-
1.发明申请METHOD AND APPARATUS FOR ANALYZING SOURCE INTERNET PROTOCOL ACTIVITY IN A NETWORK 审中-公开用于分析网络中的源互联网协议活动的方法和装置公开(公告)号:US20100085888A1
公开(公告)日:2010-04-08
申请号:US12633761
申请日:2009-12-08
申请人: Jeanette LAROSA , Chaim SPIELMAN
发明人: Jeanette LAROSA , Chaim SPIELMAN
IPC分类号: H04L12/26
CPC分类号: H04L12/66
摘要: Method and apparatus for analyzing source Internet protocol (SIP) activity in a network is described. In one example, a SIP address is obtained. Log data collected over a predefined time period by a plurality of network facilities is automatically queried using the SIP address as parametric input to generate a report. The report includes sample activity for the SIP and statistics for targeted network facilities, firewall activity, targeted network spaces, and targeted IP addresses.
摘要翻译: 描述了用于分析网络中的源互联网协议(SIP)活动的方法和装置。 在一个示例中,获得SIP地址。 使用SIP地址作为参数输入来自动查询由多个网络设施在预定时间段收集的日志数据以生成报告。 该报告包括SIP的示例活动和针对目标网络设施的统计信息,防火墙活动,目标网络空间和目标IP地址。
-
公开(公告)号:US08516573B1
公开(公告)日:2013-08-20
申请号:US11316273
申请日:2005-12-22
申请人: Philip E. Brown , Jeanette LaRosa , Chaim Spielman
发明人: Philip E. Brown , Jeanette LaRosa , Chaim Spielman
IPC分类号: H04L29/06
CPC分类号: H04L63/1416
摘要: Method and apparatus for port sweep detection in a network is described. In one example, log data is obtained for a period of time. The log data is associated with a plurality of devices in the network. The log data is processed to identify connection requests from a source key for a port at a number of target internet protocol (IP) addresses. An alarm is generated if the number of target IP addresses associated with the connection requests from the source key exceeds a threshold.
摘要翻译: 描述网络中端口扫描检测的方法和装置。 在一个示例中,获取日志数据一段时间。 日志数据与网络中的多个设备相关联。 处理日志数据以从多个目标互联网协议(IP)地址的端口的源密钥识别连接请求。 如果与源密钥的连接请求相关联的目标IP地址数量超过阈值,则会产生警报。
-
3.发明授权Method and apparatus for volumetric thresholding and alarming on internet protocol traffic 失效互联网协议流量的体积阈值和报警的方法和装置公开(公告)号:US07738377B1
公开(公告)日:2010-06-15
申请号:US11438630
申请日:2006-05-22
申请人: Myra E. Agostino , Willa K. Ehrlich , David R. Gross , Daniel F. Hurley , Jeanette LaRosa , Carl B. Rexroad
发明人: Myra E. Agostino , Willa K. Ehrlich , David R. Gross , Daniel F. Hurley , Jeanette LaRosa , Carl B. Rexroad
IPC分类号: G01R31/08
CPC分类号: H04L43/0894 , H04L43/16
摘要: A method and apparatus for analyzing traffic arriving at and/or departing from a traffic aggregate defined as a given IP-related protocol, a given port associated with a given protocol, an IP address or subset of IP addresses, or by other traffic aggregation, during a given time interval, to determine whether there is a significant increase or decrease in traffic aggregate's traffic volume as compared to the traffic aggregate's expected traffic volume are disclosed. In one embodiment, the present method defines a traffic share ratio threshold associated with a given protocol or a given protocol port or a given IP address or a given subset of IP addresses or other traffic aggregation using said collected volumetric traffic data. The present method also defines a current traffic share, a baseline traffic share and a traffic share ratio to be evaluated for the said traffic aggregate. In turn, the present method raises an alarm if the traffic aggregate's traffic share ratio to be evaluated exceeds or falls below the traffic share ratio threshold defined for the traffic aggregate.
摘要翻译: 一种用于分析到达和/或离开定义为给定IP相关协议的业务聚合,与给定协议相关联的给定端口,IP地址或IP地址子集或通过其他业务聚合的流量的方法和装置, 在给定的时间间隔期间,确定与流量聚合的预期业务量相比,流量聚合的流量是否显着增加或减少。 在一个实施例中,本方法定义与给定协议或给定协议端口或给定IP地址或IP地址的给定子集或使用所述收集的体积业务数据的其他业务聚合相关联的业务共享比率阈值。 本方法还定义了将针对所述流量聚合来评估的当前流量份额,基线流量份额和流量份额比。 反过来,如果要评估的流量聚合的流量份额比超过或低于为流量聚合定义的流量份额比阈值,则本方法引发警报。
-
4.发明授权Method and apparatus for analyzing source internet protocol activity in a network 有权用于分析网络中的源互联网协议活动的方法和装置公开(公告)号:US07639621B1
公开(公告)日:2009-12-29
申请号:US11323011
申请日:2005-12-30
申请人: Jeanette Larosa , Chaim Spielman
发明人: Jeanette Larosa , Chaim Spielman
CPC分类号: H04L12/66
摘要: Method and apparatus for analyzing source internet protocol (SIP) activity in a network is described. In one example, a SIP address is obtained. Log data collected over a predefined time period by a plurality of network facilities is automatically queried using the SIP address as parametric input to generate a report. The report includes sample activity for the SIP and statistics for targeted network facilities, firewall activity, targeted network spaces, and targeted IP addresses.
摘要翻译: 描述了用于分析网络中的源互联网协议(SIP)活动的方法和装置。 在一个示例中,获得SIP地址。 使用SIP地址作为参数输入来自动查询由多个网络设施在预定时间段收集的日志数据以生成报告。 该报告包括SIP的示例活动和针对目标网络设施的统计信息,防火墙活动,目标网络空间和目标IP地址。
-
-
-
搜索结果
4 条记录 (耗时 0.009 秒)