1
Martin Roesch, William Andrew Vogel III: Systems and methods for determining the network topology of a network. Sourcefire, Posz Law Group, January 8, 2008: US07317693 (78 worldwide citation)

A packet transmitted on a network is read and decoded. A network device and its operating system are identified by analyzing the decoded packet. If more than one operating system is identified from the decoded packet, the operating system is selecting by comparing confidence values assigned to the o ...


2
FRIEDRICHS Oliver, HUGER Alfred, O DONNELL Adam J: DÉTECTION DUN LOGICIEL MALVEILLANT PAR LE BIAIS DINFORMATIONS CONTEXTUELLES, DE SIGNATURES GÉNÉRIQUES ET DE TECHNIQUES DAPPRENTISSAGE MACHINE, DETECTING MALICIOUS SOFTWARE THROUGH CONTEXTUAL CONVICTIONS, GENERIC SIGNATURES AND MACHINE LEARNING TECHNIQUES. SOURCEFIRE, FRIEDRICHS Oliver, HUGER Alfred, O DONNELL Adam J, DAVIS Peter, June 7, 2012: WO/2012/075336 (66 worldwide citation)

Novel methods, components, and systems that enhance traditional techniques for detecting malicious software are presented. More specifically, methods, components, and systems that use important contextual information from a client system (such as recent history of events on that system), machine lea ...


3
Martin Roesch, Ronald A Dempster: Systems and methods for determining characteristics of a network and assessing confidence. Sourcefire, Posz Law Group, February 24, 2009: US07496662 (58 worldwide citation)

A packet transmitted on a network is read and decoded. A network device and its operating system are identified by analyzing the decoded packet. If more than one operating system is identified from the decoded packet, the operating system is selecting by comparing confidence values assigned to the o ...


4
Marc A Norton, Daniel J Roelker: Methods and systems for intrusion detection. Sourcefire, Posz Law Group, December 4, 2007: US07305708 (46 worldwide citation)

Performance of an intrusion detection system is enhanced with the addition of rule optimization, set-based rule inspection, and protocol flow analysis. During rule optimization, rule sets are created and selected in such a way that for every incoming packet only a single rule set has to be searched. ...


5
Martin Frederick Roesch, Judy Hollis Novak, Steven Sturges: Device, system and method for analysis of segments in a transmission control protocol (TCP) session. Sourcefire, Posz Law Group, April 20, 2010: US07701945 (35 worldwide citation)

A method performed in an intrusion detection/prevention system, a system or a device for analyzing segments in a transmission in a communication network. The transmission includes segments in the same transmission control protocol (TCP) session. Segments in a transmission are monitored. Data in the ...


6
Martin Roesch, William Andrew Vogel III, Matt Watchinski: Systems and methods for determining characteristics of a network and analyzing vulnerabilities. Sourcefire, Posz Law Group, May 11, 2010: US07716742 (32 worldwide citation)

A packet transmitted on a network is read and decoded. A network device and its operating system are identified by analyzing the decoded packet. If more than one operating system is identified from the decoded packet, the operating system is selecting by comparing confidence values assigned to the o ...


7
Marc A Norton, Daniel J Roelker: Systems and methods for dynamic threat assessment. Sourcefire, Posz Law Group, December 25, 2007: US07313695 (31 worldwide citation)

The threat probability of events generated by a security device on a computer network is assessed by comparing the threat probability to a global threat probability. An abstract data type is used to describe how the events are combined to form a threat. If an event matches an unpopulated member of a ...


8
Daniel J Roelker, Marc A Norton: Intrusion detection strategies for hypertext transport protocol. Sourcefire, Posz Law Group, February 24, 2009: US07496962 (29 worldwide citation)

A hypertext transport protocol (HTTP) inspection engine for an intrusion detection system (IDS) includes an HTTP policy selection component, a request universal resource identifier (URI) discovery component, and a URI normalization module. The HTTP policy selection component identifies an HTTP intru ...


9
Martin Roesch, Ronald A Dempster, Judy Novak: Systems and methods for determining characteristics of a network. Sourcefire, Posz Law Group, September 21, 2010: US07801980 (28 worldwide citation)

A packet transmitted on a network is read and decoded. A network device and its operating system are identified by analyzing the decoded packet. If more than one operating system is identified from the decoded packet, the operating system is selecting by comparing confidence values assigned to the o ...


10
Ronald A Dempster, Nigel Houghton: Systems and methods for identifying the client applications of a network. Sourcefire, Posz Law Group, December 16, 2008: US07467205 (25 worldwide citation)

A packet transmitted on a network is read and decoded. A network device and its operating system are identified by analyzing the decoded packet. If more than one operating system is identified from the decoded packet, the operating system is selecting by comparing confidence values assigned to the o ...