WO2002021244A3 - Method and system for protecting publicly accessible network computer services from undesirable network traffic in real-time - Google Patents

Method and system for protecting publicly accessible network computer services from undesirable network traffic in real-time Download PDF

Info

Publication number
WO2002021244A3
WO2002021244A3 PCT/US2001/015701 US0115701W WO0221244A3 WO 2002021244 A3 WO2002021244 A3 WO 2002021244A3 US 0115701 W US0115701 W US 0115701W WO 0221244 A3 WO0221244 A3 WO 0221244A3
Authority
WO
WIPO (PCT)
Prior art keywords
services
real
time
undesirable
network
Prior art date
Application number
PCT/US2001/015701
Other languages
French (fr)
Other versions
WO2002021244A2 (en
Inventor
Gerald R Malan
Farnam Jahanian
Original Assignee
Univ Michigan
Gerald R Malan
Farnam Jahanian
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Univ Michigan, Gerald R Malan, Farnam Jahanian filed Critical Univ Michigan
Priority to AU2001274833A priority Critical patent/AU2001274833A1/en
Priority to CA002427291A priority patent/CA2427291A1/en
Publication of WO2002021244A2 publication Critical patent/WO2002021244A2/en
Publication of WO2002021244A3 publication Critical patent/WO2002021244A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/12Discovery or management of network topologies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/22Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/141Denial of service attacks against endpoints in a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/146Tracing the source of attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/022Capturing of monitoring data by sampling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/026Capturing of monitoring data using flow identification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/06Generation of reports
    • H04L43/062Generation of reports related to network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/16Threshold monitoring

Abstract

A method and system are provided for protecting publicly accessible network computer services from undesirable network traffic in real-time. The method includes receiving network destined for the services and analyzing the network traffic to identify an undesirable user of the services. Access of the undesirable user to the services is limited to protect the services. The method and system identify and remove a new level of security threat that is not addressable by current techniques. Specifically, the method and system identify topologically anomalous application-level patterns of traffic and remove these data flows in real-time from the network.
PCT/US2001/015701 2000-09-08 2001-05-16 Method and system for protecting publicly accessible network computer services from undesirable network traffic in real-time WO2002021244A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
AU2001274833A AU2001274833A1 (en) 2000-09-08 2001-05-16 Method and system for protecting publicly accessible network computer services from undesirable network traffic in real-time
CA002427291A CA2427291A1 (en) 2000-09-08 2001-05-16 Method and system for protecting publicly accessible network computer services from undesirable network traffic in real-time

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
US23148100P 2000-09-08 2000-09-08
US23148000P 2000-09-08 2000-09-08
US23147900P 2000-09-08 2000-09-08
US60/231,479 2000-09-08
US60/231,481 2000-09-08
US60/231,480 2000-09-08

Publications (2)

Publication Number Publication Date
WO2002021244A2 WO2002021244A2 (en) 2002-03-14
WO2002021244A3 true WO2002021244A3 (en) 2002-07-18

Family

ID=27398191

Family Applications (3)

Application Number Title Priority Date Filing Date
PCT/US2001/015698 WO2002021801A1 (en) 2000-09-08 2001-05-16 Method and system for reconstructing a path taken by undesirable network traffic through a computer network from a source of the traffic
PCT/US2001/015701 WO2002021244A2 (en) 2000-09-08 2001-05-16 Method and system for protecting publicly accessible network computer services from undesirable network traffic in real-time
PCT/US2001/015702 WO2002021802A1 (en) 2000-09-08 2001-05-16 Method and system for profiling network flows at a measurement p oint within a computer network

Family Applications Before (1)

Application Number Title Priority Date Filing Date
PCT/US2001/015698 WO2002021801A1 (en) 2000-09-08 2001-05-16 Method and system for reconstructing a path taken by undesirable network traffic through a computer network from a source of the traffic

Family Applications After (1)

Application Number Title Priority Date Filing Date
PCT/US2001/015702 WO2002021802A1 (en) 2000-09-08 2001-05-16 Method and system for profiling network flows at a measurement p oint within a computer network

Country Status (4)

Country Link
US (3) US6944673B2 (en)
AU (3) AU2001263150A1 (en)
CA (3) CA2427236A1 (en)
WO (3) WO2002021801A1 (en)

Families Citing this family (250)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7208225B2 (en) 1995-06-30 2007-04-24 Lafarge Platres Prefabricated plaster board
US6321338B1 (en) 1998-11-09 2001-11-20 Sri International Network surveillance
IL143573A0 (en) 1998-12-09 2002-04-21 Network Ice Corp A method and apparatus for providing network and computer system security
US7346929B1 (en) * 1999-07-29 2008-03-18 International Business Machines Corporation Method and apparatus for auditing network security
US8006243B2 (en) * 1999-12-07 2011-08-23 International Business Machines Corporation Method and apparatus for remote installation of network drivers and software
WO2001084775A2 (en) * 2000-04-28 2001-11-08 Internet Security Systems, Inc. System and method for managing security events on a network
JP4700884B2 (en) * 2000-04-28 2011-06-15 インターナショナル・ビジネス・マシーンズ・コーポレーション Method and system for managing computer security information
US20040073617A1 (en) 2000-06-19 2004-04-15 Milliken Walter Clark Hash-based systems and methods for detecting and preventing transmission of unwanted e-mail
AU2001266174A1 (en) * 2000-06-30 2002-01-14 British Telecommunications Public Limited Company Packet data communications
US7120931B1 (en) * 2000-08-31 2006-10-10 Cisco Technology, Inc. System and method for generating filters based on analyzed flow data
WO2002019077A2 (en) * 2000-09-01 2002-03-07 Sri International, Inc. Probabilistic alert correlation
US7278159B2 (en) * 2000-09-07 2007-10-02 Mazu Networks, Inc. Coordinated thwarting of denial of service attacks
US7043759B2 (en) 2000-09-07 2006-05-09 Mazu Networks, Inc. Architecture to thwart denial of service attacks
US7251692B1 (en) * 2000-09-28 2007-07-31 Lucent Technologies Inc. Process to thwart denial of service attacks on the internet
US9027121B2 (en) * 2000-10-10 2015-05-05 International Business Machines Corporation Method and system for creating a record for one or more computer security incidents
US7146305B2 (en) * 2000-10-24 2006-12-05 Vcis, Inc. Analytical virtual machine
US7054930B1 (en) * 2000-10-26 2006-05-30 Cisco Technology, Inc. System and method for propagating filters
JP2002197051A (en) * 2000-12-11 2002-07-12 Internatl Business Mach Corp <Ibm> Selection method for communication adapter for determining communication destination, setting method for communication adapter, computer system, portable information device, and storage medium
US7389354B1 (en) * 2000-12-11 2008-06-17 Cisco Technology, Inc. Preventing HTTP server attacks
JP3723076B2 (en) * 2000-12-15 2005-12-07 富士通株式会社 IP communication network system having illegal intrusion prevention function
US7130466B2 (en) * 2000-12-21 2006-10-31 Cobion Ag System and method for compiling images from a database and comparing the compiled images with known images
US7562041B2 (en) * 2001-01-09 2009-07-14 International Business Machines Corporation Method and apparatus for facilitating business processes
US20020147803A1 (en) * 2001-01-31 2002-10-10 Dodd Timothy David Method and system for calculating risk in association with a security audit of a computer network
US7536455B2 (en) * 2001-03-18 2009-05-19 At&T Corp. Optimal combination of sampled measurements
US7599351B2 (en) 2001-03-20 2009-10-06 Verizon Business Global Llc Recursive query for communications network data
US6778498B2 (en) 2001-03-20 2004-08-17 Mci, Inc. Virtual private network (VPN)-aware customer premises equipment (CPE) edge router
US20030115480A1 (en) * 2001-12-17 2003-06-19 Worldcom, Inc. System, method and apparatus that employ virtual private networks to resist IP QoS denial of service attacks
US7234168B2 (en) * 2001-06-13 2007-06-19 Mcafee, Inc. Hierarchy-based method and apparatus for detecting attacks on a computer system
US7684317B2 (en) * 2001-06-14 2010-03-23 Nortel Networks Limited Protecting a network from unauthorized access
US20030009561A1 (en) * 2001-06-14 2003-01-09 Sollee Patrick N. Providing telephony services to terminals behind a firewall and /or network address translator
US7657419B2 (en) * 2001-06-19 2010-02-02 International Business Machines Corporation Analytical virtual machine
US7028179B2 (en) * 2001-07-03 2006-04-11 Intel Corporation Apparatus and method for secure, automated response to distributed denial of service attacks
US7356689B2 (en) * 2001-07-09 2008-04-08 Lucent Technologies Inc. Method and apparatus for tracing packets in a communications network
US7047303B2 (en) * 2001-07-26 2006-05-16 International Business Machines Corporation Apparatus and method for using a network processor to guard against a “denial-of-service” attack on a server or server cluster
US7506046B2 (en) * 2001-07-31 2009-03-17 Hewlett-Packard Development Company, L.P. Network usage analysis system and method for updating statistical models
US20030028258A1 (en) * 2001-08-06 2003-02-06 Peterson Gregory A. Appliance control system with network accessible programmable memory
KR100422802B1 (en) * 2001-09-05 2004-03-12 한국전자통신연구원 Security System against intrusion among networks and the method
US7181765B2 (en) * 2001-10-12 2007-02-20 Motorola, Inc. Method and apparatus for providing node security in a router of a packet network
US7002960B1 (en) 2001-10-30 2006-02-21 At&T Corp. Traffic matrix computation for packet networks
US7743139B1 (en) 2001-10-30 2010-06-22 At&T Intellectual Property Ii, L.P. Method of provisioning a packet network for handling incoming traffic demands
EP1315066A1 (en) * 2001-11-21 2003-05-28 BRITISH TELECOMMUNICATIONS public limited company Computer security system
US20030120769A1 (en) * 2001-12-07 2003-06-26 Mccollom William Girard Method and system for determining autonomous system transit volumes
NZ516346A (en) * 2001-12-21 2004-09-24 Esphion Ltd A device for evaluating traffic on a computer network to detect traffic abnormalities such as a denial of service attack
US7673137B2 (en) * 2002-01-04 2010-03-02 International Business Machines Corporation System and method for the managed security control of processes on a computer system
KR100439177B1 (en) * 2002-01-16 2004-07-05 한국전자통신연구원 Method for representing, storing and editing network security policy
US7412502B2 (en) * 2002-04-18 2008-08-12 International Business Machines Corporation Graphics for end to end component mapping and problem-solving in a network environment
US7047291B2 (en) 2002-04-11 2006-05-16 International Business Machines Corporation System for correlating events generated by application and component probes when performance problems are identified
US8527620B2 (en) 2003-03-06 2013-09-03 International Business Machines Corporation E-business competitive measurements
US7043549B2 (en) * 2002-01-31 2006-05-09 International Business Machines Corporation Method and system for probing in a network environment
US7269651B2 (en) * 2002-09-26 2007-09-11 International Business Machines Corporation E-business operations measurements
US7213264B2 (en) * 2002-01-31 2007-05-01 Mazu Networks, Inc. Architecture to thwart denial of service attacks
US8086720B2 (en) * 2002-01-31 2011-12-27 International Business Machines Corporation Performance reporting in a network environment
KR100468232B1 (en) * 2002-02-19 2005-01-26 한국전자통신연구원 Network-based Attack Tracing System and Method Using Distributed Agent and Manager Systems
US7379857B2 (en) * 2002-05-10 2008-05-27 Lockheed Martin Corporation Method and system for simulating computer networks to facilitate testing of computer network security
US7370360B2 (en) * 2002-05-13 2008-05-06 International Business Machines Corporation Computer immune system and method for detecting unwanted code in a P-code or partially compiled native-code program executing within a virtual machine
US7478233B2 (en) * 2002-05-30 2009-01-13 Microsoft Corporation Prevention of software tampering
US7114182B2 (en) * 2002-05-31 2006-09-26 Alcatel Canada Inc. Statistical methods for detecting TCP SYN flood attacks
US7260639B2 (en) * 2002-07-09 2007-08-21 Akamai Technologies, Inc. Method and system for protecting web sites from public internet threats
AU2012202410B2 (en) * 2002-07-31 2014-09-18 Cisco Technology, Inc. Method and apparatus for inspecting inter-layer address binding protocols
US7346057B2 (en) 2002-07-31 2008-03-18 Cisco Technology, Inc. Method and apparatus for inter-layer binding inspection to prevent spoofing
US7562156B2 (en) * 2002-08-16 2009-07-14 Symantec Operating Corporation System and method for decoding communications between nodes of a cluster server
DE10241974B4 (en) * 2002-09-11 2006-01-05 Kämper, Peter Monitoring of data transmissions
US7363656B2 (en) * 2002-11-04 2008-04-22 Mazu Networks, Inc. Event detection/anomaly correlation heuristics
US8504879B2 (en) * 2002-11-04 2013-08-06 Riverbed Technology, Inc. Connection based anomaly detection
US8479057B2 (en) * 2002-11-04 2013-07-02 Riverbed Technology, Inc. Aggregator for connection based anomaly detection
US7774839B2 (en) * 2002-11-04 2010-08-10 Riverbed Technology, Inc. Feedback mechanism to minimize false assertions of a network intrusion
FR2847360B1 (en) * 2002-11-14 2005-02-04 Eads Defence & Security Ntwk METHOD AND DEVICE FOR ANALYZING THE SECURITY OF AN INFORMATION SYSTEM
WO2004056063A1 (en) * 2002-12-13 2004-07-01 Cetacea Networks Corporation Network bandwidth anomaly detector apparatus and method for detecting network attacks using correlation function
KR100523486B1 (en) * 2002-12-13 2005-10-24 한국전자통신연구원 Traffic measurement system and traffic analysis method thereof
US7269850B2 (en) * 2002-12-31 2007-09-11 Intel Corporation Systems and methods for detecting and tracing denial of service attacks
US7454494B1 (en) * 2003-01-07 2008-11-18 Exfo Service Assurance Inc. Apparatus and method for actively analyzing a data packet delivery path
US7913303B1 (en) 2003-01-21 2011-03-22 International Business Machines Corporation Method and system for dynamically protecting a computer system from attack
US20040148520A1 (en) * 2003-01-29 2004-07-29 Rajesh Talpade Mitigating denial of service attacks
US7382769B1 (en) * 2003-02-07 2008-06-03 Juniper Networks, Inc. Automatic filtering to prevent network attacks
US9137033B2 (en) 2003-03-18 2015-09-15 Dynamic Network Services, Inc. Methods and systems for monitoring network routing
FR2852754B1 (en) * 2003-03-20 2005-07-08 At & T Corp SYSTEM AND METHOD FOR PROTECTING AN IP TRANSMISSION NETWORK AGAINST SERVICE DENI ATTACKS
US7426634B2 (en) * 2003-04-22 2008-09-16 Intruguard Devices, Inc. Method and apparatus for rate based denial of service attack detection and prevention
US7796515B2 (en) * 2003-04-29 2010-09-14 Hewlett-Packard Development Company, L.P. Propagation of viruses through an information technology network
GB2401281B (en) * 2003-04-29 2006-02-08 Hewlett Packard Development Co Propagation of viruses through an information technology network
US7840664B2 (en) * 2003-05-21 2010-11-23 Ixia Automated characterization of network traffic
EP1636672A4 (en) 2003-06-09 2008-03-12 Greenline Systems Inc A system and method for risk detection, reporting and infrastructure
US7565426B2 (en) * 2003-08-07 2009-07-21 Alcatel Lucent Mechanism for tracing back anonymous network flows in autonomous systems
US7657938B2 (en) * 2003-10-28 2010-02-02 International Business Machines Corporation Method and system for protecting computer networks by altering unwanted network data traffic
US20050108415A1 (en) * 2003-11-04 2005-05-19 Turk Doughan A. System and method for traffic analysis
WO2005050369A2 (en) * 2003-11-12 2005-06-02 The Trustees Of Columbia University In The City Ofnew York Apparatus method and medium for detecting payload anomaly using n-gram distribution of normal data
US7721329B2 (en) 2003-11-18 2010-05-18 Aol Inc. Method and apparatus for trust-based, fine-grained rate limiting of network requests
AU2005203856B2 (en) 2004-01-09 2009-07-30 Paypal Israel Ltd. Detecting relayed communications
US8660880B2 (en) * 2004-03-04 2014-02-25 International Business Machines Corporation System and method for workflow enabled link activation
WO2005093576A1 (en) * 2004-03-28 2005-10-06 Robert Iakobashvili Visualization of packet network performance, analysis and optimization for design
WO2005099214A1 (en) * 2004-03-30 2005-10-20 Telecom Italia S.P.A. Method and system for network intrusion detection, related network and computer program product
US7571181B2 (en) * 2004-04-05 2009-08-04 Hewlett-Packard Development Company, L.P. Network usage analysis system and method for detecting network congestion
US20050234920A1 (en) * 2004-04-05 2005-10-20 Lee Rhodes System, computer-usable medium and method for monitoring network activity
KR101188643B1 (en) * 2004-04-20 2012-10-09 다우 코닝 코포레이션 Vesicles of high molecular weight silicone polyethers
GB2431316B (en) * 2005-10-12 2008-05-21 Hewlett Packard Development Co Propagation of malicious code through an information technology network
US7929534B2 (en) * 2004-06-28 2011-04-19 Riverbed Technology, Inc. Flow logging for connection-based anomaly detection
US20060031469A1 (en) * 2004-06-29 2006-02-09 International Business Machines Corporation Measurement, reporting, and management of quality of service for a real-time communication application in a network environment
US7669240B2 (en) * 2004-07-22 2010-02-23 International Business Machines Corporation Apparatus, method and program to detect and control deleterious code (virus) in computer network
WO2006040201A1 (en) * 2004-09-02 2006-04-20 Siemens Aktiengesellschaft Method and apparatus for denial of service defense
US20060075048A1 (en) * 2004-09-14 2006-04-06 Aladdin Knowledge Systems Ltd. Method and system for identifying and blocking spam email messages at an inspecting point
US8423645B2 (en) * 2004-09-14 2013-04-16 International Business Machines Corporation Detection of grid participation in a DDoS attack
US7760653B2 (en) * 2004-10-26 2010-07-20 Riverbed Technology, Inc. Stackable aggregation for connection based anomaly detection
US7552206B2 (en) * 2004-10-27 2009-06-23 Microsoft Corporation Throttling service connections based on network paths
WO2006056239A1 (en) * 2004-11-29 2006-06-01 Telecom Italia S.P.A. Method and system for managing denial of service situations
US8243593B2 (en) * 2004-12-22 2012-08-14 Sable Networks, Inc. Mechanism for identifying and penalizing misbehaving flows in a network
US7610610B2 (en) 2005-01-10 2009-10-27 Mcafee, Inc. Integrated firewall, IPS, and virus scanner system and method
US8732293B2 (en) * 2005-02-15 2014-05-20 At&T Intellectual Property Ii, L.P. System and method for tracking individuals on a data network using communities of interest
US8806634B2 (en) * 2005-04-05 2014-08-12 Donald N. Cohen System for finding potential origins of spoofed internet protocol attack traffic
US7627899B1 (en) * 2005-04-22 2009-12-01 Sun Microsystems, Inc. Method and apparatus for improving user experience for legitimate traffic of a service impacted by denial of service attack
US7751311B2 (en) * 2005-05-19 2010-07-06 Cisco Technology, Inc. High availability transport protocol method and apparatus
US20060294588A1 (en) 2005-06-24 2006-12-28 International Business Machines Corporation System, method and program for identifying and preventing malicious intrusions
US8091131B2 (en) * 2005-07-06 2012-01-03 At&T Intellectual Property Ii, L.P. Method and apparatus for communicating intrusion-related information between internet service providers
US7889735B2 (en) * 2005-08-05 2011-02-15 Alcatel-Lucent Usa Inc. Method and apparatus for defending against denial of service attacks in IP networks based on specified source/destination IP address pairs
US7992208B2 (en) * 2005-09-19 2011-08-02 University Of Maryland Detection of nonconforming network traffic flow aggregates for mitigating distributed denial of service attacks
US7908357B2 (en) * 2005-09-21 2011-03-15 Battelle Memorial Institute Methods and systems for detecting abnormal digital traffic
EP1768314A1 (en) * 2005-09-22 2007-03-28 Alcatel Access nodes for giving a client device access to an internet network
DE102005049561A1 (en) * 2005-10-12 2007-04-19 Deutsche Telekom Ag Automatic recognition of anomalies in wide and local area networks involves filtering out, assessing anomalies using thresholds adapted depending on detection accuracy of real attacks and/or frequency of false alarms
JP4512196B2 (en) * 2005-10-20 2010-07-28 アラクサラネットワークス株式会社 Abnormal traffic detection method and packet relay apparatus
US8713141B1 (en) * 2005-11-29 2014-04-29 AT & T Intellectual Property II, LP System and method for monitoring network activity
US8805993B2 (en) 2005-12-02 2014-08-12 At&T Intellectual Property I, L.P. System and method for bulk network data collection
US20070130619A1 (en) * 2005-12-06 2007-06-07 Sprint Communications Company L.P. Distributed denial of service (DDoS) network-based detection
US8510826B1 (en) 2005-12-06 2013-08-13 Sprint Communications Company L.P. Carrier-independent on-demand distributed denial of service (DDoS) mitigation
US7843827B2 (en) * 2005-12-22 2010-11-30 International Business Machines Corporation Method and device for configuring a network device
US9172629B1 (en) * 2005-12-29 2015-10-27 Alcatel Lucent Classifying packets
US8397284B2 (en) * 2006-01-17 2013-03-12 University Of Maryland Detection of distributed denial of service attacks in autonomous system domains
US8001601B2 (en) * 2006-06-02 2011-08-16 At&T Intellectual Property Ii, L.P. Method and apparatus for large-scale automated distributed denial of service attack detection
DE102007024720B4 (en) * 2006-06-03 2013-12-24 B. Braun Medizinelektronik Gmbh & Co. Kg Device and method for protecting a medical device and a patient treated by this device from hazardous influences from a communication network
ES2354632T3 (en) * 2006-06-03 2011-03-16 B. BRAUN MEDIZINELEKTRONIK GMBH &amp; CO. KG DEVICE AND PROCEDURE FOR THE PROTECTION OF A MEDICAL DEVICE AND A PATIENT TREATED WITH SUCH DEVICE, AGAINST HAZARDOUS INFLUENCES FROM A NETWORK OF COMMUNICATIONS.
US7739082B2 (en) 2006-06-08 2010-06-15 Battelle Memorial Institute System and method for anomaly detection
US9094257B2 (en) 2006-06-30 2015-07-28 Centurylink Intellectual Property Llc System and method for selecting a content delivery network
US8289965B2 (en) 2006-10-19 2012-10-16 Embarq Holdings Company, Llc System and method for establishing a communications session with an end-user based on the state of a network connection
US8717911B2 (en) 2006-06-30 2014-05-06 Centurylink Intellectual Property Llc System and method for collecting network performance information
US7948909B2 (en) 2006-06-30 2011-05-24 Embarq Holdings Company, Llc System and method for resetting counters counting network performance information at network communications devices on a packet network
US8000318B2 (en) 2006-06-30 2011-08-16 Embarq Holdings Company, Llc System and method for call routing based on transmission performance of a packet network
US8194643B2 (en) 2006-10-19 2012-06-05 Embarq Holdings Company, Llc System and method for monitoring the connection of an end-user to a remote network
US8477614B2 (en) 2006-06-30 2013-07-02 Centurylink Intellectual Property Llc System and method for routing calls if potential call paths are impaired or congested
US8488447B2 (en) 2006-06-30 2013-07-16 Centurylink Intellectual Property Llc System and method for adjusting code speed in a transmission path during call set-up due to reduced transmission performance
FI20060665A0 (en) * 2006-07-07 2006-07-07 Nokia Corp deviation detection
US8040811B2 (en) 2006-08-22 2011-10-18 Embarq Holdings Company, Llc System and method for collecting and managing network performance information
US8144587B2 (en) 2006-08-22 2012-03-27 Embarq Holdings Company, Llc System and method for load balancing network resources using a connection admission control engine
US7889660B2 (en) 2006-08-22 2011-02-15 Embarq Holdings Company, Llc System and method for synchronizing counters on an asynchronous packet communications network
US8537695B2 (en) 2006-08-22 2013-09-17 Centurylink Intellectual Property Llc System and method for establishing a call being received by a trunk on a packet network
US8064391B2 (en) 2006-08-22 2011-11-22 Embarq Holdings Company, Llc System and method for monitoring and optimizing network performance to a wireless device
US8199653B2 (en) 2006-08-22 2012-06-12 Embarq Holdings Company, Llc System and method for communicating network performance information over a packet network
US7808918B2 (en) 2006-08-22 2010-10-05 Embarq Holdings Company, Llc System and method for dynamically shaping network traffic
US8619600B2 (en) 2006-08-22 2013-12-31 Centurylink Intellectual Property Llc System and method for establishing calls over a call path having best path metrics
US8223655B2 (en) 2006-08-22 2012-07-17 Embarq Holdings Company, Llc System and method for provisioning resources of a packet network based on collected network performance information
US8531954B2 (en) 2006-08-22 2013-09-10 Centurylink Intellectual Property Llc System and method for handling reservation requests with a connection admission control engine
US8098579B2 (en) 2006-08-22 2012-01-17 Embarq Holdings Company, LP System and method for adjusting the window size of a TCP packet through remote network elements
US8549405B2 (en) 2006-08-22 2013-10-01 Centurylink Intellectual Property Llc System and method for displaying a graphical representation of a network to identify nodes and node segments on the network that are not operating normally
US8407765B2 (en) 2006-08-22 2013-03-26 Centurylink Intellectual Property Llc System and method for restricting access to network performance information tables
US7843831B2 (en) 2006-08-22 2010-11-30 Embarq Holdings Company Llc System and method for routing data on a packet network
US9479341B2 (en) 2006-08-22 2016-10-25 Centurylink Intellectual Property Llc System and method for initiating diagnostics on a packet network node
US8224255B2 (en) 2006-08-22 2012-07-17 Embarq Holdings Company, Llc System and method for managing radio frequency windows
US8125897B2 (en) 2006-08-22 2012-02-28 Embarq Holdings Company Lp System and method for monitoring and optimizing network performance with user datagram protocol network performance information packets
US7684332B2 (en) 2006-08-22 2010-03-23 Embarq Holdings Company, Llc System and method for adjusting the window size of a TCP packet through network elements
US8238253B2 (en) 2006-08-22 2012-08-07 Embarq Holdings Company, Llc System and method for monitoring interlayer devices and optimizing network performance
US8228791B2 (en) 2006-08-22 2012-07-24 Embarq Holdings Company, Llc System and method for routing communications between packet networks based on intercarrier agreements
US8194555B2 (en) 2006-08-22 2012-06-05 Embarq Holdings Company, Llc System and method for using distributed network performance information tables to manage network communications
US8743703B2 (en) 2006-08-22 2014-06-03 Centurylink Intellectual Property Llc System and method for tracking application resource usage
US8144586B2 (en) 2006-08-22 2012-03-27 Embarq Holdings Company, Llc System and method for controlling network bandwidth with a connection admission control engine
US8015294B2 (en) 2006-08-22 2011-09-06 Embarq Holdings Company, LP Pin-hole firewall for communicating data packets on a packet network
US8189468B2 (en) 2006-10-25 2012-05-29 Embarq Holdings, Company, LLC System and method for regulating messages between networks
US8750158B2 (en) 2006-08-22 2014-06-10 Centurylink Intellectual Property Llc System and method for differentiated billing
US8130793B2 (en) 2006-08-22 2012-03-06 Embarq Holdings Company, Llc System and method for enabling reciprocal billing for different types of communications over a packet network
US8307065B2 (en) 2006-08-22 2012-11-06 Centurylink Intellectual Property Llc System and method for remotely controlling network operators
US8274905B2 (en) 2006-08-22 2012-09-25 Embarq Holdings Company, Llc System and method for displaying a graph representative of network performance over a time period
US8107366B2 (en) 2006-08-22 2012-01-31 Embarq Holdings Company, LP System and method for using centralized network performance tables to manage network communications
US8576722B2 (en) 2006-08-22 2013-11-05 Centurylink Intellectual Property Llc System and method for modifying connectivity fault management packets
US8223654B2 (en) 2006-08-22 2012-07-17 Embarq Holdings Company, Llc Application-specific integrated circuit for monitoring and optimizing interlayer network performance
US7940735B2 (en) 2006-08-22 2011-05-10 Embarq Holdings Company, Llc System and method for selecting an access point
WO2008047141A1 (en) * 2006-10-18 2008-04-24 British Telecommunications Public Limited Company Method and apparatus for monitoring a digital network
US7949745B2 (en) * 2006-10-31 2011-05-24 Microsoft Corporation Dynamic activity model of network services
US20080103729A1 (en) * 2006-10-31 2008-05-01 Microsoft Corporation Distributed detection with diagnosis
JP4658098B2 (en) * 2006-11-21 2011-03-23 日本電信電話株式会社 Flow information limiting apparatus and method
KR20080061055A (en) * 2006-12-28 2008-07-02 한국정보통신대학교 산학협력단 System and method for identifying p2p application service
US7853680B2 (en) * 2007-03-23 2010-12-14 Phatak Dhananjay S Spread identity communications architecture
US7821947B2 (en) * 2007-04-24 2010-10-26 Microsoft Corporation Automatic discovery of service/host dependencies in computer networks
US7773510B2 (en) * 2007-05-25 2010-08-10 Zeugma Systems Inc. Application routing in a distributed compute environment
US20080298230A1 (en) * 2007-05-30 2008-12-04 Luft Siegfried J Scheduling of workloads in a distributed compute environment
US8111692B2 (en) 2007-05-31 2012-02-07 Embarq Holdings Company Llc System and method for modifying network traffic
US7706291B2 (en) * 2007-08-01 2010-04-27 Zeugma Systems Inc. Monitoring quality of experience on a per subscriber, per session basis
US8374102B2 (en) * 2007-10-02 2013-02-12 Tellabs Communications Canada, Ltd. Intelligent collection and management of flow statistics
US7912965B2 (en) * 2007-10-12 2011-03-22 Informed Control Inc. System and method for anomalous directory client activity detection
US8068425B2 (en) 2008-04-09 2011-11-29 Embarq Holdings Company, Llc System and method for using network performance information to determine improved measures of path states
US8400452B2 (en) * 2008-05-08 2013-03-19 Motorola Solutions, Inc. Method and system for segmented propagation visualization
FR2932043B1 (en) * 2008-06-03 2010-07-30 Groupe Ecoles Telecomm METHOD FOR TRACEABILITY AND RESURGENCE OF PUSH-STARTED FLOWS ON COMMUNICATION NETWORKS, AND METHOD FOR TRANSMITTING INFORMATION FLOW TO SECURE DATA TRAFFIC AND ITS RECIPIENTS
US8413250B1 (en) 2008-06-05 2013-04-02 A9.Com, Inc. Systems and methods of classifying sessions
US8416695B2 (en) * 2008-06-30 2013-04-09 Huawei Technologies Co., Ltd. Method, device and system for network interception
US20100034102A1 (en) * 2008-08-05 2010-02-11 At&T Intellectual Property I, Lp Measurement-Based Validation of a Simple Model for Panoramic Profiling of Subnet-Level Network Data Traffic
US8009559B1 (en) 2008-08-28 2011-08-30 Juniper Networks, Inc. Global flow tracking system
WO2010037955A1 (en) * 2008-09-30 2010-04-08 France Telecom Method for characterising entities at the origin of fluctuations in a network traffic
US7987255B2 (en) * 2008-11-07 2011-07-26 Oracle America, Inc. Distributed denial of service congestion recovery using split horizon DNS
US8677473B2 (en) * 2008-11-18 2014-03-18 International Business Machines Corporation Network intrusion protection
US8284764B1 (en) * 2008-12-15 2012-10-09 Narus, Inc. VoIP traffic behavior profiling method
US7990982B2 (en) * 2008-12-15 2011-08-02 At&T Intellectual Property I, L.P. Methods and apparatus to bound network traffic estimation error for multistage measurement sampling and aggregation
US8904530B2 (en) * 2008-12-22 2014-12-02 At&T Intellectual Property I, L.P. System and method for detecting remotely controlled E-mail spam hosts
US9166990B2 (en) * 2009-02-09 2015-10-20 Hewlett-Packard Development Company, L.P. Distributed denial-of-service signature transmission
EP2262172A1 (en) * 2009-06-10 2010-12-15 Alcatel Lucent Method and scout agent for building a source database
US8654655B2 (en) * 2009-12-17 2014-02-18 Thomson Licensing Detecting and classifying anomalies in communication networks
CN102111394B (en) * 2009-12-28 2015-03-11 华为数字技术(成都)有限公司 Network attack protection method, equipment and system
EP2341683A1 (en) * 2009-12-30 2011-07-06 France Telecom Method of and apparatus for controlling traffic in a communication network
CN101808021A (en) * 2010-04-16 2010-08-18 华为技术有限公司 Fault detection method, device and system, message statistical method and node equipment
CN102137282B (en) 2010-12-15 2014-02-19 华为技术有限公司 Method, device, nodes and system for detecting faulted link
US9167004B2 (en) 2011-02-17 2015-10-20 Sable Networks, Inc. Methods and systems for detecting and mitigating a high-rate distributed denial of service (DDoS) attack
US8151341B1 (en) * 2011-05-23 2012-04-03 Kaspersky Lab Zao System and method for reducing false positives during detection of network attacks
US9172716B2 (en) * 2011-11-08 2015-10-27 Verisign, Inc System and method for detecting DNS traffic anomalies
US9215151B1 (en) 2011-12-14 2015-12-15 Google Inc. Dynamic sampling rate adjustment for rate-limited statistical data collection
US8997227B1 (en) 2012-02-27 2015-03-31 Amazon Technologies, Inc. Attack traffic signature generation using statistical pattern recognition
US9742732B2 (en) * 2012-03-12 2017-08-22 Varmour Networks, Inc. Distributed TCP SYN flood protection
US20130291107A1 (en) * 2012-04-27 2013-10-31 The Irc Company, Inc. System and Method for Mitigating Application Layer Distributed Denial of Service Attacks Using Human Behavior Analysis
KR20150013800A (en) 2012-05-14 2015-02-05 세이블 네트웍스 인코포레이티드 System and method for ensuring subscriber fairness using outlier detection
US8743893B2 (en) 2012-05-18 2014-06-03 Renesys Path reconstruction and interconnection modeling (PRIM)
WO2014059550A1 (en) * 2012-10-18 2014-04-24 Iix Corp. Method and apparatus for a distributed internet architecture
US9141791B2 (en) * 2012-11-19 2015-09-22 Hewlett-Packard Development Company, L.P. Monitoring for anomalies in a computing environment
US9532302B2 (en) * 2013-03-20 2016-12-27 Broadcom Corporation Communication network having proximity service discovery and device self-organization
US9172721B2 (en) 2013-07-16 2015-10-27 Fortinet, Inc. Scalable inline behavioral DDOS attack mitigation
US9485262B1 (en) 2014-03-28 2016-11-01 Juniper Networks, Inc. Detecting past intrusions and attacks based on historical network traffic information
US9497215B2 (en) 2014-07-23 2016-11-15 Cisco Technology, Inc. Stealth mitigation for simulating the success of an attack
US9674207B2 (en) * 2014-07-23 2017-06-06 Cisco Technology, Inc. Hierarchical attack detection in a network
US10397082B2 (en) * 2014-08-07 2019-08-27 Citrix Systems, Inc. Internet infrastructure measurement method and system adapted to session volume
WO2016076207A1 (en) 2014-11-10 2016-05-19 日本電信電話株式会社 Optimization device, optimization method, and optimization program
US9591018B1 (en) 2014-11-20 2017-03-07 Amazon Technologies, Inc. Aggregation of network traffic source behavior data across network-based endpoints
US10185830B1 (en) * 2014-12-31 2019-01-22 EMC IP Holding Company LLC Big data analytics in a converged infrastructure system
US20160246813A1 (en) * 2015-02-25 2016-08-25 International Business Machines Corporation System and method for machine information life cycle
US9525697B2 (en) 2015-04-02 2016-12-20 Varmour Networks, Inc. Delivering security functions to distributed networks
US11102173B2 (en) * 2015-06-26 2021-08-24 Mcafee, Llc Systems and methods for routing data using software-defined networks
US10148537B2 (en) * 2015-09-16 2018-12-04 Cisco Technology, Inc. Detecting oscillation anomalies in a mesh network using machine learning
US10341185B2 (en) * 2015-10-02 2019-07-02 Arista Networks, Inc. Dynamic service insertion
US10880316B2 (en) 2015-12-09 2020-12-29 Check Point Software Technologies Ltd. Method and system for determining initial execution of an attack
US10291634B2 (en) 2015-12-09 2019-05-14 Checkpoint Software Technologies Ltd. System and method for determining summary events of an attack
US10440036B2 (en) * 2015-12-09 2019-10-08 Checkpoint Software Technologies Ltd Method and system for modeling all operations and executions of an attack and malicious process entry
US9973528B2 (en) 2015-12-21 2018-05-15 Fortinet, Inc. Two-stage hash based logic for application layer distributed denial of service (DDoS) attack attribution
US9942253B2 (en) 2016-01-15 2018-04-10 Kentlik Technologies, Inc. Network monitoring, detection, and analysis system
US10432650B2 (en) 2016-03-31 2019-10-01 Stuart Staniford System and method to protect a webserver against application exploits and attacks
US10574691B2 (en) 2016-06-21 2020-02-25 Imperva, Inc. Infrastructure distributed denial of service (DDoS) protection
US20180077227A1 (en) * 2016-08-24 2018-03-15 Oleg Yeshaya RYABOY High Volume Traffic Handling for Ordering High Demand Products
US10601778B2 (en) * 2016-09-15 2020-03-24 Arbor Networks, Inc. Visualization of traffic flowing through a host
US10417415B2 (en) * 2016-12-06 2019-09-17 General Electric Company Automated attack localization and detection
US10523609B1 (en) * 2016-12-27 2019-12-31 Fireeye, Inc. Multi-vector malware detection and analysis
CN107154867A (en) * 2017-04-24 2017-09-12 北京星网锐捷网络技术有限公司 Network fault detecting method and device
RU2659735C1 (en) * 2017-07-17 2018-07-03 Акционерное общество "Лаборатория Касперского" System and method of setting security systems under ddos attacks
RU2665919C1 (en) * 2017-07-17 2018-09-04 Акционерное общество "Лаборатория Касперского" System and method of determination of ddos-attacks under failure of service servers
US10785237B2 (en) * 2018-01-19 2020-09-22 General Electric Company Learning method and system for separating independent and dependent attacks
US10958649B2 (en) 2018-03-21 2021-03-23 Akamai Technologies, Inc. Systems and methods for internet-wide monitoring and protection of user credentials
CN109120627B (en) * 2018-08-29 2021-07-13 重庆邮电大学 6LoWPAN network intrusion detection method based on improved KNN
US11038902B2 (en) * 2019-02-25 2021-06-15 Verizon Digital Media Services Inc. Systems and methods for providing shifting network security via multi-access edge computing
US11477163B2 (en) * 2019-08-26 2022-10-18 At&T Intellectual Property I, L.P. Scrubbed internet protocol domain for enhanced cloud security
WO2022214875A1 (en) * 2021-04-05 2022-10-13 Marvell Israel (M.I.S.L) Ltd. Anomaly detection for networking
US11790081B2 (en) 2021-04-14 2023-10-17 General Electric Company Systems and methods for controlling an industrial asset in the presence of a cyber-attack
CN115988243A (en) * 2021-10-14 2023-04-18 中兴通讯股份有限公司 Fault positioning method and system, computer readable storage medium

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999048303A2 (en) * 1998-03-18 1999-09-23 Cisco Technology, Inc. Method for blocking denial of service and address spoofing attacks on a private network

Family Cites Families (64)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4756019A (en) * 1986-08-27 1988-07-05 Edmund Szybicki Traffic routing and automatic network management system for telecommunication networks
US4817080A (en) * 1987-02-24 1989-03-28 Digital Equipment Corporation Distributed local-area-network monitoring system
US5179549A (en) * 1988-11-10 1993-01-12 Alcatel N.V. Statistical measurement equipment and telecommunication system using same
CA2041992A1 (en) * 1990-05-18 1991-11-19 Yeshayahu Artsy Routing objects on action paths in a distributed computing system
DE69020899T2 (en) * 1990-09-28 1995-12-07 Hewlett Packard Co Network monitoring system and device.
US5231593A (en) * 1991-01-11 1993-07-27 Hewlett-Packard Company Maintaining historical lan traffic statistics
US5243543A (en) * 1991-01-17 1993-09-07 Hewlett-Packard Company Remote LAN segment traffic monitor
US5448794A (en) * 1993-09-16 1995-09-12 Electrolux Corporation Corded handheld vacuum cleaner
KR960009474B1 (en) * 1993-11-29 1996-07-19 양승택 Fast traffic statistics processing unit using memory
US5606668A (en) * 1993-12-15 1997-02-25 Checkpoint Software Technologies Ltd. System for securing inbound and outbound data packet flow in a computer network
US5835726A (en) * 1993-12-15 1998-11-10 Check Point Software Technologies Ltd. System for securing the flow of and selectively modifying packets in a computer network
FR2717334B1 (en) * 1994-03-11 1996-04-19 Pierre Rolin Integrity check of data exchanged between two telecommunications network stations.
US5511122A (en) * 1994-06-03 1996-04-23 The United States Of America As Represented By The Secretary Of The Navy Intermediate network authentication
TW287280B (en) * 1994-07-22 1996-10-01 Siemens Akitengesellschaft
US5864683A (en) * 1994-10-12 1999-01-26 Secure Computing Corporartion System for providing secure internetwork by connecting type enforcing secure computers to external network for limiting access to data based on user and process access rights
US5623601A (en) * 1994-11-18 1997-04-22 Milkway Networks Corporation Apparatus and method for providing a secure gateway for communication and data exchanges between networks
US5550984A (en) * 1994-12-07 1996-08-27 Matsushita Electric Corporation Of America Security system for preventing unauthorized communications between networks by translating communications received in ip protocol to non-ip protocol to remove address and routing services information
US5570346A (en) * 1994-12-08 1996-10-29 Lucent Technologies Inc. Packet network transit delay measurement system
US5802320A (en) * 1995-05-18 1998-09-01 Sun Microsystems, Inc. System for packet filtering of data packets at a computer network interface
JP3262689B2 (en) * 1995-05-19 2002-03-04 富士通株式会社 Remote control system
US5961645A (en) * 1995-10-02 1999-10-05 At&T Corp. Filtering for public databases with naming ambiguities
US5781534A (en) * 1995-10-31 1998-07-14 Novell, Inc. Method and apparatus for determining characteristics of a path
US5761191A (en) * 1995-11-28 1998-06-02 Telecommunications Techniques Corporation Statistics collection for ATM networks
US5744667A (en) * 1995-12-28 1998-04-28 Texaco Inc. Preparation of trimethyl pentanes by hydrogen transfer
US5898830A (en) * 1996-10-17 1999-04-27 Network Engineering Software Firewall providing enhanced network security and user transparency
CA2196622C (en) * 1996-02-06 2001-10-16 Hiroshi Jinzenji Network data distribution system
US5673322A (en) * 1996-03-22 1997-09-30 Bell Communications Research, Inc. System and method for providing protocol translation and filtering to access the world wide web from wireless or low-bandwidth networks
US5774667A (en) * 1996-03-27 1998-06-30 Bay Networks, Inc. Method and apparatus for managing parameter settings for multiple network devices
AU2935297A (en) * 1996-05-07 1997-11-26 Webline Communications Corporation Method and apparatus for coordinating internet multi-media content with telephone and audio communications
US6243667B1 (en) * 1996-05-28 2001-06-05 Cisco Systems, Inc. Network flow switching and flow data export
US5778184A (en) * 1996-06-28 1998-07-07 Mci Communications Corporation System method and computer program product for processing faults in a hierarchial network
US5805820A (en) * 1996-07-15 1998-09-08 At&T Corp. Method and apparatus for restricting access to private information in domain name systems by redirecting query requests
US5828833A (en) * 1996-08-15 1998-10-27 Electronic Data Systems Corporation Method and system for allowing remote procedure calls through a network firewall
US5878143A (en) * 1996-08-16 1999-03-02 Net 1, Inc. Secure transmission of sensitive information over a public/insecure communications medium
US6119236A (en) * 1996-10-07 2000-09-12 Shipley; Peter M. Intelligent network security device and method
US5944823A (en) * 1996-10-21 1999-08-31 International Business Machines Corporations Outside access to computer resources through a firewall
US5991881A (en) * 1996-11-08 1999-11-23 Harris Corporation Network surveillance system
US5778174A (en) * 1996-12-10 1998-07-07 U S West, Inc. Method and system for providing secured access to a server connected to a private computer network
US5864666A (en) * 1996-12-23 1999-01-26 International Business Machines Corporation Web-based administration of IP tunneling on internet firewalls
US5996011A (en) * 1997-03-25 1999-11-30 Unified Research Laboratories, Inc. System and method for filtering data received by a computer system
US5805803A (en) * 1997-05-13 1998-09-08 Digital Equipment Corporation Secure web tunnel
US5968176A (en) * 1997-05-29 1999-10-19 3Com Corporation Multilayer firewall system
US6134658A (en) * 1997-06-09 2000-10-17 Microsoft Corporation Multi-server location-independent authentication certificate management system
US6067569A (en) * 1997-07-10 2000-05-23 Microsoft Corporation Fast-forwarding and filtering of network packets in a computer system
US6067545A (en) * 1997-08-01 2000-05-23 Hewlett-Packard Company Resource rebalancing in networked computer systems
US6385644B1 (en) * 1997-09-26 2002-05-07 Mci Worldcom, Inc. Multi-threaded web based user inbox for report management
US6076168A (en) * 1997-10-03 2000-06-13 International Business Machines Corporation Simplified method of configuring internet protocol security tunnels
US6003133A (en) * 1997-11-17 1999-12-14 Motorola, Inc. Data processor with a privileged state firewall and method therefore
US6597684B1 (en) * 1997-12-24 2003-07-22 Nortel Networks Ltd. Distributed architecture and associated protocols for efficient quality of service-based route computation
US6078953A (en) * 1997-12-29 2000-06-20 Ukiah Software, Inc. System and method for monitoring quality of service over network
US6088804A (en) * 1998-01-12 2000-07-11 Motorola, Inc. Adaptive system and method for responding to computer network security attacks
US6134662A (en) * 1998-06-26 2000-10-17 Vlsi Technology, Inc. Physical layer security manager for memory-mapped serial communications interface
US6625156B2 (en) * 1998-06-29 2003-09-23 Nortel Networks Limited Method of implementing quality-of-service data communications over a short-cut path through a routed network
US6061331A (en) * 1998-07-28 2000-05-09 Gte Laboratories Incorporated Method and apparatus for estimating source-destination traffic in a packet-switched communications network
US6088796A (en) * 1998-08-06 2000-07-11 Cianfrocca; Francis Secure middleware and server control system for querying through a network firewall
US6826694B1 (en) * 1998-10-22 2004-11-30 At&T Corp. High resolution access control
US6370648B1 (en) * 1998-12-08 2002-04-09 Visa International Service Association Computer network intrusion detection
US6446200B1 (en) * 1999-03-25 2002-09-03 Nortel Networks Limited Service management
US6625657B1 (en) * 1999-03-25 2003-09-23 Nortel Networks Limited System for requesting missing network accounting records if there is a break in sequence numbers while the records are transmitting from a source device
US6735702B1 (en) * 1999-08-31 2004-05-11 Intel Corporation Method and system for diagnosing network intrusion
US6671811B1 (en) * 1999-10-25 2003-12-30 Visa Internation Service Association Features generation for use in computer network intrusion detection
US6789203B1 (en) * 2000-06-26 2004-09-07 Sun Microsystems, Inc. Method and apparatus for preventing a denial of service (DOS) attack by selectively throttling TCP/IP requests
US6772334B1 (en) * 2000-08-31 2004-08-03 Networks Associates, Inc. System and method for preventing a spoofed denial of service attack in a networked computing environment
WO2002045380A2 (en) * 2000-11-30 2002-06-06 Lancope, Inc. Flow-based detection of network intrusions

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999048303A2 (en) * 1998-03-18 1999-09-23 Cisco Technology, Inc. Method for blocking denial of service and address spoofing attacks on a private network

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
HARRIS B ET AL: "TCP/IP security threats and attack methods", COMPUTER COMMUNICATIONS, ELSEVIER SCIENCE PUBLISHERS BV, AMSTERDAM, NL, vol. 22, no. 10, 25 June 1999 (1999-06-25), pages 885 - 897, XP004178591, ISSN: 0140-3664 *
SMITH R N ET AL: "OPERATING FIREWALLS OUTSIDE THE LAN PERIMETER", 1999 IEEE INTERNATIONAL PERFORMANCE, COMPUTING AND COMMUNICATIONS CONFERENCE. PHOENIX, AZ, FEB. 10 - 12, 1999, IEEE INTERNATIONAL PERFORMANCE, COMPUTING AND COMMUNICATIONS CONFERENCE, NEW YORK, NY: IEEE, US, 10 February 1999 (1999-02-10), pages 493 - 498, XP000859730, ISBN: 0-7803-5259-9 *
THOMAS ZIEGLER, SERGE FDIDA: "A distributed Mechanism for Identification and Discrimination of non TCP-friendly Flows in the Internet", IFIP-TC6/EUROPEAN COMMISSION INTERNATIONAL CONFERENCE PARIS, FRANCE, MAY 14-19, 2000, PROCEEDINGS, 14 May 2000 (2000-05-14) - 19 May 2000 (2000-05-19), pages 763 - 775, XP002189714 *

Also Published As

Publication number Publication date
CA2427238A1 (en) 2002-03-14
AU2001259781A1 (en) 2002-03-22
WO2002021801A1 (en) 2002-03-14
WO2002021802A1 (en) 2002-03-14
CA2427236A1 (en) 2002-03-14
CA2427291A1 (en) 2002-03-14
WO2002021244A2 (en) 2002-03-14
AU2001274833A1 (en) 2002-03-22
AU2001263150A1 (en) 2002-03-22
US6944673B2 (en) 2005-09-13
US20020032717A1 (en) 2002-03-14
US20020032793A1 (en) 2002-03-14
US20020035698A1 (en) 2002-03-21

Similar Documents

Publication Publication Date Title
WO2002021244A3 (en) Method and system for protecting publicly accessible network computer services from undesirable network traffic in real-time
WO2002003180A3 (en) Layered defense-in-depth knowledge-based data management
WO2000041542A3 (en) System for allocating resources in a communication system
WO2002103982A3 (en) Protecting a network from unauthorized access
DE60124295D1 (en) RIVER-BASED DETECTION OF AN INSERT INTO A NETWORK
MXPA04004172A (en) Method and system for secure communication.
WO1999067930A3 (en) Method and arrangement for implementing ipsec policy management using filter code
GB0503823D0 (en) System for realtime game network tracking
AU1728301A (en) Method for automatic intrusion detection and deflection in network
AU6198500A (en) A virtual port trunking method and apparatus
GB2404544A (en) Network security system protecting against unauthorized agents
CA2421665A1 (en) Wireless provisioning device
WO2005057233A3 (en) Method and system for monitoring a selected region of an airspace associated with local area networks of computing devices
EP1364297A4 (en) Methods and apparatus for protecting against overload conditions on nodes of a distributed network
GB2386291B (en) Integrated procedure for partitioning network data services among multiple subscribers
WO2003025756A3 (en) A system and method for the allocation of network storage
WO2002017036A3 (en) Method and apparatus for monitoring and processing voice over internet protocol packets
WO2004104780A3 (en) Method and system for providing fraud detection for remote access services
WO2005064882A3 (en) Apparatuses and method for single sign-on access to a service network through an access network
WO2002019661A3 (en) System and process for defending against denial of service attacks on network nodes
Steadman et al. Dnsxd: Detecting data exfiltration over dns
DE60018094D1 (en) PROCESS AND SYSTEM FOR PROTECTION BEFORE IMPROVING IN A COMMUNICATION DEVICE
WO2004070547A3 (en) Method and device for monitoring data traffic and preventing unauthorized access to a network
WO2003050644A3 (en) Protecting against malicious traffic
WO2001099373A3 (en) System and method for security policy

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

AK Designated states

Kind code of ref document: A3

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

WWE Wipo information: entry into national phase

Ref document number: 2427291

Country of ref document: CA

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP