APPLICATION PROTECTION FROM MALICIOUS NETWORK TRAFFIC

US 20090150996A1
Filed: 12/11/2007
Published: 06/11/2009
Est. Priority Date: 12/11/2007
Status: Active Grant

First Claim

Patent Images

1. A computer program embodied on a computer readable medium, comprising:

program instructions for receiving network packets within an application;

program instructions for filtering the network packets with a programmable packet filter embedded in the application to identify whether the network packets are malicious packets; and

program instructions for allowing only the network packets not identified as the malicious packets to be processed by the application.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A program, method and system for embedding a programmable packet filter into an application to protect the application against malicious network packets are disclosed. Traditional packet filtering techniques to protect against malicious packets designed to exploit defects in applications, based on external packet filtering devices create a bottleneck in network traffic and present a large overhead cost. In addition, when security vulnerabilities in applications are discovered, traditional application updating methods lack a fast enough turn-around time to protect the application and users data from attack. These problems can be overcome by embedding a programmable packet filter into the application itself. The application can use the filter to discard malicious network packets. Furthermore, the filter can be updated via configuration files downloaded from the application vendor to update the application'"'"'s embedded programmable packet filter without having to update the entire program code of the application.

Citations

20 Claims

1. A computer program embodied on a computer readable medium, comprising:
- program instructions for receiving network packets within an application;
  
  program instructions for filtering the network packets with a programmable packet filter embedded in the application to identify whether the network packets are malicious packets; and
  
  program instructions for allowing only the network packets not identified as the malicious packets to be processed by the application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer program of claim 1, wherein filtering the network packets comprises examining the network packets for one or more digital signatures corresponding to the malicious packets.
  - 3. The computer program of claim 1, wherein the programmable packet filter is implemented in a separate process from the application, but launched from the application.
  - 4. The computer program of claim 1, further comprising program instructions for programming the programmable packet filter using configuration files.
  - 5. The computer program of claim 4, wherein the configuration files comprise one or more digital signatures corresponding to the malicious packets to be applied in filtering the network packets.
  - 6. The computer program of claim 4, wherein programming with the configuration files is implemented using a pseudo-machine program.
  - 7. The computer program of claim 4, further comprising program instructions for loading the configuration files from an external source.
  - 8. The computer program of claim 7, wherein the external source is connected to the application via internet.
  - 9. The computer program of claim 7, wherein the external source is connected to the application via a local network.

10. A method, comprising:
- receiving network packets within an application;
  
  filtering the network packets with a programmable packet filter embedded in the application to identify whether the network packets are malicious packets; and
  
  allowing only the network packets not identified as the malicious packets to be processed by the application.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The method of claim 10, wherein filtering the network packets comprises examining the network packets for one or more digital signatures corresponding to the malicious packets.
  - 12. The method of claim 10, wherein the programmable packet filter is implemented in a separate process from the application, but launched from the application.
  - 13. The method of claim 10, further comprising programming the programmable packet filter using configuration files.
  - 14. The method of claim 13, wherein the configuration files comprise one or more digital signatures corresponding to the malicious packets to be applied in filtering the network packets.
  - 15. The method of claim 13, wherein programming with the configuration files is implemented using a pseudo-machine program.
  - 16. The method of claim 13, further comprising loading the configuration files from an external source.
  - 17. The method of claim 16, wherein the external source is connected to the application via internet.
  - 18. The method of claim 16, wherein the external source is connected to the application via a local network.

19. A system, comprising:
- a network connection for receiving network packets within an application; and
  
  a processor for filtering the network packets with a programmable packet filter embedded in the application to identify whether the network packets are malicious packets and allowing only the network packets not identified as the malicious packets to be processed by the application.
- View Dependent Claims (20)
- - 20. The system of claim 19, further comprising a memory for storing configuration files for programming the programmable packet filter wherein the configuration files comprise one or more digital signatures corresponding to the malicious packets to be applied in filtering the network packets.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
A10 Networks Incorporated
Original Assignee
International Business Machines Corporation
Inventors
Haswell, Jonathan

Granted Patent

US 8,037,532 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 21/554 involving event detection a...

H04L 63/0245 Filtering by information in...

APPLICATION PROTECTION FROM MALICIOUS NETWORK TRAFFIC

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

APPLICATION PROTECTION FROM MALICIOUS NETWORK TRAFFIC

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links