Patent
System and Method for Analyzing Unauthorized Intrusion Into a Computer Network
TLDR
In this article, the authors present an intrusion prevention system that analyzes unauthorized intrusion into a computer network by opening a port on one of the virtualized decoy operating systems hosted on a decoy network device.Abstract:
The method analyzes unauthorized intrusion into a computer network. Access is allowed through one or more open ports to one or more virtualized decoy operating systems running on a hypervisor operating system hosted on a decoy network device. This may be done by opening a port on one of the virtualized decoy operating systems. A network attack on the virtualized operating system is then intercepted by an introspection module running on the hypervisor operating system. The attack-identifying information is communicated through a private network interface channel and stored on a database server as forensic data. A signature-generation engine uses this forensic data to generate a signature of the attack. An intrusion prevention system then uses the attack signature to identify and prevent subsequent attacks. A web-based visualization interface facilitates configuration of the system and analysis of (and response to) forensic data generated by the introspection module and the signature generation engine, as well as that stored in the processing module's relational databases.read more
Citations
More filters
Patent
Method and system for detecting malicious and/or botnet-related domain names
Roberto Perdisci,Wenke Lee +1 more
TL;DR: In this paper, a method and system of detecting a malicious and/or botnet-related domain name, comprising of reviewing a domain name used in Domain Name System (DNS) traffic in a network is presented.
Patent
Malware analysis system
TL;DR: In this article, a malware analysis system is proposed to automatically generate a signature if the potential malware sample does not match a preexisting signature, and the malware is a zero-day attack.
Patent
System and method for securing a network from zero-day vulnerability exploits
TL;DR: In this article, the authors propose a method of securing a network from vulnerability exploits, including the steps of a traffic analysis engine receiving a plurality of packets destined for an internal operating system, selectively forwarding the packets to at least one virtual machine, processing each forwarded packet, identifying a malicious packet from the processed packets, and the rapid analysis engine creating a new signature to identify the malicious packet.
Patent
Method and system for detecting dga-based malware
TL;DR: In this paper, a system and method for detecting a domain generation algorithm (DGA) comprising of processing processing associated with clustering, utilizing a name-based features clustering module accessing information from an electronic database of domain information, the randomly generated domain names based on the similarity in the make-up of the generated domains, performing processing associative clustering and clustering associated with determining the DGA that generated the clustered randomly generated domains.
Patent
System and method for automated machine-learning, zero-day malware detection
TL;DR: In this paper, a method for improved zero-day malware detection that receives a set of training files which are each known to be either malign or benign, partitions the training files into a plurality of categories, and trains category-specific classifiers that distinguish between malign and benign files in a category of files.
References
More filters
Patent
System and method for improving the efficiency, comfort, and/or reliability in operating systems, such as for example windows
TL;DR: In this paper, the authors present a new Windows application that includes considerable improvements over the prior art, such as a reset function, a powerful undo feature, improved undo features in word processing, improved file comparison features, being able for example to track changes retroactively, improved backup features, and many additional improvements.
Proceedings Article
A virtual honeypot framework
TL;DR: Honeyd is presented, a framework for virtual honeypots that simulates virtual computer systems at the network level and shows how the Honeyd framework helps in many areas of system security, e.g. detecting and disabling worms, distracting adversaries, or preventing the spread of spam email.
Patent
Dynamic signature inspection-based network intrusion detection
TL;DR: In this article, a signature-based dynamic network intrusion detection system (IDS) includes attack signature profiles which are descriptive of characteristics of known network security violations and are organized into sets of attack profile profiles according to security requirements of network objects on a network.
Patent
Method and apparatus for automatically updating software components on end systems over a network
Rick Fletcher,Pei-Chen Lin +1 more
TL;DR: In this paper, an ASU server generates a multicast request to agents within its network domain, identifying the newest, available versions of software components that may be installed on the agents.
Patent
Attack defending system and attack defending method
Masayuki Nakae,Masaya Yamagata +1 more
TL;DR: In this paper, a firewall device and a decoy device are provided to defend against attacks from external networks even when a communication system uses a communication path encryption technique such as SSL, and an alert including the attack-source IP address is sent to the firewall device so as to reject subsequent packets from attack source.