This disclosure relates to network security.
The prevalence and accessibility of computer networks requires security measures to protect valuable information. Such security measures include a user and password login in which a user provides login credentials (e.g., a user identifier, a password, and perhaps other information) proving that the user is authorized to access one or more systems, and monitoring network traffic using intrusion prevention systems, firewalls, anti-malware scanners, data leakage prevention systems, URL and content filtering systems. These security enhancing systems are governed by a set of policies, some of them are standardized (Eg. HIPAA, GLBA) and some are corporate policies (e.g., rules that permit one or more groups to have access to critical information).
For a security system that is serving a large enterprise, implementing these security measures can introduce processing and/or transmission delays. Limiting such delays is desirable to the extent that the delays can be limited without compromising security. One general approach to limit the processing delays is to store the previously processed information result with easy accesses to it using lookup tables and databases. Network security measures can use search lookup tables, databases, or other types of datastores to perform a comparison operation to verify that a given network activity is authorized and/or non-malicious. Datastores are generally optimized in order to speed the retrieval of stored information, but these optimizations generally do not reduce processing times where an operation attempts to find information not included in the stored data. Such operations, referred to as failure queries, can introduce undesirable delays in network security system processing.
Denial of service attacks attempt to exploit processing delays caused by failure queries in order to slow down one or more servers, and/or prevent legitimate use of network services.