-
公开(公告)号:US07827272B2
公开(公告)日:2010-11-02
申请号:US10701155
申请日:2003-11-03
IPC分类号: G06F15/173 , G06F15/16 , G06F12/16
CPC分类号: H04L41/0893 , H04L41/0213 , H04L41/12 , H04L43/00 , H04L43/06 , H04L43/0894 , H04L43/16 , H04L63/1425
摘要: A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The aggregator runs processes that determine network events from aggregating of anomalies into network events.
摘要翻译: 描述了一种用于检测网络中的网络入侵和其他条件的系统。 该系统包括多个收集器装置,其被设置为收集关于在网络上的节点之间发送的分组的数据和统计信息。 设置聚合器装置以从多个收集器装置接收数据和统计信息。 聚合器设备产生连接表,其将网络上的每个节点映射到存储关于到节点或从节点的流量的信息的记录。 聚合器运行确定网络事件的过程,从异常聚合到网络事件。
-
公开(公告)号:US07929534B2
公开(公告)日:2011-04-19
申请号:US10880333
申请日:2004-06-28
IPC分类号: H04L12/28
CPC分类号: H04L41/0893 , H04L41/0233 , H04L41/06 , H04L43/0811 , H04L43/12 , H04L63/1425
摘要: A plurality of flow collector devices is disposed to collect flow information on a network. Duplicate flow records received from the flow collectors are eliminated by determining whether a pair of flow records has the same, source and destination flow identifiers and were received within a predefined time-period. Non-duplicated flow records received from the plurality of flow collector devices are stored and used to produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node from non-duplicated flow records. The connection table stores statistical information of packets on the network based on a time-slice basis.
摘要翻译: 设置多个集流装置以收集网络上的流量信息。 通过确定一对流记录是否具有相同的源和目标流标识符并且在预定义的时间段内被接收来消除从流收集器接收的重复的流记录。 从多个流收集器装置接收到的不重复的流记录被存储并用于产生连接表,其将网络上的每个节点映射到存储关于来自非重复流记录的节点的流量的信息的记录。 连接表基于时间片存储在网络上的分组的统计信息。
-
公开(公告)号:US08504879B2
公开(公告)日:2013-08-06
申请号:US10701154
申请日:2003-11-03
IPC分类号: G06F11/00
CPC分类号: H04L63/1425 , H04L41/064 , H04L43/0811 , H04L63/145 , H04L63/1458
摘要: A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The aggregator runs processes that determine network events from aggregating of anomalies into network events.
摘要翻译: 描述了一种用于检测网络中的网络入侵和其他条件的系统。 该系统包括多个收集器装置,其被设置为收集关于在网络上的节点之间发送的分组的数据和统计信息。 设置聚合器装置以从多个收集器装置接收数据和统计信息。 聚合器设备产生连接表,其将网络上的每个节点映射到存储关于到节点或从节点的流量的信息的记录。 聚合器运行确定网络事件的过程,从异常聚合到网络事件。
-
公开(公告)号:US07743415B2
公开(公告)日:2010-06-22
申请号:US10066232
申请日:2002-01-31
IPC分类号: H04L29/06
CPC分类号: H04L63/1408 , H04L63/1425 , H04L63/1458
摘要: A system architecture for thwarting denial of service attacks on a victim data center is described. The system includes a first plurality of data monitors that monitor network traffic flow through the network. The first plurality of monitors is disposed at a second plurality of points in the network. The system includes a central controller that receives data from the plurality of monitors, over a hardened, redundant network. The central controller analyzes network traffic statistics to identify malicious network traffic. In one embodiment, a gateway device is disposed to pass network packets between the network and the victim site. The gateway includes a computing device executing a process to build a histogram for any attribute or function of an attribute of network packets and a process to determine if the values of the attribute exceed normal, threshold values expected for the attribute to indicate an attack on the site.
摘要翻译: 描述了用于阻止对受害者数据中心的拒绝服务攻击的系统架构。 该系统包括第一多个数据监视器,其监视通过网络的网络业务流。 第一多个监视器被布置在网络中的第二多个点处。 该系统包括通过硬化的冗余网络从多个监视器接收数据的中央控制器。 中央控制器分析网络流量统计信息,识别恶意网络流量。 在一个实施例中,设置网关设备以在网络和受害者站点之间传递网络分组。 网关包括执行用于为网络分组的属性的任何属性或功能建立直方图的过程的计算设备和确定属性的值是否超过正常的过程,该属性预期的指示对 现场。
-
公开(公告)号:US07664963B2
公开(公告)日:2010-02-16
申请号:US10702073
申请日:2003-11-03
IPC分类号: G06F11/30 , G06F15/173 , H04L29/06
CPC分类号: H04L63/1425
摘要: A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The aggregator runs processes that determine network events from aggregating of anomalies into network events.
摘要翻译: 描述了一种用于检测网络中的网络入侵和其他条件的系统。 该系统包括多个收集器装置,其被设置为收集关于在网络上的节点之间发送的分组的数据和统计信息。 设置聚合器装置以从多个收集器装置接收数据和统计信息。 聚合器设备产生连接表,其将网络上的每个节点映射到存储关于到节点或从节点的流量的信息的记录。 聚合器运行确定网络事件的过程,从异常聚合到网络事件。
-
公开(公告)号:US08479057B2
公开(公告)日:2013-07-02
申请号:US10701356
申请日:2003-11-03
IPC分类号: G06F11/00
CPC分类号: H04L41/0893 , H04L41/0233 , H04L41/0631 , H04L41/0681 , H04L41/12 , H04L41/22 , H04L43/0811 , H04L63/1416 , H04L63/1425 , H04L63/1458
摘要: A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The aggregator runs processes that determine network events from aggregating of anomalies into network events.
摘要翻译: 描述了一种用于检测网络中的网络入侵和其他条件的系统。 该系统包括多个收集器装置,其被设置为收集关于在网络上的节点之间发送的分组的数据和统计信息。 设置聚合器装置以从多个收集器装置接收数据和统计信息。 聚合器设备产生连接表,其将网络上的每个节点映射到存储关于到节点或从节点的流量的信息的记录。 聚合器运行确定网络事件的过程,从异常聚合到网络事件。
-
公开(公告)号:US20050286423A1
公开(公告)日:2005-12-29
申请号:US10880333
申请日:2004-06-28
CPC分类号: H04L41/0893 , H04L41/0233 , H04L41/06 , H04L43/0811 , H04L43/12 , H04L63/1425
摘要: A plurality of flow collector devices is disposed to collect flow information on a network. Duplicate flow records received from the flow collectors are eliminated by determining whether a pair of flow records has the same, source and destination flow identifiers and were received within a predefined time-period. Non-duplicated flow records received from the plurality of flow collector devices are stored and used to produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node from non-duplicated flow records. The connection table stores statistical information of packets on the network based on a time-slice basis.
摘要翻译: 设置多个集流装置以收集网络上的流量信息。 通过确定一对流记录是否具有相同的源和目标流标识符并且在预定义的时间段内被接收来消除从流收集器接收的重复的流记录。 从多个流收集器装置接收到的不重复的流记录被存储并用于产生连接表,其将网络上的每个节点映射到存储关于来自非重复流记录的节点的流量的信息的记录。 连接表基于时间片存储在网络上的分组的统计信息。
-
公开(公告)号:US20100031156A1
公开(公告)日:2010-02-04
申请号:US12266054
申请日:2008-11-06
申请人: David Paul Doyle , Yan Shepetovskiy , Andrew Ratin , Prem K. Gopalan , Bryan Thomas Elverson , Christopher James White , Dimitri Stratton Vlachos , Glenn A. Brewer, III
发明人: David Paul Doyle , Yan Shepetovskiy , Andrew Ratin , Prem K. Gopalan , Bryan Thomas Elverson , Christopher James White , Dimitri Stratton Vlachos , Glenn A. Brewer, III
IPC分类号: G06F3/01
CPC分类号: H04L43/022 , H04L41/142 , H04L41/147 , H04L43/045 , H04L43/067 , H04L43/0876 , H04L47/127
摘要: According to an aspect of the invention, a system and method is configured to generate a user interface to display information about time series outliers in network traffic.
摘要翻译: 根据本发明的一个方面,一种系统和方法被配置为产生用于显示关于网络流量中的时间序列异常值的信息的用户界面。
-
公开(公告)号:US20100027432A1
公开(公告)日:2010-02-04
申请号:US12266081
申请日:2008-11-06
IPC分类号: H04L12/26
CPC分类号: H04L43/022 , H04L41/142 , H04L41/147 , H04L43/045 , H04L43/067 , H04L43/0876 , H04L47/127
摘要: According to an aspect of the invention, a system and method is onfigured to generate impact scores based on observed network traffic.
摘要翻译: 根据本发明的一个方面,一种系统和方法被配置成基于观察到的网络流量产生影响分数。
-
公开(公告)号:US08472328B2
公开(公告)日:2013-06-25
申请号:US12266081
申请日:2008-11-06
IPC分类号: H04L12/28
CPC分类号: H04L43/022 , H04L41/142 , H04L41/147 , H04L43/045 , H04L43/067 , H04L43/0876 , H04L47/127
摘要: Some embodiments of the present invention provide systems and methods for detecting anomalies in network traffic. Some embodiments detect anomalies based on time-series activity in network traffic. Upon detection of an anomaly, significant changes can be analyzed to identify abnormal changes in network traffic across different network entities. The identified changes can then be used to determine the cause and the impact of the detected anomaly on the network traffic.
摘要翻译: 本发明的一些实施例提供用于检测网络业务异常的系统和方法。 一些实施例基于网络业务中的时间序列活动来检测异常。 在检测到异常时,可以分析显着的变化,以识别跨不同网络实体的网络流量的异常变化。 然后可以使用所识别的更改来确定检测到的异常对网络流量的原因和影响。
-
-
-
-
-
-
-
-
-
搜索结果
10 条记录 (耗时 0.024 秒)
