INTRUSION DETECTION METHOD AND SYSTEM
    1.
    发明申请
    INTRUSION DETECTION METHOD AND SYSTEM 有权
    侵入检测方法与系统

    公开(公告)号:US20100287615A1

    公开(公告)日:2010-11-11

    申请号:US12733057

    申请日:2008-09-19

    IPC分类号: G06F11/00 G08B23/00

    CPC分类号: H04L63/1416

    摘要: Intrusion detection method for detecting unauthorized use or abnormal activities of a targeted system of a network, comprising the steps: creating defined preconditions for each vulnerability related to the targeted system and/or for each attack that exploit one or several vulnerabilities; creating assurance references corresponding to said defined preconditions and considering the targeted perimeter capturing data related to the targeted system; comparing captured data with attack signatures for generating at least one security alert when captured data and at least one attack signature match; capturing assurance data from monitoring of the targeted perimeter comparing assurance data, issued from assurance monitoring of the targeted perimeter, with assurance references for generating assurance information when said data issued from assurance monitoring and at least one assurance reference match retrieving the preconditions of the generated security alert checking if assurance information corresponding to said preconditions has been retrieved generating a verified security alarm when generated security alert and its retrieved precondition match with at least one corresponding assurance information filtering said security alert when no match has been found between its retrieved preconditions and at least one corresponding assurance information; emitting a non verified security alert when no preconditions have been retrieved for this alert and/or no assurance reference corresponding to said preconditions has been defined.

    摘要翻译: 一种用于检测网络的目标系统的未授权使用或异常活动的入侵检测方法,包括以下步骤:为与目标系统相关的每个漏洞和/或利用一个或多个漏洞的每个攻击创建定义的前提条件; 创建对应于所述定义的前提条件的保证引用并考虑与目标系统相关的目标周边捕获数据; 将捕获的数据与攻击签名进行比较,用于当捕获的数据和至少一个攻击签名匹配时生成至少一个安全警报; 通过对目标周边的监控来获取保证数据,比较从目标周界的保证监控发出的保证数据,以及在从保证监控发出的所述数据和至少一个保证参考匹配检索生成的安全性的前提条件时生成保证信息的保证参考 警报检查如果已经检索到对应于所述前提条件的保证信息,则当生成的安全警报及其检索到的前提条件与在其检索到的前提条件之间没有匹配时过滤所述安全警报的至少一个对应保证信息匹配时产生已验证的安全警报,并且至少 一个相应的保证信息; 当没有检索到用于该警报的前提条件和/或没有定义对应于所述前提条件的保证引用时,发出未验证的安全警报。

    CONTENT PUBLICATION CONTROL SYSTEM
    2.
    发明申请
    CONTENT PUBLICATION CONTROL SYSTEM 审中-公开
    内容出版控制系统

    公开(公告)号:US20140108802A1

    公开(公告)日:2014-04-17

    申请号:US14116215

    申请日:2012-04-24

    IPC分类号: H04L29/06

    摘要: To control the publication of digital content on a web site managed by a publication server (SP) from a communication terminal (TC1), a control server (SC) capable of communicating with the publication server (SP) and the terminal provide the latter with an application (App) that is downloaded and implemented on the terminal. The application makes it possible to define the control parameters (ParC) associated with the digital content, said parameters comprising a period of validity for the content and a list of web sites authorised to publish the digital content, generate a key (Kc) associated with the digital content, encrypt the digital content with said key, and store the control parameters (ParC), the generated key (Kc), and the encrypted digital content in various databases. The application then generates a reference (Ref) associated with the digital content and requires the publication of the reference by the publication server in place of the digital content.

    摘要翻译: 为了控制从通信终端(TC1)由发布服务器(SP)管理的网站上发布数字内容,能够与发布服务器(SP)通信的控制服务器(SC)和终端向终端提供 在终端上下载并实现的应用程序(App)。 应用使得可以定义与数字内容相关联的控制参数(ParC),所述参数包括内容的有效期和被授权发布数字内容的网站列表,生成与数字内容相关联的密钥(Kc) 数字内容使用所述密钥加密数字内容,并将控制参数(ParC),生成的密钥(Kc)和加密的数字内容存储在各种数据库中。 应用程序然后生成与数字内容相关联的参考(Ref),并且需要由出版服务器发布参考以代替数字内容。

    Intrusion detection method and system
    3.
    发明授权
    Intrusion detection method and system 有权
    入侵检测方法和系统

    公开(公告)号:US08418247B2

    公开(公告)日:2013-04-09

    申请号:US12733057

    申请日:2008-09-19

    IPC分类号: G06F11/00 G08B23/00

    CPC分类号: H04L63/1416

    摘要: A technique is provided for detecting unauthorized use or abnormal activities of a targeted system of a network. The technique includes a comparison of captured data that relates to a targeted system with attack signatures to generate a security alert when the captured data and an attack signature match, a comparison of assurance metrics data from a monitored targeted perimeter with assurance references to generate assurance information when the assurance metrics data and an assurance reference match, a generation of a verified security alarm when the security alert and associated preconditions match a corresponding assurance information, a filtering of the security alert when no match has been found between the associated retrieved preconditions and the corresponding assurance information, and an emitting of a non verified security alert when no preconditions have been retrieved for the security alert and/or no assurance reference corresponding to the preconditions has been defined.

    摘要翻译: 提供了用于检测网络的目标系统的未授权使用或异常活动的技术。 该技术包括将与目标系统相关的捕获数据与攻击签名进行比较,以在捕获的数据和攻击签名匹配时产生安全警报,将来自受监视的目标周边的保证度量数据与保证引用进行比较以产生保证信息 当保证度量数据和保证引用相匹配时,当安全警报和相关联的前提条件与相应的保证信息匹配时,生成已验证的安全警报,当在相关联的检索到的先决条件和 并且当没有为安全警报检索到前提条件和/或没有定义对应于前提条件的保证引用时,发出未验证的安全警报。

    METHOD FOR DETECTING THE HIJACKING OF COMPUTER RESOURCES
    4.
    发明申请
    METHOD FOR DETECTING THE HIJACKING OF COMPUTER RESOURCES 有权
    检测计算机资源重叠的方法

    公开(公告)号:US20120272316A1

    公开(公告)日:2012-10-25

    申请号:US13515316

    申请日:2010-12-08

    IPC分类号: G06F21/00

    摘要: The present invention provides a method for detecting the hijacking of computer resources, located on an internal network implementing security and confidentiality criteria specific to this internal network, connected to an external network with no such security and confidentiality criteria, through a connection managed by a service provider, comprising: storing a connection parameter implemented by the computer resources to communicate with the external network; processing the stored parameter based on an irreversible function to generate a unique code that corresponds to said stored parameter but which does not allow the identification of said parameter from the corresponding generated code; and sending said generated code to a server located on the external network so that the server can analyze the activity of the computer resources from said unique code to detect any hijacking of the computer resources.

    摘要翻译: 本发明提供了一种检测劫持计算机资源的方法,所述计算机资源位于内部网络上,该内部网络通过由服务管理的连接而实现与该内部网络特有的安全性和机密性标准,连接到外部网络,没有这种安全性和机密性标准 包括:存储由所述计算机资源实现的与所述外部网络通信的连接参数; 基于不可逆函数来处理所存储的参数,以产生对应于所存储的参数但不允许从对应的生成代码识别所述参数的唯一代码; 以及将所述生成的代码发送到位于所述外部网络上的服务器,使得所述服务器可以从所述唯一代码分析所述计算机资源的活动以检测所述计算机资源的任何劫持。

    Method for detecting the hijacking of computer resources
    5.
    发明授权
    Method for detecting the hijacking of computer resources 有权
    检测劫持计算机资源的方法

    公开(公告)号:US09104874B2

    公开(公告)日:2015-08-11

    申请号:US13515316

    申请日:2010-12-08

    摘要: An exemplary technique is provided for detecting a hijacking of computer resources, located in an internal network implementing security criteria and confidentiality criteria specific to the internal network, connected to an external network with no security criteria and confidentiality criteria, through a connection managed by a service provider. The technique includes storing, at the internal network, a connection parameter implemented by the computer resources to communicate with the external network; processing, at the internal network, the stored connection parameter based on an irreversible function to generate a unique code that corresponds to the stored connection parameter but which does not allow the identification of the stored connection parameter from the corresponding generated unique code; and sending, at the internal network, the generated unique code to a server located on the external network so that the server can analyze an activity of the computer resources from the unique code and detect any hijacking of the computer resources.

    摘要翻译: 提供了一种示例性技术,用于通过由服务管理的连接来检测位于内部网络中的计算机资源的劫持,所述内部网络实现与内部网络特定的安全标准和机密标准,连接到外部网络,没有安全标准和机密性标准 提供者 该技术包括在内部网络中存储由计算机资源实现的与外部网络通信的连接参数; 在内部网络处,基于不可逆函数来处理所存储的连接参数,以生成对应于所存储的连接参数但不允许从对应的生成的唯一代码识别存储的连接参数的唯一代码; 以及在内部网络将生成的唯一代码发送到位于外部网络上的服务器,使得服务器可以从唯一代码分析计算机资源的活动并检测计算机资源的任何劫持。

    Overload control in a cloud computing environment
    7.
    发明授权
    Overload control in a cloud computing environment 有权
    云计算环境中的过载控制

    公开(公告)号:US09141420B2

    公开(公告)日:2015-09-22

    申请号:US12939627

    申请日:2010-11-04

    IPC分类号: G06F9/455

    CPC分类号: G06F9/45558 G06F2009/4557

    摘要: Provided is a method and devices for overload control in a cloud computing environment. The method includes receiving a first message from a network element associated with the cloud computing environment. The first message includes information associated with a target virtual machine and a list of sessions from the one or more sessions to move from the serving virtual machine to the target virtual machine. Associating one or more client addresses with an address associated with the target virtual machine based on the list of sessions. And, treating the target virtual machine as the serving virtual machine if processing sessions associated with the list of sessions.

    摘要翻译: 提供了一种云计算环境中过载控制的方法和装置。 该方法包括从与云计算环境相关联的网络元件接收第一消息。 第一消息包括与目标虚拟机相关联的信息以及来自一个或多个会话的从服务虚拟机移动到目标虚拟机的会话列表。 基于会话列表,将一个或多个客户端地址与与目标虚拟机相关联的地址相关联。 并且,如果处理与会话列表相关联的会话,则将目标虚拟机视为服务虚拟机。

    Apparatus and method for providing a fluid security layer
    8.
    发明授权
    Apparatus and method for providing a fluid security layer 有权
    用于提供流体安全层的装置和方法

    公开(公告)号:US09548962B2

    公开(公告)日:2017-01-17

    申请号:US13469176

    申请日:2012-05-11

    IPC分类号: H04L29/06

    CPC分类号: H04L63/0263 H04L63/20

    摘要: A security management capability enables migration of individual security rules between storage/application locations. The migration of a security rule may include selection of a location at which the security rule is to be applied and migration of the security rule to the selected location at which the security rule is to be applied. The selection of the location at which the security rule is to be applied may be performed based on security rule policies and/or security rule location selection information. The security rule is migrated from a current location (e.g., a location at which the security rule is currently applied, a management system, or the like) to the selected location at which the security rule is to be applied. In this manner, a fluid security layer may be provided. The fluid security layer may be optimized for one or more of security level, performance, cost, or the like.

    摘要翻译: 安全管理功能可以在存储/应用程序位置之间迁移各个安全规则。 安全规则的迁移可以包括选择要应用安全规则的位置,以及将安全规则迁移到要应用安全规则的所选择的位置。 可以基于安全规则策略和/或安全规则位置选择信息来执行对应用安全规则的位置的选择。 安全规则从当前位置(例如,当前应用安全规则的位置,管理系统等)迁移到要应用安全规则的所选择的位置。 以这种方式,可以提供流体安全层。 可以针对安全级别,性能,成本等中的一个或多个优化流体安全层。

    APPARATUS AND METHOD FOR PROVIDING A FLUID SECURITY LAYER
    9.
    发明申请
    APPARATUS AND METHOD FOR PROVIDING A FLUID SECURITY LAYER 有权
    提供流体安全层的装置和方法

    公开(公告)号:US20130305311A1

    公开(公告)日:2013-11-14

    申请号:US13469176

    申请日:2012-05-11

    IPC分类号: G06F21/00

    CPC分类号: H04L63/0263 H04L63/20

    摘要: A security management capability enables migration of individual security rules between storage/application locations. The migration of a security rule may include selection of a location at which the security rule is to be applied and migration of the security rule to the selected location at which the security rule is to be applied. The selection of the location at which the security rule is to be applied may be performed based on security rule policies and/or security rule location selection information. The security rule is migrated from a current location (e.g., a location at which the security rule is currently applied, a management system, or the like) to the selected location at which the security rule is to be applied. In this manner, a fluid security layer may be provided. The fluid security layer may be optimized for one or more of security level, performance, cost, or the like.

    摘要翻译: 安全管理功能可以在存储/应用程序位置之间迁移各个安全规则。 安全规则的迁移可以包括选择要应用安全规则的位置,以及将安全规则迁移到要应用安全规则的所选择的位置。 可以基于安全规则策略和/或安全规则位置选择信息来执行对应用安全规则的位置的选择。 安全规则从当前位置(例如,当前应用安全规则的位置,管理系统等)迁移到要应用安全规则的所选择的位置。 以这种方式,可以提供流体安全层。 可以针对安全级别,性能,成本等中的一个或多个优化流体安全层。

    METHOD FOR PROTECTING A TELECOMMUNICATION NETWORK AND SECURE ROUTER IMPLEMENTING SUCH A METHOD
    10.
    发明申请
    METHOD FOR PROTECTING A TELECOMMUNICATION NETWORK AND SECURE ROUTER IMPLEMENTING SUCH A METHOD 有权
    保护电信网络和安全路由器的方法实施这种方法

    公开(公告)号:US20120102330A1

    公开(公告)日:2012-04-26

    申请号:US13375127

    申请日:2010-04-22

    IPC分类号: H04L9/32 H04L29/06

    摘要: This invention pertains to a method for protecting a telecommunication network comprising at least one secure router (100) equipped with a topology map (103) of that network in order to determine the intermediate routers which constitute an optimal pathway for routing information, said secure router and said intermediate routers generating this topological map by sharing the lists of links (LSA1, LSA2, LSAn) using a communications protocol, characterized in that the secure router (100) performs the following steps: The step (109) of calculating and then saving, when a list of links (LSA1, LSA2, . . . LSAn) is received, at least one receiving fingerprint (hash(LSA1), hash(LSA2), . . . hash(LSAn)) of the lists received (LSA1, LSA2, . . . LSAn), The step (120) of calculating and then saving, when a list of links (LSA′1, LSA′2, . . . LSA′n) is transmitted, at least one sending fingerprint (hash(LSA′1), hash(LSA′2), . . . hash(LSA′n)) of the lists to be transmitted, and The step of comparing the receiving fingerprint (hash(LSA1), hash(LSA2), . . . hash(LSAn)) to the sending fingerprint (hash(LSA′1), hash(LSA′2), . . . hash(LSA′n) such that the sending of a list of links (LSA1, LSA2, LSAn) is inhibited if the receiving fingerprint is different from the sending fingerprint.

    摘要翻译: 本发明涉及一种用于保护电信网络的方法,该电信网络包括配备有该网络的拓扑图(103)的至少一个安全路由器(100),以便确定构成用于路由信息的最佳路径的中间路由器,所述安全路由器 并且所述中间路由器通过使用通信协议共享链路列表(LSA1,LSA2,LSAn)来生成该拓扑图,其特征在于,安全路由器(100)执行以下步骤:计算然后保存的步骤(109) 当接收到链路列表(LSA1,LSA2,...,LSAn)时,接收到的列表中的至少一个接收指纹(散列(LSA1),散列(LSA2),...,散列(LSAn))) LSA2,... LSAn),当发送链路列表(LSA'1,LSA'2,...,LSA'n)时,计算并保存的步骤(120)至少一个发送指纹(散列 (LSA'1),散列(LSA'2),...散列(LSA'n)),并且步骤 比较接收指纹(散列(LSA1),散列(LSA2))。 。 。 散列(LSAn))发送到发送指纹(散列(LSA'1),散列(LSA'2),...哈希(LSA'n)),使得发送链路列表(LSA1,LSA2,LSAn) 如果接收的指纹与发送指纹不同,则会被禁止。