-
公开(公告)号:US08020207B2
公开(公告)日:2011-09-13
申请号:US11656434
申请日:2007-01-23
申请人: Stanley TaiHai Chow , Jean-Marc Robert , Kevin McNamee , Douglas Wiemer , Bradley Kenneth McFarlane
发明人: Stanley TaiHai Chow , Jean-Marc Robert , Kevin McNamee , Douglas Wiemer , Bradley Kenneth McFarlane
IPC分类号: G06F12/14
CPC分类号: H04L63/1416 , H04L63/1458
摘要: A malware detection and response system based on traffic pattern anomalies detection is provided, whereby packets associated with a variety of protocols on each port of a network element are counted distinctly for each direction. Such packets include: ARP requests, TCP/SYN requests and acknowledgements, TCP/RST packets, DNS/NETBEUI name lookups, out-going ICMP packets, UDP packets, etc. When a packet causes an individual count or combination of counts to exceed a threshold, appropriate action is taken. The system can be incorporated into the fast path, that is, the data plane, enabling communications systems such as switches, routers, and DSLAMs to have built-in security at a very low cost.
摘要翻译: 提供了一种基于流量模式异常检测的恶意软件检测和响应系统,从而针对每个方向对网元的每个端口上的各种协议相关的数据包进行了明确的计数。 这样的数据包包括:ARP请求,TCP / SYN请求和确认,TCP / RST数据包,DNS / NETBEUI名称查找,外出ICMP数据包,UDP数据包等。当数据包导致个人计数或计数组合超过 阈值,采取适当的行动。 该系统可以并入快速路径,即数据平面,使诸如交换机,路由器和DSLAM之类的通信系统以非常低的成本具有内置的安全性。
-
公开(公告)号:US20090013404A1
公开(公告)日:2009-01-08
申请号:US11822341
申请日:2007-07-05
CPC分类号: H04L63/1458 , H04L63/08
摘要: When the processing resources of a host system are occupied beyond a trigger point by incoming requests, that host system issues a cool-it message that is broadcast throughout the network, eventually reaching edge routers that, in response to the message, throttle the traffic that they pass into the network. The throttling is applied in increasing amounts with increasing traffic volumes received at the edge routers. The cool-it messages are authenticated to ensure that they are not being used as instruments of a DoS attack. This mechanism also works to control legitimate network congestion, and it does not block users from a host system that is under attack.
摘要翻译: 当主机系统的处理资源被传入请求占用超过触发点时,该主机系统发出在整个网络中广播的酷消息消息,最终到达边缘路由器,响应于该消息,节流了 他们进入网络。 在边缘路由器收到的流量增加的情况下,节流应用量越来越多。 酷消息被认证,以确保它们不被用作DoS攻击的工具。 这种机制也可以用来控制合法的网络拥塞,并且不会阻止受到受到攻击的主机系统的用户。
-
公开(公告)号:US4675804A
公开(公告)日:1987-06-23
申请号:US854435
申请日:1986-04-21
申请人: Douglas Wiemer
发明人: Douglas Wiemer
CPC分类号: B60H1/00885 , G05D23/1906
摘要: A variable gain integrator for controlling the response time of a controlled device so as to control a condition. The condition is sensed and compared to a set point to determine an error representing the difference therebetween. The difference is integrated by the variable gain integrator, the output of which is used to control the controlled device. The control system monitors the rate of change of the sensed condition. When the rate of condition change is less than a reference, the gain of the integrator is increased to decrease the response time of the controlled device.
摘要翻译: 一种可变增益积分器,用于控制受控装置的响应时间,以便控制条件。 检测条件并将其与设定点进行比较,以确定表示其间差异的误差。 该差异由可变增益积分器积分,其输出用于控制受控设备。 控制系统监测感测状况的变化率。 当条件变化率小于参考值时,增加积分器的增益以减小受控设备的响应时间。
-
公开(公告)号:US08544098B2
公开(公告)日:2013-09-24
申请号:US11366319
申请日:2006-03-02
IPC分类号: G08B23/00
CPC分类号: H04L63/1433 , G06F21/577
摘要: Security vulnerability information aggregation techniques are disclosed. Vulnerability information associated with one or more security vulnerabilities is obtained from multiple sources and aggregated into respective unified vulnerability definitions for the one or more security vulnerabilities. Aggregation may involve format conversion, content aggregation, or both in some embodiments. Unified vulnerability definitions may be distributed to vulnerability information consumers in accordance with consumer-specific policies. Storage of vulnerability information received from the sources may allow the aggregation process to be performed on existing vulnerability information “retro-actively”. Related data structures and Graphical User Interfaces (GUIs) are also disclosed.
摘要翻译: 公开了安全漏洞信息聚合技术。 与一个或多个安全漏洞相关联的漏洞信息是从多个来源获得的,并且被聚合到针对一个或多个安全漏洞的相应的统一漏洞定义中。 在一些实施例中,聚合可以涉及格式转换,内容聚合或两者。 可以根据消费者特定的策略将统一的漏洞定义分发给漏洞信息消费者。 从源接收到的漏洞信息的存储可能允许针对现有漏洞信息“复原”执行聚合过程。 还公开了相关数据结构和图形用户界面(GUI)。
-
公开(公告)号:US08438643B2
公开(公告)日:2013-05-07
申请号:US11366101
申请日:2006-03-02
IPC分类号: G06F21/00
CPC分类号: H04L63/1433 , G06F21/577
摘要: Information system service-level security risk analysis systems, methods, and Graphical User Interfaces are disclosed. Assets of an information system that have relationships with a service provided by the information system are identified, and at least one security risk to the service is determined by analyzing security vulnerabilities associated with the identified assets. A consolidated representation of the service is provided, and includes an indication of the determined security risk(s) and an indication of a relationship between the service and at least one of the identified assets. The security risk indication may include indications of multiple security parameters. Security risks may be represented differently depending on whether they arise from a security vulnerability of an asset that has a relationship with the service or a security vulnerability of an asset that has a relationship with the service only through a relationship with an asset that has a relationship with the service.
摘要翻译: 公开了信息系统服务级安全风险分析系统,方法和图形用户界面。 识别与由信息系统提供的服务有关系的信息系统的资产,并且通过分析与所识别的资产相关联的安全漏洞来确定对服务的至少一个安全风险。 提供了该服务的综合表示,并且包括确定的安全风险的指示以及该服务与至少一个所识别的资产之间的关系的指示。 安全风险指示可以包括多个安全参数的指示。 安全风险可能会有所不同,具体取决于它们是否来自与服务关系的资产的安全漏洞或与服务关系的资产的安全漏洞,只能通过与具有关系的资产的关系 与服务。
-
公开(公告)号:US08204720B2
公开(公告)日:2012-06-19
申请号:US11756970
申请日:2007-06-01
申请人: Douglas Wiemer , Mohammed Riyas Valiyapalathingal , Louie Kwan , Jennifer Li , Stanley TaiHai Chow
发明人: Douglas Wiemer , Mohammed Riyas Valiyapalathingal , Louie Kwan , Jennifer Li , Stanley TaiHai Chow
CPC分类号: G06F17/504
摘要: Graph-based modeling apparatus and techniques are disclosed. Based on a model including model nodes that represent components of a modeled system, operational dependencies between model nodes, and model edges that interconnect the nodes and represent relationships between the components in the modeled system, subset computations are performed to compute subsets of the model nodes that can impact operational dependencies between other model nodes. When the model changes, a determination is made as to whether an incremental subset computation should be performed for one or more particular operational dependencies between model nodes in the changed model, and if so, an incremental subset computation is performed. Otherwise, a full subset computation or no subset computation might be performed. In this manner, model changes are considered on a case-by-case basis to determine an extent, if any, to which subsets should be re-computed.
摘要翻译: 公开了基于图形的建模装置和技术。 基于模型,包括表示建模系统的组件的模型节点,模型节点之间的操作依赖性以及互连节点并且表示建模系统中的组件之间的关系的模型边缘,执行子集计算以计算模型节点的子集 这可能会影响其他模型节点之间的操作依赖关系。 当模型改变时,确定是否应该对改变的模型中的模型节点之间的一个或多个特定操作依赖性执行增量子集计算,如果是,则执行增量子集计算。 否则,可能会执行完整子集计算或无子集计算。 以这种方式,在逐个案例的基础上考虑模型更改,以确定应重新计算哪些子集的范围(如果有的话)。
-
公开(公告)号:US08095984B2
公开(公告)日:2012-01-10
申请号:US11366100
申请日:2006-03-02
IPC分类号: G06F12/16 , G06F11/00 , G06F15/173 , H04L29/06 , H04K1/00
CPC分类号: H04L63/1433 , G06F21/577
摘要: Systems and methods of associating security vulnerabilities and assets, and related Graphical User Interfaces (GUIs) and data structures, are disclosed. A definition of a security vulnerability, which includes multiple asset characteristics such as an asset platform that may be exploited via the security vulnerability and an asset platform that is affected when the exploited asset platform is exploited via the security vulnerability, is compared with definitions of one or more assets of an information system. An association between the security vulnerability and an asset is made if the definition of the asset includes a first asset characteristic of the security vulnerability definition and either the definition of the asset or the definition of another asset that has a relationship with the asset includes a second asset characteristic of the security vulnerability definition. The security vulnerability definition may also identify an asset platform that protects against the vulnerability.
摘要翻译: 披露了关联安全漏洞和资产的系统和方法以及相关的图形用户界面(GUI)和数据结构。 一个安全漏洞的定义,包括多个资产特征,例如可能通过安全漏洞利用的资产平台,以及受影响资产平台利用安全漏洞影响的资产平台,与一个定义相比较 或更多的信息系统资产。 如果资产的定义包括安全漏洞定义的特征的第一资产,资产的定义或与该资产关系的另一资产的定义包括第二种资产,就会产生安全漏洞与资产之间的关联 资产特征的安全漏洞定义。 安全漏洞定义还可以标识防范漏洞的资产平台。
-
公开(公告)号:US20070109015A1
公开(公告)日:2007-05-17
申请号:US11274005
申请日:2005-11-15
申请人: Gordon Hanes , Douglas Wiemer
发明人: Gordon Hanes , Douglas Wiemer
IPC分类号: H03K19/173
CPC分类号: H04L49/10 , H04L49/109
摘要: Switched integrated circuit connection architectures and techniques are disclosed. An integrated circuit includes connection segments and switching elements operatively coupled to the connection segments. Any of multiple switchable connections to a functional module of the integrated circuit can be established, as needed, by the switching elements through the connection segments. Protocol termination points associated with functional modules of the integrated circuit may be addressable in an address space that is used on an external connection outside the integrated circuit. An external protocol used on such an external connection may also be supported internally in the integrated circuit by the protocol termination points.
摘要翻译: 公开了开关集成电路连接架构和技术。 集成电路包括可操作地耦合到连接段的连接段和开关元件。 可以根据需要通过开关元件通过连接段来建立到集成电路的功能模块的多个可切换连接中的任何一个。 与集成电路的功能模块相关联的协议终止点可以在用于集成电路外部的外部连接的地址空间中寻址。 在这种外部连接上使用的外部协议也可以由协议终止点在集成电路的内部支持。
-
公开(公告)号:US20110197278A1
公开(公告)日:2011-08-11
申请号:US11656434
申请日:2007-01-23
申请人: Stanley TaiHai Chow , Jean-Marc Robert , Kevin McNamee , Douglas Wiemer , Bradley Kenneth McFarlane
发明人: Stanley TaiHai Chow , Jean-Marc Robert , Kevin McNamee , Douglas Wiemer , Bradley Kenneth McFarlane
IPC分类号: G06F21/20
CPC分类号: H04L63/1416 , H04L63/1458
摘要: A malware detection and response system based on traffic pattern anomalies detection is provided, whereby packets associated with a variety of protocols on each port of a network element are counted distinctly for each direction. Such packets include: ARP requests, TCP/SYN requests and acknowledgements, TCP/RST packets, DNS/NETBEUI name lookups, out-going ICMP packets, UDP packets, etc. When a packet causes an individual count or combination of counts to exceed a threshold, appropriate action is taken. The system can be incorporated into the fast path, that is, the data plane, enabling communications systems such as switches, routers, and DSLAMs to have built-in security at a very low cost.
摘要翻译: 提供了一种基于流量模式异常检测的恶意软件检测和响应系统,从而针对每个方向对网元的每个端口上的各种协议相关的数据包进行了明确的计数。 这样的数据包包括:ARP请求,TCP / SYN请求和确认,TCP / RST数据包,DNS / NETBEUI名称查找,外出ICMP数据包,UDP数据包等。当数据包导致个人计数或计数组合超过 阈值,采取适当的行动。 该系统可以并入快速路径,即数据平面,使诸如交换机,路由器和DSLAM之类的通信系统以非常低的成本具有内置的安全性。
-
公开(公告)号:US20070067848A1
公开(公告)日:2007-03-22
申请号:US11366319
申请日:2006-03-02
申请人: Christophe Gustave , Stanley Chow , Douglas Wiemer
发明人: Christophe Gustave , Stanley Chow , Douglas Wiemer
IPC分类号: G06F15/18
CPC分类号: H04L63/1433 , G06F21/577
摘要: Security vulnerability information aggregation techniques are disclosed. Vulnerability information associated with one or more security vulnerabilities is obtained from multiple sources and aggregated into respective unified vulnerability definitions for the one or more security vulnerabilities. Aggregation may involve format conversion, content aggregation, or both in some embodiments. Unified vulnerability definitions may be distributed to vulnerability information consumers in accordance with consumer-specific policies. Storage of vulnerability information received from the sources may allow the aggregation process to be performed on existing vulnerability information “retro-actively”. Related data structures and Graphical User Interfaces (GUIs) are also disclosed.
摘要翻译: 公开了安全漏洞信息聚合技术。 与一个或多个安全漏洞相关联的漏洞信息是从多个来源获得的,并且被聚合到针对一个或多个安全漏洞的相应的统一漏洞定义中。 在一些实施例中,聚合可以涉及格式转换,内容聚合或两者。 可以根据消费者特定的策略将统一的漏洞定义分发给漏洞信息消费者。 从源接收到的漏洞信息的存储可能允许针对现有漏洞信息“复原”执行聚合过程。 还公开了相关数据结构和图形用户界面(GUI)。
-
-
-
-
-
-
-
-
-
搜索结果
15 条记录 (耗时 0.014 秒)
