1. Field
This disclosure relates generally to computer network security and, more specifically, to filtering network traffic into a secured network.
2. Discussion of the Related Art
While the Internet has allowed computer users to easily access large volumes of information from all over the world, it has also made computers that are universally linked to the Internet vulnerable to hacking or unauthorized access to the users' computers and their stored data. For example, Internet-connected computers are vulnerable to online theft of credit card numbers, personal information theft, hijacking of websites, and malicious viruses, Trojans, worms, and other malicious programming that either steals the user's data, misdirects other users from intended websites, or destroys data and installed software. Such unauthorized access to computer data and systems is illegal in the U.S. and in most countries. The offenders, however, are usually located offshore and only the most egregious violations that involve national security or large sums of money are pursued by law enforcement officials. Additionally, the offenders are becoming increasingly savvy in overcoming security measures that are being put in place, making the cost of protecting networks more of a burden on businesses and government agencies that are increasingly reliant on network systems to accomplish their goals. Increasing reliance on networks of servers and computers, sometimes linking thousands of users over several continents within one organization, makes intrusions of those networks even more insidious. It is therefore a requirement that users protect their own systems and networks with even more sophistication than the tools used by hackers.
Networks owned by governments and institutions handling large amounts of credit card transactions are heavily targeted by hackers for various reasons. Hardware and software designed to act as a “firewall” to prevent users outside a network from illegally accessing a network, along with other measures, such as antivirus software, antispyware programs, and password protected compartmentalization of systems, are often defeated by highly experienced hackers with the time and the will to intrude on a computer system. Usually, the user is not aware of an intrusion onto their systems, with stealthy online criminals stealing sensitive data, launching denial of service attacks, and using the email addresses of hacked systems to send spam and unwanted emails to unsuspecting contacts of the infected users. Government agencies tasked with national security missions and the contractors with whom they work have networks that are often targeted with malicious intent by entities wishing to disrupt the systems for political reasons or in association with hostilities or terrorist activities directed against the targeted governments.
Traditional network security measures include, in the most basic form, authentication of authorized users requiring the use of usernames and passwords to enter the system. Additional security measures can also include a key card, biometrics, such as iris scans or finger prints, or additional personalized information, known as a “security question.” While these measures help to prevent unauthorized users from accessing the system, they do not prevent access to the network through emails, instant messaging, or other network-based intrusions.
Currently, filtering of data from the Internet requires maintaining flow records that track incoming network traffic. Due to limited computing resources, the memory used to store flow records needs to be maintained by keeping a timer and periodically executing a cleanup process to evaluate every flow record to see if the freshness date, or flow age, has expired. Executing this cleanup process is computationally expensive in memory cycles at very high speeds. Thus, there exists a need to save memory, enhance speed, and reduce storage requirements when filtering Internet traffic into a secure network.