Hardware based detection devices for detecting network traffic content and methods of using the same
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-015/16
H04L-029/06
H04L-012/26
출원번호
US-0558142
(2014-12-02)
등록번호
US-9374384
(2016-06-21)
발명자
/ 주소
Xie, Michael
출원인 / 주소
Fortinet, Inc.
대리인 / 주소
Law Office of Dorian Cartwright
인용정보
피인용 횟수 :
0인용 특허 :
47
초록▼
A device for detecting network traffic content is provided. The device includes a first input port configured to receive one or more signatures, each of the one or more signatures associated with content desired to be detected, a second input port configured to receive data associated with network t
A device for detecting network traffic content is provided. The device includes a first input port configured to receive one or more signatures, each of the one or more signatures associated with content desired to be detected, a second input port configured to receive data associated with network traffic content. The device also includes a processor configured to process the one or more signatures and the data to determine whether the network traffic content matches the content desired to be detected, and an output port configured to couple the device to a computer system of an intended recipient of the network traffic content. The output port passes the network traffic content to the computer system when it is determined that the network traffic content does not match the content desired to be detected.
대표청구항▼
1. A method for detecting network traffic content, the method comprising: translating, by a network device, at least one signature codified with at least one predicate representative of at least one function to be performed to detect network traffic content to be detected into a byte stream executab
1. A method for detecting network traffic content, the method comprising: translating, by a network device, at least one signature codified with at least one predicate representative of at least one function to be performed to detect network traffic content to be detected into a byte stream executable by a processor to determine whether network traffic content matches content to be detected, the at least one signature is received via a first input port of the network device;receiving, by the network device via a second input port, network traffic content; andprocessing, by the network device, received network traffic content to determine whether the network traffic content includes the content to be detected as represented in the translated at least one signature. 2. The method of claim 1, further comprising preventing at least a portion of the network traffic content from being sent to a user when the network traffic content matches the content to be detected. 3. The method of claim 1, further comprising sending a message to a user when the network traffic content matches the content to be detected. 4. The method of claim 1, wherein each of the first and the second input ports are externally accessible. 5. The method of claim 1, further comprising: categorizing each of the at least one signatures according to the one or more functions prescribed by each of the at least one predicates. 6. The method of claim 1, further comprising storing the at least one signature. 7. The method of claim 1, wherein each of the at least one signatures is codified using at least one predicate. 8. The method of claim 7, wherein each of the at least one predicates is represented in a signature by one or more of a letter, a word, a sentence, a number, a logical operator, and a mathematical operator. 9. The method of claim 1, wherein the network device operates to manage a flow of the network traffic content. 10. The method of claim 9, wherein the network device, in managing the flow of the network traffic content, scans received data to determine a protocol of the network traffic content and performs the processing when the determined protocol of the network traffic content matches a protocol of network traffic content that could contain the content to be detected. 11. A non-transitory computer product includes a computer-readable medium, the computer-readable medium having a set of stored instructions, an execution of which causes a process to be performed, the process comprising: translating, by a network device, at least one signature codified with at least one predicate representative of at least one function to be performed to detect network traffic content to be detected into a byte stream executable by a processor to determine whether network traffic content matches content to be detected, the at least one signature is received via a first input port of the network device;receiving, by the network device via a second input port, network traffic content; andprocessing, by the network device, received network traffic content to determine whether the network traffic content includes the content to be detected as represented in the translated at least one signature. 12. The non-transitory computer product of claim 11, the process further comprising preventing at least a portion of the network traffic content from being sent to a user when the network traffic content matches the content to be detected. 13. The non-transitory computer product of claim 11, the process further comprising blocking the network traffic content and sending a message to a user when the network traffic content matches the content to be detected. 14. The non-transitory computer product of claim 12, wherein each of the first and the second input ports are externally accessible. 15. The non-transitory computer product of claim 11, the process further comprising categorizing each of the at least one signatures according to the one or more functions prescribed by the at least one of the one or more predicates. 16. The non-transitory computer product of claim 11, the process further comprising storing the translated at least one signature. 17. The non-transitory computer product of claim 11, wherein each of the at least one signatures is codified according one or more predicates. 18. The non-transitory computer product of claim 17, wherein each of the one or more predicates is represented in a signature by one or more of a letter, a word, a sentence, a number, a logical operator, and a mathematical operator. 19. The non-transitory computer product of claim 11, the process further comprising managing a flow of the network traffic content. 20. The non-transitory computer product of claim 19, wherein the managing comprises scanning the data to determine a protocol of the network traffic content, wherein the processing is performed when the determined protocol of the network traffic content matches with a protocol of network traffic content that could contain the content to be detected.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (47)
Fan Serene ; Truong Steve, Access control for networks.
Cooper,Geoffrey; Sherlock,Kieran G.; Shaw,Bob; Valente,Luis, Automated generation of an english language representation of a formal network security policy specification.
Shtayer Ronen (Tel-Aviv ILX) Alon Naveh (Ranat Hashnron ILX) Alexander Joffe (Rehovot ILX), Method and apparatus for pacing asynchronous transfer mode (ATM) data cell transmission.
Mansfield ; Jr William H. (Pittstown NJ) Raitaz John E. (Morristown NJ), Method and system for broadcasting and querying a database using a multi-function module.
Doyle,Ronald P.; Hind,John R.; Narten,Thomas; Peters,Marcia L., Methods, systems and computer program products for detecting a spoofed source address in IP datagrams.
Keanini,Timothy D.; Quiroga,Martin A.; Buchanan,Brian W.; Flowers,John S., Network security system having a device profiler communicatively coupled to a traffic monitor.
Magdych, James S.; Rahmanovic, Tarik; McDonald, John R.; Tellier, Brock E.; Osborne, Anthony C.; Herath, Nishad P., Secure gateway for analyzing textual content to identify a harmful impact on computer systems with known vulnerabilities.
McManis Charles E. ; Yellin Frank, System and method for generating trusted, architecture specific, compiled versions of architecture neutral programs.
Ratcliff Bruce H. ; Valley Stephen R., System for checking status of supported functions of communication platforms at preselected intervals in order to allow hosts to obtain updated list of all supported functions.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.