Method and system for configurable network intrusion detection
First Claim
Patent Images
1. A method for detecting network intrusion comprising:
- receiving configuration data associated with a defined signature;
providing an inspector shell;
generating, based on the received configuration data, a plurality of parameter-value associations for use in defining the defined signature;
automatically generating, by a computer, an inspector instance from the inspector shell and the generated parameter-value association, the inspector instance operable to;
receive traffic traveling on the network;
compare the traffic to data indicative the defined signature;
detect network intrusion in response to the comparison; and
executing the inspector instance.
1 Assignment
0 Petitions
Accused Products
Abstract
According to one embodiment of the invention, a method for automatically generating software code operable to detect a defined signature in network traffic comprises providing an inspector shell, generating a plurality of parameter name-value associations from provided configuration data, and automatically generating, by computer, an instance of the inspector shell having a signature defined by the parameter name-value associations.
-
Citations
19 Claims
-
1. A method for detecting network intrusion comprising:
-
receiving configuration data associated with a defined signature; providing an inspector shell; generating, based on the received configuration data, a plurality of parameter-value associations for use in defining the defined signature; automatically generating, by a computer, an inspector instance from the inspector shell and the generated parameter-value association, the inspector instance operable to; receive traffic traveling on the network; compare the traffic to data indicative the defined signature; detect network intrusion in response to the comparison; and executing the inspector instance. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system for detecting network intrusion comprising:
-
a packet capturer operable to acquire network traffic; a database operable to store data indicative of the network traffic acquired by the packet capturer; a plurality of engine groups, each engine group comprising a plurality of engines, each engine comprising; a parser operable to receive configuration data for use in defining a signature to be detected and create a structured version therefrom; an inspector shell comprising coding operable to compare a defined signature to the acquired network traffic; and an inspector generator operable to generate an inspector instance from the structured version of the configuration data and the inspector shell, the inspector instance operable to compare the defined signature to the acquired network traffic; and an output handler operable to generate an indication of a detected intrusion in response to a signal from the inspector instance. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
Specification