公开(公告)号：US10404554B2

公开(公告)日：2019-09-03

申请号：US15271914

申请日：2016-09-21

申请人： Narus, Inc.

发明人： Alok Tongaonkar ,  Ram Keralapura ,  Antonio Nucci

IPC分类号： G06F13/00 ,  H04L12/26 ,  H04L12/851 ,  G08G1/0962 ,  H04L29/08 ,  H04L29/06

摘要： A method for profiling network traffic of a network. The method includes extracting cells from bi-directional payloads generated by a network application, wherein each cell comprises at least one direction reversal in a corresponding bi-directional flow, generating a cell group comprising a portion of the cells that are similar, analyzing the cell group to generate a signature of the network application, and classifying, based on the signature of the network application, a new bi-directional flow as being generated by the network application.

公开(公告)号：US09311386B1

公开(公告)日：2016-04-12

申请号：US13855872

申请日：2013-04-03

申请人： Narus, Inc.

发明人： Han See Song ,  Mario Baldi ,  Qiang Ma ,  Antonio Nucci

IPC分类号： G06F17/30

CPC分类号： G06F17/30598 ,  G06F17/30643 ,  G06F17/30702 ,  G06F17/30707 ,  G06F17/30722 ,  G06F17/30867

摘要： A method for network resource classification and identifying user interests based on the classification. The method uses a provided hierarchy of categories for classifying network resources, wherein each category is assigned a text item describing the category and the method includes obtaining resource description data collections corresponding to the network resources, and generating, using a semantic correlation algorithm, a category score vector of a network resource by comparing the resource description data collection to the text item assigned to each category in the hierarchy of categories, wherein the category score vector comprises a category score for each category in the hierarchy of categories, wherein the category score is determined based on at least a semantic correlation measure between the resource description data collection and the text item assigned to a corresponding category, wherein the plurality of network resources are classified based at least on the category score.

摘要翻译： 一种基于分类的网络资源分类和用户兴趣的识别方法。 该方法使用提供的类别分类来对网络资源进行分类，其中为每个类别分配描述类别的文本项，并且该方法包括获得与网络资源相对应的资源描述数据集合，并且使用语义相关算法生成类别 通过将资源描述数据收集与分配给类别层级中的每个类别的文本项目进行比较，其中，类别分数向量包括类别分级中的每个类别的类别分数，其中分类分数为 基于至少在资源描述数据收集和分配给相应类别的文本项目之间的语义相关性度量来确定，其中所述多个网络资源至少基于类别分数进行分类。

公开(公告)号：US09100326B1

公开(公告)日：2015-08-04

申请号：US13917489

申请日：2013-06-13

申请人： Narus, Inc.

发明人： Marios Iliofotou ,  Ram Keralapura ,  Marco Mellia ,  Ignacio Bermudez

IPC分类号： G06F15/173 ,  H04L12/26 ,  G06F17/30 ,  G06F17/24 ,  G06F17/27

CPC分类号： H04L43/18 ,  G06F17/24 ,  G06F17/27 ,  G06F17/30861 ,  G06F17/30867 ,  G06F17/30908

摘要： A method for analyzing an application protocol of a network. The method includes extracting non-alphanumeric tokens from conversations of the network, selecting frequently occurring non-alphanumeric token as a field delimiter candidate for dividing each conversation into a slice-set, analyzing slice-sets of the conversations to determine a statistical measure of matched slices for each conversation, and -o determine a field delimiter candidate score by aggregating the statistical measure of matched slices for all conversations, and selecting the non-alphanumeric token as the field delimiter of the protocol based on the field delimiter candidate score associated with the non-alphanumeric token.

摘要翻译： 一种用于分析网络的应用协议的方法。 该方法包括从网络对话中提取非字母数字令牌，选择频繁出现的非字母数字令牌作为字段分隔符候选者，用于将每个会话划分为片集，分析对话的切片集以确定匹配的统计量度 用于每个会话的切片，以及 - 通过聚合针对所有对话的匹配切片的统计度量来确定字段分隔符候选分数，并且基于与所述对话相关联的字段分隔符候选分数来选择非字母数字标记作为协议的字段分隔符 非字母数字令牌。

公开(公告)号：US10419351B1

公开(公告)日：2019-09-17

申请号：US13857092

申请日：2013-04-04

申请人： Narus, Inc.

发明人： Mario Baldi ,  Yong Liao ,  Stanislav Miskovic ,  Antonio Nucci

IPC分类号： G06F15/173 ,  H04L12/851

摘要： A method for classifying network traffic in a network. The method includes obtaining, from an application distribution source, an application distribution data set of comprising information associated with distributing an application from the pre-determined application distribution source, extracting, based on a pre-determined extraction criterion, a token from the application distribution data set of the application, obtaining, from the network traffic, a plurality of flows generated by the application, extracting, in response to detecting the token in a flow of the plurality of flows, context information associated with the token in the flow, and generating an identification rule of the application based on the token and the context information, wherein the identification rule describes one or more rule steps to locate the token in the flow, wherein the network traffic is classified using at least the identification rule.

公开(公告)号：US10332005B1

公开(公告)日：2019-06-25

申请号：US13626070

申请日：2012-09-25

申请人： Narus, Inc.

发明人： Yong Liao ,  Mario Baldi ,  Stanislav Miskovic ,  Antonio Nucci ,  Qiang Xu

IPC分类号： G06N5/00 ,  G06N99/00

摘要： Embodiments of the invention provide a method, system, and computer readable medium for classifying network traffic based on application signatures generated during a training phase. The application signatures are generated based on tokens extracted from a training set that is generated by a particular application during the training phase. Accordingly, a new token extracted in real-time from current network data is compared to the application signatures to determine if the current network data is generated by the particular application.

公开(公告)号：US10263868B1

公开(公告)日：2019-04-16

申请号：US14334141

申请日：2014-07-17

申请人： Narus, Inc.

发明人： Mario Baldi ,  Yong Liao ,  Stanislav Miskovic ,  Antonio Nucci ,  Han Hee Song

IPC分类号： H04L12/26

摘要： A method for applying a user-specific policy in a network. The method includes identifying a historical portion of network traffic of the network as associated with a user, analyzing, by a computer processor, the historical portion of network traffic to generate a fingerprint of the user, wherein the fingerprint represents characteristics of user activity in the network, identifying, by the computer processor, an ongoing portion of network traffic of the network as associated with the user, analyzing, by the computer processor and based on the fingerprint, the ongoing portion of network traffic to determine a match, wherein the match is determined at a time point within the ongoing portion of network traffic, and applying, in response to determining the match, the user-specific policy to the ongoing portion of network traffic subsequent to the time point.

公开(公告)号：US10078743B1

公开(公告)日：2018-09-18

申请号：US14458723

申请日：2014-08-13

申请人： Narus, Inc.

发明人： Mario Baldi ,  Antonio Nucci

IPC分类号： G06F17/00 ,  G06F21/32 ,  G06N99/00

CPC分类号： G06F21/32 ,  G06F21/316 ,  G06N20/00

摘要： A method for using a user device. The method includes obtaining, during a fingerprint learning phase, a historical portion of user activity data associated with user activity of a user using the user device, analyzing, by a computer processor of the user device, the historical portion to generate a fingerprint of the user, wherein the fingerprint represents characteristics of the user activity, obtaining, during a fingerprint matching phase subsequent to the fingerprint learning phase, an ongoing portion of the user activity data, analyzing, by the computer processor and based on the fingerprint, the ongoing portion to determine a match, wherein the match is determined at a time point within the fingerprint matching phase, and unlocking, by the computer processor and in response to determining the match, a locked data item for access, therein the locked data item is stored on the user device. The locked data item is associated to the user owning, assigned to, or normally and legitimately using the user device. In one embodiment, once unlocked the data item can be used to authenticate the user associated to it, i.e., the user owning, assigned to, or normally and legitimately using the user device on which the data item is stored.

公开(公告)号：US09977910B2

公开(公告)日：2018-05-22

申请号：US14968435

申请日：2015-12-14

申请人： Narus, Inc.

发明人： Ignacio Bermudez Corrales ,  Antonio Nucci

IPC分类号： H04L29/06 ,  G06F21/62 ,  G06F21/60 ,  H04L9/08

CPC分类号： G06F21/6209 ,  G06F21/602 ,  G06F21/6263 ,  G06F2221/2107 ,  G06F2221/2137 ,  H04L9/0825 ,  H04L9/0833

摘要： A trusted user circle server for encryption key distribution and authentication support, as well as a client-side application which resides on user's devices are disclosed. In particular, the trusted user circle server manages a repository for static public keys (SPUK) which are used for authentication and secure distribution of a dynamic private context key (DPCK) used for the end-to-many encryption. Accordingly, posting users encrypt posted document using the DPCK and viewing users retrieve the DPCK to decrypt the posted document. These keys are associated to the trusted user circle and are generated dynamically for a given circle policy context (CPC). The CPC is an identifier that represents a group of members of a trusted user circle. It changes whenever any member of the trusted user circle leave it, when a new trusted user circle is created or when the DPCK expires after a pre-determined period of time.

公开(公告)号：US09473380B1

公开(公告)日：2016-10-18

申请号：US13917535

申请日：2013-06-13

申请人： Narus, Inc.

发明人： Ignacio Bermudez ,  Marios Iliofotou ,  Marco Mellia ,  Ram Keralapura ,  Maurizio Matteo Munafo

IPC分类号： H04L12/26 ,  G06K9/62 ,  G06F17/30 ,  G06N99/00 ,  G06F9/45

CPC分类号： H04L43/18 ,  G06F8/53 ,  G06F17/30861 ,  G06F17/30867 ,  G06F17/30908 ,  G06K9/6256 ,  G06N99/005 ,  H04L41/142 ,  H04L51/34 ,  H04L69/00

摘要： A method for analyzing a binary-based application protocol of a network. The method includes obtaining conversations from the network, extracting content of a candidate field from a message in each conversation, calculating a randomness measure of the content to represent a level of randomness of the content across all conversation, calculating a correlation measure of the content to represent a level of correlation, across all of conversations, between the content and an attribute of a corresponding conversation where the message containing the candidate field is located, and selecting, based on the randomness measure and the correlation measure, and using a pre-determined field selection criterion, the candidate offset from a set of candidate offsets as the offset defined by the protocol.

摘要翻译： 一种用于分析网络的基于二进制的应用协议的方法。 该方法包括从网络获取对话，从每个对话中的消息中提取候选字段的内容，计算内容的随机性度量，以表示所有对话内容的随机性水平，计算内容的相关性度量 表示在包含候选字段的消息所在的对应对话的内容和属性之间的所有会话中的相关级别，并且基于随机性度量和相关性度量来选择并使用预定的 场选择标准，作为由协议定义的偏移的候选偏移集合的候选偏移量。

公开(公告)号：US10237151B2

公开(公告)日：2019-03-19

申请号：US15694481

申请日：2017-09-01

申请人： Narus, Inc.

发明人： Mario Baldi ,  Yong Liao ,  Amedeo Sapio

IPC分类号： G06F15/173 ,  H04L12/26 ,  H04L29/12

摘要： A method for profiling network traffic. The method includes capturing, from the network traffic using a packet capturing device, a plurality of packets, identifying a first portion of the plurality of packets as a first flow based at least on a common Internet Protocol (IP) address assigned to each packet of the first flow by a network address translation (NAT) device, extracting, by a hardware processor separate from the NAT device and based on an NAT profile of the NAT device, a first data item from the first flow, wherein the first data item is inserted into the first flow by the NAT device for identifying a first host device coupled to the NAT device, and determining, by the hardware processor based on the first data item, that the first flow is generated by the first host device.