Intrusion detection accelerator
First Claim
1. An intrusion detection system comprising a character buffer for a plurality of bytes of a document, a state table addressable in accordance with a byte of a document and a state to access at least one of an interrupt or exception and next state data from said state table, a register for storing said next state data, means for combining contents of said register with a subsequent byte of a document to form a further address into said state memory, and a bus for communicating said interrupt or exception to a host CPU.
1 Assignment
0 Petitions
Accused Products
Abstract
Signatures of character strings in a document which may indicate a possible intrusion into or attack on a networked computer system or node thereof or other security breach are detected at high speed using a hardware accelerator within the environment of a hardware parser accelerator. An interrupt or exception can thus be issued to a host CPU before a command which may constitute such a security breach, intrusion or attack can be made executable by parsing of a document. The CPU can initiate network control measures to prevent or limit the intrusion.
168 Citations
16 Claims
-
1. An intrusion detection system comprising
a character buffer for a plurality of bytes of a document, a state table addressable in accordance with a byte of a document and a state to access at least one of an interrupt or exception and next state data from said state table, a register for storing said next state data, means for combining contents of said register with a subsequent byte of a document to form a further address into said state memory, and a bus for communicating said interrupt or exception to a host CPU.
-
10. An intrusion detection method comprising steps of
accessing a state table addressable in accordance with a byte of a document and a state to access at least one of an interrupt or exception and next state data from said state table, storing said next state data, combining said stored next state data with a subsequent byte of a document to form a further address into said state memory, and communicating said interrupt or exception to a host CPU.
Specification