-
1.发明申请Reduction of false positive detection of signature matches in intrusion detection systems 有权减少入侵检测系统中签名匹配的假阳性检测公开(公告)号:US20060174107A1
公开(公告)日:2006-08-03
申请号:US11064225
申请日:2005-02-22
申请人: Peter Furlong , Andrew Davy , Gareth Allwright , Jerome Nolan
发明人: Peter Furlong , Andrew Davy , Gareth Allwright , Jerome Nolan
IPC分类号: H04L9/00
CPC分类号: H04L63/1408 , H04L47/2441
摘要: Detection of a signature in a data packet comprises performing a pre-classification of the packet, using header information and particularly a 5-tuple access control list, into one of a multiplicity of flows and directing the payload of the packet to a respective one of a multiplicity of deterministic finite state machines each of which stores a plurality of signatres as a sequence of states and acts only on the respective flow.
摘要翻译: 数据分组中的签名的检测包括使用头信息,特别是5元组访问控制列表来执行分组的预分类到多个流中的一个,并将分组的有效载荷指向相应的一个 多个确定性有限状态机,每个存储多个签名作为状态序列,并且仅作用于相应的流。
-
公开(公告)号:US20060167843A1
公开(公告)日:2006-07-27
申请号:US11041629
申请日:2005-01-24
IPC分类号: G06F17/30
CPC分类号: H04L45/00 , G06F17/30952 , H04L45/7453
摘要: A search engine operable to search on a search key word of a given length comprises a trie database which supports a trie search on keys of the given length and a content addressable memory organized to receive a most significant section of the search key word. The search engine performs a full trie search on the whole of said search key word in the event of no match of a most significant section within the content addressable memory. In the event of a match within the content addressable memory the search engine performs a partial trie search commencing with a trie block pertaining to a first segment of the search key word after the most significant section which has already been matched.
摘要翻译: 可操作以搜索给定长度的搜索关键字的搜索引擎包括支持对给定长度的密钥进行特里搜索的特里数据库,以及被组织为接收搜索关键字的最重要部分的内容可寻址存储器。 搜索引擎在内容可寻址存储器中的最重要部分不匹配的情况下,对整个所述搜索关键字执行完整的特里搜索。 在内容可寻址存储器内匹配的情况下,搜索引擎执行部分特里搜索,其开始于与已经匹配的最重要部分之后的搜索关键字的第一段相关的特里块。
-
搜索结果
2 条记录 (耗时 0.008 秒)
