Processing

Please wait...

Settings

Settings

Goto Application

1. WO2013003493 - SYSTEM AND METHOD FOR PROTOCOL FINGERPRINTING AND REPUTATION CORRELATION

Publication Number WO/2013/003493
Publication Date 03.01.2013
International Application No. PCT/US2012/044453
International Filing Date 27.06.2012
IPC
H04L 12/22 2006.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
12Data switching networks
02Details
22Arrangements for preventing the taking of data from a data transmission channel without authorisation
H04L 29/06 2006.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/-H04L27/136
02Communication control; Communication processing
06characterised by a protocol
CPC
H04L 63/0227
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
02for separating internal from external traffic, e.g. firewalls
0227Filtering policies
H04L 63/0236
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
02for separating internal from external traffic, e.g. firewalls
0227Filtering policies
0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
H04L 63/0245
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
02for separating internal from external traffic, e.g. firewalls
0227Filtering policies
0245Filtering by information in the payload
H04L 63/14
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
14for detecting or protecting against malicious traffic
H04L 63/1408
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
14for detecting or protecting against malicious traffic
1408by monitoring network traffic
H04L 63/1416
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
14for detecting or protecting against malicious traffic
1408by monitoring network traffic
1416Event detection, e.g. attack signature detection
Applicants
  • MCAFEE, INC. [US]/[US] (AllExceptUS)
  • ALPEROVITCH, Dmitri [US]/[US] (UsOnly)
  • BU, Zheng [CN]/[US] (UsOnly)
  • DIEHL, David Frederick [US]/[US] (UsOnly)
  • KRASSER, Sven [DE]/[US] (UsOnly)
Inventors
  • ALPEROVITCH, Dmitri
  • BU, Zheng
  • DIEHL, David Frederick
  • KRASSER, Sven
Agents
  • FRAME, Thomas J.
Priority Data
13/170,16327.06.2011US
Publication Language English (EN)
Filing Language English (EN)
Designated States
Title
(EN) SYSTEM AND METHOD FOR PROTOCOL FINGERPRINTING AND REPUTATION CORRELATION
(FR) SYSTÈME ET PROCÉDÉ DE GÉNÉRATION D'EMPREINTES DIGITALES DE PROTOCOLE ET DE MISE EN CORRÉLATION DE RÉPUTATION
Abstract
(EN)
A method is provided in one example embodiment that includes generating a fingerprint based on properties extracted from data packets received over a network connection and requesting a reputation value based on the fingerprint. A policy action may be taken on the network connection if the reputation value received indicates the fingerprint is associated with malicious activity. The method may additionally include displaying information about protocols based on protocol fingerprints, and more particularly, based on fingerprints of unrecognized protocols. In yet other embodiments, the reputation value may also be based on network addresses associated with the network connection.
(FR)
L'invention concerne un procédé donné à titre d'exemple et consistant à générer une empreinte digitale à partir de propriétés extraites de paquets de données reçus sur une connexion réseau et à demander une valeur de réputation sur la base de l'empreinte digitale. Une mesure de politique peut être entreprise sur la connexion réseau si la valeur de réputation reçue indique que l'empreinte digitale est associée à une activité malveillante. Le procédé peut en outre consister à afficher des informations concernant des protocoles sur la base d'empreintes digitales, et plus particulièrement, sur la base d'empreintes digitales de protocoles non reconnus. Dans encore d'autres modes de réalisation, la valeur de réputation peut également être basée sur des adresses réseau associées à la connexion réseau.
Latest bibliographic data on file with the International Bureau