公开(公告)号：US07031264B2

公开(公告)日：2006-04-18

申请号：US10459948

申请日：2003-06-12

申请人： Akshay Adhikari ,  Scott Vincent Bianco ,  Lorraine Denby ,  Colin L. Mallows ,  Jean Meloche ,  Balaji Rao ,  Shane M. Sullivan ,  Yehuda Vardi

发明人： Akshay Adhikari ,  Scott Vincent Bianco ,  Lorraine Denby ,  Colin L. Mallows ,  Jean Meloche ,  Balaji Rao ,  Shane M. Sullivan ,  Yehuda Vardi

IPC分类号： H04L12/56

CPC分类号： H04L43/12 ,  H04L43/0829 ,  H04L43/0835 ,  H04L43/0858 ,  H04L43/0864 ,  H04L43/087 ,  H04L43/106

摘要： Techniques are disclosed for improved monitoring and analysis of VoIP communications, multimedia communications or other types of network traffic in a network-based communication system. In accordance with one aspect of the invention, endpoint devices of the network-based communication system are configurable so as to collectively implement a distributed monitoring and analysis system which does not require a centralized testing server or other centralized controller. Distributed test units associated with the endpoint devices may be utilized in implementing the distributed monitoring and analysis system, and are preferably configured to support a web-based user interface providing access to measurement data. The endpoint devices may be advantageously organized into a hierarchy comprising a plurality of zones, with each of the endpoint devices belonging to at least one zone. For each zone, one of the endpoint devices may be designated as a zone leader for controlling the periodic generation of communications between selected endpoint devices that belong to subzones of that zone in the hierarchy.

摘要翻译： 公开了用于改进在基于网络的通信系统中的VoIP通信，多媒体通信或其他类型的网络业务的监视和分析的技术。 根据本发明的一个方面，基于网络的通信系统的端点设备是可配置的，以便集体实现不需要集中式测试服务器或其他集中控制器的分布式监控和分析系统。 与端点设备相关联的分布式测试单元可以用于实现分布式监控和分析系统，并且优选地被配置为支持提供对测量数据的访问的基于web的用户界面。 端点设备可以有利地被组织成包括多个区域的层次结构，其中每个端点设备属于至少一个区域。 对于每个区域，可以将端点设备中的一个指定为区域引导器，用于控制属于该层级中该区域的子区域的所选择的端点设备之间的通信的周期性生成。

公开(公告)号：US07924733B2

公开(公告)日：2011-04-12

申请号：US11536229

申请日：2006-09-28

申请人： Akshay Adhikari ,  Lorraine Denby ,  Colin L. Mallows ,  Jean Meloche ,  Balaji Rao

发明人： Akshay Adhikari ,  Lorraine Denby ,  Colin L. Mallows ,  Jean Meloche ,  Balaji Rao

IPC分类号： H04J1/16

CPC分类号： H04L43/00 ,  H04L41/0213 ,  H04L41/0631 ,  H04L41/0677 ,  H04L41/5003 ,  H04L41/5096 ,  H04L43/0829 ,  H04L43/0852 ,  H04L43/087 ,  H04L43/16

摘要： Performance problems or other conditions are analyzed in a system comprising a plurality of endpoint devices and an associated centralized or distributed controller. End-to-end measurements are obtained for respective paths through the network, for example, using communications between the endpoint devices. For a given end-to-end measurement obtained for a particular one of the paths, a value of a performance indicator for the path is determined and the performance indicator value is assigned to each of a plurality of links of the path. The determining and assigning operations are repeated for additional ones of the end-to-end measurements, the links are grouped into one or more exculpation or inculpation sets based on how many times a particular performance indicator value has been assigned to each of the links, and the one or more sets are utilized to determine, for example, the location of a performance problem in the network.

摘要翻译： 在包括多个端点设备和相关联的集中式或分布式控制器的系统中分析性能问题或其他条件。 通过网络获得针对相应路径的端到端测量，例如使用端点设备之间的通信。 对于针对特定路径获得的给定的端到端测量，确定路径的性能指示符的值，并且将性能指标值分配给路径的多个链路中的每一个。 针对附加的端到端测量重复确定和分配操作，基于特定的性能指标值被分配给每个链路多少次，将链路分组成一个或多个排除或者填充集合， 并且使用一个或多个集合来确定例如网络中的性能问题的位置。

公开(公告)号：US20080080376A1

公开(公告)日：2008-04-03

申请号：US11536229

申请日：2006-09-28

申请人： Akshay Adhikari ,  Lorraine Denby ,  Colin L. Mallows ,  Jean Meloche ,  Balaji Rao

发明人： Akshay Adhikari ,  Lorraine Denby ,  Colin L. Mallows ,  Jean Meloche ,  Balaji Rao

IPC分类号： H04L12/26

CPC分类号： H04L43/00 ,  H04L41/0213 ,  H04L41/0631 ,  H04L41/0677 ,  H04L41/5003 ,  H04L41/5096 ,  H04L43/0829 ,  H04L43/0852 ,  H04L43/087 ,  H04L43/16

摘要： Performance problems or other conditions are analyzed in a system comprising a plurality of endpoint devices and an associated centralized or distributed controller. End-to-end measurements are obtained for respective paths through the network, for example, using communications between the endpoint devices. For a given end-to-end measurement obtained for a particular one of the paths, a value of a performance indicator for the path is determined and the performance indicator value is assigned to each of a plurality of links of the path. The determining and assigning operations are repeated for additional ones of the end-to-end measurements, the links are grouped into one or more exculpation or inculpation sets based on how many times a particular performance indicator value has been assigned to each of the links, and the one or more sets are utilized to determine, for example, the location of a performance problem in the network.

摘要翻译： 在包括多个端点设备和相关联的集中式或分布式控制器的系统中分析性能问题或其他条件。 通过网络获得针对相应路径的端到端测量，例如使用端点设备之间的通信。 对于针对特定路径获得的给定的端到端测量，确定路径的性能指示符的值，并且将性能指标值分配给路径的多个链路中的每一个。 针对附加的端到端测量重复确定和分配操作，基于特定的性能指标值被分配给每个链路多少次，将链路分组成一个或多个排除或者填充集合， 并且使用一个或多个集合来确定例如网络中的性能问题的位置。

公开(公告)号：US07602728B2

公开(公告)日：2009-10-13

申请号：US10460700

申请日：2003-06-12

申请人： Akshay Adhikari ,  Lorraine Denby ,  Jean Meloche ,  Balaji Rao

发明人： Akshay Adhikari ,  Lorraine Denby ,  Jean Meloche ,  Balaji Rao

IPC分类号： H04L1/14

CPC分类号： H04L45/02 ,  H04L41/0213 ,  H04L41/12 ,  H04L41/22 ,  H04L45/20 ,  H04L45/26

摘要： Network topology information is determined in a network-based communication system by generating communications between, for example, selected pairs of endpoint devices each associated with a network. A given one of the communications is sent from a first one of the endpoint devices to a second one of the endpoint devices and returned from the second endpoint device to the first endpoint device. Information contained in the communication as received at the first endpoint device from the second endpoint device is processed to determine network topology information characterizing at least a portion of the network.

摘要翻译： 网络拓扑信息在基于网络的通信系统中通过生成例如与网络相关联的所选择的端点设备对之间的通信来确定。 通信中的给定一个从端点设备中的第一个发送到端点设备中的第二个终端设备，并从第二终端设备返回到第一终端设备。 对来自第二端点设备的在第一端点设备接收的通信中包含的信息进行处理，以确定表征网络的至少一部分的网络拓扑信息。

公开(公告)号：US07583667B2

公开(公告)日：2009-09-01

申请号：US11014546

申请日：2004-12-16

申请人： Akshay Adhikari ,  Amit Agarwal ,  Lorraine Denby ,  Russell C. Jones ,  Rod D. Livingood ,  Jean Meloche ,  Anupam Rai ,  Wayne Sam ,  John R. Tuck, Jr.

发明人： Akshay Adhikari ,  Amit Agarwal ,  Lorraine Denby ,  Russell C. Jones ,  Rod D. Livingood ,  Jean Meloche ,  Anupam Rai ,  Wayne Sam ,  John R. Tuck, Jr.

IPC分类号： H04L12/28 ,  H04L12/56

CPC分类号： H04L45/00 ,  H04L12/4633 ,  H04L12/4675 ,  H04L41/0677 ,  H04L41/145 ,  H04L43/10 ,  H04L43/50 ,  H04L45/20 ,  H04L45/26 ,  H04L69/22

摘要： Techniques for determining a problem location or otherwise characterizing a network comprising a plurality of processing elements, including at least one processing element associated with performance of a packet encapsulation operation of an encapsulation protocol. The packet encapsulation operation is performed on a test packet to generate an encapsulated packet, the test packet having a time to live (TTL) value and an identifier. In conjunction with performance of the packet encapsulation operation, the TTL value and the identifier of the test packet are copied to a header of the encapsulated packet. The encapsulated packet is transmitted, and a determination is made as to whether a reply packet has been received responsive to transmission of the encapsulated packet. The reply packet, if any, is processed to obtain information utilizable in determining the problem location or otherwise characterizing the network. By way of example, these operations may be repeated, for subsequent test packets with increasing TTL values, until an amount of router hop information sufficient to determine the problem location is obtained.

摘要翻译： 用于确定问题位置或以其他方式表征包括多个处理元件的网络的技术，包括与执行封装协议的分组封装操作相关联的至少一个处理元件。 在测试分组上执行分组封装操作以生成封装分组，测试分组具有生存时间（TTL）值和标识符。 结合分组封装操作的性能，将TTL值和测试分组的标识符复制到封装分组的报头。 发送封装的分组，并且确定响应于封装分组的传输是否已经接收到应答分组。 处理回复数据包（如果有的话）以获得可用于确定问题位置或以其他方式表征网络的信息。 作为示例，对于具有增加的TTL值的后续测试分组，可以重复这些操作，直到获得足以确定问题位置的路由器跳跃信息的量。

公开(公告)号：US20050207410A1

公开(公告)日：2005-09-22

申请号：US11014546

申请日：2004-12-16

申请人： Akshay Adhikari ,  Amit Agarwal ,  Lorraine Denby ,  Russell Jones ,  Rod Livingood ,  Jean Meloche ,  Anupam Rai ,  Wayne Sam ,  John Tuck

发明人： Akshay Adhikari ,  Amit Agarwal ,  Lorraine Denby ,  Russell Jones ,  Rod Livingood ,  Jean Meloche ,  Anupam Rai ,  Wayne Sam ,  John Tuck

IPC分类号： H04L12/24 ,  H04L12/26 ,  H04L12/46 ,  H04L12/56 ,  H04L29/06

CPC分类号： H04L45/00 ,  H04L12/4633 ,  H04L12/4675 ,  H04L41/0677 ,  H04L41/145 ,  H04L43/10 ,  H04L43/50 ,  H04L45/20 ,  H04L45/26 ,  H04L69/22

摘要： Techniques for determining a problem location or otherwise characterizing a network comprising a plurality of processing elements, including at least one processing element associated with performance of a packet encapsulation operation of an encapsulation protocol. The packet encapsulation operation is performed on a test packet to generate an encapsulated packet, the test packet having a time to live (TTL) value and an identifier. In conjunction with performance of the packet encapsulation operation, the TTL value and the identifier of the test packet are copied to a header of the encapsulated packet. The encapsulated packet is transmitted, and a determination is made as to whether a reply packet has been received responsive to transmission of the encapsulated packet. The reply packet, if any, is processed to obtain information utilizable in determining the problem location or otherwise characterizing the network. By way of example, these operations may be repeated, for subsequent test packets with increasing TTL values, until an amount of router hop information sufficient to determine the problem location is obtained.

摘要翻译： 用于确定问题位置或以其他方式表征包括多个处理元件的网络的技术，包括与执行封装协议的分组封装操作相关联的至少一个处理元件。 在测试分组上执行分组封装操作以生成封装分组，测试分组具有生存时间（TTL）值和标识符。 结合分组封装操作的性能，将TTL值和测试分组的标识符复制到封装分组的报头。 发送封装的分组，并且确定响应于封装分组的传输是否已经接收到应答分组。 处理回复数据包（如果有的话）以获得可用于确定问题位置或以其他方式表征网络的信息。 作为示例，对于具有增加的TTL值的后续测试分组，可以重复这些操作，直到获得足以确定问题位置的路由器跳跃信息的量。

公开(公告)号：US20090070874A1

公开(公告)日：2009-03-12

申请号：US11854437

申请日：2007-09-12

申请人： Sachin Garg ,  Navjot Singh ,  Akshay Adhikari ,  Yu-Sung Wu

发明人： Sachin Garg ,  Navjot Singh ,  Akshay Adhikari ,  Yu-Sung Wu

IPC分类号： G06F21/00

CPC分类号： H04L63/1416 ,  H04L63/0254

摘要： An apparatus and method are disclosed for detecting intrusions in Voice over Internet Protocol systems, without the use of an attack signature database. In particular, the illustrative embodiment is based on the observation that some VoIP-related protocols (e.g., the Session Initiation Protocol [SIP], etc.) are simple enough to be represented by a finite-state machine (FSM) of compact size. A finite-state machine is maintained for each session/node/protocol combination, and any illegal state or state transition—which might be the result of a malicious attack—is flagged as a potential intrusion.

摘要翻译： 公开了一种用于在不使用攻击特征数据库的情况下检测基于因特网协议语音的系统中的入侵的装置和方法。 特别地，说明性实施例基于一些VoIP相关协议（例如，会话发起协议[SIP]等）足够简单以由紧凑尺寸的有限状态机（FSM）表示的观察。 对于每个会话/节点/协议组合，维护有限状态机，并且任何非法的状态或状态转换（可能是恶意攻击的结果）被标记为潜在的入侵。

公开(公告)号：US20080199009A1

公开(公告)日：2008-08-21

申请号：US11675352

申请日：2007-02-15

申请人： Akshay Adhikari ,  Sachin Garg ,  Anjur Sundaresan Krishnakumar ,  Navjot Singh

发明人： Akshay Adhikari ,  Sachin Garg ,  Anjur Sundaresan Krishnakumar ,  Navjot Singh

IPC分类号： H04K1/02

CPC分类号： G06T1/0021 ,  G10L19/018 ,  H04H20/28 ,  H04H20/31 ,  H04H60/23 ,  H04H2201/50 ,  H04L9/065 ,  H04L2209/30 ,  H04L2209/608

摘要： A method is disclosed that enables the transmission of a digital message along with a corresponding information signal, such as audio or video. The supplemental information contained in digital messages can be used for a variety of purposes, such as enabling or enhancing packet authentication. In particular, a telecommunications device that is processing an information signal from its user, such as a speech signal, encrypts the information signal by performing a bitwise exclusive-or of an encryption key stream with the information signal stream. The device, such as a telecommunications endpoint, then intersperses the bits of the digital message throughout the encrypted signal in place of those bits overwritten, in a process referred to as “watermarking.” The endpoint then transmits the interspersed digital message bits as part of a composite signal that also comprises the encrypted information bits. No additional bits are appended to the packet to be transmitted, thereby addressing compatibility issues.

摘要翻译： 公开了一种能够传送数字消息以及对应的信息信号（诸如音频或视频）的方法。 数字消息中包含的补充信息可用于各种目的，例如启用或增强数据包认证。 特别地，正在处理来自其用户的信息信号（例如语音信号）的电信设备通过执行与信息信号流的按位异或加密密钥流来加密信息信号。 在称为“水印”的过程中，诸如电信端点的设备然后在整个加密信号中分散数字消息的位，以代替被覆盖的位。 然后，端点将散布的数字消息比特作为还包括加密信息比特的复合信号的一部分进行发送。 没有额外的位附加到要发送的数据包，从而解决兼容性问题。

公开(公告)号：US09100417B2

公开(公告)日：2015-08-04

申请号：US12115199

申请日：2008-05-05

申请人： Sachin Garg ,  Navjot Singh ,  Akshay Adhikari ,  Yu-Sung Wu

发明人： Sachin Garg ,  Navjot Singh ,  Akshay Adhikari ,  Yu-Sung Wu

IPC分类号： H04L12/66 ,  G06F17/00 ,  H04L29/06 ,  H04M7/00 ,  G06F21/51 ,  G06F21/56

CPC分类号： H04L65/1079 ,  G06F21/51 ,  G06F21/56 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L65/1006 ,  H04M7/006 ,  H04M7/0078

摘要： An apparatus and method for detecting potentially-improper call behavior (e.g., SPIT, etc.) are disclosed. The illustrative embodiment of the present invention is based on finite-state machines (FSMs) that represent the legal states and state transitions of communications protocols at nodes during Voice over Internet Protocol (VoIP) calls. In accordance with the illustrative embodiment, a library of FSM execution profiles associated with improper call behavior and a set of rules (or rule base) associated with improper FSM behavior over one or more calls are maintained. When the behavior of one or more finite-state machines during one or more calls matches either an execution profile in the library or a rule in the rule base, an alert is generated.

摘要翻译： 公开了一种用于检测潜在不适当的呼叫行为（例如，SPIT等）的装置和方法。 本发明的说明性实施例基于有限状态机（FSM），其表示在因特网协议语音（VoIP）呼叫期间节点处的通信协议的合法状态和状态转换。 根据说明性实施例，维护与不正当呼叫行为相关联的FSM执行简档库和与一个或多个调用上的不正确FSM行为相关联的一组规则（或规则库）。 当一个或多个调用期间一个或多个有限状态机的行为与库中的执行概要文件或规则库中的规则匹配时，将生成警报。

公开(公告)号：US20090274144A1

公开(公告)日：2009-11-05

申请号：US12115199

申请日：2008-05-05

申请人： Sachin Garg ,  Navjot Singh ,  Akshay Adhikari ,  Yu-Sung Wu

发明人： Sachin Garg ,  Navjot Singh ,  Akshay Adhikari ,  Yu-Sung Wu

IPC分类号： H04L12/66

CPC分类号： H04L65/1079 ,  G06F21/51 ,  G06F21/56 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L65/1006 ,  H04M7/006 ,  H04M7/0078

摘要： An apparatus and method for detecting potentially-improper call behavior (e.g., SPIT, etc.) are disclosed. The illustrative embodiment of the present invention is based on finite-state machines (FSMs) that represent the legal states and state transitions of communications protocols at nodes during Voice over Internet Protocol (VoIP) calls. In accordance with the illustrative embodiment, a library of FSM execution profiles associated with improper call behavior and a set of rules (or rule base) associated with improper FSM behavior over one or more calls are maintained. When the behavior of one or more finite-state machines during one or more calls matches either an execution profile in the library or a rule in the rule base, an alert is generated.

摘要翻译： 公开了一种用于检测潜在不适当的呼叫行为（例如，SPIT等）的装置和方法。 本发明的说明性实施例基于有限状态机（FSM），其表示在因特网协议语音（VoIP）呼叫期间节点处的通信协议的合法状态和状态转换。 根据说明性实施例，维护与不正当呼叫行为相关联的FSM执行简档库和与一个或多个调用上的不正确FSM行为相关联的一组规则（或规则库）。 当一个或多个调用期间一个或多个有限状态机的行为与库中的执行概要文件或规则库中的规则匹配时，将生成警报。