-
公开(公告)号:US09344445B2
公开(公告)日:2016-05-17
申请号:US14571133
申请日:2014-12-15
发明人: Bryan Burns , Krishna Narayanaswamy
IPC分类号: H04L29/06
CPC分类号: H04L63/1441 , H04L63/14 , H04L63/1416 , H04L2463/144
摘要: This disclosure describes techniques for determining whether a network session originates from an automated software agent. In one example, a network device, such as a router, includes a network interface to receive packets of a network session, a bot detection module to calculate a plurality of scores for network session data based on a plurality of metrics, wherein each of the metrics corresponds to a characteristic of a network session originated by an automated software agent, to produce an aggregate score from an aggregate of the plurality of scores, and to determine that the network session is originated by an automated software agent when the aggregate score exceeds a threshold, and an attack detection module to perform a programmed response when the network session is determined to be originated by an automated software agent. Each score represents a likelihood that the network session is originated by an automated software agent.
摘要翻译: 本公开描述了用于确定网络会话是否源于自动化软件代理的技术。 在一个示例中,诸如路由器的网络设备包括用于接收网络会话的分组的网络接口,基于多个度量来计算网络会话数据的多个分数的机器人检测模块,其中, 度量对应于由自动化软件代理发起的网络会话的特征,以从多个分数的聚合中产生聚合分数,并且当聚合分数超过一个分数时,确定网络会话由自动软件代理发起 阈值,以及当网络会话被确定为由自动化软件代理发起时执行编程响应的攻击检测模块。 每个分数表示网络会话由自动化软件代理发起的可能性。
-
公开(公告)号:US09356989B2
公开(公告)日:2016-05-31
申请号:US13871449
申请日:2013-04-26
发明人: Xinhua Hong , Hongbin Wang , Ying Zhang , Krishna Narayanaswamy , Michael Luo
CPC分类号: H04L67/02 , H04L69/163 , H04L69/22
摘要: A system includes a storage device and a processor. The storage device is configured to store a first set of values of TCP options for a first group of servers. The processor is configured to: transmit first requests to the first group of servers; receive first replies, in response to the first requests, from the first group of servers; determine the first set of values of the TCP options for the first group based on values in the first replies; store the first set of values in the storage device; receive a first message from a client to establish a connection between the client and a server in the first group of servers, and transmit, in response to the first message, a second message to the client.
-
公开(公告)号:US09774633B2
公开(公告)日:2017-09-26
申请号:US15014611
申请日:2016-02-03
CPC分类号: H04L63/20 , H04L63/0236 , H04L63/0281 , H04L63/12
摘要: A network device is configured to receive network traffic associated with an application executing on a user device; identify, based on the network traffic, an application identifier associated with the application; determine whether the application identifier matches one of a set of application identifiers stored by the network device; identify a policy based on the application identifier when the application identifier matches one of the set of application identifiers; and apply the policy to the network traffic associated with the application. The policy may be obtained from another network device, in communication with the network device, when the application identifier does not match one of the set of application identifiers.
-
公开(公告)号:US09258329B2
公开(公告)日:2016-02-09
申请号:US14065097
申请日:2013-10-28
IPC分类号: H04L29/06
CPC分类号: H04L63/20 , H04L63/0245 , H04L63/0254 , H04L63/0263
摘要: A network security appliance supports definition of a security policy to control access to a network. The security policy is defined by match criteria including a layer seven network application, a static port list of layer four ports for a transport-layer protocol, and actions to be applied to packet flows that match the match criteria. A rules engine dynamically identifies a type of layer seven network application associated with the received packet flow based on inspection of application-layer data within payloads of packets of the packet flow without basing the identification solely on a layer four port specified by headers within the packets. The rules engine is configured to apply the security policy to determine whether the packet flow matches the static port lists specified by the match criteria. The network security appliance applies the actions specified by the security policy to the packet flow.
-
公开(公告)号:US09258313B1
公开(公告)日:2016-02-09
申请号:US13631563
申请日:2012-09-28
CPC分类号: H04L63/20 , H04L63/0236 , H04L63/0281 , H04L63/12
摘要: A network device is configured to receive network traffic associated with an application executing on a user device; identify, based on the network traffic, an application identifier associated with the application; determine whether the application identifier matches one of a set of application identifiers stored by the network device; identify a policy based on the application identifier when the application identifier matches one of the set of application identifiers; and apply the policy to the network traffic associated with the application. The policy may be obtained from another network device, in communication with the network device, when the application identifier does not match one of the set of application identifiers.
摘要翻译: 网络设备被配置为接收与在用户设备上执行的应用相关联的网络流量; 基于所述网络流量识别与所述应用相关联的应用标识符; 确定应用标识符是否匹配网络设备存储的一组应用标识符之一; 当所述应用标识符与所述应用标识符集合中的一者匹配时,基于所述应用标识符识别策略; 并将策略应用于与应用程序相关联的网络流量。 当应用标识符与一组应用标识符不匹配时,该策略可以从与网络设备通信的另一网络设备获得。
-
公开(公告)号:US09860210B1
公开(公告)日:2018-01-02
申请号:US15335317
申请日:2016-10-26
发明人: Siying Yang , Krishna Narayanaswamy
IPC分类号: H04L29/06 , H04L12/851 , H04L12/859
CPC分类号: H04L63/0245 , G06F21/554 , H04L12/00 , H04L12/4633 , H04L47/2475 , H04L47/2483 , H04L63/02 , H04L63/0263 , H04L63/1416 , H04L63/168 , H04L67/00 , H04L69/22
摘要: An intrusion detection system is described that is capable of applying a plurality of stacked (layered) application-layer decoders to extract encapsulated application-layer data from a tunneled packet flow produced by multiple applications operating at the application layer, or layer seven (L7), of a network stack. In this way, the IDS is capable of performing application identification and decoding even when one or more software applications utilize other software applications as for data transport to produce packet flow from a network device. The protocol decoders may be dynamically swapped, reused and stacked (layered) when applied to a given packet or packet flow.
-
公开(公告)号:US09596268B2
公开(公告)日:2017-03-14
申请号:US14620901
申请日:2015-02-12
CPC分类号: H04L63/20 , G06F9/45558 , G06F9/5077 , G06F21/53 , G06F21/604 , G06F2009/45587 , G06F2221/2141 , G06F2221/2149 , H04L63/10 , H04L63/1416 , H04L63/1433
摘要: A system includes a virtual machine (VM) server and a policy engine server. The VM server includes two or more guest operating systems and an agent. The agent is configured to collect information from the two or more guest operating systems. The policy engine server is configured to: receive the information from the agent; generate access control information for a first guest OS, of the two or more guest operating systems, based on the information; and configure an enforcer based on the access control information.
摘要翻译: 系统包括虚拟机(VM)服务器和策略引擎服务器。 VM服务器包括两个或多个客户机操作系统和代理。 代理被配置为从两个或多个客户操作系统收集信息。 策略引擎服务器被配置为:从代理接收信息; 基于所述信息生成所述两个或多个客户操作系统的第一客户操作系统的访问控制信息; 并根据访问控制信息配置执行者。
-
公开(公告)号:US09485216B1
公开(公告)日:2016-11-01
申请号:US14336501
申请日:2014-07-21
发明人: Siying Yang , Krishna Narayanaswamy
IPC分类号: H04L29/06
CPC分类号: H04L63/0245 , G06F21/554 , H04L12/00 , H04L12/4633 , H04L47/2475 , H04L47/2483 , H04L63/02 , H04L63/0263 , H04L63/1416 , H04L63/168 , H04L67/00 , H04L69/22
摘要: An intrusion detection system is described that is capable of applying a plurality of stacked (layered) application-layer decoders to extract encapsulated application-layer data from a tunneled packet flow produced by multiple applications operating at the application layer, or layer seven (L7), of a network stack. In this was, the IDS is capable of performing application identification and decoding even when one or more software applications utilize other software applications as for data transport to produce packet flow from a network device. The protocol decoders may be dynamically swapped, reused and stacked (layered) when applied to a given packet or packet flow.
摘要翻译: 描述了入侵检测系统,其能够应用多个堆叠(分层)应用层解码器,以从在应用层操作的多个应用或第七层(L7)产生的隧道化分组流提取封装的应用层数据, ,一个网络堆栈。 这就是说,即使当一个或多个软件应用程序利用其他软件应用程序进行数据传输以产生来自网络设备的数据包流时,IDS也能执行应用程序识别和解码。 当应用于给定的分组或分组流时,协议解码器可以被动态地交换,重用和堆叠(分层)。
-
公开(公告)号:US08635490B2
公开(公告)日:2014-01-21
申请号:US13651895
申请日:2012-10-15
CPC分类号: H04L63/1408
摘要: In one example, a backup intrusion detection and prevention (IDP) device includes one or more network interfaces to receive a state update message from a primary IDP device, wherein the state update message indicates a network session being inspected by the primary IDP device and an identified application-layer protocol for the device, to receive an indication that the primary device has switched over or failed over to the backup device, and to receive a plurality of packets of the network session after receiving the indication, each of the plurality of packets comprising a respective payload including application-layer data, a protocol decoder to detect a beginning of a new transaction from the application-layer data of one of the plurality of packets, and a control unit to statefully process only the application-layer data of the network session that include and follow the beginning of the new transaction.
摘要翻译: 在一个示例中,备份入侵检测和预防(IDP)设备包括一个或多个网络接口,用于从主IDP设备接收状态更新消息,其中状态更新消息指示由主IDP设备检查的网络会话, 为设备识别应用层协议,接收主设备已经切换或故障转移到备份设备的指示,以及在接收到指示之后接收网络会话的多个分组,多个分组中的每一个分组 包括相应的有效载荷,包括应用层数据,用于从多个分组之一的应用层数据中检测新事务的开始的协议解码器,以及控制单元,用于仅仅处理应用层数据的应用层数据 网络会话包括并跟随新事务的开始。
-
公开(公告)号:US09049128B1
公开(公告)日:2015-06-02
申请号:US13936800
申请日:2013-07-08
发明人: Krishna Narayanaswamy , Siying Yang
CPC分类号: H04L43/10 , H04L63/0236 , H04L63/0245 , H04L63/10 , H04L63/1408
摘要: A method may include receiving a communication from a client device and identifying a port number, a protocol and a destination associated with the communication. The method may also include identifying a first application being executed by the first client device based on the port number, the protocol and the destination associated with the first communication.
摘要翻译: 一种方法可以包括从客户端设备接收通信并识别端口号,协议和与该通信相关联的目的地。 该方法还可以包括基于与第一通信相关联的端口号,协议和目的地识别由第一客户端设备正在执行的第一应用。
-
-
-
-
-
-
-
-
-
搜索结果
13 条记录 (耗时 0.019 秒)
