Systems and methods for updating content detection devices and systems

US 8,943,597 B2
Filed: 11/05/2013
Issued: 01/27/2015
Est. Priority Date: 03/12/2004
Status: Active Grant

First Claim

Patent Images

1. A content detection system comprising:

at least one processor;

at least one memory device;

at least one network interface device;

content detection and configuration data stored on the at least one memory device;

an instruction set, stored in the at least one memory device and executable by the at least one processor to;

receive network traffic via the at least one network interface device;

process the received network traffic in view of the content detection and configuration data stored in the at least one memory device to determine whether the network traffic content complies with policies defined at least in part by the content detection and configuration data, wherein the determining of policy compliance includes user identification, content identification, and at least one of source verification and destination verification;

when the network traffic content is determined to not be compliant with the policies;

generate content detection data as a function of at least a portion of data included in the network traffic content;

store the generated content detection data on the at least one memory device;

determine an update station for receiving the content detection data; and

transmit, via a network interface device, the content detection data and data identifying at least one content detection module to receive the content detection data to the update station not in response to a request from the update station or a content detection module.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and software for processing received network traffic in view of content detection data and configuration data that defines policies to either block, permit, or to further evaluate network traffic content on the policies when network traffic is entering a network.

45 Citations

View as Search Results

16 Claims

1. A content detection system comprising:
- at least one processor;
  
  at least one memory device;
  
  at least one network interface device;
  
  content detection and configuration data stored on the at least one memory device;
  
  an instruction set, stored in the at least one memory device and executable by the at least one processor to;
  
  receive network traffic via the at least one network interface device;
  
  process the received network traffic in view of the content detection and configuration data stored in the at least one memory device to determine whether the network traffic content complies with policies defined at least in part by the content detection and configuration data, wherein the determining of policy compliance includes user identification, content identification, and at least one of source verification and destination verification;
  
  when the network traffic content is determined to not be compliant with the policies;
  
  generate content detection data as a function of at least a portion of data included in the network traffic content;
  
  store the generated content detection data on the at least one memory device;
  
  determine an update station for receiving the content detection data; and
  
  transmit, via a network interface device, the content detection data and data identifying at least one content detection module to receive the content detection data to the update station not in response to a request from the update station or a content detection module.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The content detection system of claim 1, wherein the content detection system is a central station.
  - 3. The content detection system of claim 2, wherein the central station is configured to select an update station of a plurality of update stations to be the first update to which the central station transmits the content detection data.
  - 4. The content detection system of claim 1, wherein the content detection data defines malicious content.
  - 5. The content detection system of claim 1, wherein processing the received network traffic content in view of the content detection data and configuration data to determine whether the network traffic content complies with policies defined at least in part by the content detection and configuration data includes determining whether the network traffic content includes suspicious content in need of further processing, the instruction set including further instructions executable by the at least one processor to:
    - provide the network traffic content to an analysis process that will perform analysis on network traffic content to determine whether the network traffic content contains a threat desired to be detected and, when the network traffic content is determined to contain a threat desired to be detected, generates content detection data for detecting the threat in subsequently received network traffic content.
  - 6. The content detection system of claim 5, wherein the analysis process, to which the network traffic content is provided, executes on a distinct computing device.
  - 7. The content detection system of claim 6, wherein the analysis process facilitates an analysis that includes receiving administrator input.

8. A non-transitory computer-readable medium with instructions stored thereon which when executed by at least one processor of a computing device, causes the computing device to:
- receive network traffic content that includes suspicious content;
  
  perform analysis on the network traffic content to determine when the network traffic content contains a threat desired to be detected;
  
  when the network traffic content is determined to contain a threat desired to be detected, generate content detection for content detection modules to detect the threat in subsequently received network traffic content;
  
  store the content detection data on a data storage device;
  
  determine an update station for receiving the content detection data; and
  
  transmit, via a network interface device, the content detection data and data identifying at least one content detection module to receive the content detection data to the update station not in response to a request from the update station or a content detection module.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The non-transitory computer-readable medium of claim 8, wherein the network traffic content is received via a network interface device and was determined by a content detection module to include suspicious content.
  - 10. The non-transitory computer-readable medium of claim 8, wherein the network traffic content is received via the network interface device from the content detection module that determined the network traffic content includes the suspicious content.
  - 11. The non-transitory computer-readable medium of claim 8, wherein performing the analysis on the network traffic content to determine whether the network traffic content includes a threat desired to be detected includes receiving administrator input.
  - 12. The non-transitory computer-readable medium of claim 8, wherein the generated content detection data is at least one of a virus signature, a virus definition, a spammer identification, and a URL.

13. A method comprising:
- receiving network traffic content that includes suspicious content;
  
  performing analysis on the network traffic content to determine when the network traffic content contains a threat desired to be detected;
  
  when the network traffic content is determined to contain a threat desired to be detected, generating content detection for content detection modules to detect the threat in subsequently received network traffic content;
  
  storing the content detection data on a data storage device;
  
  determining an update station for receiving the content detection data; and
  
  transmitting, via a network interface device, the content detection data and data identifying at least one content detection module to receive the content detection data to the update station not in response to a request from the update station or a content detection module.
- View Dependent Claims (14, 15, 16)
- - 14. The method of claim 13, wherein the network traffic content is received via a network interface device and was determined by a content detection module to include suspicious content.
  - 15. The method of claim 13, wherein the network traffic content is received via the network interface device from the content detection module that determined the network traffic content includes the suspicious content.
  - 16. The method of claim 13, wherein performing the analysis on the network traffic content to determine whether the network traffic content includes a threat desired to be detected includes receiving administrator input.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fortinet Inc.
Original Assignee
Fortinet Inc.
Inventors
Fang, Yu, Xie, Michael
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
ALMEIDA, DEVIN E

Application Number

US14/072,292
Publication Number

US 20140059689A1
Time in Patent Office

448 Days
Field of Search

None
US Class Current

726/24
CPC Class Codes

G06F 21/56   Computer malware detection ...

G06F 21/567   using dedicated hardware

H04L 63/02   for separating internal fro...

H04L 63/0227   Filtering policies mail mes...

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1441   Countermeasures against mal...

H04L 63/145   the attack involving the pr...

Systems and methods for updating content detection devices and systems

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

45 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for updating content detection devices and systems

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

45 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links