Patent · US Expired

Network intrusion detection signature analysis using decision graphs

US6609205B1 · kind B1 · utility

126Cited by

20References

37Claims

0Family size

Assignee

Cisco Technology, Inc. · US

Inventors

Thomas E. Bernhard · Graz, AT
Steven D. Shanklin · Austin, US
Gerald S. Lathem · Elgin, US

Key dates

Filing date	Mar 18, 1999
Grant date	Aug 19, 2003
Priority date	—
Expiry date	Mar 18, 2019

Classification

Technology area (CPC H)Electricity
CPC primaryH04L43/00
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A method of detecting signatures representing misuse of a local network. Known reference signatures having one or more common events are identified, and represented with a decision graph having one or more shared nodes. Each node of the decision graph represents the occurrence of an event. Given a set of input events, test functions associated with nodes determine the path taken during traversal of the graph. A path of the graph from the parent node to a leaf node represents the occurrence of all events that comprise a signature. The decision graph permits any of the signatures to be detected with only one traversal, and avoids the need for a separate matching process for each signature. In this manner, an entire set of all known reference signatures may be consolidated into a smaller set of decision graphs.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.