Rule swapping for network protection

US 10,284,522 B2
Filed: 06/01/2017
Issued: 05/07/2019
Est. Priority Date: 01/11/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a network device, a plurality of packets;

processing, by the network device, a first portion of the plurality of packets in accordance with a first rule set;

receiving, by the network device, a configuration signal to configure the network device to process packets in accordance with a second rule set; and

responsive to receiving the configuration signal;

ceasing processing of one or more packets of the plurality of packets;

caching the one or more packets; and

reconfiguring the network device to process packets in accordance with the second rule set; and

responsive to completing of the reconfiguring, processing the one or more cached packets in accordance with the second rule set.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In some variations, first and second rule sets may be received by a network protection device. The first and second rule sets may be preprocessed. The network protection device may be configured to process packets in accordance with the first rule set. Packets may be received by the network protection device. A first portion of the packets may be processed in accordance with the first rule set. The network protection device may be reconfigured to process packets in accordance with the second rule set. A second portion of the packets may be processed in accordance with the second rule set.

208 Citations

20 Claims

1. A method comprising:
- receiving, by a network device, a plurality of packets;
  
  processing, by the network device, a first portion of the plurality of packets in accordance with a first rule set;
  
  receiving, by the network device, a configuration signal to configure the network device to process packets in accordance with a second rule set; and
  
  responsive to receiving the configuration signal;
  
  ceasing processing of one or more packets of the plurality of packets;
  
  caching the one or more packets; and
  
  reconfiguring the network device to process packets in accordance with the second rule set; and
  
  responsive to completing of the reconfiguring, processing the one or more cached packets in accordance with the second rule set.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - storing, by the network device, configuration information for processing packets in accordance with the first rule set;
      
      configuring, by the network device, the network device to process packets in accordance with the first rule set based on the stored configuration information; and
      
      processing, after the configuring, by the network device, a second portion of the plurality of packets in accordance with the first rule set.
  - 3. The method of claim 1, further comprising:
    - storing, by the network device, the first rule set and the second rule set in a memory buffer.
  - 4. The method of claim 1, wherein the configuration signal is responsive to the network device receiving a message indicating a network attack.
  - 5. The method of claim 1, wherein each of the rules of both the first rule set and second rule set are associated with at least one action to be applied to a packet being processed.
  - 6. The method of claim 1, wherein the reconfiguring the network device to process packets in accordance with the second rule set comprises reconfiguring a plurality of processors in the network device with the second rule set.
  - 7. The method of claim 1, further comprising:
    - preprocessing the first rule set and the second rule set by merging a first plurality of rules included in at least one of the first rule set or the second rule set into a single rule;
      
      orpreprocessing the first rule set and the second rule set by separating a rule included in at least one of the first rule set or the second rule set into a second plurality of rules;
      
      orpreprocessing the first rule set and the second rule set by reordering one or more rules included in at least one of the first rule set or the second rule set.

8. A system comprising:
- at least one processor; and
  
  memory comprising instructions that, when executed by the at least one processor, cause the system to;
  
  receive a plurality of packets;
  
  process a first portion of the plurality of packets in accordance with a first rule set;
  
  responsive to a configuration signal to process packets in accordance with a second rule set;
  
  cease processing of one or more packets of the received plurality of packets;
  
  cache the one or more packets; and
  
  reconfigure the system to process packets in accordance with the second rule set; and
  
  responsive to completion of reconfiguration, process the one or more cached packets in accordance with the second rule set.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the instructions, when executed by the at least one processor, further cause the system to:
    - store configuration information for processing packets in accordance with the first rule set;
      
      configure the system to process packets in accordance with the first rule set based on the stored configuration information; and
      
      process, after the configuration, a second portion of the plurality of packets in accordance with the first rule set.
  - 10. The system of claim 8, wherein the instructions, when executed by the at least one processor, further cause the system to:
    - store the first rule set and the second rule set in a memory buffer.
  - 11. The system of claim 8, wherein the configuration signal is responsive to the system receiving a message indicating a network attack.
  - 12. The system of claim 8, wherein each of the rules of both the first rule set and second rule set are associated with at least one action to be applied to a packet being processed.
  - 13. The system of claim 8, wherein the instructions, when executed by the at least one processor, to cause the system to reconfigure the system to process packets in accordance with the second rule set, further cause the system to:
    - reconfigure a plurality of processors with the second rule set.
  - 14. The system of claim 8, wherein the instructions, when executed by the at least one processor, further cause the system to:
    - preprocess the first rule set and the second rule set by merging a first plurality of rules included in at least one of the first rule set or the second rule set into a single rule;
      
      orpreprocess the first rule set and the second rule set by separating a rule included in at least one of the first rule set or the second rule set into a second plurality of rules;
      
      orpreprocess the first rule set and the second rule set by reordering one or more rules included in at least one of the first rule set or the second rule set.

15. One or more non-transitory computer-readable media comprising instructions that when executed by a computing system cause the computing system to:
- receive a plurality of packets;
  
  process a first portion of the plurality of packets in accordance with a first rule set;
  
  responsive to a configuration signal to process packets in accordance with a second rule set;
  
  cease processing of one or more packets of the plurality of received packets;
  
  cache the one or more packets; and
  
  reconfigure the computing system to process packets in accordance with the second rule set; and
  
  responsive to completion of reconfiguration, process the one or more cached packets in accordance with the second rule set.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The one or more non-transitory computer-readable media of claim 15, wherein the instructions, when executed by the computing system, cause the computing system to:
    - store the first rule set and the second rule set in a memory buffer.
  - 17. The one or more non-transitory computer-readable media of claim 15, wherein each of the rules of both the first rule set and second rule set are associated with at least one action to be applied to a packet being processed.
  - 18. The one or more non-transitory computer-readable media of claim 15, wherein the instructions, when executed by the computing system, cause the computing system to:
    - store configuration information for processing packets in accordance with the first rule set;
      
      configure the computing system to process packets in accordance with the first rule set based on the stored configuration information; and
      
      process, after the configuration, a second portion of the plurality of packets in accordance with the first rule set.
  - 19. The one or more non-transitory computer-readable media of claim 15, wherein the configuration signal is responsive to the computing system receiving a message indicating a network attack.
  - 20. The one or more non-transitory computer-readable media of claim 15, wherein the instructions, when executed by the computing system, cause the computing system to:
    - preprocess the first rule set and the second rule set by merging a first plurality of rules included in at least one of the first rule set or the second rule set into a single rule;
      
      orpreprocess the first rule set and the second rule set by separating a rule included in at least one of the first rule set or the second rule set into a second plurality of rules;
      
      orpreprocess the first rule set and the second rule set by reordering one or more rules included in at least one of the first rule set or the second rule set.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Centripetal Networks, Inc.
Original Assignee
Centripetal Networks, Inc.
Inventors
Ahn, David K., Rogers, Steven, Moore, Sean
Primary Examiner(s)
Pyzocha, Michael

Application Number

US15/610,995
Publication Number

US 20180115518A1
Time in Patent Office

705 Days
Field of Search
US Class Current
CPC Class Codes

G06N 5/02   Knowledge representation; S...

H04L 41/16   using machine learning or a...

H04L 63/0263   Rule management

Rule swapping for network protection

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

208 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Rule swapping for network protection

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

208 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links