Multiplex communications – Pathfinding or routing – Switching a message which includes an address header
Reexamination Certificate
2011-04-19
2011-04-19
Rao, Seema S (Department: 2462)
Multiplex communications
Pathfinding or routing
Switching a message which includes an address header
C370S395310, C714S013000
Reexamination Certificate
active
07929534
ABSTRACT:
A plurality of flow collector devices is disposed to collect flow information on a network. Duplicate flow records received from the flow collectors are eliminated by determining whether a pair of flow records has the same, source and destination flow identifiers and were received within a predefined time-period. Non-duplicated flow records received from the plurality of flow collector devices are stored and used to produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node from non-duplicated flow records. The connection table stores statistical information of packets on the network based on a time-slice basis.
REFERENCES:
patent: 5793753 (1998-08-01), Hershey et al.
patent: 5796942 (1998-08-01), Esbensen
patent: 5796956 (1998-08-01), Jones
patent: 5886643 (1999-03-01), Diebboll et al.
patent: 5892903 (1999-04-01), Klaus
patent: 5940870 (1999-08-01), Chi et al.
patent: 5991881 (1999-11-01), Conklin et al.
patent: 6061341 (2000-05-01), Andersson et al.
patent: 6061789 (2000-05-01), Hauser et al.
patent: 6088804 (2000-07-01), Hill et al.
patent: 6108782 (2000-08-01), Fletcher et al.
patent: 6269330 (2001-07-01), Cidon et al.
patent: 6269401 (2001-07-01), Fletcher et al.
patent: 6279113 (2001-08-01), Vaidya
patent: 6282546 (2001-08-01), Gleichauf et al.
patent: 6301668 (2001-10-01), Gleichauf et al.
patent: 6304262 (2001-10-01), Maloney et al.
patent: 6321338 (2001-11-01), Porras et al.
patent: 6353385 (2002-03-01), Molini et al.
patent: 6363489 (2002-03-01), Comay et al.
patent: 6370116 (2002-04-01), Giroux et al.
patent: 6381649 (2002-04-01), Carlson
patent: 6388992 (2002-05-01), Aubert et al.
patent: 6389448 (2002-05-01), Primak et al.
patent: 6442694 (2002-08-01), Bergman et al.
patent: 6487666 (2002-11-01), Shanklin et al.
patent: 6499107 (2002-12-01), Gleichauf et al.
patent: 6535484 (2003-03-01), Hughes et al.
patent: 6578147 (2003-06-01), Shanklin et al.
patent: 6591306 (2003-07-01), Redlich
patent: 6597661 (2003-07-01), Bonn
patent: 6597957 (2003-07-01), Beakley
patent: 6609205 (2003-08-01), Bernhard et al.
patent: 6678827 (2004-01-01), Rothermel et al.
patent: 6691213 (2004-02-01), Luu et al.
patent: 6725378 (2004-04-01), Schuba et al.
patent: 6735702 (2004-05-01), Yavatkar et al.
patent: 6738814 (2004-05-01), Cox et al.
patent: 6751688 (2004-06-01), El-Demerdash et al.
patent: 6775657 (2004-08-01), Baker
patent: 6789203 (2004-09-01), Belissent
patent: 6807667 (2004-10-01), Bar et al.
patent: 6816910 (2004-11-01), Ricciulli
patent: 6816973 (2004-11-01), Gleichauf et al.
patent: 6848005 (2005-01-01), Plevyak et al.
patent: 6918067 (2005-07-01), Bartucca et al.
patent: 6944673 (2005-09-01), Malan et al.
patent: 2002/0023089 (2002-02-01), Woo
patent: 2002/0031134 (2002-03-01), Poletto et al.
patent: 2002/0032774 (2002-03-01), Kohler, Jr. et al.
patent: 2002/0032871 (2002-03-01), Malan et al.
patent: 2002/0032880 (2002-03-01), Poletto et al.
patent: 2002/0035628 (2002-03-01), Gil et al.
patent: 2002/0035683 (2002-03-01), Kaashoek et al.
patent: 2002/0035698 (2002-03-01), Malan et al.
patent: 2002/0038339 (2002-03-01), Xu
patent: 2002/0095492 (2002-07-01), Kaashoek et al.
patent: 2002/0103886 (2002-08-01), Rawson, III
patent: 2002/0103916 (2002-08-01), Chen et al.
patent: 2002/0116491 (2002-08-01), Boyd et al.
patent: 2003/0046577 (2003-03-01), Silverman
patent: 2003/0149919 (2003-08-01), Greenwald et al.
patent: 2004/0030927 (2004-02-01), Zuk
patent: 2004/0205374 (2004-10-01), Poletto et al.
patent: 2004/0220984 (2004-11-01), Dudfield et al.
patent: 2004/0236963 (2004-11-01), Danford et al.
patent: 2005/0039104 (2005-02-01), Shah et al.
patent: 2006/0047807 (2006-03-01), Magnaghi et al.
patent: 1 079 583 (2001-02-01), None
Steve Bellovin. DDoS Attacks and Pushback. NANOG21, Feb. 18, 2001 http://www.aciri.org/pushback.
Ratul Manajan, Steven M. Bellovin, Sally Floyd, Vern Paxson, Scott Shenker, and John Ioannidis. Controlling High Bandwidth Aggregates in the Network. draft paper, Feb. 2001. http://www.aciri.org/pushback.
Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson. Practical Network Support for IP Traceback. Proceedings of 2000 ACM SIGCOMM, Stockholm, Sweden, Aug. 2000. http://www.cs.washington.edu/homes/savage/traceback.html..
Steve Bellovin. ICMP Traceback Messages. AT&T Labs Research, Mar 2000. http://www.research.att.com/˜smb/papers/draft-bellovin-itrace-00.txt.
Cisco. Characterizing and Tracing Packet Floods Using Cisco Routers. http://www.cisco.com/warp/public/707/22.html.
D. Senie. RFC2644 (BCP34), Changing the Default for Directed Broadcasts in Routers. IETF, Aug. 1999. http://www.ietf.org/rfc/rfc2644.txt.
P. Ferguson, D. Senie. RFC2827 (BCP38): Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing. IETF, May 2000. http://www.ietf.org/rfc/rfc2827.txt.
David G. Andersen, Hari Balakrishnan, and M. Frans Kaashoek, Robert Morris. The Case for Resilient Overlay Networks. Proc. of HotOS-VIII, Schloss Elmau, Germany, May 2001. http:/
ms.1cs.mit.edu/papers/ron-hotos2001.pdf.
Cisco. Web-Site Security and Denial-of-Service Protection. http://www.cisco.com/warp/public/cc/pd/si/11000/prodlit/cswsc—wi.htm.
Analysis of a Denial of Service Attack on TCP by Schuba et al Proceedings of the 1997 IEEE Symposium on Security and Privacy (IEEE Computer Society Press, May 1997).
Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson. Practical Network Support for IP Traceback. Work in progress Technical Report UW-CSE-00-02-01. Date unknown. http://www.cs.washington.edu/homes/savage/traceback.html.
Web page entitled “Aggregate Based Congestion and Pushback” last modified Apr. 2001 Found at http://www.aciri.org/pushback.
D. Song et al., “Advanced and Authenticated Marking Schemes for IP Traceback”, Proc. IEEE INFOCOM, Apr. 2001, pp. 878-880.
R. Stone, “CenterTrack: An IP Overlay Network for Tracking DoS Floods”, Proceedings of 9th USENIX Security Symposium, Denver, CO, Aug. 2000, pp. 199-212.
H. Burch et al., “Tracing Anonymous Packets to Their Approximate Source”, Proc. USENIX LISA 00, Dec. 2000, pp. 319-327.
“A System for Distributed Intrusion Detection”, Snapp et al., Compcon Spring '91, Digest of Papers, Davis, CA, Mar. 1991, pp. 1 and 170-176.
Messmer, Apr. 2000, Network World.
Communications News, Jun. 2000, 37, 6, 48.
McFadden, Oct. 25, 2000, Ent. 5, 17, 22.
Greene, Feb. 16, 1998, p. 20.
Johnson, Nov. 27, 2000, Network World.
Martin, Aug. 14, 2000, Network World, p. 86.
Snyder, Jul. 19, 1999, Network World, p. 53.
Mell, P. et al., “Mobile Agent Attack Resistant Distributed Hierarchical Intrusion Detection Systems,” RAID 1999, Sep. 99, pp. 1-8.
Mansfield et al., “Towards trapping wily intruders in the large”, RAID 1999, Sep. 99, pp. 1-13.
Stallings, William, “Cryptography and Network Security”, Principles and Practice, 2nd Edition, Intruders and Viruses, Chapter 15, pp. 478-501.
Roesch, Martin, “Snort—Lightweight Intrusion Detection for Networks”, Proceedings of LISA XIII '99: 13th Systems Administration Conference, Nov. 7-12, 1999, pp. 229-238.
Ohta et al., “Detection, Defense, and Tracking of Internet-Wide Illegal Access in a Distributed Manner”, Internet Society, Jul. 18-21, 2000, Retrieved from the Internet on Oct. 27, 2004: <URL: http://www.isoc.org/inet2000/cdproceedings/1f/1f—2.htm>.
Kohler, Jr. Edward W.
Poletto Massimiliano Antonio
Ratin Andrew
Park Vaughan Fleming & Dowler LLP
Rao Seema S
Riverbed Technology, Inc.
Russell Wanda Z
LandOfFree
Flow logging for connection-based anomaly detection does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Flow logging for connection-based anomaly detection, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Flow logging for connection-based anomaly detection will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2719328