Protecting against malicious traffic

US 20060212572A1
Filed: 07/14/2005
Published: 09/21/2006
Est. Priority Date: 10/17/2000
Status: Abandoned Application

First Claim

Patent Images

1. A method for screening packet-based communication traffic, comprising:

receiving at least a first data packet sent over a network from a source address to a destination address;

making a determination, by analyzing the first data packet, that the first data packet was generated by a worm; and

in response to the determination, blocking a second data packet sent over the network from the source address.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for screening packet-based communication traffic. At least a first data packet, sent over a network from a source address to a destination address, is received. A determination is made, by analyzing the first data packet, that the first data packet was generated by a worm. In response to the determination, a second data packet sent over the network from the source address is blocked.

189 Citations

114 Claims

1. A method for screening packet-based communication traffic, comprising:
- receiving at least a first data packet sent over a network from a source address to a destination address;
  
  making a determination, by analyzing the first data packet, that the first data packet was generated by a worm; and
  
  in response to the determination, blocking a second data packet sent over the network from the source address.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 2. A method according to claim 1, wherein making the determination comprises:
    - comparing an attribute of the first data packet with a set of attributes of known worm-generated packets; and
      
      blocking the first data packet when the attribute of the first data packet is found to match one of the attributes in the set.
  - 3. A method according to claim 1, wherein blocking the second data packet comprises blocking the second data packet during a period of time commencing with making the determination that the first data packet was generated by the worm, and not blocking the second data packet thereafter.
  - 4. A method according to claim 1, wherein the destination address is located within a protected area of the network, and wherein receiving the first data packet comprises receiving the first data packet from a source located outside the protected area.
  - 5. A method according to claim 1, wherein the source address belongs to a network element located within a protected area of the network, wherein the destination address is located outside the protected area, and wherein receiving the first data packet comprises receiving the first data packet within the protected area.
  - 6. A method according to claim 1, wherein making the determination comprises generating an administrator alert that the first data packet was generated by the worm.
  - 7. A method according to claim 1, wherein the first data packet has a port designation, and wherein making the determination comprises determining that the port designation does not correspond to an application running at the destination address.
  - 8. A method according to claim 1, wherein a server for an application resides at the destination address, and wherein making the determination comprises determining that the first data packet does not correspond to the application.
  - 9. A method according to claim 1, wherein receiving the first data packet comprises receiving an Internet Protocol (IP) packet, and wherein making the determination comprises analyzing a pattern of a sequence number of the IP packet.
  - 10. A method according to claim 1, wherein receiving the first data packet comprises receiving a Transport Control Protocol (TCP) SYN packet.
  - 11. A method according to claim 10, wherein receiving the SYN packet comprises receiving multiple SYN packets addressed to multiple, respective destination addresses, and wherein making the determination comprises detecting a pattern of address scanning characteristic of the worm.
  - 12. A method according to claim 1, wherein making the determination comprises determining that the destination address is invalid.
  - 13. A method according to claim 12, wherein making the determination comprises designating one or more addresses as trap addresses, and determining that the destination address is one of the trap addresses.
  - 14. A method according to claim 13, wherein making the determination comprises analyzing a rate of arrival of data packets sent from the source address to one or more of the trap addresses, so as to determine whether the packets were generated by the worm.
  - 15. A method according to claim 1, wherein making the determination comprises storing on a blacklist the source address of the first data packet, and wherein blocking the second data packet comprises blocking the second data packet in response to the blacklist.
  - 16. A method according to claim 15, wherein storing on the blacklist comprises removing the source address of the first data packet from the blacklist when it is determined that a rate of packets received from the source address has decreased.
  - 17. A method according to claim 1, wherein receiving at least the first data packet comprises receiving multiple data packets from the source address, which are addressed to a plurality of respective destination addresses, and wherein making the determination comprises analyzing the multiple data packets sent from the source address.
  - 18. A method according to claim 17, wherein making the determination comprises analyzing a rate of arrival of the data packets.
  - 19. A method according to claim 17, wherein making the determination comprises comparing a pattern of the destination addresses with at least one pattern associated with known worm-generated traffic.
  - 20. A method according to claim 17, wherein receiving the data packets from the source address comprises receiving the data packets from a plurality of source addresses belonging to a subnetwork, and wherein blocking the second data packet comprises blocking further data packets sent over the network from the subnetwork.
  - 21. A method according to claim 1, wherein receiving the first data packet comprises intercepting the first data packet before the first data packet reaches the destination address, and comprising delivering the first data packet to the destination address when it is determined that the first data packet was not generated by the worm.
  - 22. A method according to claim 21, wherein receiving the first data packet comprises receiving an Internet Protocol (IP) packet addressed to a particular port, and wherein intercepting the first data packet comprises intercepting the first data packet responsively to the particular port to which the IP packet is addressed.
  - 23. A method according to claim 22, wherein intercepting the first data packet comprises intercepting the first data packet only if the first data packet comprises a Transport Control Protocol (TCP) SYN packet and the first data packet is addressed to port 80.

24. A method for analyzing packet-based communication traffic, comprising:
- receiving multiple data packets sent over a network from a source address and addressed to a plurality of respective destination addresses;
  
  determining a rate of sending the data packets to the plurality of destination addresses from the source address; and
  
  in response to the rate, designating the source address as a source of malicious traffic.
- View Dependent Claims (25, 26, 27, 28)
- - 25. A method according to claim 24, wherein receiving the data packets comprises receiving Transport Control Protocol (TCP) SYN packets.
  - 26. A method according to claim 24, wherein designating the source address comprises designating the source address as a generator of worm-generated traffic.
  - 27. A method according to claim 24, wherein receiving the data packets comprises receiving Internet Protocol (IP) packets having respective port designations, and wherein determining the rate comprises determining the rate of sending the data packets whose respective port designations do not correspond to applications running at the destination addresses.
  - 28. A method according to claim 24, wherein determining the rate comprises determining the rate of sending data packets addressed to the destination addresses at which reside servers for an application, which application is different from that specified in the packets.

29. A method for analyzing packet-based communication traffic, comprising:
- designating one or more network addresses as trap addresses;
  
  receiving a data packet sent over the network from a source address to one of the trap addresses; and
  
  in response to receiving the packet, designating the source address as a source of malicious traffic.
- View Dependent Claims (30, 31)
- - 30. A method according to claim 29, wherein receiving the data packet comprises receiving a plurality of data packets sent over the network from the source address to one or more of the trap addresses, and wherein designating the source address comprises analyzing a rate of arrival of the data packets sent from the source address to the one or more of the trap addresses.
  - 31. A method according to claim 29, wherein designating the source address comprises designating the source address as a generator of worm-generated traffic.

32. A method for analyzing packet-based communication traffic, comprising:
- designating one or more network addresses as trap addresses;
  
  receiving a data packet sent over the network to one of the trap addresses; and
  
  in response to receiving the packet, initiating diversion of further data packets sent over the network from sources outside a protected area of the network, so as to prevent malicious traffic from reaching the protected area of the network.
- View Dependent Claims (33, 34, 35)
- - 33. A method according to claim 32, wherein initiating the diversion comprises preventing worm-generated traffic from reaching the protected area of the network.
  - 34. A method according to claim 32, wherein initiating the diversion comprises determining that one of the further data packets was generated by a worm, and, in response to the determination, blocking delivery of the packet.
  - 35. A method according to claim 32, wherein receiving the data packet comprises receiving a plurality of data packets sent over the network from a source address to one or more of the trap addresses, and wherein initiating the diversion comprises analyzing a rate of arrival of the data packets sent from the source address to the one or more of the trap addresses, and initiating the diversion responsively to the rate.

36. A method for analyzing packet-based communication traffic, comprising:
- receiving a data packet sent over a network from a source address to a destination address;
  
  comparing an attribute of the data packet with a set of attributes of known worm-generated packets; and
  
  designating the source address as a source of worm-generated traffic when the attribute of the packet is found to match one of the attributes in the set.
- View Dependent Claims (37, 38)
- - 37. A method according to claim 36, wherein the attribute comprises a length of the data packet.
  - 38. A method according to claim 36, wherein the attribute comprises a signature of the packet.

39. Apparatus for screening packet-based communication traffic, comprising a guard device, which is adapted to receive at least a first data packet sent over a network from a source address to a destination address, to make a determination, by analyzing the first data packet, that the first data packet was generated by a worm, and, in response to the determination, to block a second data packet sent over the network from the source address.
- View Dependent Claims (40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61)
- - 40. Apparatus according to claim 39, and comprising a memory, which is adapted to store a set of attributes of known worm-generated packets, and wherein the guard is adapted to compare an attribute of the first data packet with the set, and to block the first data packet when the attribute of the first data packet is found to match one of the attributes in the set.
  - 41. Apparatus according to claim 39, wherein the guard device is adapted to block the second data packet during a period of time commencing with making the determination that the first data packet was generated by the worm, and to not block the second data packet thereafter.
  - 42. Apparatus according to claim 39, wherein the destination address is located within a protected area of the network, and wherein the guard device is adapted to receive the first data packet from a source located outside the protected area.
  - 43. Apparatus according to claim 39, wherein the source address belongs to a network element located within a protected area of the network, wherein the destination address is located outside the protected area, and wherein the guard device is adapted to receive the first data packet within the protected area.
  - 44. Apparatus according to claim 39, wherein the guard device is adapted to generate an administrator alert that the first data packet was generated by the worm.
  - 45. Apparatus according to claim 39, wherein the first data packet has a port designation, and wherein the guard device is adapted to determine that the port designation does not correspond to an application running at the destination address.
  - 46. Apparatus according to claim 39, wherein a server for an application resides at the destination address, and wherein the guard device is adapted to determine that the first data packet does not correspond to the application.
  - 47. Apparatus according to claim 39, wherein first data packet comprises an Internet Protocol (IP) packet, and wherein the guard device is adapted to analyze a pattern of a sequence number of the IP packet.
  - 48. Apparatus according to claim 39, wherein the first data packet comprises a Transport Control Protocol (TCP) SYN packet.
  - 49. Apparatus according to claim 48, wherein the SYN packet comprises multiple SYN packets addressed to multiple, respective destination addresses, and wherein the guard device is adapted to detect a pattern of address scanning characteristic of the worm.
  - 50. Apparatus according to claim 39, wherein the guard device is adapted to determine that the destination address is invalid.
  - 51. Apparatus according to claim 50, wherein the guard device is adapted to designate one or more addresses as trap addresses, and to determine that the destination address is one of the trap addresses.
  - 52. Apparatus according to claim 51, wherein the guard device is adapted to analyze a rate of arrival of data packets sent from the source address to one or more of the trap addresses, so as to determine whether the packets were generated by the worm.
  - 53. Apparatus according to claim 39, and comprising a memory, which is adapted to store a blacklist, and wherein the guard device is adapted to store on the blacklist the source address of the first data packet, and to block the second data packet in response to the blacklist.
  - 54. Apparatus according to claim 53, wherein the guard device is adapted to remove the source address of the first data packet from the blacklist when it is determined that a rate of packets received from the source address has decreased.
  - 55. Apparatus according to claim 39, wherein the guard device is adapted to receive multiple data packets from the source address, which are addressed to a plurality of respective destination addresses, and to analyze the multiple data packets sent from the source address.
  - 56. Apparatus according to claim 55, wherein the guard device is adapted to analyze a rate of arrival of the data packets, so as to determine whether the packets were generated by the worm.
  - 57. Apparatus according to claim 55, and comprising a memory, which is adapted to store at least one reference pattern associated with known worm-generated traffic, and wherein the guard device is adapted to compare a pattern of the destination addresses with the reference pattern, so as to determine whether the packets were generated by the worm.
  - 58. Apparatus according to claim 55, wherein the guard device is adapted to receive the data packets from a plurality of source addresses belonging to a subnetwork, and to block further data packets sent over the network from the subnetwork.
  - 59. Apparatus according to claim 39, wherein the guard device is adapted to intercept the first data packet before the first data packet reaches the destination address, and to deliver the first data packet to the destination address when it is determined that the first data packet was not generated by the worm.
  - 60. Apparatus according to claim 59, wherein the first data packet comprises an Internet Protocol (IP) packet addressed to a particular port, and wherein the guard device is adapted to intercept the IP packet responsively to the particular port to which the IP packet is addressed.
  - 61. Apparatus according to claim 60, wherein the guard device is adapted to intercept the first data packet only if the first data packet comprises a Transport Control Protocol (TCP) SYN packet and the first data packet is addressed to port 80.

62. Apparatus for analyzing packet-based communication traffic, comprising a guard device, which is adapted to receive multiple data packets sent over a network from a source address and addressed to a plurality of respective destination addresses, to determine a rate of sending the data packets to the plurality of destination addresses from the source address, and, in response to the rate, to designate the source address as a source of malicious traffic.
- View Dependent Claims (63, 64, 65, 66)
- - 63. Apparatus according to claim 62, wherein the data packets comprise Transport Control Protocol (TCP) SYN packets.
  - 64. Apparatus according to claim 62, wherein the guard device is adapted to designate the source address as a generator of worm-generated traffic.
  - 65. Apparatus according to claim 62, wherein the data packets comprise Internet Protocol (IP) packets having respective port designations, and wherein the guard device is adapted to determine the rate of sending the data packets whose respective port designations do not correspond to applications running at the destination addresses, so as to determine whether the data packets represent malicious traffic.
  - 66. Apparatus according to claim 62, wherein the guard device is adapted to determine the rate of sending data packets addressed to the destination addresses at which reside servers for an application, which application is different from that specified in the packets, so as to determine whether the data packets represent malicious traffic.

67. Apparatus for analyzing packet-based communication traffic, comprising a guard device, which is adapted to designate one or more network addresses as trap addresses, to receive a data packet sent over the network from a source address to one of the trap addresses, and, in response to receiving the packet, to designate the source address as a source of malicious traffic.
- View Dependent Claims (68, 69)
- - 68. Apparatus according to claim 67, wherein the guard device is adapted to receive a plurality of data packets sent over the network from the source address to one or more of the trap addresses, and to analyze a rate of arrival of the data packets sent from the source address to the one or more of the trap addresses, so as to determine whether the data packets represent malicious traffic.
  - 69. Apparatus according to claim 67, wherein the guard device is adapted to designate the source address as a generator of worm-generated traffic.

70. Apparatus for analyzing packet-based communication traffic, comprising a guard device, which is adapted to designate one or more network addresses as trap addresses, to receive a data packet sent over the network to one of the trap addresses, and, in response to receiving the packet, to initiate diversion of further data packets sent over the network from sources outside a protected area of the network, so as to prevent malicious traffic from reaching the protected area of the network.
- View Dependent Claims (71, 72, 73)
- - 71. Apparatus according to claim 70, wherein the guard device is adapted to initiate the diversion so as to prevent worm-generated traffic from reaching the protected area of the network.
  - 72. Apparatus according to claim 70, wherein the guard device is adapted to determine that one of the further data packets was generated by a worm, and, in response to the determination, to block delivery of the packet.
  - 73. Apparatus according to claim 70, wherein the guard device is adapted to receive a plurality of data packets sent over the network from a source address to one or more of the trap addresses, to analyze a rate of arrival of the data packets sent from the source address to the one or more of the trap addresses, and to initiate the diversion responsively to the rate.

74. Apparatus for analyzing packet-based communication traffic, comprising a guard device, which is adapted to receive a data packet sent over a network from a source address to a destination address, to compare an attribute of the data packet with a set of attributes of known worm-generated packets, and to designate the source address as a source of worm-generated traffic when the attribute of the packet is found to match one of the attributes in the set.
- View Dependent Claims (75, 76)
- - 75. Apparatus according to claim 74, wherein the attribute comprises a length of the data packet.
  - 76. Apparatus according to claim 74, wherein the attribute comprises a signature of the packet.

77. A computer software product for screening packet-based communication traffic, the product comprising a computer-readable medium in which program instructions are stored, which instructions, when read by a computer, cause the computer to receive at least a first data packet sent over a network from a source address to a destination address, to make a determination, by analyzing the first data packet, that the first data packet was generated by a worm, and, in response to the determination, to block a second data packet sent over the network from the source address.
- View Dependent Claims (78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99)
- - 78. A product according to claim 77, wherein the instructions cause the computer to read from a memory a set of attributes of known worm-generated packets, to compare an attribute of the first data packet with the set, and to block the first data packet when the attribute of the first data packet is found to match one of the attributes in the set.
  - 79. A product according to claim 77, wherein the instructions cause the computer to block the second data packet during a period of time commencing with making the determination that the first data packet was generated by the worm, and to not block the second data packet thereafter.
  - 80. A product according to claim 77, wherein the destination address is located within a protected area of the network, and wherein the instructions cause the computer to receive the first data packet from a source located outside the protected area.
  - 81. A product according to claim 77, wherein the source address belongs to a network element located within a protected area of the network, wherein the destination address is located outside the protected area, and wherein the instructions cause the computer to receive the first data packet within the protected area.
  - 82. A product according to claim 77, wherein the instructions cause the computer to generate an administrator alert that the first data packet was generated by the worm.
  - 83. A product according to claim 77, wherein the first data packet has a port designation, and wherein the instructions cause the computer to determine that the port designation does not correspond to an application running at the destination address.
  - 84. A product according to claim 77, wherein a server for an application resides at the destination address, and wherein the instructions cause the computer to determine that the first data packet does not correspond to the application.
  - 85. A product according to claim 77, wherein first data packet comprises an Internet Protocol (IP) packet, and wherein the instructions cause the computer to analyze a pattern of a sequence number of the IP packet.
  - 86. A product according to claim 77, wherein the first data packet comprises a Transport Control Protocol (TCP) SYN packet.
  - 87. A product according to claim 86, wherein the SYN packet comprises multiple SYN packets addressed to multiple, respective destination addresses, and wherein the instructions cause the computer to detect a pattern of address scanning characteristic of the worm.
  - 88. A product according to claim 77, wherein the instructions cause the computer to determine that the destination address is invalid.
  - 89. A product according to claim 88, wherein the instructions cause the computer to designate one or more addresses as trap addresses, and to determine that the destination address is one of the trap addresses.
  - 90. A product according to claim 89, wherein the instructions cause the computer to analyze a rate of arrival of data packets sent from the source address to one or more of the trap addresses, so as to determine whether the packets were generated by the worm.
  - 91. A product according to claim 77, wherein the instructions cause the computer to store on a blacklist the source address of the first data packet, and to block the second data packet in response to the blacklist.
  - 92. A product according to claim 91, wherein the instructions cause the computer to remove the source address of the first data packet from the blacklist when it is determined that a rate of packets received from the source address has decreased.
  - 93. A product according to claim 77, wherein the instructions cause the computer to receive multiple data packets from the source address, which are addressed to a plurality of respective destination addresses, and to analyze the multiple data packets sent from the source address.
  - 94. A product according to claim 93, wherein the instructions cause the computer to analyze a rate of arrival of the data packets, so as to determine whether the packets were generated by the worm.
  - 95. A product according to claim 93, wherein the instructions cause the computer to read from a memory at least one reference pattern associated with known worm-generated traffic, and to compare a pattern of the destination addresses with the reference pattern, so as to determine whether the packets were generated by the worm.
  - 96. A product according to claim 93, wherein the instructions cause the computer to receive the data packets from a plurality of source addresses belonging to a subnetwork, and to block further data packets sent over the network from the subnetwork.
  - 97. A product according to claim 77, wherein the instructions cause the computer to intercept the first data packet before the first data packet reaches the destination address, and to deliver the first data packet to the destination address when it is determined that the first data packet was not generated by the worm.
  - 98. A product according to claim 97, wherein the first data packet comprises an Internet Protocol (IP) packet addressed to a particular port, and wherein the instructions cause the computer to intercept the IP packet responsively to the particular port to which the IP packet is addressed.
  - 99. A product according to claim 98, wherein the instructions cause the computer to intercept the first data packet only if the first data packet comprises a Transport Control Protocol (TCP) SYN packet and the first data packet is addressed to port 80.

100. A computer software product for analyzing packet-based communication traffic, the product comprising a computer-readable medium in which program instructions are stored, which instructions, when read by a computer, cause the computer to receive multiple data packets sent over a network from a source address and addressed to a plurality of respective destination addresses, to determine a rate of sending the data packets to the plurality of destination addresses from the source address, and, in response to the rate, to designate the source address as a source of malicious traffic.
- View Dependent Claims (101, 102, 103, 104)
- - 101. A product according to claim 100, wherein the data packets comprise Transport Control Protocol (TCP) SYN packets.
  - 102. A product according to claim 100, wherein the instructions cause the computer to designate the source address as a generator of worm-generated traffic.
  - 103. A product according to claim 100, wherein the data packets comprise Internet Protocol (IP) packets having respective port designations, and wherein the instructions cause the computer to determine the rate of sending the data packets whose respective port designations do not correspond to applications running at the destination addresses, so as to determine whether the data packets represent malicious traffic.
  - 104. A product according to claim 100, wherein the instructions cause the computer to determine the rate of sending data packets addressed to the destination addresses at which reside servers for an application, which application is different from that specified in the packets, so as to determine whether the data packets represent malicious traffic.

105. A computer software product for analyzing packet-based communication traffic, the product comprising a computer-readable medium in which program instructions are stored, which instructions, when read by a computer, cause the computer to designate one or more network addresses as trap addresses, to receive a data packet sent over the network from a source address to one of the trap addresses, and, in response to receiving the packet, to designate the source address as a source of malicious traffic.
- View Dependent Claims (106, 107)
- - 106. A product according to claim 105, wherein the instructions cause the computer to receive a plurality of data packets sent over the network from the source address to one or more of the trap addresses, and to analyze a rate of arrival of the data packets sent from the source address to the one or more of the trap addresses, so as to determine whether the data packets represent malicious traffic.
  - 107. A product according to claim 105, wherein the instructions cause the computer to designate the source address as a generator of worm-generated traffic.

108. A computer software product for analyzing packet-based communication traffic, the product comprising a computer-readable medium in which program instructions are stored, which instructions, when read by a computer, cause the computer to designate one or more network addresses as trap addresses, to receive a data packet sent over the network to one of the trap addresses, and, in response to receiving the packet, to initiate diversion of further data packets sent over the network from sources outside a protected area of the network, so as to prevent malicious traffic from reaching the protected area of the network.
- View Dependent Claims (109, 110, 111)
- - 109. A product according to claim 108, wherein the instructions cause the computer to initiate the diversion so as to prevent worm-generated traffic from reaching the protected area of the network.
  - 110. A product according to claim 108, wherein the instructions cause the computer to determine that one of the further data packets was generated by a worm, and, in response to the determination, to block delivery of the packet.
  - 111. A product according to claim 108, wherein the instructions cause the computer to receive a plurality of data packets sent over the network from a source address to one or more of the trap addresses, to analyze a rate of arrival of the data packets sent from the source address to the one or more of the trap addresses, and to initiate the diversion responsively to the rate.

112. A computer software product for analyzing packet-based communication traffic, the product comprising a computer-readable medium in which program instructions are stored, which instructions, when read by a computer, cause the computer to receive a data packet sent over a network from a source address to a destination address, to compare an attribute of the data packet with a set of attributes of known worm-generated packets, and to designate the source address as a source of worm-generated traffic when the attribute of the packet is found to match one of the attributes in the set.
- View Dependent Claims (113, 114)
- - 113. A product according to claim 112, wherein the attribute comprises a length of the data packet.
  - 114. A product according to claim 112, wherein the attribute comprises a signature of the packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Afek, Yehuda, Zadikario, Rafi, Bremler Bar, Anat, Touitou, Dan

Application Number

US11/183,091
Publication Number

US 20060212572A1
Time in Patent Office

Days
Field of Search
US Class Current

709/225
CPC Class Codes

H04L 63/145 the attack involving the pr...

H04L 63/1491 using deception as counterm...

Protecting against malicious traffic

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

189 Citations

114 Claims

Specification

Solutions

Use Cases

Quick Links

Protecting against malicious traffic

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

189 Citations

114 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links