-
公开(公告)号:US09497163B2
公开(公告)日:2016-11-15
申请号:US14984884
申请日:2015-12-30
Applicant: Juniper Networks, Inc.
Inventor: Oskar Ibatullin , Kyle Adams , Daniel J. Quinlan
CPC classification number: H04L63/1466 , G06F21/554 , H04L63/0209 , H04L63/1425 , H04L63/1441 , H04L67/10
Abstract: This disclosure describes techniques for proactively identifying possible attackers based on a profile of a device. For example, a device includes one or more processors and network interface cards to receive, from a remote device, network traffic directed to one or more computing devices protected by the device, determine, based on content of the network traffic, a first set of data points for the device, send a response to the remote device to ascertain a second set of data points for the device, and receive, from the remote device, at least a portion of the second set of data points. The device also includes a security module operable by the processors to determine a maliciousness rating, and selectively manage, based on the maliciousness rating, additional network traffic directed to the one or more computing devices protected by the security device and received from the remote device.
-
公开(公告)号:US20150067866A1
公开(公告)日:2015-03-05
申请号:US14014537
申请日:2013-08-30
Applicant: Juniper Networks, Inc.
Inventor: Oskar Ibatullin , Kyle Adams , Daniel J. Quinlan
IPC: G06F21/55
CPC classification number: H04L63/1466 , G06F21/554 , H04L63/0209 , H04L63/1425 , H04L63/1441 , H04L67/10
Abstract: This disclosure describes techniques for proactively identifying possible attackers based on a profile of a device. For example, a device includes one or more processors and network interface cards to receive, from a remote device, network traffic directed to one or more computing devices protected by the device, determine, based on content of the network traffic, a first set of data points for the device, send a response to the remote device to ascertain a second set of data points for the device, and receive, from the remote device, at least a portion of the second set of data points. The device also includes a security module operable by the processors to determine a maliciousness rating, and selectively manage, based on the maliciousness rating, additional network traffic directed to the one or more computing devices protected by the security device and received from the remote device.
-
公开(公告)号:US20170063922A1
公开(公告)日:2017-03-02
申请号:US15350179
申请日:2016-11-14
Applicant: Juniper Networks, Inc.
Inventor: Oskar Ibatullin , Kyle Adams , Daniel J. Quinlan
CPC classification number: H04L63/1466 , G06F21/554 , H04L63/0209 , H04L63/1425 , H04L63/1441 , H04L67/10
Abstract: This disclosure describes techniques for proactively identifying possible attackers based on a profile of a device. For example, a device includes one or more processors and network interface cards to receive, from a remote device, network traffic directed to one or more computing devices protected by the device, determine, based on content of the network traffic, a first set of data points for the device, send a response to the remote device to ascertain a second set of data points for the device, and receive, from the remote device, at least a portion of the second set of data points. The device also includes a security module operable by the processors to determine a maliciousness rating, and selectively manage, based on the maliciousness rating, additional network traffic directed to the one or more computing devices protected by the security device and received from the remote device.
Abstract translation: 本公开描述了基于设备的轮廓主动地识别可能的攻击者的技术。 例如,设备包括一个或多个处理器和网络接口卡,用于从远程设备接收指向由设备保护的一个或多个计算设备的网络流量,基于网络业务的内容来确定第一组 发送对远程设备的响应以确定设备的第二组数据点,并从远程设备接收第二组数据点的至少一部分。 该设备还包括可由处理器操作以确定恶意等级的安全模块,并且基于恶意等级选择性地管理针对由安全设备保护并从远程设备接收的一个或多个计算设备的附加网络流量。
-
公开(公告)号:US20140283061A1
公开(公告)日:2014-09-18
申请号:US13910019
申请日:2013-06-04
Applicant: Juniper Networks, Inc.
Inventor: Daniel J. Quinlan , Kyle Adams , Oskar Ibatullin , Yuly Tenorio Morales , Robert W. Cameron , Bryan Burns
IPC: H04L29/06
CPC classification number: H04L63/1441 , H04L63/1408 , H04L67/02
Abstract: This disclosure describes a global attacker database that utilizes device fingerprinting to uniquely identify devices. For example, a device includes one or more processors and network interface cards to receive network traffic directed to one or more computing devices protected by the device, send, to the remote device, a request for data points of the remote device, wherein the data points include characteristics associated with the remote device, and receive at least a portion of the requested data points. The device also includes a fingerprint module to compare the received portion of the data points to sets of data points associated with known attacker devices, and determine, based on the comparison, whether a first set of data points of a first known attacker device satisfies a similarity threshold. The device also includes an security module to selectively manage, based on the determination, additional network traffic directed to the computing devices.
Abstract translation: 本公开描述了使用设备指纹识别设备的全局攻击者数据库。 例如,设备包括一个或多个处理器和网络接口卡,以接收指向由设备保护的一个或多个计算设备的网络流量,向远程设备发送对远程设备的数据点的请求,其中数据 点包括与远程设备相关联的特征,并且接收所请求的数据点的至少一部分。 所述设备还包括指纹模块,用于将接收到的数据点部分与已知攻击者设备相关联的数据点集合进行比较,并且基于比较确定第一已知攻击者设备的第一组数据点是否满足 相似性阈值。 该设备还包括安全模块,用于基于确定选择性地管理针对计算设备的附加网络流量。
-
公开(公告)号:US09838427B2
公开(公告)日:2017-12-05
申请号:US15338173
申请日:2016-10-28
Applicant: Juniper Networks, Inc.
Inventor: Daniel J. Quinlan , Oskar Ibatullin , Bryan Burns , Oliver Tavakoli , Robert W. Cameron
CPC classification number: H04L63/1491 , H04L67/28 , H04L67/42 , H04W12/12
Abstract: A network device comprises one or more processors coupled to a memory, and a dynamic services module configured for execution by the one or more processors to receive, from a client device, a service request specifying a service. The dynamic service module is further configured for execution by the one or more processors to, in response to obtaining a negative indication for the service, send a representation of the service request to a honeypot to cause the honeypot to offer the service to the client device.
-
Patent Agency Ranking
公开(公告)号:US09485276B2
公开(公告)日:2016-11-01
申请号:US14586401
申请日:2014-12-30
Applicant: Juniper Networks, Inc.
Inventor: Daniel J. Quinlan , Oskar Ibatullin , Bryan Burns , Oliver Tavakoli , Robert W. Cameron
CPC classification number: H04L63/1491 , H04L67/28 , H04L67/42 , H04W12/12
Abstract: A network device comprises one or more processors coupled to a memory, and a dynamic services module configured for execution by the one or more processors to receive, from a client device, a service request specifying a service. The dynamic service module is further configured for execution by the one or more processors to, in response to obtaining a negative indication for the service, send a representation of the service request to a honeypot to cause the honeypot to offer the service to the client device.
Abstract translation: 网络设备包括耦合到存储器的一个或多个处理器和被配置为由一个或多个处理器执行以从客户端设备接收指定服务的服务请求的动态服务模块。 动态服务模块还被配置为用于由一个或多个处理器执行以响应于获得针对服务的否定指示,向蜜罐发送服务请求的表示以使蜜罐向客户端设备提供服务 。
-
公开(公告)号:US20160119286A1
公开(公告)日:2016-04-28
申请号:US14984884
申请日:2015-12-30
Applicant: Juniper Networks, Inc.
Inventor: Oskar Ibatullin , Kyle Adams , Daniel J. Quinlan
IPC: H04L29/06
CPC classification number: H04L63/1466 , G06F21/554 , H04L63/0209 , H04L63/1425 , H04L63/1441 , H04L67/10
Abstract: This disclosure describes techniques for proactively identifying possible attackers based on a profile of a device. For example, a device includes one or more processors and network interface cards to receive, from a remote device, network traffic directed to one or more computing devices protected by the device, determine, based on content of the network traffic, a first set of data points for the device, send a response to the remote device to ascertain a second set of data points for the device, and receive, from the remote device, at least a portion of the second set of data points. The device also includes a security module operable by the processors to determine a maliciousness rating, and selectively manage, based on the maliciousness rating, additional network traffic directed to the one or more computing devices protected by the security device and received from the remote device.
-
公开(公告)号:US20170048274A1
公开(公告)日:2017-02-16
申请号:US15338173
申请日:2016-10-28
Applicant: Juniper Networks, Inc.
Inventor: Daniel J. Quinlan , Oskar Ibatullin , Bryan Burns , Oliver Tavakoli , Robert W. Cameron
CPC classification number: H04L63/1491 , H04L67/28 , H04L67/42 , H04W12/12
Abstract: A network device comprises one or more processors coupled to a memory, and a dynamic services module configured for execution by the one or more processors to receive, from a client device, a service request specifying a service. The dynamic service module is further configured for execution by the one or more processors to, in response to obtaining a negative indication for the service, send a representation of the service request to a honeypot to cause the honeypot to offer the service to the client device.
Abstract translation: 网络设备包括耦合到存储器的一个或多个处理器和被配置为由一个或多个处理器执行以从客户端设备接收指定服务的服务请求的动态服务模块。 动态服务模块还被配置为用于由一个或多个处理器执行以响应于获得针对服务的否定指示,向蜜罐发送服务请求的表示以使蜜罐向客户端设备提供服务 。
-
公开(公告)号:US09106693B2
公开(公告)日:2015-08-11
申请号:US13910019
申请日:2013-06-04
Applicant: Juniper Networks, Inc.
Inventor: Daniel J. Quinlan , Kyle Adams , Oskar Ibatullin , Yuly Tenorio Morales , Robert W. Cameron , Bryan Burns
CPC classification number: H04L63/1441 , H04L63/1408 , H04L67/02
Abstract: This disclosure describes a global attacker database that utilizes device fingerprinting to uniquely identify devices. For example, a device includes one or more processors and network interface cards to receive network traffic directed to one or more computing devices protected by the device, send, to the remote device, a request for data points of the remote device, wherein the data points include characteristics associated with the remote device, and receive at least a portion of the requested data points. The device also includes a fingerprint module to compare the received portion of the data points to sets of data points associated with known attacker devices, and determine, based on the comparison, whether a first set of data points of a first known attacker device satisfies a similarity threshold. The device also includes an security module to selectively manage, based on the determination, additional network traffic directed to the computing devices.
Abstract translation: 本公开描述了使用设备指纹识别设备的全局攻击者数据库。 例如,设备包括一个或多个处理器和网络接口卡,以接收指向由设备保护的一个或多个计算设备的网络流量,向远程设备发送对远程设备的数据点的请求,其中数据 点包括与远程设备相关联的特征,并且接收所请求的数据点的至少一部分。 所述设备还包括指纹模块,用于将接收到的数据点部分与已知攻击者设备相关联的数据点集合进行比较,并且基于比较确定第一已知攻击者设备的第一组数据点是否满足 相似性阈值。 该设备还包括安全模块,用于基于确定选择性地管理针对计算设备的附加网络流量。
-
公开(公告)号:US20150222661A1
公开(公告)日:2015-08-06
申请号:US14689255
申请日:2015-04-17
Applicant: Juniper Networks, Inc.
Inventor: Oskar Ibatullin , Kyle Adams , Daniel J. Quinlan
CPC classification number: H04L63/1466 , G06F21/554 , H04L63/0209 , H04L63/1425 , H04L63/1441 , H04L67/10
Abstract: This disclosure describes techniques for proactively identifying possible attackers based on a profile of a device. For example, a device includes one or more processors and network interface cards to receive, from a remote device, network traffic directed to one or more computing devices protected by the device, determine, based on content of the network traffic, a first set of data points for the device, send a response to the remote device to ascertain a second set of data points for the device, and receive, from the remote device, at least a portion of the second set of data points. The device also includes a security module operable by the processors to determine a maliciousness rating, and selectively manage, based on the maliciousness rating, additional network traffic directed to the one or more computing devices protected by the security device and received from the remote device.
Abstract translation: 本公开描述了基于设备的轮廓主动地识别可能的攻击者的技术。 例如,设备包括一个或多个处理器和网络接口卡,用于从远程设备接收指向由设备保护的一个或多个计算设备的网络流量,基于网络业务的内容来确定第一组 发送对远程设备的响应以确定设备的第二组数据点,并从远程设备接收第二组数据点的至少一部分。 该设备还包括可由处理器操作以确定恶意等级的安全模块,并且基于恶意等级选择性地管理针对由安全设备保护并从远程设备接收的一个或多个计算设备的附加网络流量。
-
-
-
-
-
-
-
-
-
Search Results
15
records
(took 0.015 seconds)
