公开(公告)号：WO2008119672A2

公开(公告)日：2008-10-09

申请号：PCT/EP2008053325

申请日：2008-03-19

Applicant: IBM ,  IBM UK ,  LIU ZHEN ,  YANG HAO ,  YE FAN

Inventor： LIU ZHEN ,  YANG HAO ,  YE FAN

IPC: H04L29/06 ,  H04L12/22

CPC classification number: H04L63/1458 ,  H04L63/1466 ,  H04L2463/146 ,  H04W84/20

Abstract: A system and method for packet traceback in a network includes maintaining an identity number (ID) for each node in a network and generating a signature (e.g., a message authentication code (MAC)) using a secret key shared between each node on a forwarding path and a sink. Each forwarding node leaves a mark by appending its ID and a signature in the packet, either in a deterministic manner or with a probability. Upon receiving a packet at the sink, correctness of the signatures included in each packet is verified in the reverse order by which these signatures were appended. A last valid MAC is determined in the forwarding path to determine the locations of compromised nodes that collude in false data injection attacks.

Abstract translation: 用于网络中的数据包追溯的系统和方法包括维护网络中每个节点的身份号码（ID），并使用转发上的每个节点之间共享的密钥生成签名（例如，消息认证码（MAC）） 路径和水槽。 每个转发节点通过以确定性方式或以概率将其ID和签名附加在分组中来留下标记。 在接收器处接收到分组时，以附加这些签名的相反顺序来验证每个分组中包括的签名的正确性。 在转发路径中确定最后一个有效MAC，以确定在虚假数据注入攻击中并发的受损节点的位置。

公开(公告)号：EP1747644A4

公开(公告)日：2011-09-28

申请号：EP05742868

申请日：2005-04-29

Applicant: IBM

Inventor： LIU ZHEN ,  BACCELLI FRANCOIS ,  CHAINTREAU AUGUSTIN ,  RIABOV ANTON

IPC: H04L12/56 ,  H04L12/18 ,  H04L12/28

CPC classification number: H04L47/263 ,  H04L12/1868 ,  H04L47/10 ,  H04L47/15

公开(公告)号：WO2008119672A4

公开(公告)日：2009-03-26

申请号：PCT/EP2008053325

申请日：2008-03-19

Applicant: IBM ,  IBM UK ,  LIU ZHEN ,  YANG HAO ,  YE FAN

Inventor： LIU ZHEN ,  YANG HAO ,  YE FAN

IPC: H04L29/06 ,  H04L12/22

CPC classification number: H04L63/1458 ,  H04L63/1466 ,  H04L2463/146 ,  H04W84/20

Abstract: A system and method for packet traceback in a network includes maintaining an identity number (ID) for each node in a network and generating a signature (e.g., a message authentication code (MAC)) using a secret key shared between each node on a forwarding path and a sink. Each forwarding node leaves a mark by appending its ID and a signature in the packet, either in a deterministic manner or with a probability. Upon receiving a packet at the sink, correctness of the signatures included in each packet is verified in the reverse order by which these signatures were appended. A last valid MAC is determined in the forwarding path to determine the locations of compromised nodes that collude in false data injection attacks.

Abstract translation: 用于网络中的分组追踪的系统和方法包括：维护网络中的每个节点的身份号码（ID），并使用在转发中的每个节点之间共享的秘密密钥来生成签名（例如，消息认证码（MAC）） 路径和水槽。 每个转发节点通过以确定性方式或以概率在分组中附加其ID和签名来留下标记。 在接收器处接收到数据包后，每个数据包中包含的签名的正确性按照附加这些签名的相反顺序进行验证。 在转发路径中确定最后一个有效MAC，以确定在虚假数据注入攻击中共谋的被破坏节点的位置。

公开(公告)号：WO2004053726A2

公开(公告)日：2004-06-24

申请号：PCT/EP0315017

申请日：2003-11-14

Applicant: IBM ,  IBM FRANCE

Inventor： HALIM NAQUI ,  LIU ZHEN ,  SQUILLANTE MARK STEVEN ,  XIA HONGHUI ,  YU SHENG-ZHENG ,  ZHANG LI

IPC: G06F15/173 ,  G06F17/30

CPC classification number: G06F17/3071

Abstract: Apparatus and methods for classifying web sites are provided. With the apparatus and methods, traffic data is obtained for a plurality of web sites. This patterns, or templates, for each web site are generated based on this traffic data and the patterns are clustered into classes of web sites using a clustering algorithm. The clusters, or classes, are then profiled to generate a template for each class. The template for each class is generated by first shifting the patterns for each web site that is part of the class to compensate for effects like time zone differences, if any, and then identifying a pattern that is most similar to all of the patterns in the class. Once the template for each class is generated, this template is then used with traffic data from a new web site to classify the new web site into one of the existing classes. In other words, when traffic data for a new web site is received, a pattern for the traffic data of the new web site is generated and compared to the templates for the various classes. If a matching class template is identified, the new web site is classified into the corresponding class. If the pattern for the new web site does not match any of the existing templates, a new template and class may be generated based on the pattern for the new web site.

Abstract translation: 提供了分类网站的装置和方法。 利用该装置和方法，获得多个网站的交通数据。 基于该流量数据生成每个网站的这种模式或模板，并且使用聚类算法将模式聚类成网站类。 然后，对集群或类进行概要分析以为每个类生成一个模板。 每个类的模板是通过首先移动作为类的一部分的每个网站的模式来生成的，以补偿诸如时​​区差异（如果有的话）的效果，然后识别最相似于所有模式的模式 类。 一旦生成了每个类的模板，该模板随后与来自新网站的流量数据一起使用，将新网站分类到现有的一个类中。 换句话说，当接收到新的网站的交通数据时，生成用于新网站的交通数据的模式，并与各种类别的模板进行比较。 如果识别出匹配的类模板，则将新的网站分类到相应的类中。 如果新网站的模式与任何现有模板不匹配，则可能会根据新网站的模式生成新的模板和类。

公开(公告)号：EP2035916A4

公开(公告)日：2012-06-20

申请号：EP07798187

申请日：2007-06-06

Applicant: IBM

Inventor： LIU ZHEN ,  YANG HAO ,  YE FAN

IPC: G06F17/30

CPC classification number: G06F17/30545

公开(公告)号：EP2050001A4

公开(公告)日：2012-01-18

申请号：EP07798670

申请日：2007-06-15

Applicant: IBM

Inventor： LIU ZHEN ,  YANG HOA ,  YE FAN ,  XIA HONGUI

IPC: G06F17/30

CPC classification number: G06F17/30578 ,  Y10S707/99932 ,  Y10S707/99953 ,  Y10S707/99955

公开(公告)号：EP1743353A4

公开(公告)日：2011-11-09

申请号：EP05761757

申请日：2005-04-22

Applicant: IBM

Inventor： LIU ZHEN ,  SAHU SAMBIT ,  SILBER JEREMY I

IPC: G06F15/16 ,  G06F3/00 ,  H01J49/00 ,  H04J3/06 ,  H04L12/24 ,  H04L29/06 ,  H04L29/08 ,  H04L29/14

CPC classification number: H04L41/0654 ,  H04L45/00 ,  H04L67/2842 ,  H04L67/2852 ,  H04L69/16 ,  H04L69/163 ,  H04L69/165 ,  H04L69/40

公开(公告)号：WO2008014062A2

公开(公告)日：2008-01-31

申请号：PCT/US2007071403

申请日：2007-06-15

Applicant: IBM ,  LIU ZHEN ,  YANG HOA ,  YE FAN ,  XIA HONGUI

Inventor： LIU ZHEN ,  YANG HOA ,  YE FAN ,  XIA HONGUI

IPC: G06F17/30

CPC classification number: G06F17/30578 ,  Y10S707/99932 ,  Y10S707/99953 ,  Y10S707/99955

Abstract: Methods and systems are provided for optimally trading off replication overhead and consistency levels in distributed data replication where nodes are organized in a hierarchy. The root node has the original data that need to be replicated at all other nodes, and the replicated copies have a freshness threshold that must be satisfied. The data are propagated through periodic updates in the hierarchy. Each node periodically sends data to its child nodes. Given the freshness threshold, an algorithm and its distributed protocol can determine the optimal update period for each link of the hierarchy such that the freshness threshold is satisfied for every node and the overall replication overhead is minimized. The systems and methods can be used in any scenario where replicated data have consistency requirements, such as in a replicate overlay assisted resource discovery system.

Abstract translation: 提供了方法和系统，用于最佳地折中分布式数据复制中的复制开销和一致性级别，其中节点被组织在层次结构中。 根节点具有需要在所有其他节点进行复制的原始数据，并且复制副本具有必须满足的新鲜度阈值。 数据通过层次结构中的定期更新进行传播。 每个节点周期性地向其子节点发送数据。 给定新鲜度阈值，算法及其分布式协议可以确定层次结构的每个链路的最佳更新周期，使得每个节点满足新鲜度阈值，并将整体复制开销最小化。 系统和方法可以在复制数据具有一致性要求的任何情况下使用，例如在复制覆盖辅助资源发现系统中。

公开(公告)号：WO2005109772A2

公开(公告)日：2005-11-17

申请号：PCT/US2005014870

申请日：2005-04-29

Applicant: IBM ,  LIU ZHEN ,  BACCELLI FRANCOIS ,  CHAINTREAU AUGUSTIN ,  RIABOV ANTON

Inventor： LIU ZHEN ,  BACCELLI FRANCOIS ,  CHAINTREAU AUGUSTIN ,  RIABOV ANTON

IPC: H04L12/18 ,  H04L12/28 ,  H04L12/56

CPC classification number: H04L47/263 ,  H04L12/1868 ,  H04L47/10 ,  H04L47/15

Abstract: The present invention addresses scalability and end-to-end reliability in overlay multicast networks. A simple end-system multicast architecture that is both scalable in throughput and reliable in an end-to-end way is used. In this architecture, the transfers between nodes use TCP with backpressure mechanisms to provide data packet transfers between intermediate nodes having finite-size forwarding buffers. There is also a finite­size backup buffer in each node to store copies of packets which are copied out from the receiver window to the forwarding buffers. These backup buffers are used when TCP connections are re-established to supply copies of data packets for the children nodes after their parent node fails, maintaining a complete sequence of data packets to all nodes within the multicast overlay network. The architecture provides end-to-end reliability, tolerates multiple simultaneous node failures and provides positive throughput for any group size and any buffer size.

Abstract translation: 本发明解决了覆盖组播网络中的可扩展性和端到端的可靠性。 使用简单的终端系统多播架构，其吞吐量可扩展，端对端可靠。 在这种架构中，节点之间的传输使用具有背压机制的TCP，以在具有有限大小的转发缓冲器的中间节点之间提供数据分组传输。 每个节点还有一个有利的备份缓冲区，用于存储从接收器窗口复制到转发缓冲区的数据包的副本。 当重新建立TCP连接以在其父节点发生故障之后为子节点提供数据分组的副本时，将使用这些备份缓冲区，将数据包的完整序列维护到组播覆盖网络内的所有节点。 该架构提供端到端的可靠性，可以容忍多个并发节点故障，并为任何组大小和任何缓冲区大小提供正的吞吐量。

公开(公告)号：WO2007149701A3

公开(公告)日：2008-11-06

申请号：PCT/US2007070544

申请日：2007-06-06

Applicant: IBM ,  LIU ZHEN ,  YANG HAO ,  YE FAN

Inventor： LIU ZHEN ,  YANG HAO ,  YE FAN

IPC: G06F7/00 ,  G06F17/30

CPC classification number: G06F17/30545

Abstract: Methods and systems are provided for identifying and allocating resources disposed within a plurality of distributed and autonomous computing systems, each of which may have its own legacy resource discovery service. Resource identification servers disposed within each one of the distributed computing systems communicate resource attribute data to a tree hierarchy of dedicated servers. The resource attribute data are maintained in native formats within the distributed computing systems and are mapped to a common format provided by the dedicated servers. The resource attribute data are aggregated at each node within the tree hierarchy, communicated up through the tree hierarchy to one or more root nodes and replicated down through all of the nodes. Additional system robustness is provided through period resource checks and resource attribute data updates. Resource allocation queries are submitted to any level node within the hierarchy and forwarded to the proper computing system for processing.

Abstract translation: 提供了用于识别和分配布置在多个分布式和自主计算系统内的资源的方法和系统，每个计算系统可以具有其自己的传统资源发现服务。 布置在分布式计算系统的每一个内的资源识别服务器将资源属性数据传送到专用服务器的树层。 资源属性数据以分布式计算系统内的本机格式进行维护，并映射到由专用服务器提供的通用格式。 资源属性数据在树层次结构中的每个节点进行聚合，通过树层次结构传递到一个或多个根节点，并通过所有节点进行复制。 通过周期资源检查和资源属性数据更新来提供额外的系统稳健性。 资源分配查询被提交到层次结构中的任何级节点，并转发到正确的计算系统进行处理。