公开(公告)号：US07356599B2

公开(公告)日：2008-04-08

申请号：US10064943

申请日：2002-08-30

申请人： Bastian Pochon ,  Paolo Scotton

发明人： Bastian Pochon ,  Paolo Scotton

IPC分类号： G06F15/16

CPC分类号： H04L43/00 ,  H04L41/12 ,  H04L43/10 ,  H04L63/0227 ,  H04L63/1408

摘要： A method that allows the normalization of traffic data that is simultaneously transferred to a network intrusion detection system (NIDS) and monitored end-systems located in a network, such as a TCP/IP network, in which packets of data such as IP datagrams, are fragmented and reassembled. Accordingly, the information of received fragments and/or the topology of the network comprising the network intrusion detection system (NIDS) and the monitored end-systems are entered into a normalization table, that is dynamically established and maintained. Subsequently packets of data such as IP datagrams are modified, redirected or discarded in case that ambiguities are detected when comparing information contained in the normalization table with information contained in the headers of the received data packets.

摘要翻译： 允许同时传送到位于诸如TCP / IP网络的网络中的网络入侵检测系统（NIDS）和被监视的终端系统的业务数据的归一化方法，其中诸如IP数据报， 被分散和重组。 因此，包括网络入侵检测系统（NIDS）和所监视的终端系统的接收到的片段和/或网络拓扑的信息被输入到动态建立和维护的规范化表中。 随后，当将归一化表中包含的信息与包含在接收到的数据分组的报头中的信息进行比较时，检测到模糊度的情况下，数据包（例如IP数据报）被修改，重定向或丢弃。