Who is the assignee on this patent?

Aly Hosam, Conboy Craig R, Onut Iosif Viorel, and 2 more

What technology area does this patent fall under?

Primary CPC classification H04L63/168. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Jun 02 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Two-tier deep analysis of HTML traffic

US10673897B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10673897-B2
Application number	US-201113213595-A
Country	US
Kind code	B2
Filing date	Aug 19, 2011
Priority date	Aug 25, 2010
Publication date	Jun 2, 2020
Grant date	Jun 2, 2020

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

An apparatus for two-tier deep analysis of hypertext transport protocol data, monitors Web traffic, receives a packet of Web traffic from a network to form a received packet, wherein the received packet represents Web traffic, and stores the Web traffic temporarily to form stored Web traffic. The apparatus further determines whether the Web traffic is suspicious using a first tier analysis and responsive to a determination that the Web traffic is suspicious, consumes the stored Web traffic using a deep analysis module. The apparatus further determines whether the stored Web traffic is a case of misuse using a second tier analysis and responsive to a determination that the stored Web traffic is a case of misuse, feeding back data about a malicious connection to an intrusion protection system before returning to monitor the Web traffic.

First claim

Opening claim text (preview).

What is claimed is: 1. A computer program product, comprising: a storage hardware device having stored therein computer usable program code for analyzing Web traffic through a network, the computer usable program code, which when executed by the computer hardware system, causes the computer hardware system to perform: intercepting, from the network, a packet from the Web traffic; first analyzing, by an intrusion detection and prevention system, the packet to determine whether the packet is suspicious; flagging, upon the packet determined to be suspicious by the first analyzing, the packet to a deep analysis module separate from the intrusion detection and prevention system; second analyzing, based upon the flagging and by the deep analysis module, the packet to determine whether the packet is malicious by comparing contents of the packet with data provided by a web application scanner; and dropping, only upon the packet determined to be malicious by the second analysis, the packet, wherein the intrusion detection and prevention system is configured to prevent the packet from being forwarded to an intended destination of the packet, the first analyzing is a network level analysis, and the second analyzing is an application level analysis. 2. The computer program product of claim 1 , wherein the first analyzing is based upon a current packet connection of the packet. 3. The computer program product of claim 1 , wherein the web traffic is temporarily stored in a buffer, and the packet is retrieved, from the buffer, by the deep analysis module. 4. The computer program product of claim 1 , wherein the deep analysis module constructs a profile for a Web connection associated with the packet. 5. The computer program product of claim 1 , wherein the application level analysis is configured to identify an attack directed to exploiting a vulnerability of a web application. 6. The computer program product of claim 1 , wherein the intrusion detection and prevention system is in a prevention mode. 7. A computer hardware system configured to analyze Web traffic through a network, comprising: at least one hardware processor configured to initiate the following operations: intercepting, from the network, a packet from the Web traffic; first analyzing, by an intrusion detection and prevention system, the packet to determine whether the packet is suspicious; flagging, upon the packet determined to be suspicious by the first analyzing, the packet to a deep analysis module separate from the intrusion detection and prevention system; second analyzing, based upon the flagging and by the deep analysis module, the packet to determine whether the packet is malicious by comparing contents of the packet with data provided by a web application scanner; and dropping, only upon the packet determined to be malicious by the second analysis, the packet, wherein the intrusion detection and prevention system is configured to prevent the packet from being forwarded to an intended destination of the packet, the first analyzing is a network level analysis, and the second analyzing is an application level analysis. 8. The system of claim 7 , wherein the intrusion detection and prevention system is in a prevention mode. 9. The system of claim 7 , wherein the first analyzing is based upon a current packet connection of the packet. 10. The system of claim 7 , wherein the web traffic is temporarily stored in a buffer, and the packet is retrieved, from the buffer, by the deep analysis module. 11. The system of claim 7 , wherein the deep analysis module constructs a profile for a Web connection associated with the packet. 12. The system of claim 7 , wherein the application level analysis is configured to identify an attack directed to exploiting a vulnerability of a web application.

Assignees

Inventors

Classifications

H04L63/1408
by monitoring network traffic (monitoring network traffic per se H04L43/00) · CPC title
H04L63/168Primary
above the transport layer · CPC title

Patent family

Related publications grouped by family.

View patent family 43070444

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10673897B2 cover?: An apparatus for two-tier deep analysis of hypertext transport protocol data, monitors Web traffic, receives a packet of Web traffic from a network to form a received packet, wherein the received packet represents Web traffic, and stores the Web traffic temporarily to form stored Web traffic. The apparatus further determines whether the Web traffic is suspicious using a first tier analysis and …
Who is the assignee on this patent?: Aly Hosam, Conboy Craig R, Onut Iosif Viorel, and 2 more
What technology area does this patent fall under?: Primary CPC classification H04L63/168. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Jun 02 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).