专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

WO2010076832A1 ANOMALY DETECTION FOR PACKET-BASED NETWORKS 审中-公开
标题翻译：基于分组网络的异常检测
公开(公告)号：WO2010076832A1
公开(公告)日：2010-07-08
申请号：PCT/IT2008/000821
申请日：2008-12-31
申请人： TELECOM ITALIA S.P.A. , BALTATU, Madalina , ABENI, Paolo
发明人： BALTATU, Madalina , ABENI, Paolo
IPC分类号： H04L29/06 , H04L12/26
CPC分类号： H04L63/1425 , H04L43/00
摘要： Disclosed herein is an anomaly detection method for a packet-based network which comprises several network resources, also called network-related software objects. The method comprises monitoring the network resources of the packet-based network, ordering the monitored network resources according to a given ordering criterion, and detecting an anomaly in the packet-based network based on the ordered network resources. In particular, detecting an anomaly includes forming a detection feature vector based on the ordered network resources, and feeding the detection feature vector to a machine learning system configured to detect an anomaly in the packet-based network based on the detection feature vector. The detection feature vector comprises detection feature items related to corresponding monitored network resources, and arranged in the detection feature vector depending on the ordering of the corresponding monitored network resources. Conveniently, the machine learning system is a one-class classifier, preferably a one-class Support Vector Machine (OC-SVM).
摘要翻译：本文公开了一种用于基于分组的网络的异常检测方法，其包括若干网络资源，也称为网络相关软件对象。该方法包括监视基于分组的网络的网络资源，根据给定的排序标准对监控的网络资源进行排序，并基于有序的网络资源检测基于分组的网络中的异常。特别地，检测异常包括基于有序网络资源形成检测特征向量，并且将检测特征向量馈送到被配置为基于检测特征向量来检测基于分组的网络中的异常的机器学习系统。检测特征向量包括与对应的被监测网络资源相关的检测特征项，并且根据对应的被监测网络资源的顺序排列在检测特征向量中。方便地，机器学习系统是一类分类器，最好是一类支持向量机（OC-SVM）。

2. 发明申请

WO2005059720A1 METHOD AND APPARATUS FOR MONITORING OPERATION OF PROCESSING SYSTEMS, RELATED NETWORK AND COMPUTER PROGRAM PRODUCT THEREFOR 审中-公开
标题翻译：用于监控处理系统运行的方法和装置，相关网络和计算机程序产品
公开(公告)号：WO2005059720A1
公开(公告)日：2005-06-30
申请号：PCT/EP2003/014385
申请日：2003-12-17
申请人： TELECOM ITALIA S.P.A. , CANGINI, Gianluca , LAMASTRA, Gerardo , CODA ZABETTA, Francesco , ABENI, Paolo , BALTATU, Madalina , D'ALESSANDRO, Rosalia , BRUSOTTI, Stefano , DI PAOLA, Sebastiano , LEONE, Manuel , FROSALI, Federico
发明人： CANGINI, Gianluca , LAMASTRA, Gerardo , CODA ZABETTA, Francesco , ABENI, Paolo , BALTATU, Madalina , D'ALESSANDRO, Rosalia , BRUSOTTI, Stefano , DI PAOLA, Sebastiano , LEONE, Manuel , FROSALI, Federico
IPC分类号： G06F1/00
CPC分类号： G06F21/554 , G06F21/55
摘要： Apparatus for monitoring operation of a processing system (A, B, ... ., X) includes a set of modules (105) for monitoring operation of a set of system primitives that allocate or release the system resources and are used by different processes running on the system. Preferably, the modules include: at least one application knowledge module (105a, 105b) tracking the processes running on the system and monitoring the resources used thereby, a network knowledge module (105c) monitoring connections by the processes running on the system, a file-system analysis module (105d) monitoring the file-related operations performed within the system, and a device monitoring module (105a) monitoring operation of commonly used modules with said system. A preferred field of application is in host-based intrusion detection systems (HIDS).
摘要翻译：用于监视处理系统（A，B，...，X）的操作的装置包括一组模块（105），用于监视分配或释放系统资源并被不同进程使用的一组系统原语的操作在系统上运行优选地，模块包括：至少一个应用知识模块（105a，105b），跟踪在系统上运行的进程并监视由此使用的资源;网络知识模块（105c），通过系统上运行的进程来监视连接;文件 - 系统分析模块（105d），监视在系统内执行的文件相关操作;以及设备监视模块（105a），监视所述系统常用模块的操作。优选的应用领域是基于主机的入侵检测系统（HIDS）。

3. 发明申请

WO2005015370A1 METHOD AND SYSTEM FOR DETECTING UNAUTHORISED USE OF A COMMUNICATION NETWORK 审中-公开
标题翻译：用于检测通信网络未经使用的方法和系统
公开(公告)号：WO2005015370A1
公开(公告)日：2005-02-17
申请号：PCT/IT2003/000505
申请日：2003-08-11
申请人： TELECOM ITALIA S.P.A. , ABENI, Paolo
发明人： ABENI, Paolo
IPC分类号： G06F1/00
CPC分类号： H04L63/1408
摘要： A system (6) for detecting unauthorised use of a network is provided with a pattern matching engine (16) for searching attack signatures into data packets, and with a response analysis engine (18) for detecting response signatures into data packets sent back from an attacked network/computer. When a suspect signature has been detected into a packet, the system enters an alarm status starting a monitoring process on the packets sent back from the potentially attacked network/computer. An alarm is generated only in case the analysis of the response packets produces as well a positive result. Such intrusion detection system is much less prone to false positives and misdiagnosis than a conventional pattern matching intrusion detection system.
摘要翻译：用于检测网络的未经授权的使用的系统（6）具有用于将攻击签名搜索到数据分组中的模式匹配引擎（16），以及响应分析引擎（18），用于将响应签名检测到从攻击网络/电脑。当一个可疑签名被检测到一个数据包时，系统会从对潜在的攻击的网络/计算机发回的数据包进入一个监视进程的警报状态。仅在响应分析的分析产生正面结果的情况下才产生报警。这种入侵检测系统比传统的匹配入侵检测系统的模式更不容易发生误报和误诊。

4. 发明申请

WO2006117013A1 METHOD AND SYSTEM FOR PROCESSING PACKET FLOWS, AND COMPUTER PROGRAM PRODUCT THEREFOR 审中-公开
标题翻译：处理分组流的方法和系统及其计算机程序产品
公开(公告)号：WO2006117013A1
公开(公告)日：2006-11-09
申请号：PCT/EP2005/004858
申请日：2005-05-04
申请人： TELECOM ITALIA S.P.A. , ABENI, Paolo , MILANI COMPARETTI, Paolo , DI PAOLA, Sebastiano , LAMASTRA, Gerardo
发明人： ABENI, Paolo , MILANI COMPARETTI, Paolo , DI PAOLA, Sebastiano , LAMASTRA, Gerardo
IPC分类号： G06F9/46 , G06F1/00 , H04L29/06
CPC分类号： H04L47/10 , G06F9/526 , G06F2209/522 , H04L49/90 , H04L63/1408
摘要： Packet flows are processed, e.g. to perform an intrusion detection function in a communication network, by means of a multiprocessor system including a plurality of processing units. The packets are distributed (101) for processing (105, 106) among the processing units via a distribution function (103, 104). Such a distribution function (103, 104) is selectively allotted to one of the processing units of the plurality. A preferred embodiment of the arrangement involves using a single Symmetric Multi-Processor machine with a single network port to Gigabit/sec link. The corresponding system architecture does not require any intermediate device, or any external load balancing mechanism. All the processing work is performed on a single system, which is able to dynamically balance the traffic load among the several independent CPUs. By resorting to a specific scheduling arrangement, such a system is able to effectively distribute the computations required to perform both the loadbalancing and the detection operations.
摘要翻译：处理数据包流，例如通过包括多个处理单元的多处理器系统在通信网络中执行入侵检测功能。通过分发功能（103,104），在处理单元中分发（101）用于处理（105,106）。这种分配功能（103,104）被选择性地分配给多个处理单元之一。该布置的优选实施例涉及使用具有单个网络端口到千兆/秒链路的单个对称多处理器机器。相应的系统架构不需要任何中间设备或任何外部负载平衡机制。所有的处理工作都在单个系统上执行，能够动态平衡多个独立CPU之间的流量负载。通过采用特定的调度安排，这样的系统能够有效地分配执行负载平衡和检测操作所需的计算。

5. 发明申请

WO2007110105A1 METHOD AND SYSTEM FOR MOBILE NETWORK SECURITY, RELATED NETWORK AND COMPUTER PROGRAM PRODUCT 审中-公开
标题翻译：移动网络安全，相关网络和计算机程序产品的方法和系统
公开(公告)号：WO2007110105A1
公开(公告)日：2007-10-04
申请号：PCT/EP2006/010448
申请日：2006-10-31
申请人： TELECOM ITALIA S.p.A. , LAMASTRA, Gerardo , ABENI, Paolo , CANGINI, Gianluca , CODA ZABETTA, Francesco
发明人： LAMASTRA, Gerardo , ABENI, Paolo , CANGINI, Gianluca , CODA ZABETTA, Francesco
IPC分类号： G06F21/00 , H04L29/06
CPC分类号： H04L51/12 , H04L51/38 , H04L63/0227 , H04L63/1491 , H04W12/12
摘要： A honeypot system (100) for protecting a mobile communication network against malware includes one or more user-less mobile devices (101 ) including a monitoring module (104) for monitoring the events conveying software applications in the associated mobile device (101 ) as well as a controller client module (107) that emulates human-like interaction with the user-less devices (101 ) as a function of the events monitored (104). The system (100) controllably performs, for the applications conveyed by the events monitored (104), one or more of the following steps: - i) installing the application on the device (101 ); - ii) executing the application installed on the device (101 ); and - iii) de-installing the application from the device (101 ). After any of these steps performed, the state of the device (101 ) is checked in order to detect if any anomalous variation has occurred in the state of the device (101 ) indicative of said at the device (101 ) being exposed to the risk of malware. If any said anomalous variation is detected, the system issues a malware alert message.
摘要翻译：用于保护移动通信网络免受恶意软件的蜜罐系统（100）包括一个或多个无用户移动设备（101），其包括监视模块（104），用于监视传送相关移动设备（101）中的软件应用的事件作为控制器客户端模块（107），其根据所监视的事件（104）模拟与无用户设备（101）的类似人的交互。所述系统（100）可控制地对由所监视的事件（104）传送的应用执行以下一个或多个步骤：i）将所述应用安装在所述设备（101）上; - ii）执行安装在设备（101）上的应用程序; 以及 - iii）从所述设备（101）去除所述应用程序。在执行了这些步骤之一之后，检查设备（101）的状态，以便检测在设备（101）处的指示所述设备（101）暴露于风险的设备（101）的状态是否发生任何异常变化的恶意软件。如果检测到任何所述异常变化，则系统发出恶意软件警报消息。

6. 发明申请

WO2005099214A1 METHOD AND SYSTEM FOR NETWORK INTRUSION DETECTION, RELATED NETWORK AND COMPUTER PROGRAM PRODUCT 审中-公开
标题翻译：网络侵入检测方法与系统，相关网络和计算机程序产品
公开(公告)号：WO2005099214A1
公开(公告)日：2005-10-20
申请号：PCT/EP2004/003350
申请日：2004-03-30
申请人： TELECOM ITALIA S.p.A. , MILANI COMPARETTI, Paolo , ABENI, Paolo
发明人： MILANI COMPARETTI, Paolo , ABENI, Paolo
IPC分类号： H04L29/06
CPC分类号： H04L63/1408
摘要： A system for providing intrusion detection (6) in a network (2) wherein data flows are exchanged using associated network ports and application layer protocols. The system includes: - a monitoring module (14) configured for monitoring data flows in said network (2), - a protocol identification engine (16) configured for detecting (16) information on the application layer protocols involved in the monitored data flows, and - an intrusion detection module (18) configured for operating based on the information on application layer protocols detected. Intrusion detection is thus provided independently of any predefined association between said network ports and said application layer protocols.
摘要翻译：一种用于在网络（2）中提供入侵检测（6）的系统，其中使用关联的网络端口和应用层协议来交换数据流。该系统包括： - 被配置用于监视所述网络（2）中的数据流的监视模块（14）， - 配置用于检测（16）关于所监视的数据流中涉及的应用层协议的信息的协议识别引擎（16）以及 - 被配置用于基于检测到的应用层协议的信息进行操作的入侵检测模块（18）。因此，独立于所述网络端口和所述应用层协议之间的任何预定义的关联来提供入侵检测。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式