发明名称 |
INTRUSION DETECTION STRATEGIES FOR HYPERTEXT TRANSPORT PROTOCOL |
摘要 |
A hypertext transport protocol (HTTP) inspection engine for an intrusion detection system (IDS) includes an HTTP policy selection component, a request universal resource identifier (URI) discovery component, and a URI normalization module. The HTTP policy selection component identifies an HTTP intrusion detection policy using a packet. The request URI discovery component locates a URI within the packet. The URI normalization module decodes an obfuscation within the URI. In another embodiment, a packet transmitted on the network is intercepted. The packet is parsed. An internet protocol (IP) address of the packet is identified. An HTTP intrusion detection policy for a network device is determined. A URI is located in the packet. A pattern from an intrusion detection system rule is compared to the located URI. In another embodiment, an IDS includes a packet acquisition system, network and transport reassembly modules, an HTTP inspection engine, a detection engine, and a logging system. |
申请公布号 |
WO2006020289(A2) |
申请公布日期 |
2006.02.23 |
申请号 |
WO2005US25583 |
申请日期 |
2005.07.20 |
申请人 |
SOURCEFIRE, INC.;ROELKER, DANIEL, J.;NORTON, MARC, A. |
发明人 |
ROELKER, DANIEL, J.;NORTON, MARC, A. |
分类号 |
|
主分类号 |
|
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|