High-performance network content analysis platform
First Claim
1. A method comprising:
- receiving network data;
reassembling a client-server communications session from the network data; and
detecting, through the network data, leaks of information by analyzing the client-server communications session using at least one of (i) statistical and (ii) keyword-based detection.
11 Assignments
0 Petitions
Accused Products
Abstract
One implementation of a method reassembles complete client-server conversation streams, applies decoders and/or decompressors, and analyzes the resulting data stream using multi-dimensional content profiling and/or weighted keyword-in-context. The method may detect the extrusion of the data, for example, even if the data has been modified from its original form and/or document type. The decoders may also uncover hidden transport mechanisms such as, for example, e-mail attachments. The method may further detect unauthorized (e.g., rogue) encrypted sessions and stop data transfers deemed malicious. The method allows, for example, for building 2 Gbps (Full-Duplex)-capable extrusion prevention machines.
-
Citations
23 Claims
-
1. A method comprising:
-
receiving network data;
reassembling a client-server communications session from the network data; and
detecting, through the network data, leaks of information by analyzing the client-server communications session using at least one of (i) statistical and (ii) keyword-based detection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method comprising:
-
receiving network communications; and
preventing an unauthorized and/or malicious transfer, through the network communications, of data by providing at least content reassembly, scanning and recognition to the network communications in real time. - View Dependent Claims (12, 13, 14)
-
-
15. A method comprising:
-
receiving network data; and
preventing, through the network data, leaks of information by at least applying multi-dimensional content profiling. - View Dependent Claims (16, 17)
-
-
18. A machine-readable medium having encoded information, which when read and executed by a machine causes a method comprising:
-
receiving network data;
reassembling a client-server communications session from the network data; and
detecting, through the network data, leaks of information by analyzing the client-server communications session using at least one of (i) statistical and (ii) keyword-based detection.
-
-
19. A machine-readable medium having encoded information, which when read and executed by a machine causes a method comprising:
-
receiving network communications; and
preventing an unauthorized and/or malicious transfer, through the network communications, of data by providing at least content reassembly, scanning and recognition to the network communications in real time.
-
-
20. A machine-readable medium having encoded information, which when read and executed by a machine causes a method comprising:
-
receiving network data; and
preventing, through the network data, leaks of information by at least applying multi-dimensional content profiling.
-
-
21. An apparatus comprising:
-
a receiver to receive network data;
a processor, coupled to the receiver, to (i) reassemble a client-server communications session from the network data and (ii) detect, through the network data, leaks of information by analyzing the client-server communications session using at least one of (i) statistical and (ii) keyword-based detection.
-
-
22. An apparatus comprising:
-
a receiver to receive network communications; and
a processor, coupled to the receiver, to prevent an unauthorized and/or malicious transfer, through the network communications, of data by providing at least content reassembly, scanning and recognition to the network communications in real time.
-
-
23. An apparatus comprising:
-
a receiver to receive network data; and
a processor, coupled to the receiver, to prevent, through the network data, leaks of information by at least applying multi-dimensional content profiling.
-
Specification