US20100309800A1 - Network Monitoring And Intellectual Property Protection Device, System, And Method - Google Patents
Network Monitoring And Intellectual Property Protection Device, System, And Method Download PDFInfo
- Publication number
- US20100309800A1 US20100309800A1 US12/685,594 US68559410A US2010309800A1 US 20100309800 A1 US20100309800 A1 US 20100309800A1 US 68559410 A US68559410 A US 68559410A US 2010309800 A1 US2010309800 A1 US 2010309800A1
- Authority
- US
- United States
- Prior art keywords
- packet
- network packet
- protocols
- peer
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
- H04L67/1042—Peer-to-peer [P2P] networks using topology management mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/103—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for protecting copy right
Abstract
A method and device for detecting and halting specified peer-to-peer (“P2P”) and/or Internet Relay Chat (“IRC”) communication sessions based on a priori defined templates is described. Network packets are intercepted and inspected for patterns (defined by the templates) that identify them as definitely, likely or not being associated with one of the specified P2P and/or IRC protocols. Those packets identified as definitely belonging to one of the specified protocols are prevented from reaching their target destination. Those packets identified as only likely belonging to one of the specified protocols are permitted to continue toward their target destination after select information about the particular session/packet is recorded for later use. Those packets identified as not belonging to one of the specified protocols are permitted to continue to their target destination.
Description
- This application is a continuation of U.S. Non-provisional patent application Ser. No. 11/549,568, filed on Oct. 13, 2006, the disclosure of which is incorporated herein by reference.
- The invention relates generally to network monitoring devices and methods for the protection of intellectual property and more particularly, but not by way of limitation, to the detection and halting of peer-to-peer communications between computer systems.
- A peer-to-peer (“P2P”) computer network is a network that relies primarily on the collective computing power and bandwidth of the network's individual nodes rather than concentrating it's computational power in a relatively few dedicated systems or servers. P2P networks are typically used for connecting nodes via largely ad hoc connections for sharing files (e.g., audio and video data files) and realtime data (e.g., Internet telephony traffic).
- Because of its decentralized nature, ease of use and wide-spread distribution, P2P technology has become one of the principal means by which Internet users share and distribute information. Organizations (e.g., businesses and academic institutions) have recognized the danger unregulated use of P2P operations pose to the function of their networks. These dangers include, but are not limited to, exposing the organization's network to the introduction of viruses (programs that are loaded onto a user's computer without their knowledge and that usually perform malicious actions), spyware (software that covertly gathers user information and transmits that information to an unknown third party) and malware (software that is intentionally included or inserted in a system for a harmful purpose), the excessive use of network storage facilities, the loss of proprietary data (e.g., trade secrets) and the liability associated with their users (e.g., employees and students) sharing and distributing copyrighted material without the owners consent.
- Current attempts to limit or prevent use of P2P technology (and related technologies such as, for example, “IRC” or Internet Relay Chat) rely on published “rules” that users must agree to for the privilege of using an organization's network and/or network administrator-based monitoring. In the former, one's agreement to forgo use of P2P technology does not in itself prevent such use. In the latter, it is incumbent upon the network's administrator (and their staff) to police, detect and enforce the organization's P2P policies. The rapid and acknowledged use of P2P technology for the widespread distribution of copyrighted and other proprietary material attests to the limited ability of these approaches to satisfactorily deal with the use of P2P networks. Thus, it would be beneficial to provide a mechanism to automatically detect and halt peer-to-peer communications to, or from, an organization's network.
- In one embodiment the invention provides a method to effectively block one or more a priori specified communication sessions. The method includes intercepting a network packet in route from a source to a destination, analyzing the network packet and preventing the network packet from arriving at the destination if it is determined (during the act of analyzing) to be associated with one of a specified plurality of peer-to-peer and/or Internet relay chat protocols. In one embodiment, the act of analyzing includes comparing selected portions of the network packet against a plurality of predefined templates, wherein each template identifies a forensically determined signature (i.e., a specified data pattern, its location and, perhaps, a length). In addition, each template specifies an action to take if the packet matches its signature. For example, one action may be to simply prevent the packet from reaching its destination. Another action may be to record information about the packet in a system state table for comparison to subsequently received packets and then either drop the packet or permit it to reach its destination. The former action is appropriate where the template's signature does not definitively identify the packet as belonging to a prohibited protocol while the latter may be more appropriate where two or more packets in a communication session are needed to make this determination.
- In another embodiment, methods in accordance with the invention may be stored in any media that is readable and executable by a computer system. In one such embodiment, the invention provides a device including memory (for storing instructions in accordance with the invention) and a processing unit (for executing said instructions) that may be used to analyze network traffic. Such a device may be placed between two networks (e.g., a private network and a public network or between two private networks).
- For a fuller understanding of the nature and objects of the invention, reference should be made to the following detailed description taken in conjunction with the accompanying drawings, in which:
-
FIG. 1 shows, in flowchart format, a network monitoring method in accordance with one embodiment of the invention; -
FIG. 2 shows, in flowchart format, one method in accordance with the invention for determining if a current network packet is related to a prior identified transaction; -
FIG. 3 shows, in flowchart format, one method in accordance with the invention for classifying network packets; -
FIG. 4 shows, in flowchart format, one method in accordance with the invention for checking packets against known protocols; -
FIGS. 5A and 5B show, in block diagram format, a network monitoring and intellectual property management system in accordance with various embodiments of the invention; and -
FIG. 6 shows, in block diagram format, a network monitoring and intellectual property management device in accordance with one embodiment of the invention. - The following descriptions are presented to enable any person skilled in the art to make and use the invention as claimed and are provided in the context of the particular examples discussed below, variations of which will be readily apparent to those skilled in the art. Accordingly, the claims appended hereto are not intended to be limited by the disclosed embodiments, but are to be accorded their widest scope consistent with the principles and features disclosed herein.
- In one embodiment of the invention, a network monitoring and intellectual property protection method inspects network packets into and out of a given network (e.g., an organization's local area network) to determine if the packet is part of a prohibited transaction (e.g., a P2P or IRC communication stream). In another embodiment of the invention, a network device is configured to perform the aforementioned network monitoring and intellectual property protection operations.
- Referring to
FIG. 1 , network monitoring and intellectualproperty protection process 100 in accordance with one embodiment of the invention begins whennetwork packet 105 is received. If the packet is irrelevant (the “Yes” prong of block 110), it is released, that is, allowed to propagate toward its destination (block 115). In one particular embodiment, irrelevant network packets include non-Ethernet and non-Internet Protocol (“IP”) packets. Ifpacket 105 is relevant (the “No” prong of block 110), a check is made to determine if the packet belongs to a prior inspected transaction (block 120). If this is so, and interrogation ofpacket 105 confirms it is part of a prohibited transaction (e.g., a P2P or IRC transaction),packet 105 is dropped. Otherwise,packet 105 is classified as belonging to one of a plurality of relevant packet types (block 125). By way of example, relevant network packets include, but are not limited to, Transport Control Protocol (“TCP”) stream packets, User Datagram Protocol (“UDP”) announcements and Hyper Text Transfer Protocol (“HTTP”) request packets. Once classified, certain characteristics ofpacket 105 are checked against known prohibited protocol characteristics (block 130). During the acts of block 130: ifpacket 105 is identified as belonging to a prohibited protocol, it is dropped; ifpacket 105 is identified as not being associated with a prohibited protocol it is released (allowed to propagate toward its destination); and ifpacket 105 cannot be definitively identified as either belonging or not belonging to a prohibited transaction, information concerning the packet is retained for evaluating subsequently received data packets (e.g., during the acts of block 120) and released. - One illustrative technique to determine if the current packet is related to a prior received packet is shown in
FIG. 2 (i.e., block 120). It will be recognized that for efficiency, each received packet may be “filtered” to obtain the information necessary for tracking and identifying the packet as belonging to a prohibited protocol. Such information can include any data or value included in or encoded within the packet such as, for example, packet sequence number, packet direction (e.g., into or out of a given network), header byte length, packet type, source IP address, destination IP address, source port identifier, destination port identifier, frame number, packet length, payload byte length, SYN (request for information) and ACK (information acknowledgement) flags, checksum and window size values—that is, information retained in a packet'slayer layers - In the embodiment illustrated in
FIG. 2 , for example,packet information 200 is used to access three system state tables to determine if the current packet is related to a prior received network packet. In a first system state table look-up operation, one or more of the current packet's captured characteristics (see discussion above) are combined (e.g., concatenated) and used as a key into a first system state table (block 205). If an entry is found and its value indicates the packet should be dropped (the “Yes” prong of block 210), the packet is dropped (block 235). If there is no entry associated with the key or the entry's value indicates that the packet should not be dropped (the “No” pong of block 210), a second system state table look-up operation is performed (block 215). In this second system state table look-up, a different collection of one or more of the current packet's captured characteristics are used as a key. If an entry is found and its value indicates the packet should be dropped (the “Yes” prong of block 220), the packet is dropped (block 235). If there is no entry associated with the key or the entry's value indicates that the packet should not be dropped (the “No” pong of block 220), a third system state table look-up operation is performed (block 225). In this third system state table look-up, yet another collection of one or more of the current packet's captured characteristics are used as a key. Again, if an entry is found and its value indicates the packet should be dropped (the “Yes” prong of block 230), the packet is dropped (block 235). If there is no entry associated with the key or the entry's value indicates that the packet should not be dropped (the “No” pong of block 230), processing continues in accordance withblock 125. By way of example, each of the system state tables accessed during the acts of block 120 (FIG. 2 ) may be implemented as arrays, database tables, linear lists or the like. The type of information that may be retained in the system state tables include: one or more captured characteristics; a protocol identifier (a unique identifier assigned to each protocol being analyzed); a match-block-action value that indicates whether the associated packet should be dropped (e.g., BLOCK) or not dropped (e.g., NON_BLOCK); a timestamp (to indicate the time the entry was last used); and any protocol specific information necessary to allow two or more sequentially received packets to be logically identified as part of a common communications session such as some or all of the packet's payload data (in binary or ASCII format), a forensically determined protocol signature and protocol DNA. - Generally speaking, if no system state table entry is found during the acts of
block - Referring to
FIG. 3 , packet classification in accordance withblock 125 inspects packet information 300 (e.g., network packet 105) to determine if the current packet is a TCP packet (the “Yes” prong of block 305), a UDP packet (the “Yes” prong of block 310) or an HTTP packet (the “Yes” prong of block 315). If the current packet is not any of these types (e.g., is not relevant—see discussion above regardingblock 110 inFIG. 1 ), the packet is released (block 115). It will be recognized that identification of packet type typically involves the inspection of the packet's header and/or payload information. For example, it is known that TCP and UDP packets are explicitly identified as such in their headers. It is further known that HTIP packets are TCP type packets whose first four bytes in their layer-7 (“payload”) segment are GET_, HEAD, PUSH or POST (where “_” can be any value). As used herein, layer-7 corresponds to the application layer as defined in the Open Systems Interconnection (“OSI”) Reference Model, a communications standard sponsored by the International Standards Organization (“ISO”). In addition, in one embodiment the following information is extracted or recorded for packets identified as HTTP type packets: argument offset; host offset; and user agent offset (also typically found in the packet's layer-7 segment). - Referring again to
FIG. 1 , if the current packet has not been dropped or released in accordance with the acts ofblocks block 120. - In general, a template encapsulates the rules by which a packet is determined to be part of a specified protocol (e.g., WinMX, Kademilia or Myster) and an indication of the action to take if such determination is made. In one embodiment, each protocol being screened is associated with one or more templates. Each template, in turn, specifies one or more data patterns (“forensic signatures” or, more simply, “signatures”) within a packet that may be used to identify that packet as part of a communication session of that protocol's type and where (e.g., as an offset into the packet's layer-7 payload segment) the data pattern may be found within the packet. Some templates may also include a “length” characteristic which, when combined with the forensic signature, may also be used to uniquely associate a packet with a P2P or IRC protocol. As used here, the term “length” refers to the size of the packet's layer-7 payload segment. In addition, each template has an assigned protocol-ID (unique across all protocols), a template-ID (unique within a given protocol), a protocol type identifier (e.g., TCP or UDP) and an action function identifier designating what action to take if the current packet matches the template's signature.
- Template signatures are based on a forensic a priori analysis of packets from those protocols being screened. That is, multiple packets from each protocol to be blocked are obtained and analyzed to determine the unique characteristics that identify it as part of a communication session for a prohibited protocol. It will be appreciated that the large number of P2P and IRC protocols combined with the fact that each protocol may exhibit multiple variations (transmitted using one or more protocols, e.g., TCP, HTTP and UDP), can make the task of developing signatures time-consuming. Nevertheless, such work would be within the skill of one of ordinary skill in the art of network security and programming having the benefit of this disclosure.
- In general, template action functions place an entry in one or more of the system state tables corresponding to the current packet and set that entries match-block-action value to BLOCK or NON_BLOCK. The table entry is set to BLOCK if the template's signature match indicates that the packet is strongly related to a prohibited protocol (e.g., definitively identifies the packet as belonging to a prohibited communication protocol) and to NON_BLOCK if the template's signature match indicates that the packet is weakly related to a prohibited protocol (e.g., does not definitively identify the packet as belonging to a prohibited communication protocol). The exact value (BLOCK or NON_BLOCK) has been found to be a function of the specific protocol being checked and, as a result, is dependent upon how well or conclusively the template's signature uniquely identifies the packet as being associated with a given protocol. As a result, this information varies form protocol to protocol and, even, over time as the specific P2P/IRC protocols evolve. Nevertheless, one of ordinary skill in the art would be able to determine these differences given the present teaching.
- In one embodiment, four different types of templates are used which are referred to herein as: instant kill templates, kill identification templates, protocol identification templates and source templates. Generally speaking, instant kill templates are applied when a signature definitively identifies a packet as belonging to a prohibited protocol. Kill identification, protocol identification and source templates (collectively referred to as response kill templates), on the other hand, are applied when one or more packets in the communication session are required to definitively identify the use of a prohibited protocol.
- Referring to
FIG. 4 , once classified as belonging to one of a specified plurality of protocol types in accordance with the acts of block 125 (seeFIGS. 1 and 3 ),packet information 400 is compared against a series of template types. For example, instant kill (block 405), kill identification (block 415), protocol identification (block 425) and source templates (block 435). If a match is found during any one of these matching operations (the “Yes” prong ofblocks blocks - For efficiency, it has been found beneficial to perform template matching operations on a packet-type basis wherein only those templates applicable to the current packet's type are checked. For example, if the current packet is a UDP type packet, then only those instant kill templates applicable to UDP packets are checked during the acts of
block 405. This same approach may be applied during the template matching operations ofblocks - One use of the network monitoring and intellectual property protection technology described herein is to prevent P2P and/or IRC communication sessions between users of a private or internal network (e.g., a corporate or educational network) and an external network such as, for example, the Internet. By way of example, consider
FIG. 5A in which network monitoring and intellectualproperty protection system 500 in accordance with one embodiment of the invention includes external network 505 (e.g., the Internet),external router 510,network monitoring device 515,firewall 520,internal router 525 and one or moreinternal networks 530 and 535 (e.g., local area networks, “LANs”). - In another embodiment,
network monitoring device 515 may be used to automatically detect and halt P2P and IRC communications between an external network and a private or household network. Referring toFIG. 5B , in this version of network monitoring and intellectualproperty protection system 540,external network 505 is coupled tohome network 545 via cable orDSL modem 550 andinternal router 555. - In still another embodiment,
network monitoring device 515 may be used to prevent P2P and/or IRC communication sessions between users within a common network. Referring toFIG. 5A , for example,digital monitoring device 515 may be positioned in the communication path between users ofinternal network 1 530 andinternal network 2 535. - Referring to
FIG. 6 , in one embodimentnetwork monitoring device 515 includescommunication ports memory 610,processor 615 andstorage unit 620.Communication ports networks FIG. 5 . Although not required by the claimed invention, in the described embodimentsnetwork monitoring device 515 captures/monitors network packets in a bidirectional manner. That is, packets are analyzed as they move fromexternal network 625 towardinternal network 630, and as they move frominternal network 630 towardexternal network 625.Memory 610 generally comprises random access memory (“RAM”) and may be volatile, non-volatile or a combination of volatile and non-volatile memories. For example, one portion ofmemory 610 may comprise volatile RAM for use in storing network packets (e.g., packet 105) during analysis in accordance with the invention. Another portion ofmemory 610 may comprise non-volatile memory for storing program code that controls the overall operation, or supports the overall operation, ofnetwork monitoring device 515. In one embodiment, all templates are retained in volatile RAM 610 (during operation) whilenon-volatile memory 610 may retain program code that facilitates remote management ofnetwork monitoring device 515.Processor 615 comprises a programmable control device and may be a conventional computer processor (e.g., a reduced or complex instruction set central processing unit), a special purpose processor (e.g., a digital signal processor, “DSP”), a plurality of processors coupled by a communications link or a custom designed state machine. Custom designed state machines may be embodied in a hardware device such as an integrated circuit including, but not limited to, application specific integrated circuits (“ASICs”) or field programmable gate array (“FPGAs”).Storage unit 620 may comprise any long-term storage device such as, for example, one or more of the following: Storage devices suitable for tangibly embodying program instructions include, but are not limited to: magnetic disks (fixed, floppy, and removable); magnetic tape; and optical media such as CD-ROMs and digital video disks (“DVDs”). - Various changes in the materials, components, circuit elements, as well as in the details of the illustrated operational methods are possible without departing from the scope of the following claims. By way of example, while network monitoring and intellectual
property protection systems network monitoring device 515 as a stand-alone unit, this is not required. In one embodiment the functionality associated withnetwork monitoring device 515 may be wholly (or partially) provided by a general purpose computer system programmed to perform one or more acts illustrated in ofFIG. 1 . In addition, while the invention has been described in the context of a single processing flow, it will be recognized by those of ordinary skill in the art that a “threaded” approach may also be implemented. In such implementations, two or more threads (each analyzing one or more network packets) may operate concurrently. In addition, classification operations in accordance with block 125 (FIGS. 1 and 3 ) do not need to be performed. That is, once a packet passes through processing in accordance with block 120 (i.e., is not dropped or released), processing could continue directly to block 130 (FIGS. 1 and 4 ).
Claims (19)
1. A network monitoring method, comprising:
intercepting a network packet in route from a source to a destination;
analyzing the network packet; and
preventing the network packet from arriving at the destination if it is determined to be associated with one of a specified plurality of peer-to-peer protocols.
2. The method of claim 1 , wherein the act of analyzing comprises:
identifying the network packet as belonging to a first class of protocols or a second class of protocols; and
releasing the network packet to the destination if the network packet is identified as belonging to the second class of protocols.
3. The method of claim 2 , wherein the first class of protocols comprises the Transport Control Protocol.
4. The method of claim 2 , wherein the first class of protocols comprises the User Datagram Protocol.
5. The method of claim 2 , wherein the first class of protocols comprises the Hyper Text Transfer Protocol.
6. The method of claim 2 , wherein the second class of protocols comprise non-Ethernet protocols.
7. The method of claim 1 , wherein the act of analyzing comprises determining if the network packet is associated with one or more prior intercepted network packets and, if it is:
comparing portions of the network packet with prior stored information about the one or more prior intercepted network packets; and
preventing the network packet from being transmitted to the destination if the network packet is conclusively determined to be associated with one of the specified plurality of peer-to-peer protocols.
8. The method of claim 7 , further comprising recording information about the network packet if the network packet is not conclusively determined to be associated with one of the specified plurality of peer-to-peer protocols.
9. The method of claim 8 , wherein the act of recording information about the network packet comprises recording said information in one or more system state tables.
10. The method of claim 8 , wherein the act of recording information about the network packet comprises recording one or more of: packet sequence number, packet direction, header byte length, packet type, source IP address, destination IP address, source port identifier, destination port identifier, frame number, packet length, payload byte length, SYN (request for information) and ACK (information acknowledgement) flags, checksum and window size values.
11. The method of claim 1 , wherein the act of analyzing comprises comparing selected portions of the network packet against a plurality of predefined templates, each of said templates being associated with one of the specified plurality of peer-to-peer protocols.
12. The method of claim 11 , wherein the act of comparing comprises determining if said selected portions match a forensic signature as defined in a template.
13. The method of claim 12 , further comprising preventing the network packet from being transmitted to the destination if the act of comparing conclusively determines the network packet is associated with one of the specified plurality of peer-to-peer protocols.
14. The method of claim 13 , further comprising:
recording information about the network packet if the network packet is not conclusively determined to be associated with one of the specified plurality of peer-to-peer protocols; and
releasing the network packet to the destination.
15. The method of claim 14 , wherein the act of recording comprising storing the information about the network packet in a one or more system state tables.
16. The method of claim 1 , wherein the specified plurality of peer-to-peer protocols includes Internet Relay Chat protocols.
17. A network monitoring device, comprising:
a port adapted to receive computer network communication packets;
a processor operatively coupled to the port; and
memory operatively coupled to the port and processor, the memory having instructions for causing the processor to:
intercept a network packet in route from a source to a destination;
analyze the network packet; and
prevent the network packet from arriving at the destination if it is determined to be associated with one of a specified plurality of peer-to-peer protocols.
18. The device of claim 17 , wherein the memory comprises volatile and non-volatile memory.
19. The device of claim 17 , wherein the processor comprises two or more central processor units.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/685,594 US20100309800A1 (en) | 2006-10-13 | 2010-01-11 | Network Monitoring And Intellectual Property Protection Device, System, And Method |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/549,568 US7646728B2 (en) | 2006-10-13 | 2006-10-13 | Network monitoring and intellectual property protection device, system and method |
US12/685,594 US20100309800A1 (en) | 2006-10-13 | 2010-01-11 | Network Monitoring And Intellectual Property Protection Device, System, And Method |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/549,568 Continuation US7646728B2 (en) | 2006-10-13 | 2006-10-13 | Network monitoring and intellectual property protection device, system and method |
Publications (1)
Publication Number | Publication Date |
---|---|
US20100309800A1 true US20100309800A1 (en) | 2010-12-09 |
Family
ID=39302989
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/549,568 Expired - Fee Related US7646728B2 (en) | 2006-10-13 | 2006-10-13 | Network monitoring and intellectual property protection device, system and method |
US12/685,594 Abandoned US20100309800A1 (en) | 2006-10-13 | 2010-01-11 | Network Monitoring And Intellectual Property Protection Device, System, And Method |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/549,568 Expired - Fee Related US7646728B2 (en) | 2006-10-13 | 2006-10-13 | Network monitoring and intellectual property protection device, system and method |
Country Status (1)
Country | Link |
---|---|
US (2) | US7646728B2 (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110103382A1 (en) * | 2009-11-04 | 2011-05-05 | Electronics And Telecommunications Research Institute | Method and apparatus for filtering multicast port identifier in gigabit-capable passive optical network (gpon) system |
CN105656765A (en) * | 2016-03-11 | 2016-06-08 | 北京中测安华科技有限公司 | SMTP protocol data leak prevention method and system based on deep content analysis |
CN105656937A (en) * | 2016-03-11 | 2016-06-08 | 北京中测安华科技有限公司 | HTTP protocol data leak prevention method and system based on deep content analysis |
US20170214718A1 (en) * | 2016-01-25 | 2017-07-27 | International Business Machines Corporation | Intelligent security context aware elastic storage |
Families Citing this family (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB0402739D0 (en) * | 2004-02-09 | 2004-03-10 | Saviso Group Ltd | Methods and apparatus for routing in a network |
US7904597B2 (en) * | 2008-01-23 | 2011-03-08 | The Chinese University Of Hong Kong | Systems and processes of identifying P2P applications based on behavioral signatures |
US7793001B2 (en) * | 2008-05-09 | 2010-09-07 | Microsoft Corporation | Packet compression for network packet traffic analysis |
US8732296B1 (en) * | 2009-05-06 | 2014-05-20 | Mcafee, Inc. | System, method, and computer program product for redirecting IRC traffic identified utilizing a port-independent algorithm and controlling IRC based malware |
US8995266B2 (en) | 2010-07-07 | 2015-03-31 | Cisco Technology, Inc. | Performing path-oriented systems management |
US8838781B2 (en) | 2010-07-15 | 2014-09-16 | Cisco Technology, Inc. | Continuous autonomous monitoring of systems along a path |
US8510548B1 (en) | 2010-09-24 | 2013-08-13 | ReVera Networks Inc. | Method and discovery system for discovering encrypted peer-to-peer (EP2P) nodes associated with a particular EP2P network |
US10581763B2 (en) | 2012-09-21 | 2020-03-03 | Avago Technologies International Sales Pte. Limited | High availability application messaging layer |
US9967106B2 (en) * | 2012-09-24 | 2018-05-08 | Brocade Communications Systems LLC | Role based multicast messaging infrastructure |
US9325589B1 (en) * | 2012-10-23 | 2016-04-26 | Jeff Flynn | Audible network traffic notification system |
WO2016085412A1 (en) * | 2014-11-28 | 2016-06-02 | Pte Ltd, Expert Team | Systems and methods for intercepting, filtering and blocking content from internet in real-time |
WO2018056895A1 (en) * | 2016-09-22 | 2018-03-29 | Pte Ltd, Expert Team | Real-time packet reconstruction technology - rtpr |
US10257152B2 (en) * | 2017-03-10 | 2019-04-09 | Nicira, Inc. | Suppressing ARP broadcasting in a hypervisor |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060068806A1 (en) * | 2004-09-30 | 2006-03-30 | Nam Taek Y | Method and apparatus of selectively blocking harmful P2P traffic in network |
US20060239219A1 (en) * | 2005-04-22 | 2006-10-26 | At&T Corporation | Application signature based traffic classification |
US20070110089A1 (en) * | 2003-11-27 | 2007-05-17 | Advestigo | System for intercepting multimedia documents |
US7580974B2 (en) * | 2006-02-16 | 2009-08-25 | Fortinet, Inc. | Systems and methods for content type classification |
US7644151B2 (en) * | 2002-01-31 | 2010-01-05 | Lancope, Inc. | Network service zone locking |
US7852767B2 (en) * | 2004-02-09 | 2010-12-14 | Velocix Limited | Methods and apparatus for routing in a network |
Family Cites Families (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5862335A (en) * | 1993-04-01 | 1999-01-19 | Intel Corp. | Method and apparatus for monitoring file transfers and logical connections in a computer network |
US7215637B1 (en) * | 2000-04-17 | 2007-05-08 | Juniper Networks, Inc. | Systems and methods for processing packets |
EP1490767B1 (en) * | 2001-04-05 | 2014-06-11 | Audible Magic Corporation | Copyright detection and protection system and method |
US6816455B2 (en) * | 2001-05-09 | 2004-11-09 | Telecom Italia S.P.A. | Dynamic packet filter utilizing session tracking |
AU2002332812A1 (en) * | 2001-09-04 | 2003-03-18 | Soft2B Llc | Browser-to-browser, dom-based, peer-to-peer communication with delta synchronization |
US7185062B2 (en) * | 2001-09-28 | 2007-02-27 | Emc Corporation | Switch-based storage services |
US20030123394A1 (en) * | 2001-11-13 | 2003-07-03 | Ems Technologies, Inc. | Flow control between performance enhancing proxies over variable bandwidth split links |
DE102004003549B4 (en) * | 2004-01-23 | 2007-03-29 | Siemens Ag | Communication system and method for processing a request message supplied by a mobile radio terminal of a mobile radio communication network to a message filter computer |
JP2005295457A (en) * | 2004-04-05 | 2005-10-20 | Fujitsu Ltd | P2p traffic dealing router and p2p traffic information sharing system using same |
US7554983B1 (en) * | 2004-12-20 | 2009-06-30 | Packeteer, Inc. | Probing hosts against network application profiles to facilitate classification of network traffic |
CN101305352A (en) * | 2006-05-25 | 2008-11-12 | Duaxes株式会社 | Communication management system, communication management method and communication control device |
-
2006
- 2006-10-13 US US11/549,568 patent/US7646728B2/en not_active Expired - Fee Related
-
2010
- 2010-01-11 US US12/685,594 patent/US20100309800A1/en not_active Abandoned
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7644151B2 (en) * | 2002-01-31 | 2010-01-05 | Lancope, Inc. | Network service zone locking |
US20070110089A1 (en) * | 2003-11-27 | 2007-05-17 | Advestigo | System for intercepting multimedia documents |
US7852767B2 (en) * | 2004-02-09 | 2010-12-14 | Velocix Limited | Methods and apparatus for routing in a network |
US20060068806A1 (en) * | 2004-09-30 | 2006-03-30 | Nam Taek Y | Method and apparatus of selectively blocking harmful P2P traffic in network |
US20060239219A1 (en) * | 2005-04-22 | 2006-10-26 | At&T Corporation | Application signature based traffic classification |
US7580974B2 (en) * | 2006-02-16 | 2009-08-25 | Fortinet, Inc. | Systems and methods for content type classification |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110103382A1 (en) * | 2009-11-04 | 2011-05-05 | Electronics And Telecommunications Research Institute | Method and apparatus for filtering multicast port identifier in gigabit-capable passive optical network (gpon) system |
US8335217B2 (en) * | 2009-11-04 | 2012-12-18 | Electronics And Telecommunications Research Institute | Method and apparatus for filtering multicast port identifier in gigabit-capable passive optical network (GPON) system |
US20170214718A1 (en) * | 2016-01-25 | 2017-07-27 | International Business Machines Corporation | Intelligent security context aware elastic storage |
US11100046B2 (en) * | 2016-01-25 | 2021-08-24 | International Business Machines Corporation | Intelligent security context aware elastic storage |
CN105656765A (en) * | 2016-03-11 | 2016-06-08 | 北京中测安华科技有限公司 | SMTP protocol data leak prevention method and system based on deep content analysis |
CN105656937A (en) * | 2016-03-11 | 2016-06-08 | 北京中测安华科技有限公司 | HTTP protocol data leak prevention method and system based on deep content analysis |
Also Published As
Publication number | Publication date |
---|---|
US7646728B2 (en) | 2010-01-12 |
US20080089238A1 (en) | 2008-04-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7646728B2 (en) | Network monitoring and intellectual property protection device, system and method | |
US11811731B2 (en) | Packet classification for network routing | |
US9001661B2 (en) | Packet classification in a network security device | |
US9100364B2 (en) | Intelligent integrated network security device | |
US9843593B2 (en) | Detecting encrypted tunneling traffic | |
CN105141604B (en) | A kind of network security threats detection method and system based on trusted service stream | |
US7610375B2 (en) | Intrusion detection in a data center environment | |
US8045550B2 (en) | Packet tunneling | |
US20070157306A1 (en) | Network threat detection and mitigation | |
US20090113517A1 (en) | Security state aware firewall | |
JP2005517349A (en) | Network security system and method based on multi-method gateway | |
US20160088001A1 (en) | Collaborative deep packet inspection systems and methods | |
KR102244036B1 (en) | Method for Classifying Network Asset Using Network Flow data and Method for Detecting Threat to the Network Asset Classified by the Same Method | |
US11909768B2 (en) | Methods, systems, and devices related to managing in-home network security using artificial intelligence service to select among a plurality of security functions for processing | |
Abbas et al. | Guidelines for Collecting and Centralizing Network Digital Evidences |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |