Dynamic signature creation and enforcement
First Claim
1. A dynamic signature creation and enforcement system comprising:
- a tap configured to copy network data from a communication network; and
a controller coupled to the tap and configured to receive the copy of the network data from the tap, analyze the copy of the network data with a heuristic to determine if a portion of the copy of the network data is suspicious, flag the portion of the copy of the network data as suspicious based on the heuristic determination, replay transmission of the portion of the copy of the network data that was flagged as suspicious to a destination device to identify unauthorized activity, generate an unauthorized activity signature based on the identification, and transmit the unauthorized activity signature to a digital device configured to enforce the unauthorized activity signature;
wherein to replay transmission of the portion of the copy of the network data that was flagged as suspicious to a destination device the controller is further configured to retrieve a virtual machine configured to receive the portion of the copy of the network data that was flagged as suspicious, configure a replayer to transmit the portion of the copy of the network data that was flagged as suspicious to the virtual machine, receive a response from the virtual machine, the response based on the virtual machine'"'"'s processing of the portion of the copy of the network data that was flagged as suspicious, and analyze the response by the virtual machine to identify unauthorized activity.
7 Assignments
0 Petitions
Accused Products
Abstract
A dynamic signature creation and enforcement system can comprise a tap configured to copy network data from a communication network, and a controller coupled to the tap. The controller is configured to receive the copy of the network data from the tap, analyze the copy of the network data with a heuristic to determine if the network data is suspicious, flag the network data as suspicious based on the heuristic determination, simulate transmission of the network data to a destination device to identify unauthorized activity, generate an unauthorized activity signature based on the identification, and transmit the unauthorized activity signature to a digital device configured to enforce the unauthorized activity signature.
-
Citations
22 Claims
-
1. A dynamic signature creation and enforcement system comprising:
-
a tap configured to copy network data from a communication network; and a controller coupled to the tap and configured to receive the copy of the network data from the tap, analyze the copy of the network data with a heuristic to determine if a portion of the copy of the network data is suspicious, flag the portion of the copy of the network data as suspicious based on the heuristic determination, replay transmission of the portion of the copy of the network data that was flagged as suspicious to a destination device to identify unauthorized activity, generate an unauthorized activity signature based on the identification, and transmit the unauthorized activity signature to a digital device configured to enforce the unauthorized activity signature; wherein to replay transmission of the portion of the copy of the network data that was flagged as suspicious to a destination device the controller is further configured to retrieve a virtual machine configured to receive the portion of the copy of the network data that was flagged as suspicious, configure a replayer to transmit the portion of the copy of the network data that was flagged as suspicious to the virtual machine, receive a response from the virtual machine, the response based on the virtual machine'"'"'s processing of the portion of the copy of the network data that was flagged as suspicious, and analyze the response by the virtual machine to identify unauthorized activity. - View Dependent Claims (2, 3)
-
-
4. A dynamic signature creation and enforcement system comprising:
-
a tap configured to copy network data from a communication network; and a controller coupled to the tap and configured to receive the copied network data from the tap, analyze at least a portion of the copy of the network data that is flagged as suspicious, the portion of the copy of the network data analyzed with a heuristic, retrieve a virtual machine, configure a replayer to replay a portion of the copy of the network data that was flagged as suspicious to the virtual machine, analyze a response by the virtual machine to identify unauthorized activity as a result of playback of the copy of the network data that was flagged as suspicious, generate an unauthorized activity signature based on the identification, and transmit the unauthorized activity signature to a digital device configured to enforce the unauthorized activity signature. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11)
-
-
12. A dynamic signature creation and enforcement method comprising:
-
copying network data from a communication network; analyzing the copied network data with a heuristic to determine if any portion of the copy of the network data is suspicious; replaying the transmission of the suspicious network data to a destination device to identify unauthorized activity, wherein replaying the transmission of the suspicious network data to a destination device comprises retrieving a virtual machine configured to receive the suspicious network data; configuring a replayer to transmit the suspicious network data to the virtual machine; and analyzing a response by the virtual machine to identify unauthorized activity; generating an unauthorized activity signature based on the identification; and transmitting the unauthorized activity signature to a digital device configured to enforce the unauthorized activity signature. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A non-transitory computer readable medium comprising:
-
computer readable code configured to direct a processor to copy network data from a communication network, analyze the copied network data with a heuristic to determine if any portion of the copy of the network data is suspicious, replay transmission of the portion of the copy of the network data that was flagged as suspicious to a destination device to identify unauthorized activity, generate an unauthorized activity signature based on the identification, and transmit the unauthorized activity signature to a digital device configured to enforce the unauthorized activity signature; wherein replaying transmission of the suspicious network data comprises directing the processor to retrieve a virtual machine configured to receive the suspicious network data, configure a replayer to transmit the suspicious network data to the virtual machine, and simulate the transmission of the suspicious network data to the virtual machine. - View Dependent Claims (21, 22)
-
Specification