Distributed ISP system for the inspection and elimination of eThreats in a multi-path environment

Eyal Felstaine (Inventor), Niv Gilboa (Inventor), Eldad Chai (Inventor)

Research output: Patent

Abstract

Method for eliminating the possibility of exploiting by an attacker a multipath type transfer in terms of the number of the ISP operated Inspection and Elimination Units - IEUs, the method comprises: (a) providing a plurality of Enhanced Inspection and Elimination Units-EIEUs; (b) for each destination subscriber user, defining a set of EIEUs which includes all end EIEUs which can directly forward a packet to said user computer; (c) as long as no conclusion has been reached regarding to whether a session is malicious or not, forwarding all received session packets by any EIEU within the set to a manager EIEU for analysis; (d) upon receipt of a packet at said manager EIEU, forwarding the packet to the destination user computer, but also performing analysis at the manager EIEU on a copy of said packet, together with previously analyzed packets of a same session, in a try to reach a conclusion as to whether the session is malicious or not; (e) if a conclusion has not been reached even following said analysis, accumulating the packet together with said previous packets for further future analysis; (f) if, however, a conclusion is reached by said analysis that the packet belongs to a malicious session, creating a "drop" rule by said manager EIEU, and forwarding to all EIEUs within the set; (g) if, on the other hand, a conclusion is reached by said analysis that the packet belongs to a non-malicious session, creating a "pass" rule by said manager EIEU, and forwarding to all EIEUs within the set.

Original languageEnglish
Patent numberEP2040437
IPCH04L 29/ 06 A I
Priority date24/09/07
StatePublished - 25 Mar 2009

Fingerprint

Dive into the research topics of 'Distributed ISP system for the inspection and elimination of eThreats in a multi-path environment'. Together they form a unique fingerprint.

Cite this