Patents by Inventor Aditya Naidu
Aditya Naidu has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11032302Abstract: A method, computer system, and computer program product that generates a whitelist for each subject device in a field area network (FAN). The whitelist includes one or more whitelist entries corresponding to one or more peer devices in the same FAN communicating with the subject device. Each whitelist entry includes one or more attribute values expected in respective traffic between the subject device and each peer device that is represented by a respective whitelist entry. The traffic in the FAN is monitored at one or more points of the FAN for anomaly by use of the whitelist.Type: GrantFiled: July 30, 2018Date of Patent: June 8, 2021Assignee: PERSPECTA LABS INC.Inventors: Federico Jose Garcia, Aditya Naidu, Stanley Pietrowicz
-
Patent number: 10230599Abstract: A computer program product, computer system, and method for performing traffic analysis on a wireless mesh network, includes intercepting a stream of real-time wireless from field probes on the wireless mesh network, wherein the stream comprises non-standard protocol elements and encrypted traffic, creating an ad hoc network parallel to the wireless mesh network, obtaining, from the ad hoc network, the intercepted stream (the analyzing is performed parallel to traffic flow on the wireless mesh network), pre-processing a portion of the intercepted stream the data, where the pre-processing comprises descrambling and processing headers in the stream to differentiate the packets in the stream and create a combined output stream, obtaining the combined output stream and creating indicators by selecting an analysis operator to apply to one or more dissected fields extracted from the output stream, analyzing the packets in the combined output stream utilizing the indicators, and obtaining results from the indicatorsType: GrantFiled: May 26, 2017Date of Patent: March 12, 2019Assignee: Perspecta Labs Inc.Inventors: Stanley Pietrowicz, Michael M. Hylkema, Paul D. Martin, Jason Youzwak, Aditya Naidu
-
Publication number: 20190036954Abstract: A method, computer system, and computer program product that generates a whitelist for each subject device in a field area network (FAN). The whitelist includes one or more whitelist entries corresponding to one or more peer devices in the same FAN communicating with the subject device. Each whitelist entry includes one or more attribute values expected in respective traffic between the subject device and each peer device that is represented by a respective whitelist entry. The traffic in the FAN is monitored at one or more points of the FAN for anomaly by use of the whitelist.Type: ApplicationFiled: July 30, 2018Publication date: January 31, 2019Inventors: Federico Jose GARCIA, Aditya NAIDU, Stanley PIETROWICZ
-
Publication number: 20170264513Abstract: A computer program product, computer system, and method for performing traffic analysis on a wireless mesh network, includes intercepting a stream of real-time wireless from field probes on the wireless mesh network, wherein the stream comprises non-standard protocol elements and encrypted traffic, creating an ad hoc network parallel to the wireless mesh network, obtaining, from the ad hoc network, the intercepted stream (the analyzing is performed parallel to traffic flow on the wireless mesh network), pre-processing a portion of the intercepted stream the data, where the pre-processing comprises descrambling and processing headers in the stream to differentiate the packets in the stream and create a combined output stream, obtaining the combined output stream and creating indicators by selecting an analysis operator to apply to one or more dissected fields extracted from the output stream, analyzing the packets in the combined output stream utilizing the indicators, and obtaining results from the indicatorsType: ApplicationFiled: May 26, 2017Publication date: September 14, 2017Inventors: Stanley PIETROWICZ, Michael M. HYLKEMA, Paul D. MARTIN, Jason YOUZWAK, Aditya NAIDU
-
Patent number: 9667521Abstract: A computer system, computer program product and method of performing traffic analysis on a communications network includes time stamped packets and related metadata from an intercepted steam of real-time traffic on a backhaul network distinct from the communications network, pre-processing the intercepted stream, including separating a portion of the intercepted stream into dissected fields, creating indicators by selecting an analysis operator to apply to one or more of the dissected fields in a logical expression, analyzing the dissected fields in the output streams utilizing the indicators, and obtaining results from the indicators.Type: GrantFiled: January 27, 2015Date of Patent: May 30, 2017Assignee: Vencore Labs, Inc.Inventors: Stanley Pietrowicz, Michael M. Hylkema, Paul D. Martin, Jason Youzwak, Aditya Naidu
-
Patent number: 9130982Abstract: A system and a method for detecting anomalous attacks in Internet network flow operate by counting a number of Internet traffic messages that are detected as anomalous attacks to provide a count; computing a running average of the number of messages that are detected as anomalous attacks; and comparing the count to the running average to provide an anomalous attack alarm if the count is greater than a multiple of the running average. The attacks can include at least one of spoofing attacks or denial of service attacks. A computer readable storage medium stores instructions of a computer program, which when executed by a computer system, results in performance of steps of the method.Type: GrantFiled: June 13, 2013Date of Patent: September 8, 2015Assignee: Vencore Labs, Inc.Inventors: Yitzchak Gottlieb, Aditya Naidu, Abhrajit Ghosh, Akira Yamada, Yukiko Sawaya, Ayumu Kubota
-
Publication number: 20150215177Abstract: A computer system, computer program product and method of performing traffic analysis on a communications network includes time stamped packets and related metadata from an intercepted steam of real-time traffic on a backhaul network distinct from the communications network, pre-processing the intercepted stream, including separating a portion of the intercepted stream into dissected fields, creating indicators by selecting an analysis operator to apply to one or more of the dissected fields in a logical expression, analyzing the dissected fields in the output streams utilizing the indicators, and obtaining results from the indicators.Type: ApplicationFiled: January 27, 2015Publication date: July 30, 2015Inventors: Stanley Pietrowicz, Michael M. Hylkema, Paul D. Martin, Jason Youzwak, Aditya Naidu
-
Patent number: 8925079Abstract: A method, an apparatus and a program for detecting spoofed Internet Protocol (IP) traffic directed to a network having a plurality of autonomous systems (AS) is provided. The method comprises receiving an incoming packet through an AS, the incoming packet containing a source IP address and a destination IP address, acquiring a corresponding source and destination IP address prefixes, converting the corresponding source and destination IP address prefixes into a source AS number and a destination AS number, determining if the incoming packet arrived from an unexpected source based upon the corresponding destination IP address prefix and the converted source and destination AS number using an unexpected pair tuple table generated from network routing information and generating an alert indicating that the incoming packet is not allowed to enter the network.Type: GrantFiled: November 14, 2011Date of Patent: December 30, 2014Assignees: Telcordia Technologies, Inc., KDDI CorporationInventors: Ravichander Vaidyanathan, Abhrajit Ghosh, Aditya Naidu, Akira Yamada, Ayumu Kubota, Yukiko Sawaya, Yutaka Miyake
-
Patent number: 8719913Abstract: Aspects of the invention pertain to analyzing and modifying access control lists that are used in computer networks. Access control lists may have many individual entries that indicate whether information can be passed between certain devices in a computer network. The access control lists may include redundant or conflicting entries. An aspect of the invention converts an order-dependent control list into an order-free equivalent. Redundant entries are identified and removed without adversely affecting the access control list. Redundancy may be identified by evaluating the volume contraction ratio, which is the ratio of the volume of spin-off entries to specific original entry in the access control list. This ratio reflects the extent of order-dependent impact on that entry in a given access control list.Type: GrantFiled: December 10, 2009Date of Patent: May 6, 2014Assignee: TT Government Solutions, Inc.Inventors: Yibei Ling, Aditya Naidu, Rajesh Talpade
-
Publication number: 20130340079Abstract: A system and a method for detecting anomalous attacks in Internet network flow operate by counting a number of Internet traffic messages that are detected as anomalous attacks to provide a count; computing a running average of the number of messages that are detected as anomalous attacks; and comparing the count to the running average to provide an anomalous attack alarm if the count is greater than a multiple of the running average. The attacks can include at least one of spoofing attacks or denial of service attacks. A computer readable storage medium stores instructions of a computer program, which when executed by a computer system, results in performance of steps of the method.Type: ApplicationFiled: June 13, 2013Publication date: December 19, 2013Inventors: Yitzchak GOTTLIEB, Aditya NAIDU, Abhrajit GHOSH, Akira YAMADA, Yukiko SAWAYA, Ayumu KUBOTA
-
Publication number: 20130125235Abstract: A method, an apparatus and a program for detecting spoofed Internet Protocol (IP) traffic directed to a network having a plurality of autonomous systems (AS) is provided. The method comprises receiving an incoming packet through an AS, the incoming packet containing a source IP address and a destination IP address, acquiring a corresponding source and destination IP address prefixes, converting the corresponding source and destination IP address prefixes into a source AS number and a destination AS number, determining if the incoming packet arrived from an unexpected source based upon the corresponding destination IP address prefix and the converted source and destination AS number using an unexpected pair tuple table generated from network routing information and generating an alert indicating that the incoming packet is not allowed to enter the network.Type: ApplicationFiled: November 14, 2011Publication date: May 16, 2013Applicants: TELCORDIA TECHNOLOGIES, INC.Inventors: Ravichander Vaidyanathan, Abhrajit Ghosh, Aditya Naidu, Akira Yamada, Ayumu Kubota, Yukiko Sawaya, Yutaka Miyake
-
Publication number: 20110283348Abstract: Aspects of the invention pertain to integrated compliance analysis of multiple firewalls and access control lists for network segregation and partitioning. Access control lists may have many individual rules that indicate whether information can be passed between certain devices in a computer network. The access control lists in different firewalls in different network segments within a given network may overlap or have inconsistent rules. Aspects of the invention generate differences between firewalls, analyze equivalency of firewalls, generate the intersection (if any) between a pair of firewalls, and generate the union (if any) between firewalls. Such information provides an integrated analysis of multiple interrelated firewalls, including inbound and outbound access control lists for such firewalls, and may be used to manage firewall operation within the network to ensure consistent operation and maintain network security.Type: ApplicationFiled: May 13, 2010Publication date: November 17, 2011Applicant: TELCORDIA TECHNOLOGIES, INC.Inventors: Yibei Ling, Aditya Naidu, Rajesh Talpade
-
Patent number: 7962635Abstract: Aspects of the invention pertain to user session management in load balanced clusters. Multiple application servers communicate with a central data server to ensure there is a single session per user ID. The central data server maintains a user session index and a parameter table. Each time a network access is attempted using a given user ID, a load balancer assigns the session to one of the application servers. The assigned application server queries the central data server to determine whether a session status for the user's login ID is inactive or active. If inactive, a new, unique value is assigned as the session number. If active, the session number is evaluated to determine whether multiple sessions exist. In this case, one of the sessions is terminated to ensure a single session per user ID. Preferably, the terminated session is the earlier session.Type: GrantFiled: December 7, 2009Date of Patent: June 14, 2011Assignee: Telcordia Technologies, Inc.Inventors: Aditya Naidu, Rajesh Talpade, Harshad Tanna, Sabine Winchell
-
Publication number: 20100217860Abstract: Aspects of the invention pertain to user session management in load balanced clusters. Multiple application servers communicate with a central data server to ensure there is a single session per user ID. The central data server maintains a user session index and a parameter table. Each time a network access is attempted using a given user ID, a load balancer assigns the session to one of the application servers. The assigned application server queries the central data server to determine whether a session status for the user's login ID is inactive or active. If inactive, a new, unique value is assigned as the session number. If active, the session number is evaluated to determine whether multiple sessions exist. In this case, one of the sessions is terminated to ensure a single session per user ID. Preferably, the terminated session is the earlier session.Type: ApplicationFiled: December 7, 2009Publication date: August 26, 2010Applicant: TELCORDIA TECHNOLOGIES, INC.Inventors: Aditya Naidu, Rajesh Talpade, Harshad Tanna, Sabine Winchell
-
Publication number: 20100199344Abstract: Aspects of the invention pertain to analyzing and modifying access control lists that are used in computer networks. Access control lists may have many individual entries that indicate whether information can be passed between certain devices in a computer network. The access control lists may include redundant or conflicting entries. An aspect of the invention converts an order-dependent control list into an order-free equivalent. Redundant entries are identified and removed without adversely affecting the access control list. Redundancy may be identified by evaluating the volume contraction ratio, which is the ratio of the volume of spin-off entries to specific original entry in the access control list. This ratio reflects the extent of order-dependent impact on that entry in a given access control list.Type: ApplicationFiled: December 10, 2009Publication date: August 5, 2010Applicant: TELCORDIA TECHNOLOGIES, INC.Inventors: Yibei Ling, Aditya Naidu, Rajesh Talpade
-
Publication number: 20100199346Abstract: Aspects of the invention pertain to analyzing and modifying access control lists that are used in computer networks. Access control lists may have many individual rules that indicate whether information can be passed between certain devices in a computer network. The access control lists may include redundant or conflicting rules. An aspect of the invention determines whether two or more access control lists are equivalent or not. Order-dependent access control lists are converted into order-independent access control lists, which enable checking of semantic equivalence of different access control lists. Upon conversion to an order-independent access control list, lower-precedence rules in the order-free list are checked for overlap with a current higher precedence entry. If overlap exists, existing order-free rules are modified so that spinoff rules have no overlap with the current entry. This is done while maintaining semantic equivalence.Type: ApplicationFiled: December 10, 2009Publication date: August 5, 2010Applicant: Telcordia Technologies, Inc.Inventors: Yibei Ling, Aditya Naidu, Rajesh Talpade
-
Publication number: 20100042605Abstract: An inventive system and method for versioning relational database disjoint records comprises a relational database, configuration files translated into query files, and a version control system, wherein each query file is stored and checked into the version control system, updating a version number of the query file. Each query file comprises a set of query statements. Query files are retrieved from the version control system based on the version number or an independent data item, and put into the database for analysis. In one embodiment, one of the configuration files comprises a configuration of a device, such as a router, a switch, a firewall, or a medical record. The method comprises acquiring configuration files, changing the configuration files into query files and storing the query files, and checking each query file into a version control system, wherein the checking in updates a version number of the query file.Type: ApplicationFiled: July 31, 2009Publication date: February 18, 2010Applicant: Telcordia Technologies, Inc.Inventors: Yuu-heng Cheng, Alexander Poylisher, Aditya Naidu, Rajesh Talpade, Shrirang Gadgil