摘要 |
<p>A system (214) and method are disclosed for analyzing a network protocol stream for a security-related event. At least two states (402, 404) associated with the network protocol in which a first host system communicating with a second host system using a network protocol may be placed are identified. At least one valid transition (405, 408) between a first state (402) of the at least two states and a second state (404) of the at least two states is defined. The at least one valid transition (405, 408) is expressed in the form of a regular expression. The regular expression (405, 408) is used to analyze the network protocol stream.</p> |