Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
2000-04-14
2003-02-11
Hayes, Gail (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C709S224000, C706S046000
Reexamination Certificate
active
06519703
ABSTRACT:
BACKGROUND OF THE INVENTION
This invention relates generally to computer network security methods and apparatus, and more particularly to a heuristic computer firewall.
Conventional rule-based computer security firewalls are based upon varyingly complex sets of rules, or “rule bases”. Data packets that enter such a firewall are compared to information in, and rules of; one or more rule bases to determine whether the data packets should be allowed to pass through the firewall. Rule bases are structured around concepts of logical comparisons (e.g., Boolean) and sequential rule flow (e.g.,. top to bottom) through a list of rules. As rule bases become more complex, they require more system and processor overhead. Consequently, organizations that use firewalls often compromise between rule base complexity and perceived required data throughput; sacrificing some amount of security in favor of performance.
Human intervention is often required to switch between simple and complex rule bases, and even the most complex rule bases process data in the same logical, linear fashion, as do the simpler rule bases. Moreover, due to data storage constraints, logical analysis limitations, and processor overhead requirements associated with large complex rule bases, conventional firewalls are static objects that are only as secure as the knowledge and ability of the firewall-administrator permits, and such firewalls do not learn from, nor adapt to, data flowing through them. Conventional firewalls thus cannot perform the pattern matching and analysis requirements associated with mitigating the security threats posed by the computer “crackers” of today and tomorrow.
It would therefore be desirable to provide methods and apparatus for a heuristic firewall that can learn from and adapt to data flowing through them to better mitigate such security threats. It would also be desirable to provide methods and apparatus that combine multiple analysis methodologies to provide a higher level of functionality than that of conventional firewalls. It would further be desirable for such methods and apparatus to address multiple areas of computer network security. Additional desirable features include providing solutions to known computer security threats, dynamically adapting to new and future computer security exploit attempts, and analyzing and responding to undesirable out-of-band (OOB) and/or covert channel communications activity.
BRIEF SUMMARY OF THE INVENTION
There is therefore provided, in one embodiment of the present invention, a method for processing packets in a computer communication network that includes steps of analyzing a packet stream using at least a first heuristic stage trained to recognize potentially harmful packets; assigning a confidence rating to packets in the analyzed stream in accordance with a level of confidence regarding the harmfulness of the analyzed packets; and selecting packets for further analysis in accordance with their assigned confidence rating.
This exemplary embodiment overcomes disadvantages of previous methods for providing firewall security and is able to learn from and adapt to data flowing through a network to provide additional network security.
REFERENCES:
patent: 5769074 (1998-06-01), Barnhill et al.
patent: 5983348 (1999-11-01), Ji
patent: 5999932 (1999-12-01), Paul
patent: 6052788 (2000-04-01), Wesinger, Jr. et al.
patent: 6108800 (2000-08-01), Asawa
patent: 6119236 (2000-09-01), Shipley
patent: 6154844 (2000-11-01), Touboul et al.
patent: 6192477 (2001-02-01), Corthell
patent: 6219786 (2001-04-01), Cunningham et al.
patent: 6304975 (2001-10-01), Shipley
patent: 6321338 (2001-11-01), Porras et al.
patent: 6357008 (2002-03-01), Nachenberg
patent: 6363489 (2002-03-01), Comay et al.
Lodin et al, “Firewalls Fend Off Invasions From the Net” Feb. 1998, IEEE Spectrum, vol. 35, No. 2.*
Jackson, “Virus Bulletin” Mar. 1996, http://www.dials.ru/english/lib/vb96.htm.*
Carr, Jim “Good News/Bad News in SoS Struggle” Jul. 1, 2002, Network Magazine, p. 32.*
“Network Associates Selected by Department of Defense to Develop Next Generation Intrusion Detection Standards” Oct. 27, 1998, PR Newswire.*
Hale, Ron “The intrusion crackdown primer: Part 1” Feb. 2001, www.serverworldmagazine.com/sunserver/2001/02/intrusion.shtml.*
Hale, Ron “The intrusion crackdown primer: Part 2” Jul. 2001, www.serverworldmagazine.com/monthly/2001/07/intrusion2.shtml.*
Abramson, “Control Strategies for Two-Player Games” Jun. 1989, ACM Computing Surveys, vol. 21, No. 2, p. 137-161.*
“Microsoft Press Computer Dictionary” 1997, Microsoft Press, Third Edition, p. 231.
Armstrong Teasdale LLP
Hayes Gail
Revak Christopher
LandOfFree
Methods and apparatus for heuristic firewall does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Methods and apparatus for heuristic firewall, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Methods and apparatus for heuristic firewall will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3141325