-
公开(公告)号:US20050257047A1
公开(公告)日:2005-11-17
申请号:US10846542
申请日:2004-05-17
CPC分类号: H04L63/0853 , H04L41/28
摘要: A system for improving security of management and control functions at a network element in a communications network is described. The control card of the network element is configured to function in association with an execution device such as a smartcard. The execution device has embedded thereon one or several processors each implementing specific security related operations. This limits access to the network element which, in turn, minimizes access to sensitive and confidential information.
摘要翻译: 描述了一种用于提高通信网络中的网元的管理和控制功能的安全性的系统。 网元的控制卡被配置为与诸如智能卡的执行装置相关联地起作用。 执行装置在其上嵌入有一个或多个处理器,每个处理器实现特定的安全相关操作。 这限制了对网络的访问,这又使得对敏感和机密信息的访问最小化。
-
2.发明申请公开(公告)号:US20070011741A1
公开(公告)日:2007-01-11
申请号:US11176237
申请日:2005-07-08
申请人: Jean-Marc Robert , Francois Cosquer
发明人: Jean-Marc Robert , Francois Cosquer
CPC分类号: H04L63/0245 , H04L43/00 , H04L63/1425
摘要: This method and system for detecting abnormal traffic in a communications network is based on classifying the traffic in risk and status categories and maintaining a service status table with this information for each service at a respective node. The risk categories are initially established based on known software vulnerabilities recognized for the respective service. An early notifier enables further processing of services suspected of malware propagation. Status categories enable segregating the traffic with a “under attack status” from the “non under attack” status, so that the intrusion detection system at the respective node only processes the “under attack” traffic. In this way, the time and amount of processing performed by the intrusion detection system is considerably reduced.
摘要翻译: 用于检测通信网络中的异常流量的方法和系统是基于对风险和状态类别中的流量进行分类,并且在相应节点处为每个服务维护具有该信息的服务状态表。 风险类别最初是基于为相应服务识别的已知软件漏洞建立的。 早期的通知器可以进一步处理涉嫌恶意软件传播的服务。 状态类别使得具有“不受攻击”状态的“受攻击状态”的流量隔离,使得相应节点处的入侵检测系统仅处理“未受攻击”流量。 以这种方式,入侵检测系统执行的处理的时间和数量大大降低。
-
公开(公告)号:US20100142709A1
公开(公告)日:2010-06-10
申请号:US12709015
申请日:2010-02-19
申请人: Jean-Marc Robert , Michel Barbeau
发明人: Jean-Marc Robert , Michel Barbeau
IPC分类号: H04K1/00
CPC分类号: H04W12/12 , H04L63/1408 , H04L63/1441 , H04W64/003 , H04W88/08
摘要: Methods to detect rogue access points (APs) and prevent unauthorized wireless access to services provided by a communication network are provided. A mobile station (MS) reports to a serving AP the received signal strength (RSS) for all APs in the area it travels. The serving AP detect a rogue AP based on inconsistencies perceived in the RSS reports, assessed during the handover phase or whilst the communication is active.
摘要翻译: 提供了检测流氓接入点(AP)并防止未经授权的无线访问由通信网络提供的服务的方法。 移动台(MS)向服务AP报告其所在区域中的所有AP的接收信号强度(RSS)。 服务AP基于在RSS报告中感知到的不一致性来检测流氓AP,在切换阶段期间或在通信活动期间进行评估。
-
公开(公告)号:US07464398B2
公开(公告)日:2008-12-09
申请号:US10440233
申请日:2003-05-19
CPC分类号: H04L63/1458 , H04L29/06 , H04L47/50 , H04L67/322 , H04L69/329
摘要: Systems and methods of mitigating attacks, such as Denial of Service (DoS) attacks, in a communications network are presented. Source addresses of packets received at network devices are monitored in relation to known reliable addresses stored in a decision engine. If the source address, as stored in a source table, is known as being legitimate the packets are placed in a high priority queue for transmission at the highest rate. Packets with an unknown address are placed in a lower priority queue, the source address stored in a different source table, and the packet is serviced at a lower rate. Packets that become known to be legitimate are moved from the unknown table to the table from which high priority queues are serviced. In this way, an attacker that employs spoofing techniques is prevented from overtaxing network resources.
摘要翻译: 介绍了在通信网络中减轻攻击的系统和方法,如拒绝服务(DoS)攻击。 在网络设备接收的分组的源地址与存储在决策引擎中的已知可靠地址相关。 如果存储在源表中的源地址被认为是合法的,则将数据包放置在高优先级队列中,以便以最高速率进行传输。 具有未知地址的数据包放在较低优先级的队列中,源地址存储在不同的源表中,数据包以较低的速率进行服务。 已知为合法的数据包将从未知表移动到从中提供高优先级队列的表。 以这种方式,防止使用欺骗技术的攻击者超载网络资源。
-
公开(公告)号:US20070086338A1
公开(公告)日:2007-04-19
申请号:US11250455
申请日:2005-10-17
申请人: Jean-Marc Robert , Dmitri Vinokurov
发明人: Jean-Marc Robert , Dmitri Vinokurov
IPC分类号: H04L12/26
CPC分类号: H04L63/0245 , H04L63/0236 , H04L63/1458 , H04L2463/141
摘要: A method and system for filtering malicious packets received at the edge of a service provider (SP) domain is provided. A protocol aware border element identifies the protocol used by any ingress packet, and then determines which domain-specific information is used in the application payload of the packet to form the source identity. If this packet pretends to come from the SP domain, and no domain entity is allowed to roam, the packet is identified as illegitimate and is subjected to a given security policy. The border element also identifies as legitimate the SP domain entities that are allowed to roam, and legitimate sources outside said SP domain that communicates customary with entities in the SP domain.
摘要翻译: 提供了一种用于过滤在服务提供商(SP)域边缘接收的恶意数据包的方法和系统。 协议感知边界元素标识任何入口分组使用的协议,然后确定在分组的应用有效载荷中使用哪个特定于特定信息以形成源标识。 如果该包假冒来自SP域,并且不允许域实体漫游,则该包被识别为非法,并且受到给定的安全策略。 边界元素还标识为允许漫游的SP域实体的合法性,以及SP域外的合法来源,与SP域中的实体通信。
-
6.发明申请公开(公告)号:US20070067845A1
公开(公告)日:2007-03-22
申请号:US11232004
申请日:2005-09-22
申请人: Douglas Wiemer , Jean-Marc Robert , Bradley McFarlane , Christophe Gustave , Stanley Chow , Jian Tang
发明人: Douglas Wiemer , Jean-Marc Robert , Bradley McFarlane , Christophe Gustave , Stanley Chow , Jian Tang
IPC分类号: G06F11/00
CPC分类号: H04L63/1433 , G06F21/577 , H04L41/0233 , H04L41/12 , H04L41/28
摘要: The invention is directed to providing threat and risk analysis for a network that has a high degree of inter-relationships and interdependencies among the assets comprising it, using a “cut set” enumeration method. The identified cut sets are used as the basis to the threat and risk analysis, since each cut set may affect the traffic between two dependent assets in the network, and thereby affect the security state of the dependent assets themselves. The affected security state may be confidentiality, integrity, availability, or other network or security relevant parameter.
摘要翻译: 本发明旨在使用“切割集”枚举方法为包括它的资产之间的高度相互关系和相互依赖性的网络提供威胁和风险分析。 识别的切割集合被用作威胁和风险分析的基础,因为每个切割集可能会影响网络中两个相关资产之间的流量,从而影响从属资产本身的安全状态。 受影响的安全状态可能是机密性,完整性,可用性或其他网络或安全相关参数。
-
公开(公告)号:US08020207B2
公开(公告)日:2011-09-13
申请号:US11656434
申请日:2007-01-23
申请人: Stanley TaiHai Chow , Jean-Marc Robert , Kevin McNamee , Douglas Wiemer , Bradley Kenneth McFarlane
发明人: Stanley TaiHai Chow , Jean-Marc Robert , Kevin McNamee , Douglas Wiemer , Bradley Kenneth McFarlane
IPC分类号: G06F12/14
CPC分类号: H04L63/1416 , H04L63/1458
摘要: A malware detection and response system based on traffic pattern anomalies detection is provided, whereby packets associated with a variety of protocols on each port of a network element are counted distinctly for each direction. Such packets include: ARP requests, TCP/SYN requests and acknowledgements, TCP/RST packets, DNS/NETBEUI name lookups, out-going ICMP packets, UDP packets, etc. When a packet causes an individual count or combination of counts to exceed a threshold, appropriate action is taken. The system can be incorporated into the fast path, that is, the data plane, enabling communications systems such as switches, routers, and DSLAMs to have built-in security at a very low cost.
摘要翻译: 提供了一种基于流量模式异常检测的恶意软件检测和响应系统,从而针对每个方向对网元的每个端口上的各种协议相关的数据包进行了明确的计数。 这样的数据包包括:ARP请求,TCP / SYN请求和确认,TCP / RST数据包,DNS / NETBEUI名称查找,外出ICMP数据包,UDP数据包等。当数据包导致个人计数或计数组合超过 阈值,采取适当的行动。 该系统可以并入快速路径,即数据平面,使诸如交换机,路由器和DSLAM之类的通信系统以非常低的成本具有内置的安全性。
-
8.发明授权公开(公告)号:US07565426B2
公开(公告)日:2009-07-21
申请号:US10635602
申请日:2003-08-07
申请人: Emanuele Jones , Jean-Marc Robert
发明人: Emanuele Jones , Jean-Marc Robert
IPC分类号: G06F15/173 , G06F11/00
CPC分类号: H04L63/1408 , H04L43/00 , H04L43/026 , H04L63/1458 , H04L2463/146
摘要: A system and method of tracing network flows in an autonomous communications system are described. The Autonomous System may be formed of multiple subgroups depending on size and application. Each subgroup contains multiple, interconnected routers which participate in transporting data flow across the Autonomous System (AS). A Director within the AS has a full and complete vision of the network topology. When it is desired to trace a particular flow because of an identified attack, selected routers in key locations—through which that particular flow travels—mark packets with labels which enable the tracing of the path. These labels permit the source of the attack, at least in so far as it travels through the AS, to be identified. If the number of entry (or key) points to the AS is larger than the number of available labels, the AS will be divided into subgroups, the flow is traced from subgroup to subgroup.
摘要翻译: 描述了在自主通信系统中跟踪网络流的系统和方法。 根据大小和应用,自治系统可以由多个子组组成。 每个子组包含多个互连的路由器,它们参与跨自治系统(AS)传输数据流。 AS内的主管对网络拓扑结构有完整而完整的认识。 当由于识别的攻击而需要跟踪特定流时,特定流程通过该关键位置选择的路由器标记具有能够跟踪路径的标签的分组。 这些标签允许攻击的来源,至少在通过AS的途中被识别。 如果指向AS的条目(或密钥)的数量大于可用标签的数量,则AS将被划分为子组,该流从子组跟踪到子组。
-
公开(公告)号:US20090013404A1
公开(公告)日:2009-01-08
申请号:US11822341
申请日:2007-07-05
CPC分类号: H04L63/1458 , H04L63/08
摘要: When the processing resources of a host system are occupied beyond a trigger point by incoming requests, that host system issues a cool-it message that is broadcast throughout the network, eventually reaching edge routers that, in response to the message, throttle the traffic that they pass into the network. The throttling is applied in increasing amounts with increasing traffic volumes received at the edge routers. The cool-it messages are authenticated to ensure that they are not being used as instruments of a DoS attack. This mechanism also works to control legitimate network congestion, and it does not block users from a host system that is under attack.
摘要翻译: 当主机系统的处理资源被传入请求占用超过触发点时,该主机系统发出在整个网络中广播的酷消息消息,最终到达边缘路由器,响应于该消息,节流了 他们进入网络。 在边缘路由器收到的流量增加的情况下,节流应用量越来越多。 酷消息被认证,以确保它们不被用作DoS攻击的工具。 这种机制也可以用来控制合法的网络拥塞,并且不会阻止受到受到攻击的主机系统的用户。
-
公开(公告)号:US06648608B1
公开(公告)日:2003-11-18
申请号:US10009362
申请日:2001-12-10
申请人: Jean-Marc Robert
发明人: Jean-Marc Robert
IPC分类号: F04B2708
CPC分类号: F04B43/067 , F02M37/12 , F04B1/14
摘要: A main unit pumps the transferred liquid actuated by an auxiliary unit for pumping a working liquid. The auxiliary unit comprises a piston provided with an axial drilling (bore) for circulating working liquid between a tank and a compression chamber. The piston further comprises a valve for closing the drilling, the valve housed in the drilling between two ends thereof in permanent communication with the tank and the compression chamber respectively. The valve opens when the pressure of the working liquid in the tank exceeds that of the working liquid in the compression chamber and closes in the opposite situation. The compression chamber is delimited by a flexible diaphragm for pumping transferred liquid. The diaphragm is constantly elastically returned to the first position by a diaphragm spring. For the pump to operate correctly, the stiffness of the spring that returns the diaphragm associated with the piston, is dimensioned so that this spring keeps the working liquid contained in the compression chamber at a raised pressure with respect to the working liquid contained in the reservoir, and does so as long as the diaphragm has not reached its first position in which the pumping chamber has its maximum volume. The diaphragm spring allows the diaphragm to return automatically to its first position, even when there is no liquid in the main pumping unit.
摘要翻译: 主单元泵送由辅助单元致动的被转移液体,用于泵送工作液体。 辅助单元包括具有用于使工作液体在罐和压缩室之间循环的轴向钻孔(孔)的活塞。 所述活塞还包括用于关闭钻孔的阀,所述阀容纳在与所述罐和所述压缩室永久连通的两端之间的钻孔中。 当罐中的工作液体的压力超过压缩室中的工作液体的压力时,阀门打开,并且在相反的情况下关闭。 压缩室由用于泵送转移液体的柔性隔膜界定。 隔膜通过隔膜弹簧不断弹性地返回到第一位置。 为了使泵正常工作,返回与活塞相关联的隔膜的弹簧的刚度的尺寸被设计成使得该弹簧保持包含在压缩室中的工作液体相对于容纳在储存器中的工作液体的升高的压力 并且只要隔膜没有到达其泵送室的最大容积的第一位置即可。 膜片弹簧允许膜片自动返回到其第一位置,即使主泵送单元中没有液体。
-
-
-
-
-
-
-
-
-
搜索结果
28 条记录 (耗时 0.021 秒)
