-
1.发明授权公开(公告)号:US07594263B2
公开(公告)日:2009-09-22
申请号:US10774017
申请日:2004-02-05
CPC分类号: H04L63/0218 , H04L63/02 , H04L63/1416 , H04L63/1441
摘要: A communication network is operated by detecting an anomaly in the communication traffic at a plurality of nodes in a communication network. A first blocking measure A is independently applied at respective ones of the plurality of nodes to the anomalous traffic that stops the anomalous traffic. A second blocking measure B is independently determined at the respective ones of the plurality of nodes such that application of a logical combination of the first blocking measure A and the second blocking measure B to the anomalous traffic stops the anomalous traffic.
摘要翻译: 通信网络通过检测通信网络中的多个节点处的通信业务中的异常来操作。 第一阻塞测度A被独立地应用于多个节点中的相应的节点处于停止异常业务的异常业务。 在多个节点中的相应节点处独立地确定第二阻塞测量B,使得将第一阻塞测度A和第二阻塞测量B的逻辑组合应用于异常业务停止异常业务。
-
公开(公告)号:US07523470B2
公开(公告)日:2009-04-21
申请号:US11021139
申请日:2004-12-23
IPC分类号: G06F13/00
CPC分类号: G06F21/566
摘要: A kernel based detection of keyboard logger applications is achieved by configuring a call interface to the kernel to characterize a system call pattern for processes accessing a keyboard. A monitor thread iteratively examines a plurality of threads to test open( ), read( ), write( ), and syscall( ) system routines for conditions indicative of presence of a keyboard logger application. A thread whose system call pattern is characterized by such conditions is marked as a keyboard logger.
摘要翻译: 基于内核的键盘记录器应用的检测是通过配置到内核的调用接口来表征访问键盘的进程的系统调用模式来实现的。 监视器线程迭代地检查多个线程以测试用于指示键盘记录器应用存在的条件的open(),read(),write()和syscall()系统例程。 其系统调用模式的特征在于这样的条件的线程被标记为键盘记录器。
-
3.发明授权公开(公告)号:US07523494B2
公开(公告)日:2009-04-21
申请号:US10774140
申请日:2004-02-05
申请人: Kevin Himberger , Clark D. Jeffries
发明人: Kevin Himberger , Clark D. Jeffries
IPC分类号: G06F7/00
CPC分类号: H04L63/1408 , H04L63/1441
摘要: Communication traffic is processed by detecting an anomaly in the communication traffic. A first blocking measure A is applied to the anomalous traffic that stops the anomalous traffic. A second blocking measure is determined such that application of a logical combination of the first blocking measure A and the second blocking measure to the anomalous traffic stops the anomalous traffic.
摘要翻译: 通过检测通信流量中的异常来处理通信流量。 第一个阻塞措施A应用于阻止异常交通的异常交通。 确定第二阻塞措施,使得将第一阻塞措施A和第二阻塞措施的逻辑组合应用于异常交通停止异常业务。
-
4.发明授权Intrusion detection using a network processor and a parallel pattern detection engine 失效使用网络处理器和并行模式检测引擎的入侵检测公开(公告)号:US08239945B2
公开(公告)日:2012-08-07
申请号:US12334481
申请日:2008-12-14
申请人: Marc A. Boulanger , Clark D. Jeffries , C. Marcel Kinard , Kerry A. Kravec , Ravinder K. Sabhikhi , Ali G. Saidi , Jan M. Slyfield , Pascal R. Tannhof
发明人: Marc A. Boulanger , Clark D. Jeffries , C. Marcel Kinard , Kerry A. Kravec , Ravinder K. Sabhikhi , Ali G. Saidi , Jan M. Slyfield , Pascal R. Tannhof
CPC分类号: H04L63/1416 , H04L63/1441
摘要: An intrusion detection system (IDS) comprises a network processor (NP) coupled to a memory unit for storing programs and data. The NP is also coupled to one or more parallel pattern detection engines (PPDE) which provide high speed parallel detection of patterns in an input data stream. Each PPDE comprises many processing units (PUs) each designed to store intrusion signatures as a sequence of data with selected operation codes. The PUs have configuration registers for selecting modes of pattern recognition. Each PU compares a byte at each clock cycle. If a sequence of bytes from the input pattern match a stored pattern, the identification of the PU detecting the pattern is outputted with any applicable comparison data. By storing intrusion signatures in many parallel PUs, the IDS can process network data at the NP processing speed. PUs may be cascaded to increase intrusion coverage or to detect long intrusion signatures.
摘要翻译: 入侵检测系统(IDS)包括耦合到用于存储程序和数据的存储器单元的网络处理器(NP)。 NP还耦合到一个或多个并行模式检测引擎(PPDE),其提供对输入数据流中的模式的高速并行检测。 每个PPDE包括许多处理单元(PU),每个处理单元被设计为将入侵签名存储为具有所选操作码的数据序列。 PU具有用于选择模式识别模式的配置寄存器。 每个PU在每个时钟周期比较一个字节。 如果来自输入模式的字节序列与存储的模式匹配,则用任何适用的比较数据输出检测模式的PU的识别。 通过在多个并行PU中存储入侵签名,IDS可以以NP处理速度处理网络数据。 PU可以级联以增加入侵覆盖或检测长入侵签名。
-
公开(公告)号:US08005989B2
公开(公告)日:2011-08-23
申请号:US12188333
申请日:2008-08-08
申请人: Everett A. Corl, Jr. , Gordon T. Davis , Clark D. Jeffries , Natarajan Vaidhyanathan , Colin B. Verrilli
发明人: Everett A. Corl, Jr. , Gordon T. Davis , Clark D. Jeffries , Natarajan Vaidhyanathan , Colin B. Verrilli
IPC分类号: G06F15/173
摘要: The classification system of a network device includes a cache in which a mapping between predefined characteristics of TCP/IP packets and associated actions are stored in response to the first “Frequent Flyer” packet in of a session. Selected characteristics from subsequent received packets of that session are correlated with the predefined characteristics and the stored actions are applied to the received packets if the selected characteristics and the predefined characteristics match, thus reducing the processing required for subsequent packets. The packets selected for caching may be data packets. For mismatched characteristics, the full packet search of the classification system is used to determine the action to apply to the received packet.
摘要翻译: 网络设备的分类系统包括缓存,其中响应于会话中的第一“频繁传单”分组而存储TCP / IP分组的预定义特性与相关动作之间的映射。 如果所选择的特征和预定义的特征匹配,则从该会话的后续接收到的分组中选出的特征与预定义的特征相关联,并且将存储的动作应用于所接收的分组,从而减少后续分组所需的处理。 选择用于缓存的数据包可能是数据包。 对于不匹配的特征,分类系统的全分组搜索用于确定应用于接收到的分组的动作。
-
6.发明授权公开(公告)号:US07937355B2
公开(公告)日:2011-05-03
申请号:US12327115
申请日:2008-12-03
IPC分类号: G06F17/00 , G06F9/00 , G06F15/16 , G06F15/173 , G06N5/02
CPC分类号: H04L43/16 , H04L43/18 , H04L49/25 , H04L63/0263
摘要: The present invention relates to a method and computer system device for applying a plurality of rules to data packets within a network computer system. A filter rule decision tree is updated by adding or deleting a rule. If deleting a filter rule then the decision tree is provided to a network data plane processor with an incremental delete of the filter rule. If adding a filter rule then either providing an incremental insertion of the filter rule to the decision tree or rebuilding the first decision tree into a second decision tree responsive to comparing a parameter to a threshold. In one embodiment the parameter and thresholds relate to depth values of the tree filter rule chained branches. In another the parameter and thresholds relate to a total count of rule additions since a building of the relevant tree.
摘要翻译: 本发明涉及一种用于将多个规则应用于网络计算机系统内的数据分组的方法和计算机系统设备。 通过添加或删除规则来更新过滤规则决策树。 如果删除过滤规则,则将决策树提供给具有过滤规则的增量删除的网络数据平面处理器。 如果添加过滤规则,则响应于将参数与阈值进行比较,提供过滤规则的增量插入到决策树或将第一决策树重新构建到第二决策树中。 在一个实施例中,参数和阈值涉及树筛选器规则链分支的深度值。 在另一个中,参数和阈值涉及自相关树的建立以来的规则添加的总计数。
-
7.发明授权Method and systems for controlling ATM traffic using bandwidth allocation technology 失效使用带宽分配技术控制ATM流量的方法和系统公开(公告)号:US07317727B2
公开(公告)日:2008-01-08
申请号:US10442762
申请日:2003-05-21
CPC分类号: H04L47/32 , H04L12/5602 , H04L47/2408 , H04L47/2416 , H04L47/50 , H04L47/525 , H04L47/621 , H04L2012/5631 , H04L2012/5679
摘要: A method and system for managing asynchronous transfer mode (ATM) traffic in a computer system is disclosed. The computer system is used in sending, receiving, or sending and receiving a plurality of ATM flows. Each ATM flow has a plurality of ATM cells, a minimum ATM bandwidth guarantee, and a maximum ATM bandwidth. The method and system include determining whether excess bandwidth exists for the ATM flows. The method and system also include gracefully increasing a portion of the ATM cells transmitted for each ATM flow during periods of excess bandwidth. The portion of the ATM cells transmitted is not more than the maximum ATM bandwidth limit. If an ATM flow presents a sufficient offered load, the portion of the ATM cells transmitted in the flow is not less than a minimum ATM bandwidth guarantee.
摘要翻译: 公开了一种在计算机系统中管理异步传输模式(ATM)流量的方法和系统。 计算机系统用于发送,接收或发送和接收多个ATM流。 每个ATM流具有多个ATM信元,最小ATM带宽保证和最大ATM带宽。 该方法和系统包括确定ATM流是否存在过量带宽。 该方法和系统还包括在超额带宽周期期间适度地增加为每个ATM流发送的ATM信元的一部分。 发送的ATM信元的部分不超过最大ATM带宽限制。 如果ATM流提供足够的提供负载,则在流中发送的ATM信元的部分不小于最小ATM带宽保证。
-
8.发明授权Method and system for converting ranges into overlapping prefixes for a longest prefix match 失效将范围转换为重叠前缀的方法和系统,用于最长前缀匹配公开(公告)号:US07177313B2
公开(公告)日:2007-02-13
申请号:US10155566
申请日:2002-05-23
IPC分类号: H04L12/28
CPC分类号: H04L45/00 , H04L45/04 , H04L45/30 , H04L45/54 , H04L63/0227 , H04L63/0236 , H04L63/0263
摘要: A method and system for converting a plurality of ranges of values for a plurality of packet classification rules in a computer system is disclosed. The plurality of ranges exists in at least one dimension. The method and system include mapping each of the plurality of ranges to a plurality of nonoverlapping prefixes. The method and system also include mapping the plurality of nonoverlapping prefixes to a plurality of overlapping prefixes corresponding to the plurality of ranges. The plurality of overlapping prefixes include a plurality of shorter matching overlapping prefixes for a plurality of nonconflicting ranges.
摘要翻译: 公开了一种用于在计算机系统中转换多个分组分类规则的多个值范围的方法和系统。 多个范围存在于至少一个维度中。 该方法和系统包括将多个范围中的每一个映射到多个不重叠前缀。 所述方法和系统还包括将所述多个非重叠前缀映射到对应于所述多个范围的多个重叠前缀。 多个重叠前缀包括用于多个非冲突范围的多个较短的匹配重叠前缀。
-
公开(公告)号:US07738376B2
公开(公告)日:2010-06-15
申请号:US11766190
申请日:2007-06-21
申请人: Garesh Balakrishnan , John P. Chalmers , Clark D. Jeffries , Jitesh R. Nair , Larry W. Nicholson , Ravinder K. Sabhikhi , Raj K. Singh
发明人: Garesh Balakrishnan , John P. Chalmers , Clark D. Jeffries , Jitesh R. Nair , Larry W. Nicholson , Ravinder K. Sabhikhi , Raj K. Singh
IPC分类号: H04L12/26
摘要: A flow control method and system including an algorithm for deciding to transmit an arriving packet into a processing queue or to discard it, or, in the case of instructions or packets that must not be discarded, a similar method and system for deciding at a service event to transmit an instruction or packet into a processing queue or to skip the service event. The transmit probability is increased or decreased in consideration of minimum and maximum limits for each flow, aggregate limits for sets of flows, relative priority among flows, queue occupancy, and rate of change of queue occupancy. The effects include protection of flows below their minimum rates, correction of flows above their maximum rates, and, for flows between minimum and maximum rates, reduction of constituent flows of an aggregate that is above its aggregate maximum. Practice of the invention results in low queue occupancy during steady congestion.
摘要翻译: 一种流量控制方法和系统,包括用于决定将到达的分组发送到处理队列或丢弃它的算法,或者在不能被丢弃的指令或分组的情况下,用于在服务中决定的类似方法和系统 将指令或分组发送到处理队列或跳过服务事件的事件。 考虑到每个流量的最小和最大限制,流量集合的限制,流量之间的相对优先级,队列占用率和队列占用率的变化率,发送概率增加或减少。 这些影响包括保护流量低于其最低利率,纠正高于其最大利率的流量,以及最小和最大利率之间的流量减少总量超过其总最大值的组成流量。 本发明的实践导致在稳定拥塞期间的低队列占用。
-
10.发明授权System and method for automatic management of many computer data processing system pipes 有权许多计算机数据处理系统管道的自动管理系统和方法公开(公告)号:US07710874B2
公开(公告)日:2010-05-04
申请号:US10454052
申请日:2003-06-04
申请人: Ganesh Balakrishnan , Everett A. Corl, Jr. , Clark D. Jeffries , Ravinder K. Sabhikhi , Michael S. Siegel , Raj K. Singh , Rama M. Yedavalli
发明人: Ganesh Balakrishnan , Everett A. Corl, Jr. , Clark D. Jeffries , Ravinder K. Sabhikhi , Michael S. Siegel , Raj K. Singh , Rama M. Yedavalli
IPC分类号: H04L1/00
CPC分类号: H04L41/0896
摘要: A process control method and system including partitioning transmit decisions and certain measurements into one logical entity (Data Plane) and partitioning algorithm computation to update transmit probabilities into a second logical entity (Control Plane), the two entities periodically communicating fresh measurements from Data Plane to Control Plane and adjusted transmit probabilities from Control Plane to Data Plane. The transmit probability may be used in transmit/discard decisions of packets or instructions exercised at every arrival of a packet or instruction. In an alternative embodiment, the transmit probability may be used in transmit/delay decisions of awaiting instructions or packets exercised at every service event.
摘要翻译: 一种过程控制方法和系统,包括将发送决策和某些测量划分成一个逻辑实体(数据平面)和分区算法计算,以将发送概率更新为第二逻辑实体(控制平面),所述两个实体周期性地将新的测量从数据平面传送到 控制平面和从控制平面到数据平面的调整传输概率。 发送概率可以用于在分组或指令的每个到达时所执行的分组或指令的发送/丢弃决定。 在替代实施例中,发送概率可以用于在每个服务事件处等待指令或分组执行的发送/延迟决定。
-
-
-
-
-
-
-
-
-
搜索结果
41 条记录 (耗时 0.031 秒)
