Matching with a Large Vulnerability Signature Ruleset for High Performance Network Defense

Systems, methods, and apparatus are provided for vulnerability signature based Network Intrusion Detection and/or Prevention which achieves high throughput comparable to that of the state-of-the-art regex-based systems while offering improved accuracy. A candidate selection algorithm efficiently matches thousands of vulnerability signatures simultaneously using a small amount of memory. A parsing transition state machine achieves fast protocol parsing. Certain examples provide a computer-implemented method for network intrusion detection. The method includes capturing a data message and invoking a protocol parser to parse the data message. The method also includes matching the parsed data message against a plurality of vulnerability signatures in parallel using a candidate selection algorithm and detecting an unwanted network intrusion based on an outcome of the matching.

Attached files:
US 20110030057.jpg

Patents:
US 20,110,030,057

Inventor(s): CHEN YAN [US]; LI ZHICHUN [US]; XIA GAO [CN]; LIU BIN [CN]

Type of Offer: Licensing



Next Patent »
« More Communications Patents

Share on      


CrowdSell Your Patent