专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US09712490B1 Identifying applications for intrusion detection systems 有权
公开(公告)号：US09712490B1
公开(公告)日：2017-07-18
申请号：US13651875
申请日：2012-10-15
申请人： Juniper Networks, Inc.
发明人： Bryan Burns , Siying Yang , Julien Sobrier
IPC分类号： G06F11/00 , H04L29/06
CPC分类号： H04L63/0254 , H04L63/1441 , H04L63/168
摘要： An intrusion detection system (“IDS”) device is described that includes a flow analysis module to receive a first packet flow from a client and to receive a second packet flow from a server. The IDS includes a forwarding component to send the first packet flow to the server and the second packet flow to the client and a stateful inspection engine to apply one or more sets of patterns to the first packet flow to determine whether the first packet flow represents a network attack. The IDS also includes an application identification module to perform an initial identification of a type of software application and communication protocol associated with the first packet flow and to reevaluate the identification of the type of software application and protocol according to the second packet flow. The IDS may help eliminate false positive and false negative attack identifications.

2. 发明申请

US20140283061A1 ATTACK DETECTION AND PREVENTION USING GLOBAL DEVICE FINGERPRINTING 有权
标题翻译：使用全球装置指纹的攻击检测和预防
公开(公告)号：US20140283061A1
公开(公告)日：2014-09-18
申请号：US13910019
申请日：2013-06-04
申请人： Juniper Networks, Inc.
发明人： Daniel J. Quinlan , Kyle Adams , Oskar Ibatullin , Yuly Tenorio Morales , Robert W. Cameron , Bryan Burns
IPC分类号： H04L29/06
CPC分类号： H04L63/1441 , H04L63/1408 , H04L67/02
摘要： This disclosure describes a global attacker database that utilizes device fingerprinting to uniquely identify devices. For example, a device includes one or more processors and network interface cards to receive network traffic directed to one or more computing devices protected by the device, send, to the remote device, a request for data points of the remote device, wherein the data points include characteristics associated with the remote device, and receive at least a portion of the requested data points. The device also includes a fingerprint module to compare the received portion of the data points to sets of data points associated with known attacker devices, and determine, based on the comparison, whether a first set of data points of a first known attacker device satisfies a similarity threshold. The device also includes an security module to selectively manage, based on the determination, additional network traffic directed to the computing devices.
摘要翻译：本公开描述了使用设备指纹识别设备的全局攻击者数据库。例如，设备包括一个或多个处理器和网络接口卡，以接收指向由设备保护的一个或多个计算设备的网络流量，向远程设备发送对远程设备的数据点的请求，其中数据点包括与远程设备相关联的特征，并且接收所请求的数据点的至少一部分。所述设备还包括指纹模块，用于将接收到的数据点部分与已知攻击者设备相关联的数据点集合进行比较，并且基于比较确定第一已知攻击者设备的第一组数据点是否满足相似性阈值。该设备还包括安全模块，用于基于确定选择性地管理针对计算设备的附加网络流量。

3. 发明申请

US20150121529A1 DYNAMIC SERVICE HANDLING USING A HONEYPOT 审中-公开
标题翻译：使用蜂蜜的动态服务处理
公开(公告)号：US20150121529A1
公开(公告)日：2015-04-30
申请号：US14586401
申请日：2014-12-30
申请人： Juniper Networks, Inc.
发明人： Daniel J. Quinlan , Oskar Ibatullin , Bryan Burns , Oliver Tavakoli , Robert W. Cameron
IPC分类号： H04L29/06
CPC分类号： H04L63/1491 , H04L67/28 , H04L67/42 , H04W12/12
摘要： A network device comprises one or more processors coupled to a memory, and a dynamic services module configured for execution by the one or more processors to receive, from a client device, a service request specifying a service. The dynamic service module is further configured for execution by the one or more processors to, in response to obtaining a negative indication for the service, send a representation of the service request to a honeypot to cause the honeypot to offer the service to the client device.
摘要翻译：网络设备包括耦合到存储器的一个或多个处理器和被配置为由一个或多个处理器执行以从客户端设备接收指定服务的服务请求的动态服务模块。动态服务模块还被配置为用于由一个或多个处理器执行以响应于获得针对服务的否定指示，向蜜罐发送服务请求的表示以使蜜罐向客户端设备提供服务。

4. 发明申请

US20140096229A1 VIRTUAL HONEYPOT 审中-公开
标题翻译：虚拟蜂蜜
公开(公告)号：US20140096229A1
公开(公告)日：2014-04-03
申请号：US13631398
申请日：2012-09-28
申请人： JUNIPER NETWORKS, INC.
发明人： Bryan Burns , Oskar Ibatullin , Oliver Tavakoli , Robert W. Cameron , Daniel J. Quinlan
IPC分类号： G06F21/20
CPC分类号： H04L63/1491
摘要： A virtual honeypot is configured within a security appliance by configuring one or more network addresses associated with the virtual honeypot. The security appliance receives network traffic destined for the virtual honeypot sent to the one or more network addresses associated with the virtual honeypot, and forwards the traffic to a remote honeypot such that the remote honeypot appears to be connected to a network local to the security appliance.
摘要翻译：通过配置与虚拟蜜罐相关联的一个或多个网络地址，在安全设备内配置虚拟蜜罐。安全设备接收发送到与虚拟蜜罐相关联的一个或多个网络地址的虚拟蜜罐的网络流量，并将流量转发到远程蜜罐，使得远程蜜罐似乎连接到安全设备本地的网络。

5. 发明授权

US09838427B2 Dynamic service handling using a honeypot 有权
公开(公告)号：US09838427B2
公开(公告)日：2017-12-05
申请号：US15338173
申请日：2016-10-28
申请人： Juniper Networks, Inc.
发明人： Daniel J. Quinlan , Oskar Ibatullin , Bryan Burns , Oliver Tavakoli , Robert W. Cameron
IPC分类号： G06F17/00 , H04L29/06 , H04L29/08 , H04W12/12
CPC分类号： H04L63/1491 , H04L67/28 , H04L67/42 , H04W12/12
摘要： A network device comprises one or more processors coupled to a memory, and a dynamic services module configured for execution by the one or more processors to receive, from a client device, a service request specifying a service. The dynamic service module is further configured for execution by the one or more processors to, in response to obtaining a negative indication for the service, send a representation of the service request to a honeypot to cause the honeypot to offer the service to the client device.

6. 发明授权

US09485276B2 Dynamic service handling using a honeypot 有权
标题翻译：使用蜜罐的动态服务处理
公开(公告)号：US09485276B2
公开(公告)日：2016-11-01
申请号：US14586401
申请日：2014-12-30
申请人： Juniper Networks, Inc.
发明人： Daniel J. Quinlan , Oskar Ibatullin , Bryan Burns , Oliver Tavakoli , Robert W. Cameron
IPC分类号： G06F17/00 , H04L29/06
CPC分类号： H04L63/1491 , H04L67/28 , H04L67/42 , H04W12/12
摘要： A network device comprises one or more processors coupled to a memory, and a dynamic services module configured for execution by the one or more processors to receive, from a client device, a service request specifying a service. The dynamic service module is further configured for execution by the one or more processors to, in response to obtaining a negative indication for the service, send a representation of the service request to a honeypot to cause the honeypot to offer the service to the client device.
摘要翻译：网络设备包括耦合到存储器的一个或多个处理器和被配置为由一个或多个处理器执行以从客户端设备接收指定服务的服务请求的动态服务模块。动态服务模块还被配置为用于由一个或多个处理器执行以响应于获得针对服务的否定指示，向蜜罐发送服务请求的表示以使蜜罐向客户端设备提供服务。

7. 发明授权

US09344445B2 Detecting malicious network software agents 有权
标题翻译：检测恶意网络软件代理
公开(公告)号：US09344445B2
公开(公告)日：2016-05-17
申请号：US14571133
申请日：2014-12-15
申请人： Juniper Networks, Inc.
发明人： Bryan Burns , Krishna Narayanaswamy
IPC分类号： H04L29/06
CPC分类号： H04L63/1441 , H04L63/14 , H04L63/1416 , H04L2463/144
摘要： This disclosure describes techniques for determining whether a network session originates from an automated software agent. In one example, a network device, such as a router, includes a network interface to receive packets of a network session, a bot detection module to calculate a plurality of scores for network session data based on a plurality of metrics, wherein each of the metrics corresponds to a characteristic of a network session originated by an automated software agent, to produce an aggregate score from an aggregate of the plurality of scores, and to determine that the network session is originated by an automated software agent when the aggregate score exceeds a threshold, and an attack detection module to perform a programmed response when the network session is determined to be originated by an automated software agent. Each score represents a likelihood that the network session is originated by an automated software agent.
摘要翻译：本公开描述了用于确定网络会话是否源于自动化软件代理的技术。在一个示例中，诸如路由器的网络设备包括用于接收网络会话的分组的网络接口，基于多个度量来计算网络会话数据的多个分数的机器人检测模块，其中，度量对应于由自动化软件代理发起的网络会话的特征，以从多个分数的聚合中产生聚合分数，并且当聚合分数超过一个分数时，确定网络会话由自动软件代理发起阈值，以及当网络会话被确定为由自动化软件代理发起时执行编程响应的攻击检测模块。每个分数表示网络会话由自动化软件代理发起的可能性。

8. 发明授权

US09077692B1 Blocking unidentified encrypted communication sessions 有权
标题翻译：阻止不明的加密通信会话
公开(公告)号：US09077692B1
公开(公告)日：2015-07-07
申请号：US13723187
申请日：2012-12-20
申请人： Juniper Networks, Inc.
发明人： Bryan Burns , Vladimir Sukhanov
IPC分类号： H04L29/06
CPC分类号： H04L63/0428 , H04L63/1416 , H04L63/145 , H04L67/14 , H04L69/22 , H04L2463/144
摘要： Techniques are described for blocking unidentified encrypted communication sessions. In one embodiment, a device includes an interface to receive a packet, an application identification module to attempt to identify an application associated with the packet, an encryption detection module to determine whether the packet is encrypted when the application identification module is unable to identify an application associated with the packet, and an attack detection module to determine whether the packet is associated with a network attack, to forward the packet when the packet is not associated with a network attack, and to take a response when the packet is associated with a network attack, wherein the encryption detection module sends a message to the attack detection module that indicates whether the packet is encrypted, wherein when the message indicates that packet is encrypted, the attack detection module determines that the packet is associated with a network attack.
摘要翻译：描述了阻止未识别的加密通信会话的技术。在一个实施例中，一种设备包括用于接收分组的接口，用于尝试识别与所述分组相关联的应用的应用识别模块，加密检测模块，用于当所述应用识别模块不能识别所述分组时确定所述分组是否被加密与分组关联的应用，以及攻击检测模块，用于确定分组是否与网络攻击相关联，以在分组不与网络攻击相关联时转发分组，以及当分组与网络攻击相关联时采取响应网络攻击，其中所述加密检测模块向所述攻击检测模块发送指示所述分组是否被加密的消息，其中当所述消息指示所述分组被加密时，所述攻击检测模块确定所述分组与网络攻击相关联。

9. 发明授权

US09043916B1 Security content injection 有权
标题翻译：安全内容注入
公开(公告)号：US09043916B1
公开(公告)日：2015-05-26
申请号：US14140920
申请日：2013-12-26
申请人： Juniper Networks, Inc.
发明人： Bryan Burns , Alexander S. Waterman
IPC分类号： G06F12/14 , H04L29/06
CPC分类号： H04L63/145 , G06F21/54 , G06F21/568 , H04L63/1416
摘要： A computing device may receive content from a content source. The content may include software code that is executable by a web browser, and may be directed to another computing device. The computing device may inject security content into the content. The security content may include software instructions to enable the web browser to detect malicious software content within the content. The computing device may communicate the content to the other computing device.
摘要翻译：计算设备可以从内容源接收内容。内容可以包括可由web浏览器执行的软件代码，并且可以被引导到另一个计算设备。计算设备可以将安全内容注入到内容中。安全内容可以包括使得web浏览器能够检测内容内的恶意软件内容的软件指令。计算设备可以将内容传送到另一计算设备。

10. 发明授权

US10033696B1 Identifying applications for intrusion detection systems 有权
公开(公告)号：US10033696B1
公开(公告)日：2018-07-24
申请号：US15650728
申请日：2017-07-14
申请人： Juniper Networks, Inc.
发明人： Bryan Burns , Siying Yang , Julien Sobrier
IPC分类号： H04L29/06
摘要： An intrusion detection system (“IDS”) device is described that includes a flow analysis module to receive a first packet flow from a client and to receive a second packet flow from a server. The IDS includes a forwarding component to send the first packet flow to the server and the second packet flow to the client and a stateful inspection engine to apply one or more sets of patterns to the first packet flow to determine whether the first packet flow represents a network attack. The IDS also includes an application identification module to perform an initial identification of a type of software application and communication protocol associated with the first packet flow and to reevaluate the identification of the type of software application and protocol according to the second packet flow. The IDS may help eliminate false positive and false negative attack identifications.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式