-
31.发明授权Apparatus, method and program to detect and control deleterious code (virus) in computer network 有权用于检测和控制计算机网络中有害代码(病毒)的装置,方法和程序公开(公告)号:US07669240B2
公开(公告)日:2010-02-23
申请号:US10896680
申请日:2004-07-22
CPC分类号: H04L63/145 , H04L43/00 , H04L63/0236 , H04L63/1416
摘要: A detection and response system including a set of algorithms for detection within a stream of normal computer traffic a subset of TCP packets with one IP Source Address (SA), one Destination Port (DP), and a number exceeding a threshold of distinct Destination Addresses (DA). There is efficient use of a lookup mechanism such as a Direct Table and Patricia search tree to record sets of packets with one SA and one DP as well as the set of DA values observed for the given SA, DP combination. The existence of such a subset and the header values including SA, DP, and multiple DAs of the subset are reported to a network administrator. In addition, various administrative responses to reports are provided.
摘要翻译: 一种检测和响应系统,包括用于在正常计算机业务流内检测的一组算法,具有一个IP源地址(SA)的TCP分组的子集,一个目的地端口(DP)以及超过不同目的地址的阈值的数量 (DA)。 有效利用诸如直接表和帕特里夏搜索树之类的查找机制来记录具有一个SA和一个DP的分组集合以及针对给定的SA,DP组合观察到的一组DA值。 这样的子集的存在和包括该子集的SA,DP和多个DA的标题值被报告给网络管理员。 此外,还提供了各种对报告的行政回应。
-
公开(公告)号:US07657942B2
公开(公告)日:2010-02-02
申请号:US11033436
申请日:2005-01-11
申请人: Kevin David Himberger , Clark Debs Jeffries , Charles Steven Lingafelt , Allen Leonid Roginsky , Phillip Singleton
发明人: Kevin David Himberger , Clark Debs Jeffries , Charles Steven Lingafelt , Allen Leonid Roginsky , Phillip Singleton
CPC分类号: G06F21/552 , G06F21/577 , G06Q40/08 , G08B21/22
摘要: A method, apparatus, and computer instructions for providing a current and complete security compliance view of an enterprise system. The present invention provides the ability to gain a real-time security posture and security compliance view of an enterprise and to assess the risk impact of known threats and attacks to continued business operations at various levels is provided. Responsive to a change to an enterprise environment, a request, or an external threat, an administrator loads or updates at least one of a Critical Application Operations database, a Historical database, an Access Control database, a Connectivity database, and a Threat database. Based on a comparison of information in the databases against similar security data elements from company or external policies, the administrator may generate a Security Compliance view of the enterprise. A Security Posture view may also be generated by comparing the Security Compliance view against data in the Threat database.
摘要翻译: 一种用于提供企业系统的当前和完整的安全合规性视图的方法,装置和计算机指令。 本发明提供获得企业的实时安全状态和安全合规性视图的能力,并且评估已知威胁和攻击对于各个级别的持续业务操作的风险影响。 响应企业环境,请求或外部威胁的更改,管理员加载或更新关键应用程序操作数据库,历史数据库,访问控制数据库,连接数据库和威胁数据库中的至少一个。 基于数据库中的信息与公司或外部策略中类似的安全数据元素的比较,管理员可以生成企业的安全合规性视图。 通过将安全合规性视图与威胁数据库中的数据进行比较,也可以生成安全性状态视图。
-
33.发明授权System, method, and program product for managing an intrusion detection system 有权用于管理入侵检测系统的系统,方法和程序产品公开(公告)号:US07084760B2
公开(公告)日:2006-08-01
申请号:US10838711
申请日:2004-05-04
IPC分类号: G08B21/00
CPC分类号: H04L63/1425 , G06F21/552 , G06F21/577 , H04L63/1433
摘要: An intrusion event detection system, method, and program product with an enumeration of specific known benign intrusion events, and performing a vulnerability test on specific elements of the computer system for the particular known benign intrusion event. These vulnerability tests are performed at predetermined time intervals measured from a previous test or previous intrusion event of the known benign intrusion event. The predetermined time interval is increased based on various attributes, passage of time since the last intrusion event of either the specific known benign intrusion event or another known benign intrusion event, or even a an undetermined or harmful intrusion event, or the present detection of an intrusion even; or the vulnerability of a specific element in the computer system to a specific intrusion event.
摘要翻译: 入侵事件检测系统,方法和程序产品,具有枚举特定已知的良性入侵事件,以及针对特定已知的良性入侵事件对计算机系统的特定元件执行脆弱性测试。 这些漏洞测试是在从已知的良性入侵事件的先前测试或先前入侵事件测量的预定时间间隔执行的。 基于各种属性,特定已知的良性入侵事件或另一已知的良性入侵事件的最后入侵事件之后的时间的流逝,或者甚至是未确定的或有害的入侵事件,或者当前的检测 入侵甚至 或计算机系统中特定元素对特定入侵事件的脆弱性。
-
公开(公告)号:US06940864B2
公开(公告)日:2005-09-06
申请号:US09906352
申请日:2001-07-16
申请人: Youssef Abdelilah , Gordon Taylor Davis , Jeffrey Haskell Derby , Dongming Hwang , Clark Debs Jeffries , Malcolm Scott Ware , Hua Ye
发明人: Youssef Abdelilah , Gordon Taylor Davis , Jeffrey Haskell Derby , Dongming Hwang , Clark Debs Jeffries , Malcolm Scott Ware , Hua Ye
CPC分类号: H04L65/605 , H04L29/06027 , H04L47/2441 , H04L47/2458 , H04L47/365 , H04L47/50 , H04L65/80 , H04L69/22
摘要: Packetized voice, video, and data traffic (data frames) are received in a communication traffic sorter. The data frames have a dispatch priority corresponding to their transmission characteristics (flow) and a quality of service parameters. The communication traffic sorter analyzes information in data packets within each data frame and determines an optimum flow for the data frames. A data frame is assigned to a selected queue based on an analysis of the information in its data packets. A data frame may also be assigned to a queue based on a prior analysis of a data frame with like transmission characteristics. Results of analysis are stored and indexed to facilitate processing of subsequent data frames. The network access sorter has circuits to un-pack and re-pack the data frame, when called for, to allow user transmitted data to be processed to create a modified data frame. The data frame may then be dispatched with a second dispatch priority on a bus for distribution to end users where previously assigned quality of service is maintained or exceeded.
摘要翻译: 分组化语音,视频和数据业务(数据帧)在通信流量分类器中被接收。 数据帧具有对应于其传输特性(流)和服务质量参数的调度优先级。 通信流量分类器分析每个数据帧内的数据分组中的信息,并确定数据帧的最佳流。 基于对其数据分组中的信息的分析,将数据帧分配给所选择的队列。 基于具有相似传输特性的数据帧的先前分析,也可以将数据帧分配给队列。 分析结果存储和索引,以便于后续数据帧的处理。 网络访问分拣机具有用于在被要求时解除数据帧的打包和重新打包的电路,以允许用户传送的数据被处理以创建经修改的数据帧。 然后可以在总线上以第二调度优先级调度数据帧,以便分发给维护或超过先前分配的服务质量的最终用户。
-
公开(公告)号:US06925503B2
公开(公告)日:2005-08-02
申请号:US09916766
申请日:2001-07-27
IPC分类号: G06F7/00 , G06F15/173 , H04L12/56
摘要: A method and system for finding a longest prefix match for a key in a computer network is disclosed. The method and system include providing a main engine and providing an auxiliary engine. The main engine is for storing a first plurality of addresses and for searching the first plurality of addresses for the longest prefix match for the key. None of the first plurality of addresses is a prefix for another address of the first plurality of addresses. The auxiliary engine is for storing and searching a second plurality of addresses. A first address of the second plurality of addresses is capable of including the prefix for a second address of the first plurality of addresses or for a third address for the second plurality of addresses. None of the first plurality of addresses is the prefix for any of the second plurality of addresses. Each of the second plurality of addresses is distinct from each of the first plurality of addresses.
摘要翻译: 公开了一种用于为计算机网络中的密钥找到最长前缀匹配的方法和系统。 该方法和系统包括提供主机并提供辅助发动机。 主引擎用于存储第一多个地址,并用于搜索第一多个地址以获得密钥的最长前缀匹配。 第一多个地址中没有一个是第一多个地址的另一地址的前缀。 辅助引擎用于存储和搜索第二多个地址。 第二多个地址的第一地址能够包括第一多个地址的第二地址的前缀或第二多个地址的第三地址。 第一多个地址中没有一个是第二多个地址中的任一个的前缀。 第二多个地址中的每一个与第一多个地址中的每一个不同。
-
公开(公告)号:US06792423B1
公开(公告)日:2004-09-14
申请号:US09723717
申请日:2000-11-28
IPC分类号: G06T1730
CPC分类号: G06F17/30985 , H04L29/12801 , H04L61/6004 , Y10S707/99936
摘要: A method and system for finding a longest matching prefix for an input keyword from among multiple prefixes. The prefixes are data strings of varying lengths wherein prefixes of length n or greater are probabilistically a longest prefix match. The method of the present invention begins by mapping the prefixes of length greater than or equal to n1, that is, in the interval [n1, L], into a first lookup system. Remaining prefixes of length less than n1 but greater than or equal to n2, that is, in the interval [n2, n1−1], are mapped into a second index utilizing a second hash function, wherein n2 is less than n1. Further lookup systems on prefixes having lengths in the intervals [n3, n2−1], [n4, n3−1], and so on, may also be utilized, as determined by optimization studies and the statistics of routing tables.
摘要翻译: 一种用于从多个前缀中为输入关键字找到最长匹配前缀的方法和系统。 前缀是具有不同长度的数据串,其长度为n或更大的前缀概率地是最长前缀匹配。 本发明的方法首先将长度大于或等于n1的前缀,即间隔[n1,L]映射到第一查找系统中。 长度小于n1但大于或等于n2的剩余前缀,即在间隔[n2,n1-1]中,使用第二散列函数映射到第二索引,其中n2小于n1。 还可以利用在间隔[n3,n2-1],[n4,n3-1]等中具有长度的前缀上的进一步查找系统,如通过优化研究和路由表的统计确定的。
-
37.发明授权Method and system for testing filter rules using caching and a tree structure 失效使用缓存和树结构测试过滤规则的方法和系统公开(公告)号:US06529897B1
公开(公告)日:2003-03-04
申请号:US09540500
申请日:2000-03-31
IPC分类号: G06F1730
CPC分类号: H04L47/10 , H04L47/24 , H04L47/2425 , H04L63/0227 , H04L63/0263 , H04Q11/04 , H04Q2213/13103 , H04Q2213/13343 , Y10S707/99932
摘要: A method and system for testing a plurality of filter rules in a computer system is disclosed. The plurality of filter rules are used with a key that is capable of matching at least one of the plurality of filter rules. The at least one filter rule corresponds to at least one action. The computer system has a cache including a plurality of bins and a decision tree. The method and system include searching a plurality of stored keys in the cache for the key. Preferably, this search of the cache for the key includes determining whether a stored key exactly matches the key. A plurality of stored filter rules corresponds to the plurality of stored keys. A plurality of stored actions corresponds to the plurality of stored filter rules. The cache stores each of the plurality of stored keys and at least one stored action in each bin of a portion of the bins. The method and system also include obtaining the at least one action from the cache if the key is found in plurality of stored keys and otherwise obtaining the at least one action using the decision tree. Preferably, searches of the decision tree and cache start simultaneously. The decision tree search is terminated if the key is found in the cache. The cache is written to if the at least one action is obtained using the decision tree, but preferably only if the at least one filter rule has a priority of one.
摘要翻译: 公开了一种用于测试计算机系统中的多个过滤规则的方法和系统。 多个滤波器规则与能够匹配多个滤波器规则中的至少一个的密钥一起使用。 至少一个过滤规则对应于至少一个动作。 计算机系统具有包括多个箱体和决策树的高速缓存器。 该方法和系统包括在密钥的高速缓存中搜索多个存储的密钥。 优选地,对于密钥的高速缓存的搜索包括确定存储的密钥是否与密钥完全匹配。 多个存储的过滤规则对应于多个存储的密钥。 多个存储的动作对应于多个存储的过滤器规则。 高速缓存存储多个存储的密钥中的每一个以及至少一个存储的动作在仓的一部分的每个仓中。 所述方法和系统还包括如果在多个存储的密钥中找到密钥并且否则使用所述决策树获得所述至少一个动作,则从所述高速缓存获得所述至少一个动作。 优选地,决策树和高速缓存的搜索同时开始。 如果在缓存中找到密钥,则决定树搜索将被终止。 如果使用决策树获得至少一个动作,则优先写入高速缓存,但是优选地仅当所述至少一个过滤器规则具有优先级为1时。
-
38.发明授权
公开(公告)号:US6122254A
公开(公告)日:2000-09-19
申请号:US978108
申请日:1997-11-25
申请人: Metin Aydemir , Clark Debs Jeffries
发明人: Metin Aydemir , Clark Debs Jeffries
CPC分类号: H04L47/263 , H04L47/10 , H04L47/18
摘要: A method and apparatus for flow control for sources in packet switched networks is implemented. A data rate for the source is determined based on a critically damped second-order system in response to a congestion signal sent by a destination node or other network device. The data rate is damped toward a share value that is also based on a critically damped second-order system. The resulting flow control reduces packet loss and improves network utilization.
摘要翻译: 实现了用于分组交换网络中的源的流控制的方法和装置。 基于由目的地节点或其他网络设备发送的拥塞信号,基于严格阻尼的二阶系统来确定源的数据速率。 数据速率朝向基于严重阻尼的二阶系统的共享值减弱。 由此产生的流控制可以减少数据包丢失并提高网络利用率。
-
39.发明授权System, method and program to limit rate of transferring messages from suspected spammers 失效系统,方法和程序来限制来自可疑垃圾邮件发送者的邮件传输速率公开(公告)号:US08478831B2
公开(公告)日:2013-07-02
申请号:US13415495
申请日:2012-03-08
IPC分类号: G06F15/16 , G06F15/173
CPC分类号: H04L51/12 , G06Q10/107
摘要: Managing e-mails from a source suspected of sending spam. The e-mails are received at a firewall or router en route to a mail server. A determination is made whether a source has sent an e-mail which exhibits characteristics of spam. In response, subsequent e-mails from the source destined for the mail server are rate-limiting at the firewall or router such that the firewall or router limits a rate at which the subsequent e-mails are forwarded from the firewall or router to the mail server. The rate limit can be a limit on a number of e-mails per unit of time from the source that will be forwarded from the firewall or router to the mail server.
摘要翻译: 管理来自怀疑发送垃圾邮件的邮件的电子邮件。 电子邮件在路由到邮件服务器的防火墙或路由器上收到。 确定来源是否发送了展示垃圾邮件特性的电子邮件。 作为回应,来自目的地为邮件服务器的源的后续电子邮件在防火墙或路由器上是速率限制的,使得防火墙或路由器限制后续电子邮件从防火墙或路由器转发到邮件的速率 服务器。 速率限制可以限制从将从防火墙或路由器转发到邮件服务器的源的每单位时间的电子邮件数量。
-
40.发明申请SYSTEM, METHOD AND PROGRAM TO LIMIT RATE OF TRANSFERRING MESSAGES FROM SUSPECTED SPAMMERS 失效系统,方法和程序限制从可疑垃圾邮件传输信息的速度公开(公告)号:US20130067562A1
公开(公告)日:2013-03-14
申请号:US13415495
申请日:2012-03-08
IPC分类号: G06F21/00
CPC分类号: H04L51/12 , G06Q10/107
摘要: A system, method and program product for managing e-mails from a source suspected of sending spam. The e-mails are received at a firewall or router en route to a mail server. A determination is made whether a source has sent an e-mail which exhibits characteristics of spam. In response, subsequent e-mails from the source destined for the mail server are rate-limiting at the firewall or router such that the firewall or router limits a rate at which the subsequent e-mails are forwarded from the firewall or router to the mail server. The rate is predetermined and less than a maximum rate at which the firewall or router can physically forward e-mails to the mail server absent the rate limit. A determination is made whether another source has sent another e-mail which exhibits more characteristics of spam than the first said e-mail. In response, subsequent e-mails from this other source are blocked at the firewall or router. The rate limit can be a limit on a number of e-mails per unit of time from the source that will be forwarded from the firewall or router to the mail server.
摘要翻译: 用于管理来自怀疑发送垃圾邮件的来源的电子邮件的系统,方法和程序产品。 电子邮件在路由到邮件服务器的防火墙或路由器上收到。 确定来源是否发送了展示垃圾邮件特征的电子邮件。 作为回应,来自目的地为邮件服务器的源的后续电子邮件在防火墙或路由器上是速率限制的,使得防火墙或路由器限制后续电子邮件从防火墙或路由器转发到邮件的速率 服务器。 速率是预定的,并且小于防火墙或路由器可以在没有速率限制的情况下将电子邮件物理转发到邮件服务器的最大速率。 确定另一个来源是否发送了另一个具有比第一个所述电子邮件更多的垃圾邮件特征的电子邮件。 作为回应,来自其他来源的后续电子邮件在防火墙或路由器上被阻止。 速率限制可以限制从将从防火墙或路由器转发到邮件服务器的源的每单位时间的电子邮件数量。
-
-
-
-
-
-
-
-
-
搜索结果
89 条记录 (耗时 0.037 秒)
