公开(公告)号：WO03017067A8

公开(公告)日：2004-03-25

申请号：PCT/EP0208581

申请日：2002-08-01

Applicant: IBM ,  IBM DEUTSCHLAND

Inventor： CHARI SURESH N ,  RAO JOSYULA R ,  ROHATGI PANKAJ ,  SCHERZER HELMUT

IPC: G06F21/00 ,  G06F1/00

CPC classification number: G06F21/556 ,  H04L9/002 ,  H04L2209/043 ,  H04L2209/08

公开(公告)号：WO2006078446A3

公开(公告)日：2009-04-09

申请号：PCT/US2006000081

申请日：2006-01-06

Applicant: IBM ,  CHARI SURESH N ,  CHENG PAU-CHEN ,  RAO JOSYULA R ,  ROHATGI PANKAJ ,  STEINER MICHAEL

Inventor： CHARI SURESH N ,  CHENG PAU-CHEN ,  RAO JOSYULA R ,  ROHATGI PANKAJ ,  STEINER MICHAEL

IPC: G06F11/00 ,  G06F11/30 ,  G06F12/14 ,  H04L9/00

CPC classification number: G06F21/554 ,  G06F21/53

Abstract: An intrusion detection system (IDS), method of protecting computers against intrusions and program product therefor. The IDS determines which applications are to run in native environment (NE) and places the remaining applications in a sandbox. Some of the applications in sandboxes may be placed in a personalized virtual environment (PVE) in the sandbox. Upon detecting an attempted attack, a dynamic honeypot may be started for an application in a sandbox and not in a PVE. A virtualized copy of system resources may be created for each application in a sandbox and provided to the corresponding application in the respective sandbox.

Abstract translation: 入侵检测系统（IDS），防止计算机入侵的方法和程序产品。 IDS确定在本地环境（NE）中运行哪些应用程序，并将剩余的应用程序放在沙箱中。 砂箱中的一些应用程序可能会放置在沙箱中的个性化虚拟环境（PVE）中。 在检测到尝试的攻击时，可以为沙箱而不是PVE中的应用启动动态蜜罐。 可以为沙箱中的每个应用程序创建系统资源的虚拟副本，并提供给相应沙箱中的相应应用程序。

公开(公告)号：WO2006078446A4

公开(公告)日：2009-06-11

申请号：PCT/US2006000081

申请日：2006-01-06

Applicant: IBM ,  CHARI SURESH N ,  CHENG PAU-CHEN ,  RAO JOSYULA R ,  ROHATGI PANKAJ ,  STEINER MICHAEL

Inventor： CHARI SURESH N ,  CHENG PAU-CHEN ,  RAO JOSYULA R ,  ROHATGI PANKAJ ,  STEINER MICHAEL

IPC: G06F11/00 ,  G06F11/30 ,  G06F12/14 ,  H04L9/00

CPC classification number: G06F21/554 ,  G06F21/53

Abstract: An intrusion detection system (IDS), method of protecting computers against intrusions and program product therefor. The IDS determines which applications are to run in native environment (NE) and places the remaining applications in a sandbox. Some of the applications in sandboxes may be placed in a personalized virtual environment (PVE) in the sandbox. Upon detecting an attempted attack, a dynamic honeypot may be started for an application in a sandbox and not in a PVE. A virtualized copy of system resources may be created for each application in a sandbox and provided to the corresponding application in the respective sandbox.

Abstract translation: 入侵检测系统（IDS），保护计算机免受入侵的方法及其程序产品。 IDS确定哪些应用程序要在本地环境（NE）中运行，并将其余应用程序放置在沙箱中。 沙箱中的一些应用程序可能会放置在沙箱中的个性化虚拟环境（PVE）中。 在检测到尝试的攻击后，可以为沙箱中的应用启动动态蜜罐，而不是在PVE中启动。 系统资源的虚拟化副本可以为沙箱中的每个应用程序创建并提供给相应沙箱中的相应应用程序。

公开(公告)号：CA2874097C

公开(公告)日：2020-09-22

申请号：CA2874097

申请日：2013-03-21

Applicant: IBM

Inventor： CHRISTODORESCU MIHAI ,  RAO JOSYULA R ,  SAILER REINER ,  SCHALES DOUGLAS LEE

IPC: G06Q10/10 ,  H04L12/58

Abstract: Methods and apparatus are provided for detecting unauthorized bulk forwarding of sensitive data over a network. A bulk forwarding of email from a first network environment is automatically detected by determining an arrival rate for internal emails received from within the first network environment into one or more user accounts; determining a sending rate for external emails sent from the one or more user accounts to a second network environment; and detecting the bulk forwarding of email from a given user account by comparing the arrival rate for internal emails and the sending rate for external emails. The bulk forwarding of email from a given user account can be detected by determining whether statistical models of the arrival rate for internal emails and of the sending rate for external emails are correlated in time.

公开(公告)号：GB2515974A

公开(公告)日：2015-01-07

申请号：GB201420108

申请日：2013-03-21

Applicant: IBM

Inventor： CHRISTODORESCU MIHAI ,  RAO JOSYULA R ,  SAILER REINER ,  SCHALES DOUGLAS LEE

IPC: H04L12/58 ,  G06Q10/10

Abstract: Methods and apparatus are provided for detecting unauthorized bulk forwarding of sensitive data over a network. A bulk forwarding of email from a first network environment is automatically detected by determining an arrival rate for internal emails received from within the first network environment into one or more user accounts; determining a sending rate for external emails sent from the one or more user accounts to a second network environment; and detecting the bulk forwarding of email from a given user account by comparing the arrival rate for internal emails and the sending rate for external emails. The bulk forwarding of email from a given user account can be detected by determining whether statistical models of the arrival rate for internal emails and of the sending rate for external emails are correlated in time.

公开(公告)号：CA2874097A1

公开(公告)日：2013-12-19

申请号：CA2874097

申请日：2013-03-21

Applicant: IBM

Inventor： CHRISTODORESCU MIHAI ,  RAO JOSYULA R ,  SAILER REINER ,  SCHALES DOUGLAS LEE

IPC: G06Q10/10 ,  H04L12/58

Abstract: Methods and apparatus are provided for detecting unauthorized bulk forwarding of sensitive data over a network. A bulk forwarding of email from a first network environment is automatically detected by determining an arrival rate for internal emails received from within the first network environment into one or more user accounts; determining a sending rate for external emails sent from the one or more user accounts to a second network environment; and detecting the bulk forwarding of email from a given user account by comparing the arrival rate for internal emails and the sending rate for external emails. The bulk forwarding of email from a given user account can be detected by determining whether statistical models of the arrival rate for internal emails and of the sending rate for external emails are correlated in time.