-
公开(公告)号:US08789180B1
公开(公告)日:2014-07-22
申请号:US13367183
申请日:2012-02-06
申请人: Siying Yang , Krishna Narayanaswamy
发明人: Siying Yang , Krishna Narayanaswamy
IPC分类号: G06F12/14
CPC分类号: H04L63/0245 , G06F21/554 , H04L12/00 , H04L12/4633 , H04L47/2475 , H04L47/2483 , H04L63/02 , H04L63/0263 , H04L63/1416 , H04L63/168 , H04L67/00 , H04L69/22
摘要: An intrusion detection system is described that is capable of applying a plurality of stacked (layered) application-layer decoders to extract encapsulated application-layer data from a tunneled packet flow produced by multiple applications operating at the application layer, or layer seven (L7), of a network stack. In this was, the IDS is capable of performing application identification and decoding even when one or more software applications utilize other software applications as for data transport to produce packet flow from a network device. The protocol decoders may be dynamically swapped, reused and stacked (layered) when applied to a given packet or packet flow.
摘要翻译: 描述了入侵检测系统,其能够应用多个堆叠(分层)应用层解码器,以从在应用层操作的多个应用或第七层(L7)产生的隧道化分组流提取封装的应用层数据, ,一个网络堆栈。 这就是说,即使当一个或多个软件应用程序利用其他软件应用程序进行数据传输以产生来自网络设备的数据包流时,IDS也能执行应用程序识别和解码。 当应用于给定的分组或分组流时,协议解码器可以被动态地交换,重用和堆叠(分层)。
-
公开(公告)号:US08433808B1
公开(公告)日:2013-04-30
申请号:US13019088
申请日:2011-02-01
申请人: Xinhua Hong , Hongbin Wang , Ying Zhang , Krishna Narayanaswamy , Michael Luo
发明人: Xinhua Hong , Hongbin Wang , Ying Zhang , Krishna Narayanaswamy , Michael Luo
IPC分类号: G06F15/16
CPC分类号: H04L67/02 , H04L69/163 , H04L69/22
摘要: A system includes a storage device and a processor. The storage device is configured to store a first set of values of TCP options for a first group of servers. The processor is configured to: transmit first requests to the first group of servers; receive first replies, in response to the first requests, from the first group of servers; determine the first set of values of the TCP options for the first group based on values in the first replies; store the first set of values in the storage device; receive a first message from a client to establish a connection between the client and a server in the first group of servers, and transmit, in response to the first message, a second message to the client.
摘要翻译: 系统包括存储设备和处理器。 存储设备被配置为存储第一组服务器的第一组TCP选项值。 处理器被配置为:将第一请求发送到第一组服务器; 从第一组服务器接收第一个请求的响应,第一个请求; 基于第一个回复中的值确定第一个组的TCP选项的第一组值; 将第一组值存储在存储设备中; 从客户端接收第一消息以建立客户端与第一服务器组中的服务器之间的连接,并且响应于第一消息向客户端发送第二消息。
-
公开(公告)号:US08321595B2
公开(公告)日:2012-11-27
申请号:US13092532
申请日:2011-04-22
申请人: Krishna Narayanaswamy , Siying Yang
发明人: Krishna Narayanaswamy , Siying Yang
IPC分类号: G06F15/16
CPC分类号: H04L43/10 , H04L63/0236 , H04L63/0245 , H04L63/10 , H04L63/1408
摘要: A method may include receiving a communication from a client device and identifying a port number, a protocol and a destination associated with the communication. The method may also include identifying a first application being executed by the first client device based on the port number, the protocol and the destination associated with the first communication.
摘要翻译: 一种方法可以包括从客户端设备接收通信并识别端口号,协议和与该通信相关联的目的地。 该方法还可以包括基于与第一通信相关联的端口号,协议和目的地识别由第一客户端设备执行的第一应用。
-
公开(公告)号:US08209291B1
公开(公告)日:2012-06-26
申请号:US12211167
申请日:2008-09-16
申请人: Qingming Ma , Krishna Narayanaswamy
发明人: Qingming Ma , Krishna Narayanaswamy
IPC分类号: G06F7/00
CPC分类号: G06F17/30442 , H04L67/2847
摘要: A data prefetching technique uses predefined prefetching criteria and prefetching models to identify and retrieve prefetched data. A prefetching model that defines data to be prefetched via a network may be stored. It may be determined whether prefetching initiation criteria have been satisfied. Data for prefetching may be identified based on the prefetching model when the prefetching initiation criteria have been satisfied. The identified data may be prefetched, via the network, based on the prefetching model.
摘要翻译: 数据预取技术使用预定义的预取准则和预取模型来识别和检索预取数据。 可以存储定义要通过网络预取的数据的预取模型。 可以确定是否已经满足预取启动标准。 当预取起始标准已被满足时,可以基于预取模型来识别用于预取的数据。 可以经由网络基于预取模型来预取识别的数据。
-
公开(公告)号:US20110055921A1
公开(公告)日:2011-03-03
申请号:US12607107
申请日:2009-10-28
CPC分类号: H04L63/1458 , H04L63/1416
摘要: A network security device performs a three-stage analysis of traffic to identify malicious clients. In one example, a device includes an attack detection module to, during a first stage, monitor network connections to a protected network device, during a second stage, to monitor a plurality of types of transactions for the plurality of network sessions when a parameter for the connections exceeds a connection threshold, and during a third stage, to monitor communications associated with network addresses from which transactions of the at least one of type of transactions originate when a parameter associated with the at least one type of transactions exceeds a transaction-type threshold. The device executes a programmed action with respect to at least one of the network addresses when the transactions of the at least one of the plurality of types of transactions originating from the at least one network address exceeds a client-transaction threshold.
摘要翻译: 网络安全设备对流量执行三阶段分析,以识别恶意客户端。 在一个示例中,设备包括攻击检测模块,在第一阶段期间,在第二阶段期间,监视与受保护网络设备的网络连接,以监视多个网络会话的多种类型的事务,当用于 所述连接超过连接阈值,并且在第三阶段期间,当与所述至少一种类型的事务相关联的参数超过事务类型时,监视与所述至少一种类型的事务的事务起始的网络地址相关联的通信 阈。 当来自所述至少一个网络地址的所述多种类型的交易中的至少一种交易的交易超过客户端交易阈值时,所述设备相对于所述网络地址中的至少一个执行编程动作。
-
公开(公告)号:US20100281539A1
公开(公告)日:2010-11-04
申请号:US12432325
申请日:2009-04-29
申请人: Bryan Burns , Krishna Narayanaswamy
发明人: Bryan Burns , Krishna Narayanaswamy
IPC分类号: G06F21/00
CPC分类号: H04L63/1441 , H04L63/14 , H04L63/1416 , H04L2463/144
摘要: This disclosure describes techniques for determining whether a network session originates from an automated software agent. In one example, a network device, such as a router, includes a network interface to receive packets of a network session, a bot detection module to calculate a plurality of scores for network session data based on a plurality of metrics, wherein each of the metrics corresponds to a characteristic of a network session originated by an automated software agent, to produce an aggregate score from an aggregate of the plurality of scores, and to determine that the network session is originated by an automated software agent when the aggregate score exceeds a threshold, and an attack detection module to perform a programmed response when the network session is determined to be originated by an automated software agent. Each score represents a likelihood that the network session is originated by an automated software agent.
摘要翻译: 本公开描述了用于确定网络会话是否源于自动化软件代理的技术。 在一个示例中,诸如路由器的网络设备包括用于接收网络会话的分组的网络接口,基于多个度量来计算网络会话数据的多个分数的机器人检测模块,其中, 度量对应于由自动化软件代理发起的网络会话的特征,以从多个分数的聚合中产生聚合分数,并且当聚合分数超过一个分数时,确定网络会话由自动软件代理发起 阈值,以及当网络会话被确定为由自动化软件代理发起时执行编程响应的攻击检测模块。 每个分数表示网络会话由自动化软件代理发起的可能性。
-
7.发明申请DYNAMIC ACCESS CONTROL POLICY WITH PORT RESTRICTIONS FOR A NETWORK SECURITY APPLIANCE 有权用于网络安全设备的端口限制的动态访问控制策略公开(公告)号:US20100095367A1
公开(公告)日:2010-04-15
申请号:US12261512
申请日:2008-10-30
IPC分类号: G06F21/00
CPC分类号: H04L63/20 , H04L63/0245 , H04L63/0254 , H04L63/0263
摘要: A network security appliance supports definition of a security policy to control access to a network. The security policy is defined by match criteria including a layer seven network application, a static port list of layer four ports for a transport-layer protocol, and actions to be applied to packet flows that match the match criteria. A rules engine dynamically identifies a type of layer seven network application associated with the received packet flow based on inspection of application-layer data within payloads of packets of the packet flow without basing the identification solely on a layer four port specified by headers within the packets. The rules engine is configured to apply the security policy to determine whether the packet flow matches the static port lists specified by the match criteria. The network security appliance applies the actions specified by the security policy to the packet flow.
摘要翻译: 网络安全设备支持定义安全策略以控制对网络的访问。 安全策略由匹配标准定义,包括第七层网络应用,传输层协议的第四层端口的静态端口列表,以及适用于匹配匹配标准的数据包流的动作。 基于分组流的分组的有效载荷内的应用层数据的检查,规则引擎动态地识别与接收到的分组流相关联的第七层网络应用的类型,而不必将该标识仅基于由分组中的报头指定的第四层端口 。 规则引擎被配置为应用安全策略来确定数据包流是否与匹配条件指定的静态端口列表匹配。 网络安全设备将安全策略指定的动作应用于数据包流。
-
8.发明授权Traffic cut-through within network device having multiple virtual network devices 有权具有多个虚拟网络设备的网络设备内的流量切换公开(公告)号:US08953599B1
公开(公告)日:2015-02-10
申请号:US13539120
申请日:2012-06-29
申请人: Colby Barth , Nischal Sheth , Nitin Kumar , Xuefei Zhang , Panning Huang , Raghavendra Mallya , Bhasker R. Allam , Krishna Narayanaswamy , Dongyi Jiang , Tsai-Zong Lin , Jiaxiang Su
发明人: Colby Barth , Nischal Sheth , Nitin Kumar , Xuefei Zhang , Panning Huang , Raghavendra Mallya , Bhasker R. Allam , Krishna Narayanaswamy , Dongyi Jiang , Tsai-Zong Lin , Jiaxiang Su
IPC分类号: H04L12/28 , H04L12/751
CPC分类号: H04L45/02 , H04L45/40 , H04L45/586 , H04L45/60
摘要: In general, techniques are for providing a direct forwarding path between virtual routers within a single virtualized routing system. In one example, a method includes combining forwarding information from a plurality of virtual routers into collapsed forwarding information that comprises one or more direct forwarding paths between the respective virtual routers. The method also includes determining a direct forwarding path to an egress interface of the second virtual router, in response to receiving a network packet at an ingress interface of a first virtual router. The method also includes forwarding the network packet from the ingress interface of the first virtual router to the egress interface of the second virtual router using the direct forwarding path, wherein the network packet traverses a switch fabric directly from the ingress interface of the first virtual router to the egress interface of the second virtual router.
摘要翻译: 通常,技术用于在单个虚拟化路由系统内的虚拟路由器之间提供直接转发路径。 在一个示例中,一种方法包括将来自多个虚拟路由器的转发信息组合成包括在各个虚拟路由器之间的一个或多个直接转发路径的折叠转发信息。 响应于在第一虚拟路由器的入口接口处接收到网络分组,该方法还包括确定到第二虚拟路由器的出口接口的直接转发路径。 该方法还包括使用直接转发路径将网络分组从第一虚拟路由器的入口接口转发到第二虚拟路由器的出口接口,其中网络分组从第一虚拟路由器的入口接口直接穿越交换结构 到第二虚拟路由器的出口接口。
-
公开(公告)号:US20140003433A1
公开(公告)日:2014-01-02
申请号:US13538344
申请日:2012-06-29
IPC分类号: H04L12/56
CPC分类号: H04L49/355 , H04L67/327
摘要: In some embodiments, a non-transitory processor-readable medium stores code representing instructions to be executed by a processor. The code causes the processor to receive, from a source peripheral processing device, a portion of a data packet having a destination address associated with a destination peripheral processing device. The code causes the processor to identify, based on the destination address, a service to be performed on the portion of the data packet. The code causes the processor to select, based on the service, an identifier of a service module associated with the service. The code further causes the processor to send the portion of the data packet to the service module via a distributed switch fabric such that the service module performs the service on the portion of the data packet and sends the portion of the data packet to the destination peripheral processing device via the distributed switch fabric.
摘要翻译: 在一些实施例中,非暂时处理器可读介质存储表示要由处理器执行的指令的代码。 代码使得处理器从源外围处理设备接收具有与目的地外围设备处理设备相关联的目的地地址的数据分组的一部分。 代码使得处理器基于目的地地址来识别要在数据分组的部分上执行的服务。 代码使得处理器基于该服务来选择与服务相关联的服务模块的标识符。 该代码还使得处理器经由分布式交换结构将数据分组的一部分发送到服务模块,使得服务模块在数据分组的一部分上执行服务,并将数据分组的一部分发送到目的地外设 处理设备通过分布式交换结构。
-
公开(公告)号:US08619614B2
公开(公告)日:2013-12-31
申请号:US13352790
申请日:2012-01-18
IPC分类号: H04L12/26 , H04L12/28 , H04L12/54 , G06F15/173
CPC分类号: H04L43/18
摘要: A device, connected to a monitoring appliance, may include a traffic analyzer to receive a data unit and identify a traffic flow associated with the data unit. The device may also include a traffic processor to receive the data unit and information regarding the identified traffic flow from the traffic analyzer, determine that the identified traffic flow is to be monitored by the monitoring appliance, change a port number, associated with the data unit, to a particular port number to create a modified data unit when the identified traffic flow is to be monitored by the monitoring appliance, and send the modified data unit to the monitoring appliance.
摘要翻译: 连接到监视设备的设备可以包括用于接收数据单元并识别与数据单元相关联的业务流的流量分析器。 该设备还可以包括业务处理器以接收数据单元和关于来自业务分析器的所标识的业务流的信息,确定所监视的设备将监视所识别的业务流,改变与数据单元相关联的端口号 到特定端口号,以在所监视设备监视所识别的流量时创建修改的数据单元,并将修改的数据单元发送到监视设备。
-
-
-
-
-
-
-
-
-
搜索结果
51 条记录 (耗时 0.023 秒)
