会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 1. 发明申请
    • PROTECTING AGAINST DISTRIBUTED NETWORK FLOOD ATTACKS
    • 防止分布式网络洪水攻击
    • US20110055921A1
    • 2011-03-03
    • US12607107
    • 2009-10-28
    • Krishna NarayanaswamyBryan BurnsVenkata Rama Raju Manthena
    • Krishna NarayanaswamyBryan BurnsVenkata Rama Raju Manthena
    • H04L29/06G06F15/18
    • H04L63/1458H04L63/1416
    • A network security device performs a three-stage analysis of traffic to identify malicious clients. In one example, a device includes an attack detection module to, during a first stage, monitor network connections to a protected network device, during a second stage, to monitor a plurality of types of transactions for the plurality of network sessions when a parameter for the connections exceeds a connection threshold, and during a third stage, to monitor communications associated with network addresses from which transactions of the at least one of type of transactions originate when a parameter associated with the at least one type of transactions exceeds a transaction-type threshold. The device executes a programmed action with respect to at least one of the network addresses when the transactions of the at least one of the plurality of types of transactions originating from the at least one network address exceeds a client-transaction threshold.
    • 网络安全设备对流量执行三阶段分析,以识别恶意客户端。 在一个示例中,设备包括攻击检测模块,在第一阶段期间,在第二阶段期间,监视与受保护网络设备的网络连接,以监视多个网络会话的多种类型的事务,当用于 所述连接超过连接阈值,并且在第三阶段期间,当与所述至少一种类型的事务相关联的参数超过事务类型时,监视与所述至少一种类型的事务的事务起始的网络地址相关联的通信 阈。 当来自所述至少一个网络地址的所述多种类型的交易中的至少一种交易的交易超过客户端交易阈值时,所述设备相对于所述网络地址中的至少一个执行编程动作。
    • 2. 发明授权
    • Protecting against distributed network flood attacks
    • 防止分布式网络洪水攻击
    • US08789173B2
    • 2014-07-22
    • US12607107
    • 2009-10-28
    • Krishna NarayanaswamyBryan BurnsVenkata Rama Raju Manthena
    • Krishna NarayanaswamyBryan BurnsVenkata Rama Raju Manthena
    • H04L9/00H04L29/08
    • H04L63/1458H04L63/1416
    • A network security device performs a three-stage analysis of traffic to identify malicious clients. In one example, a device includes an attack detection module to, during a first stage, monitor network connections to a protected network device, during a second stage, to monitor a plurality of types of transactions for the plurality of network sessions when a parameter for the connections exceeds a connection threshold, and during a third stage, to monitor communications associated with network addresses from which transactions of the at least one of type of transactions originate when a parameter associated with the at least one type of transactions exceeds a transaction-type threshold. The device executes a programmed action with respect to at least one of the network addresses when the transactions of the at least one of the plurality of types of transactions originating from the at least one network address exceeds a client-transaction threshold.
    • 网络安全设备对流量执行三阶段分析,以识别恶意客户端。 在一个示例中,设备包括攻击检测模块,在第一阶段期间,在第二阶段期间,监视与受保护网络设备的网络连接,以监视多个网络会话的多种类型的事务,当用于 所述连接超过连接阈值,并且在第三阶段期间,当与所述至少一种类型的事务相关联的参数超过事务类型时,监视与所述至少一种类型的事务的事务起始的网络地址相关联的通信 阈。 当来自所述至少一个网络地址的所述多种类型的交易中的至少一种交易的交易超过客户端交易阈值时,所述设备相对于所述网络地址中的至少一个执行编程动作。
    • 4. 发明授权
    • Detecting malicious network software agents
    • 检测恶意网络软件代理
    • US08914878B2
    • 2014-12-16
    • US12432325
    • 2009-04-29
    • Bryan BurnsKrishna Narayanaswamy
    • Bryan BurnsKrishna Narayanaswamy
    • H04L29/06G06F21/00
    • H04L63/1441H04L63/14H04L63/1416H04L2463/144
    • This disclosure describes techniques for determining whether a network session originates from an automated software agent. In one example, a network device, such as a router, includes a network interface to receive packets of a network session, a bot detection module to calculate a plurality of scores for network session data based on a plurality of metrics, wherein each of the metrics corresponds to a characteristic of a network session originated by an automated software agent, to produce an aggregate score from an aggregate of the plurality of scores, and to determine that the network session is originated by an automated software agent when the aggregate score exceeds a threshold, and an attack detection module to perform a programmed response when the network session is determined to be originated by an automated software agent. Each score represents a likelihood that the network session is originated by an automated software agent.
    • 本公开描述了用于确定网络会话是否源于自动化软件代理的技术。 在一个示例中,诸如路由器的网络设备包括用于接收网络会话的分组的网络接口,基于多个度量来计算网络会话数据的多个分数的机器人检测模块,其中, 度量对应于由自动化软件代理发起的网络会话的特征,以从多个分数的聚合中产生聚合分数,并且当聚合分数超过一个分数时,确定网络会话由自动软件代理发起 阈值,以及当网络会话被确定为由自动化软件代理发起时执行编程响应的攻击检测模块。 每个分数表示网络会话由自动化软件代理发起的可能性。
    • 5. 发明申请
    • DETECTING MALICIOUS NETWORK SOFTWARE AGENTS
    • 检测恶意网络软件代理
    • US20100281539A1
    • 2010-11-04
    • US12432325
    • 2009-04-29
    • Bryan BurnsKrishna Narayanaswamy
    • Bryan BurnsKrishna Narayanaswamy
    • G06F21/00
    • H04L63/1441H04L63/14H04L63/1416H04L2463/144
    • This disclosure describes techniques for determining whether a network session originates from an automated software agent. In one example, a network device, such as a router, includes a network interface to receive packets of a network session, a bot detection module to calculate a plurality of scores for network session data based on a plurality of metrics, wherein each of the metrics corresponds to a characteristic of a network session originated by an automated software agent, to produce an aggregate score from an aggregate of the plurality of scores, and to determine that the network session is originated by an automated software agent when the aggregate score exceeds a threshold, and an attack detection module to perform a programmed response when the network session is determined to be originated by an automated software agent. Each score represents a likelihood that the network session is originated by an automated software agent.
    • 本公开描述了用于确定网络会话是否源于自动化软件代理的技术。 在一个示例中,诸如路由器的网络设备包括用于接收网络会话的分组的网络接口,基于多个度量来计算网络会话数据的多个分数的机器人检测模块,其中, 度量对应于由自动化软件代理发起的网络会话的特征,以从多个分数的聚合中产生聚合分数,并且当聚合分数超过一个分数时,确定网络会话由自动软件代理发起 阈值,以及当网络会话被确定为由自动化软件代理发起时执行编程响应的攻击检测模块。 每个分数表示网络会话由自动化软件代理发起的可能性。
    • 7. 发明授权
    • Network traffic pattern matching using adaptive deterministic finite automata
    • 使用自适应确定性有限自动机的网络流量模式匹配
    • US09083740B1
    • 2015-07-14
    • US12568319
    • 2009-09-28
    • Qingming MaBryan BurnsKrishna NarayanaswamyLi Zheng
    • Qingming MaBryan BurnsKrishna NarayanaswamyLi Zheng
    • H04L29/06G06F17/30
    • H04L63/145G06F17/30985H04L63/0227H04L63/1408
    • In general, techniques are described for network traffic pattern matching using adaptive deterministic finite automata (DFA). A network device may implement the techniques to promote pattern matching. The network device comprises a control unit that stores first and second data defining first and second portions of a DFA, respectively. The first data defines first states of the DFA in an uncompressed format. The second data defines second states of the DFA in a compressed format. The network device also includes an interface that receives network packets. The control unit processes the network packets to traverse the first and second states. The control unit then compares a number of times the first and second states have been traversed. Based on the comparison, the control unit dynamically reallocates the first states of the DFA in the uncompressed format and the second states of the DFA in the compressed format.
    • 一般来说,描述了使用自适应确定性有限自动机(DFA)进行网络流量模式匹配的技术。 网络设备可以实现促进模式匹配的技术。 网络设备包括分别存储定义DFA的第一和第二部分的第一和第二数据的控制单元。 第一个数据以未压缩格式定义了DFA的第一个状态。 第二个数据以压缩格式定义了DFA的第二个状态。 网络设备还包括接收网络分组的接口。 控制单元处理网络分组以遍历第一和第二状态。 然后,控制单元比较遍历第一和第二状态的次数。 基于比较,控制单元以未压缩格式动态地重新分配DFA的第一状态,并以压缩格式动态重新分配DFA的第二状态。
    • 8. 发明授权
    • Accelerated packet processing in a network acceleration device
    • 网络加速设备中的加速分组处理
    • US07864764B1
    • 2011-01-04
    • US12211371
    • 2008-09-16
    • Qingming MaBryan BurnsXianzhi LiKrishna Narayanaswamy
    • Qingming MaBryan BurnsXianzhi LiKrishna Narayanaswamy
    • H04L12/56H04L12/28H04L12/54
    • H04L67/2847H04L12/413H04L69/22
    • In general, techniques are described for reducing response times to retrieve content in an intermediate network device. In particular, the intermediate network device receives a packet from a client device of a first network that requests content from a remote network device of a second network, inspects the packet to determine whether the requested content has been previously cached to either of a first and a second memory of the device, issues a request to load the requested content from the second memory to the first memory based on the determination and queues the packet within in the queue. After queuing the packet, the intermediate network device then processes the packet to assemble a response that includes the content from the memory.
    • 通常,描述了用于减少在中间网络设备中检索内容的响应时间的技术。 特别地,中间网络设备从第一网络的客户端设备接收来自第二网络的远程网络设备的内容的分组,检查分组以确定所请求的内容是否先前已被缓存到第一和第 所述设备的第二存储器基于所述确定发出请求以将所请求的内容从所述第二存储器加载到所述第一存储器,并且对所述队列内的所述分组进行排队。 在对数据包进行排队之后,中间网络设备然后处理分组以组合包含来自存储器的内容的响应。
    • 9. 发明授权
    • Blocking unidentified encrypted communication sessions
    • 阻止不明的加密通信会话
    • US08341724B1
    • 2012-12-25
    • US12339948
    • 2008-12-19
    • Bryan BurnsVladimir Sukhanov
    • Bryan BurnsVladimir Sukhanov
    • H04L29/06
    • H04L63/0428H04L63/1416H04L63/145H04L67/14H04L69/22H04L2463/144
    • Techniques are described for blocking unidentified encrypted communication sessions. In one embodiment, a device includes an interface to receive a packet, an application identification module to attempt to identify an application associated with the packet, an encryption detection module to determine whether the packet is encrypted when the application identification module is unable to identify an application associated with the packet, and an attack detection module to determine whether the packet is associated with a network attack, to forward the packet when the packet is not associated with a network attack, and to take a response when the packet is associated with a network attack, wherein the encryption detection module sends a message to the attack detection module that indicates whether the packet is encrypted, wherein when the message indicates that packet is encrypted, the attack detection module determines that the packet is associated with a network attack.
    • 描述了阻止未识别的加密通信会话的技术。 在一个实施例中,一种设备包括用于接收分组的接口,用于尝试识别与所述分组相关联的应用的应用识别模块,加密检测模块,用于当所述应用识别模块不能识别所述分组时确定所述分组是否被加密 与分组关联的应用,以及攻击检测模块,用于确定分组是否与网络攻击相关联,以在分组不与网络攻击相关联时转发分组,以及当分组与网络攻击相关联时采取响应 网络攻击,其中所述加密检测模块向所述攻击检测模块发送指示所述分组是否被加密的消息,其中当所述消息指示所述分组被加密时,所述攻击检测模块确定所述分组与网络攻击相关联。
    • 10. 发明授权
    • Identifying applications for intrusion detection systems
    • 识别入侵检测系统的应用程序
    • US08291495B1
    • 2012-10-16
    • US11835923
    • 2007-08-08
    • Bryan BurnsSiying YangJulien Sobrier
    • Bryan BurnsSiying YangJulien Sobrier
    • G06F11/00
    • H04L63/0254H04L63/1441H04L63/168
    • An intrusion detection system (“IDS”) device is described that includes a flow analysis module to receive a first packet flow from a client and to receive a second packet flow from a server. The IDS includes a forwarding component to send the first packet flow to the server and the second packet flow to the client and a stateful inspection engine to apply one or more sets of patterns to the first packet flow to determine whether the first packet flow represents a network attack. The IDS also includes an application identification module to perform an initial identification of a type of software application and communication protocol associated with the first packet flow and to reevaluate the identification of the type of software application and protocol according to the second packet flow. The IDS may help eliminate false positive and false negative attack identifications.
    • 描述了入侵检测系统(IDS)设备,其包括用于从客户端接收第一分组流并从服务器接收第二分组流的流分析模块。 IDS包括将第一分组流发送到服务器的转发组件和到客户端的第二分组流以及状态检查引擎,以将一组或多组模式应用于第一分组流,以确定第一分组流是否代表 网络攻击 IDS还包括应用识别模块,用于执行与第一分组流相关联的软件应用和通信协议的类型的初始识别,并且根据第二分组流来重新评估软件应用和协议的类型的标识。 IDS可能有助于消除假阳性和假阴性攻击识别。