A device for detecting network traffic content is provided. The device includes a memory configured for storing one or more signatures, each of the one or more signatures associated with content desired to be detected, and 5 defined by one or more predicates. The device a/so includes a processor con
A device for detecting network traffic content is provided. The device includes a memory configured for storing one or more signatures, each of the one or more signatures associated with content desired to be detected, and 5 defined by one or more predicates. The device a/so includes a processor configured to receive data associated with network traffic content, execute one or more instructions based on the one or more signatures and the data, and determine whether the network traffic content matches the content desired to be detected.
대표청구항▼
1. A device for detecting network traffic content, the device comprising: a memory configured for storing one or more signatures, each of the one or more signatures associated with content desired to be detected, and defined by one or more predicates;a compiler connected to the memory, the compiler
1. A device for detecting network traffic content, the device comprising: a memory configured for storing one or more signatures, each of the one or more signatures associated with content desired to be detected, and defined by one or more predicates;a compiler connected to the memory, the compiler configured to translate the one or more signatures into a machine language and to store compiled signatures in the memory;a processor configured to receive a plurality of concurrent data sessions associated with network traffic content, execute one or more first set of instructions based on the one or more signatures and the data for a first data session of the plurality of concurrent data sessions, and subsequent to the first session execute one or more second set of instructions based on the one or more signatures and the data for a second data session of the plurality of concurrent data sessions and determine whether the network traffic content matches the content desired to be detected;a network traffic content processing module stored in memory, executable by the processor, to receive data associated with network traffic content, apply instructions based on the one or more signatures and the data, and determine whether the network traffic content matches the content desired to be detected; anda network traffic flow management module to manage flow of the network traffic, the management including redirecting the network traffic content when the network traffic content processing module identifies network traffic content including content desired to be detected, wherein the network traffic flow management module is configured to: redirect at least a portion of the network traffic content to a separate memory;redirect a copy of the at least a portion of the network traffic content to a stack, wherein the stack further passes the copy to the processor to determine whether the copy contains undesirable content;responsive to a determination that the copy contains no undesirable content: signal the separate memory to transmit the at least a portion of the network traffic content and the remaining entirety of the network traffic content;signal the stack to delete the copywherein the network traffic content is received and transmitted via a plurality of wire-based network ports of the device and signatures are received via a wire-based network port of the device. 2. The device of claim 1, wherein one or both of the memory and the processor are associated with a firewall. 3. The device of claim 1, wherein the processor comprises a general purpose processor. 4. The device of claim 1, wherein the processor comprises an ASIC processor. 5. The device of claim 4, wherein the ASIC processor is a semi-custom ASIC processor. 6. The device of claim 4, wherein the ASIC processor is a programmable ASIC processor. 7. The device of claim 1, wherein the content desired to be detected comprises a malicious code. 8. The device of claim 1, wherein the content desired to be detected is selected from the group consisting of a virus, a worm, a web content, a Trojan agent, an email spam, and a packet sent by a hacker. 9. The device of claim 1, further comprising a buffer for storing the network traffic content before the network traffic content is processed by the processor. 10. The device of claim 1, further comprising a network traffic flow management module for managing flow of the network traffic. 11. A device for detecting network traffic content, the device comprising: a memory configured for storing one or more signatures, each of the one or more signatures associated with content desired to be detected, and defined by one or more predicates; anda processor configured to receive a plurality of concurrent data sessions associated with network traffic content, execute one or more first set of instructions based on the one or more signatures and the data for a first data session of the plurality of concurrent data sessions, and subsequent to the first session execute one or more second set of instructions based on the one or more signatures and the data for a second data session of the plurality of concurrent data sessions and determine whether the network traffic content matches the content desired to be detected; anda network traffic flow management module to manage flow of the network traffic, the management including redirecting the network traffic content when the network traffic content processing module identifies network traffic content including content desired to be detected, wherein the network traffic flow management module is configured to: redirect at least a portion of the network traffic content to a separate memory;redirect a copy of the at least a portion of the network traffic content to a stack, wherein the stack further passes the copy to the processor to determine whether the copy contains undesirable content;responsive to a determination that the copy contains no undesirable content: signal the separate memory to transmit the at least a portion of the network traffic content and the remaining entirety of the network traffic content;signal the stack to delete the copywherein the network traffic content is received and transmitted via a plurality of wire-based network ports of the device and signatures are received via a wire-based network port of the device. 12. The device of claim 11, further comprising a packet processing module for receiving packets associated with the network traffic content from a protocol differentiator. 13. The device of claim 12, wherein the protocol differentiator is configured to route the network traffic content to the packet processing module when it is determined that the network traffic content is not of a type that may contain content desired to be detected. 14. The device of claim 1, wherein subsequent to the processor executing of one or more second set of instructions, the processor is figured configured to execute one or more third set of instructions based on the one or more signatures and the data for a third data session of the plurality of concurrent data sessions. 15. The device of claim 14, wherein the one or more third set of instructions is the first set of instructions.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (48)
Fan Serene ; Truong Steve, Access control for networks.
Cooper,Geoffrey; Sherlock,Kieran G.; Shaw,Bob; Valente,Luis, Automated generation of an english language representation of a formal network security policy specification.
Shtayer Ronen (Tel-Aviv ILX) Alon Naveh (Ranat Hashnron ILX) Alexander Joffe (Rehovot ILX), Method and apparatus for pacing asynchronous transfer mode (ATM) data cell transmission.
Mansfield ; Jr William H. (Pittstown NJ) Raitaz John E. (Morristown NJ), Method and system for broadcasting and querying a database using a multi-function module.
Doyle,Ronald P.; Hind,John R.; Narten,Thomas; Peters,Marcia L., Methods, systems and computer program products for detecting a spoofed source address in IP datagrams.
Keanini,Timothy D.; Quiroga,Martin A.; Buchanan,Brian W.; Flowers,John S., Network security system having a device profiler communicatively coupled to a traffic monitor.
Magdych, James S.; Rahmanovic, Tarik; McDonald, John R.; Tellier, Brock E.; Osborne, Anthony C.; Herath, Nishad P., Secure gateway for analyzing textual content to identify a harmful impact on computer systems with known vulnerabilities.
McManis Charles E. ; Yellin Frank, System and method for generating trusted, architecture specific, compiled versions of architecture neutral programs.
Ratcliff Bruce H. ; Valley Stephen R., System for checking status of supported functions of communication platforms at preselected intervals in order to allow hosts to obtain updated list of all supported functions.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.