Rule-based network-threat detection for encrypted communications

CAFC
  • US 9,917,856 B2
  • Filed: 12/23/2015
  • Issued: 03/13/2018
  • Est. Priority Date: 12/23/2015
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • receiving, by a packet-filtering system comprising a hardware processor and a memory and configured to filter packets in accordance with a plurality of packet-filtering rules, data indicating a plurality of network-threat indicators, wherein at least one of the plurality of network-threat indicators comprises a domain name identified as a network threat;

    identifying packets comprising unencrypted data;

    identifying packets comprising encrypted data;

    determining, by the packet-filtering system and based on a portion of the unencrypted data corresponding to one or more network-threat indicators of the plurality of network-threat indicators, packets comprising encrypted data that corresponds to the one or more network-threat indicators;

    filtering, by the packet-filtering system and based on at least one of a uniform resource identifier (URI) specified by the plurality of packet-filtering rules, data indicating a protocol version specified by the plurality of packet-filtering rules, data indicating a method specified by the plurality of packet-filtering rules, data indicating a request specified by the plurality of packet-filtering rules, or data indicating a command specified by the plurality of packet-filtering rules;

    packets comprising the portion of the unencrypted data that corresponds to one or more network-threat indicators of the plurality of network-threat indicators; and

    the determined packets comprising the encrypted data that corresponds to the one or more network-threat indicators; and

    routing, by the packet-filtering system, filtered packets to a proxy system based on a determination that the filtered packets comprise data that corresponds to the one or more network-threat indicators.

View all claims
    ×
    ×

    Thank you for your feedback

    ×
    ×