-
1.发明申请INTRUSION DETECTION USING A NETWORK PROCESSOR AND A PARALLEL PATTERN DETECTION ENGINE 审中-公开使用网络处理器和并行模式检测引擎的入侵检测公开(公告)号:US20120210430A1
公开(公告)日:2012-08-16
申请号:US13455441
申请日:2012-04-25
申请人: Marc A. Boulanger , Clark D. Jeffries , C. Marcel Kinard , Kerry A. Kravec , Ravinder K. Sabhikhi , Ali G. Saidi , Jan M. Slyfield , Pascal R. Tannhof
发明人: Marc A. Boulanger , Clark D. Jeffries , C. Marcel Kinard , Kerry A. Kravec , Ravinder K. Sabhikhi , Ali G. Saidi , Jan M. Slyfield , Pascal R. Tannhof
IPC分类号: G06F21/00
CPC分类号: H04L63/1416 , H04L63/1441
摘要: An intrusion detection system (IDS) comprises a network processor (NP) coupled to a memory unit for storing programs and data. The NP is also coupled to one or more parallel pattern detection engines (PPDE) which provide high speed parallel detection of patterns in an input data stream. Each PPDE comprises many processing units (PUs) each designed to store intrusion signatures as a sequence of data with selected operation codes. The PUs have configuration registers for selecting modes of pattern recognition. Each PU compares a byte at each clock cycle. If a sequence of bytes from the input pattern match a stored pattern, the identification of the PU detecting the pattern is outputted with any applicable comparison data. By storing intrusion signatures in many parallel PUs, the IDS can process network data at the NP processing speed. PUs may be cascaded to increase intrusion coverage or to detect long intrusion signatures.
摘要翻译: 入侵检测系统(IDS)包括耦合到用于存储程序和数据的存储器单元的网络处理器(NP)。 NP还耦合到一个或多个并行模式检测引擎(PPDE),其提供对输入数据流中的模式的高速并行检测。 每个PPDE包括许多处理单元(PU),每个处理单元被设计为将入侵签名存储为具有所选操作码的数据序列。 PU具有用于选择模式识别模式的配置寄存器。 每个PU在每个时钟周期比较一个字节。 如果来自输入模式的字节序列与存储的模式匹配,则用任何适用的比较数据输出检测模式的PU的识别。 通过在多个并行PU中存储入侵签名,IDS可以以NP处理速度处理网络数据。 PU可以级联以增加入侵覆盖或检测长入侵签名。
-
2.发明授权Method, system and program product for setting a transmission rate in a network 失效用于设置网络中传输速率的方法,系统和程序产品公开(公告)号:US08004970B2
公开(公告)日:2011-08-23
申请号:US11215610
申请日:2005-08-30
摘要: The present invention provides for congestion and flow control for a data transmission between computers in a network (e.g., a lossless network) by repeatedly setting a transmission rate for the data transmission at predetermined time intervals. Under the present invention, a ratio of a current occupancy to a maximum occupancy of a queue used for the data transmission is provided (e.g., the ratio can be calculated under the present invention, or obtained as input from an external source). The queue can be that of the receiving computer or of any component (e.g., a switch) that resides in the path of the data transmission. In any event, once the ratio is known, the present invention will set the transmission rate for the data transmission based on a comparison of the ratio to at least one threshold.
摘要翻译: 本发明通过以预定的时间间隔重复设置数据传输的传输速率来提供网络中的计算机(例如,无损网络)之间的数据传输的拥塞和流量控制。 在本发明中,提供了用于数据传输的队列的当前占用率与最大占用率的比例(例如,该比率可以在本发明下计算,或者作为来自外部源的输入获得)。 队列可以是接收计算机或位于数据传输路径中的任何组件(例如,交换机)的队列。 在任何情况下,一旦知道比率,本发明将基于该比率与至少一个阈值的比较来设置用于数据传输的传输速率。
-
公开(公告)号:US07711781B2
公开(公告)日:2010-05-04
申请号:US10984299
申请日:2004-11-09
IPC分类号: G06F15/16
CPC分类号: H04L51/04 , H04L12/1831 , H04L51/12 , Y10S707/922
摘要: A technique for tracking one or more thresholds relating to the blocking of a particular screen name used on an IM system is disclosed. If the number of people who have blocked a particular screen name reaches a threshold amount, a determination is made that the screen name is being used by a spimmer or other bothersome person, and disciplinary action can be taken. In a preferred embodiment, the email address associated with a user name of a suspected spimmer is identified and all screen names associated with that email address are also subjected to disciplinary action, if desired. Thus, an IM company can suspend all screen names of a spimmer that are tied to the same email address, even though not all (or even none) of the screen names individually have reached a threshold level for discipline/suspension.
摘要翻译: 公开了一种用于跟踪与在IM系统上使用的特定屏幕名称的阻塞相关的一个或多个阈值的技术。 如果阻止特定屏幕名称的人数达到阈值数量,则确定屏幕名称正被微笑者或其他麻烦的人使用,并且可以采取纪律处分。 在优选实施例中,如果需要,识别与疑似微分器的用户名相关联的电子邮件地址,并且与该电子邮件地址相关联的所有屏幕名称也受到纪律处分。 因此,即使不是所有(甚至没有)屏幕名称的个人都已达到纪律/暂停的阈值水平,因此IM公司可以暂停连接到相同电子邮件地址的所有屏幕快照的屏幕名称。
-
4.发明授权公开(公告)号:US07523494B2
公开(公告)日:2009-04-21
申请号:US10774140
申请日:2004-02-05
申请人: Kevin Himberger , Clark D. Jeffries
发明人: Kevin Himberger , Clark D. Jeffries
IPC分类号: G06F7/00
CPC分类号: H04L63/1408 , H04L63/1441
摘要: Communication traffic is processed by detecting an anomaly in the communication traffic. A first blocking measure A is applied to the anomalous traffic that stops the anomalous traffic. A second blocking measure is determined such that application of a logical combination of the first blocking measure A and the second blocking measure to the anomalous traffic stops the anomalous traffic.
摘要翻译: 通过检测通信流量中的异常来处理通信流量。 第一个阻塞措施A应用于阻止异常交通的异常交通。 确定第二阻塞措施,使得将第一阻塞措施A和第二阻塞措施的逻辑组合应用于异常交通停止异常业务。
-
公开(公告)号:US07464181B2
公开(公告)日:2008-12-09
申请号:US10662007
申请日:2003-09-11
申请人: Everett A. Corl, Jr. , Gordon T. Davis , Clark D. Jeffries , Natarajan Vaidhyanathan , Colin B. Verrilli
发明人: Everett A. Corl, Jr. , Gordon T. Davis , Clark D. Jeffries , Natarajan Vaidhyanathan , Colin B. Verrilli
IPC分类号: G06F15/173 , G06F15/16 , G06F12/00
摘要: The classification system of a network device includes a cache in which a mapping between predefined characteristics of TCP/IP packets and associated actions are stored in response to the first “Frequent Flyer” packet in of a session. Selected characteristics from subsequent received packets of that session are correlated with the predefined characteristics and the stored actions are applied to the received packets if the selected characteristics and the predefined characteristics match, thus reducing the processing required for subsequent packets. The packets selected for caching may be data packets. For mismatched characteristics, the full packet search of the classification system is used to determine the action to apply to the received packet.
摘要翻译: 网络设备的分类系统包括缓存,其中响应于会话中的第一“频繁传单”分组而存储TCP / IP分组的预定义特性与相关动作之间的映射。 如果所选择的特征和预定义的特征匹配,则从该会话的后续接收到的分组中选出的特征与预定义的特征相关联,并且将存储的动作应用于所接收的分组,从而减少后续分组所需的处理。 选择用于缓存的数据包可能是数据包。 对于不匹配的特征,分类系统的全分组搜索用于确定应用于接收到的分组的动作。
-
公开(公告)号:US20080211673A1
公开(公告)日:2008-09-04
申请号:US12035526
申请日:2008-02-22
IPC分类号: G08B13/14
CPC分类号: G08B13/2462 , G06K17/0029 , G06K2017/0051 , G06Q10/08
摘要: System and method for tracking inventory of a multiplicity of products. First RFID tags are associated with respective products or groups of products. Second Active RFID tags are associated with respective first containers for the multiplicity products. A third Active RFID tag is associated with a second container for the first containers. First RFID tags broadcast their respective identifications. Second Active RFID tags hash the identities of the first RFID tags within their respective first containers and broad their hashed values. Third Active RFID tag hash the hashed values broadcast by the second Active RFID tags. An expected value is compared to a result of the third Active RFID tag hashing the hashed values broadcast by the second Active RFID tags.
摘要翻译: 用于跟踪多种产品的库存的系统和方法。 第一个RFID标签与相应的产品或产品组相关联。 第二个有源RFID标签与多个产品的相应的第一容器相关联。 第三个有源RFID标签与用于第一容器的第二容器相关联。 第一个RFID标签广播其各自的标识。 第二个有源RFID标签将第一个RFID标签的标识散列在其各自的第一个容器内,并扩大其散列值。 第三个有源RFID标签散列由第二个有源RFID标签广播的散列值。 将期望值与第三有源RFID标签的结果进行比较,从而使由第二有源RFID标签广播的散列值进行散列。
-
7.发明申请AUTOMATICALLY DETECTING MALICIOUS COMPUTER NETWORK RECONNAISSANCE BY UPDATING STATE CODES IN A HISTOGRAM 失效通过在组织中更新状态代码自动检测恶意计算机网络的解决方案公开(公告)号:US20080148406A1
公开(公告)日:2008-06-19
申请号:US12040065
申请日:2008-02-29
IPC分类号: G06F21/00
CPC分类号: H04L63/1408 , H04L43/00 , H04L63/1458 , H04L63/166
摘要: A detection and response system that generates an Alert if unauthorized scanning is detected on a computer network that includes a look-up table to record state value corresponding to the sequence in which SYN, SYN/ACK and RST packets are observed. A set of algorithms executed on a processing engine adjusts the state value in response to observing the packets. When the state value reaches a predetermined value indicating that all three packets have been seen, the algorithm generates an Alert.
摘要翻译: 检测和响应系统,如果在包含查看表的计算机网络上检测到未经授权的扫描,以记录与遵守SYN,SYN / ACK和RST数据包的顺序相对应的状态值的警报。 在处理引擎上执行的一组算法根据观察数据包来调整状态值。 当状态值达到表示已经看到所有三个分组的预定值时,该算法生成警报。
-
8.发明授权公开(公告)号:US07274666B2
公开(公告)日:2007-09-25
申请号:US10405673
申请日:2003-04-01
申请人: Ganesh Balakrishnan , John P. Chalmers , Clark D. Jeffries , Jitesh R. Nair , Larry W. Nicholson , Ravinder K. Sabhikhi , Raj K. Singh
发明人: Ganesh Balakrishnan , John P. Chalmers , Clark D. Jeffries , Jitesh R. Nair , Larry W. Nicholson , Ravinder K. Sabhikhi , Raj K. Singh
IPC分类号: H04L12/26
摘要: A flow control method and system including an algorithm for deciding to transmit an arriving packet into a processing queue or to discard it, or, in the case of instructions or packets that must not be discarded, a similar method and system for deciding at a service event to transmit an instruction or packet into a processing queue or to skip the service event. The transmit probability is increased or decreased in consideration of minimum and maximum limits for each flow, aggregate limits for sets of flows, relative priority among flows, queue occupancy, and rate of change of queue occupancy. The effects include protection of flows below their minimum rates, correction of flows above their maximum rates, and, for flows between minimum and maximum rates, reduction of constituent flows of an aggregate that is above its aggregate maximum. Practice of the invention results in low queue occupancy during steady congestion.
摘要翻译: 一种流量控制方法和系统,包括用于决定将到达的分组发送到处理队列或丢弃它的算法,或者在不能被丢弃的指令或分组的情况下,用于在服务中决定的类似方法和系统 将指令或分组发送到处理队列或跳过服务事件的事件。 考虑到每个流量的最小和最大限制,流量集合的限制,流量之间的相对优先级,队列占用率和队列占用率的变化率,发送概率增加或减少。 这些影响包括保护流量低于其最低利率,纠正高于其最大利率的流量,以及最小和最大利率之间的流量减少总量超过其总最大值的组成流量。 本发明的实践导致在稳定拥塞期间的低队列占用。
-
9.发明授权Method for managing of denial of service attacks using bandwidth allocation technology 失效使用带宽分配技术管理拒绝服务攻击的方法公开(公告)号:US08161145B2
公开(公告)日:2012-04-17
申请号:US10375799
申请日:2003-02-27
IPC分类号: G06F15/173
CPC分类号: H04L63/1458
摘要: A method for managing attacks in a computer system is disclosed. The computer system is used in sending, receiving, or sending and receiving a plurality of packets, which include a plurality of administrative packets. The method includes determining whether a congestion of the administrative packets exists. Congestion of the administrative packets indicates that a potential attack exists. The method also includes discarding a portion of the plurality of administrative packets if it is declared that the congestion of the administrative packets exists. The portion of the plurality of packets is sufficient to ensure that a remaining portion of the plurality of packets transmitted is not more than a maximum administrative packet bandwidth limit and, if the plurality of administrative packets present a sufficient offered load, not less than a minimum administrative packet bandwidth guarantee.
摘要翻译: 公开了一种用于管理计算机系统中的攻击的方法。 计算机系统用于发送,接收或发送和接收包括多个管理分组的多个分组。 该方法包括确定是否存在管理分组的拥塞。 拥塞管理包表示存在潜在的攻击。 如果声明存在管理分组的拥塞,则该方法还包括丢弃多个管理分组的一部分。 多个分组的部分足以确保所发送的多个分组的剩余部分不大于最大管理分组带宽限制,并且如果多个管理分组呈现足够的提供的负载,则不小于最小 管理包带宽保证。
-
10.发明授权System and method for detection and mitigation of distributed denial of service attacks 失效用于检测和减轻分布式拒绝服务攻击的系统和方法公开(公告)号:US07930740B2
公开(公告)日:2011-04-19
申请号:US11176079
申请日:2005-07-07
IPC分类号: G06F11/00
CPC分类号: H04L63/0227 , H04L63/1458 , H04L2463/141
摘要: A router includes a relatively low bandwidth communication connection to a small computer, a relatively high bandwidth communication connection to a communication network; and a processing unit for executing in the router a set of permit rules for permitting flow of communication packets with respect to the connections for user initiated sessions, the permit rules including a default rule for discarding all packets with respect to the small computer in traffic not pertaining to sessions initiated by the small computer.
摘要翻译: 路由器包括到小计算机的相对低带宽通信连接,到通信网络的相对高带宽通信连接; 以及处理单元,用于在路由器中执行用于允许关于用于用户发起的会话的连接的通信分组的流的一组允许规则,所述许可规则包括用于丢弃相对于流量中的小型计算机的所有分组的默认规则, 涉及小型电脑发起的会议。
-
-
-
-
-
-
-
-
-
搜索结果
41 条记录 (耗时 0.018 秒)