Intrusion detection using secure signatures
A method and device for intrusion detection using secure signatures comprising capturing network data. A search hash value, value employing at least one one-way function, is generated from the captured network data using a first hash function. The presence of a search hash value match in a secure signature table comprising search hash values and an encrypted rule is determined. After determining a search hash value match, a decryption key is generated from the captured network data using a second hash function, a hash function different form the first hash function. One or more of the encrypted rules of the secure signatures table having a hash value equal to the generated search hash value are then decrypted using the generated decryption key. The one or more decrypted secure signature rules are then processed for a match and one or more user notifications are deployed if a match is identified.
- Research Organization:
- Idaho National Laboratory (INL), Idaho Falls, ID (United States)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- AC07-05ID14517
- Assignee:
- U.S. Department of Energy (Washington, DC)
- Patent Number(s):
- 8,850,583
- Application Number:
- 13/785,349
- OSTI ID:
- 1159917
- Country of Publication:
- United States
- Language:
- English
Detection of privilege escalation vulnerabilities using bag of words
|
patent | October 2016 |
Network security using encrypted subfields
|
patent | March 2016 |
Filtering network traffic using protected filtering mechanisms
|
patent | December 2015 |
Similar Records
Authentication Protocol for ICS without Encryption
Detecting and Blocking Network Attacks at Ultra High Speeds