EXECUTABLE CONTENT FILTERING
First Claim
Patent Images
1. A method comprising:
- analyzing a stream of one or more parsed elements of a network message with a set of one or more executable content filters, wherein the stream of one or more elements are streamed from a network message parser; and
modifying the stream of one or more parsed elements to disable executable content in the network message based, at least in part, on a set of one or more rule sets being applied with the set of one or more executable content filters to the stream of parsed elements.
1 Assignment
0 Petitions
Accused Products
Abstract
Malicious executable content in network messages (e.g., request and response hypertext transfer protocol message) can circumvent some security measures. In addition, conventional security measures aimed at capturing malicious executable content noticeably impact system performance. Stream based filtering of network messages allows for efficient processing to remove malicious executable content. Furthermore, an extensible framework for executable content filtering streaming message elements allows for efficient adaptation of an executable content filter to new threats disguised as executable content.
-
Citations
20 Claims
-
1. A method comprising:
-
analyzing a stream of one or more parsed elements of a network message with a set of one or more executable content filters, wherein the stream of one or more elements are streamed from a network message parser; and modifying the stream of one or more parsed elements to disable executable content in the network message based, at least in part, on a set of one or more rule sets being applied with the set of one or more executable content filters to the stream of parsed elements. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method comprising:
-
applying a plurality of executable content filters to a stream of parsed elements of a network message, wherein each of the plurality of executable content filters targets executable content for effective removal; for each of the plurality of executable content filters, determining if one or more of the stream of parsed elements includes executable content targeted by the executable content filter; and modifying those of the stream of parsed elements that include the executable content targeted by the plurality of executable content filters to effectively remove the executable content. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. One or more machine-readable media having stored therein a program product, which when executed a set of one or more processor units causes the set of one or more processor units to perform operations that comprise:
-
analyzing a stream of one or more parsed elements of a network message with a set of one or more executable content filters, wherein the stream of one or more elements are streamed from a network message parser; and modifying the stream of one or more parsed elements to disable executable content in the network message based, at least in part, on a set of one or more rule sets applied with the set of one or more executable content filters to the stream of parsed elements. - View Dependent Claims (17)
-
-
18. An apparatus comprising:
-
a set of one or more processor units; a network interface operable to receive a network message and coupled with the set of one or more processor units; and an executable content message stream filter module coupled with the network interface, the executable content message filter module operable to, analyze a stream of one or more parsed elements of a network message with a set of one or more executable content filters, wherein the stream of one or more elements are streamed from a network message parser, and modify the stream of one or more parsed elements to disable executable content in the network message in accordance with a set of one or more rules sets applied by set of one or more executable content filters to the stream of parsed elements. - View Dependent Claims (19, 20)
-
Specification