CA2430571A1 - Flow-based detection of network intrusions - Google Patents
Flow-based detection of network intrusions Download PDFInfo
- Publication number
- CA2430571A1 CA2430571A1 CA002430571A CA2430571A CA2430571A1 CA 2430571 A1 CA2430571 A1 CA 2430571A1 CA 002430571 A CA002430571 A CA 002430571A CA 2430571 A CA2430571 A CA 2430571A CA 2430571 A1 CA2430571 A1 CA 2430571A1
- Authority
- CA
- Canada
- Prior art keywords
- flow
- concern index
- index value
- packets
- host
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Abstract
A flow-based intrusion detection system for detecting intrusions in computer communication networks. Data packets representing communications between hosts in a computer-to-computer communication network are processed and assigned to various client/server flows. Statistics are collected for each flow. Then, the flow statistics are analyzed to determine if the flow appears to be legitimate traffic or possible suspicious activity. A concern index value is assigned to each flow that appears suspicious. By assigning a value to each flow that appears suspicious and adding that value to the total concern index of the responsible host, it is possible to identify hosts that are engaged in intrusion activity. When the concern index value of a host exceeds a preset alarm value, an alert is issued and appropriate action can be taken.
Claims (6)
1. A method of analyzing network communication traffic for potential intrusion activity, comprising the steps of:
assigning packets to a flow;
collecting flow data from packet headers;
analyzing collected flow data to assign a concern index value to the flow based upon a probability that the flow was not normal for data communications;
maintaining an accumulated concern index from flows associated with a host;
and issuing an alarm signal once the accumulated concern index has exceeded an alarm threshold value.
assigning packets to a flow;
collecting flow data from packet headers;
analyzing collected flow data to assign a concern index value to the flow based upon a probability that the flow was not normal for data communications;
maintaining an accumulated concern index from flows associated with a host;
and issuing an alarm signal once the accumulated concern index has exceeded an alarm threshold value.
2. The method of claim 1, wherein the flow consists of the packets exchanged between two hosts that are associated with a single service.
3. The method of claim 1, wherein the alarm signal updates a firewall for filtering packets transmitted by a host.
4. The method of claim 1, wherein the alarm signal generates a notification to the network administrator.
5. The method of claim 1, wherein each concern index value associated with a respective potential intrusion activity is a predetermined fixed value.
6. A method of analyzing network communication traffic for potential intrusion activity, comprising the steps of:
assigning packets to a flow wherein a flow consists of the packets exchanged between two hosts that are associated with a single service;
collecting flow data from packet headers;
analyzing collected flow data to assign a concern index value wherein each concern index value associated with a respective potential intrusion activity is a predetermined fixed value;
maintaining an accumulated concern index from flows associated with a host;
and issuing an alarm signal once the accumulated concern index has exceeded an alarm threshold value.
8. A method of analyzing network communication traffic for potential intrusion activity, comprising the steps of:
assigning packets to a flow wherein a flow consists of the packets exchanged between two Internet Protocol addresses with at least one port remains constant;
collecting flow data from packet headers;
analyzing collected flow data to assign a concern index value to the flow;
maintaining a host structure containing an accumulated concern index from flows associated with the host; and issuing an alarm once the accumulated concern index has exceeded an alarm threshold value.
9. The method of claim 8, wherein each concern index value associated with a respective potential intrusion activity is a predetermined fixed value.
10. A system for analyzing network communication traffic, comprising:
a computer system operable to classify packets into flows, collect flow data from packet header information, analyze collected flow data to assign a concern index value wherein each concern index value associated with a respective potential intrusion activity is a predetermined fixed value, and generate an alarm signal; and a communication system coupled to the computer system operable to send packets from one host to another host.
11. A system for analyzing network communication tragic, comprising:
a processor operable to classify packets into flows, collect flow data from packet header information, analyze collected flow data to assign a concern index value wherein each concern index value associated with a respective potential intrusion activity is a predetermined fixed value, and generate an alarm signal;
memory coupled to the processor operable to store the flow data;
a database coupled to processor operable to store log files; and and a network interface coupled to the processor operable to monitor network traffic.
12. A method of analyzing network communication traffic for potential intrusion activity, comprising the steps of:
analyzing packet header information;
determining a transport level protocol specifying a format of a data area ;
issuing an alarm when the transport level protocol is identified as User Datagram Protocol and the data segment associated with User Datagram Protocol packet contains two or less bytes of data.
assigning packets to a flow wherein a flow consists of the packets exchanged between two hosts that are associated with a single service;
collecting flow data from packet headers;
analyzing collected flow data to assign a concern index value wherein each concern index value associated with a respective potential intrusion activity is a predetermined fixed value;
maintaining an accumulated concern index from flows associated with a host;
and issuing an alarm signal once the accumulated concern index has exceeded an alarm threshold value.
8. A method of analyzing network communication traffic for potential intrusion activity, comprising the steps of:
assigning packets to a flow wherein a flow consists of the packets exchanged between two Internet Protocol addresses with at least one port remains constant;
collecting flow data from packet headers;
analyzing collected flow data to assign a concern index value to the flow;
maintaining a host structure containing an accumulated concern index from flows associated with the host; and issuing an alarm once the accumulated concern index has exceeded an alarm threshold value.
9. The method of claim 8, wherein each concern index value associated with a respective potential intrusion activity is a predetermined fixed value.
10. A system for analyzing network communication traffic, comprising:
a computer system operable to classify packets into flows, collect flow data from packet header information, analyze collected flow data to assign a concern index value wherein each concern index value associated with a respective potential intrusion activity is a predetermined fixed value, and generate an alarm signal; and a communication system coupled to the computer system operable to send packets from one host to another host.
11. A system for analyzing network communication tragic, comprising:
a processor operable to classify packets into flows, collect flow data from packet header information, analyze collected flow data to assign a concern index value wherein each concern index value associated with a respective potential intrusion activity is a predetermined fixed value, and generate an alarm signal;
memory coupled to the processor operable to store the flow data;
a database coupled to processor operable to store log files; and and a network interface coupled to the processor operable to monitor network traffic.
12. A method of analyzing network communication traffic for potential intrusion activity, comprising the steps of:
analyzing packet header information;
determining a transport level protocol specifying a format of a data area ;
issuing an alarm when the transport level protocol is identified as User Datagram Protocol and the data segment associated with User Datagram Protocol packet contains two or less bytes of data.
Applications Claiming Priority (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US25026100P | 2000-11-30 | 2000-11-30 | |
US60/250,261 | 2000-11-30 | ||
US26519401P | 2001-01-31 | 2001-01-31 | |
US60/265,194 | 2001-01-31 | ||
PCT/US2001/045275 WO2002045380A2 (en) | 2000-11-30 | 2001-11-30 | Flow-based detection of network intrusions |
Publications (2)
Publication Number | Publication Date |
---|---|
CA2430571A1 true CA2430571A1 (en) | 2002-06-06 |
CA2430571C CA2430571C (en) | 2011-07-12 |
Family
ID=26940735
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA2430571A Expired - Lifetime CA2430571C (en) | 2000-11-30 | 2001-11-30 | Flow-based detection of network intrusions |
Country Status (7)
Country | Link |
---|---|
US (1) | US7185368B2 (en) |
EP (1) | EP1338130B1 (en) |
AT (1) | ATE344573T1 (en) |
AU (2) | AU2002230541B2 (en) |
CA (1) | CA2430571C (en) |
DE (1) | DE60124295T8 (en) |
WO (1) | WO2002045380A2 (en) |
Families Citing this family (296)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7073198B1 (en) | 1999-08-26 | 2006-07-04 | Ncircle Network Security, Inc. | Method and system for detecting a vulnerability in a network |
US6957348B1 (en) | 2000-01-10 | 2005-10-18 | Ncircle Network Security, Inc. | Interoperability of vulnerability and intrusion detection systems |
US20040073617A1 (en) | 2000-06-19 | 2004-04-15 | Milliken Walter Clark | Hash-based systems and methods for detecting and preventing transmission of unwanted e-mail |
US7181769B1 (en) | 2000-08-25 | 2007-02-20 | Ncircle Network Security, Inc. | Network security system having a device profiler communicatively coupled to a traffic monitor |
US9280667B1 (en) | 2000-08-25 | 2016-03-08 | Tripwire, Inc. | Persistent host determination |
US6944673B2 (en) * | 2000-09-08 | 2005-09-13 | The Regents Of The University Of Michigan | Method and system for profiling network flows at a measurement point within a computer network |
US6988148B1 (en) * | 2001-01-19 | 2006-01-17 | Cisco Technology, Inc. | IP pool management utilizing an IP pool MIB |
GB2372673B (en) * | 2001-02-27 | 2003-05-28 | 3Com Corp | Apparatus and method for processing data relating to events on a network |
US7788345B1 (en) | 2001-06-04 | 2010-08-31 | Cisco Technology, Inc. | Resource allocation and reclamation for on-demand address pools |
US7234168B2 (en) | 2001-06-13 | 2007-06-19 | Mcafee, Inc. | Hierarchy-based method and apparatus for detecting attacks on a computer system |
US20040187032A1 (en) * | 2001-08-07 | 2004-09-23 | Christoph Gels | Method, data carrier, computer system and computer progamme for the identification and defence of attacks in server of network service providers and operators |
US20030105973A1 (en) * | 2001-12-04 | 2003-06-05 | Trend Micro Incorporated | Virus epidemic outbreak command system and method using early warning monitors in a network environment |
US7062553B2 (en) * | 2001-12-04 | 2006-06-13 | Trend Micro, Inc. | Virus epidemic damage control system and method for network environment |
EP1330095B1 (en) * | 2002-01-18 | 2006-04-05 | Stonesoft Corporation | Monitoring of data flow for enhancing network security |
US7225343B1 (en) * | 2002-01-25 | 2007-05-29 | The Trustees Of Columbia University In The City Of New York | System and methods for adaptive model generation for detecting intrusions in computer systems |
US8209756B1 (en) | 2002-02-08 | 2012-06-26 | Juniper Networks, Inc. | Compound attack detection in a computer network |
US7734752B2 (en) | 2002-02-08 | 2010-06-08 | Juniper Networks, Inc. | Intelligent integrated network security device for high-availability applications |
US7650634B2 (en) | 2002-02-08 | 2010-01-19 | Juniper Networks, Inc. | Intelligent integrated network security device |
US8370936B2 (en) * | 2002-02-08 | 2013-02-05 | Juniper Networks, Inc. | Multi-method gateway-based network security systems and methods |
US20060015942A1 (en) | 2002-03-08 | 2006-01-19 | Ciphertrust, Inc. | Systems and methods for classification of messaging entities |
US6941467B2 (en) * | 2002-03-08 | 2005-09-06 | Ciphertrust, Inc. | Systems and methods for adaptive message interrogation through multiple queues |
US20030172291A1 (en) | 2002-03-08 | 2003-09-11 | Paul Judge | Systems and methods for automated whitelisting in monitored communications |
US7124438B2 (en) | 2002-03-08 | 2006-10-17 | Ciphertrust, Inc. | Systems and methods for anomaly detection in patterns of monitored communications |
US7693947B2 (en) | 2002-03-08 | 2010-04-06 | Mcafee, Inc. | Systems and methods for graphically displaying messaging traffic |
US7694128B2 (en) | 2002-03-08 | 2010-04-06 | Mcafee, Inc. | Systems and methods for secure communication delivery |
US7903549B2 (en) | 2002-03-08 | 2011-03-08 | Secure Computing Corporation | Content-based policy compliance systems and methods |
US8561167B2 (en) | 2002-03-08 | 2013-10-15 | Mcafee, Inc. | Web reputation scoring |
US8578480B2 (en) | 2002-03-08 | 2013-11-05 | Mcafee, Inc. | Systems and methods for identifying potentially malicious messages |
US7870203B2 (en) | 2002-03-08 | 2011-01-11 | Mcafee, Inc. | Methods and systems for exposing messaging reputation to an end user |
US8132250B2 (en) | 2002-03-08 | 2012-03-06 | Mcafee, Inc. | Message profiling systems and methods |
CA2486519C (en) * | 2002-05-20 | 2015-01-27 | Airdefense, Inc. | System and method for making managing wireless network activity |
US7058796B2 (en) * | 2002-05-20 | 2006-06-06 | Airdefense, Inc. | Method and system for actively defending a wireless LAN against attacks |
US7042852B2 (en) * | 2002-05-20 | 2006-05-09 | Airdefense, Inc. | System and method for wireless LAN dynamic channel change with honeypot trap |
US7322044B2 (en) * | 2002-06-03 | 2008-01-22 | Airdefense, Inc. | Systems and methods for automated network policy exception detection and correction |
GB2391419A (en) | 2002-06-07 | 2004-02-04 | Hewlett Packard Co | Restricting the propagation of a virus within a network |
GB2401280B (en) | 2003-04-29 | 2006-02-08 | Hewlett Packard Development Co | Propagation of viruses through an information technology network |
GB2394382A (en) | 2002-10-19 | 2004-04-21 | Hewlett Packard Co | Monitoring the propagation of viruses through an Information Technology network |
TWI244297B (en) * | 2002-06-12 | 2005-11-21 | Thomson Licensing Sa | Apparatus and method adapted to communicate via a network |
US7420929B1 (en) | 2002-07-02 | 2008-09-02 | Juniper Networks, Inc. | Adaptive network flow analysis |
WO2004008700A2 (en) * | 2002-07-12 | 2004-01-22 | The Penn State Research Foundation | Real-time packet traceback and associated packet marking strategies |
US7752665B1 (en) * | 2002-07-12 | 2010-07-06 | TCS Commercial, Inc. | Detecting probes and scans over high-bandwidth, long-term, incomplete network traffic information using limited memory |
US7519990B1 (en) * | 2002-07-19 | 2009-04-14 | Fortinet, Inc. | Managing network traffic flow |
JP3996010B2 (en) | 2002-08-01 | 2007-10-24 | 株式会社日立製作所 | Storage network system, management apparatus, management method and program |
US7251215B1 (en) * | 2002-08-26 | 2007-07-31 | Juniper Networks, Inc. | Adaptive network router |
US7313100B1 (en) | 2002-08-26 | 2007-12-25 | Juniper Networks, Inc. | Network device having accounting service card |
JP3773194B2 (en) * | 2002-09-30 | 2006-05-10 | インターナショナル・ビジネス・マシーンズ・コーポレーション | Communication monitoring system and method, information processing method and program |
WO2004034229A2 (en) | 2002-10-10 | 2004-04-22 | Rocksteady Networks, Inc. | System and method for providing access control |
US8479057B2 (en) * | 2002-11-04 | 2013-07-02 | Riverbed Technology, Inc. | Aggregator for connection based anomaly detection |
US8191136B2 (en) * | 2002-11-04 | 2012-05-29 | Riverbed Technology, Inc. | Connection based denial of service detection |
US8504879B2 (en) * | 2002-11-04 | 2013-08-06 | Riverbed Technology, Inc. | Connection based anomaly detection |
US7454499B2 (en) * | 2002-11-07 | 2008-11-18 | Tippingpoint Technologies, Inc. | Active network defense system and method |
US7359930B2 (en) * | 2002-11-21 | 2008-04-15 | Arbor Networks | System and method for managing computer networks |
US7500266B1 (en) * | 2002-12-03 | 2009-03-03 | Bbn Technologies Corp. | Systems and methods for detecting network intrusions |
US9503470B2 (en) | 2002-12-24 | 2016-11-22 | Fred Herz Patents, LLC | Distributed agent based model for security monitoring and response |
US8327442B2 (en) | 2002-12-24 | 2012-12-04 | Herz Frederick S M | System and method for a distributed application and network security system (SDI-SCAM) |
US20040193943A1 (en) * | 2003-02-13 | 2004-09-30 | Robert Angelino | Multiparameter network fault detection system using probabilistic and aggregation analysis |
US7895649B1 (en) | 2003-04-04 | 2011-02-22 | Raytheon Company | Dynamic rule generation for an enterprise intrusion detection system |
US7293238B1 (en) | 2003-04-04 | 2007-11-06 | Raytheon Company | Graphical user interface for an enterprise intrusion detection system |
US7356585B1 (en) * | 2003-04-04 | 2008-04-08 | Raytheon Company | Vertically extensible intrusion detection system and method |
US8027841B2 (en) * | 2003-04-09 | 2011-09-27 | Holloway J Michael | Centralized server obtaining security intelligence knowledge by analyzing VoIP bit-stream |
US7522908B2 (en) * | 2003-04-21 | 2009-04-21 | Airdefense, Inc. | Systems and methods for wireless network site survey |
US7324804B2 (en) * | 2003-04-21 | 2008-01-29 | Airdefense, Inc. | Systems and methods for dynamic sensor discovery and selection |
US7359676B2 (en) * | 2003-04-21 | 2008-04-15 | Airdefense, Inc. | Systems and methods for adaptively scanning for wireless communications |
GB2401281B (en) | 2003-04-29 | 2006-02-08 | Hewlett Packard Development Co | Propagation of viruses through an information technology network |
US7796515B2 (en) | 2003-04-29 | 2010-09-14 | Hewlett-Packard Development Company, L.P. | Propagation of viruses through an information technology network |
US7308716B2 (en) * | 2003-05-20 | 2007-12-11 | International Business Machines Corporation | Applying blocking measures progressively to malicious network traffic |
US7710867B1 (en) * | 2003-05-23 | 2010-05-04 | F5 Networks, Inc. | System and method for managing traffic to a probe |
EP1630862B1 (en) * | 2003-05-30 | 2016-01-13 | Ebara Corporation | Sample inspection device and method, and device manufacturing method using the sample inspection device and method |
ATE400016T1 (en) | 2003-08-11 | 2008-07-15 | Telecom Italia Spa | METHOD AND SYSTEM FOR DETECTING UNAUTHORIZED USE OF A COMMUNICATIONS NETWORK |
US7624438B2 (en) | 2003-08-20 | 2009-11-24 | Eric White | System and method for providing a secure connection between networked computers |
US7725936B2 (en) * | 2003-10-31 | 2010-05-25 | International Business Machines Corporation | Host-based network intrusion detection systems |
JP4516306B2 (en) | 2003-11-28 | 2010-08-04 | 株式会社日立製作所 | How to collect storage network performance information |
EP1545131B1 (en) * | 2003-12-19 | 2007-07-18 | STMicroelectronics Limited | Semiconductor circuit for restricting data access |
US9032095B1 (en) | 2004-01-06 | 2015-05-12 | Juniper Networks, Inc. | Routing device having multiple logical routers |
US7895448B1 (en) * | 2004-02-18 | 2011-02-22 | Symantec Corporation | Risk profiling |
US20050204022A1 (en) * | 2004-03-10 | 2005-09-15 | Keith Johnston | System and method for network management XML architectural abstraction |
US7590728B2 (en) | 2004-03-10 | 2009-09-15 | Eric White | System and method for detection of aberrant network behavior by clients of a network access gateway |
US8543710B2 (en) * | 2004-03-10 | 2013-09-24 | Rpx Corporation | Method and system for controlling network access |
US7665130B2 (en) | 2004-03-10 | 2010-02-16 | Eric White | System and method for double-capture/double-redirect to a different location |
US7509625B2 (en) | 2004-03-10 | 2009-03-24 | Eric White | System and method for comprehensive code generation for system management |
US7610621B2 (en) * | 2004-03-10 | 2009-10-27 | Eric White | System and method for behavior-based firewall modeling |
WO2005093576A1 (en) * | 2004-03-28 | 2005-10-06 | Robert Iakobashvili | Visualization of packet network performance, analysis and optimization for design |
US7966658B2 (en) * | 2004-04-08 | 2011-06-21 | The Regents Of The University Of California | Detecting public network attacks using signatures and fast content analysis |
US7673049B2 (en) * | 2004-04-19 | 2010-03-02 | Brian Dinello | Network security system |
CA2733172C (en) * | 2004-05-07 | 2011-10-25 | Sandvine Incorporated Ulc | A system and method for detecting sources of abnormal computer network messages |
US7225468B2 (en) * | 2004-05-07 | 2007-05-29 | Digital Security Networks, Llc | Methods and apparatus for computer network security using intrusion detection and prevention |
US8074277B2 (en) * | 2004-06-07 | 2011-12-06 | Check Point Software Technologies, Inc. | System and methodology for intrusion detection and prevention |
GB2415578B (en) * | 2004-06-23 | 2007-07-04 | Hewlett Packard Development Co | Restricting virus access to a network |
US7523504B2 (en) * | 2004-08-02 | 2009-04-21 | Netiq Corporation | Methods, systems and computer program products for evaluating security of a network environment |
US7546635B1 (en) | 2004-08-11 | 2009-06-09 | Juniper Networks, Inc. | Stateful firewall protection for control plane traffic within a network device |
US8176126B2 (en) | 2004-08-26 | 2012-05-08 | International Business Machines Corporation | System, method and program to limit rate of transferring messages from suspected spammers |
US7706273B2 (en) * | 2004-09-30 | 2010-04-27 | Riverbed Technology, Inc. | Port tracking on dynamically negotiated ports |
US20060101516A1 (en) * | 2004-10-12 | 2006-05-11 | Sushanthan Sudaharan | Honeynet farms as an early warning system for production networks |
US7835361B1 (en) * | 2004-10-13 | 2010-11-16 | Sonicwall, Inc. | Method and apparatus for identifying data patterns in a file |
US7600257B2 (en) * | 2004-10-13 | 2009-10-06 | Sonicwall, Inc. | Method and an apparatus to perform multiple packet payloads analysis |
US8196199B2 (en) * | 2004-10-19 | 2012-06-05 | Airdefense, Inc. | Personal wireless monitoring agent |
US8635690B2 (en) * | 2004-11-05 | 2014-01-21 | Mcafee, Inc. | Reputation based message processing |
US7607170B2 (en) | 2004-12-22 | 2009-10-20 | Radware Ltd. | Stateful attack protection |
US7577992B2 (en) * | 2005-01-14 | 2009-08-18 | Microsoft Corporation | Software security based on control flow integrity |
US7809826B1 (en) | 2005-01-27 | 2010-10-05 | Juniper Networks, Inc. | Remote aggregation of network traffic profiling data |
US7810151B1 (en) | 2005-01-27 | 2010-10-05 | Juniper Networks, Inc. | Automated change detection within a network environment |
US7769851B1 (en) | 2005-01-27 | 2010-08-03 | Juniper Networks, Inc. | Application-layer monitoring and profiling network traffic |
US7937755B1 (en) * | 2005-01-27 | 2011-05-03 | Juniper Networks, Inc. | Identification of network policy violations |
JP4170299B2 (en) * | 2005-01-31 | 2008-10-22 | 独立行政法人 宇宙航空研究開発機構 | Communication state transition monitoring method and communication state transition monitoring apparatus using the same |
US7797411B1 (en) | 2005-02-02 | 2010-09-14 | Juniper Networks, Inc. | Detection and prevention of encapsulated network attacks using an intermediate device |
US7937480B2 (en) | 2005-06-02 | 2011-05-03 | Mcafee, Inc. | Aggregation of reputation data |
WO2006130840A2 (en) * | 2005-06-02 | 2006-12-07 | Georgia Tech Research Corporation | System and method for data streaming |
US7877803B2 (en) * | 2005-06-27 | 2011-01-25 | Hewlett-Packard Development Company, L.P. | Automated immune response for a computer |
US8572733B1 (en) | 2005-07-06 | 2013-10-29 | Raytheon Company | System and method for active data collection in a network security system |
US7746862B1 (en) | 2005-08-02 | 2010-06-29 | Juniper Networks, Inc. | Packet processing in a multiple processor system |
US7908655B1 (en) * | 2005-08-16 | 2011-03-15 | Sprint Communications Company L.P. | Connectionless port scan detection on a network |
US8224761B1 (en) | 2005-09-01 | 2012-07-17 | Raytheon Company | System and method for interactive correlation rule design in a network security system |
US7352280B1 (en) | 2005-09-01 | 2008-04-01 | Raytheon Company | System and method for intruder tracking using advanced correlation in a network security system |
US7950058B1 (en) | 2005-09-01 | 2011-05-24 | Raytheon Company | System and method for collaborative information security correlation in low bandwidth environments |
US8079083B1 (en) * | 2005-09-02 | 2011-12-13 | Symantec Corporation | Method and system for recording network traffic and predicting potential security events |
US7716340B2 (en) * | 2005-09-30 | 2010-05-11 | Lycos, Inc. | Restricting access to a shared resource |
US20070078589A1 (en) * | 2005-10-05 | 2007-04-05 | Antonio Magnaghi | Detecting anomalies internal to a network from traffic external to the network |
US20070076611A1 (en) * | 2005-10-05 | 2007-04-05 | Fujitsu Limited | Detecting anomalies from acceptable traffic affected by anomalous traffic |
US8566928B2 (en) | 2005-10-27 | 2013-10-22 | Georgia Tech Research Corporation | Method and system for detecting and responding to attacking networks |
US7653670B2 (en) * | 2005-11-28 | 2010-01-26 | Nec Laboratories America, Inc. | Storage-efficient and collision-free hash-based packet processing architecture and method |
US7849185B1 (en) | 2006-01-10 | 2010-12-07 | Raytheon Company | System and method for attacker attribution in a network security system |
US7715800B2 (en) | 2006-01-13 | 2010-05-11 | Airdefense, Inc. | Systems and methods for wireless intrusion detection using spectral analysis |
US7787390B1 (en) | 2006-01-30 | 2010-08-31 | Marvell International Ltd. | Custom automatic remote monitoring for network devices |
US9392009B2 (en) | 2006-03-02 | 2016-07-12 | International Business Machines Corporation | Operating a network monitoring entity |
US7971251B2 (en) * | 2006-03-17 | 2011-06-28 | Airdefense, Inc. | Systems and methods for wireless security using distributed collaboration of wireless clients |
US20070218874A1 (en) * | 2006-03-17 | 2007-09-20 | Airdefense, Inc. | Systems and Methods For Wireless Network Forensics |
US20090021343A1 (en) * | 2006-05-10 | 2009-01-22 | Airdefense, Inc. | RFID Intrusion Protection System and Methods |
WO2007133799A2 (en) * | 2006-05-15 | 2007-11-22 | Fair Isaac Corporation | Comprehensive online fraud detection system and method |
US7697418B2 (en) * | 2006-06-12 | 2010-04-13 | Alcatel Lucent | Method for estimating the fan-in and/or fan-out of a node |
US7970013B2 (en) | 2006-06-16 | 2011-06-28 | Airdefense, Inc. | Systems and methods for wireless network content filtering |
US7873833B2 (en) * | 2006-06-29 | 2011-01-18 | Cisco Technology, Inc. | Detection of frequent and dispersed invariants |
EP1879350A1 (en) * | 2006-07-10 | 2008-01-16 | Abb Research Ltd. | Distributed computer system with a local area network |
US20080034424A1 (en) * | 2006-07-20 | 2008-02-07 | Kevin Overcash | System and method of preventing web applications threats |
US7934253B2 (en) * | 2006-07-20 | 2011-04-26 | Trustwave Holdings, Inc. | System and method of securing web applications across an enterprise |
US20080047009A1 (en) * | 2006-07-20 | 2008-02-21 | Kevin Overcash | System and method of securing networks against applications threats |
US8281392B2 (en) * | 2006-08-11 | 2012-10-02 | Airdefense, Inc. | Methods and systems for wired equivalent privacy and Wi-Fi protected access protection |
AU2007351385B2 (en) * | 2006-11-14 | 2013-05-16 | Fmr Llc | Detecting and interdicting fraudulent activity on a network |
US8145560B2 (en) | 2006-11-14 | 2012-03-27 | Fmr Llc | Detecting fraudulent activity on a network |
US8180873B2 (en) | 2006-11-14 | 2012-05-15 | Fmr Llc | Detecting fraudulent activity |
US8811156B1 (en) | 2006-11-14 | 2014-08-19 | Raytheon Company | Compressing n-dimensional data |
US7856494B2 (en) | 2006-11-14 | 2010-12-21 | Fmr Llc | Detecting and interdicting fraudulent activity on a network |
US7949716B2 (en) | 2007-01-24 | 2011-05-24 | Mcafee, Inc. | Correlation and analysis of entity attributes |
US8214497B2 (en) | 2007-01-24 | 2012-07-03 | Mcafee, Inc. | Multi-dimensional reputation scoring |
US7779156B2 (en) | 2007-01-24 | 2010-08-17 | Mcafee, Inc. | Reputation based load balancing |
US8763114B2 (en) | 2007-01-24 | 2014-06-24 | Mcafee, Inc. | Detecting image spam |
US8179798B2 (en) | 2007-01-24 | 2012-05-15 | Mcafee, Inc. | Reputation based connection throttling |
US8391288B2 (en) * | 2007-01-31 | 2013-03-05 | Hewlett-Packard Development Company, L.P. | Security system for protecting networks from vulnerability exploits |
WO2008098260A1 (en) * | 2007-02-09 | 2008-08-14 | Smobile Systems, Inc. | Off-line mms malware scanning system and method |
US7885976B2 (en) * | 2007-02-23 | 2011-02-08 | International Business Machines Corporation | Identification, notification, and control of data access quantity and patterns |
US8863286B1 (en) | 2007-06-05 | 2014-10-14 | Sonicwall, Inc. | Notification for reassembly-free file scanning |
US7991723B1 (en) | 2007-07-16 | 2011-08-02 | Sonicwall, Inc. | Data pattern analysis using optimized deterministic finite automaton |
US8291495B1 (en) * | 2007-08-08 | 2012-10-16 | Juniper Networks, Inc. | Identifying applications for intrusion detection systems |
US20090070880A1 (en) * | 2007-09-11 | 2009-03-12 | Harris David E | Methods and apparatus for validating network alarms |
US20090100518A1 (en) * | 2007-09-21 | 2009-04-16 | Kevin Overcash | System and method for detecting security defects in applications |
US8185930B2 (en) | 2007-11-06 | 2012-05-22 | Mcafee, Inc. | Adjusting filter or classification control settings |
US8045458B2 (en) | 2007-11-08 | 2011-10-25 | Mcafee, Inc. | Prioritizing network traffic |
US8112800B1 (en) | 2007-11-08 | 2012-02-07 | Juniper Networks, Inc. | Multi-layered application classification and decoding |
US8180886B2 (en) * | 2007-11-15 | 2012-05-15 | Trustwave Holdings, Inc. | Method and apparatus for detection of information transmission abnormalities |
US8160975B2 (en) | 2008-01-25 | 2012-04-17 | Mcafee, Inc. | Granular support vector machine with random granularity |
US7792922B2 (en) * | 2008-03-05 | 2010-09-07 | Caterpillar Inc. | Systems and methods for managing health of a client system |
US8589503B2 (en) | 2008-04-04 | 2013-11-19 | Mcafee, Inc. | Prioritizing network traffic |
US8339959B1 (en) | 2008-05-20 | 2012-12-25 | Juniper Networks, Inc. | Streamlined packet forwarding using dynamic filters for routing and security in a shared forwarding plane |
US20090327971A1 (en) * | 2008-06-26 | 2009-12-31 | Microsoft Corporation | Informational elements in threat models |
US8856926B2 (en) | 2008-06-27 | 2014-10-07 | Juniper Networks, Inc. | Dynamic policy provisioning within network security devices |
US10027688B2 (en) | 2008-08-11 | 2018-07-17 | Damballa, Inc. | Method and system for detecting malicious and/or botnet-related domain names |
US8726382B2 (en) * | 2008-08-20 | 2014-05-13 | The Boeing Company | Methods and systems for automated detection and tracking of network attacks |
US7903566B2 (en) * | 2008-08-20 | 2011-03-08 | The Boeing Company | Methods and systems for anomaly detection using internet protocol (IP) traffic conversation data |
US8813220B2 (en) | 2008-08-20 | 2014-08-19 | The Boeing Company | Methods and systems for internet protocol (IP) packet header collection and storage |
US8762515B2 (en) | 2008-08-20 | 2014-06-24 | The Boeing Company | Methods and systems for collection, tracking, and display of near real time multicast data |
US7995496B2 (en) * | 2008-08-20 | 2011-08-09 | The Boeing Company | Methods and systems for internet protocol (IP) traffic conversation detection and storage |
US8009559B1 (en) * | 2008-08-28 | 2011-08-30 | Juniper Networks, Inc. | Global flow tracking system |
US8793339B2 (en) * | 2008-08-29 | 2014-07-29 | Red Hat, Inc. | Facilitating client server interaction |
US8793398B2 (en) * | 2008-08-29 | 2014-07-29 | Red Hat, Inc. | Facilitating client server interaction |
US8154996B2 (en) * | 2008-09-11 | 2012-04-10 | Juniper Networks, Inc. | Methods and apparatus for flow control associated with multi-staged queues |
US8213308B2 (en) | 2008-09-11 | 2012-07-03 | Juniper Networks, Inc. | Methods and apparatus for defining a flow control signal related to a transmit queue |
US8325749B2 (en) | 2008-12-24 | 2012-12-04 | Juniper Networks, Inc. | Methods and apparatus for transmission of groups of cells via a switch fabric |
US8955107B2 (en) * | 2008-09-12 | 2015-02-10 | Juniper Networks, Inc. | Hierarchical application of security services within a computer network |
US20110238587A1 (en) * | 2008-09-23 | 2011-09-29 | Savvis, Inc. | Policy management system and method |
US8220056B2 (en) * | 2008-09-23 | 2012-07-10 | Savvis, Inc. | Threat management system and method |
US8813221B1 (en) | 2008-09-25 | 2014-08-19 | Sonicwall, Inc. | Reassembly-free deep packet inspection on multi-core hardware |
US7855967B1 (en) * | 2008-09-26 | 2010-12-21 | Tellabs San Jose, Inc. | Method and apparatus for providing line rate netflow statistics gathering |
US8607347B2 (en) * | 2008-09-29 | 2013-12-10 | Sophos Limited | Network stream scanning facility |
US8572717B2 (en) | 2008-10-09 | 2013-10-29 | Juniper Networks, Inc. | Dynamic access control policy with port restrictions for a network security appliance |
US8254255B2 (en) | 2008-12-29 | 2012-08-28 | Juniper Networks, Inc. | Flow-control in a switch fabric |
EP2392103B1 (en) | 2009-02-02 | 2017-03-22 | Level 3 Communications, LLC | Analysis of network traffic |
US8531978B2 (en) | 2009-02-02 | 2013-09-10 | Level 3 Communications, Llc | Network cost analysis |
US9398043B1 (en) | 2009-03-24 | 2016-07-19 | Juniper Networks, Inc. | Applying fine-grain policy action to encapsulated network attacks |
NL2002694C2 (en) * | 2009-04-01 | 2010-10-04 | Univ Twente | Method and system for alert classification in a computer network. |
US20100293618A1 (en) * | 2009-05-12 | 2010-11-18 | Microsoft Corporation | Runtime analysis of software privacy issues |
US20110131652A1 (en) * | 2009-05-29 | 2011-06-02 | Autotrader.Com, Inc. | Trained predictive services to interdict undesired website accesses |
US9769149B1 (en) | 2009-07-02 | 2017-09-19 | Sonicwall Inc. | Proxy-less secure sockets layer (SSL) data inspection |
US20110023088A1 (en) * | 2009-07-23 | 2011-01-27 | Electronics And Telecommunications Research Institute | Flow-based dynamic access control system and method |
US8369345B1 (en) | 2009-11-13 | 2013-02-05 | Juniper Networks, Inc. | Multi-router system having shared network interfaces |
US9264321B2 (en) | 2009-12-23 | 2016-02-16 | Juniper Networks, Inc. | Methods and apparatus for tracking data flow based on flow state values |
US8949987B2 (en) * | 2010-01-06 | 2015-02-03 | Alcatel Lucent | Computer security process monitor |
US8578497B2 (en) | 2010-01-06 | 2013-11-05 | Damballa, Inc. | Method and system for detecting malware |
US8826438B2 (en) | 2010-01-19 | 2014-09-02 | Damballa, Inc. | Method and system for network-based detecting of malware from behavioral clustering |
US9602439B2 (en) | 2010-04-30 | 2017-03-21 | Juniper Networks, Inc. | Methods and apparatus for flow control associated with a switch fabric |
US8621638B2 (en) | 2010-05-14 | 2013-12-31 | Mcafee, Inc. | Systems and methods for classification of messaging entities |
US10187353B2 (en) * | 2010-06-02 | 2019-01-22 | Symantec Corporation | Behavioral classification of network data flows |
US9065773B2 (en) | 2010-06-22 | 2015-06-23 | Juniper Networks, Inc. | Methods and apparatus for virtual channel flow control associated with a switch fabric |
US8553710B1 (en) | 2010-08-18 | 2013-10-08 | Juniper Networks, Inc. | Fibre channel credit-based link flow control overlay onto fibre channel over ethernet |
US8509071B1 (en) | 2010-10-06 | 2013-08-13 | Juniper Networks, Inc. | Multi-dimensional traffic management |
US9660940B2 (en) | 2010-12-01 | 2017-05-23 | Juniper Networks, Inc. | Methods and apparatus for flow control associated with a switch fabric |
US9032089B2 (en) | 2011-03-09 | 2015-05-12 | Juniper Networks, Inc. | Methods and apparatus for path selection within a network based on flow duration |
CN102761517B (en) * | 2011-04-25 | 2015-06-24 | 工业和信息化部电信传输研究所 | Content reduction method for high-speed network |
KR20130030086A (en) * | 2011-09-16 | 2013-03-26 | 한국전자통신연구원 | Method and apparatus for defending distributed denial of service attack through abnomal terminated session |
US8811183B1 (en) | 2011-10-04 | 2014-08-19 | Juniper Networks, Inc. | Methods and apparatus for multi-path flow control within a multi-stage switch fabric |
US9251535B1 (en) | 2012-01-05 | 2016-02-02 | Juniper Networks, Inc. | Offload of data transfer statistics from a mobile access gateway |
US8976661B2 (en) * | 2012-01-11 | 2015-03-10 | Nec Laboratories America, Inc. | Network self-protection |
US9922190B2 (en) | 2012-01-25 | 2018-03-20 | Damballa, Inc. | Method and system for detecting DGA-based malware |
US10432587B2 (en) | 2012-02-21 | 2019-10-01 | Aventail Llc | VPN deep packet inspection |
RU2475836C1 (en) * | 2012-03-12 | 2013-02-20 | Федеральное государственное военное образовательное учреждение высшего профессионального образования "Военная академия связи имени маршала Советского Союза С.М. Буденного" Министерства обороны Российской Федерации | Method for protection of computer networks |
US10169575B1 (en) * | 2012-03-14 | 2019-01-01 | Symantec Corporation | Systems and methods for preventing internal network attacks |
US9038180B2 (en) | 2012-03-22 | 2015-05-19 | Los Alamos National Security, Llc | Using new edges for anomaly detection in computer networks |
US8995271B2 (en) * | 2012-04-30 | 2015-03-31 | Hewlett-Packard Development Company, L.P. | Communications flow analysis |
US9154461B2 (en) | 2012-05-16 | 2015-10-06 | The Keyw Corporation | Packet capture deep packet inspection sensor |
FI20125761A (en) * | 2012-06-29 | 2013-12-30 | Tellabs Oy | Method and apparatus for detecting sources of data frame storms |
US9686169B2 (en) | 2012-07-02 | 2017-06-20 | Ixia | Real-time highly accurate network latency measurement with low generated traffic or data requirements |
US9392003B2 (en) | 2012-08-23 | 2016-07-12 | Raytheon Foreground Security, Inc. | Internet security cyber threat reporting system and method |
US10547674B2 (en) | 2012-08-27 | 2020-01-28 | Help/Systems, Llc | Methods and systems for network flow analysis |
US9894088B2 (en) | 2012-08-31 | 2018-02-13 | Damballa, Inc. | Data mining to identify malicious activity |
US10084806B2 (en) | 2012-08-31 | 2018-09-25 | Damballa, Inc. | Traffic simulation to identify malicious activity |
US9137205B2 (en) | 2012-10-22 | 2015-09-15 | Centripetal Networks, Inc. | Methods and systems for protecting a secured network |
US9565213B2 (en) | 2012-10-22 | 2017-02-07 | Centripetal Networks, Inc. | Methods and systems for protecting a secured network |
US8943600B2 (en) * | 2012-10-26 | 2015-01-27 | International Business Machines Corporation | Weighted security analysis |
US9203806B2 (en) | 2013-01-11 | 2015-12-01 | Centripetal Networks, Inc. | Rule swapping in a packet network |
US9124552B2 (en) | 2013-03-12 | 2015-09-01 | Centripetal Networks, Inc. | Filtering network data transfers |
US9094445B2 (en) | 2013-03-15 | 2015-07-28 | Centripetal Networks, Inc. | Protecting networks from cyber attacks and overloading |
US9571511B2 (en) | 2013-06-14 | 2017-02-14 | Damballa, Inc. | Systems and methods for traffic classification |
DE102013216847B4 (en) * | 2013-08-23 | 2023-06-01 | Siemens Mobility GmbH | Method, device and system for monitoring a security gateway unit |
US9288221B2 (en) | 2014-01-14 | 2016-03-15 | Pfu Limited | Information processing apparatus, method for determining unauthorized activity and computer-readable medium |
CN103780610A (en) * | 2014-01-16 | 2014-05-07 | 绵阳师范学院 | Network data recovery method based on protocol characteristics |
CA2938318C (en) * | 2014-01-30 | 2023-10-03 | Nasdaq, Inc. | Systems and methods for continuous active data security |
US9565114B1 (en) * | 2014-03-08 | 2017-02-07 | Google Inc. | Weighted load balancing using scaled parallel hashing |
KR101761737B1 (en) * | 2014-05-20 | 2017-07-26 | 한국전자통신연구원 | System and Method for Detecting Abnormal Behavior of Control System |
US9264370B1 (en) | 2015-02-10 | 2016-02-16 | Centripetal Networks, Inc. | Correlating packets in communications networks |
US9930065B2 (en) | 2015-03-25 | 2018-03-27 | University Of Georgia Research Foundation, Inc. | Measuring, categorizing, and/or mitigating malware distribution paths |
RO131470A2 (en) | 2015-04-10 | 2016-10-28 | Ixia, A California Corporation | Methods, systems and computer-readable media for one-way link delay measurement |
US10019333B2 (en) | 2015-04-16 | 2018-07-10 | Keysight Technologies Singapore (Holdings) Pte. Ltd. | Methods, systems, and computer readable media for emulating network devices with different clocks |
US9736804B2 (en) | 2015-04-16 | 2017-08-15 | Ixia | Methods, systems, and computer readable media for synchronizing timing among network interface cards (NICS) in a network equipment test device |
US9866576B2 (en) | 2015-04-17 | 2018-01-09 | Centripetal Networks, Inc. | Rule-based network-threat detection |
RO131471A2 (en) | 2015-04-21 | 2016-10-28 | Ixia, A California Corporation | Methods, systems and computer-readable media for testing quality of recovered clock |
US10536357B2 (en) | 2015-06-05 | 2020-01-14 | Cisco Technology, Inc. | Late data detection in data center |
US10142353B2 (en) | 2015-06-05 | 2018-11-27 | Cisco Technology, Inc. | System for monitoring and managing datacenters |
US9917753B2 (en) | 2015-06-12 | 2018-03-13 | Level 3 Communications, Llc | Network operational flaw detection using metrics |
US9813226B2 (en) | 2015-08-05 | 2017-11-07 | Ixia | Modeling a clock |
US9800595B2 (en) * | 2015-09-21 | 2017-10-24 | Ixia | Methods, systems, and computer readable media for detecting physical link intrusions |
US9917856B2 (en) | 2015-12-23 | 2018-03-13 | Centripetal Networks, Inc. | Rule-based network-threat detection for encrypted communications |
US10075416B2 (en) | 2015-12-30 | 2018-09-11 | Juniper Networks, Inc. | Network session data sharing |
US11729144B2 (en) | 2016-01-04 | 2023-08-15 | Centripetal Networks, Llc | Efficient packet capture for cyber threat analysis |
US10430442B2 (en) * | 2016-03-09 | 2019-10-01 | Symantec Corporation | Systems and methods for automated classification of application network activity |
RU2634211C1 (en) | 2016-07-06 | 2017-10-24 | Общество с ограниченной ответственностью "Траст" | Method and system of protocols analysis of harmful programs interaction with control centers and detection of computer attacks |
RU2649793C2 (en) | 2016-08-03 | 2018-04-04 | ООО "Группа АйБи" | Method and system of detecting remote connection when working on web resource pages |
US10263835B2 (en) * | 2016-08-12 | 2019-04-16 | Microsoft Technology Licensing, Llc | Localizing network faults through differential analysis of TCP telemetry |
RU2634209C1 (en) | 2016-09-19 | 2017-10-24 | Общество с ограниченной ответственностью "Группа АйБи ТДС" | System and method of autogeneration of decision rules for intrusion detection systems with feedback |
US10666675B1 (en) | 2016-09-27 | 2020-05-26 | Ca, Inc. | Systems and methods for creating automatic computer-generated classifications |
RU2671991C2 (en) | 2016-12-29 | 2018-11-08 | Общество с ограниченной ответственностью "Траст" | System and method for collecting information for detecting phishing |
RU2637477C1 (en) | 2016-12-29 | 2017-12-04 | Общество с ограниченной ответственностью "Траст" | System and method for detecting phishing web pages |
CN108322354B (en) * | 2017-01-18 | 2020-10-23 | 中国移动通信集团河南有限公司 | Method and device for identifying running-stealing flow account |
US10230690B2 (en) * | 2017-03-23 | 2019-03-12 | International Business Machines Corporation | Digital media content distribution blocking |
US10609054B2 (en) | 2017-04-07 | 2020-03-31 | Keysight Technologies Singapore (Sales) Pte. Ltd. | Methods, systems, and computer readable media for monitoring, adjusting, and utilizing latency associated with accessing distributed computing resources |
US10425321B2 (en) | 2017-04-25 | 2019-09-24 | Keysight Technologies Singapore (Sales) Pte. Ltd. | Methods, systems, and computer readable media for testing time sensitive network (TSN) elements |
US10503899B2 (en) | 2017-07-10 | 2019-12-10 | Centripetal Networks, Inc. | Cyberanalysis workflow acceleration |
US11233777B2 (en) | 2017-07-24 | 2022-01-25 | Centripetal Networks, Inc. | Efficient SSL/TLS proxy |
US10284526B2 (en) | 2017-07-24 | 2019-05-07 | Centripetal Networks, Inc. | Efficient SSL/TLS proxy |
US10855705B2 (en) | 2017-09-29 | 2020-12-01 | Cisco Technology, Inc. | Enhanced flow-based computer network threat detection |
RU2689816C2 (en) | 2017-11-21 | 2019-05-29 | ООО "Группа АйБи" | Method for classifying sequence of user actions (embodiments) |
RU2680736C1 (en) | 2018-01-17 | 2019-02-26 | Общество с ограниченной ответственностью "Группа АйБи ТДС" | Malware files in network traffic detection server and method |
RU2668710C1 (en) | 2018-01-17 | 2018-10-02 | Общество с ограниченной ответственностью "Группа АйБи ТДС" | Computing device and method for detecting malicious domain names in network traffic |
RU2677361C1 (en) | 2018-01-17 | 2019-01-16 | Общество с ограниченной ответственностью "Траст" | Method and system of decentralized identification of malware programs |
RU2677368C1 (en) | 2018-01-17 | 2019-01-16 | Общество С Ограниченной Ответственностью "Группа Айби" | Method and system for automatic determination of fuzzy duplicates of video content |
RU2676247C1 (en) | 2018-01-17 | 2018-12-26 | Общество С Ограниченной Ответственностью "Группа Айби" | Web resources clustering method and computer device |
RU2681699C1 (en) | 2018-02-13 | 2019-03-12 | Общество с ограниченной ответственностью "Траст" | Method and server for searching related network resources |
US10333898B1 (en) | 2018-07-09 | 2019-06-25 | Centripetal Networks, Inc. | Methods and systems for efficient network protection |
WO2020087039A1 (en) * | 2018-10-26 | 2020-04-30 | Netography, Inc. | Distributed network and security operations platform |
RU2708508C1 (en) | 2018-12-17 | 2019-12-09 | Общество с ограниченной ответственностью "Траст" | Method and a computing device for detecting suspicious users in messaging systems |
RU2701040C1 (en) | 2018-12-28 | 2019-09-24 | Общество с ограниченной ответственностью "Траст" | Method and a computer for informing on malicious web resources |
US10965392B2 (en) | 2019-01-25 | 2021-03-30 | Keysight Technologies, Inc. | Active network tap supporting time sensitive network (TSN) standards |
US11563768B2 (en) | 2019-01-31 | 2023-01-24 | Keysight Technologies, Inc. | Methods, systems, and computer readable media for detecting and mitigating effects of timing attacks in time sensitive networks |
SG11202101624WA (en) | 2019-02-27 | 2021-03-30 | Group Ib Ltd | Method and system for user identification by keystroke dynamics |
US11381459B2 (en) * | 2019-08-05 | 2022-07-05 | Sk Planet Co., Ltd. | Service providing system and method for preventing hidden camera, service providing apparatus therefor, and non-transitory computer readable medium having computer program recorded thereon |
US11546354B2 (en) * | 2019-11-26 | 2023-01-03 | Kyndryl, Inc. | Network shutdown for cyber security |
RU2728498C1 (en) | 2019-12-05 | 2020-07-29 | Общество с ограниченной ответственностью "Группа АйБи ТДС" | Method and system for determining software belonging by its source code |
RU2728497C1 (en) | 2019-12-05 | 2020-07-29 | Общество с ограниченной ответственностью "Группа АйБи ТДС" | Method and system for determining belonging of software by its machine code |
RU2743974C1 (en) | 2019-12-19 | 2021-03-01 | Общество с ограниченной ответственностью "Группа АйБи ТДС" | System and method for scanning security of elements of network architecture |
SG10202001963TA (en) | 2020-03-04 | 2021-10-28 | Group Ib Global Private Ltd | System and method for brand protection based on the search results |
FR3111442B1 (en) * | 2020-06-10 | 2023-07-28 | Serenicity | System for analyzing the IT risk of a set of peripherals connected to a network |
US11475090B2 (en) | 2020-07-15 | 2022-10-18 | Group-Ib Global Private Limited | Method and system for identifying clusters of affiliated web resources |
RU2743619C1 (en) | 2020-08-06 | 2021-02-20 | Общество с ограниченной ответственностью "Группа АйБи ТДС" | Method and system for generating the list of compromise indicators |
US11316823B2 (en) | 2020-08-27 | 2022-04-26 | Centripetal Networks, Inc. | Methods and systems for efficient virtualization of inline transparent computer networking devices |
US11362996B2 (en) | 2020-10-27 | 2022-06-14 | Centripetal Networks, Inc. | Methods and systems for efficient adaptive logging of cyber threat incidents |
CN112929362B (en) * | 2021-02-04 | 2023-01-20 | 广东电网有限责任公司广州供电局 | Probe device, front-end message processing method and wireless communication management system |
US11947572B2 (en) | 2021-03-29 | 2024-04-02 | Group IB TDS, Ltd | Method and system for clustering executable files |
US11159546B1 (en) | 2021-04-20 | 2021-10-26 | Centripetal Networks, Inc. | Methods and systems for efficient threat context-aware packet filtering for network protection |
CN115103000B (en) * | 2022-06-20 | 2023-09-26 | 北京鼎兴达信息科技股份有限公司 | Method for restoring and analyzing business session of railway data network based on NetStream |
Family Cites Families (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5437244A (en) * | 1991-09-16 | 1995-08-01 | Agri-Engineering, Inc. | Ball float for a watering tank |
US5557686A (en) * | 1993-01-13 | 1996-09-17 | University Of Alabama | Method and apparatus for verification of a computer user's identification, based on keystroke characteristics |
FR2706652B1 (en) | 1993-06-09 | 1995-08-18 | Alsthom Cge Alcatel | Device for detecting intrusions and suspicious users for a computer system and security system comprising such a device. |
US5557742A (en) | 1994-03-07 | 1996-09-17 | Haystack Labs, Inc. | Method and system for detecting intrusion into and misuse of a data processing system |
US5825750A (en) * | 1996-03-29 | 1998-10-20 | Motorola | Method and apparatus for maintaining security in a packetized data communications network |
US5970227A (en) | 1996-04-30 | 1999-10-19 | International Business Machines Corp. | Wireless proximity detector security feature |
US6119236A (en) * | 1996-10-07 | 2000-09-12 | Shipley; Peter M. | Intelligent network security device and method |
US6453345B2 (en) * | 1996-11-06 | 2002-09-17 | Datadirect Networks, Inc. | Network security and surveillance system |
US5991881A (en) | 1996-11-08 | 1999-11-23 | Harris Corporation | Network surveillance system |
US5796942A (en) * | 1996-11-21 | 1998-08-18 | Computer Associates International, Inc. | Method and apparatus for automated network-wide surveillance and security breach intervention |
US6578077B1 (en) * | 1997-05-27 | 2003-06-10 | Novell, Inc. | Traffic monitoring tool for bandwidth management |
US6182226B1 (en) | 1998-03-18 | 2001-01-30 | Secure Computing Corporation | System and method for controlling interactions between networks |
US6275942B1 (en) | 1998-05-20 | 2001-08-14 | Network Associates, Inc. | System, method and computer program product for automatic response to computer system misuse using active response modules |
US6321338B1 (en) | 1998-11-09 | 2001-11-20 | Sri International | Network surveillance |
US6370648B1 (en) * | 1998-12-08 | 2002-04-09 | Visa International Service Association | Computer network intrusion detection |
FR2790348B1 (en) * | 1999-02-26 | 2001-05-25 | Thierry Grenot | SYSTEM AND METHOD FOR MEASURING HANDOVER TIMES AND LOSS RATES IN HIGH-SPEED TELECOMMUNICATIONS NETWORKS |
US6628654B1 (en) * | 1999-07-01 | 2003-09-30 | Cisco Technology, Inc. | Dispatching packets from a forwarding agent using tag switching |
US6671811B1 (en) * | 1999-10-25 | 2003-12-30 | Visa Internation Service Association | Features generation for use in computer network intrusion detection |
US6363489B1 (en) * | 1999-11-29 | 2002-03-26 | Forescout Technologies Inc. | Method for automatic intrusion detection and deflection in a network |
US20020133586A1 (en) * | 2001-01-16 | 2002-09-19 | Carter Shanklin | Method and device for monitoring data traffic and preventing unauthorized access to a network |
US20020104017A1 (en) * | 2001-01-30 | 2002-08-01 | Rares Stefan | Firewall system for protecting network elements connected to a public network |
US20040187032A1 (en) * | 2001-08-07 | 2004-09-23 | Christoph Gels | Method, data carrier, computer system and computer progamme for the identification and defence of attacks in server of network service providers and operators |
US7565678B2 (en) * | 2001-12-28 | 2009-07-21 | At&T Intellectual Property, I, L.P. | Methods and devices for discouraging unauthorized modifications to set top boxes and to gateways |
-
2001
- 2001-11-30 WO PCT/US2001/045275 patent/WO2002045380A2/en active IP Right Grant
- 2001-11-30 CA CA2430571A patent/CA2430571C/en not_active Expired - Lifetime
- 2001-11-30 EP EP01990779A patent/EP1338130B1/en not_active Expired - Lifetime
- 2001-11-30 US US10/000,396 patent/US7185368B2/en active Active
- 2001-11-30 DE DE60124295T patent/DE60124295T8/en active Active
- 2001-11-30 AU AU2002230541A patent/AU2002230541B2/en not_active Expired
- 2001-11-30 AU AU3054102A patent/AU3054102A/en active Pending
- 2001-11-30 AT AT01990779T patent/ATE344573T1/en not_active IP Right Cessation
Also Published As
Publication number | Publication date |
---|---|
WO2002045380A9 (en) | 2002-09-19 |
CA2430571C (en) | 2011-07-12 |
ATE344573T1 (en) | 2006-11-15 |
EP1338130B1 (en) | 2006-11-02 |
DE60124295T8 (en) | 2007-12-06 |
WO2002045380A2 (en) | 2002-06-06 |
DE60124295T2 (en) | 2007-05-31 |
AU3054102A (en) | 2002-06-11 |
EP1338130A2 (en) | 2003-08-27 |
DE60124295D1 (en) | 2006-12-14 |
US7185368B2 (en) | 2007-02-27 |
US20030105976A1 (en) | 2003-06-05 |
WO2002045380A3 (en) | 2003-01-30 |
AU2002230541B2 (en) | 2007-08-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CA2430571A1 (en) | Flow-based detection of network intrusions | |
WO2006127012A3 (en) | Packet sampling flow-based detection of network intrusions | |
JP6703613B2 (en) | Anomaly detection in data stream | |
US9130982B2 (en) | System and method for real-time reporting of anomalous internet protocol attacks | |
KR101424490B1 (en) | Reverse access detecting system and method based on latency | |
EP2257024B1 (en) | Method, network apparatus and network system for defending distributed denial of service ddos attack | |
US8650646B2 (en) | System and method for optimization of security traffic monitoring | |
CA2649047A1 (en) | Method and apparatus for large-scale automated distributed denial of service attack detection | |
KR101003104B1 (en) | Apparatus for monitoring the security status in wireless network and method thereof | |
CN111935170A (en) | Network abnormal flow detection method, device and equipment | |
JP2018533897A5 (en) | ||
US20050278779A1 (en) | System and method for identifying the source of a denial-of-service attack | |
CN104683346A (en) | P2P botnet detection device and method based on flow analysis | |
CN103281293A (en) | Network flow rate abnormity detection method based on multi-dimension layering relative entropy | |
WO2011075922A1 (en) | Method for detecting distributed denial of service attack | |
AU2002230541A1 (en) | Flow-based detection of network intrusions | |
CN106603326B (en) | NetFlow sampling processing method based on abnormal feedback | |
CN113518057B (en) | Method and device for detecting distributed denial of service attack and computer equipment thereof | |
CN108616488B (en) | Attack defense method and defense equipment | |
CN110266726B (en) | Method and device for identifying DDOS attack data stream | |
US8578479B2 (en) | Worm propagation mitigation | |
JP2005210601A (en) | Intrusion detector | |
CN108667804B (en) | DDoS attack detection and protection method and system based on SDN architecture | |
WO2024027079A1 (en) | Domain-name reflection attack detection method and apparatus, and electronic device and storage medium | |
KR20190027122A (en) | Apparatus and method for analyzing network attack pattern |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
EEER | Examination request | ||
MKEX | Expiry |
Effective date: 20211130 |