Patents by Inventor Steinthor Bjarnason
Steinthor Bjarnason has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240073184Abstract: A method of configuring a filter to perform pattern matching against input data is provided. The method includes receiving one or more rules, each rule including one or more field specifiers, each field specifier including a value specifier that specifies a value to be matched and a location specifier that specifies a location in the input data. For each rule of the one or more rules an empty buffer is initialized. For each field specifier the value specified by the field specifier is appended to the buffer, and the buffer contents are inserted into contents of a probabilistic data structure representing all of the field specifiers of the rule. The probabilistic data structure is configured to receive a query that includes query buffer contents determined from the input data and respond with a match status of probably present based on a predetermined probability, or definitely not present.Type: ApplicationFiled: August 30, 2022Publication date: February 29, 2024Applicant: NetScout Systems Texas, LLCInventors: Brian St. Pierre, Timothy David Dodd, Steinthor Bjarnason
-
Publication number: 20230396648Abstract: A computer system and process for mitigating a Distributed Denial of Service (DDoS) attack by analyzing and correlating inbound and outbound packet information relative to the one or more protected computer networks for detecting novel DDoS Reflection/Amplification attack vectors. Created are separate data repositories that respectively store information relating to captured inbound and outbound packets flowing to and from the protected computer networks. Stored in each respective inbound and outbound data repository are identified inbound destination ports respectively associated with the captured inbound and outbound packets such that each identified inbound destination port number is associated with 1) a packet count relating to the inbound and outbound packets; and 2) a packet byte length count relating to each of the inbound and outbound packets.Type: ApplicationFiled: June 1, 2022Publication date: December 7, 2023Applicant: Arbor Networks, Inc.Inventors: Brian St. Pierre, Steinthor Bjarnason
-
Patent number: 11770405Abstract: A method of automated filtering includes receiving a network traffic snapshot having packets with data stored in respective fields, generating a statistical data structure storing each potential unique combination of data stored in respective fields with an associated counter that is incremented for each occurrence that the combination matches one of the packets of the network traffic snapshot and one or more observation timestamps. Determining an observed vector from the statistical data structure, wherein the observed vector has associated attribute/value pairs and counters that satisfy a predetermined criterion. The observed vector's attribute/value pairs are compared to known attribute/value pairs associated with known DDoS attack vectors of an attack vector database.Type: GrantFiled: September 10, 2020Date of Patent: September 26, 2023Assignee: ARBOR NETWORKS, INC.Inventors: Steinthor Bjarnason, Brian St. Pierre
-
Publication number: 20230283631Abstract: A computer system and process for mitigating a Distributed Denial of Service (DDoS) attack to one or more protected computer networks by determining keywords and/or patterns in HyperText Transfer Protocol (HTTP) responses. Stored HTTP responses are analyzed to extract one or more HTTP characteristics for each stored HTTP response. One or more patterns having one or more keywords in each stored HTTP response is determined utilizing the extracted one or more HTTP characteristics for each stored HTTP response. A hash value is determined for each determined pattern, which is preferably stored in a hash structure accompanied by its respective determined HTTP characteristics. Each hash value accompanied by its respective determined HTTP characteristics is stored as a mitigation filter candidate if the hash value contains a determined pattern consisting of at least a predetermined percentage of all determined patterns stored in the hash structure.Type: ApplicationFiled: May 12, 2022Publication date: September 7, 2023Applicant: Arbor Networks, Inc.Inventors: Steinthor Bjarnason, Ellis Roland Dobbins
-
Publication number: 20230269269Abstract: A computer method and system for determining patterns in network traffic packets having structured subfields for generating filter candidate regular expressions for DDoS attack mitigation. Stored packets are analyzed to extract a query name for each stored packet. Each query name is segregated into subfields. A Results-table is generated utilizing the segregated subfields of the query names. A Field-length table is generated that contains the length of the Field Values (Field-length) for each Field Name and an associated counter indicating how many instances the Field-length for a Field Name is present in the extracted query names. The Field-length table is analyzed to determine patterns of equal length in the “Results” table. Utilizing the Patterns table, unique combinations of the Field Values are generated as a filter candidate regular expression for DDoS attack mitigation purposes.Type: ApplicationFiled: February 23, 2022Publication date: August 24, 2023Applicant: Arbor Networks, Inc.Inventor: Steinthor Bjarnason
-
Patent number: 11431750Abstract: A system and method for detecting a Denial of Service (DoS) attack. A number of evaluator elements (M) is determined for DoS analysis for network connection requests wherein each evaluator element is preferably associated with a component of the analyzed connection request. A DoS evaluator element score is determined for an evaluator element of the connection request by analyzing the evaluator element. DoS mitigation actions may be performed on the connection request if the determined evaluator element score is indicative of a DoS attack. An evaluator consolidated score (which may be weighted) is then calculated preferably consisting of one or more of the respective DoS evaluator element scores. Next, a determination is made as to whether each evaluator element of the M evaluator elements has been analyzed for determining a respective DoS evaluator element score. If no, a DoS evaluator element score for a succeeding evaluator element to be analyzed is then determined.Type: GrantFiled: May 15, 2020Date of Patent: August 30, 2022Assignee: Arbor Networks, Inc.Inventors: Sean O'Hara, Steinthor Bjarnason
-
Publication number: 20220078205Abstract: A method of automated filtering includes receiving a network traffic snapshot having packets with data stored in respective fields, generating a statistical data structure storing each potential unique combination of data stored in respective fields with an associated counter that is incremented for each occurrence that the combination matches one of the packets of the network traffic snapshot and one or more observation timestamps. Determining an observed vector from the statistical data structure, wherein the observed vector has associated attribute/value pairs and counters that satisfy a predetermined criterion. The observed vector's attribute/value pairs are compared to known attribute/value pairs associated with known DDoS attack vectors of an attack vector database.Type: ApplicationFiled: September 10, 2020Publication date: March 10, 2022Applicant: Arbor Networks, Inc.Inventors: Steinthor Bjarnason, Brian St. Pierre
-
Publication number: 20210360023Abstract: A system and method for detecting a Denial of Service (DoS) attack. A number of evaluator elements (M) is determined for DoS analysis for network connection requests wherein each evaluator element is preferably associated with a component of the analyzed connection request. A DoS evaluator element score is determined for an evaluator element of the connection request by analyzing the evaluator element. DoS mitigation actions may be performed on the connection request if the determined evaluator element score is indicative of a DoS attack. An evaluator consolidated score (which may be weighted) is then calculated preferably consisting of one or more of the respective DoS evaluator element scores. Next, a determination is made as to whether each evaluator element of the M evaluator elements has been analyzed for determining a respective DoS evaluator element score. If no, a DoS evaluator element score for a succeeding evaluator element to be analyzed is then determined.Type: ApplicationFiled: May 15, 2020Publication date: November 18, 2021Applicant: Arbor Networks, Inc.Inventors: Sean O'Hara, Steinthor Bjarnason
-
Patent number: 11153334Abstract: A method of detecting patterns in network traffic is provided. The method includes receiving packets of network traffic, performing a frequency analysis per field of the packets as a function of frequency of the occurrence of the same data in the corresponding field, and selecting top values which are values associated with each field of the set of fields that satisfy a criterion as having occurred most frequently in the packets as a function of a result of the frequency analysis.Type: GrantFiled: April 9, 2019Date of Patent: October 19, 2021Assignee: Arbor Networks, Inc.Inventors: Steinthor Bjarnason, Andrew Ralph Beard, David Turnbull
-
Patent number: 10951649Abstract: A method of detecting patterns in network traffic is provided. The method includes receiving a plurality of packets of network traffic, each packet having a payload populated with payload data and selecting payload lengths that occurred most frequently. For each of the selected payload lengths, a pattern template is generated using characters per position of the payload that satisfy a frequency criterion. A bit encoding scheme is assigned for each of the selected payload lengths and its associated pattern template. Each packet of the plurality of packets that has a payload length equal to any of the selected payload lengths and payload content that matches a pattern template generated for the payload is encoded into a single value. The single value uses the bit encoding scheme for the payload length and the pattern template matched.Type: GrantFiled: April 9, 2019Date of Patent: March 16, 2021Assignee: Arbor Networks, Inc.Inventor: Steinthor Bjarnason
-
Publication number: 20200329069Abstract: A method of detecting patterns in network traffic is provided. The method includes receiving a plurality of packets of network traffic, each packet having a payload populated with payload data and selecting payload lengths that occurred most frequently. For each of the selected payload lengths, a pattern template is generated using characters per position of the payload that satisfy a frequency criterion. A bit encoding scheme is assigned for each of the selected payload lengths and its associated pattern template. Each packet of the plurality of packets that has a payload length equal to any of the selected payload lengths and payload content that matches a pattern template generated for the payload is encoded into a single value. The single value uses the bit encoding scheme for the payload length and the pattern template matched.Type: ApplicationFiled: April 9, 2019Publication date: October 15, 2020Applicant: Arbor Networks, Inc.Inventor: Steinthor Bjarnason
-
Publication number: 20200329054Abstract: A method of detecting patterns in network traffic is provided. The method includes receiving packets of network traffic, performing a frequency analysis per field of the packets as a function of frequency of the occurrence of the same data in the corresponding field, and selecting top values which are values associated with each field of the set of fields that satisfy a criterion as having occurred most frequently in the packets as a function of a result of the frequency analysis.Type: ApplicationFiled: April 9, 2019Publication date: October 15, 2020Applicant: Arbor Networks, Inc.Inventors: Steinthor Bjarnason, Andrew Ralph Beard, David Turnbull
-
Patent number: 10469528Abstract: A method for detecting patterns using statistical analysis is provided. The method includes receiving a subset of structured data having a plurality of fields. A plurality of value combinations is generated for the plurality of fields using a statistical combination function. Each combination of the generated plurality of value combinations is stored as a separate entry in a results table. The entry in the results table includes a counter associated with the stored combination. A value of the counter is incremented for every occurrence of the stored combination in the generated plurality of value combinations. The results table is sorted based on the counters' values and based on a number of fields in each combination. One or more entries having highest counter values are identified in the results table.Type: GrantFiled: February 27, 2017Date of Patent: November 5, 2019Assignee: Arbor Networks, Inc.Inventor: Steinthor Bjarnason
-
Patent number: 10257161Abstract: Neighbor discovery is used to create a generic trust database for other applications. As part of the neighbor discovery, each device performs classification and validation of the credentials of the neighboring devices. The credentials and validation results are stored locally without having to perform a separate authentication step. The trust database is created and maintained as a neighbor table with the results of the validation. The generic trust database may then be consulted by other protocols. The neighbor discovery may use any of various underlying protocols, but the resulting table unifies the results such that other applications or protocols may take advantage of the secured identity without having to implement their own discovery process. Both discovery and validation may be implemented locally without relying on centralized servers. Manual configuration may be avoided.Type: GrantFiled: May 22, 2012Date of Patent: April 9, 2019Assignee: Cisco Technology, Inc.Inventors: Balaji B. L., Yves Hertoghs, Michael Behringer, Steinthor Bjarnason
-
Publication number: 20180248908Abstract: A method for detecting patterns using statistical analysis is provided. The method includes receiving a subset of structured data having a plurality of fields. A plurality of value combinations is generated for the plurality of fields using a statistical combination function. Each combination of the generated plurality of value combinations is stored as a separate entry in a results table. The entry in the results table includes a counter associated with the stored combination. A value of the counter is incremented for every occurrence of the stored combination in the generated plurality of value combinations. The results table is sorted based on the counters' values and based on a number of fields in each combination. One or more entries having highest counter values are identified in the results table.Type: ApplicationFiled: February 27, 2017Publication date: August 30, 2018Inventor: Steinthor Bjarnason
-
Patent number: 9774452Abstract: A method in an example embodiment includes creating an initial information package for a device attempting to join a network domain of a network environment; communicating the initial information package to a signing authority; sending an authorization token generated by the signing authority to the device, wherein the device validates the authorization token based on a credential in the device; and receiving an audit history report of the device, wherein the audit history report comprises information regarding previous attempts by the device to join the network environment.Type: GrantFiled: May 27, 2015Date of Patent: September 26, 2017Assignee: Cisco Technology, Inc.Inventors: Steinthor Bjarnason, Michael H. Behringer, Yves Francis Eugene Hertoghs, Max Pritikin
-
Patent number: 9391959Abstract: To avoid user error and breaking operations, administration and management (OAM), the control plane for implementing OAM is automatically generated by network devices without user input. This control plane is hidden from the user, preventing any configuration that may bring down the connectivity for OAM.Type: GrantFiled: January 15, 2013Date of Patent: July 12, 2016Assignee: Cisco Technology, Inc.Inventors: Steinthor Bjarnason, Michael Behringer, Yves Hertoghs, Toerless Eckert, Balaji B. L.
-
Publication number: 20150280916Abstract: A method in an example embodiment includes creating an initial information package for a device attempting to join a network domain of a network environment; communicating the initial information package to a signing authority; sending an authorization token generated by the signing authority to the device, wherein the device validates the authorization token based on a credential in the device; and receiving an audit history report of the device, wherein the audit history report comprises information regarding previous attempts by the device to join the network environment.Type: ApplicationFiled: May 27, 2015Publication date: October 1, 2015Applicant: CISCO TECHNOLOGY, INC.Inventors: Steinthor Bjarnason, Michael H. Behringer, Yves Francis Eugene Hertoghs, Max Pritikin
-
Patent number: 9130837Abstract: A method in an example embodiment includes creating an initial information package for a device in a domain of a network environment when the device is unconfigured. The method further includes communicating the initial information package to a signing authority, receiving an authorization token from the signing authority, and sending the authorization token to the unconfigured device, where the unconfigured device validates the authorization token based on a credential in the unconfigured device. In more specific embodiments, the initial information package includes a unique device identifier of the unconfigured device and a domain identifier of the domain. In further embodiments, the signing authority creates the authorization token by applying an authorization signature to the unique device identifier and the domain identifier. In other embodiments, the method includes receiving an audit history report of the unconfigured device and applying a policy to the device based on the audit history report.Type: GrantFiled: May 22, 2012Date of Patent: September 8, 2015Assignee: CISCO TECHNOLOGY, INC.Inventors: Steinthor Bjarnason, Michael H. Behringer, Yves Francis Eugene Hertoghs, Max Pritikin
-
Patent number: 9043884Abstract: In one implementation, security configuration is automated based on information gathered using autonomic neighbor discovery. The neighbor discovery establishes a realm of trust between neighbors, such as determining that some neighbors may be trusted and others may not be trusted. A dynamic security barrier is created using the trust where devices on the network border protect the entire network. Differences in trust result in differential security configuration.Type: GrantFiled: January 25, 2013Date of Patent: May 26, 2015Assignee: Cisco Technology, Inc.Inventors: Michael Behringer, Yves Hertoghs, Bruno Klauser, Steinthor Bjarnason