Telecommunications is becoming increasingly important in today's society. Both voice and data networks are pervasive and are relied upon in many aspects of one's day-to-day life. For example, local area networks within a company are widely used and the use of the Internet, one example of a wide-area network, has become commonplace. With the pervasive use of networks, the possibility exists for nefarious attacks on the networks. Such attacks or misuse may be effected as a prank or for more deliberate reasons. In order to combat such attacks or misuse, intrusion detection is used. Intrusion detection refers to detecting activity on a network that is associated with an attack or misuse on the network.
Intrusion detection conventionally involves examining traffic and comparing it to stored signatures. Stored signatures characterize particular traffic that is known to be associated with attacks on a network, and in this way are analogous to fingerprints, or a person's handwritten signature. A signature stores a set of events or patterns associated with network traffic. A problem with conventional intrusion detection is that generating signatures is a difficult and time consuming process and such generation may take too long to rapidly adjust to new network intrusion threats.