Today, virtually all organizations using computer resources face the problem of electronic intrusion. This problem is particularly prevalent where local networks are connected to the World Wide Web which, as is well known, includes millions of computer hosts and hundreds of millions of users. Generally speaking, electronic intrusion is any unauthorized access to a local network or a standalone computer. Some of the many purposes behind electronic intrusion include theft of propriety information, collection of statistical data through “spyware,” hijacking the processing power of computer resources (also known as “zombifying” computers), intentional slowing down of a competitor's network or server, and distribution of viruses. One vehicle for electronic intrusion is unsolicited email communication, “spam,” although this may not be the only means of electronic intrusion.
It is estimated that spam alone costs the world economy tens of billions of dollars annually in lost productivity. Organizations worldwide accordingly spend millions of dollars and significant amounts of engineering time each year to combat electronic intrusions. However, the existing methods of detecting network intrusions may be only moderately effective. Equally importantly, these existing methods may significantly slow down computer hosts or even entire networks, and often introduce noticeable delays to internet communications.
A state-of-the-art technique of detecting network intrusion involves software-based pattern recognition employing, for example, the industry standard “snort” rules that are applied to message headers. This intrusion detection methodology may be applied to either incoming or outgoing traffic.