Methods and apparatus for heuristic firewall
First Claim
1. A method for processing packets in a computer communication network comprising the steps of:
- analyzing a packet stream utilizing a plurality of differently-trained heuristic stages trained to recognize potentially harmful packets;
assigning a confidence rating to packets in the analyzed stream in accordance with a level of confidence regarding the harmfulness of the analyzed packets; and
selecting packets for further analysis in accordance with their assigned confidence rating.
5 Assignments
0 Petitions
Accused Products
Abstract
One embodiment of the present invention is a method for processing packets in a computer communication network that includes steps of analyzing a packet stream using at least a first heuristic stage trained to recognize potentially harmful packets; assigning a confidence rating to packets in the analyzed stream in accordance with a level of confidence regarding the harmfulness of the analyzed packets; and selecting packets for further analysis in accordance with their assigned confidence rating. This exemplary embodiment overcomes disadvantages of previous methods for providing firewall security and is able to learn from and adapt to data flowing through a network to provide additional network security.
362 Citations
40 Claims
-
1. A method for processing packets in a computer communication network comprising the steps of:
-
analyzing a packet stream utilizing a plurality of differently-trained heuristic stages trained to recognize potentially harmful packets;
assigning a confidence rating to packets in the analyzed stream in accordance with a level of confidence regarding the harmfulness of the analyzed packets; and
selecting packets for further analysis in accordance with their assigned confidence rating. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method for processing packets in a computer communication network comprising:
-
analyzing a packet stream using at least a first heuristic stage trained to respond to inputs with spatio-temporal independence;
assigning a confidence rating to packets in the analyzed stream in accordance with a level of confidence regarding the harmfulness of the analyzed packets; and
selecting packets for further analysis in accordance with their assigned confidence rating. - View Dependent Claims (18)
-
-
19. A computer network firewall configured to:
-
analyze a packet stream using at least a first heuristic stage trained to recognize potentially harmful packets;
assign a confidence rating to packets in the analyzed stream in accordance with a level of confidence regarding the harmfulness of the analyzed packets; and
select packets for further analysis in accordance with their assigned confidence rating. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
-
Specification