-
公开(公告)号:US07843827B2
公开(公告)日:2010-11-30
申请号:US11641431
申请日:2006-12-19
申请人: Paul T. Hurley , Andreas Kind
发明人: Paul T. Hurley , Andreas Kind
IPC分类号: H04L12/26
CPC分类号: H04L43/00 , H04L41/0213 , H04L43/022
摘要: A method for configuring network device adapted to process network traffic comprising a plurality of network flows and to export network flow information. For configuring the network device, a copy of the network traffic that is processed by the network device is created. A simulation of a process of collecting the network flow information using the copy of the network traffic is performed. Based on the results of the simulation, a preferred information collection scheme is determined. The network device is then configured to collect the network flow information to be exported according to the preferred information collection scheme.
摘要翻译: 一种用于配置适于处理包括多个网络流的网络流量并且输出网络流信息的网络设备的方法。 为了配置网络设备,创建了由网络设备处理的网络流量的副本。 执行使用网络业务的副本收集网络流信息的过程的模拟。 基于模拟结果,确定优选的信息收集方案。 然后,网络设备被配置为根据优选信息收集方案收集要导出的网络流信息。
-
2.发明申请METHODS, SYSTEMS AND COMPUTER PROGRAM PRODUCTS FOR DETECTING FLOW-LEVEL NETWORK TRAFFIC ANOMALIES VIA ABSTRACTION LEVELS 失效用于检测流量网络交通异常的方法,系统和计算机程序产品通过抽取级别公开(公告)号:US20090245109A1
公开(公告)日:2009-10-01
申请号:US12056583
申请日:2008-03-27
申请人: Paul T. Hurley , Andreas Kind , Marc Ph. Stoecklin
发明人: Paul T. Hurley , Andreas Kind , Marc Ph. Stoecklin
IPC分类号: H04L12/26
CPC分类号: H04L43/026 , H04L41/142
摘要: Methods, systems and computer program products for detecting flow-level network traffic anomalies via abstraction levels. An exemplary embodiment includes a method for detecting flow-level network traffic anomalies in a computer network, the method including obtaining current distributions of flow level traffic features within the computer network, computing distances of the current distributions' components from a distributions model, comparing the distances of the current distributions to distance baselines from the distributions model, determining if the distances are above a pre-determined thresholds and in response to one or more of the distances being above the pre-determined thresholds in one or more distributions, identifying the current condition to be abnormal and providing indications to its nature.
摘要翻译: 用于通过抽象级别检测流量级网络流量异常的方法,系统和计算机程序产品。 示例性实施例包括一种用于检测计算机网络中的流量级网络流量异常的方法,所述方法包括获得计算机网络内的流量级别业务特征的当前分布,从分布模型计算当前分布组件的距离, 当前分布与分布模型的距离基线的距离,确定距离是否高于预定阈值,并且响应于一个或多个距离在一个或多个分布中高于预定阈值,识别当前 情况异常,并提供适应症。
-
3.发明授权Methods, systems and computer program products for detecting flow-level network traffic anomalies via abstraction levels 失效用于通过抽象级别检测流量级网络流量异常的方法,系统和计算机程序产品公开(公告)号:US07962611B2
公开(公告)日:2011-06-14
申请号:US12056583
申请日:2008-03-27
申请人: Paul T. Hurley , Andreas Kind , Marc Ph. Stoecklin
发明人: Paul T. Hurley , Andreas Kind , Marc Ph. Stoecklin
IPC分类号: G06F15/173
CPC分类号: H04L43/026 , H04L41/142
摘要: Methods, systems and computer program products for detecting flow-level network traffic anomalies via abstraction levels. An exemplary embodiment includes a method for detecting flow-level network traffic anomalies in a computer network, the method including obtaining current distributions of flow level traffic features within the computer network, computing distances of the current distributions' components from a distributions model, comparing the distances of the current distributions to distance baselines from the distributions model, determining if the distances are above a pre-determined thresholds and in response to one or more of the distances being above the pre-determined thresholds in one or more distributions, identifying the current condition to be abnormal and providing indications to its nature.
摘要翻译: 用于通过抽象级别检测流量级网络流量异常的方法,系统和计算机程序产品。 示例性实施例包括一种用于检测计算机网络中的流量级网络流量异常的方法,所述方法包括获得计算机网络内的流量级别业务特征的当前分布,从分布模型计算当前分布组件的距离, 当前分布与分布模型的距离基线的距离,确定距离是否高于预定阈值,并且响应于一个或多个距离在一个或多个分布中高于预定阈值,识别当前 情况异常,并提供适应症。
-
4.发明申请APPARATUS AND METHOD FOR TIME-SERIES STORAGE WITH COMPRESSION ACCURACY AS A FUNCTION OF TIME 有权具有压缩精度的时间序列存储的设备和方法作为时间的函数公开(公告)号:US20090063603A1
公开(公告)日:2009-03-05
申请号:US11846966
申请日:2007-08-29
申请人: Patrick Droz , Paul T. Hurley , Andreas Kind
发明人: Patrick Droz , Paul T. Hurley , Andreas Kind
IPC分类号: G06F17/14
CPC分类号: H03M7/30
摘要: The present invention provides a system and method for time-series with compression accuracy as a function of time. Briefly described, in architecture, one embodiment of the system, among others, can be implemented as follows. The system includes a computer with a processor. The system performs a method receiving a data set on the computer, utilizing a plurality of filter banks to transform the data set into a plurality coefficients, wherein each coefficient is associated with a basis function, and quantizing the plurality of coefficients, wherein the quantization maps the plurality of coefficients into certain value ranges. Then, system further performs determining a threshold based upon each coefficient effect on a time domain, disregarding the coefficient that fall below the threshold, and storing any remaining coefficients as compressed data for the data set.
摘要翻译: 本发明提供了一种以压缩精度为时间的时间序列的系统和方法。 简要描述,在架构中,系统的一个实施例等可以如下实现。 该系统包括具有处理器的计算机。 系统执行在计算机上接收数据集的方法,利用多个滤波器组将数据集转换为多个系数,其中每个系数与基函数相关联,并量化多个系数,其中量化映射 将多个系数转换成特定值范围。 然后,系统进一步基于时域上的每个系数效应来确定阈值,忽略低于阈值的系数,并且存储任何剩余系数作为数据集的压缩数据。
-
公开(公告)号:US07937388B2
公开(公告)日:2011-05-03
申请号:US12194784
申请日:2008-08-20
IPC分类号: G06F7/00
CPC分类号: H04L41/142 , H04L43/00 , H04L43/026 , H04L43/16
摘要: A method for probabilistic lossy counting includes: for each element in a current window, determining whether an entry corresponding to a current element is present in a table; in the event an entry corresponding to the current element is present in the table, incrementing a frequency counter associated with the current element; otherwise, inserting an entry into a table, wherein inserting an entry comprises: calculating a probabilistic error bound Δ based on an index i of the current window; and inserting the probabilistic error bound Δ and a frequency counter into an entry corresponding to the current element in the table; and at the end of the current window, removing all elements from the table wherein the sum of the frequency counter and probabilistic error bound Δ associated with the element is less than or equal to the index of the current window.
摘要翻译: 概率有损计数的方法包括:对于当前窗口中的每个元素,确定对应于当前元素的入口是否存在于表中; 在表中存在对应于当前元素的条目的情况下,增加与当前元素相关联的频率计数器; 否则,将条目插入到表中,其中插入条目包括:计算概率误差界限&Dgr; 基于当前窗口的索引i; 并插入概率误差界限&Dgr; 以及与表中的当前元素相对应的条目的频率计数器; 并且在当前窗口的末尾,从表中移除所有元素,其中频率计数器和概率误差的总和&Dgr; 与元素关联的小于或等于当前窗口的索引。
-
6.发明授权Method, device and computer program product for determining a malicious workload pattern 失效用于确定恶意工作负载模式的方法,设备和计算机程序产品公开(公告)号:US07958559B2
公开(公告)日:2011-06-07
申请号:US11613085
申请日:2006-12-19
申请人: Paul T. Hurley , Andreas Kind
发明人: Paul T. Hurley , Andreas Kind
IPC分类号: H04L29/00
CPC分类号: G06F21/552
摘要: For determining a malicious workload pattern, the following steps are conducted. A training set of workload patterns is collected during a predetermined workload situation. A subset of the training set is being determined as an archetype set, the archetype set being considered to be representative of the predetermined workload situation. A threshold value dependent on the training set and the archetype set, and an evaluation value dependent on a given workload pattern and the archetype set are calculated. The given workload pattern is determined to be malicious if the evaluation value fulfils a given condition with respect to the threshold value.
摘要翻译: 为了确定恶意工作负载模式,执行以下步骤。 在预定的工作负载情况下收集一组工作负载模式。 训练集的一个子集被确定为原型集合,原型集合被认为是代表预定工作负载情况。 计算取决于训练集和原型集合的阈值,并且计算取决于给定工作负载模式和原型集合的评估值。 如果评估值相对于阈值满足给定条件,则给定的工作负载模式被确定为恶意的。
-
7.发明授权Apparatus and method for time-series storage with compression accuracy as a function of time 有权时间序列存储的装置和方法,以压缩精度为时间公开(公告)号:US08271566B2
公开(公告)日:2012-09-18
申请号:US11846966
申请日:2007-08-29
申请人: Patrick Droz , Paul T. Hurley , Andreas Kind
发明人: Patrick Droz , Paul T. Hurley , Andreas Kind
IPC分类号: G06F7/00
CPC分类号: H03M7/30
摘要: The present invention provides a system and method for time-series with compression accuracy as a function of time. Briefly described, in architecture, one embodiment of the system, among others, can be implemented as follows. The system includes a computer with a processor. The system performs a method receiving a data set on the computer, utilizing a plurality of filter banks to transform the data set into a plurality coefficients, wherein each coefficient is associated with a basis function, and quantizing the plurality of coefficients, wherein the quantization maps the plurality of coefficients into certain value ranges. Then, system further performs determining a threshold based upon each coefficient effect on a time domain, disregarding the coefficient that fall below the threshold, and storing any remaining coefficients as compressed data for the data set.
摘要翻译: 本发明提供了一种以压缩精度为时间的时间序列的系统和方法。 简要描述,在架构中,系统的一个实施例等可以如下实现。 该系统包括具有处理器的计算机。 系统执行在计算机上接收数据集的方法,利用多个滤波器组将数据集转换成多个系数,其中每个系数与基函数相关联,并量化多个系数,其中量化映射 将多个系数转换成特定值范围。 然后,系统进一步基于时域上的每个系数效应来确定阈值,忽略低于阈值的系数,并且存储任何剩余系数作为数据集的压缩数据。
-
公开(公告)号:US20100049700A1
公开(公告)日:2010-02-25
申请号:US12194784
申请日:2008-08-20
CPC分类号: H04L41/142 , H04L43/00 , H04L43/026 , H04L43/16
摘要: A method for probabilistic lossy counting includes: for each element in a current window, determining whether an entry corresponding to a current element is present in a table; in the event an entry corresponding to the current element is present in the table, incrementing a frequency counter associated with the current element; otherwise, inserting an entry into a table, wherein inserting an entry comprises: calculating a probabilistic error bound Δ based on an index i of the current window; and inserting the probabilistic error bound Δ and a frequency counter into an entry corresponding to the current element in the table; and at the end of the current window, removing all elements from the table wherein the sum of the frequency counter and probabilistic error bound Δ associated with the element is less than or equal to the index of the current window.
摘要翻译: 概率有损计数的方法包括:对于当前窗口中的每个元素,确定对应于当前元素的条目是否存在于表中; 在表中存在对应于当前元素的条目的情况下,增加与当前元素相关联的频率计数器; 否则,将条目插入到表中,其中插入条目包括:计算概率误差界限&Dgr; 基于当前窗口的索引i; 并插入概率误差界限&Dgr; 以及与表中的当前元素相对应的条目的频率计数器; 并且在当前窗口的末尾,从表中移除所有元素,其中频率计数器和概率误差的总和&Dgr; 与元素关联的小于或等于当前窗口的索引。
-
公开(公告)号:US09392009B2
公开(公告)日:2016-07-12
申请号:US12281357
申请日:2007-03-01
申请人: Patrick Droz , Robert Haas , Andreas Kind
发明人: Patrick Droz , Robert Haas , Andreas Kind
CPC分类号: H04L63/1425 , H04L43/04 , H04W76/27
摘要: Network flow records from various administrative domains are provided to a network monitoring entity. The network monitoring entity analyzes the network flow records in a way to locate a source of malicious network flow.
摘要翻译: 来自各个管理域的网络流记录被提供给网络监控实体。 网络监控实体以定位恶意网络流源的方式分析网络流记录。
-
10.发明申请公开(公告)号:US20100214947A1
公开(公告)日:2010-08-26
申请号:US12391556
申请日:2009-02-24
CPC分类号: H04L41/12
摘要: A method for determination of a network topology includes generating a list of device sets for a destination; removing any duplicate device sets from the list; creating a tree for the destination by introducing a root node into the tree; sorting the list of device sets for the destination by length; removing the shortest device set from the list; introducing a new node representing the shortest device set into the tree; determining whether a node in the tree represents a maximum length subset of the shortest device set, and in the event that a node is determined, connecting the new node to the determined node, or else connecting the new node to the root node; setting the identifier of the introduced node to a list of members of the shortest device set that are not included in the maximum length subset of the determined node.
摘要翻译: 一种用于确定网络拓扑的方法包括生成目的地的设备集列表; 从列表中删除任何重复的设备集合; 通过将根节点引入到树中为目的地创建树; 按长度对目的地的设备集列表进行排序; 从列表中删除最短的设备集; 将表示最短设备集的新节点引入到树中; 确定树中的节点是否表示最短设备集合的最大长度子集,并且在确定节点的情况下,将新节点连接到确定的节点,或者将新节点连接到根节点; 将引入的节点的标识符设置为不包括在所确定的节点的最大长度子集中的最短设备集的成员的列表。
-
-
-
-
-
-
-
-
-
搜索结果
54 条记录 (耗时 0.018 秒)
