Speed and memory optimization of intrusion detection system (IDS) and intrusion prevention system (IPS) rule processing
US8474043B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Aug 28, 2008 |
| Grant date | Jun 25, 2013 |
| Priority date | — |
| Expiry date | Nov 23, 2029 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1416
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
In an intrusion detection/prevention system, network traffic is received and checked for a matching pattern. Upon identifying the matching pattern, the network traffic with the matching pattern is evaluated against rules that are represented by a rule tree. References to rule options are represented in the rule tree and are stored separately from the rule tree. The rule tree represents unique rules by unique paths from a root of the tree to the leaf nodes, and represents rule options as non-leaf nodes of the rule tree. Evaluating the network traffic includes processing, against the network traffic, the rule options in the rule tree beginning at the root. Processing of the rules represented by subtrees of nodes with rule options that do not match is eliminated. The network traffic is evaluated against rules terminating in leaf nodes only for combinations of rule options that match the network traffic.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.