公开(公告)号：US09106689B2

公开(公告)日：2015-08-11

申请号：US13102899

申请日：2011-05-06

申请人： Eric Steinbrecher ,  Jeremy Impson ,  Bruce Barnett ,  Scott Charles Evans ,  Bernhard Scholz ,  Weizhong Yan ,  Thomas Markham ,  Stephen J. Dill

发明人： Eric Steinbrecher ,  Jeremy Impson ,  Bruce Barnett ,  Scott Charles Evans ,  Bernhard Scholz ,  Weizhong Yan ,  Thomas Markham ,  Stephen J. Dill

IPC分类号： H04L29/06 ,  G06F21/55

CPC分类号： H04L63/1425 ,  G06F21/552 ,  G06F21/554 ,  H04L63/14 ,  H04L63/1408

摘要： An intrusion detection method, system and computer-readable media are disclosed. The system can include a processor programmed to perform computer network intrusion detection. The intrusion detection can include an identification module and a detection module. The identification module can be adapted to perform semi-supervised machine learning to identify key components of a network attack and develop MDL models representing those attack components. The detection module can cluster the MDL models and use the clustered MDL models to classify network activity and detect polymorphic or zero-day attacks.

摘要翻译： 公开了入侵检测方法，系统和计算机可读介质。 该系统可以包括被编程为执行计算机网络入侵检测的处理器。 入侵检测可以包括识别模块和检测模块。 识别模块可以适用于执行半监督机器学习，以识别网络攻击的关键组件，并开发代表这些攻击组件的MDL模型。 检测模块可以集中MDL模型，并使用群集MDL模型对网络活动进行分类，并检测多态或零日攻击。

公开(公告)号：US20120284793A1

公开(公告)日：2012-11-08

申请号：US13102899

申请日：2011-05-06

申请人： Eric Steinbrecher ,  Jeremy Impson ,  Bruce Barnett ,  Scott Charles Evans ,  Bernhard Scholz ,  Weizhong Yang ,  Thomas Markham ,  Stephen J. Dill

发明人： Eric Steinbrecher ,  Jeremy Impson ,  Bruce Barnett ,  Scott Charles Evans ,  Bernhard Scholz ,  Weizhong Yang ,  Thomas Markham ,  Stephen J. Dill

IPC分类号： G06F21/00 ,  G06F11/30 ,  G06F15/16

CPC分类号： H04L63/1425 ,  G06F21/552 ,  G06F21/554 ,  H04L63/14 ,  H04L63/1408

摘要： An intrusion detection method, system and computer-readable media are disclosed. The system can include a processor programmed to perform computer network intrusion detection. The intrusion detection can include an identification module and a detection module. The identification module can be adapted to perform semi-supervised machine learning to identify key components of a network attack and develop MDL models representing those attack components. The detection module can cluster the MDL models and use the clustered MDL models to classify network activity and detect polymorphic or zero-day attacks.

摘要翻译： 公开了入侵检测方法，系统和计算机可读介质。 该系统可以包括被编程为执行计算机网络入侵检测的处理器。 入侵检测可以包括识别模块和检测模块。 识别模块可以适用于执行半监督机器学习，以识别网络攻击的关键组件，并开发代表这些攻击组件的MDL模型。 检测模块可以集中MDL模型，并使用群集MDL模型对网络活动进行分类，并检测多态或零日攻击。

公开(公告)号：US08245301B2

公开(公告)日：2012-08-14

申请号：US12560297

申请日：2009-09-15

申请人： Scott Charles Evans ,  Thomas Markham ,  Richard Bejtlich ,  Jeremy Impson ,  Eric Steinbrecher

发明人： Scott Charles Evans ,  Thomas Markham ,  Richard Bejtlich ,  Jeremy Impson ,  Eric Steinbrecher

IPC分类号： G06F21/00

CPC分类号： H04L63/1416 ,  G06F21/552 ,  H04L43/045

摘要： A network activity visualization system can include a minimum description length (MDL) based network intrusion detection system having an MDL grammar database adapted to store a plurality of MDL grammars, and a pattern matching module adapted to match a received network activity data set against the MDL grammars by calculating a distance of the network activity data set from each MDL grammar. The system can also include an intelligent icon module coupled to the MDL-based intrusion detection system and adapted to receive the MDL grammars and distances of a network data set from each respective MDL grammar, and adapted to generate intelligent icons based on the MDL grammars and distances. The system can further include a display system adapted to display the intelligent icons so as to provide a visual indication of network security.

摘要翻译： 网络活动可视化系统可以包括具有适于存储多个MDL语法的MDL语法数据库的基于最小描述长度（MDL）的网络入侵检测系统，以及适于将接收到的网络活动数据集与MDL匹配的模式匹配模块 通过从每个MDL语法计算网络活动数据集的距离来实现语法。 该系统还可以包括耦合到基于MDL的入侵检测系统并适于从每个相应的MDL语法接收MDL语法和网络数据集的距离的智能图标模块，并适于基于MDL语法生成智能图标， 距离 该系统还可以包括适于显示智能图标的显示系统，以提供网络安全性的可视指示。

公开(公告)号：US20110067106A1

公开(公告)日：2011-03-17

申请号：US12560297

申请日：2009-09-15

申请人： Scott Charles Evans ,  Thomas Markham ,  Richard Bejtlich ,  Jeremy Impson ,  Eric Steinbrecher

发明人： Scott Charles Evans ,  Thomas Markham ,  Richard Bejtlich ,  Jeremy Impson ,  Eric Steinbrecher

IPC分类号： G06F15/173 ,  G06T11/20 ,  G06F21/00 ,  G06F3/048

CPC分类号： H04L63/1416 ,  G06F21/552 ,  H04L43/045

摘要： A network activity visualization system can include a minimum description length (MDL) based network intrusion detection system having an MDL grammar database adapted to store a plurality of MDL grammars, and a pattern matching module adapted to match a received network activity data set against the MDL grammars by calculating a distance of the network activity data set from each MDL grammar. The system can also include an intelligent icon module coupled to the MDL-based intrusion detection system and adapted to receive the MDL grammars and distances of a network data set from each respective MDL grammar, and adapted to generate intelligent icons based on the MDL grammars and distances. The system can further include a display system adapted to display the intelligent icons so as to provide a visual indication of network security.

摘要翻译： 网络活动可视化系统可以包括具有适于存储多个MDL语法的MDL语法数据库的基于最小描述长度（MDL）的网络入侵检测系统，以及适于将接收到的网络活动数据集与MDL匹配的模式匹配模块 通过从每个MDL语法计算网络活动数据集的距离来实现语法。 该系统还可以包括耦合到基于MDL的入侵检测系统并适于从每个相应的MDL语法接收MDL语法和网络数据集的距离的智能图标模块，并适于基于MDL语法生成智能图标， 距离 该系统还可以包括适于显示智能图标的显示系统，以提供网络安全性的可视指示。

公开(公告)号：US07778265B2

公开(公告)日：2010-08-17

申请号：US12132994

申请日：2008-06-04

申请人： Scott Charles Evans ,  Ping Liu ,  Thomas Markham ,  Ishan Prabhath Weerakoon ,  Sergei Dolinsky

发明人： Scott Charles Evans ,  Ping Liu ,  Thomas Markham ,  Ishan Prabhath Weerakoon ,  Sergei Dolinsky

IPC分类号： H04L12/56

CPC分类号： H04L47/6255 ,  H04L47/56 ,  H04L47/623

摘要： A method (300) and apparatus (200) for local adaptive provisioning at a node is disclosed. The method may include determining (320) a per packet latency for a class of packet network traffic in a queue of a plurality of queues for a plurality of classes of packet network traffic at a node, establishing (330) a reward function for the class of packet network traffic based on a packet latency limit, based on the per packet latency, and based on a source rate for the class of packet network traffic, and adjusting (340) provisioning of a queue at the node based on the reward function.

摘要翻译： 公开了一种在节点处进行本地自适应提供的方法（300）和装置（200）。 该方法可以包括为节点处的多个分组网络业务类别的多个队列的队列中确定（320）分组网络业务类别的每个分组等待时间，建立（330）该类别的奖励功能 基于每个分组延迟，并且基于分组网络业务类别的源速率，基于分组等待时间限制的分组网络流量，以及基于所述奖励功能来调整（340）所述节点处的队列的配置。

公开(公告)号：US08572678B2

公开(公告)日：2013-10-29

申请号：US13336737

申请日：2011-12-23

申请人： Bruce Barnett ,  Scott Evans ,  Robert James Mitchell, Jr. ,  Thomas Markham ,  Stephen Dill ,  Vincent Hannon ,  John Patrick Elliott ,  Andrew Crapo

发明人： Bruce Barnett ,  Scott Evans ,  Robert James Mitchell, Jr. ,  Thomas Markham ,  Stephen Dill ,  Vincent Hannon ,  John Patrick Elliott ,  Andrew Crapo

IPC分类号： G06F21/00

CPC分类号： G06F21/6218 ,  G06F21/604

摘要： A system and method are provided that distill an organization's information security plan into a detailed and unambiguous security object model. The developed security object model provides a visualization of complex relationships between individual elements and levels that is usable to carry into effect the organization's information security plan. Configuration control and a verifiable level of security compliance are provided through implementation of the organization's information security plan by the developed security object model. The developed security object model is hosted on a computing platform in communication with at least the organization's network to provide information security plan compliance, configuration control and gap analysis in a usable form to the organization.

摘要翻译： 提供了一种系统和方法，将组织的信息安全计划分解成一个详细而明确的安全对象模型。 开发的安全对象模型提供了可用于实现组织信息安全计划的各个元素和级别之间的复杂关系的可视化。 通过开发的安全对象模型，通过实施组织的信息安全计划来提供配置控制和可验证的安全合规级别。 开发的安全对象模型托管在至少与组织网络通信的计算平台上，以可用形式向组织提供信息安全计划合规性，配置控制和差距分析。

公开(公告)号：US20130167191A1

公开(公告)日：2013-06-27

申请号：US13336737

申请日：2011-12-23

申请人： Bruce Barnett ,  Scott Evans ,  Robert James Mitchell, JR. ,  Thomas Markham ,  Stephen Dill ,  Vincent Hannon ,  John Patrick Elliott ,  Andrew Crapo

发明人： Bruce Barnett ,  Scott Evans ,  Robert James Mitchell, JR. ,  Thomas Markham ,  Stephen Dill ,  Vincent Hannon ,  John Patrick Elliott ,  Andrew Crapo

IPC分类号： G06F21/00

CPC分类号： G06F21/6218 ,  G06F21/604

摘要： A system and method are provided that distill an organization's information security plan into a detailed and unambiguous security object model. The developed security object model provides a visualization of complex relationships between individual elements and levels that is usable to carry into effect the organization's information security plan. Configuration control and a verifiable level of security compliance are provided through implementation of the organization's information security plan by the developed security object model. The developed security object model is hosted on a computing platform in communication with at least the organization's network to provide information security plan compliance, configuration control and gap analysis in a usable form to the organization.

摘要翻译： 提供了一种系统和方法，将组织的信息安全计划分解成一个详细而明确的安全对象模型。 开发的安全对象模型提供了可用于实现组织信息安全计划的各个元素和级别之间的复杂关系的可视化。 通过开发的安全对象模型，通过实施组织的信息安全计划来提供配置控制和可验证的安全合规级别。 开发的安全对象模型托管在至少与组织网络通信的计算平台上，以可用形式向组织提供信息安全计划合规性，配置控制和差距分析。

公开(公告)号：US20050268111A1

公开(公告)日：2005-12-01

申请号：US10846388

申请日：2004-05-13

申请人： Thomas Markham

发明人： Thomas Markham

IPC分类号： G06F21/00 ,  G07C9/00 ,  H04K1/00 ,  H04Q7/20

CPC分类号： G07C9/00087 ,  G06F21/35 ,  G07C9/00563 ,  G07C2009/00095 ,  G07C2009/00928

摘要： An authenticating portable electronic device such as a cellular phone having radio frequency transmission capability, battery power and a keypad. The device further includes a fingerprint reader proximate the keypad of the device for authenticating the user of the device, as well as a transreceiver in the device for communicating authentication signals with a remote location to verify the identity of the user. Remote locations may be gates, doors or badge screening locations. Also included is a transmitter for sending signals to a transceiver receiver having a connection to a wire telephone system within a structure to permit phone calls using the device through the receiver to and from the wire telephone system. The device includes a connector for connecting to a docking cradle operably connected to a computer for authenticating the user before allowing access to the computer, which can also be the battery charging interface.

摘要翻译： 一种认证便携式电子设备，例如具有射频传输能力的蜂窝电话，电池电力和小键盘。 该设备还包括靠近设备的小键盘的指纹读取器，用于认证设备的用户，以及设备中的用于与远程位置通信认证信号以验证用户身份的收发器。 远程位置可以是门，门或徽章筛选位置。 还包括用于向收发器接收器发送信号的发射器，该收发器接收器具有与结构内的有线电话系统的连接，以允许通过接收器使用设备通过和从有线电话系统的电话呼叫。 该设备包括用于连接到可操作地连接到计算机的对接支架的连接器，用于在允许访问计算机之前认证用户，计算机也可以是电池充电接口。

公开(公告)号：US20050255840A1

公开(公告)日：2005-11-17

申请号：US10918260

申请日：2004-08-13

申请人： Thomas Markham

发明人： Thomas Markham

IPC分类号： G06F21/00 ,  G07C9/00 ,  H04L29/06 ,  H04W12/06 ,  H04W92/08 ,  H04Q7/20

CPC分类号： G06F21/35 ,  G06F21/43 ,  G07C9/00039 ,  G07C9/00087 ,  G07C2009/00095 ,  H04L63/0853 ,  H04L63/0861 ,  H04W12/06 ,  H04W92/08

摘要： An authenticating portable electronic device such as a cellular phone having radio frequency transmission capability, battery power and a keypad. The device further includes a biometric reader proximate the keypad of the device for authenticating the user of the device, as well as a transreceiver in the device for communicating authentication signals with a remote location to verify the identity of the user. Remote locations may be gates, doors or badge screening locations. Also included is a transmitter for sending signals to a transceiver receiver having a connection to a wire telephone system within a structure to permit phone calls using the device through the receiver to and from the wire telephone system. The device includes a connector for connecting to a docking cradle operably connected to a computer for authenticating the user before allowing access to the computer, which can also be the battery charging interface.

摘要翻译： 一种认证便携式电子设备，例如具有射频传输能力的蜂窝电话，电池电力和小键盘。 该设备还包括靠近设备的键盘的生物识别读取器，用于认证设备的用户，以及设备中的用于与远程位置通信认证信号以验证用户身份的收发器。 远程位置可以是门，门或徽章筛选位置。 还包括用于向收发器接收器发送信号的发射器，该收发器接收器具有与结构内的有线电话系统的连接，以允许通过接收器使用设备通过和从有线电话系统的电话呼叫。 该设备包括用于连接到可操作地连接到计算机的对接支架的连接器，用于在允许访问计算机之前认证用户，计算机也可以是电池充电接口。

公开(公告)号：US20060059557A1

公开(公告)日：2006-03-16

申请号：US11249622

申请日：2005-10-13

申请人： Thomas Markham ,  Walter Heimerdinger

发明人： Thomas Markham ,  Walter Heimerdinger

IPC分类号： G06F12/14

CPC分类号： G08B29/188 ,  G07C9/00158 ,  G08B31/00

摘要： A physical security system having a plurality of sensors and a sensor report aggregator. The sensors may detect a large number of physical activities. The aggregator may cluster a large number of detected reports to a small number of sets of reports. The sets of reports may be reduced to hypotheses. From the hypotheses, the aggregator may develop hypotheses about the physical environment which the sensors are monitoring in view of a security reference model. The security reference model may include, but not be limited to, facility models, physical security models, and/or attack models. The hypotheses may have probabilities assigned to them according to their certitude of likelihood and severity of danger.

摘要翻译： 具有多个传感器和传感器报告聚合器的物理安全系统。 传感器可以检测大量的身体活动。 聚合器可将大量检测到的报告聚集到少量报告集。 这些报告可能会减少到假设。 根据假设，聚合器可以根据安全参考模型来制定关于传感器正在监控的物理环境的假设。 安全参考模型可以包括但不限于设施模型，物理安全模型和/或攻击模型。 这些假设可能根据他们的可能性和严重程度的危险性分配给他们。