KR20040045815A - 패킷 네트워크의 라우터에 노드 보안을 제공하기 위한방법 및 장치 - Google Patents
패킷 네트워크의 라우터에 노드 보안을 제공하기 위한방법 및 장치 Download PDFInfo
- Publication number
- KR20040045815A KR20040045815A KR10-2004-7005383A KR20047005383A KR20040045815A KR 20040045815 A KR20040045815 A KR 20040045815A KR 20047005383 A KR20047005383 A KR 20047005383A KR 20040045815 A KR20040045815 A KR 20040045815A
- Authority
- KR
- South Korea
- Prior art keywords
- router
- data packet
- data packets
- determining
- destination device
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/22—Arrangements for preventing the taking of data from a data transmission channel without authorisation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
Abstract
Description
Claims (11)
- 패킷 네트워크의 라우터에 노드 보안(node security)을 제공하기 위한 방법에 있어서,라우터를 경유하여 발신자로부터 송출되어 상기 라우터가 아닌 목적지 디바이스에 어드레스된 데이터 패킷을 모니터링하는 단계;상기 라우터에서, 상기 데이터 패킷이 상기 목적지 디바이스에 잠재적으로 유해한지 여부를 판정하는 단계;상기 데이터 패킷이 상기 목적지 디바이스에 잠재적으로 유해하다는 판정에 응답하여 데이터 패킷의 전송을 인터럽트하는 단계 -상기 인터럽트하는 단계는, 제2 라우터가 차후의 데이터 패킷의 전송을 인터럽트하게 하도록 제2 라우터와 통신하는 단계를 포함함-; 및상기 데이터 패킷이 상기 목적지 디바이스에 잠재적으로 유해하지 않다는 판정에 응답하여 상기 데이터 패킷을 전송하는 단계를 포함하는 방법.
- 제1항에 있어서, 상기 인터럽트하는 단계는, 상기 발신자로부터의 나중 데이터 패킷을 폐기하는 단계를 포함하는 방법.
- 제1항에 있어서, 상기 인터럽트하는 단계는, 업스트림 라우터에 상기 발신자로부터의 차후의 데이터 패킷을 인터셉트할 것을 지시하는 커맨드를 송출하는 단계를 포함하는 방법.
- 제1항에 있어서, 상기 인터럽트하는 단계는, 업스트림 라우터에, 상기 발신자로부터의 차후의 데이터 패킷을 인터셉트하도록 구성된 에이전트를 포워드하는 단계를 포함하는 방법.
- 제1항에 있어서, 상기 판정하는 단계는, 웜(worm), 바이러스 및 트로이의 목마 중 적어도 하나의 잠재적인 존재를 체크하는 단계를 포함하는 방법.
- 제1항에 있어서, 상기 모니터링하는 단계는,데이터 패킷의 서브셋을 랜덤 샘플링하는 단계;소정의 소스 어드레스를 갖는 데이터 패킷을 모니터링하는 단계;소정의 목적지 어드레스를 갖는 데이터 패킷을 모니터링하는 단계; 및소스와 목적지 어드레스의 소정의 조합을 갖는 데이터 패킷을 모니터링하는 단계중 적어도 하나를 포함하는 방법.
- 제1항에 있어서, 상기 판정하는 단계가,제1 데이터 패킷이 의심스럽다고 판정하는 단계; 및상기 제1 데이터 패킷이 의심스럽다는 판정에 응답하여, 제1 데이터 패킷의 소스 어드레스 및 목적지 어드레스에 각각 일치하는 소스 어드레스 및 목적지 어드레스 중 적어도 하나를 갖는 차후의 데이터 패킷을 모니터링하기로 결심하는 단계를 포함하는 방법.
- 제1항에 있어서, 상기 인터럽트하는 단계는, 업스트림 라우터가 잠재적으로 유해한 데이터 패킷을 검출하는 능력을 업데이트하도록 상기 업스트림 라우터와 협력하는 단계를 포함하는 방법.
- 제1항에 있어서, 상기 인터럽트하는 단계는, 상기 업스트림 라우터가 상기 발신자로부터의 전송을 차단하도록 상기 라우터의 이웃이 아닌 업스트림 라우터와 협력하는 단계를 포함하는 방법.
- 제9항에 있어서, 상기 인터럽트하는 단계는, 참여하고 있는 라우터로부터 어드레스 정보를 요구하는 커맨드를 상기 발신자에 송출함으로써, 상기 업스트림 라우터를 식별하는 단계를 더 포함하는 방법.
- 패킷 네트워크 내에 노드 보안을 제공하는 라우터에 있어서,상기 라우터를 경유하여 발신자로부터 송출되어, 상기 라우터가 아닌 목적지 디바이스에 어드레스되는 데이터 패킷을 수용하여, 상기 데이터 패킷을 상기 목적지 디바이스에 전송하기 위한 복수의 I/O 포트; 및상기 복수의 I/O 포트에 결합되어 상기 데이터 패킷을 처리하기 위한 프로세서를 포함하며,상기 프로세서는,상기 데이터 패킷을 모니터하고,상기 데이터 패킷이 상기 목적지 디바이스에 잠재적으로 유해한지 여부를 판정하고,제2 라우터가 차후의 데이터 패킷의 전송을 인터럽트하도록 하는 상기 제2 라우터와의 통신을 포함하여, 상기 데이터 패킷이 상기 목적지 디바이스에 잠재적으로 유해하다는 판정에 응답하여, 상기 데이터 패킷의 전송을 인터럽트하고,상기 데이터 패킷이 상기 목적지 디바이스에 잠재적으로 유해하지 않다는 판정에 응답하여 상기 데이터 패킷을 전송하도록 프로그램된 라우터.
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/976,516 US7181765B2 (en) | 2001-10-12 | 2001-10-12 | Method and apparatus for providing node security in a router of a packet network |
US09/976,516 | 2001-10-12 | ||
PCT/US2002/032465 WO2003032571A1 (en) | 2001-10-12 | 2002-10-09 | Method and apparatus for providing node security in a router of a packet network |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20040045815A true KR20040045815A (ko) | 2004-06-02 |
KR100610287B1 KR100610287B1 (ko) | 2006-08-09 |
Family
ID=25524171
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020047005383A KR100610287B1 (ko) | 2001-10-12 | 2002-10-09 | 패킷 네트워크의 라우터에 노드 보안을 제공하기 위한방법 및 장치 |
Country Status (6)
Country | Link |
---|---|
US (1) | US7181765B2 (ko) |
JP (1) | JP2005506736A (ko) |
KR (1) | KR100610287B1 (ko) |
CN (1) | CN100518052C (ko) |
FI (1) | FI122571B (ko) |
WO (1) | WO2003032571A1 (ko) |
Families Citing this family (58)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8095508B2 (en) | 2000-04-07 | 2012-01-10 | Washington University | Intelligent data storage and processing using FPGA devices |
US6711558B1 (en) | 2000-04-07 | 2004-03-23 | Washington University | Associative database scanning and information retrieval |
US7139743B2 (en) | 2000-04-07 | 2006-11-21 | Washington University | Associative database scanning and information retrieval using FPGA devices |
US20090006659A1 (en) * | 2001-10-19 | 2009-01-01 | Collins Jack M | Advanced mezzanine card for digital network data inspection |
US7716330B2 (en) * | 2001-10-19 | 2010-05-11 | Global Velocity, Inc. | System and method for controlling transmission of data packets over an information network |
US20090161568A1 (en) * | 2007-12-21 | 2009-06-25 | Charles Kastner | TCP data reassembly |
US8788650B1 (en) | 2002-07-19 | 2014-07-22 | Fortinet, Inc. | Hardware based detection devices for detecting network traffic content and methods of using the same |
US7711844B2 (en) * | 2002-08-15 | 2010-05-04 | Washington University Of St. Louis | TCP-splitter: reliable packet monitoring methods and apparatus for high speed networks |
US20040111531A1 (en) * | 2002-12-06 | 2004-06-10 | Stuart Staniford | Method and system for reducing the rate of infection of a communications network by a software worm |
US10572824B2 (en) | 2003-05-23 | 2020-02-25 | Ip Reservoir, Llc | System and method for low latency multi-functional pipeline with correlation logic and selectively activated/deactivated pipelined data processing engines |
EP1627331B1 (en) | 2003-05-23 | 2017-09-20 | IP Reservoir, LLC | Intelligent data storage and processing using fpga devices |
US7444515B2 (en) * | 2003-08-14 | 2008-10-28 | Washington University | Method and apparatus for detecting predefined signatures in packet payload using Bloom filters |
EP1668511B1 (en) * | 2003-10-03 | 2014-04-30 | Enterasys Networks, Inc. | Apparatus and method for dynamic distribution of intrusion signatures |
US7602785B2 (en) * | 2004-02-09 | 2009-10-13 | Washington University | Method and system for performing longest prefix matching for network address lookup using bloom filters |
US7603716B2 (en) * | 2004-02-13 | 2009-10-13 | Microsoft Corporation | Distributed network security service |
US8051483B2 (en) | 2004-03-12 | 2011-11-01 | Fortinet, Inc. | Systems and methods for updating content detection devices and systems |
FR2872653B1 (fr) * | 2004-06-30 | 2006-12-29 | Skyrecon Systems Sa | Systeme et procedes de securisation de postes informatiques et/ou de reseaux de communications |
WO2006023948A2 (en) * | 2004-08-24 | 2006-03-02 | Washington University | Methods and systems for content detection in a reconfigurable hardware |
GB2418563A (en) * | 2004-09-23 | 2006-03-29 | Agilent Technologies Inc | Monitoring for malicious attacks in a communications network |
JP4429892B2 (ja) * | 2004-12-22 | 2010-03-10 | 富士通株式会社 | セキュア通信システム、および通信経路選択装置 |
FI20041681A0 (fi) * | 2004-12-29 | 2004-12-29 | Nokia Corp | Liikenteen rajoittaminen kommunikaatiojärjestelmissä |
EP1859378A2 (en) | 2005-03-03 | 2007-11-28 | Washington University | Method and apparatus for performing biosequence similarity searching |
TW200644495A (en) * | 2005-06-10 | 2006-12-16 | D Link Corp | Regional joint detecting and guarding system for security of network information |
US20060294588A1 (en) * | 2005-06-24 | 2006-12-28 | International Business Machines Corporation | System, method and program for identifying and preventing malicious intrusions |
US20070011732A1 (en) * | 2005-07-05 | 2007-01-11 | Yang-Hung Peng | Network device for secure packet dispatching via port isolation |
US7702629B2 (en) | 2005-12-02 | 2010-04-20 | Exegy Incorporated | Method and device for high performance regular expression pattern matching |
US9794272B2 (en) * | 2006-01-03 | 2017-10-17 | Alcatel Lucent | Method and apparatus for monitoring malicious traffic in communication networks |
US7954114B2 (en) * | 2006-01-26 | 2011-05-31 | Exegy Incorporated | Firmware socket module for FPGA-based pipeline processing |
JP5087850B2 (ja) * | 2006-03-14 | 2012-12-05 | 富士通株式会社 | サービス仲介方法、サービス仲介装置及びサービス仲介システム |
WO2007121035A2 (en) | 2006-03-23 | 2007-10-25 | Exegy Incorporated | Method and system for high throughput blockwise independent encryption/decryption |
US7840482B2 (en) | 2006-06-19 | 2010-11-23 | Exegy Incorporated | Method and system for high speed options pricing |
US7921046B2 (en) * | 2006-06-19 | 2011-04-05 | Exegy Incorporated | High speed processing of financial information using FPGA devices |
US20080086274A1 (en) * | 2006-08-10 | 2008-04-10 | Chamberlain Roger D | Method and Apparatus for Protein Sequence Alignment Using FPGA Devices |
US7660793B2 (en) | 2006-11-13 | 2010-02-09 | Exegy Incorporated | Method and system for high performance integration, processing and searching of structured and unstructured data using coprocessors |
US8326819B2 (en) | 2006-11-13 | 2012-12-04 | Exegy Incorporated | Method and system for high performance data metatagging and data indexing using coprocessors |
EP2186250B1 (en) | 2007-08-31 | 2019-03-27 | IP Reservoir, LLC | Method and apparatus for hardware-accelerated encryption/decryption |
US10229453B2 (en) | 2008-01-11 | 2019-03-12 | Ip Reservoir, Llc | Method and system for low latency basket calculation |
US8374986B2 (en) | 2008-05-15 | 2013-02-12 | Exegy Incorporated | Method and system for accelerated stream processing |
EP2370946A4 (en) | 2008-12-15 | 2012-05-30 | Exegy Inc | METHOD AND DEVICE FOR HIGH-SPEED PROCESSING OF FINANCIAL MARKET DEFINITIONS |
US20110126194A1 (en) * | 2009-11-24 | 2011-05-26 | International Business Machines Corporation | Shared security device |
KR101292887B1 (ko) * | 2009-12-21 | 2013-08-02 | 한국전자통신연구원 | 패킷 동일성 검사를 이용한 라우터의 패킷 스트림 모니터링 장치 및 방법 |
US10037568B2 (en) | 2010-12-09 | 2018-07-31 | Ip Reservoir, Llc | Method and apparatus for managing orders in financial markets |
GB201101507D0 (en) | 2011-01-28 | 2011-03-16 | Scentrics Information Security Technologies Ltd | Mobile device security |
US10650452B2 (en) | 2012-03-27 | 2020-05-12 | Ip Reservoir, Llc | Offload processing of data packets |
US10121196B2 (en) | 2012-03-27 | 2018-11-06 | Ip Reservoir, Llc | Offload processing of data packets containing financial market data |
US9990393B2 (en) | 2012-03-27 | 2018-06-05 | Ip Reservoir, Llc | Intelligent feed switch |
US11436672B2 (en) | 2012-03-27 | 2022-09-06 | Exegy Incorporated | Intelligent switch for processing financial market data |
US9633093B2 (en) | 2012-10-23 | 2017-04-25 | Ip Reservoir, Llc | Method and apparatus for accelerated format translation of data in a delimited data format |
US10133802B2 (en) | 2012-10-23 | 2018-11-20 | Ip Reservoir, Llc | Method and apparatus for accelerated record layout detection |
EP2912579B1 (en) | 2012-10-23 | 2020-08-19 | IP Reservoir, LLC | Method and apparatus for accelerated format translation of data in a delimited data format |
GB2541577A (en) | 2014-04-23 | 2017-02-22 | Ip Reservoir Llc | Method and apparatus for accelerated data translation |
AU2015312102B2 (en) * | 2014-09-02 | 2018-06-14 | Nasdaq, Inc. | Data packet processing methods, systems, and apparatus |
SE539821C2 (en) | 2015-04-29 | 2017-12-12 | Bioservo Tech Aktiebolag | Method of attaching an artificial tendon and a product |
CN105119943A (zh) * | 2015-09-21 | 2015-12-02 | 上海斐讯数据通信技术有限公司 | 一种网络病毒防护方法、网络病毒防护路由器及系统 |
US10942943B2 (en) | 2015-10-29 | 2021-03-09 | Ip Reservoir, Llc | Dynamic field data translation to support high performance stream data processing |
US9998500B2 (en) * | 2016-02-15 | 2018-06-12 | Wipro Limited | Methods and systems for performing lawful interception (LI) in communication networks involving content adulteration with colluding agents |
EP3560135A4 (en) | 2016-12-22 | 2020-08-05 | IP Reservoir, LLC | PIPELINES INTENDED FOR AUTOMATIC ACCELERATED LEARNING BY EQUIPMENT |
CN110110160B (zh) * | 2017-12-29 | 2020-04-14 | 阿里巴巴集团控股有限公司 | 确定数据异常的方法及装置 |
Family Cites Families (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5440723A (en) * | 1993-01-19 | 1995-08-08 | International Business Machines Corporation | Automatic immune system for computers and computer networks |
US5414833A (en) * | 1993-10-27 | 1995-05-09 | International Business Machines Corporation | Network security system and method using a parallel finite state machine adaptive active monitor and responder |
US5557742A (en) * | 1994-03-07 | 1996-09-17 | Haystack Labs, Inc. | Method and system for detecting intrusion into and misuse of a data processing system |
US5898830A (en) * | 1996-10-17 | 1999-04-27 | Network Engineering Software | Firewall providing enhanced network security and user transparency |
US6453345B2 (en) * | 1996-11-06 | 2002-09-17 | Datadirect Networks, Inc. | Network security and surveillance system |
US5991881A (en) * | 1996-11-08 | 1999-11-23 | Harris Corporation | Network surveillance system |
US6789202B1 (en) * | 1999-10-15 | 2004-09-07 | Networks Associates Technology, Inc. | Method and apparatus for providing a policy-driven intrusion detection system |
US6519703B1 (en) * | 2000-04-14 | 2003-02-11 | James B. Joyce | Methods and apparatus for heuristic firewall |
US20020035698A1 (en) * | 2000-09-08 | 2002-03-21 | The Regents Of The University Of Michigan | Method and system for protecting publicly accessible network computer services from undesirable network traffic in real-time |
US7188366B2 (en) * | 2000-09-12 | 2007-03-06 | Nippon Telegraph And Telephone Corporation | Distributed denial of service attack defense method and device |
JP3723076B2 (ja) * | 2000-12-15 | 2005-12-07 | 富士通株式会社 | 不正侵入防御機能を有するip通信ネットワークシステム |
-
2001
- 2001-10-12 US US09/976,516 patent/US7181765B2/en not_active Expired - Lifetime
-
2002
- 2002-10-09 KR KR1020047005383A patent/KR100610287B1/ko active IP Right Grant
- 2002-10-09 CN CNB028201558A patent/CN100518052C/zh not_active Expired - Lifetime
- 2002-10-09 WO PCT/US2002/032465 patent/WO2003032571A1/en active Application Filing
- 2002-10-09 JP JP2003535409A patent/JP2005506736A/ja active Pending
-
2004
- 2004-04-07 FI FI20040514A patent/FI122571B/fi not_active IP Right Cessation
Also Published As
Publication number | Publication date |
---|---|
US20030074582A1 (en) | 2003-04-17 |
CN1685657A (zh) | 2005-10-19 |
FI122571B (fi) | 2012-03-30 |
FI20040514A0 (fi) | 2004-04-07 |
CN100518052C (zh) | 2009-07-22 |
US7181765B2 (en) | 2007-02-20 |
FI20040514A (fi) | 2004-06-09 |
KR100610287B1 (ko) | 2006-08-09 |
JP2005506736A (ja) | 2005-03-03 |
WO2003032571A1 (en) | 2003-04-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR100610287B1 (ko) | 패킷 네트워크의 라우터에 노드 보안을 제공하기 위한방법 및 장치 | |
US9094372B2 (en) | Multi-method gateway-based network security systems and methods | |
JP4072150B2 (ja) | ホストベースのネットワーク侵入検出システム | |
US9800548B2 (en) | Device, system and method for defending a computer network | |
Weaver et al. | Very fast containment of scanning worms, revisited | |
US7463590B2 (en) | System and method for threat detection and response | |
US5884025A (en) | System for packet filtering of data packet at a computer network interface | |
US7823204B2 (en) | Method and apparatus for detecting intrusions on a computer system | |
US7596097B1 (en) | Methods and apparatus to prevent network mapping | |
US20080301810A1 (en) | Monitoring apparatus and method therefor | |
JPH11316677A (ja) | コンピュ―タネットワ―クの保安方法 | |
KR101553264B1 (ko) | 네트워크 침입방지 시스템 및 방법 | |
Ndonda et al. | A two-level intrusion detection system for industrial control system networks using P4 | |
US9455953B2 (en) | Router chip and method of selectively blocking network traffic in a router chip | |
JP2006501527A (ja) | ネットワーク・サービスプロバイダおよびオペレータのサーバシステムに対する攻撃の確認と防御のための方法、データキャリア、コンピュータシステム、およびコンピュータプログラム | |
JP4084317B2 (ja) | ワーム検出方法 | |
WO2018079716A1 (ja) | 通信装置 | |
Mulge | Intrusion Detection | |
Mulge | Intrusion Detection For Know | |
Hooper | An Intellilgent Infrastructure Strategy to Improvilng the Performance and Detection Capability of Intrusion Detection Systems | |
Bazaz | Study of Computer Networks and Network Intrusion | |
Weaver et al. | Very Fast Containment of Scanning Worms, Revisited |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant | ||
FPAY | Annual fee payment |
Payment date: 20120727 Year of fee payment: 7 |
|
FPAY | Annual fee payment |
Payment date: 20130729 Year of fee payment: 8 |
|
FPAY | Annual fee payment |
Payment date: 20140730 Year of fee payment: 9 |
|
FPAY | Annual fee payment |
Payment date: 20150723 Year of fee payment: 10 |
|
FPAY | Annual fee payment |
Payment date: 20160721 Year of fee payment: 11 |
|
FPAY | Annual fee payment |
Payment date: 20170724 Year of fee payment: 12 |
|
FPAY | Annual fee payment |
Payment date: 20180726 Year of fee payment: 13 |
|
FPAY | Annual fee payment |
Payment date: 20190724 Year of fee payment: 14 |