Using regexp's To Search IDS Data -- Patented

MiniGhost writes "Well... the USPTO is at it again! A recent search of their online patent database reveals a new patent issued on Nov 26, 2002. Apparently cisco has been issued patent #6,487,666, titled 'Intrusion detection signature analysis using regular expressions and logical operators.' So now they are claiming patent rights on the use of regular expressions and logical operators for IDS usage. It's only a matter of time before some corporation patents the stick man now!!"

Not quite...

[malakai]

So now they are claiming patent rights on the use of regular expressions and logical operators for IDS usage.

That's not the patent. If you read the patent, what they've done is created an abstraction for describing intrusion signatures, and integrated this into regulara and logical expressions. What they are really patenting are the new regular expression identifiers used to reprsent their pre-determined "signature events". This boils down to packet types, sequence of packet types, and other specific events they deem necessary to identify an intrusion. These events and the "view" at which they look at the sequence of packets is what's so key to this patent.

They could have hooked this into SQL like experssion, and patented it as extension objects to SQL. But Regular expressions obviously work much better.

This is a rather simple, yet great, idea. It should have been done before, yet it wasn't. Kudos to the people who thought about, and imo, they deserve a patent on it.

They are _not_ patenting Regular Expressions or Regular Experssion that run against packet data. Again, it's the fudemental "signature" events they are patenting. Much like a new programming language patenting some proprietary classes.

-malakai