-
公开(公告)号:US20120317306A1
公开(公告)日:2012-12-13
申请号:US13157316
申请日:2011-06-10
申请人: Kira Radinsky , Evgeney Ryzhyk , Moshe Golan
发明人: Kira Radinsky , Evgeney Ryzhyk , Moshe Golan
IPC分类号: G06F15/16
CPC分类号: H04L43/028 , H04L63/1408
摘要: A network traffic analyzer may identify applications transmitting information across a network by analyzing various protocol attributes of the communication. A set of signatures may be created by training a machine learning system using network traffic with and without a specific application. The machine learning system may generate a signature for the specific application, and the signature may be analyzed using a monitoring system to identify the presence of the application's traffic on the network. In some embodiments, a decision tree may be used to detect the application within a statistical confidence. The monitoring system may be used for malware detection as well as other applications.
摘要翻译: 网络流量分析器可以通过分析通信的各种协议属性来识别通过网络传输信息的应用。 可以通过使用具有和不具有特定应用的网络流量训练机器学习系统来创建一组签名。 机器学习系统可以为特定应用生成签名,并且可以使用监视系统分析签名,以识别应用在网络上的流量的存在。 在一些实施例中,可以使用决策树来在统计置信度内检测应用。 监控系统可用于恶意软件检测以及其他应用。
-
公开(公告)号:US09871807B2
公开(公告)日:2018-01-16
申请号:US12483332
申请日:2009-06-12
CPC分类号: H04L63/1416 , G06F21/564 , H04L69/22
摘要: Described is a generic protocol decoder that analyzes network traffic or file data to look for a signature, and signals an intrusion prevention mechanism/system if the signature is matched. In one aspect, the generic decoder is built using generic application-level protocol analysis language (GAPAL) primitives. These primitives provide various capabilities, including pattern matching, skipping, reading data, copying variable data and comparing data. The generic decoder may be coupled to a pre-developed protocol parser that provides the decoder with the data to analyze.
-
公开(公告)号:US09389839B2
公开(公告)日:2016-07-12
申请号:US12146935
申请日:2008-06-26
申请人: Vladimir Lifliand , Evgeney Ryzhyk , Yifat Sagiv , Maxim Uritsky
发明人: Vladimir Lifliand , Evgeney Ryzhyk , Yifat Sagiv , Maxim Uritsky
CPC分类号: H04L63/1416 , G06F8/41
摘要: Described is a technology by which a signature used by network traffic intrusion prevention/detection systems includes logic that helps a prevention/detection engine detect that signature. A signature to detect is compiled into executable logic that is executed to communicate with an engine that evaluates network traffic. The signature logic provides an expression set (such as group of regular expressions) for the engine to match against a token corresponding to the network traffic. When matched, the engine notifies the logic and receives a further expression set to match, or a communication indicative that that the signature was detected. The signature thus directs the analysis, facilitating a lightweight, generic engine. Safety of the signature logic is described as being accomplished through layers, including by publisher signing, and by compilation and execution (e.g., interpretation) in safe environments.
摘要翻译: 描述了由网络流量入侵防御/检测系统使用的签名的技术包括有助于预防/检测引擎检测该签名的逻辑。 要检测的签名被编译成可执行逻辑,该可执行逻辑被执行以与评估网络流量的引擎进行通信。 签名逻辑提供一个表达式集合(如一组正则表达式),用于引擎匹配与网络流量对应的令牌。 当匹配时,引擎通知逻辑并接收另一表达式以匹配,或指示检测到签名的通信。 因此,该签名指导了分析,便于轻量级的通用引擎。 签名逻辑的安全性被描述为通过层次完成,包括通过发布者签名,以及在安全环境中的编译和执行(例如,解释)。
-
4.发明申请公开(公告)号:US20100319071A1
公开(公告)日:2010-12-16
申请号:US12483332
申请日:2009-06-12
IPC分类号: G06F21/00
CPC分类号: H04L63/1416 , G06F21/564 , H04L69/22
摘要: Described is a generic protocol decoder that analyzes network traffic or file data to look for a signature, and signals an intrusion prevention mechanism/system if the signature is matched. In one aspect, the generic decoder is built using generic application-level protocol analysis language (GAPAL) primitives. These primitives provide various capabilities, including pattern matching, skipping, reading data, copying variable data and comparing data. The generic decoder may be coupled to a pre-developed protocol parser that provides the decoder with the data to analyze.
摘要翻译: 描述了一种通用协议解码器,其分析网络流量或文件数据以寻找签名,并且如果签名匹配则发出入侵防御机制/系统的信号。 在一个方面,通用解码器是使用通用应用级协议分析语言(GAPAL)原语构建的。 这些原语提供了各种功能,包括模式匹配,跳过,读取数据,复制可变数据和比较数据。 通用解码器可以耦合到预先开发的协议解析器,其向解码器提供要分析的数据。
-
公开(公告)号:US20090328011A1
公开(公告)日:2009-12-31
申请号:US12146935
申请日:2008-06-26
申请人: Vladimir Lifliand , Evgeney Ryzhyk , Yifat Sagiv , Maxim Uritsky
发明人: Vladimir Lifliand , Evgeney Ryzhyk , Yifat Sagiv , Maxim Uritsky
CPC分类号: H04L63/1416 , G06F8/41
摘要: Described is a technology by which a signature used by network traffic intrusion prevention/detection systems includes logic that helps a prevention/detection engine detect that signature. A signature to detect is compiled into executable logic that is executed to communicate with an engine that evaluates network traffic. The signature logic provides an expression set (such as group of regular expressions) for the engine to match against a token corresponding to the network traffic. When matched, the engine notifies the logic and receives a further expression set to match, or a communication indicative that that the signature was detected. The signature thus directs the analysis, facilitating a lightweight, generic engine. Safety of the signature logic is described as being accomplished through layers, including by publisher signing, and by compilation and execution (e.g., interpretation) in safe environments.
摘要翻译: 描述了由网络流量入侵防御/检测系统使用的签名的技术包括有助于预防/检测引擎检测该签名的逻辑。 要检测的签名被编译成可执行逻辑,该可执行逻辑被执行以与评估网络流量的引擎进行通信。 签名逻辑提供一个表达式集合(如一组正则表达式),用于引擎匹配与网络流量对应的令牌。 当匹配时,引擎通知逻辑并接收另一表达式以匹配,或指示检测到签名的通信。 因此,该签名指导了分析,便于轻量级的通用引擎。 签名逻辑的安全性被描述为通过层次完成,包括通过发布者签名,以及在安全环境中的编译和执行(例如,解释)。
-
-
-
-
搜索结果
5 条记录 (耗时 0.017 秒)
