Настройки

Укажите год
-

Небесная энциклопедия

Космические корабли и станции, автоматические КА и методы их проектирования, бортовые комплексы управления, системы и средства жизнеобеспечения, особенности технологии производства ракетно-космических систем

Подробнее
-

Мониторинг СМИ

Мониторинг СМИ и социальных сетей. Сканирование интернета, новостных сайтов, специализированных контентных площадок на базе мессенджеров. Гибкие настройки фильтров и первоначальных источников.

Подробнее

Форма поиска

Поддерживает ввод нескольких поисковых фраз (по одной на строку). При поиске обеспечивает поддержку морфологии русского и английского языка
Ведите корректный номера.
Ведите корректный номера.
Ведите корректный номера.
Ведите корректный номера.
Укажите год
Укажите год
Применить Всего найдено 18766. Отображено 100.
19-01-2012 дата публикации

Method and apparatus for virus throttling with rate limiting

Номер: US20120017279A1
Автор: Shaun Kazuo Wakumoto
Принадлежит: Hewlett Packard Development Co LP

A method for traffic control of a network device in a network are disclosed. The network device determines potentially malicious behavior by a host device in the network. A permissible rate of traffic from the host device through a port of the network device is reduced in response to determining the potentially malicious behavior. A rate of traffic through the port of the network device is measured. The measured traffic rate is compared with a threshold rate. The permissible rate of traffic is adjusted based on the comparison.

Подробнее
Номер записи: 1
02-02-2012 дата публикации

Functional patching/hooking detection and prevention

Номер: US20120030762A1
Автор: Amit Klein, Eldan BEN-HAIM, Oleg Izmerly, Shmuel REGEV
Принадлежит: Trusteer Ltd

A method for preventing malicious attacks on software, using the patching method, includes providing a database of malicious known patches (malware). The database contains characteristic signatures of the malware. The method also includes detecting whether a patch is malicious by comparing it with a signature in the database and performing one or more activities needed to prevent the malicious patch from performing undesired activities.

Подробнее
Номер записи: 2
01-03-2012 дата публикации

Securing a Storage Element for a Binary Datum, Control Register and Chip Card

Номер: US20120054863A1
Автор: Nicolas Morin, Thiebeauld De La Croue HUGUES
Принадлежит: Oberthur Technologies SA

Securing a storage element for a binary datum, control register and chip card. This element ( 60 ) for storing a binary datum (D) inputs a signal representative of said binary datum, said storage to be carried out when an enable signal (ENA) is at a first predetermined level, supplies an output signal (Q) the state whereof represents the datum stored in said storage element ( 10 ), and detects an attack aimed at said enable signal (ENA) or at a signal internal to said storage element.

Подробнее
Номер записи: 3
15-03-2012 дата публикации

Reputation checking obtained files

Номер: US20120066346A1
Автор: Elliott Jeb Haber, Jane T. Kim, Jeffrey R. McKune, Jess S. Holbrook, John L. Scarrow, Ritika Virmani, Ryan C. Colvin, Sarah J. Bowers, Warren G. Stevens
Принадлежит: Microsoft Corp

A Web browser of a computing device downloads or otherwise obtains a file. File information identifying the file is obtained and is sent to a remote reputation service. Client information identifying aspects of the computing device can also optionally be sent to the remote reputation service. In response to the file information (and optionally client information), a reputation indication for the file is received from the remote reputation service. A user interface for the Web browser to present at the computing device is determined, based at least in part on the reputation indication, and presented at the computing device.

Подробнее
Номер записи: 4
15-03-2012 дата публикации

System and method for improving security using intelligent base storage

Номер: US20120066765A1
Автор: John O'brien
Принадлежит: Individual

The present invention presents a system and method for providing improved security within a computer system by using an intelligent based storage system operating with the host unit whereby, the intelligent based storage system independently provides monitoring of files that should not be accessed, monitoring of files that should be accesses with strict regularity, and analysis of access patterns.

Подробнее
Номер записи: 5
19-04-2012 дата публикации

System and method for identifying malicious activities through non-logged-in host usage

Номер: US20120096556A1
Автор: Gunter D. OLLMANN
Принадлежит: International Business Machines Corp

A method for identifying malware activities, implemented within a computer infrastructure, includes receiving a data communication via a data channel and determining a user is not interactively logged in to a host. Additionally, the method includes identifying the data communication as a potential malware communication in response to the determining the user is not interactively logged in to the host.

Подробнее
Номер записи: 6
31-05-2012 дата публикации

Method, a computer program and apparatus for analyzing symbols in a computer

Номер: US20120136652A1
Автор: Graham Kenneth Thwaites, Stephen Anthony Moyle
Принадлежит: Oracle International Corp

The invention provides a computer-implemented method of analyzing symbols in a computer system, the symbols conforming to a specification for the symbols, in which the specification has been codified into a set of computer-readable rules; and, the symbols analyzed using the computer-readable rules to obtain patterns of the symbols by determining the path that is taken by the symbols through the rules that successfully terminates, and grouping the symbols according to said paths, the method comprising; upon receipt of a message at a computer, performing a lexical analysis of the message; and, in dependence on lexical analysis of the message assigning the message to one of the groups identified according to said paths. The invention also provides a computer programmed to perform the method and a computer program comprising program instructions for causing a computer to perform the method.

Подробнее
Номер записи: 7
14-06-2012 дата публикации

Computing system

Номер: US20120151580A1
Автор: Hyosun Hwang, Jeongseok Chae, Sunghyun Kim
Принадлежит: SAMSUNG ELECTRONICS CO LTD

Disclosed is a computing system which comprises a data processing device exchanging communication data with the external and processing the communication data; and a security integrated circuit (IC) monitoring the communication data.

Подробнее
Номер записи: 8
02-08-2012 дата публикации

Secure auditing system and secure auditing method

Номер: US20120198553A1
Автор: Junko SUGINAKA, Yoshihisa Furukawa
Принадлежит: Individual

Disclosed is a technique that audits security of a terminal connected to a network and executes a given program wherein a computer-virus free file is permitted to execute a program in a manner such that a computer virus is not activated. As a result, the terminal is maintained in a secure state.

Подробнее
Номер записи: 9
09-08-2012 дата публикации

Increasing Availability of an Industrial Control System

Номер: US20120203508A1
Автор: Karim Hamzaoui, Sachiko Yoshihama, Shohei Hido, Shoko Suzuki
Принадлежит: International Business Machines Corp

A mechanism is provided to improve the availability of an ICS and an external system that uses data from the ICS by ensuring operation of the ICS and operation of the system even if an anomaly has occurred in a device in the ICS. The mechanism receives measured data from the plurality of devices, calculates prediction data by using the measured data and correlation information used for deriving prediction data for correlated devices, and provides the measured data and the prediction data.

Подробнее
Номер записи: 10
16-08-2012 дата публикации

Web content ratings

Номер: US20120210435A1
Автор: Jarno Niemelä
Принадлежит: F Secure Oyj

A method of performing a security check at a user computer on web page content downloaded to the user computer over the Internet. The method includes retrieving rating information for the web page from a web service over the Internet, the rating information including one or more content ratings and a first signature generated from the content, using a specified algorithm, at substantially the same time as the or each content rating was determined. The downloaded web page content is then processed using said specified algorithm to generate a second signature, and said first and second signatures are compared and the differences therebetween quantified. It is then determined if the quantified difference exceeds a threshold value. If not, then the received content rating(s) is(are) trusted. If yes, then the result is reported to said web service.

Подробнее
Номер записи: 11
23-08-2012 дата публикации

Secure cloud computing system and method

Номер: US20120216133A1
Автор: Edward Macnair, Jeremy Barker, Rhys Newman
Принадлежит: OVERTIS GROUP Ltd

A system and method, comprising: an interface port to a data communication network; a processor and associated memory, configured to execute a content browser, and a browser plugin, the browser plugin filtering at least a portion of data received by the content browser, and at least one of selectively blocking, modifying, or permitting interaction of a user with the received data, in dependence on at least a user-associated configuration file received from a remote resource through the interface port, and communicating at least one item of information which is blocked from access by the user; and a display port, configured to output information defining a user presentation of browser output. Communications between the remote resource and the plugin or browser may be encrypted. For example, the plugin receives user login information from the remote resource, and automatically fills in a login page for an Internet resource, while preventing user-access to the login information itself.

Подробнее
Номер записи: 12
27-09-2012 дата публикации

Data storage devices including integrated anti-virus circuits and method of operating the same

Номер: US20120246729A1
Автор: Byung-gook Kim, Chanik Park, Dawoon Jung, Jisoo Kim
Принадлежит: SAMSUNG ELECTRONICS CO LTD

A data storage device includes a storage medium and a controller circuit configured to be coupled to an external host to provide an interface between the external host and the storage medium, the controller circuit configured to detect a virus carried by a data file transferred to and/or stored in the storage medium. The controller circuit may be further configured to cure the detected virus.

Подробнее
Номер записи: 13
04-10-2012 дата публикации

Providing protection against unauthorized network access

Номер: US20120254951A1
Автор: Akira Ohkado, Masami Tada, Seiji Munetoh, Yukihiko Sohda
Принадлежит: International Business Machines Corp

A system includes a detection unit configured to detect unauthorized access to one or more information processing apparatuses that are virtually implemented by virtual machines executed by a computer; an authorized network configured to transfer authorized access to the one or more information processing apparatuses from an external network; a honeypot network configured to transfer unauthorized access to the information processing apparatuses from the external network; and a control unit configured to connect the information processing apparatuses for which no unauthorized access has been detected to the authorized network, and connect the information processing apparatuses for which unauthorized access has been detected to the honeypot network; wherein the control unit shifts, in response to detecting unauthorized access by the detection unit, the corresponding information processing apparatus into a decoy mode in which the detected unauthorized access is disconnected from a normal operation.

Подробнее
Номер записи: 14
04-10-2012 дата публикации

System and method for below-operating system regulation and control of self-modifying code

Номер: US20120255012A1
Автор: Ahmed Said Sallam
Принадлежит: McAfee LLC

A system for securing an electronic device may include a memory, a processor; one or more operating systems residing in the memory for execution by the processor; and a security agent configured to execute on the electronic device at a level below all of the operating systems of the electronic device accessing the memory. The security agent may be further configured to: (i) trap attempted accesses to the memory, wherein each of such attempted accesses may, individually or in the aggregate, indicate the presence of self-modifying malware; (ii) in response to trapping each attempted access to the memory, record information associated with the attempted access in a history; and (iii) in response to a triggering attempted access associated with a particular memory location, analyze information in the history associated with the particular memory location to determine if suspicious behavior has occurred with respect to the particular memory location.

Подробнее
Номер записи: 15
25-10-2012 дата публикации

System and Method for Reducing Security Risk in Computer Network

Номер: US20120272290A1
Автор: Oleg V. Zaitsev, Valery A. Boronin
Принадлежит: Kaspersky Lab AO

Disclosed are systems, methods and computer program products for reducing security risk in a computer network. The system includes an administration server that collect information about one or more computers in the network, including the following information: computer user's external drive usage history, software installation history, and Web browsing history. The server calculates based on the collected information a security rating of the computer user. The server then adjust a security rating of the computer user based on the security rating of at least one other user of another computer connected to the same computer network. The server then selects security policy of the security software based on the adjusted security rating of the computer user. Different security policies provide different network security settings and prohibitions on launching of executable files from external drives.

Подробнее
Номер записи: 16
22-11-2012 дата публикации

Detecting a compromised online user account

Номер: US20120297484A1
Автор: Kumar S. Srivastava
Принадлежит: Microsoft Corp

One or more techniques and/or systems are disclosed for detecting and/or mitigating a potentially compromised online user account. One or more baselines can be established for a user's online account to determine a normal usage pattern for the account by the user (e.g., frequency of incoming/outgoing emails, text messages, etc.). The online user account can be periodically or continually monitored for use of the same resources used to determine the baseline(s). If a deviation from the baseline is detected, the deviation may be compared against a threshold to determine whether the deviation indicates that the account may be compromised. When an indication of a potentially compromised account is detected, the user can be notified of the indication, so that one or more actions can be taken to mitigate the potentially compromised account.

Подробнее
Номер записи: 17
06-12-2012 дата публикации

Access monitoring method, information processing apparatus, and computer-readable medium storing access monitoring program

Номер: US20120311669A1
Автор: Masahide Akase
Принадлежит: Fujitsu Ltd

In an access monitoring method executed by a computer: information on a first link is recorded when a request for access through the first link is detected and authentication information is transmitted through the first link; and when an email containing information on a second link is received and a request for access through the second link is detected, a determination whether or not the information on the second link is identical, in a predetermined part, to the recorded information on the first link is made. In the case where yes is determined, access through a link is forbidden when the information on the link is identical, in the predetermined part, to the recorded information on the first link, and the recorded information on the first link is transmitted to a server which collects information on links.

Подробнее
Номер записи: 18
13-12-2012 дата публикации

Parallel Tracing Apparatus For Malicious Websites

Номер: US20120317642A1
Автор: Paul Judge, Paul Royal
Принадлежит: Barracuda Networks Inc

An apparatus and system for scoring and grading websites and method of operation. An apparatus receives one or more Uniform Resource Identifiers (URI), requests and receives a resource such as a webpage, and observes the behaviors of a commercial browser operating within a commercial operating system over a multi-core processor having hardware containing virtualization extensions. The apparatus records and stores objects and packets captured while the browser is controlled by software received from a server accessed via the URI.

Подробнее
Номер записи: 19
20-12-2012 дата публикации

Systems and methods providing wear leveling using dynamic randomization for non-volatile memory

Номер: US20120324141A1
Автор: Dong Hyuk Woo, Hsien-Hsin S. Lee, Nak Hee Seong
Принадлежит: Georgia Tech Research Corp

Systems and methods for dynamically remapping elements of a set to another set based on random keys. Application of said systems and methods to dynamically mapping regions of memory space of non-volatile memory, e.g., phase-change memory, can provide a wear-leveling technique. The wear leveling technique can be effective under normal execution of typical applications, and in worst-case scenarios including the presence of malicious exploits and/or compromised operating systems, wherein constantly migrating the physical location of data inside the PCM avoids information leakage and increases security; wherein random relocation of data results in the distribution of memory requests across the physical memory space increases durability; and wherein such wear leveling schemes can be implemented to provide fine-grained wear leveling without overly-burdensome hardware overhead e.g., a look-up table.

Подробнее
Номер записи: 20
03-01-2013 дата публикации

Systems and methods for data integrity checking

Номер: US20130006949A1
Автор: Deepak Deshpande, Niraj Tank, Tarik Essawi
Принадлежит: Individual

Systems and methods are provided for data integrity checking in a computing system. In one exemplary embodiment, the method includes receiving, from each of a plurality of computing devices of the computing system, application transaction logs, wherein the application transaction logs are related to a plurality of applications. The method also includes comparing, by the central computing device, the received application transaction logs to a transactions recorded in a database to identify missing transactions. In addition, the method includes performing one or more actions in response to the identified missing transactions.

Подробнее
Номер записи: 21
24-01-2013 дата публикации

Control flow integrity

Номер: US20130024676A1
Автор: Andrew F. Glew, Clarence T. Tegreene, Daniel A. Gerrity
Принадлежит: Individual

In at least some embodiments, a processor in accordance with the present disclosure is operable to enforce control flow integrity. For examiner, a processor may comprise logic operable to execute a control flow integrity instruction specified to verify changes in control flow and respond to verification failure by at least one of a trap or an exception.

Подробнее
Номер записи: 22
24-01-2013 дата публикации

Auditing a device

Номер: US20130024936A1
Автор: Bjorn Markus Jakobsson, Karl-Anders R. Johansson
Принадлежит: Fatskunk Inc

The auditing of a device that includes a physical memory is disclosed. One or more hardware parameters that correspond to a hardware configuration is received. Initialization information is also received. The physical memory is selectively written in accordance with a function. The physical memory is selectively read and at least one result is determined. The result is provided to a verifier.

Подробнее
Номер записи: 23
31-01-2013 дата публикации

System and methods for adaptive model generation for detecting intrusion in computer systems

Номер: US20130031633A1
Автор: Andrew Honig, Andrew Howard, Eleazar Eskin, Salvatore J. Stolfo
Принадлежит: Columbia University of New York

A system and methods for detecting intrusions in the operation of a computer system comprises a sensor configured to gather information regarding the operation of the computer system, to format the information in a data record having a predetermined format, and to transmit the data in the predetermined data format. A data warehouse is configured to receive the data record from the sensor in the predetermined data format and to store the data in a SQL database. A detection model generator is configured to request data records from the data warehouse in the predetermined data format, to generate an intrusion detection model based on said data records, and to transmit the intrusion detection model to the data warehouse according to the predetermined data format. A detector is configured to receive a data record in the predetermined data format from the sensor and to classify the data record in real-time as one of normal operation and an attack based on said intrusion detection model. A data analysis engine is configured to request data records from the data warehouse according to the predetermined data format and to perform a data processing function on the data records.

Подробнее
Номер записи: 24
07-02-2013 дата публикации

Secure Mobile Communication System and Method

Номер: US20130035062A1
Автор: Moshe M. Vered
Принадлежит: SAMSUNG ELECTRONICS CO LTD

A security level indicator for a mobile communication device is adapted to alert a user of a device when the weighed combination of security-related parameters reaches a predefined level.

Подробнее
Номер записи: 25
07-03-2013 дата публикации

Computer system security dashboard

Номер: US20130061169A1
Автор: Craig Anthony Phillips, Derek Patton Pearcy, Jessica Anne Heinrich
Принадлежит: McAfee LLC

A computing system security dashboard is provided for presentation on a computer display device, the dashboard including a plurality of security view panes. Each security view pane, when expanded, presents a respective visualization of security conditions of a particular computing system. When the particular security view pane is collapsed it can hide at least a portion of particular visualizations of security conditions presented using the particular security view pane when expanded. The particular security view pane occupies a smaller area of the dashboard when collapsed than when expanded. A particular visual indicator is presented on the particular security view, at least when collapsed, summarizing at least a portion of the particular security conditions identified in the particular visualizations. A user interaction with the particular collapsed security view pane can prompt the particular security view pane to be expanded in area and present the particular visualizations.

Подробнее
Номер записи: 26
14-03-2013 дата публикации

Fight-through nodes for survivable computer network

Номер: US20130067574A1
Автор: Kenneth J. Thurber, Stephen K. Brueckner
Принадлежит: Architecture Technology Corp

A survivable network is described in which one or more network device includes enhanced functionality to fight through cyber attacks. A Fight-Through Node (FTN) is described, which may be a combined hardware/software system that enhances existing networks with survivability properties. A network node comprises a hardware-based processing system having a set of one or more processing units, and a hypervisor executing on each one of the processing units; and a plurality of virtual machines executing on each of the hypervisor. The network node includes an application-level dispatcher to receive a plurality of transaction requests from a plurality of network communication session with a plurality of clients and distribute a copy of each of the transaction requests to the plurality of virtual machines executing on the network node over a plurality of time steps to form a processing pipeline of the virtual machines.

Подробнее
Номер записи: 27
21-03-2013 дата публикации

System and method for sharing information between heterogeneous service providers

Номер: US20130073700A1
Автор: Dae Hee SEO, Dong II Seo, Gae II An, Jong Hyun Kim, Ki Young Kim, Sun Hee Lim, Sung Won YI
Принадлежит: Electronics and Telecommunications Research Institute ETRI

Disclosed are a system for sharing information between heterogeneous service providers, including: a first service provider configured to generate first situation information based on an abnormal situation of a system; a second service provider configured to receive the first situation information from the first service provider, generate second situation information corresponding to the received first situation information; and the TTP configured to receive the first situation information from the first service provider, receive the second situation information from the second service provider, generate correspondence information based on the received information, and share the generated correspondence information.

Подробнее
Номер записи: 28
21-03-2013 дата публикации

System and method for real-time customized threat protection

Номер: US20130074143A1
Автор: Denys Lok Hang Ma, Rahul Chander KASHYAP, Yichong Lin, Zheng Bu
Принадлежит: McAfee LLC

A method is provided in one example embodiment that includes receiving event information associated with reports from sensors distributed throughout a network environment and correlating the event information to identify a threat. A customized security policy based on the threat may be sent to the sensors.

Подробнее
Номер записи: 29
21-03-2013 дата публикации

Auto Migration of Services Within a Virtual Data Center

Номер: US20130074181A1
Автор: Sumeet Singh
Принадлежит: Cisco Technology Inc

Techniques are provided herein for detecting that virtual data center services provided to one of at least two customers are being subjected to an attack, wherein the virtual data center services are provided to the least two customers using a same first set of physical servers via a first network element such as a physical access switch, and responsive to detecting that virtual data center services provided to the one of the at least two customers are being subjected to an attack (e.g., a virus or denial of service attack), the technique causes the virtual data center services provided to the one of the at least two customers to be migrated to, e.g., instantiated on, a second set of physical servers that is not accessible via the first network element.

Подробнее
Номер записи: 30
28-03-2013 дата публикации

Method for Adaptively Building a Baseline Behavior Model

Номер: US20130080631A1
Автор: YeeJang James Lin
Принадлежит: YeeJang James Lin

A method for generating an auto-adaptive baseline model for profiling individual and collective behavior of a plurality of network users. The method comprises the steps of creating a model, defining a plurality of members and a plurality of collective variables, each member corresponding to a user, and including a plurality of individual variables, defining conditions for each collective variable and individual variable, upon detecting an activity by a user, updating corresponding individual variables and collective variables, and comparing updated individual variables and collective variables against corresponding conditions. If a condition is met, an alert event is issued to notify designated personnel; otherwise, returning to the step of upon detecting activity. Finally, upon receiving an alert event, the designated personnel decides whether to manually redefine the conditions or to ignore the alert event. If the alert event is ignored, said conditions are automatically redefined in accordance with system defined mechanisms.

Подробнее
Номер записи: 31
28-03-2013 дата публикации

Creating and maintaining a security policy

Номер: US20130081102A1
Автор: Aria Zandi, Daniel J. Beauvais, Lawrence C. Ross, JR.
Принадлежит: International Business Machines Corp

An approach for managing a security policy is provided. First, second, and third specification sets are received after being independently generated by different practitioners. The first specification set maps service-to-service communications. The second specification set maps the services to devices on which the services are placed. The third specification set maps the devices to one or more network addresses. The received specification sets are algorithmically combined to create packet filtering rule statements. The security policy is generated as packet filtering rules based on the combined specification sets and the packet filtering rule statements. An application deployment modification includes independently editing specification set(s) that are affected by the modification, without knowledge of specification set(s) that are unaffected by the modification. An updated security policy may be generated by an incremental update to an existing security policy without requiring replacement of the entire security policy.

Подробнее
Номер записи: 32
28-03-2013 дата публикации

SECURITY THREAT DETECTION ASSOCIATED WITH SECURITY EVENTS AND AN ACTOR CATEGORY MODEL

Номер: US20130081141A1
Автор: Anurag Singla
Принадлежит: Hewlett-Packard Development Company, L.P.

Security events associated with network devices and an actor category model are stored (). The actor category model includes levels arranged in a hierarchy and each level is associated with a subcategory for a category of the model. Security events are correlated with the actor category model (), and a determination of whether a security threat exists is performed based on the correlating (). 1. A method of determining a security threat comprising:{'b': '501', 'storing security events () associated with network devices;'}{'b': '503', 'storing an actor category model () including a plurality of levels arranged in a hierarchy and each level is associated with a subcategory for a category of the model;'}{'b': '505', 'correlating security events () with the actor category model; and'}{'b': '506', 'determining, by a computer system, whether the security threat exists () based on the correlating.'}2. The method of claim 1 , wherein correlating security events with the actor category model comprises:identifying an actor for each security event; andidentifying a level in the model associated with the actor.3. The method of claim 2 , wherein determining whether a security threat exists based on the correlating comprises:determining a security rule for the identified level; anddetermining whether the security threat exists by applying the security rule.4. The method of claim 3 , comprising:aggregating two or more of the security events into an aggregated event based on the correlating, wherein the two or more of the security events collectively satisfy a condition in the identified rule.5. The method of claim 1 , wherein the actor category model comprises an attribute for users claim 1 , and the method comprises matching the attribute for users in the actor category model with a user attribute in a user model to determine whether the actor category model is applicable to security events associated with the user.6. The method of claim 5 , wherein the actor category model ...

Подробнее
Номер записи: 33
18-04-2013 дата публикации

SYSTEM AND METHOD TO LOCATE A PREFIX HIJACKER WITHIN A ONE-HOP NEIGHBORHOOD

Номер: US20130097703A1
Автор: Ji Lusheng, Pei Dan, Qiu Tongqing, Wang Jia
Принадлежит: AT&T Intellectual Property I, L.P.

Method, system and computer-readable device to locate a prefix hijacker of a destination prefix within a one-hop neighborhood. The method includes generating one-hop neighborhoods from autonomous system-level paths associated with a plurality of monitors to a destination prefix. The method also includes determining a suspect set of autonomous system identifiers resulting from a union of the one-hop neighborhoods. The method further includes calculating a count and a distance associated with each autonomous system identifier in the suspect set of autonomous system identifiers. The count represents how often an autonomous system identifier appears in the one-hop neighborhoods. The distance represents a total number of autonomous system identifiers from the autonomous system identifier to autonomous system identifiers associated with the plurality of monitors. Yet further, the method includes generating a one-hop suspect set including autonomous system identifiers in the suspect set that have a greatest sum of the count and the distance. 1. A method of locating a prefix hijacker within a one-hop neighborhood , the method comprising:generating, using a computing system, one-hop neighborhoods from autonomous system-level paths to a destination prefix, the autonomous system-level paths associated with a plurality of monitors, each of the one-hop neighborhoods including autonomous system identifiers that are in an autonomous system-level path and autonomous system-level identifiers that are within one-hop of the autonomous system identifiers in the autonomous system-level path;determining, using the computing system, a suspect set of autonomous system identifiers resulting from a union of the one-hop neighborhoods;calculating, using the computing system, a count and a distance associated with each autonomous system identifier in the suspect set of autonomous system identifiers, the count representing how often an autonomous system identifier appears in the one-hop ...

Подробнее
Номер записи: 34
25-04-2013 дата публикации

Exploit nonspecific host intrusion prevention/detection methods and systems and smart filters therefor

Номер: US20130103924A1
Автор: Vinay Karecha, WEI Hu
Принадлежит: Trend Micro Inc

Exploit nonspecific host intrusion prevention/detection methods, systems and smart filters are described. Portion of network traffic is captured and searched for a network traffic pattern, comprising: searching for a branch instruction transferring control to a first address in the memory; provided the first instruction is found, searching for a subroutine call instruction within a first predetermined interval in the memory starting from the first address and pointing to a second address in the memory; provided the second instruction is found, searching for a third instruction at a third address in the memory, located at a second predetermined interval from the second address; provided the third instruction is a fetch instruction, indicating the presence of the exploit; provided the third instruction is a branch instruction, transferring control to a fourth address in the memory, and provided a fetch instruction is located at the fourth address, indicating the presence of the exploit.

Подробнее
Номер записи: 35
02-05-2013 дата публикации

Hardware access and monitoring control

Номер: US20130111569A1
Автор: Srikanth Mandava
Принадлежит: CA Inc

Various embodiments described and illustrated here include one or more of systems, methods, software, and data structures that may be used to implement policies for hardware access and monitoring control in concert with a premises security system that controls ingress and egress of a facility. One embodiment includes identifying when certain devices are removed or decoupled from a computer and preventing one or more users of that computer from leaving a facility within which the computer is located.

Подробнее
Номер записи: 36
02-05-2013 дата публикации

Method and system for detecting intrusive anomalous use of a software system using multiple detection algorithms

Номер: US20130111588A1
Автор: Agrawal Subhash C., Wimer Scott M., Young Jonathan H.
Принадлежит: REFLEX SYSTEMS LLC

A method of detecting an intrusion into (or an anomaly in a behavior of) a target software system begins by instrumenting the target software system to generate behavior data representing a current observation or observation aggregate. The method then determines whether the current observation or observation aggregate warrants a second level examination. If a result of executing the first level detection algorithm indicates that the current observation or observation aggregate warrants a second level examination, the method continues by processing the current observation or observation aggregate through at least one or more second level detection algorithms to provide a second, more definite, fine grain indication of a possible intrusion. 1. Apparatus , comprising:a processor; and processing the current observation or observation aggregate through a first level detection algorithm that provides a first, provisional indication of a possible intrusion;', 'determining whether the current observation or observation aggregate warrants a second level examination, wherein the determining step is performed as the one or more event streams are being generated and by the first level detection algorithm computing an approximation of a given function; and', 'if a result of executing the first level detection algorithm indicates that the current observation or observation aggregate warrants a second level examination, processing the current observation or observation aggregate through at least one or more second level detection algorithms to provide a second, more definite indication of a possible intrusion;', 'wherein the first level detection algorithm has a computational-efficiency that is greater than a computational-efficiency of the second level detection algorithm, wherein computational efficiency is measured as a function of memory and processing requirements., 'computer memory holding computer program instructions to carry out a method to process one or more event data ...

Подробнее
Номер записи: 37
09-05-2013 дата публикации

Trail log analysis system, medium storing trail log analysis program, and trail log analysis method

Номер: US20130117294A1
Автор: Hidekazu Arao
Принадлежит: Fujitsu Ltd

A trail log analysis system detects a fraudulent operation from a trail log of an information system, and confirms the correctness of a system action. An information development device generates an information development table from a trail log to be analyzed. The information development table defines a subject (who), an object (what), and an action (what is to be done) as comparison targets, and counts and record an event occurrence number corresponding to an event occurrence time recorded in a trail log for each combination of comparison targets. An accumulation device generates an accumulative information development table by accumulating the information development table corresponding to a trail log recorded previously and up to a time point immediately before the last collected trail log to be analyzed. A comparison device compares the information development table with the accumulative information development table, and outputs a comparison result.

Подробнее
Номер записи: 38
09-05-2013 дата публикации

Supervision of the security in a computer system

Номер: US20130117812A1
Автор: Christophe Ponchel, Jean-Francois Boeuf
Принадлежит: CASSIDIAN SAS

For supervising the security of a computer system (SY) comprising several elementary computer items (BI), such as machines and applications, and several gathering items (BIg), such as networks, services or sites, gathering elementary items, a supervision device (DS) collects base measurements (MB) representative of states of the elementary items. A unit (UDI) determines several security indicators (I) of different types for each elementary item according to respective functions of the base measurements and several security indicators of different types for each gathering item. Each security indicator of a given type of a gathering item is determined according to a respective function of the security indicators of the given type of the elementary items gathered in the gathering item. The indicators of one item relate to the availability, the intrusion, the vulnerability and the compliance to a security policy.

Подробнее
Номер записи: 39
09-05-2013 дата публикации

MICROCIRCUIT CARD PROTECTED BY A FUSE

Номер: US20130117844A1
Автор: Giraud Christophe, Morin Nicolas
Принадлежит: OBERTHUR TECHNOLOGIES

A microcircuit card () includes means for detecting an attack on the card, and command means () capable of blowing a fuse () of the card when an attack is detected. 1. A module including:means for detecting an attack on said module; andcommand means capable of blowing a fuse of said module when an attack is detected.2. A module according to claim 1 , characterized in that said command means are able to command the charging of a capacitor during normal operation and commanding the discharging of said capacitor to blow said fuse when an attack is detected.3. A module according to claim 1 , characterized in that it includes a NOT gate connected in series with said fuse claim 1 , the output of this NOT gate being a control signal the level whereof is high in normal operation and low when an attack is detected; said control signal is used to maintain a vital signal of said module when an attack has been detected.4. A module according to claim 3 , characterized in that said vital signal is selected from among a reset signal claim 3 , a clock signal or an input/output signal connected with equipment external to said module.5. A module according to claim 1 , characterized in that it includes claim 1 , at the output of said fuse claim 1 , a control signal capable of commanding a switch controlling the power supply to a vital component of said module.6. A module according to claim 5 , characterized in that said switch is a PMOS transistor.7. A module according to claim 5 , characterized in that said vital component is a processor.8. A module according to claim 1 , consisting of a microcircuit card complying with the ISO 7816 standard. The present invention is situated in the field of protection of electronic modules.It applies especially, but without limitation, to the protection of a microcircuit card, for example one complying with the ISO 7816 standard.Within the scope of protection of microcircuit cards against fault injection attacks, a known countermeasure is to write a ...

Подробнее
Номер записи: 40
09-05-2013 дата публикации

Detecting Emergent Behavior in Communications Networks

Номер: US20130117852A1
Автор: Stute Michael Roy
Принадлежит: GLOBAL DATAGUARD, INC.

Systems and methods of detecting emergent behaviors in communications networks are disclosed. In some embodiments, a method may include decomposing a plurality of data packets into a plurality of component data types associated with a candidate alert representing a potential security threat in a network. The method may also include retrieving, from a database, a count for each of a plurality of historical data types matching at least a subset of the component data types, each of the counts quantifying an amount of data of a corresponding historical data type previously detected in the network in a given time period. The method may further include calculating a score that indicates a discrepancy between an amount of data in each of the subset of the component data types and the counts for each corresponding historical data type in the same time period, and handling the candidate alert based upon the score. 1. A method , comprising: decomposing a plurality of data packets into a plurality of component data types, the plurality of data packets associated with a candidate alert representing a potential security threat in a communications network;', 'retrieving, from a database, a count for each of a plurality of historical data types, the plurality of historical data types matching at least a subset of the component data types, each of the counts quantifying an amount of data of a corresponding historical data type previously detected in the communications network in a given time period;', 'calculating a score that indicates an aggregate discrepancy between an amount of data in each of the subset of the component data types and the counts for each corresponding one of the historical data types in the given time period; and', 'handling the candidate alert based, at least in part, upon the score., 'performing, by a computer system2. The method of claim 1 , wherein at least one of the plurality of data types includes a combination of at least two elements selected from the ...

Подробнее
Номер записи: 41
16-05-2013 дата публикации

Embedded device and control method thereof

Номер: US20130124845A1
Автор: Ko-Fang Wang
Принадлежит: MStar Semiconductor Inc Taiwan

An embedded device including a random access memory (RAM) and a processor is provided. The processor includes a processor core and an authentication module. The RAM stores data-to-be-authenticated. The data includes a program code to be executed by the processor core. The authentication module periodically accesses and authenticates the data-to-be-authenticated in the RAM. When the authentication module deems that the program code in the RAM loses its integrity, the authentication module interrupts the processor from further executing the program code.

Подробнее
Номер записи: 42
06-06-2013 дата публикации

Denial of service attack resistant input port

Номер: US20130145428A1
Автор: David B. Cross, Hitesh Raigandhi, Lee Holmes, Manoj K. AMPALAM, Nathan BURKHART
Принадлежит: Microsoft Corp

An input port for a computer system may retain potentially authenticable requests for processing while removing other connection requests from an incoming queue or request pool. The input port may continue to receive new requests even during a denial of service attack, allowing potentially legitimate requests to be processed. In a typical embodiment, a first in, first out buffer may be used to receive and process connection requests. When the buffer is full, any request that comes from a device having a previous connection with the computer system may be retained for authentication, while removing requests that come from unknown devices. Some embodiments may retain a list of known devices associated with administrators or other known users, and the list may be updated as those users are authenticated.

Подробнее
Номер записи: 43
06-06-2013 дата публикации

Multilayered deception for intrusion detection and prevention

Номер: US20130145465A1
Автор: Andrea G. Forte, Jeffrey Earl Bickford, Qi Shen, Wei Wang
Принадлежит: AT&T INTELLECTUAL PROPERTY I LP

Concepts and technologies are disclosed herein for multilayered deception for intrusion detection. According to various embodiments of the concepts and technologies disclosed herein, a multilayer deception system includes honey servers, honey files and folders, honey databases, and/or honey computers. A multilayer deception system controller generates honey activity between the honey entities and exposes a honey profile with contact information associated with a honey user. Contact directed at the honey user and/or activity at any of the honey entities can trigger alarms and/or indicate an attack, and can be analyzed to prevent future attacks.

Подробнее
Номер записи: 44
06-06-2013 дата публикации

SYSTEMS AND METHODS FOR DETECTING A SECURITY BREACH IN A COMPUTER SYSTEM

Номер: US20130145467A1
Автор: Yodaiken Victor J.
Принадлежит:

The present invention provides systems and methods for applying hard-real-time capabilities in software to software security. For example, the systems and methods of the present invention allow a programmer to attach, a periodic integrity check to an application so that an attack on the application would need to succeed completely within a narrow and unpredictable time window in order to remain undetected. 13-. (canceled)4. A computer security method , implementing a monitor , the method comprising:sending a challenge from the monitor, the challenge directed to a security process of a monitored computing system running a real-time operating system, or to a challenge handler that monitors integrity of the security process, wherein the security process is configured to periodically, in hard real-time, check integrity of an application or a data element used by the application, and issue a notification or shut down the application if the integrity check indicates that the application or data element has been tampered with; anddetermining whether a response is received from the monitored computing system within a specified hard real-time interval, and, if the response is not received from the monitored computing system within the specified hard real-time interval, sending a notification to shut down at least part of the monitored computing system or the application.5. The computer security method of claim 4 , wherein the monitor is connected to the monitored computing system via a network.6. The computer security method of claim 5 , wherein the network is a deterministic network.7. The computer security method of claim 4 , wherein the monitor is within the monitored computing system or is a peripheral device of the monitored computing system.8. The computer security method of claim 7 , wherein the monitor is within the monitored computing system as an on-chip security monitor.9. The computer security method of claim 4 , wherein the response includes a security data item ...

Подробнее
Номер записи: 45
06-06-2013 дата публикации

SECURITY SYSTEM BASED ON INPUT SHORTCUTS FOR A COMPUTER DEVICE

Номер: US20130145468A1
Автор: Hassan Ahmed E., Martin Daryl Joseph, WILSON John Ferguson
Принадлежит: RESEARCH IN MOTION LIMITED

A method of activating security functions on a computer device, for example a mobile communications device. The computer device includes a device state that may be realized by way of a first user input or a second user input. The method includes designating the first user input to realize the device state as a security rule having an associated security function, detecting realization of the device state, and activating the associated security function if the device state was realized by way of the second user input rather than the first user input. For example, the first user input may be a shortcut input, and the second user input may be a conventional or normal input. 1. A method of activating a security function on a device , the method comprising:detecting a device state after receiving a user input;comparing the received user input to at least one user input specified by a security rule associated with the device state; and 'the security function comprising a honeypot mode in which an interface is presented on the device that does not permit unauthorized use of information or a resource on the device.', 'if the comparing indicates the security rule is breached, activating the security function,'}2. The method of claim 1 , wherein the received user input is one of a conventional user input or a shortcut user input claim 1 , and the at least one user input specified by the security rule is one other of the conventional user input or the shortcut user input.3. The method of claim 1 , wherein the security rule is breached if the received user input is not the at least one user input specified by the security rule associated with the device state.4. The method of claim 1 , wherein the received user input is a keyboard input shortcut for activating an application program executable on the device.5. The method of claim 1 , wherein the security function comprises at least one of: locking a present application claim 1 , locking the device claim 1 , logging device ...

Подробнее
Номер записи: 46
27-06-2013 дата публикации

METHOD AND APPARATUS FOR DETECTING EVENTS PERTAINING TO POTENTIAL CHANGE IN VULNERABILITY STATUS

Номер: US20130167240A1
Автор: Kelekar Samir Gurunath
Принадлежит: Zeno Security Corporation

Method and apparatus for Vulnerability Assessment techniques is disclosed. A method comprises detecting an event on a target in real time or at periodic intervals, by at least one of an OS service, an OS command, a hook, and an API. The event comprises a change in status of at least one of a network interface, a server network service, a client network service, and a port. An apparatus comprises a target having at least one of a deployed server network service, and a deployed client network service; and an agent deployed on the target, to detect an event on the target in real time or at periodic intervals. At least one of the agent and the VA server detect the event comprising a change in the status of at least one of a network interface, the server network service, the client network service, and a port. 1. A method comprising:detecting an event on a target, in real time or at periodic intervals, by at least one of an OS service, an OS command, a hook, and an API,the event comprising a change in status of at least one of a network interface, a server network service, a client network service, and a port.2. The method of claim 1 , wherein the status of the network interface comprises the states active and inactive claim 1 , the status of the network service comprises the states running and not running claim 1 , and the status of the port comprises the states open and closed.3. The method of further comprising conducting a test from at least one of a vulnerability assessment (VA) scanner claim 1 , and a port scanner on the target based on the detecting.4. The method of claim 3 , wherein the test from the VA scanner comprises at least one ofa test run from the VA scanner to identify the service running on a particular port on the target,a test run from the VA scanner to find a vulnerability in the service running on a particular port on the target,a test run from the VA scanner to identify a particular non-port based service running on the target,a test run from the ...

Подробнее
Номер записи: 47
11-07-2013 дата публикации

Virtual Machines

Номер: US20130179971A1
Автор: Harrison Keith
Принадлежит: Hewlett-Packard Development Company, L.P.

A computerized method for detecting a threat by observing multiple behaviors of a computer system in program execution from outside of a host virtual machine, including mapping a portion of physical memory of the system to a forensic virtual machine to determine the presence of a first signature of the threat; and, on the basis of the determination deploying multiple further forensic virtual machines to determine the presence of multiple other signatures of the threat. 1. A computerized method for detecting a threat by observing multiple behaviors of a computer system in program execution from outside of a host virtual machine , including:mapping a portion of physical memory of the system to a forensic virtual machine to determine the presence of a first signature of the threat; and, on the basis of the determination deploying multiple further forensic virtual machines to determine the presence of multiple other signatures of the threat.2. A method as claimed in claim 1 , further comprising:using a portion of shared physical memory to maintain an information repository for information sharing between forensic virtual machines.3. A method as claimed in claim 1 , further comprising:using the multiple further forensic machines to scan multiple memory addresses allocated to the host virtual machine to determine the presence of a second signature indicative of the presence of the threat.4. A method as claimed in claim 2 , wherein forensic virtual machines periodically poll the portion of shared physical memory to determine a status of the computer system.5. A method as claimed in claim 4 , further comprising:using the determined status to resolve a number of multiple further forensic virtual machines to deploy.6. A device for secure computing claim 4 , comprising:a computer system, where the computer system includes a processor and a memory;a virtual machine monitor program loaded onto the processor of the computer system to support a user-definable number of virtual ...

Подробнее
Номер записи: 48
18-07-2013 дата публикации

METHOD AND APPARATUS FOR SECURE AND RELIABLE COMPUTING

Номер: US20130185796A1
Автор: Awad Mariette, Lim Deanna C., NSAME Pascal A., Singley Daneyand J., VENTRONE Sebastian T.
Принадлежит: INTERNATIONAL BUSINESS MACHINES CORPORATION

In one embodiment, the invention is a method and apparatus for secure and reliable computing. One embodiment of an end-to-end security system for protecting a computing system includes a processor interface coupled to at least one of an application processor and an accelerator of the computing system, for receiving requests from the at least one of the application processor and the accelerator, a security processor integrating at least one embedded storage unit and connected to the processor interface with a tightly coupled memory unit for performing at least one of: authenticating, managing, monitoring, and processing the requests, and a data interface for communicating with a display, a network, and at least one embedded storage unit for securely holding at least one of data and programs used by the at least one of the application processor and the accelerator. 1. An end-to-end security system for protecting a computing system , comprising:a processor interface coupled to an application processor of the computing system, for receiving requests from the application processor; anda security processor connected to the processor interface with a tightly coupled memory unit for processing the requests.2. The end-to-end security system of claim 1 , further comprising:a data interface connected to the security processor for managing communications between the security processor and a memory device.3. The end-to-end security system of claim 2 , wherein the data interface comprises an embedded storage unit.4. The end-to-end security system of claim 1 , wherein the security processor comprises an embedded storage unit.5. The end-to-end security system of claim 1 , wherein the end-to-end security system comprises a virtualized memory management server integrated with the computing system.6. The end-to-end security system of claim 1 , wherein the end-to-end security system interfaces the computing system to a computing environment comprising a plurality of connected ...

Подробнее
Номер записи: 49
25-07-2013 дата публикации

METHOD AND SYSTEM FOR DETECTING DGA-BASED MALWARE

Номер: US20130191915A1
Автор: ANTONAKAKIS MANOS, II NIKOLAOS, Lee Wenke, PERDISCI ROBERTO, VASILOGLOU
Принадлежит: DAMBALLA, INC.

System and method for detecting a domain generation algorithm (DGA), comprising: performing processing associated with clustering, utilizing a name-based features clustering module accessing information from an electronic database of NX domain information, the randomly generated domain names based on the similarity in the make-up of the randomly generated domain names; performing processing associated with clustering, utilizing a graph clustering module, the randomly generated domain names based on the groups of assets that queried the randomly generated domain names; performing processing associated with determining, utilizing a daily clustering correlation module and a temporal clustering correlation module, which clustered randomly generated domain names are highly con-elated in daily use and in time; and performing processing associated with determining the DGA that generated the clustered randomly generated domain names. 1. A method for detecting a domain generation algorithm (DGA) , comprising:performing processing associated with clustering, utilizing a name-based features clustering module accessing information from an electronic database of NX domain information, the randomly generated domain names based on the similarity in the make-up of the randomly generated domain names;performing processing associated with clustering, utilizing a graph clustering module, the randomly generated domain names based on the groups of assets that queried the randomly generated domain names;performing processing associated with determining, utilizing a daily clustering correlation module and a temporal clustering correlation module, which clustered randomly generated domain names are highly correlated in daily use and in time; andperforming processing associated with determining the DGA that generated the clustered randomly generated domain names.2. The method of claim 1 , further comprising: performing processing associated with claim 1 , determining claim 1 , whether the ...

Подробнее
Номер записи: 50
01-08-2013 дата публикации

Detection, diagnosis, and mitigation of software faults

Номер: US20130198565A1
Автор: Chris Rorres, Edward Stehle, Kevin M. Lynch, Maxim Shevertalov, Spiros Mancoridis
Принадлежит: DREXEL UNIVERSITY

A computational geometry technique is utilized to detect, diagnose, and/or mitigate fault detection during the execution of a software application. Runtime measurements are collected and processed to generate a geometric enclosure that represents the normal, non-failing, operating space of the application being monitored. When collected runtime measurements are classified as being inside or on the perimeter of the geometric enclosure, the application is considered to be in a normal, non-failing, state. When collected runtime measurements are classified as being outside of the geometric enclosure, the application is considered to be in an anomalous, failing, state. In an example embodiment, the geometric enclosure is a convex hull generated in N-dimensional Euclidean space. Appropriate action (e.g., restart the software, turn off access to a network port) can be taken depending on where the measurement values lie in the space.

Подробнее
Номер записи: 51
01-08-2013 дата публикации

SYSTEMS, METHODS AND COMPUTER PROGRAMS PROVIDING IMPACT MITIGATION OF CYBER-SECURITY FAILURES

Номер: US20130198840A1
Автор: Drissi Youssef, HAMILTON, Harrison Colin George, II Rick A., Kouloheris Jack Lawrence, LI Chung-Sheng, PATTNAIK Pratap Chandra, Rao Josyula R.
Принадлежит: INTERNATIONAL BUSINESS MACHINES CORPORATION

Disclosed is a method and system to operate a governed data processing system in concert with a governing data processing system. The method includes operating a secure governing data processing system to monitor operation of at least one governed data processing system to detect a deviation from modeled user and governed data processing system behavior. The method further includes, upon detecting a deviation from the modeled behavior, taking proactive action to mitigate an occurrence of a potential adverse result of an occurrence of a cyber-security threat. 1. A method to operate a governed data processing system in concert with a governing data processing system , comprising:operating a secure governing data processing system to monitor operation of at least one governed data processing system to detect a deviation from modeled user and governed data processing system behavior; andupon detecting a deviation from the modeled behavior taking proactive action to mitigate an occurrence of a potential adverse result of an occurrence of a cyber-security threat;where operating the secure governing data processing system to monitor operation of the at least one data processing system comprises capturing data from the at least one governed data processing system, assimilating the captured data, performing modeling, monitoring and analyzing of the assimilated data; using the modeling, monitoring and results of the analyzing to identify a potential cyber-threat and to suggest at least one action or countermeasure to be taken to counter the potential cyber-threat, and implementing at least one of the suggested actions or countermeasures.2. The method as in claim 1 , where capturing data comprises at least one of capturing network traffic claim 1 , capturing database transactions claim 1 , capturing operational characteristics of the governed data processing system and capturing data generated by a user of the governed data processing system.3. The method of claim 2 , where ...

Подробнее
Номер записи: 52
08-08-2013 дата публикации

Increasing Availability of an Industrial Control System

Номер: US20130205393A1
Автор: Karim Hamzaoui, Sachiko Yoshihama, Shohei Hido, Shoko Suzuki
Принадлежит: International Business Machines Corp

A mechanism is provided to improve the availability of an ICS and an external system that uses data from the ICS by ensuring operation of the ICS and opera on of the system even if an anomaly has occurred in a device in the ICS. The mechanism receives measured data from the plurality of devices, calculates prediction data by using the measured data and correlation information used for deriving prediction data for correlated devices, and provides the measured data and the prediction data.

Подробнее
Номер записи: 53
08-08-2013 дата публикации

Threat Detection in a Data Processing System

Номер: US20130205394A1
Автор: Koudys Joshua, Voldman Andres H.
Принадлежит: INTERNATIONAL BUSINESS MACHINES CORPORATION

A mechanism is provided for resolving a detected threat. A request is received from a requester to form a received request, statistics associated with the received request are extracted to form extracted statistics, rules validation is performed for the received request using the extracted statistics, and a determination is made as to whether the request is a threat. Responsive to a determination that the request is a threat, the requester is escalated using escalation increments, where the using escalation increments further comprises increasing user identity and validation requirements through one of percolate to a next user level or direct entry to a user level. 1. A method , in a data processing system comprising a processor and a memory coupled to the processor , for resolving a detected threat , the method comprising:receiving, by the processor, a request from a requester to form a received request;extracting, by the processor, statistics associated with the received request to form extracted statistics;performing, by the processor, rules validation for the received request using the extracted statistics;determining, by the processor, whether the request is a threat; andresponsive to a determination that the request is a threat, escalating, by the processor, the requester using escalation increments, wherein the using escalation increments further comprises increasing user identity and validation requirements through one of percolating to a next user level and direct entry to a user level.2. The method of claim 1 , wherein extracting statistics associated with the received request further comprises:tracking, by the processor, session information to form tracked session information; andstoring, by the processor, the tracked session information in an active session and identifiers database.3. The method of claim 1 , wherein performing rules validation further comprises:selecting, by the processor, rules associated with an escalation increment to form selected ...

Подробнее
Номер записи: 54
22-08-2013 дата публикации

Managing a ddos attack

Номер: US20130219502A1
Автор: Clark D. Jeffries, Kevin D. Himberger, Robert W. Danford, Terry D. Escamilla
Принадлежит: International Business Machines Corp

A method, system, and/or computer program product manages a distributed denial of service attack in a multiprocessor environment. A determination is made of (a) a first upper threshold for a normal number of packets from the multiprocessor environment to multiple destination addresses, (b) a second upper threshold for a normal ratio of the packets from the multiprocessor environment to a single destination address compared to the packets from the multiprocessor environment to the multiple destination addresses, and (c) a third upper threshold for a normal ratio of packets from the multiprocessor environment to a single port at a single destination address compared to packets from the multiprocessor environment to the multiple destination addresses. In response to the first and second thresholds being exceeded, a specific port is monitored to determine if the third upper threshold is being exceeded at that port, thus indicating an apparent distributed denial of service attack.

Подробнее
Номер записи: 55
29-08-2013 дата публикации

Automated protection against computer exploits

Номер: US20130227680A1
Автор: Mikhail A. Pavlyushchik
Принадлежит: Kaspersky Lab AO

Protection of a computer system against exploits. A computer system has a memory access control arrangement in which at least write and execute privileges are enforced for allocated portions of memory. An association of the process thread and the first portion of memory is recorded. A limited access regime in which one of the write and execute privileges is disabled, is established, and is monitored for any exceptions occurring due to attempted writing or execution in violation thereof. In response to the exception being determined as a write exception, the associated process thread is looked up, and analyzed for a presence of malicious code. In response to the exception type being determined as an execute exception, the first portion of memory is analyzed for a presence of malicious code. In response to detection of a presence of malicious code, execution of the malicious code is prevented.

Подробнее
Номер записи: 56
29-08-2013 дата публикации

System and method for cyber attacks analysis and decision support

Номер: US20130227697A1
Автор: Shay ZANDANI
Принадлежит: Shay ZANDANI

A method for cyber attack risk assessment, the method comprising operating at least one hardware processor for: collecting global cyber attack data from a networked resource; collecting organizational profile data from a user, wherein the organizational profile data comprises: types of computerized defensive controls employed by the organization, a maturity of each of the computerized defensive controls, and organizational assets each pertaining to a business environment and each associated with at least one of the computerized defensive controls; and computing a cyber attack risk of the organization in real time, by continuously performing said collecting of global cyber attack data and comparing the global cyber attack data to the organizational profile data, to compute a cyber attack risk score for each of the organizational assets.

Подробнее
Номер записи: 57
12-09-2013 дата публикации

METHOD OF LOCATING A COMPUTING DEVICE

Номер: US20130239224A1
Автор: Bardachenko Andrew V., Kariman Alexander V., Rashkevich Oleksandr
Принадлежит:

The method of location tracking of a computing device (computer, notebook, mobile phone, etc.) that can be used to prevent unauthorized access and/or theft of the device. The essence of the invention is that special software is installed on the computing device that can obtain external and internal IP-addresses of the Internet enabled computing device. The special software then processes this information and forms an electronic massage that includes IP-addresses and an identifier of the computing device. Special software then sends this message to an electronic address preset by the user of the computing device. Only the user of the computing device and the special software installed on the computing device has access to such electronic address. 1. METHOD OF LOCATING A COMPUTING DEVICE that includes:a) installation of special software on a computing device, where such special software assigns to the computing device an identifier;b) such special software determines the current external and internal IP addresses of the computing device;c) special software then processes the information, forms an electronic notification, which includes external and internal IP addresses of the computing device determined by the special software, and sends the notification via communication means to a preset by user electronic address;d) such electronic address also serves as a confidential identifier of the computing device, and such electronic address is only accessible by the user of the computing device and the special software installed on the computing device;e) the user of the computing device, at its own discretion, and if the Internet connection is present, sends electronic commands via such electronic address to the computing device that is equipped with a special software as to remotely manage the computing device.2. METHOD OF LOCATING A COMPUTING DEVICE claim 1 , according to the claim 1 , but differ in that the notifications and commands exchanged between the user of the ...

Подробнее
Номер записи: 58
19-09-2013 дата публикации

METHOD AND SYSTEM FOR REGULATING HOST SECURITY CONFIGURATION

Номер: US20130247138A1
Автор: Durie Anthony Robert
Принадлежит: TREND MICRO INCORPORATED

A recommendation engine coupled to a server computer in communication with a plurality of hosts is described. The recommendation engine includes computer readable intrusion-protection instructions stored in a memory device, which cause a processor of said server computer to determine a current host-protection configuration for a target host; detect discrepancy between said current host-protection configuration and a prior host-protection configuration; install said current host-protection configuration in said target host upon detecting said discrepancy; record successive host-reconfiguration periods, a host reconfiguration period being a difference between successive instants of time at which a current host-protection configuration differs from a prior host-protection configuration; determine a monitoring period according to a value of at least one of said successive host-reconfiguration periods; and a scheduler for activating said intrusion-protection instructions according to said monitoring period. 1. A method of determining current protection-software configurations for a plurality of hosts comprising:defining descriptors relevant to each host type of a plurality of host types;devising a set of rules applicable to each host type, each rule depending on at least one descriptor of said each host type; selecting a target host;', 'formulating a first subset of said set of rules comprising rules that have been added and rules that have been modified since a previous protection-software configuration of said target host;', 'acquiring values of current descriptors of said target host;', 'identifying updated descriptors of said current descriptors that have changed since said previous protection-software configuration;', 'formulating a second subset of said set of rules comprising each rule which depends on at least one of said updated descriptors; and', 'executing each rule of said set of rules which belongs to at least one of said first subset of rules and said ...

Подробнее
Номер записи: 59
19-09-2013 дата публикации

System, method, and computer program product for preventing a modification to a domain name system setting

Номер: US20130247183A1
Автор: Harinath Vishwanath Ramachetty, Lokesh Kumar, Nandi Dharma Kishore
Принадлежит: McAfee LLC

A system, method, and computer program product are provided for preventing a modification to a domain name system setting. In use, an attempt to modify a domain name system setting is detected. Additionally, a source of the attempt and an attribute of the modification are verified. Further, the modification to the domain name system setting is prevented, based on the verification.

Подробнее
Номер записи: 60
19-09-2013 дата публикации

System, method, and computer program product for utilizing a data structure including event relationships to detect unwanted activity

Номер: US20130247190A1
Автор: Joel R. Spurlock
Принадлежит: Individual

A system, method, and computer program product are provided for utilizing a data structure including event relationships to detect unwanted activity. In use, a plurality of events is identified. Additionally, a data structure including objects associated with the plurality of events and relationships associated with the plurality of events is generated. Further, unwanted activity is detected utilizing the data structure.

Подробнее
Номер записи: 61
26-09-2013 дата публикации

Mitigating Low-Rate Denial-Of-Service Attacks in Packet-Switched Networks

Номер: US20130254886A1
Автор: Chang Chia-Wei, Lee Seungjoon, Lin Bill, Wang Jia
Принадлежит: AT&T Intellectual Property I, L.P.

A method includes determining, at a network routing device, an average packet drop rate for a plurality of aggregations of packet flows. The method also determines a threshold packet drop rate based on the average packet drop rate, a current packet drop rate for a select aggregation of the plurality of aggregations, and whether at least one packet flow of the select aggregation is potentially subject to a denial-of-service attack based on a comparison of the current packet drop rate to the threshold packet drop rate. 1. A system for mitigating low-rate denial-of-service attacks in packet-switched networks , the system comprising:a memory that stores instructions;a processor that executes the instructions to perform operations, the operations comprising:determining an average packet drop rate for a plurality of aggregations of packet flows;determining a threshold packet drop rate based on the average packet drop rate determined for the plurality of aggregations of the packet flows;determining a current packet drop rate for a select aggregation of the plurality of aggregations of the packet flows; anddetermining whether a packet flow of the select aggregation is potentially subject to a denial-of-service attack based on a comparison of the current packet drop rate to the threshold packet drop rate.2. The system of claim 1 , wherein the operations further comprise selecting packets for transmission that have a higher priority status over packets having a lower priority status.3. The system of claim 1 , wherein the operations further comprise assigning a higher priority status to packets of the packet flow of the select aggregation for transmission based on determining that the packet flow of the select aggregation is subject to the denial-of-service attack.4. The system of claim 1 , wherein the operations further comprise assigning a lower priority status to packets of the packet flow of the select aggregation for transmission based on determining that the packet flow ...

Подробнее
Номер записи: 62
26-09-2013 дата публикации

COMPUTER SYSTEM, CONTROLLER AND NETWORK MONITORING METHOD

Номер: US20130254891A1
Автор: Onoda Osamu
Принадлежит:

The computer system includes: a controller; a switch configured to perform, on a received packet complying with a flow entry set by the controller, a relay operation regulated by the flow entry; and a host terminal configured to be connected to the switch. The switch notifies the controller of transmission source address information of a received packet which does not comply with a flow entry set for itself. The controller judges, when legal address information of a host terminal does not coincide with the transmission source address information, that a transmission source address of the received packet is spoofed. 1. A computer system comprising:a controller;a switch configured to perform, on a received packet complying with a flow entry set by the controller, a relay operation regulated by the flow entry; anda virtual server configured to be connected to the switch,wherein the controller includes a virtual server database in which an IP (Internet Protocol) address and a DPID (Data Path ID) of a legal virtual server are correlated and recorded,wherein the switch notifies the controller of a received packet not complying with a flow entry set to itself together with its DPID,wherein the controller obtains an IP address from the virtual server database by using a DPID notified from the switch as a retrieval key, and obtains, from a virtual server accessed by using the IP address, a MAC address assigned to an interface used by a virtual machine installed in the virtual server, andwhen the obtained MAC address does not coincide with a transmission source MAC address of the received packet, the controller judges that a transmission source address of the received packet is spoofed.2. The computer system according to claim 1 , wherein when the controller judges that a transmission source address of the received packet is spoofed claim 1 , the controller sets a flow entry claim 1 , which defines that a packet whose transmission source is indicated in the transmission ...

Подробнее
Номер записи: 63
03-10-2013 дата публикации

Systems and methods for automated malware artifact retrieval and analysis

Номер: US20130263266A1
Автор: Daniel Raygoza, Hermes Bojaxhi, Joseph Drissel
Принадлежит: Cyber Engr Services Inc

An automated malware analysis method is disclosed which can perform receiving a first universal resource locator identifying a first intermediate network node, accessing the first intermediate network node to retrieve a first malware artifact file, storing the malware artifact file in a data storage device, analyzing the malware artifact file to identify a second universal resource locator within the malware artifact file, and accessing a second intermediate network node to retrieve a second malware artifact file.

Подробнее
Номер записи: 64
03-10-2013 дата публикации

METHODS, COMPUTER PROGRAM PRODUCTS AND DATA STRUCTURES FOR INTRUSION DETECTION, INTRUSION RESPONSE AND VULNERABILITY REMEDIATION ACROSS TARGET COMPUTER SYSTEMS

Номер: US20130263267A1
Автор: McKenna John J.
Принадлежит: INTERNATIONAL BUSINESS MACHINES CORPORATION

Computer security threat management information is generated by receiving a notification of a security threat and/or a notification of a test that detects intrusion of a computer security threat. A computer-actionable TMV is generated from the notification that was received. The TMV includes a computer-readable field that provides identification of at least one system type that is effected by the computer security threat, a computer-readable field that provides identification of a release level for a system type, and a computer-readable field that provides identification of the test that detects intrusion of the computer security threat for a system type and a release level, a computer-readable field that provides identification of a method to reverse the intrusion exploit of the computer security threat for a system type and a release level, and a computer-readable field that provides identification of a method to remediate the vulnerability subject to exploit of the computer security threat for a system type and a release level. The TMV is transmitted to target systems for processing by the target systems. 1. A computer program product for detecting intrusions , the computer program product comprising:one or more computer-readable storage devices and program instructions stored on at least one of the one or more storage devices, the program instructions comprising:program instructions to receive, at a target system, a message identifying a first version of a program that is installed at the target system, and select from a plurality of different intrusion detection tests for a respective plurality of different versions of the program, a first one of the tests that detects intrusion of the first version of the program; andprogram instructions, responsive to the message, to perform the first test at the target system.2. The computer program product of further comprising:program instructions, stored on the one or more computer-readable storage devices, to send a ...

Подробнее
Номер записи: 65
03-10-2013 дата публикации

METHOD FOR BLOCKING A DENIAL-OF-SERVICE ATTACK

Номер: US20130263268A1
Автор: Kim Byoung-Koo, YOON Seung-Yong
Принадлежит: Electronics and Telecommunications Reasearch Institute

A server receives a first echo request message which complies with an Internet control message protocol, extracts filtering information from hear information of the received first echo request message, and when a second echo request message which complies with the Internet control message protocol is received, compares header information of the received second echo request message and the extracted filtering information so as to determine whether to block an attacking packet for the received second echo request message. According to the present invention, the server blocks the attacking packet using the Internet control message protocol, thereby blocking a denial-of-service attack. 1. A method for blocking a denial-of-service (DoS) attack by a server that blocks an attacking packet , using an Internet control message protocol (ICMP) , the method comprising:receiving a first echo request message compliant with the ICMP;extracting filtering information from header information of the received first echo request message;receiving a second echo request message compliant with the ICMP; andcomparing header information of the second echo request message to the filtering information, and determining whether the received second echo request message is an attacking packet.2. The method of claim 1 , wherein the determining of whether the received second echo request message is the attacking packet comprises:determining the second echo request message to be an attacking packet when the header information of the second echo request message corresponds to address information included in the filtering information.3. The method of claim 2 , wherein the filtering information comprises origin address information and destination address information in the header information of the first echo request message.4. The method of claim 1 , wherein the determining of whether the received second echo request message is the attacking packet comprises:determining the second echo request message ...

Подробнее
Номер записи: 66
10-10-2013 дата публикации

System and method for determining and using local reputations of users and hosts to protect information in a network environment

Номер: US20130268994A1
Автор: David Frederick Diehl, Geoffrey Howard Cooper, Michael W. Green, Robert Ma
Принадлежит: McAfee LLC

A method in an example embodiment includes correlating a first set of event data from a private network and determining a local reputation score of a host in the private network based on correlating the first set of event data. The method further includes providing the local reputation score of the host to a security node, which applies a policy, based on the local reputation score of the host, to a network communication associated with the host. In specific embodiments, the local reputation score of the host is mapped to a network address of the host. In further embodiments, the first set of event data includes one or more event indicators representing one or more events, respectively, in the private network. In more specific embodiments, the method includes determining a local reputation score of a user and providing the local reputation score of the user to the security node.

Подробнее
Номер записи: 67
17-10-2013 дата публикации

System, method, and computer program product for invoking an application program interface within an interception of another application program interface

Номер: US20130276002A1
Автор: Gregory William Dalcher
Принадлежит: Individual

A system, method, and computer program product are provided for invoking an application program interface within an interception of another application program interface. In use, a first application program interface invoked utilizing a first thread is intercepted. Further, a second application program interface is invoked within the interception of the first application program interface, utilizing a second thread.

Подробнее
Номер записи: 68
17-10-2013 дата публикации

System, method and computer program product for detecting activity in association with program resources that has at least a potential of an unwanted effect on the program

Номер: US20130276109A1
Автор: Prakash Ranjan
Принадлежит:

A system, method and computer program product are provided. In use, at least one resource utilized by a program is monitored. In addition, activity in association with the at least one resource that has at least a potential of an unwanted effect on the program is detected. Further, a reaction is performed in response to detecting the activity to prevent the unwanted effect. 1. A method , comprising:selecting a first function and a second function of a plurality of functions of a computer program;monitoring at least one resource associated with the first function and the second function, utilizing a processor;detecting activity by the first function in association with the at least one resource that has at least a potential of an unwanted effect on the second function; and determining that the second function has a higher priority than the first function; and', 'temporarily disabling the first function until the second function has finished utilizing the at least one resource., 'reacting in response to detecting the activity to prevent the unwanted effect, comprising2. The method of claim 1 , further comprising identifying the first function and the second function.3. The method of claim 2 , wherein the first function and second function are identified by receiving a selection of the first function and the second function from a user.4. The method of claim 1 , wherein the first function and the second function are selected by a user utilizing a graphical user interface.5. (canceled)6. The method of claim 1 , wherein the at least one resource that is monitored is identified based on the first function and the second function.7. (canceled)8. The method of claim 6 , wherein the at least one resource that is monitored is identified based on a mapping between a plurality of functions and a plurality of resources.9. The method of claim 1 , wherein the at least one resource includes at least one of a network resource claim 1 , a processing resource claim 1 , a storage ...

Подробнее
Номер записи: 69
17-10-2013 дата публикации

NETWORK VIRTUAL USER RISK CONTROL METHOD AND SYSTEM

Номер: US20130276115A1
Автор: Hu Sihai
Принадлежит: ALIBABA GROUP HOLDING LIMITED

Embodiments of the present application relate to a method of controlling user risk, a system for controlling user risk, and a computer program product for controlling user risk. A method is provided. The method includes retrieving association data of a first user and association data of a second user, the association data including multidimensional data, and data relating to each dimension identifying a user and serving as an association dimension, based on the association data, computing an association value between the first user and the second user for an association dimension, gathering the association value to obtain a degree of real association, and determining that the other user is malicious. 1. A network virtual user risk control method , comprising:retrieving raw association data of a first virtual user and raw association data of a second virtual user, the raw association data comprising multidimensional data, and data relating to each dimension being capable of identifying a user and serving as an association dimension, wherein one of the first virtual user and the second virtual user is deemed to be a malicious user;based on the raw association data of the first virtual user and the second virtual user, computing at least one association value between the first virtual user and the second virtual user for an association dimension;gathering the at least one association value of the association dimension to obtain a degree of real association between the first virtual user and the second virtual user;determining whether the degree of real association between the first virtual user and the second virtual user exceeds a predetermined threshold value; anddetermining that the other of the first and second virtual users is a malicious user.2. The method as described in claim 1 , wherein the computing of the at least one association value between the first virtual user and the second virtual user for the association dimension comprises:for the association ...

Подробнее
Номер записи: 70
17-10-2013 дата публикации

Model-based system, method, and computer program product for detecting at least potentially unwanted activity associated with confidential data

Номер: US20130276127A1
Автор: Balachander Seshappa, Deepakeswaran Kolingivadi
Принадлежит: Individual

A model-based system, method, and computer program product are provided for detecting at least potentially unwanted activity associated with confidential data. In use, behavior information associated with use of confidential data is identified, based on predetermined parameters. Additionally, a model is created utilizing the behavioral information. Furthermore, at least potentially unwanted activity associated with the confidential data is detected utilizing the model.

Подробнее
Номер записи: 71
24-10-2013 дата публикации

SYSTEM AND METHOD FOR DISTINGUISHING HUMAN SWIPE INPUT SEQUENCE BEHAVIOR AND USING A CONFIDENCE VALUE ON A SCORE TO DETECT FRAUDSTERS

Номер: US20130283378A1
Автор: Costigan Neil, Deutschmann Ingo, Libell Tony, Lindholm Johan, Nordström Peder
Принадлежит: Behaviometrics AB

Recording, analyzing and categorizing of user interface input via touchpad, touch screens or any device that can synthesize gestures from touch and pressure into input events. Such as, but not limited to, smart phones, touch pads and tablets. Humans may generate the input. The analysis of data may include statistical profiling of individual users as well as groups of users, the profiles can be stored in, but not limited to data containers such as files, secure storage, smart cards, databases, off device, in the cloud etc. A profile may be built from user/users behavior categorized into quantified types of behavior and/or gestures. The profile might be stored anonymized. The analysis may take place in real time or as post processing. Profiles can be compared against each other by all the types of quantified behaviors or by a select few. 1. A Method of using behavioral biometric algorithms that gather , filter , conduct analyses , separates and identifies previously unknown users based on measured differences in their natural and/or artificial behavior by distinguishing human swipe input sequence or shape input sequence and behavioral traits from other human behavior and or machine behavior where: i. an angle of the swipe when entering or leaving one or more measuring points,', 'ii. a velocity between one more measuring points,', 'iii. an acceleration between one or more measuring points,', 'iv. a quotient between one or more measuring points,', 'v. a sequence between multiple measuring points,', 'vi. a start sequence to a first measuring point,', 'vii. an end sequence from the last measuring point,', 'viii. a flight between one or more measuring points,', 'ix. the dominant side between one or more measuring points,', 'x. an area between one or more measuring points,', 'xi. a curve fitting between one or more measuring points,', 'xii. a heat map between one or more measuring points,', 'xiii. the average time of the sample,', 'xiii. key press/key flight timings., 'a. ...

Подробнее
Номер записи: 72
31-10-2013 дата публикации

APPARATUS AND METHOD FOR DETECTING TRAFFIC FLOODING ATTACK AND CONDUCTING IN-DEPTH ANALYSIS USING DATA MINING

Номер: US20130291108A1
Автор: BANG Hyo Chan, LEE Byung Bog, Yu Jae Hak
Принадлежит: Electronics and Telecommunications Research Institute

Provided is an apparatus and method for detecting a traffic flooding attack and conducting an in-depth analysis using data mining that may rapidly detect a distributed denial of service (DDoS) attack, for example, a traffic flooding attack, developed more variously and firmly from a denial of service (DoS) attack, perform an attack type classification, and conduct a semantic analysis with respect to the attack. The apparatus and method may support a system operation and provide a more stable service, by rapidly detecting a traffic flooding attack, classifying a type of the attack, and conducting a semantic analysis based on a prediction and analysis scheme of data mining. 1. An apparatus for detecting a traffic flooding attack and conducting an in-depth analysis using data mining , the apparatus comprising:a generation module to generate a management information base (MIB) based on network traffic data;a sensing module to determine, by collecting the MIB, a point in time at which a detection system is operated;a storage module to store an MIB determined by the detection system analyzing the MIB; andan attack determining module to determine whether an attack is detected and a type of the attack, based on the determined MIB.2. The apparatus of claim 1 , wherein the detection system generates various arbitrary traffic attacks and performs a decision tree based learning.3. The apparatus of claim 1 , further comprising:an association rule module to conduct a semantic in-depth analysis for extracting and analyzing features of data stored in the storage module in a form of a rule.4. The apparatus of claim 3 , further comprising:a manager module to monitor detailed information regarding real-time attack detection and classification performed by the attack determining module, and to utilize semantic analysis information and rules provided by the association rule module and the detection system for policy establishment of an intrusion detection and response system.5. The ...

Подробнее
Номер записи: 73
31-10-2013 дата публикации

SYSTEMS AND METHODS FOR PROVIDING ANTI-MALWARE PROTECTION AND MALWARE FORENSICS ON STORAGE DEVICES

Номер: US20130291110A1
Автор: Bowen Thomas R., Saxena Paritosh, Thadikaran Paul J., Triantafillou Nicholas D., Wright Adam Greer
Принадлежит:

Systems and methods for providing features that enable anti-malware protection on storage devices are described. In one embodiment, a storage device includes a controller, firmware, and memory. The controller manages input/output operations for the storage device. The firmware provides features for protection against malware. The memory includes secure storage that is configured to provide a set of storage operations. 1. A system , comprising:an operating system for performing operations on the system; 'memory having configurable secure storage that is configured to monitor activity or restrict activity in the secure storage.', 'a storage device to communicate with the operating system, the storage device comprises, firmware to provide features for protection against malware; and'}2. The system of claim 1 , wherein the memory comprises a secure log to record activity of the system.3. The system of claim 2 , wherein the secure log enables storing a unique sequence of commands that are given to the storage device along with configurable parameters.4. The system of claim 2 , wherein the secure log is accessed by an authenticated external entity to determine if the activity recorded in the log is suspicious.5. The system of claim 4 , wherein the authenticated external entity using the firmware configures a region of the secure storage to monitor activity or restrict activity in the secure storage based on determination of suspicious activity.6. The system of claim 5 , wherein the authenticated external entity using the firmware configures unused space at an end region near an end of the memory to redirect access to the secure storage.7. The system of claim 6 , wherein a read request or a write request that is intended for the unused space near the end region is redirected to the secure storage.8. A storage device comprising:a controller to manage input/output operations for the storage device;firmware being implemented with the controller, the firmware to provide ...

Подробнее
Номер записи: 74
31-10-2013 дата публикации

System and method for logging security events for an industrial control system

Номер: US20130291115A1
Автор: David Richard Socky, Justin Brandon Chong, Manas Ranjan Sahoo
Принадлежит: General Electric Co

A system includes a security server including a memory and a processor configured to receive a first set of communications from a human machine interface (HMI) device, wherein the first set of communications relates to HMI device security events. The security server is also configured to receive a second set of communications from an industrial controller, wherein the second set of communications relates to industrial controller security events. The security server is further configured to package and send the received first and second sets of communications to a remote managed security service provider (MSSP) for analysis.

Подробнее
Номер записи: 75
07-11-2013 дата публикации

METHOD FOR PROTECTING COMPUTER PROGRAMS AND DATA FROM HOSTILE CODE

Номер: US20130298234A1
Автор: Dotan Eyal
Принадлежит:

A method that protects computer data from untrusted programs. Each computer's object and process is assigned with trust attributes, which define the way it can interact with other objects within the system. When an object is classified as untrusted, it can interact with other object within the system on a limited basis. A virtualized system is provided on the computer so that when the untrusted object attempts to perform an operation that is outside its scope of authorization, the virtualized system intercepts the operation but present the untrusted program with an indication that the requested operation has been performed. The method further includes processes to securely move a program from an untrusted group to a trusted group. 2. A computerized method of managing a computer's operation in a computer having a real directory , comprising:causing the computer to create a virtual directory;monitoring operation of a program;when it is determined that the program should not be run on an unlimited trusted mode, causing the computer to:when the program attempts to rename a named file, performing the operations:if the named file exists in the real directory only, copying the named file into the virtual directory, renaming the named file in the virtual directory, and generating a deleted indicator for the named file,if the named file exists in the virtual directory only, renaming the named file, andif the named file exists in both the real and virtual directories, renaming the named file in the virtual directory, generating a delete indicator for the named, and returning a success indication.3. A computerized method of managing a computer's operation in a computer having a real directory , comprising:causing the computer to create a visual directory;monitoring operation of a program;when it is determined that a program should not be run on an unlimited trusted mode, causing the computer to:when the program issues a file inquiry, returning a true indication if:the file ...

Подробнее
Номер записи: 76
07-11-2013 дата публикации

Systems and methods for identifying, deterring and/or delaying attacks to a network using shadow networking techniques

Номер: US20130298236A1
Автор: Ellen K. LIN, Wayne B. Smith
Принадлежит: HARRIS CORP

Systems ( 100 ) and methods ( 2100 ) for identifying, deterring and/or delaying malicious attacks being waged on a Computer Network (“CN”). The methods involve implementing a Mission Plan (“MP”) at a first Network Node (“NN”). MP ( 1900, 1902 ) specifies that: a first IDentity Parameter (“IDP”) for a second NN has numerous possible values associated therewith; and at least two possible values are to be used in communications to and from the second NN in different timeslots of a time frame ( 2020 - 2026 ). At the first NN, a value for the first IDP, which is contained in a received packet, is compared with the possible values specified in MP to determine if the value is a “correct” value for a current timeslot. If it is determined that the value is not “correct” for the current timeslot, then the first NN performs actions to identify, deter or delay a possible malicious attack on CN.

Подробнее
Номер записи: 77
07-11-2013 дата публикации

Method and system for automatic detection of eavesdropping of an account based on identifiers and conditions

Номер: US20130298238A1
Автор: Deepak Kumar Vasthimal, Purshotam SHAH
Принадлежит: Yahoo Inc until 2017

A system and method for detecting whether a user account has been compromised. A server computer determines, for a client device, a first identifier associated with the client device. The server computer analyzes an activity log associated with an account of a user to determine if an eavesdropping condition has been met during a given duration. The analysis includes: 1) determining that an eavesdropping activity has occurred during the given duration and determining that no normal activity has occurred during the given duration for the first identifier; 2) determining a second identifier associated with a second device used to access the user account; and 3) determining that a normal activity associated with the second identifier has occurred during the given duration.

Подробнее
Номер записи: 78
07-11-2013 дата публикации

SYSTEM FOR MECHANICAL AND ELECTRONIC PROTECTION OF SAFE EQUIPMENT

Номер: US20130298252A1
Автор: Ribeiro-Pereira Jorge
Принадлежит:

The present invention provides the mechanical positioning of electronic circuits, mounted on rigid printed circuit boards or flexible circuits, creating a protected region within a Safe Equipment, so that an action to attempt to invade or violate this area of the equipment will trigger an alarm that triggers the blocking of the equipment use, instantly erasing the safety keys of the safe equipment; to avoid this possibility, the invention provides a region completely surrounded by protection circuits and sensors surrounding the sensitive part of the device with alarm devices. 1. “SYSTEM FOR MECHANICAL AND ELECTRONIC PROTECTION OF SAFE EQUIPMENT” characterized by two or more printed circuit boards , so that at least on one of the boards an internal indention is made and at least on the surface of one of the boards sensitive components are mounted to be protected so that when uniting all boards the sensitive components are embedded within the indention of the indented boards , obtaining a safe cavity.2. “SYSTEM FOR MECHANICAL AND ELECTRONIC PROTECTION OF SAFE EQUIPMENT” claim 1 , according to claim 1 , characterized by introducing a cover for one or more printed circuit strips claim 1 , whether it's is flexible or rigid claim 1 , in the open area of the safe cavity and there may be or not components between the cavity and the flexible circuit strip.3. “SYSTEM FOR MECHANICAL AND ELECTRONIC PROTECTION OF SAFE EQUIPMENT” claim 1 , according to claim 1 , characterized by the fact of the printed circuit boards have conductive circuits in form of a protection mesh that serves as sensor against the drilling of the board.4. “SYSTEM FOR MECHANICAL AND ELECTRONIC PROTECTION OF SAFE EQUIPMENT claim 3 , according to claim 3 , characterized by the fact that flexible circuit strips have conductive circuits in form of a protective mesh serving as sensor against drilling of the strip.5. “SYSTEM FOR MECHANICAL AND ELECTRONIC PROTECTION OF SAFE EQUIPMENT” claim 4 , according to claim 4 ...

Подробнее
Номер записи: 79
14-11-2013 дата публикации

Minimizing Latency of Behavioral Analysis Using Signature Caches

Номер: US20130305358A1
Автор: Das Saumitra, Gathala Anil, Gupta Rajarshi
Принадлежит: QUALCOMM INCORPORATED

The various aspects include methods, systems, and devices configured to make use of caching techniques and behavior signature caches to improve processor performance and/or reduce the amount of power consumed by the computing device by reducing analyzer latency. The signature caching system may be configured to adapt to rapid and frequent changes in behavioral specifications and models and provide a multi-fold improvement in the scalability of behavioral analysis operations performed on the mobile device. 1. A method of improving performance on a mobile device , comprising:observing mobile device behaviors and generating a behavior signature based on observed mobile device behaviors;determining whether the generated behavior signature matches a behavior signature stored in a cache memory of the mobile device; andtaking a corrective action in response to determining that the generated behavior signature matches a behavior signature stored in the cache memory of the mobile device.2. The method of claim 1 , further comprising:receiving a behavior signature from a second mobile device; andstoring the received behavior signature in the cache memory.3. The method of claim 1 , further comprising:receiving a behavior signature from a network server; andstoring the received behavior signature in the cache memory.4. The method of claim 1 , further comprising:determining whether the generated behavior signature matches a behavior signature stored in a server memory of a service accessible via a network connection when it is determined that the generated behavior signature does not match a behavior signature stored in the cache memory; andtaking a corrective action in response to determining that the generated behavior signature matches a behavior signature stored in a server memory of a service accessible via a network connection.5. The method of claim 1 , further comprising: observing mobile device behaviors over a period of time to recognize mobile device behaviors that are ...

Подробнее
Номер записи: 80
21-11-2013 дата публикации

Information processing system and method for controlling the same

Номер: US20130311514A1
Автор: Mitsunori Satomi, Yoji Sunada
Принадлежит: HITACHI LTD

An information processing system includes a plurality of edge nodes to provide services relating to files, and a core node communicatively coupled to each of the edge nodes and configured to send or receive data of the files to or from the edge nodes and to manage the data of the files. Any one of the edge nodes is granted a first access right permitting update of the files, whereas any two or more of the edge nodes are granted a second access right to prohibit update of the files. The core node stores the access right granted to each of the edge nodes. When detecting that a failure has occurred in the edge node granted the first access right, the core node sends one of the edge nodes granted the second access right a first instruction to take over the first access right granted to the failed edge node.

Подробнее
Номер записи: 81
21-11-2013 дата публикации

Foiling a Document Exploit Attack

Номер: US20130312093A1
Автор: HIRVONEN Timo
Принадлежит: F-SECURE CORPORATION

A method of foiling a document exploit type attack on a computer, where the attack attempts to extract malware code from within a document stored on the computer. The method includes monitoring the computer in order to detect repeated function calls made by a given process in respect of the same function but different file descriptors; and in the event that such repeated function calls are detected or the number of such repeated function calls exceeds some threshold, terminating the process that initiated the function calls. 1. A method of foiling a document exploit type attack on a computer , where the attack attempts to extract malware code from within a document stored on the computer , the method comprising:monitoring the computer in order to detect repeated function calls made by a given process in respect of the same function but different file descriptors; andin the event that such repeated function calls are detected or the number of such repeated function calls exceeds some threshold, terminating the process that initiated the function calls.2. A method as claimed in claim 1 , wherein the step of monitoring the computer comprises hooking the function calls at the computer.3. A method as claimed in claim 1 , wherein the computer is monitored to detect repeated function calls where the file descriptors are values that increment or decrement in sequence.4. A method as claimed in claim 1 , wherein the repeated function calls to be detected are failed function calls.5. A method as claimed in claim 1 , wherein the computer is running a Microsoft Windows operating system and said function calls are GetFileSize function calls.6. A method as claimed in claim 1 , wherein the computer is running a Linux operating system and said function calls are fstat function calls.7. A method as claimed in claim 1 , wherein the method further comprises quarantining or deleting the document containing the exploit after the process has been terminated.8. A non-transitory computer ...

Подробнее
Номер записи: 82
28-11-2013 дата публикации

Recording Activity-Triggered Computer Video Output

Номер: US20130315566A1
Автор: Paul Michael Martini
Принадлежит: Phantom Technologies Inc

An application that is capable of monitoring Internet or network traffic and performing recordings of computer video output based on one or more violations of network activity policies. The recording application can be installed on the computer to be recorded or another computer or server that is connected through the network to the computer to be recorded. The monitoring application contains a configuration interface that allows a user to set thresholds for certain types of network policy violations. When the one or more violations are detected, the recording application will begin recording video of the computer's video activity. The application can be configured to include settings such as the length of the recording. In a typical environment, the application is a hardware appliance that is capable of monitoring web activity and network traffic and can connect to the computer over the network in order to perform the recording.

Подробнее
Номер записи: 83
28-11-2013 дата публикации

Method and system for real time classification of events in computer integrity system

Номер: US20130318601A1
Автор: Jeb Stuart Thorley, Justin Alexander Foster
Принадлежит: Trend Micro Inc

Method and system using a designated known secure computer for real time classification of change events in a computer integrity system are disclosed. In the embodiment of the invention, the known secure computer, having only inbound connection, is dedicated for providing permissible change events, which are compared with change events generated on client operational computers. An alert is generated when the change event at the client operational computer and the respective permissible change event provided by the known secure computer mismatch.

Подробнее
Номер записи: 84
28-11-2013 дата публикации

Systems and Methods for Correlating and Distributing Intrusion Alert Information Among Collaborating Computer Systems

Номер: US20130318606A1
Автор: Keromytis Angelos D., LOCASTO Michael, Malkin Tal, Misra Vishal, Parekh Janak, Stolfo Salvatore J.
Принадлежит: The Trustees of Columbia University in the City of New York

Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems are provided. These systems and methods provide an alert correlator and an alert distributor that enable early signs of an attack to be detected and rapidly disseminated to collaborating systems. The alert correlator utilizes data structures to correlate alert detections and provide a mechanism through which threat information can be revealed to other collaborating systems. The alert distributor uses an efficient technique to group collaborating systems and then pass data between certain members of those groups according to a schedule. In this way data can be routinely distributed, without generating excess traffic loads. 1receiving, at a first computer system, a first one-way data structure from a collaborating second computer system, the first one-way data structure representing first data relating to a first intrusion attempt detected by an intrusion detection system of the collaborating second computer system such that the first data is hidden in the first one-way data structure;detecting, using an intrusion detection system of the first computer system, a second intrusion attempt;storing second data relating to the second intrusion attempt in a second one-way data structure of the first computer system such that the second data is hidden in the second one-way data structure;determining whether the second intrusion attempt correlates with the first intrusion attempt by comparing the first data structure and the second data structure; andindicating that a threat is present if the second intrusion attempt is determined to correlate with the data received from the collaborating second computer system relating, to the first intrusion attempt.. A method of detecting a threat to a computer system in a plurality of collaborating computer systems, the method comprising: This application is a continuation under 35 U.S.C. §120 of U.S. patent application ...

Подробнее
Номер записи: 85
05-12-2013 дата публикации

Apparatus and Method for Forming Secure Computational Resources

Номер: US20130326612A1
Автор: David Naccache
Принадлежит: Crocus Technology Inc

A computer implemented method includes collecting logged operations associated with a computation resource. Permitted operations for the computation resource are inferred based at least in part on the logged operations. A computation resource is augmented to block all operations that can be performed by the computation resource except the permitted operations.

Подробнее
Номер записи: 86
12-12-2013 дата публикации

Malicious message detection and processing

Номер: US20130333026A1
Автор: Angelo Starink, David Knight
Принадлежит: Proofpoint Inc

Malicious message detection and processing systems and methods are provided herein. According to some embodiments, the messages are emails and the method for processing emails may be facilitated by way of an intermediary node which may be cloud-based. The intermediary node may be communicatively couplable with an email client and an email server. The intermediary node may execute a method that includes analyzing a link included in an email to determine if the link is associated with a potentially malicious resource, and replacing the link with an alternate link to a trusted resource if the link is associated with a potentially malicious resource.

Подробнее
Номер записи: 87
12-12-2013 дата публикации

SOFTWARE PROTECTION MECHANISM

Номер: US20130333033A1
Автор: Khesin Oscar
Принадлежит: EMPIRE TECHNOLOGY DEVELOPMENT LLC

Techniques for detecting malware activity are described. In some examples, a method for monitoring executing software for malware may include monitoring behavior of software during execution. Based on comparison of the monitored behavior and corresponding expected behavior derived from analysis of the software, it may be determined that the monitored behavior deviates from the expected behavior in accordance with a predetermined trigger. An appropriate action may be initiated in response. 1. A method for monitoring executing software , the method comprising:monitoring behavior of software during execution;based on comparison of the monitored behavior and corresponding expected behavior derived from analysis of the software, determining that the monitored behavior deviates from the expected behavior in accordance with a predetermined trigger; andautomatically initiating an action in response to the determining.2. The method of claim 1 , wherein the analysis comprises decompilation of executable software into source code.3. The method of claim 1 , wherein the analysis comprises processing of information received via an Application Programming Interface (API).4. The method of claim 1 , wherein the analysis comprises parsing of source code prior to execution of the software.5. The method of claim 1 , wherein the analysis comprises generation of a misbehavior/threat database based on source code conversion and information received via an API.6. The method of claim 3 , wherein the analysis comprises generation of a binary program graph based on source code conversion and the received information.7. The method of claim 6 , wherein the binary program graph corresponds to software program flow and comprises data structures claim 6 , connectors claim 6 , and pointers to executable machine commands.8. The method of claim 6 , wherein the comparison is based on information received from the binary program graph and a misbehavior/threat database.9. The method of claim 1 , wherein ...

Подробнее
Номер записи: 88
19-12-2013 дата публикации

CODE REPOSITORY INTRUSION DETECTION

Номер: US20130340076A1
Автор: Cecchetti Adam, Eddington Michael
Принадлежит: Deja vu Security, LLC

The disclosed subject matter provides for code repository intrusion detection. A code developer profile can be generated based on characteristic features present in code composed by the developer. Characteristic features can be related to the coding propensities peculiar to individual developers and, over sufficient numbers of characteristic features, can be considered pseudo-signatures. A target code set is analyzed in view of one or more developer profiles to generate a validation score related to a likelihood of a particular developer composing a portion of the target code set. This can serve to confirm or refute a claim of authorship, or can serve to identify likely author candidates from a set of developers. Where the target code set authorship is determined to be sufficiently suspect, the code set can be subjected to further scrutiny to thwart intrusion into the code repository. 1. A system , comprising:a memory that stores computer-executable instructions; and receive a code file set, wherein one or more code files of the code file set comprise source code;', 'identify a characteristic feature associated with the code file set, a code file of the code file set, or a computer instruction of a code file of the code file set;', 'determine a feature value related to the characteristic feature; and', 'facilitate access to the feature value., 'a processor, communicatively coupled to the memory, that facilitates execution of the computer-executable instructions to at least2. The system of claim 1 , wherein the code file set is a training code file set and the characteristic feature is associated with an entity.3. The system of claim 2 , wherein the training code file set includes a plurality of historical code files associated with the entity and the characteristic feature is present in two or more of the plurality of historical code files.4. The system of claim 2 , wherein the training code file set includes a plurality of historical code files associated with a ...

Подробнее
Номер записи: 89
26-12-2013 дата публикации

Risk manager optimizer

Номер: US20130346294A1
Автор: Kevin Siegel, Mayrose Kragas, Patrick Faith
Принадлежит: VISA INTERNATIONAL SERVICE ASSOCIATION

Embodiments of the invention broadly described, introduce systems and methods for automatically generating rules. One embodiment of the invention discloses a method for generating a candidate rule. The method comprises receiving transaction data comprising a plurality of fields, wherein each field is associated with one or more field values, constructing a rule graph, wherein vertices in the rule graph correspond to a plurality of the one or more field values, generating a tree, wherein generating the tree comprises selecting an edge from a set of edges connecting a vertex in the tree with a vertex not in the tree, and adding the edge to the tree if the edge has a maximum signal-to-noise value of all edges in the set of edges, and converting the tree into a candidate rule.

Подробнее
Номер записи: 90
26-12-2013 дата публикации

Rollback protection for login security policy

Номер: US20130346757A1
Автор: Benjamin Nick, Innokentiy Basmov, Magnus Nyström, Micheal Grass, Peter Novotney
Принадлежит: Microsoft Corp

In one embodiment, an encryption system may protect user login metadata from hammering attacks. A data storage 140 may store an integrity protected data set 602 for an operating system in a storage location. A processor 120 may register a counter reading from a remote counter 202 in a secure location 204 separate from the storage location. The processor 120 may determine a lockout state of the integrity protected data set 602 based on the counter reading.

Подробнее
Номер записи: 91
26-12-2013 дата публикации

SYSTEMS AND METHODS FOR COMBINED PHYSICAL AND CYBER DATA SECURITY

Номер: US20130347060A1
Автор: Hazzani Gideon
Принадлежит: VERINT SYSTEMS LTD.

Methods and systems for protecting computer systems against intrusion. The disclosed techniques detect intrusions by jointly considering both cyber security events and physical security events. In some embodiments, a correlation subsystem receives information related to the computer system and its physical environment from various information sources in the cyber domain and in the physical domain. The correlation subsystem analyzes the information and identifies both cyber security events and physical security events. The correlation subsystem finds cyber security events and physical security events that are correlative with one another, and uses this correlation to detect intrusions. 1. A method , comprising:receiving information from one or more sources;identifying in the information a first event that involves unauthorized access to a computer system, and a second event that involves unauthorized physical access to a physical vicinity of the computer system; andcorrelating the first event and the second event so as to detect an intrusion into the computer system.2. The method according to claim 1 , wherein correlating the first event and the second event comprises correlating a first location at which the first event occurred and a second location at which the second event occurred.3. The method according to claim 1 , wherein correlating the first event and the second event comprises correlating a first identity of an individual who carried out the first event and a second identity of the individual who carried out the second event.4. The method according to claim 1 , wherein the first event comprises an action taken by malicious software claim 1 , the method further comprising configuring a security access control rule based on the correlated first event and second event.5. The method according to claim 4 , and comprising reconfiguring at least one of a cyber access control system and a physical access control system responsively to the security access control ...

Подробнее
Номер записи: 92
26-12-2013 дата публикации

ANALYZING EXECUTABLE BINARY CODE WITHOUT DETECTION

Номер: US20130347104A1
Автор: Bryant Adam, CHEATHAM Jason, CHEATHAM Michelle, KRUMHEUER Brian, RABER Jason, SHINKLE Ronald
Принадлежит: Riverside Research Institute

Analysis of executable binary code is performed without detection by defensive elements embedded within the executable binary code or within a system in which the executable binary code is executing. An identified suspect executable file is disassembled. Statically and dynamically analysis is performed on binary code of the disassembled executable file. An anti-anti-debugging function is implemented by executing program call functions in a manner which avoids detection of a debugging program by the defensive elements embedded within the executable binary code of the anti-debugging function of the executable binary code, thereby avoiding detection by the source of the suspect executable file. 1. A method for analyzing executable binary code without detection by defensive elements embedded within the executable binary code or within a system in which the executable binary code is executing , the method comprising the steps of:identifying a suspect executable file;disassembling the suspect executable file;concurrently statically and dynamically analyzing suspect binary code of the disassembled executable file, andin at least the dynamic analysis providing an anti-anti-debugging function by executing program call functions in a manner which avoids detection of a debugging program by the defensive elements embedded within the executable binary code of the anti-debugging function of the executable binary code, thereby avoiding detection by the source of the suspect executable file.2. A method according to claim 2 , further comprising using a kernel driver to subvert anti-bugging protection within the suspect executable file.3. A method according to claim 1 , further comprising:highlighting suspicious areas of the suspect binary code to facilitate analysis of the suspect binary code andgenerating textual and graphical views of an assembly code of the disassembled executable file.4. A method according to claim 1 , further comprising importing function-level and instruction- ...

Подробнее
Номер записи: 93
26-12-2013 дата публикации

System and method of fraud and misuse detection using event logs

Номер: US20130347106A1
Автор: Kurt James Long
Принадлежит: Individual

A system and method are provided for detecting fraud and/or misuse of data in a computer environment through generating a rule for monitoring at least one of transactions and activities that are associated with the data. The rule can be generated based on one or more criteria related to the at least one of the transactions and the activities that is indicative of fraud or misuse of the data. The rule can be applied to the at least one of the transactions and the activities to determine if an event has occurred, where the event occurs if the at least one criteria has been met. A hit is stored if the event has occurred and a notification can be provided if the event has occurred. A compilation of hits related to the rule can be provided.

Подробнее
Номер записи: 94
26-12-2013 дата публикации

EFFICIENT PACKET HANDLING, REDIRECTION, AND INSPECTION USING OFFLOAD PROCESSORS

Номер: US20130347110A1
Автор: Dalal Parin Bhadrik
Принадлежит:

A packet handling system is disclosed that can include at least one main processor; a plurality of offload processors connected to a memory bus and configured to provide security related services on packets prior to redirection to the main processor; and a virtual switch respectively connected to the main processor and the plurality of offload processors using the memory bus, the virtual switch configured to receive memory read/write data over the memory bus. 1. A packet handling system , comprising:at least one main processor;a plurality of offload processors connected to a memory bus and configured to provide security related services on packets prior to redirection to the main processor; anda virtual switch respectively connected to the main processor and the plurality of offload processors using the memory bus, the virtual switch configured to receive memory read/write data over the memory bus.2. The packet handling system of claim 1 , wherein the offload processors are configured to support for signature detection by an intrusion prevention system.3. The packet handling system of claim 1 , wherein the offload processors are configured of support for encryption/decryption.4. The packet handling system of claim 1 , further comprising a network interface card with single root IO virtualization (SR-IOV) claim 1 , configured to receive the packets and direct packets to one of the offload processors acting as a virtual switch claim 1 , with packets being passed to the offload processor by the virtual switch and an input-out memory management unit (IOMMU).5. The packet handling system of claim 1 , wherein the offload processors are connected to memory claim 1 , and further include a snoop control unit for coherent read out and write in to memory.6. The packet handling system of claim 1 , wherein the offload processors are connected to memory and configured for zero-overhead context switching between threads of a networked application.7. The packet handling system of ...

Подробнее
Номер записи: 95
02-01-2014 дата публикации

Detecting anomalies in real-time in multiple time series data with automated thresholding

Номер: US20140006325A1
Автор: Alain E. Biem
Принадлежит: International Business Machines Corp

An approach is provided for detecting an anomaly in a processing environment. The approach includes using a processor to obtain a series of values collected within a processing interval of the processor in the processing environment. The processor normalizes this first series of values to obtain a first series of normalized values. A second series of normalized values is generated by applying a predictive filter to the first series of normalized values. A comparison score is generated from the normalized values by comparing the first series of normalized values and the second series of normalized values. The approach then determines whether the comparison score represents an anomaly relative to at least one other comparison score derived from values collected within the processing interval.

Подробнее
Номер записи: 96
02-01-2014 дата публикации

PREVENTING ATTACKS ON DEVICES WITH MULTIPLE CPUs

Номер: US20140007234A1
Автор: Igor Muttik
Принадлежит: McAfee LLC

Disclosed are systems and methods to utilize two different processing units (e.g., CPUs) to monitor each other. The processing units may have limited visibility and/or read only access to each other to reduce the possibility that one affected processing unit could compromise the second processing unit. Devices containing multiple processing units of different architectures could be configured so that one type of processing unit monitors another type of processing unit. When the processing units are different architectures a single piece of malicious software (malware) is unlikely to affect both processing units. Each processing unit can be configured to detect rootkits and other types of malware on the other processor(s) of the system/device.

Подробнее
Номер записи: 97
02-01-2014 дата публикации

Identification of Infected Devices in Broadband Environments

Номер: US20140007235A1
Автор: Donald J. Smith, John Butala, Michael Glenn
Принадлежит: CENTURYLINK INTELLECTUAL PROPERTY LLC

Novel solutions for detecting and/or treating malware on a subscriber's premise network. Such solutions can include, but are not limited to, tools and techniques that can detect, and/or enable the detection of, malware infections on individual subscriber devices within the subscriber's network. In a particular embodiment, for example, a premise gateway, or other device on the subscriber's premise network, is configured to analyze packets traveling through the premise gateway and, based on that analysis, identify one or more subscriber devices that are infected with malware.

Подробнее
Номер записи: 98
02-01-2014 дата публикации

Collective Threat Intelligence Gathering System

Номер: US20140007238A1
Автор: Alison M. Andrews, Christopher L. Stevenson, Henry C. Li, Joel Lathrop, Jonathon Lance James, Joseph C. Magee, Mark W. Nicholson
Принадлежит: Vigilant Inc

Threat intelligence is collected from a variety of different sources. The threat intelligence information is aggregated, normalized, filtered and scored to identify threats to an information network. Threats are categorized by type, maliciousness and confidence level. Threats are reported to network administrators in a plurality of threat feeds, including for example malicious domains, malicious IP addresses, malicious e-mail addresses, malicious URLs and malicious software files.

Подробнее
Номер записи: 99
09-01-2014 дата публикации

Methods and systems for regulating user engagement

Номер: US20140012826A1
Автор: Nathan Wisman, Nicholas Hellbusch
Принадлежит: Salesforce com Inc

Methods and systems are provided for regulating interaction with respect to an object in a database. One exemplary method involves creating an engagement record associated with the object in the database and in response receiving a request for a database activity with respect to the object from a user, determining whether the user is authorized to initiate the database activity with respect to the object based on a protection status indicated by the engagement record for the object. When the first user is authorized, the database is updated the database to reflect the requested database activity associated with the object and the protection status of the engagement record is updated in response to the database activity. After updating the protection status of the engagement record, subsequent database activity with respect to the object initiated by a second user is regulated based on the updated protection status.

Подробнее
Номер записи: 100