Abstract: A network device is capable of recognizing and blocking network attacks associated with packet flows regardless of whether the packet flows are encapsulated within network tunnels. For example, the network device includes a filter module that receives packets associated with a network tunnel from an ingress device to an egress device. The filter module applies heuristics to determine whether the packets encapsulate encrypted data units. If the data units are not encrypted, the filter module extracts the data units and generates temporary packets for use within the network device. An attack detection engine within the device analyzes the temporary packets to detect any network attacks carried by the encapsulated data units. A forwarding component selectively forwards the packets to the egress device based on whether any network attacks are detected.

Abstract: An intrusion detection and prevention (IDP) device includes a flow analysis module, an analysis engine, a plurality of protocol-specific decoders and a profiler. The flow analysis module processes packet flows in a network to identify network elements associated with the packet flows. The analysis engine forms application-layer communications from the packet flows. The plurality of protocol-specific decoders processes the application-layer communications to generate application-layer elements. The profiler correlates the application-layer elements of the application-layer communications with the network elements of the packet flows of the computer network.

Abstract: Methods and apparatuses for inspecting packets are provided. A primary security system may be configured for processing packets. The primary security system may be operable to maintain flow information for a group of devices to facilitate processing of the packets. A secondary security system may be designated for processing packets upon a failover event. Flow records may be shared from the primary security system with the secondary security system.

Abstract: The present invention provides an apparatus and method for encoding, storing, transmitting and decoding multimedia information in the form of scalable, streamed digital data. A base stream containing basic informational content and subsequent streams containing additive informational content are initially created from standard digital multimedia data by a transcoder. Client computers, each of which may have different configurations and capabilities are capable of accessing a stream server that contains the scalable streamed digital data. Each different client computer, therefore, may access different stream combinations according to a profile associated with each different client computer. Thus, the streams accessed from the server are tailored to match the profile of each client computer so that the best combination of streams can be provided to maximize the resolution of the 3D, audio and video components.

Abstract: A discovery system (and corresponding method and computer program product) for automatically discovering assets and their roles and functional relationships in a network system is described. In one aspect, the discovery system interrogates known assets through protocol messages, normalizes response messages, and contextually analyzes the normalized response message to identify additional assets and their roles and functional relationships with the interrogated assets. The discovery system can recursively interrogate newly discovered assets to discover additional assets. In another aspect of the present invention, the discovery system is scheduled to periodically interrogate known assets for up-to-date information of the assets and their roles and functional relationships. Such information can be used to provide various services.

Abstract: A test system (and corresponding method and computer program product) for generating unit tests for a heterogeneous network system and validating test results to ensure that the network system functions properly is described. In one embodiment, the test system is an appliance that is capable of normalizing communication protocols supported by component systems of the network system. The test system creates objects and methods corresponding to component systems and their supported protocol commands in the network system, and generates unit test cases based on the objects, the methods, and the normalized protocols. The test system transmits the unit test cases to the component systems, receives test results, and validates the test results to ensure that the network system functions properly.

Abstract: A security analysis methodology is used to analyze the security of a device-under-analysis (DUA) with respect to a particular protocol message exchange. First, the mutation points that exist in the message exchange are determined. Then, the message exchange is executed multiple times—once for each mutation point. Each execution applies the mutation associated with that particular mutation point (e.g., a particular message during the exchange is modified in a particular way) to create a mutated message exchange. In other words, each message exchange with an applied mutation point corresponds to a test case.

Abstract: A system is used to analyze the implementation of a protocol by a device-under-analysis (DUA). The system includes a source endpoint, a destination endpoint (the DUA), and a message generator. The source endpoint generates an original message and attempts to send it to the DUA. The original message is intercepted by the message generator, which generates a replacement message. The replacement message is then sent to the DUA instead of the original message. The replacement message is deliberately improper so as to analyze the DUA's implementation of the protocol. The message generator includes a structure recognition system and a mutation system. The structure recognition system determines the underlying structure and/or semantics of a message. After the structure recognition system has determined the structure, it creates a description of the structure (a structure description). The mutation system modifies the message based on the structure description to generate a replacement message.

Abstract: A security analyzer analyzes a security of a device-under-analysis (DUA). In one embodiment, the security analyzer identifies two or more valid message-delivery preconditions for a communication protocol supported by the DUA. One of the identified valid message-delivery preconditions is selected and the security analyzer delivers an attack to the DUA according to the selected message-delivery precondition. The same or similar attacks can also be delivered to the DUA via other message-delivery preconditions. Based on the DUA's response, the security analyzer determines whether a vulnerability has been found.

Abstract: A security analyzer tests the security of a device by attacking the device and observing the device's response. Attacking the device includes sending one or more messages to the device. A message can be generated by the security analyzer or generated independently of the security analyzer. The security analyzer uses various methods to identify a particular attack that causes a device to fail or otherwise alter its behavior. Monitoring includes analyzing data (other than messages) output from the device in response to an attack. Packet processing analysis includes analyzing one or more messages generated by the device in response to an attack. Instrumentation includes establishing a baseline snapshot of the device's state when it is operating normally and then attacking the device in multiple ways while obtaining snapshots periodically during the attacks.

Abstract: Methods and apparatuses for inspecting packets are provided. A primary security system may be configured for processing packets. The primary security system may be operable to maintain flow information for a group of devices to facilitate processing of the packets. A secondary security system may be designated for processing packets upon a failover event. Flow records may be shared from the primary security system with the secondary security system.

Abstract: Systems and methods for detecting and preventing network security breaches are described. The systems and methods present a gateway-based packet-forwarding network security solution to not only detect security breaches but also prevent them by directly dropping suspicious packets and connections. The systems and methods employ multiple techniques to detect and prevent network security breaches, including stateful signature detection, traffic signature detection, and protocol anomaly detection.

Abstract: The present invention provides an apparatus and method for encoding, storing, transmitting and decoding multimedia information in the form of scalable, streamed digital data. A base stream containing basic informational content and subsequent streams containing additive informational content are initially created from standard digital multimedia data by a transcoder. Client computers, each of which may have different configurations and capabilities are capable of accessing a stream server that contains the scalable streamed digital data. Each different client computer, therefore, may access different stream combinations according to a profile associated with each different client computer. Thus, the streams accessed from the server are tailored to match the profile of each client computer so that the best combination of streams can be provided to maximize the resolution of the 3D, audio and video components.

Abstract: The present invention provides an apparatus and method for encoding, storing, transmitting and decoding multimedia information in the form of scalable, streamed digital data. A base stream containing basic informational content and subsequent streams containing additive informational content are initially created from standard digital multimedia data by a transcoder. Client computers, each of which may have different configurations and capabilities are capable of accessing a stream server that contains the scalable streamed digital data. Each different client computer, therefore, may access different stream combinations according to a profile associated with each different client computer. Thus, the streams accessed from the server are tailored to match the profile of each client computer so that the best combination of streams can be provided to maximize the resolution of the 3D, audio and video components.