Algorithm 2. Detection and matching

INPUT: $input pkgs$ = { $P_1$, $P_2$,…, $P_n$ }     policy table: F = { $F_1$, $F_2$,…, $F_n$ } OUTPUT: Event_Match 1. for each $P_i$ in $pkgs$ do 2.   for each $F_i$ in F 3.     if $P_i$.ip == $F_i$.ip do 4.        if L($P_i$) in $F_i$.key and L($P_i$) not in $F_i$.keylist do 5.           $F_i$.keylist.append(L($P_i$)) 6.           $F_i$.lastpkt_time = T($P_i$) 7.        endif 8.        if L($P_i$) in $F_i$.high and L($P_i$) not in $F_i$.highlist do 9.           $F_i$.highlist.append(L($P_i$)) 10.          lastpkt = T($P_i$) 11.       endif 12.    endif 13.  endfor 14.  for each $F_i$ in F 15.    if L($F_i$.keylist) >= L($F_i$.key)–fix and L($F_i$.highlist) >= L($F_i$.key)–high fix do 16.       Event_Match [$F_i$.name].append($F_i$.lastpkt_time) 17.       clearall F.keylist, F.highlist, F.lastpkt_time 18.       break 19.    endif 20.  endfor 21.  for each $F_i$ in F 22.    if T($P_i$)–$F_i$.lastpkt_time < $F_i$.max_time 23.       clear 24.       clear $F_i$.keylist, $F_i$.highlist, $F_i$.lastpkt_time 25.    endif 26.  endfor