公开(公告)号：US10142160B1

公开(公告)日：2018-11-27

申请号：US13252966

申请日：2011-10-04

申请人： Robert Edward Adams ,  Daniel E. Talayco ,  Mandeep Singh Dhami ,  Shudong Zhou ,  Kanzhe Jiang ,  Guido Appenzeller

发明人： Robert Edward Adams ,  Daniel E. Talayco ,  Mandeep Singh Dhami ,  Shudong Zhou ,  Kanzhe Jiang ,  Guido Appenzeller

IPC分类号： H04L12/24

摘要： A controller may fulfill hardware address requests that are sent by source end hosts in a network to discover hardware addresses of destination end hosts. The controller may use network topology information to determine how to process the hardware address requests. The controller may retrieve a requested hardware address from a database of end hosts. If the controller is able to retrieve the hardware address of a destination end host from the database of end hosts, the controller may provide the source end host with a reply packet that contains the requested hardware address. If the controller is unable to retrieve the requested hardware address, the controller may form request packets to discover the address of the second end host and/or to discover a packet forwarding path between the source end host and the destination end host.

公开(公告)号：US20100077482A1

公开(公告)日：2010-03-25

申请号：US12236421

申请日：2008-09-23

申请人： Robert Edward Adams

发明人： Robert Edward Adams

IPC分类号： G06F21/00

CPC分类号： G06F21/564

摘要： A method and system for scanning electronic data for predetermined data patterns is described. One embodiment reads the electronic data serially; consults, during the reading, an acceleration list, the acceleration list specifying one or more sections of the electronic data that are to be scanned for the predetermined data patterns, at least one predetermined data pattern being applicable to each of the one or more sections based, at least in part, on a predetermined data address range associated with the at least one predetermined data pattern lying within that section of the electronic data, the predetermined address range specifying a location of a potential occurrence, within the electronic data, of the at least one predetermined data pattern; scans for predetermined data patterns, during the reading, only the one or more sections of the electronic data specified in the acceleration list; and reports results of the scanning to a user.

摘要翻译： 描述了用于扫描预定数据模式的电子数据的方法和系统。 一个实施例串行读取电子数据; 在读取期间参考加速表，加速表，其中指定要针对预定数据模式扫描的电子数据的一个或多个部分，至少一个预定数据模式适用于一个或多个部分中的每个部分 ，至少部分地在与所述电子数据的所述部分内的所述至少一个预定数据模式相关联的预定数据地址范围上，所述预定地址范围指定所述电子数据内的所述电子数据中的潜在发生的位置 至少一个预定数据模式; 在读取期间仅扫描在加速表中指定的电子数据的一个或多个部分的预定数据模式; 并向用户报告扫描的结果。

公开(公告)号：US20100077476A1

公开(公告)日：2010-03-25

申请号：US12236419

申请日：2008-09-23

申请人： Robert Edward Adams

发明人： Robert Edward Adams

IPC分类号： G06F12/14

CPC分类号： G06F21/566 ,  H04L63/145

摘要： A method and apparatus for detecting malware in network traffic is described. One embodiment executes, in an emulation environment, an executable file as it is being received serially over a network, execution beginning once a block of data including an entry point of the executable file has been received, execution halting whenever an instruction in the executable file references data not yet received and resuming once the data not yet received has been received, execution ceasing upon satisfaction of a termination condition; examining the emulation environment for indications that the executable file includes malware; and taking corrective action responsive to the results of examining the emulation environment for indications that the executable file includes malware.

摘要翻译： 描述了用于检测网络流量中的恶意软件的方法和装置。 一个实施例在仿真环境中执行可执行文件，因为它是通过网络串行接收的，一旦一个包含可执行文件的入口点的数据块已经被接收，就执行一次执行，每当执行可执行文件中的指令时执行停止 一旦尚未接收到尚未收到的数据，就引用尚未收到的数据和恢复的数据;执行在满足终止条件时停止; 检查仿真环境，指示可执行文件包括恶意软件; 并根据检查仿真环境的结果采取纠正措施，以指示可执行文件包含恶意软件。

公开(公告)号：US20130070762A1

公开(公告)日：2013-03-21

申请号：US13237806

申请日：2011-09-20

申请人： Robert Edward Adams ,  Mandeep Singh Dhami ,  Daniel E. Talayco ,  Guido Appenzeller ,  R. Kyle Forster

发明人： Robert Edward Adams ,  Mandeep Singh Dhami ,  Daniel E. Talayco ,  Guido Appenzeller ,  R. Kyle Forster

IPC分类号： H04L12/56

CPC分类号： H04L49/70 ,  H04L41/0893

摘要： A network may include network switches with network switch ports that may be coupled to end hosts. The network switches may be controlled by a controller such as a controller server. Virtual switches may be formed using the controller from groups of the network switch ports and the end hosts. Each virtual switch may include virtual interfaces associated with end hosts or network switches. Virtual links may be formed that define network connections between the virtual interfaces and end hosts or between two virtual interfaces. Virtual network policies such as selective packet forwarding, packet dropping, packet redirection, packet modification, or packet logging may be implemented at selected virtual interfaces to control traffic through the communications network. The controller may translate the virtual network policies into network switch forwarding paths that satisfy the virtual network policies.

摘要翻译： 网络可以包括具有可以耦合到终端主机的网络交换机端口的网络交换机。 网络交换机可以由诸如控制器服务器的控制器来控制。 可以使用来自网络交换机端口和终端主机的组的控制器来形成虚拟交换机。 每个虚拟交换机可以包括与终端主机或网络交换机相关联的虚拟接口。 可以形成虚拟链路，其定义虚拟接口和终端主机之间或两个虚拟接口之间的网络连接。 可以在所选择的虚拟接口处实现虚拟网络策略，例如选择性分组转发，丢包，分组重定向，分组修改或分组记录，以控制通过通信网络的业务。 控制器可将虚拟网络策略转换为满足虚拟网络策略的网络交换机转发路径。

公开(公告)号：US09331930B1

公开(公告)日：2016-05-03

申请号：US13603160

申请日：2012-09-04

申请人： Srinivasan Ramasubramanian ,  Kanzhe Jiang ,  Robert Edward Adams ,  Robert W. Sherwood ,  Subrata Banerjee

发明人： Srinivasan Ramasubramanian ,  Kanzhe Jiang ,  Robert Edward Adams ,  Robert W. Sherwood ,  Subrata Banerjee

IPC分类号： H04L12/715

CPC分类号： H04L41/12 ,  H04L45/04

摘要： A controller may be used to control client switches in a network that includes non-client switches. The controller may form client domains from groups of client switches that are separated by intervening non-client domains formed from non-client switches. The controller may determine a network domain topology from the client domains and non-client domains. The controller may determine a spanning tree that interconnects the nodes of the network domain topology. The controller may control client switches of the client domains to allow only network traffic between the client domains and the non-client domains along the spanning tree. The controller may use the network domain topology to generate inter-domain forwarding maps. The inter-domain forwarding maps may be used to determine network forwarding paths between end hosts in the network.

摘要翻译： 控制器可用于控制包括非客户端交换机的网络中的客户端交换机。 控制器可以从由非客户端交换机形成的介入的非客户端区隔开的客户端交换机组中形成客户端域。 控制器可以从客户端域和非客户端域确定网络域拓扑。 控制器可以确定互连网络拓扑的节点的生成树。 控制器可以控制客户端域的客户端交换机，以便只允许沿着生成树的客户端域和非客户端域之间的网络流量。 控制器可以使用网络域拓扑来生成域间转发映射。 域间转发映射可以用于确定网络中的终端主机之间的网络转发路径。

公开(公告)号：US09036636B1

公开(公告)日：2015-05-19

申请号：US13367256

申请日：2012-02-06

申请人： Robert W. Sherwood ,  Robert Edward Adams ,  Daniel E. Talayco ,  Omar Baldonado ,  Robert K. Vaterlaus

发明人： Robert W. Sherwood ,  Robert Edward Adams ,  Daniel E. Talayco ,  Omar Baldonado ,  Robert K. Vaterlaus

IPC分类号： H04L12/403 ,  H04L12/715 ,  H04L12/46

CPC分类号： H04L45/04 ,  H04L12/4633

摘要： A network of switches that forwards network packets between end hosts may be controlled by a controller. The controller may maintain information that identifies subsets of the end hosts that are associated with respective broadcast domains. The controller may use network topology information to determine which of the switches are coupled in a forwarding tree formed from network paths between the end hosts of a broadcast domain. The controller may be used to configure the switches with an identifier that identifies which broadcast domain is associated with each subset of end hosts. The controller may configure switches of a given forwarding tree that are coupled to end hosts of an associated broadcast domain to modify broadcast network packets received from the end hosts with the identifier and to forward the modified broadcast network packets along the forwarding tree exclusively to end hosts of the associated broadcast domain.

摘要翻译： 在终端主机之间转发网络分组的交换机网络可以由控制器控制。 控制器可以维护标识与相应广播域相关联的终端主机的子集的信息。 控制器可以使用网络拓扑信息来确定哪个交换机在由广播域的终端主机之间的网络路径形成的转发树中耦合。 控制器可以用于配置具有标识哪个广播域与终端主机的每个子集相关联的标识符的交换机。 控制器可以配置给定转发树的交换机，该转发树被耦合到相关联的广播域的终端主机，以修改从终端主机接收到的标识符的广播网络分组，并将修改的广播网络分组沿转发树转发到终端主机 的相关广播域。

公开(公告)号：US09185056B2

公开(公告)日：2015-11-10

申请号：US13237806

申请日：2011-09-20

申请人： Robert Edward Adams ,  Mandeep Singh Dhami ,  Daniel E. Talayco ,  Guido Appenzeller ,  R. Kyle Forster

发明人： Robert Edward Adams ,  Mandeep Singh Dhami ,  Daniel E. Talayco ,  Guido Appenzeller ,  R. Kyle Forster

IPC分类号： H04L12/28 ,  H04L12/931 ,  H04L12/24

CPC分类号： H04L49/70 ,  H04L41/0893

摘要： A network may include network switches with network switch ports that may be coupled to end hosts. The network switches may be controlled by a controller such as a controller server. Virtual switches may be formed using the controller from groups of the network switch ports and the end hosts. Each virtual switch may include virtual interfaces associated with end hosts or network switches. Virtual links may be formed that define network connections between the virtual interfaces and end hosts or between two virtual interfaces. Virtual network policies such as selective packet forwarding, packet dropping, packet redirection, packet modification, or packet logging may be implemented at selected virtual interfaces to control traffic through the communications network. The controller may translate the virtual network policies into network switch forwarding paths that satisfy the virtual network policies.

摘要翻译： 网络可以包括具有可以耦合到终端主机的网络交换机端口的网络交换机。 网络交换机可以由诸如控制器服务器的控制器来控制。 可以使用来自网络交换机端口和终端主机的组的控制器来形成虚拟交换机。 每个虚拟交换机可以包括与终端主机或网络交换机相关联的虚拟接口。 可以形成虚拟链路，其定义虚拟接口和终端主机之间或两个虚拟接口之间的网络连接。 可以在所选择的虚拟接口处实现虚拟网络策略，例如选择性分组转发，丢包，分组重定向，分组修改或分组记录，以控制通过通信网络的业务。 控制器可将虚拟网络策略转换为满足虚拟网络策略的网络交换机转发路径。

公开(公告)号：US08856384B2

公开(公告)日：2014-10-07

申请号：US13274157

申请日：2011-10-14

申请人： Kanzhe Jiang ,  Shudong Zhou ,  Robert Edward Adams ,  Mandeep Singh Dhami ,  Alexander Stafford David Reimers

发明人： Kanzhe Jiang ,  Shudong Zhou ,  Robert Edward Adams ,  Mandeep Singh Dhami ,  Alexander Stafford David Reimers

IPC分类号： G06F15/16 ,  H04L29/12 ,  H04L29/06

CPC分类号： H04L61/2528 ,  H04L29/12226 ,  H04L29/12283 ,  H04L29/12301 ,  H04L61/2015 ,  H04L61/2061 ,  H04L61/2076 ,  H04L69/22

摘要： A controller may help reduce network traffic that is associated with broadcasting of Dynamic Host Configuration Protocol (DHCP) packets by converting broadcast DHCP packets into unicast DHCP packets and forwarding the unicast DHCP packets to appropriate DHCP servers. The servers may be identified from a database of servers that is updated with DHCP server address information based on DHCP reply packets that are received by the controller from servers in the network. To convert DHCP request packets into unicast packets, the controller may modify address header fields of the packets such as Ethernet addresses and Internet Protocol (IP) addresses. The controller may forward the modified DHCP request packets to the server by providing packet forwarding rules such as flow table entries to the switches or by forwarding the modified DHCP request packets through the controller.

摘要翻译： 控制器可以通过将广播DHCP分组转换为单播DHCP分组并将单播DHCP分组转发到适当的DHCP服务器来帮助减少与广播动态主机配置协议（DHCP）分组相关联的网络流量。 服务器可以从基于DHCP控制器从网络中的服务器接收的DHCP应答分组的DHCP服务器地址信息更新的服务器的数据库中识别。 要将DHCP请求数据包转换为单播数据包，控制器可以修改数据包的地址头字段，例如以太网地址和Internet协议（IP）地址。 控制器可以通过向交换机提供流表条目等数据包转发规则，或者通过控制器转发修改的DHCP请求报文，将修改的DHCP请求报文转发给服务器。

公开(公告)号：US08693344B1

公开(公告)日：2014-04-08

申请号：US13246611

申请日：2011-09-27

申请人： Robert Edward Adams ,  Mandeep Singh Dhami ,  Robert W. Sherwood ,  Daniel E. Talayco ,  Shudong Zhou

发明人： Robert Edward Adams ,  Mandeep Singh Dhami ,  Robert W. Sherwood ,  Daniel E. Talayco ,  Shudong Zhou

IPC分类号： H04L12/26 ,  H04L12/28

CPC分类号： H04L49/65 ,  H04L41/0893

摘要： Network policies that control the flow of traffic through a network may be implemented using a controller server that controls a network of switches. Based on network packet attributes, the controller server may identify network policies that are associated with the network traffic. The controller server may identify dependencies between the network policies based on priorities that are associated with the network policies and overlap between the network policies. The controller server may provide the switches with packet forwarding rules based on the identified dependencies between the network policies, network switch attributes, and network switch capabilities. The packet forwarding rules may implement network policies for current network traffic and future network traffic.

摘要翻译： 控制通过网络流量的网络策略可以使用控制交换机网络的控制器服务器实现。 基于网络分组属性，控制器服务器可以识别与网络流量相关联的网络策略。 控制器服务器可以基于与网络策略相关联的优先级和网络策略之间的重叠来识别网络策略之间的依赖关系。 控制器服务器可以基于所确定的网络策略，网络交换机属性和网络交换机能力之间的相关性来为交换机提供分组转发规则。 分组转发规则可以实现当前网络流量和未来网络流量的网络策略。

公开(公告)号：US08370932B2

公开(公告)日：2013-02-05

申请号：US12236419

申请日：2008-09-23

申请人： Robert Edward Adams

发明人： Robert Edward Adams

IPC分类号： G06F7/04

CPC分类号： G06F21/566 ,  H04L63/145

摘要： A method and apparatus for detecting malware in network traffic is described. One embodiment executes, in an emulation environment, an executable file as it is being received serially over a network, execution beginning once a block of data including an entry point of the executable file has been received, execution halting whenever an instruction in the executable file references data not yet received and resuming once the data not yet received has been received, execution ceasing upon satisfaction of a termination condition; examining the emulation environment for indications that the executable file includes malware; and taking corrective action responsive to the results of examining the emulation environment for indications that the executable file includes malware.

摘要翻译： 描述了用于检测网络流量中的恶意软件的方法和装置。 一个实施例在仿真环境中执行可执行文件，因为它是通过网络串行接收的，一旦一个包含可执行文件的入口点的数据块已经被接收，就执行一次执行，每当执行可执行文件中的指令时执行停止 一旦尚未接收到尚未收到的数据，就引用尚未收到的数据和恢复的数据;执行在满足终止条件时停止; 检查仿真环境，指示可执行文件包括恶意软件; 并根据检查仿真环境的结果采取纠正措施，以指示可执行文件包含恶意软件。