Method and apparatus for semantic processing engine
First Claim
1. A method for evaluating contents of a message, comprising:
- characterizing a message segment, wherein the message segment further comprises a packet in a packet-switched network;
scanning the message segment to define a stream of tokens associated with the message segment;
associating the message segment with a meta session through the stream of tokens,wherein the meta session is made persistent across message transactions and different HTTP sessions by storing data generated by the meta session on a persistent storage medium;
parsing the token stream to extract substructures according to a grammar;
determining rules associated with the tokens, the rules when executed defining actions for intrusion detection and prevention;
executing the actions associated with the message segment; and
queuing the message segment for transmission to a destination, wherein each of the operations in the method is executed by an integrated circuit.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for evaluating contents of a message is provided. The method initiates with characterizing a message segment. Then, the message is scanned to define tokens associated with the message segment. Next, the tokens are parsed to define substructures. Then, the rules associated with the tokens are determined, wherein the rules define actions. At the same time determining the session or meta session associated with the communication. Then, the actions associated with the message are executed. Next, the message is queued to be sent out. A method for providing content based security, a computer readable media, an adapter card and a network device configured to provide content based security and an intrusion protection system are provided.
59 Citations
20 Claims
-
1. A method for evaluating contents of a message, comprising:
-
characterizing a message segment, wherein the message segment further comprises a packet in a packet-switched network; scanning the message segment to define a stream of tokens associated with the message segment; associating the message segment with a meta session through the stream of tokens, wherein the meta session is made persistent across message transactions and different HTTP sessions by storing data generated by the meta session on a persistent storage medium; parsing the token stream to extract substructures according to a grammar; determining rules associated with the tokens, the rules when executed defining actions for intrusion detection and prevention; executing the actions associated with the message segment; and queuing the message segment for transmission to a destination, wherein each of the operations in the method is executed by an integrated circuit. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer readable media having stored computer program instructions for evaluating the contents of a message, comprising
computer program instructions for characterizing a message segment, wherein the message segment further comprises a packet in a packet-switched network; -
computer program instructions for scanning the message segment to define a stream of tokens associated with the message segment; computer program instructions for associating the message segment with a meta session through the stream of tokens, wherein the meta session is made persistent across message transactions and different HTTP sessions by storing data generated by the meta session on a persistent storage medium; computer program instructions for parsing the token stream to extract substructures according to a grammar; computer program instructions for determining rules associated with the tokens, the rules defining actions for intrusion detection and prevention; computer program instructions for executing the actions associated with the message segment; and computer program instructions for queuing the message segments for transmission, wherein the each of the computer program instructions in the computer readable media are executed by an integrated circuit. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A network device configured to provide content based security, comprising:
-
circuitry for scanning a message segment to define a stream of tokens associated with the message segment, wherein the message segment further comprises a packet in a packet-switched network; circuitry for extracting substructures from the stream of tokens, according to a grammar; circuitry for associating the message with a meta session, wherein the meta session is made persistent across message transactions and different HTTP sessions by storing data generated by the meta session on a persistent storage medium; circuitry for identifying rules associated with the tokens, wherein the rules define actions for intrusion detection and prevention; and circuitry for executing the identified rules. - View Dependent Claims (17, 18, 19, 20)
-
Specification