Encrypted peer-to-peer detection
First Claim
1. A system comprising a processor, the system further comprising:
- an application signature check engine executed on the processor for monitoring a network traffic from a first client to determine whether the first client is executing a peer-to-peer application; and
a peer-to-peer traffic generator executed on the processor for generating a network traffic that emulates peer-to-peer network traffic sent from the peer-to-peer application executing on the first client to a second client after detecting an unknown network traffic sent from the first client to the second client,wherein the peer-to-peer traffic generator for the generating of the network traffic that emulates peer-to-peer network traffic further comprises;
sending, to the second client, the emulated peer-to-peer network traffic identifying non-existent peers or spoofed peers, wherein the emulated peer-to-peer network traffic identifying the non-existent peers or the spoofed peers indicates that the emulated peer-to-peer network traffic originated from a peer that does not exist; and
in the event that one of the non-existent peers or the spoofed peers is being contacted, emulating a peer-to-peer traffic response including dummy data.
0 Assignments
0 Petitions
Accused Products
Abstract
Encrypted peer-to-peer detection is provided. In some embodiments, encrypted peer-to-peer detection includes monitoring network traffic from a first client to determine whether the first client is executing a peer-to-peer application; and generating network traffic that emulates peer-to-peer network traffic sent from the peer-to-peer application executing on the first client to a second client after detecting unknown network traffic sent from the first client to the second client. In some embodiments, encrypted peer-to-peer detection includes monitoring network traffic from a client to determine that the client is sending a request for information for a peer-to-peer application executing on the client; and generating a network traffic response to the client that emulates peer-to-peer network traffic.
-
Citations
36 Claims
-
1. A system comprising a processor, the system further comprising:
-
an application signature check engine executed on the processor for monitoring a network traffic from a first client to determine whether the first client is executing a peer-to-peer application; and a peer-to-peer traffic generator executed on the processor for generating a network traffic that emulates peer-to-peer network traffic sent from the peer-to-peer application executing on the first client to a second client after detecting an unknown network traffic sent from the first client to the second client, wherein the peer-to-peer traffic generator for the generating of the network traffic that emulates peer-to-peer network traffic further comprises; sending, to the second client, the emulated peer-to-peer network traffic identifying non-existent peers or spoofed peers, wherein the emulated peer-to-peer network traffic identifying the non-existent peers or the spoofed peers indicates that the emulated peer-to-peer network traffic originated from a peer that does not exist; and in the event that one of the non-existent peers or the spoofed peers is being contacted, emulating a peer-to-peer traffic response including dummy data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A method, comprising:
-
monitoring a network traffic sent from a first client to determine whether the first client is executing a peer-to-peer application; and generating a network traffic, using a processor, that emulates peer-to-peer network traffic sent from the peer-to-peer application executing on the first client to a second client after detecting an unknown network traffic sent from the first client to the second client, wherein the generating of the network traffic that emulates the peer-to-peer network traffic comprises; sending, to the second client, the emulated peer-to-peer network traffic identifying non-existent peers or spoofed peers, wherein the emulated peer-to-peer network traffic identifying the non-existent peers or the spoofed peers indicates that the emulated peer-to-peer network traffic originated from a peer that does not exist; and in the event that one of the non-existent peers or the spoofed peers is being contacted, emulating a peer-to-peer traffic response including dummy data. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. A computer program being embodied in a tangible non-transitory computer readable storage medium and comprising computer instructions for:
-
monitoring a network traffic sent from a first client to determine whether the first client is executing a peer-to-peer application; and generating a network traffic that emulates peer-to-peer network traffic sent from the peer-to-peer application executing on the first client to a second client after detecting an unknown network traffic sent from the first client to the second client, wherein the generating of the network traffic that emulates the peer-to-peer network traffic comprises; sending, to the second client, the emulated peer-to-peer network traffic identifying non-existent peers or spoofed peers, wherein the emulated peer-to-peer network traffic identifying the non-existent peers or the spoofed peers indicates that the emulated peer-to-peer network traffic originated from a peer that does not exist; and in the event that one of the non-existent peers or the spoofed peers is being contacted, emulating a peer-to-peer traffic response including dummy data.
-
Specification