公开(公告)号：CA2712542A1

公开(公告)日：2010-11-09

申请号：CA2712542

申请日：2010-08-25

Applicant: IBM CANADA

Inventor： ONUT IOSIF VIOREL ,  PODJARNY GUY ,  CONBOY CRAIG RONALD EARL ,  ALY HOSAM

IPC: H04L12/26 ,  G06F21/00

Abstract: An illustrative embodiment of a computer-implemented process for two-tier deep analysis of hypertext transport protocol data, monitors Web traffic, receives a packet of Web traffic from a network to form a received packet, wherein the received packet represents Web traffic, and stores the Web traffic temporarily to form stored Web traffic. The computer-implemented process further determines whether the Web traffic is suspicious using a first tier analysis and responsive to a determination that the Web traffic is suspicious, consumes the stored Web traffic using a deep analysis module. The computer-implemented process further determines whether the stored Web traffic is a case of misuse using a second tier analysis and responsive to a determination that the stored Web traffic is a case of misuse, feeding back data about a malicious connection to an intrusion protection system before returning to monitor the Web traffic.

公开(公告)号：CA2712542C

公开(公告)日：2012-09-11

申请号：CA2712542

申请日：2010-08-25

Applicant: IBM CANADA

Inventor： ONUT IOSIF VIOREL ,  PODJARNY GUY ,  CONBOY CRAIG RONALD EARL ,  ALY HOSAM

IPC: H04L12/26 ,  G06F21/00

Abstract: An illustrative embodiment of a computer-implemented process for two-tier deep analysis of hypertext transport protocol data, monitors Web traffic, receives a packet of Web traffic from a network to form a received packet, wherein the received packet represents Web traffic, and stores the Web traffic temporarily to form stored Web traffic. The computer-implemented process further determines whether the Web traffic is suspicious using a first tier analysis and responsive to a determination that the Web traffic is suspicious, consumes the stored Web traffic using a deep analysis module. The computer-implemented process further determines whether the stored Web traffic is a case of misuse using a second tier analysis and responsive to a determination that the stored Web traffic is a case of misuse, feeding back data about a malicious connection to an intrusion protection system before returning to monitor the Web traffic.