公开(公告)号：US20150156130A1

公开(公告)日：2015-06-04

申请号：US14560295

申请日：2014-12-04

Applicant: DB Networks, Inc.

Inventor： Eric Varsanyi

IPC: H04L12/863

CPC classification number: H04L47/323

Abstract: Ordering partial network traffic. In an embodiment, data packets are received from a network tap and separated into two queues. For each queue, a push-sequence is maintained to represent a sequence number that must be pushed in order to maintain a consecutive order. When both push-sequences are equal to the sequence number of their first packets, if the acknowledgement number of the first packet on one queue is greater than the push-sequence for the other queue and less than or equal to the push-sequence of the one queue, data is pushed off the other queue. Otherwise, a queue having the earlier timestamp is identified as a first queue, the existence of a next acknowledgement number is determined for the second (other) queue, and data is pushed off the first queue according to the existence of the next acknowledgement number. Gap packets may be generated to force progress.

Abstract translation: 订购部分网络流量。 在一个实施例中，从网络抽头接收数据分组并将其分成两个队列。 对于每个队列，维护一个推送序列来表示一个序列号，该序列号必须被推送才能保持连续的顺序。 当两个推送序列等于其第一个分组的序列号时，如果一个队列上的第一个分组的确认编号大于另一个队列的推送序列，并且小于或等于 一个队列，数据被推离另一个队列。 否则，将具有较早时间戳的队列识别为第一队列，则确定第二（其他）队列的下一个确认号码的存在，并且根据下一个确认号码的存在将数据从第一队列推出。 可能会产生间隙数据包以强制进行。

公开(公告)号：US20140201838A1

公开(公告)日：2014-07-17

申请号：US14151597

申请日：2014-01-09

Applicant: DB Networks, Inc.

Inventor： Eric Varsanyi ,  David Rosenberg ,  Chuck Paterson ,  Steve Schnetzler ,  Brett Helm ,  Timothy Ruddick ,  Steven Hunt

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  G06F21/552

Abstract: Systems, methods, and computer-readable media for detecting threats on a network. In an embodiment, target network traffic being transmitted between two or more hosts is captured. The target network traffic comprises a plurality of packets, which are assembled into one or more messages. The assembled message(s) may be parsed to generate a semantic model of the target network traffic. The semantic model may comprise representation(s) of operation(s) or event(s) represented by the message(s). Score(s) for the operation(s) or event(s) may be generated using a plurality of scoring algorithms, and potential threats among the operation(s) or event(s) may be identified using the score(s).

Abstract translation: 用于检测网络上的威胁的系统，方法和计算机可读介质。 在一个实施例中，捕获在两个或更多个主机之间传输的目标网络流量。 目标网络业务包括被组合成一个或多个消息的多个分组。 组合的消息可以被解析以生成目标网络业务的语义模型。 语义模型可以包括由消息表示的操作或事件的表示。 可以使用多个评分算法来生成操作或事件的分数，并且可以使用评分识别操作或事件中的潜在威胁。

公开(公告)号：US09525642B2

公开(公告)日：2016-12-20

申请号：US14560295

申请日：2014-12-04

Applicant: DB Networks, Inc.

Inventor： Eric Varsanyi

IPC: H04L12/56 ,  H04L12/823

CPC classification number: H04L47/323

Abstract: Ordering partial network traffic. In an embodiment, data packets are received from a network tap and separated into two queues. For each queue, a push-sequence is maintained to represent a sequence number that must be pushed in order to maintain a consecutive order. When both push-sequences are equal to the sequence number of their first packets, if the acknowledgement number of the first packet on one queue is greater than the push-sequence for the other queue and less than or equal to the push-sequence of the one queue, data is pushed off the other queue. Otherwise, a queue having the earlier timestamp is identified as a first queue, the existence of a next acknowledgement number is determined for the second (other) queue, and data is pushed off the first queue according to the existence of the next acknowledgement number. Gap packets may be generated to force progress.

Abstract translation: 订购部分网络流量。 在一个实施例中，从网络抽头接收数据分组并将其分成两个队列。 对于每个队列，维护一个推送序列来表示一个序列号，该序列号必须被推送才能保持连续的顺序。 当两个推送序列等于其第一个分组的序列号时，如果一个队列上的第一个分组的确认编号大于另一个队列的推送序列，并且小于或等于 一个队列，数据被推离另一个队列。 否则，将具有较早时间戳的队列识别为第一队列，则确定第二（其他）队列的下一个确认号码的存在，并且根据下一个确认号码的存在将数据从第一队列推出。 可能会产生间隙数据包以强制进行。

公开(公告)号：US20130194949A1

公开(公告)日：2013-08-01

申请号：US13750579

申请日：2013-01-25

Applicant: DB NETWORKS, INC.

Inventor： Timothy W. Ruddick ,  Eric Varsanyi ,  Charles A. Paterson ,  David A. Rosenberg

IPC: H04L12/26

CPC classification number: H04L43/065 ,  H04L43/028 ,  H04L43/12

Abstract: Systems and methods for generating a semantic description of operations between network agents. In an embodiment, packet-level traffic between two or more network agents is captured. The packet-level traffic is bundled into one or more messages, wherein each message comprises one or more elements. For each of the messages, the elements of the message are matched to one or more attributes, and the message is decoded into message data based on the matched attributes. The message data is then used to generate a semantic description of operations between the network agents.

公开(公告)号：US09185125B2

公开(公告)日：2015-11-10

申请号：US14151597

申请日：2014-01-09

Applicant: DB Networks, Inc.

Inventor： Eric Varsanyi ,  David Rosenberg ,  Chuck Paterson ,  Steve Schnetzler ,  Timothy Ruddick

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  G06F21/552

Abstract: Systems, methods, and computer-readable media for detecting threats on a network. In an embodiment, target network traffic being transmitted between two or more hosts is captured. The target network traffic comprises a plurality of packets, which are assembled into one or more messages. The assembled message(s) may be parsed to generate a semantic model of the target network traffic. The semantic model may comprise representation(s) of operation(s) or event(s) represented by the message(s). Score(s) for the operation(s) or event(s) may be generated using a plurality of scoring algorithms, and potential threats among the operation(s) or event(s) may be identified using the score(s).

Abstract translation: 用于检测网络上的威胁的系统，方法和计算机可读介质。 在一个实施例中，捕获在两个或更多个主机之间传输的目标网络流量。 目标网络业务包括被组合成一个或多个消息的多个分组。 组合的消息可以被解析以生成目标网络业务的语义模型。 语义模型可以包括由消息表示的操作或事件的表示。 可以使用多个评分算法来生成操作或事件的分数，并且可以使用评分识别操作或事件中的潜在威胁。

公开(公告)号：US20150304184A1

公开(公告)日：2015-10-22

申请号：US14755480

申请日：2015-06-30

Applicant: DB Networks, Inc.

Inventor： Timothy W. Ruddick ,  Eric Varsanyi ,  Charles A. Paterson ,  David A. Rosenberg

IPC: H04L12/26

CPC classification number: H04L43/065 ,  H04L43/028 ,  H04L43/12

Abstract: Systems and methods for generating a semantic description of operations between network agents. In an embodiment, packet-level traffic between two or more network agents is captured. The packet-level traffic is bundled into one or more messages, wherein each message comprises one or more elements. For each of the messages, the elements of the message are matched to one or more attributes, and the message is decoded into message data based on the matched attributes. The message data is then used to generate a semantic description of operations between the network agents.

Abstract translation: 用于生成网络代理之间操作的语义描述的系统和方法。 在一个实施例中，捕获两个或更多个网络代理之间的分组级业务。 分组级业务被捆绑成一个或多个消息，其中每个消息包括一个或多个元素。 对于每个消息，消息的元素与一个或多个属性匹配，并且基于匹配的属性将消息解码成消息数据。 然后，消息数据用于生成网络代理之间的操作的语义描述。

公开(公告)号：US09100291B2

公开(公告)日：2015-08-04

申请号：US13750579

申请日：2013-01-25

Applicant: DB Networks, Inc.

Inventor： Timothy W. Ruddick ,  Eric Varsanyi ,  Charles A. Paterson ,  David A. Rosenberg

IPC: H04L12/26

CPC classification number: H04L43/065 ,  H04L43/028 ,  H04L43/12

Abstract: Systems and methods for generating a semantic description of operations between network agents. In an embodiment, packet-level traffic between two or more network agents is captured. The packet-level traffic is bundled into one or more messages, wherein each message comprises one or more elements. For each of the messages, the elements of the message are matched to one or more attributes, and the message is decoded into message data based on the matched attributes. The message data is then used to generate a semantic description of operations between the network agents.

Abstract translation: 用于生成网络代理之间操作的语义描述的系统和方法。 在一个实施例中，捕获两个或更多个网络代理之间的分组级业务。 分组级业务被捆绑成一个或多个消息，其中每个消息包括一个或多个元素。 对于每个消息，消息的元素与一个或多个属性匹配，并且基于匹配的属性将消息解码成消息数据。 然后，消息数据用于生成网络代理之间的操作的语义描述。