WO2001055867A1 - Method, system and computer program products for adaptive web-site access blocking - Google Patents
Method, system and computer program products for adaptive web-site access blocking Download PDFInfo
- Publication number
- WO2001055867A1 WO2001055867A1 PCT/US2001/003124 US0103124W WO0155867A1 WO 2001055867 A1 WO2001055867 A1 WO 2001055867A1 US 0103124 W US0103124 W US 0103124W WO 0155867 A1 WO0155867 A1 WO 0155867A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- internet
- web
- sites
- list
- traffic
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/955—Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
- G06F16/9566—URL specific, e.g. using aliases, detecting broken or misspelled links
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
Definitions
- This invention generally relates to managing the communication of data packets transmitted via an Internet or an Internet. More particularly, this invention is related to monitoring, logging and blocking data packets transmitted via an Intranet or Internet for adaptively carrying out a web access management.
- Network connections can be of a permanent nature, such as via optical fibers, or can be of a temporary nature, such as connections made through telephone or other communication links.
- Networks vary in size, from a local area network (LAN) consisting of a few computers and related devices, to a wide area network (WAN) which interconnects computers and LANs that are geographically dispersed.
- LAN local area network
- WAN wide area network
- An Internet network is the joining of multiple computer networks, both similar and dissimilar, by means of 1/55867
- gateways or routers that facilitate data transfer and conversion from various networks.
- a well-known network system is the "Internet system” that refers to the collection of networks and routers that use a Transmission Control Protocol /Internet Protocol (TCP/IP) to communicate with one another.
- TCP/IP Transmission Control Protocol /Internet Protocol
- a common solution now available in the market place is to use a software database, usually called universal resource locator (URL) blocking database to block users from visiting certain web-sites.
- URL universal resource locator
- the method that provided by these URL blocking programs is to use a network robot to wander the whole WWW periodically by sequentially following the web links. Then on each newly found web-site, a keyword match is applied or a manual examination and categorization according to the content of that site is performed to add site-relevant information into a URL blocking database.
- a web-access manager then applies such a database from the vendor in a server that control the Internet web-access for disallowing the employees to browse certain /55867
- One example is to implement a policy to allow engineers to browse technologies, news, finance or other employment related web-sites, while disallow access to web-sites that are irrelevant to the duty of employment that may harm the company and the engineers because of legal issues or bandwidth limitations.
- a database of multiple languages is often difficult to generate and even more difficult for a database manager to perform the function of search and execute the URL blocking functions.
- Another difficulty is caused by the newly developed technology that more and more web-site pages are generated on the fly using internal database to assign URLs that are temporal and existing for only specific communication sessions. There is no effective method for the "network robot" to capture these names for the web-sites that should be blocked.
- An up to date traffic log is maintained for generating practical and useful lists of web-sites according to different rules of network traffic statistics.
- One exemplary rule may be a list of web-sites that have the highest network traffic volumes either in bytes of data or number of packets passed through.
- Another example may be a list of web-sites that are most frequently visited. These lists may be used for selecting a blocked and allowed lists for effectively and efficiently managing the web-site access operations from a group of Internet users.
- a preferred embodiment of this invention discloses an Internet service gateway for controlling an access to an Internet web-site from a group of users.
- the service gateway includes a traffic logger for continuously monitoring a number of Internet accesses to each of a plurality of Internet web-sites from the group of users through the Internet service gateway for generating an Internet traffic log.
- the service gateway further includes a traffic analyzer for continuously counting and ranking the Internet accesses to each of the Internet web-sites and for generating a list of web-sites as traffic profile suspect Internet web-sites statistically conforming to a blocking suspect traffic-profile.
- the service gateway further includes an editor for allowing the access controller to edit a selection input for selecting the list of blocking web-sites among the list traffic-profile suspect web-sites.
- the service gateway further includes a user interface to allow the access controller to provide (including but not limited to adding, editing, and deleting) the entries of the list of blocking web-sitesweb-site.
- the invention also discloses a method for controlling an access to an Internet web-site from a group of users.
- the method includes a step of continuously logging and counting a number of Internet accesses to each of a plurality of Internet web-sites from the group of users through an Internet service gateway.
- the method further includes a step of statistically analyzing the pattern of Internet accesses for generating a list of traffic-profile suspect web-sites statistically conforming to a blocking- suspect traffic profile for selecting a list of blocking web-sites among the list of traffic-profile suspect web-sites.
- Fig. 1 show a system configuration of a network system includes many computer users connected by a local area network (LAN) interfaced and controlled by an Internet service gateway to access the Internet.
- LAN local area network
- Fig. 2 is a functional block diagram showing a hardware and software implementation of an Internet access control implemented in the Internet service gateway of Fig. 1.
- the present invention may be embodied as a method, data processing system or computer software program products. Accordingly, the present invention may take the form of data analysis systems, methods, analysis software and etc.
- Software written according to the present invention is to be stored in some form of computer readable medium, such as memory, or hard-drive, CD-ROM.
- the software of the invention may be transmitted over a network and executed by a processor in a remote location.
- the software may also be embedded in the computer readable medium of hardware, such as a network gateway device or a network card.
- FIG. 1 for a system configuration for illustrating an Internet service gateway of this invention.
- the Internet service gateway is shown as a device 120 connected through a local area network (LAN) 130 to a group of computer users each operates a personal computer or computer workstation 110.
- the Internet service gateway 120 then connected to the Internet system 140 to interface and control the access from each of the computer users to communicate with many web-sites on the Internet 140.
- a "firewall" is installed in the service gateway 120 to guard and control network traffic between the Internet 140 and networked computers 110 through the local area network (LAN) 130.
- a traffic logger is employed to log all the web accesses from internal network users 110 to generate a traffic log that is also backed up as a traffic log backup. All the Internet accesses are examined and the number of hits and traffic flows for each web-site visited are counted and statistically analyzed by a traffic analyzer to generate a top list as a list of traffic-profile suspect Internet web-sites. The list may include web-sites that the traffic patterns conform statistically to a blocking suspect traffic profile.
- the list may be a top list of the most frequently visited web-sites or a top list of most traffic generated web-sites web-site.
- the traffic analyzer implemented in the firewall has an option to periodically or on-demand produce a sub-list, showing the traffic-profile suspect Internet web-sites, for example, a top 10 sub-list of most frequently visited web-sites from a sorting and counting of the data provided by the traffic log.
- the top list is then provided through an editor or user interface to the firewall administrator. After examining the list, the administrator can select a blocking list of web-sites among the top list to disallow user access of the web-sites by inputting the selection list to the firewall.
- the firewall administer may also generate an allowed list to allow user access through the service gateway 120.
- This method can be carried out expeditiously without slowing down the gateway traffic because only a small database of unwanted sites are kept in storage on the firewall.
- the lookup speed for Internet traffic control is significantly improved.
- the firewall administer is also allow the flexibility to view and edit the list based on the most up to date information of the network traffic patterns.
- the network access policy can also be fine-tuned based on immediate need and requirements of the company operations.
- an Internet service gateway for controlling an access to an Internet web-site from a group of users.
- the service gateway includes an Internet traffic monitor for logging and analyzing a number of Internet accesses to each of a plurality of Internet web-sites from the group of users through the Internet service gateway.
- the service gateway further includes an Internet access blocking means for employing the pattern of Internet accesses for generating a list of traffic profile-suspect web-sites statistically conformed to a blocking- suspect-profile for selecting a list of blocking web-sites among the traffic- profile conforming list.
- the Internet traffic monitor further includes a traffic logger for continuously monitoring the Internet accesses and for generating an Internet traffic log.
- the Internet traffic monitor further includes a traffic analyzer for continuously counting and analyzing the Internet accesses to each of the Internet web-sites for generating the list of traffic profile-suspect Internet web-sites.
- the Internet access blocking means further includes a user interface for an access controller to provide (including but not limited to adding, editing and deleting) entries of the list of blocking web-sites.
- the Internet access blocking means further includes an editor for allowing the access controller to edit the selection input for selecting the list of blocking web-sites among the list of traffic profile- suspect web-sites.
- the user interface further allows the access controller to provide an access-allowed list for selecting a list of access- allowed web-sites for removing the access-allowed web-sites from the list of traffic profile- suspect web-sites.
- the traffic analyzer further includes a most frequently visited web-site counter for continuously counting and analyzing the Internet accesses to each of the Internet web-sites for generating a list of most frequently-visited websites for implementation as the list of traffic profile-suspect Internet websites.
- the traffic analyzer further includes a traffic-volume counter for continuously counting analyzing the Internet traffics to each of the Internet web-sites for generating a list of most traffic generated web-sites for implementation as the list of traffic profile-suspect Internet web-sites.
- this invention discloses a Internet service gateway for controlling an access to a networked node from a group of users.
- gateway includes a network traffic controller for continuously monitoring and analyzing accesses to a plurality of networked nodes from the group of users to enable an option for selectively blocking access to one of the networked nodes according to data obtained from continuously monitoring and analyzing the accesses.
- This invention also discloses a method for controlling an access to a networked node from a group of users.
- the method includes a step of continuously monitoring and analyzing accesses to a plurality of networked nodes from the group of users to enable an option for selectively blocking access to one of the networked nodes according to data obtained from continuously monitoring and analyzing said accesses.
- the method further includes a step of allowing a gateway administer to select a blocking list for selectively blocking access to one of said networked nodes according to data obtained from continuously monitoring and analyzing said accesses.
Abstract
This invention discloses an Internet service gateway (120) for controlling an access to an Internet web-site from a group of users (110). The service gateway (120) includes a traffic logger for continuously monitoring a number of Internet accesses to each of a plurality of Internet web-sites from the group of users (110) through the Internet service gateway (120) for generating an Internet traffic log (140). The service gateway (120) further includes a traffic analyzer for continuously counting and ranking the Internet accesses to each of the Internet web-sites and for generating a list of traffic-profile suspect Internet web-sites. The service gateway (120) further includes an editor for allowing the access controller to edit a selection input for selecting the list of blocking web-sites among the list of traffic-profile suspect web-sites. The service gateway further includes a user interface (130) to allow the access controller to provide entries directly to a list of blocking web-sites among the list of traffic-profile suspect web-sites.
Description
METHOD, SYSTEM AND COMPUTER PROGRAM PRODUCTS FOR ADAPTIVE WEB-SITE ACCESS BLOCKING
BACKGROUND OF THE INVENTION
1. Field of the Invention
This invention generally relates to managing the communication of data packets transmitted via an Internet or an Internet. More particularly, this invention is related to monitoring, logging and blocking data packets transmitted via an Intranet or Internet for adaptively carrying out a web access management.
2. Descriptions of the Reference Art
As more and more web-sites are made available over the Internet, a person of ordinary skill in the art related to the field of web access management is confronted with a technical difficulty that monitoring and control of large volumes of accesses operations cannot be effectively administered. This difficulty becomes more pronounced as more accesses are made to continuously increasing and ever changing web-sites of different names associated by the commonly known term as universal resource locators (URLs). Network communications between computers connected through Internet or Intranet are becoming one of the most essential activities that most of the modern office workers engaged in almost every aspect of business and commercial interactions. By definition, a network is a group of computers and associated devices that are connected by communications facilities or links. Network connections can be of a permanent nature, such as via optical fibers, or can be of a temporary nature, such as connections made through telephone or other communication links. Networks vary in size, from a local area network (LAN) consisting of a few computers and related devices, to a wide area network (WAN) which interconnects computers and LANs that are geographically dispersed. An Internet network, in turn, is the joining of multiple computer networks, both similar and dissimilar, by means of
1/55867
- 2 -
gateways or routers that facilitate data transfer and conversion from various networks. A well-known network system is the "Internet system " that refers to the collection of networks and routers that use a Transmission Control Protocol /Internet Protocol (TCP/IP) to communicate with one another.
As many worldwide web, i.e., WWW sites on the Internet network system are providing useful information, particularly many of these sites are employment related information, many organizations are providing employees the benefit of browsing the WWW. However, there is also a need to control the access for limiting the usage to work-related topics only. A typical example is for a company engages in technology development to allow the employees to browse and keep up to date all the related technical information provided in different web-sites available on the Internet. In the meantime, proper control and monitoring must also be exercised such that abuse of the network access would not occur that may adversely affect employee's productivity, congest company's Internet access, and result in wastes of company's resources. Particularly, broad range of Internet web-sites are now available for almost every aspects of human interests and activities and policy of access control is often required to prevent unnecessary and undesirable abusive conducts.
A common solution now available in the market place is to use a software database, usually called universal resource locator (URL) blocking database to block users from visiting certain web-sites. There are commercial vendors providing such database products and services, such as WebSENSE, and similar programs to perform the URL blocking functions. The method that provided by these URL blocking programs is to use a network robot to wander the whole WWW periodically by sequentially following the web links. Then on each newly found web-site, a keyword match is applied or a manual examination and categorization according to the content of that site is performed to add site-relevant information into a URL blocking database. A web-access manager then applies such a database from the vendor in a server that control the Internet web-access for disallowing the employees to browse certain
/55867
- 3 -
categories of web-sites. One example is to implement a policy to allow engineers to browse technologies, news, finance or other employment related web-sites, while disallow access to web-sites that are irrelevant to the duty of employment that may harm the company and the engineers because of legal issues or bandwidth limitations.
There are however several disadvantages and difficulties arising from such implementation. Specifically, the number and kinds of Internet web-sites is rapidly growing. New web-sites are generated while some older web-sites are eliminated. A database soon becomes obsolete because it does not realistically reflect the available web-sites to satisfy the need required by the policy implemented for controlling the web access. Additionally, because of the growth of the Internet, the size of such database will also grow rapidly. The speed to allow or block the web access when implemented with a large database may often become a bottleneck in the speed for web access. Furthermore, the Internet websites are now being created with different languages. Even that English web-sites dominate the original Internet applications, more and more non- English pages are now generated. A database of multiple languages is often difficult to generate and even more difficult for a database manager to perform the function of search and execute the URL blocking functions. Another difficulty is caused by the newly developed technology that more and more web-site pages are generated on the fly using internal database to assign URLs that are temporal and existing for only specific communication sessions. There is no effective method for the "network robot" to capture these names for the web-sites that should be blocked.
Therefore, a need still exits in the art to provide effective method and configuration to enable a person of ordinary skill in the art to resolve these difficulties. Specifically, the method and configuration must be able to adaptively change on a real-time basis according to continuously and momentary variations occur among many Internet users in accessing the web-sites to effectively administer and manage the web access control.
/55867
- 4 -
SUMMARY OF THE PRESENT INVENTION
It is the object of the present invention to provide a new and improved method and system configuration to effectively and adaptively control the web-site access based on most up to date relevant traffic patterns from a group Internet users. An up to date traffic log is maintained for generating practical and useful lists of web-sites according to different rules of network traffic statistics. One exemplary rule may be a list of web-sites that have the highest network traffic volumes either in bytes of data or number of packets passed through. Another example may be a list of web-sites that are most frequently visited. These lists may be used for selecting a blocked and allowed lists for effectively and efficiently managing the web-site access operations from a group of Internet users. The difficulties and limitations as discussed above commonly encountered in the conventional techniques are resolved.
In one aspect of the present invention, methods, systems and computer software products are provided to effectively regulate the browsing activity of web users in a corporate environment, and avoid the above mentioned difficulties and limitations.
A preferred embodiment of this invention discloses an Internet service gateway for controlling an access to an Internet web-site from a group of users. The service gateway includes a traffic logger for continuously monitoring a number of Internet accesses to each of a plurality of Internet web-sites from the group of users through the Internet service gateway for generating an Internet traffic log. The service gateway further includes a traffic analyzer for continuously counting and ranking the Internet accesses to each of the Internet web-sites and for generating a list of web-sites as traffic profile suspect Internet web-sites statistically conforming to a blocking suspect traffic-profile. The service gateway further includes an editor for allowing the access controller to edit a selection input for selecting the list of blocking web-sites among the list traffic-profile suspect web-sites. The service gateway further includes a user interface to allow the access controller to provide (including but not
limited to adding, editing, and deleting) the entries of the list of blocking web-sitesweb-site.
The invention also discloses a method for controlling an access to an Internet web-site from a group of users. The method includes a step of continuously logging and counting a number of Internet accesses to each of a plurality of Internet web-sites from the group of users through an Internet service gateway. The method further includes a step of statistically analyzing the pattern of Internet accesses for generating a list of traffic-profile suspect web-sites statistically conforming to a blocking- suspect traffic profile for selecting a list of blocking web-sites among the list of traffic-profile suspect web-sites.
These and other objects and advantages of the present invention will no doubt become obvious to those of ordinary skill in the art after having read the following detailed descriptions of the preferred embodiment that is illustrated in the various drawing figures.
BRIEF DESCRIPTION OF THE DRAWINGS
Fig. 1 show a system configuration of a network system includes many computer users connected by a local area network (LAN) interfaced and controlled by an Internet service gateway to access the Internet.
Fig. 2 is a functional block diagram showing a hardware and software implementation of an Internet access control implemented in the Internet service gateway of Fig. 1.
DETAILED DESCRIPTION OF THE METHOD
Reference will now be made in detail to the preferred embodiments of the invention. While the invention will be described in conjunction with the preferred embodiments, it will be understood that the inventions as disclosed are not intended to limit the invention to these embodiments. On the contrary, the invention is intended to cover alternatives,
modifications and equivalents, which may be included within the spirit and scope of the invention. As will be appreciated by one of skill in the art, the present invention may be embodied as a method, data processing system or computer software program products. Accordingly, the present invention may take the form of data analysis systems, methods, analysis software and etc. Software written according to the present invention is to be stored in some form of computer readable medium, such as memory, or hard-drive, CD-ROM. The software of the invention may be transmitted over a network and executed by a processor in a remote location. The software may also be embedded in the computer readable medium of hardware, such as a network gateway device or a network card.
Referring to Fig. 1 for a system configuration for illustrating an Internet service gateway of this invention. The Internet service gateway is shown as a device 120 connected through a local area network (LAN) 130 to a group of computer users each operates a personal computer or computer workstation 110. The Internet service gateway 120 then connected to the Internet system 140 to interface and control the access from each of the computer users to communicate with many web-sites on the Internet 140. Usually a "firewall" is installed in the service gateway 120 to guard and control network traffic between the Internet 140 and networked computers 110 through the local area network (LAN) 130.
Referring to Fig. 2 for a software and hardware implementation of this invention. An adaptive URL blocking system is now configured with software and hardware functions shown respectively as parallelograms and rectangular blocks in Fig. 2. On the firewall implemented in the service gateway 120, a traffic logger is employed to log all the web accesses from internal network users 110 to generate a traffic log that is also backed up as a traffic log backup. All the Internet accesses are examined and the number of hits and traffic flows for each web-site visited are counted and statistically analyzed by a traffic analyzer to generate a top list as a list of traffic-profile suspect Internet web-sites. The list may include web-sites that the traffic patterns conform statistically to a
blocking suspect traffic profile. As an example, the list may be a top list of the most frequently visited web-sites or a top list of most traffic generated web-sites web-site. The traffic analyzer implemented in the firewall has an option to periodically or on-demand produce a sub-list, showing the traffic-profile suspect Internet web-sites, for example, a top 10 sub-list of most frequently visited web-sites from a sorting and counting of the data provided by the traffic log. The top list is then provided through an editor or user interface to the firewall administrator. After examining the list, the administrator can select a blocking list of web-sites among the top list to disallow user access of the web-sites by inputting the selection list to the firewall. The firewall administer may also generate an allowed list to allow user access through the service gateway 120. These web-sites included in the allowed list are removed form the traffic-profile suspect web-sites such that the web-sites in the allowed list will not be in the top list as candidates of blocking. Once a blocking list is generated and implemented in the firewall, user access to the blocked web-sites on the Internet will be disallowed. In the meantime, a continuous monitoring and counting process is carried out to allow the firewall administer to update the disallowed or allowed list based on updated web-site access statistics. Therefore, the administrator can dynamically update the lists of blocked and allowed web-sites according to the user's traffic pattern. As a result, most of the unwanted traffic in a corporate environment will be blocked by this method, and regular traffic is not affected. This method can be carried out expeditiously without slowing down the gateway traffic because only a small database of unwanted sites are kept in storage on the firewall. Compared with the conventional method and configuration, the lookup speed for Internet traffic control is significantly improved. The firewall administer is also allow the flexibility to view and edit the list based on the most up to date information of the network traffic patterns. The network access policy can also be fine-tuned based on immediate need and requirements of the company operations.
According to above descriptions, an Internet service gateway for controlling an access to an Internet web-site from a group of users is disclosed. The service gateway includes an Internet traffic monitor for
logging and analyzing a number of Internet accesses to each of a plurality of Internet web-sites from the group of users through the Internet service gateway. The service gateway further includes an Internet access blocking means for employing the pattern of Internet accesses for generating a list of traffic profile-suspect web-sites statistically conformed to a blocking- suspect-profile for selecting a list of blocking web-sites among the traffic- profile conforming list. In a preferred embodiment, the Internet traffic monitor further includes a traffic logger for continuously monitoring the Internet accesses and for generating an Internet traffic log. In a preferred embodiment, the Internet traffic monitor further includes a traffic analyzer for continuously counting and analyzing the Internet accesses to each of the Internet web-sites for generating the list of traffic profile-suspect Internet web-sites. In another preferred embodiment, the Internet access blocking means further includes a user interface for an access controller to provide (including but not limited to adding, editing and deleting) entries of the list of blocking web-sites. In another preferred embodiment, the Internet access blocking means further includes an editor for allowing the access controller to edit the selection input for selecting the list of blocking web-sites among the list of traffic profile- suspect web-sites. In another preferred embodiment, the user interface further allows the access controller to provide an access-allowed list for selecting a list of access- allowed web-sites for removing the access-allowed web-sites from the list of traffic profile- suspect web-sites. In another preferred embodiment, the traffic analyzer further includes a most frequently visited web-site counter for continuously counting and analyzing the Internet accesses to each of the Internet web-sites for generating a list of most frequently-visited websites for implementation as the list of traffic profile-suspect Internet websites. In another preferred embodiment, the traffic analyzer further includes a traffic-volume counter for continuously counting analyzing the Internet traffics to each of the Internet web-sites for generating a list of most traffic generated web-sites for implementation as the list of traffic profile-suspect Internet web-sites.
In essence, this invention discloses a Internet service gateway for controlling an access to a networked node from a group of users. The
/55867
gateway includes a network traffic controller for continuously monitoring and analyzing accesses to a plurality of networked nodes from the group of users to enable an option for selectively blocking access to one of the networked nodes according to data obtained from continuously monitoring and analyzing the accesses.
This invention also discloses a method for controlling an access to a networked node from a group of users. The method includes a step of continuously monitoring and analyzing accesses to a plurality of networked nodes from the group of users to enable an option for selectively blocking access to one of the networked nodes according to data obtained from continuously monitoring and analyzing said accesses. In one of the preferred embodiment, the method further includes a step of allowing a gateway administer to select a blocking list for selectively blocking access to one of said networked nodes according to data obtained from continuously monitoring and analyzing said accesses.
Although the present invention has been described in terms of the presently preferred embodiment, it is to be understood that such disclosure is not to be interpreted as limiting. Various alterations and modifications will no doubt become apparent to those skilled in the art after reading the above disclosure. Accordingly, it is intended that the appended claims be interpreted as covering all alterations and modifications as fall within the true spirit and scope of the invention.
Claims
1. An Internet service gateway for controlling an access to an Internet web-site from a group of users comprising:
an Internet traffic monitor for logging and analyzing a number of Internet accesses to each of a plurality of Internet web-sites from said group of users through said Internet service gateway; and
an Internet access blocking means for employing said number of Internet accesses for generating a list of traffic profile-suspect web-sites statistically conformed to a blocking-suspect-profile for selecting a list of blocking websites among said traffic-profile conforming list.
2. The Internet service gateway of claim 1 wherein:
said Internet traffic monitor further includes a traffic logger for continuously monitoring said Internet accesses and for generating an Internet traffic log .
3. The Internet service gateway of claim 1 wherein:
said Internet traffic monitor further includes a traffic analyzer for continuously counting and analyzing said Internet accesses to each of said Internet web-sites for generating said list of traffic profile-suspect Internet web- sites.
4. The Internet service gateway of claim 1 wherein:
said Internet access blocking means further includes a user interface for an access controller to provide a selection input for selecting said list of blocking web-sites among said list of traffic profile- suspect web-sites.
5. The Internet service gateway of claim 4 wherein:
said Internet access blocking means further includes an editor for allowing said access controller to edit said selection input for selecting said list of blocking web-sites among said list of traffic profile- suspect web-sites.
6. The Internet service gateway of claim 4 wherein:
said user interface further allows said access controller to provide an access-allowed list for selecting a list of access- allowed web-sites for removing said access-allowed web- sites from said list of traffic profile- suspect web-sites.
7. The Internet service gateway of claim 3 wherein:
said traffic analyzer further includes a most-frequently visited web-site counter for continuously counting and analyzing said Internet accesses to each of said Internet websites for generating a list of most frequently-visited web-sites for implementation as said list of traffic profile-suspect Internet web-sites. /55867
- 12
8. The Internet service gateway of claim 3 wherein:
said traffic analyzer further includes a traffic-volume analyzer for continuously counting a traffic volume to each of said Internet web-sites for generating a list of most traffic- generated web-sites implementation as said list of traffic profile-suspect Internet web-sites.
9. An Internet service gateway for controlling an access to an Internet web-site from a group of users comprising:
a traffic logger for continuously monitoring a number of Internet accesses to each of a plurality of Internet web-sites from said group of users through said Internet service gateway for generating an Internet traffic log;
a traffic analyzer for continuously counting and analyzing said Internet traffic log for generating a list of traffic profile- suspect Internet web-sites statistically conformed to a blocking suspect traffic-profile;
an editor for allowing said access controller to edit a selection input for selecting said list of blocking web-sites among said list of traffic profile-suspect web-sites; and
a user interface to allow said access controller to provide said selection input to block access to a list of blocking websites among said list of traffic profile-suspect-web-sites. /55867
13 -
10. An Internet service gateway for controlling an access to a networked node from a group of users comprising:
a network traffic controller for continuously monitoring and analyzing accesses to a plurality of networked nodes from said group of users to enable an option for selectively blocking access to one of said networked nodes according to data analyzed from continuously monitoring and analyzing of said accesses.
11. The Internet service gateway of claim 10 further comprising:
a gateway administer interface for enabling a gateway administer to select a blocking list for selectively blocking access to one of said networked nodes according to data obtained from continuously monitoring and analyzing said accesses.
12. A method for controlling an access to an Internet web-site from a group of users comprising:
continuously logging and analyzing a number of Internet accesses to each of a plurality of Internet web-sites from said group of users through an Internet service gateway; and
statistically analyzing said number of Internet accesses for generating a list of traffic profile-suspect web-sites statistically conformed to a blocking-suspect traffic profile for selecting a list of blocking web-sites among said list traffic profile-suspect web-sites.
13. The method of claim 12 wherein:
said step of continuously logging and analyzing said number of Internet accesses to each of said plurality of Internet web-sites further includes a step of employing a traffic logger for continuously monitoring said Internet accesses and for generating an Internet traffic log.
14. The method of claim 12 wherein:
said step of continuously logging and analyzing said number of Internet access to each of said plurality of Internet web-sites further includes a step of employing a traffic analyzer for continuously analyzing and ranking said Internet accesses to each of said Internet web-sites to generate said list of traffic profile-suspect Internet web-sites.
15. The method of claim 12 wherein:
said step of analyzing said number of Internet accesses for generating a list of traffic profile-suspect web-sites for selecting a list of blocking web-sites further includes a step of employing a user interface for allowing a gateway administer to provide entries of the list of blocking web- sites.
16. The method of claim 12 wherein:
said step of employing said number of Internet accesses for generating a list of traffic profile-suspect web-sites for selecting a list of blocking web-sites further includes a step of employing an editor for allowing said gateway administer to edit said selection input for selecting said list of blocking web-sites among said list of traffic profile- suspect web-sites.
17. The method of claim 16 wherein:
said step of employing an editor for allowing said gateway administer to edit said selection input further comprising a step of allowing said access controller to provide an access- allowed list for selecting a list of access-allowed web-sites for removing said access-allowed web-sites from said list of traffic profile- suspect web-sites.
18. The method of claim 15 wherein:
said step of employing said number of Internet accesses for generating a list of traffic profile-suspect web-sites for selecting a list of blocking web-sites further includes a step of generating a most-frequently visited web-site for implementation as said list of traffic profile-suspect Internet web-sites. 1/55867
16
19. The method of claim 15 wherein:
said step of employing said number of Internet accesses for generating a list of traffic profile-suspect web-sites for selecting a list of blocking web-sites further includes a step of generating a list of most traffic-generated web-sites implementation as said list of traffic profile-suspect Internet web-sites through a step of continuously counting traffic volume to each of said Internet web-sites.
20. A method for controlling an access to an Internet web-site from a group of users comprising:
employing a traffic logger for continuously monitoring a number of Internet accesses to each of a plurality of Internet web-sites from said group of users through a Internet service gateway for generating an Internet traffic log;
employing a traffic analyzer for continuously counting and ranking said Internet accesses to each of said Internet websites and for generating a list of traffic profile-suspect Internet web-sites;
employing an editor for allowing said access controller to edit a selection input for selecting said list of blocking websites among said list of traffic profile-suspect web-sites; and
employing a user interface to allow said access controller to provide entries directly to a list of blocking web-sites among said list of traffic profile-suspect web-sites. 1/55867
- 17 -
21. A method for controlling an access to a networked node from a group of users comprising:
continuously monitoring and analyzing accesses to a plurality of networked nodes from said group of users to enable an option for selectively blocking access to one of said networked nodes according to data obtained from continuously monitoring and analyzing said accesses.
22. The method of claim 21 further comprising:
allowing a gateway administer to select a blocking list for selectively blocking access to one of said networked nodes according to data obtained from continuously monitoring and analyzing said accesses.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/US2001/003124 WO2001055867A1 (en) | 2001-01-31 | 2001-01-31 | Method, system and computer program products for adaptive web-site access blocking |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/US2001/003124 WO2001055867A1 (en) | 2001-01-31 | 2001-01-31 | Method, system and computer program products for adaptive web-site access blocking |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2001055867A1 true WO2001055867A1 (en) | 2001-08-02 |
Family
ID=21742293
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2001/003124 WO2001055867A1 (en) | 2001-01-31 | 2001-01-31 | Method, system and computer program products for adaptive web-site access blocking |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2001055867A1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1311100A2 (en) * | 2001-11-13 | 2003-05-14 | Fujitsu Limited | Method, apparatus and program for content filtering |
CN100466510C (en) * | 2003-04-30 | 2009-03-04 | 华为技术有限公司 | A method for preventing network address translation (NAT) device from being attacked by network user |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5887133A (en) * | 1997-01-15 | 1999-03-23 | Health Hero Network | System and method for modifying documents sent over a communications network |
US5987611A (en) * | 1996-12-31 | 1999-11-16 | Zone Labs, Inc. | System and methodology for managing internet access on a per application basis for client computers connected to the internet |
US6078953A (en) * | 1997-12-29 | 2000-06-20 | Ukiah Software, Inc. | System and method for monitoring quality of service over network |
-
2001
- 2001-01-31 WO PCT/US2001/003124 patent/WO2001055867A1/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5987611A (en) * | 1996-12-31 | 1999-11-16 | Zone Labs, Inc. | System and methodology for managing internet access on a per application basis for client computers connected to the internet |
US5887133A (en) * | 1997-01-15 | 1999-03-23 | Health Hero Network | System and method for modifying documents sent over a communications network |
US6078953A (en) * | 1997-12-29 | 2000-06-20 | Ukiah Software, Inc. | System and method for monitoring quality of service over network |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1311100A2 (en) * | 2001-11-13 | 2003-05-14 | Fujitsu Limited | Method, apparatus and program for content filtering |
EP1311100A3 (en) * | 2001-11-13 | 2004-10-27 | Fujitsu Limited | Method, apparatus and program for content filtering |
US7203749B2 (en) | 2001-11-13 | 2007-04-10 | Fujitsu Limited | Contents filtering method, contents filtering apparatus and contents filtering program |
KR100823003B1 (en) * | 2001-11-13 | 2008-04-17 | 후지쯔 가부시끼가이샤 | Contents filtering method, contents filtering apparatus and contents filtering program |
CN100466510C (en) * | 2003-04-30 | 2009-03-04 | 华为技术有限公司 | A method for preventing network address translation (NAT) device from being attacked by network user |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20040267929A1 (en) | Method, system and computer program products for adaptive web-site access blocking | |
KR100329545B1 (en) | Apparatus and method for intercept link of unwholesom site in internet | |
US6662230B1 (en) | System and method for dynamically limiting robot access to server data | |
US6704874B1 (en) | Network-based alert management | |
US8010552B2 (en) | System and method for adapting an internet filter | |
US7448078B2 (en) | Method, a portal system, a portal server, a personalized access policy server, a firewall and computer software products for dynamically granting and denying network resources | |
AU2008100859A4 (en) | Method and apparatus for restricting access to network accessible digital information | |
US8122493B2 (en) | Firewall based on domain names | |
US6098173A (en) | Method and system for enforcing a communication security policy | |
US8145784B2 (en) | Distributed network management system using policies | |
KR101010302B1 (en) | Security management system and method of irc and http botnet | |
US20110106787A1 (en) | Hosted searching of private local area network information | |
JP2004364306A (en) | System for controlling client-server connection request | |
JP2001514832A (en) | Method and apparatus for managing internetwork and intra-network activities | |
EP1241849B1 (en) | Method of and apparatus for filtering access, and computer product | |
WO1998011702A1 (en) | Apparatus and methods for capturing, analyzing and viewing live network information | |
US9055113B2 (en) | Method and system for monitoring flows in network traffic | |
CN115134099A (en) | Network attack behavior analysis method and device based on full flow | |
WO2002063816A2 (en) | Method and system for routing network traffic based upon application information | |
US7225255B2 (en) | Method and system for controlling access to network resources using resource groups | |
KR101518474B1 (en) | Method for selectively permitting/blocking a plurality of internet request traffics sharing the public IP address on the basis of current time and system for detecting and blocking internet request traffics sharing the public IP address on the current time | |
KR200216643Y1 (en) | Apparatus for intercept link of unwholesom site in internet | |
WO2001055867A1 (en) | Method, system and computer program products for adaptive web-site access blocking | |
CN105791009A (en) | Method and system for collecting user internet-surfing behavior based on SDN (Software Defined Network) | |
KR20010103131A (en) | Malicious Site Interception Method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 01800160.2 Country of ref document: CN |
|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): CA CN JP KR US |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: COMMUNICATION PURSUANT TO RULE 69(1) EPC (EPO FORM 1205A 09.12.03) |
|
122 | Ep: pct application non-entry in european phase | ||
NENP | Non-entry into the national phase |
Ref country code: JP |