IDiyas

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 7487542 B1

PDFFull Text
Date of Patent:
Feb. 03, 2009

Filed:

Jan. 14, 2004

Intrusion detection using a network processor and a parallel pattern detection engine

Applicants:

Marc A. Boulanger, Colorado Springs, CO (US);

Clark D. Jeffries, Durham, NC (US);

C. Marcel Kinard, Cary, NC (US);

Kerry A. Kravec, Fishkill, NY (US);

Ravinder K. Sabhikhi, Cary, NC (US);

Ali G. Saidi, Ann Arbor, MI (US);

Jan M. Slyfield, San Jose, CA (US);

Pascal R. Tannhof, Fontainebleau, FR;

Inventors:

Marc A. Boulanger, Colorado Springs, CO (US);

Clark D. Jeffries, Durham, NC (US);

C. Marcel Kinard, Cary, NC (US);

Kerry A. Kravec, Fishkill, NY (US);

Ravinder K. Sabhikhi, Cary, NC (US);

Ali G. Saidi, Ann Arbor, MI (US);

Jan M. Slyfield, San Jose, CA (US);

Pascal R. Tannhof, Fontainebleau, FR;

Assignee:

International Business Machines Corporation, Armonk, NY (US);

Attorneys:

Joscelyn G. Cockburn

Winstead, P.C.

Primary Examiner:

Kristine Kincaid

Assistant Examiner:

Kari L Schmidt

Int. Cl.
CPC ...
G06F 11/00 (2006.01); G06F 12/14 (2006.01); G06F 12/16 (2006.01); G06F 15/18 (2006.01); G08B 23/00 (2006.01);
U.S. Cl.
CPC ...
Abstract

An intrusion detection system (IDS) comprises a network processor (NP) coupled to a memory unit for storing programs and data. The NP is also coupled to one or more parallel pattern detection engines (PPDE) which provide high speed parallel detection of patterns in an input data stream. Each PPDE comprises many processing units (PUs) each designed to store intrusion signatures as a sequence of data with selected operation codes. The PUs have configuration registers for selecting modes of pattern recognition. Each PU compares a byte at each clock cycle. If a sequence of bytes from the input pattern match a stored pattern, the identification of the PU detecting the pattern is outputted with any applicable comparison data. By storing intrusion signatures in many parallel PUs, the IDS can process network data at the NP processing speed. PUs may be cascaded to increase intrusion coverage or to detect long intrusion signatures.

Find Patent Forward Citations

Loading…