Patent application number | Description | Published |
20100057869 | Event Driven Email Revocation - An email revocation in which transmitted email can be recalled before a recipient is able to read the transmitted email is provided. An event server stores a transmitted email for a given time period or until being retrieved by a receiving email client. If the given time period expires or the email is recalled, the receiving email client is unable to retrieve the email. | 03-04-2010 |
20100122343 | Distributed Sensor for Detecting Malicious Software - Processor(s) for detecting malicious software. A hardware virtual machine monitor (HVMM) operates under a host OS. Container(s) initialized with network application template(s)operate under a guest OS VM. A detection module operates under the guest OS VM includes a trigger detection module, a logging module and a container command module. The trigger detection module monitors activity on container(s) for a trigger event. The logging module writes activity report(s) in response to trigger event(s). The container command module issues command(s) in response to trigger event(s). The command(s) include a container start, stop and revert commands. A virtual machine control console operates under the host OS and starts/stops the HVMM. A container control module operates under the guest OSVM and controls container(s) in response to the command(s). The server communication module sends activity report(s) to a central collection network appliance that maintains a repository of activities for infected devices. | 05-13-2010 |
20100186074 | Authentication Using Graphical Passwords - An authenticator may include graphical passwords. An authenticator may include a password image, which may include one or more clickable areas, and/or a key image, which may include click point data. An authenticator may include a mobile computing resource, a terminal computing resource and/or a challenger, which may be configured to communicate with each other. A mobile computing resource may be configured to receive and/or display a key image, such that click point data may be presented, determined, and/or input to a password image. A challenger may be configured to compare input click point data and a key image. | 07-22-2010 |
20100293407 | Systems, Methods, and Media for Recovering an Application from a Fault or Attack - Systems, methods, and media for recovering an application from a fault or an attack are disclosed herein. In some embodiments, a method is provided for enabling a software application to recover from a fault condition. The method includes specifying constrained data items and assigning a set of repair procedures to the constrained data items. The method further includes detecting a fault condition on the constrained data items during execution of the software application, which triggers at least one repair procedure. The triggered repair procedures are executed and the execution of the software application is restored. In some embodiments, the restoring comprises providing memory rollback to a point of execution of the software application before the fault condition was detected. | 11-18-2010 |
20110099620 | Malware Detector - A transparent proxy for malware detection includes a monitor module, a protocol determination module, a challenge generation module, a response determination module, and a data control module. The monitor module examines data originating from an application towards a remote server. The protocol determination module identifies the protocol type used for the data. The challenge generation module produces a challenge for the application based upon the protocol type, sends the challenge to the application, and maintains a state related to the data and the challenge. The response determination module makes a determination if an automatic non-interactive application response is received in response to the challenge from the application. The data control module allows the first data to continue to the remote server when the determination is valid. The data control module reports malware detection and blocks the data to continue to the remote server when the determination is invalid. | 04-28-2011 |
20110164506 | Inferring Packet Management Rules - Embodiments of the present invention include a system or method for inferring packet management rules of a packet management device. A probing device is used to extract at least one of port number and IP address from a packet management configuration file. The probing device classifies extracted numbers and selectively transmits packets to a packet management device. A packet analyzer notifies the probing device when a packet passes through the packet management device. Based on the notification, the probing device is able to transmit packets to the packet management device in a non-exhaustive manner and determine a port range corresponding to a packet management rule. | 07-07-2011 |
20110314269 | Website Detection - A website fingerprint is generated that characterizes network traffic associated with a website as a website traffic fingerprint that includes size description(s), order description(s), and timing description(s) of packet traffic for the website. A website monitor generates website trace(s) of packet statistics. A correlation processor correlates a sequence of packet statistics from the website trace(s) with the size description, the order description, and timing description found in the website traffic fingerprint(s). | 12-22-2011 |
20120297057 | Hardware-Assisted Integrity Monitor - A hardware-assisted integrity monitor may include one or more target machines and/or monitor machines. A target machine may include one or more processors, which may include one or more system management modes (SMM). A SMM may include one or more register checking modules, which may be configured to determine one or more current CPU register states. A SMM may include one or more acquiring modules, which may be configured to determine one or more current memory states. A SMM may include one or more network modules, which may be configured to direct one or more communications, for example of one or more current CPU register states and/or current memory states, to a monitor machine. A monitor machine may include one or more network modules and/or analysis modules. An analysis module may be configured to determine memory state differences and/or determine CPU register states differences. | 11-22-2012 |
20120297177 | Hardware Assisted Operating System Switch - An interoperable firmware memory containing a Basic Input Output System (BIOS) and a trusted platform module (TPSM). The BIOS includes CPU System Management Mode (SMM) firmware configured as read-only at boot. The SMM firmware configured to control switching subsequent to boot between at least: a first memory and second isolated memory; and a first and second isolated non-volatile storage device. The first memory including a first operating system and the second memory including a second operating system. The first non-volatile storage device configured to be used by the first operating system and the second non-volatile storage device configured to be used by the second operating system. The trusted platform module (TPSM) configured to check the integrity of the CPU system Management Mode (SMM) during the boot process. | 11-22-2012 |
20120297457 | Interactive Malware Detector - An interactive detector that includes a challenger and authorizer. The challenger may send a challenge to a source application in response to an intercepted request intended for a destination application from the source application. The challenge may be configured to invoke an expected challenge response from component(s) of the source application. The authorizer may allow the request to proceed to the destination application if a received challenge response generated by the source application satisfies the expected challenge response. | 11-22-2012 |
20130179968 | SYSTEMS, METHODS, AND MEDIA FOR GENERATING SANITIZED DATA, SANITIZING ANOMALY DETECTION MODELS, AND/OR GENERATING SANITIZED ANOMALY DETECTION MODELS - Systems, methods, and media for generating sanitized data, sanitizing anomaly detection models, and generating anomaly detection models are provided. In some embodiments, methods for sanitizing anomaly detection models are provided. The methods including: receiving at least one abnormal anomaly detection model from at least one remote location; comparing at least one of the at least one abnormal anomaly detection model to a local normal detection model to produce a common set of features common to both the at least one abnormal anomaly detection model and the local normal detection model; and generating a sanitized normal anomaly detection model by removing the common set of features from the local normal detection model. | 07-11-2013 |
Patent application number | Description | Published |
20080253301 | SYSTEMS AND METHODS FOR COMPUTING DATA TRANSMISSION CHARACTERISTICS OF A NETWORK PATH BASED ON SINGLE-ENDED MEASUREMENTS - Systems and methods for computing data transmission characteristics of a network path are disclosed. In some embodiments, the network path has a sending host, at least one intermediate host, and a receiving host, and the data transmission characteristics are computed based on single-ended measurements performed at the sending host. | 10-16-2008 |
20080262985 | SYSTEMS, METHODS, AND MEDIA FOR GENERATING SANITIZED DATA, SANITIZING ANOMALY DETECTION MODELS, AND/OR GENERATING SANITIZED ANOMALY DETECTION MODELS - Systems, methods, and media for generating sanitized data, sanitizing anomaly detection models, and generating anomaly detection models are provided. In some embodiments, methods for generating sanitized data are provided. The methods including: dividing a first training dataset comprised of a plurality of training data items into a plurality of data subsets each including at least one training data item of the plurality of training data items of the first training dataset; based on the plurality of data subsets, generating a plurality of distinct anomaly detection micro-models; testing at least one data item of the plurality of data items of a second training dataset of training data items against each of the plurality of micro-models to produce a score for the at least one tested data item; and generating at least one output dataset based on the score for the at least one tested data item. | 10-23-2008 |
20090019537 | SYSTEMS AND METHODS FOR INHIBITING ATTACKS WITH A NETWORK - Systems and methods for inhibiting attacks with a network are provided. In some embodiments, methods for inhibiting attacks by forwarding packets through a plurality of intermediate nodes when being transmitted from a source node to a destination node are provided, the methods comprising: receiving a packet at one of the plurality of intermediate nodes; determining at the selected intermediate node whether the packet has been sent to the correct one of the plurality of intermediate nodes based on a pseudo random function; and forwarding the packet to the destination node, based on the determining. In some embodiments an intermediate node is selected based on a pseudo random function. In some embodiments, systems and methods for establishing access to a multi-path network are provided. | 01-15-2009 |
20100011243 | Methods, systems and media for software self-healing - Methods, systems, and media for enabling a software application to recover from a fault condition, and for protecting a software application from a fault condition, are provided. In some embodiments, methods include detecting a fault condition during execution of the software application, restoring execution of the software application to a previous point of execution, the previous point of execution occurring during execution of a first subroutine in the software application, and forcing the first subroutine to forego further execution and return to a caller of the first subroutine. | 01-14-2010 |
20100157834 | SYSTEMS AND METHODS FOR COMPUTING DATA TRANSMISSION CHARACTERISTICS OF A NETWORK PATH BASED ON SINGLE-ENDED MEASUREMENTS - Systems and methods for computing data transmission characteristics of a network path are disclosed. In some embodiments, the network path has a sending host, at least one intermediate host, and a receiving host, and the data transmission characteristics are computed based on single-ended measurements performed at the sending host. | 06-24-2010 |
20140101746 | SYSTEMS AND METHODS FOR INHIBITING ATTACKS WITH A NETWORK - Systems and methods for inhibiting attacks with a network are provided. In some embodiments, methods for inhibiting attacks by forwarding packets through a plurality of intermediate nodes when being transmitted from a source node to a destination node are provided, the methods comprising: receiving a packet at one of the plurality of intermediate nodes; determining at the selected intermediate node whether the packet has been sent to the correct one of the plurality of intermediate nodes based on a pseudo random function; and forwarding the packet to the destination node, based on the determining. In some embodiments an intermediate node is selected based on a pseudo random function. In some embodiments, systems and methods for establishing access to a multi-path network are provided. | 04-10-2014 |