Matching with a large vulnerability signature ruleset for high performance network defense
US8522348B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jul 29, 2010 |
| Grant date | Aug 27, 2013 |
| Priority date | — |
| Expiry date | Apr 22, 2031 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1433
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Systems, methods, and apparatus are provided for vulnerability signature based Network Intrusion Detection and/or Prevention which achieves high throughput comparable to that of the state-of-the-art regex-based systems while offering improved accuracy. A candidate selection algorithm efficiently matches thousands of vulnerability signatures simultaneously using a small amount of memory. A parsing transition state machine achieves fast protocol parsing. Certain examples provide a computer-implemented method for network intrusion detection. The method includes capturing a data message and invoking a protocol parser to parse the data message. The method also includes matching the parsed data message against a plurality of vulnerability signatures in parallel using a candidate selection algorithm and detecting an unwanted network intrusion based on an outcome of the matching.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.