公开(公告)号：US07707633B2

公开(公告)日：2010-04-27

申请号：US11871188

申请日：2007-10-12

申请人： Robert William Danford ,  Kenneth M. Farmer ,  Clark Debs Jeffries ,  Robert B. Sisk ,  Michael A. Walter

发明人： Robert William Danford ,  Kenneth M. Farmer ,  Clark Debs Jeffries ,  Robert B. Sisk ,  Michael A. Walter

IPC分类号： G06F11/30 ,  G08B23/00 ,  G06F11/18

CPC分类号： H04L63/1458

摘要： A method of progressive response for invoking and suspending blocking measures that defend against network anomalies such as malicious network traffic so that false positives and false negatives are minimized. When an anomaly is detected, the detector notifies protective equipment such as a firewall or a router to invoke a blocking measure. The blocking measure is maintained for an initial duration, after which it is suspended while another test for the anomaly is made. If the anomaly is no longer evident, the method returns to the state of readiness. Otherwise, a loop is executed to re-apply the blocking measure for a specified duration, then suspend the blocking measure and test again for the anomaly. If the anomaly is detected, the blocking measure is re-applied, and its duration is adapted. If the anomaly is no longer detected, the method returns to the state of readiness.

摘要翻译： 一种逐步响应的方法，用于调用和中止阻止网络异常（如恶意网络流量）的阻塞措施，从而最大限度地减少误报和假阴性。 当检测到异常时，检测器通知防火墙或路由器等防护设备调用阻塞措施。 阻塞措施保持初始持续时间，之后暂停，并进行另一次异常测试。 如果异常不再明显，则返回到准备状态。 否则，执行一个循环以在指定的持续时间内重新应用阻塞度量，然后暂停阻塞度量并再次测试异常。 如果检测到异常，则重新应用阻塞措施，并适应其持续时间。 如果不再检测到异常，则该方法返回到准备状态。

公开(公告)号：US07308716B2

公开(公告)日：2007-12-11

申请号：US10442008

申请日：2003-05-20

申请人： Robert William Danford ,  Kenneth M. Farmer ,  Clark Debs Jeffries ,  Robert B. Sisk ,  Michael A. Walter

发明人： Robert William Danford ,  Kenneth M. Farmer ,  Clark Debs Jeffries ,  Robert B. Sisk ,  Michael A. Walter

IPC分类号： G06F15/08 ,  G08B23/00

CPC分类号： H04L63/1458

摘要： A method of progressive response for invoking and suspending blocking measures that defend against network anomalies such as malicious network traffic so that false positives and false negatives are minimized. When an anomaly is detected, the detector notifies protective equipment such as a firewall or a router to invoke a blocking measure. The blocking measure is maintained for an initial duration, after which it is suspended while another test for the anomaly is made. If the anomaly is no longer evident, the method returns to the state of readiness. Otherwise, a loop is executed to re-applying the blocking measure for a specified duration, then suspend the blocking measure and test again for the anomaly. If the anomaly is detected, the blocking measure is re-applied, and its duration is adapted. If the anomaly is no longer detected, the method returns to the state of readiness.

摘要翻译： 一种逐步响应的方法，用于调用和中止阻止网络异常（如恶意网络流量）的阻塞措施，从而最大限度地减少误报和假阴性。 当检测到异常时，检测器通知防火墙或路由器等防护设备调用阻塞措施。 阻塞措施保持初始持续时间，之后暂停，并进行另一次异常测试。 如果异常不再明显，则返回到准备状态。 否则，执行一个循环以在特定持续时间内重新应用阻塞度量，然后暂停阻塞度量并再次测试异常。 如果检测到异常，则重新应用阻塞措施，并适应其持续时间。 如果不再检测到异常，则该方法返回到准备状态。