Invention Grant
US09380067B2 IPS detection processing method, network security device, and system
有权
IPS检测处理方法,网络安全设备和系统
- Patent Title: IPS detection processing method, network security device, and system
- Patent Title (中): IPS检测处理方法,网络安全设备和系统
-
Application No.: US14317278Application Date: 2014-06-27
-
Publication No.: US09380067B2Publication Date: 2016-06-28
- Inventor: Zhihui Xue , Wu Jiang , Shiguang Li , Shiguang Wan
- Applicant: Huawei Technologies Co., Ltd.
- Applicant Address: CN Shenzhen
- Assignee: Huawei Technologies Co., Ltd.
- Current Assignee: Huawei Technologies Co., Ltd.
- Current Assignee Address: CN Shenzhen
- Agency: Conley Rose, P.C.
- Agent Grant Rodolph
- Priority: CN201110443289 20111227
- Main IPC: G06F21/55
- IPC: G06F21/55 ; H04L29/06 ; H04L12/26
Abstract:
An IPS detection processing method, a network security device and a system are disclosed. The method includes: determining, by a network security device, whether an internal network device is a client or a server; if the internal network device is the client, simplifying an IPS signature rule base to obtain an IPS signature rule base corresponding to the client, or if the internal network device is the server, simplifying the IPS signature rule base to obtain an IPS signature rule base corresponding to the server; generating a state machine according to a signature rule in the IPS signature rule base obtained through simplifying processing; and performing IPS detection on flowing-through traffic by applying the state machine. In embodiments of the present invention, the network security device performs IPS detection by adopting the state machine with a redundant state removed, thereby improving IPS detection efficiency.
Public/Granted literature
- US20140317718A1 IPS Detection Processing Method, Network Security Device, and System Public/Granted day:2014-10-23
Information query
