Systems and methods for processing data flows

US 9,525,696 B2
Filed: 03/09/2012
Issued: 12/20/2016
Est. Priority Date: 09/25/2000
Status: Expired due to Term

- Alert
- Pin

First Claim

Patent Images

1. A flow processing facility for implementing a security policy, comprising:

a plurality of application processing hardware modules, each configured with an application for processing data packets;

a subscriber profile for identifying data packets associated with the subscriber profile in a stream of data packets; and

a network processing module for identifying one or more of the plurality of application processing modules for processing the identified data packets based on an association of the application configured on each application processing module with the subscriber profile and for transmitting the identified data packets in at least one of series and parallel to the identified application processing modules based on the security policy.

View all claims

12 Assignments

Timeline View

Assignment View

Litigations

1 Petition

Accused Products

Abstract

A flow processing facility, which uses a set of artificial neurons for pattern recognition, such as a self-organizing map, in order to provide security and protection to a computer or computer system supports unified threat management based at least in part on patterns relevant to a variety of types of threats that relate to computer systems, including computer networks. Flow processing for switching, security, and other network applications, including a facility that processes a data flow to address patterns relevant to a variety of conditions are directed at internal network security, virtualization, and web connection security. A flow processing facility for inspecting payloads of network traffic packets detects security threats and intrusions across accessible layers of the IP-stack by applying content matching and behavioral anomaly detection techniques based on regular expression matching and self-organizing maps. Exposing threats and intrusions within packet payload at or near real-time rates enhances network security from both external and internal sources while ensuring security policy is rigorously applied to data and system resources. Intrusion Detection and Protection (IDP) is provided by a flow processing facility that processes a data flow to address patterns relevant to a variety of types of network and data integrity threats that relate to computer systems, including computer networks.

Citations

19 Claims

1. A flow processing facility for implementing a security policy, comprising:
- a plurality of application processing hardware modules, each configured with an application for processing data packets;
  
  a subscriber profile for identifying data packets associated with the subscriber profile in a stream of data packets; and
  
  a network processing module for identifying one or more of the plurality of application processing modules for processing the identified data packets based on an association of the application configured on each application processing module with the subscriber profile and for transmitting the identified data packets in at least one of series and parallel to the identified application processing modules based on the security policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The flow processing facility of claim 1 wherein transmitting the identified packets in parallel to the applications includes parallel transmitting of the identified data packets to each of the identified application processor modules.
  - 3. The flow processing facility of claim 1 wherein transmitting the identified packets in parallel to the applications includes parallel transmitting of the identified data packets to a plurality of applications configured on one of the identified application processing modules.
  - 4. The flow processing facility of claim 3 wherein the plurality of applications includes a monitoring application and a network data processing application.
  - 5. The flow processing facility of claim 4, wherein the monitoring application includes an intrusion detection application.
  - 6. The flow processing facility of claim 4, wherein the network data processing application includes at least one of a URL filter, a content filter, a firewall, and an intrusion prevention application.
  - 7. The flow processing facility of claim 4 wherein the plurality of applications includes a plurality of monitoring applications for monitoring data flows at a plurality of protocol layers.
  - 8. The flow processing facility of claim 7, wherein the plurality of monitoring applications includes at least one intrusion detection application for detecting intrusions at a portion of the plurality of protocol layers.
  - 9. The flow processing facility of claim 1 wherein transmitting the identified packets in series to the applications includes transmitting the identified data packets to be processed by a first application before being processed by a second application.
  - 10. The flow processing facility of claim 9, wherein the second application is selected from a list consisting of an anti-virus application, a URL filter, a content filter, a firewall, an intrusion prevention service, and a database protection application.
  - 11. The flow processing facility of claim 1 wherein transmitting the identified packets in series to the applications includes transmitting the identified data packets to be processed by a second application after the identified data packets are processed by a first application.
  - 12. The flow processing facility of claim 11, wherein the second application is selected from a list consisting of an anti-virus application, a URL filter, a content filter, a firewall, an intrusion prevention application, and a database protection application.

13. A flow processing facility for implementing a security policy, comprising:
- a plurality of applications configured on one or more application processing hardware modules for processing data packets;
  
  a subscriber profile for identifying data packets associated with the subscriber profile in a stream of data packets;
  
  a security policy for determining a portion of the identified data packets to be processed by each of the applications; and
  
  a network processing module for identifying at least one of the one or more application processing modules for processing the identified data packets based on an association of applications configured on each of the one or more application processing modules with the subscriber profile, and for transmitting the portion of the identified data packets in at least one of series and parallel to the applications configured on the identified application processing modules based on the security policy.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The flow processing facility of claim 13, wherein transmitting the identified packets in parallel to the applications includes parallel transmitting of the identified data packets to each of the identified plurality of application processor modules.
  - 15. The flow processing facility of claim 13, wherein transmitting the identified packets in parallel to the applications includes parallel transmitting of the identified data packets to a plurality of applications configured on one of the plurality of application processing modules.
  - 16. The flow processing facility of claim 13, wherein the plurality of applications includes a monitoring application and a network data processing application, wherein the monitoring application includes an intrusion detection application and wherein the network data processing application includes at least one of a URL filter, a content filter, a firewall, and an intrusion prevention application.
  - 17. The flow processing facility of claim 13, wherein the plurality of applications includes a plurality of monitoring applications for monitoring data flows at a plurality of protocol layers, wherein the plurality of monitoring applications includes at least one intrusion detection application for detecting intrusions at a portion of the plurality of protocol layers.
  - 18. The flow processing facility of claim 13, wherein transmitting the identified packets in series to the applications includes transmitting the identified data packets to be processed by a first application before being processed by a second application that is selected from a list consisting of an anti-virus application, a URL filter, a content filter, a firewall, an intrusion prevention service, and a database protection application.
  - 19. The flow processing facility of claim 13, wherein transmitting the identified packets in series to the applications includes transmitting the identified data packets to be processed by a second application after the identified data packets are processed by a first application, wherein the second application is selected from a list consisting of an anti-virus application, a URL filter, a content filter, a firewall, an intrusion prevention application, and a database protection application.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Blue Coat Systems Incorporated (Gen Digital Inc.)
Inventors
Kapoor, Harsh, Akerman, Moisey, Justus, Stephen D., Ferguson, John C., Korsunsky, Yevgeny, Gallo, Paul S., Lee, Charles Ching, Martin, Timothy M., Fu, Chunsheng, Xu, Weidong
Primary Examiner(s)
Chen, Alan
Assistant Examiner(s)
Kim, David H

Application Number

US13/416,647
Publication Number

US 20120240185A1
Time in Patent Office

1,747 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 16/2358   Change logging, detection, ...

G06N 3/088   Non-supervised learning, e....

H04L 41/0866   Checking the configuration

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/20   for managing network securi...

H04L 67/306   User profiles

Systems and methods for processing data flows

First Claim

12 Assignments

Litigations

1 Petition

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for processing data flows

First Claim

12 Assignments

Subscription Required

Subscription Required

Litigations

1 Petition

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links