公开(公告)号：JP2002271396A

公开(公告)日：2002-09-20

申请号：JP2001112676

申请日：2001-04-11

Applicant: IBM

Inventor： SCHALES DOUGLAS LEE ,  SESHAN SRINAVASAN ,  ZOHAR MIRIAM

IPC: H04L12/56 ,  H04L29/06 ,  H04Q11/04

Abstract: PROBLEM TO BE SOLVED: To provide a further flexibility in sorting and demultiplexing of packet in a network protocol stack. SOLUTION: A packet sorting and processing are enlarged by obtaining an external information from the application scheduled outside the scope of kernel transfer or an interrupt context. In one embodiment, the external information may enlarge a reference of node in a sorting tree with an additional information. An enlargement technique for extending the sorting process is provided until the completion of application scheduled outside the scope of kernel transfer or the interrupt context. The resultant external information is used for enlarging the packet sorting. In the other embodiment, the external information may include authorization of sender of the packet by correlating a tunnel ID with a user ID or using s/ident for an authorization of out-of-band. The sort process allows a site policy to practice.

公开(公告)号：GB2529122A

公开(公告)日：2016-02-10

申请号：GB201521731

申请日：2014-02-24

Applicant: IBM

Inventor： CHRISTODORESCU MIHAI ,  HU XIN ,  SCHALES DOUGLAS LEE ,  SAILER REINER ,  STOECKLIN MARC P ,  WANG TING

IPC: G06F17/30

Abstract: A distributed feature collection and correlation engine is provided, Feature extraction comprises obtaining one or more data records; extracting information from the one or more data records based on domain knowledge; transforming the extracted information into a key/value pair comprised of a key K and a value V, wherein the key comprises a feature identifier; and storing the key/value pair in a feature store database if the key/value pair does not already exist in the feature store database using a de-duplication mechanism. Features extracted from data records can be queried by obtaining a feature store database comprised of the extracted features stored as a key/value pair comprised of a key K and a value V, wherein the key comprises a feature identifier; receiving a query comprised of at least one query key; retrieving values from the feature store database that match the query key; and returning one or more retrieved key/value pairs.

公开(公告)号：GB2365668B

公开(公告)日：2003-10-15

申请号：GB0108676

申请日：2001-04-06

Applicant: IBM

Inventor： SCHALES DOUGLAS LEE ,  SESHAN SRINAVASAN ,  ZOHAR MIRIAM

IPC: H04L29/06 ,  H04Q11/04 ,  H04L12/56

Abstract: The present invention provides methods and apparatus for classifying and demultiplexing packets in a network protocol stack. It provides extendibility for packet processing in the network protocol stack by defining a standard method for adding new functionality. It provides a method to obtain external information, from an application scheduled outside of the forwarding or interrupt context of the kernel, in order to augment packet classification and/or augment packet disposition. In some embodiments, external information augments a criteria of a node in a classification tree with additional information. It presents a way of augmenting which suspends the classification process until an application, scheduled outside of the forwarding or interrupt context of the kernel, completes. The resulting external information is used to augment the packet classification. In some embodiments of the method, the external information includes authentication of an originator of the packet by correlating a tunnel id with a userid, and/or using s/ident for out of band authentication. The classification process enables enforcement of a site policy.

公开(公告)号：CA2874097C

公开(公告)日：2020-09-22

申请号：CA2874097

申请日：2013-03-21

Applicant: IBM

Inventor： CHRISTODORESCU MIHAI ,  RAO JOSYULA R ,  SAILER REINER ,  SCHALES DOUGLAS LEE

IPC: G06Q10/10 ,  H04L12/58

Abstract: Methods and apparatus are provided for detecting unauthorized bulk forwarding of sensitive data over a network. A bulk forwarding of email from a first network environment is automatically detected by determining an arrival rate for internal emails received from within the first network environment into one or more user accounts; determining a sending rate for external emails sent from the one or more user accounts to a second network environment; and detecting the bulk forwarding of email from a given user account by comparing the arrival rate for internal emails and the sending rate for external emails. The bulk forwarding of email from a given user account can be detected by determining whether statistical models of the arrival rate for internal emails and of the sending rate for external emails are correlated in time.

公开(公告)号：GB2515974A

公开(公告)日：2015-01-07

申请号：GB201420108

申请日：2013-03-21

Applicant: IBM

Inventor： CHRISTODORESCU MIHAI ,  RAO JOSYULA R ,  SAILER REINER ,  SCHALES DOUGLAS LEE

IPC: H04L12/58 ,  G06Q10/10

Abstract: Methods and apparatus are provided for detecting unauthorized bulk forwarding of sensitive data over a network. A bulk forwarding of email from a first network environment is automatically detected by determining an arrival rate for internal emails received from within the first network environment into one or more user accounts; determining a sending rate for external emails sent from the one or more user accounts to a second network environment; and detecting the bulk forwarding of email from a given user account by comparing the arrival rate for internal emails and the sending rate for external emails. The bulk forwarding of email from a given user account can be detected by determining whether statistical models of the arrival rate for internal emails and of the sending rate for external emails are correlated in time.

公开(公告)号：CA2874097A1

公开(公告)日：2013-12-19

申请号：CA2874097

申请日：2013-03-21

Applicant: IBM

Inventor： CHRISTODORESCU MIHAI ,  RAO JOSYULA R ,  SAILER REINER ,  SCHALES DOUGLAS LEE

IPC: G06Q10/10 ,  H04L12/58

Abstract: Methods and apparatus are provided for detecting unauthorized bulk forwarding of sensitive data over a network. A bulk forwarding of email from a first network environment is automatically detected by determining an arrival rate for internal emails received from within the first network environment into one or more user accounts; determining a sending rate for external emails sent from the one or more user accounts to a second network environment; and detecting the bulk forwarding of email from a given user account by comparing the arrival rate for internal emails and the sending rate for external emails. The bulk forwarding of email from a given user account can be detected by determining whether statistical models of the arrival rate for internal emails and of the sending rate for external emails are correlated in time.

公开(公告)号：GB2365668A

公开(公告)日：2002-02-20

申请号：GB0108676

申请日：2001-04-06

Applicant: IBM

Inventor： SCHALES DOUGLAS LEE ,  SESHAN SRINAVASAN ,  ZOHAR MIRIAM

IPC: H04L29/06 ,  H04Q11/04 ,  H04L12/56

Abstract: A method for classifying a data packet comprises receiving the data packet at a root node of a classification tree; successively passing the data packet to each child of a first tree level until a first child of the first tree level indicates a satisfaction of a node-criteria of said first child, and the first child forming said data packet into a matched packet; and repeating the step of passing and forming for a next tree level until no first child of said next level at a succeeding next level indicates satisfaction of the node-criteria of said first child of said next level. A method for determining disposition of a packet received at a child node comprises passing said packet and a first disposition of said packet to an external process; and said external process augmenting the packet disposition by employing a process specific means; and returning the augmented packet and an augmented disposition to the child node.