Event detection method and device
US7913304B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | May 25, 2007 |
| Grant date | Mar 22, 2011 |
| Priority date | — |
| Expiry date | Jan 17, 2030 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1416
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
The embodiments of the present invention disclose an event detection method and device. The method includes: predefining event-based detection rules with a predicative context-free grammar; generating by parsing the detection rules a parsing table of pushdown automaton which supports parallel parsing; receiving an event to be detected; and analyzing by a controller the event to be detected according to the parsing table, to obtain a detection result. The present invention is especially applicable to detection of network attack events. The embodiments of the present invention detect the attacks with a predicative context-free grammar on the basis of events, and ensure a close combination of a protocol parsing process and an attack detection process, as well as a close combination of multiple attack detection rules, thus decreasing unnecessary calculations. In addition, with an optimized parallel pushdown automaton, the embodiments of the present invention can efficiently analyze the predicative context-free grammar. Consequently, besides hierarchical processing capability and state description capability, the embodiments of the present invention deliver high efficiency.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.