公开(公告)号：US20080225740A1

公开(公告)日：2008-09-18

申请号：US11724911

申请日：2007-03-15

申请人： Cecilia Martin ,  John Huber ,  Mei Wang ,  Jonathan Chang ,  Flavio Bonomi ,  Sumeet Singh

发明人： Cecilia Martin ,  John Huber ,  Mei Wang ,  Jonathan Chang ,  Flavio Bonomi ,  Sumeet Singh

IPC分类号： H04J1/16

CPC分类号： H04L43/062 ,  H04L43/00 ,  H04L43/022 ,  H04L43/0876 ,  H04L43/106 ,  H04L43/16 ,  H04L45/00 ,  H04L45/745 ,  H04L47/10 ,  H04L49/50 ,  H04L63/1408 ,  H04L69/22

摘要： A device includes a multistage filter and an elephant trap. The multistage filter has hash functions and an array. The multistage filter is operable to receive a packet associated with a candidate heavy network user and send the packet to the hash functions. The hash functions generate hash function output values corresponding to indices in the array. The elephant trap is connected to the multistage filter. The elephant trap includes a buffer and probabilistic sampling logic. The probabilistic sampling logic is operable to attempt to add information associated with the packet to the buffer a particular percentage of the time based in part on the result of the multistage filter lookup. The buffer is operable to hold information associated with the packet, counter information, and timestamp information.

摘要翻译： 装置包括多级过滤器和大象捕集器。 多级过滤器具有散列函数和数组。 多级过滤器可操作以接收与候选重网络用户相关联的分组，并将分组发送到散列函数。 散列函数生成与数组中的索引对应的哈希函数输出值。 大象陷阱连接到多级过滤器。 大象陷阱包括缓冲区和概率抽样逻辑。 概率抽样逻辑可操作以部分地基于多级过滤器查找的结果来试图将与分组相关联的信息添加到缓冲器中的特定百分比的时间。 缓冲器可操作以保存与分组相关联的信息，计数器信息和时间戳信息。

公开(公告)号：US09191225B2

公开(公告)日：2015-11-17

申请号：US12971358

申请日：2010-12-17

申请人： Cecilia Martin ,  John Huber ,  Mei Wang ,  Jonathan Chang ,  Flavio Bonomi ,  Sumeet Singh

发明人： Cecilia Martin ,  John Huber ,  Mei Wang ,  Jonathan Chang ,  Flavio Bonomi ,  Sumeet Singh

IPC分类号： H04L12/28 ,  H04L12/26 ,  H04L12/701 ,  H04L12/741 ,  H04L12/801 ,  H04L12/931

CPC分类号： H04L43/062 ,  H04L43/00 ,  H04L43/022 ,  H04L43/0876 ,  H04L43/106 ,  H04L43/16 ,  H04L45/00 ,  H04L45/745 ,  H04L47/10 ,  H04L49/50 ,  H04L63/1408 ,  H04L69/22

摘要： A device includes a multistage filter and an elephant trap. The multistage filter has hash functions and an array. The multistage filter is operable to receive a packet associated with a candidate heavy network user and send the packet to the hash functions. The hash functions generate hash function output values corresponding to indices in the array. The elephant trap is connected to the multistage filter. The elephant trap includes a buffer and probabilistic sampling logic. The probabilistic sampling logic is operable to attempt to add information associated with the packet to the buffer a particular percentage of the time based in part on the result of the multistage filter lookup. The buffer is operable to hold information associated with the packet, counter information, and timestamp information.

摘要翻译： 装置包括多级过滤器和大象捕集器。 多级过滤器具有散列函数和数组。 多级过滤器可操作以接收与候选重网络用户相关联的分组，并将分组发送到散列函数。 散列函数生成与数组中的索引对应的哈希函数输出值。 大象陷阱连接到多级过滤器。 大象陷阱包括缓冲区和概率抽样逻辑。 概率抽样逻辑可操作以部分地基于多级过滤器查找的结果来试图将与分组相关联的信息添加到缓冲器中的特定百分比的时间。 缓冲器可操作以保存与分组相关联的信息，计数器信息和时间戳信息。

公开(公告)号：US07894358B2

公开(公告)日：2011-02-22

申请号：US11724911

申请日：2007-03-15

申请人： Cecilia Martin ,  John Huber ,  Mei Wang ,  Jonathan Chang ,  Flavio Bonomi ,  Sumeet Singh

发明人： Cecilia Martin ,  John Huber ,  Mei Wang ,  Jonathan Chang ,  Flavio Bonomi ,  Sumeet Singh

IPC分类号： H04L12/26 ,  H04L12/28

CPC分类号： H04L43/062 ,  H04L43/00 ,  H04L43/022 ,  H04L43/0876 ,  H04L43/106 ,  H04L43/16 ,  H04L45/00 ,  H04L45/745 ,  H04L47/10 ,  H04L49/50 ,  H04L63/1408 ,  H04L69/22

摘要： A device includes a multistage filter and an elephant trap. The multistage filter has hash functions and an array. The multistage filter is operable to receive a packet associated with a candidate heavy network user and send the packet to the hash functions. The hash functions generate hash function output values corresponding to indices in the array. The elephant trap is connected to the multistage filter. The elephant trap includes a buffer and probabilistic sampling logic. The probabilistic sampling logic is operable to attempt to add information associated with the packet to the buffer a particular percentage of the time based in part on the result of the multistage filter lookup. The buffer is operable to hold information associated with the packet, counter information, and timestamp information.

摘要翻译： 装置包括多级过滤器和大象捕集器。 多级过滤器具有散列函数和数组。 多级过滤器可操作以接收与候选重网络用户相关联的分组，并将分组发送到散列函数。 散列函数生成与数组中的索引对应的哈希函数输出值。 大象陷阱连接到多级过滤器。 大象陷阱包括缓冲区和概率抽样逻辑。 概率抽样逻辑可操作以部分地基于多级过滤器查找的结果来试图将与分组相关联的信息添加到缓冲器中的特定百分比的时间。 缓冲器可操作以保存与分组相关联的信息，计数器信息和时间戳信息。

公开(公告)号：US07873833B2

公开(公告)日：2011-01-18

申请号：US11427696

申请日：2006-06-29

申请人： Sumeet Singh ,  John D. Huber ,  Flavio Bonomi

发明人： Sumeet Singh ,  John D. Huber ,  Flavio Bonomi

IPC分类号： H04L9/32 ,  G06F11/00

CPC分类号： H04L63/1416

摘要： A scalable method and apparatus that detects frequent and dispersed invariants is disclosed. More particularly, the application discloses a system that can simultaneously track frequency rates and dispersion criteria of unknown invariants. In other words, the application discloses an invariant detection system implemented in hardware (and/or software) that allows detection of invariants (e.g., byte sequences) that are highly prevalent (e.g., repeating with a high frequency) and dispersed (e.g., originating from many sources and destined to many destinations).

摘要翻译： 公开了一种检测频繁和分散的不变量的可扩展方法和装置。 更具体地说，本申请公开了一种可同时跟踪未知不变量的频率和色散标准的系统。 换句话说，该应用公开了一种在硬件（和/或软件）中实现的不变量检测系统，其允许检测高度普遍（例如，重复高频）和分散的不变量（例如，字节序列） 从许多来源，注定到许多目的地）。

公开(公告)号：US20110131655A1

公开(公告)日：2011-06-02

申请号：US12956725

申请日：2010-11-30

申请人： Sumeet Singh ,  John D. Huber ,  Flavio Bonomi

发明人： Sumeet Singh ,  John D. Huber ,  Flavio Bonomi

IPC分类号： G06F21/00 ,  G06F17/30

CPC分类号： H04L63/1416

摘要： A scalable method and apparatus that detects frequent and dispersed invariants is disclosed. More particularly, the application discloses a system that can simultaneously track frequency rates and dispersion criteria of unknown invariants. In other words, the application discloses an invariant detection system implemented in hardware (and/or software) that allows detection of invariants (e.g., byte sequences) that are highly prevalent (e.g., repeating with a high frequency) and dispersed (e.g., originating from many sources and destined to many destinations).

摘要翻译： 公开了一种检测频繁和分散的不变量的可扩展方法和装置。 更具体地说，本申请公开了一种可同时跟踪未知不变量的频率和色散标准的系统。 换句话说，该应用公开了一种在硬件（和/或软件）中实现的不变量检测系统，其允许检测高度普遍（例如，重复高频）和分散的不变量（例如，字节序列） 从许多来源，注定到许多目的地）。

公开(公告)号：US20080022106A1

公开(公告)日：2008-01-24

申请号：US11427696

申请日：2006-06-29

申请人： Sumeet Singh ,  John D. Huber ,  Flavio Bonomi

发明人： Sumeet Singh ,  John D. Huber ,  Flavio Bonomi

IPC分类号： H04L9/00

CPC分类号： H04L63/1416

摘要： A scalable method and apparatus that detects frequent and dispersed invariants is disclosed. More particularly, the application discloses a system that can simultaneously track frequency rates and dispersion criteria of unknown invariants. In other words, the application discloses an invariant detection system implemented in hardware (and/or software) that allows detection of invariants (e.g., byte sequences) that are highly prevalent (e.g., repeating with a high frequency) and dispersed (e.g., originating from many sources and destined to many destinations).

摘要翻译： 公开了一种检测频繁和分散的不变量的可扩展方法和装置。 更具体地说，本申请公开了一种可同时跟踪未知不变量的频率和色散标准的系统。 换句话说，该应用公开了一种在硬件（和/或软件）中实现的不变量检测系统，其允许检测高度普遍（例如，重复高频）和分散的不变量（例如，字节序列） 从许多来源，注定到许多目的地）。

公开(公告)号：US20060098652A1

公开(公告)日：2006-05-11

申请号：US11271310

申请日：2005-11-09

申请人： Sushil Singh ,  George Varghese ,  John Huber ,  Sumeet Singh

发明人： Sushil Singh ,  George Varghese ,  John Huber ,  Sumeet Singh

IPC分类号： H04L12/56

CPC分类号： H04L45/00 ,  H04L45/60 ,  H04L45/745 ,  H04L63/145 ,  H04L67/327

摘要： A method and apparatus is described for identifying content in a packet. The method may obtain data sample from the packet where the data sample is in a predetermined window at an initial offset point in the packet. For each offset point, a first stage of processing on the data sample may be performed to identify if the data sample corresponds to potentially relevant reference string. A more focused second stage of processing may then be carried out on the data sample to identify if the data sample corresponds to potentially relevant reference string. Thereafter, an even more focused third stage of processing may be carried out on the data sample to obtain a third stage result. If the data sample passes all three stages of processing, a predefined action is identified which is associated with a reference string corresponding to the data sample.

公开(公告)号：US08379639B2

公开(公告)日：2013-02-19

申请号：US12507169

申请日：2009-07-22

申请人： Debojyoti Dutta ,  Sumeet Singh ,  Pradeep Sudame ,  Sundar Rajan

发明人： Debojyoti Dutta ,  Sumeet Singh ,  Pradeep Sudame ,  Sundar Rajan

IPC分类号： H04L12/28

CPC分类号： H04L47/10 ,  H04L47/2483

摘要： Apparatuses, methods, and other embodiments associated with packet identification are described. One example apparatus includes a packet selection logic to identify packets associated with a data stream. The example apparatus may also include a set of packet classification logics. A packet classification logic may generate a signal as a function of whether an attribute associated with the packet matches an attribute associated with packets generated by a tested application.

摘要翻译： 描述了与分组识别相关联的装置，方法和其他实施例。 一个示例性装置包括用于识别与数据流相关联的分组的分组选择逻辑。 该示例设备还可以包括一组分组分类逻辑。 分组分类逻辑可以根据与分组相关联的属性与由测试应用生成的分组相关联的属性是否匹配来生成信号。

公开(公告)号：US08296842B2

公开(公告)日：2012-10-23

申请号：US11547944

申请日：2004-12-01

申请人： Sumeet Singh ,  George Varghese ,  Cristi Estan ,  Stefan Savage

发明人： Sumeet Singh ,  George Varghese ,  Cristi Estan ,  Stefan Savage

IPC分类号： H04L29/06

CPC分类号： H04L63/1416 ,  G06F21/55 ,  H04L9/002 ,  H04L9/3236 ,  H04L9/3247 ,  H04L2209/60 ,  H04L2463/141

摘要： Network worms or viruses are a growing threat to the security of public and private networks and the individual computers that make up those networks. A content sifting method if provided that automatically generates a precise signature for a worm or virus that can then be used to significantly reduce the propagation of the worm elsewhere in the network or eradicate the worm altogether. The content sifting method is complemented by a value sampling method that increases the throughput of network traffic that can be monitored. Together, the methods track the number of times invariant strings appear in packets and the network address dispersion of those packets including variant strings. When an invariant string reaches a particular threshold of appearances and address dispersion, the string is reported as a signature for suspected worm.

摘要翻译： 网络蠕虫或病毒对构成这些网络的公共和私有网络以及个别计算机的安全性日益增长。 如果提供的内容筛选方法自动生成针对蠕虫或病毒的精确签名，然后可以将蠕虫或病毒用于显着减少网络中其他地方的蠕虫传播或彻底消除蠕虫。 内容筛选方法补充了一种增加可监控网络流量吞吐量的值抽样方法。 这些方法一起跟踪数据包中出现不变字符串的次数以及包括变体字符串的数据包的网络地址色散。 当不变字符串达到特定的出现阈值和地址分散时，字符串将被报告为可疑蠕虫的签名。

公开(公告)号：US08218451B2

公开(公告)日：2012-07-10

申请号：US13019240

申请日：2011-02-01

申请人： Nicholas Duffield ,  Carsten Lund ,  Subhabrata Sen ,  Yin Zhang ,  Sumeet Singh

发明人： Nicholas Duffield ,  Carsten Lund ,  Subhabrata Sen ,  Yin Zhang ,  Sumeet Singh

IPC分类号： G06F11/30 ,  G06F12/00

CPC分类号： H04L63/1425 ,  H04L29/12801 ,  H04L61/6004 ,  H04L63/1441 ,  H04L63/1458 ,  Y10S707/99945 ,  Y10S707/99948

摘要： An efficient streaming method and apparatus for detecting hierarchical heavy hitters from massive data streams is disclosed. In one embodiment, the method enables near real time detection of anomaly behavior in networks.

摘要翻译： 公开了一种用于从海量数据流检测分层重击打者的有效的流传输方法和装置。 在一个实施例中，该方法能够近似实时地检测网络中的异常行为。