1. Field of the Invention
The invention is related to the field of communications, and in particular, to a communication network that detects and blocks a packet flow representing a security event.
2. Description of the Prior Art
Existing virus control systems consist of an Intrusion Detection System (IDS) acting as a virus filter directly on a call path. Unfortunately, this system causes a delay in the real-time traffic flow because the traffic is delayed for inspection at the IDS. Another existing virus control system detects a virus at an ingress point after an infected packet has been sent into the communication network. This system allows malicious traffic to traverse the communication network and infect an egress point and an external user before the virus is detected.
Other existing network security systems detect viruses in the network and then take measures to contain the infection and remove the virus. When a virus is detected in one region, the infected region sends the virus information to a central management node. The central management node distributes the virus information and cleaning software to all of the regional nodes. The regional nodes then block any further communication that contains the virus. A drawback to this system is that the virus must infect a portion of the system before it can be contained, removed from the infected regions, and blocked from other regions. The infection is often contained by quarantining an infected area or even bringing down the network. Unfortunately, this approach shuts down communication with the network or the quarantined area until the virus is removed and there is no further possibility of spreading the infection.