-
公开(公告)号:US20120260306A1
公开(公告)日:2012-10-11
申请号:US13443682
申请日:2012-04-10
IPC分类号: G06F21/00
CPC分类号: G06F21/554 , G06Q10/06
摘要: First stage meta-events are generated based on analyzing time attributes of base events received from a network component. Second stage meta-events are generated based on a number of the first stage meta-events that have a time attribute falling within a time period. An amount of time that has passed since a most-recent second stage meta-event was generated is determined, and if a threshold time period does not exceed the amount of time that has passed since the most-recent second stage meta-event was detected, a third stage meta-event is determined.
摘要翻译: 基于从网络组件接收的基本事件的时间属性分析,生成第一阶段元事件。 基于具有落在时间段内的时间属性的第一级元事件的数量来生成第二级元事件。 确定从最近的第二阶段元事件生成以来已经过去的时间量,并且如果阈值时间段不超过从检测到最近的第二阶段元事件以来已经过去的时间量 ,确定第三阶段元事件。
-
公开(公告)号:US08176527B1
公开(公告)日:2012-05-08
申请号:US10308767
申请日:2002-12-02
IPC分类号: G06F7/04
CPC分类号: G06F21/554 , G06Q10/06
摘要: A rules engine with support for time-based rules is disclosed. A method performed by the rules engine, comprises receiving security events generated by a number of network devices. The security events are aggregated. One or more time-based rules are provided to a RETE engine. The aggregated security events are provided to the RETE engine at specific times associated with the time-based rules. The security events are cross-correlated with the one or more time-based rules; and one or more first stage meta-events are reported.
摘要翻译: 公布了支持基于时间的规则的规则引擎。 由规则引擎执行的方法包括接收由多个网络设备产生的安全事件。 安全事件被聚合。 一个或多个基于时间的规则提供给RETE引擎。 聚合的安全事件在与时间规则相关联的特定时间提供给RETE引擎。 安全事件与一个或多个基于时间的规则相互关联; 并报告一个或多个第一阶段元事件。
-
公开(公告)号:US07260844B1
公开(公告)日:2007-08-21
申请号:US10655062
申请日:2003-09-03
IPC分类号: G06F11/00
CPC分类号: H04L63/1433 , G06F21/577 , H04L63/1425
摘要: A network security system is provided that receives information from various sensors and can analyse the received information. In one embodiment of the present invention, such a system receives a security event from a software agent. The received security event includes a target address and an event signature, as generated by the software agent. The event signature can be used to determine a set of vulnerabilities exploited by the received security event, and the target address can be used to identify a target asset within the network. By accessing a model of the target asset, a set of vulnerabilities exposed by the target asset can be retrieved. Then, a threat can be detected by comparing the set of vulnerabilities exploited by the security event to the set of vulnerabilities exposed by the target asset.
摘要翻译: 提供一种从各种传感器接收信息并且可以分析所接收的信息的网络安全系统。 在本发明的一个实施例中,这样的系统从软件代理接收安全事件。 所接收的安全事件包括由软件代理产生的目标地址和事件签名。 可以使用事件签名来确定接收的安全事件利用的一组漏洞,并且可以使用目标地址来识别网络内的目标资产。 通过访问目标资产的模型,可以检索目标资产公开的一组漏洞。 然后,可以通过将安全事件利用的一组漏洞与目标资产公开的一组漏洞进行比较来检测威胁。
-
公开(公告)号:US07861299B1
公开(公告)日:2010-12-28
申请号:US11836251
申请日:2007-08-09
IPC分类号: G06F11/00
CPC分类号: H04L63/1433 , G06F21/577 , H04L63/1425
摘要: A network security system is provided that receives information from various sensors and can analyze the received information. In one embodiment of the present invention, such a system receives a security event from a software agent. The received security event includes a target address and an event signature, as generated by the software agent. The event signature can be used to determine a set of vulnerabilities exploited by the received security event, and the target address can be used to identify a target asset within the network. By accessing a model of the target asset, a set of vulnerabilities exposed by the target asset can be retrieved. Then, a threat can be detected by comparing the set of vulnerabilities exploited by the security event to the set of vulnerabilities exposed by the target asset.
摘要翻译: 提供一种从各种传感器接收信息并且可以分析所接收的信息的网络安全系统。 在本发明的一个实施例中,这样的系统从软件代理接收安全事件。 所接收的安全事件包括由软件代理产生的目标地址和事件签名。 事件签名可用于确定接收到的安全事件利用的一组漏洞,并且目标地址可用于标识网络内的目标资产。 通过访问目标资产的模型,可以检索目标资产公开的一组漏洞。 然后,可以通过将安全事件利用的一组漏洞与目标资产公开的一组漏洞进行比较来检测威胁。
-
5.发明申请公开(公告)号:US20110145711A1
公开(公告)日:2011-06-16
申请号:US13031079
申请日:2011-02-18
申请人: Hugh S. Njemanze , Debabrata Dash , Shijie Wang
发明人: Hugh S. Njemanze , Debabrata Dash , Shijie Wang
IPC分类号: G06F15/177 , G06F15/173 , G06F3/048
CPC分类号: G06F21/552
摘要: A selected time interval of previously stored events generated by a number of computer network devices are replayed and cross-correlated according to rules. Meta-events are generated when the events satisfy conditions associated with one or more of the rules. The rules used during replay may differ from prior rules used at a time when the events occurred within a computer network that included the computer network devices. In this way, new rules can be tested against true event data streams to determine whether or not the rules should be used in a live environment (i.e., the efficacy of the rules can be tested an tor debugged against actual event data).
摘要翻译: 由多个计算机网络设备产生的先前存储的事件的选定时间间隔根据规则被重放和交叉相关。 当事件满足与一个或多个规则相关联的条件时,生成元事件。 在播放期间使用的规则可能与在计算机网络中包含计算机网络设备的事件发生时所使用的先前规则不同。 以这种方式,可以针对真实事件数据流来测试新规则,以确定在活动环境中是否应该使用规则(即,可以针对实际事件数据来调试规则的功效)。
-
6.发明授权Method and apparatus for exercising and debugging correlations for network system 有权运行和调试网络系统相关性的方法和装置公开(公告)号:US08560679B2
公开(公告)日:2013-10-15
申请号:US13031079
申请日:2011-02-18
申请人: Hugh S. Njemanze , Debabrata Dash , Shijie Wang
发明人: Hugh S. Njemanze , Debabrata Dash , Shijie Wang
IPC分类号: G06F15/173 , G06F9/00 , G06F11/00
CPC分类号: G06F21/552
摘要: A selected time interval of previously stored events generated by a number of computer network devices are replayed and cross-correlated according to rules. Meta-events are generated when the events satisfy conditions associated with one or more of the rules. The rules used during replay may differ from prior rules used at a time when the events occurred within a computer network that included the computer network devices. In this way, new rules can be tested against true event data streams to determine whether or not the rules should be used in a live environment (i.e., the efficacy of the rules can be tested and/or debugged against actual event data).
摘要翻译: 由多个计算机网络设备产生的先前存储的事件的选定时间间隔根据规则被重放和交叉相关。 当事件满足与一个或多个规则相关联的条件时,生成元事件。 在播放期间使用的规则可能与在计算机网络中包含计算机网络设备的事件发生时所使用的先前规则不同。 以这种方式,可以针对真实事件数据流来测试新的规则,以确定在活的环境中是否应该使用规则(即,规则的功效可以针对实际事件数据进行测试和/或调试)。
-
7.发明授权Method and apparatus for exercising and debugging correlations for network security system 有权运行和调试网络安全系统相关性的方法和装置公开(公告)号:US07899901B1
公开(公告)日:2011-03-01
申请号:US10308416
申请日:2002-12-02
申请人: Hugh S. Njemanze , Debabrata Dash , Shijie Wang
发明人: Hugh S. Njemanze , Debabrata Dash , Shijie Wang
IPC分类号: G06F15/173 , G06F9/00 , G06F11/00
CPC分类号: G06F21/552
摘要: A selected time interval of previously stored security events generated by a number of computer network devices are replayed and cross-correlated according to rules defining security incidents. Meta-events are generated when the security events satisfy conditions associated with one or more of the rules. The rules used during replay may differ from prior rules used at a time when the security events occurred within a computer network that included the computer network devices. In this way, new rules can be tested against true security event data streams to determine whether or not the rules should be used in a live environment (i.e., the efficacy of the rules can be tested and/or debugged against actual security event data).
摘要翻译: 由许多计算机网络设备产生的先前存储的安全事件的选定时间间隔根据定义安全事件的规则被重播和交叉相关。 当安全事件满足与一个或多个规则相关联的条件时,生成元事件。 在播放期间使用的规则可能与在包括计算机网络设备的计算机网络中发生安全事件时使用的先前规则不同。 以这种方式,可以针对真实的安全事件数据流来测试新的规则,以确定是否应该在活动环境中使用规则(即,可以针对实际安全事件数据来测试和/或调试规则的功能) 。
-
8.发明授权System and method to anonymize data transmitted to a destination computing device 有权用于对发送到目的地计算设备的数据进行匿名化的系统和方法公开(公告)号:US09292696B1
公开(公告)日:2016-03-22
申请号:US13843925
申请日:2013-03-15
IPC分类号: G06F21/60
CPC分类号: G06F21/60 , H04L63/0227 , H04L63/0435
摘要: A method and system for anonymizing data to be transmitted to a destination computing device is disclosed. Data to be transmitted is received from a user computer. The data includes a plurality of fields of data. One or more fields of data are selected for anonymization. The selected one or more fields are anonymized. The data with one or more fields anonymized is transmitted to the destination computing device.
摘要翻译: 公开了一种用于将要发送到目的地计算设备的数据进行匿名化的方法和系统。 从用户计算机接收要发送的数据。 数据包括多个数据字段。 选择一个或多个数据字段进行匿名化。 所选的一个或多个字段是匿名的。 具有一个或多个匿名字段的数据被发送到目的地计算设备。
-
9.发明授权System and method to anonymize data transmitted to a destination computing device 有权用于对发送到目的地计算设备的数据进行匿名化的系统和方法公开(公告)号:US08694646B1
公开(公告)日:2014-04-08
申请号:US13042459
申请日:2011-03-08
申请人: Pravin Kothari , Debabrata Dash , Yuh-wen Soung , Theron Tock
发明人: Pravin Kothari , Debabrata Dash , Yuh-wen Soung , Theron Tock
IPC分类号: G06F15/16
CPC分类号: G06F17/30569 , G06F21/602 , H04L63/0421 , H04L63/0435
摘要: A method and system for anonymizing data to be transmitted to a destination computing device is disclosed. Anonymization strategy for data anonymization is provided. Data to be transmitted is received from a user computer. Selective anonymization of the data is performed, based on the anonymization strategy, using an anonymization module. Anonymized data is transmitted to the destination computing device over a network.
摘要翻译: 公开了一种用于将要发送到目的地计算设备的数据进行匿名化的方法和系统。 提供数据匿名化的匿名化策略。 从用户计算机接收要发送的数据。 基于匿名化策略,使用匿名化模块来执行数据的选择性匿名化。 匿名数据通过网络传输到目标计算设备。
-
公开(公告)号:US07644438B1
公开(公告)日:2010-01-05
申请号:US10975962
申请日:2004-10-27
IPC分类号: G08B23/00
CPC分类号: H04L63/0218 , H04L63/1416
摘要: A network security system can have a plurality of distributed software agents configured to collect security events from network devices. In one embodiment, the agents are configured to aggregate the security events. In one embodiment of the present invention, an agent includes a device interface to receive a security event from a network device, a plurality of aggregation profiles, and an agent aggregate module to select one of the plurality of aggregation profiles, and increment an event count of an aggregate event representing the received security event using the selected aggregation profile.
摘要翻译: 网络安全系统可以具有被配置为从网络设备收集安全事件的多个分布式软件代理。 在一个实施例中,代理被配置为聚合安全事件。 在本发明的一个实施例中,代理包括从网络设备接收安全事件的设备接口,多个聚合简档和代理聚合模块,用于选择多个聚合简档中的一个,并且增加事件计数 使用所选择的聚合简档表示所接收的安全事件的聚合事件。
-
-
-
-
-
-
-
-
-
搜索结果
25 条记录 (耗时 0.022 秒)
