Effective policies and policy enforcement using characterization of flow content and content-independent flow information

a technology of flow content and flow information, applied in the field of network resources administration, can solve the problems of difficult detection, easy omission of security policies, and insufficient detection of many types of abuse, and achieve the effect of flexible network policies

Inactive Publication Date: 2007-04-19
POLYTECHNIC INSTITUTE OF NEW YORK UNIVERSITY
View PDF3 Cites 80 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

[0014] Embodiments consistent with the present invention provide improved techniques for enforcing more flexible network policies. Such techniques do not need to rely on information in packet headers, or port information.

Problems solved by technology

Network administrators routinely deal with a variety of abuses such as, network bandwidth by unauthorized application services, and the distribution of unauthorized content to name a few.
Abusers can be malicious attackers looking for free resources to host their illegal activities, a malicious insider running a peer-to-peer hub, or simply an ill informed user unintentionally running an application proxy.
Proliferation of peer-to-peer networks and wide use of tunnels makes it difficult to detect such abuses and easy to circumvent security policies.
Unfortunately, an IDS is not useful in detecting many types of abuses where the essence of the abuse is not captured by a simple set of signatures.
Firewalls use port blocking to thwart unauthorized application services.
A malicious insider, or a host inside the network compromised by an attacker, can initiate a connection and transfer unauthorized data or make available an unauthorized service without being detected by a firewall.
Firewall circumvention techniques present new challenges in abuse detection.
However, this is not always an effective solution as the bandwidth may be used for legitimate purposes.
The present inventors believe that one of the disadvantages of such techniques is the potential for false positives where an application can be identified wrongly (as another application).
Further, since not every single packet contains header information, header-based monitoring techniques typically must examine each packet on the network.
Such a method might also result in false positives as the string “JFIF” could appear in a JPEG image or in a text file.
As the foregoing example illustrates, such techniques may be very expensive in terms of computational and memory resources and therefore might not be practical on large networks, especially if traffic volume is high.
Besides, packet drops and asymmetric routing may result in such techniques losing the packet that contains the header information rendering it useless.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] The present invention may involve novel methods, apparatus, message formats, and / or data structures for improving the definition and enforcement of network policies. The following description is presented to enable one skilled in the art to make and use the invention, and is provided in the context of particular applications and their requirements. Thus, the following description of embodiments consistent with the present invention provides illustration and description, but is not intended to be exhaustive or to limit the present invention to the precise form disclosed. Various modifications to the disclosed embodiments will be apparent to those skilled in the art, and the general principles set forth below may be applied to other embodiments and applications. For example, although a series of acts may be described with reference to a flow diagram, the order of acts may differ in other implementations when the performance of one act is not dependent on the completion of anoth...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

Flexible network policies might be enforced by (a) obtaining a flow of network packets, (b) determining a content characteristic by characterizing content of the flow using bit-stream level statistics, (c) determining content-independent flow characteristics, port-independent flow characteristics, and / or application header-independent flow characteristics, and (d) enforcing a policy on the flow using both (1) the determined content characteristic and the (2) determined content-independent flow characteristics, port-independent flow characteristics, and / or application header-independent flow characteristics.

Description

§ 0. RELATED APPLICATIONS [0001] Benefit is claimed, under 35 U.S.C. § 119(e)(1), to the filing date of U.S. provisional patent application Ser. No. 60 / 718,384 (referred to as “the '384 provisional”), titled “APPARATUS AND METHOD FOR DETECTING AND RESPONDING TO RESOURCE ABUSES VIA CHARACTERIZATION OF FLOW CONTENT TYPE”, filed on Sep. 19, 2005, and listing Kulesh SHANMUGASUNDARAM, Mehdi KHARRAZI and Nasir MEMON as the inventors, for any inventions disclosed in the manner provided by 35 U.S.C. § 112, ¶ 1. The '384 provisional application is expressly incorporated herein by reference. The scope of the present invention is not limited to any requirements of the specific embodiments described in the '384 provisional application.§ 1. BACKGROUND OF THE INVENTION [0002]§ 1.1 Field of the Invention [0003] The present invention concerns the administration of network resources. In particular, the present invention concerns facilitating the establishment and enforcement of effective network pol...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(United States)
IPC IPC(8): G06F15/16
CPCH04L47/10H04L47/20
Inventor MEMON, NASIRSHANMUGASUNDARAM, KULESH
Owner POLYTECHNIC INSTITUTE OF NEW YORK UNIVERSITY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap