×

Identifying applications for intrusion detection systems

  • US 8,291,495 B1
  • Filed: 08/08/2007
  • Issued: 10/16/2012
  • Est. Priority Date: 08/08/2007
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • receiving, with a network device, a first packet flow within a network from a client to a server;

    performing an initial identification of a type of software application and communication protocol associated with the first packet flow, to determine a first type of software application for the first packet flow;

    applying a first set of patterns to the first packet flow to determine whether the first packet flow represents a network attack, wherein the first set of patterns are associated with the determined first type of software application and the communication protocol;

    buffering the first packet flow to store at least a connection request by the client;

    forwarding the first packet flow to the server;

    receiving, in response to forwarding the first packet flow to the server, a second packet flow from the server;

    associating the first packet flow and the second packet flow as a communication session between the client and the server;

    using the first packet flow and the second packet flow, reevaluating the initial identification of the type of software application and protocol associated with the communication session, to determine a second type of software application for the first packet flow;

    selecting a second set of patterns based on the determined second type of software application for the first packet flow and the reevaluated communication protocol; and

    after receiving the second packet flow from the server, applying the second set of patterns to the buffered connection request of the first packet flow to re-determine whether the first packet flow represents a network attack.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×