Packet classification in a network security device

US 20070297333A1
Filed: 06/26/2006
Published: 12/27/2007
Est. Priority Date: 06/26/2006
Status: Active Grant

First Claim

Patent Images

1. A method for inspecting data packets in a computer network, one or more data packets having associated header data and content, the method comprising the steps of:

receiving a data packet;

examining the data packet to classify the data packet including classifying the data packet using information included in the header and content;

determining flow instructions for processing the packet based on both the header information and the content; and

processing of the packet using the flow instructions.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatuses are described for inspecting data packets in a computer network. One or more data packets through the network have associated header data and content. One method includes receiving a data packet, examining the data packet to classify the data packet including classifying the data packet using information included in the header and content, determining flow instructions for processing the packet based on both the header information and the content and processing of the packet using the flow instructions.

90 Citations

View as Search Results

18 Claims

1. A method for inspecting data packets in a computer network, one or more data packets having associated header data and content, the method comprising the steps of:
- receiving a data packet;
  
  examining the data packet to classify the data packet including classifying the data packet using information included in the header and content;
  
  determining flow instructions for processing the packet based on both the header information and the content; and
  
  processing of the packet using the flow instructions.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 where examining the data packet includes classifying the packet based on the content.
  - 3. The method of claim 1 where processing the packet includes content based protocol decoding.
  - 4. The method of claim 1 where processing the packet includes content based object extraction.
  - 5. The method of claim 1 where processing the packet includes content based pattern matching.
  - 6. The method of claim 1 where processing the packet is selected from the group consisting of logging, storing, allowing the packet to pass, setting an alarm, blocking, or dropping the packet.

7. A method for inspecting data packets in a computer network, one or more data packets having associated header data and content, the method comprising the steps of:
- receiving the data packet;
  
  examining the data packet to classify the data packet including classifying the data packet using information included in a header portion of the data packet and separately classifying the data packet based on a content portion of the data packet;
  
  determining flow instructions for processing the data packet based on the header information;
  
  determining special processing instructions for processing the data packet based on the content portion;
  
  determining selected instructions from among the flow and special processing instructions for processing the data packet; and
  
  processing the data packet in accordance with the selected instructions.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The method of claim 7 where the special processing instructions include instructions to perform content based protocol decoding.
  - 9. The method of claim 7 where the special processing instructions include instructions to perform content based object extraction.
  - 10. The method of claim 7 where the special processing instructions include instructions to perform content based pattern matching.
  - 11. The method of claim 7 where processing the packet is selected from the group consisting of logging, storing, allowing the packet to pass, setting an alarm, blocking, or dropping the data packet.

12. A device comprising:
- A multi-mode classification engine for classifying received data packets, the multi-mode classification engine includingA header classification engine for classifying data packets in accordance with header data associated therewith, the header classification engine generating first classification data; and
  
  A content classification engine for classifying data packets in accordance with content of the data packets, the content classification engine generating second classification data; and
  
  A security block for evaluating the data packets including evaluating the data packets using one or both of the first and the second classification data.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The device of claim 12 further comprisingA protocol block operable to receive the second classification data from the multi-mode classification engine and provide content based protocol decoding of received data packets.
  - 14. The device of claim 12 further comprisingAn object extraction block operable to receive the second classification data from the multi-mode classification engine and provide content based object extraction of received data packets.
  - 15. The device of claim 12 where the multi-mode classification engine further comprises a session manager for determining session data associated with the data packets.
  - 16. The device of claim 12 where the multi-mode classification engine further comprises rules indexed by the second classification data.
  - 17. The device of claim 12 where the content classification engine includes a signature matching engine.
  - 18. The device of claim 17 where the multi-mode classification engine further comprises a signature database for use by the signature matching engine that includes one or more patterns.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Palo Alto Networks Incorporated
Original Assignee
Palo Alto Networks Incorporated
Inventors
Zuk, Nir, Gong, Fengmin, Wang, Song, Leung, Siu-Wang

Granted Patent

US 8,009,566 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/235
CPC Class Codes

H04L 63/0227 Filtering policies mail mes...

H04L 63/1416 Event detection, e.g. attac...

Packet classification in a network security device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

90 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Packet classification in a network security device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

90 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links