-
公开(公告)号:US08020207B2
公开(公告)日:2011-09-13
申请号:US11656434
申请日:2007-01-23
申请人: Stanley TaiHai Chow , Jean-Marc Robert , Kevin McNamee , Douglas Wiemer , Bradley Kenneth McFarlane
发明人: Stanley TaiHai Chow , Jean-Marc Robert , Kevin McNamee , Douglas Wiemer , Bradley Kenneth McFarlane
IPC分类号: G06F12/14
CPC分类号: H04L63/1416 , H04L63/1458
摘要: A malware detection and response system based on traffic pattern anomalies detection is provided, whereby packets associated with a variety of protocols on each port of a network element are counted distinctly for each direction. Such packets include: ARP requests, TCP/SYN requests and acknowledgements, TCP/RST packets, DNS/NETBEUI name lookups, out-going ICMP packets, UDP packets, etc. When a packet causes an individual count or combination of counts to exceed a threshold, appropriate action is taken. The system can be incorporated into the fast path, that is, the data plane, enabling communications systems such as switches, routers, and DSLAMs to have built-in security at a very low cost.
摘要翻译: 提供了一种基于流量模式异常检测的恶意软件检测和响应系统,从而针对每个方向对网元的每个端口上的各种协议相关的数据包进行了明确的计数。 这样的数据包包括:ARP请求,TCP / SYN请求和确认,TCP / RST数据包,DNS / NETBEUI名称查找,外出ICMP数据包,UDP数据包等。当数据包导致个人计数或计数组合超过 阈值,采取适当的行动。 该系统可以并入快速路径,即数据平面,使诸如交换机,路由器和DSLAM之类的通信系统以非常低的成本具有内置的安全性。
-
公开(公告)号:US20090013404A1
公开(公告)日:2009-01-08
申请号:US11822341
申请日:2007-07-05
CPC分类号: H04L63/1458 , H04L63/08
摘要: When the processing resources of a host system are occupied beyond a trigger point by incoming requests, that host system issues a cool-it message that is broadcast throughout the network, eventually reaching edge routers that, in response to the message, throttle the traffic that they pass into the network. The throttling is applied in increasing amounts with increasing traffic volumes received at the edge routers. The cool-it messages are authenticated to ensure that they are not being used as instruments of a DoS attack. This mechanism also works to control legitimate network congestion, and it does not block users from a host system that is under attack.
摘要翻译: 当主机系统的处理资源被传入请求占用超过触发点时,该主机系统发出在整个网络中广播的酷消息消息,最终到达边缘路由器,响应于该消息,节流了 他们进入网络。 在边缘路由器收到的流量增加的情况下,节流应用量越来越多。 酷消息被认证,以确保它们不被用作DoS攻击的工具。 这种机制也可以用来控制合法的网络拥塞,并且不会阻止受到受到攻击的主机系统的用户。
-
公开(公告)号:US20110197278A1
公开(公告)日:2011-08-11
申请号:US11656434
申请日:2007-01-23
申请人: Stanley TaiHai Chow , Jean-Marc Robert , Kevin McNamee , Douglas Wiemer , Bradley Kenneth McFarlane
发明人: Stanley TaiHai Chow , Jean-Marc Robert , Kevin McNamee , Douglas Wiemer , Bradley Kenneth McFarlane
IPC分类号: G06F21/20
CPC分类号: H04L63/1416 , H04L63/1458
摘要: A malware detection and response system based on traffic pattern anomalies detection is provided, whereby packets associated with a variety of protocols on each port of a network element are counted distinctly for each direction. Such packets include: ARP requests, TCP/SYN requests and acknowledgements, TCP/RST packets, DNS/NETBEUI name lookups, out-going ICMP packets, UDP packets, etc. When a packet causes an individual count or combination of counts to exceed a threshold, appropriate action is taken. The system can be incorporated into the fast path, that is, the data plane, enabling communications systems such as switches, routers, and DSLAMs to have built-in security at a very low cost.
摘要翻译: 提供了一种基于流量模式异常检测的恶意软件检测和响应系统,从而针对每个方向对网元的每个端口上的各种协议相关的数据包进行了明确的计数。 这样的数据包包括:ARP请求,TCP / SYN请求和确认,TCP / RST数据包,DNS / NETBEUI名称查找,外出ICMP数据包,UDP数据包等。当数据包导致个人计数或计数组合超过 阈值,采取适当的行动。 该系统可以并入快速路径,即数据平面,使诸如交换机,路由器和DSLAM之类的通信系统以非常低的成本具有内置的安全性。
-
公开(公告)号:US20080300834A1
公开(公告)日:2008-12-04
申请号:US11756970
申请日:2007-06-01
申请人: Douglas Wiemer , Mohammed Riyas Valiyapalathingal , Louie Kwan , Jennifer Li , Stanley TaiHai Chow
发明人: Douglas Wiemer , Mohammed Riyas Valiyapalathingal , Louie Kwan , Jennifer Li , Stanley TaiHai Chow
CPC分类号: G06F17/504
摘要: Graph-based modeling apparatus and techniques are disclosed. Based on a model including model nodes that represent components of a modeled system, operational dependencies between model nodes, and model edges that interconnect the nodes and represent relationships between the components in the modeled system, subset computations are performed to compute subsets of the model nodes that can impact operational dependencies between other model nodes. When the model changes, a determination is made as to whether an incremental subset computation should be performed for one or more particular operational dependencies between model nodes in the changed model, and if so, an incremental subset computation is performed. Otherwise, a full subset computation or no subset computation might be performed. In this manner, model changes are considered on a case-by-case basis to determine an extent, if any, to which subsets should be re-computed.
摘要翻译: 公开了基于图形的建模装置和技术。 基于模型,包括表示建模系统的组件的模型节点,模型节点之间的操作依赖性以及互连节点并且表示建模系统中的组件之间的关系的模型边缘,执行子集计算以计算模型节点的子集 这可能会影响其他模型节点之间的操作依赖关系。 当模型改变时,确定是否应该对改变的模型中的模型节点之间的一个或多个特定操作依赖性执行增量子集计算,如果是,则执行增量子集计算。 否则,可能会执行完整子集计算或无子集计算。 以这种方式,在逐个案例的基础上考虑模型更改,以确定应重新计算哪些子集的范围(如果有的话)。
-
公开(公告)号:US08544098B2
公开(公告)日:2013-09-24
申请号:US11366319
申请日:2006-03-02
IPC分类号: G08B23/00
CPC分类号: H04L63/1433 , G06F21/577
摘要: Security vulnerability information aggregation techniques are disclosed. Vulnerability information associated with one or more security vulnerabilities is obtained from multiple sources and aggregated into respective unified vulnerability definitions for the one or more security vulnerabilities. Aggregation may involve format conversion, content aggregation, or both in some embodiments. Unified vulnerability definitions may be distributed to vulnerability information consumers in accordance with consumer-specific policies. Storage of vulnerability information received from the sources may allow the aggregation process to be performed on existing vulnerability information “retro-actively”. Related data structures and Graphical User Interfaces (GUIs) are also disclosed.
摘要翻译: 公开了安全漏洞信息聚合技术。 与一个或多个安全漏洞相关联的漏洞信息是从多个来源获得的,并且被聚合到针对一个或多个安全漏洞的相应的统一漏洞定义中。 在一些实施例中,聚合可以涉及格式转换,内容聚合或两者。 可以根据消费者特定的策略将统一的漏洞定义分发给漏洞信息消费者。 从源接收到的漏洞信息的存储可能允许针对现有漏洞信息“复原”执行聚合过程。 还公开了相关数据结构和图形用户界面(GUI)。
-
公开(公告)号:US08438643B2
公开(公告)日:2013-05-07
申请号:US11366101
申请日:2006-03-02
IPC分类号: G06F21/00
CPC分类号: H04L63/1433 , G06F21/577
摘要: Information system service-level security risk analysis systems, methods, and Graphical User Interfaces are disclosed. Assets of an information system that have relationships with a service provided by the information system are identified, and at least one security risk to the service is determined by analyzing security vulnerabilities associated with the identified assets. A consolidated representation of the service is provided, and includes an indication of the determined security risk(s) and an indication of a relationship between the service and at least one of the identified assets. The security risk indication may include indications of multiple security parameters. Security risks may be represented differently depending on whether they arise from a security vulnerability of an asset that has a relationship with the service or a security vulnerability of an asset that has a relationship with the service only through a relationship with an asset that has a relationship with the service.
摘要翻译: 公开了信息系统服务级安全风险分析系统,方法和图形用户界面。 识别与由信息系统提供的服务有关系的信息系统的资产,并且通过分析与所识别的资产相关联的安全漏洞来确定对服务的至少一个安全风险。 提供了该服务的综合表示,并且包括确定的安全风险的指示以及该服务与至少一个所识别的资产之间的关系的指示。 安全风险指示可以包括多个安全参数的指示。 安全风险可能会有所不同,具体取决于它们是否来自与服务关系的资产的安全漏洞或与服务关系的资产的安全漏洞,只能通过与具有关系的资产的关系 与服务。
-
公开(公告)号:US08204720B2
公开(公告)日:2012-06-19
申请号:US11756970
申请日:2007-06-01
申请人: Douglas Wiemer , Mohammed Riyas Valiyapalathingal , Louie Kwan , Jennifer Li , Stanley TaiHai Chow
发明人: Douglas Wiemer , Mohammed Riyas Valiyapalathingal , Louie Kwan , Jennifer Li , Stanley TaiHai Chow
CPC分类号: G06F17/504
摘要: Graph-based modeling apparatus and techniques are disclosed. Based on a model including model nodes that represent components of a modeled system, operational dependencies between model nodes, and model edges that interconnect the nodes and represent relationships between the components in the modeled system, subset computations are performed to compute subsets of the model nodes that can impact operational dependencies between other model nodes. When the model changes, a determination is made as to whether an incremental subset computation should be performed for one or more particular operational dependencies between model nodes in the changed model, and if so, an incremental subset computation is performed. Otherwise, a full subset computation or no subset computation might be performed. In this manner, model changes are considered on a case-by-case basis to determine an extent, if any, to which subsets should be re-computed.
摘要翻译: 公开了基于图形的建模装置和技术。 基于模型,包括表示建模系统的组件的模型节点,模型节点之间的操作依赖性以及互连节点并且表示建模系统中的组件之间的关系的模型边缘,执行子集计算以计算模型节点的子集 这可能会影响其他模型节点之间的操作依赖关系。 当模型改变时,确定是否应该对改变的模型中的模型节点之间的一个或多个特定操作依赖性执行增量子集计算,如果是,则执行增量子集计算。 否则,可能会执行完整子集计算或无子集计算。 以这种方式,在逐个案例的基础上考虑模型更改,以确定应重新计算哪些子集的范围(如果有的话)。
-
8.发明申请公开(公告)号:US20080187119A1
公开(公告)日:2008-08-07
申请号:US11702555
申请日:2007-02-06
IPC分类号: H04M1/56
CPC分类号: H04L63/08 , H04M1/575 , H04M3/42042 , H04M3/51
摘要: Transparent caller name authentication is provided to authorized third parties by creating an Public Key Infrastructure (PKI) certificate chain. An owner of a registered caller name can authorize third parties to use the caller name by issuing a PKI sub-certificate to each authorized third party. An authenticated caller name displays the owner's name to the called party. Outsourcing and mobile employment is thereby facilitated, and called party confusion is reduced.
摘要翻译: 通过创建公钥基础设施(PKI)证书链,向授权的第三方提供透明的来电者姓名认证。 注册呼叫者姓名的所有者可以授权第三方通过向每个授权的第三方发布PKI子证书来使用呼叫者姓名。 经过身份验证的来电者姓名显示被叫方的所有者姓名。 外包和移动就业因此得到了促进,所谓的派对混淆减少了。
-
公开(公告)号:US07917957B2
公开(公告)日:2011-03-29
申请号:US11802965
申请日:2007-05-29
CPC分类号: H04L63/1416
摘要: Packets of a certain type from a certain source are directed to a system that estimates the set of destinations and the number of new destinations for which that source has sent packets during a time window Ti. Instead of maintaining tables with the complete destination addresses for each source, the destination addresses are hashed and stored in a small bit array. The sets of destinations for a number of successive time windows are OR'ed for building cumulative tables Ci, where Ci includes all destinations that have been seen between T0 and Ti. The new destinations are determined by counting the destinations set in Ti but not in Ci-1. Any change from the typical patterns can be suspected as being a slow scan.
摘要翻译: 来自某个来源的特定类型的分组被引导到估计在时间窗口Ti期间该源已经发送分组的目的地集合和新目的地的数量的系统。 不用维护具有每个源的完整目标地址的表,目标地址被散列并存储在一个小位数组中。 多个连续时间窗口的目的地集合用于构建累积表Ci,其中Ci包括在T0和Ti之间已经看到的所有目的地。 新目的地是通过计算Ti中设置的目的地而不是Ci-1来确定的。 任何从典型模式的变化都可以被怀疑是慢扫描。
-
公开(公告)号:US20090037973A1
公开(公告)日:2009-02-05
申请号:US11882514
申请日:2007-08-02
IPC分类号: G06F21/00
CPC分类号: G06F21/6263
摘要: A method of automatically aggregating an online user community, and graphical user interface for same, the method including one or more of the following: a user creating the online community; the user defining an aggregation policy for the online user community; a service provider retrieving the aggregation policy; the service provider applying the aggregation policy to an other user; determining whether the other user fits the aggregation policy; adding the other user to the online user community; the user defining an anti-aggregation policy; the service provider retrieving the anti-aggregation policy; determining whether the other user fits the anti-aggregation policy; and removing the other user from the online user community when the other user fits the anti-aggregation policy.
摘要翻译: 一种自动聚合在线用户社区的方法和用于相同的图形用户界面,该方法包括以下一个或多个:创建在线社区的用户; 用户为在线用户社区定义聚合策略; 检索聚合策略的服务提供者; 服务提供商将聚合策略应用于其他用户; 确定其他用户是否符合聚合策略; 将其他用户添加到在线用户社区; 用户定义反聚合策略; 服务提供商检索反聚合策略; 确定其他用户是否符合反聚合策略; 并且当其他用户适合反聚合策略时,从在线用户社区中删除其他用户。
-
-
-
-
-
-
-
-
-
搜索结果
16 条记录 (耗时 0.019 秒)
