BARTON P MILLER
Pilots at Owen Dr, Madison, WI

2006025, Nov 9, 2006

Dec 5, 2005

11/294585

Shai Rubin - Madison WI, US
Somesh Jha - Madison WI, US
Barton Miller - Madison WI, US

G06F 12/14

726023000

Systems, methods and devices according to this invention include a plurality of defined modification rules for modifying a sequence of packets that form an attack on an intrusion detection system. These modification rules include both rules that expand the number of packets and rules that reduce the number of packets. The reducing rules can be applied to a given attack instance to identify one or more root attack instances. The expanding rules can then be applied to each root attack instance to generate a corpus of modified attack instances. The modification rules can preserve the semantics of the attack, so that any modified attack instance generated from the given attack instance remains a true attack. To test an intrusion detection system, the corpus of modified attack instances can be used to determine whether an intrusion detection system detects every modified attack instance.

8220048, Jul 10, 2012

Aug 21, 2006

11/507109

Shai Aharon Rubin - Madison WI, US
Somesh Jha - Madison WI, US
Barton Paul Miller - Madison WI, US

Wisconsin Alumni Research Foundation - Madison WI

H04L 29/06

726 22, 713188

A network intrusion detection system combines the normally sequential steps of protocol analysis, normalization, and signature matching through the use of a regular expression to speed the monitoring of network data. The regular expression also allows the creation of a superset matcher, permitting multiple stages of matching of increased accuracy to produce additional throughput gains.