WO2006049814A2 - Intrusion detection in a data center environment - Google Patents
Intrusion detection in a data center environment Download PDFInfo
- Publication number
- WO2006049814A2 WO2006049814A2 PCT/US2005/036480 US2005036480W WO2006049814A2 WO 2006049814 A2 WO2006049814 A2 WO 2006049814A2 US 2005036480 W US2005036480 W US 2005036480W WO 2006049814 A2 WO2006049814 A2 WO 2006049814A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- traffic
- intrusion detection
- ids
- source
- network
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Definitions
- a successful Internet presence requires that a company has a web site and the computer resources available to handle a large volume of hits from both customers and employees. E-business is now generally accepted as a valid way to conduct business and is increasingly accounting for a significant portion of commerce worldwide. At the same time, a successful Internet presence means that the company must provide adequate security of customer records, such as credit card numbers, as well as its own proprietary information.
- the computer resources are exposed to a group, generally referred to as hackers, whose sole intent is to gain unauthorized access to the company's computer resources.
- hackers may attempt to obtain information of financial value or they may attempt to infiltrate a company's computer resources for the intellectual or political challenge. Other hackers are simply intent on trouble-making.
- IDS intrusion detection system
- the IDS may be a network-based IDS or a host-based intrusion prevention system implementation.
- a network-based IDS monitors network traffic flowing through a switch or router.
- a host-based IDS monitors system level events to detect malicious activity on that host.
- the IDS is the equivalent of a surveillance tool that reports suspicious activity to an IDS management system.
- one IDS such as the Cisco IDS-4250 which is commercially marketed by Cisco Systems, utilizes sophisticated detection techniques that include stateful pattern recognition, protocol parsing, heuristic detection, and anomaly detection. These detection techniques provide comprehensive protection from a variety of both known and unknown threats.
- IDSs are deployed throughout the network but it is especially important to place IDSs on network segments where attacks are most likely to come through.
- a network-based IDS protects all devices that are accessible on the segment where they are connected and identifies malicious activities.
- an IDS sensor monitor each subnet.
- traffic on a first subnet should be monitored by a first IDS
- traffic on the second subnet should be monitored by a second IDS.
- two or more subnets may be lumped together and monitored by a single IDS.
- it is desired to selectively monitor traffic on a subnet such as, for instance, HTTP client-to-server traffic should be monitored by one IDS sensors, SMTP client-to-server traffic should be monitored by another sensor, DNS traffic by yet another sensor while filtering all other traffic originating and terminating on the same subnet.
- HTTP client-to-server traffic should be monitored by one IDS sensors
- SMTP client-to-server traffic should be monitored by another sensor
- DNS traffic by yet another sensor while filtering all other traffic originating and terminating on the same subnet.
- FIG. 1 is a simplified block diagram illustrating a network segment having intrusion detection systems associated with each traffic source in accordance with one embodiment of the present invention.
- Figure 2 is block diagram illustrating a method for operating the intrusion detection system on a network segment in accordance with the embodiment shown in Figure 1.
- FIG. 3 is another simplified block diagram illustrating a network segment having intrusion detection systems associated with each traffic source in accordance with another embodiment of the present invention.
- Figure 4 is a block diagram illustrating the operation of the embodiment of the present invention shown in Figure 3.
- FIG. 5 is block diagram illustrating a method for operating the intrusion detection system on a network segment in accordance with the embodiment shown in Figures 3 and 4.
- Network segment 10 is illustrative of a portion of a network environment that is typically used for a data center or a large corporate or enterprise network.
- Network environment 10 includes a router or switch 11 and subnets 12, 13 and 14 which partition the network environment into logical segments. Although only three subnets are illustrated in Figure 1, it is to be appreciated that any number of such subnets may exist in a network segment.
- the IDSs are arbitrarily described herein as discrete systems, but it will be appreciated that IDSs may be implemented in software and executed by a processor associated with switch 11. Alternatively, the IDS may be a blade that may share a common chassis with one or more other network devices such as a switch, router, firewall, bridge, concentrator, scanners, load balancer or content engine.
- switch 11 functions as the gateway to each of the subnets.
- Each subnet 12-14 includes a node 17 that defines a plurality of servers, such as web server, or other protected network accessible resources.
- Network segment 10 is accessible to clients 15 over a core network such as the Internet 16. It should be appreciated that clients may connect to the network segment from a variety of different networks and that the Internet is shown merely to illustrate an external core network.
- each subnet is monitored by an intrusion detection system or IDS. Specifically, IDSs 22 -24 monitors traffic on the subnets.
- Network-based sensors are systems that connect to network segments and inspect traffic to detect intrusions and suspicious activities. These sensors may be implemented in software on routers and firewalls, as standalone appliances, or as hardware modules. Network-based sensors usually use two network interfaces, one that connects to the network being monitored and another one to a secure segment that provides access to a management system. The monitoring interface does not have a MAC address, so it is unable to send traffic. The switch port where the IDS is connected sees all the traffic mirrored by the switch. The management interface preferably has a MAC address and an IP address to communicate with the monitored network devices. Network-based sensors should be deployed on network segments where attacks are more likely to come through (that is, at the Internet Edge) and on the segments housing mission-critical servers.
- the monitoring process is illustrated in Figure 2.
- the monitoring of each subnet begins upon receipt of traffic at switch 11 with a destination at one of the nodes 17.
- a copy of the traffic is made as indicated at step 27.
- the copied traffic is then filtered to remove uninteresting traffic, as indicated at step 28.
- the copied and filtered traffic is redirected to the dedicated IDS as indicated at step 29.
- the remaining traffic is analyzed by the IDS by applying various detection techniques to protect the devices connected to node 17 from perceived threats as indicated at step 30.
- the detection techniques may include stateful pattern recognition, protocol parsing, heuristic detection, anomaly detection or other techniques.
- a specific set of signatures be selected that closely match the intent of the traffic monitoring for each subnet although anomaly-based systems are contemplated.
- Anomaly-based systems define normal activities in terms of network traffic and system resource usage so that any deviation from a defined baseline is considered an attack after alarms are generated any time there is a significant deviation from the statistical values.
- Signature-based systems explicitly define which activity is considered malicious. A particular signature identifies this malicious activity and the IDS compares the traffic and resource utilization with the signature. A match in the comparison would indicate the presence of a malicious event. In the comparison process, each and every packet is compared against the signature. It is important to note that signature patterns can be dispersed in multiple packets, so the network-based system must reassemble the session and eventually perform the protocol analysis.
- an IDS may include embedded signatures, which are specific, known attack signatures that come with the IDS or connection signatures, which are protocol-specific signatures.
- the protocol definition TCP/UDP
- the IDS may also include string-matching signatures, which is an attack signature based on portions of the payload in packets, or ACL signatures, which are policy- violation signatures logged by network devices.
- Examples of signatures used in the detection of attacks destined to various server types in each subnet include HTTP signatures: 3455 - Java Web Server Cmd Exec; 5087 - WWW Sun Java Server Access; 5312 - *.jsp/*.jhtml Java Execution; 5375 - Apache mod_dav Over.ow; 5103 - WWW SuSE Apache CGI Source Access; and 5160 - Apache ? indexing .Ie disclosure bug.
- RPC-based application signatures include: 6101 - RPC Port Unregistration; 6102 - RPC Dump; 6103 - Proxied RPC Request; 6104 - RPC Set Spoof; 6105 - RPC Unset Spoof; 6110 - RPC RSTATD Sweep; 6111 - RPC RUSERSD Sweep; 6112 - RPC NFS Sweep; 6113 - RPC MOUNTD Sweep; and 6114 RPC YPPASSWDD Sweep.
- Windows/NetBIOS signatures include: 3300 - NetBIOS OOB Data; 3301 - NETBIOS Stat; 3302 - NETBIOS Session Setup Failure; 3303 - Windows Guest Login; 3304 - Windows Null Account Name; 3305 - Windows Password File Access; 3306 - Windows Registry Access; and 3327 - Windows RPC DCOM Over.ow.
- the signatures used in network environment belong to signature groups such as a HTTP group, because hackers use HTTP to gain access to most applications.
- Other signature groups include a RPC group, which is widely used for server-to- server communications, and groups specific to certain operating systems such as Windows/NetBIOS.
- DNS signatures examples include: 6050 - DNS HINFO Request; 6051 - DNS Zone Transfer; 6052 - DNS Zone Transfer from High Port; 6053 - DNS Request for All Records; 6054 - DNS Version Request; 6055 - DNS Inverse Query Buffer Overflow and 6056 - DNS NXT Buffer Overflow.
- HTTP signatures examples include: 5188 - HTTP Tunneling; 5055 - HTTP Basic Authentication Overflow; 3200 - WWW Phf Attack; 3202 - WWW .url File Requested; 3203 - WWW .Ink File Requested; 3204 - WWW .bat File Requested; 3212 - WWW NPH-TEST-CGI Attack; and 3213 - WWW TEST-CGI Attack.
- FTP signatures examples include: 3150 - FTP Remote Command Execution; 3151 -FTP SYST Command Attempt; 3152 - FTP CWD -root; 3153 - FTP Improper Address Specified; 3154 - FTP Improper Port Specified; 3155 - FTP RETR Pipe Filename Command Execution; 3156 - FTP STOR Pipe Filename Command Execution; 3157 - FTP PASV Port Spoof; 3158 - FTP SITE EXEC Format String; 3159 - FTP PASS Suspicious Length; and 3160 - Cesar FTP Buffer Overflow.
- E-mail signatures examples include: 3100 - Smail Attack; 3101 - Sendmail Invalid Recipient; 3102 - Sendmail Invalid Sender; 3103 - Sendmail Reconnaissance; 3104 - Archaic Sendmail Attacks; 3105 - Sendmail Decode Alias; 3106 - Mail Spam; and 3107 - Majordomo Execute Attack.
- the identification process may require tuning the signatures by monitoring the alarms and determining what is normal and abnormal when threats are detected but it is preferred that the IDS be configured to specifically alert on protocols allowed by any firewalls protecting the subnet. When a threat is detected, suspicious traffic alarms are generated and the threat is preferably blocked by the IDS as indicated at step 31.
- the IDS is capable of responding to identified security incidents using specific mechanisms. For example, the entire IP session that corresponds to a detected intrusion could be logged. The logs are commonly used for forensic analysis to determine the details of the event and identify where the security gap was and how to correct it. This information can also be use as evidence if law enforcement is required.
- the IDS could be configured for TCP resets on behalf of a victim system. In this configuration, the IDS sends a TCP reset generated using the source IP address of the victim and a random MAC address to avoid conflicts with Layer 2 switches and the MAC address of the victim.
- the IDS could also instruct a network device such as a router, switch, or firewall to dynamically apply an ACL to block the traffic coming from an attacker. This response is the most aggressive response and can result in a self-induced DoS problem when it accidentally blocks valid traffic.
- the IDS can communicate with the shunning devices using various protocols such as Telnet and Secure Shell (SSH).
- SSH Telnet and Secure Shell
- switch 11 builds a Layer 2 forwarding table based on the source MAC address of the different received packets.
- the forwarding table or access control list, is used by switch 11 to forward packets destined for a MAC address directly to a corresponding VLAN.
- This feature is often referred to as unicast forwarding because the packet is sent from the source only to the destination.
- traffic designated for a monitored VLAN is copied by switch 11 and sent it to a VLAN by configuring a VACL feature, the remote or RSPAN VLAN.
- the VACL configuration defines the traffic type to be monitored. Specifically, as illustrated in Figure 3, traffic designated for VLAN 12 is copied by switch 11 and the copy is sent it to a VLAN 35.
- VLAN 35 is preferably a local VLAN and may even be part of switch 11, as indicated by dashed line 39. If VLANs 12-14 are configured for capturing, the designated traffic from each such VLAN is copied to VLAN 35. To keep each of the dedicated IDSs from seeing all the traffic, operating software or hardware redirects traffic from VLAN 35 to the appropriate dedicated IDS. Thus, traffic on VLAN 12 is copied by switch 11 and sent to VLAN 35 where it can be redirected to IDS 37. Similarly, traffic on VLANs 13 and 14 are copied to VLAN 35 and then can be redirected to IDSs 38 and 39, respectively. In an alternative embodiment, traffic can be redirected based on the protocol. In yet another embodiment, traffic is redirected based on source and protocol. In general, the redirection may be as granular as desired for a particular application.
- FIG. 4 The monitoring process for the embodiment of Figure 3 is illustrated in Figure 4. Redirection of traffic occurs with switch 11, which is configured to designate which VLAN traffic to copy as indicated at step 42. If switch 11 is a Cisco switch, redirection is accomplished by configuring the switch to SPAN each VLAN or link to another VLAN where traffic is to be copied. SPAN copies traffic to a VLAN, which can also be carried to a switch different from switch 11.
- the copied traffic is then sent to VLAN 35 as indicated at step 43.
- the traffic type and source VLAN is determined as indicated at step 44. Traffic type may be determined by examining the packet header. Based on the traffic type and the source, VLAN 35 filters and redirects traffic to a specific IDS as indicated at step 45. This operation is preferably performed by applying a VACL REDIRECT decision on VLAN 35.
- VACL REDIRECT is executed by the operating system and applies to all packets that are routed into or out of VLAN 35.
- the VACL REDIRECT is strictly for packet filtering and redirecting traffic to specific physical switch ports based on the configuration.
- VACL REDIRECT is used to decide which port traffic is to go out on based on information such as the subnet, the protocol and the layer 4 port. Thus, if a certain traffic pattern is received, VLAN 35 recognizes the source, the destination , the protocol and the layer 4 port of the traffic and redirects the traffic to one of several designated IDSs.
- the IDS uses signatures or templates to detect unusual behaviors on the network that are considered security violations by comparing the templates against traffic patterns or specific traffic conversations, looking for a match.
- a match implies that an anomaly has been detected and an action is required.
- the action could be just sending an alarm or sending an alarm and applying a measure designed to stop the anomaly.
- FIG. 5 illustrates the method for copying and then redirecting traffic to a designated IDS.
- ingress traffic at switch 11 is selectively copied by means of the SPAN command that is executed by the operating system active on switch 11.
- SPAN command that is executed by the operating system active on switch 11.
- VLAN 35 monitors ingress streams by means of a VACL REDIRECT command that is executed by the operating system active.
- the VACL REDIRECT functions to determine traffic type, such as MAC, RPC or HTTP, and then routes it to a specific IDS.
- the VACL REDIRECT command recognizes the source as VLAN 12, which selects a first group of IDS sensors 47.
- the VACL REDIRECT redirects traffic of a specific type to a corresponding IDS.
- traffic on VLAN 12 includes RPC and HTTP traffic
- the RPC traffic is sent to IDS sensor 48 and HTTP traffic is sent to IDS sensor 49.
- Similar two level hierarchal decisions are made to route traffic to the designated IDS.
- Traffic on VLAN 13 is routed to IDS sensor 50 if it is RPC traffic or to IDS sensor 51 if it is HTTP traffic.
- IDS sensors 50 and 51 are in a second group of IDSs 52.
- traffic on VLAN 14 is routed to and IDS group 53 if either RPC or HTTP traffic.
- the intrusion detection sensors associated with each of said plurality of traffic sources may comprise a single virtualized IDS sensor.
- a different traffic protocol, pattern or source is recognized, it is directed to a different, dedicated IDS.
- many different IDS sensors can be defined each of which monitors a different traffic protocol or pattern.
- the sensors can be as granular as the protocol number allows.
- the VACL does all the analysis as to whether traffic is to be copied or redirected.
- the access control list is configured to define the subnet to use for a particular traffic source. Indeed, with Layer 4 protocol and layer 4 ports in switch 11, it is possible to be very specific as to what type of traffic each IDS will receive. Further, it is possible to filter extraneous alarms by eliminating uninteresting traffic from within a subnet from being seen by an IDS. This filtering functions means that known safe traffic is not passed through the IDS and only suspected or high risk traffic need be reviewed by the IDS.
- the present invention achieves important milestones by making it possible to provide more than one or two IDSs to monitor traffic from a plurality of subnets. Further, the present invention makes it possible for IDSs to operate more efficiently by limiting the type of traffic that is provided to each IDS reduces the number of false positives that will be reported. Further efficiency improvement results by identifying and filtering safe traffic. This filtering step improves latency and reduces the occurrence of false alarms. Thus, with the present invention, only a subset of traffic is monitored by each IDS while safe traffic within a common subnet is not necessarily monitored.
- the present invention provides a new intrusion detection system capable of identifying the source of traffic, filtering the traffic to classify it as either safe or suspect and then applying sophisticated detection techniques such as stateful pattern recognition, protocol parsing, heuristic detection or anomaly detection.
- the techniques may be applied either singularly or in combination with IDS sensors that are dedicated to monitoring a specific type of traffic from a specific traffic source. Since traffic is filtered to remove uninteresting traffic and different sensors monitor a different portion of the traffic, efficiency is vastly improved because less traffic is routed to the IDS for monitoring.
- the detection techniques employed by each IDS sensor can be specifically targeted and refined to ensure comprehensive protection from a variety of both known and unknown threats while at the same time reducing latency.
- the network may include different routers, switches, servers and other components or devices that are common in such networks.
- these components may comprise software algorithms that implement connectivity functions between the network device and other devices in a manner different from that described herein.
- the executable code described herein may be implemented in any suitable programming language to implement the routines of the present invention including C, C++, Java, assembly language, etc. Different programming techniques can be employed such as procedural or object oriented.
- the routines can operate in an operating system environment or as stand-alone routines occupying all, or a substantial part, of the system processing.
- memory for purposes of embodiments of the present invention may be any medium that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, system or device.
- the memory can be, by way of example only but not by limitation, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, system, device, propagation medium, or computer memory.
- Embodiments of the invention may be implemented by using a programmed general purpose digital computer, by using application specific integrated circuits, programmable logic devices, field programmable gate arrays, optical, chemical, biological, quantum or nanoengineered systems, components and mechanisms may be used.
- the functions of the present invention can be achieved by any means as is known in the art.
- Distributed, or networked systems, components and circuits can be used.
- Communication, or transfer, of data may be wired, wireless, or by any other means.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2005800310647A CN101116068B (en) | 2004-10-28 | 2005-10-11 | Intrusion detection in a data center environment |
EP05810284.9A EP1817685B1 (en) | 2004-10-28 | 2005-10-11 | Intrusion detection in a data center environment |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US62381004P | 2004-10-28 | 2004-10-28 | |
US60/623,810 | 2004-10-28 | ||
US11/090,083 | 2005-03-25 | ||
US11/090,083 US7610375B2 (en) | 2004-10-28 | 2005-03-25 | Intrusion detection in a data center environment |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2006049814A2 true WO2006049814A2 (en) | 2006-05-11 |
WO2006049814A3 WO2006049814A3 (en) | 2007-05-24 |
Family
ID=36263680
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2005/036480 WO2006049814A2 (en) | 2004-10-28 | 2005-10-11 | Intrusion detection in a data center environment |
Country Status (3)
Country | Link |
---|---|
US (1) | US7610375B2 (en) |
EP (1) | EP1817685B1 (en) |
WO (1) | WO2006049814A2 (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100429894C (en) * | 2006-09-28 | 2008-10-29 | 北京启明星辰信息技术有限公司 | Method for implementing virtual engine technique for intrusion detection |
CN100461765C (en) * | 2006-11-24 | 2009-02-11 | 南京大学 | A method for kilomega NIDS parallel processing based on NP and BS |
CN104506484A (en) * | 2014-11-11 | 2015-04-08 | 中国电子科技集团公司第三十研究所 | Proprietary protocol analysis and identification method |
CN106506507A (en) * | 2016-11-16 | 2017-03-15 | 杭州华三通信技术有限公司 | A kind of generation method of flow detection rule and device |
CN107493272A (en) * | 2017-08-01 | 2017-12-19 | 杭州迪普科技股份有限公司 | A kind of flow cleaning methods, devices and systems |
Families Citing this family (303)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8209756B1 (en) | 2002-02-08 | 2012-06-26 | Juniper Networks, Inc. | Compound attack detection in a computer network |
US7523484B2 (en) | 2003-09-24 | 2009-04-21 | Infoexpress, Inc. | Systems and methods of controlling network access |
US8898788B1 (en) | 2004-04-01 | 2014-11-25 | Fireeye, Inc. | Systems and methods for malware attack prevention |
US9027135B1 (en) | 2004-04-01 | 2015-05-05 | Fireeye, Inc. | Prospective client identification using malware attack detection |
US8375444B2 (en) | 2006-04-20 | 2013-02-12 | Fireeye, Inc. | Dynamic signature creation and enforcement |
US8549638B2 (en) | 2004-06-14 | 2013-10-01 | Fireeye, Inc. | System and method of containing computer worms |
US8528086B1 (en) | 2004-04-01 | 2013-09-03 | Fireeye, Inc. | System and method of detecting computer worms |
US7587537B1 (en) | 2007-11-30 | 2009-09-08 | Altera Corporation | Serializer-deserializer circuits formed from input-output circuit registers |
US8561177B1 (en) | 2004-04-01 | 2013-10-15 | Fireeye, Inc. | Systems and methods for detecting communication channels of bots |
US8539582B1 (en) | 2004-04-01 | 2013-09-17 | Fireeye, Inc. | Malware containment and security analysis on connection |
US8006305B2 (en) * | 2004-06-14 | 2011-08-23 | Fireeye, Inc. | Computer worm defense system and method |
US9106694B2 (en) | 2004-04-01 | 2015-08-11 | Fireeye, Inc. | Electronic message analysis for malware detection |
US8204984B1 (en) | 2004-04-01 | 2012-06-19 | Fireeye, Inc. | Systems and methods for detecting encrypted bot command and control communication channels |
US8566946B1 (en) | 2006-04-20 | 2013-10-22 | Fireeye, Inc. | Malware containment on connection |
US8793787B2 (en) | 2004-04-01 | 2014-07-29 | Fireeye, Inc. | Detecting malicious network content using virtual environment components |
US8171553B2 (en) | 2004-04-01 | 2012-05-01 | Fireeye, Inc. | Heuristic based capture with replay to virtual machine |
US8584239B2 (en) | 2004-04-01 | 2013-11-12 | Fireeye, Inc. | Virtual machine with dynamic data flow analysis |
US8881282B1 (en) | 2004-04-01 | 2014-11-04 | Fireeye, Inc. | Systems and methods for malware attack detection and identification |
TW200612695A (en) * | 2004-10-08 | 2006-04-16 | Broad Web Corp | Content checking method applied to network packet of a network security switch |
US7554997B1 (en) * | 2004-11-17 | 2009-06-30 | Adtran, Inc. | Integrated router switch-based port-mirroring mechanism for monitoring LAN-to-WAN and WAN-to-LAN traffic |
US7672319B1 (en) | 2004-11-17 | 2010-03-02 | Adtran, Inc. | Integrated router/switch-based mechanism for mapping COS value to QOS value for optimization of LAN-to-WAN traffic flow |
US7554994B1 (en) | 2004-11-17 | 2009-06-30 | Adtran, Inc. | Integrated router switch containing mechanism for automatically creating IEEE 802.1Q VLAN trunks for LAN-to-WAN connectivity |
US7895650B1 (en) * | 2004-12-15 | 2011-02-22 | Symantec Corporation | File system based risk profile transfer |
US7937755B1 (en) * | 2005-01-27 | 2011-05-03 | Juniper Networks, Inc. | Identification of network policy violations |
US7797411B1 (en) | 2005-02-02 | 2010-09-14 | Juniper Networks, Inc. | Detection and prevention of encapsulated network attacks using an intermediate device |
US7996894B1 (en) * | 2005-02-15 | 2011-08-09 | Sonicwall, Inc. | MAC address modification of otherwise locally bridged client devices to provide security |
US20060259950A1 (en) | 2005-02-18 | 2006-11-16 | Ulf Mattsson | Multi-layer system for privacy enforcement and monitoring of suspicious data access behavior |
US7808897B1 (en) * | 2005-03-01 | 2010-10-05 | International Business Machines Corporation | Fast network security utilizing intrusion prevention systems |
US7860006B1 (en) * | 2005-04-27 | 2010-12-28 | Extreme Networks, Inc. | Integrated methods of performing network switch functions |
US8028160B1 (en) | 2005-05-27 | 2011-09-27 | Marvell International Ltd. | Data link layer switch with protection against internet protocol spoofing attacks |
CN101176331B (en) * | 2005-06-06 | 2011-12-21 | 国际商业机器公司 | Computer network intrusion detection system and method |
US20070050846A1 (en) * | 2005-08-30 | 2007-03-01 | Fortinet, Inc. | Logging method, system, and device with analytical capabilities for the network traffic |
US7590733B2 (en) * | 2005-09-14 | 2009-09-15 | Infoexpress, Inc. | Dynamic address assignment for access control on DHCP networks |
US8510833B2 (en) * | 2005-10-27 | 2013-08-13 | Hewlett-Packard Development Company, L.P. | Connection-rate filtering using ARP requests |
US9794272B2 (en) * | 2006-01-03 | 2017-10-17 | Alcatel Lucent | Method and apparatus for monitoring malicious traffic in communication networks |
US20070192858A1 (en) * | 2006-02-16 | 2007-08-16 | Infoexpress, Inc. | Peer based network access control |
US20070192500A1 (en) * | 2006-02-16 | 2007-08-16 | Infoexpress, Inc. | Network access control including dynamic policy enforcement point |
US8793390B2 (en) * | 2006-05-23 | 2014-07-29 | Blue Coat Systems, Inc. | Systems and methods for protocol detection in a proxy |
US8856920B2 (en) * | 2006-09-18 | 2014-10-07 | Alcatel Lucent | System and method of securely processing lawfully intercepted network traffic |
JP4615504B2 (en) * | 2006-11-29 | 2011-01-19 | アラクサラネットワークス株式会社 | Network relay system and method in network relay system |
US20080155264A1 (en) * | 2006-12-20 | 2008-06-26 | Ross Brown | Anti-virus signature footprint |
US8054833B2 (en) * | 2007-06-05 | 2011-11-08 | Hewlett-Packard Development Company, L.P. | Packet mirroring |
US8117657B1 (en) * | 2007-06-20 | 2012-02-14 | Extreme Networks, Inc. | Detection and mitigation of rapidly propagating threats from P2P, IRC and gaming |
US20090007218A1 (en) * | 2007-06-30 | 2009-01-01 | Hubbard Scott M | Switched-Based Network Security |
WO2009035237A1 (en) | 2007-09-12 | 2009-03-19 | Lg Electronics Inc. | Procedure for wireless network management and station supporting the procedure |
CA2630938C (en) * | 2007-09-19 | 2016-10-04 | Kevin Gerard Boyce | Method and system for dynamic protocol decoding and analysis |
US7941382B2 (en) * | 2007-10-12 | 2011-05-10 | Microsoft Corporation | Method of classifying and active learning that ranks entries based on multiple scores, presents entries to human analysts, and detects and/or prevents malicious behavior |
US8606940B2 (en) * | 2008-02-06 | 2013-12-10 | Alcatel Lucent | DHCP address conflict detection/enforcement |
US8935677B2 (en) * | 2008-04-07 | 2015-01-13 | Microsoft Corporation | Automatic reverse engineering of input formats |
US8850571B2 (en) | 2008-11-03 | 2014-09-30 | Fireeye, Inc. | Systems and methods for detecting malicious network content |
US8997219B2 (en) | 2008-11-03 | 2015-03-31 | Fireeye, Inc. | Systems and methods for detecting malicious PDF network content |
EP2219341B1 (en) * | 2009-02-16 | 2019-05-08 | Telia Company AB | Voice and other media conversion in inter-operator interface |
US8156173B2 (en) * | 2009-04-06 | 2012-04-10 | Novell, Inc. | Synchronizing machines in groups |
US8832829B2 (en) * | 2009-09-30 | 2014-09-09 | Fireeye, Inc. | Network-based binary file extraction and analysis for malware detection |
US8640221B2 (en) * | 2009-12-11 | 2014-01-28 | Juniper Networks, Inc. | Media access control address translation in virtualized environments |
FI20096394A0 (en) * | 2009-12-23 | 2009-12-23 | Valtion Teknillinen | DETECTING DETECTION IN COMMUNICATIONS NETWORKS |
US8416696B2 (en) * | 2010-01-04 | 2013-04-09 | Cisco Technology, Inc. | CFM for conflicting MAC address notification |
CN101902456B (en) * | 2010-02-09 | 2013-04-03 | 北京启明星辰信息技术股份有限公司 | Safety defense system of Website |
US8813232B2 (en) | 2010-03-04 | 2014-08-19 | Mcafee Inc. | Systems and methods for risk rating and pro-actively detecting malicious online ads |
US8805839B2 (en) | 2010-04-07 | 2014-08-12 | Microsoft Corporation | Analysis of computer network activity by successively removing accepted types of access events |
US8510829B2 (en) | 2010-06-24 | 2013-08-13 | Mcafee, Inc. | Systems and methods to detect malicious media files |
US8743885B2 (en) | 2011-05-03 | 2014-06-03 | Cisco Technology, Inc. | Mobile service routing in a network environment |
US8151341B1 (en) * | 2011-05-23 | 2012-04-03 | Kaspersky Lab Zao | System and method for reducing false positives during detection of network attacks |
EP2544117A1 (en) * | 2011-07-08 | 2013-01-09 | Gemalto SA | Method and system for sharing or storing personal data without loss of privacy |
WO2013049675A1 (en) * | 2011-09-30 | 2013-04-04 | Gigamon Llc | Systems and methods for implementing a traffic visibility network |
EP2592806A1 (en) * | 2011-11-10 | 2013-05-15 | Alcatel-Lucent Deutschland AG | Method of identifying a distributed infrastructure attack in a highly distributed cloud |
US9088584B2 (en) | 2011-12-16 | 2015-07-21 | Cisco Technology, Inc. | System and method for non-disruptive management of servers in a network environment |
US20130198362A1 (en) * | 2012-01-26 | 2013-08-01 | International Business Machines Corporation | System for Identifying a Server to be Decommissioned |
US9519782B2 (en) | 2012-02-24 | 2016-12-13 | Fireeye, Inc. | Detecting malicious network content |
US9141791B2 (en) * | 2012-11-19 | 2015-09-22 | Hewlett-Packard Development Company, L.P. | Monitoring for anomalies in a computing environment |
US10572665B2 (en) | 2012-12-28 | 2020-02-25 | Fireeye, Inc. | System and method to create a number of breakpoints in a virtual machine via virtual machine trapping events |
US9286047B1 (en) | 2013-02-13 | 2016-03-15 | Cisco Technology, Inc. | Deployment and upgrade of network devices in a network environment |
US9367681B1 (en) | 2013-02-23 | 2016-06-14 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications using symbolic execution to reach regions of interest within an application |
US9009823B1 (en) | 2013-02-23 | 2015-04-14 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications installed on mobile devices |
US9009822B1 (en) | 2013-02-23 | 2015-04-14 | Fireeye, Inc. | Framework for multi-phase analysis of mobile applications |
US9176843B1 (en) | 2013-02-23 | 2015-11-03 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications |
US8990944B1 (en) | 2013-02-23 | 2015-03-24 | Fireeye, Inc. | Systems and methods for automatically detecting backdoors |
US9195829B1 (en) | 2013-02-23 | 2015-11-24 | Fireeye, Inc. | User interface with real-time visual playback along with synchronous textual analysis log display and event/time index for anomalous behavior detection in applications |
US9824209B1 (en) | 2013-02-23 | 2017-11-21 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications that is usable to harden in the field code |
US9159035B1 (en) | 2013-02-23 | 2015-10-13 | Fireeye, Inc. | Framework for computer application analysis of sensitive information tracking |
US9565202B1 (en) | 2013-03-13 | 2017-02-07 | Fireeye, Inc. | System and method for detecting exfiltration content |
US9626509B1 (en) | 2013-03-13 | 2017-04-18 | Fireeye, Inc. | Malicious content analysis with multi-version application support within single operating environment |
US9104867B1 (en) | 2013-03-13 | 2015-08-11 | Fireeye, Inc. | Malicious content analysis using simulated user interaction without user involvement |
US9355247B1 (en) | 2013-03-13 | 2016-05-31 | Fireeye, Inc. | File extraction from memory dump for malicious content analysis |
US9430646B1 (en) | 2013-03-14 | 2016-08-30 | Fireeye, Inc. | Distributed systems and methods for automatically detecting unknown bots and botnets |
US9311479B1 (en) | 2013-03-14 | 2016-04-12 | Fireeye, Inc. | Correlation and consolidation of analytic data for holistic view of a malware attack |
US9413781B2 (en) | 2013-03-15 | 2016-08-09 | Fireeye, Inc. | System and method employing structured intelligence to verify and contain threats at endpoints |
US10713358B2 (en) | 2013-03-15 | 2020-07-14 | Fireeye, Inc. | System and method to extract and utilize disassembly features to classify software intent |
US9251343B1 (en) | 2013-03-15 | 2016-02-02 | Fireeye, Inc. | Detecting bootkits resident on compromised computers |
US9794379B2 (en) | 2013-04-26 | 2017-10-17 | Cisco Technology, Inc. | High-efficiency service chaining with agentless service nodes |
US9258243B2 (en) | 2013-05-10 | 2016-02-09 | Cisco Technology, Inc. | Symmetric service chain binding |
US9495180B2 (en) | 2013-05-10 | 2016-11-15 | Fireeye, Inc. | Optimized resource allocation for virtual machines within a malware content detection system |
US9246799B2 (en) | 2013-05-10 | 2016-01-26 | Cisco Technology, Inc. | Data plane learning of bi-directional service chains |
US9635039B1 (en) | 2013-05-13 | 2017-04-25 | Fireeye, Inc. | Classifying sets of malicious indicators for detecting command and control communications associated with malware |
US9826025B2 (en) | 2013-05-21 | 2017-11-21 | Cisco Technology, Inc. | Chaining service zones by way of route re-origination |
US9178812B2 (en) | 2013-06-05 | 2015-11-03 | Cisco Technology, Inc. | Stacking metadata contexts for service chains |
US9444675B2 (en) | 2013-06-07 | 2016-09-13 | Cisco Technology, Inc. | Determining the operations performed along a service path/service chain |
US9509614B2 (en) | 2013-06-20 | 2016-11-29 | Cisco Technology, Inc. | Hierarchical load balancing in a network environment |
US9536091B2 (en) | 2013-06-24 | 2017-01-03 | Fireeye, Inc. | System and method for detecting time-bomb malware |
US10133863B2 (en) | 2013-06-24 | 2018-11-20 | Fireeye, Inc. | Zero-day discovery system |
US9300686B2 (en) | 2013-06-28 | 2016-03-29 | Fireeye, Inc. | System and method for detecting malicious links in electronic messages |
US9888016B1 (en) | 2013-06-28 | 2018-02-06 | Fireeye, Inc. | System and method for detecting phishing using password prediction |
US9755959B2 (en) | 2013-07-17 | 2017-09-05 | Cisco Technology, Inc. | Dynamic service path creation |
US20150033336A1 (en) | 2013-07-24 | 2015-01-29 | Fortinet, Inc. | Logging attack context data |
US9491189B2 (en) * | 2013-08-26 | 2016-11-08 | Guardicore Ltd. | Revival and redirection of blocked connections for intention inspection in computer networks |
US10192052B1 (en) | 2013-09-30 | 2019-01-29 | Fireeye, Inc. | System, apparatus and method for classifying a file as malicious using static scanning |
US9690936B1 (en) | 2013-09-30 | 2017-06-27 | Fireeye, Inc. | Multistage system and method for analyzing obfuscated content for malware |
US9628507B2 (en) | 2013-09-30 | 2017-04-18 | Fireeye, Inc. | Advanced persistent threat (APT) detection center |
US10515214B1 (en) | 2013-09-30 | 2019-12-24 | Fireeye, Inc. | System and method for classifying malware within content created during analysis of a specimen |
US9171160B2 (en) | 2013-09-30 | 2015-10-27 | Fireeye, Inc. | Dynamically adaptive framework and method for classifying malware using intelligent static, emulation, and dynamic analyses |
US10089461B1 (en) | 2013-09-30 | 2018-10-02 | Fireeye, Inc. | Page replacement code injection |
US9736179B2 (en) | 2013-09-30 | 2017-08-15 | Fireeye, Inc. | System, apparatus and method for using malware analysis results to drive adaptive instrumentation of virtual machines to improve exploit detection |
US9294501B2 (en) | 2013-09-30 | 2016-03-22 | Fireeye, Inc. | Fuzzy hash of behavioral results |
US9385950B2 (en) | 2013-10-14 | 2016-07-05 | Cisco Technology, Inc. | Configurable service proxy local identifier mapping |
US9921978B1 (en) | 2013-11-08 | 2018-03-20 | Fireeye, Inc. | System and method for enhanced security of storage devices |
US9189627B1 (en) | 2013-11-21 | 2015-11-17 | Fireeye, Inc. | System, apparatus and method for conducting on-the-fly decryption of encrypted objects for malware detection |
US9374297B2 (en) | 2013-12-17 | 2016-06-21 | Cisco Technology, Inc. | Method for implicit session routing |
US9747446B1 (en) | 2013-12-26 | 2017-08-29 | Fireeye, Inc. | System and method for run-time object classification |
US9756074B2 (en) | 2013-12-26 | 2017-09-05 | Fireeye, Inc. | System and method for IPS and VM-based detection of suspicious objects |
US9740857B2 (en) | 2014-01-16 | 2017-08-22 | Fireeye, Inc. | Threat-aware microvisor |
US9614739B2 (en) | 2014-01-30 | 2017-04-04 | Cisco Technology, Inc. | Defining service chains in terms of service functions |
US9467382B2 (en) | 2014-02-03 | 2016-10-11 | Cisco Technology, Inc. | Elastic service chains |
US9262635B2 (en) | 2014-02-05 | 2016-02-16 | Fireeye, Inc. | Detection efficacy of virtual machine-based analysis with application specific events |
US9241010B1 (en) | 2014-03-20 | 2016-01-19 | Fireeye, Inc. | System and method for network behavior detection |
US10242185B1 (en) | 2014-03-21 | 2019-03-26 | Fireeye, Inc. | Dynamic guest image creation and rollback |
US9591015B1 (en) | 2014-03-28 | 2017-03-07 | Fireeye, Inc. | System and method for offloading packet processing and static analysis operations |
US9432389B1 (en) | 2014-03-31 | 2016-08-30 | Fireeye, Inc. | System, apparatus and method for detecting a malicious attack based on static analysis of a multi-flow object |
US9223972B1 (en) | 2014-03-31 | 2015-12-29 | Fireeye, Inc. | Dynamically remote tuning of a malware content detection system |
US9379931B2 (en) | 2014-05-16 | 2016-06-28 | Cisco Technology, Inc. | System and method for transporting information to services in a network environment |
US9479443B2 (en) | 2014-05-16 | 2016-10-25 | Cisco Technology, Inc. | System and method for transporting information to services in a network environment |
US9594912B1 (en) | 2014-06-06 | 2017-03-14 | Fireeye, Inc. | Return-oriented programming detection |
US9973531B1 (en) | 2014-06-06 | 2018-05-15 | Fireeye, Inc. | Shellcode detection |
US9438623B1 (en) | 2014-06-06 | 2016-09-06 | Fireeye, Inc. | Computer exploit detection using heap spray pattern matching |
US9667637B2 (en) | 2014-06-09 | 2017-05-30 | Guardicore Ltd. | Network-based detection of authentication failures |
US10084813B2 (en) | 2014-06-24 | 2018-09-25 | Fireeye, Inc. | Intrusion prevention and remedy system |
US9398028B1 (en) | 2014-06-26 | 2016-07-19 | Fireeye, Inc. | System, device and method for detecting a malicious attack based on communcations between remotely hosted virtual machines and malicious web servers |
US10805340B1 (en) | 2014-06-26 | 2020-10-13 | Fireeye, Inc. | Infection vector and malware tracking with an interactive user display |
US10002252B2 (en) | 2014-07-01 | 2018-06-19 | Fireeye, Inc. | Verification of trusted threat-aware microvisor |
US10050935B2 (en) | 2014-07-09 | 2018-08-14 | Shape Security, Inc. | Using individualized APIs to block automated attacks on native apps and/or purposely exposed APIs with forced user interaction |
US9258274B2 (en) | 2014-07-09 | 2016-02-09 | Shape Security, Inc. | Using individualized APIs to block automated attacks on native apps and/or purposely exposed APIs |
US9537752B2 (en) | 2014-07-14 | 2017-01-03 | Cisco Technology, Inc. | Encoding inter-domain shared service paths |
US9729506B2 (en) * | 2014-08-22 | 2017-08-08 | Shape Security, Inc. | Application programming interface wall |
US9363280B1 (en) | 2014-08-22 | 2016-06-07 | Fireeye, Inc. | System and method of detecting delivery of malware using cross-customer data |
US10671726B1 (en) | 2014-09-22 | 2020-06-02 | Fireeye Inc. | System and method for malware analysis using thread-level event monitoring |
US10027689B1 (en) | 2014-09-29 | 2018-07-17 | Fireeye, Inc. | Interactive infection visualization for improved exploit detection and signature generation for malware and malware families |
US9773112B1 (en) | 2014-09-29 | 2017-09-26 | Fireeye, Inc. | Exploit detection of malware and malware families |
US9800602B2 (en) | 2014-09-30 | 2017-10-24 | Shape Security, Inc. | Automated hardening of web page content |
US9548919B2 (en) | 2014-10-24 | 2017-01-17 | Cisco Technology, Inc. | Transparent network service header path proxies |
US10417025B2 (en) | 2014-11-18 | 2019-09-17 | Cisco Technology, Inc. | System and method to chain distributed applications in a network environment |
US9660909B2 (en) | 2014-12-11 | 2017-05-23 | Cisco Technology, Inc. | Network service header metadata for load balancing |
USRE48131E1 (en) | 2014-12-11 | 2020-07-28 | Cisco Technology, Inc. | Metadata augmentation in a service function chain |
US9690933B1 (en) | 2014-12-22 | 2017-06-27 | Fireeye, Inc. | Framework for classifying an object as malicious with machine learning for deploying updated predictive models |
US10075455B2 (en) | 2014-12-26 | 2018-09-11 | Fireeye, Inc. | Zero-day rotating guest image profile |
US9934376B1 (en) | 2014-12-29 | 2018-04-03 | Fireeye, Inc. | Malware detection appliance architecture |
US9838417B1 (en) | 2014-12-30 | 2017-12-05 | Fireeye, Inc. | Intelligent context aware user interaction for malware detection |
WO2016122693A1 (en) * | 2015-01-29 | 2016-08-04 | Hewlett Packard Enterprise Development Lp | Intermediary network element for tap traffic |
US9690606B1 (en) | 2015-03-25 | 2017-06-27 | Fireeye, Inc. | Selective system call monitoring |
US10148693B2 (en) | 2015-03-25 | 2018-12-04 | Fireeye, Inc. | Exploit detection system |
US9438613B1 (en) | 2015-03-30 | 2016-09-06 | Fireeye, Inc. | Dynamic content activation for automated analysis of embedded objects |
US10417031B2 (en) | 2015-03-31 | 2019-09-17 | Fireeye, Inc. | Selective virtualization for security threat detection |
US10474813B1 (en) | 2015-03-31 | 2019-11-12 | Fireeye, Inc. | Code injection technique for remediation at an endpoint of a network |
US9483644B1 (en) | 2015-03-31 | 2016-11-01 | Fireeye, Inc. | Methods for detecting file altering malware in VM based analysis |
US9654485B1 (en) | 2015-04-13 | 2017-05-16 | Fireeye, Inc. | Analytics-based security monitoring system and method |
US9594904B1 (en) | 2015-04-23 | 2017-03-14 | Fireeye, Inc. | Detecting malware based on reflection |
US10230642B1 (en) * | 2015-04-23 | 2019-03-12 | Cisco Technology, Inc. | Intelligent data paths for a native load balancer |
US10374904B2 (en) | 2015-05-15 | 2019-08-06 | Cisco Technology, Inc. | Diagnostic network visualization |
US9762402B2 (en) | 2015-05-20 | 2017-09-12 | Cisco Technology, Inc. | System and method to facilitate the assignment of service functions for service chains in a network environment |
US9800497B2 (en) | 2015-05-27 | 2017-10-24 | Cisco Technology, Inc. | Operations, administration and management (OAM) in overlay data center environments |
US9967158B2 (en) | 2015-06-05 | 2018-05-08 | Cisco Technology, Inc. | Interactive hierarchical network chord diagram for application dependency mapping |
US10033766B2 (en) | 2015-06-05 | 2018-07-24 | Cisco Technology, Inc. | Policy-driven compliance |
US10536357B2 (en) | 2015-06-05 | 2020-01-14 | Cisco Technology, Inc. | Late data detection in data center |
US10089099B2 (en) | 2015-06-05 | 2018-10-02 | Cisco Technology, Inc. | Automatic software upgrade |
US10142353B2 (en) | 2015-06-05 | 2018-11-27 | Cisco Technology, Inc. | System for monitoring and managing datacenters |
US9628442B2 (en) | 2015-06-22 | 2017-04-18 | Cisco Technology, Inc. | DNS snooping to create IP address-based trust database used to select deep packet inspection and storage of IP packets |
US10454950B1 (en) | 2015-06-30 | 2019-10-22 | Fireeye, Inc. | Centralized aggregation technique for detecting lateral movement of stealthy cyber-attacks |
US10642753B1 (en) | 2015-06-30 | 2020-05-05 | Fireeye, Inc. | System and method for protecting a software component running in virtual machine using a virtualization layer |
US11113086B1 (en) | 2015-06-30 | 2021-09-07 | Fireeye, Inc. | Virtual system and method for securing external network connectivity |
US10726127B1 (en) | 2015-06-30 | 2020-07-28 | Fireeye, Inc. | System and method for protecting a software component running in a virtual machine through virtual interrupts by the virtualization layer |
US10715542B1 (en) | 2015-08-14 | 2020-07-14 | Fireeye, Inc. | Mobile application risk analysis |
US10425447B2 (en) * | 2015-08-28 | 2019-09-24 | International Business Machines Corporation | Incident response bus for data security incidents |
US10176321B2 (en) | 2015-09-22 | 2019-01-08 | Fireeye, Inc. | Leveraging behavior-based rules for malware family classification |
US10033747B1 (en) | 2015-09-29 | 2018-07-24 | Fireeye, Inc. | System and method for detecting interpreter-based exploit attacks |
US10210329B1 (en) | 2015-09-30 | 2019-02-19 | Fireeye, Inc. | Method to detect application execution hijacking using memory protection |
US9825976B1 (en) | 2015-09-30 | 2017-11-21 | Fireeye, Inc. | Detection and classification of exploit kits |
US10817606B1 (en) | 2015-09-30 | 2020-10-27 | Fireeye, Inc. | Detecting delayed activation malware using a run-time monitoring agent and time-dilation logic |
US10601865B1 (en) | 2015-09-30 | 2020-03-24 | Fireeye, Inc. | Detection of credential spearphishing attacks using email analysis |
US9825989B1 (en) | 2015-09-30 | 2017-11-21 | Fireeye, Inc. | Cyber attack early warning system |
US10706149B1 (en) | 2015-09-30 | 2020-07-07 | Fireeye, Inc. | Detecting delayed activation malware using a primary controller and plural time controllers |
US10284575B2 (en) | 2015-11-10 | 2019-05-07 | Fireeye, Inc. | Launcher for setting analysis environment variations for malware detection |
US10846117B1 (en) | 2015-12-10 | 2020-11-24 | Fireeye, Inc. | Technique for establishing secure communication between host and guest processes of a virtualization architecture |
US10447728B1 (en) | 2015-12-10 | 2019-10-15 | Fireeye, Inc. | Technique for protecting guest processes using a layered virtualization architecture |
US10108446B1 (en) | 2015-12-11 | 2018-10-23 | Fireeye, Inc. | Late load technique for deploying a virtualization layer underneath a running operating system |
US10050998B1 (en) | 2015-12-30 | 2018-08-14 | Fireeye, Inc. | Malicious message analysis system |
US10133866B1 (en) | 2015-12-30 | 2018-11-20 | Fireeye, Inc. | System and method for triggering analysis of an object for malware in response to modification of that object |
US10565378B1 (en) | 2015-12-30 | 2020-02-18 | Fireeye, Inc. | Exploit of privilege detection framework |
US10621338B1 (en) | 2015-12-30 | 2020-04-14 | Fireeye, Inc. | Method to detect forgery and exploits using last branch recording registers |
US10581874B1 (en) | 2015-12-31 | 2020-03-03 | Fireeye, Inc. | Malware detection system with contextual analysis |
US11552986B1 (en) | 2015-12-31 | 2023-01-10 | Fireeye Security Holdings Us Llc | Cyber-security framework for application of virtual features |
US9824216B1 (en) | 2015-12-31 | 2017-11-21 | Fireeye, Inc. | Susceptible environment detection system |
US11044203B2 (en) | 2016-01-19 | 2021-06-22 | Cisco Technology, Inc. | System and method for hosting mobile packet core and value-added services using a software defined network and service chains |
US10187306B2 (en) | 2016-03-24 | 2019-01-22 | Cisco Technology, Inc. | System and method for improved service chaining |
US10601863B1 (en) | 2016-03-25 | 2020-03-24 | Fireeye, Inc. | System and method for managing sensor enrollment |
US10671721B1 (en) | 2016-03-25 | 2020-06-02 | Fireeye, Inc. | Timeout management services |
US10785255B1 (en) | 2016-03-25 | 2020-09-22 | Fireeye, Inc. | Cluster configuration within a scalable malware detection system |
US10616266B1 (en) | 2016-03-25 | 2020-04-07 | Fireeye, Inc. | Distributed malware detection system and submission workflow thereof |
US10893059B1 (en) | 2016-03-31 | 2021-01-12 | Fireeye, Inc. | Verification and enhancement using detection systems located at the network periphery and endpoint devices |
US10826933B1 (en) | 2016-03-31 | 2020-11-03 | Fireeye, Inc. | Technique for verifying exploit/malware at malware detection appliance through correlation with endpoints |
US10931793B2 (en) | 2016-04-26 | 2021-02-23 | Cisco Technology, Inc. | System and method for automated rendering of service chaining |
US10931629B2 (en) | 2016-05-27 | 2021-02-23 | Cisco Technology, Inc. | Techniques for managing software defined networking controller in-band communications in a data center network |
US10171357B2 (en) | 2016-05-27 | 2019-01-01 | Cisco Technology, Inc. | Techniques for managing software defined networking controller in-band communications in a data center network |
US10289438B2 (en) | 2016-06-16 | 2019-05-14 | Cisco Technology, Inc. | Techniques for coordination of application components deployed on distributed virtual machines |
US10169585B1 (en) | 2016-06-22 | 2019-01-01 | Fireeye, Inc. | System and methods for advanced malware detection through placement of transition events |
US10462173B1 (en) | 2016-06-30 | 2019-10-29 | Fireeye, Inc. | Malware detection verification and enhancement by coordinating endpoint and malware detection systems |
US10419550B2 (en) | 2016-07-06 | 2019-09-17 | Cisco Technology, Inc. | Automatic service function validation in a virtual network environment |
US10708183B2 (en) | 2016-07-21 | 2020-07-07 | Cisco Technology, Inc. | System and method of providing segment routing as a service |
US10320664B2 (en) | 2016-07-21 | 2019-06-11 | Cisco Technology, Inc. | Cloud overlay for operations administration and management |
US10218616B2 (en) | 2016-07-21 | 2019-02-26 | Cisco Technology, Inc. | Link selection for communication with a service function cluster |
US10225270B2 (en) | 2016-08-02 | 2019-03-05 | Cisco Technology, Inc. | Steering of cloned traffic in a service function chain |
US10218593B2 (en) | 2016-08-23 | 2019-02-26 | Cisco Technology, Inc. | Identifying sources of packet drops in a service function chain environment |
US10361969B2 (en) | 2016-08-30 | 2019-07-23 | Cisco Technology, Inc. | System and method for managing chained services in a network environment |
US10592678B1 (en) | 2016-09-09 | 2020-03-17 | Fireeye, Inc. | Secure communications between peers using a verified virtual trusted platform module |
US11089064B1 (en) * | 2016-09-12 | 2021-08-10 | Skyhigh Networks, Llc | Cloud security policy enforcement for custom web applications |
US10491627B1 (en) | 2016-09-29 | 2019-11-26 | Fireeye, Inc. | Advanced malware detection using similarity analysis |
US10795991B1 (en) | 2016-11-08 | 2020-10-06 | Fireeye, Inc. | Enterprise search |
US10972388B2 (en) | 2016-11-22 | 2021-04-06 | Cisco Technology, Inc. | Federated microburst detection |
US10587647B1 (en) | 2016-11-22 | 2020-03-10 | Fireeye, Inc. | Technique for malware detection capability comparison of network security devices |
US10581879B1 (en) | 2016-12-22 | 2020-03-03 | Fireeye, Inc. | Enhanced malware detection for generated objects |
US10552610B1 (en) | 2016-12-22 | 2020-02-04 | Fireeye, Inc. | Adaptive virtual machine snapshot update framework for malware behavioral analysis |
US10523609B1 (en) | 2016-12-27 | 2019-12-31 | Fireeye, Inc. | Multi-vector malware detection and analysis |
US10397258B2 (en) | 2017-01-30 | 2019-08-27 | Microsoft Technology Licensing, Llc | Continuous learning for intrusion detection |
US10225187B2 (en) | 2017-03-22 | 2019-03-05 | Cisco Technology, Inc. | System and method for providing a bit indexed service chain |
US10708152B2 (en) | 2017-03-23 | 2020-07-07 | Cisco Technology, Inc. | Predicting application and network performance |
US10523512B2 (en) | 2017-03-24 | 2019-12-31 | Cisco Technology, Inc. | Network agent for generating platform specific network policies |
US10904286B1 (en) | 2017-03-24 | 2021-01-26 | Fireeye, Inc. | Detection of phishing attacks using similarity analysis |
US10764141B2 (en) | 2017-03-27 | 2020-09-01 | Cisco Technology, Inc. | Network agent for reporting to a network policy system |
US10594560B2 (en) | 2017-03-27 | 2020-03-17 | Cisco Technology, Inc. | Intent driven network policy platform |
US10250446B2 (en) | 2017-03-27 | 2019-04-02 | Cisco Technology, Inc. | Distributed policy store |
US10873794B2 (en) | 2017-03-28 | 2020-12-22 | Cisco Technology, Inc. | Flowlet resolution for application performance monitoring and management |
US10902119B1 (en) | 2017-03-30 | 2021-01-26 | Fireeye, Inc. | Data extraction system for malware analysis |
US10798112B2 (en) | 2017-03-30 | 2020-10-06 | Fireeye, Inc. | Attribute-controlled malware detection |
US10554507B1 (en) | 2017-03-30 | 2020-02-04 | Fireeye, Inc. | Multi-level control for enhanced resource and object evaluation management of malware detection system |
US10791138B1 (en) | 2017-03-30 | 2020-09-29 | Fireeye, Inc. | Subscription-based malware detection |
US10178646B2 (en) | 2017-04-12 | 2019-01-08 | Cisco Technology, Inc. | System and method to facilitate slice management in a network environment |
US10257033B2 (en) | 2017-04-12 | 2019-04-09 | Cisco Technology, Inc. | Virtualized network functions and service chaining in serverless computing infrastructure |
US10884807B2 (en) | 2017-04-12 | 2021-01-05 | Cisco Technology, Inc. | Serverless computing and task scheduling |
US10333855B2 (en) | 2017-04-19 | 2019-06-25 | Cisco Technology, Inc. | Latency reduction in service function paths |
US10554689B2 (en) | 2017-04-28 | 2020-02-04 | Cisco Technology, Inc. | Secure communication session resumption in a service function chain |
US10735275B2 (en) | 2017-06-16 | 2020-08-04 | Cisco Technology, Inc. | Releasing and retaining resources for use in a NFV environment |
US10798187B2 (en) | 2017-06-19 | 2020-10-06 | Cisco Technology, Inc. | Secure service chaining |
US10601848B1 (en) | 2017-06-29 | 2020-03-24 | Fireeye, Inc. | Cyber-security system and method for weak indicator detection and correlation to generate strong indicators |
US10855700B1 (en) | 2017-06-29 | 2020-12-01 | Fireeye, Inc. | Post-intrusion detection of cyber-attacks during lateral movement within networks |
US10503904B1 (en) | 2017-06-29 | 2019-12-10 | Fireeye, Inc. | Ransomware detection and mitigation |
US10893068B1 (en) | 2017-06-30 | 2021-01-12 | Fireeye, Inc. | Ransomware file modification prevention technique |
US10397271B2 (en) | 2017-07-11 | 2019-08-27 | Cisco Technology, Inc. | Distributed denial of service mitigation for web conferencing |
US10680887B2 (en) | 2017-07-21 | 2020-06-09 | Cisco Technology, Inc. | Remote device status audit and recovery |
US10673698B2 (en) | 2017-07-21 | 2020-06-02 | Cisco Technology, Inc. | Service function chain optimization using live testing |
US11063856B2 (en) | 2017-08-24 | 2021-07-13 | Cisco Technology, Inc. | Virtual network function monitoring in a network function virtualization deployment |
US10791065B2 (en) | 2017-09-19 | 2020-09-29 | Cisco Technology, Inc. | Systems and methods for providing container attributes as part of OAM techniques |
US10747872B1 (en) | 2017-09-27 | 2020-08-18 | Fireeye, Inc. | System and method for preventing malware evasion |
US10805346B2 (en) | 2017-10-01 | 2020-10-13 | Fireeye, Inc. | Phishing attack detection |
US11018981B2 (en) | 2017-10-13 | 2021-05-25 | Cisco Technology, Inc. | System and method for replication container performance and policy validation using real time network traffic |
US10554501B2 (en) | 2017-10-23 | 2020-02-04 | Cisco Technology, Inc. | Network migration assistant |
US10523541B2 (en) | 2017-10-25 | 2019-12-31 | Cisco Technology, Inc. | Federated network and application data analytics platform |
US10541893B2 (en) | 2017-10-25 | 2020-01-21 | Cisco Technology, Inc. | System and method for obtaining micro-service telemetry data |
US11108809B2 (en) | 2017-10-27 | 2021-08-31 | Fireeye, Inc. | System and method for analyzing binary code for malware classification using artificial neural network techniques |
US10594542B2 (en) | 2017-10-27 | 2020-03-17 | Cisco Technology, Inc. | System and method for network root cause analysis |
US10778508B2 (en) | 2017-11-09 | 2020-09-15 | Keysight Technologies, Inc. | Bypass switch with evaluation mode for in-line monitoring of network traffic |
US11240275B1 (en) | 2017-12-28 | 2022-02-01 | Fireeye Security Holdings Us Llc | Platform and method for performing cybersecurity analyses employing an intelligence hub with a modular architecture |
US11005860B1 (en) | 2017-12-28 | 2021-05-11 | Fireeye, Inc. | Method and system for efficient cybersecurity analysis of endpoint events |
US11271955B2 (en) | 2017-12-28 | 2022-03-08 | Fireeye Security Holdings Us Llc | Platform and method for retroactive reclassification employing a cybersecurity-based global data store |
US11233821B2 (en) | 2018-01-04 | 2022-01-25 | Cisco Technology, Inc. | Network intrusion counter-intelligence |
US11765046B1 (en) | 2018-01-11 | 2023-09-19 | Cisco Technology, Inc. | Endpoint cluster assignment and query generation |
US10798015B2 (en) | 2018-01-25 | 2020-10-06 | Cisco Technology, Inc. | Discovery of middleboxes using traffic flow stitching |
US10873593B2 (en) | 2018-01-25 | 2020-12-22 | Cisco Technology, Inc. | Mechanism for identifying differences between network snapshots |
US10917438B2 (en) | 2018-01-25 | 2021-02-09 | Cisco Technology, Inc. | Secure publishing for policy updates |
US10999149B2 (en) | 2018-01-25 | 2021-05-04 | Cisco Technology, Inc. | Automatic configuration discovery based on traffic flow data |
US10826803B2 (en) | 2018-01-25 | 2020-11-03 | Cisco Technology, Inc. | Mechanism for facilitating efficient policy updates |
US10574575B2 (en) | 2018-01-25 | 2020-02-25 | Cisco Technology, Inc. | Network flow stitching using middle box flow stitching |
US11128700B2 (en) | 2018-01-26 | 2021-09-21 | Cisco Technology, Inc. | Load balancing configuration based on traffic flow telemetry |
US10631168B2 (en) | 2018-03-28 | 2020-04-21 | International Business Machines Corporation | Advanced persistent threat (APT) detection in a mobile device |
US10826931B1 (en) | 2018-03-29 | 2020-11-03 | Fireeye, Inc. | System and method for predicting and mitigating cybersecurity system misconfigurations |
US10956477B1 (en) | 2018-03-30 | 2021-03-23 | Fireeye, Inc. | System and method for detecting malicious scripts through natural language processing modeling |
US11558401B1 (en) | 2018-03-30 | 2023-01-17 | Fireeye Security Holdings Us Llc | Multi-vector malware detection data sharing system for improved detection |
US11003773B1 (en) | 2018-03-30 | 2021-05-11 | Fireeye, Inc. | System and method for automatically generating malware detection rule recommendations |
CN108768929B (en) * | 2018-04-09 | 2021-04-13 | 平安科技(深圳)有限公司 | Electronic device, credit investigation feedback message analysis method and storage medium |
US10666612B2 (en) | 2018-06-06 | 2020-05-26 | Cisco Technology, Inc. | Service chains for inter-cloud traffic |
US11075930B1 (en) | 2018-06-27 | 2021-07-27 | Fireeye, Inc. | System and method for detecting repetitive cybersecurity attacks constituting an email campaign |
US11314859B1 (en) | 2018-06-27 | 2022-04-26 | FireEye Security Holdings, Inc. | Cyber-security system and method for detecting escalation of privileges within an access token |
US11228491B1 (en) | 2018-06-28 | 2022-01-18 | Fireeye Security Holdings Us Llc | System and method for distributed cluster configuration monitoring and management |
US11316900B1 (en) | 2018-06-29 | 2022-04-26 | FireEye Security Holdings Inc. | System and method for automatically prioritizing rules for cyber-threat detection and mitigation |
US11182473B1 (en) | 2018-09-13 | 2021-11-23 | Fireeye Security Holdings Us Llc | System and method for mitigating cyberattacks against processor operability by a guest process |
US11763004B1 (en) | 2018-09-27 | 2023-09-19 | Fireeye Security Holdings Us Llc | System and method for bootkit detection |
US11368475B1 (en) | 2018-12-21 | 2022-06-21 | Fireeye Security Holdings Us Llc | System and method for scanning remote services to locate stored objects with malware |
US11258806B1 (en) | 2019-06-24 | 2022-02-22 | Mandiant, Inc. | System and method for automatically associating cybersecurity intelligence to cyberthreat actors |
US11556640B1 (en) | 2019-06-27 | 2023-01-17 | Mandiant, Inc. | Systems and methods for automated cybersecurity analysis of extracted binary string sets |
US11392700B1 (en) | 2019-06-28 | 2022-07-19 | Fireeye Security Holdings Us Llc | System and method for supporting cross-platform data verification |
US11621970B2 (en) * | 2019-09-13 | 2023-04-04 | Is5 Communications, Inc. | Machine learning based intrusion detection system for mission critical systems |
US11886585B1 (en) | 2019-09-27 | 2024-01-30 | Musarubra Us Llc | System and method for identifying and mitigating cyberattacks through malicious position-independent code execution |
US11637862B1 (en) | 2019-09-30 | 2023-04-25 | Mandiant, Inc. | System and method for surfacing cyber-security threats with a self-learning recommendation engine |
US11799879B2 (en) | 2021-05-18 | 2023-10-24 | Bank Of America Corporation | Real-time anomaly detection for network security |
US11588835B2 (en) | 2021-05-18 | 2023-02-21 | Bank Of America Corporation | Dynamic network security monitoring system |
US11792213B2 (en) | 2021-05-18 | 2023-10-17 | Bank Of America Corporation | Temporal-based anomaly detection for network security |
CN113596008A (en) * | 2021-07-23 | 2021-11-02 | 国网安徽省电力有限公司铜陵供电公司 | Network security normality monitoring system based on micro-sensor technology |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030009699A1 (en) | 2001-06-13 | 2003-01-09 | Gupta Ramesh M. | Method and apparatus for detecting intrusions on a computer system |
US20040190547A1 (en) | 2003-03-31 | 2004-09-30 | Gordy Stephen C. | Network tap with integrated circuitry |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6760420B2 (en) * | 2000-06-14 | 2004-07-06 | Securelogix Corporation | Telephony security system |
AU2001245335A1 (en) * | 2000-02-22 | 2001-09-03 | Top Layer Networks, Inc. | System and method for flow mirroring in a network switch |
US20020035639A1 (en) * | 2000-09-08 | 2002-03-21 | Wei Xu | Systems and methods for a packet director |
US6944678B2 (en) * | 2001-06-18 | 2005-09-13 | Transtech Networks Usa, Inc. | Content-aware application switch and methods thereof |
ATE370577T1 (en) | 2001-06-27 | 2007-09-15 | Hyglo Systems Ab | DISTRIBUTED SERVER FUNCTIONALITY FOR AN EMULATED LAN |
US7694128B2 (en) * | 2002-03-08 | 2010-04-06 | Mcafee, Inc. | Systems and methods for secure communication delivery |
WO2004015922A2 (en) * | 2002-08-09 | 2004-02-19 | Netscout Systems Inc. | Intrusion detection system and network flow director method |
US20040193943A1 (en) * | 2003-02-13 | 2004-09-30 | Robert Angelino | Multiparameter network fault detection system using probabilistic and aggregation analysis |
US20060075093A1 (en) | 2004-10-05 | 2006-04-06 | Enterasys Networks, Inc. | Using flow metric events to control network operation |
-
2005
- 2005-03-25 US US11/090,083 patent/US7610375B2/en active Active
- 2005-10-11 WO PCT/US2005/036480 patent/WO2006049814A2/en active Application Filing
- 2005-10-11 EP EP05810284.9A patent/EP1817685B1/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030009699A1 (en) | 2001-06-13 | 2003-01-09 | Gupta Ramesh M. | Method and apparatus for detecting intrusions on a computer system |
US20040190547A1 (en) | 2003-03-31 | 2004-09-30 | Gordy Stephen C. | Network tap with integrated circuitry |
Non-Patent Citations (1)
Title |
---|
See also references of EP1817685A4 |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100429894C (en) * | 2006-09-28 | 2008-10-29 | 北京启明星辰信息技术有限公司 | Method for implementing virtual engine technique for intrusion detection |
CN100461765C (en) * | 2006-11-24 | 2009-02-11 | 南京大学 | A method for kilomega NIDS parallel processing based on NP and BS |
CN104506484A (en) * | 2014-11-11 | 2015-04-08 | 中国电子科技集团公司第三十研究所 | Proprietary protocol analysis and identification method |
CN104506484B (en) * | 2014-11-11 | 2017-11-24 | 中国电子科技集团公司第三十研究所 | A kind of proprietary protocol analysis and recognition methods |
CN106506507A (en) * | 2016-11-16 | 2017-03-15 | 杭州华三通信技术有限公司 | A kind of generation method of flow detection rule and device |
CN106506507B (en) * | 2016-11-16 | 2020-08-14 | 新华三技术有限公司 | Method and device for generating flow detection rule |
CN107493272A (en) * | 2017-08-01 | 2017-12-19 | 杭州迪普科技股份有限公司 | A kind of flow cleaning methods, devices and systems |
Also Published As
Publication number | Publication date |
---|---|
US20060095968A1 (en) | 2006-05-04 |
EP1817685A4 (en) | 2014-05-21 |
EP1817685A2 (en) | 2007-08-15 |
US7610375B2 (en) | 2009-10-27 |
EP1817685B1 (en) | 2016-06-15 |
WO2006049814A3 (en) | 2007-05-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7610375B2 (en) | Intrusion detection in a data center environment | |
US11616761B2 (en) | Outbound/inbound lateral traffic punting based on process risk | |
KR101111433B1 (en) | Active network defense system and method | |
US10855656B2 (en) | Fine-grained firewall policy enforcement using session app ID and endpoint process ID correlation | |
US8370936B2 (en) | Multi-method gateway-based network security systems and methods | |
US20180091547A1 (en) | Ddos mitigation black/white listing based on target feedback | |
US20060026680A1 (en) | System and method of characterizing and managing electronic traffic | |
CN112602301B (en) | Method and system for efficient network protection | |
US11856008B2 (en) | Facilitating identification of compromised devices by network access control (NAC) or unified threat management (UTM) security services by leveraging context from an endpoint detection and response (EDR) agent | |
EP3682325A1 (en) | Fine-grained firewall policy enforcement using session app id and endpoint process id correlation | |
Kizza | Firewalls | |
Kamal et al. | Analysis of network communication attacks | |
CN111295640B (en) | Fine-grained firewall policy enforcement using session App ID and endpoint process ID correlation | |
Sulaman | An Analysis and Comparison of The Security Features of Firewalls and IDSs | |
Ojo | Internet Traffic Monitoring: Case Study: The Network of Granlund Oy | |
Ibitola et al. | Analysis of Network-Based Intrusion Detection and Prevention System in an Enterprise Network Using Snort Freeware |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV LY MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 200580031064.7 Country of ref document: CN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2326/DELNP/2007 Country of ref document: IN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2005810284 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWP | Wipo information: published in national office |
Ref document number: 2005810284 Country of ref document: EP |