Patents by Inventor Massimiliano Antonio Poletto
Massimiliano Antonio Poletto has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 7363656Abstract: A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The aggregator runs processes that determine network events from aggregating of anomalies into network events.Type: GrantFiled: November 3, 2003Date of Patent: April 22, 2008Assignee: Mazu Networks, Inc.Inventors: Daniel Weber, Prem Gopalan, Massimiliano Antonio Poletto
-
Patent number: 7278159Abstract: A system architecture for thwarting denial of service attacks on a victim data center is described. The system includes a first plurality of monitors that monitor network traffic flow through the network. The first plurality of monitors is disposed at a second plurality of points in the network. The system includes a central controller that receives data from the plurality of monitors, over a hardened, redundant network. The central controller analyzes network traffic statistics to identify malicious network traffic. In some embodiments of the system, a gateway device is disposed to pass network packets between the network and the victim site. The gateway is disposed to protect the victim site, and is coupled to the control center by the redundant hardened network.Type: GrantFiled: August 16, 2001Date of Patent: October 2, 2007Assignee: Mazu Networks, Inc.Inventors: Marinus Frans Kaashoek, Edward W. Kohler, Jr., Massimiliano Antonio Poletto, Robert T. Morris
-
Patent number: 7213264Abstract: A monitoring device disposed for thwarting denial of service attacks on the data center is described. The monitoring device includes a plurality of probe devices that are disposed to collect statistical information on packets that are sent between the network and the data center and a cluster head coupled to each of the plurality of probe devices, the cluster head receiving collected statistical information from the probe devices and determining from the collected information whether the data center is under a denial of service attack.Type: GrantFiled: January 31, 2002Date of Patent: May 1, 2007Assignee: Mazu Networks, Inc.Inventors: Massimiliano Antonio Poletto, Dimitri Stratton Vlachos
-
Patent number: 7124440Abstract: A system architecture for thwarting denial of service attacks on a victim data center is described. The system includes a first plurality of monitors that monitor network traffic flow through the network. The first plurality of monitors is disposed at a second plurality of points in the network. The system includes a central controller that receives data from the plurality of monitors, over a hardened, redundant network. The central controller analyzes network traffic statistics to identify malicious network traffic. In some embodiments of the system, a gateway device is disposed to pass network packets between the network and the victim site. The gateway is disposed to protect the victim site, and is coupled to the control center by the redundant hardened network.Type: GrantFiled: August 16, 2001Date of Patent: October 17, 2006Assignee: Mazu Networks, Inc.Inventors: Massimiliano Antonio Poletto, Edward W. Kohler, Jr.
-
Patent number: 7043759Abstract: A system architecture for thwarting denial of service attacks on a victim data center is described. The system includes a first plurality of monitors that monitor network traffic flow through the network. The first plurality of monitors is disposed at a second plurality of points in the network. The system includes a central controller that receives data from the plurality of monitors, over a hardened, redundant network. The central controller analyzes network traffic statistics to identify malicious network traffic. In some embodiments of the system, a gateway device is disposed to pass network packets between the network and the victim site. The gateway is disposed to protect the victim site, and is coupled to the control center by the redundant hardened network.Type: GrantFiled: August 16, 2001Date of Patent: May 9, 2006Assignee: Mazu Networks, Inc.Inventors: Marinus Frans Kaashoek, Edward W. Kohler, Jr., Massimiliano Antonio Poletto
-
Publication number: 20040250134Abstract: A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The aggregator runs processes that determine network events from aggregating of anomalies into network events.Type: ApplicationFiled: November 3, 2003Publication date: December 9, 2004Inventors: Edward W. Kohler, Massimiliano Antonio Poletto, Andrew Ratin
-
Publication number: 20040220984Abstract: A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The aggregator runs processes that determine network events from aggregating of anomalies into network events.Type: ApplicationFiled: November 3, 2003Publication date: November 4, 2004Inventors: Anne Elizabeth Dudfield, Massimiliano Antonio Poletto
-
Publication number: 20040215975Abstract: A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The aggregator runs processes that determine network events from aggregating of anomalies into network events.Type: ApplicationFiled: November 3, 2003Publication date: October 28, 2004Inventors: Anne Elizabeth Dudfield, Massimiliano Antonio Poletto, Daniel Weber
-
Publication number: 20040205374Abstract: A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The aggregator runs processes that determine network events from aggregating of anomalies into network events.Type: ApplicationFiled: November 3, 2003Publication date: October 14, 2004Inventors: Massimiliano Antonio Poletto, Edward W. Kohler, Andrew Ratin, Andrew Gorelik
-
Publication number: 20040199793Abstract: A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The aggregator runs processes that determine network events from aggregating of anomalies into network events.Type: ApplicationFiled: November 3, 2003Publication date: October 7, 2004Inventors: Benjamin Wilken, Massimiliano Antonio Poletto
-
Publication number: 20040199791Abstract: A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The aggregator runs processes that determine network events from aggregating of anomalies into network events.Type: ApplicationFiled: November 3, 2003Publication date: October 7, 2004Inventors: Massimiliano Antonio Poletto, Andrew Ratin, Anne Elizabeth Dudfield
-
Publication number: 20040199792Abstract: Techniques to assign nodes in a network to groups of nodes includes grouping nodes on a network into groups based on host connection set data by identifying bi-connected components in the host connection set data; and merging groups with similar connection habits as determined by examining the host connection set data into larger groups.Type: ApplicationFiled: November 3, 2003Publication date: October 7, 2004Inventors: Godfrey Tan, Massimiliano Antonio Poletto
-
Publication number: 20030204621Abstract: An arrangement is disposed in a network. The arrangement includes a device that is logically disposed adjacent logically nearby routers having a first type of probe that are disposed to sample traffic, and that is has second type of probe that is disposed in-line during an attack by modifying router tables on the nearby routers.Type: ApplicationFiled: April 30, 2002Publication date: October 30, 2003Inventors: Massimiliano Antonio Poletto, Robert Nader Nazzal, Dimitri Stratton Vlachos
-
Publication number: 20030145231Abstract: A monitoring device disposed for thwarting denial of service attacks on the data center is described. The monitoring device includes a plurality of probe devices that are disposed to collect statistical information on packets that are sent between the network and the data center and a cluster head coupled to each of the plurality of probe devices, the cluster head receiving collected statistical information from the probe devices and determining from the collected information whether the data center is under a denial of service attack.Type: ApplicationFiled: January 31, 2002Publication date: July 31, 2003Inventors: Massimiliano Antonio Poletto, Dimitri Stratton Vlachos
-
Publication number: 20030145233Abstract: A monitoring device is disposed to thwart denial of service attacks on a data center. The monitoring device is a device that collects statistical information on packets that are sent between a network and the data center for a plurality of customers by examining traffic as if the device was disposed on links that are downstream from links that the provisioned monitor is disposed on.Type: ApplicationFiled: January 31, 2002Publication date: July 31, 2003Inventors: Massimiliano Antonio Poletto, Anne Elizabeth Dudfield
-
Publication number: 20030145232Abstract: A system architecture for thwarting denial of service attacks on a victim data center is described. The system includes a first plurality of data monitors that monitor network traffic flow through the network. The first plurality of monitors is disposed at a second plurality of points in the network. The system includes a central controller that receives data from the plurality of monitors, over a hardened, redundant network. The central controller analyzes network traffic statistics to identify malicious network traffic. In one embodiment, a gateway device is disposed to pass network packets between the network and the victim site. The gateway includes a computing device executing a process to build a histogram for any attribute or function of an attribute of network packets and a process to determine if the values of the attribute exceed normal, threshold values expected for the attribute to indicate an attack on the site.Type: ApplicationFiled: January 31, 2002Publication date: July 31, 2003Inventors: Massimiliano Antonio Poletto, Andrew Ratin, Andrew Gorelik
-
Publication number: 20020103916Abstract: A system architecture for thwarting denial of service attacks on a victim data center is described. The system includes a first plurality of monitors that monitor network traffic flow through the network. The first plurality of monitors is disposed at a second plurality of points in the network. The system includes a central controller that receives data from the plurality of monitors, over a hardened, redundant network. The central controller analyzes network traffic statistics to identify malicious network traffic. In some embodiments of the system, a gateway device is disposed to pass network packets between the network and the victim site. The gateway is disposed to protect the victim site, and is coupled to the control center by the redundant hardened network.Type: ApplicationFiled: September 5, 2001Publication date: August 1, 2002Inventors: Benjie Chen, Massimiliano Antonio Poletto
-
Publication number: 20020095492Abstract: A system architecture for thwarting denial of service attacks on a victim data center is described. The system includes a first plurality of monitors that monitor network traffic flow through the network. The first plurality of monitors is disposed at a second plurality of points in the network. The system includes a central controller that receives data from the plurality of monitors, over a hardened, redundant network. The central controller analyzes network traffic statistics to identify malicious network traffic. In some embodiments of the system, a gateway device is disposed to pass network packets between the network and the victim site. The gateway is disposed to protect the victim site, and is coupled to the control center by the redundant hardened network.Type: ApplicationFiled: August 16, 2001Publication date: July 18, 2002Inventors: Marinus Frans Kaashoek, Edward W. Kohler, Massimiliano Antonio Poletto, Robert T. Morris
-
Publication number: 20020035628Abstract: A system architecture for thwarting denial of service attacks on a victim data center is described. The system includes a first plurality of monitors that monitor network traffic flow through the network. The first plurality of monitors is disposed at a second plurality of points in the network. The system includes a central controller that receives data from the plurality of monitors, over a hardened, redundant network. The central controller analyzes network traffic statistics to identify malicious network traffic. In some embodiments of the system, a gateway device is disposed to pass network packets between the network and the victim site. The gateway is disposed to protect the victim site, and is coupled to the control center by the redundant hardened network.Type: ApplicationFiled: August 16, 2001Publication date: March 21, 2002Inventors: Thomer Michael Gil, Massimiliano Antonio Poletto, Edward W. Kohler
-
Publication number: 20020035683Abstract: A system architecture for thwarting denial of service attacks on a victim data center is described. The system includes a first plurality of monitors that monitor network traffic flow through the network. The first plurality of monitors is disposed at a second plurality of points in the network. The system includes a central controller that receives data from the plurality of monitors, over a hardened, redundant network. The central controller analyzes network traffic statistics to identify malicious network traffic. In some embodiments of the system, a gateway device is disposed to pass network packets between the network and the victim site. The gateway is disposed to protect the victim site, and is coupled to the control center by the redundant hardened network.Type: ApplicationFiled: August 16, 2001Publication date: March 21, 2002Inventors: Marinus Frans Kaashoek, Edward W. Kohler, Massimiliano Antonio Poletto