公开(公告)号：US07975305B2

公开(公告)日：2011-07-05

申请号：US11009437

申请日：2004-12-09

申请人： Moshe Rubin ,  Moshe Matitya ,  Artem Melnick ,  Shlomo Touboul ,  Alexander Yermakov ,  Amit Shaked

发明人： Moshe Rubin ,  Moshe Matitya ,  Artem Melnick ,  Shlomo Touboul ,  Alexander Yermakov ,  Amit Shaked

IPC分类号： G06F11/00 ,  G06F21/00

CPC分类号： G06F21/563

摘要： A security system for scanning content within a computer, including a network interface, housed within a computer, for receiving content from the Internet on its destination to an Internet application running on the computer, a database of rules corresponding to computer exploits, stored within the computer, a rule-based content scanner that communicates with said database of rules, for scanning content to recognize the presence of potential exploits therewithin, a network traffic probe, operatively coupled to the network interface and to the rule-based content scanner, for selectively diverting content from its intended destination to the rule-based content scanner, and a rule update manager that communicates with said database of rules, for updating said database of rules periodically to incorporate new rules that are made available. A method and a computer readable storage medium are also described and claimed.

摘要翻译： 一种用于扫描计算机内的内容的安全系统，包括位于计算机内的网络接口，用于从其目的地上的因特网接收内容到在计算机上运行的因特网应用程序的内容，存储在计算机内的规则对应的规则数据库 计算机，与所述规则数据库通信的基于规则的内容扫描器，用于扫描内容以识别其中存在潜在漏洞;网络业务探测器，可操作地耦合到网络接口和基于规则的内容扫描器，用于选择性地 将内容从其预期目的地转移到基于规则的内容扫描器，以及规则更新管理器，其与所述规则数据库进行通信，用于周期性地更新所述规则数据库以包含可用的新规则。 还描述并要求保护方法和计算机可读存储介质。

公开(公告)号：US08225408B2

公开(公告)日：2012-07-17

申请号：US10930884

申请日：2004-08-30

申请人： Moshe Rubin ,  Moshe Matitya ,  Artem Melnick ,  Shlomo Touboul ,  Alexander Yermakov ,  Amit Shaked

发明人： Moshe Rubin ,  Moshe Matitya ,  Artem Melnick ,  Shlomo Touboul ,  Alexander Yermakov ,  Amit Shaked

IPC分类号： H04L29/06

CPC分类号： G06F21/563 ,  G06F8/427 ,  G06F21/562 ,  G06F2221/2119 ,  H04L63/0227 ,  H04L63/0245 ,  H04L63/145 ,  H04L63/168

摘要： A method for scanning content, including identifying tokens within an incoming byte stream, the tokens being lexical constructs for a specific language, identifying patterns of tokens, generating a parse tree from the identified patterns of tokens, and identifying the presence of potential exploits within the parse tree, wherein said identifying tokens, identifying patterns of tokens, and identifying the presence of potential exploits are based upon a set of rules for the specific language. A system and a computer readable storage medium are also described and claimed.

摘要翻译： 一种用于扫描内容的方法，包括识别输入字节流内的令牌，所述令牌是用于特定语言的词法构造，识别令牌模式，从所识别的令牌模式生成解析树，以及识别所述令牌内的潜在漏洞的存在 解析树，其中所述识别令牌，识别令牌的模式以及识别潜在利用的存在是基于用于特定语言的一组规则。 还描述和要求保护系统和计算机可读存储介质。

公开(公告)号：US20050240999A1

公开(公告)日：2005-10-27

申请号：US11009437

申请日：2004-12-09

申请人： Moshe Rubin ,  Moshe Matitya ,  Artem Melnick ,  Shlomo Touboul ,  Alexander Yermakov ,  Amit Shaked

发明人： Moshe Rubin ,  Moshe Matitya ,  Artem Melnick ,  Shlomo Touboul ,  Alexander Yermakov ,  Amit Shaked

IPC分类号： G06F11/30 ,  G06F12/14 ,  G06F21/00 ,  H04L9/00 ,  H04L9/32

CPC分类号： G06F21/563

摘要： A security system for scanning content within a computer, including a network interface, housed within a computer, for receiving content from the Internet on its destination to an Internet application running on the computer, a database of rules corresponding to computer exploits, stored within the computer, a rule-based content scanner that communicates with said database of rules, for scanning content to recognize the presence of potential exploits therewithin, a network traffic probe, operatively coupled to the network interface and to the rule-based content scanner, for selectively diverting content from its intended destination to the rule-based content scanner, and a rule update manager that communicates with said database of rules, for updating said database of rules periodically to incorporate new rules that are made available. A method and a computer readable storage medium are also described and claimed.

摘要翻译： 一种用于扫描计算机内的内容的安全系统，包括位于计算机内的网络接口，用于从其目的地上的因特网接收内容到在计算机上运行的因特网应用程序的内容，存储在计算机内的规则对应的规则数据库 计算机，基于规则的内容扫描器，其与所述规则数据库进行通信，用于扫描内容以识别其中的潜在漏洞的存在;网络流量探测器，可操作地耦合到网络接口和基于规则的内容扫描器，用于选择性地 将内容从其预期目的地转移到基于规则的内容扫描器，以及规则更新管理器，其与所述规则数据库进行通信，用于周期性地更新所述规则数据库以包含可用的新规则。 还描述并要求保护方法和计算机可读存储介质。

公开(公告)号：US20050108554A1

公开(公告)日：2005-05-19

申请号：US10930884

申请日：2004-08-30

申请人： Moshe Rubin ,  Moshe Matitya ,  Artem Melnick ,  Shlomo Touboul ,  Alexander Yermakov ,  Amit Shaked

发明人： Moshe Rubin ,  Moshe Matitya ,  Artem Melnick ,  Shlomo Touboul ,  Alexander Yermakov ,  Amit Shaked

IPC分类号： G06F21/00 ,  H04L29/06 ,  G06F9/45

CPC分类号： G06F21/563 ,  G06F8/427 ,  G06F21/562 ,  G06F2221/2119 ,  H04L63/0227 ,  H04L63/0245 ,  H04L63/145 ,  H04L63/168

摘要： A method for scanning content, including identifying tokens within an incoming byte stream, the tokens being lexical constructs for a specific language, identifying patterns of tokens, generating a parse tree from the identified patterns of tokens, and identifying the presence of potential exploits within the parse tree, wherein said identifying tokens, identifying patterns of tokens, and identifying the presence of potential exploits are based upon a set of rules for the specific language. A system and a computer readable storage medium are also described and claimed.

摘要翻译： 一种用于扫描内容的方法，包括识别输入字节流内的令牌，所述令牌是用于特定语言的词法构造，识别令牌模式，从所识别的令牌模式生成解析树，以及识别所述令牌内的潜在漏洞的存在 解析树，其中所述识别令牌，识别令牌的模式以及识别潜在利用的存在是基于用于特定语言的一组规则。 还描述和要求保护系统和计算机可读存储介质。