US Patent 11784974 Method and system for intrusion detection and prevention

The present teaching generally relates to providing optimized access control rules. A request may be received from a client device. A determination may be made, based on the request, that an update is needed for access control rule information for the client device. Rule data may be generated. The rule data may include a plurality of data buckets each including one or more access control rules, each data bucket of the plurality being associated with a range of destination port numbers, and where each of the one or more access control rules comprise a set of tuples having a common source network and source port number, and one or more destination port numbers associated with the common source network and source port number. The rule data may be sent to the client device.