Patents by Inventor Anat Bremler-Barr
Anat Bremler-Barr has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8909813Abstract: A method for processing communication traffic includes receiving an incoming stream of compressed data conveyed by a sequence of data packets, each containing a respective portion of the compressed data. The respective portion of the compressed data contained in the first packet is stored in a buffer, having a predefined buffer size. Upon receiving a subsequent packet, at least a part of the compressed data stored in the buffer and the respective portion of the compressed data contained in the subsequent packet are decompressed, thereby providing decompressed data. A most recent part of the decompressed data that is within the buffer size is recompressed and stored in the buffer.Type: GrantFiled: March 20, 2012Date of Patent: December 9, 2014Assignees: Ramot at Tel-Aviv University Ltd., Interdisciplinary Center HerzliyaInventors: Yehuda Afek, Anat Bremler-Barr, Yaron Koral
-
Patent number: 8887026Abstract: A method for error detection includes storing in an associative memory multiple data entries, each data entry including a data item together with one or more check symbols computed with respect to the data item. A predetermined sequence of search keys is applied to the memory, thereby causing the memory to generate, in parallel, match results with respect to the data entries. The match results are processed in order to identify an error in at least one of the data entries.Type: GrantFiled: April 12, 2010Date of Patent: November 11, 2014Assignees: Ben Gurion University of the Negev, Interdisciplinary Center Herzliya, Technion Research & Development Foundation Ltd.Inventors: Anat Bremler-Barr, David Hay, Danny Hendler, Ron M. Roth
-
Patent number: 8504510Abstract: A method for processing data includes encoding a finite automaton, which includes states and transitions between the states that express a plurality of predefined patterns, by grouping the states of the automaton into sets according to a common property shared by the states in each set, and assigning codes to the states according to the grouping. The codes are stored in an electronic memory, along with rules that are associated with the patterns. The automaton is traversed in order to identify one or more of the patterns in an input sequence of data elements by iteratively reading out the codes from the memory responsively to the data elements and to the codes that have been previously read out. Upon identifying a given pattern in the input sequence, an associated action is performed.Type: GrantFiled: January 6, 2011Date of Patent: August 6, 2013Assignee: Interdisciplinary Center HerzliyaInventors: Anat Bremler-Barr, David Hay, Yaron Koral
-
Patent number: 8458354Abstract: A method for processing data includes accepting a specification of a plurality of patterns, each pattern defining a respective uncompressed sequence of symbols. Multi-pattern matching is applied to an incoming stream of compressed communication traffic containing compression metadata so as to identify the patterns occurring in the stream while using the compression metadata to skip over parts of the stream.Type: GrantFiled: January 26, 2011Date of Patent: June 4, 2013Assignee: Interdisciplinary Center HerzliyaInventors: Anat Bremler-Barr, Yaron Koral, Victor Zigdon
-
Publication number: 20120243551Abstract: A method for processing communication traffic includes receiving an incoming stream of compressed data conveyed by a sequence of data packets, each containing a respective portion of the compressed data. The respective portion of the compressed data contained in the first packet is stored in a buffer, having a predefined buffer size. Upon receiving a subsequent packet, at least a part of the compressed data stored in the buffer and the respective portion of the compressed data contained in the subsequent packet are decompressed, thereby providing decompressed data. A most recent part of the decompressed data that is within the buffer size is recompressed and stored in the buffer.Type: ApplicationFiled: March 20, 2012Publication date: September 27, 2012Applicants: INTERDISCIPLINARY CENTER HERZLIYA, RAMOT AT TEL AVIV UNIVERSITY LTD.Inventors: Yehuda Afek, Anat Bremler-Barr, Yaron Koral
-
Publication number: 20120117431Abstract: A method for error detection includes storing in an associative memory (24, 50, 70) multiple data entries (30), each data entry including a data item (28) together with one or more check symbols (40) computed with respect to the data item. A predetermined sequence of search keys (32) is applied to the memory, thereby causing the memory to generate, in parallel, match results with respect to the data entries. The match results are processed in order to identify an error in at least one of the data entries.Type: ApplicationFiled: April 12, 2010Publication date: May 10, 2012Applicants: BEN GURION UNIVERSITY OF THE NEGEV, TECHNION RESEARCH & DEVELOPMENT FOUNDATION LTD., INTERDISCIPLINARY CENTER HERZLIYAInventors: Anat Bremler-Barr, David Hay, Danny Hendler, Ron M. Roth
-
Publication number: 20110185077Abstract: A method for processing data includes accepting a specification of a plurality of patterns, each pattern defining a respective uncompressed sequence of symbols. Multi-pattern matching is applied to an incoming stream of compressed communication traffic containing compression metadata so as to identify the patterns occurring in the stream while using the compression metadata to skip over parts of the stream.Type: ApplicationFiled: January 26, 2011Publication date: July 28, 2011Applicant: INTERDISCIPLINARY CENTER HERZLIYAInventors: Anat Bremler-Barr, Yaron Koral, Victor Zigdon
-
Publication number: 20110167030Abstract: A method for processing data includes encoding a finite automaton, which includes states and transitions between the states that express a plurality of predefined patterns, by grouping the states of the automaton into sets according to a common property shared by the states in each set, and assigning codes to the states according to the grouping. The codes are stored in an electronic memory, along with rules that are associated with the patterns. The automaton is traversed in order to identify one or more of the patterns in an input sequence of data elements by iteratively reading out the codes from the memory responsively to the data elements and to the codes that have been previously read out. Upon identifying a given pattern in the input sequence, an associated action is performed.Type: ApplicationFiled: January 6, 2011Publication date: July 7, 2011Applicant: INTERDISCIPLINARY CENTER HERLIYAInventors: Anat Bremler-Barr, David Hay, Yaron Koral
-
Publication number: 20100250737Abstract: A method for communication management includes detecting addresses of peer nodes (34) belonging to a service layer (30) of a distributed application running on a computer network (22). Responsively to the detected addresses, filtering of communication traffic transmitted by client computers (26) is actuated so as to limit access by the client computers to the distributed application.Type: ApplicationFiled: October 30, 2008Publication date: September 30, 2010Applicants: INTERDISCIPLINARY CENTER HERZLIYA, ETH ZURICH, RAMOT AT TEL AVIV UNIVERSITY LTDInventors: Anat Bremler-Barr, Hanoch Levin (Levy), Omer Dekel
-
Patent number: 7707305Abstract: Methods and apparatus for protecting against and/or responding to an overload condition at a node (“victim”) in a distributed network divert traffic otherwise destined for the victim to one or more other nodes, which can filter the diverted traffic, passing a portion of it to the victim, and/or effect processing of one or more of the diverted packets on behalf of the victim. Diversion can be performed by one or more nodes (collectively, a “first set” of nodes) external to the victim. Filtering and/or effecting traffic processing can be performed by one or more nodes (collectively, a “second set” of nodes) also external to the victim. Those first and second sets can have zero, one or more nodes in common—or, put another way, they may wholly, partially or not overlap. The methods and apparatus have application in protecting nodes in a distributed network, such as the Internet, against distributed denial of service (DDoS) attacks.Type: GrantFiled: August 14, 2001Date of Patent: April 27, 2010Assignee: Cisco Technology, Inc.Inventors: Yehuda Afek, Anat Bremler-Barr, Dan Touitou
-
Patent number: 7342929Abstract: An improved network device that controls throughput of packets received thereby, e.g., to downstream devices or to downstream logic contained within the same network device. The network device comprises a scheduler that schedules one or more packets of a selected class for throughput as a function of a weight of that class and weights of one or more other classes. The weight of at least the selected class is dynamic and is a function of a history of volume of packets received by the network device in the selected class. An apparatus for protecting against overload conditions on a network, e.g., of the type caused by DDoS attacks, has a scheduler and a token bucket mechanism, e.g., as described above. Such apparatus can also include a plurality of queues into which packets of the respective classes are placed on receipt by the apparatus. Those packets are dequeued by the scheduler, e.g., in the manner described above, for transmittal to downstream devices (e.g., potential victim nodes) on the network.Type: GrantFiled: April 26, 2002Date of Patent: March 11, 2008Assignee: Cisco Technology, Inc.Inventors: Anat Bremler-Barr, Dan Touitou, Keren Horvitz, Rephael Tzadikario, Yehuda Afek
-
Patent number: 7225270Abstract: A method for communication includes coupling a first port of a Layer-3 packet router to receive communication traffic from a network, the traffic including packets destined for a target address, which is accessible via a second port of the router. At the router, the packets that are destined for the target address are diverted to a traffic processor via a third port of the router. The diverted packets are processed at the traffic processor, and returning the processed packets to the router via the third port. At the router, the processed packets are conveyed from the third port to the second port for delivery to the target address.Type: GrantFiled: January 26, 2005Date of Patent: May 29, 2007Assignee: Cisco Technology, Inc.Inventors: Anat Bremler Barr, Hank Nussbacher, Roi Hermoni, Dan Touitou
-
Patent number: 6876655Abstract: A method of routing a data packet from a forwarding router to a downstream router. The data packet header includes an address that includes a bit string. The forwarding router looks up, in a forwarding database, a prefix that best matches the bit string. The forwarding router then attaches to the data packet a clue that is related to the best matching prefix, and forwards the data packet to the downstream router. The downstream router looks up, in a downstream database, and with reference to the clue, another prefix that best matches the bit string. Because the databases of neighboring routers are similar, the clue either directly determines the best matching prefix at the downstream router or provides the downstream router with a good starting point for its lookup.Type: GrantFiled: April 20, 2000Date of Patent: April 5, 2005Assignee: Ramot at Tel Aviv University Ltd.Inventors: Yehuda Afek, Anat Bremler-Barr, Sariel Har-Peled
-
Publication number: 20030076848Abstract: An improved network device that controls throughput of packets received thereby, e.g., to downstream devices or to downstream logic contained within the same network device. The network device comprises a scheduler that schedules one or more packets of a selected class for throughput as a function of a weight of that class and weights of one or more other classes. The weight of at least the selected class is dynamic and is a function of a history of volume of packets received by the network device in the selected class. An apparatus for protecting against overload conditions on a network, e.g., of the type caused by DDoS attacks, has a scheduler and a token bucket mechanism, e.g., as described above. Such apparatus can also include a plurality of queues into which packets of the respective classes are placed on receipt by the apparatus. Those packets are dequeued by the scheduler, e.g., in the manner described above, for transmittal to downstream devices (e.g., potential victim nodes) on the network.Type: ApplicationFiled: April 26, 2002Publication date: April 24, 2003Inventors: Anat Bremler-Barr, Dan Touitou, Keren Horvitz, Rephael Tzadikario, Yehuda Afek
-
Publication number: 20020083175Abstract: Methods and apparatus for protecting against and/or responding to an overload condition at a node (“victim”) in a distributed network divert traffic otherwise destined for the victim to one or more other nodes, which can filter the diverted traffic, passing a portion of it to the victim, and/or effect processing of one or more of the diverted packets on behalf of the victim. Diversion can be performed by one or more nodes (collectively, a “first set” of nodes) external to the victim. Filtering and/or effecting traffic processing can be performed by one or more nodes (collectively, a “second set” of nodes) also external to the victim. Those first and second sets can have zero, one or more nodes in common—or, put another way, they may wholly, partially or not overlap. The methods and apparatus have application in protecting nodes in a distributed network, such as the Internet, against distributed denial of service (DDoS) attacks.Type: ApplicationFiled: August 14, 2001Publication date: June 27, 2002Applicant: WANWALL, INC. (a Delaware Corporation)Inventors: Yehuda Afek, Anat Bremler-Barr, Dan Touitou