and compared against hashes of a whitelist and a blacklist. The anonymized email body is classified. A segment of text of the anonymized email body is identified and provided to the user computer when the anonymized email body is classified as scam.
-
公开(公告)号:US11574053B1
公开(公告)日:2023-02-07
申请号:US16239942
申请日:2019-01-04
发明人: Te-Ching Chen , Chih-Kun Ho , Yung-Hsiang Lee
IPC分类号: G06F21/56 , G06F21/55 , G06N20/00 , G06F9/54 , G06N5/00 , G06F40/211 , G06F40/284
摘要: An endpoint system receives a target file for evaluation for malicious scripts. The original content of the target file is normalized and stored in a normalized buffer. Tokens in the normalized buffer are translated to symbols, which are stored in a tokenized buffer. Strings in the normalized buffer are stored in a string buffer. Tokens that are indicative of syntactical structure of the normalized content are extracted from the normalized buffer and stored in a structure buffer. The content of the tokenized buffer and counts of tokens represented as symbols in the tokenized buffer are compared against heuristic rules indicative of malicious scripts. The contents of the tokenized buffer and string buffer are compared against signatures of malicious scripts. The contents of the tokenized buffer, string buffer, and structure buffer are input to a machine learning model that has been trained to detect malicious scripts.
-
公开(公告)号:US11568301B1
公开(公告)日:2023-01-31
申请号:US15884660
申请日:2018-01-31
发明人: Peng-Yuan Yueh , Chia-Yen Chang , Po-I Wang , Te-Ching Chen
摘要: A machine learning system includes multiple machine learning models. A target object, such as a file, is scanned for machine learning features. Context information of the target object, such as the type of the object and how the object was received in a computer, is employed to select a machine learning model among the multiple machine learning models. The machine learning model is also selected based on threat intelligence, such as census information of the target object. The selected machine learning model makes a prediction using machine learning features extracted from the target object. The target object is allowed or blocked depending on whether or not the prediction indicates that the target object is malicious.
-
公开(公告)号:US11539755B1
公开(公告)日:2022-12-27
申请号:US17208167
申请日:2021-03-22
发明人: Kevin G. Boyce
摘要: An inline network traffic monitor is deployed inline between two endpoints of a computer network. A particular endpoint of the two endpoints works in conjunction with the inline network traffic monitor to decrypt encrypted network traffic transmitted between the two endpoints. A series of Change Cipher Spec (CCS) messages is exchanged between the inline network traffic monitor and the particular endpoint during a Transport Layer Security (TLS) handshake between the two endpoints. The series of CCS messages allows the particular endpoint and the inline network traffic monitor to detect each other on the computer network. After detecting each other's presence, the particular endpoint sends the inline network traffic monitor a session key that is used by the two endpoints to encrypt their network traffic. The inline network traffic monitor uses the session key to decrypt encrypted data of the network traffic transmitted between the two endpoints.
-
公开(公告)号:US11449794B1
公开(公告)日:2022-09-20
申请号:US16547211
申请日:2019-08-21
发明人: Lili Diao
摘要: Language-based machine learning approach for automatically detecting universal charset and the language of a received document is disclosed. The language-based machine learning approach employs a plurality of text document samples in different languages, after converting them to a selected Unicode style (if their original encoding schemes are not the selected Unicode), to generate a plurality of language-based machine learning models during the training stage. During the application stage, vector representations of the received document for different combinations of charsets and their respective applicable languages are tested against the plurality of machine learning models to ascertain the charset and language combination that is most similar to its associated machine learning model, thereby identifying the charset and language of the received document.
-
-
-
-
-
-
-
-
-
搜索结果
547 条记录 (耗时 0.019 秒)
