首页>
外国专利>
Intrusion detection state machine for finding attack signatures with reduced buffering requirements for handling out of sequence packets
Intrusion detection state machine for finding attack signatures with reduced buffering requirements for handling out of sequence packets
展开▼
机译:入侵检测状态机,用于查找具有减少的缓冲要求的攻击特征以处理乱序数据包
展开▼
页面导航
摘要
著录项
相似文献
摘要
Some intrusion detection system look for signature patterns of characters indicative of an attack in received data streams using state machines which react to each received character. Systems where the data stream is segmented (eg. into TCP packets) and the segments are not received in order (n+2 in figure) cause problems. Traditional systems would buffer subsequent sequence packets (n+3 to n+6) until the delayed one was received and then recommence processing. Instead the invention stores the machine state (at n+1) and buffers the immediately subsequent segment (n+3). It then initialises the state machine and processes the subsequent packets, until the late segment is received. Then it again stores the machine state (at n+6), restores the first stored state and processes the missing and buffered segments (n+2 and n+3). Finally the second stored state is restored and normal processing resumes (at n+7). The system thereby reduces the size of buffer required (from 4 segments to 1 in the example).
展开▼