IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0795245
(2013-03-12)
|
등록번호 |
US-9118705
(2015-08-25)
|
발명자
/ 주소 |
|
출원인 / 주소 |
|
대리인 / 주소 |
Schwegman Lundberg & Woessner, P.A.
|
인용정보 |
피인용 횟수 :
1 인용 특허 :
45 |
초록
▼
A device for detecting network traffic content is provided. The device includes a memory configured for storing one or more signatures, each of the one or more signatures associated with content desired to be detected, and 5 defined by one or more predicates. The device a/so includes a processor con
A device for detecting network traffic content is provided. The device includes a memory configured for storing one or more signatures, each of the one or more signatures associated with content desired to be detected, and 5 defined by one or more predicates. The device a/so includes a processor configured to receive data associated with network traffic content, execute one or more instructions based on the one or more signatures and the data, and determine whether the network traffic content matches the content desired to be detected.
대표청구항
▼
1. A device for detecting network traffic content, the device comprising: a memory configured for storing one or more signatures, each of the one or more signatures associated with content desired to be detected, and defined by one or more predicates;a processor configured to receive data associated
1. A device for detecting network traffic content, the device comprising: a memory configured for storing one or more signatures, each of the one or more signatures associated with content desired to be detected, and defined by one or more predicates;a processor configured to receive data associated with network traffic content, execute one or more instructions based on the one or more signatures and the data, and determine whether the network traffic content matches the content desired to be detected;a compiler connected to the memory, the compiler configured to translate the one or more signatures into a machine language and to store compiled signatures in the memory;a network traffic content processing module, executable by the processor, to receive data associated with network traffic content, apply instructions based on the one or more signatures and the data, and determine whether the network traffic content matches the content desired to be detected;a network traffic flow management module to manage flow of the network traffic, the management including redirecting the network traffic content when the network traffic content processing module identifies network traffic content including content desired to be detected, the redirecting including passing a copy of the network traffic content to a stack, passing at least a portion of the network traffic content to the processor to determine whether the at least a portion of the network traffic content contains undesirable content, signal the stack to release the copy to the user when the processor identifies no undesirable content, and signaling the stack to delete the copy when the processor identifies undesirable content; andwherein the network traffic content is received and transmitted via a plurality of wire-based network ports of the device and signatures are received via a, wire-based network port of the device, the wire-based network port that receives the signatures is a distinct wire-based port from the plurality of wire-based network ports that receive and transmit the network traffic content, and the network traffic content is communicated over a different network than then signatures. 2. The device of claim 1, wherein one or both of the memory and the processor are associated with a firewall. 3. The device of claim 1, wherein the processor comprises a general purpose processor. 4. The device of claim 1, wherein the processor comprises an ASIC processor. 5. The device of claim 4, wherein the ASIC processor is a semi-custom ASIC processor. 6. The device of claim 4, wherein the ASIC processor is a programmable ASIC processor. 7. The device of claim 1, wherein the content desired to be detected comprises a malicious code. 8. The device of claim 1, wherein the content desired to be detected is selected from the group consisting of a virus, a worm, a web content, a Trojan agent, an email spam, and a packet sent by a hacker. 9. The device of claim 1, further comprising a buffer for storing the network traffic content before the network traffic content is processed by the processor. 10. The device of claim 1, further comprising a network traffic flow management module for managing flow of the network traffic. 11. A device for detecting network traffic content, the device comprising: a memory configured for storing one or more signatures, each of the one or more signatures associated with content desired to be detected, and defined by one or more predicates;a processor configured to receive data associated with network traffic content, execute one or more instructions based on the one or more signatures and the data, and determine whether the network traffic content matches the content desired to be detected; anda network traffic flow management module for managing flow of the network traffic, wherein the network traffic flow management module includes a protocol differentiator for routing the network traffic content based on a protocol of the network traffic content, the routing including passing a copy of the network traffic content to a stack, passing at least a portion of the network traffic content to the processor to determine whether the at least a portion of the network traffic content contains undesirable content, signal the stack to release the copy to the user when the processor identifies no undesirable content, and signaling the stack to delete the copy when the processor identifies undesirable content;wherein the network traffic content is received and transmitted via a plurality of wire-based network ports of the device and signatures are received via a, wire-based network port of the device, the wire-based network port that receives the signatures is a distinct wire-based port from the plurality of wire-based network ports that receive and transmit the network traffic content, and the network traffic content is communicated over a different network than then signatures. 12. The device of claim 11, further comprising a stack for receiving packets associated with the network traffic content from the protocol differentiator, and sending the packets to the processor. 13. The device of claim 12, wherein the protocol differentiator is configured to route the network traffic content to the stack when it is determined that the network traffic content may contain content desired to be detected. 14. The device of claim 11, further comprising a packet processing module for receiving packets associated with the network traffic content from the protocol differentiator. 15. The device of claim 14, wherein the protocol differentiator is configured to route the network traffic content to the packet processing module when it is determined that the network traffic content is not of a type that may contain content desired to be detected.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.