Implementation comparison-based security system
First Claim
Patent Images
1. A system, comprising:
- a communication interface; and
a processor coupled to the communication interface and configured to;
intercept from each implementation in a plurality of implementations a network message, the network messages received from the respective implementations comprising a related set of network messages;
wherein intercepting comprises receiving network traffic in a network protocol from a client and acting as an intermediary with the respective implementations before sending a responsive action, wherein the network protocol comprises at least one of the following;
SMTP, HTTP, TCP, IP, UDP, RPC, IMAP and TLS;
compare each received network message in the related set of network messages with each other received network messages in the related set of network messages to determine whether any network message in the related set of network messages deviates from any one or more other network messages in the related set of network messages;
wherein comparing comprises determining a protocol stack layer of a network protocol stack for the network protocol to perform a semantic comparison upon;
determine on the fly a statistical mode of the related set of network messages based at least in part through said semantic comparison, wherein the statistical mode of the related set of network messages is a specific network message from the related set of network messages that appears most often; and
determine the responsive action based at least in part on the statistical mode.
2 Assignments
0 Petitions
Accused Products
Abstract
An implementation comparison-based security system is disclosed. In various embodiments, respective network messages received from a plurality of implementations are received. The network messages are compared to determine whether any network message in the received set of network messages deviates from any one or more other network messages in the set. A responsive action is determined based at least in part on the results of said comparison.
45 Citations
20 Claims
-
1. A system, comprising:
-
a communication interface; and a processor coupled to the communication interface and configured to; intercept from each implementation in a plurality of implementations a network message, the network messages received from the respective implementations comprising a related set of network messages; wherein intercepting comprises receiving network traffic in a network protocol from a client and acting as an intermediary with the respective implementations before sending a responsive action, wherein the network protocol comprises at least one of the following;
SMTP, HTTP, TCP, IP, UDP, RPC, IMAP and TLS;compare each received network message in the related set of network messages with each other received network messages in the related set of network messages to determine whether any network message in the related set of network messages deviates from any one or more other network messages in the related set of network messages; wherein comparing comprises determining a protocol stack layer of a network protocol stack for the network protocol to perform a semantic comparison upon; determine on the fly a statistical mode of the related set of network messages based at least in part through said semantic comparison, wherein the statistical mode of the related set of network messages is a specific network message from the related set of network messages that appears most often; and determine the responsive action based at least in part on the statistical mode. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method, comprising:
-
intercepting from each implementation in a plurality of implementations a network message, the network messages received from the respective implementations comprising a related set of network messages; wherein intercepting comprises receiving network traffic in a network protocol from a client and acting as an intermediary with the respective implementations before sending a responsive action, wherein the network protocol comprises at least one of the following;
SMTP, HTTP, TCP, IP, UDP, RPC, IMAP and TLS;comparing each received network message in the related set of network messages with each other received network messages in the related set of network messages to determine whether any network message in the related set of network messages deviates from any one or more other network messages in the related set of network messages; wherein comparing comprises determining a protocol stack layer of a network protocol stack for the network protocol to perform a semantic comparison upon; determining on the fly a statistical mode of the related set of network messages based at least in part through said semantic comparison, wherein the statistical mode of the related set of network messages is a specific network message from the related set of network messages that appears most often; and determining the responsive action based at least in part on the statistical mode. - View Dependent Claims (19)
-
-
20. A computer program product embodied in a non-transitory computer readable medium and comprising computer instructions for:
-
intercepting from each implementation in a plurality of implementations a network message, the network messages received from the respective implementations comprising a related set of network messages; wherein intercepting comprises receiving network traffic in a network protocol from a client and acting as an intermediary with the respective implementations before sending a responsive action, wherein the network protocol comprises at least one of the following;
SMTP, HTTP, TCP, IP, UDP, RPC, IMAP and TLS;comparing each received network message in the related set of network messages with each other received network messages in the related set of network messages to determine whether any network message in the related set of network messages deviates from any one or more other network messages in the related set of network messages; wherein comparing comprises determining a protocol stack layer of a network protocol stack for the network protocol to perform a semantic comparison upon; determining on the fly a statistical mode of the related set of network messages based at least in part through said semantic comparison, wherein the statistical mode of the related set of network messages is a specific network message from the related set of network messages that appears most often; and determining the responsive action based at least in part on the statistical mode.
-
Specification