-
公开(公告)号:US07349378B2
公开(公告)日:2008-03-25
申请号:US10370719
申请日:2003-02-24
申请人: Moncef Elaoud , Abhrajit Ghosh , Ravichander Vaidyanathan , Prathima Agrawal , Toshikazu Kodama , Yasuhiro Katsube
发明人: Moncef Elaoud , Abhrajit Ghosh , Ravichander Vaidyanathan , Prathima Agrawal , Toshikazu Kodama , Yasuhiro Katsube
CPC分类号: H04W72/0446 , H04W28/14 , H04W72/0426
摘要: Aspects of the invention provide a method and system for managing or coordinating data transmission in a Local Area Network (LAN) such that Quality of Service (QoS) concerns are met. A LAN resource manager (LRM) is provided for managing the LAN resources by providing solutions for providing users with several levels of QoS. Once the LRM admits a user at a certain QoS level, the level is assured within the LAN for as long as the user is in the LAN. A user may submit a request to transmit data to the LRM. The LRM may determine if time allocation is possible and allocate the time slots for data transmission. The LRM may send time slot allocation information to an Access Server in a LAN, which may inform the user of the time slot allocation and prepare a queue according to the slot allocation information.
摘要翻译: 本发明的方面提供了一种用于管理或协调局域网(LAN)中的数据传输的方法和系统,使得满足服务质量(QoS)关注。 提供LAN资源管理器(LRM),用于通过为用户提供多个QoS级别的解决方案来管理LAN资源。 一旦LRM以某个QoS级别承认用户,只要用户在LAN中,该级别就可以在LAN内得到保证。 用户可以向LRM提交发送数据的请求。 LRM可以确定时间分配是否可能并且分配用于数据传输的时隙。 LRM可以向LAN中的接入服务器发送时隙分配信息,这可以通知用户时隙分配,并根据时隙分配信息准备一个队列。
-
公开(公告)号:US20130125235A1
公开(公告)日:2013-05-16
申请号:US13295553
申请日:2011-11-14
申请人: Ravichander Vaidyanathan , Abhrajit Ghosh , Aditya Naidu , Akira Yamada , Ayumu Kubota , Yukiko Sawaya , Yutaka Miyake
发明人: Ravichander Vaidyanathan , Abhrajit Ghosh , Aditya Naidu , Akira Yamada , Ayumu Kubota , Yukiko Sawaya , Yutaka Miyake
IPC分类号: G06F21/20
CPC分类号: G06F21/00 , H04L63/1466
摘要: A method, an apparatus and a program for detecting spoofed Internet Protocol (IP) traffic directed to a network having a plurality of autonomous systems (AS) is provided. The method comprises receiving an incoming packet through an AS, the incoming packet containing a source IP address and a destination IP address, acquiring a corresponding source and destination IP address prefixes, converting the corresponding source and destination IP address prefixes into a source AS number and a destination AS number, determining if the incoming packet arrived from an unexpected source based upon the corresponding destination IP address prefix and the converted source and destination AS number using an unexpected pair tuple table generated from network routing information and generating an alert indicating that the incoming packet is not allowed to enter the network.
摘要翻译: 提供了一种用于检测针对具有多个自治系统(AS)的网络的欺骗性因特网协议(IP)流量的方法,装置和程序。 该方法包括:通过AS接收输入的分组,该分组包含源IP地址和目的IP地址,获取相应的源和目的IP地址前缀,将相应的源和目的IP地址前缀转换为源AS号, 目的AS号码,根据网络路由信息生成表示基于相应的目的地IP地址前缀和转换后的源和目的地AS号码,确定传入分组是否从意外的源到达,并产生一个警报, 数据包不允许进入网络。
-
3.发明授权System and method for creating BGP route-based network traffic profiles to detect spoofed traffic 有权用于创建基于BGP路由的网络流量配置文件以检测欺骗流量的系统和方法公开(公告)号:US08938804B2
公开(公告)日:2015-01-20
申请号:US13547305
申请日:2012-07-12
IPC分类号: H04L29/06
CPC分类号: H04L63/1425 , H04L63/1483
摘要: An inventive system and method for creating source profiles to detect spoofed traffic comprises obtaining a routing path for data to traverse nodes using traffic profiles, each routing path comprising at least a target AS, initializing one or more AS sets with last hop ASes, enhancing the AS sets by connecting the AS sets to routers, for each enhanced AS set, filtering observed traffic flows, and using the filtered flows to associate enhanced AS sets with network monitoring points to create the source profiles. In one aspect, filtering flows comprise TCP session filtering and/or destination bogon filtering. In one aspect, the routers are border gateway protocol routers. In one aspect, the last hop ASes are one hop away from the target AS.
摘要翻译: 用于创建源简档以检测欺骗性业务的创新系统和方法包括获得用于使用业务简档遍历节点的数据的路由路径,每个路由路径至少包括目标AS,用最后一跳ASS初始化一个或多个AS集, AS集合通过将AS集合连接到路由器,针对每个增强型AS集,过滤观察到的业务流,以及使用过滤的流将增强型AS集与网络监控点相关联以创建源简档。 在一个方面,过滤流包括TCP会话过滤和/或目的地bogon过滤。 一方面,路由器是边界网关协议路由器。 一方面,最后一跳ASs距目标AS一跳。
-
公开(公告)号:US20110271340A1
公开(公告)日:2011-11-03
申请号:US12769696
申请日:2010-04-29
IPC分类号: G06F21/00
CPC分类号: H04L63/1416
摘要: A method and apparatus for detecting spoofed IP network traffic is presented. A mapping table is created to indicate correlations between IP address prefixes and AS numbers, based on routing information collected from a plurality of data sources. At each interface of a target network, IP address prefixes from a training traffic flow are acquired and further converted into AS numbers based on the mapping table. An EAS (Expected Autonomous System) table is populated by the AS numbers collected for each interface. The EAS table is used to determine if an operation traffic flow is allowed to enter the network.
摘要翻译: 提出了一种用于检测欺骗性IP网络流量的方法和装置。 基于从多个数据源收集的路由信息,创建映射表以指示IP地址前缀和AS号之间的相关性。 在目标网络的每个接口处,获取来自训练业务流的IP地址前缀,并根据映射表进一步转换成AS号。 EAS(预期自治系统)表由每个接口收集的AS号码填充。 EAS表用于确定操作流量是否允许进入网络。
-
公开(公告)号:US08925079B2
公开(公告)日:2014-12-30
申请号:US13295553
申请日:2011-11-14
申请人: Ravichander Vaidyanathan , Abhrajit Ghosh , Aditya Naidu , Akira Yamada , Ayumu Kubota , Yukiko Sawaya , Yutaka Miyake
发明人: Ravichander Vaidyanathan , Abhrajit Ghosh , Aditya Naidu , Akira Yamada , Ayumu Kubota , Yukiko Sawaya , Yutaka Miyake
IPC分类号: G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00 , G06F15/173
CPC分类号: G06F21/00 , H04L63/1466
摘要: A method, an apparatus and a program for detecting spoofed Internet Protocol (IP) traffic directed to a network having a plurality of autonomous systems (AS) is provided. The method comprises receiving an incoming packet through an AS, the incoming packet containing a source IP address and a destination IP address, acquiring a corresponding source and destination IP address prefixes, converting the corresponding source and destination IP address prefixes into a source AS number and a destination AS number, determining if the incoming packet arrived from an unexpected source based upon the corresponding destination IP address prefix and the converted source and destination AS number using an unexpected pair tuple table generated from network routing information and generating an alert indicating that the incoming packet is not allowed to enter the network.
摘要翻译: 提供了一种用于检测针对具有多个自治系统(AS)的网络的欺骗性因特网协议(IP)流量的方法,装置和程序。 该方法包括:通过AS接收输入的分组,该分组包含源IP地址和目的IP地址,获取相应的源和目的IP地址前缀,将相应的源和目的IP地址前缀转换为源AS号, 目的AS号码,根据网络路由信息生成表示基于相应的目的地IP地址前缀和转换后的源和目的地AS号码,确定传入分组是否从意外的源到达,并产生一个警报, 数据包不允许进入网络。
-
6.发明申请SYSTEM AND METHOD FOR CREATING BGP ROUTE-BASED NETWORK TRAFFIC PROFILES TO DETECT SPOOFED TRAFFIC 有权用于创建基于路由的网络交通配置文件以检测交付流量的系统和方法公开(公告)号:US20140020099A1
公开(公告)日:2014-01-16
申请号:US13547305
申请日:2012-07-12
IPC分类号: H04L29/06
CPC分类号: H04L63/1425 , H04L63/1483
摘要: An inventive system and method for creating source profiles to detect spoofed traffic comprises obtaining a routing path for data to traverse nodes using traffic profiles, each routing path comprising at least a target AS, initializing one or more AS sets with last hop ASes, enhancing the AS sets by connecting the AS sets to routers, for each enhanced AS set, filtering observed traffic flows, and using the filtered flows to associate enhanced AS sets with network monitoring points to create the source profiles. In one aspect, filtering flows comprise TCP session filtering and/or destination bogon filtering. In one aspect, the routers are border gateway protocol routers. In one aspect, the last hop ASes are one hop away from the target AS.
摘要翻译: 用于创建源简档以检测欺骗性业务的创新系统和方法包括获得用于使用业务简档遍历节点的数据的路由路径,每个路由路径至少包括目标AS,用最后一跳ASS初始化一个或多个AS集, AS集合通过将AS集合连接到路由器,针对每个增强型AS集,过滤观察到的业务流,以及使用过滤的流将增强型AS集与网络监控点相关联以创建源简档。 在一个方面,过滤流包括TCP会话过滤和/或目的地bogon过滤。 一方面,路由器是边界网关协议路由器。 一方面,最后一跳ASs距目标AS一跳。
-
公开(公告)号:US08281397B2
公开(公告)日:2012-10-02
申请号:US12769696
申请日:2010-04-29
IPC分类号: H04L29/06
CPC分类号: H04L63/1416
摘要: A method and apparatus for detecting spoofed IP network traffic is presented. A mapping table is created to indicate correlations between IP address prefixes and AS numbers, based on routing information collected from a plurality of data sources. At each interface of a target network, IP address prefixes from a training traffic flow are acquired and further converted into AS numbers based on the mapping table. An EAS (Expected Autonomous System) table is populated by the AS numbers collected for each interface. The EAS table is used to determine if an operation traffic flow is allowed to enter the network.
摘要翻译: 提出了一种用于检测欺骗性IP网络流量的方法和装置。 基于从多个数据源收集的路由信息,创建映射表以指示IP地址前缀和AS号之间的相关性。 在目标网络的每个接口处,获取来自训练业务流的IP地址前缀,并根据映射表进一步转换成AS号。 EAS(预期自治系统)表由每个接口收集的AS号码填充。 EAS表用于确定操作流量是否允许进入网络。
-
8.发明授权System and method for statistical analysis of border gateway protocol (BGP) configurations 有权边界网关协议(BGP)配置的统计分析系统和方法公开(公告)号:US08214876B2
公开(公告)日:2012-07-03
申请号:US11606687
申请日:2006-11-30
CPC分类号: H04L41/0893 , H04L45/04
摘要: Routing and connectivity in the Internet is largely governed by the dynamics and configuration of the Border Gateway Protocol (BGP). A configuration analysis toolkit enables network operators to discover, analyze and diagnose their BGP configuration, policies and peering relationships. Statistical variance analysis in such a toolkit exploits the recurrence of policies in large networks for analysis. In a large network, policies that have similar functions are examined, e.g. all inbound route maps associated with customer autonomous systems. For n occurrences of similar policy P, it is possible to flag k deviant configurations, and evaluate the probability that the deviant configurations are in error. Analysis and policy visualization of implemented BGP configurations enable service providers to move from checking of low-level configuration to extracting analyzable BGP level policy information across a multitude of BGP routers in order to validate consistency of policies and operator intent across distributed BGP configurations using a flexible, customizable analysis engine.
摘要翻译: 互联网中的路由和连接主要由边界网关协议(BGP)的动态和配置决定。 配置分析工具包使网络运营商能够发现,分析和诊断其BGP配置,策略和对等关系。 这种工具包中的统计方差分析利用大型网络中的政策再次发生分析。 在大型网络中,检查具有相似功能的策略,例如, 与客户自主系统相关的所有入站路线图。 对于类似策略P的n次出现,可以标记k个异常配置,并评估错误配置的错误概率。 实施的BGP配置的分析和策略可视化使服务提供商能够从低级配置检查转移到跨多个BGP路由器提取可分析的BGP级别策略信息,以便通过灵活的方式验证分布式BGP配置中的策略和运营商意图的一致性 ,可定制分析引擎。
-
公开(公告)号:US20110158095A1
公开(公告)日:2011-06-30
申请号:US12647597
申请日:2009-12-28
申请人: D. Scott Alexander , Ravichander Vaidyanathan , Balakrishnan Dasarathy , Mark W. Garrett , Shrirang Gadgil
发明人: D. Scott Alexander , Ravichander Vaidyanathan , Balakrishnan Dasarathy , Mark W. Garrett , Shrirang Gadgil
CPC分类号: H04L47/822 , H04L47/781 , H04L47/805 , H04L47/823
摘要: A method for controlling network access comprises receiving a request to allow a communication flow over a network and temporarily allowing the communication flow over the network before a response to the request is transmitted. Further, the availability of one or more network resources may be determined and compared with resources required for the requested communication flow. Priority of the communication flow may also be determined, and the temporarily allowed communication flow may be responded to based on the available resources, the requested resources, and the priority.
摘要翻译: 一种用于控制网络接入的方法包括:在发送对请求的响应之前,接收允许通过网络进行通信流量并临时允许通过网络的通信流的请求。 此外,可以确定一个或多个网络资源的可用性并将其与所请求的通信流所需的资源进行比较。 还可以确定通信流的优先级,并且可以基于可用资源,请求的资源和优先级来响应临时允许的通信流程。
-
10.发明申请SYSTEM AND METHOD FOR A DISTRIBUTED FAULT TOLERANT NETWORK CONFIGURATION REPOSITORY 审中-公开用于分布式故障容错网络配置报告的系统和方法公开(公告)号:US20110185047A1
公开(公告)日:2011-07-28
申请号:US12694560
申请日:2010-01-27
IPC分类号: G06F15/177 , G06F15/173
CPC分类号: H04L41/0856 , G06F11/1456 , G06F11/1464 , H04L41/0893
摘要: An autonomous management cluster of network elements serves as a distributed configuration repository. Network elements sharing a common pre-determined shared identifier autonomously form themselves as a management cluster. The network elements in the cluster exchange configuration files. In the event of a loss, destruction, or corruption of one of the network element's configuration file, the network element recovers its configuration file from its closest neighbor in its management cluster. The management cluster can also be used to efficiently disseminate configuration changes by simply communicating the changes to one or more elements in the cluster, and allowing the other nodes in the cluster to discover and retrieve their updated configuration files.
摘要翻译: 网络元素的自治管理集群用作分布式配置库。 共享共同的预定共享标识符的网络元素自身形成为管理集群。 集群中的网络元素交换配置文件。 网络元素在配置文件丢失,破坏或损坏的情况下,从其管理集群中最近的邻居恢复其配置文件。 管理集群还可用于通过简单地将更改传递到集群中的一个或多个元素,并允许集群中的其他节点发现和检索其更新的配置文件,来有效地传播配置更改。
-
-
-
-
-
-
-
-
-
搜索结果
12 条记录 (耗时 0.024 秒)
