-
公开(公告)号:US07657934B2
公开(公告)日:2010-02-02
申请号:US10066252
申请日:2002-01-31
IPC分类号: H04L9/00
CPC分类号: H04L63/1408 , H04L63/1425 , H04L63/1458
摘要: A monitoring device is disposed to thwart denial of service attacks on a data center. The monitoring device is a device that collects statistical information on packets that are sent between a network and the data center for a plurality of customers by examining traffic as if the device was disposed on links that are downstream from links that the provisioned monitor is disposed on.
摘要翻译: 设置监控设备以阻止对数据中心的拒绝服务攻击。 监视装置是通过检查流量来收集关于在多个客户的网络和数据中心之间发送的分组的统计信息的装置,就好像该设备被布置在所配置的监视器所在的链路的下游的链路上 。
-
公开(公告)号:US08191136B2
公开(公告)日:2012-05-29
申请号:US10701381
申请日:2003-11-03
IPC分类号: H04L29/06
CPC分类号: H04L41/0893 , H04L41/0213 , H04L41/22 , H04L43/06 , H04L43/0894 , H04L43/16 , H04L63/1458
摘要: A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The aggregator runs processes that determine network events from aggregating of anomalies into network events.
摘要翻译: 描述了一种用于检测网络中的网络入侵和其他条件的系统。 该系统包括多个收集器装置,其被设置为收集关于在网络上的节点之间发送的分组的数据和统计信息。 设置聚合器装置以从多个收集器装置接收数据和统计信息。 聚合器设备产生连接表,其将网络上的每个节点映射到存储关于到节点或从节点的流量的信息的记录。 聚合器运行确定网络事件的过程,从异常聚合到网络事件。
-
公开(公告)号:US07827272B2
公开(公告)日:2010-11-02
申请号:US10701155
申请日:2003-11-03
IPC分类号: G06F15/173 , G06F15/16 , G06F12/16
CPC分类号: H04L41/0893 , H04L41/0213 , H04L41/12 , H04L43/00 , H04L43/06 , H04L43/0894 , H04L43/16 , H04L63/1425
摘要: A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The aggregator runs processes that determine network events from aggregating of anomalies into network events.
摘要翻译: 描述了一种用于检测网络中的网络入侵和其他条件的系统。 该系统包括多个收集器装置,其被设置为收集关于在网络上的节点之间发送的分组的数据和统计信息。 设置聚合器装置以从多个收集器装置接收数据和统计信息。 聚合器设备产生连接表,其将网络上的每个节点映射到存储关于到节点或从节点的流量的信息的记录。 聚合器运行确定网络事件的过程,从异常聚合到网络事件。
-
公开(公告)号:US07461404B2
公开(公告)日:2008-12-02
申请号:US10701400
申请日:2003-11-03
IPC分类号: G06F12/14
CPC分类号: H04L63/1408 , H04L63/1416 , H04L69/16 , H04L69/166
摘要: A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The aggregator runs processes that determine network events from aggregating of anomalies into network events.
摘要翻译: 描述了一种用于检测网络中的网络入侵和其他条件的系统。 该系统包括多个收集器装置,其被设置为收集关于在网络上的节点之间发送的分组的数据和统计信息。 设置聚合器装置以从多个收集器装置接收数据和统计信息。 聚合器设备产生连接表,其将网络上的每个节点映射到存储关于到节点或从节点的流量的信息的记录。 聚合器运行确定网络事件的过程,从异常聚合到网络事件。
-
公开(公告)号:US07929534B2
公开(公告)日:2011-04-19
申请号:US10880333
申请日:2004-06-28
IPC分类号: H04L12/28
CPC分类号: H04L41/0893 , H04L41/0233 , H04L41/06 , H04L43/0811 , H04L43/12 , H04L63/1425
摘要: A plurality of flow collector devices is disposed to collect flow information on a network. Duplicate flow records received from the flow collectors are eliminated by determining whether a pair of flow records has the same, source and destination flow identifiers and were received within a predefined time-period. Non-duplicated flow records received from the plurality of flow collector devices are stored and used to produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node from non-duplicated flow records. The connection table stores statistical information of packets on the network based on a time-slice basis.
摘要翻译: 设置多个集流装置以收集网络上的流量信息。 通过确定一对流记录是否具有相同的源和目标流标识符并且在预定义的时间段内被接收来消除从流收集器接收的重复的流记录。 从多个流收集器装置接收到的不重复的流记录被存储并用于产生连接表,其将网络上的每个节点映射到存储关于来自非重复流记录的节点的流量的信息的记录。 连接表基于时间片存储在网络上的分组的统计信息。
-
公开(公告)号:US07716737B2
公开(公告)日:2010-05-11
申请号:US10701404
申请日:2003-11-03
CPC分类号: H04L41/0893 , H04L29/12009 , H04L29/12018 , H04L41/065 , H04L43/00 , H04L43/0811 , H04L61/10 , H04L63/1416 , H04L63/1458
摘要: A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The aggregator runs processes that determine network events from aggregating of anomalies into network events.
摘要翻译: 描述了一种用于检测网络中的网络入侵和其他条件的系统。 该系统包括多个收集器装置,其被设置为收集关于在网络上的节点之间发送的分组的数据和统计信息。 设置聚合器装置以从多个收集器装置接收数据和统计信息。 聚合器设备产生连接表,其将网络上的每个节点映射到存储关于到节点或从节点的流量的信息的记录。 聚合器运行确定网络事件的过程,从异常聚合到网络事件。
-
公开(公告)号:US08504879B2
公开(公告)日:2013-08-06
申请号:US10701154
申请日:2003-11-03
IPC分类号: G06F11/00
CPC分类号: H04L63/1425 , H04L41/064 , H04L43/0811 , H04L63/145 , H04L63/1458
摘要: A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The aggregator runs processes that determine network events from aggregating of anomalies into network events.
摘要翻译: 描述了一种用于检测网络中的网络入侵和其他条件的系统。 该系统包括多个收集器装置,其被设置为收集关于在网络上的节点之间发送的分组的数据和统计信息。 设置聚合器装置以从多个收集器装置接收数据和统计信息。 聚合器设备产生连接表,其将网络上的每个节点映射到存储关于到节点或从节点的流量的信息的记录。 聚合器运行确定网络事件的过程,从异常聚合到网络事件。
-
公开(公告)号:US07706273B2
公开(公告)日:2010-04-27
申请号:US10955450
申请日:2004-09-30
IPC分类号: H04L12/26
CPC分类号: H04L63/0218 , H04L63/145 , H04L63/1458
摘要: Techniques for tracking dynamically negotiated port connections in a network include collecting statistical information on packets that are sent between nodes on a network, inspecting packets of control connections to detect payload fragments that denote ephemeral port negotiation and producing a mapping from a ephemeral connection flow_id to a control connection flow_id. The techniques also include checking the flow_id to see whether a flow record maps to a control connection.
摘要翻译: 用于跟踪网络中动态协商的端口连接的技术包括收集关于在网络上的节点之间发送的分组的统计信息,检查控制连接的分组以检测表示短暂端口协商的有效载荷片段,并产生从短暂连接flow_id到 控制连接flow_id。 这些技术还包括检查flow_id以查看流记录是否映射到控制连接。
-
公开(公告)号:US07743415B2
公开(公告)日:2010-06-22
申请号:US10066232
申请日:2002-01-31
IPC分类号: H04L29/06
CPC分类号: H04L63/1408 , H04L63/1425 , H04L63/1458
摘要: A system architecture for thwarting denial of service attacks on a victim data center is described. The system includes a first plurality of data monitors that monitor network traffic flow through the network. The first plurality of monitors is disposed at a second plurality of points in the network. The system includes a central controller that receives data from the plurality of monitors, over a hardened, redundant network. The central controller analyzes network traffic statistics to identify malicious network traffic. In one embodiment, a gateway device is disposed to pass network packets between the network and the victim site. The gateway includes a computing device executing a process to build a histogram for any attribute or function of an attribute of network packets and a process to determine if the values of the attribute exceed normal, threshold values expected for the attribute to indicate an attack on the site.
摘要翻译: 描述了用于阻止对受害者数据中心的拒绝服务攻击的系统架构。 该系统包括第一多个数据监视器,其监视通过网络的网络业务流。 第一多个监视器被布置在网络中的第二多个点处。 该系统包括通过硬化的冗余网络从多个监视器接收数据的中央控制器。 中央控制器分析网络流量统计信息,识别恶意网络流量。 在一个实施例中,设置网关设备以在网络和受害者站点之间传递网络分组。 网关包括执行用于为网络分组的属性的任何属性或功能建立直方图的过程的计算设备和确定属性的值是否超过正常的过程,该属性预期的指示对 现场。
-
公开(公告)号:US07664963B2
公开(公告)日:2010-02-16
申请号:US10702073
申请日:2003-11-03
IPC分类号: G06F11/30 , G06F15/173 , H04L29/06
CPC分类号: H04L63/1425
摘要: A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The aggregator runs processes that determine network events from aggregating of anomalies into network events.
摘要翻译: 描述了一种用于检测网络中的网络入侵和其他条件的系统。 该系统包括多个收集器装置,其被设置为收集关于在网络上的节点之间发送的分组的数据和统计信息。 设置聚合器装置以从多个收集器装置接收数据和统计信息。 聚合器设备产生连接表,其将网络上的每个节点映射到存储关于到节点或从节点的流量的信息的记录。 聚合器运行确定网络事件的过程,从异常聚合到网络事件。
-
-
-
-
-
-
-
-
-
搜索结果
25 条记录 (耗时 0.02 秒)
