Patents by Inventor Lawrence B. Huston
Lawrence B. Huston has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11622024Abstract: A system for processing data, comprising a first processor configured to operate one or more algorithms to provide an explicit proxy that directs network communications over a public network to a proxy server. The first processor configured to operate one or more algorithms to provide a firewall agent that verifies the presence of a firewall key prior to allowing data communications over the public network using the explicit proxy. Wherein the explicit proxy is installed using a proxy auto configuration file that is associated with the firewall agent.Type: GrantFiled: September 25, 2020Date of Patent: April 4, 2023Assignee: FORCEPOINT LLCInventor: Lawrence B. Huston, III
-
Patent number: 11343143Abstract: A method for configuring a network monitoring device is provided. A plurality of flow records is received. The plurality of flow records is analyzed according to user-specified criteria to identify one or more network traffic patterns. A plurality of network entities associated with the one or more identified network traffic patterns is identified. A managed object including the identified plurality of network entities is generated.Type: GrantFiled: December 22, 2016Date of Patent: May 24, 2022Assignee: Arbor Networks, Inc.Inventors: Ronald G. Hay, James E. Winquist, Andrew D. Mortensen, William M. Northway, Jr., Lawrence B. Huston, III
-
Publication number: 20220103647Abstract: A system for processing data, comprising a first processor configured to operate one or more algorithms to provide an explicit proxy that directs network communications over a public network to a proxy server. The first processor configured to operate one or more algorithms to provide a firewall agent that verifies the presence of a firewall key prior to allowing data communications over the public network using the explicit proxy. Wherein the explicit proxy is installed using a proxy auto configuration file that is associated with the firewall agent.Type: ApplicationFiled: September 25, 2020Publication date: March 31, 2022Applicant: Forcepoint LLCInventor: Lawrence B. Huston, III
-
Patent number: 11283648Abstract: A system for controlling data services, comprising a plurality of host computers configured to communicate over the network and to request a data tunnel. A plurality of server computers configured to provide data tunnel services to the plurality of host computers. An address allocator operating on one or more processors and configured to implement one or more algorithms that cause a range of addresses to be assigned to each of the server computers, wherein each of the host computers receives one of the addresses for use as part of a data tunnel service request from the host computer to the server computer.Type: GrantFiled: August 15, 2019Date of Patent: March 22, 2022Assignee: FORCEPOINT LLCInventor: Lawrence B. Huston, III
-
Publication number: 20210051043Abstract: A system for controlling data services, comprising a plurality of host computers configured to communicate over the network and to request a data tunnel. A plurality of server computers configured to provide data tunnel services to the plurality of host computers. An address allocator operating on one or more processors and configured to implement one or more algorithms that cause a range of addresses to be assigned to each of the server computers, wherein each of the host computers receives one of the addresses for use as part of a data tunnel service request from the host computer to the server computer.Type: ApplicationFiled: August 15, 2019Publication date: February 18, 2021Applicant: Forcepoint LLCInventor: Lawrence B. Huston, III
-
Publication number: 20210051132Abstract: A system for controlling a network, comprising a plurality of host computers configured to communicate over the network. A plurality of server computers configured to provide services to the plurality of host computers. An address allocator operating on one or more processors and configured to implement one or more algorithms that cause a range of addresses to be assigned to each of the server computers, wherein each of the host computers receives one of the addresses for use as part of a service request from the host computer to the server computer.Type: ApplicationFiled: August 16, 2019Publication date: February 18, 2021Applicant: Forcepoint LLCInventors: Lawrence B. Huston, III, David James Usher, Olli-Pekka Niemi
-
Patent number: 10904203Abstract: A method for encoding domain name information into flow records includes receiving a flow record. The flow record includes initial network flow information in a standard flow record format including at least a source address and a destination address. Domain name information associated with each of the source address and destination address is retrieved from a database. The domain name information is encoded into the received flow record while maintaining the initial network flow information to yield an enhanced flow record.Type: GrantFiled: September 9, 2016Date of Patent: January 26, 2021Assignee: Arbor Networks, Inc.Inventors: Lawrence B. Huston, III, James E. Winquist, Alex Levine, Ronald G. Hay, Brett Higgins, Andrew D. Mortensen, William M. Northway, Jr., Eric Jackson
-
Patent number: 10637885Abstract: A method for configuring a network monitoring device is provided. One or more performance metrics associated with one or more thresholds to be configured are received from a user. Historical network traffic flow information associated with a previously detected malicious activity is analyzed to identify characteristic values for the one or more performance metrics. Threshold values are automatically configured based on the identified characteristic values.Type: GrantFiled: November 28, 2016Date of Patent: April 28, 2020Assignee: Arbor Networks, Inc.Inventors: James E. Winquist, William M. Northway, Jr., Ronald G. Hay, Nicholas Scott, Lawrence B. Huston, III
-
Patent number: 10182071Abstract: A system for mitigating network attacks includes a protected network and one or more attack mitigation devices communicatively coupled to the protected network. The attack mitigation devices are configured to receive a request from a host having an IP address and determine whether the IP address is included in a first probabilistic data structure representing addresses of hosts having failed to authenticate using a first authentication procedure. The attack mitigation devices are also configured to perform the first authentication procedure, responsive to a determination that the IP address of the host is not included in the first data structure. The attack mitigation devices are yet further configured to allow the host to access the protected network, responsive to successful completion of the first authentication procedure and to update the first data structure to include the IP address of the host, responsive to unsuccessful completion of the first authentication procedure.Type: GrantFiled: July 29, 2016Date of Patent: January 15, 2019Assignee: Arbor Networks, Inc.Inventors: Lawrence B. Huston, III, Mathew R. Richardson
-
Patent number: 10116692Abstract: A system for mitigating network attacks within encrypted network traffic is provided. The system includes a protected network including a plurality of devices. The system further includes attack mitigation devices communicatively coupled to the protected network and to a cloud platform. The attack mitigation devices are configured and operable to decrypt the encrypted traffic received from the cloud platform and destined to the protected network to form a plurality of decrypted network packets and analyze the plurality of decrypted network to detect attacks. The attack mitigation devices are further configured to generate, in response to detecting the attacks, attack signatures corresponding to the detected attacks and configured to send the generated attack signatures to attack mitigation services provided in the cloud platform. The attack mitigation services are configured and operable to drop encrypted network traffic matching the attack signatures received from the attack mitigation devices.Type: GrantFiled: September 4, 2015Date of Patent: October 30, 2018Assignee: Arbor Networks, Inc.Inventors: Lawrence B. Huston, III, Scott Iekel-Johnson
-
Patent number: 10044751Abstract: A system for mitigating network attacks is provided. The system includes a protected network including a plurality of devices. The system further includes one or more attack mitigation devices communicatively coupled to the protected network. The attack mitigation devices are configured and operable to employ a recurrent neural network (RNN) to obtain probability information related to a request stream. The request stream may include a plurality of at least one of: HTTP, RTSP and/or DNS messages. The attack mitigation devices are further configured to analyze the obtained probability information to detect one or more atypical requests in the request stream. The attack mitigation services are also configured and operable to perform, in response to detecting one or more atypical requests, mitigation actions on the one or more atypical requests in order to block an attack.Type: GrantFiled: December 28, 2015Date of Patent: August 7, 2018Assignee: Arbor Networks, Inc.Inventor: Lawrence B. Huston, III
-
Publication number: 20180183714Abstract: A method for configuring a network monitoring device is provided. A plurality of flow records is received. The plurality of flow records is analyzed according to user-specified criteria to identify one or more network traffic patterns. A plurality of network entities associated with the one or more identified network traffic patterns is identified. A managed object including the identified plurality of network entities is generated.Type: ApplicationFiled: December 22, 2016Publication date: June 28, 2018Inventors: Ronald G. Hay, James E. Winquist, Andrew D. Mortensen, William M. Northway, JR., Lawrence B. Huston, III
-
Publication number: 20180152474Abstract: A method for configuring a network monitoring device is provided. One or more performance metrics associated with one or more thresholds to be configured are received from a user. Historical network traffic flow information associated with a previously detected malicious activity is analyzed to identify characteristic values for the one or more performance metrics. Threshold values are automatically configured based on the identified characteristic values.Type: ApplicationFiled: November 28, 2016Publication date: May 31, 2018Inventors: James E. Winquist, William M. Northway, JR., Ronald G. Hay, Nicholas Scott, Lawrence B. Huston, III
-
Publication number: 20180077110Abstract: A method for encoding domain name information into flow records includes receiving a flow record. The flow record includes initial network flow information in a standard flow record format including at least a source address and a destination address. Domain name information associated with each of the source address and destination address is retrieved from a database. The domain name information is encoded into the received flow record while maintaining the initial network flow information to yield an enhanced flow record.Type: ApplicationFiled: September 9, 2016Publication date: March 15, 2018Inventors: Lawrence B. Huston, III, James E. Winquist, Alex Levine, Ronald G. Hay, Brett Higgins, Andrew D. Mortensen, William M. Northway, JR., Eric Jackson
-
Publication number: 20180034849Abstract: A system for mitigating network attacks includes a protected network and one or more attack mitigation devices communicatively coupled to the protected network. The attack mitigation devices are configured to receive a request from a host having an IP address and determine whether the IP address is included in a first probabilistic data structure representing addresses of hosts having failed to authenticate using a first authentication procedure. The attack mitigation devices are also configured to perform the first authentication procedure, responsive to a determination that the IP address of the host is not included in the first data structure. The attack mitigation devices are yet further configured to allow the host to access the protected network, responsive to successful completion of the first authentication procedure and to update the first data structure to include the IP address of the host, responsive to unsuccessful completion of the first authentication procedure.Type: ApplicationFiled: July 29, 2016Publication date: February 1, 2018Inventors: Lawrence B. Huston, III, Mathew R. Richardson
-
Patent number: 9749340Abstract: A computer system and method for monitoring traffic for determining denial of service attacks in a network. Data packets are monitored which are attempting to access one or more server devices in a protected network. A Transport Control Protocol (TCP) window advertisement value is determined for the data packets. If a detected TCP window advertisement value for monitored packets is determined less than a TCP window advertisement threshold value then a determination is made as to whether the data rate for the packets is less than a data rate threshold value. The monitored packets are determined malicious if the detected window advertisement value is less than the TCP window advertisement threshold value and the determined data rate is less than the data rate threshold value.Type: GrantFiled: April 28, 2015Date of Patent: August 29, 2017Assignee: Arbor Networks, Inc.Inventor: Lawrence B. Huston, III
-
Publication number: 20170187747Abstract: A system for mitigating network attacks is provided. The system includes a protected network including a plurality of devices. The system further includes one or more attack mitigation devices communicatively coupled to the protected network. The attack mitigation devices are configured and operable to employ a recurrent neural network (RNN) to obtain probability information related to a request stream. The request stream may include a plurality of at least one of: HTTP, RTSP and/or DNS messages. The attack mitigation devices are further configured to analyze the obtained probability information to detect one or more atypical requests in the request stream. The attack mitigation services are also configured and operable to perform, in response to detecting one or more atypical requests, mitigation actions on the one or more atypical requests in order to block an attack.Type: ApplicationFiled: December 28, 2015Publication date: June 29, 2017Inventor: Lawrence B. Huston, III
-
Publication number: 20170070531Abstract: A system for mitigating network attacks within encrypted network traffic is provided. The system includes a protected network including a plurality of devices. The system further includes attack mitigation devices communicatively coupled to the protected network and to a cloud platform. The attack mitigation devices are configured and operable to decrypt the encrypted traffic received from the cloud platform and destined to the protected network to form a plurality of decrypted network packets and analyze the plurality of decrypted network to detect attacks. The attack mitigation devices are further configured to generate, in response to detecting the attacks, attack signatures corresponding to the detected attacks and configured to send the generated attack signatures to attack mitigation services provided in the cloud platform. The attack mitigation services are configured and operable to drop encrypted network traffic matching the attack signatures received from the attack mitigation devices.Type: ApplicationFiled: September 4, 2015Publication date: March 9, 2017Inventors: Lawrence B. Huston, III, Scott Iekel-Johnson
-
Patent number: 9584533Abstract: A method for network traffic characterization is provided. Flow data records are acquired associated with a security alert signature. Unidimensional traffic clusters are generated based on the acquired data. A Bloom filter is populated with the acquired flow data records. Clusters of interest are identified from the generated unidimensional traffic clusters. The identified clusters of interest are compressed into a compressed set. A determination is made whether a multidimensional processing of the acquired flow data needs to be performed based on a priority associated with the alert signature. A multidimensional lattice corresponding to the unidimensional traffic clusters is generated. The multidimensional lattice is traversed and for each multidimensional node under consideration a determination is made if the Bloom filter contains flow records matching the multidimensional node under consideration.Type: GrantFiled: November 7, 2014Date of Patent: February 28, 2017Assignee: Arbor Networks, Inc.Inventors: David Watson, Lawrence B. Huston, III, James E. Winquist, Jeremiah Martell, Nicholas Scott
-
Publication number: 20160323299Abstract: A computer system and method for monitoring traffic for determining denial of service attacks in a network. Data packets are monitored which are attempting to access one or more server devices in a protected network. A Transport Control Protocol (TCP) window advertisement value is determined for the data packets. If a detected TCP window advertisement value for monitored packets is determined less than a TCP window advertisement threshold value then a determination is made as to whether the data rate for the packets is less than a data rate threshold value. The monitored packets are determined malicious if the detected window advertisement value is less than the TCP window advertisement threshold value and the determined data rate is less than the data rate threshold value.Type: ApplicationFiled: April 28, 2015Publication date: November 3, 2016Applicant: Arbor Networks, Inc.Inventor: Lawrence B. Huston, III