公开(公告)号：WO2010057748A3

公开(公告)日：2010-09-16

申请号：PCT/EP2009064195

申请日：2009-10-28

Applicant: IBM ,  IBM UK ,  FRANKE HUBERTUS ,  YU HAO ,  NELMS II TERRY LEE ,  DENNERLINE DAVID ALLEN ,  LAPOTIN DAVID PAUL

Inventor： FRANKE HUBERTUS ,  YU HAO ,  NELMS II TERRY LEE ,  DENNERLINE DAVID ALLEN ,  LAPOTIN DAVID PAUL

IPC: H04L29/06 ,  H04L12/26

CPC classification number: H04L63/0227 ,  H04L43/026 ,  H04L43/16 ,  H04L63/0254 ,  H04L63/1416 ,  H04L63/1433

Abstract: Improved techniques are disclosed for use in an intrusion prevention system or the like. For example, a method comprises the following steps performed by a computing element of a network. A packet of a flow is received, the flow comprising a plurality of packets, wherein the plurality of packets represents data in the network. A network intrusion analysis cost-benefit value is determined representing a benefit for analyzing the received packet for intrusions in relation to a cost for analyzing the received packet for intrusions. The method compares the network intrusion analysis cost-benefit value to a network intrusion analysis cost-benefit threshold to determine whether analyzing the received packet for intrusions before forwarding the received packet is warranted. Responsive to a determination that analyzing the received packet for intrusions before forwarding the received packet is not warranted, the received packet is forwarded, an indication is made that subsequent packets of the flow should be forwarded, and a determination is made whether the received packet indicates an intrusion after forwarding the received packet.

Abstract translation: 公开了用于入侵防御系统等的改进的技术。 例如，一种方法包括由网络的计算元件执行的以下步骤。 接收到流的分组，所述流包括多个分组，其中所述多个分组表示网络中的数据。 确定网络入侵分析成本效益值，其代表用于分析入侵的接收分组相对于用于分析所接收的分组的入侵成本的成本的益处。 该方法将网络入侵分析成本效益值与网络入侵分析成本效益阈值进行比较，以确定在转发接收到的分组之前是否分析接收到的攻击包的数据包。 响应于在转发接收到的分组之前分析入侵的接收分组的确定是不合理的，所接收的分组被转发，指示应该转发流的后续分组，并且确定接收到的分组是否指示 转发接收到的数据包后的入侵。

公开(公告)号：WO2010057748A2

公开(公告)日：2010-05-27

申请号：PCT/EP2009/064195

申请日：2009-10-28

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION ,  IBM UNITED KINGDOM LIMITED ,  FRANKE, Hubertus ,  YU, Hao ,  NELMS II, Terry Lee ,  DENNERLINE, David Allen ,  LaPOTIN, David Paul

Inventor： FRANKE, Hubertus ,  YU, Hao ,  NELMS II, Terry Lee ,  DENNERLINE, David Allen ,  LaPOTIN, David Paul

IPC: H04L29/06

CPC classification number: H04L63/0227 ,  H04L43/026 ,  H04L43/16 ,  H04L63/0254 ,  H04L63/1416 ,  H04L63/1433

Abstract: Improved techniques are disclosed for use in an intrusion prevention system or the like. For example, a method comprises the following steps performed by a computing element of a network. A packet of a flow is received, the flow comprising a plurality of packets, wherein the plurality of packets represents data in the network. A network intrusion analysis cost-benefit value is determined representing a benefit for analyzing the received packet for intrusions in relation to a cost for analyzing the received packet for intrusions. The method compares the network intrusion analysis cost-benefit value to a network intrusion analysis cost-benefit threshold to determine whether analyzing the received packet for intrusions before forwarding the received packet is warranted. Responsive to a determination that analyzing the received packet for intrusions before forwarding the received packet is not warranted, the received packet is forwarded, an indication is made that subsequent packets of the flow should be forwarded, and a determination is made whether the received packet indicates an intrusion after forwarding the received packet.

Abstract translation: 公开了用于入侵防御系统等的改进技术。 例如，一种方法包括由网络的计算元件执行的以下步骤。 接收流的分组，该流包括多个分组，其中多个分组代表网络中的数据。 确定网络入侵分析成本 - 效益值，其表示与用于分析所接收的入侵分组的成本相关的分析所接收的入侵分组的益处。 该方法将网络入侵分析成本 - 效益值与网络入侵分析成本 - 效益阈值进行比较，以确定在转发所接收的分组之前是否分析接收到的入侵分组的入侵是有保证的。 响应于在转发所接收的分组之前未对分析所接收的分组的入侵进行确认的确定，将所接收的分组转发，做出应该转发该流的后续分组的指示，并且确定所接收的分组是否指示 转发收到的数据包之后进行入侵。