公开(公告)号：US08538449B2

公开(公告)日：2013-09-17

申请号：US11618490

申请日：2006-12-29

申请人： David Hoeflin ,  Yonatan Levy ,  Xiaowen Mang

发明人： David Hoeflin ,  Yonatan Levy ,  Xiaowen Mang

IPC分类号： H04W72/00

CPC分类号： H04L47/125 ,  H04L47/22 ,  H04W28/20 ,  H04W72/0453 ,  H04W72/08 ,  H04W72/1252 ,  H04W88/08

摘要： A method and apparatus for performing traffic engineering, e.g., allocating bandwidth, on a wireless access network are disclosed. For example, the method determines a number of subscriber stations (SSs) that a Base Station (BS) is capable of supporting in accordance with at least one performance objective for voice traffic, wherein the at least one performance objective for voice traffic comprises a type of codec. The method then allocates bandwidth by the base station in accordance with the number of subscriber stations that the base station is capable of supporting.

公开(公告)号：US20100162396A1

公开(公告)日：2010-06-24

申请号：US12341609

申请日：2008-12-22

申请人： Danielle Liu ,  Willa Ehrlich ,  David Hoeflin ,  Anestis Karasaridis ,  Daniel Hurley

发明人： Danielle Liu ,  Willa Ehrlich ,  David Hoeflin ,  Anestis Karasaridis ,  Daniel Hurley

IPC分类号： G06F21/00

CPC分类号： H04L63/1441 ,  G06F21/566 ,  G06F2221/2101 ,  H04L51/12 ,  H04L63/1416 ,  H04L63/1425 ,  H04L2463/144

摘要： A system for detecting a remotely controlled e-mail spam host. The system includes an E-mail spammer detection unit and a host traffic profiling unit. The E-mail spammer detection unit identifies E-mail Spammers based on SMTP traffic characteristics. The host profiling unit extracts traffic components from the plurality of Internet traffic associated with an E-mail Spammer; interprets the extracted traffic components and determines whether the E-mail Spammer is a compromised host. The system may also include a botnet controller detection unit that analyzes traffic associated with compromised E-mail Spammers and identifies the botnet Controller remotely controlling the compromised E-mail Spammer.

摘要翻译： 用于检测远程控制的电子邮件垃圾邮件主机的系统。 该系统包括电子邮件垃圾邮件发送者检测单元和主机流量分析单元。 电子邮件垃圾邮件发送器检测单元基于SMTP流量特征识别电子邮件垃圾邮件发送者。 主机分析单元从与电子邮件垃圾邮件相关联的多个互联网流量中提取流量组件; 解释提取的流量组件，并确定电子邮件垃圾邮件是否是受损主机。 该系统还可以包括僵尸网络控制器检测单元，其分析与受损害的电子邮件垃圾邮件发送者相关联的流量，并识别僵尸网络控制器远程控制受损害的电子邮件垃圾邮件。

公开(公告)号：US09241045B2

公开(公告)日：2016-01-19

申请号：US13407312

申请日：2012-02-28

申请人： David Hoeflin ,  Yury Bakshi

发明人： David Hoeflin ,  Yury Bakshi

IPC分类号： G06F11/00 ,  G06F15/16 ,  G06F15/173 ,  H04M11/00 ,  H04L29/08 ,  H04L29/14 ,  H04L29/06

CPC分类号： H04L67/327 ,  H04L65/1063 ,  H04L69/40

摘要： A method controls the routing of service requests to a plurality of servers using a first routing distribution algorithm. The method includes waiting a first period of time for a designated server to respond to a service request, transmitting the service request to the designated server a second time, and waiting a second period to time for the designated server to respond to the service request assigned to the designated server, the second period of time being longer than the first period of time. The method also includes determining that the designated server has failed, rerouting the service request to a different server, and routing the service requests to the plurality of servers using a second routing distribution algorithm.

摘要翻译： 一种方法使用第一路由分配算法来控制服务请求到多个服务器的路由。 该方法包括等待指定服务器响应服务请求的第一时间段，第二次将服务请求发送到指定的服务器，并等待指定服务器响应所分配的服务请求的第二时间段 到指定的服务器，第二时间段比第一个时间段长。 该方法还包括确定指定的服务器已经失败，将服务请求重新路由到不同的服务器，以及使用第二路由分配算法将服务请求路由到多个服务器。

公开(公告)号：US08874763B2

公开(公告)日：2014-10-28

申请号：US12940432

申请日：2010-11-05

申请人： Willa Ehrlich ,  Ratna Chakka ,  Eric Fermon ,  David Hoeflin ,  Manuel Ortiz

发明人： Willa Ehrlich ,  Ratna Chakka ,  Eric Fermon ,  David Hoeflin ,  Manuel Ortiz

IPC分类号： G06F15/16 ,  H04L29/06 ,  H04L12/24

CPC分类号： H04L41/142 ,  H04L63/14 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/1458 ,  H04L63/1475

摘要： Methods for providing alerts in a network are disclosed. Some methods include collecting network traffic data corresponding to multiple subsets of network addresses during a predefined time interval. A suspect subset of the subsets of network addresses that corresponds to anomalous network activity may be identified based on the network traffic data and using at least one of multiple anomaly detection metrics. A source network address within the suspect subset of network addresses that corresponds to the anomalous network activity is identified. An alert corresponding to the source network address may be generated.

摘要翻译： 公开了在网络中提供警报的方法。 一些方法包括在预定义的时间间隔内收集对应于多个网络地址子集的网络流量数据。 可以基于网络流量数据并使用多个异常检测度量中的至少一个来识别与异常网络活动相对应的网络地址子集的可疑子集。 识别与异常网络活动相对应的网络地址的可疑子集内的源网络地址。 可以生成与源网络地址相对应的警报。

公开(公告)号：US20120159233A1

公开(公告)日：2012-06-21

申请号：US13407312

申请日：2012-02-28

申请人： David HOEFLIN ,  Yury BAKSHI

发明人： David HOEFLIN ,  Yury BAKSHI

IPC分类号： G06F11/07 ,  G06F15/173

CPC分类号： H04L67/327 ,  H04L65/1063 ,  H04L69/40

摘要： A method controls the routing of service requests to a plurality of servers using a first routing distribution algorithm. The method includes waiting a first period of time for a designated server to respond to a service request, transmitting the service request to the designated server a second time, and waiting a second period to time for the designated server to respond to the service request assigned to the designated server, the second period of time being longer than the first period of time. The method also includes determining that the designated server has failed, rerouting the service request to a different server, and routing the service requests to the plurality of servers using a second routing distribution algorithm.

摘要翻译： 一种方法使用第一路由分配算法来控制服务请求到多个服务器的路由。 该方法包括等待指定服务器响应服务请求的第一时间段，第二次将服务请求发送到指定的服务器，并等待指定服务器响应所分配的服务请求的第二时间段 到指定的服务器，第二时间段比第一个时间段长。 该方法还包括确定指定的服务器已经失败，将服务请求重新路由到不同的服务器，以及使用第二路由分配算法将服务请求路由到多个服务器。

公开(公告)号：US20120117254A1

公开(公告)日：2012-05-10

申请号：US12940432

申请日：2010-11-05

申请人： Willa Ehrlich ,  Ratna Chakka ,  Eric Fermon ,  David Hoeflin ,  Manuel Ortiz

发明人： Willa Ehrlich ,  Ratna Chakka ,  Eric Fermon ,  David Hoeflin ,  Manuel Ortiz

IPC分类号： G06F15/16

CPC分类号： H04L41/142 ,  H04L63/14 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/1458 ,  H04L63/1475

摘要： Methods for providing alerts in a network are disclosed. Some methods include collecting network traffic data corresponding to multiple subsets of network addresses during a predefined time interval. A suspect subset of the subsets of network addresses that corresponds to anomalous network activity may be identified based on the network traffic data and using at least one of multiple anomaly detection metrics. A source network address within the suspect subset of network addresses that corresponds to the anomalous network activity is identified. An alert corresponding to the source network address may be generated.

摘要翻译： 公开了在网络中提供警报的方法。 一些方法包括在预定义的时间间隔内收集对应于多个网络地址子集的网络流量数据。 可以基于网络流量数据并使用多个异常检测度量中的至少一个来识别对应于异常网络活动的网络地址子集的可疑子集。 识别与异常网络活动相对应的网络地址的可疑子集内的源网络地址。 可以生成与源网络地址相对应的警报。

公开(公告)号：US20110252472A1

公开(公告)日：2011-10-13

申请号：US12756428

申请日：2010-04-08

申请人： Willa Ehrlich ,  David Hoeflin ,  Danielle Liu ,  Chaim Spielman ,  Stephen K. Wood

发明人： Willa Ehrlich ,  David Hoeflin ,  Danielle Liu ,  Chaim Spielman ,  Stephen K. Wood

IPC分类号： G06F21/00 ,  G06F15/16

CPC分类号： H04L51/00 ,  H04L63/1441

摘要： A method and system for determining whether an IP address is part of a bot-network are provided. The IP-address-aggregate associated with the IP address of an e-mail sender is determined. The IP-address-aggregate is associated with an IP-address-aggregate-category based on the current SMTP traffic characteristics of the IP-address-aggregate and the known SMTP traffic characteristics of an IP-address-aggregate-category. A bot-likelihood score of the IP-address-aggregate-category is then associated with IP-address-aggregate. IP-address-aggregate-categories can be established based on historical SMTP traffic characteristics of the IP-address-aggregates. The IP-address-aggregates are grouped based on SMTP characteristics, and the IP-address-aggregate-categories are defined based on a selection of IP-address-aggregates with similar SMTP traffic characteristics that are diagnostic of spam bots vs. non-botnet-controllers spammers. Bot likelihood scores are determined for the resulting IP-address-aggregate-categories based on historically known bot IP addresses.

摘要翻译： 提供一种用于确定IP地址是机器人网络的一部分的方法和系统。 确定与电子邮件发件人的IP地址相关联的IP地址聚合。 基于IP地址聚合的当前SMTP流量特性和IP地址聚合类别的已知SMTP流量特性，IP地址聚合与IP地址聚合类别相关联。 然后将IP地址聚合类别的机率分数与IP地址聚合相关联。 可以基于IP地址聚合的历史SMTP流量特性来建立IP地址聚合类别。 基于SMTP特性对IP地址聚合进行分组，IP地址聚合类别是根据具有类似SMTP流量特性的IP地址聚合的选择来定义的，这些特征是对垃圾邮件机器人与非僵尸网络的诊断 控制垃圾邮件发送者。 基于历史上已知的机器人IP地址，为生成的IP地址聚合类别确定Bot似然分数。

公开(公告)号：US20080159131A1

公开(公告)日：2008-07-03

申请号：US11618490

申请日：2006-12-29

申请人： David Hoeflin ,  Yonatan Levy ,  Xiaowen Mang

发明人： David Hoeflin ,  Yonatan Levy ,  Xiaowen Mang

IPC分类号： G01R31/08

CPC分类号： H04L47/125 ,  H04L47/22 ,  H04W28/20 ,  H04W72/0453 ,  H04W72/08 ,  H04W72/1252 ,  H04W88/08

摘要： A method and apparatus for performing traffic engineering, e.g., allocating bandwidth, on a wireless access network are disclosed. For example, the method determines a number of subscriber stations (SSs) that a Base Station (BS) is capable of supporting in accordance with at least one performance objective for voice traffic, wherein the at least one performance objective for voice traffic comprises a type of codec. The method then allocates bandwidth by the base station in accordance with the number of subscriber stations that the base station is capable of supporting.

摘要翻译： 公开了一种用于在无线接入网络上执行流量工程，例如分配带宽的方法和装置。 例如，该方法确定基站（BS）能够根据用于话音业务的至少一个性能目标来支持的多个用户台（SS），其中语音业务的至少一个性能目标包括一种类型 的编解码器。 该方法然后根据基站能够支持的用户台的数量来分配基站的带宽。

公开(公告)号：US08904530B2

公开(公告)日：2014-12-02

申请号：US12341609

申请日：2008-12-22

申请人： Danielle Liu ,  Willa Ehrlich ,  David Hoeflin ,  Anestis Karasaridis ,  Daniel Hurley

发明人： Danielle Liu ,  Willa Ehrlich ,  David Hoeflin ,  Anestis Karasaridis ,  Daniel Hurley

IPC分类号： G06F21/00 ,  H04L29/06 ,  G06F21/56 ,  H04L12/58

CPC分类号： H04L63/1441 ,  G06F21/566 ,  G06F2221/2101 ,  H04L51/12 ,  H04L63/1416 ,  H04L63/1425 ,  H04L2463/144

摘要： A system for detecting a remotely controlled e-mail spam host. The system includes an E-mail spammer detection unit and a host traffic profiling unit. The E-mail spammer detection unit identifies E-mail Spammers based on SMTP traffic characteristics. The host profiling unit extracts traffic components from the plurality of Internet traffic associated with an E-mail Spammer; interprets the extracted traffic components and determines whether the E-mail Spammer is a compromised host. The system may also include a botnet controller detection unit that analyzes traffic associated with compromised E-mail Spammers and identifies the botnet Controller remotely controlling the compromised E-mail Spammer.

摘要翻译： 用于检测远程控制的电子邮件垃圾邮件主机的系统。 该系统包括电子邮件垃圾邮件发送者检测单元和主机流量分析单元。 电子邮件垃圾邮件发送器检测单元基于SMTP流量特征识别电子邮件垃圾邮件发送者。 主机分析单元从与电子邮件垃圾邮件相关联的多个互联网流量中提取流量组件; 解释提取的流量组件，并确定电子邮件垃圾邮件是否是受损主机。 该系统还可以包括僵尸网络控制器检测单元，其分析与受损害的电子邮件垃圾邮件发送者相关联的流量，并识别僵尸网络控制器远程控制受损害的电子邮件垃圾邮件。

公开(公告)号：US08150965B2

公开(公告)日：2012-04-03

申请号：US12266854

申请日：2008-11-07

申请人： David Hoeflin ,  Yury Bakshi

发明人： David Hoeflin ,  Yury Bakshi

IPC分类号： G06F15/173 ,  G06F15/16 ,  H04L12/50

CPC分类号： H04L67/327 ,  H04L65/1063 ,  H04L69/40

摘要： A network communication node includes a request distribution manager that combines a plurality of permutations of sequences for routing requests to a plurality of servers. The request distribution managers also generates instructions for routing the requests to the plurality of servers, based on the combination of the plurality of permutations. The network communication node also includes a router that routes the requests to the plurality of servers based on the instructions.

摘要翻译： 网络通信节点包括一个请求分发管理器，该请求分配管理器将用于将请求路由请求的序列的多个排列组合到多个服务器。 所述请求分发管理器还基于所述多个排列的组合，生成用于将所述请求路由到所述多个服务器的指令。 网络通信节点还包括基于指令将请求路由到多个服务器的路由器。