-
公开(公告)号:US08199641B1
公开(公告)日:2012-06-12
申请号:US12179703
申请日:2008-07-25
IPC分类号: H04L12/26 , G06F15/173
CPC分类号: H04L41/0645 , H04L43/00 , H04L43/022 , H04L43/026 , H04L43/04 , H04L43/0817 , Y02D50/30
摘要: A network monitoring system includes devices receiving network traffic information, and generating at least partial results relating to network symptoms. Those partial results are forwarded to devices processing those partial results and generating information relating to problems in response to those symptoms. Problems are reported to users or sent as notifications. In one embodiment, information relating to network traffic is monitored both by a first set of devices associated with source addresses for that network traffic and a second set of devices associated with destination addresses for that network traffic. Information received by that first set of devices includes information relating to both the source address and destination address of network traffic. That first set of devices processes information relating to the source address of network traffic and forwards information relating to the destination address of network traffic to that second set of devices.
摘要翻译: 网络监控系统包括接收网络流量信息的设备,以及产生与网络症状有关的至少部分结果。 这些部分结果被转发到处理这些部分结果的设备,并且响应于这些症状产生与问题有关的信息。 问题报告给用户或作为通知发送。 在一个实施例中,与网络业务有关的信息由与该网络业务的源地址相关联的第一组设备以及与该网络业务的目的地地址相关联的第二组设备来监控。 由第一组设备接收的信息包括与网络流量的源地址和目的地地址相关的信息。 第一组设备处理与网络业务的源地址相关的信息,并将与网络流量的目的地地址相关的信息转发到第二组设备。
-
公开(公告)号:US09961094B1
公开(公告)日:2018-05-01
申请号:US12180437
申请日:2008-07-25
IPC分类号: G06F15/173 , H04L29/06 , H04L29/08
CPC分类号: H04L63/1425 , H04L63/1408 , H04L67/22 , H04L67/306
摘要: One network monitoring system maintains information regarding historical activity and emergent activity of the network. Comparison of recent with historical activity allows the system to determine whether recent activity is within the realm of normal. The system maintains data structures representing a p.d.f. for observable values of network parameters. Another network monitoring device includes data structures for maintaining information regarding historical and emergent activity of a network. This network monitoring device maintains those data structures including information regarding historical and emergent activity of a network only for those source/destination pairs, and only for those nodes, for which maintaining that information would be substantially meaningful. Yet another network monitoring system includes data structures for maintaining information regarding historical and emergent activity of a network that maintains those data structures only for those combinations of more than one of those multiple profile dimensions for which maintaining that information would be substantially meaningful.
-
公开(公告)号:US08645527B1
公开(公告)日:2014-02-04
申请号:US12180333
申请日:2008-07-25
IPC分类号: G06F15/16 , G06F15/173 , G06F3/00
CPC分类号: H04L41/0645 , H04L43/00 , H04L43/022 , H04L43/026 , H04L43/04 , H04L43/0817 , Y02D50/30
摘要: A network monitoring device includes a data structure for maintaining information about endpoints involved in network flows. Each endpoint, either a source or a destination for a network flow, has information maintained in a modified binary trie, having a branch for each bit of the source or destination address, but with interior nodes having only a single child node elided. A pruning thread is given a limited amount of time for operation, with the effect that the data structure is maintained available for use except for only that limited amount of time. In the event that the pruning thread is unable to prune the entire data structure, it maintains a marker indicating where last it left off, and returns to that location in the data structure at a later pruning operation.
摘要翻译: 网络监视设备包括用于维护关于网络流中涉及的端点的信息的数据结构。 每个端点(网络流的源或目的地)具有维护在修改的二进制trie中的信息,其具有针对源或目的地地址的每个位的分支,但是具有仅具有单个子节点的内部节点被消除。 修剪线程被给予有限的操作时间,其结果是保持数据结构可用于使用,只有有限的时间量。 在修剪线程无法修剪整个数据结构的情况下,它会维护一个标记,指示最后一次停止的位置,并在稍后的修剪操作中返回到数据结构中的该位置。
-
公开(公告)号:US07620986B1
公开(公告)日:2009-11-17
申请号:US11153217
申请日:2005-06-14
CPC分类号: H04L63/1425 , H04L2463/141
摘要: The invention provides apparatus and methods for defending against attacks in a distributed computing environment, including (1) distinguishing attack traffic patterns from legitimate traffic patterns, (2) responsive to nature of message patterns; (3) attack traffic has few origination points, and does not divide further from target device; (4) detectors of illegitimate traffic can cooperate to confirm the suspected attack, with the effect of providing more information to each other.
摘要翻译: 本发明提供了用于防御分布式计算环境中的攻击的装置和方法,包括(1)区分攻击流量模式与合法流量模式,(2)响应消息模式的性质; (3)攻击流量几乎没有起点,不与目标设备分开; (4)非法交通检测员可以合作确认可疑袭击,并提供更多信息的效果。
-
公开(公告)号:US07331060B1
公开(公告)日:2008-02-12
申请号:US10242380
申请日:2002-09-10
申请人: Livio Ricciulli
发明人: Livio Ricciulli
IPC分类号: G06F11/00
CPC分类号: H04L63/1458
摘要: Detecting and protecting against denial of service flooding attacks that are initiated against an end system on a computer network. In accordance with one aspect of the invention, a filter is established at a network location. The filter prevents data packets received at a first network location and deemed responsible for the denial of service flooding condition from being forwarded to a subsequent network location. Data packets received at the first network location are then monitored to determine whether the flow of any data packets from a network source exhibit a legitimate behavior, such as where the flow of data packets exhibits a backoff behavior. The filter is then modified to permit data packets that exhibit legitimate behavior to pass through the filter.
摘要翻译: 检测和防止对计算机网络上的终端系统启动的拒绝服务洪泛攻击。 根据本发明的一个方面,在网络位置建立一个过滤器。 该过滤器防止在第一网络位置接收的数据包,并将其认为负责拒绝服务洪泛状态转发到后续网络位置。 然后监视在第一网络位置处接收的数据分组,以确定来自网络源的任何数据分组的流量是否表现出合法行为,例如数据分组的数据流呈现退避行为的地方。 然后修改过滤器以允许表现合法行为的数据包通过过滤器。
-
公开(公告)号:US20200304392A1
公开(公告)日:2020-09-24
申请号:US15867685
申请日:2018-01-10
申请人: Xangati Inc
IPC分类号: H04L12/26
摘要: A network monitoring device responds to a network status data (whether “pushed” from the network device or “pulled” from the network device), maintaining a buffer of saved status data. The status data is reordered, manipulated, and presented to users in order. The monitoring device can thus report an accurate momentary report of the status of the network environment. When status data is delayed too long, the monitoring device can discard it, or reduce its weighted consideration. The monitoring device adjusts its wait for status data, either as an average or individually per device, attempting to balance accuracy and latency. The monitoring device also records of how much status data it is required to process, in response to the amount it can process reliably, and maintains a sampling rate for status data, somewhere between evaluating all of the status data, and evaluating only a small portion of the status data, when capable, attempting to balance the degree of sampling, against both error and latency.
-
公开(公告)号:US09935858B1
公开(公告)日:2018-04-03
申请号:US14834424
申请日:2015-08-24
申请人: Xangati Inc.
IPC分类号: H04L12/26 , H04L12/803
CPC分类号: H04L43/0876 , H04L43/024 , H04L43/0852 , H04L43/0882 , H04L43/103
摘要: A network monitoring device responds to a network status data (whether “pushed” from the network device or “pulled” from the network device), maintaining a buffer of saved status data. The status data is reordered, manipulated, and presented to users in order. The monitoring device can thus report an accurate momentary report of the status of the network environment. When status data is delayed too long, the monitoring device can discard it, or reduce its weighted consideration. The monitoring device adjusts its wait for status data, either as an average or individually per device, attempting to balance accuracy and latency. The monitoring device also records of how much status data it is required to process, in response to the amount it can process reliably, and maintains a sampling rate for status data, somewhere between evaluating all of the status data, and evaluating only a small portion of the status data, when capable, attempting to balance the degree of sampling, against both error and latency.
-
公开(公告)号:US08639797B1
公开(公告)日:2014-01-28
申请号:US12180243
申请日:2008-07-25
申请人: Xiaohong Pan , Kishor Kakatkar , Derek Sanders , Rangaswamy Jagannathan , Jing Liu , Rosanna Lee
发明人: Xiaohong Pan , Kishor Kakatkar , Derek Sanders , Rangaswamy Jagannathan , Jing Liu , Rosanna Lee
IPC分类号: G06F15/173
CPC分类号: H04L43/12 , H04L41/142 , H04L43/04 , H04L43/062
摘要: A network monitoring system maintains both information regarding historical activity of a network, and information regarding emergent activity of the network. Comparison of historical activity of the network with emergent activity of the network allows the system to determine whether network activity is changing over time. The network monitoring system maintains data structures representing a p.d.f. for observable values of network parameters. Recent activity of the network can be compared with both the p.d.f. for historical activity and for emergent activity to aid in determining whether that recent activity is within the realm of normal, and whether network activity is changing over time. The network monitoring system adjusts that information regarding historical activity of a network in response to emergent activity of that network. The network monitoring device determines information regarding time-dependent activity of that network in response to spectral analysis regarding historical activity of that network.
摘要翻译: 网络监控系统维护关于网络的历史活动的信息和关于网络的紧急活动的信息。 网络的历史活动与网络紧急活动的比较允许系统确定网络活动是否随时间而变化。 网络监控系统维护表示p.d.f.的数据结构。 用于网络参数的可观察值。 网络的最近活动可以与p.d.f. 用于历史活动和紧急活动,以帮助确定最近的活动是否在正常范围内,以及网络活动是否随时间而变化。 网络监控系统根据网络的紧急活动调整有关网络历史活动的信息。 响应于关于该网络的历史活动的频谱分析,网络监视设备确定关于该网络的时间相关活动的信息。
-
公开(公告)号:US08451731B1
公开(公告)日:2013-05-28
申请号:US12180193
申请日:2008-07-25
申请人: Rosanna Lee , Hong Zhu , Rangaswamy Jagannathan , Xiaohong Pan , Derek Sanders , Kishor Kakatkar , Jing Liu
发明人: Rosanna Lee , Hong Zhu , Rangaswamy Jagannathan , Xiaohong Pan , Derek Sanders , Kishor Kakatkar , Jing Liu
IPC分类号: H04J1/16 , H04J3/14 , G06F15/173
CPC分类号: H04L41/0645 , H04L43/00 , H04L43/022 , H04L43/026 , H04L43/04 , H04L43/0817 , Y02D50/30
摘要: A network monitoring device includes a flow processing element, disposed to receive flow information relating to network flows, and to generate a set of virtual packets, each representing a portion of a network flow. The virtual packets are maintained in a time-sequential order, and read by elements of the network monitoring device to generate information relating to network traffic, such as symptoms affecting the communication network, problems affecting the communication network, and otherwise. The network monitoring device randomly samples virtual packets, with at least one of two effects: (1) flow information from traffic reporting devices that are themselves sampling at differing rates can be equalized, with the effect of standardizing information from all of them; (2) the network monitoring device itself can restrict its attention to a fraction of all virtual packets, with the effect of keeping up with a relatively large number of virtual packets.
摘要翻译: 网络监视设备包括流处理元件,其被设置为接收与网络流相关的流信息,并且生成一组虚拟分组,每组虚拟分组表示网络流的一部分。 虚拟分组以时间顺序的顺序进行维护,并由网络监控设备的元素进行读取,以产生与网络流量相关的信息,例如影响通信网络的症状,影响通信网络的问题等。 网络监控设备随机采样虚拟数据包,具有以下两个效果中的至少一个:(1)流量报告设备本身以不同速率进行采样的流量信息可以均衡化,并使其全部信息标准化; (2)网络监控设备本身可以将其注意力限制在所有虚拟分组的一小部分,具有跟上相对较大数量的虚拟分组的效果。
-
-
-
-
-
-
-
-
搜索结果
9 条记录 (耗时 0.013 秒)
