| CPC H04L 63/0227 (2013.01) [H04L 45/38 (2013.01); H04L 45/64 (2013.01); H04L 47/2441 (2013.01); H04L 67/63 (2022.05); H04L 69/22 (2013.01)] | 18 Claims |
|
1. A system, comprising:
a processor configured to:
receive packets associated with a new flow at a security controller from a network device, wherein the network device performs packet forwarding;
classify the flow based on an application determined to be associated with the flow, comprising to:
determine a type of traffic related to the flow, the type of traffic including HTTP traffic, HTTPS traffic, FTP traffic, SSL traffic, SSH traffic, DNS requests, unclassified application traffic, or any combination thereof;
assemble out of order packets of the flow into a correct order to extract information from the ordered packets of the flow; and
perform application signature matching based on the type of traffic to determine the application associated with the flow;
determine an action for the flow based on a policy associated with the application; and
instruct the network device to perform the action for the flow, wherein the action is to drop the flow or ignore the flow; and
a memory coupled to the processor and configured to provide the processor with instructions.
|