System and method for analyzing protocol streams for a security-related event
First Claim
Patent Images
1. A method for analyzing a network protocol stream for a security-related event, comprising:
- identifying at least two states associated with the network protocol in which a first host system communicating with a second host system using the network protocol may be placed;
defining at least one valid transition between a first state of the at least two states and a second state of the at least two states;
expressing the at least one valid transition in the form of a regular expression; and
using the regular expression to analyze the network protocol stream.
4 Assignments
0 Petitions
Accused Products
Abstract
A system and method are disclosed for analyzing a network protocol stream for a security-related event. At least two states associated with the network protocol in which a first host system communicating with a second host system using the network protocol may be placed are identified. At least one valid transition between a first state of the at least two states and a second state of the at least two states is defined. The at least one valid transition is expressed in the form of a regular expression. The regular expression is used to analyze the network protocol stream.
122 Citations
21 Claims
-
1. A method for analyzing a network protocol stream for a security-related event, comprising:
-
identifying at least two states associated with the network protocol in which a first host system communicating with a second host system using the network protocol may be placed;
defining at least one valid transition between a first state of the at least two states and a second state of the at least two states;
expressing the at least one valid transition in the form of a regular expression; and
using the regular expression to analyze the network protocol stream. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method for analyzing a network protocol stream for a security-related event, comprising:
-
identifying at least two valid states in which a first host system communicating with a second host system using the network protocol may be placed;
defining at least one valid transition between a first valid state of the at least two valid states and a second valid state of the at least two valid states;
expressing the at least one valid transition in the form of a first regular expression;
defining at least one invalid operation for the first host system in at least one of the at least two valid states;
expressing the at least one invalid operation as a second regular expression;
defining a further state corresponding to the invalid operation;
using the first regular expression and the second regular expression to analyze the network protocol stream, the analysis comprising providing an indication in the event the at least one invalid operation is detected.
-
-
19. A system for analyzing a network protocol stream between a first host system and a second host system for a security-related event, the first host system being susceptible to being placed under the network protocol in one of at least two states associated with the network protocol, the system comprising:
-
a computer configured to receive and analyze the network protocol stream by processing a regular expression, the regular expression corresponding to a valid transition from a first state of at least two states to a second state of the at least two states; and
memory associated with the computer and configured to store the regular expression.
-
-
20. A system for analyzing a network protocol stream between a first host system and a second host system for a security-related event, the first host system being susceptible to being placed under the network protocol in one of at least two states associated with the network protocol, the system comprising:
-
means for receiving the network protocol stream; and
means for analyzing the network protocol stream by processing a regular expression, the regular expression corresponding to a valid transition from a first state of at least two states to a second state of the at least two states.
-
-
21. A computer program product for analyzing a network protocol stream, the computer program product being embodied in a computer readable medium and comprising computer instructions for:
-
identifying at least two states in which a first host system communicating with a second host system using the network protocol may be placed;
defining at least one valid transition between a first state of the at least two states and a second state of the at least two states;
expressing the at least one valid transition in the form of a regular expression; and
using the regular expression to analyze the network protocol stream.
-
Specification