公开(公告)号：US08699343B2

公开(公告)日：2014-04-15

申请号：US12430708

申请日：2009-04-27

申请人： Ahmed Abdelal ,  Wassim Matragi ,  Nui Chan ,  Shaun Jaikarran Bharrat

发明人： Ahmed Abdelal ,  Wassim Matragi ,  Nui Chan ,  Shaun Jaikarran Bharrat

IPC分类号： H04L12/26

CPC分类号： H04L65/4092 ,  H04L47/263 ,  H04L47/28 ,  H04L67/1002 ,  Y02D50/10

摘要： Described are methods and apparatuses, including computer program products, for limiting server overload via client control. A first set of a plurality of requests are transmitted to a server at a first transmission rate during a first period of time. The first transmission rate is limited to be less than or equal to a first transmission limit rate. An overload value is determined based on whether at least two or more requests of the first set of requests for service satisfy an overload criterion. A second transmission limit rate is determined based on the overload value and the first transmission limit rate. A second set of a plurality of requests is transmitted to the server at a second transmission rate during a second period of time. The second transmission rate is limited to be less than or equal to the second transmission limit rate.

摘要翻译： 描述了通过客户端控制来限制服务器过载的方法和装置，包括计算机程序产品。 第一组多个请求在第一时间段期间以第一传输速率被发送到服务器。 第一传输速率被限制为小于或等于第一传输限制速率。 基于第一组服务请求的至少两个以上的请求是否满足过载标准来确定过载值。 基于过载值和第一传输限制速率确定第二传输限制速率。 第二组多个请求在第二时间段期间以第二传输速率被发送到服务器。 第二传输速率被限制为小于或等于第二传输限制速率。

公开(公告)号：US20110202645A1

公开(公告)日：2011-08-18

申请号：US12705236

申请日：2010-02-12

申请人： Ahmed Mohamed Abdelal ,  Wassim Matragi ,  Jeff Wall

发明人： Ahmed Mohamed Abdelal ,  Wassim Matragi ,  Jeff Wall

IPC分类号： G06F15/173 ,  G06F17/30

CPC分类号： G06F11/3688 ,  H04L43/10 ,  H04L43/12 ,  H04L43/50

摘要： Described are computer-based methods and apparatuses, including computer program products, for testing network elements in a communication network. A record file is received, comprising one or more record file elements, each record file element including data indicative of a request received by a network element in a network during normal operation. A virtual client is created for each of one or more identified sources. One or more regenerated requests are generated, each of the one or more regenerated requests being generated based on data in a corresponding record file element from the one or more record file elements. For each of the one or more regenerated requests, the virtual client associated with the regenerated request transmits the regenerated request to a subject network element to test the subject network element, wherein the one or more regenerated requests simulate requests received by the network element during normal operation.

摘要翻译： 描述了用于测试通信网络中的网络元件的基于计算机的方法和装置，包括计算机程序产品。 接收到包括一个或多个记录文件元素的记录文件，每个记录文件元素包括在正常操作期间由网络中的网络元件接收的指示请求的数据。 为一个或多个识别的源中的每一个创建虚拟客户端。 生成一个或多个再生请求，一个或多个再生请求中的每一个基于来自一个或多个记录文件元素的相应记录文件元素中的数据生成。 对于所述一个或多个再生请求中的每一个，与再生请求相关联的虚拟客户端将重新生成的请求发送到主题网络元件以测试该主题网络元件，其中一个或多个再生请求模拟网络元件在正常期间接收到的请求 操作。

公开(公告)号：US08719930B2

公开(公告)日：2014-05-06

申请号：US13271928

申请日：2011-10-12

申请人： David Lapsley ,  Wassim Matragi ,  Miri Mansur ,  Jonathan Klotzbach ,  Ti-yuan Dean Shu ,  Sri Chary ,  Joby Joseph ,  Mark Topham ,  Kenneth Dumble

发明人： David Lapsley ,  Wassim Matragi ,  Miri Mansur ,  Jonathan Klotzbach ,  Ti-yuan Dean Shu ,  Sri Chary ,  Joby Joseph ,  Mark Topham ,  Kenneth Dumble

IPC分类号： G08B23/00

CPC分类号： H04L63/1416 ,  H04L63/08 ,  H04L63/1441

摘要： The invention features systems and methods for detecting and mitigating network attacks in a Voice-Over-IP (VoIP) network. A server is configured to receive information related to a mitigation action for a call. The information can include a complexity level for administering an audio challenge-response test to the call and an identification of the call. The server also generates i) a routing label based on the identification of the call, and ii) a script defining a plurality of variables that store identifications of a plurality of altered sound files for the audio challenge-response test. Each altered sound file is randomly selected by the server subject to one or more constraints associated with the complexity level. The server is further configured to transmit the script to a guardian module and the routing label to a gateway.

摘要翻译： 本发明的特征在于用于检测和减轻IP语音（VoIP）网络中的网络攻击的系统和方法。 服务器被配置为接收与呼叫的缓解动作相关的信息。 信息可以包括用于对呼叫管理音频挑战 - 响应测试和呼叫的标识的复杂度级别。 服务器还基于呼叫的识别生成i）路由标签，以及ii）定义多个变量的脚本，其存储用于音频挑战 - 响应测试的多个改变的声音文件的标识。 每个改变的声音文件由服务器随机选择，其受到与复杂度级别相关联的一个或多个约束。 服务器还被配置为将脚本发送到监护人模块，并将路由标签发送到网关。

公开(公告)号：US20100271947A1

公开(公告)日：2010-10-28

申请号：US12430708

申请日：2009-04-27

申请人： Ahmed Abdelal ,  Wassim Matragi ,  Nui Chan ,  Shuan Jaikarran Bharrat

发明人： Ahmed Abdelal ,  Wassim Matragi ,  Nui Chan ,  Shuan Jaikarran Bharrat

IPC分类号： G08C15/00

CPC分类号： H04L65/4092 ,  H04L47/263 ,  H04L47/28 ,  H04L67/1002 ,  Y02D50/10

摘要： Described are methods and apparatuses, including computer program products, for limiting server overload via client control. A first set of a plurality of requests are transmitted to a server at a first transmission rate during a first period of time. The first transmission rate is limited to be less than or equal to a first transmission limit rate. An overload value is determined based on whether at least two or more requests of the first set of requests for service satisfy an overload criterion. A second transmission limit rate is determined based on the overload value and the first transmission limit rate. A second set of a plurality of requests is transmitted to the server at a second transmission rate during a second period of time. The second transmission rate is limited to be less than or equal to the second transmission limit rate.

摘要翻译： 描述了通过客户端控制来限制服务器过载的方法和装置，包括计算机程序产品。 第一组多个请求在第一时间段期间以第一传输速率被发送到服务器。 第一传输速率被限制为小于或等于第一传输限制速率。 基于第一组服务请求的至少两个以上的请求是否满足过载标准来确定过载值。 基于过载值和第一传输限制速率确定第二传输限制速率。 第二组多个请求在第二时间段期间以第二传输速率被发送到服务器。 第二传输速率被限制为小于或等于第二传输限制速率。

公开(公告)号：US20060072593A1

公开(公告)日：2006-04-06

申请号：US11238682

申请日：2005-09-29

申请人： Ronald Grippo ,  Kenneth St. Hilaire ,  Fardad Farahmand ,  Wassim Matragi ,  Sunil Menon ,  James Pasco-Anderson ,  Glenn Stewart ,  William Templeton

发明人： Ronald Grippo ,  Kenneth St. Hilaire ,  Fardad Farahmand ,  Wassim Matragi ,  Sunil Menon ,  James Pasco-Anderson ,  Glenn Stewart ,  William Templeton

IPC分类号： H04L12/56

CPC分类号： H04L65/104 ,  H04L12/66 ,  H04L29/06027 ,  H04L41/08 ,  H04L41/0813 ,  H04L41/0836 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/22 ,  H04L41/5012 ,  H04L41/5032 ,  H04L41/5087 ,  H04L43/08 ,  H04L43/0829 ,  H04L45/22 ,  H04L45/245 ,  H04L45/28 ,  H04L47/10 ,  H04L47/15 ,  H04L47/2416 ,  H04L47/2441 ,  H04L47/41 ,  H04L47/70 ,  H04L47/724 ,  H04L47/801 ,  H04L47/822 ,  H04L47/825 ,  H04L47/828 ,  H04L49/606 ,  H04L65/103 ,  H04L65/1043 ,  H04L2012/5663 ,  H04L2012/5671 ,  H04L2012/6443 ,  H04M7/1205 ,  H04M7/1245 ,  Y02D50/30

摘要： Described are methods and apparatus, including computer program products, for controlling time-sensitive data in a packet-based network. Data associated with a call is received, and the data includes an identifier associated with the data, a data source, or one or more data destinations. The data is associated with a logical trunk group selected from a plurality of logical trunk groups each in communication with the one or more data destinations over a packet-based network. The logical trunk group is selected based in part on the identifier. Calls through the packet-based network are managed based in part on the associated logical trunk group.

公开(公告)号：US08341265B2

公开(公告)日：2012-12-25

申请号：US12351727

申请日：2009-01-09

申请人： Ahmed Abdelal ,  Wassim Matragi ,  Oliver C. Ibe ,  Rohinton Gonda

发明人： Ahmed Abdelal ,  Wassim Matragi ,  Oliver C. Ibe ,  Rohinton Gonda

IPC分类号： G06F15/173

CPC分类号： H04L12/66

摘要： Described are methods and apparatuses, including computer program products, for controlling server resources. An occupancy value of a buffer and a first utilization value of a first processor are measured. The buffer is configured to store one or more requests for service from at least a first client. The first processor is configured to receive and process the one or more requests from the buffer. A buffer size value is determined based on a processor throughput calculation, and a first service request limit for the first client is determined based on the occupancy value, the first utilization value, and the buffer size value.

摘要翻译： 描述了用于控制服务器资源的方法和装置，包括计算机程序产品。 测量缓冲器的占用值和第一处理器的第一使用值。 缓冲器被配置为存储来自至少第一客户端的服务的一个或多个请求。 第一处理器被配置为从缓冲器接收和处理一个或多个请求。 基于处理器吞吐量计算确定缓冲器大小值，并且基于占用值，第一利用值和缓冲器大小值来确定第一客户端的第一服务请求限制。

公开(公告)号：US07602710B2

公开(公告)日：2009-10-13

申请号：US11238682

申请日：2005-09-29

申请人： Ronald V. Grippo ,  Kenneth R. St. Hilaire ,  Fardad Farahmand ,  Wassim Matragi ,  Sunil K. Menon ,  James A. Pasco-Anderson ,  Glenn W. Stewart ,  William C. Templeton

发明人： Ronald V. Grippo ,  Kenneth R. St. Hilaire ,  Fardad Farahmand ,  Wassim Matragi ,  Sunil K. Menon ,  James A. Pasco-Anderson ,  Glenn W. Stewart ,  William C. Templeton

IPC分类号： G01R31/08

CPC分类号： H04L65/104 ,  H04L12/66 ,  H04L29/06027 ,  H04L41/08 ,  H04L41/0813 ,  H04L41/0836 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/22 ,  H04L41/5012 ,  H04L41/5032 ,  H04L41/5087 ,  H04L43/08 ,  H04L43/0829 ,  H04L45/22 ,  H04L45/245 ,  H04L45/28 ,  H04L47/10 ,  H04L47/15 ,  H04L47/2416 ,  H04L47/2441 ,  H04L47/41 ,  H04L47/70 ,  H04L47/724 ,  H04L47/801 ,  H04L47/822 ,  H04L47/825 ,  H04L47/828 ,  H04L49/606 ,  H04L65/103 ,  H04L65/1043 ,  H04L2012/5663 ,  H04L2012/5671 ,  H04L2012/6443 ,  H04M7/1205 ,  H04M7/1245 ,  Y02D50/30

摘要： Described are methods and apparatus, including computer program products, for controlling time-sensitive data in a packet-based network. Data associated with a call is received, and the data includes an identifier associated with the data, a data source, or one or more data destinations. The data is associated with a logical trunk group selected from a plurality of logical trunk groups each in communication with the one or more data destinations over a packet-based network. The logical trunk group is selected based in part on the identifier. Calls through the packet-based network are managed based in part on the associated logical trunk group.

摘要翻译： 描述了用于控制基于分组的网络中的时间敏感数据的方法和装置，包括计算机程序产品。 接收与呼叫相关联的数据，并且数据包括与数据，数据源或一个或多个数据目的地相关联的标识符。 数据与从多个逻辑中继线群组中选择的逻辑中继线群相关联，每个逻辑干线群组通过基于分组的网络与一个或多个数据目的地通信。 部分基于标识符选择逻辑中继线组。 部分基于相关联的逻辑中继组来管理基于分组的网络的呼叫。

公开(公告)号：US20060072554A1

公开(公告)日：2006-04-06

申请号：US11238639

申请日：2005-09-29

申请人： Fardad Farahmand ,  Ronald Grippo ,  Kenneth St. Hilaire ,  Wassim Matragi ,  Sunil Menon ,  James Pasco-Anderson ,  Glenn Stewart ,  William Templeton

发明人： Fardad Farahmand ,  Ronald Grippo ,  Kenneth St. Hilaire ,  Wassim Matragi ,  Sunil Menon ,  James Pasco-Anderson ,  Glenn Stewart ,  William Templeton

IPC分类号： H04L12/66

CPC分类号： H04L65/104 ,  H04L12/66 ,  H04L29/06027 ,  H04L41/08 ,  H04L41/0813 ,  H04L41/0836 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/22 ,  H04L41/5012 ,  H04L41/5032 ,  H04L41/5087 ,  H04L43/08 ,  H04L43/0829 ,  H04L45/22 ,  H04L45/245 ,  H04L45/28 ,  H04L47/10 ,  H04L47/15 ,  H04L47/2416 ,  H04L47/2441 ,  H04L47/41 ,  H04L47/70 ,  H04L47/724 ,  H04L47/801 ,  H04L47/822 ,  H04L47/825 ,  H04L47/828 ,  H04L49/606 ,  H04L65/103 ,  H04L65/1043 ,  H04L2012/5663 ,  H04L2012/5671 ,  H04L2012/6443 ,  H04M7/1205 ,  H04M7/1245 ,  Y02D50/30

摘要： Described are methods and apparatus, including computer program products, for hierarchically organizing logical trunk groups in a packet-based network. A first hierarchical group includes a first logical trunk group that is associated with a first trunk resource parameter. The first hierarchical group is associated with a group resource parameter, a portion of which is based on the trunk resource parameter. Data associated with a telephone call is associated with a logical trunk group. Transmission of the data through a packet-based network is based in part on the group resource parameter.

摘要翻译： 描述了用于在基于分组的网络中分级组织逻辑中继群的方法和装置，包括计算机程序产品。 第一分层组包括与第一中继资源参数相关联的第一逻辑中继组。 第一层次组与组资源参数相关联，其一部分基于trunk资源参数。 与电话呼叫相关联的数据与逻辑中继线群组相关联。 通过基于分组的网络传输数据部分地基于组资源参数。

公开(公告)号：US20120090028A1

公开(公告)日：2012-04-12

申请号：US13271928

申请日：2011-10-12

申请人： David Lapsley ,  Wassim Matragi ,  Miri Mansur ,  Jonathan Klotzbach ,  Ti-yuan Dean Shu ,  Sri Chary ,  Joby Joseph ,  Mark Topham ,  Kenneth Dumble

发明人： David Lapsley ,  Wassim Matragi ,  Miri Mansur ,  Jonathan Klotzbach ,  Ti-yuan Dean Shu ,  Sri Chary ,  Joby Joseph ,  Mark Topham ,  Kenneth Dumble

IPC分类号： G06F21/00 ,  G10L21/00

CPC分类号： H04L63/1416 ,  H04L63/08 ,  H04L63/1441

摘要： The invention features systems and methods for detecting and mitigating network attacks in a Voice-Over-IP (VoIP) network. A server is configured to receive information related to a mitigation action for a call. The information can include a complexity level for administering an audio challenge-response test to the call and an identification of the call. The server also generates i) a routing label based on the identification of the call, and ii) a script defining a plurality of variables that store identifications of a plurality of altered sound files for the audio challenge-response test. Each altered sound file is randomly selected by the server subject to one or more constraints associated with the complexity level. The server is further configured to transmit the script to a guardian module and the routing label to a gateway.

摘要翻译： 本发明的特征在于用于检测和减轻IP语音（VoIP）网络中的网络攻击的系统和方法。 服务器被配置为接收与呼叫的缓解动作相关的信息。 信息可以包括用于对呼叫管理音频挑战 - 响应测试和呼叫的标识的复杂度级别。 服务器还基于呼叫的识别生成i）路由标签，以及ii）定义多个变量的脚本，其存储用于音频挑战 - 响应测试的多个改变的声音文件的标识。 每个改变的声音文件由服务器随机选择，其受到与复杂度级别相关联的一个或多个约束。 服务器还被配置为将脚本发送到监护人模块，并将路由标签发送到网关。

公开(公告)号：US20100274893A1

公开(公告)日：2010-10-28

申请号：US12696523

申请日：2010-01-29

申请人： Ahmed Abdelal ,  Wassim Matragi ,  David Ee Kwung Lapsley

发明人： Ahmed Abdelal ,  Wassim Matragi ,  David Ee Kwung Lapsley

IPC分类号： G06F15/173

CPC分类号： H04L47/10 ,  H04L29/0602 ,  H04L47/12 ,  H04L47/17 ,  H04L47/18 ,  H04L47/263 ,  H04L47/822 ,  H04L67/1008 ,  H04L67/1029 ,  Y02D50/10

摘要： Computer-based methods and apparatuses, including computer program products, are described for detecting and limiting focused server overload in a network. A feedback message is received from a downstream server, wherein the feedback message includes a communication protocol statistic. The methods and apparatuses determine which of one or more counters that store a number of feedback messages received that include the statistic, from an array of counters, are associated with the downstream server using one or more hash functions based on information included in the feedback message. The one or more counters are incremented in response to the feedback message including the statistic. Using the one or more hash functions, a value of the number stored in the one or more counters is determined. The value is determined to be indicative of an overload episode in the network for the downstream server based on whether the value satisfies a predetermined criteria.

摘要翻译： 描述了基于计算机的方法和设备，包括计算机程序产品，用于检测和限制网络中的重点服务器超载。 从下游服务器接收到反馈消息，其中反馈消息包括通信协议统计量。 方法和装置根据包括在反馈消息中的信息，确定使用一个或多个散列函数，从计数器阵列存储接收到的包含统计信息的多个反馈消息的一个或多个计数器中的哪一个与下游服务器相关联 。 一个或多个计数器响应于包括统计量的反馈消息递增。 使用一个或多个散列函数，确定存储在一个或多个计数器中的数字的值。 该值被确定为基于该值是否满足预定标准来指示用于下游服务器的网络中的过载事件。