1
Sheng Tung Hsu, Chien Pang Lee, Pei Chun Yao: Network traffic analysis to enhance rule-based network security. International Business Machines Corporation, Yee & Associates P C, Stephen R Yoder, May 23, 2017: US09660959 (4 worldwide citation)

A method of interpreting a rule and a rule-interpreting apparatus for rule-based security apparatus, and an apparatus implementing the method. The method includes the following steps: designating a suspicious timeslot; if any packet does not present in the designated timeslot, capturing current inco ...


2
Kuo Chun Chen, Chih Hung Chou, Wei Hsiang Hsiung, Sheng Tung Hsu: Distributed denial-of-service attack detection based on shared network flow information. International Business Machines Corporation, Yee & Associates P C, Jeffrey LaBaw, October 30, 2018: US10116671

A system and computer program product for detecting distributed denial-of-service (DDoS) attacks is provided. Current aggregated flow information for a defined period of time is analyzed. It is determined whether network flow increased above a defined flow threshold value to a second data processing ...


3
Kuo Chun Chen, Chih Hung Chou, Wei Hsiang Hsiung, Sheng Tung Hsu: Distributed denial-of-service attack detection based on shared network flow information. International Business Machines Corporation, Yee & Associates P C, Jeffrey LaBaw, October 30, 2018: US10116672

A method for detecting distributed denial-of-service (DDoS) attacks is provided. Current aggregated flow information for a defined period of time is analyzed. It is determined whether network flow increased above a defined flow threshold value to a second data processing system connected to a networ ...


4
Sheng Tung Hsu, Chien Pang Lee, Pei Chun Yao: Network traffic analysis to enhance rule-based network security. International Business Machines Corporation, Yee & Associates P C, Robert Shatto, October 2, 2018: US10091167

A method of interpreting a rule and a rule-interpreting apparatus for rule-based security apparatus, and an apparatus implementing the method. The method comprises the following steps: designating a suspicious timeslot; if any packet does not present in the designated timeslot, capturing current inc ...


5
Sheng Tung Hsu, Cheng Ta Lee, Joey H Y Tseng, Rick M F Wu: Dynamic tuple for intrusion prevention systems. International Business Machines Corporation, Alexa L Ashworth, A Imtiaz Billah, April 3, 2018: US09935981

Embodiments of the present invention provide systems and methods for exchanging information. Communications between an intrusion prevention system (IPS) and at least one end-point are facilitated by controlling network traffic flow in an IPS and the at least one end-point and formation of an informa ...


6
Sheng Tung Hsu, Cheng Ta Lee, Wei Shiau Suen, Ming Hsun Wu: Translating network attributes of packets in a multi-tenant environment. International Business Machines Corporation, Jeffrey S LaBaw, February 6, 2018: US09887962

A method of translating network attributes of packets in a multi-tenant environment, and an appliance and a program product implementing the method. The method comprises the following steps: receiving a packet from a multi-tenant environment; referring to the information of tenants, translating a se ...


7
Wei Hsiang Hsiung, Sheng Tung Hsu, Cheng Ta Lee, Ming Hsun Wu: Dynamically generating a packet inspection policy for a policy enforcement point in a centralized management environment. International Business Machines Corporation, Francis Lammes, Stephen J Walder Jr, Jeffrey S LaBaw, February 27, 2018: US09906557

A mechanism is provided for generating a packet inspection policy for a policy enforcement point in a centralized management environment. Data of a network topology for the policy enforcement point corresponding to a network infrastructure is updated according to metadata of the policy enforcement p ...


8
Sheng Tung Hsu, Cheng Ta Lee, Wei Shiau Suen, Ming Hsun Wu: Translating network attributes of packets in a multi-tenant environment. International Business Machines Corporation, Yee & Associates P C, Jeffrey LaBaw, January 8, 2019: US10178068

A method of translating network attributes of packets in a multi-tenant environment, and an appliance and a program product implementing the method. The method comprises the following steps: receiving a packet from a multi-tenant environment; referring to the information of tenants, translating a se ...


9
Wei Hsiang Hsiung, Sheng Tung Hsu, Cheng Ta Lee, Ming Hsun Wu: IP-free end-point management appliance. INTERNATIONAL BUSINESS MACHINES CORPORATION, Cantor Colburn, March 7, 2017: US09591025

An aspect includes a method of receiving a management command in an appliance to configure a network security policy, where the appliance is connected to a network end-point device. The method includes receiving a packet from a security device. Checking is performed to determine whether the packet i ...