Communications monitoring, processing and intrusion detection

摘要

Systems, apparatus and methods to monitor communications conducted via a host computer placed under the management of security measures such as firewalls or routers' filtering capabilities. A communications monitoring system which includes a packet input means for connecting to predetermined points on a network via a network interface and receiving communications packets flowing at the points; and matching means for performing real-time matching between two packet streams composed of received communications packets each time a communications packet is received. If the two packet streams are highly similar, it is highly likely that an attack or intrusion is being made and an alert is issued.