US2007192863A1PendingUtilityA1

Systems and methods for processing data flows

44
Assignee: KAPOOR HARSHPriority: Jul 1, 2005Filed: Dec 13, 2006Published: Aug 16, 2007
Est. expiryJul 1, 2025(expired)· nominal 20-yr term from priority
G06N 3/047G06F 9/505H04L 63/1416H04L 67/62H04L 67/63H04L 63/1441H04L 2463/141H04L 63/164H04L 67/10H04L 63/0227H04L 63/1408H04L 69/329H04L 63/1425H04L 63/1483H04L 67/34H04L 67/306G06F 21/55H04L 63/145G06F 21/577H04L 63/166
44
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A flow processing facility, which uses a set of artificial neurons for pattern recognition, such as a self-organizing map, in order to provide security and protection to a computer or computer system supports unified threat management based at least in part on patterns relevant to a variety of types of threats that relate to computer systems, including computer networks. Flow processing for switching, security, and other network applications, including a facility that processes a data flow to address patterns relevant to a variety of conditions are directed at internal network security, virtualization, and web connection security. A flow processing facility for inspecting payloads of network traffic packets detects security threats and intrusions across accessible layers of the IP-stack by applying content matching and behavioral anomaly detection techniques based on regular expression matching and self-organizing maps. Exposing threats and intrusions within packet payload at or near real-time rates enhances network security from both external and internal sources while ensuring security policy is rigorously applied to data and system resources. Intrusion Detection and Protection (IDP) is provided by a flow processing facility that processes a data flow to address patterns relevant to a variety of types of network and data integrity threats that relate to computer systems, including computer networks.

Claims

exact text as granted — not AI-modified
1 . A method in a flow processing facility for securing a computer resource, comprising: 
 receiving a data flow;    employing a set of artificial neurons to make a determination, the determination indicating which of a plurality of patterns is present in the data flow;    accessing a configuration, the configuration associating zero or more actions with each pattern of the plurality of patterns;    executing the actions that are associated with the patterns that the determination indicates, the actions modifying the data flow; and    transmitting the data flow.    
     
     
         2 . The method of  claim 1 , wherein the patterns are relevant to recognition of a virus and a spam communication.  
     
     
         3 . The method of  claim 1 , wherein the patterns are relevant to recognition of a virus and a hacker's attack.  
     
     
         4 . The method of  claim 1 , wherein the patterns are relevant to recognition of a virus and spyware.  
     
     
         5 - 7 . (canceled)  
     
     
         8 . The method of  claim 1 , wherein the patterns are relevant to recognition of a spam communication and intrusion on a computer network.  
     
     
         9 . The method of  claim 1 , wherein the patterns are relevant to recognition of a hacker's attack and spyware.  
     
     
         10 . The method of  claim 1 , wherein the patterns are relevant to recognition of a hacker's attack and intrusion on a computer network.  
     
     
         11 . The method of  claim 1 , wherein the patterns are relevant to recognition of spyware and intrusion on a computer network.  
     
     
         12 . The method of  claim 1 , wherein the set of artificial neurons is a self-organizing map.  
     
     
         13 . A system for securing a computer resource, comprising: 
 a facility for receiving a data flow;    a set of artificial neurons for making a determination, the determination indicating which of a plurality of patterns is present in the data flow;    a configuration associating zero or more actions with each pattern of the plurality of patterns;    a processor for executing the actions that are associated with the patterns that the determination indicates, the actions modifying the data flow; and    a facility for transmitting the data flow.    
     
     
         14 . The system of  claim 13 , wherein the patterns are relevant to a recognition of the presence of at least two of a virus, a spam communication, a hacker's attack, spyware, and intrusion on a computer network and wherein the flow processing facility recognizes patterns using a set of artificial neurons.  
     
     
         15 - 22 . (canceled)  
     
     
         23 . The system of  claim 13 , wherein the patterns are relevant to recognition of a hacker's attack and intrusion on a computer network.  
     
     
         24 . The system of  claim 13 , wherein the patterns are relevant to recognition of spyware and intrusion on a computer network.  
     
     
         25 . The system of  claim 13 , wherein the set of artificial neurons is a self-organizing map.  
     
     
         26 - 164 . (canceled)  
     
     
         165 . A firewall facility comprising; 
 a flow processor for processing network packets being transferred between an a first port and a second port of the firewall;    content inspection algorithms executed by the flow processing facility to make a first detection of abnormalities that are associated with the packets;    content strings that define invalid packets; and    an application processing module for utilizing the content strings while making a second determination that indicates whether a packet is an invalid packet, wherein the flow processor is adapted to direct the network packets to the application processing module as a function of the first detection.    
     
     
         166 . The facility of  claim 165 , further including a network processing module for taking action on abnormal or invalid packets.  
     
     
         167 . The facility of  claim 166 , wherein taking action includes dropping the packets.  
     
     
         168 - 171 . (canceled)  
     
     
         172 . The facility of  claim 165 , wherein the content strings define one or more computer viruses.  
     
     
         173 . The facility of  claim 165 , wherein the content strings define one or more spam campaign packets.  
     
     
         174 . The facility of  claim 165 , wherein the content inspection algorithms include one or more of behavioral analysis and regular expression matching.  
     
     
         175 - 235 . (canceled)

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.