公开(公告)号：US07451489B2

公开(公告)日：2008-11-11

申请号：US10930392

申请日：2004-08-31

申请人： Craig Cantrell ,  Marc Willebeek-Lemair ,  Dennis Cox ,  John McHale ,  Brian Smith ,  Donovan Kolbly

发明人： Craig Cantrell ,  Marc Willebeek-Lemair ,  Dennis Cox ,  John McHale ,  Brian Smith ,  Donovan Kolbly

IPC分类号： H04L9/00 ,  G06F11/30 ,  G06F15/173

CPC分类号： H04L63/0227 ,  H04L43/00 ,  H04L43/028 ,  H04L43/0888 ,  H04L43/16 ,  H04L63/0254 ,  H04L63/0263 ,  H04L63/0442 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1441

摘要： An active network defense system is provided that is operable to monitor and block traffic in an automated fashion. This active network defense system is placed in-line with respect to the packet traffic data flow as a part of the network infrastructure. In this configuration, inspection and manipulation of every passing packet is possible. An algorithmic filtering operation applies statistical threshold filtering to the data flow in order to identify threats existing across multiple sessions. A trigger filtering operation applies header and content match filtering to the data flow in order to identify threats existing within individual sessions. Threatening packet traffic is blocked and threatening sessions are terminated. Suspicious traffic is extracted from the data flow for further examination with more comprehensive content matching as well as asset risk analysis. A flow control mechanism is provided to control passage rate for packets passing through the data flow.

摘要翻译： 提供了一种主动的网络防御系统，其可操作以自动化方式监视和阻止业务。 作为网络基础设施的一部分，该活动的网络防御系统相对于分组业务数据流在线地放置。 在这种配置中，可以检查和操纵每个通过的包。 算法过滤操作将统计阈值过滤应用于数据流，以便识别跨多个会话存在的威胁。 触发器过滤操作将头部和内容匹配过滤应用于数据流，以便识别各个会话中存在的威胁。 威胁数据包流量被阻止，威胁性会话终止。 从数据流中提取可疑流量进行进一步检查，具有更全面的内容匹配和资产风险分析。 提供流控制机制来控制通过数据流的分组的通过速率。

公开(公告)号：US07454792B2

公开(公告)日：2008-11-18

申请号：US10930922

申请日：2004-08-31

申请人： Craig Cantrell ,  Marc Willebeek-Lemair ,  Dennis Cox ,  John McHale ,  Brian Smith ,  Donovan Kolbly

发明人： Craig Cantrell ,  Marc Willebeek-Lemair ,  Dennis Cox ,  John McHale ,  Brian Smith ,  Donovan Kolbly

IPC分类号： H04L9/00 ,  G06F11/30 ,  G06F15/173

CPC分类号： H04L63/0227 ,  H04L43/00 ,  H04L43/028 ,  H04L43/0888 ,  H04L43/16 ,  H04L63/0254 ,  H04L63/0263 ,  H04L63/0442 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1441

摘要： An active network defense system is provided that is operable to monitor and block traffic in an automated fashion. This active network defense system is placed in-line with respect to the packet traffic data flow as a part of the network infrastructure. In this configuration, inspection and manipulation of every passing packet is possible. An algorithmic filtering operation applies statistical threshold filtering to the data flow in order to identify threats existing across multiple sessions. A trigger filtering operation applies header and content match filtering to the data flow in order to identify threats existing within individual sessions. Threatening packet traffic is blocked and threatening sessions are terminated. Suspicious traffic is extracted from the data flow for further examination with more comprehensive content matching as well as asset risk analysis. A flow control mechanism is provided to control passage rate for packets passing through the data flow.

公开(公告)号：US07454499B2

公开(公告)日：2008-11-18

申请号：US10291095

申请日：2002-11-07

申请人： Craig Cantrell ,  Marc Willebeek-LeMair ,  Dennis Cox ,  John McHale ,  Brian Smith ,  Donovan Kolbly

发明人： Craig Cantrell ,  Marc Willebeek-LeMair ,  Dennis Cox ,  John McHale ,  Brian Smith ,  Donovan Kolbly

IPC分类号： G06F15/173

CPC分类号： H04L63/0227 ,  H04L43/00 ,  H04L43/028 ,  H04L43/0888 ,  H04L43/16 ,  H04L63/0254 ,  H04L63/0263 ,  H04L63/0442 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1441

摘要： An active network defense system is provided that is operable to monitor and block traffic in an automated fashion. This active network defense system is placed in-line with respect to the packet traffic data flow as a part of the network infrastructure. In this configuration, inspection and manipulation of every passing packet is possible. An algorithmic filtering operation applies statistical threshold filtering to the data flow in order to identify threats existing across multiple sessions. A trigger filtering operation applies header and content match filtering to the data flow in order to identify threats existing within individual sessions. Threatening packet traffic is blocked and threatening sessions are terminated. Suspicious traffic is extracted from the data flow for further examination with more comprehensive content matching as well as asset risk analysis. A flow control mechanism is provided to control passage rate for packets passing through the data flow.

公开(公告)号：US20050028013A1

公开(公告)日：2005-02-03

申请号：US10930922

申请日：2004-08-31

申请人： Craig Cantrell ,  Marc Willebeek-LeMair ,  Dennis Cox ,  John McHale ,  Brian Smith ,  Donovan Kolbly

发明人： Craig Cantrell ,  Marc Willebeek-LeMair ,  Dennis Cox ,  John McHale ,  Brian Smith ,  Donovan Kolbly

IPC分类号： H04L12/26 ,  H04L29/06 ,  G06F11/30

CPC分类号： H04L63/0227 ,  H04L43/00 ,  H04L43/028 ,  H04L43/0888 ,  H04L43/16 ,  H04L63/0254 ,  H04L63/0263 ,  H04L63/0442 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1441

摘要： An active network defense system is provided that is operable to monitor and block traffic in an automated fashion. This active network defense system is placed in-line with respect to the packet traffic data flow as a part of the network infrastructure. In this configuration, inspection and manipulation of every passing packet is possible. An algorithmic filtering operation applies statistical threshold filtering to the data flow in order to identify threats existing across multiple sessions. A trigger filtering operation applies header and content match filtering to the data flow in order to identify threats existing within individual sessions. Threatening packet traffic is blocked and threatening sessions are terminated. Suspicious traffic is extracted from the data flow for further examination with more comprehensive content matching as well as asset risk analysis. A flow control mechanism is provided to control passage rate for packets passing through the data flow.

摘要翻译： 提供了一种主动的网络防御系统，其可操作以自动化方式监视和阻止业务。 作为网络基础设施的一部分，该活动的网络防御系统相对于分组业务数据流在线地放置。 在这种配置中，可以检查和操纵每个通过的包。 算法过滤操作将统计阈值过滤应用于数据流，以便识别跨多个会话存在的威胁。 触发器过滤操作将头部和内容匹配过滤应用于数据流，以便识别各个会话中存在的威胁。 威胁数据包流量被阻止，威胁性会话终止。 从数据流中提取可疑流量进行进一步检查，具有更全面的内容匹配和资产风险分析。 提供流控制机制来控制通过数据流的分组的通过速率。

公开(公告)号：US20060239273A1

公开(公告)日：2006-10-26

申请号：US11473885

申请日：2006-06-23

申请人： Charles Buckman ,  Dennis Cox ,  Donovan Kolbly ,  Craig Cantrell ,  Brian Smith ,  Jon Werner ,  Marc Willebeek-LeMair ,  Joe Blackard ,  Francis Webster

发明人： Charles Buckman ,  Dennis Cox ,  Donovan Kolbly ,  Craig Cantrell ,  Brian Smith ,  Jon Werner ,  Marc Willebeek-LeMair ,  Joe Blackard ,  Francis Webster

IPC分类号： H04L12/56 ,  H04L12/54

CPC分类号： H04L47/10 ,  H04L12/14 ,  H04L12/1485 ,  H04L47/22 ,  H04L47/2416 ,  H04L47/2441 ,  H04L47/2475 ,  H04L69/12 ,  H04L69/16 ,  H04L69/163

摘要： A system and method provides a broadband network node for a best effort network such as the Internet or intranets which supports the inexpensive and rapid deployment of services to the best efforts network. Separate data path and control path mechanisms allow high-speed data transfers with parallel processing flows for the data path that are controlled across data flows by the control path. Packets are classified, modified and shaped to enable the service on the network with an accountant to track packet traffic for control and billing purposes. A series of processing blades perform a modification function for each blade that processes packets according to classifications. The processing blades are modular and scalable for insertion in the broad band switch to rapidly adapt the broadband network node for new services.

公开(公告)号：US20050044422A1

公开(公告)日：2005-02-24

申请号：US10930392

申请日：2004-08-31

申请人： Craig Cantrell ,  Marc Willebeek-Lemair ,  Dennis Cox ,  John McHale ,  Brian Smith ,  Donovan Kolbly

发明人： Craig Cantrell ,  Marc Willebeek-Lemair ,  Dennis Cox ,  John McHale ,  Brian Smith ,  Donovan Kolbly

IPC分类号： H04L12/26 ,  H04L29/06 ,  H04L9/00

CPC分类号： H04L63/0227 ,  H04L43/00 ,  H04L43/028 ,  H04L43/0888 ,  H04L43/16 ,  H04L63/0254 ,  H04L63/0263 ,  H04L63/0442 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1441

摘要： An active network defense system is provided that is operable to monitor and block traffic in an automated fashion. This active network defense system is placed in-line with respect to the packet traffic data flow as a part of the network infrastructure. In this configuration, inspection and manipulation of every passing packet is possible. An algorithmic filtering operation applies statistical threshold filtering to the data flow in order to identify threats existing across multiple sessions. A trigger filtering operation applies header and content match filtering to the data flow in order to identify threats existing within individual sessions. Threatening packet traffic is blocked and threatening sessions are terminated. Suspicious traffic is extracted from the data flow for further examination with more comprehensive content matching as well as asset risk analysis. A flow control mechanism is provided to control passage rate for packets passing through the data flow.

公开(公告)号：US07831621B1

公开(公告)日：2010-11-09

申请号：US11904605

申请日：2007-09-27

申请人： Kevin Banks ,  Donovan Kolbly ,  Matthew Blackmon

发明人： Kevin Banks ,  Donovan Kolbly ,  Matthew Blackmon

IPC分类号： G06F7/00 ,  G06F17/30

CPC分类号： G06F21/6227 ,  G06F17/30371

摘要： Embodiments of the present invention provide a system and method for summarizing and reporting the impact of database statements at a database appliance. The database appliance, according to one embodiment, can receive a database request and determine a set of information related to the request. Embodiments disclosed herein take in as input the database statement text and output multiple impact vectors, each containing both the name of an affected entity and a 32-bit “impact bitmap” for that entity. This concise and unambiguous output format can be computed using fast AND, OR, XOR, and NOT operations, allowing for highly efficient evaluation of database statements against user defined policies and finer policy granularity.

摘要翻译： 本发明的实施例提供了一种用于总结和报告数据库设备上的数据库语句的影响的系统和方法。 根据一个实施例，数据库设备可以接收数据库请求并确定与该请求相关的一组信息。 本文公开的实施例将数据库语句文本作为输入，输出多个影响向量，每个影响向量包含该实体的受影响实体的名称和32位“影响位图”。 可以使用快速AND，OR，XOR和NOT操作来计算这种简洁明确的输出格式，从而根据用户定义的策略和更精细的策略粒度高效地评估数据库语句。

公开(公告)号：US06983323B2

公开(公告)日：2006-01-03

申请号：US10217862

申请日：2002-08-12

申请人： Craig Cantrell ,  Marc Willebeek-LeMair ,  Dennis Cox ,  Donovan Kolbly ,  Brian Smith

发明人： Craig Cantrell ,  Marc Willebeek-LeMair ,  Dennis Cox ,  Donovan Kolbly ,  Brian Smith

IPC分类号： G06F13/00

CPC分类号： H04L63/0263 ,  H04L29/06 ,  H04L63/0209 ,  H04L63/1408 ,  H04L69/16 ,  H04L69/161 ,  H04L69/22

摘要： A packet filtering operation implements a hierarchical technique. Received packet traffic is first filtered with a first filtering criteria. This first filtering action generates a first pass traffic portion and a fail traffic portion from the received packet traffic. The fail traffic portion is then second filtered with a second filtering criteria. This second filtering action generates a second pass traffic portion and a reject traffic portion. The first filtering criteria provide for higher throughput, lower accuracy processing while the second filtering criteria provide for lower throughput, higher accuracy processing. Dynamic adjustments may be made to the first and second filtering criteria to achieve better overall packet filtering performance. For example, load is measured and the filtering criteria adjusted to better balance load between the hierarchical filtering actions.

摘要翻译： 包过滤操作实现分层技术。 接收到的数据包流量首先用第一个过滤条件进行过滤。 该第一过滤动作从接收到的分组流量生成第一通过业务部分和故障业务部分。 然后以第二过滤标准对故障业务部分进行第二次过滤。 该第二过滤动作产生第二通过业务部分和拒绝业务部分。 第一个过滤标准提供更高的吞吐量，更低的精度处理，而第二个过滤标准提供较低的吞吐量，更高的精度处理。 可以对第一和第二过滤标准进行动态调整，以实现更好的整体包过滤性能。 例如，测量负载并调整过滤标准以更好地平衡分层过滤动作之间的负载。