Method and apparatus for semantic processing engine

US 7,548,848 B1
Filed: 01/07/2004
Issued: 06/16/2009
Est. Priority Date: 01/08/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method for evaluating contents of a message, comprising:

characterizing a message segment, wherein the message segment further comprises a packet in a packet-switched network;

scanning the message segment to define a stream of tokens associated with the message segment;

associating the message segment with a meta session through the stream of tokens,wherein the meta session is made persistent across message transactions and different HTTP sessions by storing data generated by the meta session on a persistent storage medium;

parsing the token stream to extract substructures according to a grammar;

determining rules associated with the tokens, the rules when executed defining actions for intrusion detection and prevention;

executing the actions associated with the message segment; and

queuing the message segment for transmission to a destination, wherein each of the operations in the method is executed by an integrated circuit.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for evaluating contents of a message is provided. The method initiates with characterizing a message segment. Then, the message is scanned to define tokens associated with the message segment. Next, the tokens are parsed to define substructures. Then, the rules associated with the tokens are determined, wherein the rules define actions. At the same time determining the session or meta session associated with the communication. Then, the actions associated with the message are executed. Next, the message is queued to be sent out. A method for providing content based security, a computer readable media, an adapter card and a network device configured to provide content based security and an intrusion protection system are provided.

59 Citations

View as Search Results

20 Claims

1. A method for evaluating contents of a message, comprising:
- characterizing a message segment, wherein the message segment further comprises a packet in a packet-switched network;
  
  scanning the message segment to define a stream of tokens associated with the message segment;
  
  associating the message segment with a meta session through the stream of tokens,wherein the meta session is made persistent across message transactions and different HTTP sessions by storing data generated by the meta session on a persistent storage medium;
  
  parsing the token stream to extract substructures according to a grammar;
  
  determining rules associated with the tokens, the rules when executed defining actions for intrusion detection and prevention;
  
  executing the actions associated with the message segment; and
  
  queuing the message segment for transmission to a destination, wherein each of the operations in the method is executed by an integrated circuit.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further including:
    - retrieving meta session state information related to the message, wherein the meta session state information is invariant across different connections and a service context common to the different connections associates the different HTTP sessions of a user.
  - 3. The method of claim 1, wherein the message segment is received from a sender, the sender using a network to send a message associated with the message segment, and the message associated with the message segment is identified as a suspect message which is quarantined.
  - 4. The method of claim 1, wherein the method operation of parsing the tokens to extract substructures includes,creating a parse tree.
  - 5. The method of claim 1, wherein the method operation of determining rules associated with the tokens includes,defining an object oriented scheme to associate the message segment with at least one of the rules.
  - 6. The method of claim 5, wherein the method operation of defining an object oriented scheme to associate the message segment with at least one of the rules is enabled through grammar based access.
  - 7. The method of claim 1, wherein the method operation of parsing the tokens to extract substructures includes,searching a list of keywords;
    - andinferring semantics of sub-strings between the key words.
  - 8. The method of claim 1, wherein the message is composed of multiple segments.
  - 9. The method of claim 8, wherein the substructures span multiple message segments.

10. A computer readable media having stored computer program instructions for evaluating the contents of a message, comprisingcomputer program instructions for characterizing a message segment, wherein the message segment further comprises a packet in a packet-switched network;
- computer program instructions for scanning the message segment to define a stream of tokens associated with the message segment;
  
  computer program instructions for associating the message segment with a meta session through the stream of tokens, wherein the meta session is made persistent across message transactions and different HTTP sessions by storing data generated by the meta session on a persistent storage medium;
  
  computer program instructions for parsing the token stream to extract substructures according to a grammar;
  
  computer program instructions for determining rules associated with the tokens, the rules defining actions for intrusion detection and prevention;
  
  computer program instructions for executing the actions associated with the message segment; and
  
  computer program instructions for queuing the message segments for transmission, wherein the each of the computer program instructions in the computer readable media are executed by an integrated circuit.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The computer readable media of claim 10, further including:
    - computer program instructions for retrieving meta session state information related to the message, wherein the meta session state information is invariant across different connections and a service context common to the different connections associates the different HTTP sessions of a user.
  - 12. The computer readable media of claim 10, wherein the computer program instruction for characterizing a message segment includes,computer program instructions for determining a grammar type of the message.
  - 13. The computer readable media of claim 10, wherein the computer program instructions for parsing the tokens to extract substructures includes,computer program instructions for creating a parse tree.
  - 14. The computer readable media of claim 10, wherein the message is configured to be sent in multiple segments through a packet based network.
  - 15. The computer readable media of claim 10, wherein the computer program instructions for parsing the tokens to extract substructures includes,computer program instructions for searching a list of keywords;
    - andcomputer program instructions for inferring semantics of sub-strings between the key words.

16. A network device configured to provide content based security, comprising:
- circuitry for scanning a message segment to define a stream of tokens associated with the message segment, wherein the message segment further comprises a packet in a packet-switched network;
  
  circuitry for extracting substructures from the stream of tokens, according to a grammar;
  
  circuitry for associating the message with a meta session, wherein the meta session is made persistent across message transactions and different HTTP sessions by storing data generated by the meta session on a persistent storage medium;
  
  circuitry for identifying rules associated with the tokens, wherein the rules define actions for intrusion detection and prevention; and
  
  circuitry for executing the identified rules.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The network device of claim 16, wherein the circuitry for extracting substructures from the tokens includes,circuitry for retrieving meta session state information related to the message, wherein the meta session state information is invariant across different connections and a service context common to the different connections associates the different HTTP sessions of a user.
  - 18. The network device of claim 16, wherein the circuitry for scanning a message to define tokens associated with the message includes,circuitry for searching a list of keywords;
    - andcircuitry for inferring semantics of sub-strings between the key words.
  - 19. The network device of claim 16, further comprising:
    - circuitry for determining a grammar type of the message.
  - 20. The network device of claim 16, wherein the circuitry for scanning a message to define tokens associated with the message includes,circuitry for building a data structure from the defined tokens.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Xambala Corporation
Original Assignee
Xambala, Inc. (Final Israel Ltd.)
Inventors
Deb, Alak, Chatterjee, Debashis
Primary Examiner(s)
Hudspeth; David R
Assistant Examiner(s)
Rider; Justin W

Application Number

US10/753,846
Time in Patent Office

1,987 Days
Field of Search

None
US Class Current

704/9
CPC Class Codes

G06F 40/30   Semantic analysis

H04L 63/0236   Filtering by address, proto...

H04L 63/1408   by monitoring network traff...

Y10S 707/99933   Query processing, i.e. sear...

Y10S 707/99943   Generating database or data...

Method and apparatus for semantic processing engine

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

59 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for semantic processing engine

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

59 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links