专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08423645B2 Detection of grid participation in a DDoS attack 有权
标题翻译：检测网格参与DDoS攻击
公开(公告)号：US08423645B2
公开(公告)日：2013-04-16
申请号：US10940558
申请日：2004-09-14
申请人： Clark Debs Jeffries , Robert William Danford , Terry Dwain Escamilla , Kevin David Himberger
发明人： Clark Debs Jeffries , Robert William Danford , Terry Dwain Escamilla , Kevin David Himberger
IPC分类号： G06F15/173 , G06F15/16 , G06F11/00 , G06F12/16 , H04L29/06
CPC分类号： G06F21/55 , G06F11/349 , G06F11/3495 , G06F2201/81 , H04L63/1416 , H04L63/1458 , H04L2463/141 , H04L2463/144 , Y02D10/34
摘要： A method of, system for, and product for managing a denial of service attack in a multiprocessor environment comprising. The first step is establishing normal traffic usage baselines in the multiprocessor environment. Once the baseline is established the next step is monitoring outgoing traffic to detect a high proportion of packets being sent to a specific destination address, and a high number of outbound packets compared to said baseline. Next is monitoring ports and protocols to detect a high proportion of packets sent to a specific port, and a consistent use of a protocol for all packets for that port. If there is such consistent use of a protocol for all packets for that port as to evidence a denial of service attack, blocking measures are started to mitigate the apparent denial of service attack.
摘要翻译：一种用于在多处理器环境中管理拒绝服务攻击的方法，系统和产品，包括：第一步是在多处理器环境中建立正常的流量使用基线。一旦基线建立，下一步就是监测输出流量，以检测发送到特定目的地地址的大部分数据包，以及与所述基线相比较的大量出站分组。接下来是监控端口和协议，以检测发送到特定端口的大部分数据包，并且一致地使用该端口的所有数据包的协议。如果对该端口的所有数据包使用协议一致，以证明拒绝服务攻击，就会开始阻止措施来减轻明显的拒绝服务攻击。

2. 发明授权

US07957372B2 Automatically detecting distributed port scans in computer networks 失效
标题翻译：自动检测计算机网络中的分布式端口扫描
公开(公告)号：US07957372B2
公开(公告)日：2011-06-07
申请号：US10896733
申请日：2004-07-22
申请人： Alan David Boulanger , Robert William Danford , Kevin David Himberger , Clark Debs Jeffries
发明人： Alan David Boulanger , Robert William Danford , Kevin David Himberger , Clark Debs Jeffries
IPC分类号： H04L12/28 , G06F9/00 , G06F11/00
CPC分类号： H04L63/1416 , H04L63/1466
摘要： A detection and response system including a set of algorithms for detecting within a stream of normal computer traffic a subset of (should focus on network traffic eliciting a response) TCP or UDP packets with one IP Source Address (SA) value, one or a few Destination Address (DA) values, and a number exceeding a threshold of distinct Destination Port (DP) values. A lookup mechanism such as a Direct Table and Patricia search tree record and trace sets of packets with one SA and one DA as well as the set of DP values observed for the given SA, DA combination. The detection and response system reports the existence of such a subset and the header values including SA, DA, and multiple DPs of the subset. The detection and response system also includes various administrative responses to reports.
摘要翻译：一种检测和响应系统，包括一组用于在正常计算机业务流内检测的一组算法（应该侧重于引发响应的网络业务）具有一个IP源地址（SA）值的TCP或UDP分组，一个或几个目标地址（DA）值和超过不同目标端口（DP）值阈值的数字。一个查找机制，如直接表和帕特里夏搜索树记录，跟踪一组SA和一个DA的数据包以及给定SA，DA组合观察到的一组DP值。检测和响应系统报告这样的子集的存在以及包括SA，DA和子集的多个DP的标题值。检测和响应系统还包括对报告的各种管理响应。

3. 发明授权

US07669240B2 Apparatus, method and program to detect and control deleterious code (virus) in computer network 有权
标题翻译：用于检测和控制计算机网络中有害代码（病毒）的装置，方法和程序
公开(公告)号：US07669240B2
公开(公告)日：2010-02-23
申请号：US10896680
申请日：2004-07-22
申请人： Alan David Boulanger , Robert William Danford , Kevin David Himberger , Clark Debs Jeffries
发明人： Alan David Boulanger , Robert William Danford , Kevin David Himberger , Clark Debs Jeffries
IPC分类号： H04L29/02 , H04L29/08
CPC分类号： H04L63/145 , H04L43/00 , H04L63/0236 , H04L63/1416
摘要： A detection and response system including a set of algorithms for detection within a stream of normal computer traffic a subset of TCP packets with one IP Source Address (SA), one Destination Port (DP), and a number exceeding a threshold of distinct Destination Addresses (DA). There is efficient use of a lookup mechanism such as a Direct Table and Patricia search tree to record sets of packets with one SA and one DP as well as the set of DA values observed for the given SA, DP combination. The existence of such a subset and the header values including SA, DP, and multiple DAs of the subset are reported to a network administrator. In addition, various administrative responses to reports are provided.
摘要翻译：一种检测和响应系统，包括用于在正常计算机业务流内检测的一组算法，具有一个IP源地址（SA）的TCP分组的子集，一个目的地端口（DP）以及超过不同目的地址的阈值的数量（DA）。有效利用诸如直接表和帕特里夏搜索树之类的查找机制来记录具有一个SA和一个DP的分组集合以及针对给定的SA，DP组合观察到的一组DA值。这样的子集的存在和包括该子集的SA，DP和多个DA的标题值被报告给网络管理员。此外，还提供了各种对报告的行政回应。

4. 发明授权

US08468208B2 System, method and computer program to block spam 失效
标题翻译：阻止垃圾邮件的系统，方法和计算机程序
公开(公告)号：US08468208B2
公开(公告)日：2013-06-18
申请号：US13532061
申请日：2012-06-25
申请人： John Fred Davis , Kevin David Himberger , Clark Debs Jeffries , Garreth Joseph Jeremiah
发明人： John Fred Davis , Kevin David Himberger , Clark Debs Jeffries , Garreth Joseph Jeremiah
IPC分类号： G06F15/16
CPC分类号： H04L63/0236 , H04L51/12 , H04L63/0263
摘要： A system, method and program product for blocking unwanted e-mails. An e-mail is identified as unwanted. A source IP address of the unwanted e-mail is determined. Other source IP addresses owned or registered by an owner or registrant of the source IP address of the unwanted e-mail are determined. Subsequent e-mails from the source IP address and the other IP addresses are blocked. This will thwart a spammer who shifts to a new source IP address when its spam is blocked from one source IP address.
摘要翻译：用于阻止不必要的电子邮件的系统，方法和程序产品。电子邮件被标识为不需要的。确定不需要的电子邮件的源IP地址。确定不想要的电子邮件的源IP地址的所有者或注册人拥有或注册的其他源IP地址。源IP地址和其他IP地址的后续电子邮件被阻止。这将阻止垃圾邮件发送者转移到新的源IP地址，当其垃圾邮件被一个源IP地址阻止时。

5. 发明申请

US20120265834A1 SYSTEM, METHOD AND COMPUTER PROGRAM TO BLOCK SPAM 失效
标题翻译：系统，方法和计算机程序到块垃圾
公开(公告)号：US20120265834A1
公开(公告)日：2012-10-18
申请号：US13532061
申请日：2012-06-25
申请人： John Fred Davis , Kevin David Himberger , Clark Debs Jeffries , Garreth Joseph Jeremiah
发明人： John Fred Davis , Kevin David Himberger , Clark Debs Jeffries , Garreth Joseph Jeremiah
IPC分类号： G06F15/16
CPC分类号： H04L63/0236 , H04L51/12 , H04L63/0263
摘要： A system, method and program product for blocking unwanted e-mails. An e-mail is identified as unwanted. A source IP address of the unwanted e-mail is determined. Other source IP addresses owned or registered by an owner or registrant of the source IP address of the unwanted e-mail are determined. Subsequent e-mails from the source IP address and the other IP addresses are blocked. This will thwart a spammer who shifts to a new source IP address when its spam is blocked from one source IP address.
摘要翻译：用于阻止不必要的电子邮件的系统，方法和程序产品。电子邮件被标识为不需要的。确定不需要的电子邮件的源IP地址。确定不想要的电子邮件的源IP地址的所有者或注册人拥有或注册的其他源IP地址。源IP地址和其他IP地址的后续电子邮件被阻止。这将阻止一个垃圾邮件发送者转移到新的源IP地址，当其垃圾邮件从一个源IP地址被阻止时。

6. 发明授权

US07657942B2 Method of assuring enterprise security standards compliance 有权
标题翻译：确保企业安全标准合规的方法
公开(公告)号：US07657942B2
公开(公告)日：2010-02-02
申请号：US11033436
申请日：2005-01-11
申请人： Kevin David Himberger , Clark Debs Jeffries , Charles Steven Lingafelt , Allen Leonid Roginsky , Phillip Singleton
发明人： Kevin David Himberger , Clark Debs Jeffries , Charles Steven Lingafelt , Allen Leonid Roginsky , Phillip Singleton
IPC分类号： H04L29/14 , G08B23/00
CPC分类号： G06F21/552 , G06F21/577 , G06Q40/08 , G08B21/22
摘要： A method, apparatus, and computer instructions for providing a current and complete security compliance view of an enterprise system. The present invention provides the ability to gain a real-time security posture and security compliance view of an enterprise and to assess the risk impact of known threats and attacks to continued business operations at various levels is provided. Responsive to a change to an enterprise environment, a request, or an external threat, an administrator loads or updates at least one of a Critical Application Operations database, a Historical database, an Access Control database, a Connectivity database, and a Threat database. Based on a comparison of information in the databases against similar security data elements from company or external policies, the administrator may generate a Security Compliance view of the enterprise. A Security Posture view may also be generated by comparing the Security Compliance view against data in the Threat database.
摘要翻译：一种用于提供企业系统的当前和完整的安全合规性视图的方法，装置和计算机指令。本发明提供获得企业的实时安全状态和安全合规性视图的能力，并且评估已知威胁和攻击对于各个级别的持续业务操作的风险影响。响应企业环境，请求或外部威胁的更改，管理员加载或更新关键应用程序操作数据库，历史数据库，访问控制数据库，连接数据库和威胁数据库中的至少一个。基于数据库中的信息与公司或外部策略中类似的安全数据元素的比较，管理员可以生成企业的安全合规性视图。通过将安全合规性视图与威胁数据库中的数据进行比较，也可以生成安全性状态视图。

7. 发明授权

US08176126B2 System, method and program to limit rate of transferring messages from suspected spammers 失效
标题翻译：系统，方法和程序来限制来自可疑垃圾邮件发送者的邮件传输速率
公开(公告)号：US08176126B2
公开(公告)日：2012-05-08
申请号：US10926641
申请日：2004-08-26
申请人： John Fred Davis , Kevin David Himberger , Clark Debs Jeffries , Garreth Joseph Jeremiah
发明人： John Fred Davis , Kevin David Himberger , Clark Debs Jeffries , Garreth Joseph Jeremiah
IPC分类号： G06F15/16 , G06F15/173
CPC分类号： H04L51/12 , G06Q10/107
摘要： A system, method and program product for managing e-mails from a source suspected of sending spam. The e-mails are received at a firewall or router en route to a mail server. A determination is made whether a source has sent an e-mail which exhibits characteristics of spam. In response, subsequent e-mails from the source destined for the mail server are rate-limiting at the firewall or router such that the firewall or router limits a rate at which the subsequent e-mails are forwarded from the firewall or router to the mail server. The rate is predetermined and less than a maximum rate at which the firewall or router can physically forward e-mails to the mail server absent the rate limit. A determination is made whether another source has sent another e-mail which exhibits more characteristics of spam than the first said e-mail. In response, subsequent e-mails from this other source are blocked at the firewall or router. The rate limit can be a limit on a number of e-mails per unit of time from the source that will be forwarded from the firewall or router to the mail server.
摘要翻译：用于管理来自怀疑发送垃圾邮件的来源的电子邮件的系统，方法和程序产品。电子邮件在路由到邮件服务器的防火墙或路由器上收到。确定来源是否发送了展示垃圾邮件特征的电子邮件。作为回应，来自目的地为邮件服务器的源的后续电子邮件在防火墙或路由器上是速率限制的，使得防火墙或路由器限制后续电子邮件从防火墙或路由器转发到邮件的速率服务器。速率是预定的，并且小于防火墙或路由器可以在没有速率限制的情况下将电子邮件物理转发到邮件服务器的最大速率。确定另一个来源是否发送了另一个具有比第一个所述电子邮件更多的垃圾邮件特征的电子邮件。作为回应，来自其他来源的后续电子邮件在防火墙或路由器上被阻止。速率限制可以限制从将从防火墙或路由器转发到邮件服务器的源的每单位时间的电子邮件数量。

8. 发明授权

US07617526B2 Blocking of spam e-mail at a firewall 有权
标题翻译：阻止垃圾邮件在防火墙
公开(公告)号：US07617526B2
公开(公告)日：2009-11-10
申请号：US11244993
申请日：2005-10-06
申请人： John Fred Davis , Kevin David Himberger , Clark Debs Jeffries , Garreth Joseph Jeremiah
发明人： John Fred Davis , Kevin David Himberger , Clark Debs Jeffries , Garreth Joseph Jeremiah
IPC分类号： G06F9/00
CPC分类号： H04L63/1458 , G06F15/16 , H04L51/00 , H04L51/12 , H04L69/28
摘要： A method of blocking spam at a firewall involves applying blocking measures for an adaptively determined duration. The blocking measure is then suspended while determining whether the spam has ended. If so, the method resets to an initial state. Otherwise, the blocking measure is re-applied for a second duration.
摘要翻译：在防火墙中阻止垃圾邮件的方法包括对自适应确定的持续时间应用阻塞措施。然后在确定垃圾邮件是否已结束的同时暂停屏蔽措施。如果是这样，该方法将重置为初始状态。否则，阻塞措施将重新应用第二个持续时间。

9. 发明授权

US07464404B2 Method of responding to a truncated secure session attack 有权
标题翻译：响应截断的安全会话攻击的方法
公开(公告)号：US07464404B2
公开(公告)日：2008-12-09
申请号：US11283380
申请日：2005-11-17
申请人： Brian Edward Carpenter , Kevin David Himberger , Clark Debs Jeffries , Mohammad Peyravian
发明人： Brian Edward Carpenter , Kevin David Himberger , Clark Debs Jeffries , Mohammad Peyravian
IPC分类号： G06F9/00 , G06F11/00 , G06F15/173 , G06F15/16
CPC分类号： H04L63/1458 , G06F21/00 , G06F21/552 , H04L69/22
摘要： A method of progressive response for invoking and suspending blocking measures that defend against network anomalies such as malicious network traffic so that false positives and false negatives are minimized. When a truncated secure session attack is detected, the detector notifies protective equipment such as a firewall or a router to invoke a blocking measure. The blocking measure is maintained for an initial duration, after which it is suspended while another test for the anomaly is made. If the attack is no longer evident, the method returns to the state of readiness. Otherwise, a loop is executed to re-applying the blocking measure for a specified duration, then suspend the blocking measure and test again for the attack. If the attack is detected, the blocking measure is re-applied, and its duration is adapted. If the attack is no longer detected, the method returns to the state of readiness.
摘要翻译：一种逐步响应的方法，用于调用和中止阻止网络异常（如恶意网络流量）的阻塞措施，从而最大限度地减少误报和假阴性。当检测到截断的安全会话攻击时，检测器通知防火墙或路由器等防护设备调用阻塞措施。阻塞措施保持初始持续时间，之后暂停，并进行另一次异常测试。如果攻击不再明显，则该方法返回到准备状态。否则，执行一个循环以在指定的持续时间内重新应用阻塞度量，然后暂停阻止措施并再次测试攻击。如果检测到攻击，则重新应用阻塞措施，并适应其持续时间。如果不再检测到攻击，该方法返回到准备状态。

10. 发明授权

US08478831B2 System, method and program to limit rate of transferring messages from suspected spammers 失效
标题翻译：系统，方法和程序来限制来自可疑垃圾邮件发送者的邮件传输速率
公开(公告)号：US08478831B2
公开(公告)日：2013-07-02
申请号：US13415495
申请日：2012-03-08
申请人： John Fred Davis , Kevin David Himberger , Clark Debs Jeffries , Garreth Joseph Jeremiah
发明人： John Fred Davis , Kevin David Himberger , Clark Debs Jeffries , Garreth Joseph Jeremiah
IPC分类号： G06F15/16 , G06F15/173
CPC分类号： H04L51/12 , G06Q10/107
摘要： Managing e-mails from a source suspected of sending spam. The e-mails are received at a firewall or router en route to a mail server. A determination is made whether a source has sent an e-mail which exhibits characteristics of spam. In response, subsequent e-mails from the source destined for the mail server are rate-limiting at the firewall or router such that the firewall or router limits a rate at which the subsequent e-mails are forwarded from the firewall or router to the mail server. The rate limit can be a limit on a number of e-mails per unit of time from the source that will be forwarded from the firewall or router to the mail server.
摘要翻译：管理来自怀疑发送垃圾邮件的邮件的电子邮件。电子邮件在路由到邮件服务器的防火墙或路由器上收到。确定来源是否发送了展示垃圾邮件特性的电子邮件。作为回应，来自目的地为邮件服务器的源的后续电子邮件在防火墙或路由器上是速率限制的，使得防火墙或路由器限制后续电子邮件从防火墙或路由器转发到邮件的速率服务器。速率限制可以限制从将从防火墙或路由器转发到邮件服务器的源的每单位时间的电子邮件数量。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式