公开(公告)号：US08438643B2

公开(公告)日：2013-05-07

申请号：US11366101

申请日：2006-03-02

申请人： Douglas Wiemer ,  Christophe Gustave ,  Stanley TaiHai Chow ,  Bradley Kenneth McFarlane

发明人： Douglas Wiemer ,  Christophe Gustave ,  Stanley TaiHai Chow ,  Bradley Kenneth McFarlane

IPC分类号： G06F21/00

CPC分类号： H04L63/1433 ,  G06F21/577

摘要： Information system service-level security risk analysis systems, methods, and Graphical User Interfaces are disclosed. Assets of an information system that have relationships with a service provided by the information system are identified, and at least one security risk to the service is determined by analyzing security vulnerabilities associated with the identified assets. A consolidated representation of the service is provided, and includes an indication of the determined security risk(s) and an indication of a relationship between the service and at least one of the identified assets. The security risk indication may include indications of multiple security parameters. Security risks may be represented differently depending on whether they arise from a security vulnerability of an asset that has a relationship with the service or a security vulnerability of an asset that has a relationship with the service only through a relationship with an asset that has a relationship with the service.

摘要翻译： 公开了信息系统服务级安全风险分析系统，方法和图形用户界面。 识别与由信息系统提供的服务有关系的信息系统的资产，并且通过分析与所识别的资产相关联的安全漏洞来确定对服务的至少一个安全风险。 提供了该服务的综合表示，并且包括确定的安全风险的指示以及该服务与至少一个所识别的资产之间的关系的指示。 安全风险指示可以包括多个安全参数的指示。 安全风险可能会有所不同，具体取决于它们是否来自与服务关系的资产的安全漏洞或与服务关系的资产的安全漏洞，只能通过与具有关系的资产的关系 与服务。

公开(公告)号：US08020207B2

公开(公告)日：2011-09-13

申请号：US11656434

申请日：2007-01-23

申请人： Stanley TaiHai Chow ,  Jean-Marc Robert ,  Kevin McNamee ,  Douglas Wiemer ,  Bradley Kenneth McFarlane

发明人： Stanley TaiHai Chow ,  Jean-Marc Robert ,  Kevin McNamee ,  Douglas Wiemer ,  Bradley Kenneth McFarlane

IPC分类号： G06F12/14

CPC分类号： H04L63/1416 ,  H04L63/1458

摘要： A malware detection and response system based on traffic pattern anomalies detection is provided, whereby packets associated with a variety of protocols on each port of a network element are counted distinctly for each direction. Such packets include: ARP requests, TCP/SYN requests and acknowledgements, TCP/RST packets, DNS/NETBEUI name lookups, out-going ICMP packets, UDP packets, etc. When a packet causes an individual count or combination of counts to exceed a threshold, appropriate action is taken. The system can be incorporated into the fast path, that is, the data plane, enabling communications systems such as switches, routers, and DSLAMs to have built-in security at a very low cost.

摘要翻译： 提供了一种基于流量模式异常检测的恶意软件检测和响应系统，从而针对每个方向对网元的每个端口上的各种协议相关的数据包进行了明确的计数。 这样的数据包包括：ARP请求，TCP / SYN请求和确认，TCP / RST数据包，DNS / NETBEUI名称查找，外出ICMP数据包，UDP数据包等。当数据包导致个人计数或计数组合超过 阈值，采取适当的行动。 该系统可以并入快速路径，即数据平面，使诸如交换机，路由器和DSLAM之类的通信系统以非常低的成本具有内置的安全性。

公开(公告)号：US20110197278A1

公开(公告)日：2011-08-11

申请号：US11656434

申请日：2007-01-23

申请人： Stanley TaiHai Chow ,  Jean-Marc Robert ,  Kevin McNamee ,  Douglas Wiemer ,  Bradley Kenneth McFarlane

发明人： Stanley TaiHai Chow ,  Jean-Marc Robert ,  Kevin McNamee ,  Douglas Wiemer ,  Bradley Kenneth McFarlane

IPC分类号： G06F21/20

CPC分类号： H04L63/1416 ,  H04L63/1458

摘要： A malware detection and response system based on traffic pattern anomalies detection is provided, whereby packets associated with a variety of protocols on each port of a network element are counted distinctly for each direction. Such packets include: ARP requests, TCP/SYN requests and acknowledgements, TCP/RST packets, DNS/NETBEUI name lookups, out-going ICMP packets, UDP packets, etc. When a packet causes an individual count or combination of counts to exceed a threshold, appropriate action is taken. The system can be incorporated into the fast path, that is, the data plane, enabling communications systems such as switches, routers, and DSLAMs to have built-in security at a very low cost.

摘要翻译： 提供了一种基于流量模式异常检测的恶意软件检测和响应系统，从而针对每个方向对网元的每个端口上的各种协议相关的数据包进行了明确的计数。 这样的数据包包括：ARP请求，TCP / SYN请求和确认，TCP / RST数据包，DNS / NETBEUI名称查找，外出ICMP数据包，UDP数据包等。当数据包导致个人计数或计数组合超过 阈值，采取适当的行动。 该系统可以并入快速路径，即数据平面，使诸如交换机，路由器和DSLAM之类的通信系统以非常低的成本具有内置的安全性。

公开(公告)号：US08095984B2

公开(公告)日：2012-01-10

申请号：US11366100

申请日：2006-03-02

申请人： Bradley Kenneth McFarlane ,  Douglas Wiemer ,  Kevin McNamee

发明人： Bradley Kenneth McFarlane ,  Douglas Wiemer ,  Kevin McNamee

IPC分类号： G06F12/16 ,  G06F11/00 ,  G06F15/173 ,  H04L29/06 ,  H04K1/00

CPC分类号： H04L63/1433 ,  G06F21/577

摘要： Systems and methods of associating security vulnerabilities and assets, and related Graphical User Interfaces (GUIs) and data structures, are disclosed. A definition of a security vulnerability, which includes multiple asset characteristics such as an asset platform that may be exploited via the security vulnerability and an asset platform that is affected when the exploited asset platform is exploited via the security vulnerability, is compared with definitions of one or more assets of an information system. An association between the security vulnerability and an asset is made if the definition of the asset includes a first asset characteristic of the security vulnerability definition and either the definition of the asset or the definition of another asset that has a relationship with the asset includes a second asset characteristic of the security vulnerability definition. The security vulnerability definition may also identify an asset platform that protects against the vulnerability.

摘要翻译： 披露了关联安全漏洞和资产的系统和方法以及相关的图形用户界面（GUI）和数据结构。 一个安全漏洞的定义，包括多个资产特征，例如可能通过安全漏洞利用的资产平台，以及受影响资产平台利用安全漏洞影响的资产平台，与一个定义相比较 或更多的信息系统资产。 如果资产的定义包括安全漏洞定义的特征的第一资产，资产的定义或与该资产关系的另一资产的定义包括第二种资产，就会产生安全漏洞与资产之间的关联 资产特征的安全漏洞定义。 安全漏洞定义还可以标识防范漏洞的资产平台。