1
Steven D Shanklin, Thomas E Bernhard, Gerald S Lathem: Intrusion detection signature analysis using regular expressions and logical operators. Cisco Technology, Baker Botts L, November 26, 2002: US06487666 (418 worldwide citation)

A method of describing intrusion signatures, which are used by an intrusion detection system to detect attacks on a local network. The signatures are described using a “high level” syntax having features in common with regular expression and logical expression methodology. These high level signature ...


2
Steven D Shanklin, Gerald S Lathem: Parallel intrusion detection sensors with load balancing for high speed networks. Cisco Technology, Baker Botts L, June 10, 2003: US06578147 (209 worldwide citation)

Various embodiments of a method and system for detecting unauthorized signatures to or from a local network. Multiple sensors are connected at an internetworking device, which can be a router or a switch. The sensors operate in parallel and each receives a portion of traffic through the internetwork ...


3
Robert E Gleichauf, Gerald S Lathem, Scott V Waddell: Domain mapping method and system. Cisco Technology, Baker Botts L, July 2, 2002: US06415321 (162 worldwide citation)

A method and system for mapping a network domain provides a centralized repository for network information to support network devices, including an intrusion detection system. A domain mapping device includes an acquisition engine for acquiring network information, hypercube storage for storing netw ...


4
Steven D Shanklin, Thomas E Bernhard, Gerald S Lathem: Intrusion detection signature analysis using regular expressions and logical operators. Cisco Technology, Baker Botts L, September 14, 2004: US06792546 (136 worldwide citation)

A method of describing intrusion signatures, which are used by an intrusion detection system to detect attacks on a local network. The signatures are described using a “high level” syntax having features in common with regular expression and logical expression methodology. These high level signature ...


5
Thomas E Bernhard, Steven D Shanklin, Gerald S Lathem: Network intrusion detection signature analysis using decision graphs. Cisco Technology, Baker Botts L, August 19, 2003: US06609205 (121 worldwide citation)

A method of detecting signatures representing misuse of a local network. Known reference signatures having one or more common events are identified, and represented with a decision graph having one or more shared nodes. Each node of the decision graph represents the occurrence of an event. Given a s ...


6
Steven D Shanklin, Gerald S Lathem: Parallel intrusion detection sensors with load balancing for high speed networks. Cisco Technology, Baker Botts L, October 11, 2005: US06954775 (68 worldwide citation)

Various embodiments of a method and system for detecting unauthorized signatures to or from a local network. Multiple sensors are connected at an internetworking device, which can be a router or a switch. The sensors operate in parallel and each receives a portion of traffic through the internetwork ...


7
Kevin L Wiley, Gerald S Lathem, Michael L Hall Jr: Method and system for maintaining network activity data for intrusion detection. Cisco Technology, Baker Botts L, March 21, 2006: US07017185 (21 worldwide citation)

A method and system for maintaining network activity data for intrusion detection includes storing data representative of network activity in datasets. The datasets include root datasets each having a root keyset and child datasets each having a child keyset with a key combination derived from and l ...


8
Kevin L Wiley, Michael L Hall, Gerald S Lathem, Robert E Gleichauf: Method and system for addressing intrusion attacks on a computer system. Cisco Technology, Baker Botts L, April 28, 2009: US07526806 (19 worldwide citation)

According to one embodiment of the invention, a computerized method for addressing intrusion attacks directed at a computer includes receiving a data stream corresponding to a potential attack on the computer and calculating an event risk rating for the data stream. Calculating the event risk rating ...


9
Craig Allen Williams, Gerald S Lathem: Enhanced server to client session inspection. Cisco Technology, Patterson & Sheridan, October 11, 2011: US08037528 (10 worldwide citation)

In one embodiment, a technique for enhancing the inspection of data sent from a server is provided. By modifying a client request in an effort to prevent the transformation (e.g., encoding and/or compression) of data by the server, unencoded data may be received, which can be inspected without the o ...


10
Steven D Shanklin, Gerald S Lathem: Parallel intrusion detection sensors with load balancing for high speed networks. Cisco Technology, Baker Botts L, August 7, 2012: US08239942 (7 worldwide citation)

Various embodiments of a method and system for detecting unauthorized signatures to or from a local network. Multiple sensors are connected at an internetworking device, which can be a router or a switch. The sensors operate in parallel and each receives a portion of traffic through the internetwork ...