-
公开(公告)号:US20140012973A1
公开(公告)日:2014-01-09
申请号:US13542422
申请日:2012-07-05
IPC分类号: G06F15/173
CPC分类号: G06F21/32 , G06F2221/2101 , G06F2221/2117 , H04L41/5058 , H04L41/5096 , H04L67/22 , H04L67/306
摘要: A method for identifying an unknown user according to a plurality of facets of user activity in a plurality of contexts includes receiving a plurality of priors for the facets with respect to the contexts, receiving a plurality of footprints of known users, aggregating the footprints of the users to determine an ensemble prior, receiving a plurality of network traces relevant to an unknown user in a computer environment, matching the network traces against each of the footprints to determine a plurality of matches, aggregating the matches using the ensemble prior according to the facets and the contexts, and outputting a probable user identity for the unknown user.
摘要翻译: 根据多个上下文中的用户活动的多个方面来识别未知用户的方法包括:针对所述上下文接收所述方面的多个先验,接收已知用户的多个覆盖区, 用户在先前确定集合,在计算机环境中接收与未知用户相关的多个网络迹线,将网络跟踪与每个足迹匹配以确定多个匹配,以根据小平面先前使用集合聚合匹配 和上下文,并为未知用户输出可能的用户身份。
-
公开(公告)号:US20100054151A1
公开(公告)日:2010-03-04
申请号:US12198747
申请日:2008-08-26
申请人: Patrick Droz , Paul Hurley , Andreas Kind , Marc Stoecklin
发明人: Patrick Droz , Paul Hurley , Andreas Kind , Marc Stoecklin
IPC分类号: H04L12/26
CPC分类号: H04L43/028 , H04L43/024 , H04L43/045 , H04L43/067
摘要: A system and method for monitoring packetized traffic flow in a network and enabling approximation of the rate information of a network flow. The method for monitoring network traffic flow includes receiving, at a network packet flow collector device, packetized traffic flow signals to be monitored; sampling said received packetized traffic flow signals in time to form an approximation of the packet flow rate in time; generating packet flow activity data comprising data representing the sampled traffic flow signals sampled in time; communicating the packet flow activity data to a network packet flow analyzer device and processing the flow activity data to form signals representing an approximate version of the network traffic flow in the network, the analyzer processing the traffic flow signals for reconstructing the rate of the netflow as a function of time. The flow analyzer then generates a compressed version of the network traffic flow signals in the network, the compressed network traffic flow signals comprising relevant approximation of the packet flow rate in time.
摘要翻译: 一种用于监视网络中的分组业务流的系统和方法,并且能够近似网络流的速率信息。 用于监视网络流量流的方法包括:在网络分组流收集器设备处接收要监视的分组化业务流信号; 及时对所接收的分组业务流信号进行采样,以及时形成分组流量的近似值; 生成包含表示在时间上采样的采样业务流信号的数据的分组流活动数据; 将分组流活动数据传送到网络分组流分析器装置,并处理流动活动数据以形成表示网络中的网络业务流的近似版本的信号,分析器处理业务流信号以重建网流的速率为 时间的功能。 流量分析器随后生成网络中的网络流量信号的压缩版本,压缩网络流量信号包括时间上分组流速的相关近似。
-
公开(公告)号:US20100049700A1
公开(公告)日:2010-02-25
申请号:US12194784
申请日:2008-08-20
CPC分类号: H04L41/142 , H04L43/00 , H04L43/026 , H04L43/16
摘要: A method for probabilistic lossy counting includes: for each element in a current window, determining whether an entry corresponding to a current element is present in a table; in the event an entry corresponding to the current element is present in the table, incrementing a frequency counter associated with the current element; otherwise, inserting an entry into a table, wherein inserting an entry comprises: calculating a probabilistic error bound Δ based on an index i of the current window; and inserting the probabilistic error bound Δ and a frequency counter into an entry corresponding to the current element in the table; and at the end of the current window, removing all elements from the table wherein the sum of the frequency counter and probabilistic error bound Δ associated with the element is less than or equal to the index of the current window.
摘要翻译: 概率有损计数的方法包括:对于当前窗口中的每个元素,确定对应于当前元素的条目是否存在于表中; 在表中存在对应于当前元素的条目的情况下,增加与当前元素相关联的频率计数器; 否则,将条目插入到表中,其中插入条目包括:计算概率误差界限&Dgr; 基于当前窗口的索引i; 并插入概率误差界限&Dgr; 以及与表中的当前元素相对应的条目的频率计数器; 并且在当前窗口的末尾,从表中移除所有元素,其中频率计数器和概率误差的总和&Dgr; 与元素关联的小于或等于当前窗口的索引。
-
公开(公告)号:US09003025B2
公开(公告)日:2015-04-07
申请号:US13542422
申请日:2012-07-05
IPC分类号: G06F15/173 , G06F21/32
CPC分类号: G06F21/32 , G06F2221/2101 , G06F2221/2117 , H04L41/5058 , H04L41/5096 , H04L67/22 , H04L67/306
摘要: A method for identifying an unknown user according to a plurality of facets of user activity in a plurality of contexts includes receiving a plurality of priors for the facets with respect to the contexts, receiving a plurality of footprints of known users, aggregating the footprints of the users to determine an ensemble prior, receiving a plurality of network traces relevant to an unknown user in a computer environment, matching the network traces against each of the footprints to determine a plurality of matches, aggregating the matches using the ensemble prior according to the facets and the contexts, and outputting a probable user identity for the unknown user.
摘要翻译: 根据多个上下文中的用户活动的多个方面来识别未知用户的方法包括:针对所述上下文接收所述方面的多个先验,接收已知用户的多个覆盖区, 用户在先前确定集合,在计算机环境中接收与未知用户相关的多个网络迹线,将网络跟踪与每个足迹匹配以确定多个匹配,以根据小平面先前使用集合聚合匹配 和上下文,并为未知用户输出可能的用户身份。
-
公开(公告)号:US07937388B2
公开(公告)日:2011-05-03
申请号:US12194784
申请日:2008-08-20
IPC分类号: G06F7/00
CPC分类号: H04L41/142 , H04L43/00 , H04L43/026 , H04L43/16
摘要: A method for probabilistic lossy counting includes: for each element in a current window, determining whether an entry corresponding to a current element is present in a table; in the event an entry corresponding to the current element is present in the table, incrementing a frequency counter associated with the current element; otherwise, inserting an entry into a table, wherein inserting an entry comprises: calculating a probabilistic error bound Δ based on an index i of the current window; and inserting the probabilistic error bound Δ and a frequency counter into an entry corresponding to the current element in the table; and at the end of the current window, removing all elements from the table wherein the sum of the frequency counter and probabilistic error bound Δ associated with the element is less than or equal to the index of the current window.
摘要翻译: 概率有损计数的方法包括:对于当前窗口中的每个元素,确定对应于当前元素的入口是否存在于表中; 在表中存在对应于当前元素的条目的情况下,增加与当前元素相关联的频率计数器; 否则,将条目插入到表中,其中插入条目包括:计算概率误差界限&Dgr; 基于当前窗口的索引i; 并插入概率误差界限&Dgr; 以及与表中的当前元素相对应的条目的频率计数器; 并且在当前窗口的末尾,从表中移除所有元素,其中频率计数器和概率误差的总和&Dgr; 与元素关联的小于或等于当前窗口的索引。
-
公开(公告)号:US07911975B2
公开(公告)日:2011-03-22
申请号:US12198747
申请日:2008-08-26
申请人: Patrick Droz , Paul Hurley , Andreas Kind , Marc Stoecklin
发明人: Patrick Droz , Paul Hurley , Andreas Kind , Marc Stoecklin
IPC分类号: H04L12/28
CPC分类号: H04L43/028 , H04L43/024 , H04L43/045 , H04L43/067
摘要: A system and method for monitoring packetized traffic flow in a network and enabling approximation of the rate information of a network flow. The method for monitoring network traffic flow includes receiving, at a network packet flow collector device, packetized traffic flow signals to be monitored; sampling said received packetized traffic flow signals in time to form an approximation of the packet flow rate in time; generating packet flow activity data comprising data representing the sampled traffic flow signals sampled in time; communicating the packet flow activity data to a network packet flow analyzer device and processing the flow activity data to form signals representing an approximate version of the network traffic flow in the network, the analyzer processing the traffic flow signals for reconstructing the rate of the netflow as a function of time. The flow analyzer then generates a compressed version of the network traffic flow signals in the network, the compressed network traffic flow signals comprising relevant approximation of the packet flow rate in time.
摘要翻译: 一种用于监视网络中的分组业务流的系统和方法,并且能够近似网络流的速率信息。 用于监视网络流量流的方法包括:在网络分组流收集器设备处接收要监视的分组化业务流信号; 及时对所接收的分组业务流信号进行采样,以及时形成分组流量的近似值; 生成包含表示在时间上采样的采样业务流信号的数据的分组流活动数据; 将分组流活动数据传送到网络分组流分析器装置,并处理流动活动数据以形成表示网络中的网络业务流的近似版本的信号,分析器处理业务流信号以重建网流的速率为 时间的功能。 流量分析器随后生成网络中的网络流量信号的压缩版本,压缩网络流量信号包括时间上的分组流速的相关近似。
-
公开(公告)号:US09251328B2
公开(公告)日:2016-02-02
申请号:US13553415
申请日:2012-07-19
IPC分类号: G06F15/173 , G06F21/32 , H04L12/24
CPC分类号: G06F21/32 , G06F2221/2101 , G06F2221/2117 , H04L41/5058 , H04L41/5096 , H04L67/22 , H04L67/306
摘要: A method for identifying an unknown user according to a plurality of facets of user activity in a plurality of contexts includes receiving a plurality of priors for the facets with respect to the contexts, receiving a plurality of footprints of known users, aggregating the footprints of the users to determine an ensemble prior, receiving a plurality of network traces relevant to an unknown user in a computer environment, matching the network traces against each of the footprints to determine a plurality of matches, aggregating the matches using the ensemble prior according to the facets and the contexts, and outputting a probable user identity for the unknown user.
-
公开(公告)号:US20140012976A1
公开(公告)日:2014-01-09
申请号:US13553415
申请日:2012-07-19
IPC分类号: G06F15/16
CPC分类号: G06F21/32 , G06F2221/2101 , G06F2221/2117 , H04L41/5058 , H04L41/5096 , H04L67/22 , H04L67/306
摘要: A method for identifying an unknown user according to a plurality of facets of user activity in a plurality of contexts includes receiving a plurality of priors for the facets with respect to the contexts, receiving a plurality of footprints of known users, aggregating the footprints of the users to determine an ensemble prior, receiving a plurality of network traces relevant to an unknown user in a computer environment, matching the network traces against each of the footprints to determine a plurality of matches, aggregating the matches using the ensemble prior according to the facets and the contexts, and outputting a probable user identity for the unknown user.
-
-
-
-
-
-
-
搜索结果
8 条记录 (耗时 0.009 秒)
