Protocol-parsing state machine and method of using same
First Claim
Patent Images
1. A method of detecting intrusions on a computer, comprising:
- storing an intrusion signature describing an attack on a computer;
receiving a plurality of internet protocol packets, said plurality of internet protocol packets collectively containing an information sequence within a series of states;
rearranging said plurality of internet protocol packets so as to place said information sequence in order; and
successively examining each state of said series of states so as to correlate said information sequence to said intrusion signature.
12 Assignments
0 Petitions
Accused Products
Abstract
A method of detecting intrusions on a computer includes storing an intrusion signature describing an attack on a computer. Once a plurality of internet protocol packets is received, the plurality of internet protocol packets collectively containing an information sequence within a series of states, it is rearranged so as to place the information sequence in order. Each state of the series of states is then successively examined so as to correlate the information sequence to the intrusion signature.
343 Citations
1 Claim
-
1. A method of detecting intrusions on a computer, comprising:
-
storing an intrusion signature describing an attack on a computer;
receiving a plurality of internet protocol packets, said plurality of internet protocol packets collectively containing an information sequence within a series of states;
rearranging said plurality of internet protocol packets so as to place said information sequence in order; and
successively examining each state of said series of states so as to correlate said information sequence to said intrusion signature.
-
Specification