Computerized system and method for advanced network content processing

US 9,825,993 B2
Filed: 01/13/2016
Issued: 11/21/2017
Est. Priority Date: 01/13/2006
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving network traffic at a first interface of a network security device implementing firewall functionality;

identifying, by the network security device, a first transmission protocol according to which a first subset of packets of the network traffic is formatted;

redirecting, by the network security device, the first subset of packets to a first proxy module executing on the network security device based on the identified first transmission protocol;

extracting first network content from the first subset of packets and buffering at least a portion of the first network content by the first proxy module;

processing, by a plurality of scanning engines implemented within the first proxy module, the buffered portion of the first network content in accordance with a plurality of content processing rules selected from a rule definition store based on a first set of network traffic selectors associated with the first subset of packets;

identifying, by the network security device, a second transmission protocol, distinct from the first transmission protocol, according to which a second subset of packets of the network traffic is formatted;

redirecting, by the network security device, the second subset of packets to a second proxy module executing on the network security device based on the identified second transmission protocol;

extracting second network content from the second subset of packets and buffering at least a portion of the second network content by the second proxy module; and

processing, by a plurality of scanning engines implemented within the second proxy module, the buffered portion of the second network content in accordance with a plurality of content processing rules selected from the rule definition store based on a second set of network traffic selectors associated with the second subset of packets.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computerized system and method for processing network content in accordance with at least one content processing rule is provided. According to one embodiment, the network content is received at a first interface. A transmission protocol according to which the received network content is formatted is identified and used to intercept at least a portion of the received network content. The intercepted portion of the network content is redirected to a proxy, which buffers the redirected portion of network content. The buffered network content is scanned in accordance with a scanning criterion and processed in accordance with the at least one content processing rule based on the result of the scanning. The processed portion of network content may be forwarded using a second interface.

39 Citations

View as Search Results

20 Claims

1. A computer-implemented method comprising:
- receiving network traffic at a first interface of a network security device implementing firewall functionality;
  
  identifying, by the network security device, a first transmission protocol according to which a first subset of packets of the network traffic is formatted;
  
  redirecting, by the network security device, the first subset of packets to a first proxy module executing on the network security device based on the identified first transmission protocol;
  
  extracting first network content from the first subset of packets and buffering at least a portion of the first network content by the first proxy module;
  
  processing, by a plurality of scanning engines implemented within the first proxy module, the buffered portion of the first network content in accordance with a plurality of content processing rules selected from a rule definition store based on a first set of network traffic selectors associated with the first subset of packets;
  
  identifying, by the network security device, a second transmission protocol, distinct from the first transmission protocol, according to which a second subset of packets of the network traffic is formatted;
  
  redirecting, by the network security device, the second subset of packets to a second proxy module executing on the network security device based on the identified second transmission protocol;
  
  extracting second network content from the second subset of packets and buffering at least a portion of the second network content by the second proxy module; and
  
  processing, by a plurality of scanning engines implemented within the second proxy module, the buffered portion of the second network content in accordance with a plurality of content processing rules selected from the rule definition store based on a second set of network traffic selectors associated with the second subset of packets.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The computer-implemented method of claim 1, wherein the first transmission protocol carries content in a form of a text stream.
  - 3. The computer-implemented method of claim 2, wherein the first set of network traffic selectors include one or more of a source Internet Protocol (IP) address, a destination IP address, a port number, a time of day and a username.
  - 4. The computer-implemented method of claim 3, wherein said processing the buffered portion of the first network content comprises scanning the buffered portion of the first network content for one or more of unsolicited advertising (spam), phishing attempts and patterns or phrases possibly relating to terrorism or criminal activity.
  - 5. The computer-implemented method of claim 4, wherein the first transmission protocol comprises one of a plurality of electronic mail (email) protocols, one of a plurality of instant messaging (IM) protocols or a web browsing protocol.
  - 6. The computer-implemented method of claim 1, wherein the second transmission protocol comprises a transmission protocol capable of transferring a file.
  - 7. The computer-implemented method of claim 6, wherein said processing the buffered portion of the second network content comprises scanning the buffered portion of the second network content for one or more malware, viruses, worms, Trojans and spyware.
  - 8. The computer-implemented method of claim 7, wherein the second transmission protocol comprises a peer-to-peer (P2P) protocol, file transfer protocol (FTP), one of a plurality of IM protocols or one of a plurality of email protocols.
  - 9. The computer-implemented method of claim 1, wherein said identifying a first transmission protocol is performed within a kernel of an operating system of the network security device.
  - 10. The computer-implemented method of claim 1, wherein the first proxy module executes within a user space of an operating system of the network security device.
  - 11. The computer-implemented method of claim 1, further comprising forwarding the processed portion of the first network content through a second interface of the network security device.

12. A non-transitory computer-readable storage medium embodying one or more sequences of instructions, which when executed by one or more processors of a network security device, cause the one or more processors to perform a method comprising:
- receiving network traffic at a first interface of the network security device;
  
  identifying, by the network security device, a first transmission protocol according to which a first subset of packets of the network traffic is formatted;
  
  redirecting, by the network security device, the first subset of packets to a first proxy module executing on the network security device based on the identified first transmission protocol;
  
  extracting first network content from the first subset of packets and buffering at least a portion of the first network content by the first proxy module;
  
  processing, by a plurality of scanning engines implemented within the first proxy module, the buffered portion of the first network content in accordance with a plurality of content processing rules selected from a rule definition store based on a first set of network traffic selectors associated with the first subset of packets;
  
  identifying, by the network security device, a second transmission protocol, distinct from the first transmission protocol, according to which a second subset of packets of the network traffic is formatted;
  
  redirecting, by the network security device, the second subset of packets to a second proxy module executing on the network security device based on the identified second transmission protocol;
  
  extracting second network content from the second subset of packets and buffering at least a portion of the second network content by the second proxy module; and
  
  processing, by a plurality of scanning engines implemented within the second proxy module, the buffered portion of the second network content in accordance with a plurality of content processing rules selected from the rule definition store based on a second set of network traffic selectors associated with the second subset of packets.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The non-transitory computer-readable storage medium of claim 12, wherein the first transmission protocol carries content in a form of a text stream.
  - 14. The non-transitory computer-readable storage medium of claim 13, wherein said processing the buffered portion of the first network content comprises scanning the buffered portion of the first network content for one or more of unsolicited advertising (spam), phishing attempts and patterns or phrases possibly relating to terrorism or criminal activity.
  - 15. The computer-implemented method of claim 14, wherein the first transmission protocol comprises one of a plurality of electronic mail (email) protocols, one of a plurality of instant messaging (IM) protocols or a web browsing protocol.
  - 16. The non-transitory computer-readable storage medium of claim 12, wherein the second transmission protocol comprises a transmission protocol capable of transferring a file.
  - 17. The non-transitory computer-readable storage medium of claim 16, wherein said processing the buffered portion of the second network content comprises scanning the buffered portion of the second network content for one or more malware, viruses, worms, Trojans and spyware.
  - 18. The non-transitory computer-readable storage medium of claim 17, wherein the second transmission protocol comprises a peer-to-peer (P2P) protocol, file transfer protocol (FTP), one of a plurality of IM protocols or one of a plurality of email protocols.
  - 19. The non-transitory computer-readable storage medium of claim 12, wherein said identifying a first transmission protocol is performed within a kernel of an operating system of the network security device.
  - 20. The non-transitory computer-readable storage medium of claim 12, wherein the first proxy module executes within a user space of an operating system of the network security device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fortinet Inc.
Original Assignee
Fortinet Inc.
Inventors
Krywaniuk, Andrew
Primary Examiner(s)
Mehedi, Morshed

Application Number

US14/994,725
Publication Number

US 20160127419A1
Time in Patent Office

678 Days
Field of Search
US Class Current
CPC Class Codes

H04L 51/00   User-to-user messaging in p...

H04L 63/02   for separating internal fro...

H04L 63/0245   Filtering by information in...

H04L 63/0254   Stateful filtering

H04L 63/0263   Rule management

H04L 63/0272   Virtual private networks

H04L 63/0281   Proxies

H04L 63/1441   Countermeasures against mal...

H04L 63/145   the attack involving the pr...

H04L 63/20   for managing network securi...

Computerized system and method for advanced network content processing

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

39 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Computerized system and method for advanced network content processing

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links