Asbjørn Sørhaug

Bio: Asbjørn Sørhaug is an academic researcher. The author has contributed to research in topics: Network tap. The author has an hindex of 1, co-authored 1 publications receiving 246 citations.

Full-duplex medium tap apparatus and system

Abstract: A bi-directional network medium monitor including a tap apparatus connected inserted in a network media, e.g. Fiber Optic (FX) and Twisted Pair (TX), comprising a transceiver and a clock recovery element for each medium and medium monitor connection, and a bi-directional serial data multiplexer which directs the medium data while in the serial data format. Also, the medium monitor may interrupt medium data transfer in either medium direction and insert its data for diagnostic or other network purposes. Thus, the apparatus according to the present invention is operable to monitor a network at the maximum data rates currently used while providing no significantly network data delay.

Electronic message analysis for malware detection

Abstract: An electronic message is analyzed for malware contained in the message. Text of an electronic message may be analyzed to detect and process malware content in the electronic message itself. The present technology may analyze an electronic message and attachments to electronic messages to detect a uniform resource location (URL), identify whether the URL is suspicious, and analyze all suspicious URLs to determine if they are malware. The analysis may include re-playing the suspicious URL in a virtual environment which simulates the intended computing device to receive the electronic message. If the re-played URL is determined to be malicious, the malicious URL is added to a black list which is updated throughout the computer system.

Dynamic signature creation and enforcement

Abstract: A dynamic signature creation and enforcement system can comprise a tap configured to copy network data from a communication network, and a controller coupled to the tap. The controller is configured to receive the copy of the network data from the tap, analyze the copy of the network data with a heuristic to determine if the network data is suspicious, flag the network data as suspicious based on the heuristic determination, simulate transmission of the network data to a destination device to identify unauthorized activity, generate an unauthorized activity signature based on the identification, and transmit the unauthorized activity signature to a digital device configured to enforce the unauthorized activity signature.

Heuristic based capture with replay to virtual machine

Abstract: A suspicious activity capture system can comprise a tap configured to copy network data from a communication network, and a controller coupled to the tap. The controller is coupled to the tap and is configured to receive the copy of the network data from the tap, analyze the copy of the network data with a heuristic to flag the network data as suspicious, and simulate transmission of the network data to a destination device.

Network-Based Binary File Extraction and Analysis for Malware Detection

Abstract: A system and method are disclosed for network-based file analysis for malware detection. Network content is received from a network tap. A binary packet is identified in the network content. A binary file, including the binary packet, is extracted from the network content. It is determined whether the extracted binary file is detected to be malware.

Virtual machine with dynamic data flow analysis

Abstract: A suspicious activity capture system can comprise a tap configured to copy network data from a communication network, and a controller coupled to the tap. The controller is configured to receive the copy of the network data from the tap, analyze the copy of the network data with a heuristic to determine if the network data is suspicious, flag the network data as suspicious based on the heuristic determination, and concurrently simulate transmission of the network data to a plurality of destination devices.