System and method for determining network application signatures using flow payloads
US8964548B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 2, 2011 |
| Grant date | Feb 24, 2015 |
| Priority date | — |
| Expiry date | Dec 23, 2032 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L47/2483
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method for profiling network traffic of a network is presented. The method includes obtaining a cohesive flow-set based on a (port number, transport protocol) pair, identifying a statistically representative training set from the flow-set, identifying a network application associated with the (port number, transport protocol) pair, determining a packet content based signature term of the network application based on the training set, generate a nondeterministic finite automaton (NFA) using the signature terms to represent regular expressions in the training set, matching a portion of a new flow to the NFA in real time and identify a server attached to the new flow as executing the network application, and generate an alert in response to the match for blocking the new flow prior to the server completing a task performed using the new flow.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.