-
公开(公告)号:US09088554B1
公开(公告)日:2015-07-21
申请号:US11648439
申请日:2006-12-29
CPC分类号: H04L63/08 , H04L41/5006 , H04L65/4069 , H04L63/10 , H04L65/4084 , H04L65/80
摘要: A system and method for receiving a plurality of values related to providing services on a network, determining at least one constraint value based on the plurality of values, performing a distribution analysis using the plurality of values and the at least one constraint value and outputting a result derived from the distribution analysis.
摘要翻译: 一种用于接收与在网络上提供服务相关的多个值的系统和方法,基于所述多个值确定至少一个约束值,使用所述多个值和所述至少一个约束值执行分布分析,并输出 结果源于分布分析。
-
公开(公告)号:US20130262697A1
公开(公告)日:2013-10-03
申请号:US13432447
申请日:2012-03-28
IPC分类号: G06F15/173
CPC分类号: H04L67/2842 , H04L43/16 , H04L45/42 , H04L61/1511 , H04L67/2847 , H04N21/2181 , H04N21/23103 , H04N21/23106 , H04N21/23116 , H04N21/64738
摘要: A method includes receiving at a cache server a content request from a client system, determining that the cache server is overloaded in response to receiving the content request, and in response to determining that the cache server is overloaded, returning to the client system a domain redirection response including a load status of the cache server.
摘要翻译: 一种方法包括在高速缓存服务器处接收来自客户端系统的内容请求,响应于接收到内容请求确定高速缓存服务器过载,并且响应于确定高速缓存服务器过载,返回到客户端系统域 重定向响应包括缓存服务器的加载状态。
-
公开(公告)号:US20080080518A1
公开(公告)日:2008-04-03
申请号:US11540827
申请日:2006-09-29
IPC分类号: H04L12/56
CPC分类号: H04L63/1416 , H04L63/1425 , H04L2463/144
摘要: A method and apparatus for detecting compromised host computers (e.g., Bots) are disclosed. For example, the method identifies a plurality of suspicious hosts. Once identified, the method analyzes network traffic of the plurality suspicious hosts to identify a plurality suspicious hub-servers. The method then classifies the plurality of candidate Bots into at least one group. The method then identifies members of each of the at least one group that are connected to a same controller from the plurality suspicious controllers, where the members are identified to be part of a Botnet.
摘要翻译: 公开了一种用于检测受损主机(例如,Bots)的方法和装置。 例如,该方法识别多个可疑主机。 一旦识别,该方法分析多个可疑主机的网络流量,以识别多个可疑集线器服务器。 然后,该方法将多个候选机器分类为至少一个组。 该方法然后从多个可疑控制器中识别连接到同一控制器的至少一个组中的每一个的成员,其中成员被识别为僵尸网络的一部分。
-
公开(公告)号:US09307044B2
公开(公告)日:2016-04-05
申请号:US13432447
申请日:2012-03-28
IPC分类号: G06F15/173 , H04L29/08 , H04N21/218 , H04N21/231 , H04N21/647
CPC分类号: H04L67/2842 , H04L43/16 , H04L45/42 , H04L61/1511 , H04L67/2847 , H04N21/2181 , H04N21/23103 , H04N21/23106 , H04N21/23116 , H04N21/64738
摘要: A method includes receiving at a cache server a content request from a client system, determining that the cache server is overloaded in response to receiving the content request, and in response to determining that the cache server is overloaded, returning to the client system a domain redirection response including a load status of the cache server.
摘要翻译: 一种方法包括在高速缓存服务器处接收来自客户端系统的内容请求,响应于接收到内容请求确定高速缓存服务器过载,并且响应于确定高速缓存服务器过载,返回到客户端系统域 重定向响应包括缓存服务器的加载状态。
-
公开(公告)号:US08533819B2
公开(公告)日:2013-09-10
申请号:US11540827
申请日:2006-09-29
IPC分类号: H04L29/06
CPC分类号: H04L63/1416 , H04L63/1425 , H04L2463/144
摘要: A method and apparatus for detecting compromised host computers (e.g., Bots) are disclosed. For example, the method identifies a plurality of suspicious hosts. Once identified, the method analyzes network traffic of the plurality suspicious hosts to identify a plurality suspicious hub-servers. The method then classifies the plurality of candidate Bots into at least one group. The method then identifies members of each of the at least one group that are connected to a same controller from the plurality suspicious controllers, where the members are identified to be part of a Botnet.
摘要翻译: 公开了一种用于检测受损主机(例如,Bots)的方法和装置。 例如,该方法识别多个可疑主机。 一旦识别,该方法分析多个可疑主机的网络流量,以识别多个可疑集线器服务器。 然后,该方法将多个候选机器分类为至少一个组。 该方法然后从多个可疑控制器中识别连接到同一控制器的至少一个组中的每一个的成员,其中成员被识别为僵尸网络的一部分。
-
公开(公告)号:US08910280B2
公开(公告)日:2014-12-09
申请号:US13460110
申请日:2012-04-30
申请人: Anestis Karasaridis
发明人: Anestis Karasaridis
CPC分类号: G06F21/00 , G06F21/577 , H04L63/1425 , H04L63/1466 , H04L2463/145
摘要: Concepts and technologies for detecting and blocking Domain Name System (“DNS”) cache poisoning attacks are provided. An inline detector and blocker apparatus implements a detection algorithm to monitor DNS response packets and detects a DNS cache poisoning attack utilizing the detection algorithm. The inline detector and blocker apparatus detects the DNS cache poisoning attack by receiving a DNS response packet and determining that the response packet includes poison data. The poison data may be included within an additional section of the response packet and/or an answer section of the response packet. As appropriate, the inline detector and blocker apparatus removes the additional section and/or the answer section of the response packet to effectively block the poison data from being cached by a DNS caching resolver.
摘要翻译: 提供了检测和阻止域名系统(“DNS”)缓存中毒攻击的概念和技术。 在线检测器和阻断装置实现检测算法来监视DNS响应包,并利用检测算法检测DNS缓存中毒攻击。 在线检测器和阻断装置通过接收DNS响应包并确定响应包包含毒物数据来检测DNS缓存中毒攻击。 毒物数据可以包括在响应分组的附加部分和/或响应分组的应答部分中。 合适的是,在线检测器和阻塞装置去除响应分组的附加部分和/或应答部分,以有效地阻止毒物数据被DNS缓存解析器缓存。
-
7.发明授权System and method to discover clients associated with local domain name server using sampling 有权使用抽样发现与本地域名服务器关联的客户端的系统和方法公开(公告)号:US08392550B2
公开(公告)日:2013-03-05
申请号:US13415598
申请日:2012-03-08
IPC分类号: G06F15/173
CPC分类号: H04L61/2007 , H04L29/12066 , H04L61/1511 , H04L61/2076 , H04L67/16 , H04L67/2842
摘要: A content delivery system includes an analyzer module, a content request data collection module, and a domain name server. The collection module receives request sent to a tracking address, collects information about the request, and provides the information to the analyzer. The server receives an address request from a local domain name server associated with an autonomous system for the cache server address, provides the tracking address to the local server because the local server is associated with the second autonomous system, collects address request information about the address, and provides the address request information to the analyzer module. The analyzer module receives the address request and content request information, and determines information about clients served by the autonomous system based on the address request and content request information.
摘要翻译: 内容传送系统包括分析器模块,内容请求数据收集模块和域名服务器。 收集模块接收发送到跟踪地址的请求,收集有关请求的信息,并将信息提供给分析器。 服务器从与缓存服务器地址的自治系统相关联的本地域名服务器接收地址请求,将跟踪地址提供给本地服务器,因为本地服务器与第二自治系统相关联,收集关于地址的地址请求信息 ,并向分析器模块提供地址请求信息。 分析器模块接收地址请求和内容请求信息,并且基于地址请求和内容请求信息来确定由自主系统服务的客户端的信息。
-
8.发明授权公开(公告)号:US08904530B2
公开(公告)日:2014-12-02
申请号:US12341609
申请日:2008-12-22
CPC分类号: H04L63/1441 , G06F21/566 , G06F2221/2101 , H04L51/12 , H04L63/1416 , H04L63/1425 , H04L2463/144
摘要: A system for detecting a remotely controlled e-mail spam host. The system includes an E-mail spammer detection unit and a host traffic profiling unit. The E-mail spammer detection unit identifies E-mail Spammers based on SMTP traffic characteristics. The host profiling unit extracts traffic components from the plurality of Internet traffic associated with an E-mail Spammer; interprets the extracted traffic components and determines whether the E-mail Spammer is a compromised host. The system may also include a botnet controller detection unit that analyzes traffic associated with compromised E-mail Spammers and identifies the botnet Controller remotely controlling the compromised E-mail Spammer.
摘要翻译: 用于检测远程控制的电子邮件垃圾邮件主机的系统。 该系统包括电子邮件垃圾邮件发送者检测单元和主机流量分析单元。 电子邮件垃圾邮件发送器检测单元基于SMTP流量特征识别电子邮件垃圾邮件发送者。 主机分析单元从与电子邮件垃圾邮件相关联的多个互联网流量中提取流量组件; 解释提取的流量组件,并确定电子邮件垃圾邮件是否是受损主机。 该系统还可以包括僵尸网络控制器检测单元,其分析与受损害的电子邮件垃圾邮件发送者相关联的流量,并识别僵尸网络控制器远程控制受损害的电子邮件垃圾邮件。
-
公开(公告)号:US20100161537A1
公开(公告)日:2010-06-24
申请号:US12418980
申请日:2009-04-06
CPC分类号: H04L41/142 , H04L43/028 , H04L51/12
摘要: A system and method for detecting Email spammers from unknown SMTP Clients using the unknown SMTP Client's SMTP traffic information e.g. byte size and variability data. The system and method includes a byte size and variability traffic flow model and a classification system. The traffic flow model may be based upon a standard deviation of byte size and variability of traffic flows for a plurality of legitimate SMTP Clients and for a plurality of Spammer SMTP Clients. The classification system then classifies an Unknown SMTP Client as an Email Spammer based on a comparison between the byte size and the variability of the Unknown SMTP Client's traffic flows with the byte size and variability traffic flow model.
摘要翻译: 使用未知SMTP客户端的SMTP流量信息来检测来自未知SMTP客户端的电子邮件垃圾邮件发送者的系统和方法,例如 字节大小和变异性数据。 该系统和方法包括字节大小和可变性业务流模型和分类系统。 业务流模型可以基于多个合法SMTP客户端和多个垃圾邮件SMTP客户端的字节大小和业务流的可变性的标准偏差。 然后,分类系统基于字节大小与未知SMTP客户端的流量流与字节大小和可变性流量模型的可变性之间的比较,将未知SMTP客户端分类为电子邮件垃圾邮件。
-
10.发明授权公开(公告)号:US08832245B2
公开(公告)日:2014-09-09
申请号:US13107306
申请日:2011-05-13
申请人: Anestis Karasaridis , Ashley Flavel , James Miros
发明人: Anestis Karasaridis , Ashley Flavel , James Miros
IPC分类号: G06F15/16 , G06F15/177 , G06F15/173 , H04L29/08 , H04L29/12
CPC分类号: H04L67/1021 , H04L61/1511
摘要: An authoritative domain name system server includes a memory configured to store a set of instructions, and a processor configured to execute the set of instructions. The processor obtains a first Internet Protocol address of a client system associated with a request for a domain name, and assigns a location of the authoritative domain name system server as an ingress region. The processor assigns the egress override as an egress region when the first Internet Protocol address matches the prefix of the egress override, otherwise obtains an egress table, determines a longest prefix match of the first Internet Protocol address, obtains a distance matrix for distances from the ingress location to a plurality of egress regions, and selects the egress region based on the distance matrix and the longest prefix match in the egress table. The processor selects a content node based on the one egress region, and assigns a second Internet Protocol address for the content node to a local domain name system server associated with the client system.
摘要翻译: 权威域名系统服务器包括被配置为存储一组指令的存储器和被配置为执行该组指令的处理器。 处理器获得与域名请求相关联的客户端系统的第一互联网协议地址,并将权威域名系统服务器的位置分配为入口区域。 当第一个Internet协议地址与出口覆盖的前缀匹配时,处理器将出口覆盖分配为出口区域,否则获得出口表,确定第一个因特网协议地址的最长前缀匹配,获得距离 入口位置到多个出口区域,并且基于出口表中的距离矩阵和最长前缀匹配来选择出口区域。 处理器基于一个出口区域选择内容节点,并且将内容节点的第二互联网协议地址分配给与客户端系统相关联的本地域名系统服务器。
-
-
-
-
-
-
-
-
-
搜索结果
22 条记录 (耗时 0.015 秒)
