Abstract: Techniques are described for managing QUIC connections. The techniques include identifying a first QUIC connection between a first and second device. Determining, from the connection, a first IP address and port number of the first device, a second IP address and port number of the second device, and a first CID. Storing an association between the first and second IP addresses, port numbers and first CID. Identifying a second QUIC connection between the first device and another device. Identifying, from the second connection, the first IP address and port number, a second CID, and a third IP address and port number. Determining if two of the following are met: the second IP address corresponds to the third IP address, the second port number corresponds to the third port number, the second CID corresponds to the first CID, if two are met, the first and second QUIC connections are the same.

Abstract: According to one embodiment of the invention, a method for use in intrusion detection includes storing a default signature file defining one or more default signatures and storing a customized signature file defining one or more custom signatures. The method also includes automatically generating, for each of the one or more signatures defined in the default signature file, executable code operable to detect intrusions associated with the default signatures. The method also includes automatically generating, for each of the custom signatures, executable code operable to detect intrusions associated with the custom signatures.

Abstract: According to one embodiment of the invention, a method for automatically generating software code operable to detect a defined signature in network traffic comprises providing an inspector shell, generating a plurality of parameter name-value associations from provided configuration data, and automatically generating, by computer, an instance of the inspector shell having a signature defined by the parameter name-value associations.