Identifying applications for intrusion detection systems
US10033696B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Jul 14, 2017 |
| Grant date | Jul 24, 2018 |
| Priority date | — |
| Expiry date | Jul 14, 2037 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/168
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
An intrusion detection system (“IDS”) device is described that includes a flow analysis module to receive a first packet flow from a client and to receive a second packet flow from a server. The IDS includes a forwarding component to send the first packet flow to the server and the second packet flow to the client and a stateful inspection engine to apply one or more sets of patterns to the first packet flow to determine whether the first packet flow represents a network attack. The IDS also includes an application identification module to perform an initial identification of a type of software application and communication protocol associated with the first packet flow and to reevaluate the identification of the type of software application and protocol according to the second packet flow. The IDS may help eliminate false positive and false negative attack identifications.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.