-
公开(公告)号:EP2807563A1
公开(公告)日:2014-12-03
申请号:EP13741063.5
申请日:2013-01-09
CPC分类号: G06F11/3476 , G06F11/0793 , G06F11/3006 , G06F11/3017 , G06F11/302 , G06F11/3055 , H04L41/142 , H04L41/145 , H04L43/04
摘要: A debugging system used for a data center in a network is disclosed. The system includes a monitoring engine to monitor network traffic by collecting traffic information from a network controller, a modeling engine to model an application signature, an infrastructure signature, and a task signature using a monitored log, a debugging engine to detect a change in the application signature between a working status and a non-working status using a reference log and a problem log, and to validate the change using the task signature, and a providing unit to provide toubleshooting information, wherein an unknown change in the application signature is correlated to a known problem class by considering a dependency to a change in the infrastructure signature. Other methods and systems also are disclosed.
-
公开(公告)号:EP2772021A2
公开(公告)日:2014-09-03
申请号:EP13735761.2
申请日:2013-01-09
发明人: LUMEZANU, Cristian , JIANG, Guofei , ZHANG, Yueping , SINGH, Vishal , WANG, Ye
IPC分类号: H04L12/26
CPC分类号: H04L47/12 , H04L43/026 , H04L43/16 , H04L47/2441 , H04L47/41 , H04L63/1425 , Y02D50/30
摘要: A device used in a network is disclosed. The device includes a network monitor to monitor a network state and to collect statistics for flows going through the network, a flow aggregation unit to aggregate flows into clusters and identify flows that can cause a network problem, and an adaptive control unit to adaptively regulate the identified flow according to network feedback. Other methods and systems also are disclosed.
-
13.发明公开RANKING THE IMPORTANCE OF ALERTS FOR PROBLEM DETERMINATION IN LARGE SYSTEMS 审中-公开分拣报警的重要性,在大型系统中的问题确定
公开(公告)号:EP2286337A2
公开(公告)日:2011-02-23
申请号:EP09751062.2
申请日:2009-04-06
发明人: JIANG, Guofei , CHEN, Haifeng , YOSHIHIRA, Kenji
CPC分类号: H04L43/16 , G06F11/0709 , G06F11/0781 , G06F21/552 , H04L41/0681 , H04L41/16
摘要: A system and method for prioritizing alerts includes extracting invariants to determine a stable set of models for determining relationships among monitored system data. Equivalent thresholds for a plurality of rules are computed using an invariant network developed by extracting the invariants. For a given time window, a set of alerts are received from a system being monitored. A measurement value of the alerts is compared with a vector of equivalent thresholds, and the set of alerts is ranked.
-
公开(公告)号:EP3205072A1
公开(公告)日:2017-08-16
申请号:EP15848332.1
申请日:2015-10-12
发明人: LI, Zhichun , WU, Zhenyu , QIAN, Zhiyun , JIANG, Guofei , AKHOONDI, Masoud , KUSANO, Markus
CPC分类号: H04L63/1416 , G06F17/30958 , H04L63/1425 , H04L63/1441 , H04L2463/146
摘要: Methods and systems for intrusion attack recovery include monitoring two or more hosts in a network to generate audit logs of system events. One or more dependency graphs (DGraphs) is generated based on the audit logs. A relevancy score for each edge of the DGraphs is determined. Irrelevant events from the DGraphs are pruned to generate a condensed backtracking graph. An origin is located by backtracking from an attack detection point in the condensed backtracking graph.
摘要翻译: 用于入侵攻击恢复的方法和系统包括监视网络中的两个或更多主机以生成系统事件的审计日志。 根据审计日志生成一个或多个依赖关系图(DGraphs)。 确定DGraphs每个边缘的相关性分数。 DGraphs中的不相关事件被修剪以产生浓缩的回溯图。 通过凝聚回溯图中的攻击检测点回溯来确定原点。
-
15.发明公开LAYER 2 PATH TRACING THROUGH CONTEXT ENCODING IN SOFTWARE DEFINED NETWORKING 审中-公开软件版2-WEGVERFOLGUNG DURCH KONTEXTCODIERUNG软件版
公开(公告)号:EP3123669A1
公开(公告)日:2017-02-01
申请号:EP15770097.2
申请日:2015-03-24
发明人: ZHANG, Hui , LUMEZANU, Cristian , RHEE, Junghwan , ARORA, Nipun , XU, Qiang , JIANG, Guofei
IPC分类号: H04L12/26 , H04L12/937
摘要: A computer implemented method for network monitoring includes providing network packet event characterization and analysis for network monitoring that includes supporting summarization and characterization of network packet traces collected across multiple processing elements of different types in a virtual network, including a trace slicing to organize individual packet events into path-based trace slices, a trace characterization to extract at least 2 types of feature matrix describing those trace slices, and a trace analysis to cluster, rank and query packet traces based on metrics of the feature matrix.
摘要翻译: 一种用于网络监测的计算机实现方法包括为网络监测提供网络分组事件表征和分析,其包括支持在虚拟网络中跨越不同类型的多个处理元件收集的网络分组跟踪的摘要和表征,包括用于组织各个分组事件的跟踪分片 基于路径的跟踪片,跟踪表征,以提取描述这些跟踪片段的至少2种类型的特征矩阵,以及基于特征矩阵的度量的集群,排序和查询分组跟踪的跟踪分析。
-
公开(公告)号:EP3085030A1
公开(公告)日:2016-10-26
申请号:EP14873041.9
申请日:2014-12-17
发明人: ZHANG, Hui , ARZANI, Behnaz , IVANCIC, Franjo , RHEE, Junghwan , ARORA, Nipun , JIANG, Guofei
IPC分类号: H04L12/701 , H04L12/841
摘要: Methods and systems for finding a packet's routing path in a network includes intercepting control messages sent by a controller to one or more switches in a software defined network (SDN). A state of the SDN at a requested time is emulated and one or more possible routing paths through the emulated SDN is identified by replaying the intercepted control messages to one or more emulated switches in the emulated SDN. The one or more possible routing paths correspond to a requested packet injected into the SDN at the requested time.
摘要翻译: 用于在网络中查找分组的路由路径的方法和系统包括将由控制器发送的控制消息拦截到软件定义网络(SDN)中的一个或多个交换机。 仿真所请求时间的SDN的状态,并且通过在被仿真的SDN中重放截取的控制消息给一个或多个仿真开关来识别通过仿真SDN的一个或多个可能的路由路径。 一个或多个可能的路由路径对应于在所请求的时间被注入到SDN中的请求的分组。
-
公开(公告)号:EP2850791A1
公开(公告)日:2015-03-25
申请号:EP13843750.4
申请日:2013-09-30
IPC分类号: H04L12/813 , H04L12/24
CPC分类号: H04L41/12 , H04L43/0876 , H04L43/10 , Y02D30/30
摘要: A method implemented in a network apparatus used in a network is disclosed. The method includes sensing network topology and network utilization, receiving a request from an application, deciding path setup requirement using network state information obtained from the network topology and the network utilization, and translating the path setup requirement into a rule to be installed. Other methods, apparatuses, and systems also are disclosed.
-
18.发明公开METHODS AND APPARATUS FOR PREDICTING THE PERFORMANCE OF A MULTI-TIER COMPUTER SOFTWARE SYSTEM 审中-公开方法和装置预测多层计算机软件系统的性能
公开(公告)号:EP2524308A2
公开(公告)日:2012-11-21
申请号:EP11733402.9
申请日:2011-01-13
发明人: GU, Yu , PAN, Ke , SINGH, Atul , JIANG, Guofei
CPC分类号: G06F11/3495 , G06F11/3414 , G06F11/3419 , G06F2201/865
摘要: A method and system for predicting the performance of a multi-tier computer software system operating on a distributed computer system, sends client requests to one or more tiers of software components of the multi-tier computer software system in a time selective manner; collects traffic traces among all the one or more tiers of the software components of the multi-tier computer software system; collects CPU time at the software components of the multi-tier computer software system; infers performance data of the multi-tier computer software system from the collected traffic traces; and determines disk input/output waiting time from the inferred performance data.
-
19.发明公开METHOD AND SYSTEM FOR BEHAVIOR QUERY CONSTRUCTION IN TEMPORAL GRAPHS USING DISCRIMINATIVE SUB-TRACE MINING 审中-公开使用判别式子轨迹挖掘在时间图上进行行为查询的方法和系统
公开(公告)号:EP3215975A1
公开(公告)日:2017-09-13
申请号:EP15858083.7
申请日:2015-11-05
发明人: LI, Zhichun , XIAO, Xusheng , WU, Zhenyu , ZONG, Bo , JIANG, Guofei
CPC分类号: G06F17/30958 , G06F21/552
摘要: A method and system for constructing behavior queries in temporal graphs using discriminative sub-trace mining. The method includes generating system data logs to provide temporal graphs, wherein the temporal graphs include a first temporal graph corresponding to a target behavior and a second temporal graph corresponding to a set of background behaviors, generating temporal graph patterns for each of the first and second temporal graphs to determine whether a pattern exists between a first temporal graph pattern and a second temporal graph pattern, wherein the pattern between the temporal graph patterns is a non-repetitive graph pattern, pruning the pattern between the first and second temporal graph patterns to provide a discriminative temporal graph, and generating behavior queries based on the discriminative temporal graph.
摘要翻译: 一种使用有差别的子轨迹挖掘在时间图中构建行为查询的方法和系统。 该方法包括生成系统数据日志以提供时间图,其中时间图包括对应于目标行为的第一时间图和对应于一组背景行为的第二时间图,针对第一和第二中的每一个生成时间图模式 时间图以确定在第一时间图模式和第二时间图模式之间是否存在模式,其中所述时间图模式之间的模式是非重复图模式,在第一和第二时间图模式之间修剪所述模式以提供 区分性时间图,以及基于区分性时间图生成行为查询。
-
20.发明公开
公开(公告)号:EP3143546A1
公开(公告)日:2017-03-22
申请号:EP15792336.8
申请日:2015-05-15
发明人: QIAN, Zhiyun , WANG, Jun , LI, Zhichun , WU, Zhenyu , RHEE, Junghwan , NING, Xia , JIANG, Guofei
CPC分类号: H04L63/1425 , G06F11/30 , G06F21/50 , G06F21/552 , G06F21/554 , G06N99/005 , H04L63/1441
摘要: Methods and systems for process constraint include collecting system call information for a process. It is detected whether the process is idle based on the system call information and then whether the process is repeating using autocorrelation to determine whether the process issues system calls in a periodic fashion. The process is constrained if it is idle or repeating to limit an attack surface presented by the process.
摘要翻译: 过程约束的方法和系统包括收集进程的系统调用信息。 基于系统调用信息检测进程是否空闲,然后检查进程是否使用自相关重复以确定进程是否以周期性方式发出系统调用。 如果空闲或重复限制进程所呈现的攻击面,则该进程受到约束。
-
-
-
-
-
-
-
-
-
搜索结果
24 条记录 (耗时 0.013 秒)
