-
公开(公告)号:US20100125913A1
公开(公告)日:2010-05-20
申请号:US12622237
申请日:2009-11-19
申请人: Andy Davenport , Hunter King , Jon R. Ramsey
发明人: Andy Davenport , Hunter King , Jon R. Ramsey
IPC分类号: H04L9/32
CPC分类号: G06F21/55 , G06F21/54 , G06F21/566 , H04L63/0281 , H04L63/145 , H04L63/1466 , H04L2463/144
摘要: Preventing attacks on a computer at run-time. Content that is configured to access at least one function of a computer is received by the computer. Protections corresponding to the function are added to the content, wherein the protections override the function. The content and the protections are then transmitted to the computer. The function may expose a vulnerability of the computer, and arguments passed to the function may exploit that vulnerability. The protections are executed when the content is executed, and determine whether the arguments the content passed into the function represent a threat. In response to determining that the arguments represent a threat, execution of the content is terminated without executing the function.
摘要翻译: 防止在运行时对计算机进行攻击。 被配置为访问计算机的至少一个功能的内容被计算机接收。 对应于功能的保护被添加到内容中,其中保护覆盖该功能。 然后将内容和保护传送到计算机。 该功能可能会暴露计算机的漏洞,传递给该函数的参数可能会利用该漏洞。 当执行内容时执行保护,并确定内容传递到函数中的参数是否表示威胁。 响应于确定参数表示威胁,内容的执行在不执行该功能的情况下被终止。
-
公开(公告)号:US08621618B1
公开(公告)日:2013-12-31
申请号:US12931659
申请日:2011-02-07
申请人: Jon R. Ramsey , Jyotish S. Varma , Ashley Thomas , Kevin J. Schmidt , Joseph Neal Stewart , Rudy Alexander Ristich , Joan Pepin
发明人: Jon R. Ramsey , Jyotish S. Varma , Ashley Thomas , Kevin J. Schmidt , Joseph Neal Stewart , Rudy Alexander Ristich , Joan Pepin
IPC分类号: G06F21/00
CPC分类号: H04L63/1408 , G06F21/316 , G06F21/554
摘要: Communications can be processed with multiple countermeasures to identify attacks. Each countermeasure can compute a probability of a communication containing an attack and an accompanying confidence score indicating confidence in the probability. Combining the probabilities can produce a composite probability and associated confidence of the communication containing an attack. The composite probability and confidence scores can be produced from a weighted combination of the individual countermeasure probabilities and confidence scores. Weighting factors can be generated or obtained from a database that stores profiles of confirmed attacks.
-
公开(公告)号:US08522350B2
公开(公告)日:2013-08-27
申请号:US12622237
申请日:2009-11-19
申请人: Andy Davenport , Hunter King , Jon R. Ramsey
发明人: Andy Davenport , Hunter King , Jon R. Ramsey
CPC分类号: G06F21/55 , G06F21/54 , G06F21/566 , H04L63/0281 , H04L63/145 , H04L63/1466 , H04L2463/144
摘要: Preventing attacks on a computer at run-time. Content that is configured to access at least one function of a computer is received by the computer. Protections corresponding to the function are added to the content, wherein the protections override the function. The content and the protections are then transmitted to the computer. The function may expose a vulnerability of the computer, and arguments passed to the function may exploit that vulnerability. The protections are executed when the content is executed, and determine whether the arguments the content passed into the function represent a threat. In response to determining that the arguments represent a threat, execution of the content is terminated without executing the function.
-
4.发明授权System and method for identification and blocking of unwanted network traffic 有权用于识别和阻止不需要的网络流量的系统和方法公开(公告)号:US09009828B1
公开(公告)日:2015-04-14
申请号:US12240444
申请日:2008-09-29
CPC分类号: H04L63/1458 , G06F17/30312 , G06F17/30528 , H04L63/02 , H04L63/1416 , H04L63/1425 , H04L63/1441 , H04L63/1466 , H04L63/1483
摘要: Network traffic can be prevented from entering a protected network. An alert can be received that can be triggered by network traffic that matches at least one signature that is associated with undesired network behavior. A source of the network traffic that triggered the alert can be determined, and network traffic that originates from the source can be blocked. Blocking the source can include assigning a determination to the alert. It can then be determined whether network traffic from the source should be blocked based on the determination. The source can then be provided to the protected network such that a network device coupled to the protected network can be configured to block network traffic that originates from the source.
摘要翻译: 可以防止网络流量进入受保护的网络。 可以接收到可以由匹配至少一个与不期望的网络行为相关联的签名的网络流量触发的警报。 可以确定触发警报的网络流量的来源,并且可以阻止源自源的网络流量。 阻止源可以包括为警报分配确定。 然后可以根据确定来确定来自源的网络流量是否应该被阻止。 然后可以将源提供给受保护的网络,使得耦合到受保护网络的网络设备可被配置为阻止源自源的网络流量。
-
公开(公告)号:US08701176B2
公开(公告)日:2014-04-15
申请号:US13350997
申请日:2012-01-16
申请人: Jon R. Ramsey , Kevin Ketts
发明人: Jon R. Ramsey , Kevin Ketts
IPC分类号: G06F7/02
CPC分类号: H04L63/0218 , H04L63/1408 , H04L63/1441
摘要: The present disclosure is generally directed to a computer security management system that integrates a firewall with an intrusion detection system (IDS). In other words, the firewall and IDS of the present disclosure can be designed to communicate process or status information and packets with one another. The present disclosure can facilitate centralized control of the firewall and the IDS and can increase the speed at which packets are passed between a secured computer network and an external network. Increased packet processing speed can be achieved in several ways. For example, the firewall and IDS can process packets in series, in parallel, and sometimes singularly when one of the components is not permitted to process a packet. Alternatively, singular processing can also be performed when one component is permitted to pass a packet to the secured computer network without checking with the other component.
摘要翻译: 本公开通常涉及将防火墙与入侵检测系统(IDS)集成的计算机安全管理系统。 换句话说,本公开的防火墙和IDS可以被设计为将过程或状态信息和分组彼此通信。 本公开可以促进防火墙和IDS的集中控制,并且可以增加分组在安全计算机网络和外部网络之间传递的速度。 提高数据包处理速度可以通过几种方式实现。 例如,防火墙和IDS可以并行处理数据包,并且有时单独处理其中一个组件不允许处理数据包的数据包。 或者,当一个组件被允许将数据包传递到安全的计算机网络而不与另一个组件进行检查时,也可以执行奇异处理。
-
-
-
-
搜索结果
5 条记录 (耗时 0.013 秒)
