-
公开(公告)号:US20160044053A1
公开(公告)日:2016-02-11
申请号:US14922553
申请日:2015-10-26
CPC分类号: H04L63/1408 , H04L61/6068 , H04L63/1458 , H04L63/1466 , H04L2463/141 , H04L2463/146
摘要: System, method and program for identifying a subset of a multiplicity of source networks. The subset including one or more source networks which have sent messages to one of a plurality of destination locations having a same IP address. For each of the multiplicity of source networks, a determination is made whether there are fewer intervening hops from the source network to the one destination location than from the source network to other of the plurality of destination locations. If so, the source network is included in the subset. If not, the source network is not included in the subset. One application of the present invention is to identify a source of a denial of service attack. After the subset is identified, filters can be sequentially applied to block messages from respective source networks in the subset to determine which source network in the subset is sending the messages.
摘要翻译: 用于识别多个源网络的子集的系统,方法和程序。 该子集包括向多个具有相同IP地址的目的地位置之一发送消息的一个或多个源网络。 对于多个源网络中的每一个,确定从源网络到一个目的地位置的间隔跳数是否比从源网络到多个目的地位置中的其他目的地点的更少。 如果是这样,源网络被包括在子集中。 如果不是,源网络不包括在子集中。 本发明的一个应用是识别拒绝服务攻击的源。 在子集被识别之后,可以将过滤器顺序地应用于阻止来自子集中相应源网络的消息,以确定子集中的哪个源网络正在发送消息。
-
公开(公告)号:US20150371038A1
公开(公告)日:2015-12-24
申请号:US14312745
申请日:2014-06-24
发明人: Puneet Batta , Jason T. Harris , Trevor Miranda , Jacob Thomas
CPC分类号: G06F21/55 , G06F2221/034 , H04L2463/146 , H04N7/183 , H04W12/12
摘要: A technique for locating a wireless communication attack includes monitoring of Bluetooth® communications activity by a Bluetooth® capable communication device. Any monitored communication activity is analyzed against parameters that are predefined to detect a communication attempt by a suspected criminal device to an illicit device. If the communication attempt by the suspected criminal device is detected by the analysis, a communication to the criminal device is controlled so as to delay completion of the communication to the criminal device in order to provide time to locate the criminal device.
摘要翻译: 用于定位无线通信攻击的技术包括通过支持蓝牙的通信设备监视蓝牙通信活动。 根据预定义的参数来分析任何监视的通信活动,以检测疑犯犯罪装置对非法装置的通信尝试。 如果通过分析检测到疑似犯罪装置的通信尝试,则控制对犯罪装置的通信,以便延迟对犯罪装置的通信的完成,以便提供定位犯罪装置的时间。
-
73.发明授权公开(公告)号:US09203847B2
公开(公告)日:2015-12-01
申请号:US13533312
申请日:2012-06-26
CPC分类号: H04L63/101 , H04L63/0236 , H04L63/107 , H04L63/20 , H04L67/10 , H04L2463/146
摘要: Concepts and technologies disclosed herein are for detecting and managing unauthorized use of cloud computing services from within an internal network of a business or other organization. A computer system may be configured to identify a plurality of Web resources that have been accessed by computing devices from within the internal network. The computer system may also be configured to obtain Internet protocol (“IP”) information from a network component of the internal network. The IP information may be used to determine whether each of the plurality of Web resources is a cloud computing service resource. The computer system may also be configured to block access to a cloud computing service resource of the plurality of Web resources upon determining that the IP information identifies the cloud computing service resource as being unauthorized.
摘要翻译: 本文公开的概念和技术用于从业务或其他组织的内部网络中检测和管理未经授权的使用云计算服务。 计算机系统可以被配置为识别已经由内部网络中的计算设备访问的多个Web资源。 计算机系统还可以被配置为从内部网络的网络部件获得互联网协议(“IP”)信息。 IP信息可以用于确定多个Web资源中的每一个是否是云计算服务资源。 计算机系统还可以被配置为在确定IP信息将云计算服务资源识别为未授权时,阻止对多个Web资源的云计算服务资源的访问。
-
公开(公告)号:US20150326460A1
公开(公告)日:2015-11-12
申请号:US14708262
申请日:2015-05-10
申请人: Xinyuan Wang , Zuotao Li
发明人: Xinyuan Wang , Zuotao Li
IPC分类号: H04L12/26
CPC分类号: H04L43/026 , H04L43/062 , H04L43/0876 , H04L43/16 , H04L63/0407 , H04L63/1408 , H04L2463/146
摘要: A network flow monitoring and analysis system comprises flow labeling agent(s), sensor(s), controller(s), and correlation engines(s). The flow labeling agent(s) label at data packet flow unique and covert label(s). The sensor(s) observe data packet flow for the unique and covert label(s) and generate examination report(s) from the observations. The examination report(s) comprise information such as: location information; time information; target information; path information; and flow information. The controller(s) communicate instructions to the labeling agent(s) and sensor(s), receive event information and manage the correlation engine(s). The correlation engine(s) correlate information from information such as the target information; event information; path information; and flow information.
摘要翻译: 网络流量监测和分析系统包括流量标签代理,传感器,控制器和相关引擎。 数据包流上的流标签代理标签独特而隐蔽的标签。 传感器观察独特和隐蔽标签的数据包流,并从观察中产生检测报告。 检查报告包括以下信息:位置信息; 时间信息; 目标信息; 路径信息; 和流量信息。 控制器将指令传达给标签代理和传感器,接收事件信息和管理相关引擎。 相关引擎将来自诸如目标信息的信息的信息相关联; 事件信息; 路径信息; 和流量信息。
-
公开(公告)号:US09137138B2
公开(公告)日:2015-09-15
申请号:US12325116
申请日:2008-11-28
申请人: Stephen W. Neville , Michael Horie
发明人: Stephen W. Neville , Michael Horie
IPC分类号: H04L12/701 , H04L12/715 , H04L12/725 , H04L29/06
CPC分类号: H04L45/00 , H04L45/04 , H04L45/308 , H04L63/12 , H04L2463/146
摘要: A method for a first network to receive a packet from a second network is provided, including a router at the first network receiving the packet from the second network, the packet addressed to a client reachable through the first network; the router inspecting the packet for a nonrepudiable marking provided by the second network; if the nonrepudiable marking is present and matches the packet, adding an indicator pointing to the second network in the packet; adding a second nonrepudiable marking to the packet, and transmitting the packet to a destination; and otherwise, dropping the packet.
摘要翻译: 提供了一种用于从第二网络接收分组的方法,包括在第一网络处接收来自第二网络的分组的路由器,该分组寻址到可通过第一网络访问的客户端; 路由器检查分组,用于由第二网络提供的不可否认标记; 如果不可否认的标记存在并匹配分组,则添加指向分组中的第二网络的指示符; 向分组添加第二不可否认标记,并将分组发送到目的地; 否则丢弃包。
-
公开(公告)号:US09083712B2
公开(公告)日:2015-07-14
申请号:US12098345
申请日:2008-04-04
申请人: Phillip Andrew Porras , Jian Zhang
发明人: Phillip Andrew Porras , Jian Zhang
CPC分类号: H04L63/101 , H04L63/0236 , H04L63/105 , H04L63/1425 , H04L2463/146 , H04W12/10
摘要: In one embodiment, the present invention is a method and apparatus for generating highly predictive blacklists. One embodiment of a method for generating a blacklist of network addresses for a user of a network includes collecting security log data from users of the network, the security log data identifying observed attacks by attack sources, assigning the attack sources to the blacklist based on a combination of the relevance each attack source to the user and the maliciousness of the attack source, and outputting the blacklist.
摘要翻译: 在一个实施例中,本发明是用于生成高度预测黑名单的方法和装置。 用于生成网络用户的网络地址黑名单的方法的一个实施例包括从网络的用户收集安全日志数据,所述安全日志数据识别攻击源的观察到的攻击,基于攻击源将攻击源分配给黑名单 将每个攻击源与用户的相关性与攻击源的恶意的组合,并输出黑名单。
-
77.发明申请METHODS AND APPARATUS TO IDENTIFY AN INTERNET PROTOCOL ADDRESS BLACKLIST BOUNDARY 有权识别互联网协议地址黑名单边界的方法和设备公开(公告)号:US20150163235A1
公开(公告)日:2015-06-11
申请号:US14099600
申请日:2013-12-06
发明人: Baris Coskun , Suhrid Balakrishnan , Suhas Mathur
IPC分类号: H04L29/06
CPC分类号: H04L63/1416 , H04L63/14 , H04L63/1408 , H04L63/1425 , H04L2463/146
摘要: Methods, apparatus, systems and articles of manufacture are disclosed to identify an Internet protocol address blacklist boundary. An example method includes identifying a netblock associated with a malicious Internet protocol address, the netblock having a lower boundary and an upper boundary, collecting netflow data associated with a plurality of Internet protocol addresses in the netblock, establishing a first window associated with a lower portion of Internet protocol addresses numerically lower than a candidate Internet protocol address, establishing a second window associated with an upper portion of Internet protocol addresses numerically higher than a candidate Internet protocol address, calculating a breakpoint score based on a comparison between a behavioral profile of the first window and a behavioral profile of the second window, and identifying a first sub-netblock when the breakpoint score exceeds a threshold value.
摘要翻译: 公开了方法,装置,系统和制品以识别因特网协议地址黑名单边界。 示例性方法包括识别与恶意因特网协议地址相关联的网络块,网络块具有下边界和上边界,收集与网络块中的多个因特网协议地址相关联的网络流数据,建立与下部相关联的第一窗口 互联网协议地址数字地低于候选互联网协议地址,建立与互联网协议地址的上部相关联的第二窗口,数字地高于候选互联网协议地址,计算断点得分,基于第一 窗口和第二窗口的行为简档,以及当断点得分超过阈值时识别第一子网块。
-
78.发明申请METHOD AND SYSTEM FOR TRACKING MACHINES ON A NETWORK USING FUZZY GUID TECHNOLOGY 有权使用FUZZY GUID技术在网络上跟踪机器的方法和系统公开(公告)号:US20150074804A1
公开(公告)日:2015-03-12
申请号:US14298823
申请日:2014-06-06
申请人: ThreatMETRIX PTY LTD
发明人: SCOTT THOMAS , DAVID G. JONES
CPC分类号: H04L63/0876 , G06F17/30864 , G06F21/00 , G06F21/50 , G06F21/55 , G06F21/57 , G06F2201/86 , G06F2221/2127 , H04L29/06877 , H04L29/06884 , H04L29/06911 , H04L63/0236 , H04L63/10 , H04L63/14 , H04L63/1408 , H04L2463/146
摘要: A method for querying a knowledgebase of malicious hosts numbered from 1 through N. The method includes providing a network of computers, which has a plurality of unknown malicious host machines. In a specific embodiment, the malicious host machines are disposed throughout the network of computers, which includes a worldwide network of computers, e.g., Internet. The method includes querying a knowledge base including a plurality of known malicious hosts, which are numbered from 1 through N, where N is an integer greater than 1. In a preferred embodiment, the knowledge base is coupled to the network of computers. The method includes receiving first information associated with an unknown host from the network; identifying an unknown host and querying the knowledge base to determine if the unknown host is one of the known malicious hosts in the knowledge base. The method also includes outputting second information associated with the unknown host based upon the querying process.
摘要翻译: 一种用于查询从1到N编号的恶意主机的知识库的方法。该方法包括提供具有多个未知恶意主机的计算机网络。 在具体实施例中,恶意主机被布置在整个计算机网络中,其包括全球计算机网络,例如因特网。 该方法包括查询包括从1到N编号的多个已知恶意主机的知识库,其中N是大于1的整数。在优选实施例中,知识库耦合到计算机网络。 该方法包括从网络接收与未知主机相关联的第一信息; 识别未知主机并查询知识库以确定未知主机是知识库中已知的恶意主机之一。 该方法还包括基于查询过程输出与未知主机相关联的第二信息。
-
公开(公告)号:US08898292B2
公开(公告)日:2014-11-25
申请号:US13219581
申请日:2011-08-26
申请人: Cheng Huang , David A. Maltz , Jin Li , Ming Zhang , Chao Zhang , Keith W. Ross
发明人: Cheng Huang , David A. Maltz , Jin Li , Ming Zhang , Chao Zhang , Keith W. Ross
IPC分类号: G06F15/173 , H04L29/06 , H04L29/12
CPC分类号: H04L61/1511 , H04L63/12 , H04L63/1408 , H04L2463/146
摘要: A plurality of network addresses from a distributed client is obtained, at least a first portion of the obtained network addresses including resolved network address responses to distributed client requests for resolved network addresses corresponding to one or more network location indicators associated with a first web service. Test content is obtained, based on one or more of the network addresses included in the first portion. It is determined whether the obtained test content includes unauthorized content.
摘要翻译: 获得来自分布式客户端的多个网络地址,所获得的网络地址的至少第一部分包括对分配的客户端请求的分辨的网络地址响应,所述解析的网络地址对应于与第一web服务相关联的一个或多个网络位置指示符。 基于包括在第一部分中的一个或多个网络地址获得测试内容。 确定所获得的测试内容是否包括未授权的内容。
-
公开(公告)号:US08831629B2
公开(公告)日:2014-09-09
申请号:US13308253
申请日:2011-11-30
申请人: Sheldon Meredith , Jeremy Fix , Mario Kosseifi
发明人: Sheldon Meredith , Jeremy Fix , Mario Kosseifi
IPC分类号: H04W24/00
CPC分类号: H04W4/023 , H04L63/0236 , H04L2463/146 , H04W12/12 , H04W48/16 , H04W88/08
摘要: A method includes detecting, at a device coupled to a network, a communication transmitted over the network. The method includes determining whether the communication is associated with an unauthorized data request, and, in response to determining that the communication is associated with the unauthorized data request, determining an access point associated with a source of the communication. The method further includes transmitting a message to a service provider. The message may request identification of mobile communication devices that are located within a threshold distance of the access point.
摘要翻译: 一种方法包括在耦合到网络的设备处检测通过网络发送的通信。 所述方法包括确定所述通信是否与未授权的数据请求相关联,并且响应于确定所述通信与所述未授权数据请求相关联,确定与所述通信源相关联的接入点。 该方法还包括向服务提供商发送消息。 消息可以请求对位于接入点的阈值距离内的移动通信设备的标识。
-
-
-
-
-
-
-
-
-
搜索结果
291 条记录 (耗时 0.024 秒)
