Patent application number | Description | Published |
20080219261 | Apparatus and method for processing data streams - A system and method for processing data streams is disclosed. The system receives data packets for data streams, screen the data packets for searched patterns, and forward the data packets for their respective stream processing. Generally, the data packet is scanned for viruses before being forwarded for further processing. When an out-of-order data packet is received, a copy is made and the data packet is forwarded without being scanned. When a delayed data packet is received, it is scanned for virus along with the saved copy of the out-of-order data packet. If a virus is detected, the delayed packet is dropped and its connection reset. If no virus is found, the delayed packet is forwarded for further processing. | 09-11-2008 |
20080285446 | SYSTEM DIRECTING FLOW OF PACKETS BY-PASSING POLICY-BASED APPLICATION FOR PROCESSING BY POLICY ENGINE ACCORDING TO ACTION SPECIFICATION IN POLICY CACHE - A hardware-based policy engine that employs a policy cache to process packets of network traffic. The policy engine includes a stream classifier that associates each packet with at least one action processor based on data in the packet, and the action processor further acts on the packets based on the association determined by the stream classifier. | 11-20-2008 |
20090007266 | Adaptive Defense System Against Network Attacks - A system and method according to the invention provide an efficient resource allocation when receiving connection requests from different servers for data transfer and the efficient resource allocation is achieved by identifying and assigning a quality factor to each originating server. When an originating server presents an abusive behavior, it may be assigned to a state that has a low quality factor, thus receiving little resource from the system. | 01-01-2009 |
20100118722 | System And Method For Providing Data Streaming And Timing Information With Missing Package Recovery - The present invention provides a monitoring device and method for supplying timing information for a data stream assembled from data packets and also for assembling a replacement data packet when a data packet is missing. The data packets received from a data network and the start time and the end time of each data packet are recorded. After assembling a data stream from the data packets, the start time of the data stream is the first start time of the first data packet and the end time of the data stream is the last end time of the last data packet. When a data packet is missing, a replacement data packet is assembled with a predefined value and the timing information is copied from the timing information from the data packet that follows the missing data packet. | 05-13-2010 |
20100121916 | METHOD FOR ADAPTIVELY BUILDING A BASELINE BEHAVIOR MODEL - A method for generating an auto-adaptive baseline model for profiling the individual and collective behavior of a plurality of users in a network is provided. The method comprises the steps of creating a model, defining a plurality of members and a plurality of collective variables, each member corresponding to a user, and including a plurality of individual variables, defining conditions for each collective variable and individual variable, upon detecting an activity by a user, updating corresponding individual variables and collective variables, comparing updated individual variables and collective variables against corresponding conditions. If condition is met, an alert event is issued to notify designated personnel; otherwise, returning to the step of upon detecting activity. Finally, upon receiving an alert event, the designated personnel decides whether to manually redefine the conditions or to ignore the alert event. If the alert event is ignored, said conditions are automatically redefined in accordance with system defined mechanism. | 05-13-2010 |
20100121929 | System And Method For Information Risk Management - The present invention provides a system and method for evaluating risk associated with information access requests. The information access requests are collected, assigned a risk level according to user defined policies, a total risk is calculated and presented to user. The user can select a high risk event for further analysis. The system will break down the event into basic elements, so the user can ascertain the risk. The system allows a user to customize a report and the customized report can be saved as a template for future use. | 05-13-2010 |
20100121950 | SYSTEM AND METHOD FOR IDENTIFYING REAL USERS BEHIND APPLICATION SERVERS - The present invention provides a monitoring device and method for identifying the identity of users requesting database accesses. The data request from application servers to an application server are monitored and parsed. The SQL statements associated with the data request from the application server are also monitored and parsed, so are the SQL responses from the database server. The SQL responses are sent back to the user as data responses. The data responses are also monitored and parsed. The monitoring device matches the parsed data request with the parsed SQL statements, the parsed SQL responses, and the parsed data responses. By matching the string portion of these parsed data, the monitoring device can then identity the identity of the user making such data base quest. | 05-13-2010 |
20100122120 | System And Method For Detecting Behavior Anomaly In Information Access - The present invention provides a system and method for identifying anomaly in information requests. The information requests are modeled into a plurality of basic elements and association among the basic elements are tracked. The association of one information request is compared with a plurality of bitmap tables and counters representing a baseline information from a historical behavior information. If the association of this information request differs from the baseline information, an alert is issued. | 05-13-2010 |
20100122270 | System And Method For Consolidating Events In A Real Time Monitoring System - The present invention provides a monitoring device and method for consolidating data collected by the monitoring device. The data collected are labeled with an identification and stored in a flat file. The collected data are then filtered and the filtered data are saved as events in an event database. These events are the reduced by grouping similar events together. The reduction is performed periodically and at different levels. The reduced set of data is presented to the user and each individual collected datum behind the reduced data may be retrieved. | 05-13-2010 |
20130080631 | Method for Adaptively Building a Baseline Behavior Model - A method for generating an auto-adaptive baseline model for profiling individual and collective behavior of a plurality of network users. The method comprises the steps of creating a model, defining a plurality of members and a plurality of collective variables, each member corresponding to a user, and including a plurality of individual variables, defining conditions for each collective variable and individual variable, upon detecting an activity by a user, updating corresponding individual variables and collective variables, and comparing updated individual variables and collective variables against corresponding conditions. If a condition is met, an alert event is issued to notify designated personnel; otherwise, returning to the step of upon detecting activity. Finally, upon receiving an alert event, the designated personnel decides whether to manually redefine the conditions or to ignore the alert event. If the alert event is ignored, said conditions are automatically redefined in accordance with system defined mechanisms. | 03-28-2013 |
20140059686 | System and Method for Detecting Behavior Anomaly in Information Access - A system and method for identifying anomalies in information requests. The information requests are modeled into a plurality of basic elements and association among the basic elements are tracked. The association of one information request is compared with a plurality of bitmap tables and counters representing a baseline information from a historical behavior information. If the association of this information request differs from the baseline information, an alert is issued. The system responds dynamically to changing baselines in assessment of which behaviors constitute an anomaly. | 02-27-2014 |
20140129709 | System and Method for Identifying Real Users Behind Application Servers - A monitoring device and method for identifying the identity of users requesting database accesses. The data request from application servers to an application server are monitored and parsed. The SQL statements associated with the data request from the application server are also monitored and parsed, so are the SQL responses from the database server. The SQL responses are sent back to the user as data responses. The data responses are also monitored and parsed. The monitoring device matches the parsed data request with the parsed SQL statements, the parsed SQL responses, and the parsed data responses. By matching the string portion of these parsed data, the monitoring device can then identity the identity of the user making such data base request. | 05-08-2014 |
20140130121 | System and Method for Information Risk Management - The present invention provides a system and method for evaluating risk associated with information access requests. The information access requests are collected, assigned a risk level according to user defined policies, a total risk is calculated and presented to user. The user can select a high risk event for further analysis. The system will break down the event into basic elements, so the user can ascertain the risk. The system allows a user to customize a report and the customized report can be saved as a template for future use. | 05-08-2014 |