Method and apparatus to perform multiple packet payloads analysis

摘要

A method and apparatus for identifying data patterns of a file are described herein. In one embodiment, an exemplary process includes, but is not limited to, receiving a data packet of a data stream containing a file segment of a file originated from an external host and destined to a protected host of a local area network (LAN), the file being transmitted via multiple file segments contained in multiple data packets of the data stream, and performing a data pattern analysis on the received data packet to determine whether the received data packet contains a predetermined data pattern, without waiting for a remainder of the data stream to arrive. Other methods and apparatuses are also described.

主权项

1. A method for performing re-assembly free deep packet inspection, the method comprising:
receiving a data stream over a communication network, the received data stream comprising a plurality of data packets ordered in a predetermined order; identifying that the plurality of data packets are not being received in the predetermined order, wherein at least one data packet is received before a precedent data packet in the predetermined order is received and is an out-of-order packet of a plurality of out-of-order data packets; storing the plurality of out-of-order data packets in a buffer, such that the buffer includes each of the out-of-order packets including the at least one data packet; transmitting each of the plurality of packets received out-of-order to a recipient except for the at least one data packet; and receiving a first set of other data packets of the data stream; identifying that the first set of other data packets and each of the data packets stored in the buffer can be scanned in order except for the at least one data packet; scanning in order each of the data packets stored in the buffer and the first set of other data packets except for the at least one data packet; and transmitting each of the each of the data packets stored in the buffer and the first set of other data packets to the recipient except for the at least one data packet, wherein the at least one data packet is prevented from being transmitted to the recipient until verification that previous scanned packets when combined with the at least one data packet do not contain an attack pattern.