| 发明名称 | Distributed network protection | ||
| 摘要 | A method and system for processing frames transmitted in a network including nodes and network segments connecting the nodes. Frames transmitted over network segments are detected. Frame information from each detected frame is stored in a frame information repository. A stored hierarchical data structure includes vectors specifying frame information defining frames permitted in the network, classes including vectors with constraints on the vectors, and patterns including classes with constraints on the classes. The frame information in the detected frames may not match the frame information specified in the vectors. The vectors, if matched by the frame information in the detected frames, may not satisfy the constraints in the classes. The vectors, if matched by the frame information in the detected frames, may satisfy the constraints in the classes, and the classes whose constraints are satisfied by the matched vectors may not satisfy the constraints in the patterns. | ||
| 申请公布号 | US9497208(B2) | 申请公布日期 | 2016.11.15 |
| 申请号 | US201514607189 | 申请日期 | 2015.01.28 |
| 申请人 | International Business Machines Corporation | 发明人 | Serber Pablo D. |
| 分类号 | G06F21/00;H04L29/06 | 主分类号 | G06F21/00 |
| 代理机构 | Schmeiser, Olsen & Watts, LLP | 代理人 | Schmeiser, Olsen & Watts, LLP ;Pivnichny John |
| 主权项 | 1. A method for processing frames transmitted in a network comprising a plurality of nodes and a plurality of network segments, each network segment connecting at least two nodes of the plurality of nodes, said method comprising: determining, by a processor of a computer system, whether frame information extracted from a frame, that had been transmitted over one or more network segments of the plurality of network segments, matches frame information specified in any vector of multiple vectors stored in a vector definitions repository, which results in said processor determining that the extracted frame information does not match frame information specified in any vector of the multiple vectors stored in the vector definitions repository, wherein each vector of the multiple vectors stored in the vector definitions repository specifies frame information defining one or more frames permitted in the network; responsive to said determining that the extracted frame information does not match frame information specified in any vector of the multiple vectors stored in the vector definitions repository, said processor determining whether the extracted frame information represents a risk to the network, which results in determining that the extracted frame information does not represents a risk to the network; in response to said determining that the extracted frame information does not represents a risk to the network, said processor either creating a new vector from the retrieved frame information and storing the new vector in the vector definitions repository or modifying a vector that is stored in the vector definitions repository according to the retrieved frame information, wherein the new or modified vector stored in the vector definitions repository further defines frames permitted in the network. | ||
| 地址 | Armonk NY US | ||