-
公开(公告)号:US08839418B2
公开(公告)日:2014-09-16
申请号:US11335902
申请日:2006-01-18
申请人: Geoffrey John Hulten , Paul Stephen Rehfuss , Robert Rounthwaite , Joshua Theodore Goodman , Gopalakrishnan Seshadrinathan , Anthony P. Penta , Manav Mishra , Roderic C. Deyo , Elliott Jeb Haber , David Aaron Ward Snelling
发明人: Geoffrey John Hulten , Paul Stephen Rehfuss , Robert Rounthwaite , Joshua Theodore Goodman , Gopalakrishnan Seshadrinathan , Anthony P. Penta , Manav Mishra , Roderic C. Deyo , Elliott Jeb Haber , David Aaron Ward Snelling
CPC分类号: H04L63/1483 , G06F17/30887 , H04L63/08 , H04L63/1441
摘要: Described is a technology by which phishing-related data sources are processed into aggregated data and a given site evaluated the aggregated data using a predictive model to automatically determine whether the given site is likely to be a phishing site. The predictive model may be built using machine learning based on training data, e.g., including known phishing sites and/or known non-phishing sites. To determine whether an object corresponding to a site is likely a phishing-related object are described, various criteria are evaluated, including one or more features of the object when evaluated. The determination is output in some way, e.g., made available to a reputation service, used to block access to a site or warn a user before allowing access, and/or used to assist a hand grader in being more efficient in evaluating sites.
摘要翻译: 描述了一种将钓鱼相关数据源处理为聚合数据的技术,给定的站点使用预测模型评估聚合数据,以自动确定给定站点是否可能是钓鱼站点。 可以使用基于训练数据的机器学习来构建预测模型,例如包括已知的网络钓鱼站点和/或已知的非网络钓鱼站点。 为了确定对应于站点的对象是否可能是与钓鱼相关的对象,评估了各种标准,包括评估时对象的一个或多个特征。 该确定以某种方式输出,例如可用于信誉服务,用于阻止对站点的访问或在允许访问之前警告用户,和/或用于帮助平手机更有效地评估站点。
-
公开(公告)号:US07908328B1
公开(公告)日:2011-03-15
申请号:US11023293
申请日:2004-12-27
申请人: Geoffrey J Hulten , Anthony P. Penta , David Maxwell Chickering , Eliot C. Gillum , Gopalakrishnan Seshadrinathan , Jay T. Buckingham , Joshua T. Goodman , Paul S Rehfuss , Robert L. Rounthwaite , Ryan C Colvin
发明人: Geoffrey J Hulten , Anthony P. Penta , David Maxwell Chickering , Eliot C. Gillum , Gopalakrishnan Seshadrinathan , Jay T. Buckingham , Joshua T. Goodman , Paul S Rehfuss , Robert L. Rounthwaite , Ryan C Colvin
IPC分类号: G06F15/16
CPC分类号: H04L51/12
摘要: Identification of email forwarders is described. In an implementation, a method includes using heuristics to identify email forwarders for use in a reputation system for locating spammers. In another implementation, a method includes determining a likelihood that a particular Internet Protocol (IP) address corresponds to an email forwarder and processing email originating from the particular IP address based on the determined likelihood. In a further implementation, a method includes collecting heuristic data that describes characteristics of emails sent from one or more Internet Protocol (IP) addresses and constructing a model from the heuristic data for identifying whether at least one of the IP address is an email forwarder. In yet a further implementation, a method includes identifying that a particular Internet Protocol (IP) address likely corresponds to an email forwarder and processing email from the particular IP address based on an implied sender of the email.
摘要翻译: 描述电子邮件转发器的识别。 在一个实现中,一种方法包括使用启发式方法来识别在信誉系统中用于定位垃圾邮件发送者的电子邮件转发器。 在另一实施方式中,一种方法包括确定特定因特网协议(IP)地址对应于电子邮件转发器的可能性,以及基于所确定的可能性处理来自该特定IP地址的电子邮件。 在另一实现中,一种方法包括收集启发式数据,该启发式数据描述从一个或多个因特网协议(IP)地址发送的电子邮件的特征,并根据启发式数据构建模型,用于识别IP地址中的至少一个是电子邮件转发器。 在又一个实现中,一种方法包括识别特定的因特网协议(IP)地址可能对应于电子邮件转发器,并且基于电子邮件的隐含发送者从特定IP地址处理电子邮件。
-
公开(公告)号:US20130042294A1
公开(公告)日:2013-02-14
申请号:US13205136
申请日:2011-08-08
CPC分类号: H04L63/10 , G06F21/53 , G06F21/6218 , G06F2221/2141 , H04L41/0893 , H04L63/145
摘要: Malware detection is often based on monitoring a local application binary and/or process, such as detecting patterns of malicious code, unusual local resource utilization, or suspicious application behavior. However, the volume of available software, variety of malware, and sophistication of evasion techniques may reduce the effectiveness of detection based on monitoring local resources. Presented herein are techniques for identifying malware based on the reputations of remote resources (e.g., web content, files, databases, IP addresses, services, and users) accessed by an application. Remote resource accesses may be reported to a reputation service, which may identify reputations of remote resources, and application reputations of applications that utilize such remote resources. These application reputations may be used to adjust the application policies of the applications executed by devices and servers. These techniques thereby achieve rapid detection and mitigation of newly identified malware through application telemetry in a predominantly automated manner.
摘要翻译: 恶意软件检测通常基于监视本地应用程序二进制和/或进程,例如检测恶意代码的模式,异常的本地资源利用率或可疑应用程序行为。 然而,可用软件的数量,各种恶意软件和复杂的逃避技术可能会降低基于监视本地资源的检测的有效性。 这里提出的是基于由应用访问的远程资源(例如,web内容,文件,数据库,IP地址,服务和用户)的声誉来识别恶意软件的技术。 远程资源访问可以被报告给信誉服务,信誉服务可以识别远程资源的信誉,以及利用这种远程资源的应用程序的应用程序信誉。 这些应用程序信誉可以用于调整由设备和服务器执行的应用程序的应用程序策略。 这些技术从而通过主要以自动化的方式通过应用遥测来实现对新识别的恶意软件的快速检测和缓解。
-
公开(公告)号:US08291065B2
公开(公告)日:2012-10-16
申请号:US11537641
申请日:2006-09-30
申请人: Joshua T. Goodman , Paul S Rehfuss , Robert L. Rounthwaite , Manav Mishra , Geoffrey J Hulten , Kenneth G Richards , Aaron H Averbuch , Anthony P. Penta , Roderict C. Deyo
发明人: Joshua T. Goodman , Paul S Rehfuss , Robert L. Rounthwaite , Manav Mishra , Geoffrey J Hulten , Kenneth G Richards , Aaron H Averbuch , Anthony P. Penta , Roderict C. Deyo
IPC分类号: G06F15/173
CPC分类号: H04L63/1408 , H04L63/1441 , H04L63/1483
摘要: Phishing detection, prevention, and notification is described. In an embodiment, a messaging application facilitates communication via a messaging user interface, and receives a communication, such as an email message, from a domain. A phishing detection module detects a phishing attack in the communication by determining that the domain is similar to a known phishing domain, or by detecting suspicious network properties of the domain. In another embodiment, a Web browsing application receives content, such as data for a Web page, from a network-based resource, such as a Web site or domain. The Web browsing application initiates a display of the content, and a phishing detection module detects a phishing attack in the content by determining that a domain of the network-based resource is similar to a known phishing domain, or that an address of the network-based resource from which the content is received has suspicious network properties.
摘要翻译: 描述网络钓鱼检测,预防和通知。 在一个实施例中,消息收发应用促进通过消息收发用户界面的通信,并从域接收诸如电子邮件消息之类的通信。 钓鱼检测模块通过确定域与已知的网络钓鱼域相似,或通过检测域的可疑网络属性来检测通信中的网络钓鱼攻击。 在另一个实施例中,Web浏览应用程序从基于网络的资源(诸如网站或域)接收诸如网页的数据的内容。 Web浏览应用程序启动内容的显示,并且网络钓鱼检测模块通过确定基于网络的资源的域类似于已知的网络钓鱼域来检测内容中的网络钓鱼攻击,或者网络 - 收到内容的基于资源的资源具有可疑的网络属性。
-
公开(公告)号:US20130036466A1
公开(公告)日:2013-02-07
申请号:US13195245
申请日:2011-08-01
申请人: Anthony P. Penta , Elliott Jeb Haber , Ameya Bhatawdekar , Ryan Charles Colvin , David Douglas DeBarr , Geoffrey John Hulten
发明人: Anthony P. Penta , Elliott Jeb Haber , Ameya Bhatawdekar , Ryan Charles Colvin , David Douglas DeBarr , Geoffrey John Hulten
IPC分类号: G06F21/00 , G06F15/173
CPC分类号: H04L63/102 , G06F16/9566 , H04L63/1483
摘要: One or more techniques and/or systems are provided for internet connectivity protection. In particular, reputational information assigned to infrastructure components (e.g., IP addresses, name servers, domains, etc.) may be leveraged to determine whether an infrastructure component associated with a user navigating to content of a URL is malicious or safe. For example, infrastructure component data associated with a web browser navigating to a website of a URL may be collected and sent to a reputation server. The reputation server may return reputation information associated with the infrastructure component data (e.g., an IP address may be known as malicious even though the URL may not yet have a reputation). In this way, the user may be provided with notifications, such as warnings, when various unsafe conditions arise, such as interacting with an infrastructure component with a bad reputation, a resolved IP address not matching the URL, etc.
摘要翻译: 提供一种或多种技术和/或系统用于互联网连接保护。 特别地,可以利用分配给基础设施组件(例如,IP地址,名称服务器,域等)的声誉信息来确定与导航到URL的内容的用户相关联的基础设施组件是否是恶意或安全的。 例如,可以收集与浏览到URL的网站的web浏览器相关联的基础设施组件数据并将其发送到信誉服务器。 信誉服务器可以返回与基础结构组件数据相关联的信誉信息(例如,即使URL可能还没有信誉,IP地址也可能被称为恶意的)。 以这种方式,当出现各种不安全的情况时,例如与不良信誉的基础设施组件交互,不符合URL的已解决的IP地址等,可以向用户提供诸如警告之类的通知。
-
公开(公告)号:US09065826B2
公开(公告)日:2015-06-23
申请号:US13205136
申请日:2011-08-08
CPC分类号: H04L63/10 , G06F21/53 , G06F21/6218 , G06F2221/2141 , H04L41/0893 , H04L63/145
摘要: Malware detection is often based on monitoring a local application binary and/or process, such as detecting patterns of malicious code, unusual local resource utilization, or suspicious application behavior. However, the volume of available software, variety of malware, and sophistication of evasion techniques may reduce the effectiveness of detection based on monitoring local resources. Presented herein are techniques for identifying malware based on the reputations of remote resources (e.g., web content, files, databases, IP addresses, services, and users) accessed by an application. Remote resource accesses may be reported to a reputation service, which may identify reputations of remote resources, and application reputations of applications that utilize such remote resources. These application reputations may be used to adjust the application policies of the applications executed by devices and servers. These techniques thereby achieve rapid detection and mitigation of newly identified malware through application telemetry in a predominantly automated manner.
摘要翻译: 恶意软件检测通常基于监视本地应用程序二进制和/或进程,例如检测恶意代码的模式,异常的本地资源利用率或可疑应用程序行为。 然而,可用软件的数量,各种恶意软件和复杂的逃避技术可能会降低基于监视本地资源的检测的有效性。 这里提出的是基于由应用访问的远程资源(例如,web内容,文件,数据库,IP地址,服务和用户)的声誉来识别恶意软件的技术。 远程资源访问可以被报告给信誉服务,信誉服务可以识别远程资源的信誉,以及利用这种远程资源的应用程序的应用程序信誉。 这些应用程序信誉可以用于调整由设备和服务器执行的应用程序的应用程序策略。 这些技术从而通过主要以自动化的方式通过应用遥测来实现对新识别的恶意软件的快速检测和缓解。
-
公开(公告)号:US07634810B2
公开(公告)日:2009-12-15
申请号:US11129222
申请日:2005-05-13
申请人: Joshua T. Goodman , Paul S Rehfuss , Robert L. Rounthwaite , Manav Mishra , Geoffrey J Hulten , Kenneth G Richards , Aaron H Averbuch , Anthony P. Penta , Roderic C Deyo
发明人: Joshua T. Goodman , Paul S Rehfuss , Robert L. Rounthwaite , Manav Mishra , Geoffrey J Hulten , Kenneth G Richards , Aaron H Averbuch , Anthony P. Penta , Roderic C Deyo
CPC分类号: H04L63/1416 , H04L51/12 , H04L63/1466 , H04L63/1483
摘要: Phishing detection, prevention, and notification is described. In an embodiment, a messaging application facilitates communication via a messaging user interface, and receives a communication, such as an email message, from a domain. A phishing detection module detects a phishing attack in the communication by determining that the domain is similar to a known phishing domain, or by detecting suspicious network properties of the domain. In another embodiment, a Web browsing application receives content, such as data for a Web page, from a network-based resource, such as a Web site or domain. The Web browsing application initiates a display of the content, and a phishing detection module detects a phishing attack in the content by determining that a domain of the network-based resource is similar to a known phishing domain, or that an address of the network-based resource from which the content is received has suspicious network properties.
摘要翻译: 描述网络钓鱼检测,预防和通知。 在一个实施例中,消息收发应用促进通过消息收发用户界面的通信,并从域接收诸如电子邮件消息之类的通信。 钓鱼检测模块通过确定域与已知的网络钓鱼域相似,或通过检测域的可疑网络属性来检测通信中的网络钓鱼攻击。 在另一个实施例中,Web浏览应用程序从基于网络的资源(诸如网站或域)接收诸如网页的数据的内容。 Web浏览应用程序启动内容的显示,并且网络钓鱼检测模块通过确定基于网络的资源的域类似于已知的网络钓鱼域来检测内容中的网络钓鱼攻击,或者网络 - 收到内容的基于资源的资源具有可疑的网络属性。
-
公开(公告)号:US07409708B2
公开(公告)日:2008-08-05
申请号:US10856978
申请日:2004-05-28
申请人: Joshua T Goodman , Robert L Rounthwaite , Geoffrey J Hulten , John A Deurbrouck , Manav Mishra , Anthony P Penta
发明人: Joshua T Goodman , Robert L Rounthwaite , Geoffrey J Hulten , John A Deurbrouck , Manav Mishra , Anthony P Penta
IPC分类号: H04L29/00
CPC分类号: H04L51/12 , G06Q10/107
摘要: Disclosed are systems and methods that facilitate spam detection and prevention at least in part by building or training filters using advanced IP address and/or URL features in connection with machine learning techniques. A variety of advanced IP address related features can be generated from performing a reverse IP lookup. Similarly, many different advanced URL based features can be created from analyzing at least a portion of any one URL detected in a message.
摘要翻译: 公开了至少部分地通过使用与机器学习技术相关联的高级IP地址和/或URL特征来构建或训练过滤器来促进垃圾邮件检测和预防的系统和方法。 可以通过执行反向IP查找来生成各种高级IP地址相关功能。 类似地,可以通过分析消息中检测到的任何一个URL的至少一部分来创建许多不同的基于高级URL的特征。
-
-
-
-
-
-
-