-
公开(公告)号:US20090077663A1
公开(公告)日:2009-03-19
申请号:US11898838
申请日:2007-09-17
IPC分类号: G06F21/06
CPC分类号: H04L63/1416
摘要: A score-based method of preventing intrusion, and related apparatus and systems, including one or more of the following: receiving traffic including new packets; decoding a protocol for same; determining that no session exists to which the packets are associated; creating a session entry for a session corresponding to the packets; setting a total score for the session to zero; performing an anomaly analysis on the packets identifying an anomaly; adding an anomaly score for the anomaly to the total score for the session; determining that the total score for the session does not exceed a threshold; determining that the anomaly analysis is finished; determining that the signature of the received new packets matches a threat signatures; adding a score assigned to the threat signature to the total score for the session; determining that the total score for the session exceeds the threshold; and triggering a threat response action.
摘要翻译: 一种防止入侵的基于分数的方法以及相关设备和系统,包括以下一个或多个:接收包括新分组的流量; 解码协议相同; 确定与所述分组相关联的会话不存在; 创建对应于分组的会话的会话条目; 将会议总分设为零; 对识别异常的分组执行异常分析; 将异常的异常得分加到会议总分上; 确定会话的总分数不超过阈值; 确定异常分析结束; 确定所接收的新分组的签名与威胁签名匹配; 将分配给威胁签名的分数添加到会话的总分数; 确定会话的总分超过阈值; 并触发威胁响应行动。
-
公开(公告)号:US09451036B2
公开(公告)日:2016-09-20
申请号:US12008856
申请日:2008-01-15
申请人: Faud Khan , Gerald Batten , Yong Sun
发明人: Faud Khan , Gerald Batten , Yong Sun
IPC分类号: G06F15/173 , H04L29/08 , H04L12/24 , H04L29/12
CPC分类号: H04L67/22 , H04L29/12509 , H04L41/00 , H04L41/12 , H04L61/2567 , H04L67/306
摘要: A system and method for identifying the number of computer hosts and types of operating systems behind a network address translation is provided. The method includes processing an internet protocol packet associated with the host computer system. The process may involve capturing the internet protocol packet and extracting key fields from the internet protocol packet to produce a fingerprint. The method continues with analyzing the fields in order to determine if a network address translator is connected between the host computer and a public network (e.g. the internet). If there is a network address translator connected, fields may be analyzed in order to determine the number of computers using the network address translator. The fields may also be analyzing in order to determine with a level of probability that the fingerprint identifies the correct operating system running the host computers. Generally, the internet protocol packet that is analyzing will be captured from an aggregation point in the carrier network.
-
3.发明申请Method and apparatus for fingerprinting systems and operating systems in a network 有权网络中指纹系统和操作系统的方法和装置公开(公告)号:US20090182864A1
公开(公告)日:2009-07-16
申请号:US12008856
申请日:2008-01-15
申请人: Faud Khan , Gerald Batten , Yong Sun
发明人: Faud Khan , Gerald Batten , Yong Sun
IPC分类号: G06F15/16
CPC分类号: H04L67/22 , H04L29/12509 , H04L41/00 , H04L41/12 , H04L61/2567 , H04L67/306
摘要: A system and method for identifying the number of computer hosts and types of operating systems behind a network address translation is provided. The method includes processing an internet protocol packet associated with the host computer system. The process may involve capturing the internet protocol packet and extracting key fields from the internet protocol packet to produce a fingerprint. The method continues with analyzing the fields in order to determine if a network address translator is connected between the host computer and a public network (e.g. the internet). If there is a network address translator connected, fields may be analyzed in order to determine the number of computers using the network address translator. The fields may also be analyzing in order to determine with a level of probability that the fingerprint identifies the correct operating system running the host computers. Generally, the internet protocol packet that is analyzing will be captured from an aggregation point in the carrier network.
摘要翻译: 提供了一种用于识别计算机主机数量和网络地址转换背后的操作系统类型的系统和方法。 该方法包括处理与主计算机系统相关联的因特网协议分组。 该过程可以涉及捕获因特网协议分组并从互联网协议分组提取密钥字段以产生指纹。 该方法继续分析这些字段以便确定网络地址转换器是否连接在主计算机和公共网络(例如因特网)之间。 如果连接了网络地址转换器,则可以分析字段以确定使用网络地址转换器的计算机的数量。 这些字段也可能是分析以便以指纹识别运行主计算机的正确操作系统的概率水平来确定。 一般来说,正在分析的因特网协议分组将从运营商网络中的汇聚点获取。
-
公开(公告)号:US20120117653A1
公开(公告)日:2012-05-10
申请号:US13352451
申请日:2012-01-18
申请人: Stanley Chow , Bassem Abdel-Aziz , Faud Khan
发明人: Stanley Chow , Bassem Abdel-Aziz , Faud Khan
IPC分类号: G06F12/14
CPC分类号: H04L63/145 , G06F21/566 , H04L63/1491
摘要: Methods and systems are presented for detection of malware such as worms in which a network switch entices the malware into sending scan packets by allocating one or more ports as bait addresses, sending outgoing bait packets, and identifying compromised hosts that send unexpected incoming packets to a bait address.
摘要翻译: 提出了用于检测蠕虫的方法和系统,其中网络交换机通过将一个或多个端口分配为诱饵地址,发送传出诱饵分组以及将发送意外的传入分组的受损主机识别到 诱饵地址
-
公开(公告)号:US08181249B2
公开(公告)日:2012-05-15
申请号:US12039817
申请日:2008-02-29
申请人: Stanley Chow , Bassem Abdel-Aziz , Faud Khan
发明人: Stanley Chow , Bassem Abdel-Aziz , Faud Khan
IPC分类号: G06F12/14
CPC分类号: H04L63/145 , G06F21/566 , H04L63/1491
摘要: Methods and systems are presented for detection of malware such as worms in which a network switch entices the malware into sending scan packets by allocating one or more ports as bait addresses, sending outgoing bait packets, and identifying compromised hosts that send unexpected incoming packets to a bait address.
摘要翻译: 提出了用于检测蠕虫的方法和系统,其中网络交换机通过将一个或多个端口分配为诱饵地址,发送传出诱饵分组以及将发送意外的传入分组的受损主机识别到 诱饵地址
-
公开(公告)号:US20090106156A1
公开(公告)日:2009-04-23
申请号:US11976248
申请日:2007-10-23
申请人: Vinod K. Choyi , Faud Khan , Dmitri Vinokurov
发明人: Vinod K. Choyi , Faud Khan , Dmitri Vinokurov
CPC分类号: H04L63/10 , G06F21/10 , H04L2463/101
摘要: A method of network-based digital rights enforcement, and related enforcement device, the method including one or more of the following: embedding information into digital content requested by an end user; providing a signature for the digital content to a service provider; providing a key to the service provider, the key being necessary for reading the information embedded into the digital content; providing an algorithm to the service provider for extracting the information embedded into the digital content; providing an identification to the service provider of a content provider that provides the digital content; extracting the signature from the digital content requested by the end user; analyzing the signature to determine whether a signature match exists; and determining whether the end user is a legitimate authorized user of the requested digital content or capable of distributing content.
摘要翻译: 一种基于网络的数字版权执法方法及相关执法装置,该方法包括以下一个或多个步骤:将信息嵌入到最终用户要求的数字内容中; 向服务提供商提供数字内容的签名; 为服务提供商提供密钥,是读取嵌入到数字内容中的信息所必需的关键; 向所述服务提供者提供用于提取嵌入到所述数字内容中的信息的算法; 向提供数字内容的内容提供商的服务提供商提供标识; 从最终用户请求的数字内容中提取签名; 分析签名以确定是否存在签名匹配; 以及确定最终用户是所请求的数字内容的合法授权用户还是能够分发内容。
-
公开(公告)号:US09419995B2
公开(公告)日:2016-08-16
申请号:US13352451
申请日:2012-01-18
申请人: Stanley Chow , Bassem Abdel-Aziz , Faud Khan
发明人: Stanley Chow , Bassem Abdel-Aziz , Faud Khan
CPC分类号: H04L63/145 , G06F21/566 , H04L63/1491
摘要: Methods and systems are presented for detection of malware such as worms in which a network switch entices the malware into sending scan packets by allocating one or more ports as bait addresses, sending outgoing bait packets, and identifying compromised hosts that send unexpected incoming packets to a bait address.
摘要翻译: 提出了用于检测蠕虫的方法和系统,其中网络交换机通过将一个或多个端口分配为诱饵地址,发送传出诱饵分组以及将发送意外的传入分组的受损主机识别到 诱饵地址
-
公开(公告)号:US20090222920A1
公开(公告)日:2009-09-03
申请号:US12039817
申请日:2008-02-29
申请人: Stanley Chow , Bassem Abdel-Aziz , Faud Khan
发明人: Stanley Chow , Bassem Abdel-Aziz , Faud Khan
IPC分类号: G06F21/00
CPC分类号: H04L63/145 , G06F21/566 , H04L63/1491
摘要: Methods and systems are presented for detection of malware such as worms in which a network switch entices the malware into sending scan packets by allocating one or more ports as bait addresses, sending outgoing bait packets, and identifying compromised hosts that send unexpected incoming packets to a bait address.
摘要翻译: 提出了用于检测蠕虫的方法和系统,其中网络交换机通过将一个或多个端口分配为诱饵地址,发送传出诱饵分组以及将发送意外的传入分组的受损主机识别到 诱饵地址
-
-
-
-
-
-
-
搜索结果
8 条记录 (耗时 0.018 秒)
