公开(公告)号：US10735509B2

公开(公告)日：2020-08-04

申请号：US15885762

申请日：2018-01-31

Applicant: CA, INC.

Inventor： Qing Li ,  Min Hao Chen ,  Wenjing Wang

IPC: H04L29/08 ,  G06F16/27 ,  G06F9/50

Abstract: The disclosed computer-implemented method for synchronizing microservice data stores may include (i) establishing, at a first network node, an instance of a first microservice for an application and an instance of a distinct second microservice, (ii) establishing, at a distinct second network node, an additional instance of the first microservice and an additional instance of the distinct second microservice, (iii) establishing a single network channel for synchronizing, between the first network node and the distinct second network node, a first data store for the first microservice and a second data store for the distinct second microservice, and (iv) synchronizing the first data store for the first microservice and the second data store for the distinct second microservice. Various other methods, systems, and computer-readable media are also disclosed.

公开(公告)号：US10666616B2

公开(公告)日：2020-05-26

申请号：US15799032

申请日：2017-10-31

Applicant: CA, Inc.

Inventor： Qing Li ,  Joseph H. Chen ,  Qu Bo Song ,  Ying Li ,  Zhicheng Zeng ,  Jiang Dong

IPC: H04L29/06 ,  H04L12/46 ,  H04L12/26

Abstract: Application identification and control in a network device. In one embodiment, a method may include establishing, at a network device, a Virtual Private Network (VPN) tunnel through which all Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) traffic sent from or received at the network device is routed. The method may also include monitoring, at the network device, all TCP and UDP traffic sent from or received at the network device through the VPN tunnel. The method may further include extracting, at the network device, payload data from the monitored TCP and UDP traffic. The method may also include analyzing the extracted payload data to identify applications executing on the network device that sent or received the monitored TCP and UDP traffic. The method may further include taking, at the network device, a security action on the network device based on the identified applications.

公开(公告)号：US11095666B1

公开(公告)日：2021-08-17

申请号：US16114732

申请日：2018-08-28

Applicant: CA, INC.

Inventor： Qing Li ,  Chris Larsen ,  Jon DiMaggio

IPC: H04L29/06 ,  H04L29/12

Abstract: The disclosed computer-implemented method for detecting covert channels structured in Internet Protocol (IP) transactions may include (1) intercepting an IP transaction including textual data and a corresponding address, (2) evaluating the textual data against a model to determine a difference score, (3) determining that the textual data is suspicious when the difference score exceeds a threshold value associated with the model, (4) examining, upon determining that the textual data is suspicious, the address in the transaction to determine whether the address is invalid, (5) analyzing the transaction to determine a frequency of address requests that have been initiated from a source address over a predetermined period, and (6) identifying the transaction as a covert data channel for initiating a malware attack when the address is determined to be invalid and the frequency of the address requests exceeds a threshold value. Various other methods, systems, and computer-readable media are also disclosed.

公开(公告)号：US10560510B2

公开(公告)日：2020-02-11

申请号：US15228885

申请日：2016-08-04

Applicant: CA, Inc.

Inventor： Qing Li ,  Min Hao Chen ,  Haibiao Fan ,  Wenjing Wang

IPC: H04L29/08 ,  H04L29/06 ,  H04L12/911

Abstract: In certain embodiments, a network edge device comprises a memory storage, a networking component configured to communicate with a mobile device and a database comprising application attributes, and a processor. The processor, in certain embodiments, is located within the network edge device and is operable to receive application traffic from the mobile device (the application traffic being associated with an application), classify the application traffic by associating the application traffic with an application ID, and send a query comprising the application ID to the database comprising application attributes. In addition, the processor, in certain embodiments, is operable to receive a response, from the database comprising application attributes, comprising one or more application attributes associated with the application, wherein the response is based in part on the application ID, and to enforce a policy based in part on the application attribute.