REGISTER now for FREE 
|
FREE patent keyword monitoring and additional FREE benefits. REGISTER now for FREE
|
|
|
Information Security > Monitoring Or Scanning Of Software Or Data Including Attack Prevention Monitoring Or Scanning Of Software Or Data Including Attack PreventionMonitoring Or Scanning Of Software Or Data Including Attack Prevention patent applications listed are from June 2005 to current and include Date, Patent Application Number, Patent Title, Patent Abstract summary and are linked to the corresponding patent application page.11/15/07 - 20070266435 - System and method for intrusion detection in a computer system A computer system for intrusion detection includes a production processor and a security processor. The production processor is configured to execute one or more production processes. The security processor is dedicated to security functions and is configured to execute one or more security processes. The security process is configured to ... 11/15/07 - 20070266434 - Protecting applications software against unauthorized access, reverse engineering or tampering A system, method and program for protecting applications software from unauthorized access, reverse engineering or tampering, is disclosed. Protection of the application software may be accomplished by seeding the application software with sneak circuits based on performance indicators; running the application software in test mode to analyze performance indicators versus ... 11/08/07 - 20070261115 - Method and system for secure sharing of personal information The invention includes a implantable medical electrical lead for electrical stimulation of body tissue that includes at least one electrode; a lead body; and at least one modifiable portion, wherein the at least one modifiable portion has a first configuration and a second configuration, wherein the first configuration exists when ... 10/25/07 - 20070250927 - Application protection A facility is described for preventing an application from becoming infected with malicious code. In various embodiments, the facility starts an application in debug mode, intercepts an application program interface method that loads code, receives an indication that the application program interface method was invoked to load a component, determines ... 10/18/07 - 20070245418 - Computer virus generation detection apparatus and method An apparatus includes a server connected between a first computer network in which a computer virus may generate and a second computer network or a computer system as an object of security protection. In the apparatus, a collection unit collects irregular data representing a possibility of generation of the computer ... 10/18/07 - 20070245417 - Malicious attack detection system and an associated method of use A malicious attack detection system and associated method of use is disclosed. This includes receiving and parsing a header frame of a data packet into header information and internet protocol (“IP” or “TCP/IP”) addresses, checking the header information for a potential malicious attack condition and if present then a constraint ... 10/11/07 - 20070240214 - Live routing Live Routing is a network security device that protects computer systems at the source code level of network communications. This device monitors, scans, records, reports and deletes intruder codes before they enter a network. Live Routing also provides an internal audio/visual recording system to monitor employee activity. ... 10/11/07 - 20070240213 - Methods and apparatus for physical layer security of a network communications link A communications port of a network communications device maintains capability information indicating that under normal operating conditions a communications link is capable of operating in a secure mode in which communications signals of the communications link are unintelligible to an intruder having an unauthorized physical connection (e.g. tap) to the ... 10/11/07 - 20070240212 - System and methodology protecting against key logger spyware System and methodology protecting against key logger software (spyware) is described. In one embodiment, for example, a method is described for protecting a computer system from security breaches that include unauthorized logging of user input, the method comprises steps of: specifying a particular application to be protected from unauthorized logging ... 10/04/07 - 20070234424 - Design and evaluation of a fast and robust worm detection algorithm A method and computer product are presented for identifying Internet worm propagation based upon changes in packet arrival rates at a network connection. First, unsolicited (i.e., packets that were not requested by the receiver) traffic is separated from solicited traffic at the network connection. The unsolicited traffic arrival patterns are ... 09/27/07 - 20070226798 - Systems and methods for using cryptography to protect secure and insecure computing environments Computation environments are protected from bogus or rogue load modules, executables, and other data elements through use of digital signatures, seals, and certificates issued by a verifying authority. A verifying authority—which may be a trusted independent third party—tests the load modules and/or other items to verify that their corresponding specifications ... 09/27/07 - 20070226796 - Tactical and strategic attack detection and prediction NETWAR provides a utility that enables detection of both tactical and strategic threats against an individual entity and interrelated/affiliated networks of entities. A distributed network of sensors and evaluators are utilized to detect tactical attacks against one or more entities. Events on the general network are represented as an input ... 09/27/07 - 20070226795 - Virtual cores and hardware-supported hypervisor integrated circuits, systems, methods and processes of manufacture An electronic system (1400) includes a processor (1422, 2610) having a pipeline, a bus (2655) coupled to the pipeline, a storage (1435, 1440, 2650) coupled to the bus (2655), the storage (1435, 2650) having a real time operating system (RTOS) and a real-time application, a non-real-time operating system (HLOS), a ... 09/27/07 - 20070226794 - Security scanning system and method The present disclosure provides a computer-readable medium, method and system for determining security vulnerabilities for a plurality of application programs used to provide television services to a customer device over a communications network. The method includes running a first scanning program against a first application program relating to a control ... 09/20/07 - 20070220604 - System and method of fraud and misuse detection A system and method are provided for detecting fraud and/or misuse of data in a computer environment through generating a rule for monitoring at least one of transactions and activities that are associated with the data. The rule can be generated based on one or more criteria related to the ... 09/20/07 - 20070220603 - Data processing method and device The invention concerns a data processing method comprising a step (E308) which consists in verifying a criterion indicative of the normal running of the method and a step (E320) which consists in processing performed in case of negative verification. The processing step (E230) is separated from the verifying step (E308) ... 09/20/07 - 20070220602 - Methods and systems for comprehensive management of internet and computer network security threats The invention relates to systems and methods for management of internet and computer network security threats comprising: a centralized monitoring service; a security management center, wherein the security management center is engineered with rule based and non-linear adaptive analytics to provide intrusion detection, automated response to intrusion attempts, virus detection ... 09/20/07 - 20070220601 - Diversified instruction set processor architecture for the enablement of virus resilient computer systems A Virus Resilient Processor (VRP) is obtained with use of a “Diverse Instruction Set Architecture” (DISA) comprising an assignment of differing sets of instruction codes (i.e., “opcodes” or operation codes) to different individual processors. In accordance with certain illustrative embodiments of the present invention, an individual “key” associated with a ... 09/20/07 - 20070220600 - Response delay management using connection information A computer implemented method comprising receiving a connection, determining a credit status of the source of the connection, setting a response delay time length corresponding to the credit status of the source, and waiting the response delay time length before sending a response. A hacker or malicious user using a ... 09/06/07 - 20070209073 - Using security-related attributes Described is a technology including an evaluation methodology by which a set of privileged code such as a platform's API method may be marked as being security critical and/or safe for being called by untrusted code. The set of code is evaluated to determine whether the code is security critical ... 08/30/07 - 20070204341 - Smtp network security processing in a transparent relay in a computer network In one embodiment, a transparent relay receives diverted e-mail communications between an e-mail client and an e-mail server. The transparent relay may be configured to examine the e-mail communications for network security policy violations. E-mail communications that do not violate a network security policy may be relayed to their intended ... 08/16/07 - 20070192859 - Architecture for identifying electronic threat patterns The invention is a comprehensive conceptual and computational architecture that enables monitoring accumulated time-oriented data using knowledge related to the operation of elements of a computer network and deriving temporal abstractions from the accumulated data and the knowledge in order to identify electronic threat patterns and create alerts. The architecture ... 08/16/07 - 20070192858 - Peer based network access control Systems and methods of securing a computing network are described. Communication from unauthorized devices is prevented by defining one or more dynamic policy enforcement points (DPEPs) on a network segment and specifying one of these DPEPs as an active policy enforcement point (APEP). The APEP prevents communication from unauthorized devices ... 08/16/07 - 20070192856 - Method and apparatus for network security Methods and systems for determining which groups of instructions are to be executed when a specific symbol patterns has been detected. A prefetch block receives an identification of the symbol pattern detected. The prefetch block then retrieves the groups of instructions which relate to that particular symbol pattern. These are ... 08/16/07 - 20070192855 - Finding phishing sites Described is a technology by which phishing-related data sources are processed into aggregated data and a given site evaluated the aggregated data using a predictive model to automatically determine whether the given site is likely to be a phishing site. The predictive model may be built using machine learning based ... 08/16/07 - 20070192854 - Method for preventing malicious software installation on an internet-connected computer A computer random access memory is divided into first and second partitions. Each partition has its own operating system (OS). The first partition has a conventional OS and is designated for non-Internet use. The second partition is designated for secure Internet access, and has an OS specific for Internet usage. ... 08/16/07 - 20070192853 - Advanced responses to online fraud Various embodiments of the invention provide solutions (including inter alia, systems, methods and software) for dealing with online fraud. In particular, various embodiments of the invention provide advanced responses to an identified instance of online fraud. Such advanced responses can incorporate one or more of a variety of strategies for ... 08/09/07 - 20070186282 - Techniques for identifying and managing potentially harmful web traffic Techniques are provided for identifying a potentially harmful request. A threat rating is assigned to a received request in accordance with one or more attribute values of the received request. An action is determined in accordance with the threat rating. ... 08/02/07 - 20070180523 - Method and system for tracking usage of on-line content A method and system for tracking usage of on-line content is described. One embodiment adds to the on-line content an embedded executable object, the embedded executable object being executable by a client computer requesting the on-line content from a server, the embedded executable object being configured to be launched by ... 08/02/07 - 20070180521 - System and method for usage-based misinformation detection and response Methods of detecting, and providing a notification of, the existence of misinformation using usage patterns of a network service enable an organization to respond to the misinformation. The method includes establishing common usage patterns of the network service, identifying an irregular usage pattern, determining that the irregular usage pattern was ... 08/02/07 - 20070180520 - Method and system for detecting a keylogger on a computer A method and system for detecting a keylogger on a computer is described. One illustrative embodiment creates, in a memory of the computer, a hidden window; generates a unique, unpredictable data pattern; inputs, to the hidden window, the unique, unpredictable data pattern in a manner that mimics keyboard input from ... 07/19/07 - 20070169192 - Detection of system compromise by per-process network modeling A computer system protection method monitors and evaluates per process network communications activity to determine whether the process has been compromised. In one embodiment, a network modeling scheme gathers data to build a model and then compares networking activities to the model as they occur. In an alternate embodiment, modeling ... 07/19/07 - 20070169191 - Method and system for detecting a keylogger that encrypts data captured on a computer A method and system for detecting a keylogger that encrypts data captured on a computer. One illustrative embodiment acquires a first sample of a portion of a memory of a computer, the portion of the memory being associated with a running process on the computer; inputs to the computer, in ... 07/19/07 - 20070169190 - System to enable detecting attacks within encrypted traffic A system and method for detecting network attacks within encrypted network traffic received by a protected network includes a decryption module and an adaptor module. This system and method can be inserted and used with multiple types of operating systems. ... 07/12/07 - 20070162974 - Protection system for a data processing device A protection system for a data processing device has a scanning device for scanning a data exchange through a physical data connection connecting an internal data processing device to an external data network. A transfer component is connected to the physical data connection for transferring data. A blocking device is ... 07/12/07 - 20070162973 - Method and system for dynamic network intrusion monitoring, detection and response A probe attached to a customer's network collects status data and other audit information from monitored components of the network, looking for footprints or evidence of unauthorized intrusions or attacks. The probe filters and analyzes the collected data to identify potentially security-related events happening on the network. Identified events are ... 07/12/07 - 20070162972 - Apparatus and method for processing of security capabilities through in-field upgrades A method for upgrading one or more security applications, e.g., anti-spam, anti-virus, intrusion detection/prevention. The method includes deriving a second hardware logic from a security knowledge base. The method includes operating a computing system including a security device. The computer system is coupled to the one or more computer networks, ... 07/05/07 - 20070157313 - Autonomic self-healing network A system and method capable of obtaining information dynamically of assets residing on a network. The system and method further capable of comparing a device identifier to the dynamically obtained information of assets and policies at a time of a request to access the network and determining whether the device ... 07/05/07 - 20070157312 - Unified networking diagnostics A method and system for unified diagnosis of a network incident is provided. The unified diagnostics system is comprised of a monitoring tool, a network layer including a firewall, and a policy engine. The monitoring tool is invoked by a user in order to diagnose a network incident. The network ... 07/05/07 - 20070157311 - Security modeling and the application life cycle A security engineering system and methodology associated with the application life cycle is provided. The subject innovation provides a threat modeling system can be employed to identify threats and vulnerabilities associated with stages of the application life cycle. In accordance therewith, the novel innovation can facilitate identification of common issues ... 07/05/07 - 20070157310 - Security ensuring by program analysis on information device and transmission path The present invention provides a technique of determining, in a receiving device or a relay device, using a simple method and within a short time, whether a program provided via a network is a program causing security concerns. Program inspection device 20a pre-inspects the content of a program provided to ... 06/28/07 - 20070150952 - Protection of the execution of a program A method for protecting the execution of a main program against possible traps, including, on occurrence of an instruction from the main program, starting a time counter of a given count according to next instructions of the main program, and executing, once the counter has reached its count, at least ... 06/28/07 - 20070150951 - Methods, communication networks, and computer program products for managing application(s) on a vulnerable network element due to an untrustworthy network element by sending a command to an application to reduce the vulnerability of the network element A communication network is operated by determining whether a network element can be trusted, determining at least one vulnerable network element based on a determination that the network element cannot be trusted, selecting a controllable application on the at least one vulnerable network element, and sending a command to the ... 06/28/07 - 20070150950 - Methods, communication networks, and computer program products for mirroring traffic associated with a network element based on whether the network element can be trusted A communication network is operated by determining whether a network element can be trusted and mirroring traffic associated with the network element based on whether the network element can be trusted. ... 06/28/07 - 20070150949 - Anomaly detection methods for a computer network Methodologies and systems for detecting an anomaly in a flow of data or data stream are described herein. To detect an anomaly, an anomaly detection server may create a baseline based on historical or other known non-anomalous data within the data stream. The anomaly detection server then generates one or ... 06/28/07 - 20070150948 - Method and system for identifying the content of files in a network A method and system for performing securing and controlling of a network using content identification of files in a network having a central infrastructure and local computing devices is presented. The method comprises calculating a hash value of a new file created or received on a local computing device, transmitting ... 06/21/07 - 20070143845 - Method of preventing leakage of personal information of user using server registration information and system using the method Provided are a method and system for preventing personal information of a user using server registration information and an authentication system connected to the Internet. The method includes collecting information regarding servers which provide an Internet service; classifying the safety of sites using the servers based on the information; and ... 06/21/07 - 20070143844 - Method and apparatus for detection of tampering attacks A method for detecting an attempted attack on a security system. In one preferred embodiment of the present invention, the method includes the step of retrieving a parameter from a hardware system, wherein the parameter changes during an operation of the hardware system. Then, comparing the retrieved parameter with a ... 06/21/07 - 20070143843 - Computer virus and malware cleaner A virus and malware cleaner is generated for a personal computer. Scanning software determines the presence of suspicious attributes resident to the computer. When automated detection of the need for a Custom Cleaner occurs, specific system information, along with information about the suspicious attributes, is included in a Custom Cleaner ... 06/21/07 - 20070143842 - Method and system for acquisition and centralized storage of event logs from disparate systems A method and system are disclosed for acquisition and centralized storage of event logs from multiple systems. The present invention greatly improves the efficiency of event log review and analysis and is particularly useful for secure facilities performing periodic (e.g., weekly) event log audits for detection of security breaches. The ... 06/21/07 - 20070143841 - Defense device, defense method, defense program, and network-attack defense system A repeater selecting unit selects at least one repeater that becomes a notification destination of route information for routing a malicious packet through a defense device, from among a plurality of repeaters adjacent to the defense device, based on the information on the attack. A route-information notifying unit notifies the ... 06/14/07 - 20070136809 - Apparatus and method for blocking attack against web application An apparatus and method for blocking an attack against a Web application are provided. The apparatus includes: an input value authentication unit authenticating an input value included in Web service request data and determining the attack; an input value filtering unit editing Web service request data determined as the attack ... 06/14/07 - 20070136808 - Attachment chain tracing scheme for email virus detection and control An automated email virus detection and control scheme using attachment chain tracing (ACT) technique is provided. Based on conventional epidemiology, ACT detects virus propagation by identifying the existence of transmission chains in the network. It uses contact tracing to find epidemiological links between hosts. A soft-quarantine scheme controls virus propagation ... 06/14/07 - 20070136807 - System and method for detecting unauthorized boots A system and method for detecting unauthorized boots and adjusting security policy. According to one embodiment of the present invention, the BIOS stores boot information in a data store from which it can later be distributed on a network and/or accessed by security software. The security software compares a signature ... 06/14/07 - 20070136806 - Method and system for blocking phishing scams The present invention is directed to a method for blocking phishing, the method comprising the steps of: upon activating a hyperlink within an email message by a user's email client: sending the original URL reference of the hyperlink to a phishing inspection utility; testing the original URL reference by the ... 06/07/07 - 20070130622 - Method and apparatus for verifying and ensuring safe handling of notifications A method and apparatus for verifying and/or ensuring safe handling of notifications. In one embodiment, the method comprises receiving a notification and handling the notification safely using program code that has a notification handler that has been statically verified to handle the notification according to a notification acceptance policy. ... 06/07/07 - 20070130621 - Controlling the isolation of an object Generally described, a method, software system, and computer-readable medium are provided for preventing a malware from colliding on a named object. In accordance with one aspect, a method is provided for creating a private namespace. More specifically, the method includes receiving a request to create a private namespace that contains ... 06/07/07 - 20070130620 - Method, computer arrangement, computer program and computer program product for checking for the presence of control statements in a data value The invention relates to a method for checking for the presence of control statements in a data value, comprising providing at least one first data value (8) from a trustworthy source (3), receiving at least one second data value (9) from an untrustworthy source (4) and marking the second data ... 05/24/07 - 20070118904 - Origination/destination features and lists for spam prevention The present invention involves a system and method that facilitate extracting data from messages for spam filtering. The extracted data can be in the form of features, which can be employed in connection with machine learning systems to build improved filters. Data associated with origination information as well as other ... 05/24/07 - 20070118903 - Web server apparatus and method for virus checking A web server computer system includes a virus checker and mechanisms for checking e-mails and their attachments, downloaded files, and web sites for possible viruses. The virus checker allows a web server to perform virus checking of different types of information real-time as the information is requested by a web ... 05/24/07 - 20070118902 - Process isolation by limiting covert storage channels in trusted operating system A trusted computer system that offers Linux(g compatibility and supports contemporary hardware speeds. It is designed to require no porting of common applications which run on Linux, to be easy to develop for, and to allow the use of a wide variety of modem development tools. The system is further ... 05/24/07 - 20070118901 - Access control differentiation in trusted computer system A trusted computer system that offers Linux® compatibility and supports contemporary hardware speeds. It is designed to require no porting of common applications which run on Linux, to be easy to develop for, and to allow the use of a wide variety of modern development tools. The system is further ... 05/24/07 - 20070118900 - Multi-domain architecture for process isolation with processor supporting multi-domain architecture A trusted computer system that offers Linux® compatibility and supports contemporary hardware speeds. It is designed to require no porting of common applications which run on Linux, to be easy to develop for, and to allow the use of a wide variety of modern development tools. The system is further ... 05/24/07 - 20070118899 - System and method for automated safe reprogramming of software radios The proposed system defines an automated safe reprogramming of software radios. The essence of software radios is to enhance or alter the functionality of a mobile terminal by using software. This means that the required software is downloaded onto a mobile terminal on the fly to meet the critical and ... 05/24/07 - 20070118898 - On demand protection against web resources associated with undesirable activities Various embodiments provide protection against web resources associated with one or more undesirable activities. In at least some embodiments, a method detects and responds to a user-initiated activity on a computing device. Responding can include, by way of example and not limitation, checking locally, on the computing device, whether a ... 05/24/07 - 20070118897 - System and method for inhibiting access to a computer A computer security system which prevents an unauthorized user from accessing the computer system when an authorized user has already logged onto the computer system and has temporarily left the workstation. The computer security system generally includes a sensor which is configured to detect the presence of a person in ... 05/24/07 - 20070118896 - Network attack combating method, network attack combating device and network attack combating program A network attack mitigation device defends a victim device against an attack from an attacker device while collaborating with other network attack mitigation devices. When the attack ends, the network attack mitigation device decides whether to terminate mitigation measure taken against the attack. This decision is made based on a ... 05/17/07 - 20070113283 - Method and apparatus for verifying the integrity of computer networks and implementation of countermeasures A security system for a computer network that has a plurality of devices connected thereto comprises a security subsystem, a master system and a secure link. The security subsystem is connected to at least some of the devices in the network. The security subsystem is configured to monitor activities of ... 05/17/07 - 20070113282 - Systems and methods for detecting and disabling malicious script code In accordance with at least one embodiment of the present invention, a device for receiving and processing data content having at least one original function call includes a hook script generator and a script processing engine. The hook script generator is configured to generate a hook script having at least ... 05/17/07 - 20070113281 - Method used in the control of a physical system affected by threats The method involves (a) modelling how an entity generates another entity to form a risk chain, the risk chain being a series of two or more entities that each model a discrete part of how a threat leads to damage to the system, each entity being described as a population ... 05/10/07 - 20070107057 - Method and apparatus for detecting and preventing unsafe behavior of javascript programs A method and apparatus is disclosed herein for detecting and preventing unsafe behavior of script programs. In one embodiment, a method comprises performing static analysis of a script program based on a first safety policy to detect unsafe behavior of the scrip program and preventing execution of the script program ... 05/10/07 - 20070107056 - Hardware-aided software code measurement Described is an independent computation environment that is built into one or more hardware components of a computer system, wherein the independent computation environment hosts a logic that measures the health of other software code that executes in memory. Examples of ways to measure health include performing a mathematical computation ... 05/10/07 - 20070107055 - Data virus protection The invention relates to a virus protection and a computerized equipment (10) utilizing the protection. Every executable data file (32) is provided unique by adding an electronic signature in the end of every file (44), which is generated with a computer program/algorithm (28) for that purpose, with a predetermined number ... 05/10/07 - 20070107054 - Dynamically protecting against web resources associated with undesirable activities Various embodiments provide protection against web resources associated with one or more undesirable activities. In at least some embodiments, a method detects and responds to a user-initiated activity on a computing device. Responding can include, by way of example and not limitation, checking locally, on the computing device, whether a ... 05/10/07 - 20070107053 - Enhanced responses to online fraud Various embodiments of the invention provide solutions (including inter alia, systems, methods and software) for dealing with online fraud. In particular, various embodiments of the invention provide enhanced responses to an identified instance of online fraud. Such enhanced responses can incorporate one or more of a variety of strategies for ... 05/10/07 - 20070107052 - Method and apparatus for monitoring operation of processing systems, related network and computer program product therefor Apparatus for monitoring operation of a processing system includes a set of modules for monitoring operation of a set of system primitives that allocate or release the system resources and are used by different processes running on the system. Preferably, the modules include at least one application knowledge module tracking ... 05/03/07 - 20070101427 - Techniques for detecting and preventing unintentional disclosures of sensitive data Protection is provided to prevent a computer user from unintentionally giving away sensitive data (e.g., security credentials, credit card number, PINs, personal data, or bank account number) to an illegitimate or unintended entity by means of a client application capable of communicating the sensitive data across a network to other ... 05/03/07 - 20070101426 - Device function restricting method and system in specific perimeters An apparatus and method for restricting the functions of a device are provided. A restriction monitoring system includes a communication system that provides a location-limited communication channel that detects whether a device entering a perimeter is in an area for device inspection, a server that provides a credential and a ... 05/03/07 - 20070101425 - Method for intrusion detection in a database system A method for detecting intrusion in a database, managed by an access control system, includes defining at least one intrusion detection profile and associating each user with one of said profiles. Each profile includes at least one item access rate. Further, the method determines whether a result of a query ... 05/03/07 - 20070101424 - Apparatus and method for improving security of a bus based system through communication architecture enhancements A security policy associated with a system is evaluated. The system includes a communication bus having a data bus and a plurality of components interconnected via the communication bus. The system also includes a circuit configured to evaluate a security policy associated with the system by reading at least one ... 05/03/07 - 20070101423 - Fraudulent message detection A technique for classifying a message is disclosed. In some embodiments, the technique comprises extracting a plurality of reference points, classifying the plurality of reference points, and detecting that the message is a phish message based on the classified reference points. In some embodiments, the technique comprises identifying a plurality ... 04/26/07 - 20070094727 - Anti-phishing system and methods A system and methods are provided to allow users cooperating with an entity, such as an online merchant and/or financial institution, to generate and deliver authenticated messages (e.g., electronic messages) the users receive in relation to their use of the entity's products or services in the context where the messages ... 04/26/07 - 20070094726 - System and method for neutralizing pestware that is loaded by a desirable process Systems and methods for managing pestware on a protected computer are described. In one implementation, a pestware construct is identified. Threads loaded by the pestware construct into a desirable process are identified and suspended. Neutralization of the pestware construct is accomplished by preventing code underlying pestware functions exported by the ... 04/26/07 - 20070094725 - Method, system and computer program product for detecting security threats in a computer network A method, system and computer program product detect attempts to send significant amounts of information out via HTTP tunnels to rogue Web servers from within an otherwise firewalled network. A related goal is to help detect spyware programs. Filters, based on the analysis of HTTP traffic over a training period, ... 04/26/07 - 20070094724 - It network security system The inventive IT Security System for intrusion detection in a private network, which is connected to a public network, comprises a processing system, a supervisory system and an interface system. The processing system detects intrusion or unwanted access of resources on a private network and alerts in case of a ... 04/19/07 - 20070089171 - Universal worm catcher A method for detecting malicious code in a stream of data traffic input (400) to a gateway in a data network by monitoring for suspicious data in the stream of data traffic (407). Upon detecting the suspicious data, an attempt is made to disas- semble the suspicious data (403) and ... 04/12/07 - 20070083929 - Controlling a message quarantine Controlling a message quarantine is disclosed. A message scanning method is described in which early exit from parsing and scanning can occur by matching threat rules only to selected message elements and stopping rule matching as soon as a match on one message element exceeds a threat threshold. ... 04/12/07 - 20070083928 - Data security and intrusion detection Systems and methods are provided for the detection and prevention of intrusions in data at rest systems such as file systems and web servers. Item requests are examined to determine if the request and/or the result violates an item access rule. If either the request or the result violates the ... 04/12/07 - 20070083927 - Method and system for managing denial of services (dos) attacks Various embodiments of the invention relate to methods and systems for managing Denial of Service (DoS) attacks in a network. In various embodiments of the invention, the system identifies logical communication states that are under a DoS attack. The identification is based on the number of communications in the logical ... 04/05/07 - 20070079375 - Computer behavioral management using heuristic analysis In accordance with an embodiment of the present invention, a method of managing computer process execution may include selecting a computer file prior to execution of the computer file, analyzing the selected computer file to determine at least one executable behavior, identifying the analyzed computer file as one of harmful ... 04/05/07 - 20070079374 - Image forming system, computer-readable recording medium storing a setting change program, and setting change method An image forming system according to one embodiment of the present invention has a user authentication mode for granting only authorized users a setting change for an image forming apparatus. This image forming apparatus 200 includes a user authentication section 203 to perform authentication on receiving user information from a ... 04/05/07 - 20070079373 - Preventing the installation of rootkits using a master computer The present invention includes a system and method of monitoring software installations including detecting that an attempt is being made to install software on a client computer and halting installation of the software. The method may also include requesting permission from a master computer to install the software and allowing ... 04/05/07 - 20070079372 - Method for collecting and reporting privilege elevation pathways in a computing environment A data collection application is executed on a target system. Various data indicative of privilege elevation pathways is collected, including user account data, file permission data, and system registry data. The collected data is analyzed according to heuristics. Potential privilege elevation pathways are identified based on the analysis and presented ... 04/05/07 - 20070079371 - Reducing security threats from untrusted code The invention introduces a system and method for reducing security threats from untrusted code. The invention can be configured to generate counterfeit component files for every component that is not approved for a particular application. If the untrusted code requests to have the application load a component that the application ... 03/29/07 - 20070074288 - Network status display device and method using traffic pattern map A network status display device using a traffic pattern map is provided. The device includes: a traffic feature extractor extracting a port number of a port having the maximum occupancy of micro-flows and macro-flows for each network address section and host address section with reference to traffic information collected by ... 03/29/07 - 20070074287 - Signature for executable code Methods for generating a signature for executable code are described. An entry address for executable code is determined. Starting at the entry address, the method steps through the executable code, discarding a first type of instruction. Moreover, at least one type of branch instruction is followed but discarded. A mnemonic ... 03/22/07 - 20070067840 - System and methods for adapting to attacks on cryptographic processes on multiprocessor systems with shared cache Embodiments of system and method for adapting to attacks of cryptographic processes on multiprocessor systems with shared cache are generally described herein. Other embodiments may be described and claimed. ... 03/22/07 - 20070067839 - Method and system for detecting denial-of-service attack A monitoring device monitors a packet transmitted to a communication device that is a target of the denial-of-service attack, and detects traffic abnormality information indicating an abnormality of traffic due to the packet with respect to the communication device. A performance measuring device measures performance of the communication device, and ... 03/08/07 - 20070056037 - Data security verification for data transfers between security levels in trusted operating system A trusted computer system that offers Linux® compatibility and supports contemporary hardware speeds. It is designed to require no porting of common applications which run on Linux, to be easy to develop for, and to allow the use of a wide variety of modern development tools. The system is further ... 03/08/07 - 20070056036 - Security policies in trusted operating system A trusted computer system that offers Linux® compatibility and supports contemporary hardware speeds. It is designed to require no porting of common applications which run on Linux, to be easy to develop for, and to allow the use of a wide variety of modem development tools. The system is further ... 03/08/07 - 20070056035 - Methods and systems for detection of forged computer files In accordance with one or more embodiments of the present invention, a method of determining whether a suspect file is malicious includes the operations parsing the suspect file to determine if the suspect file purports to be a system file, performing at least one of a heuristic and signature analysis ... 03/01/07 - 20070050846 - Logging method, system, and device with analytical capabilities for the network traffic A logging device, system and a method for managing network packets. The logging device includes a traffic capturing device receiving the network packets and filtering the network packets by selecting some of the network packets based on a predefined criteria. The logging device also includes a storage device storing the ... 02/22/07 - 20070044150 - Preventing network reset denial of service attacks Approaches for preventing TCP RST attacks and TCP SYN attacks in packet-switched networks are disclosed. In one approach, upon receiving a TCP RST packet, a first endpoint node challenges the second endpoint node in the then-current connection using an acknowledgement message. If the connection is genuinely closed, the second endpoint ... 02/22/07 - 20070044149 - Anti-phishing protection Anti-Phishing protection assists in protecting against phishing attacks. Any links that are contained within a message that has been identified as a phishing message are disabled. A warning message is shown when the phishing message is accessed. The first time a disabled link within the phishing message is selected a ... 02/15/07 - 20070039051 - Apparatus and method for acceleration of security applications through pre-filtering A first security processing stage performs a first multitude of tasks and a second security processing stage performs a second multitude of tasks. The first and second multitude of tasks may include common tasks. The first security processing stage is a prefilter to the second security processing stage. The input ... 02/15/07 - 20070039050 - Web-based data collection using data collection devices A mechanism for transmitting data between data collection devices and a web server over a network using capabilities provided by a web browser plugin. A web browser uses device-specific communication library to read data from and write data to the data collection devices. The data is encrypted prior to being ... 02/15/07 - 20070039049 - Real-time activity monitoring and reporting In order to track activities in a computerized system with client-server or other communications, a system configuration is needed which monitors, logs and reports traffic. This is somewhat akin to but not entirely similar a firewall. Thus, the invention contemplates a real-time, platform-independent, rule-based activity monitor for detecting a particular ... 02/15/07 - 20070039048 - Obfuscating computer code to prevent an attack A method and system for obfuscating computer code of a program to protect it from the adverse effects of malware is provided. The obfuscation system retrieves an executable form of the computer code. The obfuscation system then selects various obfuscation techniques to use in obfuscating the computer code. The obfuscation ... 02/15/07 - 20070039047 - System and method for providing network security The present disclosure provides a system and method configured to and facilitate network security. When a lack of security in a communication network is detected by a security agent or when a remote device requests security, a security profile can be determined by a security manager based on the detection ... 02/15/07 - 20070039046 - Proof of execution using random function A physical random function (PUF) is a function that is easy to evaluate but hard to characterize. Controlled physical random functions (CPUFs) are PUFs that can only be accessed via a security program controlled by a security algorithm that is physically bound to the PUF in an inseparable way. CPUFs ... 02/08/07 - 20070033650 - Method and apparatus for defending against denial of service attacks in ip networks by target victim self-identification and control A method and apparatus for defending against a Denial of Service attack wherein a target victim of an attack recognizes the existence of an attack, identifies the source of the attack, and automatically instructs its carrier network to limit (e.g., block) transmission of packets from the identified source to the ... 02/01/07 - 20070028301 - Enhanced fraud monitoring systems Various embodiments of the invention provide systems and methods for the enhanced detection and/or prevention of fraud. A set of embodiments provides, for example, a facility where companies (online businesses, banks, ISPs, etc.) provide a security provider with fraud feeds (such as, to name one example, a feed of email ... 02/01/07 - 20070028300 - System and method for controlling on-demand security An on-demand security service ensures isolation of the service provider's customers where the customers share resources at the system, subsystem, and storage level. The security service is provided in a pre-production phase and in a post production phase. The pre-production phase takes place prior to boarding the customer. In the ... 01/25/07 - 20070022479 - Network interface and firewall device A network processing device provides a novel architecture for conducting firewall and other network interface management operations. In another aspect of the invention, a Unified Policy Management (UPM) architecture uses a same memory and processing structure to integrate firewall policy management with routing and switching decisions. In another embodiment, a ... 01/18/07 - 20070016950 - Method and system for providing terminal security checking service A terminal security checking service providing method and a system for the same are provided which are capable of updating information to be used as security measures even while the system is being shared among users. When one or more external media are connected to one or more terminals, information ... 01/18/07 - 20070016949 - Browser protection module An exemplary computer-implementable method (300) transforms information to reduce or eliminate risk of exploitation of a software service and includes receiving information (304) in response to a request, transforming the information (308) to produce transformed information and sending the transformed information (312). An exemplary firewall server (112) includes server software ... 01/18/07 - 20070016948 - Immunizing html browsers and extensions from known vulnerabilities An exemplary computer-implementable method (300) transforms or “immunizes” information to reduce or eliminate risk of exploitation of a known vulnerabilty of a software service and includes receiving information (304) in response to a request, transforming the information (308) to produce transformed information and sending the transformed information (312). An exemplary ... 01/11/07 - 20070011742 - Communication information monitoring apparatus A check rule for assuring system security is generated. A communication information monitoring apparatus includes a pseudo-client, a monitoring unit, and a unification unit. The pseudo-client transmits a request message containing a trace value as a parameter to a web application and analyzes a response message returned from the web ... 01/11/07 - 20070011741 - System and method for detecting abnormal traffic based on early notification This method and system for detecting abnormal traffic in a communications network is based on classifying the traffic in risk and status categories and maintaining a service status table with this information for each service at a respective node. The risk categories are initially established based on known software vulnerabilities ... 01/11/07 - 20070011740 - System and method for detection and mitigation of distributed denial of service attacks A router includes a relatively low bandwidth communication connection to a small computer, a relatively high bandwidth communication connection to a communication network; and a processing unit for executing in the router a set of permit rules for permitting flow of communication packets with respect to the connections for user ... 01/11/07 - 20070011739 - Method for increasing the security level of a user machine browsing web pages The present invention is directed to a method for increasing security of a machine as its user searches a web page using a search engine, the method comprising the steps of: classifying the web page by a security rank; and upon presenting a hyperlink to the web page, displaying its ... 01/04/07 - 20070006307 - Systems, apparatuses and methods for a host software presence check from an isolated partition Embodiments of the invention are generally directed to systems, apparatuses, and methods for a host software presence check from an isolated partition. In an embodiment, a presence verification component is located within an isolated partition. The isolated partition may be, for example, a service processor or a virtual partition implemented ... 01/04/07 - 20070006306 - Tamper-aware virtual tpm Methods, software/firmware and apparatus for implementing a tamper-aware virtual trusted platform module (TPM). Under the method, respective threads comprising a virtual TPM thread and a security-patrol threads are executed on a host processor. In one embodiment, the host processor is a multi-threaded processor having multiple logical processors, and the respective ... 01/04/07 - 20070006305 - Preventing phishing attacks A system for protecting against information security breaches comprises a credential module that maintains a list of protected security credentials that are each associated with a known computing system and that detects when a security credential in the list is used. The system also includes a protection module that detects ... 01/04/07 - 20070006304 - Optimizing malware recovery Malware recovery optimization is provided in which malware detection processes and protocol processes on a device are monitored for events indicating a breach of security of the device, such as the presence of an infection or other evidence of a malware attack. The devices report the events for collection on ... 01/04/07 - 20070006303 - Configuration information protection using cost based analysis A cost is determined for events related to the modification of system configuration parameter values in a computing device. If the cost meets or exceeds a threshold, a challenge is presented to a user of the computing device. If the user does not answer the challenge correctly, the system configuration ... 01/04/07 - 20070006302 - System security using human authorization In response to the occurrence of a restricted event in a computing device, a user of the computing device is presenting with a challenge including information designed to assist in determining whether the challenge is answered by a human. If it is determined that the challenge was not answered by ... 01/04/07 - 20070006301 - Strong password entry Methods and systems are provided to assist users with the entry of strong passwords. The password may be considered strong if it satisfies one or more requirements. A set of these requirements may be selected and then presented to the user. The requirements may be randomly selected one by one ... 01/04/07 - 20070006300 - Method and system for detecting a malicious packed executable The present invention is directed to a method for indicating if an executable file is malicious, the method comprising the steps of: indicating if the executable file is packed; and if the executable file is packed, determining the executable file as malicious if the executable file satisfies a maliciousness criterion, ... 12/28/06 - 20060294587 - Methods, computer networks and computer program products for reducing the vulnerability of user devices Methods, computer networks, and computer program products that reduce the vulnerability of network user devices to security threats include scanning a user device connected to a network to determine whether the user device contains a particular version of an application; downloading the particular version of the application via the network ... 12/21/06 - 20060288412 - Method and apparatus for determination of the non-replicative behavior of a malicious program Disclosed is a method, a computer system and a computer readable media product that contains a set of computer executable software instructions for directing the computer system to execute a process for determining a non-replicative behavior of a program that is suspected of containing an undesirable software entity. The process ... 12/21/06 - 20060288411 - System and method for mitigating denial of service attacks on communication appliances A method for preventing or limiting the effects of Denial-of-Service attacks in a communication appliance having a packet-classification rule base which allows all legitimate packets to be forwarded to the communication appliance includes monitoring incoming packets to the communication appliance to determine whether conditions indicating a Denial-of-Service attack are present. ... 12/14/06 - 20060282890 - Method and system for detecting blocking and removing spyware In one aspect, the present invention is directed to a method for detecting spyware activity, the method comprises the steps of: monitoring outgoing communication data sent from a user's computer; searching for predefined keywords within the communication data; indicating spyware activity in the user's computer by presence of at least ... 12/07/06 - 20060277604 - System and method for distinguishing safe and potentially unsafe data during runtime processing The techniques and mechanisms described herein are directed to a taint mechanism. An object-based command declares a taint directive for a parameter within a command declaration. The taint directive is then associated with that parameter in a manner such that when an engine processes the command, the engine determines whether ... 11/30/06 - 20060272017 - Computer and method for safe usage of documents, email attachments and other content that may contain virus, spy-ware, or malicious code System, method, computer, and computer program and computer program product for safe usage of potentially malicious code and documents or other content to may contain malicious code. System and method for a virus and hacker-resistant computer. Method and system for supporting a computer systems self repair. ... 11/23/06 - 20060265747 - Systems and methods for message threat management The present invention is directed to systems and methods for detecting unsolicited and threatening communications and communicating threat information related thereto. Threat information is received from one or more sources; such sources can include external security databases and threat information data from one or more application and/or network layer security ... 11/23/06 - 20060265746 - Method and system for managing computer security information A security management system includes a fusion engine which “fuses” or assembles information from multiple data sources and analyzes this information in order to detect relationships between raw events that may indicate malicious behavior and to provide an organized presentation of information to consoles without slowing down the processing performed ... 11/23/06 - 20060265745 - Method and apparatus of detecting network activity Embodiments of the invention are concerned with a method of, and apparatus for, identifying types of network behaviour for use in identifying aberrant network behaviour. In particular, embodiments are concerned with identifying email viruses. The method comprises the steps of: collecting data representative of network traffic that has travelled over ... 11/16/06 - 20060259968 - Log analysis system, method and apparatus An analysis unit which effectively detects incidents on the basis of events detected by a security unit such as an intrusion detection system (IDS) or a firewall (FW) installed in a network stores statistical information that is frequency-distributed information of event information obtained from the collection unit, frequency component information ... 11/16/06 - 20060259967 - Proactively protecting computers in a networking environment from malware In accordance with the present invention, a system, method, and computer-readable medium for sharing information between computers, computing devices, and computing systems in a networking environment to determine whether a network is under attack by malware is provided. In instances when the network is under attack, one or more restrictive ... 11/16/06 - 20060259966 - Protocol-generic eavesdropping network device According to one embodiment, a method comprises capturing, by an eavesdropping device, a packet communicated over a communication network. The eavesdropping device scans the packet's payload, and determines if an identifier is included in the packet's payload that identifies the packet as containing content of interest to the eavesdropping device. ... 11/02/06 - 20060248589 - Memory device and an arrangement for protecting software programs against inadvertent execution A memory device and an arrangement are provided for safeguarding safety-critical program parts against inadvertent execution. At least one program part is executed in a predetermined chronological sequence. At a certain time in the execution, a pattern is generated. At least at one later time, a check is then performed ... 11/02/06 - 20060248588 - Defending denial of service attacks in an inter-networked environment According to an aspect of the present invention, routers are notified of occurrence of denial of service (DoS) attack. The DoS attack can be within another router or other user systems contained in an inter-networked environment. The routers may perform actions such as throttling/blocking packets which would continue to cause ... 11/02/06 - 20060248587 - Disposable red partitions A system and method are provided, whereby data that is easily re-created is separated from data that is not easily re-created, such that the easily re-created data can be disposed of based on a variety of events and the not easily re-created data can be kept in its original state. ... 11/02/06 - 20060248586 - Methods, systems, and computer program products for surveillance monitoring in a communication network based on a national surveillance database Methods, systems, and computer program products are disclosed for providing surveillance monitoring in a communication network based on a national surveillance database. Communication-related information is received from a national surveillance database that includes communication-related information relating to individuals under surveillance. The received communication-related information is used to screen signaling messages ... 10/26/06 - 20060242702 - Method for fast decryption of processor instructions in an encrypted instruction power architecture A method and apparatus are provided for an independent operating system for the prevention of certain classes of computer attacks that have previously not been preventable. Detailed is an effective methodology to implement instruction decryption using the existing instruction set for a processor. Significant hurdles are addressed in the processor ... 10/26/06 - 20060242701 - Method and system for preventing, auditing and trending unauthorized traffic in network systems A method and system for preventing, auditing and trending unauthorized traffic in a network system is provided. The unauthorized traffic is detected at the router level. An attacker transmits an attack vector to the network system. The attack vector is detected at the router and signatures are created for network ... 10/26/06 - 20060242700 - Method for making secure execution of a computer programme, in particular in a smart card A method for making secure execution of a computer program includes the following steps: stacking a predetermined value in a pile of instructions of the program; and stack popping the pile, the stack popping step being adapted, as the case may be, to enable detection of an anomalous execution. ... 10/19/06 - 20060236391 - Secure isolation and recovery in wireless networks The present invention, among other things, obviates the effects of an attack on a wireless network through appropriate isolation and recovery. An aspect of the present invention can include a system and method of isolating a victim of malicious behavior in a wireless access network, and in particular WLAN networks. ... 10/19/06 - 20060236390 - Method and system for detecting malicious wireless applications A method of managing a wireless application executing on terminal device of a wireless network. In accordance with the present invention, execution of the wireless application is monitored to detect symptoms of malicious operation. If one or more symptoms of malicious operation are detected, further operation of the wireless application ... 10/19/06 - 20060236389 - System and method for scanning memory for pestware Systems and methods for managing multiple related pestware processes on a protected computer are described. One embodiment is configured to identify a location of each of a plurality of files in at least one file storage device of the protected computer and store a list of the location of each ... 10/12/06 - 20060230452 - Tagging obtained content for white and black listing A system and method for providing enhanced security with regard to obtained files is presented. Upon obtaining a file from an external location, the obtained file is tagged with tagging information regarding the origin of the obtained file. Additionally, an operating system suitable for execution on a computing device is ... 10/12/06 - 20060230451 - Systems and methods for verifying trust of executable files Systems and methods for validating integrity of an executable file are described. In one aspect, the systems and methods determine that an executable file is being introduced into a path of execution. The executable file is then automatically evaluated in view of multiple malware checks to detect if the executable ... 10/12/06 - 20060230450 - Methods and devices for defending a 3g wireless network against a signaling attack Wireless state information and user/network profiling are used to detect and prevent Denial of Service attacks. ... 10/12/06 - 20060230449 - Source code repair method for malicious code detection A repair mechanism within a code management library system for repairing build code that is infected with malicious code. When a virus pattern is detected in a component of a source code, other components in the source code containing dependencies upon the first component are identified. This identification may be ... 10/05/06 - 20060225134 - Method and system for detection and neutralization of buffer overflow attacks A method for detecting a stack buffer overflow attack is provided that includes receiving a memory access request from a processor core of a system, and determining that the memory access request indicates a stack buffer overflow attack. The method may further include preventing completion of the memory access request ... 10/05/06 - 20060225133 - Method and system for preventing dos attacks A method, system and apparatus for preventing Denial of Service (DOS) attacks on a device are provided. The method includes determining that the device is receiving DOS attack vectors. The method further includes identifying the attack vector with the highest idle time and removing the identified attack vector. Further, the ... 09/28/06 - 20060218636 - Distributed communication security systems Solutions to the so-called “man in the middle” problem are disclosed. One example uses a mutually-random value that is the same for each of two communicants absent a man in the middle, but differs between the communicants in case a man-in-the-middle is present. Communicants become aware if their random values ... 09/28/06 - 20060218635 - Dynamic protection of unpatched machines A system and method for protecting a computer system connected to a communication network from a potential vulnerability. The system and method protects a computer system that is about to undergo or has just undergone a change in state that may result in placing the computer system at risk to ... 09/28/06 - 20060218634 - System and method for recommending hardware upgrades A system and method for scanning a personal computer system and making a specific hardware upgrade recommendation is provided. One aspect of this disclosure relates to a method for a client initiated scan and memory upgrade recommendation. According to an embodiment, a user of a personal computer systems is allowed ... 09/21/06 - 20060212940 - System and method for removing multiple related running processes Methods for managing multiple related pestware processes on a protected computer are described. One embodiment is configured to detect a pestware process and to identify related pestware watcher processes on the protected computer. This embodiment then suspends the pestware and related watcher processes so as to generate suspended processes. The ... 09/21/06 - 20060212939 - Virtualization of software configuration registers of the tpm cryptographic processor A virtual PCR (VPCR) construct is provided that can be cryptographically tagged as optionally resettable or as enduring for the life of a client (process, virtual machine, and the like) and that can be loaded into a resettable hardware PCR to make use of the functionality of a Trusted Platform ... 09/14/06 - 20060206939 - Multiple-level data processing system Methods and systems for processing multiple levels of data in system security approaches are disclosed. In one embodiment, a first set and a second set of resources are selected to iteratively and independently reverse multiple levels of format conversions on the payload portions of a data unit from a first ... 09/14/06 - 20060206938 - E-mail management services The present invention provides an electronic message management system (EMS) that includes a real-time feedback loop where data is collected from the electronic messages on incoming connection attempts, outgoing delivery attempts, and message content analysis, and written to a centralized data matrix. A separate process accesses the data matrix and ... 09/14/06 - 20060206937 - Restricting recordal of user activity in a processing system A method/system for restricting recordal of user activity in a processing system. In one form, the method comprises intercepting a kernel API call of the processing system 100, determining if a process initiating the kernel API call is malicious, and in response to a positive determination, terminating the determined process. ... 09/14/06 - 20060206936 - Method and apparatus for securing a computer network In one embodiment, a network security appliance includes a logic circuit, a network processing unit, and a general purpose processor to protect a computer network from malicious codes, unauthorized data packets, and other network security threats. The logic circuit may include one or more programmable logic devices configured to scan ... 09/14/06 - 20060206935 - Apparatus and method for adaptively preventing attacks An apparatus and method for adaptively preventing attacks which can reduce false positives and negatives for abnormal traffic and can adaptively deal with unknown attacks are provided. The apparatus includes: a behavior analysis unit which estimates an attack detection critical value by analyzing the behavior of network traffic; a traffic ... 09/07/06 - 20060200861 - Robust and fault-tolerant registry for web-enabled information handling devices to protect against malware A method and system for modifying a computer's registry so that it is easily cleansed of spyware and other web-installed software. The registry is structured like an ACID type database, and is partitioned so that metadata associated with web-installed software are stored in a special partitioned. The registry also has ... 08/24/06 - 20060191007 - Security force automation An automated security monitoring and management framework which mimics the mind of a seasoned security expert and which is designed to provide security management, governance and compliance with business context risk assessment is described. The framework comprises of a central management center and a plurality of modules, whereby said framework ... 08/24/06 - 20060191006 - Denial-of-service-attack protecting method, denial-of-service attack protecting system, denial-of-service attack protecting device, repeater, denial-of-service attack protecting program, and program for repeater A gate device acquires authorized address information indicating a source address of a non-attacking packet transmitted by an authorized device, i.e., an address issuing server, provided on a network. The gate device generates normal condition information indicating conditions for the non-attacking packet based on the authorized address information acquired, and ... 08/10/06 - 20060179483 - Method and system for validating a computer system Validating a computer system. An integrity check program is declared during booting of the computer system. It is determined whether the integrity check program quasi-periodically validates dynamic data structures of an operating system within a time interval. ... 08/10/06 - 20060179482 - Security critical data containers Described are security critical data containers for platform code, comprising a Get container and Set container that allow data to be marked as security critical for critical usage of that data, but left unmarked for non-critical usage. The number of critical methods in the code is reduced, facilitating better code ... 08/03/06 - 20060174341 - Systems and methods for message threat management The present invention is directed to systems and methods for detecting unsolicited and threatening communications and communicating threat information related thereto. Threat information is received from one or more sources; such sources can include external security databases and threat information data from one or more application and/or network layer security ... 07/27/06 - 20060168660 - Method and system for delayed write scanning for detecting computer malwares A method, system, and computer program product provides on-access anti-virus scanning of data files, which can be performed without introducing significant performance degradation and provides delayed file write operation scanning upon interception of a file write operation. A method of detecting a malware comprises the steps of intercepting a file ... 07/27/06 - 20060168659 - Security information estimating apparatus, a security information estimating method, a security information estimating program, and a recording medium thereof Security information estimating apparatus, a security information estimating method, a security information estimating program, and recording medium thereof are disclosed. The security information estimating apparatus for estimating security information of target information includes a stored information acquiring unit to acquire stored information, a target information acquiring unit to acquire the ... 07/20/06 - 20060161981 - Method and system for intercepting, analyzing, and modifying interactions between a transport client and a transport provider A method and system for intercepting communications between a transport client and a transport provider is provided. An interceptor system registers to intercept calls made by the transport client to functions of the transport provider. The interceptor system also replaces callbacks of the transport client so that calls from the ... 07/20/06 - 20060161980 - System and method for mitigation of malicious network node activity Malicious network node activity and, in particular, denial of service attacks, may be mitigated by one or more practical mitigation mechanisms and mitigation mechanism combinations. Suitable protocol messages may be challenged with a challenge probe. A response to the challenge probe may be utilized to determine if received protocol messages ... 07/20/06 - 20060161979 - Scriptable emergency threat communication and mitigating actions A method and system for communicating emergency information about computer security threats together with mitigating actions that may be performed depending on the configuration of each computer. A secure package that includes a message regarding a threat and that potentially includes a script including actions to mitigate the threat is ... 07/20/06 - 20060161978 - Software security based on control flow integrity Software control flow integrity is provided by embedding identifying bit patterns at computed control flow instruction sources and destinations. The sources and destinations of computed control flow instructions are determined with reference to a control flow graph. The identifying bit patterns are compared during software execution, and a match between ... 07/13/06 - 20060156402 - Overlay network for tracking denial-of-service floods in unreliable datagram delivery networks An approach for tracking denial-of-service (DoS) flood attacks using an overlay IP (Internet Protocol) network is disclosed. One or more tracking routers form an overlay tracking network over the network of an Internet Service Provider (ISP). The ISP network includes numerous transit routers and edge routers. The tracking routers communicate ... 07/13/06 - 20060156401 - Distributed traffic scanning through data stream security tagging Methods and systems for providing data security scanning in a network. A network device ascertains, based on a network's security policy, security technologies that are should or must be applied to the network traffic. The network device applies the not yet applied security technologies, based on a determination that the ... 07/13/06 - 20060156400 - System and method for preventing unauthorized access to computer devices A computer protection system is responsive to incoming data that may be supplied from various data sources for delivery to a protected computer device. The protection system physically isolates the computer device from the incoming data to provide complete protection of the computer device from all possible threats. The protection ... 07/13/06 - 20060156399 - System and method for implementing network security using a sequestered partition A system and method are implemented within a computing system to perform tamper-resistant network security operations. For example, a method of one embodiment comprises: sequestering a partition on the computing system, the partition including a region of memory and a logical or physical processing element; forwarding incoming and/or outgoing data ... 07/13/06 - 20060156398 - System security event notification aggregation and non-repudiation An aggregation agent may combine and correlate information generated by multiple on-host agents and/or information generated in response to multiple security events. The aggregation agent may transmit the combined information to a security console. The security console may check the identity of the aggregation agent to determine whether to accept ... 07/13/06 - 20060156397 - A new anti-spy method without using scan Various known ways to make a Spyware are analyzed and countered. Spy-ware works by replacing the function address/value/body of certain Windows APIs with its own spying code. The Anti-spy invention counters it by replacing the tainted APIs with clean ones through reconstruction. This process is repeated periodically. Although the techniques ... 07/06/06 - 20060150248 - System security agent authentication and alert distribution An aggregation agent may combine and correlate information generated by multiple on-host agents and/or information generated in response to multiple security events. The aggregation agent may transmit the combined information to a security console. The security console may check the identity of the aggregation agent to determine whether to accept ... 06/29/06 - 20060143707 - Detecting method and architecture thereof for malicious codes A detecting method and architecture thereof for malicious codes is provided, which is applicable to a computer system having at least a host. Each host executes at least a process. The method is implemented with a system call interposition module and an analysis module for malicious codes. The system call ... 06/22/06 - 20060137011 - System and method for coping with encrypted harmful traffic in hybrid ipv4/ipv6 networks Provided are a system and method for coping with encrypted harmful traffic in hybrid IPv4/IPv6 networks. The system includes: an encryption key manager collecting encryption key information from a user terminal connected to the hybrid IPv4/IPv6 networks, and storing and managing the information in an encryption key database; an encryption ... 06/22/06 - 20060137010 - Method and system for a self-healing device A self-healing device is provided in which changes made between the time that an infection resulting from an attack on the device was detected and an earlier point in time to which the device is capable of being restored may be recovered based, at least in part, on what kinds ... 06/22/06 - 20060137009 - Stateful attack protection A method for detecting an attack in a computer network includes monitoring communication traffic transmitted over connections on the network that are associated with a stateful application protocol so as to detect respective states of the connections, and analyzing a distribution of the states so as to detect the attack. ... 06/22/06 - 20060137008 - Techniques for providing secure communication modes Techniques to limit the control of component hardware devices in a computer system by external devices or external software programs. ... 06/22/06 - 20060137007 - Revoking a permission for a program A device and a method for revoking a permission of an access controlled program are provided. The method includes executing an access controlled program by a processor at a device, determining if a permission of the access controlled program at the device needs to be revoked, and requesting a new ... 06/15/06 - 20060130139 - Client compliancy with self-policing clients Security sensor data from intrusion detection system (IDS) sensors, vulnerability assessment (VA) sensors, and/or other security sensors is used to enhance the compliancy determination in a client compliancy system. A database is used to store the security sensor data. In one particular embodiment, a list of device compliance statuses indexed ... 06/08/06 - 20060123478 - Phishing detection, prevention, and notification Phishing detection, prevention, and notification is described. In an embodiment, a messaging application facilitates communication via a messaging user interface, and receives a communication, such as an email message, from a domain. A phishing detection module detects a phishing attack in the communication by determining that the domain is similar ... 06/08/06 - 20060123477 - Method and apparatus for generating a network topology representation based on inspection of application messages at a network device A method is disclosed for generating a network topology representation based on inspection of application messages at a network device. According to one aspect, a network device receives a request packet, routes the packet to the destination, and extracts and stores correlation information from a copy of the request packet. ... 06/08/06 - 20060123476 - System and method for warranting electronic mail using a hybrid public key encryption scheme The present invention provides a method and system for warranting electronic mail using a hybrid public key encryption scheme. In one embodiment, the sender contacts an authentication server which first identifies the sender as being allowed to send through the server, and secondly signs his email using a private key ... 06/01/06 - 20060117385 - Monitoring propagation protection within a network Described are methods and apparatus, including computer program products, for propagation protection within a network. A management station receives event messages from a plurality of transparent network appliances, each of the event messages comprising a threat indication generated in response to a detected threat in data being transmitted through the ... 06/01/06 - 20060117384 - Method and arrangement for automatically controlling access between a computer and a communication network The present invention relates to a device and method for increasing the security for a computer or server adapted for communication with a communication network, for example the Internet. The method for automatically controlling access between the computer and the communicat |