-
1.发明申请METHOD AND SYSTEM FOR OPERATING SYSTEM IDENTIFICATION IN A NETWORK BASED SECURITY MONITORING SOLUTION 有权基于网络的安全监控解决方案中的系统识别操作方法和系统公开(公告)号:US20120255019A1
公开(公告)日:2012-10-04
申请号:US13083501
申请日:2011-04-08
申请人: Kevin McNamee , Mike Pelley , Darren Deridder , Paul Edwards
发明人: Kevin McNamee , Mike Pelley , Darren Deridder , Paul Edwards
IPC分类号: G06F21/00
CPC分类号: G06F21/554 , G06F21/564 , H04L63/1416
摘要: A method and system for providing network based malware detection in a service provider network is disclosed. Transmission control protocol (TCP) packets defining originating from an access device coupled to the service provider network defining a TCP session between a computing device coupled to the access device, and a destination coupled to the service provider network are received. An operating system identifier (OS ID) associated with the TCP session and the computing device is determined. If malware is present in the TCP session and an associated malware ID is determined by comparing a malware signature to the one or more TCP packets. An alert identifying a network address associated with the access device, the malware ID and the OS ID associated with TCP session that generated the alert can then be generated.
摘要翻译: 公开了一种在服务提供商网络中提供基于网络的恶意软件检测的方法和系统。 从耦合到服务提供商网络的接入设备定义的传输控制协议(TCP)分组被定义为在连接到接入设备的计算设备和连接到服务提供商网络的目的地之间定义TCP会话。 确定与TCP会话和计算设备相关联的操作系统标识符(OS ID)。 如果TCP会话中存在恶意软件,并通过将恶意软件签名与一个或多个TCP数据包进行比较来确定相关联的恶意软件ID。 然后可以生成识别与访问设备相关联的网络地址的警报,与生成警报的TCP会话相关联的恶意软件ID和OS ID。
-
2.发明授权Method and system for operating system identification in a network based security monitoring solution 有权在基于网络的安全监控解决方案中操作系统识别的方法和系统公开(公告)号:US08635697B2
公开(公告)日:2014-01-21
申请号:US13083501
申请日:2011-04-08
申请人: Kevin McNamee , Mike Pelley , Darren Deridder , Paul Edwards
发明人: Kevin McNamee , Mike Pelley , Darren Deridder , Paul Edwards
CPC分类号: G06F21/554 , G06F21/564 , H04L63/1416
摘要: A method and system for providing network based malware detection in a service provider network is disclosed. Transmission control protocol (TCP) packets defining originating from an access device coupled to the service provider network defining a TCP session between a computing device coupled to the access device, and a destination coupled to the service provider network are received. An operating system identifier (OS ID) associated with the TCP session and the computing device is determined. If malware is present in the TCP session and an associated malware ID is determined by comparing a malware signature to the one or more TCP packets. An alert identifying a network address associated with the access device, the malware ID and the OS ID associated with TCP session that generated the alert can then be generated.
摘要翻译: 公开了一种在服务提供商网络中提供基于网络的恶意软件检测的方法和系统。 从耦合到服务提供商网络的接入设备定义的传输控制协议(TCP)分组被定义为在连接到接入设备的计算设备和连接到服务提供商网络的目的地之间定义TCP会话。 确定与TCP会话和计算设备相关联的操作系统标识符(OS ID)。 如果TCP会话中存在恶意软件,并通过将恶意软件签名与一个或多个TCP数据包进行比较来确定相关联的恶意软件ID。 然后可以生成识别与访问设备相关联的网络地址的警报,与生成警报的TCP会话相关联的恶意软件ID和OS ID。
-
搜索结果
2 条记录 (耗时 0.024 秒)
