专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08185745B2 Detection of frequent and dispersed invariants 有权
标题翻译：频繁和分散不变量的检测
公开(公告)号：US08185745B2
公开(公告)日：2012-05-22
申请号：US12956725
申请日：2010-11-30
申请人： Sumeet Singh , John David Huber , Flavio Giovanni Bonomi
发明人： Sumeet Singh , John David Huber , Flavio Giovanni Bonomi
IPC分类号： H04L9/32 , G06F11/00
CPC分类号： H04L63/1416
摘要： A scalable method and apparatus that detects frequent and dispersed invariants is disclosed. More particularly, the application discloses a system that can simultaneously track frequency rates and dispersion criteria of unknown invariants. In other words, the application discloses an invariant detection system implemented in hardware (and/or software) that allows detection of invariants (e.g., byte sequences) that are highly prevalent (e.g., repeating with a high frequency) and dispersed (e.g., originating from many sources and destined to many destinations).
摘要翻译：公开了一种检测频繁和分散的不变量的可扩展方法和装置。更具体地说，本申请公开了一种可同时跟踪未知不变量的频率和色散标准的系统。换句话说，该应用公开了一种在硬件（和/或软件）中实现的不变量检测系统，其允许检测高度普遍（例如，重复高频）和分散的不变量（例如，字节序列）从许多来源，注定到许多目的地）。

2. 发明申请

US20080186974A1 SYSTEM AND METHOD TO PROCESS DATA PACKETS IN A NETWORK USING STATEFUL DECISION TREES 有权
标题翻译：用确定性决策方法在网络中处理数据包的系统和方法
公开(公告)号：US20080186974A1
公开(公告)日：2008-08-07
申请号：US11551932
申请日：2006-10-23
申请人： Sumeet Singh , George Varghese , Flavio Giovanni Bonomi , Jonathan J. Chang
发明人： Sumeet Singh , George Varghese , Flavio Giovanni Bonomi , Jonathan J. Chang
IPC分类号： H04L12/56
CPC分类号： H04L47/10 , H04L43/50 , H04L45/742 , H04L45/745 , H04L47/22 , H04L47/2441 , H04L47/32
摘要： A method and device to process a packet received by a network device is described. The method may comprise analyzing the packet to identify at least one set of a plurality of sets, mapping the at least one set to at least one functional unit, and performing functionality associated with the at least one functional unit. Analyzing the packet to identify at least one of a plurality of sets may comprise determining when the packet includes at least one set identifier, and identifying the at least one set based on the at least one set identifier. A set status identifier may be defined for each set, the set status identifier indicating when set identifiers associated with a corresponding set are detected in the packet. The device may be a router, switch or any other device that processes digital data e.g., packet data including packets headers, payload or the like.
摘要翻译：描述了一种处理由网络设备接收的分组的方法和设备。该方法可以包括分析分组以识别多个集合中的至少一个集合，将至少一个集合映射到至少一个功能单元，以及执行与至少一个功能单元相关联的功能。分析分组以识别多个集合中的至少一个集合可以包括确定分组何时包括至少一个集合标识符，以及基于至少一个集合标识符来识别该至少一个集合。可以为每个集合定义集合状态标识符，所设置的状态标识符指示何时在分组中检测到与对应集合相关联的集合标识符。该设备可以是处理数字数据的路由器，交换机或任何其他设备，例如包括分组报头，有效载荷等的分组数据。

3. 发明授权

US07813350B2 System and method to process data packets in a network using stateful decision trees 有权
标题翻译：使用有状态决策树处理网络中数据包的系统和方法
公开(公告)号：US07813350B2
公开(公告)日：2010-10-12
申请号：US11551932
申请日：2006-10-23
申请人： Sumeet Singh , George Varghese , Flavio Giovanni Bonomi , Jonathan J. Chang
发明人： Sumeet Singh , George Varghese , Flavio Giovanni Bonomi , Jonathan J. Chang
IPC分类号： H04L12/28
CPC分类号： H04L47/10 , H04L43/50 , H04L45/742 , H04L45/745 , H04L47/22 , H04L47/2441 , H04L47/32
摘要： A method and device to process a packet received by a network device is described. The method may comprise analyzing the packet to identify at least one set of a plurality of sets, mapping the at least one set to at least one functional unit, and performing functionality associated with the at least one functional unit. Analyzing the packet to identify at least one of a plurality of sets may comprise determining when the packet includes at least one set identifier, and identifying the at least one set based on the at least one set identifier. A set status identifier may be defined for each set, the set status identifier indicating when set identifiers associated with a corresponding set are detected in the packet. The device may be a router, switch or any other device that processes digital data e.g., packet data including packets headers, payload or the like.
摘要翻译：描述了一种处理由网络设备接收的分组的方法和设备。该方法可以包括分析分组以识别多个集合中的至少一个集合，将至少一个集合映射到至少一个功能单元，以及执行与至少一个功能单元相关联的功能。分析分组以识别多个集合中的至少一个集合可以包括确定分组何时包括至少一个集合标识符，以及基于至少一个集合标识符来识别该至少一个集合。可以为每个集合定义集合状态标识符，所设置的状态标识符指示何时在分组中检测到与对应集合相关联的集合标识符。该设备可以是处理数字数据的路由器，交换机或任何其他设备，例如包括分组报头，有效载荷等的分组数据。

4. 发明授权

US07602780B2 Scalably detecting and blocking signatures at high speeds 有权
标题翻译：可高速检测和阻止签名
公开(公告)号：US07602780B2
公开(公告)日：2009-10-13
申请号：US11271310
申请日：2005-11-09
申请人： Sushil Kumar Singh , George Varghese , John David Huber , Sumeet Singh
发明人： Sushil Kumar Singh , George Varghese , John David Huber , Sumeet Singh
IPC分类号： H04L12/56
CPC分类号： H04L45/00 , H04L45/60 , H04L45/745 , H04L63/145 , H04L67/327
摘要： A method and apparatus is described for identifying content in a packet. The method may obtain data sample from the packet where the data sample is in a predetermined window at an initial offset point in the packet. For each offset point, a first stage of processing on the data sample may be performed to identify if the data sample corresponds to potentially relevant reference string. A more focused second stage of processing may then be carried out on the data sample to identify if the data sample corresponds to potentially relevant reference string. Thereafter, an even more focused third stage of processing may be carried out on the data sample to obtain a third stage result. If the data sample passes all three stages of processing, a predefined action is identified which is associated with a reference string corresponding to the data sample.
摘要翻译：描述了用于识别分组中的内容的方法和装置。该方法可以从分组中的初始偏移点处的数据样本在预定窗口中获取数据样本。对于每个偏移点，可以执行关于数据样本的第一级处理以识别数据样本是否对应于潜在相关的参考串。然后可以对数据样本执行更集中的第二阶段处理，以识别数据样本是否对应于潜在相关的参考字符串。此后，可以对数据样本进行更加集中的第三阶段处理，以获得第三阶段结果。如果数据样本通过所有三个处理阶段，则识别与对应于数据样本的参考串相关联的预定义动作。

5. 发明授权

US08379639B2 Packet classification 有权
标题翻译：分组分类
公开(公告)号：US08379639B2
公开(公告)日：2013-02-19
申请号：US12507169
申请日：2009-07-22
申请人： Debojyoti Dutta , Sumeet Singh , Pradeep Sudame , Sundar Rajan
发明人： Debojyoti Dutta , Sumeet Singh , Pradeep Sudame , Sundar Rajan
IPC分类号： H04L12/28
CPC分类号： H04L47/10 , H04L47/2483
摘要： Apparatuses, methods, and other embodiments associated with packet identification are described. One example apparatus includes a packet selection logic to identify packets associated with a data stream. The example apparatus may also include a set of packet classification logics. A packet classification logic may generate a signal as a function of whether an attribute associated with the packet matches an attribute associated with packets generated by a tested application.
摘要翻译：描述了与分组识别相关联的装置，方法和其他实施例。一个示例性装置包括用于识别与数据流相关联的分组的分组选择逻辑。该示例设备还可以包括一组分组分类逻辑。分组分类逻辑可以根据与分组相关联的属性与由测试应用生成的分组相关联的属性是否匹配来生成信号。

6. 发明授权

US08296842B2 Detecting public network attacks using signatures and fast content analysis 有权
标题翻译：使用签名和快速内容分析检测公共网络攻击
公开(公告)号：US08296842B2
公开(公告)日：2012-10-23
申请号：US11547944
申请日：2004-12-01
申请人： Sumeet Singh , George Varghese , Cristi Estan , Stefan Savage
发明人： Sumeet Singh , George Varghese , Cristi Estan , Stefan Savage
IPC分类号： H04L29/06
CPC分类号： H04L63/1416 , G06F21/55 , H04L9/002 , H04L9/3236 , H04L9/3247 , H04L2209/60 , H04L2463/141
摘要： Network worms or viruses are a growing threat to the security of public and private networks and the individual computers that make up those networks. A content sifting method if provided that automatically generates a precise signature for a worm or virus that can then be used to significantly reduce the propagation of the worm elsewhere in the network or eradicate the worm altogether. The content sifting method is complemented by a value sampling method that increases the throughput of network traffic that can be monitored. Together, the methods track the number of times invariant strings appear in packets and the network address dispersion of those packets including variant strings. When an invariant string reaches a particular threshold of appearances and address dispersion, the string is reported as a signature for suspected worm.
摘要翻译：网络蠕虫或病毒对构成这些网络的公共和私有网络以及个别计算机的安全性日益增长。如果提供的内容筛选方法自动生成针对蠕虫或病毒的精确签名，然后可以将蠕虫或病毒用于显着减少网络中其他地方的蠕虫传播或彻底消除蠕虫。内容筛选方法补充了一种增加可监控网络流量吞吐量的值抽样方法。这些方法一起跟踪数据包中出现不变字符串的次数以及包括变体字符串的数据包的网络地址色散。当不变字符串达到特定的出现阈值和地址分散时，字符串将被报告为可疑蠕虫的签名。

7. 发明授权

US08218451B2 Methods and apparatus for detection of hierarchical heavy hitters 失效
标题翻译：用于检测分级重击锤的方法和装置
公开(公告)号：US08218451B2
公开(公告)日：2012-07-10
申请号：US13019240
申请日：2011-02-01
申请人： Nicholas Duffield , Carsten Lund , Subhabrata Sen , Yin Zhang , Sumeet Singh
发明人： Nicholas Duffield , Carsten Lund , Subhabrata Sen , Yin Zhang , Sumeet Singh
IPC分类号： G06F11/30 , G06F12/00
CPC分类号： H04L63/1425 , H04L29/12801 , H04L61/6004 , H04L63/1441 , H04L63/1458 , Y10S707/99945 , Y10S707/99948
摘要： An efficient streaming method and apparatus for detecting hierarchical heavy hitters from massive data streams is disclosed. In one embodiment, the method enables near real time detection of anomaly behavior in networks.
摘要翻译：公开了一种用于从海量数据流检测分层重击打者的有效的流传输方法和装置。在一个实施例中，该方法能够近似实时地检测网络中的异常行为。

8. 发明授权

US07966658B2 Detecting public network attacks using signatures and fast content analysis 有权
标题翻译：使用签名和快速内容分析检测公共网络攻击
公开(公告)号：US07966658B2
公开(公告)日：2011-06-21
申请号：US10822226
申请日：2004-04-08
申请人： Sumeet Singh , George Varghese , Cristi Estan , Stefan Savage
发明人： Sumeet Singh , George Varghese , Cristi Estan , Stefan Savage
IPC分类号： G08B23/00
CPC分类号： H04L63/1416 , G06F21/55 , H04L9/002 , H04L9/3236 , H04L9/3247 , H04L2209/60 , H04L2463/141
摘要： Detecting attacks against computer systems by automatically detecting signatures based on predetermined characteristics of the intrusion. One aspect looks for commonalities among a number of different network messages, and establishes an intrusion signature based on those commonalities. Data reduction techniques, such as a hash function, are used to minimize the amount of resources which are necessary to establish the commonalities. In an embodiment, signatures are created based on the data reduction hash technique. Frequent signatures are found by reducing the signatures using that hash technique. Each of the frequent signatures is analyzed for content, and content which is spreading is flagged as being a possible attack. Additional checks can also be carried out to look for code within the signal, to look for spam, backdoors, or program code.
摘要翻译：通过基于入侵的预定特征自动检测签名来检测对计算机系统的攻击。一个方面寻找许多不同网络消息之间的共同点，并根据这些共同点建立入侵签名。使用诸如哈希函数的数据缩减技术来最小化建立共同点所需的资源量。在一个实施例中，基于数据缩减散列技术创建签名。通过使用该散列技术减少签名来发现频繁的签名。对每个频繁签名进行内容分析，将正在扩展的内容标记为可能的攻击。还可以进行附加检查，以查找信号中的代码，查找垃圾邮件，后门程序或程序代码。

9. 发明授权

US07535909B2 Method and apparatus to process packets in a network 有权
标题翻译：在网络中处理数据包的方法和装置
公开(公告)号：US07535909B2
公开(公告)日：2009-05-19
申请号：US11271209
申请日：2005-11-09
申请人： Sumeet Singh , George Varghese
发明人： Sumeet Singh , George Varghese
IPC分类号： H04L12/28
CPC分类号： H04L12/2854 , H04L69/22
摘要： A method and apparatus is described to process packets in a network. The method may comprise receiving the packet and determining a length K of the packet. If the length of the packet is less than a reference length M then no analysis may be performed on the packet. However, if the packet length K is not less than M, the method may determine if the packet length K is at least greater than a reference window size WRef. When the packet length is greater than WRef then a window size W for the processing of the packets is set equal to WRef; and the packet length is less than WRef then a window size W for the processing of the packets is set equal to the packet size K. Thereafter, the packet is processed using the window size W.
摘要翻译：描述了一种在网络中处理分组的方法和装置。该方法可以包括接收分组并确定分组的长度K. 如果分组的长度小于参考长度M，则不能对分组执行分析。然而，如果分组长度K不小于M，则该方法可以确定分组长度K是否至少大于参考窗口大小WRef。当分组长度大于WRef时，用于处理分组的窗口大小W被设置为等于WRef; 并且分组长度小于WRef，则将用于处理分组的窗口大小W设置为等于分组大小K.然后，使用窗口大小W处理分组。

10. 发明申请

US20080225740A1 Detection of heavy users of network resources 有权
标题翻译：检测网络资源繁重的用户
公开(公告)号：US20080225740A1
公开(公告)日：2008-09-18
申请号：US11724911
申请日：2007-03-15
申请人： Cecilia Martin , John Huber , Mei Wang , Jonathan Chang , Flavio Bonomi , Sumeet Singh
发明人： Cecilia Martin , John Huber , Mei Wang , Jonathan Chang , Flavio Bonomi , Sumeet Singh
IPC分类号： H04J1/16
CPC分类号： H04L43/062 , H04L43/00 , H04L43/022 , H04L43/0876 , H04L43/106 , H04L43/16 , H04L45/00 , H04L45/745 , H04L47/10 , H04L49/50 , H04L63/1408 , H04L69/22
摘要： A device includes a multistage filter and an elephant trap. The multistage filter has hash functions and an array. The multistage filter is operable to receive a packet associated with a candidate heavy network user and send the packet to the hash functions. The hash functions generate hash function output values corresponding to indices in the array. The elephant trap is connected to the multistage filter. The elephant trap includes a buffer and probabilistic sampling logic. The probabilistic sampling logic is operable to attempt to add information associated with the packet to the buffer a particular percentage of the time based in part on the result of the multistage filter lookup. The buffer is operable to hold information associated with the packet, counter information, and timestamp information.
摘要翻译：装置包括多级过滤器和大象捕集器。多级过滤器具有散列函数和数组。多级过滤器可操作以接收与候选重网络用户相关联的分组，并将分组发送到散列函数。散列函数生成与数组中的索引对应的哈希函数输出值。大象陷阱连接到多级过滤器。大象陷阱包括缓冲区和概率抽样逻辑。概率抽样逻辑可操作以部分地基于多级过滤器查找的结果来试图将与分组相关联的信息添加到缓冲器中的特定百分比的时间。缓冲器可操作以保存与分组相关联的信息，计数器信息和时间戳信息。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式