Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2005-09-08
2009-11-24
Dada, Beemnet W (Department: 2435)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
Reexamination Certificate
active
07624447
ABSTRACT:
A computer-implemented method is provided for screening communication traffic. A list of one or more threshold pairs including respective first and second threshold values, each of which first threshold values is greater than one, are defined. Network traffic from a plurality of sources is monitored, so as to determine for each source a count of unique destination addresses to which the source transmitted data during a period of time. A response to malicious network traffic is invoked responsively to finding that each of a first number of the sources sent data to at least a second number of the destination addresses, wherein, for at least one of the threshold pairs, the first number is at least equal to the respective first threshold value, and the second number is at least equal to the respective second threshold value.
REFERENCES:
patent: 5889943 (1999-03-01), Ji et al.
patent: 5960170 (1999-09-01), Chen et al.
patent: 5991881 (1999-11-01), Conklin et al.
patent: 6055236 (2000-04-01), Nessett et al.
patent: 6185680 (2001-02-01), Shimbo et al.
patent: 6279113 (2001-08-01), Vaidya
patent: 6321338 (2001-11-01), Porras et al.
patent: 6397335 (2002-05-01), Franczek et al.
patent: 6487666 (2002-11-01), Shanklin et al.
patent: 6502135 (2002-12-01), Munger et al.
patent: 6513122 (2003-01-01), Magdych et al.
patent: 6725378 (2004-04-01), Schuba et al.
patent: 6772349 (2004-08-01), Martin et al.
patent: 6829654 (2004-12-01), Jungck
patent: 6856627 (2005-02-01), Saleh et al.
patent: 6880090 (2005-04-01), Shawcross
patent: 6886102 (2005-04-01), Lyle
patent: 6907525 (2005-06-01), Pazi et al.
patent: 6922417 (2005-07-01), Vanlint
patent: 7007302 (2006-02-01), Jagger et al.
patent: 7039950 (2006-05-01), Parekh et al.
patent: 7464398 (2008-12-01), Robert et al.
patent: 7464410 (2008-12-01), Halasz et al.
patent: 2001/0039579 (2001-11-01), Trcka et al.
patent: 2002/0083175 (2002-06-01), Afek et al.
patent: 2003/0110274 (2003-06-01), Pazi et al.
patent: 2003/0172289 (2003-09-01), Soppera
patent: 2003/0200464 (2003-10-01), Kidron
patent: 2004/0003116 (2004-01-01), Munger et al.
patent: 2004/0093513 (2004-05-01), Cantrell et al.
patent: 2004/0172557 (2004-09-01), Nakae et al.
patent: 2004/0199791 (2004-10-01), Polelto et al.
patent: 2004/0221190 (2004-11-01), Polelto et al.
patent: 2004/0250124 (2004-12-01), Chesla et al.
patent: 2005/0021740 (2005-01-01), Bar
patent: 2005/0089016 (2005-04-01), Zhang et al.
patent: 2005/0262556 (2005-11-01), Waisman et al.
patent: 2008/0016562 (2008-01-01), Keeni
Bennett, J.C.R. et al. “Hierarchical Packet Fair Queueing Algorithms”, 1996.
Bennett, J.C.R. et al. “High Speed, Scalable, and Accurage Implementation of Fair Queueing Algorithms in ATM Networks”, 1996.
Bennett, J.C.R. et al. “WF2Q: Worst-Case Fair Weighted Fair Queueing”, 1996.
Chiussi, F.M. et al. “Implementing Fair Queueing in ATM Switches: the Discrete-Rate Approach”, 1998.
Chiussi, F.M. et al. “Minimum-Delay Self-Clocked Fair Queueing Algorithm for Packet-Switched Networks”, 1998.
Demers, A. et al. “Analysis and Simulation of a Fair Queueing Algorithm”, 1989 Association for Computing Machinery.
Eckhardt, D.A. et al. “Effort-limited Fair (ELF) Scheduling for wireless Networks”, IEEE INFOCOM 2000.
Golestani, S.J. “Networks Delay Analysis of a Class of fair Queueing Algorithms”, IEEE Journal on Selected Areas in Communications, vol. 13, No. 6, Aug. 1995, pp. 1057-1070.
Golestani, S.J. “A self-Clocked fair Queueing Scheme for Broadband Applications”, IEEE 1994, pp. 5c.1.1-5c1.11.
Greenberg, Albert G. et al. “How Fair is Fair Queuing?” Journal of the Association for Computing Machinery vol. 39, No. 3, Jul. 1992, pp. 568-598.
Parekh, A.K.J. “A Generalized Processor Sharing Approach to Flow Control in Integrated Services Networks”, Ph.D. Dissertation Massachusetts Institute of Technology, Feb. 1992.
Parekh, A.K.J. “A Generalized Processor Sharing Approach to Flow Control in Integrated Services Networks: The Multiple Node Case”, IEEE/ACM Transactions on Networking vol. 2, No. 2, Apr. 1994, pp. 137-150.
Parekh, A.K.J. “A Generalized Processor Sharing Approach to Flow Control in Integrated Services Networks: The Single-Node Case”, IEEE/ACM Transactions on Networking vol. 1, No. 3, Jun. 1993, pp. 344-357.
“Quality of Service Networking”, downloaded from the web (address: http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito—doc/qos.htm), Cisco Systems, Inc. 2002.
Rexford, J.L. et al. “Hardware Efficient Fair Queueing Architectures for high-Speed networks”, IEEE 1996, pp. 5d.2.1-5d.2.9.
Shreedhar M. et al. “Efficient Fair Queueing Using Deficit Round-Robin”, IEEE/ACM Transactions on networking vol. 4, No. 3, Jun. 1996, pp. 375-385.
Stiliadis, D. et al. “Frame-Based Fair Queueing: A New Traffic Scheduling Algorithm for Packet-Switched Networks”, Jul. 1995, pp. 1-43.
Robert Stone, Center Track, An IP Overlay Network for Tracking Denial-of-Service Floods, MANOG17, Oct. 5, 1999, UUNET Technologies.
Robert Stone, “Center Track: An IP Overlay Network for Tracking DoS Floods”, Proceedings of the 9thUSENIX Security Symposium, Denver, Colorado, USA, Aug. 14-17, 2000.
Horowitz Keren
Karmi Dror
Rivlin Rami
Stein Yehiel
Touitou Dan
Abelman ,Frayne & Schwab
Cisco Technology Inc.
Dada Beemnet W
LandOfFree
Using threshold lists for worm detection does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Using threshold lists for worm detection, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Using threshold lists for worm detection will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4117495