专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

61. 发明授权

US08452874B2 Request routing processing 有权
公开(公告)号：US08452874B2
公开(公告)日：2013-05-28
申请号：US12952118
申请日：2010-11-22
申请人： Colm MacCarthaigh , David R. Richardson , Benjamin W. S. Redman
发明人： Colm MacCarthaigh , David R. Richardson , Benjamin W. S. Redman
IPC分类号： G06F15/16
CPC分类号： H04L67/2833 , H04L29/08288 , H04L29/12066 , H04L43/16 , H04L45/72 , H04L61/1511 , H04L61/3025 , H04L63/1458 , H04L67/1036 , H04L2463/142
摘要： Generally described, the present disclosure is directed to managing request routing functionality corresponding to resource requests for one or more resources associated with a content provider. The processing of the DNS requests by the service provider can include the selective filtering of DNS queries associated with a DNS query-based attack. A service provider can assign DNS servers corresponding to a distributed set of network addresses, or portions of network addresses, such that DNS queries exceeding a threshold, such as in DNS query-based attacks, can be filtered in a manner that can mitigate performance impact on for the content provider or service provider.

62. 发明申请

US20120159623A1 METHOD AND APPARATUS FOR MONITORING AND PROCESSING DNS QUERY TRAFFIC 审中-公开
标题翻译：用于监控和处理DNS查询业务的方法和设备
公开(公告)号：US20120159623A1
公开(公告)日：2012-06-21
申请号：US13325981
申请日：2011-12-14
申请人： Yang-Seo CHOI
发明人： Yang-Seo CHOI
IPC分类号： G06F21/20 , G06F15/16
CPC分类号： H04L63/1458 , H04L61/1511 , H04L63/1425 , H04L2463/142 , H04L2463/144
摘要： A method for monitoring and processing domain name system (DNS) query traffic includes: monitoring DNS query traffic in each time slot during a monitoring period comprised of n number of time slots; extracting traffic information during the monitoring period by using the DNS query traffic monitored in said each time slot; and analyzing the extracted traffic information to detect a DNS traffic flooding attack.
摘要翻译：一种用于监视和处理域名系统（DNS）查询流量的方法包括：在由n个时隙组成的监视期间内监视每个时隙中的DNS查询流量; 通过使用在所述每个时隙中监视的DNS查询流量在监视期间提取交通信息; 并分析所提取的流量信息以检测DNS流量洪泛攻击。

63. 发明申请

US20120131192A1 REQUEST ROUTING PROCESSING 有权
标题翻译：请求路由处理
公开(公告)号：US20120131192A1
公开(公告)日：2012-05-24
申请号：US12952118
申请日：2010-11-22
申请人： Colm MacCarthaigh , David R. Richardson , Benjamin W.S. Redman
发明人： Colm MacCarthaigh , David R. Richardson , Benjamin W.S. Redman
IPC分类号： G06F15/16
CPC分类号： H04L67/2833 , H04L29/08288 , H04L29/12066 , H04L43/16 , H04L45/72 , H04L61/1511 , H04L61/3025 , H04L63/1458 , H04L67/1036 , H04L2463/142
摘要： Generally described, the present disclosure is directed to managing request routing functionality corresponding to resource requests for one or more resources associated with a content provider. The processing of the DNS requests by the service provider can include the selective filtering of DNS queries associated with a DNS query-based attack. A service provider can assign DNS servers corresponding to a distributed set of network addresses, or portions of network addresses, such that DNS queries exceeding a threshold, such as in DNS query-based attacks, can be filtered in a manner that can mitigate performance impact on for the content provider or service provider.
摘要翻译：通常描述，本公开涉及管理对应于与内容提供商相关联的一个或多个资源的资源请求的请求路由功能。服务提供商对DNS请求的处理可以包括与基于DNS查询的攻击相关联的DNS查询的选择性过滤。服务提供商可以分配与分布式网络地址集合或网络地址的一部分相对应的DNS服务器，使得可以以可以减轻性能影响的方式来过滤超过阈值的DNS查询（例如基于DNS查询的攻击）内容提供商或服务提供商。

64. 发明申请

US20050198269A1 Method and system for monitoring border gateway protocol (BGP) data in a distributed computer network 审中-公开
标题翻译：在分布式计算机网络中监控边界网关协议（BGP）数据的方法和系统
公开(公告)号：US20050198269A1
公开(公告)日：2005-09-08
申请号：US10778484
申请日：2004-02-13
申请人： Andrew Champagne , Harald Prokop , Rizwan Dhanidina , William Weihl
发明人： Andrew Champagne , Harald Prokop , Rizwan Dhanidina , William Weihl
IPC分类号： G06F15/173
CPC分类号： H04L45/00 , H04L63/1425 , H04L63/1466 , H04L2463/142
摘要： A Border Gateway Protocol (BGP) monitoring service is described. The monitoring service receives as input(s) configuration data input from one or more site(s) that desire to obtain the service, as well as BGP feed data received from a set of data collectors positioned at or adjacent BGP peering points. For every origin (IP space) being monitored, a monitoring application monitors a set of allowed or permitted originating Autonomous System (AS) numbers for that space. Thus, for every IP address space being watched (i.e., for each routable block that contains an origin server IP address of interest), the monitoring application continually monitors the set of transit Autonomous Systems for that CIDR block. Using the real-time BGP feeds (and/or the daily updates), the monitoring application looks for updates coming from the routers that impact the CIDR blocks of interest for that particular site(s). When a variance occurs, the monitoring application sends a message to an alerts system, which then issues a notification to the affected user or takes some other control action. Thus, for example, when a route to a network IP range being tracked is advertised from within some other network, the service identifies where the advertisement originates. This enables the site to detect potential BGP-based attacks and to respond accordingly.
摘要翻译：描述了边界网关协议（BGP）监控服务。监控服务接收从一个或多个希望获得该服务的站点输入的输入配置数据，以及从位于或相邻于BGP对等点的一组数据收集器接收的BGP馈送数据。对于被监视的每个来源（IP空间），监视应用程序监视该空间的一组允许或允许的始发自治系统（AS）号码。因此，对于正在观看的每个IP地址空间（即，对于包含感兴趣的原始服务器IP地址的每个可路由块），监视应用程序连续地监视该CIDR块的传输自动系统集合。监视应用程序使用实时BGP供稿（和/或每日更新）来查找来自影响该特定站点感兴趣的CIDR块的路由器的更新。当发生方差时，监视应用程序向警报系统发送消息，警报系统然后向受影响的用户发出通知或采取一些其他控制措施。因此，例如，当正在跟踪到正在被跟踪的网络IP范围的路由从一些其他网络中通告时，该服务识别广告发起的位置。这使得站点能够检测潜在的基于BGP的攻击并作出相应的响应。

65. 发明授权

US10075468B2 Denial-of-service (DoS) mitigation approach based on connection characteristics 有权
公开(公告)号：US10075468B2
公开(公告)日：2018-09-11
申请号：US15192604
申请日：2016-06-24
申请人： Fortinet, Inc.
发明人： William A. Kish , Sergey Katsev
IPC分类号： H04L29/06 , H04L12/26 , H04L29/08
CPC分类号： H04L63/1458 , H04L43/0876 , H04L43/16 , H04L63/1425 , H04L67/02 , H04L2463/142
摘要： Systems and methods for an improved DDoS mitigation approach are provided. According to one embodiment, a current threshold for a network connection characteristic is established within a Denial-of-Service (DoS) mitigation device logically interposed between a protected resource of a private network and multiple client devices residing external to the private network. A number of connections between the client devices and the protected network resource are tracked. During a period of time in which the number of connections exceeds a connection count threshold: (i) for each of the connections, a measured value for the network connection characteristic is compared to the current threshold; (ii) responsive to a determination that the measured value exceeds the current threshold, the connection is dropped; and (iii) the current threshold is periodically reduced, such that only those connections complying with the current threshold are maintained.

66. 发明申请

US20180213052A1 REQUEST ROUTING PROCESSING 审中-公开
公开(公告)号：US20180213052A1
公开(公告)日：2018-07-26
申请号：US15936205
申请日：2018-03-26
申请人： Amazon Technologies, Inc.
发明人： Colm MacCarthaigh , David R. Richardson , Benjamin W.S. Redman
IPC分类号： H04L29/08 , H04L12/26 , H04L29/06 , H04L29/12 , H04L12/721
CPC分类号： H04L67/2833 , H04L29/08288 , H04L29/12066 , H04L43/16 , H04L45/72 , H04L61/1511 , H04L61/3025 , H04L63/1458 , H04L67/1036 , H04L2463/142
摘要： Generally described, the present disclosure is directed to managing request routing functionality corresponding to resource requests for one or more resources associated with a content provider. The processing of the DNS requests by the service provider can include the selective filtering of DNS queries associated with a DNS query-based attack. A service provider can assign DNS servers corresponding to a distributed set of network addresses, or portions of network addresses, such that DNS queries exceeding a threshold, such as in DNS query-based attacks, can be filtered in a manner that can mitigate performance impact on for the content provider or service provider.

67. 发明授权

US09992225B2 System and a method for identifying malware network activity using a decoy environment 有权
公开(公告)号：US09992225B2
公开(公告)日：2018-06-05
申请号：US14847315
申请日：2015-09-08
申请人： TopSpin Security LTD.
发明人： Doron Kolton , Rami Mizrahi , Omer Zohar , Benny Ben-Rabi , Alex Barbalat , Shlomi Gabai
IPC分类号： H04L29/06
CPC分类号： H04L63/1491 , H04L63/1416 , H04L63/1441 , H04L63/145 , H04L2463/142 , H04L2463/144
摘要： A system for gathering information about malware and a method of use therefor, the system comprising a working environment including physical working environment servers, physical working environment endpoints, a working environment network, a switch, and a router directing traffic between said working environment network and an external network, a decoy environment including at least one physical machine, a decoy environment server, a decoy environment endpoint, a decoy environment network and a decoy environment router, a file directing mechanism directing at least some files to the decoy environment, and a threat tracking mechanism tracking and observing actions triggered by the files in the decoy environment.

68. 发明申请

US20180124099A1 SYSTEM AND METHOD FOR SCALED MANAGEMENT OF THREAT DATA 审中-公开
公开(公告)号：US20180124099A1
公开(公告)日：2018-05-03
申请号：US15342770
申请日：2016-11-03
申请人： Arbor Networks, Inc.
发明人： Brian St. Pierre
IPC分类号： H04L29/06 , H04L12/24
CPC分类号： H04L63/1441 , H04L43/026 , H04L43/0876 , H04L63/101 , H04L63/20 , H04L2463/142 , H04L2463/144
摘要： A method, system, and computer-implemented method to manage threats to a network is provided. The method includes receiving volume threat data that indicates a volume of threat data that needs to be managed by a threat management system having a plurality of threat management devices, determining a volume range from a plurality of volume ranges to which the received volume threat data belongs, determining a number of threat management devices of the plurality of threat devices needed to manage threat traffic associated with the volume range determined, and determining whether the number of threat management devices needed is different than a number of threat management devices currently being used to manage threat traffic. The method further includes selecting automatically threat management devices of the plurality of threat management devices to manage received threat data, in response to a determination that the number is different and based on the number determined, assigning automatically, each packet of the threat traffic to a group, each group corresponding to a threat management device of the selected threat management devices, and directing automatically each packet of the threat traffic to the threat management device that corresponds to the group to which the packet is assigned.

69. 发明授权

US09800597B2 Identifying threats based on hierarchical classification 有权
公开(公告)号：US09800597B2
公开(公告)日：2017-10-24
申请号：US15284403
申请日：2016-10-03
申请人： Cisco Technology, Inc.
发明人： Karel Bartos , Michal Sofka
IPC分类号： G06F21/00 , H04L29/06 , G06F21/55 , G06F17/30
CPC分类号： H04L63/1416 , G06F17/30861 , G06F21/552 , H04L63/1425 , H04L63/1433 , H04L2463/121 , H04L2463/142
摘要： A system and a method are disclosed for identifying network threats based on hierarchical classification. The system receives packet flows from a data network and determines flow features for the received packet flows based on data from the packet flows. The system also classifies each packet flow into a flow class based on flow features of the packet flow. Based on a criterion, the system selects packet flows from the received packet flows and places the selected packet flows into an event set that represents an event on the network. The system determines event set features for the event set based on the flow features of the selected packet flows. The system then classifies the event set into a set class based on the determined event set features. Based on the set class, the computer system may report a threat incident on an internetworking device that originated the selected packet flows.

70. 发明申请

US20170279848A1 SCORE BOOSTING STRATEGIES FOR CAPTURING DOMAIN-SPECIFIC BIASES IN ANOMALY DETECTION SYSTEMS 审中-公开
公开(公告)号：US20170279848A1
公开(公告)日：2017-09-28
申请号：US15168833
申请日：2016-05-31
申请人： Cisco Technology, Inc.
发明人： Jean-Philippe Vasseur , Grégory Mermoud
IPC分类号： H04L29/06 , H04L29/08 , H04L12/911 , H04W12/02
CPC分类号： H04L63/1458 , H04L47/825 , H04L63/1425 , H04L67/02 , H04L69/16 , H04L2463/142 , H04W12/02
摘要： In one embodiment, a device in a network detects an anomaly in the network using an anomaly detector. The anomaly corresponds to an anomalous behavior exhibited by one or more nodes in the network. The device computes an anomaly score for the anomaly that represents a measure of the anomalous behavior. The device adjusts the anomaly score using a boost score. The boost score is generated by a boosting function that accounts for domain-specific biases of the anomaly detector. The device reports the anomaly to a supervisory device based on whether the adjusted anomaly score exceeds a reporting threshold.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式