公开(公告)号：US07426634B2

公开(公告)日：2008-09-16

申请号：US10759799

申请日：2004-01-15

申请人： Hemant Kumar Jain

发明人： Hemant Kumar Jain

IPC分类号： H04L9/00

CPC分类号： H04L63/1458 ,  H04L2463/141

摘要： The present invention provides a method and apparatus for detecting and preventing a plurality of denial of service (DOS) and distributed denial of service (DDOS) attacks. The apparatus includes classifiers for parsing packets; meters storing statistics for the classified packets and detecting flood thresholds; an Ager for maintaining timeouts; a decision multiplexer for multiplexing inputs from various meters and determines whether to allow or deny the packet; and a threshold estimation means for estimating thresholds based on past data from meters, baselines, trends and seasonality. The apparatus includes a PCI interface through which a host can interact, learn continuously and set thresholds in a continuous and adaptive manner so as to prevent rate based DOS and DDOS attacks. The apparatus includes a mechanism to track culprit sources at layer 2 and layer 3 through a multiplicative increment method.

摘要翻译： 本发明提供了一种用于检测和防止多个拒绝服务（DOS）和分布式拒绝服务（DDOS）攻击的方法和装置。 该装置包括用于解析分组的分类器; 存储分类数据包的统计信息和检测洪泛阈值; 用于维持超时的Ager; 决定多路复用器，用于复用来自各种仪表的输入，并确定是允许还是拒绝该分组; 以及阈值估计装置，用于基于从米，基线，趋势和季节性的过去数据估计阈值。 该装置包括PCI接口，主机可以通过该接口连续学习并连续学习和设置阈值，以防止基于速率的DOS和DDOS攻击。 该装置包括通过乘法增量方法来跟踪层2和层3上的歹徒源的机制。

公开(公告)号：US07602731B2

公开(公告)日：2009-10-13

申请号：US11021637

申请日：2004-12-22

申请人： Hemant Kumar Jain

发明人： Hemant Kumar Jain

IPC分类号： H04L12/26 ,  H04L9/32

CPC分类号： H04L63/1408 ,  H04L63/1441

摘要： The present invention provides an integrated prevention of header, state, rate and content anomalies along with network policy enforcement. A hardware based apparatus classifies layers 2, 3, 4 and 7 network data and maintains rate-thresholds through continuous and adaptive learning. In the process of classifying the packets, the apparatus can determine header and state anomalies and drop packets containing those anomalies. Accurate detection and prevention of layer 7 content anomalies is achieved using fragment assembly, TCP reorder and retransmission removal components, which also identify anomalies in those areas. Content inspection is achieved at high speed through a Content Inspection Engine. The apparatus integrates advantageous solutions to prevent anomalous packets and enables a policy based packet filter.

摘要翻译： 本发明提供了头部，状态，速率和内容异常以及网络策略实施的综合预防。 基于硬件的设备对层2,3,4和7网络数据进行分类，并通过连续和自适应学习来维护速率阈值。 在对包进行分类的过程中，设备可以确定包含这些异常的报头和状态异常和丢弃包。 使用片段组装，TCP重新排序和重传去除组件实现了第7层内容异常的准确检测和预防，这也识别了这些领域的异常。 内容检查通过内容检查引擎高速实现。 该设备集成了有利的解决方案，以防止异常数据包，并实现基于策略的数据包过滤。

公开(公告)号：US07765313B2

公开(公告)日：2010-07-27

申请号：US10177043

申请日：2002-06-21

申请人： Hemant Kumar Jain ,  Namit Sikka ,  King Rhoton

发明人： Hemant Kumar Jain ,  Namit Sikka ,  King Rhoton

IPC分类号： G06F15/16

CPC分类号： H04L43/18 ,  H04L12/5602 ,  H04L29/06 ,  H04L29/12339 ,  H04L47/10 ,  H04L47/2433 ,  H04L47/2441 ,  H04L47/2475 ,  H04L47/31 ,  H04L61/2503 ,  H04L63/0227 ,  H04L67/16 ,  H04L69/06 ,  H04L69/22 ,  H04L69/32

摘要： A classification engine is capable of receiving a plurality of protocol data units (PDUs) and performing a tree-based classification on the PDUs. The classification engine includes: input means for receiving the PDUs; parsing means capable of parsing the PDUs to generate an abstracted protocol structure for at least one of the PDUs; classifier capable of performing the tree-based classification, said classifier being capable of enforcing policy using the abstracted protocol structure; and output means for transmitting the PDUs.

摘要翻译： 分类引擎能够接收多个协议数据单元（PDU）并在PDU上执行基于树的分类。 分类引擎包括：用于接收PDU的输入装置; 解析装置，其能够解析所述PDU以生成用于所述PDU中的至少一个的抽象协议结构; 分类器能够执行基于树的分类，所述分类器能够使用抽象的协议结构来执行策略; 以及用于发送PDU的输出装置。

公开(公告)号：US07356663B2

公开(公告)日：2008-04-08

申请号：US10984244

申请日：2004-11-08

申请人： Hemant Kumar Jain

发明人： Hemant Kumar Jain

IPC分类号： G06F13/00

CPC分类号： H04L63/1408

摘要： The present invention provides a method and apparatus for searching multiple strings within a packet data using deterministic finite automata. The apparatus includes means for updating memory tables stored in a layered memory architecture comprising a BRAM, an SRAM and a DRAM; a mechanism to strategically store the relevant data structure in the three memories based on the characteristics of data, size/capacity of the data structure, and frequency of access. The apparatus intelligently and efficiently places the associated data in different memories based on the observed fact that density of most rule-sets is around 10% for common data in typical network intrusion prevention systems. The methodology and layered memory architecture enable the apparatus implementing the present invention to achieve data processing line rates over 2 Gbps.

摘要翻译： 本发明提供一种使用确定性有限自动机在分组数据内搜索多个字符串的方法和装置。 该装置包括用于更新存储在包括BRAM，SRAM和DRAM的分层存储器架构中的存储器表的装置; 基于数据的特性，数据结构的大小/容量以及访问频率，将三个存储器中的相关数据结构策略地存储的机制。 基于观察到的事实，该设备智能地和有效地将相关联的数据放置在不同的存储器中，大多数规则集的密度对于典型的网络入侵防御系统中的通用数据来说约为10％。 方法和分层存储器架构使得能够实现本发明的装置实现超过2Gbps的数据处理线路速率。

公开(公告)号：US07626940B2

公开(公告)日：2009-12-01

申请号：US11158317

申请日：2005-06-20

申请人： Hemant Kumar Jain

发明人： Hemant Kumar Jain

IPC分类号： H04L12/26 ,  H04L9/32

CPC分类号： H04L63/1408 ,  H04L63/1441

摘要： The present invention provides an integrated prevention of header, state, rate and content anomalies along with network policy enforcement for domain name service (DNS). A hardware-based apparatus helps identifying DNS rate-thresholds through continuous and adaptive learning. The apparatus can determine DNS header and DNS state anomalies and drop packets containing those anomalies. DNS queries and responses are inspected for known malicious contents using a Content Inspection Engine. The apparatus integrates advantageous solutions to prevent anomalous packets and enables a policy based packet filter for DNS.

摘要翻译： 本发明提供了针对域名服务（DNS）的头部，状态，速率和内容异常以及网络策略实施的综合预防。 基于硬件的设备通过连续和自适应学习帮助识别DNS速率阈值。 该装置可以确定包含这些异常的DNS报头和DNS状态异常和丢弃分组。 使用内容检查引擎检查DNS查询和响应的已知恶意内容。 该设备集成了有利的解决方案，以防止异常数据包，并实现基于策略的DNS过滤。