IPS DETECTION PROCESSING METHOD, NETWORK SECURITY DEVICE AND SYSTEM

摘要

An IPS detection processing method, a network security device and system. The method includes: determining whether an intranet device is a client or a server; if it is a client, then simplifying an IPS signature rule library as an IPS signature rule library corresponding to the client, or if it is a server, then simplifying the IPS signature rule library as an IPS signature rule library corresponding to the server; and generating a state machine according to the signature rules in the simplified IPS signature rule library, and applying the state machine to perform IPS detection on the traffic flowing therethrough. In the embodiments of the present invention, a network security device can determine whether an intranet device is a client or a server, simplify the IPS signature rule library according to the determination result, and generate a state machine according to the simplified IPS signature rule library, and therefore the IPS detection can be performed by a state machine with the redundancy state being removed when performing IPS detection, thus being able to improve the IPS detection efficiency.