Patents by Inventor Massimiliano Antonio Poletto
Massimiliano Antonio Poletto has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8504879Abstract: A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The aggregator runs processes that determine network events from aggregating of anomalies into network events.Type: GrantFiled: November 3, 2003Date of Patent: August 6, 2013Assignee: Riverbed Technology, Inc.Inventors: Massimiliano Antonio Poletto, Edward W. Kohler, Jr., Andrew Ratin, Andrew Gorelik
-
Patent number: 8479057Abstract: A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The aggregator runs processes that determine network events from aggregating of anomalies into network events.Type: GrantFiled: November 3, 2003Date of Patent: July 2, 2013Assignee: Riverbed Technology, Inc.Inventors: Massimiliano Antonio Poletto, Andrew Ratin, Andrew Gorelik
-
Patent number: 8458795Abstract: A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The aggregator runs processes that determine network events from aggregating of anomalies into network events.Type: GrantFiled: April 19, 2008Date of Patent: June 4, 2013Assignee: Riverbed Technologies, Inc.Inventors: Daniel Weber, Prem Gopalan, Massimiliano Antonio Poletto
-
Patent number: 8191136Abstract: A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The aggregator runs processes that determine network events from aggregating of anomalies into network events.Type: GrantFiled: November 3, 2003Date of Patent: May 29, 2012Assignee: Riverbed Technology, Inc.Inventors: Anne Elizabeth Dudfield, Massimiliano Antonio Poletto
-
Patent number: 8090809Abstract: Techniques to assign nodes in a network to groups of nodes includes grouping nodes on a network into groups based on host connection set data by identifying bi-connected components in the host connection set data; and merging groups with similar connection habits as determined by examining the host connection set data into larger groups.Type: GrantFiled: November 3, 2003Date of Patent: January 3, 2012Assignee: Riverbed Technology, Inc.Inventors: Godfrey Tan, Massimiliano Antonio Poletto
-
Patent number: 7929534Abstract: A plurality of flow collector devices is disposed to collect flow information on a network. Duplicate flow records received from the flow collectors are eliminated by determining whether a pair of flow records has the same, source and destination flow identifiers and were received within a predefined time-period. Non-duplicated flow records received from the plurality of flow collector devices are stored and used to produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node from non-duplicated flow records. The connection table stores statistical information of packets on the network based on a time-slice basis.Type: GrantFiled: June 28, 2004Date of Patent: April 19, 2011Assignee: Riverbed Technology, Inc.Inventors: Massimiliano Antonio Poletto, Andrew Ratin, Edward W. Kohler, Jr.
-
Patent number: 7836498Abstract: A system architecture for thwarting denial of service attacks on a victim data center is described. The system includes a first plurality of monitors that monitor network traffic flow through the network. The first plurality of monitors is disposed at a second plurality of points in the network. The system includes a central controller that receives data from the plurality of monitors, over a hardened, redundant network. The central controller analyzes network traffic statistics to identify malicious network traffic. In some embodiments of the system, a gateway device is disposed to pass network packets between the network and the victim site. The gateway is disposed to protect the victim site, and is coupled to the control center by the redundant hardened network.Type: GrantFiled: August 16, 2001Date of Patent: November 16, 2010Assignee: Riverbed Technology, Inc.Inventors: Massimiliano Antonio Poletto, Edward W. Kohler, Jr.
-
Patent number: 7827272Abstract: A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The aggregator runs processes that determine network events from aggregating of anomalies into network events.Type: GrantFiled: November 3, 2003Date of Patent: November 2, 2010Assignee: Riverbed Technology, Inc.Inventors: Massimiliano Antonio Poletto, Andrew Ratin, Anne Elizabeth Dudfield
-
Patent number: 7760653Abstract: A system includes a plurality of collector devices that are disposed to collect statistical information on packets that are sent between nodes on a network. The system also includes a stackable aggregator that receives network data from the plurality of collector devices, and which produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The stackable aggregator includes a manager blade, a database blade, and two or more, analyzer blades.Type: GrantFiled: October 26, 2004Date of Patent: July 20, 2010Assignee: Riverbed Technology, Inc.Inventor: Massimiliano Antonio Poletto
-
Patent number: 7743415Abstract: A system architecture for thwarting denial of service attacks on a victim data center is described. The system includes a first plurality of data monitors that monitor network traffic flow through the network. The first plurality of monitors is disposed at a second plurality of points in the network. The system includes a central controller that receives data from the plurality of monitors, over a hardened, redundant network. The central controller analyzes network traffic statistics to identify malicious network traffic. In one embodiment, a gateway device is disposed to pass network packets between the network and the victim site. The gateway includes a computing device executing a process to build a histogram for any attribute or function of an attribute of network packets and a process to determine if the values of the attribute exceed normal, threshold values expected for the attribute to indicate an attack on the site.Type: GrantFiled: January 31, 2002Date of Patent: June 22, 2010Assignee: Riverbed Technology, Inc.Inventors: Massimiliano Antonio Poletto, Andrew Ratin, Andrew Gorelik
-
Patent number: 7743134Abstract: A system architecture for thwarting denial of service attacks on a victim data center is described. The system includes a first plurality of monitors that monitor network traffic flow through the network. The first plurality of monitors is disposed at a second plurality of points in the network. The system includes a central controller that receives data from the plurality of monitors, over a hardened, redundant network. The central controller analyzes network traffic statistics to identify malicious network traffic. In some embodiments of the system, a gateway device is disposed to pass network packets between the network and the victim site. The gateway is disposed to protect the victim site, and is coupled to the control center by the redundant hardened network.Type: GrantFiled: August 16, 2001Date of Patent: June 22, 2010Assignee: Riverbed Technology, Inc.Inventors: Edward W. Kohler, Jr., Massimiliano Antonio Poletto
-
Patent number: 7716737Abstract: A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The aggregator runs processes that determine network events from aggregating of anomalies into network events.Type: GrantFiled: November 3, 2003Date of Patent: May 11, 2010Assignee: Riverbed Technology, Inc.Inventors: Benjamin Wilken, Massimiliano Antonio Poletto
-
Publication number: 20100115617Abstract: A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The aggregator runs processes that determine network events from aggregating of anomalies into network events.Type: ApplicationFiled: April 19, 2008Publication date: May 6, 2010Inventors: Daniel Weber, Prem Gopalan, Massimiliano Antonio Poletto
-
Patent number: 7706273Abstract: Techniques for tracking dynamically negotiated port connections in a network include collecting statistical information on packets that are sent between nodes on a network, inspecting packets of control connections to detect payload fragments that denote ephemeral port negotiation and producing a mapping from a ephemeral connection flow_id to a control connection flow_id. The techniques also include checking the flow_id to see whether a flow record maps to a control connection.Type: GrantFiled: September 30, 2004Date of Patent: April 27, 2010Assignee: Riverbed Technology, Inc.Inventors: Massimiliano Antonio Poletto, Andrew Gorelik
-
Patent number: 7702806Abstract: A system architecture for thwarting denial of service attacks on a victim data center is described. The system includes a first plurality of monitors that monitor network traffic flow through the network. The first plurality of monitors is disposed at a second plurality of points in the network. The system includes a central controller that receives data from the plurality of monitors, over a hardened, redundant network. The central controller analyzes network traffic statistics to identify malicious network traffic. In some embodiments of the system, a gateway device is disposed to pass network packets between the network and the victim site. The gateway is disposed to protect the victim site, and is coupled to the control center by the redundant hardened network.Type: GrantFiled: August 16, 2001Date of Patent: April 20, 2010Assignee: Riverbed Technology, Inc.Inventors: Thomer Michael Gil, Massimiliano Antonio Poletto, Edward W. Kohler, Jr.
-
Patent number: 7664963Abstract: A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The aggregator runs processes that determine network events from aggregating of anomalies into network events.Type: GrantFiled: November 3, 2003Date of Patent: February 16, 2010Assignee: Riverbed Technology, Inc.Inventors: Edward W. Kohler, Jr., Massimiliano Antonio Poletto, Andrew Ratin
-
Patent number: 7657934Abstract: A monitoring device is disposed to thwart denial of service attacks on a data center. The monitoring device is a device that collects statistical information on packets that are sent between a network and the data center for a plurality of customers by examining traffic as if the device was disposed on links that are downstream from links that the provisioned monitor is disposed on.Type: GrantFiled: January 31, 2002Date of Patent: February 2, 2010Assignee: Riverbed Technology, Inc.Inventors: Massimiliano Antonio Poletto, Anne Elizabeth Dudfield
-
Patent number: 7581023Abstract: An arrangement is disposed in a network. The arrangement includes a device that is logically disposed adjacent logically nearby routers having a first type of probe that are disposed to sample traffic, and that is has second type of probe that is disposed in-line during an attack by modifying router tables on the nearby routers.Type: GrantFiled: April 30, 2002Date of Patent: August 25, 2009Assignee: Riverbed Technology, Inc.Inventors: Massimiliano Antonio Poletto, Robert Nader Nazzal, Dimitri Stratton Vlachos
-
Patent number: 7461404Abstract: A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The aggregator runs processes that determine network events from aggregating of anomalies into network events.Type: GrantFiled: November 3, 2003Date of Patent: December 2, 2008Assignee: Mazu Networks, Inc.Inventors: Anne Elizabeth Dudfield, Massimiliano Antonio Poletto, Daniel Weber
-
Patent number: 7398317Abstract: A system architecture for thwarting denial of service attacks on a victim data center is described. The system includes a first plurality of monitors that monitor network traffic flow through the network. The first plurality of monitors is disposed at a second plurality of points in the network. The system includes a central controller that receives data from the plurality of monitors, over a hardened, redundant network. The central controller analyzes network traffic statistics to identify malicious network traffic. In some embodiments of the system, a gateway device is disposed to pass network packets between the network and the victim site. The gateway is disposed to protect the victim site, and is coupled to the control center by the redundant hardened network.Type: GrantFiled: September 5, 2001Date of Patent: July 8, 2008Assignee: Mazu Networks, Inc.Inventors: Benjie Chen, Massimiliano Antonio Poletto