公开(公告)号：US20160352761A1

公开(公告)日：2016-12-01

申请号：US14820265

申请日：2015-08-06

Applicant: Cisco Technology, Inc.

Inventor： DAVID MCGREW ,  ANDREW ZAWADOWSKIY ,  DONOVAN O'HARA ,  SARAVANAN RADHAKRISHNAN ,  TOMAS PEVNY ,  DANIEL G. WING

IPC: H04L29/06

CPC classification number: H04L63/145 ,  H04L63/1408 ,  H04L63/166 ,  H04L69/16 ,  H04L2463/121

Abstract: A method comprises receiving, at a network infrastructure device, a flow of packets, determining, using the network infrastructure device and for a first subset of the packets, that the first subset corresponds to a first datagram and determining a first length of the first datagram, determining, using the network infrastructure device and for a second subset of the packets, that the second subset corresponds to a second datagram that was received after the first datagram, and determining a second length of the second datagram, determining, using the network infrastructure device, a duration value between a first arrival time of the first datagram and a second arrival time of the second datagram, sending, to a collector device that is separate from the network infrastructure device, the first length, the second length, and the duration value for analysis.

Abstract translation: 一种方法包括在网络基础设施设备处接收分组流，使用网络基础设施设备和分组的第一子集来确定第一子集对应于第一数据报，并确定第一数据报的第一长度 确定使用所述网络基础设施设备和所述分组的第二子集，所述第二子集对应于在所述第一数据报之后接收到的第二数据报，并且确定所述第二数据报的第二长度，使用所述网络基础设施 设备，第一数据报的第一到达时间与第二数据报的第二到达时间之间的持续时间值，发送到与网络基础设施设备分开的收集器设备，第一长度，第二长度和持续时间 价值分析。

公开(公告)号：US20210360004A1

公开(公告)日：2021-11-18

申请号：US17360910

申请日：2021-06-28

Applicant: Cisco Technology, Inc.

Inventor： David McGrew ,  ANDREW ZAWADOWSKIY ,  DONOVAN O'HARA ,  SARAVANAN RADHAKRISHNAN ,  TOMAS PEVNY ,  DANIEL G. WING

IPC: H04L29/06

Abstract: A method comprises receiving, at a network infrastructure device, a flow of packets, determining, using the network infrastructure device and for a first subset of the packets, that the first subset corresponds to a first datagram and determining a first length of the first datagram, determining, using the network infrastructure device and for a second subset of the packets, that the second subset corresponds to a second datagram that was received after the first datagram, and determining a second length of the second datagram, determining, using the network infrastructure device, a duration value between a first arrival time of the first datagram and a second arrival time of the second datagram, sending, to a collector device that is separate from the network infrastructure device, the first length, the second length, and the duration value for analysis.

公开(公告)号：US20190230095A1

公开(公告)日：2019-07-25

申请号：US16370853

申请日：2019-03-29

Applicant: Cisco Technology, Inc.

Inventor： DAVID MCGREW ,  ANDREW ZAWADOWSKIY ,  DONOVAN O'HARA ,  SARAVANAN RADHAKRISHNAN ,  TOMAS PEVNY ,  DANIEL G. WING

IPC: H04L29/06

Abstract: A method comprises receiving, at a network infrastructure device, a flow of packets, determining, using the network infrastructure device and for a first subset of the packets, that the first subset corresponds to a first datagram and determining a first length of the first datagram, determining, using the network infrastructure device and for a second subset of the packets, that the second subset corresponds to a second datagram that was received after the first datagram, and determining a second length of the second datagram, determining, using the network infrastructure device, a duration value between a first arrival time of the first datagram and a second arrival time of the second datagram, sending, to a collector device that is separate from the network infrastructure device, the first length, the second length, and the duration value for analysis.

公开(公告)号：US20140351942A1

公开(公告)日：2014-11-27

申请号：US14458096

申请日：2014-08-12

Applicant: Cisco Technology, Inc.

Inventor： JEFFREY A. KRAEMER ,  ANDREW ZAWADOWSKIY ,  PHILIP J.S GLADSTONE

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  G06F21/554 ,  G06F21/56 ,  H04L63/14 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/20

Abstract: A system inserts at least one notifying identifier in the computer system. The at least one notifying identifier provides execution information associated with the computer system. The system receives execution information from the at least one notifying identifier, the execution information identifies details associated with a traffic flow on the computer system. The system then generates a signature based on a deterministic link provided by the execution information provided by the at least one notifying identifier. The signature is utilized to prevent further damage caused to the computer system by at least one attack.

Abstract translation: 系统在计算机系统中插入至少一个通知标识符。 所述至少一个通知标识符提供与计算机系统相关联的执行信息。 系统从至少一个通知标识符接收执行信息，执行信息识别与计算机系统上的业务流相关联的细节。 然后，系统基于由至少一个通知标识符提供的执行信息提供的确定性链路来生成签名。 该签名用于通过至少一次攻击来防止对计算机系统的进一步损坏。