知搜-全球专利检索

  1. Login
  2. Sign Up

Search Results

10 records (took 0.015 seconds)

    Online risk mitigation
    2.
    发明授权
    Online risk mitigation 有权
    在线风险缓解

    公开(公告)号:US08429743B2

    公开(公告)日:2013-04-23

    申请号:US12342981

    申请日:2008-12-23

    Applicant: Shawn Loveland Geoffrey J Hulten Elliott Jeb Haber John L. Scarrow

    Inventor: Shawn Loveland Geoffrey J Hulten Elliott Jeb Haber John L. Scarrow

    IPC: G06F21/00

    CPC classification number: G06F11/1461 G06F11/1458

    Abstract: Online risk mitigation techniques are described. In an implementation, a service is queried for a reputation associated with an object from an online source in response to selection of the object. A backup of a client that is to receive the object is stored prior to obtaining the object when the reputation does not meet a threshold reputation level.

    Abstract translation: 描述在线风险缓解技术。 在实现中,响应于对象的选择,查询与来自在线源的对象相关联的信誉的服务。 当信誉不满足阈值信誉级别时,在获取对象之前存储要接收对象的客户端的备份。

    INTERNET INFRASTRUCTURE REPUTATION
    3.
    发明申请
    INTERNET INFRASTRUCTURE REPUTATION 审中-公开
    互联网基础设施信誉

    公开(公告)号:US20130036466A1

    公开(公告)日:2013-02-07

    申请号:US13195245

    申请日:2011-08-01

    Applicant: Anthony P. Penta Elliott Jeb Haber Ameya Bhatawdekar Ryan Charles Colvin David Douglas DeBarr Geoffrey John Hulten

    Inventor: Anthony P. Penta Elliott Jeb Haber Ameya Bhatawdekar Ryan Charles Colvin David Douglas DeBarr Geoffrey John Hulten

    IPC: G06F21/00 G06F15/173

    CPC classification number: H04L63/102 G06F16/9566 H04L63/1483

    Abstract: One or more techniques and/or systems are provided for internet connectivity protection. In particular, reputational information assigned to infrastructure components (e.g., IP addresses, name servers, domains, etc.) may be leveraged to determine whether an infrastructure component associated with a user navigating to content of a URL is malicious or safe. For example, infrastructure component data associated with a web browser navigating to a website of a URL may be collected and sent to a reputation server. The reputation server may return reputation information associated with the infrastructure component data (e.g., an IP address may be known as malicious even though the URL may not yet have a reputation). In this way, the user may be provided with notifications, such as warnings, when various unsafe conditions arise, such as interacting with an infrastructure component with a bad reputation, a resolved IP address not matching the URL, etc.

    Abstract translation: 提供一种或多种技术和/或系统用于互联网连接保护。 特别地,可以利用分配给基础设施组件(例如,IP地址,名称服务器,域等)的声誉信息来确定与导航到URL的内容的用户相关联的基础设施组件是否是恶意或安全的。 例如,可以收集与浏览到URL的网站的web浏览器相关联的基础设施组件数据并将其发送到信誉服务器。 信誉服务器可以返回与基础结构组件数据相关联的信誉信息(例如,即使URL可能还没有信誉,IP地址也可能被称为恶意的)。 以这种方式,当出现各种不安全的情况时,例如与不良信誉的基础设施组件交互,不符合URL的已解决的IP地址等,可以向用户提供诸如警告之类的通知。

    REPUTATION CHECKING OF EXECUTABLE PROGRAMS
    4.
    发明申请
    REPUTATION CHECKING OF EXECUTABLE PROGRAMS 有权
    声明检查可执行程序

    公开(公告)号:US20120192275A1

    公开(公告)日:2012-07-26

    申请号:US13010189

    申请日:2011-01-20

    Applicant: Daniel Oliver Anshul Rawat Xiang Tu Ryan Colvin James Dooley Elliott Jeb Haber Ameya Bhatawdekar Andy Davidson Jay Dave Paul Leach Karanbir Singh Chris Guzak Crispin Cowan

    Inventor: Daniel Oliver Anshul Rawat Xiang Tu Ryan Colvin James Dooley Elliott Jeb Haber Ameya Bhatawdekar Andy Davidson Jay Dave Paul Leach Karanbir Singh Chris Guzak Crispin Cowan

    IPC: G06F21/22

    CPC classification number: G06F21/51

    Abstract: The reputation of an executable computer program is checked when a user input to a computing device initiates a program launch, thus triggering a check of a local cache of reputation information. If the local cache confirms that the program is safe, it is permitted to launch, typically without notifying the user that a reputation check has been made. If the local cache cannot confirm the safety of the program, a reputation check is made by accessing a reputation service in the cloud. If the reputation service identifies the program as safe, it returns an indication to the computing device and the program is permitted to be launched, again without notifying the user that a reputation check has been made. If the reputation service identifies the program as unsafe or potentially unsafe, or does not recognize it at all, a warning is displayed to the user.

    Abstract translation: 当输入到计算设备的用户启动程序启动时,检查可执行计算机程序的声誉,从而触发对本地缓存信誉信息的检查。 如果本地缓存确认程序是安全的,则允许启动,通常不通知用户进行了声誉检查。 如果本地缓存无法确认程序的安全性,则通过访问云中的声誉服务进行声誉检查。 如果信誉服务将该程序识别为安全的,则将该指示返回给计算设备,并且允许程序被启动,而不通知用户进行了信誉检查。 如果声誉服务将程序识别为不安全或可能不安全,或者根本不识别该程序,则向用户显示警告。

    IDENTIFYING APPLICATION REPUTATION BASED ON RESOURCE ACCESSES
    6.
    发明申请
    IDENTIFYING APPLICATION REPUTATION BASED ON RESOURCE ACCESSES 有权
    基于资源访问识别应用程序信誉

    公开(公告)号:US20130042294A1

    公开(公告)日:2013-02-14

    申请号:US13205136

    申请日:2011-08-08

    Applicant: Ryan Charles Colvin Elliott Jeb Haber Ameya Bhatawdekar Anthony P. Penta

    Inventor: Ryan Charles Colvin Elliott Jeb Haber Ameya Bhatawdekar Anthony P. Penta

    IPC: G06F21/00 G06F17/00 G06F11/00

    CPC classification number: H04L63/10 G06F21/53 G06F21/6218 G06F2221/2141 H04L41/0893 H04L63/145

    Abstract: Malware detection is often based on monitoring a local application binary and/or process, such as detecting patterns of malicious code, unusual local resource utilization, or suspicious application behavior. However, the volume of available software, variety of malware, and sophistication of evasion techniques may reduce the effectiveness of detection based on monitoring local resources. Presented herein are techniques for identifying malware based on the reputations of remote resources (e.g., web content, files, databases, IP addresses, services, and users) accessed by an application. Remote resource accesses may be reported to a reputation service, which may identify reputations of remote resources, and application reputations of applications that utilize such remote resources. These application reputations may be used to adjust the application policies of the applications executed by devices and servers. These techniques thereby achieve rapid detection and mitigation of newly identified malware through application telemetry in a predominantly automated manner.

    Abstract translation: 恶意软件检测通常基于监视本地应用程序二进制和/或进程,例如检测恶意代码的模式,异常的本地资源利用率或可疑应用程序行为。 然而,可用软件的数量,各种恶意软件和复杂的逃避技术可能会降低基于监视本地资源的检测的有效性。 这里提出的是基于由应用访问的远程资源(例如,web内容,文件,数据库,IP地址,服务和用户)的声誉来识别恶意软件的技术。 远程资源访问可以被报告给信誉服务,信誉服务可以识别远程资源的信誉,以及利用这种远程资源的应用程序的应用程序信誉。 这些应用程序信誉可以用于调整由设备和服务器执行的应用程序的应用程序策略。 这些技术从而通过主要以自动化的方式通过应用遥测来实现对新识别的恶意软件的快速检测和缓解。

    Identifying application reputation based on resource accesses
    7.
    发明授权
    Identifying application reputation based on resource accesses 有权
    基于资源访问识别应用程序信誉

    公开(公告)号:US09065826B2

    公开(公告)日:2015-06-23

    申请号:US13205136

    申请日:2011-08-08

    Applicant: Ryan Charles Colvin Elliott Jeb Haber Ameya Bhatawdekar Anthony P. Penta

    Inventor: Ryan Charles Colvin Elliott Jeb Haber Ameya Bhatawdekar Anthony P. Penta

    IPC: G06F21/00 H04L29/06 G06F21/53 G06F21/62 H04L12/24

    CPC classification number: H04L63/10 G06F21/53 G06F21/6218 G06F2221/2141 H04L41/0893 H04L63/145

    Abstract: Malware detection is often based on monitoring a local application binary and/or process, such as detecting patterns of malicious code, unusual local resource utilization, or suspicious application behavior. However, the volume of available software, variety of malware, and sophistication of evasion techniques may reduce the effectiveness of detection based on monitoring local resources. Presented herein are techniques for identifying malware based on the reputations of remote resources (e.g., web content, files, databases, IP addresses, services, and users) accessed by an application. Remote resource accesses may be reported to a reputation service, which may identify reputations of remote resources, and application reputations of applications that utilize such remote resources. These application reputations may be used to adjust the application policies of the applications executed by devices and servers. These techniques thereby achieve rapid detection and mitigation of newly identified malware through application telemetry in a predominantly automated manner.

    Abstract translation: 恶意软件检测通常基于监视本地应用程序二进制和/或进程,例如检测恶意代码的模式,异常的本地资源利用率或可疑应用程序行为。 然而,可用软件的数量,各种恶意软件和复杂的逃避技术可能会降低基于监视本地资源的检测的有效性。 这里提出的是基于由应用访问的远程资源(例如,web内容,文件,数据库,IP地址,服务和用户)的声誉来识别恶意软件的技术。 远程资源访问可以被报告给信誉服务,信誉服务可以识别远程资源的信誉,以及利用这种远程资源的应用程序的应用程序信誉。 这些应用程序信誉可以用于调整由设备和服务器执行的应用程序的应用程序策略。 这些技术从而通过主要以自动化的方式通过应用遥测来实现对新识别的恶意软件的快速检测和缓解。

Patent Agency Ranking