Detecting network proxies through observation of symmetric relationships
First Claim
1. A method for detecting proxies, comprising:
- analyzing network transmission data to detect symmetric relationships between network data transmissions, wherein a symmetric relationship is detected with respect to a first network data transmission sent by a first node to a second node if the second node is observed to send or have sent to a third node a second network data transmission that satisfies a prescribed first criterion that it is anticipated the second network data transmission would satisfy if it were used to forward to the third node at least part of the data comprising the first network data transmission; and
for each symmetric relationship found, performing further analysis to determine if the second node is configured to serve as a proxy;
wherein the further analysis comprises determining whether a third network data transmission is or was sent from the third node to the second node in response to the second network data transmission and, if so, determining whether a fourth network data transmission having a symmetric relationship with the third network data transmission is or was sent by the second node to the first node.
2 Assignments
0 Petitions
Accused Products
Abstract
Detecting network proxies through the observation of symmetric relationships is disclosed. Network transmission data is analyzed to detect symmetric relationships between network data transmissions. A symmetric relationship is detected with respect to a first network data transmission sent by a first node to a second node if the second node is observed to send or have sent to a third node a second network data transmission that satisfies a prescribed first criterion that it is anticipated the second network data transmission would satisfy if it were used to forward to the third node at least part of the data comprising the first network data transmission. For each symmetric relationship found, further analysis is performed to determine if the second node is configured to serve as a proxy.
33 Citations
27 Claims
-
1. A method for detecting proxies, comprising:
-
analyzing network transmission data to detect symmetric relationships between network data transmissions, wherein a symmetric relationship is detected with respect to a first network data transmission sent by a first node to a second node if the second node is observed to send or have sent to a third node a second network data transmission that satisfies a prescribed first criterion that it is anticipated the second network data transmission would satisfy if it were used to forward to the third node at least part of the data comprising the first network data transmission; and for each symmetric relationship found, performing further analysis to determine if the second node is configured to serve as a proxy; wherein the further analysis comprises determining whether a third network data transmission is or was sent from the third node to the second node in response to the second network data transmission and, if so, determining whether a fourth network data transmission having a symmetric relationship with the third network data transmission is or was sent by the second node to the first node. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method for detecting proxies, comprising:
-
analyzing network transmission data to detect symmetric relationships between network data transmissions, wherein a symmetric relationship is detected with respect to a first network data transmission sent by a first node to a second node if the second node is observed to send or have sent to a third node a second network data transmission that satisfies a prescribed first criterion that it is anticipated the second network data transmission would satisfy if it were used to forward to the third node at least part of the data comprising the first network data transmission; and for each symmetric relationship found, performing further analysis to determine if the second node is configured to serve as a proxy, including by determining whether the first network data transmission was sent from the first node to the second node using a first destination port that is different from a second destination port to which the second node sends the second network data transmission. - View Dependent Claims (17)
-
-
18. A system configured for detecting proxies, comprising:
-
a communication interface configured to receive network transmission data; and a processor configured to; analyze network transmission data to detect symmetric relationships between network data transmissions, wherein a symmetric relationship is detected with respect to a first network data transmission sent by a first node to a second node if the second node is observed to send or have sent to a third node a second network data transmission that satisfies a prescribed first criterion that it is anticipated the second network data transmission would satisfy if it were used to forward to the third node at least part of the data comprising the first network data transmission; and for each symmetric relationship found, perform further analysis to determine if the second node is configured to serve as a proxy; wherein the further analysis comprises determining whether a third network data transmission is or was sent from the third node to the second node in response to the second network data transmission and, if so, determining whether a fourth network data transmission having a symmetric relationship with the third network data transmission is or was sent by the second node to the first node. - View Dependent Claims (19, 20, 21, 22, 23)
-
-
24. A system configured for detecting proxies, comprising:
-
a communication interface configured to receive network transmission data; and a processor configured to; analyze network transmission data to detect symmetric relationships between network data transmissions, wherein a symmetric relationship is detected with respect to a first network data transmission sent by a first node to a second node if the second node is observed to send or have sent to a third node a second network data transmission that satisfies a prescribed first criterion that it is anticipated the second network data transmission would satisfy if it were used to forward to the third node at least part of the data comprising the first network data transmission; and for each symmetric relationship found, perform further analysis to determine if the second node is configured to serve as a proxy; wherein the processor is further configured to determine whether within a second interval after the sending of the second network data transmission a third network data transmission is or was sent from the third node to the second node and, if so, determine whether a fourth network data transmission having a symmetric relationship with the third network data transmission is or was sent by the second node to the first node.
-
-
25. A computer program product for detecting proxies, the computer program product being embodied in a tangible computer readable storage medium and comprising computer instructions for:
-
analyzing network transmission data to detect symmetric relationships between network data transmissions, wherein a symmetric relationship is detected with respect to a first network data transmission sent by a first node to a second node if the second node is observed to send or have sent to a third node a second network data transmission that satisfies a prescribed first criterion that it is anticipated the second network data transmission would satisfy if it were used to forward to the third node at least part of the data comprising the first network data transmission; and for each symmetric relationship found, performing further analysis to determine if the second node is configured to serve as a proxy; wherein the further analysis comprises determining whether a third network data transmission is or was sent from the third node to the second node in response to the second network data transmission and, if so, determining whether a fourth network data transmission having a symmetric relationship with the third network data transmission is or was sent by the second node to the first node. - View Dependent Claims (26, 27)
-
Specification