-
1.发明授权Method and system for identifying enterprise network hosts infected with slow and/or distributed scanning malware 有权识别感染慢扫描和/或分布式扫描恶意软件的企业网络主机的方法和系统公开(公告)号:US08341740B2
公开(公告)日:2012-12-25
申请号:US12124431
申请日:2008-05-21
申请人: Bassem Abdel-Aziz , Stanley Chow , Shu-Lin Chen
发明人: Bassem Abdel-Aziz , Stanley Chow , Shu-Lin Chen
IPC分类号: G06F21/00
CPC分类号: H04L63/1416
摘要: Malware detection systems are presented in which a list is constructed of enterprise hosts to or from which each given enterprise network host sends or receives packets within a current measurement period and statistics are accumulated based on two or more measurement period lists, with a count value being derived from the statistics to indicate the number of other hosts to or from which each monitored host sent or received packets, and one or more monitored hosts may be identified as suspected of being infected with slow and/or distributed scanning malware for which the count value exceeds a threshold value.
摘要翻译: 提供了恶意软件检测系统,其中列表是由企业主机构成的,每个企业主机在每个给定的企业网络主机在当前测量周期内发送或接收分组,并且基于两个或更多个测量周期列表累积统计信息,计数值为 从统计信息中导出,以指示每个受监视主机发送或接收的数据包的其他主机的数量,以及一个或多个受监视主机可能被识别为怀疑被慢扫描和/或分布式扫描恶意软件感染,计数值 超过阈值。
-
公开(公告)号:US20090044276A1
公开(公告)日:2009-02-12
申请号:US12248537
申请日:2008-10-09
CPC分类号: H04L63/1425 , H04L63/145
摘要: A method of detecting malware may include: a) examining header data in each PDU transferred by a port of an access switch to identify PDUs transferred from a local network device, b) extracting a far-end device address for PDUs based at least in part on examination of an address portion of the corresponding header data, c) maintaining fan-out information indicative of a quantity of unique far-end device addresses extracted from the PDUs during consecutive time windows, d) determining a current trend based on the fan-out information for a current time window, e) comparing the current trend to an expected trend, and f) identifying a suspected malware infection in the local network device when the current trend exceeds the expected trend by a trend threshold. A network element that may implement the method may include a header data processing unit, data storage logic, data processing logic, and malware identification logic.
摘要翻译: 检测恶意软件的方法可以包括:a)检查由接入交换机的端口传送的每个PDU中的标题数据,以识别从本地网络设备传送的PDU; b)至少部分地提取用于PDU的远端设备地址 在检查对应的标题数据的地址部分时,c)保持指示在连续时间窗口期间从PDU提取的唯一的远端设备地址的数量的扇出信息,d)基于扇区数据确定当前趋势, 输出当前时间窗口的信息,e)将当前趋势与预期趋势进行比较,以及f)当当前趋势以趋势阈值超过预期趋势时,识别本地网络设备中的疑似恶意软件感染。 可以实现该方法的网络元件可以包括头部数据处理单元,数据存储逻辑,数据处理逻辑和恶意软件识别逻辑。
-
公开(公告)号:US20120117653A1
公开(公告)日:2012-05-10
申请号:US13352451
申请日:2012-01-18
申请人: Stanley Chow , Bassem Abdel-Aziz , Faud Khan
发明人: Stanley Chow , Bassem Abdel-Aziz , Faud Khan
IPC分类号: G06F12/14
CPC分类号: H04L63/145 , G06F21/566 , H04L63/1491
摘要: Methods and systems are presented for detection of malware such as worms in which a network switch entices the malware into sending scan packets by allocating one or more ports as bait addresses, sending outgoing bait packets, and identifying compromised hosts that send unexpected incoming packets to a bait address.
摘要翻译: 提出了用于检测蠕虫的方法和系统,其中网络交换机通过将一个或多个端口分配为诱饵地址,发送传出诱饵分组以及将发送意外的传入分组的受损主机识别到 诱饵地址
-
公开(公告)号:US07917957B2
公开(公告)日:2011-03-29
申请号:US11802965
申请日:2007-05-29
CPC分类号: H04L63/1416
摘要: Packets of a certain type from a certain source are directed to a system that estimates the set of destinations and the number of new destinations for which that source has sent packets during a time window Ti. Instead of maintaining tables with the complete destination addresses for each source, the destination addresses are hashed and stored in a small bit array. The sets of destinations for a number of successive time windows are OR'ed for building cumulative tables Ci, where Ci includes all destinations that have been seen between T0 and Ti. The new destinations are determined by counting the destinations set in Ti but not in Ci-1. Any change from the typical patterns can be suspected as being a slow scan.
摘要翻译: 来自某个来源的特定类型的分组被引导到估计在时间窗口Ti期间该源已经发送分组的目的地集合和新目的地的数量的系统。 不用维护具有每个源的完整目标地址的表,目标地址被散列并存储在一个小位数组中。 多个连续时间窗口的目的地集合用于构建累积表Ci,其中Ci包括在T0和Ti之间已经看到的所有目的地。 新目的地是通过计算Ti中设置的目的地而不是Ci-1来确定的。 任何从典型模式的变化都可以被怀疑是慢扫描。
-
5.发明申请MALWARE DETECTION METHODS AND SYSTEMS FOR MULTIPLE USERS SHARING COMMON ACCESS SWITCH 有权多用户共享通用访问开关的恶意检测方法与系统公开(公告)号:US20090328220A1
公开(公告)日:2009-12-31
申请号:US12145768
申请日:2008-06-25
申请人: Bassem Abdel-Aziz , Stanley Chow , Shu-Lin Chen
发明人: Bassem Abdel-Aziz , Stanley Chow , Shu-Lin Chen
IPC分类号: G06F21/00
CPC分类号: H04L63/145 , G06F21/552
摘要: Malware detection systems and methods are presented in which header data of protocol data units (PDUs) are examined at a wireless access switch shared by multiple clients, and the PDU type and client are used to establish counters, with the count values being analyzed to identify clients suspected of being infected with malware.
摘要翻译: 介绍了恶意软件检测系统和方法,其中在多个客户端共享的无线接入交换机上检查协议数据单元(PDU)的报头数据,并且使用PDU类型和客户端建立计数器,计数值被分析以识别 怀疑被恶意软件感染的客户。
-
6.发明申请公开(公告)号:US20090222663A1
公开(公告)日:2009-09-03
申请号:US12039946
申请日:2008-02-29
IPC分类号: H04L9/00
CPC分类号: H04L9/3263 , H04L2209/60
摘要: A system and method of authenticating the identity of a remote fax machine during a faxing operation is provided. An X.509-type Certificate received from the remote fax machine is validated to affirm it can be properly associated with the remote machine. The Certificate's public key is used to verify the remote fax machine has the corresponding private key. A Certificate's Common Name then compared to an Expected Name to authenticate the identity of the remote fax machine prior to sending a fax to prevent an unwanted misdirection of faxed information and to screen incoming faxes for unwanted spam.
摘要翻译: 提供了在传真操作期间认证远程传真机的身份的系统和方法。 从远程传真机接收到的X.509型证书被验证,以确认它可以与远程机器正确关联。 证书的公钥用于验证远程传真机具有相应的私钥。 然后将证书的通用名称与预期名称进行比较,以在发送传真之前对远程传真机的身份进行身份验证,以防止传真信息的不必要的误导,并屏蔽传入的传真以获取垃圾邮件。
-
公开(公告)号:US20080301812A1
公开(公告)日:2008-12-04
申请号:US11802965
申请日:2007-05-29
IPC分类号: G06F12/14
CPC分类号: H04L63/1416
摘要: Packets of a certain type from a certain source are directed to a system that estimates the set of destinations and the number of new destinations for which that source has sent packets during a time window Ti. Instead of maintaining tables with the complete destination addresses for each source, the destination addresses are hashed and stored in a small bit array. The sets of destinations for a number of successive time windows are OR'ed for building cumulative tables Ci, where Ci includes all destinations that have been seen between T0 and Ti. The new destinations are determined by counting the destinations set in Ti but not in Ci-1. Any change from the typical patterns can be suspected as being a slow scan.
摘要翻译: 来自某个来源的特定类型的分组被引导到估计在时间窗口Ti期间该源已经发送分组的目的地集合和新目的地的数量的系统。 不用维护具有每个源的完整目标地址的表,目标地址被散列并存储在一个小位数组中。 多个连续时间窗口的目的地集合用于构建累积表Ci,其中Ci包括在T0和Ti之间已经看到的所有目的地。 新目的地是通过计算Ti中设置的目的地而不是Ci-1来确定的。 任何从典型模式的变化都可以被怀疑是慢扫描。
-
公开(公告)号:US09419995B2
公开(公告)日:2016-08-16
申请号:US13352451
申请日:2012-01-18
申请人: Stanley Chow , Bassem Abdel-Aziz , Faud Khan
发明人: Stanley Chow , Bassem Abdel-Aziz , Faud Khan
CPC分类号: H04L63/145 , G06F21/566 , H04L63/1491
摘要: Methods and systems are presented for detection of malware such as worms in which a network switch entices the malware into sending scan packets by allocating one or more ports as bait addresses, sending outgoing bait packets, and identifying compromised hosts that send unexpected incoming packets to a bait address.
摘要翻译: 提出了用于检测蠕虫的方法和系统,其中网络交换机通过将一个或多个端口分配为诱饵地址,发送传出诱饵分组以及将发送意外的传入分组的受损主机识别到 诱饵地址
-
9.发明授权Malware detection methods and systems for multiple users sharing common access switch 有权多个用户共享公共访问交换机的恶意软件检测方法和系统公开(公告)号:US08250645B2
公开(公告)日:2012-08-21
申请号:US12145768
申请日:2008-06-25
申请人: Bassem Abdel-Aziz , Stanley Chow , Shu-Lin Chen
发明人: Bassem Abdel-Aziz , Stanley Chow , Shu-Lin Chen
IPC分类号: H04L29/06
CPC分类号: H04L63/145 , G06F21/552
摘要: Malware detection systems and methods are presented in which header data of protocol data units (PDUs) are examined at a wireless access switch shared by multiple clients, and the PDU type and client are used to establish counters, with the count values being analyzed to identify clients suspected of being infected with malware.
摘要翻译: 介绍了恶意软件检测系统和方法,其中在多个客户端共享的无线接入交换机上检查协议数据单元(PDU)的报头数据,并且使用PDU类型和客户端建立计数器,计数值被分析以识别 怀疑被恶意软件感染的客户。
-
10.发明授权Method and system for optimizing resources for establishing pseudo-wires in a multiprotocol label switching network 有权在多协议标签交换网络中优化用于建立伪线的资源的方法和系统公开(公告)号:US07899044B2
公开(公告)日:2011-03-01
申请号:US11448826
申请日:2006-06-08
IPC分类号: H04L12/28
CPC分类号: H04L47/724 , H04L12/4633 , H04L45/502 , H04L47/70 , H04L47/825
摘要: A method for establishing a pseudo-wire connection between first and second switches in a packet switched network, the method comprising: sending a label mapping message to the second switch requesting that the pseudo-wire connection be established with the first switch; reserving resources for the pseudo-wire connection at the first switch; receiving a label withdraw message from the second switch if the second switch has insufficient resources for the pseudo-wire connection and, in response to the label withdraw message, releasing the resources for the pseudo-wire connection at the first switch; and, activating the pseudo-wire connection if the second switch has sufficient resources for the pseudo-wire connection, thereby optimizing resources for establishing pseudo -wire connections of each of the first and second switches.
摘要翻译: 一种用于在分组交换网络中建立第一和第二交换机之间的伪线连接的方法,所述方法包括:向所述第二交换机发送标签映射消息,请求与所述第一交换机建立所述伪线连接; 在第一交换机处为伪线连接预留资源; 如果所述第二交换机具有足够的伪线连接资源,并且响应于所述标签提取消息,在所述第一交换机处释放用于所述伪线连接的资源,则从所述第二交换机接收标签提取消息; 以及如果所述第二交换机具有足够的用于伪线连接的资源,则激活伪线连接,从而优化用于建立第一和第二交换机中的每一个的伪线连接的资源。
-
-
-
-
-
-
-
-
-
搜索结果
22 条记录 (耗时 0.015 秒)
