Method and system for intrusion detection and prevention based on packet type recognition in a network
First Claim
Patent Images
1. A method for handling data in a communication network, the method comprising:
- performing by one or more processors, one or more circuits, or any combination thereof;
determining a packet type for each of a plurality of network packets received by a network switching device based on a portion of content of each of said plurality of received network packets; and
blocking at least a portion of said plurality of received network packets at an input port to regulate a rate at which network packets of said determined packet type are handled at said input port based on information relating to a number of occurrences of said determined packet type that occur within a time period, wherein said information is based on said determined packet type.
7 Assignments
0 Petitions
Accused Products
Abstract
Certain aspects of a method and system for intrusion detection and prevention based on packet type recognition in a network are disclosed. Aspects of one method may include determining a packet type for each of a plurality of received network packets based on at least one of: a header and content of each of the plurality of received network packets. The rate at which the plurality of received network packets are handled at a port in the network switching device may be regulated based on a number of occurrences of the determined packet type of the plurality of received network packets.
-
Citations
25 Claims
-
1. A method for handling data in a communication network, the method comprising:
performing by one or more processors, one or more circuits, or any combination thereof; determining a packet type for each of a plurality of network packets received by a network switching device based on a portion of content of each of said plurality of received network packets; and blocking at least a portion of said plurality of received network packets at an input port to regulate a rate at which network packets of said determined packet type are handled at said input port based on information relating to a number of occurrences of said determined packet type that occur within a time period, wherein said information is based on said determined packet type. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
9. A non transitory computer readable medium having stored thereon, a computer program having at least one code section for handling data in a communication network, the at least one code section being executable by a computer for causing the computer to perform steps comprising:
-
determining a packet type for each of a plurality of-network packets received by a network switching device based on a portion of content of each of said plurality of received network packets; and regulating a rate at which said plurality of received network packets are handled by blocking packets at an input port in said network switching device based on information relating to a number of occurrences of said determined packet type that occur within a time period, wherein said information is based on said determined packet type. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A system for handling data in a communication network, the system comprising:
-
one or more circuits that are operable to determine a packet type for each of a plurality of network packets received by a network switching device based on a portion of content of each of said plurality of received network packets; and said one or more circuits are operable to regulate a rate at which said plurality of received network packets are handled at an output port in said network switching device based on information relating to a number of occurrences of said determined packet type that occur within a time period, wherein said information is based on said determined packet type. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
-
24. A system for handling data in a communication network, the system comprising:
-
one or more circuits that are operable to determine a packet type for each of a plurality of received network packets based on a portion of content of each of said plurality of received network packets; said one or more circuits are operable to regulate a rate at which said plurality of received network packets are handled at a port in a network switching device based on information relating to a number of occurrences of said determined packet type that occur within a time period, said information comprising a determination of whether said number of occurrences of said determined packet type has exceeded a threshold value within said time period, said threshold value based on said determined packet type; and said one or more circuits are operable to disable at least one of a plurality of ports in said network switching device handling at least one of said plurality of received network packets, if said determined number of occurrences of said determined packet type exceeds said threshold value within said time period. - View Dependent Claims (25)
-
Specification