公开(公告)号：US20070297333A1

公开(公告)日：2007-12-27

申请号：US11475393

申请日：2006-06-26

申请人： Nir Zuk ,  Song Wang ,  Siu-Wang Leung ,  Fengmin Gong

发明人： Nir Zuk ,  Song Wang ,  Siu-Wang Leung ,  Fengmin Gong

IPC分类号： H04J1/16 ,  H04L12/56

CPC分类号： H04L63/0227 ,  H04L63/1416

摘要： Methods and apparatuses are described for inspecting data packets in a computer network. One or more data packets through the network have associated header data and content. One method includes receiving a data packet, examining the data packet to classify the data packet including classifying the data packet using information included in the header and content, determining flow instructions for processing the packet based on both the header information and the content and processing of the packet using the flow instructions.

摘要翻译： 描述了用于检查计算机网络中的数据分组的方法和装置。 通过网络的一个或多个数据包具有相关联的头部数据和内容。 一种方法包括接收数据分组，检查数据分组以对数据分组进行分类，包括使用包括在报头和内容中的信息对数据分组进行分类，确定基于报头信息和内容的处理分组的流指令，以及处理 该包使用流程指令。

公开(公告)号：US08009566B2

公开(公告)日：2011-08-30

申请号：US11475393

申请日：2006-06-26

申请人： Nir Zuk ,  Song Wang ,  Siu-Wang Leung ,  Fengmin Gong

发明人： Nir Zuk ,  Song Wang ,  Siu-Wang Leung ,  Fengmin Gong

IPC分类号： G06F15/16

CPC分类号： H04L63/0227 ,  H04L63/1416

摘要： Methods and apparatuses are described for inspecting data packets in a computer network. One or more data packets through the network have associated header data and content. One method includes receiving a data packet, examining the data packet to classify the data packet including classifying the data packet using information included in the header and content, determining flow instructions for processing the packet based on both the header information and the content and processing of the packet using the flow instructions.

摘要翻译： 描述了用于检查计算机网络中的数据分组的方法和装置。 通过网络的一个或多个数据包具有相关联的头部数据和内容。 一种方法包括接收数据分组，检查数据分组以对数据分组进行分类，包括使用包括在报头和内容中的信息对数据分组进行分类，确定基于报头信息和内容的处理分组的流指令，以及处理 该包使用流程指令。

公开(公告)号：US08565093B2

公开(公告)日：2013-10-22

申请号：US13193239

申请日：2011-07-28

申请人： Nir Zuk ,  Song Wang ,  Siu-Wang Leung ,  Fengmin Gong

发明人： Nir Zuk ,  Song Wang ,  Siu-Wang Leung ,  Fengmin Gong

IPC分类号： G06F15/16

CPC分类号： H04L63/0227 ,  H04L63/1416

摘要： Methods and apparatuses are described for inspecting data packets in a computer network. One or more data packets through the network have associated header data and content. One method includes receiving a data packet, examining the data packet to classify the data packet including classifying the data packet using information included in the header and content, determining flow instructions for processing the packet based on both the header information and the content and processing of the packet using the flow instructions.

公开(公告)号：US20120026881A1

公开(公告)日：2012-02-02

申请号：US13193239

申请日：2011-07-28

申请人： Nir Zuk ,  Song Wang ,  Siu-Wang Leung ,  Fengmin Gong

发明人： Nir Zuk ,  Song Wang ,  Siu-Wang Leung ,  Fengmin Gong

IPC分类号： G06F15/16

CPC分类号： H04L63/0227 ,  H04L63/1416

摘要： Methods and apparatuses are described for inspecting data packets in a computer network. One or more data packets through the network have associated header data and content. One method includes receiving a data packet, examining the data packet to classify the data packet including classifying the data packet using information included in the header and content, determining flow instructions for processing the packet based on both the header information and the content and processing of the packet using the flow instructions.

摘要翻译： 描述了用于检查计算机网络中的数据分组的方法和装置。 通过网络的一个或多个数据包具有相关联的头部数据和内容。 一种方法包括接收数据分组，检查数据分组以对数据分组进行分类，包括使用包括在报头和内容中的信息对数据分组进行分类，确定基于报头信息和内容的处理分组的流指令，以及处理 该包使用流程指令。

公开(公告)号：US20120117652A1

公开(公告)日：2012-05-10

申请号：US13350645

申请日：2012-01-13

申请人： Jayaraman Manni ,  Ashar Aziz ,  Fengmin Gong ,  Upendran Loganathan ,  Amin Sukhera

发明人： Jayaraman Manni ,  Ashar Aziz ,  Fengmin Gong ,  Upendran Loganathan ,  Amin Sukhera

IPC分类号： G06F12/14

CPC分类号： G06F21/567 ,  G06F21/566 ,  H04L63/1408

摘要： A system and method are disclosed for network-based file analysis for malware detection. Network content is received from a network tap. A binary packet is identified in the network content. A binary file, including the binary packet, is extracted from the network content. It is determined whether the extracted binary file is detected to be malware.

摘要翻译： 公开了用于恶意软件检测的基于网络的文件分析的系统和方法。 从网络点击接收网络内容。 在网络内容中识别二进制数据包。 从网络内容中提取包含二进制数据包的二进制文件。 确定提取的二进制文件是否被检测为恶意软件。

公开(公告)号：US07308715B2

公开(公告)日：2007-12-11

申请号：US10172803

申请日：2002-06-13

申请人： Ramesh M. Gupta ,  Parveen K. Jain ,  Keith E. Amidon ,  Fengmin Gong ,  Srikant Vissamsetti ,  Steve M. Haeffele ,  Ananth Raman

发明人： Ramesh M. Gupta ,  Parveen K. Jain ,  Keith E. Amidon ,  Fengmin Gong ,  Srikant Vissamsetti ,  Steve M. Haeffele ,  Ananth Raman

IPC分类号： G06F5/00 ,  G08B23/00 ,  G06F11/30

CPC分类号： H04L63/1408 ,  G06F21/55 ,  H04L63/1416 ,  H04L63/1441 ,  H04L63/1458

摘要： An intrusion signature describing an attack is stored on a computer. Once a plurality of internet protocol packets is received, the plurality of internet protocol packets collectively containing an information sequence within a series of states, it is rearranged so as to place the information sequence in order. Each state of the series of states is then successively examined so as to correlate the information sequence to the intrusion signature.

摘要翻译： 描述攻击的入侵签名存储在计算机上。 一旦接收到多个互联网协议分组，多个因特网协议分组集中地包含一系列状态中的信息序列，则重新排列以便依次放置信息序列。 然后连续检查系列状态的每个状态，以使信息序列与入侵签名相关联。

公开(公告)号：US08832829B2

公开(公告)日：2014-09-09

申请号：US12571294

申请日：2009-09-30

申请人： Jayaraman Manni ,  Ashar Aziz ,  Fengmin Gong ,  Upendran Loganathan ,  Muhammad Amin

发明人： Jayaraman Manni ,  Ashar Aziz ,  Fengmin Gong ,  Upendran Loganathan ,  Muhammad Amin

IPC分类号： G06F11/00 ,  G06F21/56 ,  H04L29/06

CPC分类号： G06F21/567 ,  G06F21/566 ,  H04L63/1408

摘要： A system and method are disclosed for network-based file analysis for malware detection. Network content is received from a network tap. A binary packet is identified in the network content. A binary file, including the binary packet, is extracted from the network content. It is determined whether the extracted binary file is detected to be malware.

摘要翻译： 公开了用于恶意软件检测的基于网络的文件分析的系统和方法。 从网络点击接收网络内容。 在网络内容中识别二进制数据包。 从网络内容中提取包含二进制数据包的二进制文件。 确定提取的二进制文件是否被检测为恶意软件。

公开(公告)号：US07234168B2

公开(公告)日：2007-06-19

申请号：US10172764

申请日：2002-06-13

申请人： Ramesh M. Gupta ,  Parveen K. Jain ,  Keith E. Amidon ,  Fengmin Gong ,  Srikant Vissamsetti ,  Steve M. Haeffele ,  Ananth Raman

发明人： Ramesh M. Gupta ,  Parveen K. Jain ,  Keith E. Amidon ,  Fengmin Gong ,  Srikant Vissamsetti ,  Steve M. Haeffele ,  Ananth Raman

IPC分类号： G06F11/00

CPC分类号： H04L63/1408 ,  G06F21/55 ,  H04L63/1416 ,  H04L63/1441 ,  H04L63/1458

摘要： A method of provisioning a computer against computer attacks includes constructing a hierarchy characterizing different computer attacks and counter measures, and traversing this hierarchy to identify computer attacks and countermeasures relevant to a target platform. Detection and protection measures are collected in response to this traversing. These detection and protection measures are then downloaded to a security sensor associated with the target platform.

摘要翻译： 针对计算机攻击配置计算机的方法包括构建表征不同计算机攻击和对策的层次结构，并遍历该层次结构以识别与目标平台相关的计算机攻击和对策。 针对此遍历采集检测和保护措施。 然后将这些检测和保护措施下载到与目标平台相关联的安全传感器。

公开(公告)号：US07076801B2

公开(公告)日：2006-07-11

申请号：US09878824

申请日：2001-06-11

申请人： Fengmin Gong ,  Chandramouli Sargor ,  Feiyi Wang

发明人： Fengmin Gong ,  Chandramouli Sargor ,  Feiyi Wang

IPC分类号： G06F15/16

CPC分类号： H04L63/0281 ,  H04L63/029 ,  H04L63/14

摘要： The invention relates to a reconfigurable scalable intrusion-tolerant network that is interposed between a service requesting client and a protected server to minimize the impact of intrusive events. The apparatus may include a proxy server for receiving the requests from a client and forwarding them to a protected server. Acceptance monitors receive the response from a protected server and apply one or more acceptance tests. A ballot monitor receives the result of the acceptance tests and determines a response to the client. The network may also include an intrusion sensor to detect threats to the network and a reconfigurer to alter the network forwarding scheme. Reconfiguration may include isolating network elements, creating parallel paths, implementing redundant operations, or assessing the validity of responses.

公开(公告)号：US08051479B1

公开(公告)日：2011-11-01

申请号：US11332115

申请日：2006-01-12

申请人： Zheng Bu ,  Fengmin Gong

发明人： Zheng Bu ,  Fengmin Gong

IPC分类号： G06F12/14 ,  G06F12/16 ,  G08B23/00

CPC分类号： G06F21/52

摘要： The invention is a method and apparatus for detecting shellcode such that a set of computer instructions is scanned for the presence of a null operation instruction. The computer instructions are also examined for the presence of a system call instruction, and reviewed for the presence of a decoder instruction set. A null operation weight value is then determined corresponding to the null operation instruction. Also assessed is a system call weight value corresponding to the system call instruction. In addition, a decoder weight value is calculated corresponding to the decoder instruction set. The null operation weight value, the system call weight value, and the decoder weight value are then analyzed to identify a shellcode.