-
公开(公告)号:US08613088B2
公开(公告)日:2013-12-17
申请号:US11552025
申请日:2006-10-23
IPC分类号: G06F12/14
CPC分类号: H04L63/1408 , H04L63/145
摘要: A method and system to detect an evasion attack are provided. The system may include a repository to store signature fragments that together constitute an attack signature, an interceptor to intercept a data packet associated with a network connection, a string-matching module to determine whether the payload of the data packet includes any of the stored signature fragments thereby identifying a match, a responder to perform a prevention action in response to the match, and a detector to detect that a size of the data packet is less than a size threshold. The system may further include a state machine to commence maintaining a state for the network connection in response to the detector determining that the size of the data packet is less than the size threshold.
摘要翻译: 提供了一种检测逃避攻击的方法和系统。 系统可以包括存储器,用于存储一起构成攻击签名的签名片段,拦截与网络连接相关联的数据分组的拦截器,字符串匹配模块,用于确定数据分组的有效载荷是否包括任何存储的签名 片段,从而识别匹配,响应者执行响应于匹配的预防动作;以及检测器,用于检测数据包的大小小于尺寸阈值。 该系统还可以包括状态机,以响应于检测器确定数据分组的大小小于该大小阈值开始维持网络连接的状态。
-
公开(公告)号:US20130226857A1
公开(公告)日:2013-08-29
申请号:US13405190
申请日:2012-02-24
申请人: David Shim , Brad Bicknell , George Varghese , Nick Gerner , Weilie Yi
发明人: David Shim , Brad Bicknell , George Varghese , Nick Gerner , Weilie Yi
IPC分类号: G06N5/04
摘要: A system to infer place data is disclosed that receives location data collected on a user's mobile electronic device, recognizes when, where and for how long the user makes stops, generates possible places visited, and predicts the likelihood of a user to visit those places.
摘要翻译: 公开了一种用于推断地点数据的系统,其接收在用户的移动电子设备上收集的位置数据,识别用户进行停靠的时间,地点和时间以及生成可能的访问地点,并且预测用户访问那些地点的可能性。
-
公开(公告)号:US20130225202A1
公开(公告)日:2013-08-29
申请号:US13405182
申请日:2012-02-24
申请人: David Shim , Brad Bicknell , George Varghese , Nick Gerner , Weilie Yi
发明人: David Shim , Brad Bicknell , George Varghese , Nick Gerner , Weilie Yi
IPC分类号: H04W24/00
CPC分类号: G06F17/30424 , G06F17/30241
摘要: A data collection system that provides the means to collect, store and make data available for a location analytics inference pipeline. The system incorporates a feedback mechanism enabling algorithms produced from the inference pipeline to drive the collection strategy to yield higher data quality and to produce reference data for model validation.
摘要翻译: 数据收集系统提供收集,存储和使数据可用于位置分析推理流程的方法。 该系统包含一个反馈机制,使得从推理流程产生的算法可以驱动收集策略,以产生更高的数据质量并生成模型验证的参考数据。
-
44.发明授权公开(公告)号:US08296842B2
公开(公告)日:2012-10-23
申请号:US11547944
申请日:2004-12-01
申请人: Sumeet Singh , George Varghese , Cristi Estan , Stefan Savage
发明人: Sumeet Singh , George Varghese , Cristi Estan , Stefan Savage
IPC分类号: H04L29/06
CPC分类号: H04L63/1416 , G06F21/55 , H04L9/002 , H04L9/3236 , H04L9/3247 , H04L2209/60 , H04L2463/141
摘要: Network worms or viruses are a growing threat to the security of public and private networks and the individual computers that make up those networks. A content sifting method if provided that automatically generates a precise signature for a worm or virus that can then be used to significantly reduce the propagation of the worm elsewhere in the network or eradicate the worm altogether. The content sifting method is complemented by a value sampling method that increases the throughput of network traffic that can be monitored. Together, the methods track the number of times invariant strings appear in packets and the network address dispersion of those packets including variant strings. When an invariant string reaches a particular threshold of appearances and address dispersion, the string is reported as a signature for suspected worm.
摘要翻译: 网络蠕虫或病毒对构成这些网络的公共和私有网络以及个别计算机的安全性日益增长。 如果提供的内容筛选方法自动生成针对蠕虫或病毒的精确签名,然后可以将蠕虫或病毒用于显着减少网络中其他地方的蠕虫传播或彻底消除蠕虫。 内容筛选方法补充了一种增加可监控网络流量吞吐量的值抽样方法。 这些方法一起跟踪数据包中出现不变字符串的次数以及包括变体字符串的数据包的网络地址色散。 当不变字符串达到特定的出现阈值和地址分散时,字符串将被报告为可疑蠕虫的签名。
-
45.发明授权公开(公告)号:US07966658B2
公开(公告)日:2011-06-21
申请号:US10822226
申请日:2004-04-08
申请人: Sumeet Singh , George Varghese , Cristi Estan , Stefan Savage
发明人: Sumeet Singh , George Varghese , Cristi Estan , Stefan Savage
IPC分类号: G08B23/00
CPC分类号: H04L63/1416 , G06F21/55 , H04L9/002 , H04L9/3236 , H04L9/3247 , H04L2209/60 , H04L2463/141
摘要: Detecting attacks against computer systems by automatically detecting signatures based on predetermined characteristics of the intrusion. One aspect looks for commonalities among a number of different network messages, and establishes an intrusion signature based on those commonalities. Data reduction techniques, such as a hash function, are used to minimize the amount of resources which are necessary to establish the commonalities. In an embodiment, signatures are created based on the data reduction hash technique. Frequent signatures are found by reducing the signatures using that hash technique. Each of the frequent signatures is analyzed for content, and content which is spreading is flagged as being a possible attack. Additional checks can also be carried out to look for code within the signal, to look for spam, backdoors, or program code.
摘要翻译: 通过基于入侵的预定特征自动检测签名来检测对计算机系统的攻击。 一个方面寻找许多不同网络消息之间的共同点,并根据这些共同点建立入侵签名。 使用诸如哈希函数的数据缩减技术来最小化建立共同点所需的资源量。 在一个实施例中,基于数据缩减散列技术创建签名。 通过使用该散列技术减少签名来发现频繁的签名。 对每个频繁签名进行内容分析,将正在扩展的内容标记为可能的攻击。 还可以进行附加检查,以查找信号中的代码,查找垃圾邮件,后门程序或程序代码。
-
公开(公告)号:US07602780B2
公开(公告)日:2009-10-13
申请号:US11271310
申请日:2005-11-09
IPC分类号: H04L12/56
CPC分类号: H04L45/00 , H04L45/60 , H04L45/745 , H04L63/145 , H04L67/327
摘要: A method and apparatus is described for identifying content in a packet. The method may obtain data sample from the packet where the data sample is in a predetermined window at an initial offset point in the packet. For each offset point, a first stage of processing on the data sample may be performed to identify if the data sample corresponds to potentially relevant reference string. A more focused second stage of processing may then be carried out on the data sample to identify if the data sample corresponds to potentially relevant reference string. Thereafter, an even more focused third stage of processing may be carried out on the data sample to obtain a third stage result. If the data sample passes all three stages of processing, a predefined action is identified which is associated with a reference string corresponding to the data sample.
摘要翻译: 描述了用于识别分组中的内容的方法和装置。 该方法可以从分组中的初始偏移点处的数据样本在预定窗口中获取数据样本。 对于每个偏移点,可以执行关于数据样本的第一级处理以识别数据样本是否对应于潜在相关的参考串。 然后可以对数据样本执行更集中的第二阶段处理,以识别数据样本是否对应于潜在相关的参考字符串。 此后,可以对数据样本进行更加集中的第三阶段处理,以获得第三阶段结果。 如果数据样本通过所有三个处理阶段,则识别与对应于数据样本的参考串相关联的预定义动作。
-
公开(公告)号:US07535909B2
公开(公告)日:2009-05-19
申请号:US11271209
申请日:2005-11-09
申请人: Sumeet Singh , George Varghese
发明人: Sumeet Singh , George Varghese
IPC分类号: H04L12/28
CPC分类号: H04L12/2854 , H04L69/22
摘要: A method and apparatus is described to process packets in a network. The method may comprise receiving the packet and determining a length K of the packet. If the length of the packet is less than a reference length M then no analysis may be performed on the packet. However, if the packet length K is not less than M, the method may determine if the packet length K is at least greater than a reference window size WRef. When the packet length is greater than WRef then a window size W for the processing of the packets is set equal to WRef; and the packet length is less than WRef then a window size W for the processing of the packets is set equal to the packet size K. Thereafter, the packet is processed using the window size W.
摘要翻译: 描述了一种在网络中处理分组的方法和装置。 该方法可以包括接收分组并确定分组的长度K. 如果分组的长度小于参考长度M,则不能对分组执行分析。 然而,如果分组长度K不小于M,则该方法可以确定分组长度K是否至少大于参考窗口大小WRef。 当分组长度大于WRef时,用于处理分组的窗口大小W被设置为等于WRef; 并且分组长度小于WRef,则将用于处理分组的窗口大小W设置为等于分组大小K.然后,使用窗口大小W处理分组。
-
48.发明申请METHOD AND SYSTEM FOR ESTIMATING AND COMPENSATING NON-LINEAR DISTORTION IN A TRANSMITTER USING DATA SIGNAL FEEDBACK 审中-公开使用数据信号反馈在发射机中估计和补偿非线性失真的方法和系统公开(公告)号:US20080139141A1
公开(公告)日:2008-06-12
申请号:US11777543
申请日:2007-07-13
IPC分类号: H04B1/04
CPC分类号: H04B1/0475 , H03F1/3241 , H03F1/3247 , H03F1/3294 , H03F1/34 , H03F3/24 , H03F2200/336 , H03F2200/408 , H03F2200/438 , H03F2200/447 , H03F2200/468 , H03F2201/3233 , H04B2001/0425
摘要: Aspects of a method and system for estimating and compensating for non-linear distortion in a transmitter using data signal feedback are presented. Aspects of the system may include a method and system by which predistortion values, for compensating for non-linear distortion, may be computed based on feedback signals generated in response to wideband input signals. The wideband input signals may comprise a plurality of frequency components and/or signal amplitudes. The predistortion values may be computed by time-synchronizing a wideband input signal generated at a given time instant, and the feedback signal generated at a subsequent time instant in response. A predistortion function may be computed by computing predistortion values for a plurality of signal amplitude values and/or IC operating temperatures. The computed values may be stored in a lookup table and retrieved to predistort subsequent wideband input signals based on the amplitude of the signals and/or the IC operating temperature.
摘要翻译: 提出了使用数据信号反馈来估计和补偿发射机中的非线性失真的方法和系统的方面。 该系统的方面可以包括一种方法和系统,通过该方法和系统,可以基于响应于宽带输入信号而产生的反馈信号来计算用于补偿非线性失真的预失真值。 宽带输入信号可以包括多个频率分量和/或信号幅度。 预失真值可以通过对在给定时刻产生的宽带输入信号进行时间同步和在随后的时刻产生的反馈信号来计算。 可以通过计算多个信号振幅值和/或IC工作温度的预失真值来计算预失真函数。 所计算的值可以存储在查找表中,并且基于信号的幅度和/或IC工作温度来检索以预测后续的宽带输入信号。
-
公开(公告)号:US20060098652A1
公开(公告)日:2006-05-11
申请号:US11271310
申请日:2005-11-09
申请人: Sushil Singh , George Varghese , John Huber , Sumeet Singh
发明人: Sushil Singh , George Varghese , John Huber , Sumeet Singh
IPC分类号: H04L12/56
CPC分类号: H04L45/00 , H04L45/60 , H04L45/745 , H04L63/145 , H04L67/327
摘要: A method and apparatus is described for identifying content in a packet. The method may obtain data sample from the packet where the data sample is in a predetermined window at an initial offset point in the packet. For each offset point, a first stage of processing on the data sample may be performed to identify if the data sample corresponds to potentially relevant reference string. A more focused second stage of processing may then be carried out on the data sample to identify if the data sample corresponds to potentially relevant reference string. Thereafter, an even more focused third stage of processing may be carried out on the data sample to obtain a third stage result. If the data sample passes all three stages of processing, a predefined action is identified which is associated with a reference string corresponding to the data sample.
-
公开(公告)号:US06212184B1
公开(公告)日:2001-04-03
申请号:US09115886
申请日:1998-07-15
IPC分类号: H04L1256
CPC分类号: H04L45/745 , H04L45/00 , H04L45/7457 , H04L49/25 , H04L49/3009 , H04L49/602
摘要: Fast, scalable methods and devices are provided for layer four switching in a router as might be found in the Internet. In a first method, a grid of tries, which are binary branching trees, is constructed from the set of routing filters. The grid includes a dest-trie and a number of source tries. To avoid memory blowup, each filter is stored in exactly one trie. The tries are traversed to find the lowest cost routing. Switch pointers are used to improve the search cost. In an extension of this method, hash tables may be constructed that point to grid-of-tries structures. The hash tables may be used to handle combinations of port fields and protocol fields. Another method is based on hashing, in which searches for lowest cost matching filters take place in bit length tuple space. Rectangle searching with precomputation and markers are used to eliminate a whole column of tuple space when a match occurs, and to eliminate the rest of a row when no match is found. Various optimizations of these methods are also provided. A router incorporating memory and processors implementing these methods is capable of rapid, selective switching of data packets on various types of networks, and is particularly suited to switching on Internet Protocol networks.
摘要翻译: 为在互联网中可能找到的路由器中的第四层交换提供了快速,可扩展的方法和设备。 在第一种方法中,从一组路由过滤器构建一个作为二叉分支树的尝试网格。 网格包括一个目标和一些源尝试。 为了避免内存溢出,每个过滤器都存储在正好一个特里。 遍历尝试以找到最低成本的路由。 切换指针用于提高搜索成本。 在该方法的扩展中,可以构造指向尝试结构的哈希表。 哈希表可用于处理端口字段和协议字段的组合。 另一种方法是基于散列,其中最低成本匹配滤波器的搜索发生在位长度元组空间中。 使用预先计算和标记的矩形搜索用于在发生匹配时消除整列元组空间,并且在找不到匹配时消除其余行。 还提供了这些方法的各种优化。 包含实现这些方法的内存和处理器的路由器能够在各种类型的网络上快速,选择性地切换数据分组,并且特别适合于互联网协议网络上的切换。
-
-
-
-
-
-
-
-
-
搜索结果
51 条记录 (耗时 0.041 秒)
