-
1.发明申请METHOD, DEVICE AND COMPUTER PROGRAM PRODUCT FOR DETERMINING A MALICIOUS WORKLOAD PATTERN 失效用于确定恶意工作模式的方法,设备和计算机程序产品公开(公告)号:US20070156771A1
公开(公告)日:2007-07-05
申请号:US11613085
申请日:2006-12-19
申请人: Paul Hurley , Andreas Kind
发明人: Paul Hurley , Andreas Kind
IPC分类号: G06F17/30
CPC分类号: G06F21/552
摘要: For determining a malicious workload pattern, the following steps are conducted. A training set of workload patterns is collected during a predetermined workload situation. A subset of the training set is being determined as an archetype set, the archetype set being considered to be representative of the predetermined workload situation. A threshold value dependent on the training set and the archetype set, and an evaluation value dependent on a given workload pattern and the archetype set are calculated. The given workload pattern is determined to be malicious if the evaluation value fulfils a given condition with respect to the threshold value.
摘要翻译: 为了确定恶意工作负载模式,执行以下步骤。 在预定的工作负载情况下收集一组工作负载模式。 训练集的一个子集被确定为原型集合,原型集合被认为是代表预定工作负载情况。 计算取决于训练集和原型集合的阈值,并且计算取决于给定工作负载模式和原型集合的评估值。 如果评估值相对于阈值满足给定条件,则给定的工作负载模式被确定为恶意的。
-
公开(公告)号:US20070147246A1
公开(公告)日:2007-06-28
申请号:US11641431
申请日:2006-12-19
申请人: Paul Hurley , Andreas Kind
发明人: Paul Hurley , Andreas Kind
CPC分类号: H04L43/00 , H04L41/0213 , H04L43/022
摘要: A method for configuring network device adapted to process network traffic comprising a plurality of network flows and to export network flow information. For configuring the network device, a copy of the network traffic that is processed by the network device is created. A simulation of a process of collecting the network flow information using the copy of the network traffic is performed. Based on the results of the simulation, a preferred information collection scheme is determined. The network device is then configured to collect the network flow information to be exported according to the preferred information collection scheme.
摘要翻译: 一种用于配置适于处理包括多个网络流的网络流量并且输出网络流信息的网络设备的方法。 为了配置网络设备,创建了由网络设备处理的网络流量的副本。 执行使用网络业务的副本收集网络流信息的过程的模拟。 基于模拟结果,确定优选的信息收集方案。 然后,网络设备被配置为根据优选信息收集方案收集要导出的网络流信息。
-
公开(公告)号:US07911975B2
公开(公告)日:2011-03-22
申请号:US12198747
申请日:2008-08-26
申请人: Patrick Droz , Paul Hurley , Andreas Kind , Marc Stoecklin
发明人: Patrick Droz , Paul Hurley , Andreas Kind , Marc Stoecklin
IPC分类号: H04L12/28
CPC分类号: H04L43/028 , H04L43/024 , H04L43/045 , H04L43/067
摘要: A system and method for monitoring packetized traffic flow in a network and enabling approximation of the rate information of a network flow. The method for monitoring network traffic flow includes receiving, at a network packet flow collector device, packetized traffic flow signals to be monitored; sampling said received packetized traffic flow signals in time to form an approximation of the packet flow rate in time; generating packet flow activity data comprising data representing the sampled traffic flow signals sampled in time; communicating the packet flow activity data to a network packet flow analyzer device and processing the flow activity data to form signals representing an approximate version of the network traffic flow in the network, the analyzer processing the traffic flow signals for reconstructing the rate of the netflow as a function of time. The flow analyzer then generates a compressed version of the network traffic flow signals in the network, the compressed network traffic flow signals comprising relevant approximation of the packet flow rate in time.
摘要翻译: 一种用于监视网络中的分组业务流的系统和方法,并且能够近似网络流的速率信息。 用于监视网络流量流的方法包括:在网络分组流收集器设备处接收要监视的分组化业务流信号; 及时对所接收的分组业务流信号进行采样,以及时形成分组流量的近似值; 生成包含表示在时间上采样的采样业务流信号的数据的分组流活动数据; 将分组流活动数据传送到网络分组流分析器装置,并处理流动活动数据以形成表示网络中的网络业务流的近似版本的信号,分析器处理业务流信号以重建网流的速率为 时间的功能。 流量分析器随后生成网络中的网络流量信号的压缩版本,压缩网络流量信号包括时间上的分组流速的相关近似。
-
公开(公告)号:US20100054151A1
公开(公告)日:2010-03-04
申请号:US12198747
申请日:2008-08-26
申请人: Patrick Droz , Paul Hurley , Andreas Kind , Marc Stoecklin
发明人: Patrick Droz , Paul Hurley , Andreas Kind , Marc Stoecklin
IPC分类号: H04L12/26
CPC分类号: H04L43/028 , H04L43/024 , H04L43/045 , H04L43/067
摘要: A system and method for monitoring packetized traffic flow in a network and enabling approximation of the rate information of a network flow. The method for monitoring network traffic flow includes receiving, at a network packet flow collector device, packetized traffic flow signals to be monitored; sampling said received packetized traffic flow signals in time to form an approximation of the packet flow rate in time; generating packet flow activity data comprising data representing the sampled traffic flow signals sampled in time; communicating the packet flow activity data to a network packet flow analyzer device and processing the flow activity data to form signals representing an approximate version of the network traffic flow in the network, the analyzer processing the traffic flow signals for reconstructing the rate of the netflow as a function of time. The flow analyzer then generates a compressed version of the network traffic flow signals in the network, the compressed network traffic flow signals comprising relevant approximation of the packet flow rate in time.
摘要翻译: 一种用于监视网络中的分组业务流的系统和方法,并且能够近似网络流的速率信息。 用于监视网络流量流的方法包括:在网络分组流收集器设备处接收要监视的分组化业务流信号; 及时对所接收的分组业务流信号进行采样,以及时形成分组流量的近似值; 生成包含表示在时间上采样的采样业务流信号的数据的分组流活动数据; 将分组流活动数据传送到网络分组流分析器装置,并处理流动活动数据以形成表示网络中的网络业务流的近似版本的信号,分析器处理业务流信号以重建网流的速率为 时间的功能。 流量分析器随后生成网络中的网络流量信号的压缩版本,压缩网络流量信号包括时间上分组流速的相关近似。
-
公开(公告)号:US09392009B2
公开(公告)日:2016-07-12
申请号:US12281357
申请日:2007-03-01
申请人: Patrick Droz , Robert Haas , Andreas Kind
发明人: Patrick Droz , Robert Haas , Andreas Kind
CPC分类号: H04L63/1425 , H04L43/04 , H04W76/27
摘要: Network flow records from various administrative domains are provided to a network monitoring entity. The network monitoring entity analyzes the network flow records in a way to locate a source of malicious network flow.
摘要翻译: 来自各个管理域的网络流记录被提供给网络监控实体。 网络监控实体以定位恶意网络流源的方式分析网络流记录。
-
公开(公告)号:US07843827B2
公开(公告)日:2010-11-30
申请号:US11641431
申请日:2006-12-19
申请人: Paul T. Hurley , Andreas Kind
发明人: Paul T. Hurley , Andreas Kind
IPC分类号: H04L12/26
CPC分类号: H04L43/00 , H04L41/0213 , H04L43/022
摘要: A method for configuring network device adapted to process network traffic comprising a plurality of network flows and to export network flow information. For configuring the network device, a copy of the network traffic that is processed by the network device is created. A simulation of a process of collecting the network flow information using the copy of the network traffic is performed. Based on the results of the simulation, a preferred information collection scheme is determined. The network device is then configured to collect the network flow information to be exported according to the preferred information collection scheme.
摘要翻译: 一种用于配置适于处理包括多个网络流的网络流量并且输出网络流信息的网络设备的方法。 为了配置网络设备,创建了由网络设备处理的网络流量的副本。 执行使用网络业务的副本收集网络流信息的过程的模拟。 基于模拟结果,确定优选的信息收集方案。 然后,网络设备被配置为根据优选信息收集方案收集要导出的网络流信息。
-
公开(公告)号:US20100214947A1
公开(公告)日:2010-08-26
申请号:US12391556
申请日:2009-02-24
CPC分类号: H04L41/12
摘要: A method for determination of a network topology includes generating a list of device sets for a destination; removing any duplicate device sets from the list; creating a tree for the destination by introducing a root node into the tree; sorting the list of device sets for the destination by length; removing the shortest device set from the list; introducing a new node representing the shortest device set into the tree; determining whether a node in the tree represents a maximum length subset of the shortest device set, and in the event that a node is determined, connecting the new node to the determined node, or else connecting the new node to the root node; setting the identifier of the introduced node to a list of members of the shortest device set that are not included in the maximum length subset of the determined node.
摘要翻译: 一种用于确定网络拓扑的方法包括生成目的地的设备集列表; 从列表中删除任何重复的设备集合; 通过将根节点引入到树中为目的地创建树; 按长度对目的地的设备集列表进行排序; 从列表中删除最短的设备集; 将表示最短设备集的新节点引入到树中; 确定树中的节点是否表示最短设备集合的最大长度子集,并且在确定节点的情况下,将新节点连接到确定的节点,或者将新节点连接到根节点; 将引入的节点的标识符设置为不包括在所确定的节点的最大长度子集中的最短设备集的成员的列表。
-
8.发明申请METHODS, SYSTEMS AND COMPUTER PROGRAM PRODUCTS FOR DETECTING FLOW-LEVEL NETWORK TRAFFIC ANOMALIES VIA ABSTRACTION LEVELS 失效用于检测流量网络交通异常的方法,系统和计算机程序产品通过抽取级别公开(公告)号:US20090245109A1
公开(公告)日:2009-10-01
申请号:US12056583
申请日:2008-03-27
申请人: Paul T. Hurley , Andreas Kind , Marc Ph. Stoecklin
发明人: Paul T. Hurley , Andreas Kind , Marc Ph. Stoecklin
IPC分类号: H04L12/26
CPC分类号: H04L43/026 , H04L41/142
摘要: Methods, systems and computer program products for detecting flow-level network traffic anomalies via abstraction levels. An exemplary embodiment includes a method for detecting flow-level network traffic anomalies in a computer network, the method including obtaining current distributions of flow level traffic features within the computer network, computing distances of the current distributions' components from a distributions model, comparing the distances of the current distributions to distance baselines from the distributions model, determining if the distances are above a pre-determined thresholds and in response to one or more of the distances being above the pre-determined thresholds in one or more distributions, identifying the current condition to be abnormal and providing indications to its nature.
摘要翻译: 用于通过抽象级别检测流量级网络流量异常的方法,系统和计算机程序产品。 示例性实施例包括一种用于检测计算机网络中的流量级网络流量异常的方法,所述方法包括获得计算机网络内的流量级别业务特征的当前分布,从分布模型计算当前分布组件的距离, 当前分布与分布模型的距离基线的距离,确定距离是否高于预定阈值,并且响应于一个或多个距离在一个或多个分布中高于预定阈值,识别当前 情况异常,并提供适应症。
-
公开(公告)号:US07142552B2
公开(公告)日:2006-11-28
申请号:US10117814
申请日:2002-04-08
申请人: Clark Debs Jeffries , Andreas Kind
发明人: Clark Debs Jeffries , Andreas Kind
CPC分类号: H04L47/32 , H04L47/10 , H04L47/11 , H04L47/2441 , H04L47/263 , H04L47/30 , H04L47/762 , H04L47/805 , Y02D50/10
摘要: A method and system for controlling a plurality of pipes in a computer network, including at least one processor for a switch, the at least one processor having a queue, the plurality of pipes utilizing the queue for transmitting traffic through the switch, wherein each pipe is assigned a priority ranking class, each class has a unique priority rank with respect to each of the other classes, the ranks ranging from a highest priority rank to a lowest priority rank. A transmission probability is calculated for each pipe responsive to its priority rank. If excess bandwidth exists for the queue, the transmission probability of each pipe is linearly increased. Alternatively, if excess bandwidth does not exist, the transmission probability for each pipe is exponentially decreased. Packets are transferred from a pipe to the queue responsive to the pipe transmission probability and priority rank.
-
公开(公告)号:US20130013769A1
公开(公告)日:2013-01-10
申请号:US13614959
申请日:2012-09-13
申请人: Andreas Kind , Thomas R. Locher
发明人: Andreas Kind , Thomas R. Locher
IPC分类号: G06F15/173
CPC分类号: G06F21/552 , H04L63/1416
摘要: A data traffic monitor for determining a heavy distinct hitter (HDH) in a data stream, the data stream comprising a plurality of element-value (e,v) pairs, includes a HDH module, the HDH module configured to receive the plurality of (e,v) pairs from the data stream; and a counter block in communication with the HDH module, the counter block comprising a plurality of hash functions, and further comprising a respective pair of distinct counting primitives associated with each hash function of the plurality of hash functions, wherein each of the plurality of (e,v) pairs is added to one of the distinct counting primitives of the respective pair of distinct counting primitives for each of the plurality of hash functions in each of the plurality of counter blocks.
摘要翻译: 一种数据流量监视器,用于确定数据流中重度不同的击打者(HDH),所述数据流包括多个元素值(e,v)对,所述数据流包括HDH模块,所述HDH模块被配置为接收所述多个 e,v)对数据流; 以及与HDH模块通信的计数器块,所述计数器块包括多个散列函数,并且还包括与所述多个散列函数的每个散列函数相关联的相应的一对不同的计数基元,其中,所述多个( e,v)对被添加到用于多个计数器块中的每一个中的多个散列函数中的每一个的相应的一对不同计数基元的不同计数基元之一。
-
-
-
-
-
-
-
-
-
搜索结果
54 条记录 (耗时 0.021 秒)
