Abstract: A flow-based intrusion detection system for detecting intrusions in computer communication networks. Data packets representing communications between hosts in a computer-to-computer communication network are processed and assigned to various client/server flows. Statistics are collected for each flow. Then, the flow statistics are analyzed to determine if the flow appears to be legitimate traffic or possible suspicious activity. A concern index value is assigned to each flow that appears suspicious. By assigning a value to each flow that appears suspicious and adding that value to the total concern index of the responsible host, it is possible to identify hosts that are engaged in intrusion activity. When the concern index value of a host exceeds a preset alarm value, an alert is issued and appropriate action can be taken.

Abstract: Systems and techniques relating to a microscope with an adjustable stage are described. A microscope includes a base, a support arm attached to and extending upwardly from the base, a head attached to the support arm, the head including a lens, and an eyepiece attached to the head. A stage is releasably attachable to the support arm between the head and the base at multiple locations, providing multiple working distances between a lower surface of the head and an upper surface of the stage. When the stage is attached to the support arm at a location, a working distance between the lower surface of the head and the upper surface of the stage is further adjustable to an either greater or lesser working distance. In another embodiment, microscopic and macroscopic viewing can both be provided using a lens changer with multiple lens positioned radially about an axis of rotation.

Abstract: Systems and techniques relating to a microscope with an adjustable stage are described. A microscope includes a base, a support arm attached to and extending upwardly from the base, a head attached to the support arm, the head including a lens, and an eyepiece attached to the head. A stage is releasably attachable to the support arm between the head and the base at multiple locations, providing multiple working distances between a lower surface of the head and an upper surface of the stage. When the stage is attached to the support arm at a location, a working distance between the lower surface of the head and the upper surface of the stage is further adjustable to an either greater or lesser working distance. In another embodiment, microscopic and macroscopic viewing can both be provided using a lens changer with multiple lens positioned radially about an axis of rotation.

Abstract: A port profiling system detects unauthorized network usage. The port profiling system analyzes network communications to determine the service ports being used. The system collects flow data from packet headers between two hosts or Internet Protocol (IP) addresses. The collected flow data is analyzed to determine the associated network service provided. A host data structure is maintained containing a profile of the network services normally associated with the host. If the observed network service is not one of the normal network services performed as defined by the port profile for that host, an alarm signal is generated and action can be taken based upon the detection of an Out of Profile network service. An Out of Profile operation can indicate the operation of a Trojan Horse program on the host, or the existence of a non-approved network application that has been installed.

Abstract: A port profiling system detects unauthorized network usage. The port profiling system analyzes network communications to determine the service ports being used. The system collects flow data from packet headers between two hosts or Internet Protocol (IP) addresses. The collected flow data is analyzed to determine the associated network service provided. A host data structure is maintained containing a profile of the network services normally associated with the host. If the observed network service is not one of the normal network services performed as defined by the port profile for that host, an alarm signal is generated and action can be taken based upon the detection of an Out of Profile network service. An Out of Profile operation can indicate the operation of a Trojan Horse program on the host, or the existence of a non-approved network application that has been installed.

Abstract: The current invention provides improved methods and filter stacks for concentrating a slurry of titanium dioxide. The improved filter stack comprises a series of filter disks and diverter trays arranged in parallel. The present invention provides an improvement over prior art filter stacks by using a substantially complete weld to attach a diverter plate to the diverter trays. The current invention also provides an improved method for pre-conditioning a filter stack. The improved method is designed to pre-condition and gradually prepare the filter stack for production of the desired slurry of titanium dioxide. Further, the current invention provides an improved process for preparing and transporting a slurry of titanium dioxide. Finally, the current invention provides a method for enhancing the lifespan of a filter stack.

Abstract: A flow-based intrusion detection system for detecting intrusions in computer communication networks. Data packets representing communications between hosts in a computer-to-computer communication network are processed and assigned to various client/server flows. Statistics are collected for each flow. Then, the flow statistics are analyzed to determine if the flow appears to be legitimate traffic or possible suspicious activity. A concern index value is assigned to each flow that appears suspicious. By assigning a value to each flow that appears suspicious and adding that value to the total concern index of the responsible host, it is possible to identify hosts that are engaged in intrusion activity. When the concern index value of a host exceeds a preset alarm value, an alert is issued and appropriate action can be taken.

Abstract: A flow-based intrusion detection system for detecting intrusions in computer communication networks. Data packets representing communications between hosts in a computer-to-computer communication network are processed and assigned to various client/server flows. Statistics are collected for each flow. Then, the flow statistics are analyzed to determine if the flow appears to be legitimate traffic or possible suspicious activity. A concern index value is assigned to each flow that appears suspicious. By assigning a value to each flow that appears suspicious and adding that value to the total concern index of the responsible host, it is possible to identify hosts that are engaged in intrusion activity. When the concern index value of a host exceeds a preset alarm value, an alert is issued and appropriate action can be taken.

Abstract: A flow-based intrusion detection system for detecting intrusions in computer communication networks. Data packets representing communications between hosts in a computer-to-computer communication network are processed and assigned to various client/server flows. Statistics are collected for each flow. Then, the flow statistics are analyzed to determine if the flow appears to be legitimate traffic or possible suspicious activity. A concern index value is assigned to each flow that appears suspicious. By assigning a value to each flow that appears suspicious and adding that value to the total concern index of the responsible host, it is possible to identify hosts that are engaged in intrusion activity. When the concern index value of a host exceeds a preset alarm value, an alert is issued and appropriate action can be taken.

Abstract: A zone locking system detects unauthorized network usage internal to a firewall. The system determines unauthorized network usage by classifying internal hosts inside a firewall into zones. Certain specified zones are unauthorized to initiate client communications with other selected zones. However, zone override services can be designated for each associated internal zone, and thus, authorizing selected network services. An alarm or other appropriate action is taken upon the detection of unauthorized network usage.

Abstract: A flow-based intrusion detection system for detecting intrusions in computer communication networks. Data packets representing communications between hosts in a computer-to-computer communication network are processed and assigned to various client/server flows. Statistics are collected for each flow. Then, the flow statistics are analyzed to determine if the flow appears to be legitimate traffic or possible suspicious activity. A concern index value is assigned to each flow that appears suspicious. By assigning a value to each flow that appears suspicious and adding that value to the total concern index of the responsible host, it is possible to identify hosts that are engaged in intrusion activity. When the concern index value of a host exceeds a preset alarm value, an alert is issued and appropriate action can be taken.

Abstract: A port profiling system detects unauthorized network usage. The port profiling system analyzes network communications to determine the service ports being used. The system collects flow data from packet headers between two hosts or Internet Protocol (IP) addresses. The collected flow data is analyzed to determine the associated network service provided. A host data structure is maintained containing a profile of the network services normally associated with the host. If the observed network service is not one of the normal network services performed as defined by the port profile for that host, an alarm signal is generated and action can be taken based upon the detection of an Out of Profile network service. An Out of Profile operation can indicate the operation of a Trojan Horse program on the host, or the existence of a non-approved network application that has been installed.

Abstract: A data flow controller (150) for monitoring and automatically controlling the flow of serial data from a remote transmitter to a host device. A serial communications card (11) provides an interface between a remote transmitter connected to a serial port connector (20) and a host device (10). The card (11) contains a UART (14) which has a buffer. A counter (151) counts the number of bytes received by the UART (14) since the last time that the host (10) read all the data in the buffer. If the number exceeds a predetermined portion of the buffer capacity the counter output (Q11) will go high, thereby disabling the counter and sending a control signal (DTR, RTS) to the remote transmitter to stop sending data. Once the host (10) has read all the data in the buffer the UART (14) provides a signal (-RXREADY) which resets the counter (151), thereby causing the output (Q11) to go low, thereby allowing the remote transmitter to resume sending data.

Abstract: Red LEDs having sufficient brightness and efficiency are employed for a bicycle tail lamp. A xenon strobe provides extended visibility over the steady red LED beam, identifiable as a vehicle tail lamp; dispersed high intensity flashes of the strobe may be seen directly or observed as reflections from the surroundings. The flash is powered from the difference between the supply potential and that required by the LEDs so the current through the LEDs is controlled without wasting power or adding unproductive circuitry. These elements are located in a retro-reflector similar to that in common use on bicycles to form a warning device that is small, easy to mount, with an uncomplicated electrical hookup; a simplified parallel connection scheme needs only a single wire in addition to the metal bicycle frame. The system has the rechargeable battery and the generator substantially in parallel; generator power is used when the bicycle is in motion and battery power when stopped.

Abstract: A method for communicating with a plurality of hosts connected to an X.25 network and for selectably using a character as a control character or a data character. Each character received from the X.25 network is inspected to determine if it is one of a set of reserved characters. If so, the character is encoded before being sent to its final destination. Data intended for the X.25 network is inspected for the presence of a predetermined control character. If the control character is present, the next character is inspected to determine whether it is a command character or an encoded data character. If this next character is an encoded data character, it is decoded and provided to the X.25 network. If this next character is a command character, then the command is executed. The method allows the use of any character as either a command character or data character. Data transfer between the DTE and DCE is assigned a PAD and a virtual channel number which corresponds to a particular host on the X.25 network.