System and method for automatic provisioning of multi-stage rule-based traffic filtering

Methods and systems for filtering communication packets using a multi-stage filtering system that receives a large volume of communication packets from a communication network that filters the packets in two or more successive stages. The system comprises at least one front-end filtering unit and mu...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Frid Naomi, Weintraub Dana
Format: Patent
Sprache:eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Methods and systems for filtering communication packets using a multi-stage filtering system that receives a large volume of communication packets from a communication network that filters the packets in two or more successive stages. The system comprises at least one front-end filtering unit and multiple back-end filtering units. Typically although not necessarily, the front-end filtering unit filters the packets based on layer-2 to layer-4 attributes of the packets. The back-end filtering units, on the other hand, filter the packets based on content extracted from the packet payloads. The back-end filtering units may perform filtering, for example, based on keyword spotting, application classification, malware detection and other content-related criteria. The front-end filtering unit typically performs filtering at the individual packet level and/or at the level of request-response transactions. The back-end filtering units, on the other hand, typically perform filtering at the level of entire reconstructed packet flows.