Patent application number | Description | Published |
20090031129 | HASH-BASED SYSTEMS AND METHODS FOR DETECTING AND PREVENTING TRANSMISSION OF UNWANTED E-MAIL | 01-29-2009 |
20090031136 | HASH-BASED SYSTEMS AND METHODS FOR DETECTING AND PREVENTING TRANSMISSION OF UNWANTED E-MAIL | 01-29-2009 |
20090132669 | HASH-BASED SYSTEMS AND METHODS FOR DETECTING AND PREVENTING TRANSMISSION OF UNWANTED E-MAIL | 05-21-2009 |
20090158046 | HASH-BASED SYSTEMS AND METHODS FOR DETECTING AND PREVENTING TRANSMISSION OF POLYMORPHIC NETWORK WORMS AND VIRUSES | 06-18-2009 |
20090158435 | HASH-BASED SYSTEMS AND METHODS FOR DETECTING, PREVENTING, AND TRACING NETWORK WORMS AND VIRUSES | 06-18-2009 |
20090182867 | METHOD AND APPARATUS FOR IDENTIFYING A PACKET - A system and method for identifying target packets in a network. The invention identifies packets by computing a hash value over at least a portion of a packet passing through a network device such as a router. The hash value is used as an address, or index, into a memory. The hash value identifies a unique memory address and a flag is set at the respective memory location. When a target packet is detected elsewhere in a network, the network device receives a query message containing a hash value of the target packet. The network device compares the target packet to the hash values in memory. A match between the hash value in memory and the hash value in the query message indicates the target packet was observed by the network device. After a match is detected, the network device makes a reply available to the network. | 07-16-2009 |
20090313339 | METHOD AND APPARATUS FOR TRACING PACKETS - A system and method for performing source path isolation in a network. The system comprises an intrusion detection system (IDS), a source path isolation server (SS | 12-17-2009 |
20100202299 | MULTI-TIERED SCALABLE NETWORK MONITORING - A network analysis architecture provides a suite of complementary logic operable at different temporal and spatial timescales. The distinct temporal and spatial scales define different tiers, each analyzing network events according to predetermined temporal and spatial scales of progressive magnitude. Particular event detection logic may be operable on an immediate temporal scale, while other logic identifies trends over a longer time period. Similarly, different spatial scales are appropriate to different algorithms, as in logic that examines only headers or length of packets, or inspects an entire payload or transferred file. Deployment of logic that is focused on different timing and scope of data allows timely action in the case of readily apparent deviations, and permits longer term analysis for identifying trends that emerge over time. By selecting a suite of complementary logic directed at different deviant behavior, the focus of a single logic scheme is not charged with producing absolute screening of all traffic. | 08-12-2010 |
20100205265 | HASH-BASED SYSTEMS AND METHODS FOR DETECTING AND PREVENTING TRANSMISSION OF UNWANTED E-MAIL | 08-12-2010 |
20100205670 | METHOD AND APPARATUS FOR TRACING PACKETS - A system and method for performing source path isolation in a network. The system comprises an intrusion detection system (IDS), a source path isolation server (SS | 08-12-2010 |
20100205671 | HASH-BASED SYSTEMS AND METHODS FOR DETECTING AND PREVENTING TRANSMISSION OF POLYMORPHIC NETWORK WORMS AND VIRUSES | 08-12-2010 |
20100205672 | HASH-BASED SYSTEMS AND METHODS FOR DETECTING, PREVENTING, AND TRACING NETWORK WORMS AND VIRUSES | 08-12-2010 |
20120311691 | SYSTEMS AND METHODS FOR DECOY ROUTING AND COVERT CHANNEL BONDING - Systems, methods, and devices for decoy routing and covert channel bonding are described. The decoy routing system includes a client computing device, a decoy router, and a decoy proxy such that packets addressed to a decoy destination are re-routed by the decoy router to a covert destination via the decoy proxy. The decoy routing method may be applied to a covert channel bonding process, in which a plurality of packet data streams are sent to one or more decoy destinations, re-routed appropriately via one or more decoy routers and/or decoy proxies, and assembled together into a single packet data stream at either a decoy proxy, or a final covert destination. | 12-06-2012 |
20130014261 | HASH-BASED SYSTEMS AND METHODS FOR DETECTING AND PREVENTING TRANSMISSION OF POLYMORPHIC NETWORK WORMS AND VIRUSES | 01-10-2013 |
20130019309 | SYSTEMS AND METHODS FOR DETECTING MALICIOUS INSIDERS USING EVENT MODELSAANM Strayer; William TimothyAACI West NewtonAAST MAAACO USAAGP Strayer; William Timothy West Newton MA USAANM Partridge; CraigAACI East LansingAAST MIAACO USAAGP Partridge; Craig East Lansing MI USAANM Jackson; Alden WarrenAACI BrooklineAAST MAAACO USAAGP Jackson; Alden Warren Brookline MA USAANM Polit; Stephen HenryAACI BelmontAAST MAAACO USAAGP Polit; Stephen Henry Belmont MA US - Systems and methods are disclosed for determining whether a mission has occurred. The disclosed systems and methods utilize event models that represent a sequence of tasks that an entity could or must take in order to successfully complete the mission. As a specific example, an event model may represent the sequence of tasks a malicious insider may complete in order to exfiltrate sensitive information. Most event models include certain tasks that must be accomplished in order for the insider to successfully exfiltrate an organization's sensitive information. Many of the observable tasks in the attack models can be monitored using relatively little information, such as the source, time, and type of the communication. The monitored information is utilized in a traceback search through the event model for occurrences of the tasks of the event model to determine whether the mission that the event model represents occurred. | 01-17-2013 |