A computer network typically includes a collection of interconnected computing devices that exchange data and share resources. The devices may include, for example, web servers, database servers, file servers, routers, printers, end-user computers and other devices. The variety of devices may execute a myriad of different services and communication protocols. Each of the different services and communication protocols exposes the network to different security vulnerabilities.
Conventional techniques for detecting network attacks use pattern matching. In particular, regular expressions or sub-string matches are used to detect defined patterns within a protocol stream. Multiple patterns may be used in an attempt to improve the accuracy of the attack detection. In some situations, however, it is difficult to detect certain network attacks using solely pattern matching.