公开(公告)号：US08929216B2

公开(公告)日：2015-01-06

申请号：US13301350

申请日：2011-11-21

申请人： Nam-Seok Ko ,  Jong-Dae Park ,  Byung-Ho Yae ,  Sung-Kee Noh ,  Woo-Sug Jung ,  Sung-Jin Moon ,  Hwan-Jo Heo ,  Soon-Seok Lee

发明人： Nam-Seok Ko ,  Jong-Dae Park ,  Byung-Ho Yae ,  Sung-Kee Noh ,  Woo-Sug Jung ,  Sung-Jin Moon ,  Hwan-Jo Heo ,  Soon-Seok Lee

IPC分类号： H04L12/26 ,  H04L12/873 ,  H04L12/875 ,  H04L12/869 ,  H04L12/867

CPC分类号： H04L47/52 ,  H04L47/568 ,  H04L47/58 ,  H04L47/629

摘要： A packet scheduling method and apparatus which allows multiple flows that require data transmission to the same output port of a network device such as a router to fairly share bandwidth. The packet scheduling method includes calculating an expected time of arrival of a (k+1)-th packet subsequent to a currently input k-th packet of individual flows by use of bandwidth allocated fairly to each of the flows and a length of the k-th packet; in response to the arrival of the (k+1)-th packet, comparing the expected time of arrival of the (k+1)-th packet to an actual time of arrival of the (k+1)-th packet; and scheduling the (k+1)-th packet of each flow according to the comparison result.

摘要翻译： 一种分组调度方法和装置，其允许需要数据传输到诸如路由器的网络设备的相同输出端口的多个流以公平地共享带宽。 分组调度方法包括通过使用公平分配给每个流的带宽和k的长度来计算当前输入的各个流的第k个分组之后的第（k + 1）个分组的到达时间 第 响应于第（k + 1）个分组的到达，将第（k + 1）个分组的预期到达时间与第（k + 1）个分组的实际到达时间进行比较; 并根据比较结果调度每个流的第（k + 1）个分组。

公开(公告)号：US08660001B2

公开(公告)日：2014-02-25

申请号：US13299618

申请日：2011-11-18

申请人： Nam-Seok Ko ,  Jong-Dae Park ,  Byung-Ho Yae ,  Sung-Kee Noh ,  Woo-Sug Jung ,  Sung-Jin Moon ,  Hwan-Jo Heo ,  Soon-Seok Lee

发明人： Nam-Seok Ko ,  Jong-Dae Park ,  Byung-Ho Yae ,  Sung-Kee Noh ,  Woo-Sug Jung ,  Sung-Jin Moon ,  Hwan-Jo Heo ,  Soon-Seok Lee

IPC分类号： H04L12/26

CPC分类号： H04L47/629 ,  H04L43/0894 ,  H04L47/52 ,  H04L47/525 ,  H04L47/568 ,  H04L47/58

摘要： A packet scheduling apparatus and method to fairly share network bandwidth between multiple subscribers and to fairly share the bandwidth allocated to each subscriber between multiple flows are provided. The packet scheduling method includes calculating first bandwidth for each subscriber to fairly share total bandwidth set for the transmission of packets between multiple subscribers; calculating second bandwidth for each flow to fairly share the first bandwidth between one or more flows that belong to each of the multiple subscribers; and scheduling a packet of each of the one or more flows based on the second bandwidth.

摘要翻译： 提供了一种在多个用户之间公平共享网络带宽并且公平地共享在多个流之间分配给每个用户的带宽的分组调度装置和方法。 分组调度方法包括：计算每个用户的第一带宽，以共享共享用于多个用户之间的分组传输的总带宽; 计算每个流的第二带宽以公平地共享属于多个用户中的每一个的一个或多个流之间的第一带宽; 以及基于所述第二带宽调度所述一个或多个流中的每一个的分组。

公开(公告)号：US20120127858A1

公开(公告)日：2012-05-24

申请号：US13299618

申请日：2011-11-18

申请人： Nam-Seok KO ,  Jong-Dae Park ,  Byung-Ho Yae ,  Sung-Kee Noh ,  Woo-Sug Jung ,  Sung-Jin Moon ,  Hwan-Jo Heo ,  Soon-Seok Lee

发明人： Nam-Seok KO ,  Jong-Dae Park ,  Byung-Ho Yae ,  Sung-Kee Noh ,  Woo-Sug Jung ,  Sung-Jin Moon ,  Hwan-Jo Heo ,  Soon-Seok Lee

IPC分类号： H04L12/26

CPC分类号： H04L47/629 ,  H04L43/0894 ,  H04L47/52 ,  H04L47/525 ,  H04L47/568 ,  H04L47/58

摘要： A packet scheduling apparatus and method to fairly share network bandwidth between multiple subscribers and to fairly share the bandwidth allocated to each subscriber between multiple flows are provided. The packet scheduling method includes calculating first bandwidth for each subscriber to fairly share total bandwidth set for the transmission of packets between multiple subscribers; calculating second bandwidth for each flow to fairly share the first bandwidth between one or more flows that belong to each of the multiple subscribers; and scheduling a packet of each of the one or more flows based on the second bandwidth.

摘要翻译： 提供了一种在多个用户之间公平共享网络带宽并且公平地共享在多个流之间分配给每个用户的带宽的分组调度装置和方法。 分组调度方法包括：计算每个用户的第一带宽，以共享共享用于多个用户之间的分组传输的总带宽; 计算每个流的第二带宽以公平地共享属于多个用户中的每一个的一个或多个流之间的第一带宽; 以及基于所述第二带宽调度所述一个或多个流中的每一个的分组。

公开(公告)号：US20120147891A1

公开(公告)日：2012-06-14

申请号：US13323178

申请日：2011-12-12

申请人： Hwan-Jo HEO ,  Nam-Seok Ko ,  Woo-Sug Jung ,  Sung-Jin Moon ,  Sung-Kee Noh ,  Jong-Dae Park ,  Byung-Ho Yae

发明人： Hwan-Jo HEO ,  Nam-Seok Ko ,  Woo-Sug Jung ,  Sung-Jin Moon ,  Sung-Kee Noh ,  Jong-Dae Park ,  Byung-Ho Yae

IPC分类号： H04L12/56

CPC分类号： H04L47/125

摘要： A distributed packet processing apparatus capable of distributing packet load across a plurality of packet processing engines is provided. The distributed packet processing apparatus includes a plurality of processing engines each configured to process allocated packets, a first tag generating unit configured to allocate an input packet to a processing engine, which has a processing engine index corresponding to a tag index for the input packet, among the plurality of processing engines, a second tag generating unit configured to calculate a tag index for an output packet, and an index conversion unit configure to convert the tag index for the output packet to one processing engine index among a plurality of processing indexes for the plurality of the processing engines and allocates the output packet to a processing engine having the one processing engine such that loads are distributed among the plurality of processing engines.

摘要翻译： 提供能够跨多个分组处理引擎分发分组负载的分布式分组处理装置。 分布式分组处理装置包括：处理分配的分组的多个处理引擎，第一标签生成单元，被配置为向处理引擎分配输入分组，处理引擎具有与输入分组的标签索引对应的处理引擎索引， 在所述多个处理引擎中，第二标签生成单元，被配置为计算输出分组的标签索引，以及索引变换单元，其将所述输出分组的标签索引转换为多个处理索引中的多个处理索引， 所述多个处理引擎并将所述输出分组分配给具有所述一个处理引擎的处理引擎，使得在所述多个处理引擎之间分配负载。

公开(公告)号：US08885646B2

公开(公告)日：2014-11-11

申请号：US13323178

申请日：2011-12-12

申请人： Hwan-Jo Heo ,  Nam-Seok Ko ,  Woo-Sug Jung ,  Sung-Jin Moon ,  Sung-Kee Noh ,  Jong-Dae Park ,  Byung-Ho Yae

发明人： Hwan-Jo Heo ,  Nam-Seok Ko ,  Woo-Sug Jung ,  Sung-Jin Moon ,  Sung-Kee Noh ,  Jong-Dae Park ,  Byung-Ho Yae

IPC分类号： H04L12/28 ,  H04L12/803

CPC分类号： H04L47/125

摘要： A distributed packet processing apparatus capable of distributing packet load across a plurality of packet processing engines is provided. The distributed packet processing apparatus includes a plurality of processing engines each configured to process allocated packets, a first tag generating unit configured to allocate an input packet to a processing engine, which has a processing engine index corresponding to a tag index for the input packet, among the plurality of processing engines, a second tag generating unit configured to calculate a tag index for an output packet, and an index conversion unit configure to convert the tag index for the output packet to one processing engine index among a plurality of processing indexes for the plurality of the processing engines and allocates the output packet to a processing engine having the one processing engine index such that loads are distributed among the plurality of processing engines.

摘要翻译： 提供能够跨多个分组处理引擎分发分组负载的分布式分组处理装置。 分布式分组处理装置包括：处理分配的分组的多个处理引擎，第一标签生成单元，被配置为向处理引擎分配输入分组，处理引擎具有与输入分组的标签索引对应的处理引擎索引， 在所述多个处理引擎中，第二标签生成单元，被配置为计算输出分组的标签索引，以及索引变换单元，其将所述输出分组的标签索引转换为多个处理索引中的多个处理索引， 多个处理引擎，并且将输出分组分配给具有一个处理引擎索引的处理引擎，使得负载分布在多个处理引擎之间。

公开(公告)号：US20120147754A1

公开(公告)日：2012-06-14

申请号：US13324416

申请日：2011-12-13

申请人： Woo-Sug Jung ,  Jong-Dae Park ,  Byung-Ho Yae ,  Sung-Kee Noh ,  Sung-Jin Moon ,  Nam-Seok Ko ,  Hwan-Jo Heo

发明人： Woo-Sug Jung ,  Jong-Dae Park ,  Byung-Ho Yae ,  Sung-Kee Noh ,  Sung-Jin Moon ,  Nam-Seok Ko ,  Hwan-Jo Heo

IPC分类号： H04J3/14

CPC分类号： H04L43/028

摘要： A high-speed content inspection apparatus for minimizing system overhead is provided. The high-speed content inspection apparatus extracts content in unit of sub-pattern by inspecting a payload of a packet in units of sub-pattern, and extract target content by inspecting a correlation between the extracted sub-patterns. If a sub-pattern present at the end of a payload is smaller than a predetermined unit of a sub-pattern, position information of the sub-pattern at the end of the payload is rolled back and the correlation is inspected. Accordingly, without having to add another hardware or high-performance hardware, target content can be efficiently detected in real time.

摘要翻译： 提供了一种用于最小化系统开销的高速内容检查装置。 高速内容检查装置以子图案为单位检查分组的有效载荷，以子图案为单位提取内容，并通过检查提取的子模式之间的相关性来提取目标内容。 如果存在于有效负载结束处的子模式小于子模式的预定单元，则在有效负载结束时的子模式的位置信息被回滚并且检查相关性。 因此，无需添加另一硬件或高性能硬件，可以实时有效地检测目标内容。

公开(公告)号：US20110023088A1

公开(公告)日：2011-01-27

申请号：US12842194

申请日：2010-07-23

申请人： Nam-Seok KO ,  Soon-Seok Lee ,  Jong-Dae Park ,  Sung-Kee Noh ,  Pyung-Koo Park ,  Seung-Woo Hong ,  Sung-Back Hong ,  Seong Moon

发明人： Nam-Seok KO ,  Soon-Seok Lee ,  Jong-Dae Park ,  Sung-Kee Noh ,  Pyung-Koo Park ,  Seung-Woo Hong ,  Sung-Back Hong ,  Seong Moon

IPC分类号： G06F21/20

CPC分类号： H04L63/1441 ,  H04L63/102

摘要： A traffic analysis and flow-based dynamic access control system and method. The flow-based dynamic access control system for controlling a user's access to an internal communication network through an external communication network includes an access control unit operating in an access control mode in which traffic received from a user is basically blocked, generating state management information of a flow, which is received from the user, based on a specified packet of the flow, and verifying whether access of the flow to the internal communication network is a normal access. As a proactive defense concept of allowing only normal users to access an internal network, a method of blocking attacks from a system contaminated by a worm virus, detecting a cyber attack on a certain system in advance and automatically avoiding the cyber attack, and guaranteeing the quality of normal traffic even under cyber attacks without performance degradation of the internal network is provided.

摘要翻译： 一种流量分析和流量动态访问控制系统及方法。 用于通过外部通信网络控制用户对内部通信网络的访问的基于流的动态访问控制系统包括以访问控制模式操作的访问控制单元，其中从用户接收的业务基本上被阻止，生成状态管理信息 从用户接收的流，基于流的指定分组，以及验证到内部通信网络的流的访问是否是正常访问。 作为只允许正常用户访问内部网络的主动防御概念，阻止来自受病毒感染的系统的攻击的方法，提前检测某个系统的网络攻击并自动避免网络攻击，并保证 提供即使在网络攻击下正常流量的质量，也不会导致内部网络性能下降。