公开(公告)号：US07975044B1

公开(公告)日：2011-07-05

申请号：US11317256

申请日：2005-12-27

Applicant: Oliver Spatscheck ,  Subhabrata Sen ,  Jacobus E. Van der Merwe ,  Patrick McDaniel

Inventor： Oliver Spatscheck ,  Subhabrata Sen ,  Jacobus E. Van der Merwe ,  Patrick McDaniel

IPC: G06F15/173

CPC classification number: G06F9/54 ,  H04L43/00 ,  H04L43/026 ,  H04L69/326

Abstract: Provided are methods for partitioning communication data in a network and disambiguating fixed or non-ephemeral communication data from ephemeral communication data and services. In one example, kmeans data clustering is used to partition or cluster server ports based on a location of the server ports in a 2-dimensional space. The location of the server ports may be based on a number of connections per server port and the number of servers using that port.

Abstract translation: 提供了用于分割网络中的通信数据并且从短暂通信数据和服务中消除固定或非短暂通信数据的方法。 在一个示例中，kmeans数据集群用于基于二维空间中的服务器端口的位置对服务器端口进行分区或集群。 服务器端口的位置可以基于每个服务器端口的多个连接以及使用该端口的服务器数量。

公开(公告)号：US20060190998A1

公开(公告)日：2006-08-24

申请号：US11290976

申请日：2005-11-30

Applicant: William Aiello ,  Charles Kalmanek ,  William Leighton ,  Patrick McDaniel ,  Subhabrata Sen ,  Oliver Spatscheck ,  Jacobus Van der Merwe

Inventor： William Aiello ,  Charles Kalmanek ,  William Leighton ,  Patrick McDaniel ,  Subhabrata Sen ,  Oliver Spatscheck ,  Jacobus Van der Merwe

IPC: G06F15/16

CPC classification number: H04W28/00 ,  H04L43/16 ,  H04L63/0236 ,  H04L63/0254 ,  H04L63/0263 ,  H04L63/029

Abstract: A reverse firewall for removing undesirable traffic from a computing network, such as a virtual private network (VPN), is disclosed. The reverse firewall uses firewall rules that may be determined and maintained within the enterprise network to control communication sent between computers in the computing network. The reverse firewall rules may be used to identify the communications between computers in the network that are undesirable and/or intrusive. For example, a computer in a network that is infected with a worm or that is surreptitiously hosting a denial-of-service attack may be identified by the reverse firewall and quarantined. The reverse firewall may be implemented in hardware and/or software.

Abstract translation: 公开了用于从诸如虚拟专用网（VPN）的计算网络去除不期望的业务的反向防火墙。 反向防火墙使用可以在企业网络内确定和维护的防火墙规则来控制计算网络中计算机之间发送的通信。 反向防火墙规则可用于识别网络中不希望的和/或侵入的计算机之间的通信。 例如，网络中受感染蠕虫或暗中托管拒绝服务攻击的计算机可能由反向防火墙识别，并被隔离。 反向防火墙可以在硬件和/或软件中实现。

公开(公告)号：US20100198959A1

公开(公告)日：2010-08-05

申请号：US11275083

申请日：2005-12-08

Applicant: Patrick McDaniel ,  Subhabrata Sen ,  Oliver Spatschek ,  Jacobus E. Van de Merwe

Inventor： Patrick McDaniel ,  Subhabrata Sen ,  Oliver Spatschek ,  Jacobus E. Van de Merwe

IPC: G06F15/173 ,  G06F15/16

CPC classification number: H04L63/14 ,  H04L63/102 ,  H04L67/306

Abstract: The current invention relates to a system and method for tracking or locating a target entity on a data network, such as the public Internet, by analyzing network traffic and communication among interacting network nodes. The invention describes a system of creating an information set of data related to the traffic patterns associated with a specific entity over a time period, and comparing the information set to other information related to the traffic patterns associated with a group of entities over the same time period. By excluding information that is common to both the specific entity and the group of entities from the information set, the information set is left with only the information that helps identify the specific entity on the network.

Abstract translation: 本发明涉及一种用于通过分析网络流量和交互网络节点之间的通信来跟踪或定位数据网络（例如公共因特网）上的目标实体的系统和方法。 本发明描述了一种在一段时间内创建与特定实体相关联的流量模式的数据信息集合的系统，并且将信息集与同一时间内与一组实体相关联的流量模式相关的其他信息进行比较 期。 通过从信息集中排除特定实体和实体组共同的信息，信息集只剩下有助于识别网络上特定实体的信息。

公开(公告)号：US08453227B2

公开(公告)日：2013-05-28

申请号：US11616325

申请日：2006-12-27

Applicant: William A. Aiello ,  Charles Robert Kalmanek, Jr. ,  William J. Leighton, III ,  Patrick McDaniel ,  Subhabrata Sen ,  Oliver Spatscheck ,  Jacobus E. Van Der Merwe

Inventor： William A. Aiello ,  Charles Robert Kalmanek, Jr. ,  William J. Leighton, III ,  Patrick McDaniel ,  Subhabrata Sen ,  Oliver Spatscheck ,  Jacobus E. Van Der Merwe

IPC: H04L29/06

CPC classification number: H04W28/00 ,  H04L43/16 ,  H04L63/0236 ,  H04L63/0254 ,  H04L63/0263 ,  H04L63/029

Abstract: An application provisioning device may be used to manage a profile of a host and provide data corresponding to a selected application for installation at a host. A reverse firewall may use the profile of the host to determine whether to allow or block particular network communication from an application running on the host. An indication of a selected application may be received at the application provisioning device. Configuration information may also be received at the application provisioning device. The application provisioning server may request an update to the profile of a host and transmit such a request. The profile may be updated to reflect the configuration information and/or information of the selected application. Data corresponding to the selected application may be updated and transmitted to a host computer, where it may be installed. Therefore, the installed application running on the host may operate without being prematurely blocked by the reverse firewall.

Abstract translation: 应用配置设备可以用于管理主机的配置文件，并且提供与所选择的应用相对应的数据以在主机上安装。 反向防火墙可以使用主机的简档来确定是否允许或阻止来自在主机上运行的应用的特定网络通信。 可以在应用供应设备处接收所选择的应用的指示。 还可以在应用配置设备处接收配置信息。 应用供应服务器可以请求对主机的配置文件的更新并传送这样的请求。 可以更新配置文件以反映所选择的应用的配置信息和/或信息。 与所选择的应用相对应的数据可以被更新并发送到可以安装在其上的主计算机。 因此，主机上运行的已安装应用程序可能会运行，而不会被反向防火墙过早阻止。

公开(公告)号：US08732293B2

公开(公告)日：2014-05-20

申请号：US11275083

申请日：2005-12-08

Applicant: Patrick McDaniel ,  Subhabrata Sen ,  Oliver Spatschek ,  Jacobus E. Van de Merwe

Inventor： Patrick McDaniel ,  Subhabrata Sen ,  Oliver Spatschek ,  Jacobus E. Van de Merwe

IPC: G06F15/173 ,  G06F11/00

CPC classification number: H04L63/14 ,  H04L63/102 ,  H04L67/306

Abstract: The current invention relates to a system and method for tracking or locating a target entity on a data network, such as the public Internet, by analyzing network traffic and communication among interacting network nodes. The invention describes a system of creating an information set of data related to the traffic patterns associated with a specific entity over a time period, and comparing the information set to other information related to the traffic patterns associated with a group of entities over the same time period. By excluding information that is common to both the specific entity and the group of entities from the information set, the information set is left with only the information that helps identify the specific entity on the network.

Abstract translation: 本发明涉及一种用于通过分析网络流量和交互网络节点之间的通信来跟踪或定位数据网络（例如公共因特网）上的目标实体的系统和方法。 本发明描述了一种在一段时间内创建与特定实体相关联的流量模式的数据信息集合的系统，并且将信息集与同一时间内与一组实体相关联的流量模式相关的其他信息进行比较 期。 通过从信息集中排除特定实体和实体组共同的信息，信息集只剩下有助于识别网络上特定实体的信息。

公开(公告)号：US20070204338A1

公开(公告)日：2007-08-30

申请号：US11616325

申请日：2006-12-27

Applicant: William Aiello ,  Charles Kalmanek ,  William Leighton ,  Patrick McDaniel ,  Subhabrata Sen ,  Oliver Spatscheck ,  Jacobus Van der Merwe

Inventor： William Aiello ,  Charles Kalmanek ,  William Leighton ,  Patrick McDaniel ,  Subhabrata Sen ,  Oliver Spatscheck ,  Jacobus Van der Merwe

IPC: G06F15/16

CPC classification number: H04W28/00 ,  H04L43/16 ,  H04L63/0236 ,  H04L63/0254 ,  H04L63/0263 ,  H04L63/029

Abstract: An application provisioning device may be used to manage a profile of a host and provide data corresponding to a selected application for installation at a host. A reverse firewall may use the profile of the host to determine whether to allow or block particular network communication from an application running on the host. An indication of a selected application may be received at the application provisioning device. Configuration information may also be received at the application provisioning device. The application provisioning server may request an update to the profile of a host and transmit such a request. The profile may be updated to reflect the configuration information and/or information of the selected application. Data corresponding to the selected application may be updated and transmitted to a host computer, where it may be installed. Therefore, the installed application running on the host may operate without being prematurely blocked by the reverse firewall.

Abstract translation: 应用配置设备可以用于管理主机的配置文件，并且提供与所选择的应用相对应的数据以在主机上安装。 反向防火墙可以使用主机的简档来确定是否允许或阻止来自在主机上运行的应用的特定网络通信。 可以在应用供应设备处接收所选择的应用的指示。 还可以在应用配置设备处接收配置信息。 应用供应服务器可以请求对主机的配置文件的更新并传送这样的请求。 可以更新配置文件以反映所选择的应用的配置信息和/或信息。 与所选择的应用相对应的数据可以被更新并发送到可以安装在其上的主计算机。 因此，主机上运行的已安装应用程序可能会运行，而不会被反向防火墙过早阻止。