公开(公告)号：US07848235B2

公开(公告)日：2010-12-07

申请号：US12381937

申请日：2009-03-18

申请人： Brian Hernacki ,  Jeremy Bennett

发明人： Brian Hernacki ,  Jeremy Bennett

IPC分类号： H04J1/16

CPC分类号： H04L63/1416 ,  H04L63/0227

摘要： Network evasion and misinformation detection are disclosed. Techniques are provided for network security, including determining whether a particular packet, segment, frame, or other data encapsulation has been retransmitted. By detecting and tracking retransmits, the packet may be compared to the original packet to determine whether an attack exists. By evaluating the original data stream and a copy of the original data stream modified with the retransmitted packet, an evasion or misinformation attempt may be detected, invoking pattern or signature matching to determine whether an attack is attempted against a target host.

摘要翻译： 披露网络逃避和错误信息检测。 提供了用于网络安全性的技术，包括确定是否已重传特定分组，分段，帧或其他数据封装。 通过检测和跟踪重传，可以将分组与原始分组进行比较，以确定是否存在攻击。 通过评估原始数据流和用重传的分组修改的原始数据流的副本，可以检测到逃避或错误信息尝试，调用模式或签名匹配以确定是否针对目标主机尝试攻击。

公开(公告)号：US07836499B1

公开(公告)日：2010-11-16

申请号：US10994171

申请日：2004-11-18

申请人： Brian Hernacki ,  Jeremy Bennett

发明人： Brian Hernacki ,  Jeremy Bennett

IPC分类号： G06F11/00

CPC分类号： H04L63/0227 ,  H04L63/1408

摘要： Detecting network threats through dynamic depth inspection is disclosed. A mandatory threat detection procedure is performed on data received via a network. It is determined probabilistically whether to perform an optional threat detection procedure on at least a portion of the data. The optional threat detection procedure is then performed if it is determined that it should be performed.

摘要翻译： 透露了通过动态深度检测来检测网络威胁。 对通过网络接收的数据执行强制威胁检测程序。 概率地确定是否对数据的至少一部分执行可选的威胁检测程序。 如果确定应该执行可选的威胁检测过程，则执行可选的威胁检测过程。

公开(公告)号：US07409721B2

公开(公告)日：2008-08-05

申请号：US10349155

申请日：2003-01-21

申请人： Brian Hernacki ,  Jeremy Bennett

发明人： Brian Hernacki ,  Jeremy Bennett

IPC分类号： G06F21/00

CPC分类号： H04L63/14 ,  H04L63/02

摘要： A system and method are disclosed for analyzing security risks in a computer network. The system constructs asset relationships among a plurality of objects in the computer network and receives an event associated with a selected object, where the event has an event risk level. The system also propagates the event to objects related to the selected object if the event risk level exceeds a propagation threshold.

摘要翻译： 公开了一种用于分析计算机网络中的安全风险的系统和方法。 系统构建计算机网络中的多个对象之间的资产关系，并且接收与所选对象相关联的事件，其中该事件具有事件风险级别。 如果事件风险级别超过传播阈值，系统还将事件传播到与所选对象相关的对象。

公开(公告)号：US07984504B2

公开(公告)日：2011-07-19

申请号：US12215112

申请日：2008-06-24

申请人： Brian Hernacki ,  Jeremy Bennett

发明人： Brian Hernacki ,  Jeremy Bennett

IPC分类号： G06F11/00

CPC分类号： H04L63/14 ,  H04L63/02

摘要： Analyzing security risk in a computer network includes receiving an event associated with a selected object in the computer network, and determining an object risk level for the selected object based at least in part on an event risk level of the event received, wherein the event risk level accounts for intrinsic risk that depends at least in part on the event that is received and source risk that depends at least in part on a source from which the event originated.

摘要翻译： 分析计算机网络中的安全风险包括接收与计算机网络中的所选对象相关联的事件，以及至少部分地基于接收的事件的事件风险级别来确定所选对象的对象风险级别，其中事件风险 内部风险的层次考虑至少部分取决于收到的事件和至少部分依赖于事件来源的源风险。

公开(公告)号：US20090183260A1

公开(公告)日：2009-07-16

申请号：US12381937

申请日：2009-03-18

申请人： Brian Hernacki ,  Jeremy Bennett

发明人： Brian Hernacki ,  Jeremy Bennett

IPC分类号： G06F21/22 ,  G06F11/30 ,  G08B23/00 ,  H04L12/26

CPC分类号： H04L63/1416 ,  H04L63/0227

摘要： Network evasion and misinformation detection are disclosed. Techniques are provided for network security, including determining whether a particular packet, segment, frame, or other data encapsulation has been retransmitted. By detecting and tracking retransmits, the packet may be compared to the original packet to determine whether an attack exists. By evaluating the original data stream and a copy of the original data stream modified with the retransmitted packet, an evasion or misinformation attempt may be detected, invoking pattern or signature matching to determine whether an attack is attempted against a target host.

摘要翻译： 披露网络逃避和错误信息检测。 提供了用于网络安全性的技术，包括确定是否已重传特定分组，分段，帧或其他数据封装。 通过检测和跟踪重传，可以将分组与原始分组进行比较，以确定是否存在攻击。 通过评估原始数据流和用重传的分组修改的原始数据流的副本，可以检测到逃避或错误信息尝试，调用模式或签名匹配以确定是否针对目标主机尝试攻击。

公开(公告)号：US07529187B1

公开(公告)日：2009-05-05

申请号：US10839737

申请日：2004-05-04

申请人： Brian Hernacki ,  Jeremy Bennett

发明人： Brian Hernacki ,  Jeremy Bennett

IPC分类号： H04J1/16

CPC分类号： H04L63/1416 ,  H04L63/0227

摘要： Network evasion and misinformation detection are disclosed. Techniques are provided for network security, including determining whether a particular packet, segment, frame, or other data encapsulation has been retransmitted. By detecting and tracking retransmits, the packet may be compared to the original packet to determine whether an attack exists. By evaluating the original data stream and a copy of the original data stream modified with the retransmitted packet, an evasion or misinformation attempt may be detected, invoking pattern or signature matching to determine whether an attack is attempted against a target host.

公开(公告)号：US20080289043A1

公开(公告)日：2008-11-20

申请号：US12215112

申请日：2008-06-24

申请人： Brian Hernacki ,  Jeremy Bennett

发明人： Brian Hernacki ,  Jeremy Bennett

IPC分类号： G06F21/00 ,  G06F15/173

CPC分类号： H04L63/14 ,  H04L63/02

摘要： Analyzing security risk in a computer network includes receiving an event associated with a selected object in the computer network, and determining an object risk level for the selected object based at least in part on an event risk level of the event received, wherein the event risk level accounts for intrinsic risk that depends at least in part on the event that is received and source risk that depends at least in part on a source from which the event originated.

摘要翻译： 分析计算机网络中的安全风险包括接收与计算机网络中的所选对象相关联的事件，以及至少部分地基于接收的事件的事件风险级别来确定所选对象的对象风险级别，其中事件风险 内部风险的层次考虑至少部分取决于收到的事件和至少部分依赖于事件来源的源风险。

公开(公告)号：US20080184344A1

公开(公告)日：2008-07-31

申请号：US12079767

申请日：2008-03-28

申请人： Brian Hernacki ,  Thomas Lofgren ,  Jeremy Bennett

发明人： Brian Hernacki ,  Thomas Lofgren ,  Jeremy Bennett

IPC分类号： G06F21/20

CPC分类号： H04L63/08 ,  G06F21/31 ,  H04L63/1441

摘要： Remote activation of covert service channels is provided. A remote host can initiate and establish a connection with a target host without exposing a service channel or communications port to an unauthenticated host. Triggers can be received by and sent to a host and an associated operating system, under direction of a stealth listener. The stealth listener provides can control and direct an operating system to respond to incoming data packets, but can also open and close ports to enable access to services on a host. Using a variety of transport mechanisms, protocols, and triggers to covertly enable a connection to be established between a service and a remote client, the disclosed techniques also enable reduction of processing and storage resources by reducing the amount of host or client-installed software.

公开(公告)号：US07380123B1

公开(公告)日：2008-05-27

申请号：US10677732

申请日：2003-10-02

申请人： Brian Hernacki ,  Thomas Lofgren ,  Jeremy Bennett

发明人： Brian Hernacki ,  Thomas Lofgren ,  Jeremy Bennett

IPC分类号： H04L9/00

CPC分类号： H04L63/08 ,  G06F21/31 ,  H04L63/1441

摘要： Remote activation of covert service channels is provided. A remote host can initiate and establish a connection with a target host without exposing a service channel or communications port to an unauthenticated host. Triggers can be received by and sent to a host and an associated operating system, under direction of a stealth listener. The stealth listener provides can control and direct an operating system to respond to incoming data packets, but can also open and close ports to enable access to services on a host. Using a variety of transport mechanisms, protocols, and triggers to covertly enable a connection to be established between a service and a remote client, the disclosed techniques also enable reduction of processing and storage resources by reducing the amount of host or client-installed software.

摘要翻译： 提供隐蔽服务渠道的远程激活。 远程主机可以发起和建立与目标主机的连接，而不会将服务通道或通信端口暴露给未经身份验证的主机。 触发器可以在隐身侦听器的指导下接收并发送到主机和相关联的操作系统。 隐形监听器提供可以控制和指导操作系统对输入的数据包进行响应，但也可以打开和关闭端口以允许访问主机上的服务。 使用各种传输机制，协议和触发器来隐蔽地在服务和远程客户端之间建立连接，所公开的技术还可以通过减少主机或客户端安装的软件的数量来减少处理和存储资源。

公开(公告)号：US08661250B2

公开(公告)日：2014-02-25

申请号：US12079767

申请日：2008-03-28

申请人： Brian Hernacki ,  Thomas Lofgren ,  Jeremy Bennett

发明人： Brian Hernacki ,  Thomas Lofgren ,  Jeremy Bennett

IPC分类号： H04L9/32

CPC分类号： H04L63/08 ,  G06F21/31 ,  H04L63/1441

摘要： Remote activation of covert service channels is provided. A remote host can initiate and establish a connection with a target host without exposing a service channel or communications port to an unauthenticated host. Triggers can be received by and sent to a host and an associated operating system, under direction of a stealth listener. The stealth listener provides can control and direct an operating system to respond to incoming data packets, but can also open and close ports to enable access to services on a host. Using a variety of transport mechanisms, protocols, and triggers to covertly enable a connection to be established between a service and a remote client, the disclosed techniques also enable reduction of processing and storage resources by reducing the amount of host or client-installed software.

摘要翻译： 提供隐蔽服务渠道的远程激活。 远程主机可以发起和建立与目标主机的连接，而不会将服务通道或通信端口暴露给未经身份验证的主机。 触发器可以在隐身侦听器的指导下接收并发送到主机和相关联的操作系统。 隐形监听器提供可以控制和指导操作系统对输入的数据包进行响应，但也可以打开和关闭端口以允许访问主机上的服务。 使用各种传输机制，协议和触发器来隐蔽地在服务和远程客户端之间建立连接，所公开的技术还可以通过减少主机或客户端安装的软件的数量来减少处理和存储资源。