Computer networks have become an increasingly important means for communicating public and private information between and within distributed locations. The Internet is one example of a public network commonly used for communicating public and private information. Internet web servers provide access to public information such as news, business information and government information which the Internet makes readily available around the world. The Internet is also becoming a popular form for business transactions, including securities transactions and sales of goods and services.
A large number of people have come to depend upon reliable Internet access and secure communications on a day-by-day and even second-by-second basis. Like the Internet, private networks also have become a common means for communicating important information. Private networks such as company intranets, local area networks (LANs), and wide area networks (WANs), generally limit access on a user-by-user basis and communicate data over dedicated lines or by controlling access through passwords, encryption, or other security measures.
One danger to reliable and secure network communications is posed by hackers or other unauthorized users disrupting or interfering with network resources. The danger posed by unauthorized access to computer network resources can vary from simple embarrassment to substantial financial losses. For example, serious financial disruptions occur when hackers obtain financial account information or credit card information and use that information to misappropriate funds.
Intrusion detection systems are commonly used to detect and identify unauthorized use of a computer network before network resources and information are substantially disrupted or violated. In general, intrusion detection systems track address data for traffic on the network. This data is organized into keysets representing attack profiles and is continually updated and accessed to identify potential attacks on the network.
Current methods for retrieving intrusion detection data search the data for each keyset relevant to the traffic being monitored. In the case of Internet Protocol (IP) traffic, this means that each packet monitored on the network generates from four to six searches of the data, which is detrimental to the overall performance of the intrusion detection system.