Local area network resource manager
    1.
    发明授权
    Local area network resource manager 有权
    局域网资源管理员

    公开(公告)号:US07349378B2

    公开(公告)日:2008-03-25

    申请号:US10370719

    申请日:2003-02-24

    IPC分类号: H04Q7/24 H04L12/43 H04J3/16

    摘要: Aspects of the invention provide a method and system for managing or coordinating data transmission in a Local Area Network (LAN) such that Quality of Service (QoS) concerns are met. A LAN resource manager (LRM) is provided for managing the LAN resources by providing solutions for providing users with several levels of QoS. Once the LRM admits a user at a certain QoS level, the level is assured within the LAN for as long as the user is in the LAN. A user may submit a request to transmit data to the LRM. The LRM may determine if time allocation is possible and allocate the time slots for data transmission. The LRM may send time slot allocation information to an Access Server in a LAN, which may inform the user of the time slot allocation and prepare a queue according to the slot allocation information.

    摘要翻译: 本发明的方面提供了一种用于管理或协调局域网(LAN)中的数据传输的方法和系统,使得满足服务质量(QoS)关注。 提供LAN资源管理器(LRM),用于通过为用户提供多个QoS级别的解决方案来管理LAN资源。 一旦LRM以某个QoS级别承认用户,只要用户在LAN中,该级别就可以在LAN内得到保证。 用户可以向LRM提交发送数据的请求。 LRM可以确定时间分配是否可能并且分配用于数据传输的时隙。 LRM可以向LAN中的接入服务器发送时隙分配信息,这可以通知用户时隙分配,并根据时隙分配信息准备一个队列。

    Method, Apparatus and Program for Detecting Spoofed Network Traffic
    2.
    发明申请
    Method, Apparatus and Program for Detecting Spoofed Network Traffic 有权
    用于检测欺骗性网络流量的方法,装置和程序

    公开(公告)号:US20130125235A1

    公开(公告)日:2013-05-16

    申请号:US13295553

    申请日:2011-11-14

    IPC分类号: G06F21/20

    CPC分类号: G06F21/00 H04L63/1466

    摘要: A method, an apparatus and a program for detecting spoofed Internet Protocol (IP) traffic directed to a network having a plurality of autonomous systems (AS) is provided. The method comprises receiving an incoming packet through an AS, the incoming packet containing a source IP address and a destination IP address, acquiring a corresponding source and destination IP address prefixes, converting the corresponding source and destination IP address prefixes into a source AS number and a destination AS number, determining if the incoming packet arrived from an unexpected source based upon the corresponding destination IP address prefix and the converted source and destination AS number using an unexpected pair tuple table generated from network routing information and generating an alert indicating that the incoming packet is not allowed to enter the network.

    摘要翻译: 提供了一种用于检测针对具有多个自治系统(AS)的网络的欺骗性因特网协议(IP)流量的方法,装置和程序。 该方法包括:通过AS接收输入的分组,该分组包含源IP地址和目的IP地址,获取相应的源和目的IP地址前缀,将相应的源和目的IP地址前缀转换为源AS号, 目的AS号码,根据网络路由信息生成表示基于相应的目的地IP地址前缀和转换后的源和目的地AS号码,确定传入分组是否从意外的源到达,并产生一个警报, 数据包不允许进入网络。

    METHOD AND APPARATUS FOR DETECTING SPOOFED NETWORK TRAFFIC
    3.
    发明申请
    METHOD AND APPARATUS FOR DETECTING SPOOFED NETWORK TRAFFIC 有权
    检测网络交通流量的方法和装置

    公开(公告)号:US20110271340A1

    公开(公告)日:2011-11-03

    申请号:US12769696

    申请日:2010-04-29

    IPC分类号: G06F21/00

    CPC分类号: H04L63/1416

    摘要: A method and apparatus for detecting spoofed IP network traffic is presented. A mapping table is created to indicate correlations between IP address prefixes and AS numbers, based on routing information collected from a plurality of data sources. At each interface of a target network, IP address prefixes from a training traffic flow are acquired and further converted into AS numbers based on the mapping table. An EAS (Expected Autonomous System) table is populated by the AS numbers collected for each interface. The EAS table is used to determine if an operation traffic flow is allowed to enter the network.

    摘要翻译: 提出了一种用于检测欺骗性IP网络流量的方法和装置。 基于从多个数据源收集的路由信息​​,创建映射表以指示IP地址前缀和AS号之间的相关性。 在目标网络的每个接口处,获取来自训练业务流的IP地址前缀,并根据映射表进一步转换成AS号。 EAS(预期自治系统)表由每个接口收集的AS号码填充。 EAS表用于确定操作流量是否允许进入网络。

    System and method for creating BGP route-based network traffic profiles to detect spoofed traffic
    4.
    发明授权
    System and method for creating BGP route-based network traffic profiles to detect spoofed traffic 有权
    用于创建基于BGP路由的网络流量配置文件以检测欺骗流量的系统和方法

    公开(公告)号:US08938804B2

    公开(公告)日:2015-01-20

    申请号:US13547305

    申请日:2012-07-12

    IPC分类号: H04L29/06

    CPC分类号: H04L63/1425 H04L63/1483

    摘要: An inventive system and method for creating source profiles to detect spoofed traffic comprises obtaining a routing path for data to traverse nodes using traffic profiles, each routing path comprising at least a target AS, initializing one or more AS sets with last hop ASes, enhancing the AS sets by connecting the AS sets to routers, for each enhanced AS set, filtering observed traffic flows, and using the filtered flows to associate enhanced AS sets with network monitoring points to create the source profiles. In one aspect, filtering flows comprise TCP session filtering and/or destination bogon filtering. In one aspect, the routers are border gateway protocol routers. In one aspect, the last hop ASes are one hop away from the target AS.

    摘要翻译: 用于创建源简档以检测欺骗性业务的创新系统和方法包括获得用于使用业务简档遍历节点的数据的路由路径,每个路由路径至少包括目标AS,用最后一跳ASS初始化一个或多个AS集, AS集合通过将AS集合连接到路由器,针对每个增强型AS集,过滤观察到的业务流,以及使用过滤的流将增强型AS集与网络监控点相关联以创建源简档。 在一个方面,过滤流包括TCP会话过滤和/或目的地bogon过滤。 一方面,路由器是边界网关协议路由器。 一方面,最后一跳ASs距目标AS一跳。

    Method, apparatus and program for detecting spoofed network traffic
    5.
    发明授权
    Method, apparatus and program for detecting spoofed network traffic 有权
    用于检测欺骗性网络流量的方法,装置和程序

    公开(公告)号:US08925079B2

    公开(公告)日:2014-12-30

    申请号:US13295553

    申请日:2011-11-14

    CPC分类号: G06F21/00 H04L63/1466

    摘要: A method, an apparatus and a program for detecting spoofed Internet Protocol (IP) traffic directed to a network having a plurality of autonomous systems (AS) is provided. The method comprises receiving an incoming packet through an AS, the incoming packet containing a source IP address and a destination IP address, acquiring a corresponding source and destination IP address prefixes, converting the corresponding source and destination IP address prefixes into a source AS number and a destination AS number, determining if the incoming packet arrived from an unexpected source based upon the corresponding destination IP address prefix and the converted source and destination AS number using an unexpected pair tuple table generated from network routing information and generating an alert indicating that the incoming packet is not allowed to enter the network.

    摘要翻译: 提供了一种用于检测针对具有多个自治系统(AS)的网络的欺骗性因特网协议(IP)流量的方法,装置和程序。 该方法包括:通过AS接收输入的分组,该分组包含源IP地址和目的IP地址,获取相应的源和目的IP地址前缀,将相应的源和目的IP地址前缀转换为源AS号, 目的AS号码,根据网络路由信息生成表示基于相应的目的地IP地址前缀和转换后的源和目的地AS号码,确定传入分组是否从意外的源到达,并产生一个警报, 数据包不允许进入网络。

    SYSTEM AND METHOD FOR CREATING BGP ROUTE-BASED NETWORK TRAFFIC PROFILES TO DETECT SPOOFED TRAFFIC
    6.
    发明申请
    SYSTEM AND METHOD FOR CREATING BGP ROUTE-BASED NETWORK TRAFFIC PROFILES TO DETECT SPOOFED TRAFFIC 有权
    用于创建基于路由的网络交通配置文件以检测交付流量的系统和方法

    公开(公告)号:US20140020099A1

    公开(公告)日:2014-01-16

    申请号:US13547305

    申请日:2012-07-12

    IPC分类号: H04L29/06

    CPC分类号: H04L63/1425 H04L63/1483

    摘要: An inventive system and method for creating source profiles to detect spoofed traffic comprises obtaining a routing path for data to traverse nodes using traffic profiles, each routing path comprising at least a target AS, initializing one or more AS sets with last hop ASes, enhancing the AS sets by connecting the AS sets to routers, for each enhanced AS set, filtering observed traffic flows, and using the filtered flows to associate enhanced AS sets with network monitoring points to create the source profiles. In one aspect, filtering flows comprise TCP session filtering and/or destination bogon filtering. In one aspect, the routers are border gateway protocol routers. In one aspect, the last hop ASes are one hop away from the target AS.

    摘要翻译: 用于创建源简档以检测欺骗性业务的创新系统和方法包括获得用于使用业务简档遍历节点的数据的路由路径,每个路由路径至少包括目标AS,用最后一跳ASS初始化一个或多个AS集, AS集合通过将AS集合连接到路由器,针对每个增强型AS集,过滤观察到的业务流,以及使用过滤的流将增强型AS集与网络监控点相关联以创建源简档。 在一个方面,过滤流包括TCP会话过滤和/或目的地bogon过滤。 一方面,路由器是边界网关协议路由器。 一方面,最后一跳ASs距目标AS一跳。

    Method and apparatus for detecting spoofed network traffic
    7.
    发明授权
    Method and apparatus for detecting spoofed network traffic 有权
    用于检测欺骗性网络流量的方法和装置

    公开(公告)号:US08281397B2

    公开(公告)日:2012-10-02

    申请号:US12769696

    申请日:2010-04-29

    IPC分类号: H04L29/06

    CPC分类号: H04L63/1416

    摘要: A method and apparatus for detecting spoofed IP network traffic is presented. A mapping table is created to indicate correlations between IP address prefixes and AS numbers, based on routing information collected from a plurality of data sources. At each interface of a target network, IP address prefixes from a training traffic flow are acquired and further converted into AS numbers based on the mapping table. An EAS (Expected Autonomous System) table is populated by the AS numbers collected for each interface. The EAS table is used to determine if an operation traffic flow is allowed to enter the network.

    摘要翻译: 提出了一种用于检测欺骗性IP网络流量的方法和装置。 基于从多个数据源收集的路由信息​​,创建映射表以指示IP地址前缀和AS号之间的相关性。 在目标网络的每个接口处,获取来自训练业务流的IP地址前缀,并根据映射表进一步转换成AS号。 EAS(预期自治系统)表由每个接口收集的AS号码填充。 EAS表用于确定操作流量是否允许进入网络。

    Approach to secure localization in wireless networks
    9.
    发明授权
    Approach to secure localization in wireless networks 有权
    确保无线网络本地化的方法

    公开(公告)号:US08145236B2

    公开(公告)日:2012-03-27

    申请号:US12196029

    申请日:2008-08-21

    IPC分类号: H04W24/00

    摘要: Embodiments of the present invention disclose a secure localization infrastructure using transmitters that can transmit messages at multiple distinct power levels throughout a community of reference points. Transmitters send messages at different power levels in a manner that every location in the system corresponds to a unique set of messages. Received messages are reported back to the localization infrastructure, which then determines location by comparing the messages reported.

    摘要翻译: 本发明的实施例公开了一种使用发射机的安全定位基础设施,该发射机可以在整个参考点社区中以多个不同的功率电平发送消息 发射机以不同功率级别发送消息,使得系统中的每个位置都对应一组唯一的消息。 接收到的消息被报告回本地化基础设施,然后通过比较报告的消息来确定位置。