This specification relates to intrusion detection systems.
Modern computer networks are under a constant threat of unauthorized access by external attackers. Worms and other malicious software processes propagate through the Internet and infect computers. Hackers attempt to gain access to proprietary systems.
Intrusion detection software attempts to identify malicious attacks before they can compromise a computer network. New threats to network computers are continually discovered and intrusion detection systems need to check for attacks from these threats. At the same time, the increase in network transmission speeds requires a system to process more checks in less time.
One common form of intrusion detection is based on rules. Rules are designed to detect to a known threat. When a new threat is identified, a new rule may be constructed to detect it. For example, SNORT is an intrusion detections system with an extensible rule base. A rule in a rule set may describe multiple conditions which have to be met in order for the rule to be determined positive.