公开(公告)号：US20150256431A1

公开(公告)日：2015-09-10

申请号：US14200669

申请日：2014-03-07

Applicant: Cisco Technology, Inc.

Inventor： Kevin A. Buchanan ,  Andrew E. Ossipov

IPC: H04L12/26 ,  H04L29/08

CPC classification number: H04L63/1408 ,  H04L67/22

Abstract: Presented herein are techniques for determining an initiator of network traffic, collecting at each of multiple instants of time, usage data for network traffic associated with the initiator, and storing historical usage data based on updates from usage data for the network traffic over time. Current usage data are compared to historical usage data of the initiator to determine whether current usage data are within an expected distribution with respect to the historical usage data. Based upon the comparison between the current usage data and the historical usage data, an inspection threshold is selected for traffic flows from the initiator, and a proportion of traffic flows associated with the initiator is determined to be inspected based on the inspection threshold.

Abstract translation: 这里提出了用于确定网络业务的发起者的技术，在多个时刻的每个时刻收集与发起者相关联的网络流量的使用数据，以及基于来自网络流量随时间的使用数据的更新来存储历史使用数据。 将当前使用数据与发起者的历史使用数据进行比较，以确定当前使用数据是否在相对于历史使用数据的预期分布内。 基于当前使用数据与历史使用数据之间的比较，选择来自发起者的业务流的检查阈值，并且基于检查阈值确定与启动器相关联的一部分业务流。

公开(公告)号：US20160337312A1

公开(公告)日：2016-11-17

申请号：US14709777

申请日：2015-05-12

Applicant: Cisco Technology, Inc.

Inventor： Kevin A. Buchanan ,  Andrew E. Ossipov ,  Kent Leung ,  Xun Wang ,  Zhijun Liu ,  Weiwei Kang

IPC: H04L29/06

CPC classification number: H04L63/0227 ,  H04L47/10 ,  H04L63/0254

Abstract: A method operable in a security device cluster having a plurality of security devices each configured to receive respective data flows. The method includes receiving a first segment of a flow at a first security device of the plurality of security devices, sending the first segment of the flow toward a destination node without the first security device of the plurality of security devices asserting ownership over the flow, receiving, from the destination node, a second segment of the flow at a second security device of the plurality of security devices, the second segment of the flow being responsive to the first segment, asserting, by the second security device of the plurality of security devices, ownership over the flow, and forwarding, from the first security device, packets of the flow subsequently received by the first security device to the second security device.

Abstract translation: 一种在具有多个安全设备的安全设备集群中可操作的方法，每个安全设备被配置为接收相应的数据流。 该方法包括在多个安全设备中的第一安全设备处接收流的第一段，将流的第一段发送到目的地节点，而不使多个安全设备中的第一安全设备声明对流的所有权， 从所述目的地节点接收在所述多个安全设备中的第二安全设备处的所述流的第二段，所述流的第二段响应于所述第一段，由所述第二安全设备断言所述多个安全性 设备，流量的所有权以及来自第一安全设备的转发，随后由第一安全设备接收的流的分组传送到第二安全设备。

公开(公告)号：US09860209B2

公开(公告)日：2018-01-02

申请号：US14709777

申请日：2015-05-12

Applicant: Cisco Technology, Inc.

Inventor： Kevin A. Buchanan ,  Andrew E. Ossipov ,  Kent Leung ,  Xun Wang ,  Zhijun Liu ,  Weiwei Kang

IPC: H04L29/00 ,  H04L29/06 ,  H04L12/801

CPC classification number: H04L63/0227 ,  H04L47/10 ,  H04L63/0254

Abstract: A method operable in a security device cluster having a plurality of security devices each configured to receive respective data flows. The method includes receiving a first segment of a flow at a first security device of the plurality of security devices, sending the first segment of the flow toward a destination node without the first security device of the plurality of security devices asserting ownership over the flow, receiving, from the destination node, a second segment of the flow at a second security device of the plurality of security devices, the second segment of the flow being responsive to the first segment, asserting, by the second security device of the plurality of security devices, ownership over the flow, and forwarding, from the first security device, packets of the flow subsequently received by the first security device to the second security device.