-
公开(公告)号:US07765313B2
公开(公告)日:2010-07-27
申请号:US10177043
申请日:2002-06-21
申请人: Hemant Kumar Jain , Namit Sikka , King Rhoton
发明人: Hemant Kumar Jain , Namit Sikka , King Rhoton
IPC分类号: G06F15/16
CPC分类号: H04L43/18 , H04L12/5602 , H04L29/06 , H04L29/12339 , H04L47/10 , H04L47/2433 , H04L47/2441 , H04L47/2475 , H04L47/31 , H04L61/2503 , H04L63/0227 , H04L67/16 , H04L69/06 , H04L69/22 , H04L69/32
摘要: A classification engine is capable of receiving a plurality of protocol data units (PDUs) and performing a tree-based classification on the PDUs. The classification engine includes: input means for receiving the PDUs; parsing means capable of parsing the PDUs to generate an abstracted protocol structure for at least one of the PDUs; classifier capable of performing the tree-based classification, said classifier being capable of enforcing policy using the abstracted protocol structure; and output means for transmitting the PDUs.
摘要翻译: 分类引擎能够接收多个协议数据单元(PDU)并在PDU上执行基于树的分类。 分类引擎包括:用于接收PDU的输入装置; 解析装置,其能够解析所述PDU以生成用于所述PDU中的至少一个的抽象协议结构; 分类器能够执行基于树的分类,所述分类器能够使用抽象的协议结构来执行策略; 以及用于发送PDU的输出装置。
-
公开(公告)号:US20080229381A1
公开(公告)日:2008-09-18
申请号:US11685177
申请日:2007-03-12
申请人: Namit Sikka , Anoop Reddy , Rajiv Mirani , Abhishek Chauhan
发明人: Namit Sikka , Anoop Reddy , Rajiv Mirani , Abhishek Chauhan
IPC分类号: G06F17/00
CPC分类号: H04L63/20 , H04L63/102
摘要: Systems and methods for configuring and evaluating policies that direct processing of one or more data streams are described. A configuration interface is described for allowing users to specify object oriented policies. These object oriented policies may allow any data structures to be applied with respect to a payload of a received packet stream, including any portions of HTTP traffic. A configuration interface may also allow the user to control the order in which policies and policy groups are executed, in addition to specifying actions to be taken if one or more policies are undefined. Systems and methods for processing the policies may allow efficient processing of object-oriented policies by applying potentially complex data structures to unstructured data streams. A device may also interpret and process a number of flow control commands and policy group invocation statements to determine an order of execution among a number of policies and policy groups. These policy configurations and processing may allow configuration and processing of complex network behaviors relating to load balancing, VPNs, SSL offloading, content switching, application security, acceleration, and caching.
摘要翻译: 描述了用于配置和评估直接处理一个或多个数据流的策略的系统和方法。 描述了用于允许用户指定面向对象策略的配置界面。 这些面向对象的策略可以允许针对所接收的分组流的有效载荷(包括HTTP流量的任何部分)应用任何数据结构。 配置界面还可以允许用户控制执行策略和策略组的顺序,以及如果未定义一个或多个策略,则指定要采取的操作。 用于处理策略的系统和方法可以允许通过将潜在的复杂数据结构应用于非结构化数据流来有效地处理面向对象的策略。 设备还可以解释和处理多个流控制命令和策略组调用语句以确定多个策略和策略组中的执行顺序。 这些策略配置和处理可能允许配置和处理与负载均衡,VPN,SSL卸载,内容切换,应用安全,加速和缓存相关的复杂网络行为。
-
公开(公告)号:US08782023B1
公开(公告)日:2014-07-15
申请号:US13359278
申请日:2012-01-26
申请人: Monica Chawathe , Namit Sikka , Ashish Gupta , Robert C. Keller , Fenglin Liao , Haifeng Jiang
发明人: Monica Chawathe , Namit Sikka , Ashish Gupta , Robert C. Keller , Fenglin Liao , Haifeng Jiang
IPC分类号: G06F17/30
CPC分类号: G06F17/30309
摘要: A device may store information associated with a group of items in a database. The information associated with a particular item may include a group of versions of a particular attribute. A particular version of the particular attribute may include a value associated with the particular attribute and a timestamp. The device may receive a query that specifies a time; determine that the query is associated with the particular item; and determine, based on the specified time, which version of the particular attribute is associated with the query. The device may determine which version of the particular attribute is associated with the query by identifying, based on the timestamps associated with the versions of the particular attribute, a version of the particular attribute that is a newest version, of the versions of the particular attribute that are associated with timestamps that are before or concurrent with the specified time.
摘要翻译: 设备可以将与一组项目相关联的信息存储在数据库中。 与特定项目相关联的信息可以包括特定属性的一组版本。 特定属性的特定版本可以包括与特定属性和时间戳相关联的值。 设备可能会收到指定时间的查询; 确定查询与特定项目相关联; 并且基于指定的时间确定特定属性的哪个版本与查询相关联。 设备可以通过基于与特定属性的版本相关联的时间戳来识别特定属性的特定属性的版本,特定属性的版本的特定属性的版本,来确定特定属性的哪个版本与查询相关联 它们与指定时间之前或之后的时间戳相关联。
-
公开(公告)号:US20120216274A1
公开(公告)日:2012-08-23
申请号:US13212068
申请日:2011-08-17
申请人: Abhishek Chauhan , Rajiv Mirani , Prince Kohli , Namit Sikka
发明人: Abhishek Chauhan , Rajiv Mirani , Prince Kohli , Namit Sikka
CPC分类号: H04L63/0263 , H04L63/0236
摘要: A method of a device for filtering messages routing across a network includes extracting, by a filter configured on the device, a plurality of message components from messages received via a network. The plurality of message components is identified as having at least a field name in common, including a first field name. A learning engine configured on the device creates a list of data types for values of the first field name. The list includes one or more data types of a value of the first field name identified for each of the plurality of message components. The learning engine determines a most restrictive data type from the list of data types for the values of the first field name of the plurality of message components.
摘要翻译: 用于过滤通过网络的消息路由的设备的方法包括通过经由网络接收的消息从设备上配置的过滤器提取多个消息组件。 多个消息组件被识别为具有至少一个共同的字段名称,包括第一字段名称。 在设备上配置的学习引擎为第一个字段名称的值创建数据类型的列表。 列表包括为多个消息组件中的每一个标识的第一字段名称的值的一个或多个数据类型。 学习引擎从多个消息组件的第一字段名称的值的数据类型列表中确定最严格的数据类型。
-
公开(公告)号:US20100017869A1
公开(公告)日:2010-01-21
申请号:US12569006
申请日:2009-09-29
申请人: Abhishek Chauhan , Rajiv Mirani , Prince Kohli , Namit Sikka
发明人: Abhishek Chauhan , Rajiv Mirani , Prince Kohli , Namit Sikka
CPC分类号: H04L63/0263 , H04L63/0236
摘要: A method of a device for filtering messages routing across a network includes extracting, by a filter configured on the device, a plurality of message components from messages received via a network. The plurality of message components is identified as having at least a field name in common, including a first field name. A learning engine configured on the device creates a list of data types for values of the first field name. The list includes one or more data types of a value of the first field name identified for each of the plurality of message components. The learning engine determines a most restrictive data type from the list of data types for the values of the first field name of the plurality of message components.
摘要翻译: 用于过滤通过网络的消息路由的设备的方法包括通过经由网络接收的消息从设备上配置的过滤器提取多个消息组件。 多个消息组件被识别为具有至少一个共同的字段名称,包括第一字段名称。 在设备上配置的学习引擎为第一个字段名称的值创建数据类型的列表。 列表包括为多个消息组件中的每一个标识的第一字段名称的值的一个或多个数据类型。 学习引擎从多个消息组件的第一字段名称的值的数据类型列表中确定最严格的数据类型。
-
公开(公告)号:US08011009B2
公开(公告)日:2011-08-30
申请号:US12569006
申请日:2009-09-29
申请人: Abhishek Chauhan , Rajiv Mirani , Prince Kohli , Namit Sikka
发明人: Abhishek Chauhan , Rajiv Mirani , Prince Kohli , Namit Sikka
CPC分类号: H04L63/0263 , H04L63/0236
摘要: A method of a device for filtering messages routing across a network includes extracting, by a filter configured on the device, a plurality of message components from messages received via a network. The plurality of message components is identified as having at least a field name in common, including a first field name. A learning engine configured on the device creates a list of data types for values of the first field name. The list includes one or more data types of a value of the first field name identified for each of the plurality of message components. The learning engine determines a most restrictive data type from the list of data types for the values of the first field name of the plurality of message components.
摘要翻译: 用于过滤通过网络的消息路由的设备的方法包括通过经由网络接收的消息从设备上配置的过滤器提取多个消息组件。 多个消息组件被识别为具有至少一个共同的字段名称,包括第一字段名称。 在设备上配置的学习引擎为第一个字段名称的值创建数据类型的列表。 列表包括为多个消息组件中的每一个标识的第一字段名称的值的一个或多个数据类型。 学习引擎从多个消息组件的第一字段名称的值的数据类型列表中确定最严格的数据类型。
-
公开(公告)号:US07617531B1
公开(公告)日:2009-11-10
申请号:US10782529
申请日:2004-02-18
申请人: Abhishek Chauhan , Rajiv Mirani , Prince Kohli , Namit Sikka
发明人: Abhishek Chauhan , Rajiv Mirani , Prince Kohli , Namit Sikka
CPC分类号: H04L63/0263 , H04L63/0236
摘要: A security gateway receives messages and extracts components thereof, typically in the form of field name-value pairs. The security gateway determines a data type of the values for individual field names to infer the most restrictive data type of the values for that field. The security gateway may then generates rules, which would block messages that do not have values that match the most restrictive data type. Since the most restrictive data type defines a data type of values for the field as narrowly as possible, the generated rules will make it more difficult for an intruder to guess a valid data type of a value. Since messages that have values that do not match the most restrictive data type are likely to represent malicious attacks, the more narrowly the data type of values is defined, the greater the number of illegitimate messages that will be blocked.
摘要翻译: 安全网关通常以字段名称 - 值对的形式接收消息并提取其组件。 安全网关确定各个字段名称的值的数据类型,以推断该字段的值的最严格的数据类型。 然后,安全网关可以生成规则,其将阻止不具有与最严格限制的数据类型匹配的值的消息。 由于最严格的数据类型尽可能狭义地定义了字段的值的数据类型,因此生成的规则将使入侵者更难以猜测值的有效数据类型。 由于具有与最严格限制性数据类型不匹配的值的消息可能表示恶意攻击,所以定义的值的数据类型越窄,被阻止的非法消息的数量越多。
-
公开(公告)号:US08490148B2
公开(公告)日:2013-07-16
申请号:US11685177
申请日:2007-03-12
申请人: Namit Sikka , Anoop Reddy , Rajiv Mirani , Abhishek Chauhan
发明人: Namit Sikka , Anoop Reddy , Rajiv Mirani , Abhishek Chauhan
IPC分类号: G06F17/00
CPC分类号: H04L63/20 , H04L63/102
摘要: Systems and methods for configuring and evaluating policies that direct processing of one or more data streams are described. A configuration interface is described for allowing users to specify object oriented policies. These object oriented policies may allow any data structures to be applied with respect to a payload of a received packet stream, including any portions of HTTP traffic. A configuration interface may also allow the user to control the order in which policies and policy groups are executed, in addition to specifying actions to be taken if one or more policies are undefined. Systems and methods for processing the policies may allow efficient processing of object-oriented policies by applying potentially complex data structures to unstructured data streams. A device may also interpret and process a number of flow control commands and policy group invocation statements to determine an order of execution among a number of policies and policy groups. These policy configurations and processing may allow configuration and processing of complex network behaviors relating to load balancing, VPNs, SSL offloading, content switching, application security, acceleration, and caching.
-
公开(公告)号:US08695084B2
公开(公告)日:2014-04-08
申请号:US13212068
申请日:2011-08-17
申请人: Abhishek Chauhan , Rajiv Mirani , Prince Kohli , Namit Sikka
发明人: Abhishek Chauhan , Rajiv Mirani , Prince Kohli , Namit Sikka
IPC分类号: H04L29/06
CPC分类号: H04L63/0263 , H04L63/0236
摘要: A method of a device for filtering messages routing across a network includes extracting, by a filter configured on the device, a plurality of message components from messages received via a network. The plurality of message components is identified as having at least a field name in common, including a first field name. A learning engine configured on the device creates a list of data types for values of the first field name. The list includes one or more data types of a value of the first field name identified for each of the plurality of message components. The learning engine determines a most restrictive data type from the list of data types for the values of the first field name of the plurality of message components.
摘要翻译: 用于过滤通过网络的消息路由的设备的方法包括通过经由网络接收的消息从设备上配置的过滤器提取多个消息组件。 多个消息组件被识别为具有至少一个共同的字段名称,包括第一字段名称。 在设备上配置的学习引擎为第一个字段名称的值创建数据类型的列表。 列表包括为多个消息组件中的每一个标识的第一字段名称的值的一个或多个数据类型。 学习引擎从多个消息组件的第一字段名称的值的数据类型列表中确定最严格的数据类型。
-
-
-
-
-
-
-
-
搜索结果
9 条记录 (耗时 0.02 秒)
