利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

35 条记录 (耗时 0.034 秒)

    HASH-BASED SYSTEMS AND METHODS FOR DETECTING, PREVENTING, AND TRACING NETWORK WORMS AND VIRUSES
    1.
    发明申请
    HASH-BASED SYSTEMS AND METHODS FOR DETECTING, PREVENTING, AND TRACING NETWORK WORMS AND VIRUSES 审中-公开
    基于HASH的系统和检测,预防和跟踪网络和病毒的方法

    公开(公告)号:US20100205672A1

    公开(公告)日:2010-08-12

    申请号:US12762365

    申请日:2010-04-18

    申请人: Walter Clark Milliken William Timothy Strayer Stephen Douglas Milligan Luis Sanchez Craig Partridge

    发明人: Walter Clark Milliken William Timothy Strayer Stephen Douglas Milligan Luis Sanchez Craig Partridge

    IPC分类号: G06F21/00

    CPC分类号: H04L63/145 G06F21/562 H04L51/12

    摘要: A system (126-129) detects transmission of potentially malicious packets. The system (126-129) receives packets and generates hash values corresponding to each of the packets. The system (126-129) may then compare the generated hash values to hash values corresponding to prior packets. The system (126-129) determines that one of the packets is a potentially malicious packet when the generated hash value corresponding to the one packet matches one of the hash values corresponding to one of the prior packets and the one prior packet was received within a predetermined amount of time of the one packet. The system (126-129) may also facilitate the tracing of the path taken by a potentially malicious packet. In this case, the system (126-129) may receive a message that identifies a potentially malicious packet, generate hash values from the potentially malicious packet, and determine whether one or more of the generated hash values match hash values corresponding to previously-received packets. The system (126-129) may then identify the potentially malicious packet as one of the previously-received packets when one or more of the generated hash values match the hash value corresponding to the one previously-received packet.

    摘要翻译: 系统(126-129)检测潜在恶意数据包的传输。 系统(126-129)接收分组并产生与每个分组对应的散列值。 然后,系统(126-129)可以将生成的散列值与对应于先前分组的散列值进行比较。 当对应于一个分组的生成的散列值与对应于先前分组之一的哈希值中的一个匹配,并且在一个分组内接收到一个先前分组时,系统(126-129)确定分组中的一个是潜在的恶意分组 一个分组的预定时间量。 系统(126-129)还可以便利跟踪潜在的恶意数据包所采取的路径。 在这种情况下,系统(126-129)可以接收标识潜在恶意数据包的消息,从潜在的恶意数据包生成散列值,并确定所生成的散列值中的一个或多个是否与先前接收到的散列值相匹配 数据包 然后当一个或多个所生成的散列值与对应于先前接收的一个分组的散列值相匹配时,系统(126-129)可以将潜在的恶意分组识别为先前接收的分组之一。

    METHOD AND APPARATUS FOR IDENTIFYING A PACKET
    2.
    发明申请
    METHOD AND APPARATUS FOR IDENTIFYING A PACKET 审中-公开
    用于识别分组的方法和装置

    公开(公告)号:US20090182867A1

    公开(公告)日:2009-07-16

    申请号:US12249832

    申请日:2008-10-10

    申请人: Walter Clark Milliken William Timothy Strayer Stephen Douglas Milligan Luis Sanchez Craig Partridge

    发明人: Walter Clark Milliken William Timothy Strayer Stephen Douglas Milligan Luis Sanchez Craig Partridge

    IPC分类号: G06F15/173

    CPC分类号: H04L63/145 G06F21/562 H04L51/12

    摘要: A system and method for identifying target packets in a network. The invention identifies packets by computing a hash value over at least a portion of a packet passing through a network device such as a router. The hash value is used as an address, or index, into a memory. The hash value identifies a unique memory address and a flag is set at the respective memory location. When a target packet is detected elsewhere in a network, the network device receives a query message containing a hash value of the target packet. The network device compares the target packet to the hash values in memory. A match between the hash value in memory and the hash value in the query message indicates the target packet was observed by the network device. After a match is detected, the network device makes a reply available to the network.

    摘要翻译: 一种用于识别网络中的目标分组的系统和方法。 本发明通过在通过诸如路由器的网络设备的分组的至少一部分上计算散列值来识别分组。 哈希值用作内存中的地址或索引。 哈希值标识唯一的存储器地址,并且在相应的存储器位置设置标志。 当在网络中的其他地方检测到目标分组时,网络设备接收到包含目标分组的哈希值的查询消息。 网络设备将目标分组与存储器中的散列值进行比较。 存储器中的哈希值和查询消息中的哈希值之间的匹配表示网络设备观察到目标分组。 在检测到匹配后,网络设备向网络发出回复。

    HASH-BASED SYSTEMS AND METHODS FOR DETECTING, PREVENTING, AND TRACING NETWORK WORMS AND VIRUSES
    3.
    发明申请
    HASH-BASED SYSTEMS AND METHODS FOR DETECTING, PREVENTING, AND TRACING NETWORK WORMS AND VIRUSES 审中-公开
    基于HASH的系统和检测,预防和跟踪网络和病毒的方法

    公开(公告)号:US20090158435A1

    公开(公告)日:2009-06-18

    申请号:US12249803

    申请日:2008-10-10

    申请人: Walter Clark Milliken William Timothy Strayer Stephen Douglas Milligan Luis Sanchez Craig Partridge

    发明人: Walter Clark Milliken William Timothy Strayer Stephen Douglas Milligan Luis Sanchez Craig Partridge

    IPC分类号: G06F21/00

    CPC分类号: H04L63/145 G06F21/562 H04L51/12

    摘要: A system (126-129) detects transmission of potentially malicious packets. The system (126-129) receives packets and generates hash values corresponding to each of the packets. The system (126-129) may then compare the generated hash values to hash values corresponding to prior packets. The system (126-129) determines that one of the packets is a potentially malicious packet when the generated hash value corresponding to the one packet matches one of the hash values corresponding to one of the prior packets and the one prior packet was received within a predetermined amount of time of the one packet. The system (126-129) may also facilitate the tracing of the path taken by a potentially malicious packet. In this case, the system (126-129) may receive a message that identifies a potentially malicious packet, generate hash values from the potentially malicious packet, and determine whether one or more of the generated hash values match hash values corresponding to previously-received packets. The system (126-129) may then identify the potentially malicious packet as one of the previously-received packets when one or more of the generated hash values match the hash value corresponding to the one previously-received packet.

    摘要翻译: 系统(126-129)检测潜在恶意数据包的传输。 系统(126-129)接收分组并产生与每个分组对应的散列值。 然后,系统(126-129)可以将生成的散列值与对应于先前分组的散列值进行比较。 当对应于一个分组的生成的散列值与对应于先前分组之一的哈希值中的一个匹配,并且在一个分组内接收到一个先前分组时,系统(126-129)确定分组中的一个是潜在的恶意分组 一个分组的预定时间量。 系统(126-129)还可以便利跟踪潜在的恶意数据包所采取的路径。 在这种情况下,系统(126-129)可以接收标识潜在恶意数据包的消息,从潜在的恶意数据包生成散列值,并确定所生成的散列值中的一个或多个是否与先前接收到的散列值相匹配 数据包 然后当一个或多个所生成的散列值与对应于先前接收的一个分组的散列值相匹配时,系统(126-129)可以将潜在的恶意分组识别为先前接收的分组之一。

    METHOD AND APPARATUS FOR TRACING PACKETS
    5.
    发明申请
    METHOD AND APPARATUS FOR TRACING PACKETS 审中-公开
    跟踪包包的方法和装置

    公开(公告)号:US20100205670A1

    公开(公告)日:2010-08-12

    申请号:US12762366

    申请日:2010-04-18

    申请人: Walter Clark Milliken William Timothy Strayer Stephen Douglas Milligan Luis Sanchez Craig Partridge

    发明人: Walter Clark Milliken William Timothy Strayer Stephen Douglas Milligan Luis Sanchez Craig Partridge

    IPC分类号: G06F21/00 G06F15/16

    CPC分类号: H04L63/145 G06F21/562 H04L51/12

    摘要: A system and method for performing source path isolation in a network. The system comprises an intrusion detection system (IDS), a source path isolation server (SS1) and at least one router configured to operate as a source path isolation router (SR1) operating within an autonomous system. When IDS detects a malicious packet, a message is sent to SS1. SS1 in turn generates a query message (QM) containing at least a portion of the malicious packet. Then, QM is sent to participating routers located one hop away. SR1 uses the query message to determine if it has observed the malicious packet by comparing it with locally stored information about packets having passed through SR1. SR1 sends a reply to SS1, and SS1 uses the reply to identify the ingress point into the network of the malicious packet.

    摘要翻译: 一种用于在网络中执行源路径隔离的系统和方法。 该系统包括入侵检测系统(IDS),源路径隔离服务器(SS1)和至少一个被配置为在自主系统内操作的源路径隔离路由器(SR1)的路由器。 当IDS检测到恶意数据包时,会向SS1发送一条消息。 SS1又产生包含至少一部分恶意数据包的查询消息(QM)。 然后,QM被发送到位于一跳的参与路由器。 SR1使用查询消息来确定是否通过与通过SR1的数据包的本地存储信息进行比较来观察恶意数据包。 SR1向SS1发送回复,SS1使用该回复来识别恶意数据包网络中的入口点。

    METHOD AND APPARATUS FOR TRACING PACKETS
    9.
    发明申请
    METHOD AND APPARATUS FOR TRACING PACKETS 审中-公开
    跟踪包包的方法和装置

    公开(公告)号:US20090313339A1

    公开(公告)日:2009-12-17

    申请号:US12249804

    申请日:2008-10-10

    申请人: Walter Clark Milliken William Timothy Strayer Stephen Douglas Milligan Luis Sanchez Craig Patridge

    发明人: Walter Clark Milliken William Timothy Strayer Stephen Douglas Milligan Luis Sanchez Craig Patridge

    IPC分类号: G06F15/173 G06F11/00

    CPC分类号: H04L63/145 G06F21/562 H04L51/12

    摘要: A system and method for performing source path isolation in a network. The system comprises an intrusion detection system (IDS), a source path isolation server (SS1) and at least one router configured to operate as a source path isolation router (SR1) operating within an autonomous system. When IDS detects a malicious packet, a message is sent to SS1. SS1 in turn generates a query message (QM) containing at least a portion of the malicious packet. Then, QM is sent to participating routers located one hop away. SR1 uses the query message to determine if it has observed the malicious packet by comparing it with locally stored information about packets having passed through SR1. SR1 sends a reply to SS1, and SS1 uses the reply to identify the ingress point into the network of the malicious packet.

    摘要翻译: 一种用于在网络中执行源路径隔离的系统和方法。 该系统包括入侵检测系统(IDS),源路径隔离服务器(SS1)和至少一个被配置为在自主系统内操作的源路径隔离路由器(SR1)的路由器。 当IDS检测到恶意数据包时,会向SS1发送一条消息。 SS1又产生包含至少一部分恶意数据包的查询消息(QM)。 然后,QM被发送到位于一跳的参与路由器。 SR1使用查询消息来确定是否通过与通过SR1的数据包的本地存储信息进行比较来观察恶意数据包。 SR1向SS1发送回复,SS1使用该回复来识别恶意数据包网络中的入口点。