公开(公告)号：US08311956B2

公开(公告)日：2012-11-13

申请号：US12539430

申请日：2009-08-11

申请人： Subhabrata Sen ,  Nicholas Duffield ,  Patrick Haffner ,  Jeffrey Erman ,  Yu Jin

发明人： Subhabrata Sen ,  Nicholas Duffield ,  Patrick Haffner ,  Jeffrey Erman ,  Yu Jin

IPC分类号： G06F15/18

CPC分类号： G06N99/005

摘要： A traffic classifier has a plurality of binary classifiers, each associated with one of a plurality of calibrators. Each calibrator trained to translate an output score of the associated binary classifier into an estimated class probability value using a fitted logistic curve, each estimated class probability value indicating a probability that the packet flow on which the output score is based belongs to the traffic class associated with the binary classifier associated with the calibrator. The classifier training system configured to generate a training data based on network information gained using flow and packet sampling methods. In some embodiments, the classifier training system configured to generate reduced training data sets, one for each traffic class, reducing the training data related to traffic not associated with the traffic class.

摘要翻译： 流量分类器具有多个二进制分类器，每个二进制分类器与多个校准器之一相关联。 每个校准器被训练成使用拟合的逻辑曲线将相关联的二进制分类器的输出得分转换成估计的类概率值，每个估计的类概率值指示输出得分所基于的分组流的概率属于相关联的流量类别 与校准器相关联的二进制分类器。 分类器训练系统被配置为基于使用流和分组采样方法获得的网络信息生成训练数据。 在一些实施例中，分类器训练系统被配置为生成减少的训练数据集，每个业务类别一个，减少与业务类别不相关的业务相关的训练数据。

公开(公告)号：US20130013542A1

公开(公告)日：2013-01-10

申请号：US13620668

申请日：2012-09-14

申请人： SUBHABRATA SEN ,  Nicholas duffield ,  Patrick Haffner ,  Jeffrey Erman ,  Yu Jin

发明人： SUBHABRATA SEN ,  Nicholas duffield ,  Patrick Haffner ,  Jeffrey Erman ,  Yu Jin

IPC分类号： G06F15/18 ,  G06N5/02

CPC分类号： G06N99/005

摘要： A traffic classifier has a plurality of binary classifiers, each associated with one of a plurality of calibrators. Each calibrator trained to translate an output score of the associated binary classifier into an estimated class probability value using a fitted logistic curve, each estimated class probability value indicating a probability that the packet flow on which the output score is based belongs to the traffic class associated with the binary classifier associated with the calibrator. The classifier training system configured to generate a training data based on network information gained using flow and packet sampling methods. In some embodiments, the classifier training system configured to generate reduced training data sets, one for each traffic class, reducing the training data related to traffic not associated with the traffic class.

摘要翻译： 流量分类器具有多个二进制分类器，每个二进制分类器与多个校准器之一相关联。 每个校准器被训练成使用拟合的逻辑曲线将相关联的二进制分类器的输出得分转换成估计的类概率值，每个估计的类概率值指示输出得分所基于的分组流的概率属于相关联的流量类别 与校准器相关联的二进制分类器。 分类器训练系统被配置为基于使用流和分组采样方法获得的网络信息生成训练数据。 在一些实施例中，分类器训练系统被配置为生成减少的训练数据集，每个业务类别一个，减少与业务类别不相关的业务相关的训练数据。

公开(公告)号：US09349102B2

公开(公告)日：2016-05-24

申请号：US13620668

申请日：2012-09-14

申请人： Subhabrata Sen ,  Nicholas Duffield ,  Patrick Haffner ,  Jeffrey Erman ,  Yu Jin

发明人： Subhabrata Sen ,  Nicholas Duffield ,  Patrick Haffner ,  Jeffrey Erman ,  Yu Jin

IPC分类号： G06N99/00

CPC分类号： G06N99/005

摘要： A traffic classifier has a plurality of binary classifiers, each associated with one of a plurality of calibrators. Each calibrator trained to translate an output score of the associated binary classifier into an estimated class probability value using a fitted logistic curve, each estimated class probability value indicating a probability that the packet flow on which the output score is based belongs to the traffic class associated with the binary classifier associated with the calibrator. The classifier training system configured to generate a training data based on network information gained using flow and packet sampling methods. In some embodiments, the classifier training system configured to generate reduced training data sets, one for each traffic class, reducing the training data related to traffic not associated with the traffic class.

摘要翻译： 流量分类器具有多个二进制分类器，每个二进制分类器与多个校准器之一相关联。 每个校准器被训练成使用拟合的逻辑曲线将相关联的二进制分类器的输出得分转换成估计的类概率值，每个估计的类概率值指示输出得分所基于的分组流的概率属于相关联的流量类别 与校准器相关联的二进制分类器。 分类器训练系统被配置为基于使用流和分组采样方法获得的网络信息生成训练数据。 在一些实施例中，分类器训练系统被配置为生成减少的训练数据集，每个业务类别一个，减少与业务类别不相关的业务相关的训练数据。

公开(公告)号：US20110040706A1

公开(公告)日：2011-02-17

申请号：US12539430

申请日：2009-08-11

申请人： Subhabrata Sen ,  Nicholas Duffield ,  Patrick Haffner ,  Jeffrey Erman ,  Yu Jin

发明人： Subhabrata Sen ,  Nicholas Duffield ,  Patrick Haffner ,  Jeffrey Erman ,  Yu Jin

IPC分类号： G06F15/18 ,  G06N5/02

CPC分类号： G06N99/005

摘要： A traffic classifier has a plurality of binary classifiers, each associated with one of a plurality of calibrators. Each calibrator trained to translate an output score of the associated binary classifier into an estimated class probability value using a fitted logistic curve, each estimated class probability value indicating a probability that the packet flow on which the output score is based belongs to the traffic class associated with the binary classifier associated with the calibrator. The classifier training system configured to generate a training data based on network information gained using flow and packet sampling methods. In some embodiments, the classifier training system configured to generate reduced training data sets, one for each traffic class, reducing the training data related to traffic not associated with the traffic class.

摘要翻译： 流量分类器具有多个二进制分类器，每个二进制分类器与多个校准器之一相关联。 每个校准器被训练成使用拟合的逻辑曲线将相关联的二进制分类器的输出得分转换成估计的类概率值，每个估计的类概率值指示输出得分所基于的分组流的概率属于相关联的流量类别 与校准器相关联的二进制分类器。 分类器训练系统被配置为基于使用流和分组采样方法获得的网络信息生成训练数据。 在一些实施例中，分类器训练系统被配置为生成减少的训练数据集，每个业务类别一个，减少与业务类别不相关的业务相关的训练数据。

公开(公告)号：US08935188B2

公开(公告)日：2015-01-13

申请号：US12858303

申请日：2010-08-17

申请人： Nicholas Duffield ,  Patrick Haffner ,  Yu Jin ,  Subhabrata Sen ,  Zhi-Li Zhang

发明人： Nicholas Duffield ,  Patrick Haffner ,  Yu Jin ,  Subhabrata Sen ,  Zhi-Li Zhang

IPC分类号： G06F15/18 ,  G06F15/173 ,  H04L12/26 ,  H04L29/08

CPC分类号： H04L43/045 ,  H04L43/026 ,  H04L67/22

摘要： In one embodiment, the present disclosure is a method and apparatus for classifying applications using the collective properties of network traffic. In one embodiment, a method for classifying traffic in a communication network includes receiving a traffic activity graph, the traffic activity graph comprising a plurality of nodes interconnected by a plurality of edges, where each of the nodes represents an endpoint associated with the communication network and each of the edges represents traffic between a corresponding pair of the nodes, generating an initial set of inferences as to an application class associated with each of the edges, based on at least one measured statistic related to at least one traffic flow in the communication network, and refining the initial set of inferences based on a spatial distribution of the traffic flows, to produce a final traffic activity graph.

摘要翻译： 在一个实施例中，本公开是用于使用网络业务的集合属性对应用进行分类的方法和装置。 在一个实施例中，用于对通信网络中的业务进行分类的方法包括接收业务活动图，所述业务活动图包括由多个边缘互连的多个节点，其中每个节点表示与所述通信网络相关联的端点， 每个边缘表示对应的一对节点之间的流量，基于与通信网络中的至少一个业务流相关的至少一个测量的统计量，生成关于与每个边缘相关联的应用类别的初始推断集合 ，并且基于业务流的空间分布来优化初始推理集合，以产生最终业务活动图。

公开(公告)号：US20120047096A1

公开(公告)日：2012-02-23

申请号：US12858303

申请日：2010-08-17

申请人： Nicholas Duffield ,  Patrick Haffner ,  Yu Jin ,  Subhabrata Sen ,  Zhi-Li Zhang

发明人： Nicholas Duffield ,  Patrick Haffner ,  Yu Jin ,  Subhabrata Sen ,  Zhi-Li Zhang

IPC分类号： G06F15/18 ,  G06N3/08

CPC分类号： H04L43/045 ,  H04L43/026 ,  H04L67/22

摘要： In one embodiment, the present disclosure is a method and apparatus for classifying applications using the collective properties of network traffic. In one embodiment, a method for classifying traffic in a communication network includes receiving a traffic activity graph, the traffic activity graph comprising a plurality of nodes interconnected by a plurality of edges, where each of the nodes represents an endpoint associated with the communication network and each of the edges represents traffic between a corresponding pair of the nodes, generating an initial set of inferences as to an application class associated with each of the edges, based on at least one measured statistic related to at least one traffic flow in the communication network, and refining the initial set of inferences based on a spatial distribution of the traffic flows, to produce a final traffic activity graph.

摘要翻译： 在一个实施例中，本公开是用于使用网络业务的集合属性对应用进行分类的方法和装置。 在一个实施例中，用于对通信网络中的业务进行分类的方法包括接收业务活动图，所述业务活动图包括由多个边缘互连的多个节点，其中每个节点表示与所述通信网络相关联的端点， 每个边缘表示对应的一对节点之间的流量，基于与通信网络中的至少一个业务流相关的至少一个测量的统计量，生成关于与每个边缘相关联的应用类别的初始推断集合 ，并且基于业务流的空间分布来优化初始推理集合，以产生最终业务活动图。

公开(公告)号：US08880614B1

公开(公告)日：2014-11-04

申请号：US11598582

申请日：2006-11-13

申请人： Albert G. Greenberg ,  Patrick Haffner ,  Subhabrata Sen ,  Oliver Spatscheck

发明人： Albert G. Greenberg ,  Patrick Haffner ,  Subhabrata Sen ,  Oliver Spatscheck

IPC分类号： H04L12/58

CPC分类号： H04L51/12

摘要： A method and apparatus for providing protection for mail servers in networks such as the packet networks are disclosed. For example, the present method detects a mail server is reaching its processing limit. The method then selectively limits connections to the mail server from a plurality of source nodes based on a spam index associated with each of the source nodes.

摘要翻译： 公开了一种在诸如分组网络的网络中为邮件服务器提供保护的方法和装置。 例如，本方法检测到邮件服务器正在达到其处理限制。 该方法然后基于与每个源节点相关联的垃圾邮件索引来选择性地限制来自多个源节点的到邮件服务器的连接。

公开(公告)号：US20090113016A1

公开(公告)日：2009-04-30

申请号：US11977243

申请日：2007-10-24

申请人： Subhabrata Sen ,  Patrick Haffner ,  Oliver Spatscheck ,  Shobha Venkataraman

发明人： Subhabrata Sen ,  Patrick Haffner ,  Oliver Spatscheck ,  Shobha Venkataraman

IPC分类号： G06F15/16

CPC分类号： G06Q10/107 ,  H04L51/00 ,  H04L51/12

摘要： Disclosed are email server management methods and systems that protect the ability of the infrastructure of the email server to process legitimate emails in the presence of large spam volumes. During a period of server overload, priority classes of emails are identified, and emails are processed according to priority. In a typical embodiment, the server sends emails sequentially in a queue, and the queue has a limited capacity. When the server nears or reaches that capacity, the emails in the queue are analyzed to identify priority emails, and the priority emails are moved to the head of the queue.

摘要翻译： 公开了电子邮件服务器管理方法和系统，其保护电子邮件服务器的基础设施在存在大型垃圾邮件卷的情况下处理合法电子邮件的能力。 在服务器过载期间，确定优先级别的电子邮件，并根据优先级处理电子邮件。 在典型的实施例中，服务器在队列中顺序发送电子邮件，队列的容量有限。 当服务器接近或达到该容量时，将分析队列中的电子邮件以识别优先级电子邮件，并将优先级电子邮件移动到队列的头部。

公开(公告)号：US20060239219A1

公开(公告)日：2006-10-26

申请号：US11321054

申请日：2005-12-30

申请人： Patrick Haffner ,  Subhabrata Sen ,  Oliver Spatscheck ,  Dongmei Wang

发明人： Patrick Haffner ,  Subhabrata Sen ,  Oliver Spatscheck ,  Dongmei Wang

IPC分类号： H04B7/212

CPC分类号： H04L41/142 ,  H04L43/028 ,  H04L43/0823 ,  H04L63/0227

摘要： A method for identifying traffic to an application including the steps of monitoring communication traffic in a network, identifying data from communication traffic content, and constructing a model for mapping the communication traffic for an application derived from data identified from the communication traffic content is described. A related system and computer readable medium for performing the method is also described. The described method and system has utility in a wide array of networks including IP networks.

摘要翻译： 一种用于识别对应用的业务的方法，包括以下步骤：监视网络中的通信业务，从通信业务内容识别数据，以及构建用于映射从通信业务内容识别的数据导出的应用的通信业务的模型。 还描述了用于执行该方法的相关系统和计算机可读介质。 所描述的方法和系统在包括IP网络的广泛网络中具有实用性。

公开(公告)号：US09258217B2

公开(公告)日：2016-02-09

申请号：US12568044

申请日：2009-09-28

申请人： Nicholas Duffield ,  Patrick Haffner ,  Balachander Krishnamurthy ,  Haakon Andreas Ringberg

发明人： Nicholas Duffield ,  Patrick Haffner ,  Balachander Krishnamurthy ,  Haakon Andreas Ringberg

IPC分类号： H04L12/721 ,  H04L12/26 ,  G06F21/55 ,  H04L12/703 ,  H04L12/801 ,  H04L12/851 ,  H04L29/06 ,  H04L12/24

CPC分类号： H04L63/20 ,  G06F21/552 ,  G06N5/025 ,  H04L41/00 ,  H04L41/0604 ,  H04L41/16 ,  H04L43/026 ,  H04L43/028 ,  H04L43/16 ,  H04L45/28 ,  H04L45/38 ,  H04L47/10 ,  H04L47/24 ,  H04L63/14 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/30

摘要： A system to detect anomalies in internet protocol (IP) flows uses a set of machine-learning (ML) rules that can be applied in real time at the IP flow level. A communication network has a large number of routers that can be equipped with flow monitoring capability. A flow collector collects flow data from the routers throughout the communication network and provides them to a flow classifier. At the same time, a limited number of locations in the network monitor data packets and generate alerts based on packet data properties. The packet alerts and the flow data are provided to a machine learning system that detects correlations between the packet-based alerts and the flow data to thereby generate a series of flow-level alerts. These rules are provided to the flow time classifier. Over time, the new packet alerts and flow data are used to provide updated rules generated by the machine learning system.

摘要翻译： 检测互联网协议（IP）流中的异常的系统使用一组机器学习（ML）规则，可以在IP流级别实时应用。 通信网络具有大量可配备流量监控功能的路由器。 集流器在通信网络中收集来自路由器的流数据，并将其提供给流分类器。 同时，网络中有限数量的位置监视数据包，并根据数据包数据属性生成警报。 分组警报和流数据被提供给机器学习系统，其检测基于分组的警报和流数据之间的相关性，从而生成一系列流级别警报。 这些规则提供给流时间分类器。 随着时间的推移，新的数据包警报和流数据用于提供机器学习系统生成的更新规则。