公开(公告)号：US09230213B2

公开(公告)日：2016-01-05

申请号：US13836545

申请日：2013-03-15

申请人： Enterasys Networks, Inc.

发明人： Michael Rash ,  Patrick Bosa ,  Richard Graham

IPC分类号： H04L12/26 ,  G06N5/02 ,  H04L29/06

CPC分类号： G06N5/02 ,  H04L43/026 ,  H04L43/04 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/20

摘要： A function is provided for effectively identifying computer applications running on a network. The function receives information related to frames of packets moving through the network. The information is compared to known information about computer applications. The known information is obtained from a plurality of mechanisms, including the option of obtaining it through custom mechanisms. The comparison information is scored for each of the plurality of mechanisms and those scores are combined to establish a single score indicative of the likely computer application associated with the received frames. One or more mathematical operations can be used to combine the scores. The mechanisms may be weighted for likely accuracy and the score that is established may include with it an indication of the level of confidence in that score. One or more of the plurality of mechanisms may be used to weight others of the types of mechanisms.

摘要翻译： 提供了有效识别在网络上运行的计算机应用程序的功能。 该功能接收与通过网络移动的数据包相关的信息。 将信息与有关计算机应用程序的已知信息进行比较。 从多种机制获得已知的信息，包括通过定制机制获得已知信息的选项。 对于多个机构中的每个机构对比较信息进行评分，并且将这些分数组合以建立指示与所接收的帧相关联的可能的计算机应用的单个分数。 可以使用一个或多个数学运算来组合分数。 可能对可能的准确性加权机制，并且确定的分数可以包括其中该得分的置信水平的指示。 可以使用多个机构中的一个或多个来加权机构类型中的其他机构。

公开(公告)号：US20140280211A1

公开(公告)日：2014-09-18

申请号：US13836195

申请日：2013-03-15

申请人： ENTERASYS NETWORKS, INC.

发明人： Michael Rash ,  Patrick Bosa ,  Richard Graham

IPC分类号： G06F17/30

CPC分类号： G06F17/30386 ,  G06F17/2785 ,  G06F17/30861

摘要： A function is provided for identifying computer applications running on a network. Information obtained from frames having content associated with computer applications is examined and compared to information stored on the network. The stored information is obtained from a plurality of mechanisms including computer application signatures. An application identification engine of the function compares examined content with the known application information and determines an indication of the likely computer application associated with the examined frames. The determination output may include a level of confidence in the accuracy of the determination. The function includes an application programming interface to allow the introduction into the engine of custom mechanisms for application identification. The different mechanisms may be weighted. The function may be provided in one or more devices of the network including a standalone appliance.

摘要翻译： 提供了一种用于识别在网络上运行的计算机应用程序的功能。 从具有与计算机应用相关联的内容的帧获得的信息被检查并与存储在网络上的信息进行比较。 所存储的信息从包括计算机应用签名的多种机制获得。 该功能的应用识别引擎将检查的内容与已知的应用信息进行比较，并确定与所检查的帧相关联的可能的计算机应用的指示。 确定输出可以包括对确定的准确性的置信度。 该功能包括一个应用程序编程界面，允许引入定制机制引擎以进行应用程序识别。 不同的机制可能被加权。 该功能可以在网络的一个或多个设备中提供，包括独立设备。

公开(公告)号：US09256636B2

公开(公告)日：2016-02-09

申请号：US13836195

申请日：2013-03-15

申请人： Enterasys Networks, Inc.

发明人： Michael Rash ,  Patrick Bosa ,  Richard Graham

IPC分类号： G06F17/30

CPC分类号： G06F17/30386 ,  G06F17/2785 ,  G06F17/30861

摘要： A function is provided for identifying computer applications running on a network. Information obtained from frames having content associated with computer applications is examined and compared to information stored on the network. The stored information is obtained from a plurality of mechanisms including computer application signatures. An application identification engine of the function compares examined content with the known application information and determines an indication of the likely computer application associated with the examined frames. The determination output may include a level of confidence in the accuracy of the determination. The function includes an application programming interface to allow the introduction into the engine of custom mechanisms for application identification. The different mechanisms may be weighted. The function may be provided in one or more devices of the network including a standalone appliance.

摘要翻译： 提供了一种用于识别在网络上运行的计算机应用程序的功能。 从具有与计算机应用相关联的内容的帧获得的信息被检查并与存储在网络上的信息进行比较。 所存储的信息从包括计算机应用签名的多种机制获得。 该功能的应用识别引擎将检查的内容与已知的应用信息进行比较，并确定与所检查的帧相关联的可能的计算机应用的指示。 确定输出可以包括对确定的准确性的置信度。 该功能包括一个应用程序编程界面，允许引入定制机制引擎以进行应用程序识别。 不同的机制可能被加权。 该功能可以在网络的一个或多个设备中提供，包括独立设备。

公开(公告)号：US20140279768A1

公开(公告)日：2014-09-18

申请号：US13836545

申请日：2013-03-15

申请人： ENTERASYS NETWORKS, INC.

发明人： Michael Rash ,  Patrick Bosa ,  Richard Graham

IPC分类号： G06N5/02

CPC分类号： G06N5/02 ,  H04L43/026 ,  H04L43/04 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/20

摘要： A function is provided for effectively identifying computer applications running on a network. The function receives information related to frames of packets moving through the network. The information is compared to known information about computer applications. The known information is obtained from a plurality of mechanisms, including the option of obtaining it through custom mechanisms. The comparison information is scored for each of the plurality of mechanisms and those scores are combined to establish a single score indicative of the likely computer application associated with the received frames. One or more mathematical operations can be used to combine the scores. The mechanisms may be weighted for likely accuracy and the score that is established may include with it an indication of the level of confidence in that score. One or more of the plurality of mechanisms may be used to weight others of the types of mechanisms.

摘要翻译： 提供了有效识别在网络上运行的计算机应用程序的功能。 该功能接收与通过网络移动的数据包相关的信息。 将信息与有关计算机应用程序的已知信息进行比较。 从多种机制获得已知的信息，包括通过定制机制获得已知信息的选项。 对于多个机构中的每个机构对比较信息进行评分，并且将这些分数组合以建立指示与所接收的帧相关联的可能的计算机应用的单个分数。 可以使用一个或多个数学运算来组合分数。 可能对可能的准确性加权机制，并且确定的分数可以包括其中该得分的置信水平的指示。 可以使用多个机构中的一个或多个来加权机构类型中的其他机构。