公开(公告)号：US07778265B2

公开(公告)日：2010-08-17

申请号：US12132994

申请日：2008-06-04

申请人： Scott Charles Evans ,  Ping Liu ,  Thomas Markham ,  Ishan Prabhath Weerakoon ,  Sergei Dolinsky

发明人： Scott Charles Evans ,  Ping Liu ,  Thomas Markham ,  Ishan Prabhath Weerakoon ,  Sergei Dolinsky

IPC分类号： H04L12/56

CPC分类号： H04L47/6255 ,  H04L47/56 ,  H04L47/623

摘要： A method (300) and apparatus (200) for local adaptive provisioning at a node is disclosed. The method may include determining (320) a per packet latency for a class of packet network traffic in a queue of a plurality of queues for a plurality of classes of packet network traffic at a node, establishing (330) a reward function for the class of packet network traffic based on a packet latency limit, based on the per packet latency, and based on a source rate for the class of packet network traffic, and adjusting (340) provisioning of a queue at the node based on the reward function.

摘要翻译： 公开了一种在节点处进行本地自适应提供的方法（300）和装置（200）。 该方法可以包括为节点处的多个分组网络业务类别的多个队列的队列中确定（320）分组网络业务类别的每个分组等待时间，建立（330）该类别的奖励功能 基于每个分组延迟，并且基于分组网络业务类别的源速率，基于分组等待时间限制的分组网络流量，以及基于所述奖励功能来调整（340）所述节点处的队列的配置。

公开(公告)号：US20090304014A1

公开(公告)日：2009-12-10

申请号：US12132994

申请日：2008-06-04

申请人： Scott Charles Evans ,  Ping Liu ,  Thomas Stephen Markham ,  Ishan Prabhath Weerakoon ,  Sergei Dolinsky

发明人： Scott Charles Evans ,  Ping Liu ,  Thomas Stephen Markham ,  Ishan Prabhath Weerakoon ,  Sergei Dolinsky

IPC分类号： H04L12/56

CPC分类号： H04L47/6255 ,  H04L47/56 ,  H04L47/623

摘要： A method (300) and apparatus (200) for local adaptive provisioning at a node is disclosed. The method may include determining (320) a per packet latency for a class of packet network traffic in a queue of a plurality of queues for a plurality of classes of packet network traffic at a node, establishing (330) a reward function for the class of packet network traffic based on a packet latency limit, based on the per packet latency, and based on a source rate for the class of packet network traffic, and adjusting (340) provisioning of a queue at the node based on the reward function.

摘要翻译： 公开了一种在节点处进行本地自适应提供的方法（300）和装置（200）。 该方法可以包括为节点处的多个分组网络业务类别的多个队列的队列中确定（320）分组网络业务类别的每个分组等待时间，建立（330）该类别的奖励功能 基于每个分组延迟，并且基于分组网络业务类别的源速率，基于分组等待时间限制的分组网络流量，以及基于所述奖励功能来调整（340）所述节点处的队列的配置。

公开(公告)号：US07720065B2

公开(公告)日：2010-05-18

申请号：US12040252

申请日：2008-02-29

申请人： Ping Liu ,  Scott Charles Evans ,  Ishan Prabhath Weerakoon

发明人： Ping Liu ,  Scott Charles Evans ,  Ishan Prabhath Weerakoon

IPC分类号： H04L12/26

CPC分类号： H04L47/10 ,  H04L45/302 ,  H04L47/17 ,  H04L47/2408 ,  H04L47/2416 ,  H04L47/2433 ,  H04L47/2458 ,  H04L47/31 ,  H04L47/32

摘要： A method and apparatus for biasing of network node packet prioritization based on packet content. The method may include marking a packet of data from a data stream of packets. The packet can be marked with a packet type such that subsequent nodes determine the relative priority of the packet with respect to other packets from the same data stream based on the packet type marking. The marked packet can then be transmitted. According to a related corresponding embodiment, a method can include receiving a packet at a node in a network, the node including a plurality of packet queues including a higher priority queue and a lower priority queue. The relative priority of the packet can be determined relative to other packets from the same packet source and intended for the same destination, where the relative priority can be based on the contents of the packet. The relative priority may also be based on a marking of the packet. The packet can be assigned to a higher priority queue based on a higher relative priority of the packet. The assigned packet can then be transmitted.

摘要翻译： 一种用于基于分组内容偏置网络节点分组优先级的方法和装置。 该方法可以包括从分组的数据流标记数据分组。 分组可以被标记为分组类型，使得后续节点基于分组类型标记确定分组相对于来自相同数据流的其他分组的相对优先级。 然后可以发送标记的分组。 根据相应的相应实施例，一种方法可以包括在网络中的节点处接收分组，所述节点包括多个分组队列，包括较高优先级队列和较低优先级队列。 分组的相对优先级可以相对于来自相同分组源的其他分组确定，并且意图用于相同目的地，其中相对优先级可以基于分组的内容。 相对优先级也可以基于分组的标记。 可以基于分组的较高相对优先级将分组分配给较高优先级的队列。 然后可以发送分配的分组。

公开(公告)号：US20090219937A1

公开(公告)日：2009-09-03

申请号：US12040252

申请日：2008-02-29

申请人： Ping LIU ,  Scott Charles Evans ,  Ishan Prabhath Weerakoon

发明人： Ping LIU ,  Scott Charles Evans ,  Ishan Prabhath Weerakoon

IPC分类号： H04L12/56

CPC分类号： H04L47/10 ,  H04L45/302 ,  H04L47/17 ,  H04L47/2408 ,  H04L47/2416 ,  H04L47/2433 ,  H04L47/2458 ,  H04L47/31 ,  H04L47/32

摘要： A method and apparatus for biasing of network node packet prioritization based on packet content. The method may include marking a packet of data from a data stream of packets. The packet can be marked with a packet type such that subsequent nodes determine the relative priority of the packet with respect to other packets from the same data stream based on the packet type marking. The marked packet can then be transmitted. According to a related corresponding embodiment, a method can include receiving a packet at a node in a network, the node including a plurality of packet queues including a higher priority queue and a lower priority queue. The relative priority of the packet can be determined relative to other packets from the same packet source and intended for the same destination, where the relative priority can be based on the contents of the packet. The relative priority may also be based on a marking of the packet. The packet can be assigned to a higher priority queue based on a higher relative priority of the packet. The assigned packet can then be transmitted.

摘要翻译： 一种用于基于分组内容偏置网络节点分组优先级的方法和装置。 该方法可以包括从分组的数据流标记数据分组。 分组可以被标记为分组类型，使得后续节点基于分组类型标记确定分组相对于来自相同数据流的其他分组的相对优先级。 然后可以发送标记的分组。 根据相应的相应实施例，一种方法可以包括在网络中的节点处接收分组，所述节点包括多个分组队列，包括较高优先级队列和较低优先级队列。 分组的相对优先级可以相对于来自相同分组源的其他分组确定，并且意图用于相同目的地，其中相对优先级可以基于分组的内容。 相对优先级也可以基于分组的标记。 可以基于分组的较高相对优先级将分组分配给较高优先级的队列。 然后可以发送分配的分组。

公开(公告)号：US20120284793A1

公开(公告)日：2012-11-08

申请号：US13102899

申请日：2011-05-06

申请人： Eric Steinbrecher ,  Jeremy Impson ,  Bruce Barnett ,  Scott Charles Evans ,  Bernhard Scholz ,  Weizhong Yang ,  Thomas Markham ,  Stephen J. Dill

发明人： Eric Steinbrecher ,  Jeremy Impson ,  Bruce Barnett ,  Scott Charles Evans ,  Bernhard Scholz ,  Weizhong Yang ,  Thomas Markham ,  Stephen J. Dill

IPC分类号： G06F21/00 ,  G06F11/30 ,  G06F15/16

CPC分类号： H04L63/1425 ,  G06F21/552 ,  G06F21/554 ,  H04L63/14 ,  H04L63/1408

摘要： An intrusion detection method, system and computer-readable media are disclosed. The system can include a processor programmed to perform computer network intrusion detection. The intrusion detection can include an identification module and a detection module. The identification module can be adapted to perform semi-supervised machine learning to identify key components of a network attack and develop MDL models representing those attack components. The detection module can cluster the MDL models and use the clustered MDL models to classify network activity and detect polymorphic or zero-day attacks.

摘要翻译： 公开了入侵检测方法，系统和计算机可读介质。 该系统可以包括被编程为执行计算机网络入侵检测的处理器。 入侵检测可以包括识别模块和检测模块。 识别模块可以适用于执行半监督机器学习，以识别网络攻击的关键组件，并开发代表这些攻击组件的MDL模型。 检测模块可以集中MDL模型，并使用群集MDL模型对网络活动进行分类，并检测多态或零日攻击。

公开(公告)号：US20110067106A1

公开(公告)日：2011-03-17

申请号：US12560297

申请日：2009-09-15

申请人： Scott Charles Evans ,  Thomas Markham ,  Richard Bejtlich ,  Jeremy Impson ,  Eric Steinbrecher

发明人： Scott Charles Evans ,  Thomas Markham ,  Richard Bejtlich ,  Jeremy Impson ,  Eric Steinbrecher

IPC分类号： G06F15/173 ,  G06T11/20 ,  G06F21/00 ,  G06F3/048

CPC分类号： H04L63/1416 ,  G06F21/552 ,  H04L43/045

摘要： A network activity visualization system can include a minimum description length (MDL) based network intrusion detection system having an MDL grammar database adapted to store a plurality of MDL grammars, and a pattern matching module adapted to match a received network activity data set against the MDL grammars by calculating a distance of the network activity data set from each MDL grammar. The system can also include an intelligent icon module coupled to the MDL-based intrusion detection system and adapted to receive the MDL grammars and distances of a network data set from each respective MDL grammar, and adapted to generate intelligent icons based on the MDL grammars and distances. The system can further include a display system adapted to display the intelligent icons so as to provide a visual indication of network security.

摘要翻译： 网络活动可视化系统可以包括具有适于存储多个MDL语法的MDL语法数据库的基于最小描述长度（MDL）的网络入侵检测系统，以及适于将接收到的网络活动数据集与MDL匹配的模式匹配模块 通过从每个MDL语法计算网络活动数据集的距离来实现语法。 该系统还可以包括耦合到基于MDL的入侵检测系统并适于从每个相应的MDL语法接收MDL语法和网络数据集的距离的智能图标模块，并适于基于MDL语法生成智能图标， 距离 该系统还可以包括适于显示智能图标的显示系统，以提供网络安全性的可视指示。

公开(公告)号：US08245301B2

公开(公告)日：2012-08-14

申请号：US12560297

申请日：2009-09-15

申请人： Scott Charles Evans ,  Thomas Markham ,  Richard Bejtlich ,  Jeremy Impson ,  Eric Steinbrecher

发明人： Scott Charles Evans ,  Thomas Markham ,  Richard Bejtlich ,  Jeremy Impson ,  Eric Steinbrecher

IPC分类号： G06F21/00

CPC分类号： H04L63/1416 ,  G06F21/552 ,  H04L43/045

摘要： A network activity visualization system can include a minimum description length (MDL) based network intrusion detection system having an MDL grammar database adapted to store a plurality of MDL grammars, and a pattern matching module adapted to match a received network activity data set against the MDL grammars by calculating a distance of the network activity data set from each MDL grammar. The system can also include an intelligent icon module coupled to the MDL-based intrusion detection system and adapted to receive the MDL grammars and distances of a network data set from each respective MDL grammar, and adapted to generate intelligent icons based on the MDL grammars and distances. The system can further include a display system adapted to display the intelligent icons so as to provide a visual indication of network security.

摘要翻译： 网络活动可视化系统可以包括具有适于存储多个MDL语法的MDL语法数据库的基于最小描述长度（MDL）的网络入侵检测系统，以及适于将接收到的网络活动数据集与MDL匹配的模式匹配模块 通过从每个MDL语法计算网络活动数据集的距离来实现语法。 该系统还可以包括耦合到基于MDL的入侵检测系统并适于从每个相应的MDL语法接收MDL语法和网络数据集的距离的智能图标模块，并适于基于MDL语法生成智能图标， 距离 该系统还可以包括适于显示智能图标的显示系统，以提供网络安全性的可视指示。

公开(公告)号：US09106689B2

公开(公告)日：2015-08-11

申请号：US13102899

申请日：2011-05-06

申请人： Eric Steinbrecher ,  Jeremy Impson ,  Bruce Barnett ,  Scott Charles Evans ,  Bernhard Scholz ,  Weizhong Yan ,  Thomas Markham ,  Stephen J. Dill

发明人： Eric Steinbrecher ,  Jeremy Impson ,  Bruce Barnett ,  Scott Charles Evans ,  Bernhard Scholz ,  Weizhong Yan ,  Thomas Markham ,  Stephen J. Dill

IPC分类号： H04L29/06 ,  G06F21/55

CPC分类号： H04L63/1425 ,  G06F21/552 ,  G06F21/554 ,  H04L63/14 ,  H04L63/1408

摘要： An intrusion detection method, system and computer-readable media are disclosed. The system can include a processor programmed to perform computer network intrusion detection. The intrusion detection can include an identification module and a detection module. The identification module can be adapted to perform semi-supervised machine learning to identify key components of a network attack and develop MDL models representing those attack components. The detection module can cluster the MDL models and use the clustered MDL models to classify network activity and detect polymorphic or zero-day attacks.

摘要翻译： 公开了入侵检测方法，系统和计算机可读介质。 该系统可以包括被编程为执行计算机网络入侵检测的处理器。 入侵检测可以包括识别模块和检测模块。 识别模块可以适用于执行半监督机器学习，以识别网络攻击的关键组件，并开发代表这些攻击组件的MDL模型。 检测模块可以集中MDL模型，并使用群集MDL模型对网络活动进行分类，并检测多态或零日攻击。

公开(公告)号：US07839840B2

公开(公告)日：2010-11-23

申请号：US11442159

申请日：2006-05-30

申请人： Marc Robert Pearlman ,  Scott Charles Evans ,  Michael James Hartman ,  Asavari Rothe

发明人： Marc Robert Pearlman ,  Scott Charles Evans ,  Michael James Hartman ,  Asavari Rothe

IPC分类号： H04L12/28 ,  G06F15/173

CPC分类号： H04L45/02

摘要： A method and system for routing traffic in a communication network is disclosed that may include assigning each node in a network a first subset of route repository nodes and a second subset of route repository nodes, querying the second subset of route repository nodes in order to obtain route information that is stored in the second subset of route repository nodes, computing route information by applying a route computation algorithm to the first subset of route repository nodes, and routing traffic in the communication network based on the route information obtained from the second subset of route repository nodes and the route information computed using the first subset of route repository nodes.

摘要翻译： 公开了一种用于在通信网络中路由业务的方法和系统，其可以包括为网络中的每个节点分配路由存储库节点的第一子集和路由存储库节点的第二子集，查询路由库节点的第二子集以获得 存储在路由存储库节点的第二子集中的路由信息​​，通过将路由计算算法应用于路由库节点的第一子集来计算路由信息，以及基于从第二子集的第二子集获得的路由信息​​来路由通信网络中的业务 路由存储库节点和使用路由存储库节点的第一子集计算的路由信息​​。

公开(公告)号：US07068612B2

公开(公告)日：2006-06-27

申请号：US10373575

申请日：2003-02-25

申请人： Ertugrul Berkcan ,  Daniel White Sexton ,  Scott Charles Evans ,  Marc Robert Pearlman ,  Emad Andarawis Andarawis ,  William James Premerlani

发明人： Ertugrul Berkcan ,  Daniel White Sexton ,  Scott Charles Evans ,  Marc Robert Pearlman ,  Emad Andarawis Andarawis ,  William James Premerlani

IPC分类号： H04L12/26

CPC分类号： H02H7/262 ,  G06F1/12 ,  G06F3/05 ,  H01H83/20 ,  H01H2300/03 ,  H02H1/0061 ,  H02H3/006 ,  H02H3/05 ,  H02H7/261 ,  H02H7/263 ,  H02H7/30 ,  H02J3/00 ,  H02J3/005 ,  H02J3/12 ,  H02J13/001 ,  H02J13/002 ,  H02J13/0024 ,  H02J13/0055 ,  H02J13/0062 ,  H02J13/0072 ,  H02J13/0079 ,  H02J13/0086 ,  H02J2003/001 ,  H02J2003/007 ,  H02J2003/146 ,  H04J3/0658 ,  H04J3/0661 ,  H04L1/0002 ,  H04L1/0018 ,  H04L41/0253 ,  H04L43/00 ,  H04L43/06 ,  H04L43/0817 ,  H04L47/10 ,  Y02B70/3241 ,  Y02B90/224 ,  Y02B90/2615 ,  Y02B90/2623 ,  Y02B90/2638 ,  Y02B90/2646 ,  Y02D50/10 ,  Y02P80/11 ,  Y04S10/40 ,  Y04S20/14 ,  Y04S20/224 ,  Y04S20/227 ,  Y04S40/121 ,  Y04S40/122 ,  Y04S40/124 ,  Y04S40/125 ,  Y04S40/168 ,  Y10T307/25 ,  Y10T307/461 ,  Y10T307/469 ,  Y10T307/549 ,  Y10T307/937 ,  Y10T307/957

摘要： A method for communicating information bundled in digital message packets via a digital network communication system is provided. The digital network communication system a sample source and each packet includes a header and a communication payload area. The method includes sampling the source at a first sample rate, selecting at least one decimation of the samples based on at least one of a plurality of algorithmic data rates and a channel bandwidth, determining a packet rate based on a plurality of algorithmic latency requirements, and transmitting the digital message packet containing decimated data on the digital network.