1
Steven D Shanklin, Thomas E Bernhard, Gerald S Lathem: Intrusion detection signature analysis using regular expressions and logical operators. Cisco Technology, Baker Botts L, November 26, 2002: US06487666 (418 worldwide citation)

A method of describing intrusion signatures, which are used by an intrusion detection system to detect attacks on a local network. The signatures are described using a “high level” syntax having features in common with regular expression and logical expression methodology. These high level signature ...


2
Steven D Shanklin, Gerald S Lathem: Parallel intrusion detection sensors with load balancing for high speed networks. Cisco Technology, Baker Botts L, June 10, 2003: US06578147 (209 worldwide citation)

Various embodiments of a method and system for detecting unauthorized signatures to or from a local network. Multiple sensors are connected at an internetworking device, which can be a router or a switch. The sensors operate in parallel and each receives a portion of traffic through the internetwork ...


3
Steven D Shanklin, Thomas E Bernhard, Gerald S Lathem: Intrusion detection signature analysis using regular expressions and logical operators. Cisco Technology, Baker Botts L, September 14, 2004: US06792546 (136 worldwide citation)

A method of describing intrusion signatures, which are used by an intrusion detection system to detect attacks on a local network. The signatures are described using a “high level” syntax having features in common with regular expression and logical expression methodology. These high level signature ...


4
Thomas E Bernhard, Steven D Shanklin, Gerald S Lathem: Network intrusion detection signature analysis using decision graphs. Cisco Technology, Baker Botts L, August 19, 2003: US06609205 (121 worldwide citation)

A method of detecting signatures representing misuse of a local network. Known reference signatures having one or more common events are identified, and represented with a decision graph having one or more shared nodes. Each node of the decision graph represents the occurrence of an event. Given a s ...


5
Steven D Shanklin, Gerald S Lathem: Parallel intrusion detection sensors with load balancing for high speed networks. Cisco Technology, Baker Botts L, October 11, 2005: US06954775 (68 worldwide citation)

Various embodiments of a method and system for detecting unauthorized signatures to or from a local network. Multiple sensors are connected at an internetworking device, which can be a router or a switch. The sensors operate in parallel and each receives a portion of traffic through the internetwork ...


6
Steven D Shanklin, Gerald S Lathem: Parallel intrusion detection sensors with load balancing for high speed networks. Cisco Technology, Baker Botts L, August 7, 2012: US08239942 (7 worldwide citation)

Various embodiments of a method and system for detecting unauthorized signatures to or from a local network. Multiple sensors are connected at an internetworking device, which can be a router or a switch. The sensors operate in parallel and each receives a portion of traffic through the internetwork ...


7
Craig H Rowland, Nathan M Cohen, Steven D Shanklin, Steve R Snapp, Stephen B Campos, Stephen A Burke: Method and system for analyzing and addressing alarms from network intrusion detection systems. Baker Botts, October 16, 2003: US20030196123-A1

According to one embodiment of the invention, a method for analyzing and addressing alarms from network intrusion detection systems includes receiving an alarm indicating an attack on a target host may have occurred, automatically accessing the target host in response to the alarm, and identifying t ...


8
Steven D Shanklin, Gerald S Lathem: Parallel intrusion detection sensors with load balancing for high speed networks. Cisco Technology a California corporation, Baker Botts, September 22, 2005: US20050207420-A1

Various embodiments of a method and system for detecting unauthorized signatures to or from a local network. Multiple sensors are connected at an internetworking device, which can be a router or a switch. The sensors operate in parallel and each receives a portion of traffic through the internetwork ...