ATE322790T1 - Ueberwachung des datenflusses zur verbesserung des netzwerksicherheitsschutzes - Google Patents

Ueberwachung des datenflusses zur verbesserung des netzwerksicherheitsschutzes

Info

Publication number
ATE322790T1
ATE322790T1 AT02396004T AT02396004T ATE322790T1 AT E322790 T1 ATE322790 T1 AT E322790T1 AT 02396004 T AT02396004 T AT 02396004T AT 02396004 T AT02396004 T AT 02396004T AT E322790 T1 ATE322790 T1 AT E322790T1
Authority
AT
Austria
Prior art keywords
client
data stream
response
server
data flow
Prior art date
Application number
AT02396004T
Other languages
English (en)
Inventor
Jesse Lahtinen
Original Assignee
Stonesoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Stonesoft Corp filed Critical Stonesoft Corp
Application granted granted Critical
Publication of ATE322790T1 publication Critical patent/ATE322790T1/de

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0254Stateful filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Communication Control (AREA)
AT02396004T 2002-01-18 2002-01-18 Ueberwachung des datenflusses zur verbesserung des netzwerksicherheitsschutzes ATE322790T1 (de)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP02396004A EP1330095B1 (de) 2002-01-18 2002-01-18 Ueberwachung des Datenflusses zur Verbesserung des Netzwerksicherheitsschutzes

Publications (1)

Publication Number Publication Date
ATE322790T1 true ATE322790T1 (de) 2006-04-15

Family

ID=8185777

Family Applications (1)

Application Number Title Priority Date Filing Date
AT02396004T ATE322790T1 (de) 2002-01-18 2002-01-18 Ueberwachung des datenflusses zur verbesserung des netzwerksicherheitsschutzes

Country Status (4)

Country Link
US (1) US7302480B2 (de)
EP (1) EP1330095B1 (de)
AT (1) ATE322790T1 (de)
DE (1) DE60210408T2 (de)

Families Citing this family (72)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7350203B2 (en) * 2002-07-23 2008-03-25 Alfred Jahn Network security software
WO2004093384A1 (en) * 2003-04-04 2004-10-28 Computer Associates Think, Inc. Method and system for discovery of remote agents
US7809608B2 (en) * 2003-07-25 2010-10-05 Peter Kassan System and method to prevent termination of on-line transactions
US7225148B2 (en) * 2003-07-25 2007-05-29 Peter Kassan E-commerce shopping cart
ES2309364T3 (es) 2003-08-11 2008-12-16 Telecom Italia S.P.A. Procedimiento y sistema de deteccion de una utilizacion no autorizada de una red de comunicaciones.
US7457870B1 (en) * 2004-02-27 2008-11-25 Packeteer, Inc. Methods, apparatuses and systems facilitating classification of web services network traffic
US7774456B1 (en) * 2004-02-27 2010-08-10 Packeteer, Inc. Methods, apparatuses and systems facilitating classification of web services network traffic
US8782405B2 (en) * 2004-03-18 2014-07-15 International Business Machines Corporation Providing transaction-level security
US20050234920A1 (en) * 2004-04-05 2005-10-20 Lee Rhodes System, computer-usable medium and method for monitoring network activity
US7571181B2 (en) * 2004-04-05 2009-08-04 Hewlett-Packard Development Company, L.P. Network usage analysis system and method for detecting network congestion
US20050228984A1 (en) * 2004-04-07 2005-10-13 Microsoft Corporation Web service gateway filtering
US7422152B2 (en) 2004-05-13 2008-09-09 Cisco Technology, Inc. Methods and devices for providing scalable RFID networks
US7827233B1 (en) * 2004-07-16 2010-11-02 Syniverse Icx Corporation Method and apparatus for an end-to-end send-to framework
US8458467B2 (en) 2005-06-21 2013-06-04 Cisco Technology, Inc. Method and apparatus for adaptive application message payload content transformation in a network infrastructure element
US7664879B2 (en) * 2004-11-23 2010-02-16 Cisco Technology, Inc. Caching content and state data at a network element
US7987272B2 (en) 2004-12-06 2011-07-26 Cisco Technology, Inc. Performing message payload processing functions in a network element on behalf of an application
US7725934B2 (en) * 2004-12-07 2010-05-25 Cisco Technology, Inc. Network and application attack protection based on application layer message inspection
US8082304B2 (en) * 2004-12-10 2011-12-20 Cisco Technology, Inc. Guaranteed delivery of application layer messages by a network element
US7606267B2 (en) * 2004-12-10 2009-10-20 Cisco Technology, Inc. Reducing the sizes of application layer messages in a network element
US7698416B2 (en) * 2005-01-25 2010-04-13 Cisco Technology, Inc. Application layer message-based server failover management by a network element
ATE485552T1 (de) 2005-03-24 2010-11-15 Ibm Erkennung von netzwerkangriffen
US8266327B2 (en) * 2005-06-21 2012-09-11 Cisco Technology, Inc. Identity brokering in a network element
US7345585B2 (en) 2005-08-01 2008-03-18 Cisco Technology, Inc. Network based device for providing RFID middleware functionality
US8104077B1 (en) * 2006-01-03 2012-01-24 Symantec Corporation System and method for adaptive end-point compliance
WO2007099497A1 (en) * 2006-02-28 2007-09-07 International Business Machines Corporation Detection and control of peer-to-peer communication
CN101039314B (zh) * 2006-03-16 2012-02-22 华为技术有限公司 一种在演进接入网络中实现安全性保证的方法
US7773540B1 (en) * 2006-06-01 2010-08-10 Bbn Technologies Corp. Methods, system and apparatus preventing network and device identification
US7797406B2 (en) * 2006-07-27 2010-09-14 Cisco Technology, Inc. Applying quality of service to application messages in network elements based on roles and status
US7783713B2 (en) * 2006-10-20 2010-08-24 Syniverse Icx Corporation Method and apparatus for response enabled messaging
US8079076B2 (en) * 2006-11-02 2011-12-13 Cisco Technology, Inc. Detecting stolen authentication cookie attacks
GB0707839D0 (en) * 2007-04-21 2007-05-30 Johnston Michael SAR initiation
US8291495B1 (en) * 2007-08-08 2012-10-16 Juniper Networks, Inc. Identifying applications for intrusion detection systems
US8112800B1 (en) 2007-11-08 2012-02-07 Juniper Networks, Inc. Multi-layered application classification and decoding
US8391164B2 (en) 2008-01-02 2013-03-05 At&T Intellectual Property I, L.P. Computing time-decayed aggregates in data streams
US8484269B2 (en) * 2008-01-02 2013-07-09 At&T Intellectual Property I, L.P. Computing time-decayed aggregates under smooth decay functions
US7433960B1 (en) * 2008-01-04 2008-10-07 International Business Machines Corporation Systems, methods and computer products for profile based identity verification over the internet
US7817636B2 (en) * 2008-01-30 2010-10-19 Cisco Technology, Inc. Obtaining information on forwarding decisions for a packet flow
US8356345B2 (en) * 2008-06-03 2013-01-15 International Business Machines Corporation Constructing a secure internet transaction
US8055587B2 (en) * 2008-06-03 2011-11-08 International Business Machines Corporation Man in the middle computer technique
US8055767B1 (en) * 2008-07-15 2011-11-08 Zscaler, Inc. Proxy communication string data
US8244799B1 (en) 2008-07-21 2012-08-14 Aol Inc. Client application fingerprinting based on analysis of client requests
EP2353093A2 (de) * 2008-09-22 2011-08-10 Synopsys, Inc. Datenverarbeitungssystem mit einem bildschirm
US8572717B2 (en) 2008-10-09 2013-10-29 Juniper Networks, Inc. Dynamic access control policy with port restrictions for a network security appliance
WO2010088550A2 (en) * 2009-01-29 2010-08-05 Breach Security, Inc. A method and apparatus for excessive access rate detection
US9398043B1 (en) 2009-03-24 2016-07-19 Juniper Networks, Inc. Applying fine-grain policy action to encapsulated network attacks
CN101877696B (zh) * 2009-04-30 2014-01-08 国际商业机器公司 在网络应用环境下重构错误响应信息的设备和方法
US8347100B1 (en) 2010-07-14 2013-01-01 F5 Networks, Inc. Methods for DNSSEC proxying and deployment amelioration and systems thereof
US8484740B2 (en) 2010-09-08 2013-07-09 At&T Intellectual Property I, L.P. Prioritizing malicious website detection
US9712592B2 (en) * 2011-04-21 2017-07-18 Arris Enterprises, Inc. Classification of HTTP multimedia traffic per session
CN102281298A (zh) * 2011-08-10 2011-12-14 深信服网络科技(深圳)有限公司 检测和防御cc攻击的方法及装置
CN103999071B (zh) * 2011-11-02 2018-04-17 阿卡麦科技公司 在边缘网络服务器中的多域配置处理
CN103166942B (zh) * 2011-12-19 2016-08-03 中国科学院软件研究所 一种恶意代码的网络协议解析方法
US9270766B2 (en) * 2011-12-30 2016-02-23 F5 Networks, Inc. Methods for identifying network traffic characteristics to correlate and manage one or more subsequent flows and devices thereof
US8938796B2 (en) 2012-09-20 2015-01-20 Paul Case, SR. Case secure computer architecture
CN102904940A (zh) * 2012-09-27 2013-01-30 杭州迪普科技有限公司 一种Web服务器识别的方法及装置
US9887911B2 (en) 2013-02-28 2018-02-06 Xaptum, Inc. Systems, methods, and devices for adaptive communication in a data communication network
CN104468655B (zh) * 2013-09-18 2018-04-03 阿里巴巴集团控股有限公司 对反向代理软件进行测试的方法及系统
US9971714B2 (en) * 2015-05-05 2018-05-15 Oath Inc. Device interfacing
US10375026B2 (en) * 2015-10-28 2019-08-06 Shape Security, Inc. Web transaction status tracking
US10075416B2 (en) 2015-12-30 2018-09-11 Juniper Networks, Inc. Network session data sharing
US10797888B1 (en) 2016-01-20 2020-10-06 F5 Networks, Inc. Methods for secured SCEP enrollment for client devices and devices thereof
US10686834B1 (en) * 2017-02-23 2020-06-16 Amazon Technologies, Inc. Inert parameters for detection of malicious activity
US11057352B2 (en) 2018-02-28 2021-07-06 Xaptum, Inc. Communication system and method for machine data routing
US10965653B2 (en) 2018-03-28 2021-03-30 Xaptum, Inc. Scalable and secure message brokering approach in a communication system
US10805439B2 (en) 2018-04-30 2020-10-13 Xaptum, Inc. Communicating data messages utilizing a proprietary network
US10924593B2 (en) 2018-08-31 2021-02-16 Xaptum, Inc. Virtualization with distributed adaptive message brokering
US10938877B2 (en) 2018-11-30 2021-03-02 Xaptum, Inc. Optimizing data transmission parameters of a proprietary network
US11218506B2 (en) * 2018-12-17 2022-01-04 Microsoft Technology Licensing, Llc Session maturity model with trusted sources
US11057501B2 (en) * 2018-12-31 2021-07-06 Fortinet, Inc. Increasing throughput density of TCP traffic on a hybrid data network having both wired and wireless connections by modifying TCP layer behavior over the wireless connection while maintaining TCP protocol
US10912053B2 (en) 2019-01-31 2021-02-02 Xaptum, Inc. Enforcing geographic restrictions for multitenant overlay networks
US11765618B2 (en) * 2020-03-20 2023-09-19 Nokia Technologies Oy Wireless communication system
US20230139992A1 (en) * 2021-10-29 2023-05-04 Arris Enterprises Llc Methods, systems, and devices for analyzing network performance

Family Cites Families (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5963915A (en) * 1996-02-21 1999-10-05 Infoseek Corporation Secure, convenient and efficient system and method of performing trans-internet purchase transactions
US5875296A (en) * 1997-01-28 1999-02-23 International Business Machines Corporation Distributed file system web server user authentication with cookies
US6101482A (en) * 1997-09-15 2000-08-08 International Business Machines Corporation Universal web shopping cart and method of on-line transaction processing
US6233618B1 (en) * 1998-03-31 2001-05-15 Content Advisor, Inc. Access control of networked data
US6311269B2 (en) * 1998-06-15 2001-10-30 Lockheed Martin Corporation Trusted services broker for web page fine-grained security labeling
US6496824B1 (en) * 1999-02-19 2002-12-17 Saar Wilf Session management over a stateless protocol
US6374359B1 (en) * 1998-11-19 2002-04-16 International Business Machines Corporation Dynamic use and validation of HTTP cookies for authentication
US6985953B1 (en) * 1998-11-30 2006-01-10 George Mason University System and apparatus for storage and transfer of secure data on web
US6754831B2 (en) * 1998-12-01 2004-06-22 Sun Microsystems, Inc. Authenticated firewall tunneling framework
US6529952B1 (en) * 1999-04-02 2003-03-04 Nielsen Media Research, Inc. Method and system for the collection of cookies and other information from a panel
US6466983B1 (en) * 1999-09-30 2002-10-15 Steven Paul Strazza Systems and methods for controlling access to data maintained in a repository
US6510464B1 (en) * 1999-12-14 2003-01-21 Verizon Corporate Services Group Inc. Secure gateway having routing feature
EP1146712A1 (de) * 2000-04-10 2001-10-17 BRITISH TELECOMMUNICATIONS public limited company Authentifizierungs in einem Telecommunikationssystem
BR0111951A (pt) * 2000-06-26 2003-07-29 Intel Corp Estabelecimento de segurança de rede usando uma segurança de protocolo da internet
US7162649B1 (en) * 2000-06-30 2007-01-09 Internet Security Systems, Inc. Method and apparatus for network assessment and authentication
AU2000276742A1 (en) * 2000-08-21 2001-06-25 Authoriszor Limited System and method for providing security for a network site
EP1320960B1 (de) * 2000-09-28 2013-11-06 Symantec Corporation System und verfahren zur analyse von protokollströmen in bezug auf ein sicherheitsbezogenes ereignis
EP1338130B1 (de) * 2000-11-30 2006-11-02 Lancope, Inc. Flussbasierte erfassung eines eindringens in ein netzwerk
WO2002044923A1 (en) * 2000-11-30 2002-06-06 Webtone Technologies, Inc. Web session collaboration
US20020133586A1 (en) * 2001-01-16 2002-09-19 Carter Shanklin Method and device for monitoring data traffic and preventing unauthorized access to a network
US20020143963A1 (en) * 2001-03-15 2002-10-03 International Business Machines Corporation Web server intrusion detection method and apparatus
US6996841B2 (en) * 2001-04-19 2006-02-07 Microsoft Corporation Negotiating secure connections through a proxy server
US6961759B2 (en) * 2001-09-24 2005-11-01 International Business Machines Corporation Method and system for remotely managing persistent state data
US20030074432A1 (en) * 2001-09-26 2003-04-17 Mazzitelli John Joseph State data management method and system

Also Published As

Publication number Publication date
EP1330095A1 (de) 2003-07-23
US7302480B2 (en) 2007-11-27
DE60210408D1 (de) 2006-05-18
EP1330095B1 (de) 2006-04-05
DE60210408T2 (de) 2006-10-19
US20030140140A1 (en) 2003-07-24

Similar Documents

Publication Publication Date Title
DE60210408D1 (de) Ueberwachung des Datenflusses zur Verbesserung des Netzwerksicherheitsschutzes
CN106936667B (zh) 一种基于应用程序流量分布式分析的主机实时识别方法
JP3954385B2 (ja) 迅速なパケット・フィルタリング及びパケット・プロセシングのためのシステム、デバイス及び方法
US7835390B2 (en) Network traffic identification by waveform analysis
US8095973B2 (en) Apparatus and method for detecting network attack
WO2006057772B1 (en) Method and system for including network security information in a frame
US8051484B2 (en) Method and security system for indentifying and blocking web attacks by enforcing read-only parameters
US20140223558A1 (en) Method and device for integrating multiple threat security services
CN112468520B (zh) 一种数据检测方法、装置、设备及可读存储介质
US20060198313A1 (en) Method and device for detecting and blocking unauthorized access
WO2004068314A3 (en) Method and device for the classification and redirection of data packets in a heterogeneous network
ATE424581T1 (de) Verfahren zur begrenzung der strömungsmenge von ortsinformationsanforderungen in einem ortsbestimmungsdienst
US20060262789A1 (en) Method and corresponding device for packets classification
US20040255162A1 (en) Security gateway system and method for intrusion detection
US9444830B2 (en) Web server/web application server security management apparatus and method
CN110958233B (zh) 一种基于深度学习的加密型恶意流量检测系统和方法
US20080126799A1 (en) Content based routing with high assurance mls
CN102571946B (zh) 一种基于对等网络的协议识别与控制系统的实现方法
US20170134413A1 (en) System and method for connection fingerprint generation and stepping-stone traceback based on netflow
CN109698831A (zh) 数据防护方法和装置
CN114866258A (zh) 一种访问关系的建立方法、装置、电子设备及存储介质
FR2879388B1 (fr) Procede de transmission securisee, systeme, pare-feu et routeur le mettant en oeuvre
JP2004112318A (ja) コンテンツ不正利用探索システム
US8065393B2 (en) Method and system for obviating redundant actions in a network
JP2009081736A (ja) パケット転送装置及びパケット転送プログラム

Legal Events

Date Code Title Description
RER Ceased as to paragraph 5 lit. 3 law introducing patent treaties