-
1.发明申请PROACTIVE TEST-BASED DIFFERENTIATION METHOD AND SYSTEM TO MITIGATE LOW RATE DoS ATTACKS 有权有效的基于测试的差异化方法和系统,以减轻低速攻击公开(公告)号:US20080295175A1
公开(公告)日:2008-11-27
申请号:US12127235
申请日:2008-05-27
IPC分类号: G06F21/20
CPC分类号: H04L63/1458 , H04L63/1416 , H04L2463/141
摘要: A low rate DoS attack detection algorithm is used, which relies on a characteristic of the low rate DoS attack in introducing high rate traffic for short periods, and then uses a proactive test based differentiation technique to filter the attack packets. The proactive test defends against DDoS attacks and low rate DoS attacks which tend to ignore the normal operation of network protocols, but it also differentiates legitimate traffic from low rate DoS attack traffic instigated by botnets. It leverages on the conformity of legitimate flows, which obey the network protocols. It also differentiates legitimate connections by checking their responses to the proactive tests which include puzzles for distinguishing botnets from human users.
摘要翻译: 采用低速率的DoS攻击检测算法,在短时间内引入高速率流量,依靠低速率DoS攻击的特点,采用主动检测技术对攻击报文进行过滤。 主动测试防御DDoS攻击和低速DoS攻击,这些攻击倾向于忽略网络协议的正常运行,但也会将合法流量与僵尸网络引发的低速率DoS攻击流量区分开来。 它利用遵守网络协议的合法流的一致性。 它还通过检查他们对主动测试的反应来区分合法连接,其中包括将僵尸网络与人类用户区分开来的难题。
-
2.发明申请公开(公告)号:US20080320585A1
公开(公告)日:2008-12-25
申请号:US12127246
申请日:2008-05-27
IPC分类号: G06F21/00
CPC分类号: H04L63/1458 , H04L63/1416 , H04L2463/141
摘要: A technique to mitigate low rate Denial-of-Service (DoS) attacks at routers in the Internet is described. In phase 1, necessary flow information from the packets traversing through the router is stored in fast memory; and in phase 2, stored flow information is periodically moved to slow memory from the fast memory for further analysis. The system detects a sudden increase in the traffic load of expired flows within a short period. In a network without low rate DoS attacks, the traffic load of all the expired flows is less than certain thresholds which are derived from real Internet traffic analysis. The system can also include a filtering solution to drop attack packets. The filtering scheme treats the long-lived flows in the Internet preferentially, and drops the attack traffic by monitoring the queue length if the queue length exceeds a threshold percent of the queue limit.
摘要翻译: 描述了一种减轻互联网路由器的低速率拒绝服务(DoS)攻击的技术。 在阶段1中,从穿过路由器的分组的必要流信息存储在快速存储器中; 并且在阶段2中,将存储的流量信息从快速存储器周期性地移动到慢速存储器以进行进一步的分析。 系统在短时间内检测到流量的流量负荷突然增加。 在没有低速率DoS攻击的网络中,所有过期流量的流量负载小于从真实的Internet流量分析得出的某些阈值。 该系统还可以包括一个过滤解决方案来丢弃攻击报文。 过滤方案优先处理Internet中长时间流量,如果队列长度超过队列限制的阈值百分比,则通过监视队列长度来降低攻击流量。
-
3.发明授权Proactive test-based differentiation method and system to mitigate low rate DoS attacks 有权主动的基于测试的分化方法和系统,以减轻低速率的DoS攻击公开(公告)号:US08392991B2
公开(公告)日:2013-03-05
申请号:US12127235
申请日:2008-05-27
IPC分类号: G06F11/00
CPC分类号: H04L63/1458 , H04L63/1416 , H04L2463/141
摘要: A low rate DoS attack detection algorithm is used, which relies on a characteristic of the low rate DoS attack in introducing high rate traffic for short periods, and then uses a proactive test based differentiation technique to filter the attack packets. The proactive test defends against DDoS attacks and low rate DoS attacks which tend to ignore the normal operation of network protocols, but it also differentiates legitimate traffic from low rate DoS attack traffic instigated by botnets. It leverages on the conformity of legitimate flows, which obey the network protocols. It also differentiates legitimate connections by checking their responses to the proactive tests which include puzzles for distinguishing botnets from human users.
摘要翻译: 采用低速率的DoS攻击检测算法,在短时间内引入高速率流量,依靠低速率DoS攻击的特点,采用主动检测技术对攻击报文进行过滤。 主动测试防御DDoS攻击和低速DoS攻击,这些攻击倾向于忽略网络协议的正常运行,但也会将合法流量与僵尸网络引发的低速率DoS攻击流量区分开来。 它利用遵守网络协议的合法流的一致性。 它还通过检查他们对主动测试的反应来区分合法连接,其中包括将僵尸网络与人类用户区分开来的难题。
-
4.发明授权公开(公告)号:US08272044B2
公开(公告)日:2012-09-18
申请号:US12127246
申请日:2008-05-27
IPC分类号: G06F17/00
CPC分类号: H04L63/1458 , H04L63/1416 , H04L2463/141
摘要: A technique to mitigate low rate Denial-of-Service (DoS) attacks at routers in the Internet is described. In phase 1, necessary flow information from the packets traversing through the router is stored in fast memory; and in phase 2, stored flow information is periodically moved to slow memory from the fast memory for further analysis. The system detects a sudden increase in the traffic load of expired flows within a short period. In a network without low rate DoS attacks, the traffic load of all the expired flows is less than certain thresholds which are derived from real Internet traffic analysis. The system can also include a filtering solution to drop attack packets. The filtering scheme treats the long-lived flows in the Internet preferentially, and drops the attack traffic by monitoring the queue length if the queue length exceeds a threshold percent of the queue limit.
摘要翻译: 描述了一种减轻互联网路由器的低速率拒绝服务(DoS)攻击的技术。 在阶段1中,从穿过路由器的分组的必要流信息存储在快速存储器中; 并且在阶段2中,将存储的流量信息从快速存储器周期性地移动到慢速存储器以进行进一步的分析。 系统在短时间内检测到流量的流量负荷突然增加。 在没有低速率DoS攻击的网络中,所有过期流量的流量负载小于从真实的Internet流量分析得出的某些阈值。 该系统还可以包括一个过滤解决方案来丢弃攻击报文。 过滤方案优先处理Internet中长时间流量,如果队列长度超过队列限制的阈值百分比,则通过监视队列长度来降低攻击流量。
-
公开(公告)号:US08925057B1
公开(公告)日:2014-12-30
申请号:US12701949
申请日:2010-02-08
CPC分类号: G06F21/31 , G06F21/36 , G06F2221/2103 , G06F2221/2133
摘要: Completely automated tests that exploit capabilities of human vision to tell humans apart from automated entities are disclosed herein. Persistence of vision and simultaneous contrasts are some of the properties of human vision that can be used in these tests. A video of an image is generated in colors that are distinguishable to the human eye but are not easily distinguished numerically. The image includes text manipulated such that positive image data and negative whitespace data occur at equal rates along with a noise component included in each of the video frames. Thus, raw data is made ambiguous while qualities of human visual interpretation are relied upon for extracting relevant meaning from the video.
摘要翻译: 本文公开了利用人类视觉的能力来完全自动化的测试来告诉人类与自动化实体的区别。 视觉和同时对比的持久性是人类视觉的一些属性,可用于这些测试。 图像的视频以与人眼可区分的颜色生成,但不容易在数字上区分。 图像包括被操纵的文本,使得正图像数据和负空白数据以等速率出现,并且包括在每个视频帧中的噪声分量。 因此,原始数据是模糊的,而人类视觉解释的质量依赖于从视频中提取相关意义。
-
6.发明授权System and method for transmission control protocol service delivery in wireless communications systems 有权用于无线通信系统中传输控制协议服务传送的系统和方法公开(公告)号:US09456377B2
公开(公告)日:2016-09-27
申请号:US13340027
申请日:2011-12-29
申请人: Tao Han , Nirwan Ansari , Mingquan Wu , Hong Heather Yu
发明人: Tao Han , Nirwan Ansari , Mingquan Wu , Hong Heather Yu
IPC分类号: H04J1/16 , H04W28/02 , H04L12/807 , H04L12/835
CPC分类号: H04W28/0242 , H04L47/27 , H04L47/30
摘要: A method for delivering packets in a wireless communications system includes determining a cause of loss for a previously transmitted packet based on a packet acknowledgement corresponding to the previously transmitted packet, the packet acknowledgement including at least one of a wireless loss indicator and a congestion warning indicator for the wireless communications system. The method also includes adjusting a transmission parameter in a packet transmission protocol according to the cause of loss, and retransmitting the previously transmitted packet.
摘要翻译: 一种用于在无线通信系统中传送分组的方法包括基于与先前发送的分组相对应的分组确认来确定先前发送的分组的丢失的原因,分组确认包括无线丢失指示符和拥塞警告指示符中的至少一个 用于无线通信系统。 该方法还包括根据丢失的原因调整分组传输协议中的传输参数,并重传先前发送的分组。
-
公开(公告)号:US09258361B2
公开(公告)日:2016-02-09
申请号:US12420724
申请日:2009-04-08
申请人: Nirwan Ansari , Nan Wang
发明人: Nirwan Ansari , Nan Wang
CPC分类号: H04L67/104 , H04L67/06 , H04L67/108
摘要: Techniques for transferring data among nodes on a network are disclosed. Some example methods include a downloader-initiated random linear network coding algorithm. A downloading node may be aware of the chunks of original data held by neighboring nodes, and the downloading node can request linear combinations of chunks from the neighboring nodes that are linearly independent of any linear combinations of chunks already held by the downloading node.
摘要翻译: 公开了在网络上的节点之间传送数据的技术。 一些示例性方法包括下载器发起的随机线性网络编码算法。 下载节点可以知道由相邻节点保持的原始数据块,并且下载节点可以请求来自相邻节点的线性的线性组合,线程组合与已经由下载节点已经拥有的块的任何线性组合线性相关。
-
公开(公告)号:US20140047252A1
公开(公告)日:2014-02-13
申请号:US13819267
申请日:2012-05-21
申请人: Nirwan Ansari , Yan Zhang
发明人: Nirwan Ansari , Yan Zhang
IPC分类号: G06F1/32
CPC分类号: G06F1/32 , G06F1/26 , G06F1/3203 , G06F1/3278 , G06F1/3287 , Y02D10/157 , Y02D10/171
摘要: Technologies are presented for power optimization of datacenter networks in a hierarchical perspective. In some examples, a two-level power optimization model may be established to reduce the power consumption of datacenter networks by switching off network switches and links while still guaranteeing full connectivity and maximum link utilization. The model may be implemented by solving a capacitated constraint multi-commodity flow (CMCF) problem employing simple heuristic techniques. A power status of network switches may be determined according to a network traffic matrix and the CMCF optimization determined at core-level and at pod-level. A complementary process to provision whole network connectivity and to meet quality of service (QoS) goals may also be performed.
摘要翻译: 针对数据中心网络的功能优化技术进行了分层分析。 在一些示例中,可以建立两级功率优化模型,以通过关闭网络交换机和链路来减少数据中心网络的功耗,同时仍然保证完全连接和最大链路利用率。 该模型可以通过使用简单的启发式技术来求解容许约束多商品流(CMCF)问题来实现。 网络交换机的电源状态可以根据网络流量矩阵确定,CMCF优化在核心级别和pod级确定。 也可以执行提供整个网络连接和满足服务质量(QoS)目标的补充过程。
-
9.发明申请公开(公告)号:US20130279333A1
公开(公告)日:2013-10-24
申请号:US13653215
申请日:2012-10-16
申请人: Fahd Aharbi , Nirwan Ansari
发明人: Fahd Aharbi , Nirwan Ansari
IPC分类号: H04L12/70
CPC分类号: H04L12/40136 , H04L12/437 , H04L47/10 , H04L47/13 , H04L47/283 , H04L47/30 , H04L47/52
摘要: Implementations and techniques for allocating bandwidth in a resilient packet ring network by a PI-type controller are generally disclosed.
摘要翻译: 通常公开了通过PI型控制器在弹性分组环网中分配带宽的实现和技术。
-
公开(公告)号:US08385231B2
公开(公告)日:2013-02-26
申请号:US12512635
申请日:2009-07-30
申请人: Roberto Rojas-Cessa , Nirwan Ansari , Zhen Qin
发明人: Roberto Rojas-Cessa , Nirwan Ansari , Zhen Qin
IPC分类号: H04L12/28
CPC分类号: H04L45/02 , H04L45/028 , H04L45/04 , H04L45/123 , H04L45/302 , H04L45/48 , H04L45/60
摘要: Techniques are generally disclosed for disseminating link state information to one or more nodes of a network of nodes, the network of nodes interconnected via a plurality of communication channels.
摘要翻译: 通常公开技术来将链路状态信息传播到节点网络的一个或多个节点,节点网络经由多个通信信道互连。
-
-
-
-
-
-
-
-
-
搜索结果
62 条记录 (耗时 0.025 秒)
