Method and system for network access control based on traffic monitoring and vulnerability detection using process related information
First Claim
1. A system for network access control based on traffic monitoring and vulnerability detection using process related information, the system comprising:
- computer executable code embodied in a non-transitory computer readable medium that, when executing one or more processors provide a plurality of process intercepting units, a pattern matching unit, and an intrusion prevention unit,a plurality of devices for receiving at least one connection request from a process running on a host, each of the plurality of devices comprising a process intercepting unit of the plurality of process intercepting units configured for extracting the process related information and forwarding information including one or more of process related information, connection information, and network packet information,the pattern matching unit configured for receiving the information from the process intercepting unit and forwarding the information; and
the intrusion prevention unit configured for receiving the information from the pattern matching unit, the intrusion prevention unit including a processing unit and a database, the database including a plurality of signatures defining a set of rules to detect attacks or intrusive activities on a network that can occur through the process, the plurality of signatures prepared based on information relating to the process, the intrusion prevention unit further configured to verify the information from the pattern matching unit against the plurality of signatures stored in the database to identify and detect a known vulnerability in network activities, establish a verification report based on the known vulnerability, and send the verification report to the pattern matching unit,wherein the pattern matching unit is further configured to receive the verification report from the intrusion prevention unit, verify whether the verification report is applicable to the process associated with network packet by matching a first signature identification code in the verification report with a second signature identification code stored in an application process information database, and send an authorization decision to the process intercepting unit regarding allowing continuing or blocking of the connection request from the process running on the host.
4 Assignments
0 Petitions
Accused Products
Abstract
Disclosed are various embodiments of method and system for network access control. The method may involve traffic monitoring and vulnerability detection using process information. The system may analyze the vulnerability as a process malfunctioning where preventive action focuses on process blocking as opposed to host blocking, which can lead to improved performance and productivity of a network. Techniques may use process related information, connection information, and network packet information for network control. The information may be matched against a plurality of signatures to identify and detect a known vulnerability in network activities. On the basis of a match, a verification report may be established. Techniques may further check whether a verification report is applicable to a process associated with a network packet and allow or block the process running on the host based in the report.
-
Citations
17 Claims
-
1. A system for network access control based on traffic monitoring and vulnerability detection using process related information, the system comprising:
-
computer executable code embodied in a non-transitory computer readable medium that, when executing one or more processors provide a plurality of process intercepting units, a pattern matching unit, and an intrusion prevention unit, a plurality of devices for receiving at least one connection request from a process running on a host, each of the plurality of devices comprising a process intercepting unit of the plurality of process intercepting units configured for extracting the process related information and forwarding information including one or more of process related information, connection information, and network packet information, the pattern matching unit configured for receiving the information from the process intercepting unit and forwarding the information; and the intrusion prevention unit configured for receiving the information from the pattern matching unit, the intrusion prevention unit including a processing unit and a database, the database including a plurality of signatures defining a set of rules to detect attacks or intrusive activities on a network that can occur through the process, the plurality of signatures prepared based on information relating to the process, the intrusion prevention unit further configured to verify the information from the pattern matching unit against the plurality of signatures stored in the database to identify and detect a known vulnerability in network activities, establish a verification report based on the known vulnerability, and send the verification report to the pattern matching unit, wherein the pattern matching unit is further configured to receive the verification report from the intrusion prevention unit, verify whether the verification report is applicable to the process associated with network packet by matching a first signature identification code in the verification report with a second signature identification code stored in an application process information database, and send an authorization decision to the process intercepting unit regarding allowing continuing or blocking of the connection request from the process running on the host. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for network access control based on traffic monitoring and vulnerability detection using process related information, the method comprising:
-
receiving, by a device, at least one connection request from a process running on a host; extracting, by a process intercepting unit of the device, process related information; forwarding, by the process intercepting unit to a pattern matching unit, information including one or more of process related information, connection information, and network packet information; receiving, by the pattern matching unit, the information from the process intercepting unit and forwarding the information to an intrusion prevention unit; receiving, by the intrusion prevention unit, the information from the pattern matching unit; verifying, by the intrusion prevention unit, the information against a plurality of signatures stored in a database of the intrusion prevention unit to identify and detect a known vulnerability in network activity; establishing, by the intrusion prevention unit, a verification report based on verification of the information against the plurality of signatures; sending, by the intrusion prevention unit, the verification report to the pattern matching unit; receiving, by the pattern matching unit, the verification report from the intrusion prevention unit; verifying, by the pattern matching unit, whether the verification report is applicable to the process associated with a network packet by matching a first signature identification code in the verification report with a second signature identification code stored in an application process information database; and sending, by the pattern matching unit, an authorization decision to the process intercepting unit regarding continuing or blocking of the connection request from the process running on the host. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
Specification