Abstract: A machine learning system and method are provided. The machine learning system includes a plurality of client apparatuses, and the client apparatuses include a first client apparatus and one or more second client apparatuses. The first client apparatus transmits a model update request to the one or more second client apparatuses, and the model update request corresponds to a malware type. The first client apparatus receives a second local model corresponding to each of the one or more second client apparatuses from each of the one or more second client apparatuses. The first client apparatus generates a plurality of node sequences based on a first local model and each of the second local models. The first client apparatus merges the first local model and each of the second local models based on the node sequences to generate a local model set.

Abstract: An information security device and method thereof are provided. The information security device includes a transceiver, a register and a processor. The transceiver configured to receive scenario information of a company; The register configured to store multiple instructions and multiple databases; and the processor coupled to the transceiver and the register, and configured to execute the multiple instructions to: read first vulnerability related information and first event information from the multiple databases; generate at least one first intelligent graph according to the first vulnerability related information and the first event information, and generate a second intelligent graph according to the scenario information; and compare the at least one first intelligent graph with the second intelligent graph to identify at least one similarity between the at least one first intelligent graph and the second intelligent graph for determining whether the company has information security threat.

Abstract: An exemplary embodiment of the present disclosure illustrates a sensitive data discrimination method executed in a data loss prevention system to determine whether a file has the least one sensitive data during a file generation proceeding. Steps of the sensitive data discrimination method are illustrated as follows. Multiple characters inputted via a keyboard are recorded. The recorded characters are trimmed to generate a trimmed data. The trimmed data and at least one predefined term related to the at least one sensitive data are compared, to determine whether the trimmed data has the at least one sensitive data.

Abstract: An exemplary embodiment of the present disclosure illustrates a sensitive data discrimination method executed in a data loss prevention system to determine whether a file has the least one sensitive data during a file generation proceeding. Steps of the sensitive data discrimination method are illustrated as follows. Multiple characters inputted via a keyboard are recorded. The recorded characters are trimmed to generate a trimmed data. The trimmed data and at least one predefined term related to the at least one sensitive data are compared, to determine whether the trimmed data has the at least one sensitive data.

Abstract: A computer worm curing system includes a string receiving module, a string generating module and a string replying module. The string receiving module receives an infected string, which is generated by a computer worm, from an infected host, which is infected by the computer worm, through a network. The infected string includes a shellcode, and the shellcode is executed utilizing a vulnerable process. The string generating module generates a curing code for curing the computer worm, and replaces the shellcode in the infected string with the curing code to generate a curing string, such that the curing string can be executed utilizing the vulnerable process. The string replying module replies the curing string to the infected host, such that the curing code of the curing string can be executed utilizing the vulnerable process of the infected host to cure the infected host of the computer worm.

Abstract: A dynamic data masking method, suitable for a database including plural data, is disclosed in this invention. Each of the data includes plural values and plural keys corresponding to the values. The dynamic data masking method includes steps of: determining whether values and keys of one data are sensitive contents when the data are requested to be written into the database; if one of the values/keys of the data is sensitive, setting a key corresponding to the sensitive value or the key itself as a sensitive key and dynamically establishing a filtering rule corresponding to the key; and then, saving the filtering rule and writing the data into the database. In addition, a database system is also disclosed herein.

Abstract: A phishing processing method includes: an information input web page comprising an information input interface, through which information is transmitted to an information receiving address, is received. Determine if the information input web page is a phishing web page. If it is determined that the information input web page is the phishing web page, fake input information is transmitted to the information receiving address. When information for verification is received from an information transmitting address, if the received information for verification is the fake input information is determined. If the received information for verification is the fake input information, it is determined that the information transmitting address is a malicious address.

Abstract: A method and a system for cleaning malicious software (malware), a computer program product, and a storage medium are provided. A relation graph is established to associate processes in an operating system and related elements. A node marking action is performed on the relation graph when a predetermined condition is satisfied. The node corresponding to a malicious process and its related nodes are marked with a first label. The nodes of other normal processes and their related nodes are marked with a second label. Then, those nodes marked with both the first label and the second label are screened, so that each of the nodes is marked with only the first label or the second label. Finally, the processes and elements corresponding to the nodes marked with the first label are removed.

Abstract: A phishing processing method includes: an information input web page comprising an information input interface, through which information is transmitted to an information receiving address, is received. Determine if the information input web page is a phishing web page. If it is determined that the information input web page is the phishing web page, fake input information is transmitted to the information receiving address. When information for verification is received from an information transmitting address, if the received information for verification is the fake input information is determined. If the received information for verification is the fake input information, it is determined that the information transmitting address is a malicious address.

Abstract: A server, a user device, and a malware detection method thereof are provided. The server connects with the user device via a network, and records execution records of the user device. Based on the history of the execution records of the user device, the server can detect whether the user device has malwares or not accordingly.

Abstract: A monitor method and a monitor apparatus for monitoring a data of hardware are provided. The data has private information, identification information and at least one first network transmission address. The monitor apparatus comprises a storage unit and a processing unit. The data is stored in the storage unit according to the identification information. The processing unit is configured to record the identification information and the at least one first network transmission address of the data in a mark information table. In response to a sending system call, when a transmission is arranged to transmit the private information of the data to a second network transmission address which is different from the at least one first network transmission address, the processing unit will output a signal to cease the transmission.

Abstract: A malware detection apparatus, a malware detection method, and a computer program product thereof are provided. The malware detection apparatus is used to detect a program. The program executes a first process. The malware detection apparatus comprises a storage unit and a processing unit. The storage unit is configured to store a malicious behavior profile of a malware. The processing unit is configured to construct a first behavior profile according to the first process, compare the first behavior profile with the malicious behavior profile and generate a comparison result. The processing unit updates a behavior record table according to the comparison result, and determines that the program is the malware according to the behavior record table.

Abstract: A web page crawling method, a web page crawling device and a computer storage medium thereof are provided. The web page crawling method analyzes a web page to create an object list which comprises a dynamic triggering object according to a DOM. And it creates a triggering mission list which comprises at least one triggering event corresponding to the dynamic triggering object according to the object list. Then it triggers the web page to generate a triggered web page according to the at least one triggering event. Finally, it creates a web page link list of the dynamic triggering object according to a new link object of the triggered web page. In addition, the web page crawling device is configured to carry out the web page crawling method, and the computer storage medium executes the web page crawling method after it is loaded into the web page crawling device.

Abstract: A server, a user device, and a malware detection method thereof are provided. The server connects with the user device via a network, and records execution records of the user device. Based on the history of the execution records of the user device, the server can detect whether the user device has malwares or not accordingly.

Abstract: A computer worm curing system includes a string receiving module, a string generating module and a string replying module. The string receiving module receives an infected string, which is generated by a computer worm, from an infected host, which is infected by the computer worm, through a network. The infected string includes a shellcode, and the shellcode is executed utilizing a vulnerable process. The string generating module generates a curing code for curing the computer worm, and replaces the shellcode in the infected string with the curing code to generate a curing string, such that the curing string can be executed utilizing the vulnerable process. The string replying module replies the curing string to the infected host, such that the curing code of the curing string can be executed utilizing the vulnerable process of the infected host to cure the infected host of the computer worm.

Abstract: A monitor method and a monitor apparatus for monitoring a data of hardware are provided. The data has private information, identification information and at least one first network transmission address. The monitor apparatus comprises a storage unit and a processing unit. The data is stored in the storage unit according to the identification information. The processing unit is configured to record the identification information and the at least one first network transmission address of the data in a mark information table. In response to a sending system call, when a transmission is arranged to transmit the private information of the data to a second network transmission address which is different from the at least one first network transmission address, the processing unit will output a signal to cease the transmission.

Abstract: A method and a system for cleaning malicious software (malware), a computer program product, and a storage medium are provided. A relation graph is established to associate processes in an operating system and related elements. A node marking action is performed on the relation graph when a predetermined condition is satisfied. The node corresponding to a malicious process and its related nodes are marked with a first label. The nodes of other normal processes and their related nodes are marked with a second label. Then, those nodes marked with both the first label and the second label are screened, so that each of the nodes is marked with only the first label or the second label. Finally, the processes and elements corresponding to the nodes marked with the first label are removed.

Abstract: Method, network apparatus and computer readable medium thereof for detecting the defect of the network are provided. The network apparatus comprises a controlling module and a relaying module. The controlling module comprises a generating module for generating a plurality of sub-detecting packets; and a first combining module for combining the plurality of sub-detecting module into a detecting packet; the relaying module is for receiving the detecting packet from the controlling module, the relaying module comprises a decomposing module for decomposing the detecting packet into the plurality of sub-detecting packets and transfer the sub-detecting packets to a target host; and a second combining module for receiving a plurality sub-result packets from the target host which are corresponding to the sub-detecting packets, combining the sub-result packets into a result packet and transferring the result packet to the controlling module to complete the detection.

Abstract: The present invention relates to a computer with a touch screen, and the user can execute one of “undo”, “cut”, “copy” and “paste” editing commands by a continuous stroke movement to increase the input operational efficiency. For example, after marking an area on the screen, if the subsequent stroke is moved downwards, the “cut” operation is performed, and if the subsequent stroke is moved upwards, the “copy” operation is performed. Furthermore, when the user stops the stroke at a predetermined position, if the subsequent stroke is moved towards the right, the “paste” operation is performed, and if the subsequent stroke is moved towards the left, the “undo” operation is performed.

Abstract: The present invention relates to a computer with a touch screen, and the user can execute one of “undo”, “cut”, “copy” and “paste” editing commands by a continuous stroke movement to increase the input operational efficiency. For example, after marking an area on the screen, if the subsequent stroke is moved downwards, the “cut” operation is performed, and if the subsequent stroke is moved upwards, the “copy” operation is performed. Furthermore, when the user stops the stroke at a predetermined position, if the subsequent stroke is moved towards the right, the “paste” operation is performed, and if the subsequent stroke is moved towards the left, the “undo” operation is performed.