Matching with a Large Vulnerability Signature Ruleset for High Performance Network Defense
Systems, methods, and apparatus are provided for vulnerability signature based Network Intrusion Detection and/or Prevention which achieves high throughput comparable to that of the state-of-the-art regex-based systems while offering improved accuracy. A candidate selection algorithm efficiently matches thousands of vulnerability signatures simultaneously using a small amount of memory. A parsing transition state machine achieves fast protocol parsing. Certain examples provide a computer-implemented method for network intrusion detection. The method includes capturing a data message and invoking a protocol parser to parse the data message. The method also includes matching the parsed data message against a plurality of vulnerability signatures in parallel using a candidate selection algorithm and detecting an unwanted network intrusion based on an outcome of the matching.
Attached files:Patents:US 20,110,030,057
Inventor(s):
CHEN YAN [US]; LI ZHICHUN [US]; XIA GAO [CN]; LIU BIN [CN]
Type of Offer:
Licensing
« More Communications Patents