Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2011-03-08
2011-03-08
Hoffman, Brandon S (Department: 2433)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
C711S154000, C726S022000, C726S024000
Reexamination Certificate
active
07904961
ABSTRACT:
This disclosure describes techniques for determining whether network traffic contains one or more computer security threats. In order to determine whether a symbol stream conforms to the symbol pattern, a security device stores a full deterministic finite automaton (fDFA) that accepts streams of symbols that conform to the symbol pattern. The security device also creates a partial deterministic finite automaton (pDFA) that includes nodes that correspond to the nodes in the fDFA that have the highest visitation levels. The security device processes each symbol in the symbol stream using the pDFA until a symbol causes the pDFA to transition to a failure node or to an accepting node. If the symbol causes the pDFA to transition to the failure node, the security device processes the symbol and subsequent symbols in the symbol stream using the fDFA.
REFERENCES:
patent: 7260558 (2007-08-01), Cheng et al.
patent: 7308446 (2007-12-01), Panigrahy et al.
patent: 7558925 (2009-07-01), Bouchard et al.
patent: 7685637 (2010-03-01), Zhao et al.
patent: 2006/0085389 (2006-04-01), Flanagan et al.
patent: 2006/0101195 (2006-05-01), Jain
patent: 2006/0120137 (2006-06-01), Gould et al.
patent: 2006/0242123 (2006-10-01), Williams
patent: 2008/0140661 (2008-06-01), Pandya
patent: WO 03/023553 (2003-03-01), None
patent: WO 2006/031659 (2006-03-01), None
Gonzalo Navarro, “A Partial Deterministic Automaton for Approximate String Matching”, In Proc. 4th South American Workshop on String Processing (WSP'97), pp. 112-127, 1997.
Baker et al., “Automatic Synthesis of Efficient Intrusion Detection Systems on FPGAs,”IEEE Transactions on Dependable and Secure Computing, vol. 3, No. 4, Oct.-Dec. 2006, pp. 289-300.
Sourdis et al., “Fast, Large-Scale String Match for a 10Gbps FPGA-Based Network Intrusion Detection System,” 13thInternational Conference onField-Programmable Logic and Applications,FPL 2003 proceedings, (lecture notes in Computer Science vol. 2778), pp. 880-889, Sep. 2003.
Dharmapurikar et al., “Fast and Scalable Pattern Matching for Content Filtering,” Symposium on Architecture for Networking and Communications Systems,ANCS 2005, Oct. 26, 2005, pp. 183-192.
Hutchings et al., “Assisting Network Intrusion Detection with Reconfigurable Hardware,”Proceedings of the 10thAnnual IEEE Symposium on Field-Programmable Custom Computing Machines, Apr. 22-24, 2002, pp. 111-120.
Stoyanov et al., “Resolving Non-Determinism in NFA,” International Conference on Computer Systems and Technologies, Jul. 9, 2003, 5 pgs.
Sutton, “Partial Character Decoding for Improved Regular Expression Matching in FPGAs,” Proceedings of the 2004 IEEE International Conference on Field-Programmable Technology, Dec. 6-8, 2004, pp. 25-32.
University of Alaska, “Finite Automata,” Aug. 20, 2005, 48 pgs., http://www.math.uaa.alaska.edu/-afkjm/cs351/handouts/finite-automata.ppt.
European Search Report from European Application No. 07253056.1, dated Sep. 3, 2009, 3 pgs.
U.S. Appl. No. 12/361,364, filed Jan. 28, 2009, entitled, “Efficient Application Identification With Network Devices,” Ma et al.
Xiaofei, Wang et al., “Extraction of fingerprint from regular expression for efficient prefiltering”, ICCTA '09, IEEE International Conference on Communications Technology and Applications, 2009, IEEE, Piscataway, NJ, USA, Oct. 16, 2009, pp. 221-226.
European Search Report dated Sep. 8, 2008 for corresponding European Application No. 07 25 3272, 2 pgs.
Z. Shan et al., “A Network State Based Intrusion Detection Model,” Proceedings of the 2001 International Conference on Computer Networks and Mobile Computing (ICCNMC'01), Oct. 16, 2001, pp. 481-486.
U.S. Appl. No. 11/739,365, filed Apr. 24, 2007, entitled, “Parallelized Pattern Matching Using Non-Deterministic Finite Automata,” Goldman et al.
Burns Bryan
Ma Qingming
Narayanaswamy Krishna
Rawat Vipin
Shieh Michael Chuong
Hoffman Brandon S
Juniper Networks, Inc.
Shumaker & Sieffert P.A.
Song Hee
LandOfFree
Network attack detection using partial deterministic finite... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Network attack detection using partial deterministic finite..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Network attack detection using partial deterministic finite... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2697708