WO2006073740B1 - Interpreting an application message at a network element using sampling and heuristics - Google Patents
Interpreting an application message at a network element using sampling and heuristicsInfo
- Publication number
- WO2006073740B1 WO2006073740B1 PCT/US2005/045625 US2005045625W WO2006073740B1 WO 2006073740 B1 WO2006073740 B1 WO 2006073740B1 US 2005045625 W US2005045625 W US 2005045625W WO 2006073740 B1 WO2006073740 B1 WO 2006073740B1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- message
- packet
- network element
- blade
- contained
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0894—Policy-based network configuration management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0245—Filtering by information in the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/30—Definitions, standards or architectural aspects of layered protocol stacks
- H04L69/32—Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
- H04L69/322—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
- H04L69/329—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/02—Standardisation; Integration
- H04L41/0246—Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols
- H04L41/0266—Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols using meta-data, objects or commands for formatting management information, e.g. using eXtensible markup language [XML]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0893—Assignment of logical groups to network elements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
Abstract
A method is disclosed for interpreting an application message at a network element using sampling and heuristics. Using this method, a network element such as a router can determine, based solely on a data packet's packet headers, whether the network element ought to invest the time and processing power required to inspect and interpret the data packet's payload portion, or whether the network element can send the data packet toward the data packet's destination without inspecting and interpreting the data packet's payload portion. According to one aspect, while in a sampling state, the network element determines shared packet header characteristics possessed by packet headers of all data packets that require application layer message inspection. While in a processing state, the network element forgoes application layer message inspection relative to data packets whose packet headers do not possess the shared packet header characteristics. The network element alternates between the states.
Claims
1. A method of interpreting an application layer message at a network element, the method comprising the computer-implemented steps of: receiving a group of data packets at the network element, wherein each data packet in the group of data packets comprises a separate packet header group and a separate payload portion; inspecting payload portions of data packets in the data packet group to determine application layer messages that are collectively contained in one or more of the payload portions; for each particular message classification in a set of message classifications, determining a separate message subset of the application layer messages that satisfy all criteria associated with the particular message classification, thereby producing one or more message subsets; for each particular message subset in the message subsets, determining a separate set of characteristics that are possessed by every packet header group that was contained in a data packet that also contained at least a portion of an application layer message that is in the particular message subset, thereby producing one or more characteristic sets; receiving, at the network element, a first data packet that comprises a first packet header group and a first payload portion; determining whether the first packet header group possesses all of the characteristics contained in any of the characteristic sets; if the first packet header group possesses all of the characteristics contained in any characteristic set in the characteristic sets, then inspecting the first payload portion to determine at least a portion of a first application layer message that is contained therein; and if the first packet header group does not possess all of the characteristics contained in at least one of the characteristic sets, then sending the first data packet toward a destination without inspecting the first payload portion.
2. A method as recited in Claim 1, further comprising: if the first packet header group possesses all of the characteristics contained in any characteristic set in the characteristic sets, then performing steps comprising: determining whether at least a portion of the first application layer message satisfies all criteria associated with a first message classification in the set of message classifications; and if at least a portion of the first application layer message satisfies all criteria associated with the first message classification, then performing, at the network element, one or more actions that are associated with the first message classification.
3. A method as recited in Claim 1 , wherein the network element is a network router.
4. A method as recited in Claim 1, wherein determining a separate message subset comprises determining a message subset of the application layer messages that are Extensible Markup Language (XML) documents that contain a specified path within a hierarchical structure.
5. A method as recited in Claim 1, wherein determining a separate set of characteristics comprises determining whether source addresses that are specified in Internet Protocol (IP) headers of data packets are the same.
6. A method as recited in Claim 1, wherein determining a separate set of characteristics comprises determining whether destination addresses that are specified in Internet Protocol (IP) headers of data packets are the same.
7. A method as recited in Claim 1, wherein determining a separate set of characteristics comprises determining whether ports that are specified in Transport Control Protocol (TCP) headers of data packets are the same.
8. A method of interpreting an application layer message at a network element, the method comprising the computer-implemented steps of: during a first time interval, sending, to a first blade of the network element, every data packet that is received by a second blade of the network element during the first time interval; during the first time interval, receiving, at the second blade, one or more sets of packet header characteristics that the first blade determined based on packet headers of data packets that the second blade sent to the first blade; and during a second time interval, sending, to the first blade, only data packets that are received by the second blade during the second time interval and that contain packet headers that possess all characteristics that are contained in at least one of the sets of packet header characteristics.
SC
9. A computer-readable medium carrying one or more sequences of instructions for interpreting an application layer message at a network element, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of: receiving a group of data packets at the network element, wherein each data packet in the group of data packets comprises a separate packet header group and a separate payload portion; inspecting payload portions of data packets in the data packet group to determine application layer messages that are collectively contained in one or more of the payload portions; for each particular message classification in a set of message classifications, determining a separate message subset of the application layer messages that satisfy all criteria associated with the particular message classification, thereby producing one ore more message subsets; for each particular message subset in the message subsets, determining a separate set of characteristics that are possessed by every packet header group that was contained in a data packet that also contained at least a portion of an application layer message that is in the particular message subset, thereby producing characteristic sets; receiving, at the network element, a first data packet that comprises a first packet header group and a first payload portion; determining whether the first packet header group possesses all of the characteristics contained in any of the characteristic sets; if the first packet header group possesses all of the characteristics contained in any characteristic set in the characteristic sets, then inspecting the first payload portion to determine at least a portion of a first application layer message that is contained therein; and if the first packet header group does not possess all of the characteristics contained in at least one of the characteristic sets, then sending the first data packet toward a destination without inspecting the first payload portion.
10. A computer-readable medium as recited in Claim 9, wherein the steps further comprise: if the first packet header group possesses all of the characteristics contained in any of the characteristic sets, then performing steps comprising: determining whether at least a portion of the first application layer message satisfies all criteria associated with a first message classification in the set of message classifications; and if at least a portion of the first application layer message satisfies all criteria associated with the first message classification, then performing, at the network element, one or more actions that are associated with the first message classification.
11. A computer-readable medium as recited in Claim 9, wherein the network element is a network router.
12. A computer-readable medium as recited in Claim 9, wherein determining a separate message subset comprises determining a message subset that comprises those of the application layer messages that are Extensible Markup Language (XML) documents that contain a specified path within a hierarchical structure.
13. A computer-readable medium as recited in Claim 9, wherein determining a separate set of characteristics comprises determining whether source addresses that are specified in Internet Protocol (IP) headers of data packets are the same.
14. A computer-readable medium as recited in Claim 9, wherein determining a separate set of characteristics comprises determining whether destination addresses that are specified in Internet Protocol (IP) headers of data packets are the same.
15. A computer-readable medium as recited in Claim 9, wherein determining a separate set of characteristics comprises determining whether ports that are specified in Transport Control Protocol headers of data packets are the same.
16. A computer-readable medium carrying one or more sequences of instructions for interpreting an application layer message at a network element, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of: during a first time interval, sending, to a first blade of the network element, every data packet that is received by a second blade of the network element during the first time interval; during the first time interval, receiving, at the second blade, one or more sets of packet header characteristics that the first blade determined based on packet headers of data packets that the second blade sent to the first blade; and during a second time interval, sending, to the first blade, only data packets that are received by the second blade during the second time interval and that contain packet headers that possess all characteristics that are contained in at least one of the sets of packet header characteristics.
17. An apparatus for interpreting an application layer message at a network element, the apparatus comprising: means for receiving a group of data packets at the network element, wherein each data packet in the group of data packets comprises a separate packet header group and a separate payload portion; means for inspecting payload portions of data packets in the data packet group to determine application layer messages that are collectively contained in one or more of the payload portions; means for determining, for each particular message classification in a set of message classifications, a separate message subset of the application layer messages that satisfy all criteria associated with the particular message classification, thereby producing message subsets; means for determining, for each particular message subset in the message subsets, a separate set of characteristics that are possessed by every packet header group that was contained in a data packet that also contained at least a portion of an application layer message that is in the particular message subset, thereby producing one or more characteristic sets; means for receiving, at the network element, a first data packet that comprises a first packet header group and a first payload portion; means for determining whether the first packet header group possesses all of the characteristics contained in any of the characteristic sets; means for inspecting the first payload portion to determine at least a portion of a first application layer message that is contained therein if the first packet header group possesses all of the characteristics contained in any of the characteristic sets; and means for sending the first data packet toward a destination without inspecting the first payload portion if the first packet header group does not possess all of the characteristics contained in at least one of the characteristic sets.
18. An apparatus for interpreting an application layer message at a network element, the apparatus comprising: means for sending, to a first blade of the network element during a first time interval, every data packet that is received by a second blade of the network element during the first time interval; means for receiving, at the second blade, one or more sets of packet header characteristics, during the first time interval,_that the first blade determined based on packet headers of data packets that the second blade sent to the first blade; and means for sending, to the first blade during a second time interval, only data packets that are received by the second blade during the second time interval and that contain packet headers that possess all characteristics that are contained in at least one of the sets of packet header characteristics.
19. An apparatus for interpreting an application layer message at a network element, the apparatus comprising: a network interface that is coupled to a data network for receiving one or more packet flows therefrom; one or more processors; one or more stored sequences of instructions which, when executed by the one or more processors, cause the one or more processors to carry out the steps of: receiving a group of data packets at the network element, wherein each data packet in the group of data packets comprises a separate packet header group and a separate payload portion; inspecting payload portions of data packets in the group to determine application layer messages that are collectively contained in one or more of the payload portions; for each particular message classification in a set of message classifications, determining a separate message subset that comprises those of the application layer messages that satisfy all criteria associated with the particular message classification, thereby producing message subsets;
-52- for each particular message subset in the message subsets, determining a separate set of characteristics that are possessed by every packet header group that was contained in a data packet that also contained at least a portion of an application layer message that is in the particular message subset, thereby producing one or more characteristic sets; receiving, at the network element, a first data packet that comprises a first packet header group and a first payload portion; determining whether the first packet header group possesses all of the characteristics contained in any of the characteristic sets; if the first packet header group possesses all of the characteristics contained in any of the characteristic sets, then inspecting the first payload portion to determine at least a portion of a first application layer message that is contained therein; and if the first packet header group does not possess all of the characteristics contained in at least one of the characteristic sets, then sending the first data packet toward a destination without inspecting the first payload portion.
20. An apparatus for performing adaptive load balancing, the apparatus comprising: a network interface that is coupled to a data network for receiving one or more packet flows therefrom; one or more processors; one or more stored sequences of instructions which, when executed by the one or more processors, cause the one or more processors to carry out the steps of: during a first time interval, sending, to a first blade of the network element, every data packet that is received by a second blade of the network element during the first time interval; during the first time interval, receiving, at the second blade, one or more sets of packet header characteristics that the first blade determined based on packet headers of data packets that the second blade sent to the first blade; and
-53- during a second time interval, sending, to the first blade, only data packets that are received by the second blade during the second time interval and that contain packet headers that possess all characteristics that are contained in at least one of the sets of packet header characteristics.
-54-
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP20050854364 EP1834453A4 (en) | 2005-01-05 | 2005-12-15 | Interpreting an application message at a network element using sampling and heuristics |
CN200580045969.XA CN101099345B (en) | 2005-01-05 | 2005-12-15 | Interpreting an application message at a network element using sampling and heuristics |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/031,106 | 2005-01-05 | ||
US11/031,106 US7551567B2 (en) | 2005-01-05 | 2005-01-05 | Interpreting an application message at a network element using sampling and heuristics |
Publications (3)
Publication Number | Publication Date |
---|---|
WO2006073740A2 WO2006073740A2 (en) | 2006-07-13 |
WO2006073740A3 WO2006073740A3 (en) | 2007-01-11 |
WO2006073740B1 true WO2006073740B1 (en) | 2007-02-22 |
Family
ID=36640367
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2005/045625 WO2006073740A2 (en) | 2005-01-05 | 2005-12-15 | Interpreting an application message at a network element using sampling and heuristics |
Country Status (4)
Country | Link |
---|---|
US (1) | US7551567B2 (en) |
EP (1) | EP1834453A4 (en) |
CN (1) | CN101099345B (en) |
WO (1) | WO2006073740A2 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8060623B2 (en) | 2004-05-13 | 2011-11-15 | Cisco Technology, Inc. | Automated configuration of network device ports |
US8843598B2 (en) | 2005-08-01 | 2014-09-23 | Cisco Technology, Inc. | Network based device for providing RFID middleware functionality |
Families Citing this family (52)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7111163B1 (en) * | 2000-07-10 | 2006-09-19 | Alterwan, Inc. | Wide area network using internet with quality of service |
US8249953B2 (en) * | 2004-05-13 | 2012-08-21 | Cisco Technology, Inc. | Methods and apparatus for determining the status of a device |
US8113418B2 (en) * | 2004-05-13 | 2012-02-14 | Cisco Technology, Inc. | Virtual readers for scalable RFID infrastructures |
US8604910B2 (en) * | 2004-07-13 | 2013-12-10 | Cisco Technology, Inc. | Using syslog and SNMP for scalable monitoring of networked devices |
US8458467B2 (en) | 2005-06-21 | 2013-06-04 | Cisco Technology, Inc. | Method and apparatus for adaptive application message payload content transformation in a network infrastructure element |
US7509431B2 (en) * | 2004-11-17 | 2009-03-24 | Cisco Technology, Inc. | Performing message and transformation adapter functions in a network element on behalf of an application |
US7664879B2 (en) * | 2004-11-23 | 2010-02-16 | Cisco Technology, Inc. | Caching content and state data at a network element |
US7987272B2 (en) | 2004-12-06 | 2011-07-26 | Cisco Technology, Inc. | Performing message payload processing functions in a network element on behalf of an application |
US7725934B2 (en) * | 2004-12-07 | 2010-05-25 | Cisco Technology, Inc. | Network and application attack protection based on application layer message inspection |
US7496750B2 (en) * | 2004-12-07 | 2009-02-24 | Cisco Technology, Inc. | Performing security functions on a message payload in a network element |
US7606267B2 (en) * | 2004-12-10 | 2009-10-20 | Cisco Technology, Inc. | Reducing the sizes of application layer messages in a network element |
US8082304B2 (en) | 2004-12-10 | 2011-12-20 | Cisco Technology, Inc. | Guaranteed delivery of application layer messages by a network element |
US20060155862A1 (en) * | 2005-01-06 | 2006-07-13 | Hari Kathi | Data traffic load balancing based on application layer messages |
US7698416B2 (en) * | 2005-01-25 | 2010-04-13 | Cisco Technology, Inc. | Application layer message-based server failover management by a network element |
US7694287B2 (en) * | 2005-06-29 | 2010-04-06 | Visa U.S.A. | Schema-based dynamic parse/build engine for parsing multi-format messages |
US7953826B2 (en) * | 2005-07-14 | 2011-05-31 | Cisco Technology, Inc. | Provisioning and redundancy for RFID middleware servers |
EP1955471A4 (en) | 2005-12-01 | 2009-03-11 | Firestar Software Inc | System and method for exchanging information among exchange applications |
US8301752B2 (en) * | 2006-05-02 | 2012-10-30 | International Business Machines Corporation | Load balancing for network server |
US9021503B2 (en) * | 2007-11-16 | 2015-04-28 | Microsoft Technology Licensing, Llc | Coordinating application state and communication medium state |
US8505030B2 (en) * | 2007-11-16 | 2013-08-06 | Microsoft Corporation | Coordinating resources using a volatile network intermediary |
US8719841B2 (en) * | 2007-11-16 | 2014-05-06 | Microsoft Corporation | Dispatch mechanism for coordinating application and communication medium state |
US7817636B2 (en) * | 2008-01-30 | 2010-10-19 | Cisco Technology, Inc. | Obtaining information on forwarding decisions for a packet flow |
US8301706B2 (en) | 2009-06-15 | 2012-10-30 | Microsoft Corporation | Routing of pooled messages via an intermediary |
US8452835B2 (en) * | 2009-12-23 | 2013-05-28 | Citrix Systems, Inc. | Systems and methods for object rate limiting in multi-core system |
US8549538B2 (en) * | 2010-03-18 | 2013-10-01 | Microsoft Corporation | Coordinating communication medium state for subtasks |
JP5501052B2 (en) * | 2010-03-24 | 2014-05-21 | キヤノン株式会社 | COMMUNICATION DEVICE, COMMUNICATION DEVICE CONTROL METHOD, PROGRAM |
US8250234B2 (en) | 2010-04-26 | 2012-08-21 | Microsoft Corporation | Hierarchically disassembling messages |
US9191285B1 (en) * | 2012-03-14 | 2015-11-17 | Domo, Inc. | Automatic web service monitoring |
US8805921B2 (en) * | 2012-08-20 | 2014-08-12 | International Business Machines Corporation | System and method supporting application solution composition on cloud |
US9137205B2 (en) | 2012-10-22 | 2015-09-15 | Centripetal Networks, Inc. | Methods and systems for protecting a secured network |
US9565213B2 (en) * | 2012-10-22 | 2017-02-07 | Centripetal Networks, Inc. | Methods and systems for protecting a secured network |
US9203806B2 (en) | 2013-01-11 | 2015-12-01 | Centripetal Networks, Inc. | Rule swapping in a packet network |
US9124552B2 (en) | 2013-03-12 | 2015-09-01 | Centripetal Networks, Inc. | Filtering network data transfers |
US9094445B2 (en) | 2013-03-15 | 2015-07-28 | Centripetal Networks, Inc. | Protecting networks from cyber attacks and overloading |
US11675837B2 (en) * | 2014-03-17 | 2023-06-13 | Modelizeit Inc. | Analysis of data flows in complex enterprise IT environments |
AU2015312010B2 (en) * | 2014-09-02 | 2019-10-03 | Ab Initio Technology Llc. | Visually specifying subsets of components in graph-based programs through user interactions |
US9264370B1 (en) | 2015-02-10 | 2016-02-16 | Centripetal Networks, Inc. | Correlating packets in communications networks |
US9866576B2 (en) | 2015-04-17 | 2018-01-09 | Centripetal Networks, Inc. | Rule-based network-threat detection |
US9917856B2 (en) | 2015-12-23 | 2018-03-13 | Centripetal Networks, Inc. | Rule-based network-threat detection for encrypted communications |
US11729144B2 (en) | 2016-01-04 | 2023-08-15 | Centripetal Networks, Llc | Efficient packet capture for cyber threat analysis |
IL252037B (en) | 2017-04-30 | 2021-12-01 | Verint Systems Ltd | System and method for identifying relationships between users of computer applications |
US10503899B2 (en) | 2017-07-10 | 2019-12-10 | Centripetal Networks, Inc. | Cyberanalysis workflow acceleration |
US11233777B2 (en) | 2017-07-24 | 2022-01-25 | Centripetal Networks, Inc. | Efficient SSL/TLS proxy |
US10284526B2 (en) | 2017-07-24 | 2019-05-07 | Centripetal Networks, Inc. | Efficient SSL/TLS proxy |
IL256690B (en) * | 2018-01-01 | 2022-02-01 | Cognyte Tech Israel Ltd | System and method for identifying pairs of related application users |
US10630638B2 (en) * | 2018-03-09 | 2020-04-21 | Palo Alto Networks, Inc. | Maintaining communications in a failover instance via network address translation |
US10333898B1 (en) | 2018-07-09 | 2019-06-25 | Centripetal Networks, Inc. | Methods and systems for efficient network protection |
US11741196B2 (en) | 2018-11-15 | 2023-08-29 | The Research Foundation For The State University Of New York | Detecting and preventing exploits of software vulnerability using instruction tags |
CN110290188B (en) * | 2019-06-13 | 2020-06-02 | 四川大学 | HTTPS (hypertext transfer protocol secure) stream service online identification method suitable for large-scale network environment |
WO2021084439A1 (en) | 2019-11-03 | 2021-05-06 | Verint Systems Ltd. | System and method for identifying exchanges of encrypted communication traffic |
US11362996B2 (en) | 2020-10-27 | 2022-06-14 | Centripetal Networks, Inc. | Methods and systems for efficient adaptive logging of cyber threat incidents |
US11159546B1 (en) | 2021-04-20 | 2021-10-26 | Centripetal Networks, Inc. | Methods and systems for efficient threat context-aware packet filtering for network protection |
Family Cites Families (116)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100198065B1 (en) * | 1995-06-28 | 1999-06-15 | 김영환 | Destination address detecting device of hardware packet router |
JP3434994B2 (en) * | 1996-12-12 | 2003-08-11 | 富士通株式会社 | Cell assembly multiplexer |
US6430286B1 (en) * | 1997-04-22 | 2002-08-06 | At&T Corp | Service and information management system for a telecommunications network |
US6115378A (en) * | 1997-06-30 | 2000-09-05 | Sun Microsystems, Inc. | Multi-layer distributed network element |
US7162738B2 (en) * | 1998-11-03 | 2007-01-09 | Tumbleweed Communications Corp. | E-mail firewall with stored key encryption/decryption |
US6341130B1 (en) * | 1998-02-09 | 2002-01-22 | Lucent Technologies, Inc. | Packet classification method and apparatus employing two fields |
US6145079A (en) | 1998-03-06 | 2000-11-07 | Deloitte & Touche Usa Llp | Secure electronic transactions using a trusted intermediary to perform electronic services |
US6337856B1 (en) * | 1998-05-20 | 2002-01-08 | Steelcase Development Corporation | Multimedia data communications system |
US6363477B1 (en) * | 1998-08-28 | 2002-03-26 | 3Com Corporation | Method for analyzing network application flows in an encrypted environment |
US6125391A (en) * | 1998-10-16 | 2000-09-26 | Commerce One, Inc. | Market makers using documents for commerce in trading partner networks |
US6226675B1 (en) * | 1998-10-16 | 2001-05-01 | Commerce One, Inc. | Participant server which process documents for commerce in trading partner networks |
US6587431B1 (en) * | 1998-12-18 | 2003-07-01 | Nortel Networks Limited | Supertrunking for packet switching |
US7215641B1 (en) * | 1999-01-27 | 2007-05-08 | Cisco Technology, Inc. | Per-flow dynamic buffer management |
US6356951B1 (en) * | 1999-03-01 | 2002-03-12 | Sun Microsystems, Inc. | System for parsing a packet for conformity with a predetermined protocol using mask and comparison values included in a parsing instruction |
US6678827B1 (en) * | 1999-05-06 | 2004-01-13 | Watchguard Technologies, Inc. | Managing multiple network security devices from a manager device |
US6683881B1 (en) * | 1999-05-28 | 2004-01-27 | Ericsson Inc. | Interface between an SS7 gateway and an IP network |
US6868426B1 (en) * | 1999-07-07 | 2005-03-15 | Jeffrey W. Mankoff | Virtual document organizer system and method |
KR100532274B1 (en) * | 1999-09-08 | 2005-11-29 | 삼성전자주식회사 | Apparatus for transfering long message in portable terminal and method therefor |
JP3619411B2 (en) | 1999-12-03 | 2005-02-09 | 富士通株式会社 | Packet relay device |
US6510464B1 (en) * | 1999-12-14 | 2003-01-21 | Verizon Corporate Services Group Inc. | Secure gateway having routing feature |
US7149222B2 (en) * | 1999-12-21 | 2006-12-12 | Converged Access, Inc. | Integrated access point network device |
US6510434B1 (en) * | 1999-12-29 | 2003-01-21 | Bellsouth Intellectual Property Corporation | System and method for retrieving information from a database using an index of XML tags and metafiles |
US6701440B1 (en) | 2000-01-06 | 2004-03-02 | Networks Associates Technology, Inc. | Method and system for protecting a computer using a remote e-mail scanning device |
JP3730471B2 (en) * | 2000-02-14 | 2006-01-05 | 富士通株式会社 | Packet transfer device |
US6772223B1 (en) * | 2000-04-10 | 2004-08-03 | International Business Machines Corporation | Configurable classification interface for networking devices supporting multiple action packet handling rules |
US7111076B2 (en) * | 2000-04-13 | 2006-09-19 | Intel Corporation | System using transform template and XML document type definition for transforming message and its reply |
US7215637B1 (en) * | 2000-04-17 | 2007-05-08 | Juniper Networks, Inc. | Systems and methods for processing packets |
US7111163B1 (en) * | 2000-07-10 | 2006-09-19 | Alterwan, Inc. | Wide area network using internet with quality of service |
US6804222B1 (en) * | 2000-07-14 | 2004-10-12 | At&T Corp. | In-band Qos signaling reference model for QoS-driven wireless LANs |
US6862270B1 (en) * | 2000-07-14 | 2005-03-01 | At&T Corp. | Architectural reference model for QoS-driven wireless LANs |
US6718326B2 (en) * | 2000-08-17 | 2004-04-06 | Nippon Telegraph And Telephone Corporation | Packet classification search device and method |
US6785732B1 (en) * | 2000-09-11 | 2004-08-31 | International Business Machines Corporation | Web server apparatus and method for virus checking |
US20020114274A1 (en) * | 2000-09-19 | 2002-08-22 | Sturges James H. | Packet based network for supporting real time applications |
WO2002037754A2 (en) | 2000-11-03 | 2002-05-10 | At & T Corp. | Tiered contention multiple access (tcma): a method for priority-based shared channel access |
US7046680B1 (en) * | 2000-11-28 | 2006-05-16 | Mci, Inc. | Network access system including a programmable access device having distributed service control |
US7296268B2 (en) | 2000-12-18 | 2007-11-13 | Microsoft Corporation | Dynamic monitor and controller of availability of a load-balancing cluster |
US20020126672A1 (en) * | 2001-01-10 | 2002-09-12 | Nelson Chow | Method and apparatus for a flexible and reconfigurable packet classifier using content addressable memory |
US6996842B2 (en) * | 2001-01-30 | 2006-02-07 | Intel Corporation | Processing internet protocol security traffic |
US6996234B2 (en) * | 2001-02-02 | 2006-02-07 | Asier Technology Corporation | Data decryption methodology |
US7213071B2 (en) * | 2001-04-03 | 2007-05-01 | International Business Machines Corporation | Quality of service improvements for network transactions |
US20020161907A1 (en) * | 2001-04-25 | 2002-10-31 | Avery Moon | Adaptive multi-protocol communications system |
US7134075B2 (en) | 2001-04-26 | 2006-11-07 | International Business Machines Corporation | Conversion of documents between XML and processor efficient MXML in content based routing networks |
AUPR459901A0 (en) * | 2001-04-27 | 2001-05-24 | Sharinga Networks Inc. | Instant messaging |
US20020165957A1 (en) | 2001-05-02 | 2002-11-07 | Devoe Jiva Gandhara | Intelligent dynamic route selection based on active probing of network operational characteristics |
US7089586B2 (en) * | 2001-05-02 | 2006-08-08 | Ipr Licensing, Inc. | Firewall protection for wireless users |
US6934702B2 (en) * | 2001-05-04 | 2005-08-23 | Sun Microsystems, Inc. | Method and system of routing messages in a distributed search network |
US6816455B2 (en) * | 2001-05-09 | 2004-11-09 | Telecom Italia S.P.A. | Dynamic packet filter utilizing session tracking |
US6813690B1 (en) * | 2001-06-12 | 2004-11-02 | Network Appliance, Inc. | Caching media data using content-sensitive identifiers |
US7020143B2 (en) | 2001-06-18 | 2006-03-28 | Ericsson Inc. | System for and method of differentiated queuing in a routing system |
US6944678B2 (en) | 2001-06-18 | 2005-09-13 | Transtech Networks Usa, Inc. | Content-aware application switch and methods thereof |
US20030028599A1 (en) * | 2001-06-19 | 2003-02-06 | Kolsky Amir D. | Method and system for a communication scheme over heterogeneous networks |
US6745041B2 (en) * | 2001-06-27 | 2004-06-01 | Tekelec | Methods and systems for communicating between subscribers of different application-layer mobile communications protocols |
JP4274710B2 (en) * | 2001-06-28 | 2009-06-10 | 株式会社日立製作所 | Communication relay device |
US7363353B2 (en) * | 2001-07-06 | 2008-04-22 | Juniper Networks, Inc. | Content service aggregation device for a data center |
EP1418709B1 (en) * | 2001-08-09 | 2012-02-08 | Panasonic Corporation | Apparatus and transmission method |
US20030033463A1 (en) * | 2001-08-10 | 2003-02-13 | Garnett Paul J. | Computer system storage |
US7230949B2 (en) * | 2001-08-24 | 2007-06-12 | Juniper Networks, Inc. | Efficient method and system for automatic discovery and verification of optimal paths through a dynamic multi-point meshed overlay network |
US7126907B2 (en) | 2001-08-31 | 2006-10-24 | Tropic Networks Inc. | Label switched communication network, a method of conditioning the network and a method of data transmission |
US7536712B2 (en) * | 2001-10-16 | 2009-05-19 | Microsoft Corporation | Flexible electronic message security mechanism |
US20030093530A1 (en) * | 2001-10-26 | 2003-05-15 | Majid Syed | Arbitrator system and method for national and local content distribution |
WO2003039094A2 (en) * | 2001-10-29 | 2003-05-08 | Omtool, Ltd | Methods and apparatus for securely communicating a message |
US7127740B2 (en) * | 2001-10-29 | 2006-10-24 | Pitney Bowes Inc. | Monitoring system for a corporate network |
US8040873B2 (en) * | 2001-11-07 | 2011-10-18 | Alcatel Lucent | Distributed integration of legacy PBX system with SIP networks |
JP3726741B2 (en) * | 2001-11-16 | 2005-12-14 | 日本電気株式会社 | Packet transfer apparatus, method and program |
JP3898498B2 (en) * | 2001-12-06 | 2007-03-28 | 富士通株式会社 | Server load balancing system |
US20040136371A1 (en) * | 2002-01-04 | 2004-07-15 | Muralidhar Rajeev D. | Distributed implementation of control protocols in routers and switches |
US7962925B2 (en) * | 2002-02-22 | 2011-06-14 | Oracle International Corporation | System and method for XML data binding |
US7245620B2 (en) * | 2002-03-15 | 2007-07-17 | Broadcom Corporation | Method and apparatus for filtering packet data in a network device |
US7185365B2 (en) * | 2002-03-27 | 2007-02-27 | Intel Corporation | Security enabled network access control |
US7385982B2 (en) * | 2002-04-09 | 2008-06-10 | Next Generation Systems, Inc. | Systems and methods for providing quality of service (QoS) in an environment that does not normally support QoS features |
US7437451B2 (en) | 2002-05-16 | 2008-10-14 | Hewlett-Packard Development Company, L.P. | System and method for collecting desired information for network transactions at the kernel level |
US7627693B2 (en) * | 2002-06-11 | 2009-12-01 | Pandya Ashish A | IP storage processor and engine therefor using RDMA |
US7239634B1 (en) * | 2002-06-17 | 2007-07-03 | Signafor, Inc. | Encryption mechanism in advanced packet switching system |
US9088494B2 (en) * | 2002-06-26 | 2015-07-21 | Avaya Communication Israel Ltd. | Packet fragmentation prevention |
US6968374B2 (en) * | 2002-07-03 | 2005-11-22 | Telefonaktiebolaget Lm Ericsson (Publ) | Quality of service (QOS) mechanism in an internet protocol (IP) network |
US7301951B2 (en) * | 2002-07-31 | 2007-11-27 | At&T Knowledge Ventures, L.P. | Resource reservation protocol based guaranteed quality of service internet protocol connections over a switched network |
US7298750B2 (en) * | 2002-07-31 | 2007-11-20 | At&T Knowledge Ventures, L.P. | Enhancement of resource reservation protocol enabling short-cut internet protocol connections over a switched network |
US7237014B2 (en) * | 2002-08-01 | 2007-06-26 | Drummond Group | System and method for in situ, real-time, supply chain, interoperability verification |
US6950822B1 (en) * | 2002-11-06 | 2005-09-27 | Oracle International Corporation | Techniques for increasing efficiency while servicing requests for database services |
US7475241B2 (en) * | 2002-11-22 | 2009-01-06 | Cisco Technology, Inc. | Methods and apparatus for dynamic session key generation and rekeying in mobile IP |
US20040221319A1 (en) * | 2002-12-06 | 2004-11-04 | Ian Zenoni | Application streamer |
KR100658650B1 (en) | 2002-12-12 | 2006-12-15 | 후아웨이 테크놀러지 컴퍼니 리미티드 | A process method about the service connection between the wireless local area network and user terminal |
US20040121789A1 (en) * | 2002-12-23 | 2004-06-24 | Teddy Lindsey | Method and apparatus for communicating information in a global distributed network |
US7640427B2 (en) * | 2003-01-07 | 2009-12-29 | Pgp Corporation | System and method for secure electronic communication in a partially keyless environment |
US7895589B2 (en) * | 2003-02-26 | 2011-02-22 | International Business Machines Corporation | Dynamic data-driven application integration adapters |
US7398386B2 (en) * | 2003-04-12 | 2008-07-08 | Cavium Networks, Inc. | Transparent IPSec processing inline between a framer and a network component |
US20050021836A1 (en) * | 2003-05-01 | 2005-01-27 | Reed Carl J. | System and method for message processing and routing |
US7590736B2 (en) | 2003-06-30 | 2009-09-15 | Microsoft Corporation | Flexible network load balancing |
US7567504B2 (en) | 2003-06-30 | 2009-07-28 | Microsoft Corporation | Network load balancing with traffic routing |
US7613822B2 (en) | 2003-06-30 | 2009-11-03 | Microsoft Corporation | Network load balancing with session information |
KR100898092B1 (en) * | 2003-08-12 | 2009-05-18 | 리서치 인 모션 리미티드 | System and method for processing encoded messages |
US7769994B2 (en) * | 2003-08-13 | 2010-08-03 | Radware Ltd. | Content inspection in secure networks |
US7191248B2 (en) * | 2003-08-29 | 2007-03-13 | Microsoft Corporation | Communication stack for network communication and routing |
US7362763B2 (en) * | 2003-09-04 | 2008-04-22 | Samsung Electronics Co., Ltd. | Apparatus and method for classifying traffic in a distributed architecture router |
US7142866B2 (en) * | 2003-09-09 | 2006-11-28 | Harris Corporation | Load leveling in mobile ad-hoc networks to support end-to-end delay reduction, QoS and energy leveling |
US7483384B2 (en) * | 2003-09-22 | 2009-01-27 | Hewlett-Packard Development Company, L.P. | System and method for monitoring network traffic |
US8453196B2 (en) * | 2003-10-14 | 2013-05-28 | Salesforce.Com, Inc. | Policy management in an interoperability network |
KR100849345B1 (en) * | 2003-10-30 | 2008-07-29 | 삼성전자주식회사 | Method for Supporting QoS in High Packet Data System |
US7421695B2 (en) * | 2003-11-12 | 2008-09-02 | Cisco Tech Inc | System and methodology for adaptive load balancing with behavior modification hints |
US7194485B2 (en) * | 2003-11-21 | 2007-03-20 | International Business Machines Corporation | Mapping XML schema components to qualified java components |
US20050188103A1 (en) * | 2003-12-30 | 2005-08-25 | Nokia Corporation | Method or device for delivering a packet in a scatternet |
EP1712106B1 (en) * | 2004-02-03 | 2010-09-01 | Nokia Corporation | Method and apparatus for providing end-to-end quality of service (qos) |
JP4276568B2 (en) * | 2004-03-26 | 2009-06-10 | 株式会社日立コミュニケーションテクノロジー | Router and SIP server |
US20050229243A1 (en) * | 2004-03-31 | 2005-10-13 | Svendsen Hugh B | Method and system for providing Web browsing through a firewall in a peer to peer network |
US9686669B2 (en) * | 2004-04-08 | 2017-06-20 | Nokia Technologies Oy | Method of configuring a mobile node |
US7322523B2 (en) | 2004-05-13 | 2008-01-29 | Cisco Technology, Inc. | Methods and devices for uniquely provisioning RFID devices |
US7581248B2 (en) | 2004-06-28 | 2009-08-25 | International Business Machines Corporation | Federated identity brokering |
US7664879B2 (en) * | 2004-11-23 | 2010-02-16 | Cisco Technology, Inc. | Caching content and state data at a network element |
US7987272B2 (en) * | 2004-12-06 | 2011-07-26 | Cisco Technology, Inc. | Performing message payload processing functions in a network element on behalf of an application |
US7725934B2 (en) * | 2004-12-07 | 2010-05-25 | Cisco Technology, Inc. | Network and application attack protection based on application layer message inspection |
US7496750B2 (en) * | 2004-12-07 | 2009-02-24 | Cisco Technology, Inc. | Performing security functions on a message payload in a network element |
US7606267B2 (en) * | 2004-12-10 | 2009-10-20 | Cisco Technology, Inc. | Reducing the sizes of application layer messages in a network element |
US8082304B2 (en) * | 2004-12-10 | 2011-12-20 | Cisco Technology, Inc. | Guaranteed delivery of application layer messages by a network element |
US20060155862A1 (en) * | 2005-01-06 | 2006-07-13 | Hari Kathi | Data traffic load balancing based on application layer messages |
FR2880752A1 (en) * | 2005-01-10 | 2006-07-14 | Thomson Licensing Sa | METHOD OF CONSTRUCTING SINGLE DIFFUSION ADDRESS BY A SERVER AND SERVER USING THE SAME |
US7698416B2 (en) * | 2005-01-25 | 2010-04-13 | Cisco Technology, Inc. | Application layer message-based server failover management by a network element |
-
2005
- 2005-01-05 US US11/031,106 patent/US7551567B2/en not_active Expired - Fee Related
- 2005-12-15 CN CN200580045969.XA patent/CN101099345B/en active Active
- 2005-12-15 WO PCT/US2005/045625 patent/WO2006073740A2/en active Application Filing
- 2005-12-15 EP EP20050854364 patent/EP1834453A4/en not_active Withdrawn
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8060623B2 (en) | 2004-05-13 | 2011-11-15 | Cisco Technology, Inc. | Automated configuration of network device ports |
US8601143B2 (en) | 2004-05-13 | 2013-12-03 | Cisco Technology, Inc. | Automated configuration of network device ports |
US8843598B2 (en) | 2005-08-01 | 2014-09-23 | Cisco Technology, Inc. | Network based device for providing RFID middleware functionality |
Also Published As
Publication number | Publication date |
---|---|
CN101099345B (en) | 2011-04-13 |
WO2006073740A2 (en) | 2006-07-13 |
US20060146879A1 (en) | 2006-07-06 |
CN101099345A (en) | 2008-01-02 |
EP1834453A4 (en) | 2014-12-24 |
US7551567B2 (en) | 2009-06-23 |
EP1834453A2 (en) | 2007-09-19 |
WO2006073740A3 (en) | 2007-01-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2006073740B1 (en) | Interpreting an application message at a network element using sampling and heuristics | |
US8639752B2 (en) | Systems and methods for content type classification | |
US7725938B2 (en) | Inline intrusion detection | |
US11115504B2 (en) | Batch processing for QUIC | |
US8224902B1 (en) | Method and apparatus for selective email processing | |
EP1917765B1 (en) | Flow control based on flow policies in a communication network | |
EP1209876B1 (en) | Dynamic load balancer | |
US7543076B2 (en) | Message header spam filtering | |
US20080002579A1 (en) | Arrangement and a Method Relating to Flow of Packets in Communication Systems | |
US20070025261A1 (en) | Generating Traffic For Testing A System Under Test | |
JP2001510947A (en) | High-speed transfer and filtering of network packets in computer systems | |
CN102377640B (en) | Message processing apparatus, message processing method and preprocessor | |
WO2006012284A3 (en) | An apparatus and method for packet coalescing within interconnection network routers | |
US7269752B2 (en) | Dynamically controlling power consumption within a network node | |
US6980549B1 (en) | Policy enforcing switch | |
US20200106866A1 (en) | Method and apparatus for processing packets in a network device | |
US20030093566A1 (en) | System and method for network and application transparent database acceleration | |
JP2016504810A (en) | Content-based overload protection | |
US8289860B2 (en) | Application monitor apparatus | |
WO2011051750A2 (en) | Method of monitoring network traffic by means of descriptive metadata | |
JP5382812B2 (en) | Data compression / transfer system, transmission apparatus, and data compression / transfer method used therefor | |
EP2112804A3 (en) | Packet routing via payload inspection and subscription processing in a publish-subscribe network | |
CN104753726B (en) | A kind of Audit control method and system of serial data stream | |
EP3461084A1 (en) | Method and apparatus for implementing efficient quality of service (qos) through feedback flow loop in a software accelerator | |
Morais | Data communication systems protocol stacks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 3288/DELNP/2007 Country of ref document: IN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2005854364 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 200580045969.X Country of ref document: CN |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWP | Wipo information: published in national office |
Ref document number: 2005854364 Country of ref document: EP |