Abstract: The invention is designed to eliminate or minimize the liability associated with “packet flooding” attacks originating from within a local area network connected to an external network such as one controlled by a university or governmental organization. In these attacks, an attacker uses up all available bandwidth to a victim with useless data. The invention performs its function by identifying and classifying data packets arriving at a “Reverse Firewall” for transmission to the external network using various techniques. For example, data packets that are sent in response to data packets received from the external network will receive a different classification and thus allocation of resources than data packets not sent in response to previously received packets.

Abstract: The invention prevents “packet flooding”, where an attacker uses up all available bandwidth to a victim with useless data. It can also be used to prevent some other related denial of service attacks. The defense is distributed among cooperating sites and routers. The sites identify data they don't want. The routers help sites to determine which routers forward that data. The sites then ask these routers to reduce the rate at which such data is forwarded. Variations of the defense protect against packet flooding attacks on routers and attacks in which an attacker tries to use up some service offered by a site.

Abstract: The invention is a common event monitoring, fusion and reasoning framework that integrates horizontally into many different application domain areas. The system includes a monitor for detecting occurrences of predetermined events from a monitored system, providing data in response to the occurrence and processing the data as a data relation in a database. Predetermined events are recorded in a database using an event pattern language that defines and compiles events in terms of first order logic over a universe of events. The language provides common patterns that allow event patterns (i.e., event rules and relations) to be specified by the client dynamically. These specified event patterns are then compiled into the database. The compiled code automatically triggers responses when specific event patterns are stored in the database. After compilation, additional event patterns may be recognized dynamically by formulating queries into the database using a standard query language such as SQL.