Abstract

An adversarial approach in detecting inappropriate text content in images. An expression from a listing of expressions may be selected (401). The listing of expressions may include words, phrases, or other textual content indicative of a particular type of message. Using the selected expression as a reference, the image is searched for a section that could be similar to the selected expression (402). The similarity between the selected expression and the section of the image may be in terms of shape. The section may be scored against the selected expression to determine how well the selected expression matches the section (403). The score may be used to determine whether or not the selected expression is present in the image (404).

IPC Classes  ?

• H04L 12/58 - Message switching systems
• G06K 9/20 - Image acquisition
• G06K 9/32 - Aligning or centering of the image pick-up or image-field

Abstract

A pure adversarial optical character recognition (OCR) approach in identifying text content in images. An image and a search term are input to a pure adversarial OCR module (920), which searches the image for presence of the search term. The image may be extracted from an email by an email processing engine. The OCR module (920) may split the image into several character-blocks that each has a reasonable probability of containing a character (e.g., an ASCII character). The OCR module (920) may form a sequence of blocks that represent a candidate match to the search term and calculate the similarity of the candidate sequence to the search term. The OCR module (920) may be configured to output whether or not the search term is found in the image and, if applicable, the location of the search term in the image.

IPC Classes  ?

• H04L 12/58 - Message switching systems
• G06K 9/20 - Image acquisition
• G06K 9/32 - Aligning or centering of the image pick-up or image-field

Abstract

In one embodiment, a transparent relay (710) receives diverted e-mail communications between an e-mail client (701) and an e-mail server (704). The transparent relay (710) may be configured to examine the e-mail communications for network security policy violations. E-mail communications that do not violate a network security policy may be relayed to their intended destination. Policy actions, such as discarding or redirection, may be performed on those that violate one or more network security policies. The transparent relay (710) may include a pair of communications interfaces (106A and 106B) running in promiscuous mode, one for downstream communications and another for upstream communications. The transparent relay (710) may decompose a network communication protocol to look for a network security policy violations.

IPC Classes  ?

• G06F 11/00 - Error detection; Error correction; Monitoring

Abstract

In one embodiment, a DNS security network includes several DNS appliances (210) and a security operations center (SOC) server computer (260). The SOC server computer (260) may receive telemetry data (382) from the DNS appliances (210), the telemetry data (382) comprising information about DNS client queries received in the respective DNS appliances (210). From the telemetry data (382), the SOC server computer may generate security policies (381) for distribution to the DNS appliances (210). The security policies (381) may be used by the DNS appliances (210) to determine whether a DNS client query is originated by a client computer performing a prohibited activity (e.g., sending spam, communicating with a zombie control computer, navigating to a prohibited website, etc.). An answer to a client query may be replaced or discarded altogether in cases where the originator is performing a prohibited activity.

IPC Classes  ?

• G06F 15/173 - Interprocessor communication using an interconnection network, e.g. matrix, shuffle, pyramid, star or snowflake

Abstract

The present invention provides a technique of preventing a user from being tricked into revealing personal information by pharming. Security server 50 checks whether a combination of a domain name and an IP address of WWW site 30 to be accessed by PC 10 is registered in access-permit DB 55a or access-inhibit DB 55b. Security sever 50 also checks whether the combination is registered in any of secure DNS servers 40 registered in secure DNS DB 55c. On the basis of a result of the checks, security server 50 controls an access by PC 10 to WWW site 30.

IPC Classes  ?

• H04L 29/06 - Communication control; Communication processing characterised by a protocol

Abstract

In one embodiment, a network security appliance (100) includes a logic circuit (530), a network processing unit (110), and a general purpose processor (510) to protect a computer network from malicious codes, unauthorized data packets, and other network security threats. The logic circuit (530) may include one or more programmable logic devices configured to scan incoming data packets at different layers of a multi-layer protocol, such as the OSI-seven layer model. The network processing unit (110) may work in conjunction with the logic circuit (530) to perform protocol parsing, to form higher layer data units from the data packets, and other network communications-related tasks. The general purpose processor (510) may execute software for performing functions not available from the logic circuit or the network processing unit. For example, the general purpose processor (510) may remove malicious code from infected data or perform malicious code scanning on data when the logic circuit (530) is not configured to do so.

IPC Classes  ?

• G06F 11/00 - Error detection; Error correction; Monitoring

Abstract

Disclosed are techniques for performing an antivirus task in a mobile wireless device running an embedded operating system. In one embodiment, calls intended for an application programming interface (API) function code is redirected to an antivirus function code (302). The redirection to the antivirus function code may be performed by modifying a kernel structure (203A) to point to a modified entry list instead of an API entry list (301). The redirection to the antivirus function code may also be performed by modifying the API function code to allow the antivirus function code to execute before the API function code. The kernel structure or the API function code may be properly restored back to its original form. Software implementations of these techniques may be readily loaded and unloaded, and may not require re-installation of the embedded operating system.

IPC Classes  ?

• G06F 21/00 - Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity

Abstract

The present invention provides a technique of enabling communication devices constituting a wireless network to register and update identification information easily, and thereby ensuring security of the communication devices and the wireless network and of detecting a communication device suspected of accessing a wireless network illegally and informing a user of the communication device. Communication terminal 20b detects and reports networked devices constituting wireless LAN 1, and if communication with the reported networked devices is permitted through an operation of operating unit 204, registers the MAC addresses of the networked devices in permission table 206a. Communication terminal 20b permits communication with a networked device constituting wireless LAN 1 whose MAC address has been registered in permission table 206a, and prohibits communication with a networked device constituting wireless LAN 1 whose MAC address has not been registered in permission table 206a.

IPC Classes  ?

• H04L 29/06 - Communication control; Communication processing characterised by a protocol

Abstract

In one embodiment, a technique for controlling traffic in a computer network (700) includes modifying a packet generated by a first computer (710). The packet may be intended for a second computer, but is modified to be redirected to a third computer (740). The packet may be processed in the third computer (740) prior to being forwarded from the third computer to the second computer. The packet may be scanned for viruses at the third computer (740), for example. Among other advantages, the technique allows for scanning of early generated packets, redirection of selected packets, and routing of packets from a computer in general.

IPC Classes  ?

• G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
• H04L 12/28 - Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]