-
公开(公告)号:US07917957B2
公开(公告)日:2011-03-29
申请号:US11802965
申请日:2007-05-29
CPC分类号: H04L63/1416
摘要: Packets of a certain type from a certain source are directed to a system that estimates the set of destinations and the number of new destinations for which that source has sent packets during a time window Ti. Instead of maintaining tables with the complete destination addresses for each source, the destination addresses are hashed and stored in a small bit array. The sets of destinations for a number of successive time windows are OR'ed for building cumulative tables Ci, where Ci includes all destinations that have been seen between T0 and Ti. The new destinations are determined by counting the destinations set in Ti but not in Ci-1. Any change from the typical patterns can be suspected as being a slow scan.
摘要翻译: 来自某个来源的特定类型的分组被引导到估计在时间窗口Ti期间该源已经发送分组的目的地集合和新目的地的数量的系统。 不用维护具有每个源的完整目标地址的表,目标地址被散列并存储在一个小位数组中。 多个连续时间窗口的目的地集合用于构建累积表Ci,其中Ci包括在T0和Ti之间已经看到的所有目的地。 新目的地是通过计算Ti中设置的目的地而不是Ci-1来确定的。 任何从典型模式的变化都可以被怀疑是慢扫描。
-
公开(公告)号:US20080301812A1
公开(公告)日:2008-12-04
申请号:US11802965
申请日:2007-05-29
IPC分类号: G06F12/14
CPC分类号: H04L63/1416
摘要: Packets of a certain type from a certain source are directed to a system that estimates the set of destinations and the number of new destinations for which that source has sent packets during a time window Ti. Instead of maintaining tables with the complete destination addresses for each source, the destination addresses are hashed and stored in a small bit array. The sets of destinations for a number of successive time windows are OR'ed for building cumulative tables Ci, where Ci includes all destinations that have been seen between T0 and Ti. The new destinations are determined by counting the destinations set in Ti but not in Ci-1. Any change from the typical patterns can be suspected as being a slow scan.
摘要翻译: 来自某个来源的特定类型的分组被引导到估计在时间窗口Ti期间该源已经发送分组的目的地集合和新目的地的数量的系统。 不用维护具有每个源的完整目标地址的表,目标地址被散列并存储在一个小位数组中。 多个连续时间窗口的目的地集合用于构建累积表Ci,其中Ci包括在T0和Ti之间已经看到的所有目的地。 新目的地是通过计算Ti中设置的目的地而不是Ci-1来确定的。 任何从典型模式的变化都可以被怀疑是慢扫描。
-
公开(公告)号:US08095981B2
公开(公告)日:2012-01-10
申请号:US11785655
申请日:2007-04-19
IPC分类号: G06F21/00
CPC分类号: F16B31/021 , F16B39/12 , F16B39/28 , H04L41/142 , H04L63/1425
摘要: The invention detects stealth worm propagation by comparing the repeat elements in sets of destinations of a source in multiple time windows to a fitted distribution of same, stored as a benchmark plot. Measurements are performed over N time windows, wherein a representation of the set of destinations to which a respective source has sent packets is determined for each source, in each time window. The counting is performed using a hash table. Once N such sets of destinations have been obtained, the number Xk of destinations that are common to N, N−1, N−2, . . . , 2, 1 windows is determined. Thus Xk is the number of destinations that a particular source sent packets to in k time windows. Xk is then compared to the corresponding value on the plot; anomalies indicate an attack from the respective source.
摘要翻译: 本发明通过将多个时间窗口中的源的目的地集合中的重复元素与其相同的拟合分布相比较来检测隐身蠕虫传播,作为基准图存储。 在N个时间窗口中执行测量,其中在每个时间窗口中为每个源确定相应源已发送分组的目的地集合的表示。 使用哈希表执行计数。 一旦获得N个这样的目的地集合,N,N-1,N-2,N-1共同的目的地的数量Xk。 。 。 ,确定2个窗口。 因此,Xk是特定源在k个时间窗口中发送数据包的目的地的数量。 然后将Xk与图上的相应值进行比较; 异常表明来自各个来源的攻击。
-
公开(公告)号:US20080300834A1
公开(公告)日:2008-12-04
申请号:US11756970
申请日:2007-06-01
申请人: Douglas Wiemer , Mohammed Riyas Valiyapalathingal , Louie Kwan , Jennifer Li , Stanley TaiHai Chow
发明人: Douglas Wiemer , Mohammed Riyas Valiyapalathingal , Louie Kwan , Jennifer Li , Stanley TaiHai Chow
CPC分类号: G06F17/504
摘要: Graph-based modeling apparatus and techniques are disclosed. Based on a model including model nodes that represent components of a modeled system, operational dependencies between model nodes, and model edges that interconnect the nodes and represent relationships between the components in the modeled system, subset computations are performed to compute subsets of the model nodes that can impact operational dependencies between other model nodes. When the model changes, a determination is made as to whether an incremental subset computation should be performed for one or more particular operational dependencies between model nodes in the changed model, and if so, an incremental subset computation is performed. Otherwise, a full subset computation or no subset computation might be performed. In this manner, model changes are considered on a case-by-case basis to determine an extent, if any, to which subsets should be re-computed.
摘要翻译: 公开了基于图形的建模装置和技术。 基于模型,包括表示建模系统的组件的模型节点,模型节点之间的操作依赖性以及互连节点并且表示建模系统中的组件之间的关系的模型边缘,执行子集计算以计算模型节点的子集 这可能会影响其他模型节点之间的操作依赖关系。 当模型改变时,确定是否应该对改变的模型中的模型节点之间的一个或多个特定操作依赖性执行增量子集计算,如果是,则执行增量子集计算。 否则,可能会执行完整子集计算或无子集计算。 以这种方式,在逐个案例的基础上考虑模型更改,以确定应重新计算哪些子集的范围(如果有的话)。
-
5.发明申请公开(公告)号:US20080187119A1
公开(公告)日:2008-08-07
申请号:US11702555
申请日:2007-02-06
IPC分类号: H04M1/56
CPC分类号: H04L63/08 , H04M1/575 , H04M3/42042 , H04M3/51
摘要: Transparent caller name authentication is provided to authorized third parties by creating an Public Key Infrastructure (PKI) certificate chain. An owner of a registered caller name can authorize third parties to use the caller name by issuing a PKI sub-certificate to each authorized third party. An authenticated caller name displays the owner's name to the called party. Outsourcing and mobile employment is thereby facilitated, and called party confusion is reduced.
摘要翻译: 通过创建公钥基础设施(PKI)证书链,向授权的第三方提供透明的来电者姓名认证。 注册呼叫者姓名的所有者可以授权第三方通过向每个授权的第三方发布PKI子证书来使用呼叫者姓名。 经过身份验证的来电者姓名显示被叫方的所有者姓名。 外包和移动就业因此得到了促进,所谓的派对混淆减少了。
-
公开(公告)号:US20110197278A1
公开(公告)日:2011-08-11
申请号:US11656434
申请日:2007-01-23
申请人: Stanley TaiHai Chow , Jean-Marc Robert , Kevin McNamee , Douglas Wiemer , Bradley Kenneth McFarlane
发明人: Stanley TaiHai Chow , Jean-Marc Robert , Kevin McNamee , Douglas Wiemer , Bradley Kenneth McFarlane
IPC分类号: G06F21/20
CPC分类号: H04L63/1416 , H04L63/1458
摘要: A malware detection and response system based on traffic pattern anomalies detection is provided, whereby packets associated with a variety of protocols on each port of a network element are counted distinctly for each direction. Such packets include: ARP requests, TCP/SYN requests and acknowledgements, TCP/RST packets, DNS/NETBEUI name lookups, out-going ICMP packets, UDP packets, etc. When a packet causes an individual count or combination of counts to exceed a threshold, appropriate action is taken. The system can be incorporated into the fast path, that is, the data plane, enabling communications systems such as switches, routers, and DSLAMs to have built-in security at a very low cost.
摘要翻译: 提供了一种基于流量模式异常检测的恶意软件检测和响应系统,从而针对每个方向对网元的每个端口上的各种协议相关的数据包进行了明确的计数。 这样的数据包包括:ARP请求,TCP / SYN请求和确认,TCP / RST数据包,DNS / NETBEUI名称查找,外出ICMP数据包,UDP数据包等。当数据包导致个人计数或计数组合超过 阈值,采取适当的行动。 该系统可以并入快速路径,即数据平面,使诸如交换机,路由器和DSLAM之类的通信系统以非常低的成本具有内置的安全性。
-
公开(公告)号:US20090037973A1
公开(公告)日:2009-02-05
申请号:US11882514
申请日:2007-08-02
IPC分类号: G06F21/00
CPC分类号: G06F21/6263
摘要: A method of automatically aggregating an online user community, and graphical user interface for same, the method including one or more of the following: a user creating the online community; the user defining an aggregation policy for the online user community; a service provider retrieving the aggregation policy; the service provider applying the aggregation policy to an other user; determining whether the other user fits the aggregation policy; adding the other user to the online user community; the user defining an anti-aggregation policy; the service provider retrieving the anti-aggregation policy; determining whether the other user fits the anti-aggregation policy; and removing the other user from the online user community when the other user fits the anti-aggregation policy.
摘要翻译: 一种自动聚合在线用户社区的方法和用于相同的图形用户界面,该方法包括以下一个或多个:创建在线社区的用户; 用户为在线用户社区定义聚合策略; 检索聚合策略的服务提供者; 服务提供商将聚合策略应用于其他用户; 确定其他用户是否符合聚合策略; 将其他用户添加到在线用户社区; 用户定义反聚合策略; 服务提供商检索反聚合策略; 确定其他用户是否符合反聚合策略; 并且当其他用户适合反聚合策略时,从在线用户社区中删除其他用户。
-
8.发明授权公开(公告)号:US08280020B2
公开(公告)日:2012-10-02
申请号:US11702555
申请日:2007-02-06
CPC分类号: H04L63/08 , H04M1/575 , H04M3/42042 , H04M3/51
摘要: Transparent caller name authentication is provided to authorized third parties by creating an Public Key Infrastructure (PKI) certificate chain. An owner of a registered caller name can authorize third parties to use the caller name by issuing a PKI sub-certificate to each authorized third party. An authenticated caller name displays the owner's name to the called party. Outsourcing and mobile employment is thereby facilitated, and called party confusion is reduced.
摘要翻译: 通过创建公钥基础设施(PKI)证书链,向授权的第三方提供透明的来电者姓名认证。 注册呼叫者姓名的所有者可以授权第三方通过向每个授权的第三方发布PKI子证书来使用呼叫者姓名。 经过身份验证的来电者姓名显示被叫方的所有者姓名。 外包和移动就业因此得到了促进,所谓的派对混淆减少了。
-
公开(公告)号:US08266671B2
公开(公告)日:2012-09-11
申请号:US11882514
申请日:2007-08-02
IPC分类号: G06F21/00
CPC分类号: G06F21/6263
摘要: A method of automatically aggregating an online user community, and graphical user interface for same, the method including one or more of the following: a user creating the online community; the user defining an aggregation policy for the online user community; a service provider retrieving the aggregation policy; the service provider applying the aggregation policy to an other user; determining whether the other user fits the aggregation policy; adding the other user to the online user community; the user defining an anti-aggregation policy; the service provider retrieving the anti-aggregation policy; determining whether the other user fits the anti-aggregation policy; and removing the other user from the online user community when the other user fits the anti-aggregation policy.
摘要翻译: 一种自动聚合在线用户社区的方法和用于相同的图形用户界面,该方法包括以下一个或多个:创建在线社区的用户; 用户为在线用户社区定义聚合策略; 检索聚合策略的服务提供者; 服务提供商将聚合策略应用于其他用户; 确定其他用户是否符合聚合策略; 将其他用户添加到在线用户社区; 用户定义反聚合策略; 服务提供商检索反聚合策略; 确定其他用户是否符合反聚合策略; 并且当其他用户适合反聚合策略时,从在线用户社区中删除其他用户。
-
公开(公告)号:US08020207B2
公开(公告)日:2011-09-13
申请号:US11656434
申请日:2007-01-23
申请人: Stanley TaiHai Chow , Jean-Marc Robert , Kevin McNamee , Douglas Wiemer , Bradley Kenneth McFarlane
发明人: Stanley TaiHai Chow , Jean-Marc Robert , Kevin McNamee , Douglas Wiemer , Bradley Kenneth McFarlane
IPC分类号: G06F12/14
CPC分类号: H04L63/1416 , H04L63/1458
摘要: A malware detection and response system based on traffic pattern anomalies detection is provided, whereby packets associated with a variety of protocols on each port of a network element are counted distinctly for each direction. Such packets include: ARP requests, TCP/SYN requests and acknowledgements, TCP/RST packets, DNS/NETBEUI name lookups, out-going ICMP packets, UDP packets, etc. When a packet causes an individual count or combination of counts to exceed a threshold, appropriate action is taken. The system can be incorporated into the fast path, that is, the data plane, enabling communications systems such as switches, routers, and DSLAMs to have built-in security at a very low cost.
摘要翻译: 提供了一种基于流量模式异常检测的恶意软件检测和响应系统,从而针对每个方向对网元的每个端口上的各种协议相关的数据包进行了明确的计数。 这样的数据包包括:ARP请求,TCP / SYN请求和确认,TCP / RST数据包,DNS / NETBEUI名称查找,外出ICMP数据包,UDP数据包等。当数据包导致个人计数或计数组合超过 阈值,采取适当的行动。 该系统可以并入快速路径,即数据平面,使诸如交换机,路由器和DSLAM之类的通信系统以非常低的成本具有内置的安全性。
-
-
-
-
-
-
-
-
-
搜索结果
16 条记录 (耗时 0.019 秒)
