-
公开(公告)号:US08020207B2
公开(公告)日:2011-09-13
申请号:US11656434
申请日:2007-01-23
申请人: Stanley TaiHai Chow , Jean-Marc Robert , Kevin McNamee , Douglas Wiemer , Bradley Kenneth McFarlane
发明人: Stanley TaiHai Chow , Jean-Marc Robert , Kevin McNamee , Douglas Wiemer , Bradley Kenneth McFarlane
IPC分类号: G06F12/14
CPC分类号: H04L63/1416 , H04L63/1458
摘要: A malware detection and response system based on traffic pattern anomalies detection is provided, whereby packets associated with a variety of protocols on each port of a network element are counted distinctly for each direction. Such packets include: ARP requests, TCP/SYN requests and acknowledgements, TCP/RST packets, DNS/NETBEUI name lookups, out-going ICMP packets, UDP packets, etc. When a packet causes an individual count or combination of counts to exceed a threshold, appropriate action is taken. The system can be incorporated into the fast path, that is, the data plane, enabling communications systems such as switches, routers, and DSLAMs to have built-in security at a very low cost.
摘要翻译: 提供了一种基于流量模式异常检测的恶意软件检测和响应系统,从而针对每个方向对网元的每个端口上的各种协议相关的数据包进行了明确的计数。 这样的数据包包括:ARP请求,TCP / SYN请求和确认,TCP / RST数据包,DNS / NETBEUI名称查找,外出ICMP数据包,UDP数据包等。当数据包导致个人计数或计数组合超过 阈值,采取适当的行动。 该系统可以并入快速路径,即数据平面,使诸如交换机,路由器和DSLAM之类的通信系统以非常低的成本具有内置的安全性。
-
2.发明授权公开(公告)号:US07565426B2
公开(公告)日:2009-07-21
申请号:US10635602
申请日:2003-08-07
申请人: Emanuele Jones , Jean-Marc Robert
发明人: Emanuele Jones , Jean-Marc Robert
IPC分类号: G06F15/173 , G06F11/00
CPC分类号: H04L63/1408 , H04L43/00 , H04L43/026 , H04L63/1458 , H04L2463/146
摘要: A system and method of tracing network flows in an autonomous communications system are described. The Autonomous System may be formed of multiple subgroups depending on size and application. Each subgroup contains multiple, interconnected routers which participate in transporting data flow across the Autonomous System (AS). A Director within the AS has a full and complete vision of the network topology. When it is desired to trace a particular flow because of an identified attack, selected routers in key locations—through which that particular flow travels—mark packets with labels which enable the tracing of the path. These labels permit the source of the attack, at least in so far as it travels through the AS, to be identified. If the number of entry (or key) points to the AS is larger than the number of available labels, the AS will be divided into subgroups, the flow is traced from subgroup to subgroup.
摘要翻译: 描述了在自主通信系统中跟踪网络流的系统和方法。 根据大小和应用,自治系统可以由多个子组组成。 每个子组包含多个互连的路由器,它们参与跨自治系统(AS)传输数据流。 AS内的主管对网络拓扑结构有完整而完整的认识。 当由于识别的攻击而需要跟踪特定流时,特定流程通过该关键位置选择的路由器标记具有能够跟踪路径的标签的分组。 这些标签允许攻击的来源,至少在通过AS的途中被识别。 如果指向AS的条目(或密钥)的数量大于可用标签的数量,则AS将被划分为子组,该流从子组跟踪到子组。
-
公开(公告)号:US20090013404A1
公开(公告)日:2009-01-08
申请号:US11822341
申请日:2007-07-05
CPC分类号: H04L63/1458 , H04L63/08
摘要: When the processing resources of a host system are occupied beyond a trigger point by incoming requests, that host system issues a cool-it message that is broadcast throughout the network, eventually reaching edge routers that, in response to the message, throttle the traffic that they pass into the network. The throttling is applied in increasing amounts with increasing traffic volumes received at the edge routers. The cool-it messages are authenticated to ensure that they are not being used as instruments of a DoS attack. This mechanism also works to control legitimate network congestion, and it does not block users from a host system that is under attack.
摘要翻译: 当主机系统的处理资源被传入请求占用超过触发点时,该主机系统发出在整个网络中广播的酷消息消息,最终到达边缘路由器,响应于该消息,节流了 他们进入网络。 在边缘路由器收到的流量增加的情况下,节流应用量越来越多。 酷消息被认证,以确保它们不被用作DoS攻击的工具。 这种机制也可以用来控制合法的网络拥塞,并且不会阻止受到受到攻击的主机系统的用户。
-
4.发明申请公开(公告)号:US20070011741A1
公开(公告)日:2007-01-11
申请号:US11176237
申请日:2005-07-08
申请人: Jean-Marc Robert , Francois Cosquer
发明人: Jean-Marc Robert , Francois Cosquer
CPC分类号: H04L63/0245 , H04L43/00 , H04L63/1425
摘要: This method and system for detecting abnormal traffic in a communications network is based on classifying the traffic in risk and status categories and maintaining a service status table with this information for each service at a respective node. The risk categories are initially established based on known software vulnerabilities recognized for the respective service. An early notifier enables further processing of services suspected of malware propagation. Status categories enable segregating the traffic with a “under attack status” from the “non under attack” status, so that the intrusion detection system at the respective node only processes the “under attack” traffic. In this way, the time and amount of processing performed by the intrusion detection system is considerably reduced.
摘要翻译: 用于检测通信网络中的异常流量的方法和系统是基于对风险和状态类别中的流量进行分类,并且在相应节点处为每个服务维护具有该信息的服务状态表。 风险类别最初是基于为相应服务识别的已知软件漏洞建立的。 早期的通知器可以进一步处理涉嫌恶意软件传播的服务。 状态类别使得具有“不受攻击”状态的“受攻击状态”的流量隔离,使得相应节点处的入侵检测系统仅处理“未受攻击”流量。 以这种方式,入侵检测系统执行的处理的时间和数量大大降低。
-
公开(公告)号:US06648608B1
公开(公告)日:2003-11-18
申请号:US10009362
申请日:2001-12-10
申请人: Jean-Marc Robert
发明人: Jean-Marc Robert
IPC分类号: F04B2708
CPC分类号: F04B43/067 , F02M37/12 , F04B1/14
摘要: A main unit pumps the transferred liquid actuated by an auxiliary unit for pumping a working liquid. The auxiliary unit comprises a piston provided with an axial drilling (bore) for circulating working liquid between a tank and a compression chamber. The piston further comprises a valve for closing the drilling, the valve housed in the drilling between two ends thereof in permanent communication with the tank and the compression chamber respectively. The valve opens when the pressure of the working liquid in the tank exceeds that of the working liquid in the compression chamber and closes in the opposite situation. The compression chamber is delimited by a flexible diaphragm for pumping transferred liquid. The diaphragm is constantly elastically returned to the first position by a diaphragm spring. For the pump to operate correctly, the stiffness of the spring that returns the diaphragm associated with the piston, is dimensioned so that this spring keeps the working liquid contained in the compression chamber at a raised pressure with respect to the working liquid contained in the reservoir, and does so as long as the diaphragm has not reached its first position in which the pumping chamber has its maximum volume. The diaphragm spring allows the diaphragm to return automatically to its first position, even when there is no liquid in the main pumping unit.
摘要翻译: 主单元泵送由辅助单元致动的被转移液体,用于泵送工作液体。 辅助单元包括具有用于使工作液体在罐和压缩室之间循环的轴向钻孔(孔)的活塞。 所述活塞还包括用于关闭钻孔的阀,所述阀容纳在与所述罐和所述压缩室永久连通的两端之间的钻孔中。 当罐中的工作液体的压力超过压缩室中的工作液体的压力时,阀门打开,并且在相反的情况下关闭。 压缩室由用于泵送转移液体的柔性隔膜界定。 隔膜通过隔膜弹簧不断弹性地返回到第一位置。 为了使泵正常工作,返回与活塞相关联的隔膜的弹簧的刚度的尺寸被设计成使得该弹簧保持包含在压缩室中的工作液体相对于容纳在储存器中的工作液体的升高的压力 并且只要隔膜没有到达其泵送室的最大容积的第一位置即可。 膜片弹簧允许膜片自动返回到其第一位置,即使主泵送单元中没有液体。
-
6.发明授权System and method of network equipment remote access authentication in a communications network 有权通信网络中网络设备远程访问认证的系统和方法公开(公告)号:US08966263B2
公开(公告)日:2015-02-24
申请号:US11393879
申请日:2006-03-31
IPC分类号: H04L29/06
CPC分类号: H04L63/0823 , H04L63/12
摘要: A system and method are provided for key-based network equipment remote access authentication. A remote client machine and a piece of network equipment perform client-server authentication while the network equipment employs an access validation server to perform access validation for key-based authentication.
摘要翻译: 提供了基于密钥的网络设备远程访问认证的系统和方法。 远程客户机和一台网络设备执行客户端 - 服务器认证,而网络设备采用访问验证服务器对基于密钥的认证执行访问验证。
-
公开(公告)号:US07962958B2
公开(公告)日:2011-06-14
申请号:US12709015
申请日:2010-02-19
申请人: Jean-Marc Robert , Michel Barbeau
发明人: Jean-Marc Robert , Michel Barbeau
IPC分类号: G06F21/00
CPC分类号: H04W12/12 , H04L63/1408 , H04L63/1441 , H04W64/003 , H04W88/08
摘要: Methods to detect rogue access points (APs) and prevent unauthorized wireless access to services provided by a communication network are provided. A mobile station (MS) reports to a serving AP the received signal strength (RSS) for all APs in the area it travels. The serving AP detect a rogue AP based on inconsistencies perceived in the RSS reports, assessed during the handover phase or whilst the communication is active.
摘要翻译: 提供了检测流氓接入点(AP)并防止未经授权的无线访问由通信网络提供的服务的方法。 移动台(MS)向服务AP报告其所在区域中的所有AP的接收信号强度(RSS)。 服务AP基于在RSS报告中感知到的不一致性来检测流氓AP,在切换阶段期间或在通信活动期间进行评估。
-
8.发明授权Cookie-based mechanism providing lightweight authentication of layer-2 frames 失效基于Cookie的机制提供了第2层框架的轻量级认证公开(公告)号:US07685420B2
公开(公告)日:2010-03-23
申请号:US10939378
申请日:2004-09-14
IPC分类号: H04L9/32
CPC分类号: H04L63/12 , H04L63/1466 , H04L63/162 , H04W12/10 , H04W12/12
摘要: Methods and apparatus for improving the resilience of wireless packet-switched networks to Layer-2 attacks is provided via a lightweight mechanism for detecting spoofed frames. The mechanism enables a receiving node to detect spoofed frames from information contained in cookies sent with frames. A first cookie, containing initial information, is sent to the receiving station from the transmitting node along with the first frame of a frame set. For each received frame, spoofing detection includes applying a function to information received via a corresponding cookie received with the subject frame, the result of which function is compared with information received via a previous cookie. The validity of the subject frame is asserted if the result of applying the function to information received in the corresponding subject cookie correlates with previous or initial information received in a previous or the first cookie, respectively. An exemplary implementation includes using a one-way hashing function. Advantages are derived from a low computational overhead in effecting spoofed frame detection and from an ability of the proposed solution to co-exist with other standardized security mechanisms.
摘要翻译: 通过用于检测欺骗性帧的轻量级机制来提供用于将无线分组交换网络的弹性提高到二层攻击的方法和装置。 该机制使得接收节点能够从包含在与帧发送的cookie中的信息中检测欺骗帧。 包含初始信息的第一个cookie与帧集合的第一帧一起从发送节点发送到接收站。 对于每个接收的帧,欺骗检测包括将函数应用于通过与主体帧接收的相应cookie接收的信息,其结果与通过先前cookie接收的信息进行比较。 如果对相应主题曲中接收到的信息应用功能的结果分别与先前或第一个cookie中接收的先前或初始信息相关联,则主题帧的有效性被断言。 示例性实现包括使用单向散列函数。 优点来源于实现欺骗性帧检测的低计算开销,以及所提出的解决方案与其他标准化安全机制共存的能力。
-
公开(公告)号:US07487541B2
公开(公告)日:2009-02-03
申请号:US10730926
申请日:2003-12-10
申请人: Jean-Marc Robert
发明人: Jean-Marc Robert
IPC分类号: G06F11/00
CPC分类号: H04L47/10 , H04L45/00 , H04L63/1458 , H04L2463/146
摘要: A method and system for tracing-back single packets based on storing only one record per flow, ‘FlowId’, observed by a router on a given interface and in a given time window ‘Time Period’. This record can be seen as a canonical representation for all packets seen during this window. A malicious packet may be traced back to its origin by identifying the port of arrival based on that packet time of arrival X and the FlowId.
摘要翻译: 一种用于追踪单个数据包的方法和系统,该方法和系统基于每个流只存储一个记录“FlowId”,由给定接口上的路由器在给定的时间窗口“时间段”中观察到。 该记录可以被视为在此窗口期间看到的所有数据包的规范表示。 通过基于到达时间X和FlowId的识别端口来识别恶意分组。
-
公开(公告)号:US07373663B2
公开(公告)日:2008-05-13
申请号:US10316883
申请日:2002-12-12
申请人: Jean-Marc Robert
发明人: Jean-Marc Robert
CPC分类号: H04L63/1408 , H04L63/1458
摘要: A mechanism for detecting denial of service attacks in a digital communications system is described. A probabilistically determined portion of input packets of a connection are processed using a hash function to determine whether the packets belong to the flow initiated by a TCP SYN packet. The hash function includes a secret key for additional security. The result of the hash function is added to a value which is dependent on the sequence number of a packet being processed.
摘要翻译: 描述了一种在数字通信系统中检测拒绝服务攻击的机制。 使用散列函数来处理连接的输入分组的概率确定部分,以确定分组是否属于由TCP SYN分组发起的流。 哈希函数包括用于额外安全性的秘密密钥。 哈希函数的结果被添加到取决于正在处理的分组的序列号的值。
-
-
-
-
-
-
-
-
-
搜索结果
28 条记录 (耗时 0.02 秒)
