公开(公告)号：US08336098B2

公开(公告)日：2012-12-18

申请号：US12410975

申请日：2009-03-25

Applicant: HoSug Lee ,  Myeong-seok Kim

Inventor： HoSug Lee ,  Myeong-seok Kim

IPC: G06F11/00

CPC classification number: H04L63/145 ,  H04L63/0245

Abstract: A network apparatus and method of classifying received packets in a security system, the method comprises parsing a received packet and extracting a payload from the parsed packet; scanning the payload to check whether or not a predetermined signature code is included in the payload; if it is determined from the result of the scanning that the predetermined signature code is included in the payload, generating a presumptive signature based on information included in the predetermined signature code; and determining whether or not the generated presumptive signature is identical with a signature corresponding to the predetermined signature code, and allocating an classification identifier (ID) to the received packet according to the result of the determination, thereby classifying the received packet according to the classification ID, wherein the predetermined signature code is formed by a part of the signature corresponding to the signature code.

Abstract translation: 一种在安全系统中对接收的分组进行分类的网络装置和方法，所述方法包括解析接收的分组并从解析的分组提取有效载荷; 扫描有效载荷以检查有效载荷中是否包括预定的签名代码; 如果从扫描结果确定预定签名代码被包括在有效载荷中，则基于包括在预定签名代码中的信息生成推定签名; 以及确定所生成的假定签名是否与与预定签名代码相对应的签名相同，并且根据确定的结果向接收的分组分配分类标识符（ID），从而根据分类对接收到的分组进行分类 ID，其中所述预定签名码由与签名码相对应的签名的一部分形成。

公开(公告)号：US20100251364A1

公开(公告)日：2010-09-30

申请号：US12410975

申请日：2009-03-25

Applicant: HoSug LEE ,  Myeong-seok KIM

Inventor： HoSug LEE ,  Myeong-seok KIM

IPC: G06F11/00

CPC classification number: H04L63/145 ,  H04L63/0245

Abstract: A network apparatus and method of classifying received packets based on a predetermined standard are disclosed. The method of classifying received packets in a security system, the method comprises parsing a received packet and extracting a payload from the parsed packet; scanning the payload to check whether or not a predetermined signature code is included in the payload; if it is determined from the result of the scanning that the predetermined signature code is included in the payload, generating a presumptive signature based on information included in the predetermined signature code; and determining whether or not the generated presumptive signature is identical with a signature corresponding to the predetermined signature code, and allocating an classification identifier (ID) to the received packet according to the result of the determination, thereby classifying the received packet according to the classification ID, wherein the predetermined signature code is formed by a part of the signature corresponding to the signature code. Accordingly, possible harmful packets such as attack packets can be classified at high speed, and thereby being blocked immediately.

Abstract translation: 公开了一种基于预定标准对接收到的分组进行分类的网络装置和方法。 在安全系统中对接收到的分组进行分类的方法，该方法包括解析接收的分组并从解析的分组中提取有效载荷; 扫描有效载荷以检查有效载荷中是否包括预定的签名代码; 如果从扫描结果确定预定签名代码被包括在有效载荷中，则基于包括在预定签名代码中的信息生成推定签名; 以及确定所生成的假定签名是否与与预定签名代码相对应的签名相同，并且根据确定的结果向接收的分组分配分类标识符（ID），从而根据分类对接收到的分组进行分类 ID，其中所述预定签名码由与签名码相对应的签名的一部分形成。 因此，诸如攻击包的可能的有害数据包可以被高速分类，从而被立即被阻止。