公开(公告)号：EP1552401A4

公开(公告)日：2009-03-25

申请号：EP03771555

申请日：2003-06-24

Applicant: IBM

Inventor： CHARI SURESH N ,  CHENG PAU-CHEN ,  LEE KANG-WON ,  SAHU SAMBIT ,  SHAIKH ANEES A

IPC: G06F21/20 ,  H04L29/06 ,  G06F13/00 ,  G06F15/00 ,  G06F15/173 ,  G06F17/30 ,  H04L9/00 ,  H04L9/32 ,  H04L12/56 ,  H04L29/08

CPC classification number: H04L63/1408 ,  H04L63/1458 ,  H04L67/1002

Abstract: Several deterrence mechanisms suitable for content distribution networks (CDN) (120) are provided. These include a hash-based request routing scheme and a site allocation scheme. The hash-based request routing scheme provides a way to distinguish legitimate requests from bogus requests. Using this mechanism, an attacker is required to generate O(n ) amount of traffic to victimize a CDN-hosted site (120) when the site content is served from n CDN caches. Without these modifications, the attacker must generate only 0(n) traffic to bring down the site. The site allocation scheme provides sufficient isolation among CDN-hosted Web sites (120) to prevent an attack on one Web site from making other sites unavailable. Using an allocation strategy based on binary codes, it can be guaranteed that a successful attack on any individual Web site that disables its assigned servers, does not also bring down other Web sites hosted by the CDN (120).

公开(公告)号：EP2441012A4

公开(公告)日：2017-11-08

申请号：EP10786883

申请日：2010-06-11

Applicant: IBM

Inventor： HOU KAI-YUAN ,  HUANG HAI ,  RUAN YAOPING ,  SAHU SAMBIT ,  SHAIKH ANEES A

IPC: G06F15/173 ,  G06F9/455 ,  G06F11/30 ,  G06F11/34

CPC classification number: G06F9/45533 ,  G06F9/45558 ,  G06F11/301 ,  G06F11/3096 ,  G06F11/3409 ,  G06F11/3419 ,  G06F11/3466 ,  G06F2009/45591 ,  G06F2201/815

公开(公告)号：EP3031179A4

公开(公告)日：2016-08-03

申请号：EP14835332

申请日：2014-06-10

Applicant: IBM

Inventor： DIXON COLIN KIMM ,  FELTER WESLEY MICHAEL ,  JAYANARAYANA SRIHARSHA ,  KAMATH DAYAVANTI GOPAL ,  KUMBHARE ABHIJIT PRABHAKAR ,  SHAIKH ANEES A

IPC: H04L12/717 ,  H04L12/715 ,  H04L29/12

CPC classification number: H04L45/34 ,  H04L12/184 ,  H04L45/586 ,  H04L45/64 ,  H04L45/74 ,  H04L61/103 ,  H04L61/6022

Abstract: According to one embodiment, Layer-3 (L3) distributed router functionality is provided to a switch cluster by receiving an address resolution protocol (ARP) request packet from a first host at an entry switch in a switch cluster, a switch controller being in communication with the entry switch, and the ARP request packet including a virtual router IP address of the switch controller as a target, forwarding the ARP request packet to the switch controller after adding a header that adheres to a communication protocol used by the switch controller, receiving an ARP response packet from the switch controller indicating: a source IP address corresponding to a virtual router of the switch controller and a SMAC corresponding to the switch controller, forwarding the ARP response packet to the first host after stripping the communication protocol header, and setting the virtual router as a default gateway for traffic received from the first host.

公开(公告)号：CA2747736A1

公开(公告)日：2010-12-16

申请号：CA2747736

申请日：2010-06-11

Applicant: IBM

Inventor： HOU KAI-YUAN ,  HUANG HAI ,  RUAN YAOPING ,  SAHU SAMBIT ,  SHAIKH ANEES A

IPC: G06F15/173

Abstract: A method monitors machine activity of multiple virtual computing devices operating through at least one physical computing device by running a monitoring agent. The method measures simple operating characteristics of only a base level virtual computing device and monitors complex operating characteristics by measuring the characteristics for each virtual computing device, recording the operating characteristics of each virtual computing device on a corresponding memory page of each virtual computing device, and sharing each the corresponding memory page with the base level virtual computing device through an interdomain communications channels to transfer the complex operating characteristics to the monitoring agent. The method identifies and outputs simple events and complex events for each of the multiple virtual computing devices by evaluating the simple operating characteristics and the complex operating characteristics.

公开(公告)号：BRPI1009594A2

公开(公告)日：2016-03-08

申请号：BRPI1009594

申请日：2010-06-11

Applicant: IBM

Inventor： SHAIKH ANEES A ,  HUANG HAI ,  HOU KAI-YUAN ,  SAHU SAMBIT ,  RUAN YAOPING

IPC: G06F15/173

公开(公告)号：CA2747736C

公开(公告)日：2017-11-07

申请号：CA2747736

申请日：2010-06-11

Applicant: IBM

Inventor： HOU KAI-YUAN ,  HUANG HAI ,  RUAN YAOPING ,  SAHU SAMBIT ,  SHAIKH ANEES A

IPC: G06F11/30 ,  G06F9/455

Abstract: A method monitors machine activity of multiple virtual computing devices operating through at least one physical computing device by running a monitoring agent. The method measures simple operating characteristics of only a base level virtual computing device and monitors complex operating characteristics by measuring the characteristics for each virtual computing device, recording the operating characteristics of each virtual computing device on a corresponding memory page of each virtual computing device, and sharing each the corresponding memory page with the base level virtual computing device through an interdomain communications channels to transfer the complex operating characteristics to the monitoring agent. The method identifies and outputs simple events and complex events for each of the multiple virtual computing devices by evaluating the simple operating characteristics and the complex operating characteristics.

公开(公告)号：AU2003247703A1

公开(公告)日：2004-02-16

申请号：AU2003247703

申请日：2003-06-24

Applicant: IBM

Inventor： CHARI SURESH N ,  CHENG PAU-CHEN ,  LEE KANG-WON ,  SAHU SAMBIT ,  SHAIKH ANEES A

IPC: G06F21/20 ,  G06F13/00 ,  G06F15/00 ,  G06F15/173 ,  H04L9/00 ,  H04L9/32 ,  H04L12/56 ,  H04L29/06 ,  H04L29/08

Abstract: Several deterrence mechanisms suitable for content distribution networks (CDN) are provided. These include a hash-based request routing scheme and a site allocation scheme. The hash-based request routing scheme provides a way to distinguish legitimate requests from bogus requests. Using this mechanism, an attacker is required to generate O(n2)amount of traffic to victimize a CDN-hosted site when the site content is served from n CDN caches. Without these modifications, the attacker must generate only O(n) traffic to bring down the site. The site allocation scheme provides sufficient isolation among CDN-hosted Web sites to prevent an attack on one Web site from making other sites unavailable. Using an allocation strategy based on binary codes, it can be guaranteed that a successful attack on any individual Web site that disables its assigned servers, does not also bring down other Web sites hosted by the CDN.

公开(公告)号：MX2011010796A

公开(公告)日：2011-10-28

申请号：MX2011010796

申请日：2010-06-11

Applicant: IBM

Inventor： HOU KAI-YUAN ,  HUANG HAI ,  RUAN YAOPING ,  SAHU SAMBIT ,  SHAIKH ANEES A

IPC: G06F15/173

Abstract: Un método supervisa actividad de máquina de múltiples dispositivos de cómputo virtual que operan a través de al menos un dispositivo de cómputo físico al ejecutar un agente de supervisión. El método mide características de operación simples de solo un dispositivo de cómputo virtual de nivel base y supervisa características de operación complejas al medir las características por cada dispositivo de cómputo virtual, grabar las características de operación de cada dispositivo de cómputo virtual en una página de memoria correspondiente de cada dispositivo de cómputo virtual, y compartir cada página de memoria correspondiente con el dispositivo de cómputo virtual de nivel base, a través de canales de comunicaciones interdominios, para transferir las características de operación complejas al agente de supervisión. El método identifica y envía de salida eventos simples y eventos complejos por cada uno de múltiples dispositivos de cómputo virtual al evaluar las características de operación simples y las características de operación complejas.

公开(公告)号：CA2493350A1

公开(公告)日：2004-02-05

申请号：CA2493350

申请日：2003-06-24

Applicant: IBM

Inventor： CHENG PAU-CHEN ,  CHARI SURESH N ,  LEE KANG-WON ,  SHAIKH ANEES A ,  SAHU SAMBIT

IPC: G06F21/20 ,  G06F13/00 ,  G06F15/00 ,  G06F15/173 ,  H04L9/00 ,  H04L9/32 ,  H04L12/56 ,  H04L29/06 ,  H04L29/08

Abstract: Several deterrence mechanisms suitable for content distribution networks (CD N) (120) are provided. These include a hash-based request routing scheme and a site allocation scheme. The hash-based request routing scheme provides a way to distinguish legitimate requests from bogus requests. Using this mechanism , an attacker is required to generate O(n2) amount of traffic to victimize a C DN- hosted site (120) when the site content is served from n CDN caches. Without these modifications, the attacker must generate only 0(n) traffic to bring down the site. The site allocation scheme provides sufficient isolation amon g CDN-hosted Web sites (120) to prevent an attack on one Web site from making other sites unavailable. Using an allocation strategy based on binary codes, it can be guaranteed that a successful attack on any individual Web site tha t disables its assigned servers, does not also bring down other Web sites host ed by the CDN (120).