Filtering network data transfers
US-9160713-B2 · Oct 13, 2015 · US
Rule-based network-threat detection
US10757126B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10757126-B2 |
| Application number | US-202016813220-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 9, 2020 |
| Priority date | Apr 17, 2015 |
| Publication date | Aug 25, 2020 |
| Grant date | Aug 25, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A packet-filtering device may receive packet-filtering rules configured to cause the packet-filtering device to identify packets corresponding to network-threat indicators. The packet-filtering device may receive packets and, for each packet, may determine that the packet corresponds to criteria specified by a packet-filtering rule. The criteria may correspond to one or more of the network-threat indicators. The packet-filtering device may apply an operator specified by the packet-filtering rule. The operator may be configured to cause the packet-filtering device to either prevent the packet from continuing toward its destination or allow the packet to continue toward its destination. The packet-filtering device may generate a log entry comprising information from the packet-filtering rule that identifies the one or more network-threat indicators and indicating whether the packet-filtering device prevented the packet from continuing toward its destination or allowed the packet to continue toward its destination.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: receiving, by a packet filtering device and from a rule provider device, a plurality of packet filtering rules configured to cause the packet filtering device to identify packets corresponding to at least one of a plurality of network-threat indicators, wherein the plurality of packet filtering rules were generated by the rule provider device based on network threat intelligent reports supplied by one or more independent network-threat-intelligence providers, and wherein the plurality of network-threat indicators comprise unique Internet host addresses or names; responsive to a determination, by the packet filtering device, that a first packet satisfies a first packet filtering rule of the plurality of packet filtering rules based on one or more network-threat indicators specified by the first packet filtering rule: applying, to the first packet, an operator specified by the first packet filtering rule and configured to cause the packet filtering device to allow the first packet to continue toward a destination of the first packet; and communicating, to the rule provider device, data indicative that the first packet was allowed to continue toward the destination of the first packet; receiving, from the rule provider device, an update to at least one packet filtering rule; modifying, by the packet filtering device and based on the received update to the at least one packet filtering rule, the first packet filtering rule to reconfigure the packet filtering device to prevent packets corresponding to the one or more network-threat indicators from continuing toward their respective destinations; and responsive to a determination, by the packet filtering device, that a second packet satisfies the modified first packet filtering rule: preventing, by the packet filtering device and based on at least one operator specified by the modified first packet filtering rule, the second packet from continuing toward a destination of the second packet; and communicating, by the packet filtering device and to the rule provider device, data indicative that the second packet was prevented from continuing toward the destination of the second packet. 2. The method of claim 1 , further comprising: causing display, in an interface, of second data that identifies the one or more network-threat indicators. 3. The method of claim 2 , wherein: the packet filtering device is located at a boundary between a first network and a second network; the determination that the first packet satisfies the first packet filtering rule comprises a determination that the first packet was received from a common host in the first network; the determination that the second packet satisfies the first packet filtering rule comprises a determination that the second packet was received from the common host in the first network; allowing the first packet to continue toward the destination of the first packet comprises allowing the first packet to continue toward the common host in the second network; and preventing the second packet from continuing toward the destination of the first packet comprises preventing the second packet from continuing toward the common host in the second network. 4. The method of claim 2 , wherein: the packet filtering device is located at a boundary between a first network and a second network; the first packet is destined for a first host in the second network; the second packet is destined for a second host in the second network; the determination that the first packet satisfies the first packet filtering rule comprises a determination that the first packet was received from a common host; the determination that the second packet satisfies the first packet filtering rule comprises a determination that the second packet was received from the common host; allowing the first packet to continue toward the destination of the first packet comprises allowing the first packet to continue toward the first host; and preventing the second packet from continuing toward the destination of the second packet comprises preventing the second packet from continuing toward the second host. 5. The method of claim 2 , wherein: the packet filtering device is located at a boundary between a first network and a second network; the first packet is received from a first host in the second network; the second packet is received from a second host in the second network; the determination that the first packet satisfies the first packet filtering rule comprises a determination that the first packet is destined for a common host; the determination that the second packet satisfies the first packet filtering rule comprises a determination that the second packet is destined for the common host; allowing the first packet to continue toward the destination of the first packet comprises allowing the first packet to continue toward the common host; and preventing the second packet from continuing toward the destination of the second packet comprises preventing the second packet from continuing toward the common host. 6. The method of claim 1 , further comprising: updating, based on a packet log entry, a packet flow log to indicate the determination and whether the packet filtering device prevented a packet, of the plurality of packets, from continuing toward a destination of the packet or allowed the packet to continue toward the destination of the packet. 7. The method of claim 6 , further comprising: receiving a first portion of packets and a second portion of packets; and for each packet in the first portion of packets: generating a packet log entry indicating whether the packet filtering device prevented the packet from continuing toward a destination of the packet or allowed the packet to continue toward the destination of the packet; and generating, based on the packet log entry, a flow-log entry indicating whether the packet filtering device prevented the packet from continuing toward the destination of the packet or allowed the packet to continue toward the destination of the packet; and for each packet in the second portion of packets: generating a packet log entry indicating whether the packet filtering device prevented the packet from continuing toward the destination of the packet or allowed the packet to continue toward the destination of the packet; and modifying, based on the packet log entry, an existing flow-log entry corresponding to the packet to reflect whether the packet filtering device prevented the packet from continuing toward the destination of the packet or allowed the packet to continue toward the destination of the packet. 8. A packet filtering device comprising: one or more processors; and memory storing instructions that, when executed by the one or more processors, cause the packet filtering device to: receive, from a rule provider device, a plurality of packet filtering rules configured to cause the packet filtering device to identify packets corresponding to at least one of a plurality of network-threat indicators, wherein the plurality of packet filtering rules were generated by the rule provider device based on network threat intelligent reports supplied by one or more independent network-threat-intelligence providers, and wherein the plurality of network-threat indicators comprise unique Internet host addresses or names; responsive to a determination that a first packet satisfies a first packet filtering rule of the plurality of packet filtering rules based on one or more network-threat indicators specified by the first packet filtering rule: apply, to the first packet, an operator specified by the first packet filtering rule and configured to cause the packet filtering device to a
Assignees
Inventors
Classifications
by filtering · CPC title
Countermeasures against malicious traffic (countermeasures against attacks on cryptographic mechanisms H04L9/002) · CPC title
Event detection, e.g. attack signature detection · CPC title
Filtering by address, protocol, port number or service, e.g. IP-address or URL · CPC title
Applying verification of the received information (cryptographic mechanisms or cryptographic arrangements for data integrity or data verification H04L9/32) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10757126B2 cover?
- A packet-filtering device may receive packet-filtering rules configured to cause the packet-filtering device to identify packets corresponding to network-threat indicators. The packet-filtering device may receive packets and, for each packet, may determine that the packet corresponds to criteria specified by a packet-filtering rule. The criteria may correspond to one or more of the network-thre…
- Who is the assignee on this patent?
- Centripetal Networks Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1425. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Aug 25 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).