WO2006073740B1 - Interpreting an application message at a network element using sampling and heuristics - Google Patents

Interpreting an application message at a network element using sampling and heuristics

Info

Publication number
WO2006073740B1
WO2006073740B1 PCT/US2005/045625 US2005045625W WO2006073740B1 WO 2006073740 B1 WO2006073740 B1 WO 2006073740B1 US 2005045625 W US2005045625 W US 2005045625W WO 2006073740 B1 WO2006073740 B1 WO 2006073740B1
Authority
WO
WIPO (PCT)
Prior art keywords
message
packet
network element
blade
contained
Prior art date
Application number
PCT/US2005/045625
Other languages
French (fr)
Other versions
WO2006073740A2 (en
WO2006073740A3 (en
Inventor
Tefcros Anthias
Sunil Potti
Subramanian Srinivasan
Nitesh Trikha
Original Assignee
Cisco Tech Inc
Tefcros Anthias
Sunil Potti
Subramanian Srinivasan
Nitesh Trikha
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cisco Tech Inc, Tefcros Anthias, Sunil Potti, Subramanian Srinivasan, Nitesh Trikha filed Critical Cisco Tech Inc
Priority to EP20050854364 priority Critical patent/EP1834453A4/en
Priority to CN200580045969.XA priority patent/CN101099345B/en
Publication of WO2006073740A2 publication Critical patent/WO2006073740A2/en
Publication of WO2006073740A3 publication Critical patent/WO2006073740A3/en
Publication of WO2006073740B1 publication Critical patent/WO2006073740B1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0894Policy-based network configuration management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0245Filtering by information in the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0246Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols
    • H04L41/0266Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols using meta-data, objects or commands for formatting management information, e.g. using eXtensible markup language [XML]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0893Assignment of logical groups to network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]

Abstract

A method is disclosed for interpreting an application message at a network element using sampling and heuristics. Using this method, a network element such as a router can determine, based solely on a data packet's packet headers, whether the network element ought to invest the time and processing power required to inspect and interpret the data packet's payload portion, or whether the network element can send the data packet toward the data packet's destination without inspecting and interpreting the data packet's payload portion. According to one aspect, while in a sampling state, the network element determines shared packet header characteristics possessed by packet headers of all data packets that require application layer message inspection. While in a processing state, the network element forgoes application layer message inspection relative to data packets whose packet headers do not possess the shared packet header characteristics. The network element alternates between the states.

Claims

AMENDED CLAIMS[received by the International Bureau on November 20, 2006 (20.11.2006)]
1. A method of interpreting an application layer message at a network element, the method comprising the computer-implemented steps of: receiving a group of data packets at the network element, wherein each data packet in the group of data packets comprises a separate packet header group and a separate payload portion; inspecting payload portions of data packets in the data packet group to determine application layer messages that are collectively contained in one or more of the payload portions; for each particular message classification in a set of message classifications, determining a separate message subset of the application layer messages that satisfy all criteria associated with the particular message classification, thereby producing one or more message subsets; for each particular message subset in the message subsets, determining a separate set of characteristics that are possessed by every packet header group that was contained in a data packet that also contained at least a portion of an application layer message that is in the particular message subset, thereby producing one or more characteristic sets; receiving, at the network element, a first data packet that comprises a first packet header group and a first payload portion; determining whether the first packet header group possesses all of the characteristics contained in any of the characteristic sets; if the first packet header group possesses all of the characteristics contained in any characteristic set in the characteristic sets, then inspecting the first payload portion to determine at least a portion of a first application layer message that is contained therein; and if the first packet header group does not possess all of the characteristics contained in at least one of the characteristic sets, then sending the first data packet toward a destination without inspecting the first payload portion.
2. A method as recited in Claim 1, further comprising: if the first packet header group possesses all of the characteristics contained in any characteristic set in the characteristic sets, then performing steps comprising: determining whether at least a portion of the first application layer message satisfies all criteria associated with a first message classification in the set of message classifications; and if at least a portion of the first application layer message satisfies all criteria associated with the first message classification, then performing, at the network element, one or more actions that are associated with the first message classification.
3. A method as recited in Claim 1 , wherein the network element is a network router.
4. A method as recited in Claim 1, wherein determining a separate message subset comprises determining a message subset of the application layer messages that are Extensible Markup Language (XML) documents that contain a specified path within a hierarchical structure.
5. A method as recited in Claim 1, wherein determining a separate set of characteristics comprises determining whether source addresses that are specified in Internet Protocol (IP) headers of data packets are the same.
6. A method as recited in Claim 1, wherein determining a separate set of characteristics comprises determining whether destination addresses that are specified in Internet Protocol (IP) headers of data packets are the same.
7. A method as recited in Claim 1, wherein determining a separate set of characteristics comprises determining whether ports that are specified in Transport Control Protocol (TCP) headers of data packets are the same.
8. A method of interpreting an application layer message at a network element, the method comprising the computer-implemented steps of: during a first time interval, sending, to a first blade of the network element, every data packet that is received by a second blade of the network element during the first time interval; during the first time interval, receiving, at the second blade, one or more sets of packet header characteristics that the first blade determined based on packet headers of data packets that the second blade sent to the first blade; and during a second time interval, sending, to the first blade, only data packets that are received by the second blade during the second time interval and that contain packet headers that possess all characteristics that are contained in at least one of the sets of packet header characteristics.
SC
9. A computer-readable medium carrying one or more sequences of instructions for interpreting an application layer message at a network element, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of: receiving a group of data packets at the network element, wherein each data packet in the group of data packets comprises a separate packet header group and a separate payload portion; inspecting payload portions of data packets in the data packet group to determine application layer messages that are collectively contained in one or more of the payload portions; for each particular message classification in a set of message classifications, determining a separate message subset of the application layer messages that satisfy all criteria associated with the particular message classification, thereby producing one ore more message subsets; for each particular message subset in the message subsets, determining a separate set of characteristics that are possessed by every packet header group that was contained in a data packet that also contained at least a portion of an application layer message that is in the particular message subset, thereby producing characteristic sets; receiving, at the network element, a first data packet that comprises a first packet header group and a first payload portion; determining whether the first packet header group possesses all of the characteristics contained in any of the characteristic sets; if the first packet header group possesses all of the characteristics contained in any characteristic set in the characteristic sets, then inspecting the first payload portion to determine at least a portion of a first application layer message that is contained therein; and if the first packet header group does not possess all of the characteristics contained in at least one of the characteristic sets, then sending the first data packet toward a destination without inspecting the first payload portion.
10. A computer-readable medium as recited in Claim 9, wherein the steps further comprise: if the first packet header group possesses all of the characteristics contained in any of the characteristic sets, then performing steps comprising: determining whether at least a portion of the first application layer message satisfies all criteria associated with a first message classification in the set of message classifications; and if at least a portion of the first application layer message satisfies all criteria associated with the first message classification, then performing, at the network element, one or more actions that are associated with the first message classification.
11. A computer-readable medium as recited in Claim 9, wherein the network element is a network router.
12. A computer-readable medium as recited in Claim 9, wherein determining a separate message subset comprises determining a message subset that comprises those of the application layer messages that are Extensible Markup Language (XML) documents that contain a specified path within a hierarchical structure.
13. A computer-readable medium as recited in Claim 9, wherein determining a separate set of characteristics comprises determining whether source addresses that are specified in Internet Protocol (IP) headers of data packets are the same.
14. A computer-readable medium as recited in Claim 9, wherein determining a separate set of characteristics comprises determining whether destination addresses that are specified in Internet Protocol (IP) headers of data packets are the same.
15. A computer-readable medium as recited in Claim 9, wherein determining a separate set of characteristics comprises determining whether ports that are specified in Transport Control Protocol headers of data packets are the same.
16. A computer-readable medium carrying one or more sequences of instructions for interpreting an application layer message at a network element, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of: during a first time interval, sending, to a first blade of the network element, every data packet that is received by a second blade of the network element during the first time interval; during the first time interval, receiving, at the second blade, one or more sets of packet header characteristics that the first blade determined based on packet headers of data packets that the second blade sent to the first blade; and during a second time interval, sending, to the first blade, only data packets that are received by the second blade during the second time interval and that contain packet headers that possess all characteristics that are contained in at least one of the sets of packet header characteristics.
17. An apparatus for interpreting an application layer message at a network element, the apparatus comprising: means for receiving a group of data packets at the network element, wherein each data packet in the group of data packets comprises a separate packet header group and a separate payload portion; means for inspecting payload portions of data packets in the data packet group to determine application layer messages that are collectively contained in one or more of the payload portions; means for determining, for each particular message classification in a set of message classifications, a separate message subset of the application layer messages that satisfy all criteria associated with the particular message classification, thereby producing message subsets; means for determining, for each particular message subset in the message subsets, a separate set of characteristics that are possessed by every packet header group that was contained in a data packet that also contained at least a portion of an application layer message that is in the particular message subset, thereby producing one or more characteristic sets; means for receiving, at the network element, a first data packet that comprises a first packet header group and a first payload portion; means for determining whether the first packet header group possesses all of the characteristics contained in any of the characteristic sets; means for inspecting the first payload portion to determine at least a portion of a first application layer message that is contained therein if the first packet header group possesses all of the characteristics contained in any of the characteristic sets; and means for sending the first data packet toward a destination without inspecting the first payload portion if the first packet header group does not possess all of the characteristics contained in at least one of the characteristic sets.
18. An apparatus for interpreting an application layer message at a network element, the apparatus comprising: means for sending, to a first blade of the network element during a first time interval, every data packet that is received by a second blade of the network element during the first time interval; means for receiving, at the second blade, one or more sets of packet header characteristics, during the first time interval,_that the first blade determined based on packet headers of data packets that the second blade sent to the first blade; and means for sending, to the first blade during a second time interval, only data packets that are received by the second blade during the second time interval and that contain packet headers that possess all characteristics that are contained in at least one of the sets of packet header characteristics.
19. An apparatus for interpreting an application layer message at a network element, the apparatus comprising: a network interface that is coupled to a data network for receiving one or more packet flows therefrom; one or more processors; one or more stored sequences of instructions which, when executed by the one or more processors, cause the one or more processors to carry out the steps of: receiving a group of data packets at the network element, wherein each data packet in the group of data packets comprises a separate packet header group and a separate payload portion; inspecting payload portions of data packets in the group to determine application layer messages that are collectively contained in one or more of the payload portions; for each particular message classification in a set of message classifications, determining a separate message subset that comprises those of the application layer messages that satisfy all criteria associated with the particular message classification, thereby producing message subsets;
-52- for each particular message subset in the message subsets, determining a separate set of characteristics that are possessed by every packet header group that was contained in a data packet that also contained at least a portion of an application layer message that is in the particular message subset, thereby producing one or more characteristic sets; receiving, at the network element, a first data packet that comprises a first packet header group and a first payload portion; determining whether the first packet header group possesses all of the characteristics contained in any of the characteristic sets; if the first packet header group possesses all of the characteristics contained in any of the characteristic sets, then inspecting the first payload portion to determine at least a portion of a first application layer message that is contained therein; and if the first packet header group does not possess all of the characteristics contained in at least one of the characteristic sets, then sending the first data packet toward a destination without inspecting the first payload portion.
20. An apparatus for performing adaptive load balancing, the apparatus comprising: a network interface that is coupled to a data network for receiving one or more packet flows therefrom; one or more processors; one or more stored sequences of instructions which, when executed by the one or more processors, cause the one or more processors to carry out the steps of: during a first time interval, sending, to a first blade of the network element, every data packet that is received by a second blade of the network element during the first time interval; during the first time interval, receiving, at the second blade, one or more sets of packet header characteristics that the first blade determined based on packet headers of data packets that the second blade sent to the first blade; and
-53- during a second time interval, sending, to the first blade, only data packets that are received by the second blade during the second time interval and that contain packet headers that possess all characteristics that are contained in at least one of the sets of packet header characteristics.
-54-
PCT/US2005/045625 2005-01-05 2005-12-15 Interpreting an application message at a network element using sampling and heuristics WO2006073740A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP20050854364 EP1834453A4 (en) 2005-01-05 2005-12-15 Interpreting an application message at a network element using sampling and heuristics
CN200580045969.XA CN101099345B (en) 2005-01-05 2005-12-15 Interpreting an application message at a network element using sampling and heuristics

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11/031,106 2005-01-05
US11/031,106 US7551567B2 (en) 2005-01-05 2005-01-05 Interpreting an application message at a network element using sampling and heuristics

Publications (3)

Publication Number Publication Date
WO2006073740A2 WO2006073740A2 (en) 2006-07-13
WO2006073740A3 WO2006073740A3 (en) 2007-01-11
WO2006073740B1 true WO2006073740B1 (en) 2007-02-22

Family

ID=36640367

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2005/045625 WO2006073740A2 (en) 2005-01-05 2005-12-15 Interpreting an application message at a network element using sampling and heuristics

Country Status (4)

Country Link
US (1) US7551567B2 (en)
EP (1) EP1834453A4 (en)
CN (1) CN101099345B (en)
WO (1) WO2006073740A2 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8060623B2 (en) 2004-05-13 2011-11-15 Cisco Technology, Inc. Automated configuration of network device ports
US8843598B2 (en) 2005-08-01 2014-09-23 Cisco Technology, Inc. Network based device for providing RFID middleware functionality

Families Citing this family (52)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7111163B1 (en) * 2000-07-10 2006-09-19 Alterwan, Inc. Wide area network using internet with quality of service
US8249953B2 (en) * 2004-05-13 2012-08-21 Cisco Technology, Inc. Methods and apparatus for determining the status of a device
US8113418B2 (en) * 2004-05-13 2012-02-14 Cisco Technology, Inc. Virtual readers for scalable RFID infrastructures
US8604910B2 (en) * 2004-07-13 2013-12-10 Cisco Technology, Inc. Using syslog and SNMP for scalable monitoring of networked devices
US8458467B2 (en) 2005-06-21 2013-06-04 Cisco Technology, Inc. Method and apparatus for adaptive application message payload content transformation in a network infrastructure element
US7509431B2 (en) * 2004-11-17 2009-03-24 Cisco Technology, Inc. Performing message and transformation adapter functions in a network element on behalf of an application
US7664879B2 (en) * 2004-11-23 2010-02-16 Cisco Technology, Inc. Caching content and state data at a network element
US7987272B2 (en) 2004-12-06 2011-07-26 Cisco Technology, Inc. Performing message payload processing functions in a network element on behalf of an application
US7725934B2 (en) * 2004-12-07 2010-05-25 Cisco Technology, Inc. Network and application attack protection based on application layer message inspection
US7496750B2 (en) * 2004-12-07 2009-02-24 Cisco Technology, Inc. Performing security functions on a message payload in a network element
US7606267B2 (en) * 2004-12-10 2009-10-20 Cisco Technology, Inc. Reducing the sizes of application layer messages in a network element
US8082304B2 (en) 2004-12-10 2011-12-20 Cisco Technology, Inc. Guaranteed delivery of application layer messages by a network element
US20060155862A1 (en) * 2005-01-06 2006-07-13 Hari Kathi Data traffic load balancing based on application layer messages
US7698416B2 (en) * 2005-01-25 2010-04-13 Cisco Technology, Inc. Application layer message-based server failover management by a network element
US7694287B2 (en) * 2005-06-29 2010-04-06 Visa U.S.A. Schema-based dynamic parse/build engine for parsing multi-format messages
US7953826B2 (en) * 2005-07-14 2011-05-31 Cisco Technology, Inc. Provisioning and redundancy for RFID middleware servers
EP1955471A4 (en) 2005-12-01 2009-03-11 Firestar Software Inc System and method for exchanging information among exchange applications
US8301752B2 (en) * 2006-05-02 2012-10-30 International Business Machines Corporation Load balancing for network server
US9021503B2 (en) * 2007-11-16 2015-04-28 Microsoft Technology Licensing, Llc Coordinating application state and communication medium state
US8505030B2 (en) * 2007-11-16 2013-08-06 Microsoft Corporation Coordinating resources using a volatile network intermediary
US8719841B2 (en) * 2007-11-16 2014-05-06 Microsoft Corporation Dispatch mechanism for coordinating application and communication medium state
US7817636B2 (en) * 2008-01-30 2010-10-19 Cisco Technology, Inc. Obtaining information on forwarding decisions for a packet flow
US8301706B2 (en) 2009-06-15 2012-10-30 Microsoft Corporation Routing of pooled messages via an intermediary
US8452835B2 (en) * 2009-12-23 2013-05-28 Citrix Systems, Inc. Systems and methods for object rate limiting in multi-core system
US8549538B2 (en) * 2010-03-18 2013-10-01 Microsoft Corporation Coordinating communication medium state for subtasks
JP5501052B2 (en) * 2010-03-24 2014-05-21 キヤノン株式会社 COMMUNICATION DEVICE, COMMUNICATION DEVICE CONTROL METHOD, PROGRAM
US8250234B2 (en) 2010-04-26 2012-08-21 Microsoft Corporation Hierarchically disassembling messages
US9191285B1 (en) * 2012-03-14 2015-11-17 Domo, Inc. Automatic web service monitoring
US8805921B2 (en) * 2012-08-20 2014-08-12 International Business Machines Corporation System and method supporting application solution composition on cloud
US9137205B2 (en) 2012-10-22 2015-09-15 Centripetal Networks, Inc. Methods and systems for protecting a secured network
US9565213B2 (en) * 2012-10-22 2017-02-07 Centripetal Networks, Inc. Methods and systems for protecting a secured network
US9203806B2 (en) 2013-01-11 2015-12-01 Centripetal Networks, Inc. Rule swapping in a packet network
US9124552B2 (en) 2013-03-12 2015-09-01 Centripetal Networks, Inc. Filtering network data transfers
US9094445B2 (en) 2013-03-15 2015-07-28 Centripetal Networks, Inc. Protecting networks from cyber attacks and overloading
US11675837B2 (en) * 2014-03-17 2023-06-13 Modelizeit Inc. Analysis of data flows in complex enterprise IT environments
AU2015312010B2 (en) * 2014-09-02 2019-10-03 Ab Initio Technology Llc. Visually specifying subsets of components in graph-based programs through user interactions
US9264370B1 (en) 2015-02-10 2016-02-16 Centripetal Networks, Inc. Correlating packets in communications networks
US9866576B2 (en) 2015-04-17 2018-01-09 Centripetal Networks, Inc. Rule-based network-threat detection
US9917856B2 (en) 2015-12-23 2018-03-13 Centripetal Networks, Inc. Rule-based network-threat detection for encrypted communications
US11729144B2 (en) 2016-01-04 2023-08-15 Centripetal Networks, Llc Efficient packet capture for cyber threat analysis
IL252037B (en) 2017-04-30 2021-12-01 Verint Systems Ltd System and method for identifying relationships between users of computer applications
US10503899B2 (en) 2017-07-10 2019-12-10 Centripetal Networks, Inc. Cyberanalysis workflow acceleration
US11233777B2 (en) 2017-07-24 2022-01-25 Centripetal Networks, Inc. Efficient SSL/TLS proxy
US10284526B2 (en) 2017-07-24 2019-05-07 Centripetal Networks, Inc. Efficient SSL/TLS proxy
IL256690B (en) * 2018-01-01 2022-02-01 Cognyte Tech Israel Ltd System and method for identifying pairs of related application users
US10630638B2 (en) * 2018-03-09 2020-04-21 Palo Alto Networks, Inc. Maintaining communications in a failover instance via network address translation
US10333898B1 (en) 2018-07-09 2019-06-25 Centripetal Networks, Inc. Methods and systems for efficient network protection
US11741196B2 (en) 2018-11-15 2023-08-29 The Research Foundation For The State University Of New York Detecting and preventing exploits of software vulnerability using instruction tags
CN110290188B (en) * 2019-06-13 2020-06-02 四川大学 HTTPS (hypertext transfer protocol secure) stream service online identification method suitable for large-scale network environment
WO2021084439A1 (en) 2019-11-03 2021-05-06 Verint Systems Ltd. System and method for identifying exchanges of encrypted communication traffic
US11362996B2 (en) 2020-10-27 2022-06-14 Centripetal Networks, Inc. Methods and systems for efficient adaptive logging of cyber threat incidents
US11159546B1 (en) 2021-04-20 2021-10-26 Centripetal Networks, Inc. Methods and systems for efficient threat context-aware packet filtering for network protection

Family Cites Families (116)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100198065B1 (en) * 1995-06-28 1999-06-15 김영환 Destination address detecting device of hardware packet router
JP3434994B2 (en) * 1996-12-12 2003-08-11 富士通株式会社 Cell assembly multiplexer
US6430286B1 (en) * 1997-04-22 2002-08-06 At&T Corp Service and information management system for a telecommunications network
US6115378A (en) * 1997-06-30 2000-09-05 Sun Microsystems, Inc. Multi-layer distributed network element
US7162738B2 (en) * 1998-11-03 2007-01-09 Tumbleweed Communications Corp. E-mail firewall with stored key encryption/decryption
US6341130B1 (en) * 1998-02-09 2002-01-22 Lucent Technologies, Inc. Packet classification method and apparatus employing two fields
US6145079A (en) 1998-03-06 2000-11-07 Deloitte & Touche Usa Llp Secure electronic transactions using a trusted intermediary to perform electronic services
US6337856B1 (en) * 1998-05-20 2002-01-08 Steelcase Development Corporation Multimedia data communications system
US6363477B1 (en) * 1998-08-28 2002-03-26 3Com Corporation Method for analyzing network application flows in an encrypted environment
US6125391A (en) * 1998-10-16 2000-09-26 Commerce One, Inc. Market makers using documents for commerce in trading partner networks
US6226675B1 (en) * 1998-10-16 2001-05-01 Commerce One, Inc. Participant server which process documents for commerce in trading partner networks
US6587431B1 (en) * 1998-12-18 2003-07-01 Nortel Networks Limited Supertrunking for packet switching
US7215641B1 (en) * 1999-01-27 2007-05-08 Cisco Technology, Inc. Per-flow dynamic buffer management
US6356951B1 (en) * 1999-03-01 2002-03-12 Sun Microsystems, Inc. System for parsing a packet for conformity with a predetermined protocol using mask and comparison values included in a parsing instruction
US6678827B1 (en) * 1999-05-06 2004-01-13 Watchguard Technologies, Inc. Managing multiple network security devices from a manager device
US6683881B1 (en) * 1999-05-28 2004-01-27 Ericsson Inc. Interface between an SS7 gateway and an IP network
US6868426B1 (en) * 1999-07-07 2005-03-15 Jeffrey W. Mankoff Virtual document organizer system and method
KR100532274B1 (en) * 1999-09-08 2005-11-29 삼성전자주식회사 Apparatus for transfering long message in portable terminal and method therefor
JP3619411B2 (en) 1999-12-03 2005-02-09 富士通株式会社 Packet relay device
US6510464B1 (en) * 1999-12-14 2003-01-21 Verizon Corporate Services Group Inc. Secure gateway having routing feature
US7149222B2 (en) * 1999-12-21 2006-12-12 Converged Access, Inc. Integrated access point network device
US6510434B1 (en) * 1999-12-29 2003-01-21 Bellsouth Intellectual Property Corporation System and method for retrieving information from a database using an index of XML tags and metafiles
US6701440B1 (en) 2000-01-06 2004-03-02 Networks Associates Technology, Inc. Method and system for protecting a computer using a remote e-mail scanning device
JP3730471B2 (en) * 2000-02-14 2006-01-05 富士通株式会社 Packet transfer device
US6772223B1 (en) * 2000-04-10 2004-08-03 International Business Machines Corporation Configurable classification interface for networking devices supporting multiple action packet handling rules
US7111076B2 (en) * 2000-04-13 2006-09-19 Intel Corporation System using transform template and XML document type definition for transforming message and its reply
US7215637B1 (en) * 2000-04-17 2007-05-08 Juniper Networks, Inc. Systems and methods for processing packets
US7111163B1 (en) * 2000-07-10 2006-09-19 Alterwan, Inc. Wide area network using internet with quality of service
US6804222B1 (en) * 2000-07-14 2004-10-12 At&T Corp. In-band Qos signaling reference model for QoS-driven wireless LANs
US6862270B1 (en) * 2000-07-14 2005-03-01 At&T Corp. Architectural reference model for QoS-driven wireless LANs
US6718326B2 (en) * 2000-08-17 2004-04-06 Nippon Telegraph And Telephone Corporation Packet classification search device and method
US6785732B1 (en) * 2000-09-11 2004-08-31 International Business Machines Corporation Web server apparatus and method for virus checking
US20020114274A1 (en) * 2000-09-19 2002-08-22 Sturges James H. Packet based network for supporting real time applications
WO2002037754A2 (en) 2000-11-03 2002-05-10 At & T Corp. Tiered contention multiple access (tcma): a method for priority-based shared channel access
US7046680B1 (en) * 2000-11-28 2006-05-16 Mci, Inc. Network access system including a programmable access device having distributed service control
US7296268B2 (en) 2000-12-18 2007-11-13 Microsoft Corporation Dynamic monitor and controller of availability of a load-balancing cluster
US20020126672A1 (en) * 2001-01-10 2002-09-12 Nelson Chow Method and apparatus for a flexible and reconfigurable packet classifier using content addressable memory
US6996842B2 (en) * 2001-01-30 2006-02-07 Intel Corporation Processing internet protocol security traffic
US6996234B2 (en) * 2001-02-02 2006-02-07 Asier Technology Corporation Data decryption methodology
US7213071B2 (en) * 2001-04-03 2007-05-01 International Business Machines Corporation Quality of service improvements for network transactions
US20020161907A1 (en) * 2001-04-25 2002-10-31 Avery Moon Adaptive multi-protocol communications system
US7134075B2 (en) 2001-04-26 2006-11-07 International Business Machines Corporation Conversion of documents between XML and processor efficient MXML in content based routing networks
AUPR459901A0 (en) * 2001-04-27 2001-05-24 Sharinga Networks Inc. Instant messaging
US20020165957A1 (en) 2001-05-02 2002-11-07 Devoe Jiva Gandhara Intelligent dynamic route selection based on active probing of network operational characteristics
US7089586B2 (en) * 2001-05-02 2006-08-08 Ipr Licensing, Inc. Firewall protection for wireless users
US6934702B2 (en) * 2001-05-04 2005-08-23 Sun Microsystems, Inc. Method and system of routing messages in a distributed search network
US6816455B2 (en) * 2001-05-09 2004-11-09 Telecom Italia S.P.A. Dynamic packet filter utilizing session tracking
US6813690B1 (en) * 2001-06-12 2004-11-02 Network Appliance, Inc. Caching media data using content-sensitive identifiers
US7020143B2 (en) 2001-06-18 2006-03-28 Ericsson Inc. System for and method of differentiated queuing in a routing system
US6944678B2 (en) 2001-06-18 2005-09-13 Transtech Networks Usa, Inc. Content-aware application switch and methods thereof
US20030028599A1 (en) * 2001-06-19 2003-02-06 Kolsky Amir D. Method and system for a communication scheme over heterogeneous networks
US6745041B2 (en) * 2001-06-27 2004-06-01 Tekelec Methods and systems for communicating between subscribers of different application-layer mobile communications protocols
JP4274710B2 (en) * 2001-06-28 2009-06-10 株式会社日立製作所 Communication relay device
US7363353B2 (en) * 2001-07-06 2008-04-22 Juniper Networks, Inc. Content service aggregation device for a data center
EP1418709B1 (en) * 2001-08-09 2012-02-08 Panasonic Corporation Apparatus and transmission method
US20030033463A1 (en) * 2001-08-10 2003-02-13 Garnett Paul J. Computer system storage
US7230949B2 (en) * 2001-08-24 2007-06-12 Juniper Networks, Inc. Efficient method and system for automatic discovery and verification of optimal paths through a dynamic multi-point meshed overlay network
US7126907B2 (en) 2001-08-31 2006-10-24 Tropic Networks Inc. Label switched communication network, a method of conditioning the network and a method of data transmission
US7536712B2 (en) * 2001-10-16 2009-05-19 Microsoft Corporation Flexible electronic message security mechanism
US20030093530A1 (en) * 2001-10-26 2003-05-15 Majid Syed Arbitrator system and method for national and local content distribution
WO2003039094A2 (en) * 2001-10-29 2003-05-08 Omtool, Ltd Methods and apparatus for securely communicating a message
US7127740B2 (en) * 2001-10-29 2006-10-24 Pitney Bowes Inc. Monitoring system for a corporate network
US8040873B2 (en) * 2001-11-07 2011-10-18 Alcatel Lucent Distributed integration of legacy PBX system with SIP networks
JP3726741B2 (en) * 2001-11-16 2005-12-14 日本電気株式会社 Packet transfer apparatus, method and program
JP3898498B2 (en) * 2001-12-06 2007-03-28 富士通株式会社 Server load balancing system
US20040136371A1 (en) * 2002-01-04 2004-07-15 Muralidhar Rajeev D. Distributed implementation of control protocols in routers and switches
US7962925B2 (en) * 2002-02-22 2011-06-14 Oracle International Corporation System and method for XML data binding
US7245620B2 (en) * 2002-03-15 2007-07-17 Broadcom Corporation Method and apparatus for filtering packet data in a network device
US7185365B2 (en) * 2002-03-27 2007-02-27 Intel Corporation Security enabled network access control
US7385982B2 (en) * 2002-04-09 2008-06-10 Next Generation Systems, Inc. Systems and methods for providing quality of service (QoS) in an environment that does not normally support QoS features
US7437451B2 (en) 2002-05-16 2008-10-14 Hewlett-Packard Development Company, L.P. System and method for collecting desired information for network transactions at the kernel level
US7627693B2 (en) * 2002-06-11 2009-12-01 Pandya Ashish A IP storage processor and engine therefor using RDMA
US7239634B1 (en) * 2002-06-17 2007-07-03 Signafor, Inc. Encryption mechanism in advanced packet switching system
US9088494B2 (en) * 2002-06-26 2015-07-21 Avaya Communication Israel Ltd. Packet fragmentation prevention
US6968374B2 (en) * 2002-07-03 2005-11-22 Telefonaktiebolaget Lm Ericsson (Publ) Quality of service (QOS) mechanism in an internet protocol (IP) network
US7301951B2 (en) * 2002-07-31 2007-11-27 At&T Knowledge Ventures, L.P. Resource reservation protocol based guaranteed quality of service internet protocol connections over a switched network
US7298750B2 (en) * 2002-07-31 2007-11-20 At&T Knowledge Ventures, L.P. Enhancement of resource reservation protocol enabling short-cut internet protocol connections over a switched network
US7237014B2 (en) * 2002-08-01 2007-06-26 Drummond Group System and method for in situ, real-time, supply chain, interoperability verification
US6950822B1 (en) * 2002-11-06 2005-09-27 Oracle International Corporation Techniques for increasing efficiency while servicing requests for database services
US7475241B2 (en) * 2002-11-22 2009-01-06 Cisco Technology, Inc. Methods and apparatus for dynamic session key generation and rekeying in mobile IP
US20040221319A1 (en) * 2002-12-06 2004-11-04 Ian Zenoni Application streamer
KR100658650B1 (en) 2002-12-12 2006-12-15 후아웨이 테크놀러지 컴퍼니 리미티드 A process method about the service connection between the wireless local area network and user terminal
US20040121789A1 (en) * 2002-12-23 2004-06-24 Teddy Lindsey Method and apparatus for communicating information in a global distributed network
US7640427B2 (en) * 2003-01-07 2009-12-29 Pgp Corporation System and method for secure electronic communication in a partially keyless environment
US7895589B2 (en) * 2003-02-26 2011-02-22 International Business Machines Corporation Dynamic data-driven application integration adapters
US7398386B2 (en) * 2003-04-12 2008-07-08 Cavium Networks, Inc. Transparent IPSec processing inline between a framer and a network component
US20050021836A1 (en) * 2003-05-01 2005-01-27 Reed Carl J. System and method for message processing and routing
US7590736B2 (en) 2003-06-30 2009-09-15 Microsoft Corporation Flexible network load balancing
US7567504B2 (en) 2003-06-30 2009-07-28 Microsoft Corporation Network load balancing with traffic routing
US7613822B2 (en) 2003-06-30 2009-11-03 Microsoft Corporation Network load balancing with session information
KR100898092B1 (en) * 2003-08-12 2009-05-18 리서치 인 모션 리미티드 System and method for processing encoded messages
US7769994B2 (en) * 2003-08-13 2010-08-03 Radware Ltd. Content inspection in secure networks
US7191248B2 (en) * 2003-08-29 2007-03-13 Microsoft Corporation Communication stack for network communication and routing
US7362763B2 (en) * 2003-09-04 2008-04-22 Samsung Electronics Co., Ltd. Apparatus and method for classifying traffic in a distributed architecture router
US7142866B2 (en) * 2003-09-09 2006-11-28 Harris Corporation Load leveling in mobile ad-hoc networks to support end-to-end delay reduction, QoS and energy leveling
US7483384B2 (en) * 2003-09-22 2009-01-27 Hewlett-Packard Development Company, L.P. System and method for monitoring network traffic
US8453196B2 (en) * 2003-10-14 2013-05-28 Salesforce.Com, Inc. Policy management in an interoperability network
KR100849345B1 (en) * 2003-10-30 2008-07-29 삼성전자주식회사 Method for Supporting QoS in High Packet Data System
US7421695B2 (en) * 2003-11-12 2008-09-02 Cisco Tech Inc System and methodology for adaptive load balancing with behavior modification hints
US7194485B2 (en) * 2003-11-21 2007-03-20 International Business Machines Corporation Mapping XML schema components to qualified java components
US20050188103A1 (en) * 2003-12-30 2005-08-25 Nokia Corporation Method or device for delivering a packet in a scatternet
EP1712106B1 (en) * 2004-02-03 2010-09-01 Nokia Corporation Method and apparatus for providing end-to-end quality of service (qos)
JP4276568B2 (en) * 2004-03-26 2009-06-10 株式会社日立コミュニケーションテクノロジー Router and SIP server
US20050229243A1 (en) * 2004-03-31 2005-10-13 Svendsen Hugh B Method and system for providing Web browsing through a firewall in a peer to peer network
US9686669B2 (en) * 2004-04-08 2017-06-20 Nokia Technologies Oy Method of configuring a mobile node
US7322523B2 (en) 2004-05-13 2008-01-29 Cisco Technology, Inc. Methods and devices for uniquely provisioning RFID devices
US7581248B2 (en) 2004-06-28 2009-08-25 International Business Machines Corporation Federated identity brokering
US7664879B2 (en) * 2004-11-23 2010-02-16 Cisco Technology, Inc. Caching content and state data at a network element
US7987272B2 (en) * 2004-12-06 2011-07-26 Cisco Technology, Inc. Performing message payload processing functions in a network element on behalf of an application
US7725934B2 (en) * 2004-12-07 2010-05-25 Cisco Technology, Inc. Network and application attack protection based on application layer message inspection
US7496750B2 (en) * 2004-12-07 2009-02-24 Cisco Technology, Inc. Performing security functions on a message payload in a network element
US7606267B2 (en) * 2004-12-10 2009-10-20 Cisco Technology, Inc. Reducing the sizes of application layer messages in a network element
US8082304B2 (en) * 2004-12-10 2011-12-20 Cisco Technology, Inc. Guaranteed delivery of application layer messages by a network element
US20060155862A1 (en) * 2005-01-06 2006-07-13 Hari Kathi Data traffic load balancing based on application layer messages
FR2880752A1 (en) * 2005-01-10 2006-07-14 Thomson Licensing Sa METHOD OF CONSTRUCTING SINGLE DIFFUSION ADDRESS BY A SERVER AND SERVER USING THE SAME
US7698416B2 (en) * 2005-01-25 2010-04-13 Cisco Technology, Inc. Application layer message-based server failover management by a network element

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8060623B2 (en) 2004-05-13 2011-11-15 Cisco Technology, Inc. Automated configuration of network device ports
US8601143B2 (en) 2004-05-13 2013-12-03 Cisco Technology, Inc. Automated configuration of network device ports
US8843598B2 (en) 2005-08-01 2014-09-23 Cisco Technology, Inc. Network based device for providing RFID middleware functionality

Also Published As

Publication number Publication date
CN101099345B (en) 2011-04-13
WO2006073740A2 (en) 2006-07-13
US20060146879A1 (en) 2006-07-06
CN101099345A (en) 2008-01-02
EP1834453A4 (en) 2014-12-24
US7551567B2 (en) 2009-06-23
EP1834453A2 (en) 2007-09-19
WO2006073740A3 (en) 2007-01-11

Similar Documents

Publication Publication Date Title
WO2006073740B1 (en) Interpreting an application message at a network element using sampling and heuristics
US8639752B2 (en) Systems and methods for content type classification
US7725938B2 (en) Inline intrusion detection
US11115504B2 (en) Batch processing for QUIC
US8224902B1 (en) Method and apparatus for selective email processing
EP1917765B1 (en) Flow control based on flow policies in a communication network
EP1209876B1 (en) Dynamic load balancer
US7543076B2 (en) Message header spam filtering
US20080002579A1 (en) Arrangement and a Method Relating to Flow of Packets in Communication Systems
US20070025261A1 (en) Generating Traffic For Testing A System Under Test
JP2001510947A (en) High-speed transfer and filtering of network packets in computer systems
CN102377640B (en) Message processing apparatus, message processing method and preprocessor
WO2006012284A3 (en) An apparatus and method for packet coalescing within interconnection network routers
US7269752B2 (en) Dynamically controlling power consumption within a network node
US6980549B1 (en) Policy enforcing switch
US20200106866A1 (en) Method and apparatus for processing packets in a network device
US20030093566A1 (en) System and method for network and application transparent database acceleration
JP2016504810A (en) Content-based overload protection
US8289860B2 (en) Application monitor apparatus
WO2011051750A2 (en) Method of monitoring network traffic by means of descriptive metadata
JP5382812B2 (en) Data compression / transfer system, transmission apparatus, and data compression / transfer method used therefor
EP2112804A3 (en) Packet routing via payload inspection and subscription processing in a publish-subscribe network
CN104753726B (en) A kind of Audit control method and system of serial data stream
EP3461084A1 (en) Method and apparatus for implementing efficient quality of service (qos) through feedback flow loop in a software accelerator
Morais Data communication systems protocol stacks

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 3288/DELNP/2007

Country of ref document: IN

WWE Wipo information: entry into national phase

Ref document number: 2005854364

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 200580045969.X

Country of ref document: CN

NENP Non-entry into the national phase

Ref country code: DE

WWP Wipo information: published in national office

Ref document number: 2005854364

Country of ref document: EP