METHOD AND SYSTEM FOR ANALYZING A DATA FLOW

摘要

A method for analyzing a data flow includes extracting packet information of a packet of the data flow, determining the status of the packet and the status of the data flow based on the extracted packet information arid storing the packet for later inspection when the status of the packet and/or the status of the data flow indicate that the packet is out-of sequence, and inspecting the packet and/or the stored packet based on inspection rules. Upon a partial match of at least one of the inspection rules with the extracted packet information, a result of the inspection of the packet is temporarily stored. Already stored packets are inspected when they are in-order with already inspected packets. Upon a total match of at least one of the inspection rules, a predetermined action is performed and the stored result is deleted.

主权项

1. A method for analyzing a data flow, comprising:
a) extracting packet information of a packet of the data flow, b) determining a status of the packet and a status of the data flow based on the extracted packet information and storing the packet for later inspection when the status of the packet and/or the status of the data flow indicate that the packet is out-of sequence, and c) inspecting the packet and/or the stored packet based on inspection rules, wherein upon a partial match of at least one of the inspection rules with the extracted packet information, a result of the inspection of the packet is temporarily stored, wherein already stored packets are inspected when they are in-order with already inspected packets, and wherein upon a total match of at least one of the inspection rules, a predetermined action is performed and the stored result is deleted.