专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

11. 发明申请

US20060075496A1 Applying blocking measures progressively to malicious network traffic 有权
标题翻译：对恶意网络流量逐步应用阻塞措施
公开(公告)号：US20060075496A1
公开(公告)日：2006-04-06
申请号：US11283380
申请日：2005-11-17
申请人： Brian Carpenter , Kevin Himberger , Clark Jeffries , Mohammad Peyravian
发明人： Brian Carpenter , Kevin Himberger , Clark Jeffries , Mohammad Peyravian
IPC分类号： G06F12/14
CPC分类号： H04L63/1458 , G06F21/00 , G06F21/552 , H04L69/22
摘要： A method of progressive response for invoking and suspending blocking measures that defend against network anomalies such as malicious network traffic so that false positives and false negatives are minimized. When a truncated secure session attack is detected, the detector notifies protective equipment such as a firewall or a router to invoke a blocking measure. The blocking measure is maintained for an initial duration, after which it is suspended while another test for the anomaly is made. If the attack is no longer evident, the method returns to the state of readiness. Otherwise, a loop is executed to re-applying the blocking measure for a specified duration, then suspend the blocking measure and test again for the attack. If the attack is detected, the blocking measure is re-applied, and its duration is adapted. If the attack is no longer detected, the method returns to the state of readiness.
摘要翻译：一种逐步响应的方法，用于调用和中止阻止网络异常（如恶意网络流量）的阻塞措施，从而最大限度地减少误报和假阴性。当检测到截断的安全会话攻击时，检测器通知防火墙或路由器等防护设备调用阻塞措施。阻塞措施保持初始持续时间，之后暂停，并进行另一次异常测试。如果攻击不再明显，则该方法返回到准备状态。否则，执行一个循环以在指定的持续时间内重新应用阻塞度量，然后暂停阻止措施并再次测试攻击。如果检测到攻击，则重新应用阻塞措施，并适应其持续时间。如果不再检测到攻击，该方法返回到准备状态。

12. 发明申请

US20060053487A1 Front-end protocol for server protection 失效
标题翻译：用于服务器保护的前端协议
公开(公告)号：US20060053487A1
公开(公告)日：2006-03-09
申请号：US10937695
申请日：2004-09-09
申请人： Clark Jeffries , Mohammad Peyravian
发明人： Clark Jeffries , Mohammad Peyravian
IPC分类号： G06F12/14
CPC分类号： H04L63/1458
摘要： The present invention provides for protecting against denial of service attacks. A request is sent by a client, the request comprises client indicia. The request is received at a server. A request count is incremented by the server. A sequence number is assigned as a function of the client indicia. A problem is selected by the server. The problem is sent by the server to the client. A solution to the problem is sent to the server. It is determined if the solution by client is correct. If the solution is correct, a session is performed. If the solution is not correct, the request is discarded. This can substantially decrease the amount of attacks performed by a rogue client, as the session set-up time can be substantial.
摘要翻译：本发明提供了防止拒绝服务攻击的保护。请求由客户端发送，请求包括客户端标记。服务器收到请求。请求计数由服务器递增。作为客户端标记的函数分配序列号。服务器选择了一个问题。该问题由服务器发送给客户端。将问题的解决方案发送到服务器。确定客户端的解决方案是否正确。如果解决方案是正确的，则执行会话。如果解决方案不正确，请求将被丢弃。这可以显着减少流氓客户端执行的攻击的数量，因为会话建立时间可能很大。

13. 发明申请

US20080072326A1 APPLYING BLOCKING MEASURES PROGRESSIVELY TO MALICIOUS NETWORK TRAFFIC 失效
标题翻译：应对阻塞措施进展到恶性网络交通
公开(公告)号：US20080072326A1
公开(公告)日：2008-03-20
申请号：US11871188
申请日：2007-10-12
申请人： Robert Danford , Kenneth Farmer , Clark Jeffries , Robert Sisk , Michael Walter
发明人： Robert Danford , Kenneth Farmer , Clark Jeffries , Robert Sisk , Michael Walter
IPC分类号： G06F21/00
CPC分类号： H04L63/1458
摘要： A method of progressive response for invoking and suspending blocking measures that defend against network anomalies such as malicious network traffic so that false positives and false negatives are minimized. When an anomaly is detected, the detector notifies protective equipment such as a firewall or a router to invoke a blocking measure. The blocking measure is maintained for an initial duration, after which it is suspended while another test for the anomaly is made. If the anomaly is no longer evident, the method returns to the state of readiness. Otherwise, a loop is executed to re-applying the blocking measure for a specified duration, then suspend the blocking measure and test again for the anomaly. If the anomaly is detected, the blocking measure is re-applied, and its duration is adapted. If the anomaly is no longer detected, the method returns to the state of readiness.
摘要翻译：一种逐步响应的方法，用于调用和中止阻止网络异常（如恶意网络流量）的阻塞措施，从而最大限度地减少误报和假阴性。当检测到异常时，检测器通知防火墙或路由器等防护设备调用阻塞措施。阻塞措施保持初始持续时间，之后暂停，并进行另一次异常测试。如果异常不再明显，则返回到准备状态。否则，执行一个循环以在特定持续时间内重新应用阻塞度量，然后暂停阻塞度量并再次测试异常。如果检测到异常，则重新应用阻塞措施，并适应其持续时间。如果不再检测到异常，则该方法返回到准备状态。

14. 发明申请

US20070076602A1 Flow Control in Computer Networks 失效
标题翻译：计算机网络流量控制
公开(公告)号：US20070076602A1
公开(公告)日：2007-04-05
申请号：US11560088
申请日：2006-11-15
申请人： Clark Jeffries , Jitesh Nair , Michael Siegel , Rama Yedavalli
发明人： Clark Jeffries , Jitesh Nair , Michael Siegel , Rama Yedavalli
IPC分类号： H04L12/26 , H04L12/56
CPC分类号： H04L47/30 , H04L47/10 , H04L47/29 , H04L47/32
摘要： The decision within a packet processing device to transmit a newly arriving packet into a queue to await processing or to discard the same packet is made by a flow control method and system. The flow control is updated with a constant period determined by storage and flow rate limits. The update includes comparing current queue occupancy to thresholds and also comparing present queue occupancy to previous queue occupancy. The outcome of the update is a new transmit probability value. The value is stored for the subsequent period of flow control and packets arriving during that period are subject to a transmit or discard decision that uses that value.
摘要翻译：通过流控制方法和系统来进行分组处理装置中将新到达的分组发送到队列中等待处理或丢弃相同分组的决定。流量控制以由存储和流量限制确定的恒定周期进行更新。该更新包括将当前队列占用率与阈值进行比较，还将当前队列占用率与先前队列占用率进行比较。更新的结果是新的传输概率值。该值存储在随后的流量控制周期中，并且在该时间段期间到达的分组经受使用该值的发送或丢弃决定。

15. 发明申请

US20060018262A1 Method, system and program for automatically detecting distributed port scans in computer networks 失效
标题翻译：自动检测计算机网络中分布式端口扫描的方法，系统和程序
公开(公告)号：US20060018262A1
公开(公告)日：2006-01-26
申请号：US10896733
申请日：2004-07-22
申请人： Alan Boulanger , Robert Danford , Kevin Himberger , Clark Jeffries
发明人： Alan Boulanger , Robert Danford , Kevin Himberger , Clark Jeffries
IPC分类号： H04L12/26
CPC分类号： H04L63/1416 , H04L63/1466
摘要： A detection and response system including a set of algorithms for detecting within a stream of normal computer traffic a subset of (should focus on network traffic eliciting a response) TCP or UDP packets with one IP Source Address (SA) value, one or a few Destination Address (DA) values, and a number exceeding a threshold of distinct Destination Port (DP) values. A lookup mechanism such as a Direct Table and Patricia search tree record and trace sets of packets with one SA and one DA as well as the set of DP values observed for the given SA, DA combination. The detection and response system reports the existence of such a subset and the header values including SA, DA, and multiple DPs of the subset. The detection and response system also includes various administrative responses to reports.
摘要翻译：一种检测和响应系统，包括一组用于在正常计算机业务流内检测的一组算法（应该侧重于引发响应的网络业务）具有一个IP源地址（SA）值的TCP或UDP分组，一个或几个目标地址（DA）值和超过不同目标端口（DP）值阈值的数字。一个查找机制，如直接表和帕特里夏搜索树记录，跟踪一组SA和一个DA的数据包以及给定SA，DA组合观察到的一组DP值。检测和响应系统报告这样的子集的存在以及包括SA，DA和子集的多个DP的标题值。检测和响应系统还包括对报告的各种管理响应。

16. 发明申请

US20050204159A1 System, method and computer program to block spam 审中-公开
标题翻译：阻止垃圾邮件的系统，方法和计算机程序
公开(公告)号：US20050204159A1
公开(公告)日：2005-09-15
申请号：US10796161
申请日：2004-03-09
申请人： John Davis , Kevin Himberger , Clark Jeffries , Garreth Jeremiah
发明人： John Davis , Kevin Himberger , Clark Jeffries , Garreth Jeremiah
IPC分类号： H04L9/00 , H04L12/58 , H04L29/06
CPC分类号： H04L63/0236 , H04L51/12 , H04L63/0263
摘要： A system, method and program product for blocking unwanted e-mails. An e-mail is identified as unwanted. A source IP address of the unwanted e-mail is determined. Other source IP addresses owned or registered by an owner or registrant of the source IP address of the unwanted e-mail are determined. Subsequent e-mails from the source IP address and the other IP addresses are blocked. This will thwart a spammer who shifts to a new source IP address when its spam is blocked from one source IP address.
摘要翻译：用于阻止不必要的电子邮件的系统，方法和程序产品。电子邮件被标识为不需要的。确定不需要的电子邮件的源IP地址。确定不想要的电子邮件的源IP地址的所有者或注册人拥有或注册的其他源IP地址。源IP地址和其他IP地址的后续电子邮件被阻止。这将阻止垃圾邮件发送者转移到新的源IP地址，当其垃圾邮件被一个源IP地址阻止时。

17. 发明申请

US20050177872A1 Methods, systems, and computer program products for operating a communication network through use of blocking measures for responding to communication traffic anomalies 失效
标题翻译：通过使用阻塞措施来响应通信流量异常来操作通信网络的方法，系统和计算机程序产品
公开(公告)号：US20050177872A1
公开(公告)日：2005-08-11
申请号：US10774017
申请日：2004-02-05
申请人： Alan Boulanger , Kevin Himberger , Clark Jeffries , John Ziraldo
发明人： Alan Boulanger , Kevin Himberger , Clark Jeffries , John Ziraldo
IPC分类号： H04L29/06 , H04L9/32
CPC分类号： H04L63/0218 , H04L63/02 , H04L63/1416 , H04L63/1441
摘要： A communication network is operated by detecting an anomaly in the communication traffic at a plurality of nodes in a communication network. A first blocking measure A is independently applied at respective ones of the plurality of nodes to the anomalous traffic that stops the anomalous traffic. A second blocking measure B is independently determined at the respective ones of the plurality of nodes such that application of a logical combination of the first blocking measure A and the second blocking measure B to the anomalous traffic stops the anomalous traffic.
摘要翻译：通信网络通过检测通信网络中的多个节点处的通信业务中的异常来操作。第一阻塞测度A被独立地应用于多个节点中的相应的节点处于停止异常业务的异常业务。在多个节点中的相应节点处独立地确定第二阻塞测量B，使得将第一阻塞测度A和第二阻塞测量B的逻辑组合应用于异常业务停止异常业务。

18. 发明申请

US20060265372A1 LOOKUPS BY COLLISIONLESS DIRECT TABLES AND CAMS 有权
标题翻译：无连续直接表和CAMS的查询
公开(公告)号：US20060265372A1
公开(公告)日：2006-11-23
申请号：US11462071
申请日：2006-08-03
申请人： Gordon Davis , Andreas Herkersdorf , Clark Jeffries , Mark Rinaldi
发明人： Gordon Davis , Andreas Herkersdorf , Clark Jeffries , Mark Rinaldi
IPC分类号： G06F7/00
CPC分类号： H04L49/3009 , H04L45/745 , H04L45/7453 , H04L49/351
摘要： A structure and technique for preventing collisions using a hash table in conjunction with a CAM to identify and prevent a collisions of binary keys. A portion of the hash value of a binary key, which does not collide with a portion of the hash value of any other reference binary key, is used as an entry in the hash table. If two or more binary keys have identical values of the portions of the hash values, each of these binary keys are stored in their entirety, in the CAM. The key in the CAM provides a pointer to a data structure where the action associated with that binary key is stored. If the binary key is not found in the CAM, the binary key is hashed, and a specific entry in the hash table is selected using a portion of this hash value.
摘要翻译：一种用于使用散列表与CAM结合来防止冲突的结构和技术，以识别和防止二进制键的冲突。不与任何其他参考二进制密钥的散列值的一部分相冲突的二进制密钥的散列值的一部分被用作散列表中的条目。如果两个或更多个二进制密钥具有相同的哈希值部分的值，则这些二进制密钥中的每一个都将全部存储在CAM中。 CAM中的关键字提供了指向数据结构的指针，其中存储与该二进制密钥相关联的动作。如果在CAM中没有找到二进制密钥，则二进制密钥被散列，并且使用该哈希值的一部分来选择散列表中的特定条目。

19. 发明申请

US20060156048A1 Automatic cache activation and deactivation for power reduction 有权
标题翻译：自动缓存激活和停用以降低功耗
公开(公告)号：US20060156048A1
公开(公告)日：2006-07-13
申请号：US11034617
申请日：2005-01-13
申请人： Jeffery Hines , Clark Jeffries , Minh Tong
发明人： Jeffery Hines , Clark Jeffries , Minh Tong
IPC分类号： G06F1/32
CPC分类号： G06F1/3203 , Y02D10/126
摘要： The amount of chip power that is consumed for cache storage size maintenance is optimized by the close monitoring and control of frequency of missed requests, and the proportion of frequently recurring items to all traffic items. The total number of hit slots is measured per interval of time and is compared to the theoretical value based on random distribution. If the missed rate is high, then the observed effect and value of increasing cache size are deduced by observing how this increase affects the distribution of hits on all cache slots. As the number of frequently hit items in proportion to the total traffic items increases, the benefits of increasing the cache size decreases.
摘要翻译：高速缓存存储大小维护所消耗的芯片功率的数量通过密切监视和控制错误请求的频率以及频繁重复的项目与所有流量项目的比例来优化。每个时间间隔测量命中时隙的总数，并根据随机分布与理论值进行比较。如果错过率高，则通过观察这种增加如何影响所有高速缓存槽上的命中分布，推导出观察到的增加高速缓存大小的效果和值。随着与总交通项目成比例的频繁点击项目的数量增加，增加高速缓存大小的好处减少。

20. 发明申请

US20050154916A1 Intrusion detection using a network processor and a parallel pattern detection engine 有权
标题翻译：使用网络处理器和并行模式检测引擎的入侵检测
公开(公告)号：US20050154916A1
公开(公告)日：2005-07-14
申请号：US10756904
申请日：2004-01-14
申请人： Marc Boulanger , Clark Jeffries , C. Kinard , Kerry Kravec , Ravinder Sabhikhi , Ali Saidi , Jan Slyfield , Pascal Tannhof
发明人： Marc Boulanger , Clark Jeffries , C. Kinard , Kerry Kravec , Ravinder Sabhikhi , Ali Saidi , Jan Slyfield , Pascal Tannhof
IPC分类号： H04L9/00 , H04L12/24 , H04L29/06
CPC分类号： H04L63/1416 , H04L63/1441
摘要： An intrusion detection system (IDS) comprises a network processor (NP) coupled to a memory unit for storing programs and data. The NP is also coupled to one or more parallel pattern detection engines (PPDE) which provide high speed parallel detection of patterns in an input data stream. Each PPDE comprises many processing units (PUs) each designed to store intrusion signatures as a sequence of data with selected operation codes. The PUs have configuration registers for selecting modes of pattern recognition. Each PU compares a byte at each clock cycle. If a sequence of bytes from the input pattern match a stored pattern, the identification of the PU detecting the pattern is outputted with any applicable comparison data. By storing intrusion signatures in many parallel PUs, the IDS can process network data at the NP processing speed. PUs may be cascaded to increase intrusion coverage or to detect long intrusion signatures.
摘要翻译：入侵检测系统（IDS）包括耦合到用于存储程序和数据的存储器单元的网络处理器（NP）。 NP还耦合到一个或多个并行模式检测引擎（PPDE），其提供对输入数据流中的模式的高速并行检测。每个PPDE包括许多处理单元（PU），每个处理单元被设计为将入侵签名存储为具有所选操作码的数据序列。 PU具有用于选择模式识别模式的配置寄存器。每个PU在每个时钟周期比较一个字节。如果来自输入模式的字节序列与存储的模式匹配，则用任何适用的比较数据输出检测模式的PU的识别。通过在多个并行PU中存储入侵签名，IDS可以以NP处理速度处理网络数据。 PU可以级联以增加入侵覆盖或检测长入侵签名。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式