-
公开(公告)号:US08504879B2
公开(公告)日:2013-08-06
申请号:US10701154
申请日:2003-11-03
IPC分类号: G06F11/00
CPC分类号: H04L63/1425 , H04L41/064 , H04L43/0811 , H04L63/145 , H04L63/1458
摘要: A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The aggregator runs processes that determine network events from aggregating of anomalies into network events.
摘要翻译: 描述了一种用于检测网络中的网络入侵和其他条件的系统。 该系统包括多个收集器装置,其被设置为收集关于在网络上的节点之间发送的分组的数据和统计信息。 设置聚合器装置以从多个收集器装置接收数据和统计信息。 聚合器设备产生连接表,其将网络上的每个节点映射到存储关于到节点或从节点的流量的信息的记录。 聚合器运行确定网络事件的过程,从异常聚合到网络事件。
-
公开(公告)号:US07929534B2
公开(公告)日:2011-04-19
申请号:US10880333
申请日:2004-06-28
IPC分类号: H04L12/28
CPC分类号: H04L41/0893 , H04L41/0233 , H04L41/06 , H04L43/0811 , H04L43/12 , H04L63/1425
摘要: A plurality of flow collector devices is disposed to collect flow information on a network. Duplicate flow records received from the flow collectors are eliminated by determining whether a pair of flow records has the same, source and destination flow identifiers and were received within a predefined time-period. Non-duplicated flow records received from the plurality of flow collector devices are stored and used to produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node from non-duplicated flow records. The connection table stores statistical information of packets on the network based on a time-slice basis.
摘要翻译: 设置多个集流装置以收集网络上的流量信息。 通过确定一对流记录是否具有相同的源和目标流标识符并且在预定义的时间段内被接收来消除从流收集器接收的重复的流记录。 从多个流收集器装置接收到的不重复的流记录被存储并用于产生连接表,其将网络上的每个节点映射到存储关于来自非重复流记录的节点的流量的信息的记录。 连接表基于时间片存储在网络上的分组的统计信息。
-
公开(公告)号:US07664963B2
公开(公告)日:2010-02-16
申请号:US10702073
申请日:2003-11-03
IPC分类号: G06F11/30 , G06F15/173 , H04L29/06
CPC分类号: H04L63/1425
摘要: A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The aggregator runs processes that determine network events from aggregating of anomalies into network events.
摘要翻译: 描述了一种用于检测网络中的网络入侵和其他条件的系统。 该系统包括多个收集器装置,其被设置为收集关于在网络上的节点之间发送的分组的数据和统计信息。 设置聚合器装置以从多个收集器装置接收数据和统计信息。 聚合器设备产生连接表,其将网络上的每个节点映射到存储关于到节点或从节点的流量的信息的记录。 聚合器运行确定网络事件的过程,从异常聚合到网络事件。
-
公开(公告)号:US07743415B2
公开(公告)日:2010-06-22
申请号:US10066232
申请日:2002-01-31
IPC分类号: H04L29/06
CPC分类号: H04L63/1408 , H04L63/1425 , H04L63/1458
摘要: A system architecture for thwarting denial of service attacks on a victim data center is described. The system includes a first plurality of data monitors that monitor network traffic flow through the network. The first plurality of monitors is disposed at a second plurality of points in the network. The system includes a central controller that receives data from the plurality of monitors, over a hardened, redundant network. The central controller analyzes network traffic statistics to identify malicious network traffic. In one embodiment, a gateway device is disposed to pass network packets between the network and the victim site. The gateway includes a computing device executing a process to build a histogram for any attribute or function of an attribute of network packets and a process to determine if the values of the attribute exceed normal, threshold values expected for the attribute to indicate an attack on the site.
摘要翻译: 描述了用于阻止对受害者数据中心的拒绝服务攻击的系统架构。 该系统包括第一多个数据监视器,其监视通过网络的网络业务流。 第一多个监视器被布置在网络中的第二多个点处。 该系统包括通过硬化的冗余网络从多个监视器接收数据的中央控制器。 中央控制器分析网络流量统计信息,识别恶意网络流量。 在一个实施例中,设置网关设备以在网络和受害者站点之间传递网络分组。 网关包括执行用于为网络分组的属性的任何属性或功能建立直方图的过程的计算设备和确定属性的值是否超过正常的过程,该属性预期的指示对 现场。
-
公开(公告)号:US08479057B2
公开(公告)日:2013-07-02
申请号:US10701356
申请日:2003-11-03
IPC分类号: G06F11/00
CPC分类号: H04L41/0893 , H04L41/0233 , H04L41/0631 , H04L41/0681 , H04L41/12 , H04L41/22 , H04L43/0811 , H04L63/1416 , H04L63/1425 , H04L63/1458
摘要: A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The aggregator runs processes that determine network events from aggregating of anomalies into network events.
摘要翻译: 描述了一种用于检测网络中的网络入侵和其他条件的系统。 该系统包括多个收集器装置,其被设置为收集关于在网络上的节点之间发送的分组的数据和统计信息。 设置聚合器装置以从多个收集器装置接收数据和统计信息。 聚合器设备产生连接表,其将网络上的每个节点映射到存储关于到节点或从节点的流量的信息的记录。 聚合器运行确定网络事件的过程,从异常聚合到网络事件。
-
公开(公告)号:US07278159B2
公开(公告)日:2007-10-02
申请号:US09931291
申请日:2001-08-16
申请人: Marinus Frans Kaashoek , Edward W. Kohler, Jr. , Massimiliano Antonio Poletto , Robert T. Morris
发明人: Marinus Frans Kaashoek , Edward W. Kohler, Jr. , Massimiliano Antonio Poletto , Robert T. Morris
CPC分类号: H04L63/1408 , H04L43/00 , H04L43/026 , H04L43/16 , H04L63/1416 , H04L63/1458 , H04L2463/102
摘要: A system architecture for thwarting denial of service attacks on a victim data center is described. The system includes a first plurality of monitors that monitor network traffic flow through the network. The first plurality of monitors is disposed at a second plurality of points in the network. The system includes a central controller that receives data from the plurality of monitors, over a hardened, redundant network. The central controller analyzes network traffic statistics to identify malicious network traffic. In some embodiments of the system, a gateway device is disposed to pass network packets between the network and the victim site. The gateway is disposed to protect the victim site, and is coupled to the control center by the redundant hardened network.
摘要翻译: 描述了用于阻止对受害者数据中心的拒绝服务攻击的系统架构。 该系统包括第一多个监视器,其监视通过网络的网络业务流。 第一多个监视器被布置在网络中的第二多个点处。 该系统包括通过硬化的冗余网络从多个监视器接收数据的中央控制器。 中央控制器分析网络流量统计信息,识别恶意网络流量。 在系统的一些实施例中,设置网关设备以在网络和受害者站点之间传递网络分组。 网关被设置为保护受害者站点,并通过冗余硬化网络耦合到控制中心。
-
公开(公告)号:US07043759B2
公开(公告)日:2006-05-09
申请号:US09931561
申请日:2001-08-16
CPC分类号: H04L63/1408 , H04L43/00 , H04L43/022 , H04L43/026 , H04L43/16 , H04L63/1416 , H04L63/1458 , H04L2463/102
摘要: A system architecture for thwarting denial of service attacks on a victim data center is described. The system includes a first plurality of monitors that monitor network traffic flow through the network. The first plurality of monitors is disposed at a second plurality of points in the network. The system includes a central controller that receives data from the plurality of monitors, over a hardened, redundant network. The central controller analyzes network traffic statistics to identify malicious network traffic. In some embodiments of the system, a gateway device is disposed to pass network packets between the network and the victim site. The gateway is disposed to protect the victim site, and is coupled to the control center by the redundant hardened network.
-
公开(公告)号:US07743134B2
公开(公告)日:2010-06-22
申请号:US09931487
申请日:2001-08-16
IPC分类号: G06F15/173
CPC分类号: H04L63/1408 , H04L43/00 , H04L63/1416 , H04L63/1458 , H04L63/1466 , H04L2463/102
摘要: A system architecture for thwarting denial of service attacks on a victim data center is described. The system includes a first plurality of monitors that monitor network traffic flow through the network. The first plurality of monitors is disposed at a second plurality of points in the network. The system includes a central controller that receives data from the plurality of monitors, over a hardened, redundant network. The central controller analyzes network traffic statistics to identify malicious network traffic. In some embodiments of the system, a gateway device is disposed to pass network packets between the network and the victim site. The gateway is disposed to protect the victim site, and is coupled to the control center by the redundant hardened network.
摘要翻译: 描述了用于阻止对受害者数据中心的拒绝服务攻击的系统架构。 该系统包括第一多个监视器,其监视通过网络的网络业务流。 第一多个监视器被布置在网络中的第二多个点处。 该系统包括通过硬化的冗余网络从多个监视器接收数据的中央控制器。 中央控制器分析网络流量统计信息,识别恶意网络流量。 在系统的一些实施例中,设置网关设备以在网络和受害者站点之间传递网络分组。 网关被设置为保护受害者站点,并通过冗余硬化网络耦合到控制中心。
-
公开(公告)号:US07124440B2
公开(公告)日:2006-10-17
申请号:US09931558
申请日:2001-08-16
IPC分类号: G06F11/30
CPC分类号: H04L63/1408 , H04L43/00 , H04L43/022 , H04L43/026 , H04L43/106 , H04L43/16 , H04L63/1416 , H04L63/1458 , H04L2463/102
摘要: A system architecture for thwarting denial of service attacks on a victim data center is described. The system includes a first plurality of monitors that monitor network traffic flow through the network. The first plurality of monitors is disposed at a second plurality of points in the network. The system includes a central controller that receives data from the plurality of monitors, over a hardened, redundant network. The central controller analyzes network traffic statistics to identify malicious network traffic. In some embodiments of the system, a gateway device is disposed to pass network packets between the network and the victim site. The gateway is disposed to protect the victim site, and is coupled to the control center by the redundant hardened network.
-
10.
公开(公告)号:US07836498B2
公开(公告)日:2010-11-16
申请号:US09931344
申请日:2001-08-16
IPC分类号: H04L9/00
CPC分类号: H04L63/1408 , H04L43/00 , H04L43/026 , H04L43/16 , H04L63/1416 , H04L63/1458 , H04L2463/102
摘要: A system architecture for thwarting denial of service attacks on a victim data center is described. The system includes a first plurality of monitors that monitor network traffic flow through the network. The first plurality of monitors is disposed at a second plurality of points in the network. The system includes a central controller that receives data from the plurality of monitors, over a hardened, redundant network. The central controller analyzes network traffic statistics to identify malicious network traffic. In some embodiments of the system, a gateway device is disposed to pass network packets between the network and the victim site. The gateway is disposed to protect the victim site, and is coupled to the control center by the redundant hardened network.
摘要翻译: 描述了用于阻止对受害者数据中心的拒绝服务攻击的系统架构。 该系统包括第一多个监视器,其监视通过网络的网络业务流。 第一多个监视器被布置在网络中的第二多个点处。 该系统包括通过硬化的冗余网络从多个监视器接收数据的中央控制器。 中央控制器分析网络流量统计信息,识别恶意网络流量。 在系统的一些实施例中,设置网关设备以在网络和受害者站点之间传递网络分组。 网关被设置为保护受害者站点,并通过冗余硬化网络耦合到控制中心。
-
-
-
-
-
-
-
-
-