Method and apparatus for network immunization

US 20060123481A1
Filed: 12/07/2005
Published: 06/08/2006
Est. Priority Date: 12/07/2004
Status: Abandoned Application

First Claim

Patent Images

1. A method of immunizing a communication network containing a plurality of network elements configured to perform deep packet inspection, the method comprising the steps of:

receiving a pattern associated with an instance of malicious code;

converting the pattern into a filter rule; and

causing the filter rule to be programmed into a hardware filtering platform associated with at least one of the network elements that is configured to perform deep packet inspection to enable the malicious code matching the pattern to be filtered from the network.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Network elements that are configured to perform deep packet inspection may be dynamically updated with patterns associated with malicious code, so that malicious code may be detected and blocked at the network level. As new threats are identified by a security service, new patterns may be created for those threats, and the new patterns may then be passed out onto the network in real time. The real time availability of patterns enables filter rules derived from the patterns to be applied by the network elements so that malicious code may be filtered on the network before it reaches the end users. The filter rules may be derived by security software resident in the network elements or may be generated by a filter generation service configured to generate network element specific filter rules for those network elements that are to be implemented as detection points on the network.

99 Citations

View as Search Results

15 Claims

1. A method of immunizing a communication network containing a plurality of network elements configured to perform deep packet inspection, the method comprising the steps of:
- receiving a pattern associated with an instance of malicious code;
  
  converting the pattern into a filter rule; and
  
  causing the filter rule to be programmed into a hardware filtering platform associated with at least one of the network elements that is configured to perform deep packet inspection to enable the malicious code matching the pattern to be filtered from the network.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the malicious code is a computer virus.
  - 3. The method of claim 1, wherein the steps of receiving the pattern and converting the pattern into a filter rule are not performed by the at least one of the network elements.
  - 4. The method of claim 3, wherein the step of causing the filter rule to be programmed comprises transmitting the filter rule to the at least one of the network elements.
  - 5. The method of claim 1, wherein the step of receiving the pattern is performed by a network management service and wherein the step of converting the pattern into the filter rule comprises transmitting the pattern to a filter generation service, said filter generation service being configured to generate network element specific filter rules for use by network elements with different forwarding plane architectures.
  - 6. The method of claim 1, wherein the steps of receiving the pattern and converting the pattern into a filter rule are performed by the at least one of the network elements, and wherein the step of causing the filter rule to be programmed comprises programming the filter rule into the hardware filtering platform.

7. A network element, comprising:
- a data plane containing hardware configured to perform deep packet inspection on data received over an interface to a communication network in connection with forwarding the data on the communication network; and
  
  a control plane configured to control operation of the data plane, wherein the network element contains control logic configured to program filter rules associated with malicious code into the hardware configured to perform deep packet inspection to enable the malicious code to be filtered from the network.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The network element of claim 7, wherein the hardware is a network processing unit configured to identify protocol data units having characteristics that match at least one of the filter rules that have been programmed into the hardware.
  - 9. The network element of claim 8, further comprising a processor associated with the data plane, said processor containing the control logic configured to program the filter rules into the network processing unit.
  - 10. The network element of claim 7, wherein the control plane comprises a processor containing second control logic configured to receive at least one malicious code pattern update and generate the filter rules associated with the malicious code from the malicious code pattern update.
  - 11. The network element of claim 7, wherein the control plane comprises a processor containing control logic configured to receive the filter rules associated with the malicious code.

12. A network element, comprising:
- means for filtering data by performing deep packet inspection on traffic flowing through the network element; and
  
  means for programming a filter rule into the means for filtering, to cause the filter rule to be applied to the traffic flowing through the network element, said filter rule being associated with a pattern identified as comprising at least a part of a malicious code to be filtered from the traffic flowing through the network element.
- View Dependent Claims (13, 14, 15)
- - 13. The network element of claim 12, further comprising means for receiving the filter rule from at least one of a filter generation service and a network management service.
  - 14. The network element of claim 12, further comprising means for receiving a pattern associated with the malicious code, and means for generating the filter rule from the pattern.
  - 15. The network element of claim 12, wherein the malicious code comprises at least one of a Trojan horse, computer virus, and spyware.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avaya Incorporated
Original Assignee
Nortel Networks Limited (Nortel Networks Corporation)
Inventors
Lavian, Tal, Bhatnagar, Atul

Application Number

US11/295,920
Publication Number

US 20060123481A1
Time in Patent Office

Days
Field of Search
US Class Current

726/24
CPC Class Codes

H04L 63/0236   Filtering by address, proto...

H04L 63/0245   Filtering by information in...

H04L 63/0263   Rule management

H04L 63/1416   Event detection, e.g. attac...

H04L 63/162   at the data link layer

H04L 63/164   at the network layer

H04L 63/166   at the transport layer

H04L 63/168   above the transport layer

Method and apparatus for network immunization

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

99 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for network immunization

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

99 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links