公开(公告)号：US09106680B2

公开(公告)日：2015-08-11

申请号：US13170163

申请日：2011-06-27

申请人： Dmitri Alperovitch ,  Zheng Bu ,  David Frederick Diehl ,  Sven Krasser

发明人： Dmitri Alperovitch ,  Zheng Bu ,  David Frederick Diehl ,  Sven Krasser

IPC分类号： G06F21/55 ,  H04L29/06

CPC分类号： H04L63/1408 ,  H04L63/0227 ,  H04L63/0236 ,  H04L63/0245 ,  H04L63/14 ,  H04L63/1416

摘要： A method is provided in one example embodiment that includes generating a fingerprint based on properties extracted from data packets received over a network connection and requesting a reputation value based on the fingerprint. A policy action may be taken on the network connection if the reputation value received indicates the fingerprint is associated with malicious activity. The method may additionally include displaying information about protocols based on protocol fingerprints, and more particularly, based on fingerprints of unrecognized protocols. In yet other embodiments, the reputation value may also be based on network addresses associated with the network connection.

摘要翻译： 在一个示例实施例中提供了一种方法，其包括基于通过网络连接接收的数据分组提取的属性生成指纹，并且基于指纹请求信誉值。 如果接收到的信誉值指示指纹与恶意活动相关联，则可以对网络连接进行策略动作。 该方法可以另外包括基于协议指纹显示关于协议的信息，更具体地，基于无法识别的协议的指纹。 在其他实施例中，信誉值也可以基于与网络连接相关联的网络地址。

公开(公告)号：US20120331556A1

公开(公告)日：2012-12-27

申请号：US13170163

申请日：2011-06-27

申请人： Dmitri Alperovitch ,  Zheng Bu ,  David Frederick Diehl ,  Sven Krasser

发明人： Dmitri Alperovitch ,  Zheng Bu ,  David Frederick Diehl ,  Sven Krasser

IPC分类号： G06F21/00

CPC分类号： H04L63/1408 ,  H04L63/0227 ,  H04L63/0236 ,  H04L63/0245 ,  H04L63/14 ,  H04L63/1416

摘要： A method is provided in one example embodiment that includes generating a fingerprint based on properties extracted from data packets received over a network connection and requesting a reputation value based on the fingerprint. A policy action may be taken on the network connection if the reputation value received indicates the fingerprint is associated with malicious activity. The method may additionally include displaying information about protocols based on protocol fingerprints, and more particularly, based on fingerprints of unrecognized protocols. In yet other embodiments, the reputation value may also be based on network addresses associated with the network connection.

摘要翻译： 在一个示例实施例中提供了一种方法，其包括基于通过网络连接接收的数据分组提取的属性生成指纹，并且基于指纹请求信誉值。 如果接收到的信誉值指示指纹与恶意活动相关联，则可以对网络连接进行策略动作。 该方法可以另外包括基于协议指纹显示关于协议的信息，更具体地，基于无法识别的协议的指纹。 在其他实施例中，信誉值也可以基于与网络连接相关联的网络地址。

公开(公告)号：US20120216271A1

公开(公告)日：2012-08-23

申请号：US13032851

申请日：2011-02-23

申请人： Geoffrey Howard Cooper ,  David Frederick Diehl ,  Vinay A. Mahadik ,  Ramnath Venugopalan

发明人： Geoffrey Howard Cooper ,  David Frederick Diehl ,  Vinay A. Mahadik ,  Ramnath Venugopalan

IPC分类号： G06F17/00 ,  G06F9/00 ,  G06F15/16

CPC分类号： H04L63/0245 ,  H04L47/125 ,  H04L63/0218 ,  H04L63/0254 ,  H04L63/029 ,  H04L63/102 ,  H04L63/20 ,  H04L67/146

摘要： A method is provided in one example embodiment and includes exchanging a session descriptor associated with a network connection and an application on a host, correlating the session descriptor with a network policy, and applying the network policy to the network connection. In alternative embodiments, the session descriptor may be exchanged through an out-of-band communication channel or an in-band communication channel.

摘要翻译： 在一个示例实施例中提供了一种方法，并且包括交换与主机上的网络连接和应用相关联的会话描述符，将会话描述符与网络策略相关联，以及将网络策略应用于网络连接。 在替代实施例中，可以通过带外通信信道或带内通信信道来交换会话描述符。

公开(公告)号：US08931043B2

公开(公告)日：2015-01-06

申请号：US13443865

申请日：2012-04-10

申请人： Geoffrey Howard Cooper ,  David Frederick Diehl ,  Michael W. Green ,  Robert Ma

发明人： Geoffrey Howard Cooper ,  David Frederick Diehl ,  Michael W. Green ,  Robert Ma

IPC分类号： G06F21/00 ,  G06F15/16

CPC分类号： H04L63/20 ,  G06F21/552 ,  G06F21/566 ,  G06F21/577 ,  H04L63/10 ,  H04L63/1408 ,  H04L63/1441

摘要： A method in an example embodiment includes correlating a first set of event data from a private network and determining a local reputation score of a host in the private network based on correlating the first set of event data. The method further includes providing the local reputation score of the host to a security node, which applies a policy, based on the local reputation score of the host, to a network communication associated with the host. In specific embodiments, the local reputation score of the host is mapped to a network address of the host. In further embodiments, the first set of event data includes one or more event indicators representing one or more events, respectively, in the private network. In more specific embodiments, the method includes determining a local reputation score of a user and providing the local reputation score of the user to the security node.

摘要翻译： 一个示例性实施例中的方法包括：将来自专用网络的第一组事件数据相关联，并且基于将第一组事件数据相关联来确定专用网络中的主机的本地信誉评分。 该方法还包括将主机的本地信誉评分提供给安全节点，安全节点将基于主机的本地信誉得分的策略应用于与主机相关联的网络通信。 在具体实施例中，主机的本地信誉得分映射到主机的网络地址。 在另外的实施例中，第一组事件数据包括分别表示专用网络中的一个或多个事件的一个或多个事件指示符。 在更具体的实施例中，该方法包括确定用户的本地信誉得分并将用户的本地信誉评分提供给安全节点。

公开(公告)号：US20140250492A1

公开(公告)日：2014-09-04

申请号：US14277954

申请日：2014-05-15

申请人： Geoffrey Howard Cooper ,  David Frederick Diehl ,  Robert Ma

发明人： Geoffrey Howard Cooper ,  David Frederick Diehl ,  Robert Ma

IPC分类号： H04L29/06

CPC分类号： H04L63/20 ,  H04L63/0245 ,  H04L63/029

摘要： A method is described in example embodiments below that include receiving a content tag associated with transferring a file over a network connection. A session descriptor may also be received. The session descriptor and the content tag may be correlated with a network policy, which may be applied to the network connection. In some embodiments, the content tag may be received with the session descriptor. The file may be tainted by another file in some embodiments, and the content tag may be associated with other file.

摘要翻译： 在下面的示例实施例中描述了一种方法，其包括接收通过网络连接传送文件相关联的内容标签。 还可以接收会话描述符。 会话描述符和内容标签可以与可以应用于网络连接的网络策略相关联。 在一些实施例中，内容标签可以用会话描述符来接收。 在一些实施例中该文件可能被另一个文件污染，并且内容标签可以与其他文件相关联。

公开(公告)号：US20130268994A1

公开(公告)日：2013-10-10

申请号：US13443865

申请日：2012-04-10

申请人： Geoffrey Howard Cooper ,  David Frederick Diehl ,  Michael W. Green ,  Robert Ma

发明人： Geoffrey Howard Cooper ,  David Frederick Diehl ,  Michael W. Green ,  Robert Ma

IPC分类号： G06F21/00 ,  G06F15/16

CPC分类号： H04L63/20 ,  G06F21/552 ,  G06F21/566 ,  G06F21/577 ,  H04L63/10 ,  H04L63/1408 ,  H04L63/1441

摘要： A method in an example embodiment includes correlating a first set of event data from a private network and determining a local reputation score of a host in the private network based on correlating the first set of event data. The method further includes providing the local reputation score of the host to a security node, which applies a policy, based on the local reputation score of the host, to a network communication associated with the host. In specific embodiments, the local reputation score of the host is mapped to a network address of the host. In further embodiments, the first set of event data includes one or more event indicators representing one or more events, respectively, in the private network. In more specific embodiments, the method includes determining a local reputation score of a user and providing the local reputation score of the user to the security node.

公开(公告)号：US09112830B2

公开(公告)日：2015-08-18

申请号：US13032851

申请日：2011-02-23

申请人： Geoffrey Howard Cooper ,  David Frederick Diehl ,  Vinay A. Mahadik ,  Ramnath Venugopalan

发明人： Geoffrey Howard Cooper ,  David Frederick Diehl ,  Vinay A. Mahadik ,  Ramnath Venugopalan

IPC分类号： H04L29/06

CPC分类号： H04L63/0245 ,  H04L47/125 ,  H04L63/0218 ,  H04L63/0254 ,  H04L63/029 ,  H04L63/102 ,  H04L63/20 ,  H04L67/146

摘要： A method is provided in one example embodiment and includes exchanging a session descriptor associated with a network connection and an application on a host, correlating the session descriptor with a network policy, and applying the network policy to the network connection. In alternative embodiments, the session descriptor may be exchanged through an out-of-band communication channel or an in-band communication channel.

摘要翻译： 在一个示例实施例中提供了一种方法，并且包括交换与主机上的网络连接和应用相关联的会话描述符，将会话描述符与网络策略相关联，以及将网络策略应用于网络连接。 在替代实施例中，可以通过带外通信信道或带内通信信道来交换会话描述符。

公开(公告)号：US09049171B2

公开(公告)日：2015-06-02

申请号：US13032851

申请日：2011-02-23

申请人： Geoffrey Howard Cooper ,  David Frederick Diehl ,  Vinay A. Mahadik ,  Ramnath Venugopalan

发明人： Geoffrey Howard Cooper ,  David Frederick Diehl ,  Vinay A. Mahadik ,  Ramnath Venugopalan

IPC分类号： H04L29/06

摘要： A method is provided in one example embodiment and includes exchanging a session descriptor associated with a network connection and an application on a host, correlating the session descriptor with a network policy, and applying the network policy to the network connection. In alternative embodiments, the session descriptor may be exchanged through an out-of-band communication channel or an in-band communication channel.

公开(公告)号：US08739272B1

公开(公告)日：2014-05-27

申请号：US13437900

申请日：2012-04-02

申请人： Geoffrey Howard Cooper ,  David Frederick Diehl ,  Robert Ma

发明人： Geoffrey Howard Cooper ,  David Frederick Diehl ,  Robert Ma

IPC分类号： H04L29/06

CPC分类号： H04L63/20 ,  H04L63/0245 ,  H04L63/029

摘要： A method is described in example embodiments below that include receiving a content tag associated with transferring a file over a network connection. A session descriptor may also be received. The session descriptor and the content tag may be correlated with a network policy, which may be applied to the network connection. In some embodiments, the content tag may be received with the session descriptor. The file may be tainted by another file in some embodiments, and the content tag may be associated with other file.

摘要翻译： 在下面的示例实施例中描述了一种方法，其包括接收通过网络连接传送文件相关联的内容标签。 还可以接收会话描述符。 会话描述符和内容标签可以与可以应用于网络连接的网络策略相关联。 在一些实施例中，内容标签可以用会话描述符来接收。 在一些实施例中该文件可能被另一个文件污染，并且内容标签可以与其他文件相关联。