&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=RE50354.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US RE50,354 E1</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Automatic detection of malicious packets in DDOS attacks using an encoding scheme</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Steinthor Bjarnason,  Fjerdingby (NO);  Andrew Ralph Beard,  Roanoke, VA (US); and  David Turnbull,  Stanmore (AU)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  Arbor Networks, Inc.,  Westford, MA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Arbor Networks, Inc.,  Westford, MA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Aug.  24, 2023, as Appl. No. 18/237,877.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 18/237,877 is a reissue of application No. 16/379,240, filed on Apr.  9, 2019, granted, now 11,153,334, issued on Oct.  19, 2021.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>G06F 11/00</b></i> (2006.01); <i><b>H04L 9/40</b></i> (2022.01); <i><b>H04L 29/06</b></i> (2006.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>H04L 63/1416</b></i> (2013.01)&#xa0;[<i><b>H04L 63/1425</b></i> (2013.01); <i><b>H04L 63/1458</b></i> (2013.01)]</td>
            <td class="table_data" align="right"><b>20 Claims</b></td>
          </tr>
        </table>
        <center><img src="USRE050354-20250325-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A method  <S>of detecting patterns in network traffic, the method</S> comprising:<div class="claim_text">receiving a plurality of packets of network traffic, each packet having data associated with respective fields of a set of fields;</div>
                <div class="claim_text">performing a frequency analysis per field of the plurality of packets as a function of frequency of an occurrence of same data in a corresponding field;</div>
                <div class="claim_text">selecting top values  <S>which are values</S> associated with each field of the set of fields that satisfy a criterion as having occurred most frequently in the plurality of packets as a function of a result of the frequency analysis;</div>
                <div class="claim_text"> <S>assigning a bit encoding scheme that uses variable bit encoding to encode</S>  [  <font color='red'>encoding </font>] each of the top values for each field that has a top value  [  <font color='red'>using a variable bit encoding scheme</font>] ;</div>
                <div class="claim_text">encoding into a single value each packet of the plurality of packets based on a bitfield representation that uses the  [  <font color='red'>variable bit </font>] encoding scheme for values associated with each field that has a top value;</div>
                <div class="claim_text">storing each potential combination of fields of the set of fields being processed <S>, with all bits set per field when the field is an active field and no bits set when the field is inactive</S>;</div>
                <div class="claim_text">performing  <S>a bitwise</S>  [  <font color='red'>an </font>] operation on each encoded packet with the stored potential combinations;</div>
                <div class="claim_text">sorting results of the  <S>bitwise</S> operation  <S>based on a number of the active fields and a number of occurrences of each same result of the bitwise operation</S>; and</div>
                <div class="claim_text"> <S>providing the results of the sorting to a mitigation device for</S> determining whether an attack is underway or  <S>for</S> filtering network traffic for mitigating an attack  [  <font color='red'>based on the sorted results of the operation</font>] .</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>