摘要:
A method for profiling network traffic of a network. The method includes extracting cells from bi-directional payloads generated by a network application, wherein each cell comprises at least one direction reversal in a corresponding bi-directional flow, generating a cell group comprising a portion of the cells that are similar, analyzing the cell group to generate a signature of the network application, and classifying, based on the signature of the network application, a new bi-directional flow as being generated by the network application.
摘要:
A method for network resource classification and identifying user interests based on the classification. The method uses a provided hierarchy of categories for classifying network resources, wherein each category is assigned a text item describing the category and the method includes obtaining resource description data collections corresponding to the network resources, and generating, using a semantic correlation algorithm, a category score vector of a network resource by comparing the resource description data collection to the text item assigned to each category in the hierarchy of categories, wherein the category score vector comprises a category score for each category in the hierarchy of categories, wherein the category score is determined based on at least a semantic correlation measure between the resource description data collection and the text item assigned to a corresponding category, wherein the plurality of network resources are classified based at least on the category score.
摘要:
A method for classifying network traffic in a network. The method includes obtaining, from an application distribution source, an application distribution data set of comprising information associated with distributing an application from the pre-determined application distribution source, extracting, based on a pre-determined extraction criterion, a token from the application distribution data set of the application, obtaining, from the network traffic, a plurality of flows generated by the application, extracting, in response to detecting the token in a flow of the plurality of flows, context information associated with the token in the flow, and generating an identification rule of the application based on the token and the context information, wherein the identification rule describes one or more rule steps to locate the token in the flow, wherein the network traffic is classified using at least the identification rule.
摘要:
Embodiments of the invention provide a method, system, and computer readable medium for classifying network traffic based on application signatures generated during a training phase. The application signatures are generated based on tokens extracted from a training set that is generated by a particular application during the training phase. Accordingly, a new token extracted in real-time from current network data is compared to the application signatures to determine if the current network data is generated by the particular application.
摘要:
A method for applying a user-specific policy in a network. The method includes identifying a historical portion of network traffic of the network as associated with a user, analyzing, by a computer processor, the historical portion of network traffic to generate a fingerprint of the user, wherein the fingerprint represents characteristics of user activity in the network, identifying, by the computer processor, an ongoing portion of network traffic of the network as associated with the user, analyzing, by the computer processor and based on the fingerprint, the ongoing portion of network traffic to determine a match, wherein the match is determined at a time point within the ongoing portion of network traffic, and applying, in response to determining the match, the user-specific policy to the ongoing portion of network traffic subsequent to the time point.
摘要:
A method for using a user device. The method includes obtaining, during a fingerprint learning phase, a historical portion of user activity data associated with user activity of a user using the user device, analyzing, by a computer processor of the user device, the historical portion to generate a fingerprint of the user, wherein the fingerprint represents characteristics of the user activity, obtaining, during a fingerprint matching phase subsequent to the fingerprint learning phase, an ongoing portion of the user activity data, analyzing, by the computer processor and based on the fingerprint, the ongoing portion to determine a match, wherein the match is determined at a time point within the fingerprint matching phase, and unlocking, by the computer processor and in response to determining the match, a locked data item for access, therein the locked data item is stored on the user device. The locked data item is associated to the user owning, assigned to, or normally and legitimately using the user device. In one embodiment, once unlocked the data item can be used to authenticate the user associated to it, i.e., the user owning, assigned to, or normally and legitimately using the user device on which the data item is stored.
摘要:
A trusted user circle server for encryption key distribution and authentication support, as well as a client-side application which resides on user's devices are disclosed. In particular, the trusted user circle server manages a repository for static public keys (SPUK) which are used for authentication and secure distribution of a dynamic private context key (DPCK) used for the end-to-many encryption. Accordingly, posting users encrypt posted document using the DPCK and viewing users retrieve the DPCK to decrypt the posted document. These keys are associated to the trusted user circle and are generated dynamically for a given circle policy context (CPC). The CPC is an identifier that represents a group of members of a trusted user circle. It changes whenever any member of the trusted user circle leave it, when a new trusted user circle is created or when the DPCK expires after a pre-determined period of time.
摘要:
A method for profiling network traffic of a network. The method includes extracting cells from bi-directional payloads generated by a network application, wherein each cell comprises at least one direction reversal in a corresponding bi-directional flow, generating a cell group comprising a portion of the cells that are similar, analyzing the cell group to generate a signature of the network application, and classifying, based on the signature of the network application, a new bi-directional flow as being generated by the network application.
摘要:
A method for detecting a malicious node in a network. The method includes obtaining a plurality of failed domain name service (DNS) queries from the network, wherein each of the plurality of failed DNS queries is initiated from a client node of the network and comprises an effective second-level domain (eSLD) name, generating, by a computer processor and using a pre-determined clustering algorithm, a cluster from a plurality of eSLD names comprising the eSLD name of each of the plurality of failed DNS queries, wherein the cluster comprises a portion of the plurality of eSLD names that is selected based on the pre-determined clustering algorithm, determining, by the computer processor and using a pre-determined formula, a score representing statistical characteristics of the cluster, and assigning, in response to the score meeting a pre-determined criterion, a malicious status to the client node.
摘要:
A trusted user circle server for encryption key distribution and authentication support, as well as a client-side application which resides on user's devices are disclosed. In particular, the trusted user circle server manages a repository for static public keys (SPUK) which are used for authentication and secure distribution of a dynamic private context key (DPCK) used for the end-to-many encryption. Accordingly, posting users encrypt posted document using the DPCK and viewing users retrieve the DPCK to decrypt the posted document. These keys are associated to the trusted user circle and are generated dynamically for a given circle policy context (CPC). The CPC is an identifier that represents a group of members of a trusted user circle. It changes whenever any member of the trusted user circle leave it, when a new trusted user circle is created or when the DPCK expires after a pre-determined period of time.