公开(公告)号：US20170195291A1

公开(公告)日：2017-07-06

申请号：US14983982

申请日：2015-12-30

Applicant: Juniper Networks, Inc.

Inventor： Nagendra Singh Yadav ,  Anil Kumar Reddy Sirigiri

IPC: H04L29/06 ,  H04L12/26 ,  H04L29/12 ,  H04L29/08

CPC classification number: H04L63/0245 ,  H04L43/08 ,  H04L61/1535 ,  H04L61/2007 ,  H04L63/0236 ,  H04L63/0263 ,  H04L63/1416 ,  H04L63/166 ,  H04L67/10 ,  H04L67/104 ,  H04L67/2842

Abstract: In general, techniques for sharing of network session data are described. The techniques may enable security devices to leverage application classification information in a federated manner. An example security device includes a memory and one or more processors. The processor(s) are configured to receive data representative of an application classification for a first packet flow from a second security device, to receive data of a second packet flow, and, when the second packet flow corresponds to the first packet flow, to monitor the data of the second packet flow based on the application classification for the first packet flow without determining an application classification for the second packet flow.

公开(公告)号：US10560480B1

公开(公告)日：2020-02-11

申请号：US15205717

申请日：2016-07-08

Applicant: Juniper Networks, Inc.

Inventor： Anil Kumar Reddy Sirigiri ,  Suresh Vishwanathan

IPC: H04L29/06

Abstract: A first device may include one or more processors. The first device may receive a network address request to obtain a network address that is associated with an application. The network address request may include application information that identifies the application. The first device may determine that the application is associated with a rule. The first device may store the application information and information identifying the network address request. The first device may obtain the network address based on the network address request. The first device may determine that the network address is associated with the rule. The first device may provide the network address, the rule, and/or the application information to a second device, to permit the second device to enforce the rule, based on determining that the application is associated with the rule and determining that the network address is associated with the rule.

公开(公告)号：US10075416B2

公开(公告)日：2018-09-11

申请号：US14983982

申请日：2015-12-30

Applicant: Juniper Networks, Inc.

Inventor： Nagendra Singh Yadav ,  Anil Kumar Reddy Sirigiri

IPC: G06F9/00 ,  H04L29/06 ,  H04L12/26 ,  H04L29/12 ,  H04L29/08

CPC classification number: H04L63/0245 ,  H04L43/08 ,  H04L61/1535 ,  H04L61/2007 ,  H04L63/0236 ,  H04L63/0263 ,  H04L63/1416 ,  H04L63/166 ,  H04L67/10 ,  H04L67/104 ,  H04L67/2842

Abstract: In general, techniques for sharing of network session data are described. The techniques may enable security devices to leverage application classification information in a federated manner. An example security device includes a memory and one or more processors. The processor(s) are configured to receive data representative of an application classification for a first packet flow from a second security device, to receive data of a second packet flow, and, when the second packet flow corresponds to the first packet flow, to monitor the data of the second packet flow based on the application classification for the first packet flow without determining an application classification for the second packet flow.

公开(公告)号：US10291682B1

公开(公告)日：2019-05-14

申请号：US15272930

申请日：2016-09-22

Applicant: Juniper Networks, Inc.

Inventor： Suresh Vishwanathan ,  Anil Kumar Reddy Sirigiri

IPC: G06F15/16 ,  H04L29/06 ,  H04L29/08

Abstract: A device may determine that a received transmission control protocol (TCP) segment includes data for a hypertext transfer protocol (HTTP) version N stream, where N is greater than or equal to 2. The device may identify, from the received TCP segment, a stream identifier for the HTTP version N stream. The device may determine that a condition is satisfied for releasing one or more TCP segments, associated with the stream identifier, from a TCP reassembly queue. The device may release the one or more TCP segments from the TCP reassembly queue based on determining that the condition is satisfied.

公开(公告)号：US10291584B2

公开(公告)日：2019-05-14

申请号：US15082276

申请日：2016-03-28

Applicant: Juniper Networks, Inc.

Inventor： Srinivas Koripella ,  Anil Kumar Reddy Sirigiri

IPC: G06F21/56 ,  H04L29/06 ,  H04L12/26 ,  H04L12/851 ,  H04L12/911 ,  G06F21/55

Abstract: A network device may determine a plurality of reputation indicators that indicate a measure of reputation associated with the flow. A first reputation indicator, of the plurality of reputation indicators, may be determined based on applying a first reputation analysis technique in association with the flow. A second reputation indicator, of the plurality of reputation indicators, may be determined based on applying a second reputation analysis technique in association with the flow. The second reputation analysis technique may be different from the first reputation analysis technique. The network device may determine a reputation score for the flow based on the plurality of reputation indicators. The network device may prioritize the flow based on the reputation score.