公开(公告)号：US20110030057A1

公开(公告)日：2011-02-03

申请号：US12846541

申请日：2010-07-29

申请人： Yan Chen ,  Zhichun Li ,  Gao Xia ,  Bin Liu

发明人： Yan Chen ,  Zhichun Li ,  Gao Xia ,  Bin Liu

IPC分类号： G06F21/00 ,  H04L9/32

CPC分类号： H04L63/1416 ,  H04L63/1433 ,  H04L69/22

摘要： Systems, methods, and apparatus are provided for vulnerability signature based Network Intrusion Detection and/or Prevention which achieves high throughput comparable to that of the state-of-the-art regex-based systems while offering improved accuracy. A candidate selection algorithm efficiently matches thousands of vulnerability signatures simultaneously using a small amount of memory. A parsing transition state machine achieves fast protocol parsing. Certain examples provide a computer-implemented method for network intrusion detection. The method includes capturing a data message and invoking a protocol parser to parse the data message. The method also includes matching the parsed data message against a plurality of vulnerability signatures in parallel using a candidate selection algorithm and detecting an unwanted network intrusion based on an outcome of the matching.

摘要翻译： 提供了基于漏洞签名的网络入侵检测和/或预防的系统，方法和装置，其实现了与现有技术的基于正则表达式的系统相当的高吞吐量，同时提供了更高的精度。 候选者选择算法使用少量内存同时有效地匹配数千个漏洞签名。 解析过渡状态机实现快速协议解析。 某些示例提供用于网络入侵检测的计算机实现的方法。 该方法包括捕获数据消息并调用协议解析器来解析数据消息。 该方法还包括使用候选选择算法并行地解析解析的数据消息与多个脆弱性签名并且基于匹配的结果来检测不需要的网络入侵。

公开(公告)号：US08522348B2

公开(公告)日：2013-08-27

申请号：US12846541

申请日：2010-07-29

申请人： Yan Chen ,  Zhichun Li ,  Gao Xia ,  Bin Liu

发明人： Yan Chen ,  Zhichun Li ,  Gao Xia ,  Bin Liu

IPC分类号： G06F11/00

CPC分类号： H04L63/1416 ,  H04L63/1433 ,  H04L69/22

摘要： Systems, methods, and apparatus are provided for vulnerability signature based Network Intrusion Detection and/or Prevention which achieves high throughput comparable to that of the state-of-the-art regex-based systems while offering improved accuracy. A candidate selection algorithm efficiently matches thousands of vulnerability signatures simultaneously using a small amount of memory. A parsing transition state machine achieves fast protocol parsing. Certain examples provide a computer-implemented method for network intrusion detection. The method includes capturing a data message and invoking a protocol parser to parse the data message. The method also includes matching the parsed data message against a plurality of vulnerability signatures in parallel using a candidate selection algorithm and detecting an unwanted network intrusion based on an outcome of the matching.

摘要翻译： 提供了基于漏洞签名的网络入侵检测和/或预防的系统，方法和装置，其实现了与现有技术的基于正则表达式的系统相当的高吞吐量，同时提供了更高的精度。 候选者选择算法使用少量内存同时有效地匹配数千个漏洞签名。 解析过渡状态机实现快速协议解析。 某些示例提供用于网络入侵检测的计算机实现的方法。 该方法包括捕获数据消息并调用协议解析器来解析数据消息。 该方法还包括使用候选选择算法并行地解析解析的数据消息与多个脆弱性签名并且基于匹配的结果来检测不需要的网络入侵。