| 发明名称 |
Use of a programmable network processor to observe a flow of packets |
| 摘要 |
A method and system for detecting attempted intrusions into a network, including: providing a network processor for monitoring packets transmitted over a communications link of the network; receiving a plurality of packets from the communications link by the network processor; and pre-filtering the plurality of packets by the network processor to identify packets potentially with patterns of interest. These packets are forwarded to a NIDS. The NIDS then examines the forwarded packets to identify the packets that have the pattern of interest. By using the network processor to pre-filter the packets, the number of packets examined by the NIDS is significantly reduced. Also, the capacity of the NIDS can be increased without requiring changes in the NIDS.
|
| 申请公布号 |
US2004199790(A1) |
申请公布日期 |
2004.10.07 |
| 申请号 |
US20030405671 |
申请日期 |
2003.04.01 |
| 申请人 |
INTERNATIONAL BUSINESS MACHINES CORPORATION |
发明人 |
LINGAFELT CHARLES STEVEN;STROLE NORMAN C. |
| 分类号 |
G06F11/30;H04L29/06;H04L29/08;(IPC1-7):G06F11/30 |
主分类号 |
G06F11/30 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
|
| 地址 |
|
