Patents by Inventor James E. Winquist
James E. Winquist has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11546266Abstract: A method for correlating discarded network traffic with network policy events in a network includes receiving a flow record. The flow record includes initial network flow information in a standard flow record format. Discarded network traffic information associated with each network policy is received from a network policy enforcement device. Network traffic is discarded based on a network traffic policy. The received flow record is correlated with the received discarded network traffic information. The discarded network traffic information is encoded into the received flow record based on the correlation while maintaining the initial network flow information to yield an enhanced flow record.Type: GrantFiled: December 15, 2016Date of Patent: January 3, 2023Assignee: Arbor Networks, Inc.Inventors: Andrew D. Mortensen, James E. Winquist
-
Patent number: 11343143Abstract: A method for configuring a network monitoring device is provided. A plurality of flow records is received. The plurality of flow records is analyzed according to user-specified criteria to identify one or more network traffic patterns. A plurality of network entities associated with the one or more identified network traffic patterns is identified. A managed object including the identified plurality of network entities is generated.Type: GrantFiled: December 22, 2016Date of Patent: May 24, 2022Assignee: Arbor Networks, Inc.Inventors: Ronald G. Hay, James E. Winquist, Andrew D. Mortensen, William M. Northway, Jr., Lawrence B. Huston, III
-
Patent number: 10904203Abstract: A method for encoding domain name information into flow records includes receiving a flow record. The flow record includes initial network flow information in a standard flow record format including at least a source address and a destination address. Domain name information associated with each of the source address and destination address is retrieved from a database. The domain name information is encoded into the received flow record while maintaining the initial network flow information to yield an enhanced flow record.Type: GrantFiled: September 9, 2016Date of Patent: January 26, 2021Assignee: Arbor Networks, Inc.Inventors: Lawrence B. Huston, III, James E. Winquist, Alex Levine, Ronald G. Hay, Brett Higgins, Andrew D. Mortensen, William M. Northway, Jr., Eric Jackson
-
Patent number: 10708294Abstract: A system and method are provided to select mitigation parameters. The method includes receiving selection of at least one mitigation parameter, accessing a selected portion of stored network traffic or associated summaries that corresponds to a selectable time window, applying a mitigation to the selected portion of the stored network traffic or associated summaries using the selected at least one mitigation parameter, and outputting results of the applied mitigation.Type: GrantFiled: January 19, 2017Date of Patent: July 7, 2020Assignee: Arbor Networks, Inc.Inventors: William M. Northway, Jr., Andrew D. Mortensen, James E. Winquist, Ronald G. Hay, Nicholas Scott
-
Patent number: 10637885Abstract: A method for configuring a network monitoring device is provided. One or more performance metrics associated with one or more thresholds to be configured are received from a user. Historical network traffic flow information associated with a previously detected malicious activity is analyzed to identify characteristic values for the one or more performance metrics. Threshold values are automatically configured based on the identified characteristic values.Type: GrantFiled: November 28, 2016Date of Patent: April 28, 2020Assignee: Arbor Networks, Inc.Inventors: James E. Winquist, William M. Northway, Jr., Ronald G. Hay, Nicholas Scott, Lawrence B. Huston, III
-
Publication number: 20180205756Abstract: A system and method are provided to select mitigation parameters. The method includes receiving selection of at least one mitigation parameter, accessing a selected portion of stored network traffic or associated summaries that corresponds to a selectable time window, applying a mitigation to the selected portion of the stored network traffic or associated summaries using the selected at least one mitigation parameter, and outputting results of the applied mitigation.Type: ApplicationFiled: January 19, 2017Publication date: July 19, 2018Applicant: Arbor Networks, Inc.Inventors: William M. Northway, JR., Andrew D. Mortensen, James E. Winquist, Ronald G. Hay, Nicholas Scott
-
Publication number: 20180183714Abstract: A method for configuring a network monitoring device is provided. A plurality of flow records is received. The plurality of flow records is analyzed according to user-specified criteria to identify one or more network traffic patterns. A plurality of network entities associated with the one or more identified network traffic patterns is identified. A managed object including the identified plurality of network entities is generated.Type: ApplicationFiled: December 22, 2016Publication date: June 28, 2018Inventors: Ronald G. Hay, James E. Winquist, Andrew D. Mortensen, William M. Northway, JR., Lawrence B. Huston, III
-
Publication number: 20180176139Abstract: A method for correlating discarded network traffic with network policy events in a network includes receiving a flow record. The flow record includes initial network flow information in a standard flow record format. Discarded network traffic information associated with each network policy is received from a network policy enforcement device. Network traffic is discarded based on a network traffic policy. The received flow record is correlated with the received discarded network traffic information. The discarded network traffic information is encoded into the received flow record based on the correlation while maintaining the initial network flow information to yield an enhanced flow record.Type: ApplicationFiled: December 15, 2016Publication date: June 21, 2018Inventors: Andrew D. Mortensen, James E. Winquist
-
Publication number: 20180152474Abstract: A method for configuring a network monitoring device is provided. One or more performance metrics associated with one or more thresholds to be configured are received from a user. Historical network traffic flow information associated with a previously detected malicious activity is analyzed to identify characteristic values for the one or more performance metrics. Threshold values are automatically configured based on the identified characteristic values.Type: ApplicationFiled: November 28, 2016Publication date: May 31, 2018Inventors: James E. Winquist, William M. Northway, JR., Ronald G. Hay, Nicholas Scott, Lawrence B. Huston, III
-
Patent number: 9961106Abstract: A method for monitoring traffic flow in a network is provided. A network monitoring probe monitors one or more network traffic flow parameters to detect a denial of service attack. In response to detecting the denial of service attack, a first set of data representing the denial of service attack alert is displayed. Filtering criteria are received from a user. The filtering criteria include at least one of the network flow parameters identified as legitimate network traffic. A second set of data is generated and displayed based on the filtering criteria.Type: GrantFiled: September 24, 2014Date of Patent: May 1, 2018Assignee: Arbor Networks, Inc.Inventors: David Watson, Anthony Danducci, Joanna Markel, Willie Northway, Steven Lyskawa, James E. Winquist
-
Publication number: 20180077110Abstract: A method for encoding domain name information into flow records includes receiving a flow record. The flow record includes initial network flow information in a standard flow record format including at least a source address and a destination address. Domain name information associated with each of the source address and destination address is retrieved from a database. The domain name information is encoded into the received flow record while maintaining the initial network flow information to yield an enhanced flow record.Type: ApplicationFiled: September 9, 2016Publication date: March 15, 2018Inventors: Lawrence B. Huston, III, James E. Winquist, Alex Levine, Ronald G. Hay, Brett Higgins, Andrew D. Mortensen, William M. Northway, JR., Eric Jackson
-
Patent number: 9584533Abstract: A method for network traffic characterization is provided. Flow data records are acquired associated with a security alert signature. Unidimensional traffic clusters are generated based on the acquired data. A Bloom filter is populated with the acquired flow data records. Clusters of interest are identified from the generated unidimensional traffic clusters. The identified clusters of interest are compressed into a compressed set. A determination is made whether a multidimensional processing of the acquired flow data needs to be performed based on a priority associated with the alert signature. A multidimensional lattice corresponding to the unidimensional traffic clusters is generated. The multidimensional lattice is traversed and for each multidimensional node under consideration a determination is made if the Bloom filter contains flow records matching the multidimensional node under consideration.Type: GrantFiled: November 7, 2014Date of Patent: February 28, 2017Assignee: Arbor Networks, Inc.Inventors: David Watson, Lawrence B. Huston, III, James E. Winquist, Jeremiah Martell, Nicholas Scott
-
Publication number: 20160134503Abstract: A method for network traffic characterization is provided. Flow data records are acquired associated with a security alert signature. Unidimensional traffic clusters are generated based on the acquired data. A Bloom filter is populated with the acquired flow data records. Clusters of interest are identified from the generated unidimensional traffic clusters. The identified clusters of interest are compressed into a compressed set. A determination is made whether a multidimensional processing of the acquired flow data needs to be performed based on a priority associated with the alert signature. A multidimensional lattice corresponding to the unidimensional traffic clusters is generated. The multidimensional lattice is traversed and for each multidimensional node under consideration a determination is made if the Bloom filter contains flow records matching the multidimensional node under consideration.Type: ApplicationFiled: November 7, 2014Publication date: May 12, 2016Applicant: ARBOR NETWORKS, INC.Inventors: David Watson, Lawrence B. Huston, III, James E. Winquist, Jeremiah Martell, Nicholas Scott
-
Publication number: 20160088013Abstract: A method for monitoring traffic flow in a network is provided. A network monitoring probe monitors one or more network traffic flow parameters to detect a denial of service attack. In response to detecting the denial of service attack, a first set of data representing the denial of service attack alert is displayed. Filtering criteria are received from a user. The filtering criteria include at least one of the network flow parameters identified as legitimate network traffic. A second set of data is generated and displayed based on the filtering criteria.Type: ApplicationFiled: September 24, 2014Publication date: March 24, 2016Applicant: ARBOR NETWORKS, INC.Inventors: David Watson, Anthony Danducci, Joanna Markel, Willie Northway, Steven Lyskawa, James E. Winquist