-
公开(公告)号:US20100054481A1
公开(公告)日:2010-03-04
申请号:US12548975
申请日:2009-08-27
申请人: Sushil Jajodia , Witold Litwin , Thomas Schwarz
发明人: Sushil Jajodia , Witold Litwin , Thomas Schwarz
CPC分类号: H04L9/085 , H04L9/0897
摘要: Embodiments of the present invention store application data and associated encryption key(s) on at least k+1 remote servers using LH* addressing. At least k+1 buckets are created on separate remote servers. At least k+1 key shares are generated for each of at least one encryption key. Each encryption key has a unique key number. Each key share is stored in a different key share record. Each of the key share records is stored in a different bucket using LH* addressing. Encrypted application data is generated by encrypting the application data with the encryption key(s). The encrypted application data is stored in encrypted data record(s). Each of the encrypted data records is stored in a different bucket among the buckets using LH* addressing.
摘要翻译: 本发明的实施例使用LH *寻址在至少k + 1个远程服务器上存储应用数据和相关联的加密密钥。 在单独的远程服务器上至少创建k + 1个桶。 为至少一个加密密钥中的每一个产生至少k + 1个密钥份额。 每个加密密钥都有唯一的密钥号码。 每个密钥共享存储在不同的密钥共享记录中。 每个密钥共享记录使用LH *寻址存储在不同的存储桶中。 通过使用加密密钥加密应用数据来生成加密的应用数据。 加密的应用数据被存储在加密的数据记录中。 使用LH *寻址将每个加密的数据记录存储在桶中的不同桶中。
-
公开(公告)号:US08719943B2
公开(公告)日:2014-05-06
申请号:US13466706
申请日:2012-05-08
申请人: Steven E Noel , Sushil Jajodia , Eric B Robertson
发明人: Steven E Noel , Sushil Jajodia , Eric B Robertson
IPC分类号: H04L29/06
CPC分类号: H04L41/12 , H04L63/1425
摘要: Disclosed is a system for correlating intrusion events using attack graph distances. The system includes an attack graph generator, an exploit distance calculator, an intrusion detector, an event report/exploit associator, an event graph creator, an event graph distance calculator, a correlation value calculator, and a coordinated attack analyzer. An attack graph is constructed for exploits and conditions in a network. The exploit distance calculator determines exploit distances for exploit pair(s). The intrusion detector generates event. Events are associated with exploits. Event graph distances are calculated. Correlation values are calculated for event pair(s) using event graph distances. The correlation values are analyzed using a correlation threshold to detect coordinated attacks.
摘要翻译: 公开了一种使用攻击图距离来相关入侵事件的系统。 该系统包括攻击图生成器,利用距离计算器,入侵检测器,事件报告/利用关联器,事件图形创建器,事件图距离计算器,相关值计算器和协调攻击分析器。 为网络中的利用和条件构建攻击图。 利用距离计算器确定漏洞利用距离。 入侵检测器生成事件。 事件与漏洞相关联。 计算事件图距离。 使用事件图距离计算事件对的相关值。 使用相关阈值分析相关值以检测协调的攻击。
-
公开(公告)号:US20100192226A1
公开(公告)日:2010-07-29
申请号:US12758135
申请日:2010-04-12
IPC分类号: G06F11/00
CPC分类号: H04L41/12 , H04L63/1425
摘要: Disclosed is a system for correlating intrusion events using attack graph distances. The system includes an attack graph generator, an exploit distance calculator, an intrusion detector, an event report/exploit associator, an event graph creator, an event graph distance calculator, a correlation value calculator, and a coordinated attack analyzer. An attack graph is constructed for exploits and conditions in a network. The exploit distance calculator determines exploit distances for exploit pair(s). The intrusion detector generates event. Events are associated with exploits. Event graph distances are calculated. Correlation values are calculated for event pair(s) using event graph distances. The correlation values are analyzed using a correlation threshold to detect coordinated attacks.
摘要翻译: 公开了一种使用攻击图距离来相关入侵事件的系统。 该系统包括攻击图生成器,利用距离计算器,入侵检测器,事件报告/利用关联器,事件图形创建器,事件图距离计算器,相关值计算器和协调攻击分析器。 为网络中的利用和条件构建攻击图。 利用距离计算器确定漏洞利用距离。 入侵检测器生成事件。 事件与漏洞相关联。 计算事件图距离。 使用事件图距离计算事件对的相关值。 使用相关阈值分析相关值以检测协调的攻击。
-
公开(公告)号:US07627900B1
公开(公告)日:2009-12-01
申请号:US11371930
申请日:2006-03-10
申请人: Steven E. Noel , Sushil Jajodia
发明人: Steven E. Noel , Sushil Jajodia
CPC分类号: H04L41/12 , H04L63/1425
摘要: Disclosed is framework for aggregating network attack graphs. A network may be represented as a dependency graph. Condition set(s), exploit set(s) and machine set(s) may be generated using information from the dependency graph. Exploit-condition set(s) may be generated using the condition set(s) and the exploit set(s). Machine-exploit set(s) may be generated using the exploit-condition set(s) and machine set(s).
摘要翻译: 披露了用于聚合网络攻击图的框架。 网络可以表示为依赖图。 可以使用来自依赖图的信息来生成条件集合,利用集合和机器集合。 可以使用条件集和漏洞集来生成漏洞利用条件集。 可以使用漏洞利用条件集和机器集来生成机器漏洞集。
-
公开(公告)号:US08566269B2
公开(公告)日:2013-10-22
申请号:US11831914
申请日:2007-07-31
申请人: Sushil Jajodia , Lingyu Wang , Anoop Singhal
发明人: Sushil Jajodia , Lingyu Wang , Anoop Singhal
IPC分类号: G06F21/06 , G06F19/28 , G06F15/163
CPC分类号: H04L63/1441
摘要: An attack graph analysis tool that includes a network configuration information input module, a domain knowledge input module, a network configuration information storage module, a domain knowledge storage module, and a result generation module. The network configuration information input module inputs network configuration information. The domain knowledge input module inputs domain knowledge for the network. The network configuration information storage module stores network configuration information in a network database table. The domain knowledge storage module stores the domain knowledge in an exploit database table. The result generation module generates a result using the network database table and exploit database table. The result may be generated in response to a query to a database management system that has access to the network database table and exploit database table. The network may be reconfigured to decrease the likelihood of future attacks using the attack information learned from the result.
摘要翻译: 一种攻击图分析工具,包括网络配置信息输入模块,域知识输入模块,网络配置信息存储模块,域知识存储模块和结果生成模块。 网络配置信息输入模块输入网络配置信息。 域知识输入模块为网络输入域知识。 网络配置信息存储模块将网络配置信息存储在网络数据库表中。 领域知识存储模块将领域知识存储在漏洞利用数据库表中。 结果生成模块使用网络数据库表生成结果并利用数据库表。 响应于对具有访问网络数据库表并利用数据库表的数据库管理系统的查询,可以生成结果。 可以重新配置网络,以使用从结果中学习的攻击信息来减少未来攻击的可能性。
-
公开(公告)号:US08181252B2
公开(公告)日:2012-05-15
申请号:US12758135
申请日:2010-04-12
申请人: Sushil Jajodia , Steven E Noel , Eric B Robertson
发明人: Sushil Jajodia , Steven E Noel , Eric B Robertson
IPC分类号: H04L29/06
CPC分类号: H04L41/12 , H04L63/1425
摘要: Disclosed is a system for correlating intrusion events using attack graph distances. The system includes an attack graph generator, an exploit distance calculator, an intrusion detector, an event report/exploit associator, an event graph creator, an event graph distance calculator, a correlation value calculator, and a coordinated attack analyzer. An attack graph is constructed for exploits and conditions in a network. The exploit distance calculator determines exploit distances for exploit pair(s). The intrusion detector generates event. Events are associated with exploits. Event graph distances are calculated. Correlation values are calculated for event pair(s) using event graph distances. The correlation values are analyzed using a correlation threshold to detect coordinated attacks.
摘要翻译: 公开了一种使用攻击图距离来相关入侵事件的系统。 该系统包括攻击图生成器,利用距离计算器,入侵检测器,事件报告/利用关联器,事件图形创建器,事件图距离计算器,相关值计算器和协调攻击分析器。 为网络中的利用和条件构建攻击图。 利用距离计算器确定漏洞利用距离。 入侵检测器生成事件。 事件与漏洞相关联。 计算事件图距离。 使用事件图距离计算事件对的相关值。 使用相关阈值分析相关值以检测协调的攻击。
-
公开(公告)号:US20110164506A1
公开(公告)日:2011-07-07
申请号:US12835228
申请日:2010-07-13
IPC分类号: H04L12/56
CPC分类号: H04L43/12 , H04L41/0803
摘要: Embodiments of the present invention include a system or method for inferring packet management rules of a packet management device. A probing device is used to extract at least one of port number and IP address from a packet management configuration file. The probing device classifies extracted numbers and selectively transmits packets to a packet management device. A packet analyzer notifies the probing device when a packet passes through the packet management device. Based on the notification, the probing device is able to transmit packets to the packet management device in a non-exhaustive manner and determine a port range corresponding to a packet management rule.
摘要翻译: 本发明的实施例包括用于推断分组管理设备的分组管理规则的系统或方法。 探测设备用于从分组管理配置文件中提取端口号和IP地址中的至少一个。 探测设备对提取的号码进行分类,并选择性地将数据包发送到数据包管理设备。 分组分析器在分组通过分组管理设备时通知探测设备。 基于该通知,探测装置能够以非穷尽的方式向分组管理装置发送分组,并且确定与分组管理规则相对应的端口范围。
-
公开(公告)号:US20110069721A1
公开(公告)日:2011-03-24
申请号:US12894808
申请日:2010-09-30
申请人: Sushil Jajodia , Shlping Chen , Xinyuan Wang
发明人: Sushil Jajodia , Shlping Chen , Xinyuan Wang
IPC分类号: H04J3/06
CPC分类号: H04L65/607
摘要: A packet flow side channel encoder and decoder embeds and extracts a side channel communication in an overt communication data stream transmitted over a network. The encoder selects more than one group of related packets being transmitted on the network, relates a packet of one group to a packet of another group to form a pair of packets; and delays the timing of at least one packet from each pair of packets The decoder determines inter-packet delays that are the difference in timing between two packets in a pair of packets; determines at least one inter-packet delay difference between two or more determined inter-packet delays; and extracts a bit using the at least one interpacket delay difference.
摘要翻译: 分组流侧信道编码器和解码器在通过网络传输的公开通信数据流中嵌入和提取侧信道通信。 编码器选择在网络上发送的多组相关数据包,将一组数据包与另一组数据包相连,形成一对数据包; 并且延迟来自每对分组的至少一个分组的定时。解码器确定作为一对分组中的两个分组之间的定时差的分组间延迟; 确定两个或多个确定的分组间延迟之间的至少一个分组间延迟差异; 并且使用所述至少一个间隔延迟差提取位。
-
公开(公告)号:US20080137841A1
公开(公告)日:2008-06-12
申请号:US11947164
申请日:2007-11-29
申请人: Sushil Jajodia
发明人: Sushil Jajodia
CPC分类号: H04L9/0894
摘要: Sensitive data associations for related data values are protected. A set of related data values is received. The set of related data values include at least a first data value and a second data value. The first data value is associated with a first data field and the second data value is associated to a second data field. First encrypted data is created by encrypting the first data value using a first encryption key and a second encrypted data is created by encrypting the second data value using a second encryption key. The first data value is stored in a first data table, the second data value is stored in a second data table, the first encrypted data is stored in the second table, and the second encrypted data is stored in the first table.
摘要翻译: 相关数据值的敏感数据关联被保护。 接收一组相关数据值。 所述相关数据值集合包括至少第一数据值和第二数据值。 第一数据值与第一数据字段相关联,并且第二数据值与第二数据字段相关联。 通过使用第一加密密钥加密第一数据值来创建第一加密数据,并且通过使用第二加密密钥加密第二数据值来创建第二加密数据。 将第一数据值存储在第一数据表中,将第二数据值存储在第二数据表中,将第一加密数据存储在第二表中,将第二加密数据存储在第一表中。
-
公开(公告)号:US07127106B1
公开(公告)日:2006-10-24
申请号:US10281191
申请日:2002-10-28
申请人: Johnson Neil , Zoran Duric , Sushil Jajodia
发明人: Johnson Neil , Zoran Duric , Sushil Jajodia
IPC分类号: G06K9/00
CPC分类号: G06K9/4609 , G06K9/527
摘要: Disclosed is a method and apparatus for fingerprinting a first and second image and using the fingerprints of the first and second image to determine if the second image is derived from the first image.
摘要翻译: 公开了一种用于对第一和第二图像进行指纹识别并使用第一和第二图像的指纹以确定第二图像是否从第一图像导出的方法和装置。
-
-
-
-
-
-
-
-
-
搜索结果
32 条记录 (耗时 0.024 秒)
