公开(公告)号：US07356561B2

公开(公告)日：2008-04-08

申请号：US10426691

申请日：2003-05-01

申请人： Krishna Balachandran ,  Joseph H. Kang ,  Wing Cheong Lau

发明人： Krishna Balachandran ,  Joseph H. Kang ,  Wing Cheong Lau

IPC分类号： H04B7/00

CPC分类号： H04L12/12 ,  H04W52/0245 ,  H04W52/0277 ,  H04W84/18 ,  Y02D70/164 ,  Y02D70/22

摘要： In a multiple node network, the method includes waking up at least one node from a sleep mode during at least one associated slot of a time-slotted frame, the sleep mode being a low power consumption mode. Also, in at least one node of a multiple node network, the period of time a node sleeps is based on the residual energy of the node, the residual energy of the nodes in the neighborhood, neighborhood node density, and combinations thereof.

摘要翻译： 在多节点网络中，该方法包括在时隙帧的至少一个相关时隙期间从睡眠模式唤醒至少一个节点，睡眠模式是低功耗模式。 此外，在多节点网络的至少一个节点中，节点睡眠的时间段基于节点的剩余能量，邻域节点的剩余能量，邻域节点密度及其组合。

公开(公告)号：US07526807B2

公开(公告)日：2009-04-28

申请号：US10723450

申请日：2003-11-26

申请人： Hung-Hsiang Jonathan Chao ,  Mooi Choo Chuah ,  Yoohwan Kim ,  Wing Cheong Lau

发明人： Hung-Hsiang Jonathan Chao ,  Mooi Choo Chuah ,  Yoohwan Kim ,  Wing Cheong Lau

IPC分类号： G06F21/00

CPC分类号： H04L63/1408 ,  H04L63/1458

摘要： In a network including a centralized controller and a plurality of routers forming a security perimeter, a method for selectively discarding packets during a distributed denial-of-service (DDoS) attack over the network. The method includes aggregating victim destination prefix lists and attack statistics associated with incoming packets received from the plurality of routers to confirm a DDoS attack victim, and aggregating packet attribute distribution frequencies for incoming victim related packets received from the plurality of security perimeter routers. Common scorebooks are generated from the aggregated packet attribute distribution frequencies and nominal traffic profiles, and local cumulative distribution function (CDF) of the local scores derived from the plurality of security perimeter routers are aggregated. A common discarding threshold is derived from the CDF and sent to each of the plurality of security perimeter routers, where the discarding threshold defines a condition in which an incoming packet may be discarded at the security perimeter.

摘要翻译： 在包括集中控制器和形成安全边界的多个路由器的网络中，提供了一种在通过网络的分布式拒绝服务（DDoS）攻击中选择性地丢弃分组的方法。 该方法包括聚合受害目的地前缀列表和与从多个路由器接收的传入分组相关联的攻击统计信息，以确认DDoS攻击受害者，并且聚合从多个安全边界路由器接收到的传入的受害者相关分组的分组属性分布频率。 从聚合的分组属性分布频率和标称流量简档生成常用记分簿，并且聚合从多个安全边界路由器导出的局部分数的局部累积分布函数（CDF）。 从CDF导出常见的丢弃阈值，并将其发送到多个安全边界路由器中的每一个，其中丢弃阈值定义了可能在安全边界丢弃输入分组的状况。

公开(公告)号：US06992979B2

公开(公告)日：2006-01-31

申请号：US09894946

申请日：2001-06-28

申请人： Oded Hauser ,  Muralidharan Sampath Kodialam ,  Tirunell V. Lakshman ,  Wing Cheong Lau

发明人： Oded Hauser ,  Muralidharan Sampath Kodialam ,  Tirunell V. Lakshman ,  Wing Cheong Lau

IPC分类号： H04L12/26

CPC分类号： H04L45/00 ,  H04L41/0663 ,  H04L45/124 ,  H04L45/125 ,  H04L45/22 ,  H04L45/28

摘要： A network element maintains failure information for a packet-based network and usage information for a backup path. Upon receipt of a new demand, with an associated bandwidth, d, the network element determines if the backup path can be shared as a function of the failure information and the usage information associated with the backup path.

公开(公告)号：US08201252B2

公开(公告)日：2012-06-12

申请号：US10232660

申请日：2002-09-03

申请人： Mooi Choo Chuah ,  Wing Cheong Lau ,  On-Ching Yue

发明人： Mooi Choo Chuah ,  Wing Cheong Lau ,  On-Ching Yue

IPC分类号： G06F11/00

CPC分类号： H04L47/10 ,  H04L47/11 ,  H04L47/2441 ,  H04L47/286 ,  H04L47/32 ,  H04L63/0236 ,  H04L63/1458

摘要： The present invention provides systems and methods for providing distributed, adaptive IP filtering techniques used in detecting and blocking IP packets involved in DDOS attacks through the use of Bloom Filters and leaky-bucket concepts to identify “attack” flows. In an exemplary embodiment of the present invention, a device tracks certain criteria of all IP packets traveling from IP sources outside a security perimeter to network devices within the security perimeter. The present invention examines the criteria and places them in different classifications in a uniformly random manner, estimates the amount of criteria normally received and then determines when a group of stored classifications is too excessive to be considered normal for a given period of time. After the device determines the criteria that excessive IP packets have in common, the device then determines rules to identify the packets that meet such criteria and filters or blocks so identified packets.

摘要翻译： 本发明提供了用于提供分布式自适应IP过滤技术的系统和方法，所述技术用于通过使用Bloom Filter和泄漏桶概念识别“攻击”流来检测和阻止涉及DDOS攻击的IP分组。 在本发明的示例性实施例中，设备跟踪从安全边界之外的IP源传播到安全范围内的网络设备的所有IP分组的某些标准。 本发明以均匀随机的方式检查标准并将它们置于不同的分类中，估计正常接收的标准的数量，然后确定一组存储的分类何时太过分，以至于在给定的时间段内不被认为是正常的。 在设备确定过多的IP数据包具有共同之处的标准之后，设备然后确定规则以识别符合这些标准的数据包，并过滤或阻止所识别的数据包。

公开(公告)号：US6158189A

公开(公告)日：2000-12-12

申请号：US283212

申请日：1999-04-01

申请人： Wing Cheong Lau

发明人： Wing Cheong Lau

IPC分类号： E04B5/12 ,  E04C3/16 ,  E04C3/12

CPC分类号： E04B5/12 ,  E04C3/145 ,  E04C3/16

摘要： An engineered or manufactured elongate wooden I-beam of the type having continuous upper and lower flange sections and a central web section therebetween is provided with a rectangular opening in the web along the span of the beam. A rectangular and open reinforcing frame constructed from at least four wooden pieces is securely positioned in the opening and is exteriorly dimensioned so that the height of the frame corresponds to the distance between the opposed interfaces of the upper and lower flange sections and the width of the frame is no less than the distance between the spaced apart web sections. This reinforced opening facilitates the passage of ductwork or the like laterally therethrough. Employing apertured I-beams of the foregoing description also facilitates a structural beam and bridging assembly where an elongate wooden bridging element can be employed by extending through and being interconnected to the frames of adjacent pairs of apertured joists.

摘要翻译： 具有连续的上凸缘部分和下凸缘部分以及中间腹板部分的类型的工程制造或制造的细长木制工字梁在梁的横跨处设置有沿腹板的矩形开口。 由至少四个木制件构成的矩形和开放的加强框架牢固地定位在开口中，并且外部尺寸使得框架的高度对应于上部和下部凸缘部分的相对的接口之间的距离和 框架不小于间隔开的腹板部分之间的距离。 该加强开口有助于横向穿过管道系统等。 使用前述描述的有孔的I型梁还有助于结构梁和桥接组件，其中可以通过延伸穿过相互成对的有向托梁的框架并且互连到细长木桥接元件。

公开(公告)号：US6147969A

公开(公告)日：2000-11-14

申请号：US173955

申请日：1998-10-14

申请人： Lofti Benmohamed ,  Yung-Terng Wang ,  Wing Cheong Lau

发明人： Lofti Benmohamed ,  Yung-Terng Wang ,  Wing Cheong Lau

IPC分类号： H04L12/56 ,  H04Q11/04 ,  H04L12/26

CPC分类号： H04Q11/0478 ,  H04L47/10 ,  H04L47/30 ,  H04L49/3081 ,  H04L2012/5635 ,  H04L2012/5682

摘要： An improved flow control method for ABR service in an ATM network. In particular, a dual local/global ingress flow control method for ABR service in a distributed ingress queueing switch including a plurality of ingress buffer-pools, at least one shared buffer-pool and a plurality of egress buffer-pools. Utilization of the egress port of each shared buffer-pool is periodically measured and together with the current state of the global-ingress control forms the basis for toggling global-ingress control in an active/inactive state. Queue-length based flow control algorithms such as DMRCA are applied to each resource management cell for the egress subport queue and ingress flow queue through which the resource management cell passes to determine the egress and local-ingress congestion marking values, respectively, for the resource management cell. In addition, global-ingress congestion is detected by applying a queue-length based flow control algorithm to the summation of the ingress flow queues contributing to the shared buffer-pool egress port through which the resource management cell passed. If global-ingress control is active then the resource management cell is marked based on the merged egress, global-ingress, local-ingress congestion marking values and the congestion marking values originally carried by the resource management cell. Otherwise the resource management cell is marked based on the merged egress, local-ingress congestion marking values and the congestion marking values originally carried by the resource management cell.

摘要翻译： 一种用于ATM网络中ABR业务的改进流控制方法。 特别地，在包括多个入口缓冲池，至少一个共享缓冲池和多个出口缓冲池的分布式入口排队交换机中，用于ABR服务的双局部/全局入口流控制方法。 定期测量每个共享缓冲池的出口端口的利用率，并与全局入口控制的当前状态一起构成在全局入口控制处于活动/非活动状态时切换的基础。 基于队列长度的流控制算法（例如DMRCA）被应用于资源管理单元通过的出口子端口队列和入口流队列的每个资源管理单元，以分别确定资源的出口和本地进入拥塞标记值 管理单元 另外，通过将基于队列长度的流控制算法应用于贡献给资源管理单元通过的共享缓冲池出口端口的入口流队列的总和来检测全局入口拥塞。 如果全局入口控制处于活动状态，则基于资源管理单元最初携带的合并出站，全局入口，本地入口拥塞标记值和拥塞标记值，对资源管理单元进行标记。 否则，资源管理单元根据资源管理单元最初携带的合并出站，本地入口拥塞标记值和拥塞标记值进行标记。

公开(公告)号：US20080219181A1

公开(公告)日：2008-09-11

申请号：US12125972

申请日：2008-05-23

申请人： Muralidharan Sampath Kodialam ,  Tirunell V. Lakshman ,  Wing Cheong Lau

发明人： Muralidharan Sampath Kodialam ,  Tirunell V. Lakshman ,  Wing Cheong Lau

IPC分类号： G06F11/00

CPC分类号： H04L41/14 ,  H04L43/0852 ,  H04L43/50

摘要： We formulate the network-wide traffic measurement/analysis problem as a series of set-cardinality-determination (SCD) problems. By leveraging recent advances in probabilistic distinct sample counting techniques, the set-cardinalities, and thus, the network-wide traffic measurements of interest can be computed in a distributed manner via the exchange of extremely light-weight traffic digests (TD's) amongst the network nodes, i.e. the routers. A TD for N packets only requires O(loglog N) bits of memory storage. The computation of such O(loglog N)-sized TD is also amenable for efficient hardware implementation at wire-speed of 10 Gbps and beyond. Given the small size of the TD's, it is possible to distribute nodal TD's to all routers within a domain by piggybacking them as opaque data objects inside existing control messages, such as OSPF link-state packets (LSPs) or I-BGP control messages. Once the required TD's are received, a router can estimate the traffic measurements of interest for each of its local link by solving a series of set-cardinality-determination problems. The traffic measurements of interest are typically in form of per-link, per-traffic-aggregate packet counts (or flow counts) where an aggregate is defined by the group of packets sharing the same originating and/or destination nodes (or links) and/or some intermediate nodes (or links). The local measurement results are then distributed within the domain so that each router can construct a network-wide view of routes/flow patterns of different traffic commodities where a commodity is defined as a group of packets sharing the same origination and/or termination nodes or links. After the initial network-wide traffic measurements are received, each router can further reduce the associated measurement/estimation errors by locally conducting a minimum square error (MSE) optimization based on network-wide commodity-flow conservation constraints.

公开(公告)号：US07397766B2

公开(公告)日：2008-07-08

申请号：US10909908

申请日：2004-08-02

申请人： Muralidharan Sampath Kodialam ,  Tirunell V. Lakshman ,  Wing Cheong Lau

发明人： Muralidharan Sampath Kodialam ,  Tirunell V. Lakshman ,  Wing Cheong Lau

IPC分类号： G01R31/08

CPC分类号： H04L41/14 ,  H04L43/0852 ,  H04L43/50

摘要： A network-wide traffic measurement/analysis problem is formulated as a series of set-cardinality-determination (SCD) problems, using probabilistic distinct sample counting techniques to compute network-wide traffic measurements of interest in a distributed manner via the exchange of light-weight traffic digests (TD's) amongst network nodes/routers. A TD for N packets uses only requires O(loglog N) bits of memory storage, making it possible to distribute nodal TD's to all routers within a domain by piggybacking them as opaque data objects inside existing control messages, such as OSPF link-state packets (LSPs) or I-BGP control messages. A router receiving the TD's can estimate the traffic measurements of interest for each of its local links by solving a series of set-cardinality-determination problems. The traffic measurements of interest are typically per-link, per-traffic-aggregate packet (or flow) counts, where an aggregate is defined by the group of packets sharing the same originating and/or destination nodes (or links) and/or some intermediate nodes (or links).

摘要翻译： 网络范围的流量测量/分析问题被形成为一系列集中确定（SCD）问题，使用概率不同的抽样计数技术，以分布式方式通过交换光网络计算感兴趣的全网络流量测量， 网络节点/路由器之间的重量流量摘要（TD）。 对于N个数据包的TD使用只需要O（loglog N）位的存储器存储，使得可以将节点TD分配到现有控制消息内的不透明数据对象（例如OSPF链路状态分组），将节点TD分配到域内的所有路由器 （LSP）或I-BGP控制消息。 接收TD的路由器可以通过解决一系列集合确定问题来估计每个本地链路的流量测量值。 感兴趣的流量测量通常是每链路，每流量聚合分组（或流）计数，其中聚合由共享相同发起和/或目的地节点（或链路）的组的组和/或一些 中间节点（或链接）。

公开(公告)号：US20080074238A1

公开(公告)日：2008-03-27

申请号：US11824469

申请日：2007-06-29

申请人： Muralidharan S. Kodialam ,  Wing Cheong Lau ,  Thyagarajan Nandagopal

发明人： Muralidharan S. Kodialam ,  Wing Cheong Lau ,  Thyagarajan Nandagopal

IPC分类号： H04B7/00

CPC分类号： H04W24/00 ,  H04L41/0896 ,  H04L43/0882 ,  H04W74/08

摘要： In one embodiment, a method for estimating the number of tags in a set of tags in a system of tags and readers. The method includes, during each of a plurality of time intervals: (i) transmitting a command requesting that each tag that receives the command determine whether to transmit a reply; and (ii) receiving, in one or more timeslots of a frame corresponding to the time interval, replies from one or more tags. The method further includes providing an estimate of the number of tags in the set of one or more tags based on (i) timeslots in each of the plurality of time intervals that are zero timeslots, i.e., timeslots having no received reply, and (ii) the total number of timeslots in each frame.

摘要翻译： 在一个实施例中，一种用于估计标签和读取器系统中的一组标签中的标签的数量的方法。 该方法包括在多个时间间隔的每一个期间：（i）发送请求每个接收到该命令的标签的命令确定是否发送回复; 以及（ii）在与所述时间间隔对应的帧的一个或多个时隙中接收从一个或多个标签的答复。 该方法还包括：基于（i）作为零时隙的多个时间间隔中的每一个中的时隙，即没有接收到的回复的时隙，提供一组或多个标签中的标签数量的估计， ）每帧中的时隙总数。

公开(公告)号：US07096039B2

公开(公告)日：2006-08-22

申请号：US10185993

申请日：2002-06-28

申请人： Mooi Choo Chuah ,  Enrique Hernandez-Valencia ,  Wing Cheong Lau

发明人： Mooi Choo Chuah ,  Enrique Hernandez-Valencia ,  Wing Cheong Lau

IPC分类号： H04M1/00

CPC分类号： H04L12/189 ,  H04L12/1836 ,  H04L49/201 ,  H04L49/205 ,  H04L49/351 ,  H04W92/12

摘要： The present invention sets forth a methodology for providing improved downlink backhaul services from a radio network controller (RNC) to a plurality of base stations via a backhaul network that provides Ethernet services. The Ethernet services are provided by a group of provider edge (PE) switches and regular label switch routers (referred to as P switches). Base stations within the network are assigned into clusters, each of the clusters having a cluster ID. The RNC transmits packets to a given switch or switches out on the network based on a cluster ID included within the transmitted packet. The communications traffic is then multicast from at least one last hop switch in the network to candidate base stations on the basis of the cluster ID and an active set within the cluster. Advantageously, the clusters act as subgroups for more easily directing the transmission of the backhaul multicast traffic. Significant advantages are realized through use of the present invention, including the ability to allow faster and smoother handoffs, as well as backhaul bandwidth savings since intelligence regarding cell switching is extended out at a point farther along the network than was previously enabled.

摘要翻译： 本发明提出了一种用于通过提供以太网服务的回程网络从无线电网络控制器（RNC）向多个基站提供改进的下行链路回程业务的方法。 以太网服务由一组提供商边缘（PE）交换机和常规标签交换路由器（称为P交换机）提供。 网络内的基站被分配成簇，每个簇具有簇ID。 RNC根据发送的分组中包含的集群ID，将数据包发送给给定的交换机，或者在网络上进行切换。 然后，基于集群ID和集群内的活动集，将通信业务从网络中的至少一个最后一跳交换机组播到候选基站。 有利地，集群充当用于更容易地指导回程多播业务的传输的子组。 通过使用本发明，可以实现显着的优点，包括允许更快和更平滑的切换以及回程带宽节省的能力，因为关于小区切换的智能在比以前启用的网络更远一点处被扩展。