公开(公告)号：US08341727B2

公开(公告)日：2012-12-25

申请号：US12075600

申请日：2008-03-10

申请人： William S. Worley, Jr. ,  James Garnett ,  Christopher Worley ,  Matthew H. Gerlach

发明人： William S. Worley, Jr. ,  James Garnett ,  Christopher Worley ,  Matthew H. Gerlach

IPC分类号： G06F15/173

CPC分类号： H04L63/1458 ,  H04L63/02

摘要： Embodiments of the present invention include a variety of different integrated, multi-tiered methods and systems for preventing various types of attacks on computer systems, including denial-of-service attacks and SYN-flood attacks. Components of these integrated methods and systems include probabilistic packet droppers, packet-rate throttles, resource controls, automated firewalls, and efficient connection-state-information storage in memory resources and connection-state-information distribution in order to prevent draining of sufficient communications-related resources within a computer system to seriously degrade or disable electronics communications components within the computer system.

摘要翻译： 本发明的实施例包括用于防止对计算机系统的各种攻击的各种不同的集成的多层方法和系统，包括拒绝服务攻击和SYN洪泛攻击。 这些集成方法和系统的组件包括概率分组丢弃器，分组速率节流，资源控制，自动防火墙以及存储器资源中的有效连接状态信息存储和连接状态信息分发，以防止排出足够的通信 - 计算机系统内的相关资源，以严重降低或禁用计算机系统内的电子通信组件。

公开(公告)号：US20080256623A1

公开(公告)日：2008-10-16

申请号：US12075600

申请日：2008-03-10

申请人： William S. Worley ,  James Garnett ,  Christopher Worley ,  Matthew H. Gerlach

发明人： William S. Worley ,  James Garnett ,  Christopher Worley ,  Matthew H. Gerlach

IPC分类号： H04L9/00

CPC分类号： H04L63/1458 ,  H04L63/02

摘要： Embodiments of the present invention include a variety of different integrated, multi-tiered methods and systems for preventing various types of attacks on computer systems, including denial-of-service attacks and SYN-flood attacks. Components of these integrated methods and systems include probabilistic packet droppers, packet-rate throttles, resource controls, automated firewalls, and efficient connection-state-information storage in memory resources and connection-state-information distribution in order to prevent draining of sufficient communications-related resources within a computer system to seriously degrade or disable electronics communications components within the computer system.

摘要翻译： 本发明的实施例包括用于防止对计算机系统的各种攻击的各种不同的集成的多层方法和系统，包括拒绝服务攻击和SYN洪泛攻击。 这些集成方法和系统的组件包括概率分组丢弃器，分组速率节流，资源控制，自动防火墙以及存储器资源中的有效连接状态信息存储和连接状态信息分发，以防止排出足够的通信 - 计算机系统内的相关资源，以严重降低或禁用计算机系统内的电子通信组件。

公开(公告)号：US20060013132A1

公开(公告)日：2006-01-19

申请号：US11155535

申请日：2005-06-16

申请人： James Garnett ,  Elizabeth Bradley

发明人： James Garnett ,  Elizabeth Bradley

IPC分类号： G01R31/08

CPC分类号： G06F11/0751 ,  G06F11/0736 ,  G06F11/3495 ,  H04L41/142 ,  H04L41/145 ,  H04L41/5003 ,  H04L41/5009 ,  H04L41/5025 ,  H04L47/12 ,  H04L49/90 ,  H04L49/9047

摘要： Nonlinear adaptive resource management systems and methods are provided. According to one embodiment, a controller identifies and prevents resource starvation in resource-limited systems. To function correctly, system processes require resources that can be exhausted when under high load conditions. If the load conditions continue a complete system failure may occur. Controllers functioning in accordance with embodiments of the present invention avoid these failures by distribution shaping that completely avoids undesirable states. According to one embodiment, a Markov Birth/Death Chain model of the resource usage is built based on the structure of the system, with the number of states determined by the amount of resources, and the transition probabilities by the instantaneous rates of observed consumption and release. A control stage is used to guide a controller that denies some resource requests in real systems in a principled manner, thereby reducing the demand rate and the resulting distribution of resource states.

摘要翻译： 提供非线性自适应资源管理系统和方法。 根据一个实施例，控制器识别并防止资源有限的系统中的资源匮乏。 要正常工作，系统进程需要在高负载条件下可以耗尽的资源。 如果负载条件继续，可能会发生完整的系统故障。 根据本发明的实施例起作用的控制器通过完全避免不期望的状态的分布成形来避免这些故障。 根据一个实施例，基于系统的结构建立了资源使用的马尔科夫生死亡链模型，其中由资源量确定的状态数量和由观察到的消耗的瞬时速率的转移概率，以及 发布。 控制阶段用于指导以原则方式在实际系统中拒绝某些资源请求的控制器，从而降低需求速率和由此导致的资源状态分配。