| 摘要 |
An IPS detection processing method, a network security device and a system are disclosed. The method includes: determining, by a network security device, whether an internal network device is a client or a server; if the internal network device is the client, simplifying an IPS signature rule base to obtain an IPS signature rule base corresponding to the client, or if the internal network device is the server, simplifying the IPS signature rule base to obtain an IPS signature rule base corresponding to the server; generating a state machine according to a signature rule in the IPS signature rule base obtained through simplifying processing; and performing IPS detection on flowing-through traffic by applying the state machine. In embodiments of the present invention, the network security device may determine whether the internal network device is the client or the server, simplifies the IPS signature rule base according to a determination result, and generates the state machine according to the IPS signature rule base obtained through simplifying, so as to perform IPS detection by adopting the state machine with a redundant state removed, thereby improving IPS detection efficiency. |
