System and method for controlling distribution of network communications
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-015/16
G06F-015/173
출원번호
UP-0841776
(2004-05-07)
등록번호
US-7647411
(2010-02-22)
발명자
/ 주소
Schiavone, Vincent J.
Brussin, David Ian
DiPasquale, Tobias Phillip
D'Alessio, John Francis
출원인 / 주소
Symantec Corporation
대리인 / 주소
Fenwick & West LLP
인용정보
피인용 횟수 :
62인용 특허 :
110
초록▼
A network appliance controls access to network resources by identifying network paths passing through the network appliance to a protected network, drawings conclusions about the type of communications traveling along those paths, and then controlling, i.e. limiting, access to the protected network'
A network appliance controls access to network resources by identifying network paths passing through the network appliance to a protected network, drawings conclusions about the type of communications traveling along those paths, and then controlling, i.e. limiting, access to the protected network's resources for transmitting communications on a path-by-path basis. Recipient controlled mechanisms are used to control access to the recipient's network's resources, namely, restricting bandwidth, controlling allocation of SMTP or other connections, and packet level traffic shaping techniques including controlling of parameters of TCP and/or IP communications, such as TCP receive window size and Maximum Segment Size, or otherwise decreasing the amount of network traffic per unit of time passing through the network appliance. This limits the amount of network resources that may be used by incoming communications. Multiple network appliances may communicate with one another to operate in concert to protect a greater portion of network resources.
대표청구항▼
What is claimed is: 1. A method for controlling distribution of network communications via a communications network, the method comprising: sampling a subset of a first plurality of network communications received along a first network path; sampling a subset of a second plurality of network commun
What is claimed is: 1. A method for controlling distribution of network communications via a communications network, the method comprising: sampling a subset of a first plurality of network communications received along a first network path; sampling a subset of a second plurality of network communications received along a second network path; performing a statistical analysis of content within samples of said sampled subsets of said first and second pluralities of network communications to determine respective probabilities that the content carried on said first and second network paths are likely to have a certain characteristic, wherein the statistical analysis comprises determining values for sender metrics, the sender metrics reflecting quantities of communications on the first and second network paths having the certain characteristic; determining a corresponding priority level for each network path, each priority level determined according to said path's respective probability; and varying an allocation of network resources permitted to be used to transmit communications received along each of said network paths, said allocations being varied as a function of said corresponding priority levels; wherein a path having a higher corresponding priority level is allocated network resources to permit a rate of transmission of network communications that is greater than a corresponding rate of transmission for a path having a lower corresponding priority level. 2. The method of claim 1, wherein varying the allocation of network resources comprises varying a maximum segment size parameter for transmission of communications received along a corresponding network path. 3. The method of claim 1, wherein varying the allocation of network resources comprises varying a TCP receive window size parameter for transmission of communications received along a corresponding network path. 4. The method of claim 1, wherein varying the allocation of network resources comprises queuing a plurality of communications for transmission into a subnetwork, and selectively dequeuing said plurality of communications at a desired rate. 5. The method of claim 1, wherein varying the allocation of network resources comprises varying a maximum amount of usable bandwidth for transmission of communications received along a corresponding network path. 6. The method of claim 1, wherein varying the allocation of network resources comprises use of TCP traffic shaping. 7. The method of claim 1, wherein varying the allocation of network resources comprises use of IP traffic shaping. 8. The method of claim 1, wherein varying the allocation of network resources comprises use of connection shaping. 9. The method of claim 1, wherein said analyzing comprises identifying whether the communications on the first and second network paths comprise a virus. 10. The method of claim 1, wherein said analyzing comprises determining a proportion of the communications on the first and second network paths that are undeliverable to respective receivers. 11. The method of claim 1, wherein said analyzing comprises determining a proportion of the communications on the first and second network paths that are spam. 12. A method for controlling distribution of network communications via a communications network, the method comprising: determining a first priority level applicable to a first network path along which communications are received at a network appliance of a subnetwork responsive to a statistical analysis of a sampled subset of communications on said first network path to determine a first probability that the communications received on the first network path are likely to have a certain characteristic, the statistical analysis comprising determining a value for a first sender metric, the first sender metric reflecting a quantity of communications of the sampled subset of communications on the first network path having the certain characteristic; determining a second priority level applicable to a second network path along which communications are received at said network appliance responsive to a statistical analysis of a sampled subset of communications on said second network path to determine a second probability that the communications received on the second network oath are likely to have the certain characteristic, the statistical analysis comprising determining a value for a second sender metric, the second sender metric reflecting a quantity of communications of the sampled subset of communications on the second network path having the certain characteristic; and allocating network resources usable to deliver communications received along said first and second network paths via said network appliance, said network resources being allocated to cause communications received along said first and second network paths to have different corresponding maximum rates of transmission, the first network path having a different corresponding maximum rate than the corresponding maximum rate of the second network path responsive to a difference in the first and second probabilities of the first and second network paths. 13. A method for controlling distribution of network communications via a communications network, the method comprising: identifying a network path for a plurality of packets transmitted by a network appliance; sampling a subset of said plurality of packets; performing a statistical analysis on the sampled subset of packets to determine a probability that the content carried on said network path is likely to have a certain characteristic, the analysis comprising determining a value for a sender metric reflecting a quantity of the sampled subset of packets sharing the certain characteristic; and controlling a transmission rate of packets on the network path, the particular control exercised being determined as a function of the probability. 14. The method of claim 13, wherein sampling a subset of said plurality of packets comprises: temporarily storing copies of a subset of packets passing through the network appliance; and examining said copies. 15. The method of claim 14, wherein said examining occurs after said subset of packets has already passed through said network appliance. 16. The method of claim 13, wherein sampling a subset of said plurality of packets comprises: temporarily storing copies of a subset of packets passing through said network appliance; assembling said copies to identify details of an associated network protocol transaction; and examining said details. 17. The method of claim 16, wherein said assembling and said examining occur after said subset of packets have already passed through said network appliance. 18. The method of claim 13, wherein sampling a subset of said plurality of packets comprises: temporarily storing copies of a subset of packets passing through said network appliance; assembling said copies to construct an associated network protocol transaction; and examining content of said associated network protocol transaction. 19. The method of claim 18, wherein said assembling and said examining occur after said subset of packets have already passed through said network appliance. 20. The method of claim 13, wherein the sampling is performed according to a predetermined sampling rate. 21. The method of claim 13, wherein the sampling rate is varied over time. 22. The method of claim 21, wherein the sampling rate is varied as a function of the permitted transmission rate for a given network path.
Kenneth Louis Milsted ; Craig Kindell ; Qing Gong, Automated method and apparatus to package digital content for electronic distribution using the identity of the source content.
Geiger Fred J. ; Wood William K. ; Tandon Sonjaya T., Automated post office based rule analysis of e-mail messages and other data objects for controlled distribution in network environments.
Chess David M. (Mohegan Lake NY) Kephart Jeffrey O. (Yorktown Heights NY) Sorkin Gregory B. (New York NY), Automatic analysis of a computer virus structure and means of attachment to its hosts.
Cheng William ; Hwang Kenneth ; Kannan Ravi ; Katchapalayam Babu ; Liu Bing ; Narasimhan Balaji ; Ramanujam Gopal ; Tran Jonathan, Automatic updating of diverse software products on multiple client computer systems by downloading scanning application to client computer and generating software list on client computer.
James Daleen ; John Z. Yin, Billing system for distributing third party messages to form a community of subscribers to negotiate a group purchase from the third party.
Gladney Henry M. (Saratoga CA) Lorch Douglas J. (San Jose CA) Mattson Richard L. (San Jose CA), Communication for version management in a distributed information service.
Ise, Kotaro; Shimojo, Yoshimitsu; Katsube, Yasuhiro, Communication resource management method and node device using priority control and admission control.
Leblang David B. (Wayland MA) McLean ; Jr. Gordon (Acton MA) Spilke Howard (Shrewsbury MA) Chase ; Jr. Robert P. (Boston MA), Computer device for aiding in the development of software system.
Koser Leonard William ; Manges Mary Christine ; Ring Frances Mary ; Rogers Cynthia Ann ; Snyder Michael John ; Vriezen John Joseph, Computer system with downward compatibility function.
Fitzgerald Albion J. (Ridgewood NJ) Fitzgerald Joseph J. (New Paltz NY), Distributed computer network including hierarchical resource information structure and related method of distributing re.
Allen Dwight Easty ; Byron David Wagner ; Thomas Christian Wendt ; Joel McConaughy ; Aaron Richard Baskin ; Jonathan Trumbull Taplin ; Jeremiah Chechik ; Kevin Paul Headings, Dynamic digital asset management.
Leblang David B. (Wayland MA) Allen Larry W. (Cambridge MA) Chase ; Jr. Robert P. (Newton MA) Douros Bryan P. (Framingham MA) Jabs David E. (Sudbury MA) McLean ; Jr. Gordon D. (Brookline MA) Minard D, Dynamic rule-based version control system.
Smith Steven P. (Issaquah) Padawer Andrew D. (Redmond) Jones David T. (Preston) Whitten Gregory F. (Bellevue) Wittenberg Craig H. (Redmond WA), Incremental compiler.
Ueno Tsuyoshi,JPX ; Noguchi Yoshihiro,JPX ; Yasukawa Hideki,JPX ; Hoshida Masaki,JPX, Knowledge provider system and knowledge providing method utilizing plural knowledge provider agents which are linked by communication network and execute message processing using successive pattern m.
Kudoh Masato,JPX ; Tanaka Midori,JPX ; Koseki Yoshiyuki,JPX, Method and apparatus for cataloging and displaying e-mail using a classification rule preparing means and providing cat.
Beck Douglas ; Chan Albert L. ; Tauv Sary ; Wang Lei Lei ; White Patrick K., Method and apparatus for provisioning customized telecommunications services.
Kirouac Donald L. (Thornhill CAX) Porrett William A. (Unionville CAX) Czerwinski Marek J. (Scarborough CAX), Method and apparatus for updating software at remote locations.
Johnson William J. (Flower Mound TX) Weber Owen W. (Coppell TX), Method and system for prioritization of email items by selectively associating priority attribute with at least one and.
Scannell Niamh C. (Mountain View CA) Dawson Stuart D. (Reading GB2) Redmond Anthony J. (Dublin IEX) Himbaut Serge (Antibes FRX) Bares Pascale (Villeneuve Loubet FRX) Clark Alison (Morpeth GB2), Method and system for sorting and prioritizing electronic mail messages.
Haynes ; III Patrick J. ; Friedman Thomas Jay ; Shoupp Douglas Scott ; Mitty Todd Jay ; Prabhu Ajit Mathias ; Cantone Michael Robert, Secure electronic transactions using a trusted intermediary.
Mitty Todd Jay ; Shoupp Douglas Scott ; Prabhu Ajit Mathias ; Cantone Michael Robert, Secure electronic transactions using a trusted intermediary to perform electronic services.
Shing Norman (New Hyde Park NY) Erlikh Leonid (Brooklyn NY) Lim Nicholas R. (London NJ GB2) Lambert Jeffrey L. (East Brunswick NJ) Moskowitz Joel M. (New York NY) Wadhwa Vivek K. (Paramus NJ) Hughes , Software distribution system to build and distribute a software release.
Thurlow Scott A. ; Bliss William J. ; Stumberger Douglas E. ; Goodhand David R. ; MacDonald Brian W., System and method for creating, editing, and distributing rules for processing electronic messages.
Michael S. Finney ; Michael L. Snider ; Randall S. Wright ; James W. Paynter ; Robin R. Bard, System and method for distributing electronic messages in accordance with rules.
Thurlow Scott A. ; Bliss William J. ; Stumberger Douglas E. ; Goodhand David R. ; MacDonald Brian W., System and method for processing electronic messages with rules representing a combination of conditions, actions or exceptions.
Morris Robert J. T. (Los Gatos CA), System and method for reducing storage requirement in backup subsystems utilizing segmented compression and differencing.
Beasley Dale E. (Flower Mound TX) Kennedy ; III William C. (Dallas TX) Westerlage Kenneth R. (Fort Worth TX), System and method for remote patching of operating code located in a mobile unit.
Chen Yih-Farn Robin (Bridgewater NJ) Rosenblum David Samuel (Maplewood NJ) Vo Kiem-Phong (Berkeley Heights NJ), System and method for selecting test units to be re-run in software regression testing.
Aronberg David B. ; Goldman Dov J. ; Spiro Peter A., System and method for software distribution and desktop management in a computer network environment.
Heath Clifford,AUX ; Port Graeme,AUX ; Klos Steven ; Greenhill Graeme, Systems and methods for automatic application version upgrading and maintenance.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Horvitz Eric ; Heckerman David E. ; Dumais Susan T. ; Sahami Mehran ; Platt John C., Technique which utilizes a probabilistic classifier to detect "junk" e-mail by automatically updating a training and re-training the classifier based on the updated training set.
McGrath Timothy ; Jasper John ; Herbst James, Update transactions and method and programming for use thereof for incrementally updating a geographic database.
Jeon, Sungho; Yun, Jeong-Han; Kim, Woonyon; Seo, Jungtaek; Kim, Choon Soo, Apparatus and method for protecting communication pattern of network traffic.
Jung, Edward K. Y.; Levien, Royce A.; Lord, Robert W.; Malamud, Mark A.; Mangione-Smith, William Henry, Efficient distribution of a malware countermeasure.
Jung, Edward K. Y.; Levien, Royce A.; Lord, Robert W.; Malamud, Mark A.; Mangione-Smith, William Henry, Generating and distributing a malware countermeasure.
Clegg, Paul J.; Huss, Eric C.; Sprosts, Craig; Chen, Shun; Brahms, Robert; Quinlan, Daniel, Managing connections and messages at a server by associating different actions for both different senders and different recipients.
Marocchi, James A.; Miller, Trent J.; Monks, Deborah J., Method and system for delivering media to a plurality of mobile devices in a cell with a group transport function.
Lee, Martin, Method and system for detecting malware containing E-mails based on inconsistencies in public sector “From” addresses and a sending IP address.
Lorenzen, David T.; Witchey, Nicholas J., Methods of offering guidance on common language usage utilizing a hashing function consisting of a hash triplet.
Bowden, Mark, Methods, systems, and computer program products for managing traffic congestion in a network through detection of a source of excessive call volume.
Jung, Edward K. Y.; Levien, Royce A.; Lord, Robert W.; Malamud, Mark A.; Rinaldo, Jr., John D.; Wood, Jr., Lowell L., Multi-network virus immunization.
Jung, Edward K. Y.; Levien, Royce A.; Lord, Robert W.; Malamud, Mark A.; Rinaldo, Jr., John D.; Wood, Jr., Lowell L., Multi-network virus immunization with separate physical path.
Jung, Edward K. Y.; Levien, Royce A.; Lord, Robert W.; Malamud, Mark A.; Rinaldo, Jr., John D.; Wood, Jr., Lowell L., Multi-network virus immunization with trust aspects.
Brown, Jr., Bruce L.; Silberman, Samuel G.; Granoff, Mark H.; Chaube, Rajesh P.; Fleischman, Robert M.; Zraly, Michael S., System for managing e-mail traffic.
Brown, Jr., Bruce L.; Silberman, Samuel G.; Granoff, Mark H.; Chaube, Rajesh P.; Fleischman, Robert M.; Zraly, Michael S., System for managing e-mail traffic.
Jung, Edward K. Y.; Levien, Royce A.; Lord, Robert W.; Malamud, Mark A.; Rinaldo, Jr., John D.; Wood, Jr., Lowell L., Virus immunization using entity-sponsored bypass network.
Jung, Edward K. Y.; Levien, Royce A.; Lord, Robert W.; Malamud, Mark A.; Rinaldo, Jr., John D.; Wood, Jr., Lowell L., Virus immunization using prioritized routing.
Jung, Edward K. Y.; Levien, Royce A.; Lord, Robert W.; Malamud, Mark A.; Rinaldo, Jr., John D.; Wood, Jr., Lowell L., Virus immunization using prioritized routing.
Jung, Edward K. Y.; Levien, Royce A.; Lord, Robert W.; Malamud, Mark A.; Rinaldo, Jr., John D.; Wood, Jr., Lowell L., Virus immunization using prioritized routing.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.