CA2430571A1 - Flow-based detection of network intrusions - Google Patents

Flow-based detection of network intrusions Download PDF

Info

Publication number
CA2430571A1
CA2430571A1 CA002430571A CA2430571A CA2430571A1 CA 2430571 A1 CA2430571 A1 CA 2430571A1 CA 002430571 A CA002430571 A CA 002430571A CA 2430571 A CA2430571 A CA 2430571A CA 2430571 A1 CA2430571 A1 CA 2430571A1
Authority
CA
Canada
Prior art keywords
flow
concern index
index value
packets
host
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CA002430571A
Other languages
French (fr)
Other versions
CA2430571C (en
Inventor
John A. Copeland Iii
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cisco Technology Inc
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of CA2430571A1 publication Critical patent/CA2430571A1/en
Application granted granted Critical
Publication of CA2430571C publication Critical patent/CA2430571C/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Abstract

A flow-based intrusion detection system for detecting intrusions in computer communication networks. Data packets representing communications between hosts in a computer-to-computer communication network are processed and assigned to various client/server flows. Statistics are collected for each flow. Then, the flow statistics are analyzed to determine if the flow appears to be legitimate traffic or possible suspicious activity. A concern index value is assigned to each flow that appears suspicious. By assigning a value to each flow that appears suspicious and adding that value to the total concern index of the responsible host, it is possible to identify hosts that are engaged in intrusion activity. When the concern index value of a host exceeds a preset alarm value, an alert is issued and appropriate action can be taken.

Claims (6)

1. A method of analyzing network communication traffic for potential intrusion activity, comprising the steps of:
assigning packets to a flow;
collecting flow data from packet headers;
analyzing collected flow data to assign a concern index value to the flow based upon a probability that the flow was not normal for data communications;
maintaining an accumulated concern index from flows associated with a host;
and issuing an alarm signal once the accumulated concern index has exceeded an alarm threshold value.
2. The method of claim 1, wherein the flow consists of the packets exchanged between two hosts that are associated with a single service.
3. The method of claim 1, wherein the alarm signal updates a firewall for filtering packets transmitted by a host.
4. The method of claim 1, wherein the alarm signal generates a notification to the network administrator.
5. The method of claim 1, wherein each concern index value associated with a respective potential intrusion activity is a predetermined fixed value.
6. A method of analyzing network communication traffic for potential intrusion activity, comprising the steps of:
assigning packets to a flow wherein a flow consists of the packets exchanged between two hosts that are associated with a single service;
collecting flow data from packet headers;
analyzing collected flow data to assign a concern index value wherein each concern index value associated with a respective potential intrusion activity is a predetermined fixed value;
maintaining an accumulated concern index from flows associated with a host;
and issuing an alarm signal once the accumulated concern index has exceeded an alarm threshold value.

8. A method of analyzing network communication traffic for potential intrusion activity, comprising the steps of:
assigning packets to a flow wherein a flow consists of the packets exchanged between two Internet Protocol addresses with at least one port remains constant;
collecting flow data from packet headers;
analyzing collected flow data to assign a concern index value to the flow;
maintaining a host structure containing an accumulated concern index from flows associated with the host; and issuing an alarm once the accumulated concern index has exceeded an alarm threshold value.

9. The method of claim 8, wherein each concern index value associated with a respective potential intrusion activity is a predetermined fixed value.

10. A system for analyzing network communication traffic, comprising:
a computer system operable to classify packets into flows, collect flow data from packet header information, analyze collected flow data to assign a concern index value wherein each concern index value associated with a respective potential intrusion activity is a predetermined fixed value, and generate an alarm signal; and a communication system coupled to the computer system operable to send packets from one host to another host.

11. A system for analyzing network communication tragic, comprising:
a processor operable to classify packets into flows, collect flow data from packet header information, analyze collected flow data to assign a concern index value wherein each concern index value associated with a respective potential intrusion activity is a predetermined fixed value, and generate an alarm signal;
memory coupled to the processor operable to store the flow data;
a database coupled to processor operable to store log files; and and a network interface coupled to the processor operable to monitor network traffic.

12. A method of analyzing network communication traffic for potential intrusion activity, comprising the steps of:
analyzing packet header information;
determining a transport level protocol specifying a format of a data area ;
issuing an alarm when the transport level protocol is identified as User Datagram Protocol and the data segment associated with User Datagram Protocol packet contains two or less bytes of data.
CA2430571A 2000-11-30 2001-11-30 Flow-based detection of network intrusions Expired - Lifetime CA2430571C (en)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US25026100P 2000-11-30 2000-11-30
US60/250,261 2000-11-30
US26519401P 2001-01-31 2001-01-31
US60/265,194 2001-01-31
PCT/US2001/045275 WO2002045380A2 (en) 2000-11-30 2001-11-30 Flow-based detection of network intrusions

Publications (2)

Publication Number Publication Date
CA2430571A1 true CA2430571A1 (en) 2002-06-06
CA2430571C CA2430571C (en) 2011-07-12

Family

ID=26940735

Family Applications (1)

Application Number Title Priority Date Filing Date
CA2430571A Expired - Lifetime CA2430571C (en) 2000-11-30 2001-11-30 Flow-based detection of network intrusions

Country Status (7)

Country Link
US (1) US7185368B2 (en)
EP (1) EP1338130B1 (en)
AT (1) ATE344573T1 (en)
AU (2) AU2002230541B2 (en)
CA (1) CA2430571C (en)
DE (1) DE60124295T8 (en)
WO (1) WO2002045380A2 (en)

Families Citing this family (296)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7073198B1 (en) 1999-08-26 2006-07-04 Ncircle Network Security, Inc. Method and system for detecting a vulnerability in a network
US6957348B1 (en) 2000-01-10 2005-10-18 Ncircle Network Security, Inc. Interoperability of vulnerability and intrusion detection systems
US20040073617A1 (en) 2000-06-19 2004-04-15 Milliken Walter Clark Hash-based systems and methods for detecting and preventing transmission of unwanted e-mail
US7181769B1 (en) 2000-08-25 2007-02-20 Ncircle Network Security, Inc. Network security system having a device profiler communicatively coupled to a traffic monitor
US9280667B1 (en) 2000-08-25 2016-03-08 Tripwire, Inc. Persistent host determination
US6944673B2 (en) * 2000-09-08 2005-09-13 The Regents Of The University Of Michigan Method and system for profiling network flows at a measurement point within a computer network
US6988148B1 (en) * 2001-01-19 2006-01-17 Cisco Technology, Inc. IP pool management utilizing an IP pool MIB
GB2372673B (en) * 2001-02-27 2003-05-28 3Com Corp Apparatus and method for processing data relating to events on a network
US7788345B1 (en) 2001-06-04 2010-08-31 Cisco Technology, Inc. Resource allocation and reclamation for on-demand address pools
US7234168B2 (en) 2001-06-13 2007-06-19 Mcafee, Inc. Hierarchy-based method and apparatus for detecting attacks on a computer system
US20040187032A1 (en) * 2001-08-07 2004-09-23 Christoph Gels Method, data carrier, computer system and computer progamme for the identification and defence of attacks in server of network service providers and operators
US20030105973A1 (en) * 2001-12-04 2003-06-05 Trend Micro Incorporated Virus epidemic outbreak command system and method using early warning monitors in a network environment
US7062553B2 (en) * 2001-12-04 2006-06-13 Trend Micro, Inc. Virus epidemic damage control system and method for network environment
EP1330095B1 (en) * 2002-01-18 2006-04-05 Stonesoft Corporation Monitoring of data flow for enhancing network security
US7225343B1 (en) * 2002-01-25 2007-05-29 The Trustees Of Columbia University In The City Of New York System and methods for adaptive model generation for detecting intrusions in computer systems
US8209756B1 (en) 2002-02-08 2012-06-26 Juniper Networks, Inc. Compound attack detection in a computer network
US7734752B2 (en) 2002-02-08 2010-06-08 Juniper Networks, Inc. Intelligent integrated network security device for high-availability applications
US7650634B2 (en) 2002-02-08 2010-01-19 Juniper Networks, Inc. Intelligent integrated network security device
US8370936B2 (en) * 2002-02-08 2013-02-05 Juniper Networks, Inc. Multi-method gateway-based network security systems and methods
US20060015942A1 (en) 2002-03-08 2006-01-19 Ciphertrust, Inc. Systems and methods for classification of messaging entities
US6941467B2 (en) * 2002-03-08 2005-09-06 Ciphertrust, Inc. Systems and methods for adaptive message interrogation through multiple queues
US20030172291A1 (en) 2002-03-08 2003-09-11 Paul Judge Systems and methods for automated whitelisting in monitored communications
US7124438B2 (en) 2002-03-08 2006-10-17 Ciphertrust, Inc. Systems and methods for anomaly detection in patterns of monitored communications
US7693947B2 (en) 2002-03-08 2010-04-06 Mcafee, Inc. Systems and methods for graphically displaying messaging traffic
US7694128B2 (en) 2002-03-08 2010-04-06 Mcafee, Inc. Systems and methods for secure communication delivery
US7903549B2 (en) 2002-03-08 2011-03-08 Secure Computing Corporation Content-based policy compliance systems and methods
US8561167B2 (en) 2002-03-08 2013-10-15 Mcafee, Inc. Web reputation scoring
US8578480B2 (en) 2002-03-08 2013-11-05 Mcafee, Inc. Systems and methods for identifying potentially malicious messages
US7870203B2 (en) 2002-03-08 2011-01-11 Mcafee, Inc. Methods and systems for exposing messaging reputation to an end user
US8132250B2 (en) 2002-03-08 2012-03-06 Mcafee, Inc. Message profiling systems and methods
CA2486519C (en) * 2002-05-20 2015-01-27 Airdefense, Inc. System and method for making managing wireless network activity
US7058796B2 (en) * 2002-05-20 2006-06-06 Airdefense, Inc. Method and system for actively defending a wireless LAN against attacks
US7042852B2 (en) * 2002-05-20 2006-05-09 Airdefense, Inc. System and method for wireless LAN dynamic channel change with honeypot trap
US7322044B2 (en) * 2002-06-03 2008-01-22 Airdefense, Inc. Systems and methods for automated network policy exception detection and correction
GB2391419A (en) 2002-06-07 2004-02-04 Hewlett Packard Co Restricting the propagation of a virus within a network
GB2401280B (en) 2003-04-29 2006-02-08 Hewlett Packard Development Co Propagation of viruses through an information technology network
GB2394382A (en) 2002-10-19 2004-04-21 Hewlett Packard Co Monitoring the propagation of viruses through an Information Technology network
TWI244297B (en) * 2002-06-12 2005-11-21 Thomson Licensing Sa Apparatus and method adapted to communicate via a network
US7420929B1 (en) 2002-07-02 2008-09-02 Juniper Networks, Inc. Adaptive network flow analysis
WO2004008700A2 (en) * 2002-07-12 2004-01-22 The Penn State Research Foundation Real-time packet traceback and associated packet marking strategies
US7752665B1 (en) * 2002-07-12 2010-07-06 TCS Commercial, Inc. Detecting probes and scans over high-bandwidth, long-term, incomplete network traffic information using limited memory
US7519990B1 (en) * 2002-07-19 2009-04-14 Fortinet, Inc. Managing network traffic flow
JP3996010B2 (en) 2002-08-01 2007-10-24 株式会社日立製作所 Storage network system, management apparatus, management method and program
US7251215B1 (en) * 2002-08-26 2007-07-31 Juniper Networks, Inc. Adaptive network router
US7313100B1 (en) 2002-08-26 2007-12-25 Juniper Networks, Inc. Network device having accounting service card
JP3773194B2 (en) * 2002-09-30 2006-05-10 インターナショナル・ビジネス・マシーンズ・コーポレーション Communication monitoring system and method, information processing method and program
WO2004034229A2 (en) 2002-10-10 2004-04-22 Rocksteady Networks, Inc. System and method for providing access control
US8479057B2 (en) * 2002-11-04 2013-07-02 Riverbed Technology, Inc. Aggregator for connection based anomaly detection
US8191136B2 (en) * 2002-11-04 2012-05-29 Riverbed Technology, Inc. Connection based denial of service detection
US8504879B2 (en) * 2002-11-04 2013-08-06 Riverbed Technology, Inc. Connection based anomaly detection
US7454499B2 (en) * 2002-11-07 2008-11-18 Tippingpoint Technologies, Inc. Active network defense system and method
US7359930B2 (en) * 2002-11-21 2008-04-15 Arbor Networks System and method for managing computer networks
US7500266B1 (en) * 2002-12-03 2009-03-03 Bbn Technologies Corp. Systems and methods for detecting network intrusions
US9503470B2 (en) 2002-12-24 2016-11-22 Fred Herz Patents, LLC Distributed agent based model for security monitoring and response
US8327442B2 (en) 2002-12-24 2012-12-04 Herz Frederick S M System and method for a distributed application and network security system (SDI-SCAM)
US20040193943A1 (en) * 2003-02-13 2004-09-30 Robert Angelino Multiparameter network fault detection system using probabilistic and aggregation analysis
US7895649B1 (en) 2003-04-04 2011-02-22 Raytheon Company Dynamic rule generation for an enterprise intrusion detection system
US7293238B1 (en) 2003-04-04 2007-11-06 Raytheon Company Graphical user interface for an enterprise intrusion detection system
US7356585B1 (en) * 2003-04-04 2008-04-08 Raytheon Company Vertically extensible intrusion detection system and method
US8027841B2 (en) * 2003-04-09 2011-09-27 Holloway J Michael Centralized server obtaining security intelligence knowledge by analyzing VoIP bit-stream
US7522908B2 (en) * 2003-04-21 2009-04-21 Airdefense, Inc. Systems and methods for wireless network site survey
US7324804B2 (en) * 2003-04-21 2008-01-29 Airdefense, Inc. Systems and methods for dynamic sensor discovery and selection
US7359676B2 (en) * 2003-04-21 2008-04-15 Airdefense, Inc. Systems and methods for adaptively scanning for wireless communications
GB2401281B (en) 2003-04-29 2006-02-08 Hewlett Packard Development Co Propagation of viruses through an information technology network
US7796515B2 (en) 2003-04-29 2010-09-14 Hewlett-Packard Development Company, L.P. Propagation of viruses through an information technology network
US7308716B2 (en) * 2003-05-20 2007-12-11 International Business Machines Corporation Applying blocking measures progressively to malicious network traffic
US7710867B1 (en) * 2003-05-23 2010-05-04 F5 Networks, Inc. System and method for managing traffic to a probe
EP1630862B1 (en) * 2003-05-30 2016-01-13 Ebara Corporation Sample inspection device and method, and device manufacturing method using the sample inspection device and method
ATE400016T1 (en) 2003-08-11 2008-07-15 Telecom Italia Spa METHOD AND SYSTEM FOR DETECTING UNAUTHORIZED USE OF A COMMUNICATIONS NETWORK
US7624438B2 (en) 2003-08-20 2009-11-24 Eric White System and method for providing a secure connection between networked computers
US7725936B2 (en) * 2003-10-31 2010-05-25 International Business Machines Corporation Host-based network intrusion detection systems
JP4516306B2 (en) 2003-11-28 2010-08-04 株式会社日立製作所 How to collect storage network performance information
EP1545131B1 (en) * 2003-12-19 2007-07-18 STMicroelectronics Limited Semiconductor circuit for restricting data access
US9032095B1 (en) 2004-01-06 2015-05-12 Juniper Networks, Inc. Routing device having multiple logical routers
US7895448B1 (en) * 2004-02-18 2011-02-22 Symantec Corporation Risk profiling
US20050204022A1 (en) * 2004-03-10 2005-09-15 Keith Johnston System and method for network management XML architectural abstraction
US7590728B2 (en) 2004-03-10 2009-09-15 Eric White System and method for detection of aberrant network behavior by clients of a network access gateway
US8543710B2 (en) * 2004-03-10 2013-09-24 Rpx Corporation Method and system for controlling network access
US7665130B2 (en) 2004-03-10 2010-02-16 Eric White System and method for double-capture/double-redirect to a different location
US7509625B2 (en) 2004-03-10 2009-03-24 Eric White System and method for comprehensive code generation for system management
US7610621B2 (en) * 2004-03-10 2009-10-27 Eric White System and method for behavior-based firewall modeling
WO2005093576A1 (en) * 2004-03-28 2005-10-06 Robert Iakobashvili Visualization of packet network performance, analysis and optimization for design
US7966658B2 (en) * 2004-04-08 2011-06-21 The Regents Of The University Of California Detecting public network attacks using signatures and fast content analysis
US7673049B2 (en) * 2004-04-19 2010-03-02 Brian Dinello Network security system
CA2733172C (en) * 2004-05-07 2011-10-25 Sandvine Incorporated Ulc A system and method for detecting sources of abnormal computer network messages
US7225468B2 (en) * 2004-05-07 2007-05-29 Digital Security Networks, Llc Methods and apparatus for computer network security using intrusion detection and prevention
US8074277B2 (en) * 2004-06-07 2011-12-06 Check Point Software Technologies, Inc. System and methodology for intrusion detection and prevention
GB2415578B (en) * 2004-06-23 2007-07-04 Hewlett Packard Development Co Restricting virus access to a network
US7523504B2 (en) * 2004-08-02 2009-04-21 Netiq Corporation Methods, systems and computer program products for evaluating security of a network environment
US7546635B1 (en) 2004-08-11 2009-06-09 Juniper Networks, Inc. Stateful firewall protection for control plane traffic within a network device
US8176126B2 (en) 2004-08-26 2012-05-08 International Business Machines Corporation System, method and program to limit rate of transferring messages from suspected spammers
US7706273B2 (en) * 2004-09-30 2010-04-27 Riverbed Technology, Inc. Port tracking on dynamically negotiated ports
US20060101516A1 (en) * 2004-10-12 2006-05-11 Sushanthan Sudaharan Honeynet farms as an early warning system for production networks
US7835361B1 (en) * 2004-10-13 2010-11-16 Sonicwall, Inc. Method and apparatus for identifying data patterns in a file
US7600257B2 (en) * 2004-10-13 2009-10-06 Sonicwall, Inc. Method and an apparatus to perform multiple packet payloads analysis
US8196199B2 (en) * 2004-10-19 2012-06-05 Airdefense, Inc. Personal wireless monitoring agent
US8635690B2 (en) * 2004-11-05 2014-01-21 Mcafee, Inc. Reputation based message processing
US7607170B2 (en) 2004-12-22 2009-10-20 Radware Ltd. Stateful attack protection
US7577992B2 (en) * 2005-01-14 2009-08-18 Microsoft Corporation Software security based on control flow integrity
US7809826B1 (en) 2005-01-27 2010-10-05 Juniper Networks, Inc. Remote aggregation of network traffic profiling data
US7810151B1 (en) 2005-01-27 2010-10-05 Juniper Networks, Inc. Automated change detection within a network environment
US7769851B1 (en) 2005-01-27 2010-08-03 Juniper Networks, Inc. Application-layer monitoring and profiling network traffic
US7937755B1 (en) * 2005-01-27 2011-05-03 Juniper Networks, Inc. Identification of network policy violations
JP4170299B2 (en) * 2005-01-31 2008-10-22 独立行政法人 宇宙航空研究開発機構 Communication state transition monitoring method and communication state transition monitoring apparatus using the same
US7797411B1 (en) 2005-02-02 2010-09-14 Juniper Networks, Inc. Detection and prevention of encapsulated network attacks using an intermediate device
US7937480B2 (en) 2005-06-02 2011-05-03 Mcafee, Inc. Aggregation of reputation data
WO2006130840A2 (en) * 2005-06-02 2006-12-07 Georgia Tech Research Corporation System and method for data streaming
US7877803B2 (en) * 2005-06-27 2011-01-25 Hewlett-Packard Development Company, L.P. Automated immune response for a computer
US8572733B1 (en) 2005-07-06 2013-10-29 Raytheon Company System and method for active data collection in a network security system
US7746862B1 (en) 2005-08-02 2010-06-29 Juniper Networks, Inc. Packet processing in a multiple processor system
US7908655B1 (en) * 2005-08-16 2011-03-15 Sprint Communications Company L.P. Connectionless port scan detection on a network
US8224761B1 (en) 2005-09-01 2012-07-17 Raytheon Company System and method for interactive correlation rule design in a network security system
US7352280B1 (en) 2005-09-01 2008-04-01 Raytheon Company System and method for intruder tracking using advanced correlation in a network security system
US7950058B1 (en) 2005-09-01 2011-05-24 Raytheon Company System and method for collaborative information security correlation in low bandwidth environments
US8079083B1 (en) * 2005-09-02 2011-12-13 Symantec Corporation Method and system for recording network traffic and predicting potential security events
US7716340B2 (en) * 2005-09-30 2010-05-11 Lycos, Inc. Restricting access to a shared resource
US20070078589A1 (en) * 2005-10-05 2007-04-05 Antonio Magnaghi Detecting anomalies internal to a network from traffic external to the network
US20070076611A1 (en) * 2005-10-05 2007-04-05 Fujitsu Limited Detecting anomalies from acceptable traffic affected by anomalous traffic
US8566928B2 (en) 2005-10-27 2013-10-22 Georgia Tech Research Corporation Method and system for detecting and responding to attacking networks
US7653670B2 (en) * 2005-11-28 2010-01-26 Nec Laboratories America, Inc. Storage-efficient and collision-free hash-based packet processing architecture and method
US7849185B1 (en) 2006-01-10 2010-12-07 Raytheon Company System and method for attacker attribution in a network security system
US7715800B2 (en) 2006-01-13 2010-05-11 Airdefense, Inc. Systems and methods for wireless intrusion detection using spectral analysis
US7787390B1 (en) 2006-01-30 2010-08-31 Marvell International Ltd. Custom automatic remote monitoring for network devices
US9392009B2 (en) 2006-03-02 2016-07-12 International Business Machines Corporation Operating a network monitoring entity
US7971251B2 (en) * 2006-03-17 2011-06-28 Airdefense, Inc. Systems and methods for wireless security using distributed collaboration of wireless clients
US20070218874A1 (en) * 2006-03-17 2007-09-20 Airdefense, Inc. Systems and Methods For Wireless Network Forensics
US20090021343A1 (en) * 2006-05-10 2009-01-22 Airdefense, Inc. RFID Intrusion Protection System and Methods
WO2007133799A2 (en) * 2006-05-15 2007-11-22 Fair Isaac Corporation Comprehensive online fraud detection system and method
US7697418B2 (en) * 2006-06-12 2010-04-13 Alcatel Lucent Method for estimating the fan-in and/or fan-out of a node
US7970013B2 (en) 2006-06-16 2011-06-28 Airdefense, Inc. Systems and methods for wireless network content filtering
US7873833B2 (en) * 2006-06-29 2011-01-18 Cisco Technology, Inc. Detection of frequent and dispersed invariants
EP1879350A1 (en) * 2006-07-10 2008-01-16 Abb Research Ltd. Distributed computer system with a local area network
US20080034424A1 (en) * 2006-07-20 2008-02-07 Kevin Overcash System and method of preventing web applications threats
US7934253B2 (en) * 2006-07-20 2011-04-26 Trustwave Holdings, Inc. System and method of securing web applications across an enterprise
US20080047009A1 (en) * 2006-07-20 2008-02-21 Kevin Overcash System and method of securing networks against applications threats
US8281392B2 (en) * 2006-08-11 2012-10-02 Airdefense, Inc. Methods and systems for wired equivalent privacy and Wi-Fi protected access protection
AU2007351385B2 (en) * 2006-11-14 2013-05-16 Fmr Llc Detecting and interdicting fraudulent activity on a network
US8145560B2 (en) 2006-11-14 2012-03-27 Fmr Llc Detecting fraudulent activity on a network
US8180873B2 (en) 2006-11-14 2012-05-15 Fmr Llc Detecting fraudulent activity
US8811156B1 (en) 2006-11-14 2014-08-19 Raytheon Company Compressing n-dimensional data
US7856494B2 (en) 2006-11-14 2010-12-21 Fmr Llc Detecting and interdicting fraudulent activity on a network
US7949716B2 (en) 2007-01-24 2011-05-24 Mcafee, Inc. Correlation and analysis of entity attributes
US8214497B2 (en) 2007-01-24 2012-07-03 Mcafee, Inc. Multi-dimensional reputation scoring
US7779156B2 (en) 2007-01-24 2010-08-17 Mcafee, Inc. Reputation based load balancing
US8763114B2 (en) 2007-01-24 2014-06-24 Mcafee, Inc. Detecting image spam
US8179798B2 (en) 2007-01-24 2012-05-15 Mcafee, Inc. Reputation based connection throttling
US8391288B2 (en) * 2007-01-31 2013-03-05 Hewlett-Packard Development Company, L.P. Security system for protecting networks from vulnerability exploits
WO2008098260A1 (en) * 2007-02-09 2008-08-14 Smobile Systems, Inc. Off-line mms malware scanning system and method
US7885976B2 (en) * 2007-02-23 2011-02-08 International Business Machines Corporation Identification, notification, and control of data access quantity and patterns
US8863286B1 (en) 2007-06-05 2014-10-14 Sonicwall, Inc. Notification for reassembly-free file scanning
US7991723B1 (en) 2007-07-16 2011-08-02 Sonicwall, Inc. Data pattern analysis using optimized deterministic finite automaton
US8291495B1 (en) * 2007-08-08 2012-10-16 Juniper Networks, Inc. Identifying applications for intrusion detection systems
US20090070880A1 (en) * 2007-09-11 2009-03-12 Harris David E Methods and apparatus for validating network alarms
US20090100518A1 (en) * 2007-09-21 2009-04-16 Kevin Overcash System and method for detecting security defects in applications
US8185930B2 (en) 2007-11-06 2012-05-22 Mcafee, Inc. Adjusting filter or classification control settings
US8045458B2 (en) 2007-11-08 2011-10-25 Mcafee, Inc. Prioritizing network traffic
US8112800B1 (en) 2007-11-08 2012-02-07 Juniper Networks, Inc. Multi-layered application classification and decoding
US8180886B2 (en) * 2007-11-15 2012-05-15 Trustwave Holdings, Inc. Method and apparatus for detection of information transmission abnormalities
US8160975B2 (en) 2008-01-25 2012-04-17 Mcafee, Inc. Granular support vector machine with random granularity
US7792922B2 (en) * 2008-03-05 2010-09-07 Caterpillar Inc. Systems and methods for managing health of a client system
US8589503B2 (en) 2008-04-04 2013-11-19 Mcafee, Inc. Prioritizing network traffic
US8339959B1 (en) 2008-05-20 2012-12-25 Juniper Networks, Inc. Streamlined packet forwarding using dynamic filters for routing and security in a shared forwarding plane
US20090327971A1 (en) * 2008-06-26 2009-12-31 Microsoft Corporation Informational elements in threat models
US8856926B2 (en) 2008-06-27 2014-10-07 Juniper Networks, Inc. Dynamic policy provisioning within network security devices
US10027688B2 (en) 2008-08-11 2018-07-17 Damballa, Inc. Method and system for detecting malicious and/or botnet-related domain names
US8726382B2 (en) * 2008-08-20 2014-05-13 The Boeing Company Methods and systems for automated detection and tracking of network attacks
US7903566B2 (en) * 2008-08-20 2011-03-08 The Boeing Company Methods and systems for anomaly detection using internet protocol (IP) traffic conversation data
US8813220B2 (en) 2008-08-20 2014-08-19 The Boeing Company Methods and systems for internet protocol (IP) packet header collection and storage
US8762515B2 (en) 2008-08-20 2014-06-24 The Boeing Company Methods and systems for collection, tracking, and display of near real time multicast data
US7995496B2 (en) * 2008-08-20 2011-08-09 The Boeing Company Methods and systems for internet protocol (IP) traffic conversation detection and storage
US8009559B1 (en) * 2008-08-28 2011-08-30 Juniper Networks, Inc. Global flow tracking system
US8793339B2 (en) * 2008-08-29 2014-07-29 Red Hat, Inc. Facilitating client server interaction
US8793398B2 (en) * 2008-08-29 2014-07-29 Red Hat, Inc. Facilitating client server interaction
US8154996B2 (en) * 2008-09-11 2012-04-10 Juniper Networks, Inc. Methods and apparatus for flow control associated with multi-staged queues
US8213308B2 (en) 2008-09-11 2012-07-03 Juniper Networks, Inc. Methods and apparatus for defining a flow control signal related to a transmit queue
US8325749B2 (en) 2008-12-24 2012-12-04 Juniper Networks, Inc. Methods and apparatus for transmission of groups of cells via a switch fabric
US8955107B2 (en) * 2008-09-12 2015-02-10 Juniper Networks, Inc. Hierarchical application of security services within a computer network
US20110238587A1 (en) * 2008-09-23 2011-09-29 Savvis, Inc. Policy management system and method
US8220056B2 (en) * 2008-09-23 2012-07-10 Savvis, Inc. Threat management system and method
US8813221B1 (en) 2008-09-25 2014-08-19 Sonicwall, Inc. Reassembly-free deep packet inspection on multi-core hardware
US7855967B1 (en) * 2008-09-26 2010-12-21 Tellabs San Jose, Inc. Method and apparatus for providing line rate netflow statistics gathering
US8607347B2 (en) * 2008-09-29 2013-12-10 Sophos Limited Network stream scanning facility
US8572717B2 (en) 2008-10-09 2013-10-29 Juniper Networks, Inc. Dynamic access control policy with port restrictions for a network security appliance
US8254255B2 (en) 2008-12-29 2012-08-28 Juniper Networks, Inc. Flow-control in a switch fabric
EP2392103B1 (en) 2009-02-02 2017-03-22 Level 3 Communications, LLC Analysis of network traffic
US8531978B2 (en) 2009-02-02 2013-09-10 Level 3 Communications, Llc Network cost analysis
US9398043B1 (en) 2009-03-24 2016-07-19 Juniper Networks, Inc. Applying fine-grain policy action to encapsulated network attacks
NL2002694C2 (en) * 2009-04-01 2010-10-04 Univ Twente Method and system for alert classification in a computer network.
US20100293618A1 (en) * 2009-05-12 2010-11-18 Microsoft Corporation Runtime analysis of software privacy issues
US20110131652A1 (en) * 2009-05-29 2011-06-02 Autotrader.Com, Inc. Trained predictive services to interdict undesired website accesses
US9769149B1 (en) 2009-07-02 2017-09-19 Sonicwall Inc. Proxy-less secure sockets layer (SSL) data inspection
US20110023088A1 (en) * 2009-07-23 2011-01-27 Electronics And Telecommunications Research Institute Flow-based dynamic access control system and method
US8369345B1 (en) 2009-11-13 2013-02-05 Juniper Networks, Inc. Multi-router system having shared network interfaces
US9264321B2 (en) 2009-12-23 2016-02-16 Juniper Networks, Inc. Methods and apparatus for tracking data flow based on flow state values
US8949987B2 (en) * 2010-01-06 2015-02-03 Alcatel Lucent Computer security process monitor
US8578497B2 (en) 2010-01-06 2013-11-05 Damballa, Inc. Method and system for detecting malware
US8826438B2 (en) 2010-01-19 2014-09-02 Damballa, Inc. Method and system for network-based detecting of malware from behavioral clustering
US9602439B2 (en) 2010-04-30 2017-03-21 Juniper Networks, Inc. Methods and apparatus for flow control associated with a switch fabric
US8621638B2 (en) 2010-05-14 2013-12-31 Mcafee, Inc. Systems and methods for classification of messaging entities
US10187353B2 (en) * 2010-06-02 2019-01-22 Symantec Corporation Behavioral classification of network data flows
US9065773B2 (en) 2010-06-22 2015-06-23 Juniper Networks, Inc. Methods and apparatus for virtual channel flow control associated with a switch fabric
US8553710B1 (en) 2010-08-18 2013-10-08 Juniper Networks, Inc. Fibre channel credit-based link flow control overlay onto fibre channel over ethernet
US8509071B1 (en) 2010-10-06 2013-08-13 Juniper Networks, Inc. Multi-dimensional traffic management
US9660940B2 (en) 2010-12-01 2017-05-23 Juniper Networks, Inc. Methods and apparatus for flow control associated with a switch fabric
US9032089B2 (en) 2011-03-09 2015-05-12 Juniper Networks, Inc. Methods and apparatus for path selection within a network based on flow duration
CN102761517B (en) * 2011-04-25 2015-06-24 工业和信息化部电信传输研究所 Content reduction method for high-speed network
KR20130030086A (en) * 2011-09-16 2013-03-26 한국전자통신연구원 Method and apparatus for defending distributed denial of service attack through abnomal terminated session
US8811183B1 (en) 2011-10-04 2014-08-19 Juniper Networks, Inc. Methods and apparatus for multi-path flow control within a multi-stage switch fabric
US9251535B1 (en) 2012-01-05 2016-02-02 Juniper Networks, Inc. Offload of data transfer statistics from a mobile access gateway
US8976661B2 (en) * 2012-01-11 2015-03-10 Nec Laboratories America, Inc. Network self-protection
US9922190B2 (en) 2012-01-25 2018-03-20 Damballa, Inc. Method and system for detecting DGA-based malware
US10432587B2 (en) 2012-02-21 2019-10-01 Aventail Llc VPN deep packet inspection
RU2475836C1 (en) * 2012-03-12 2013-02-20 Федеральное государственное военное образовательное учреждение высшего профессионального образования "Военная академия связи имени маршала Советского Союза С.М. Буденного" Министерства обороны Российской Федерации Method for protection of computer networks
US10169575B1 (en) * 2012-03-14 2019-01-01 Symantec Corporation Systems and methods for preventing internal network attacks
US9038180B2 (en) 2012-03-22 2015-05-19 Los Alamos National Security, Llc Using new edges for anomaly detection in computer networks
US8995271B2 (en) * 2012-04-30 2015-03-31 Hewlett-Packard Development Company, L.P. Communications flow analysis
US9154461B2 (en) 2012-05-16 2015-10-06 The Keyw Corporation Packet capture deep packet inspection sensor
FI20125761A (en) * 2012-06-29 2013-12-30 Tellabs Oy Method and apparatus for detecting sources of data frame storms
US9686169B2 (en) 2012-07-02 2017-06-20 Ixia Real-time highly accurate network latency measurement with low generated traffic or data requirements
US9392003B2 (en) 2012-08-23 2016-07-12 Raytheon Foreground Security, Inc. Internet security cyber threat reporting system and method
US10547674B2 (en) 2012-08-27 2020-01-28 Help/Systems, Llc Methods and systems for network flow analysis
US9894088B2 (en) 2012-08-31 2018-02-13 Damballa, Inc. Data mining to identify malicious activity
US10084806B2 (en) 2012-08-31 2018-09-25 Damballa, Inc. Traffic simulation to identify malicious activity
US9137205B2 (en) 2012-10-22 2015-09-15 Centripetal Networks, Inc. Methods and systems for protecting a secured network
US9565213B2 (en) 2012-10-22 2017-02-07 Centripetal Networks, Inc. Methods and systems for protecting a secured network
US8943600B2 (en) * 2012-10-26 2015-01-27 International Business Machines Corporation Weighted security analysis
US9203806B2 (en) 2013-01-11 2015-12-01 Centripetal Networks, Inc. Rule swapping in a packet network
US9124552B2 (en) 2013-03-12 2015-09-01 Centripetal Networks, Inc. Filtering network data transfers
US9094445B2 (en) 2013-03-15 2015-07-28 Centripetal Networks, Inc. Protecting networks from cyber attacks and overloading
US9571511B2 (en) 2013-06-14 2017-02-14 Damballa, Inc. Systems and methods for traffic classification
DE102013216847B4 (en) * 2013-08-23 2023-06-01 Siemens Mobility GmbH Method, device and system for monitoring a security gateway unit
US9288221B2 (en) 2014-01-14 2016-03-15 Pfu Limited Information processing apparatus, method for determining unauthorized activity and computer-readable medium
CN103780610A (en) * 2014-01-16 2014-05-07 绵阳师范学院 Network data recovery method based on protocol characteristics
CA2938318C (en) * 2014-01-30 2023-10-03 Nasdaq, Inc. Systems and methods for continuous active data security
US9565114B1 (en) * 2014-03-08 2017-02-07 Google Inc. Weighted load balancing using scaled parallel hashing
KR101761737B1 (en) * 2014-05-20 2017-07-26 한국전자통신연구원 System and Method for Detecting Abnormal Behavior of Control System
US9264370B1 (en) 2015-02-10 2016-02-16 Centripetal Networks, Inc. Correlating packets in communications networks
US9930065B2 (en) 2015-03-25 2018-03-27 University Of Georgia Research Foundation, Inc. Measuring, categorizing, and/or mitigating malware distribution paths
RO131470A2 (en) 2015-04-10 2016-10-28 Ixia, A California Corporation Methods, systems and computer-readable media for one-way link delay measurement
US10019333B2 (en) 2015-04-16 2018-07-10 Keysight Technologies Singapore (Holdings) Pte. Ltd. Methods, systems, and computer readable media for emulating network devices with different clocks
US9736804B2 (en) 2015-04-16 2017-08-15 Ixia Methods, systems, and computer readable media for synchronizing timing among network interface cards (NICS) in a network equipment test device
US9866576B2 (en) 2015-04-17 2018-01-09 Centripetal Networks, Inc. Rule-based network-threat detection
RO131471A2 (en) 2015-04-21 2016-10-28 Ixia, A California Corporation Methods, systems and computer-readable media for testing quality of recovered clock
US10536357B2 (en) 2015-06-05 2020-01-14 Cisco Technology, Inc. Late data detection in data center
US10142353B2 (en) 2015-06-05 2018-11-27 Cisco Technology, Inc. System for monitoring and managing datacenters
US9917753B2 (en) 2015-06-12 2018-03-13 Level 3 Communications, Llc Network operational flaw detection using metrics
US9813226B2 (en) 2015-08-05 2017-11-07 Ixia Modeling a clock
US9800595B2 (en) * 2015-09-21 2017-10-24 Ixia Methods, systems, and computer readable media for detecting physical link intrusions
US9917856B2 (en) 2015-12-23 2018-03-13 Centripetal Networks, Inc. Rule-based network-threat detection for encrypted communications
US10075416B2 (en) 2015-12-30 2018-09-11 Juniper Networks, Inc. Network session data sharing
US11729144B2 (en) 2016-01-04 2023-08-15 Centripetal Networks, Llc Efficient packet capture for cyber threat analysis
US10430442B2 (en) * 2016-03-09 2019-10-01 Symantec Corporation Systems and methods for automated classification of application network activity
RU2634211C1 (en) 2016-07-06 2017-10-24 Общество с ограниченной ответственностью "Траст" Method and system of protocols analysis of harmful programs interaction with control centers and detection of computer attacks
RU2649793C2 (en) 2016-08-03 2018-04-04 ООО "Группа АйБи" Method and system of detecting remote connection when working on web resource pages
US10263835B2 (en) * 2016-08-12 2019-04-16 Microsoft Technology Licensing, Llc Localizing network faults through differential analysis of TCP telemetry
RU2634209C1 (en) 2016-09-19 2017-10-24 Общество с ограниченной ответственностью "Группа АйБи ТДС" System and method of autogeneration of decision rules for intrusion detection systems with feedback
US10666675B1 (en) 2016-09-27 2020-05-26 Ca, Inc. Systems and methods for creating automatic computer-generated classifications
RU2671991C2 (en) 2016-12-29 2018-11-08 Общество с ограниченной ответственностью "Траст" System and method for collecting information for detecting phishing
RU2637477C1 (en) 2016-12-29 2017-12-04 Общество с ограниченной ответственностью "Траст" System and method for detecting phishing web pages
CN108322354B (en) * 2017-01-18 2020-10-23 中国移动通信集团河南有限公司 Method and device for identifying running-stealing flow account
US10230690B2 (en) * 2017-03-23 2019-03-12 International Business Machines Corporation Digital media content distribution blocking
US10609054B2 (en) 2017-04-07 2020-03-31 Keysight Technologies Singapore (Sales) Pte. Ltd. Methods, systems, and computer readable media for monitoring, adjusting, and utilizing latency associated with accessing distributed computing resources
US10425321B2 (en) 2017-04-25 2019-09-24 Keysight Technologies Singapore (Sales) Pte. Ltd. Methods, systems, and computer readable media for testing time sensitive network (TSN) elements
US10503899B2 (en) 2017-07-10 2019-12-10 Centripetal Networks, Inc. Cyberanalysis workflow acceleration
US11233777B2 (en) 2017-07-24 2022-01-25 Centripetal Networks, Inc. Efficient SSL/TLS proxy
US10284526B2 (en) 2017-07-24 2019-05-07 Centripetal Networks, Inc. Efficient SSL/TLS proxy
US10855705B2 (en) 2017-09-29 2020-12-01 Cisco Technology, Inc. Enhanced flow-based computer network threat detection
RU2689816C2 (en) 2017-11-21 2019-05-29 ООО "Группа АйБи" Method for classifying sequence of user actions (embodiments)
RU2680736C1 (en) 2018-01-17 2019-02-26 Общество с ограниченной ответственностью "Группа АйБи ТДС" Malware files in network traffic detection server and method
RU2668710C1 (en) 2018-01-17 2018-10-02 Общество с ограниченной ответственностью "Группа АйБи ТДС" Computing device and method for detecting malicious domain names in network traffic
RU2677361C1 (en) 2018-01-17 2019-01-16 Общество с ограниченной ответственностью "Траст" Method and system of decentralized identification of malware programs
RU2677368C1 (en) 2018-01-17 2019-01-16 Общество С Ограниченной Ответственностью "Группа Айби" Method and system for automatic determination of fuzzy duplicates of video content
RU2676247C1 (en) 2018-01-17 2018-12-26 Общество С Ограниченной Ответственностью "Группа Айби" Web resources clustering method and computer device
RU2681699C1 (en) 2018-02-13 2019-03-12 Общество с ограниченной ответственностью "Траст" Method and server for searching related network resources
US10333898B1 (en) 2018-07-09 2019-06-25 Centripetal Networks, Inc. Methods and systems for efficient network protection
WO2020087039A1 (en) * 2018-10-26 2020-04-30 Netography, Inc. Distributed network and security operations platform
RU2708508C1 (en) 2018-12-17 2019-12-09 Общество с ограниченной ответственностью "Траст" Method and a computing device for detecting suspicious users in messaging systems
RU2701040C1 (en) 2018-12-28 2019-09-24 Общество с ограниченной ответственностью "Траст" Method and a computer for informing on malicious web resources
US10965392B2 (en) 2019-01-25 2021-03-30 Keysight Technologies, Inc. Active network tap supporting time sensitive network (TSN) standards
US11563768B2 (en) 2019-01-31 2023-01-24 Keysight Technologies, Inc. Methods, systems, and computer readable media for detecting and mitigating effects of timing attacks in time sensitive networks
SG11202101624WA (en) 2019-02-27 2021-03-30 Group Ib Ltd Method and system for user identification by keystroke dynamics
US11381459B2 (en) * 2019-08-05 2022-07-05 Sk Planet Co., Ltd. Service providing system and method for preventing hidden camera, service providing apparatus therefor, and non-transitory computer readable medium having computer program recorded thereon
US11546354B2 (en) * 2019-11-26 2023-01-03 Kyndryl, Inc. Network shutdown for cyber security
RU2728498C1 (en) 2019-12-05 2020-07-29 Общество с ограниченной ответственностью "Группа АйБи ТДС" Method and system for determining software belonging by its source code
RU2728497C1 (en) 2019-12-05 2020-07-29 Общество с ограниченной ответственностью "Группа АйБи ТДС" Method and system for determining belonging of software by its machine code
RU2743974C1 (en) 2019-12-19 2021-03-01 Общество с ограниченной ответственностью "Группа АйБи ТДС" System and method for scanning security of elements of network architecture
SG10202001963TA (en) 2020-03-04 2021-10-28 Group Ib Global Private Ltd System and method for brand protection based on the search results
FR3111442B1 (en) * 2020-06-10 2023-07-28 Serenicity System for analyzing the IT risk of a set of peripherals connected to a network
US11475090B2 (en) 2020-07-15 2022-10-18 Group-Ib Global Private Limited Method and system for identifying clusters of affiliated web resources
RU2743619C1 (en) 2020-08-06 2021-02-20 Общество с ограниченной ответственностью "Группа АйБи ТДС" Method and system for generating the list of compromise indicators
US11316823B2 (en) 2020-08-27 2022-04-26 Centripetal Networks, Inc. Methods and systems for efficient virtualization of inline transparent computer networking devices
US11362996B2 (en) 2020-10-27 2022-06-14 Centripetal Networks, Inc. Methods and systems for efficient adaptive logging of cyber threat incidents
CN112929362B (en) * 2021-02-04 2023-01-20 广东电网有限责任公司广州供电局 Probe device, front-end message processing method and wireless communication management system
US11947572B2 (en) 2021-03-29 2024-04-02 Group IB TDS, Ltd Method and system for clustering executable files
US11159546B1 (en) 2021-04-20 2021-10-26 Centripetal Networks, Inc. Methods and systems for efficient threat context-aware packet filtering for network protection
CN115103000B (en) * 2022-06-20 2023-09-26 北京鼎兴达信息科技股份有限公司 Method for restoring and analyzing business session of railway data network based on NetStream

Family Cites Families (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5437244A (en) * 1991-09-16 1995-08-01 Agri-Engineering, Inc. Ball float for a watering tank
US5557686A (en) * 1993-01-13 1996-09-17 University Of Alabama Method and apparatus for verification of a computer user's identification, based on keystroke characteristics
FR2706652B1 (en) 1993-06-09 1995-08-18 Alsthom Cge Alcatel Device for detecting intrusions and suspicious users for a computer system and security system comprising such a device.
US5557742A (en) 1994-03-07 1996-09-17 Haystack Labs, Inc. Method and system for detecting intrusion into and misuse of a data processing system
US5825750A (en) * 1996-03-29 1998-10-20 Motorola Method and apparatus for maintaining security in a packetized data communications network
US5970227A (en) 1996-04-30 1999-10-19 International Business Machines Corp. Wireless proximity detector security feature
US6119236A (en) * 1996-10-07 2000-09-12 Shipley; Peter M. Intelligent network security device and method
US6453345B2 (en) * 1996-11-06 2002-09-17 Datadirect Networks, Inc. Network security and surveillance system
US5991881A (en) 1996-11-08 1999-11-23 Harris Corporation Network surveillance system
US5796942A (en) * 1996-11-21 1998-08-18 Computer Associates International, Inc. Method and apparatus for automated network-wide surveillance and security breach intervention
US6578077B1 (en) * 1997-05-27 2003-06-10 Novell, Inc. Traffic monitoring tool for bandwidth management
US6182226B1 (en) 1998-03-18 2001-01-30 Secure Computing Corporation System and method for controlling interactions between networks
US6275942B1 (en) 1998-05-20 2001-08-14 Network Associates, Inc. System, method and computer program product for automatic response to computer system misuse using active response modules
US6321338B1 (en) 1998-11-09 2001-11-20 Sri International Network surveillance
US6370648B1 (en) * 1998-12-08 2002-04-09 Visa International Service Association Computer network intrusion detection
FR2790348B1 (en) * 1999-02-26 2001-05-25 Thierry Grenot SYSTEM AND METHOD FOR MEASURING HANDOVER TIMES AND LOSS RATES IN HIGH-SPEED TELECOMMUNICATIONS NETWORKS
US6628654B1 (en) * 1999-07-01 2003-09-30 Cisco Technology, Inc. Dispatching packets from a forwarding agent using tag switching
US6671811B1 (en) * 1999-10-25 2003-12-30 Visa Internation Service Association Features generation for use in computer network intrusion detection
US6363489B1 (en) * 1999-11-29 2002-03-26 Forescout Technologies Inc. Method for automatic intrusion detection and deflection in a network
US20020133586A1 (en) * 2001-01-16 2002-09-19 Carter Shanklin Method and device for monitoring data traffic and preventing unauthorized access to a network
US20020104017A1 (en) * 2001-01-30 2002-08-01 Rares Stefan Firewall system for protecting network elements connected to a public network
US20040187032A1 (en) * 2001-08-07 2004-09-23 Christoph Gels Method, data carrier, computer system and computer progamme for the identification and defence of attacks in server of network service providers and operators
US7565678B2 (en) * 2001-12-28 2009-07-21 At&T Intellectual Property, I, L.P. Methods and devices for discouraging unauthorized modifications to set top boxes and to gateways

Also Published As

Publication number Publication date
WO2002045380A9 (en) 2002-09-19
CA2430571C (en) 2011-07-12
ATE344573T1 (en) 2006-11-15
EP1338130B1 (en) 2006-11-02
DE60124295T8 (en) 2007-12-06
WO2002045380A2 (en) 2002-06-06
DE60124295T2 (en) 2007-05-31
AU3054102A (en) 2002-06-11
EP1338130A2 (en) 2003-08-27
DE60124295D1 (en) 2006-12-14
US7185368B2 (en) 2007-02-27
US20030105976A1 (en) 2003-06-05
WO2002045380A3 (en) 2003-01-30
AU2002230541B2 (en) 2007-08-23

Similar Documents

Publication Publication Date Title
CA2430571A1 (en) Flow-based detection of network intrusions
WO2006127012A3 (en) Packet sampling flow-based detection of network intrusions
JP6703613B2 (en) Anomaly detection in data stream
US9130982B2 (en) System and method for real-time reporting of anomalous internet protocol attacks
KR101424490B1 (en) Reverse access detecting system and method based on latency
EP2257024B1 (en) Method, network apparatus and network system for defending distributed denial of service ddos attack
US8650646B2 (en) System and method for optimization of security traffic monitoring
CA2649047A1 (en) Method and apparatus for large-scale automated distributed denial of service attack detection
KR101003104B1 (en) Apparatus for monitoring the security status in wireless network and method thereof
CN111935170A (en) Network abnormal flow detection method, device and equipment
JP2018533897A5 (en)
US20050278779A1 (en) System and method for identifying the source of a denial-of-service attack
CN104683346A (en) P2P botnet detection device and method based on flow analysis
CN103281293A (en) Network flow rate abnormity detection method based on multi-dimension layering relative entropy
WO2011075922A1 (en) Method for detecting distributed denial of service attack
AU2002230541A1 (en) Flow-based detection of network intrusions
CN106603326B (en) NetFlow sampling processing method based on abnormal feedback
CN113518057B (en) Method and device for detecting distributed denial of service attack and computer equipment thereof
CN108616488B (en) Attack defense method and defense equipment
CN110266726B (en) Method and device for identifying DDOS attack data stream
US8578479B2 (en) Worm propagation mitigation
JP2005210601A (en) Intrusion detector
CN108667804B (en) DDoS attack detection and protection method and system based on SDN architecture
WO2024027079A1 (en) Domain-name reflection attack detection method and apparatus, and electronic device and storage medium
KR20190027122A (en) Apparatus and method for analyzing network attack pattern

Legal Events

Date Code Title Description
EEER Examination request
MKEX Expiry

Effective date: 20211130