DETECTION OF MALICIOUS SCRIPTING LANGUAGE CODE IN A NETWORK ENVIRONMENT
    1.
    发明申请
    DETECTION OF MALICIOUS SCRIPTING LANGUAGE CODE IN A NETWORK ENVIRONMENT 审中-公开
    检测网络环境中的恶意代码语言代码

    公开(公告)号:US20150363598A1

    公开(公告)日:2015-12-17

    申请号:US14761285

    申请日:2014-01-16

    IPC分类号: G06F21/56

    摘要: A method is provided in one example embodiment and includes initiating an execution of a compiled script, evaluating a function called in the compiled script, detecting an execution event based on at least a first criterion, and storing information associated with the execution event in an execution event queue. The method also includes verifying a correlation signature based on information associated with at least one execution event in the execution event queue. In specific embodiments, the method includes evaluating an assignment statement of a script during compilation of the script by a compiler, detecting a compilation event based on at least a second criterion, and storing information associated with the compilation event in a compilation event queue. In yet additional embodiments, the verification of the correlation signature is based in part on information associated with one or more compilation events in the compilation event queue.

    摘要翻译: 在一个示例实施例中提供了一种方法,并且包括启动编译脚本的执行,评估在编译脚本中调用的函数,至少基于第一准则来检测执行事件,以及将与执行事件相关联的信息存储在执行中 事件队列。 该方法还包括基于与执行事件队列中的至少一个执行事件相关联的信息来验证相关签名。 在具体实施例中,该方法包括在由编译器编译脚本期间评估脚本的赋值语句,基于至少第二准则检测编译事件,以及将与编译事件相关联的信息存储在编译事件队列中。 在另外的实施例中,相关签名的验证部分地基于与编译事件队列中的一个或多个编译事件相关联的信息。

    GENERIC PRIVILEGE ESCALATION PREVENTION
    2.
    发明申请
    GENERIC PRIVILEGE ESCALATION PREVENTION 有权
    一般特权防雷

    公开(公告)号:US20140351930A1

    公开(公告)日:2014-11-27

    申请号:US13977014

    申请日:2013-03-15

    IPC分类号: H04L29/06

    摘要: An apparatus, method, computer readable storage medium are provided in one or more examples and comprise accessing an application, identifying an access token of the application, determining if the access token is a system token, and responsive to the access token failing to be a system token, enabling a runtime module.

    摘要翻译: 在一个或多个示例中提供了一种装置,方法,计算机可读存储介质,包括访问应用程序,识别应用程序的访问令牌,确定访问令牌是否是系统令牌,以及响应于访问令牌不成为 系统令牌,启用运行时模块。

    Method and apparatus for detecting shellcode

    公开(公告)号:US08051479B1

    公开(公告)日:2011-11-01

    申请号:US11332115

    申请日:2006-01-12

    申请人: Zheng Bu Fengmin Gong

    发明人: Zheng Bu Fengmin Gong

    IPC分类号: G06F12/14 G06F12/16 G08B23/00

    CPC分类号: G06F21/52

    摘要: The invention is a method and apparatus for detecting shellcode such that a set of computer instructions is scanned for the presence of a null operation instruction. The computer instructions are also examined for the presence of a system call instruction, and reviewed for the presence of a decoder instruction set. A null operation weight value is then determined corresponding to the null operation instruction. Also assessed is a system call weight value corresponding to the system call instruction. In addition, a decoder weight value is calculated corresponding to the decoder instruction set. The null operation weight value, the system call weight value, and the decoder weight value are then analyzed to identify a shellcode.

    System, method, and computer program product for preventing communication of unwanted network traffic by holding only a last portion of the network traffic
    7.
    发明授权
    System, method, and computer program product for preventing communication of unwanted network traffic by holding only a last portion of the network traffic 有权
    系统,方法和计算机程序产品,用于通过仅保持网络流量的最后部分来防止不想要的网络流量的通信

    公开(公告)号:US08448232B1

    公开(公告)日:2013-05-21

    申请号:US13210070

    申请日:2011-08-15

    申请人: Ge Zhu Zheng Bu

    发明人: Ge Zhu Zheng Bu

    IPC分类号: G06F15/16 G06F17/00

    摘要: A system, method, and computer program product are provided for preventing communication of unwanted network traffic by holding only a last portion of the network traffic. In use, network traffic associated with a file transfer is received. Additionally, only a last portion of the network traffic associated with the file transfer is held for determining whether the file is unwanted. Further, the last portion of the network traffic associated with the file transfer is conditionally forwarded to a destination device, based on the determination.

    摘要翻译: 提供了一种系统,方法和计算机程序产品,用于通过仅保持网络业务的最后一部分来防止不想要的网络业务的通信。 在使用中,接收与文件传输相关联的网络流量。 另外,仅保持与文件传输相关联的网络流量的最后部分,以确定文件是否是不需要的。 此外,基于该确定,与文件传输相关联的网络流量的最后部分被有条件地转发到目的地设备。

    SYSTEM AND METHOD FOR PROTOCOL FINGERPRINTING AND REPUTATION CORRELATION
    8.
    发明申请
    SYSTEM AND METHOD FOR PROTOCOL FINGERPRINTING AND REPUTATION CORRELATION 有权
    用于协议指纹和信号相关的系统和方法

    公开(公告)号:US20120331556A1

    公开(公告)日:2012-12-27

    申请号:US13170163

    申请日:2011-06-27

    IPC分类号: G06F21/00

    摘要: A method is provided in one example embodiment that includes generating a fingerprint based on properties extracted from data packets received over a network connection and requesting a reputation value based on the fingerprint. A policy action may be taken on the network connection if the reputation value received indicates the fingerprint is associated with malicious activity. The method may additionally include displaying information about protocols based on protocol fingerprints, and more particularly, based on fingerprints of unrecognized protocols. In yet other embodiments, the reputation value may also be based on network addresses associated with the network connection.

    摘要翻译: 在一个示例实施例中提供了一种方法,其包括基于通过网络连接接收的数据分组提取的属性生成指纹,并且基于指纹请求信誉值。 如果接收到的信誉值指示指纹与恶意活动相关联,则可以对网络连接进行策略动作。 该方法可以另外包括基于协议指纹显示关于协议的信息,更具体地,基于无法识别的协议的指纹。 在其他实施例中,信誉值也可以基于与网络连接相关联的网络地址。

    Method and apparatus for detecting shellcode
    10.
    发明授权
    Method and apparatus for detecting shellcode 有权
    检测shellcode的方法和装置

    公开(公告)号:US07904955B1

    公开(公告)日:2011-03-08

    申请号:US10172138

    申请日:2002-06-13

    申请人: Zheng Bu Fengmin Gong

    发明人: Zheng Bu Fengmin Gong

    IPC分类号: G06F12/14 G06F12/16 G08B23/00

    CPC分类号: G06F21/52

    摘要: The invention is a method and apparatus for detecting shellcode such that a set of computer instructions is scanned for the presence of a null operation instruction. The computer instructions are also examined for the presence of a system call instruction, and reviewed for the presence of a decoder instruction set. A null operation weight value is then determined corresponding to the null operation instruction. Also assessed is a system call weight value corresponding to the system call instruction. In addition, a decoder weight value is calculated corresponding to the decoder instruction set. The null operation weight value, the system call weight value, and the decoder weight value are then analyzed to identify a shellcode.

    摘要翻译: 本发明是一种用于检测shellcode的方法和装置,以便扫描一组计算机指令以存在空操作指令。 还检查计算机指令是否存在系统调用指令,并检查了解码器指令集的存在。 然后对应于空操作指令确定空操作权重值。 还评估了与系统调用指令对应的系统调用权重值。 此外,对应于解码器指令集计算解码器权重值。 然后分析空操作权重值,系统调用权重值和解码器权重值以识别shellcode。