State tree matching method capable of finishing integer matching

A matching method and state tree technology, which are applied in digital transmission systems, data exchange networks, electrical digital data processing, etc., can solve the problems of parallel pattern matching that cannot be integrated into strings, cannot be performed in parallel, and affect processing performance, and reduce hardware. overhead, increased processing speed, increased efficiency

Inactive Publication Date: 2009-09-09
BEIJING VENUS INFORMATION TECH
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Among them, the matching of two character strings (abcd and ghjkl) can use the parallel pattern matching method based on the state tree, no matter how many patterns can complete the data matching at one time, but the data matching (34 and 67) can only be done through the traditional Data calculations are done sequentially and cannot be done in parallel
Therefore, when there are many matching patterns, the matching of integers cannot be integrated into the parallel pattern matching of strings on the one hand, and on the other hand, it must be performed serially one by one, which affects the overall processing performance

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • State tree matching method capable of finishing integer matching
  • State tree matching method capable of finishing integer matching
  • State tree matching method capable of finishing integer matching

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0026] This embodiment is a state tree matching method capable of completing integer matching, figure 1 The process flow of the method is described. Divided into 2 stages and 5 steps:

[0027] Initialization phase:

[0028] ●Read integer definition mode: read the integer comparison definition formula in the file, the definition format is as follows:

[0029] [addr, num] op data

[0030] Among them, addr indicates the position of the integer in the input data, or the offset; num indicates the integer type, which has three types: 1-byte integer, 2-byte integer, and 4-byte integer; op is the operation operator, including > (greater than operation), >= (greater than or equal to operation), = (equal to operation), <= (less than or equal to operation), < (less than operation) five types; data is the data value for comparison. Examples are as follows:

[0031] [10, 2] > 100: indicates a two-byte integer offset by 10 bytes from the start position, and its value is greater than 10...

Embodiment 2

[0038] This embodiment is the refinement of the generated state tree in Embodiment 1. It is a preferred solution, and it is a method for establishing a state tree structure generated by a one-byte integer. figure 2 Shown is the state tree structure generated by a one-byte integer. This embodiment adopts the multi-mode matching method of AC, the core of which is to generate a state tree for matching. figure 2 Describes the state tree structure of a one-byte integer and the state nodes of the corresponding five operation modes.

[0039] ●[Single-byte x]: Indicates the matching start node, and the current integer value is x;

[0040] ●[00], [x-1]: indicate the state tree nodes that are less than x; the operation results corresponding to these nodes should be less than the state, that is, the match is successful when the mode is defined as less than x;

[0041] ●[x]: indicates the state tree node equal to x; the operation result corresponding to this node should be equal to th...

Embodiment 3

[0051] This embodiment is a refinement of the generated state tree in Embodiment 1, which is a preferred solution, and is a state tree structure generated by a two-byte integer. image 3 A state tree structure generated by a two-byte integer is described. The state tree has two layers, and two consecutive matches need to be performed on two bytes. image 3 The state tree structure of the two-byte integer and the corresponding state nodes of the five operation modes are illustrated.

[0052] ●[High byte x][Low byte y]: indicates the matching start node, the value of the high byte of the current integer is x, and the value of the low byte is y;

[0053] ●[High byte x]: First match the high byte, there are three possible results: greater than x, equal to x, less than x; on the basis of these three states, match the low byte;

[0054] ●[low byte y][* "Indicates any value; the matching result must be less than the state;

[0055] ●[low byte y][>x]: when the high byte value is gre...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a state tree matching method capable of finishing integer matching and finishing the numerical value matching of integers when finishing the universal parallel mode matching, in particular to a method used for intrusion monitoring and auditing of a computer or network and based on data monitoring. The method comprises the following steps: integer defining mode reading, state tree producing, data reading, mode matching and result reporting. The invention can finish the integer matching when finishing the character string matching, thereby increasing the matching speed, quickening the data detection and auditing speed, reducing the hardware expenses and improving the data detection and auditing efficiency.

Description

technical field [0001] The invention relates to a state tree matching method capable of completing integer matching, which is a parallel mode processing method, and completes integer value matching while completing general character string pattern matching. It is a method for various data-based monitoring systems such as computer or network intrusion monitoring and auditing. Background technique [0002] In current monitoring systems for various network messages and file data, not only string content needs to be monitored, but also integer values ​​at different positions in network messages or files need to be monitored. A single integer match operation is simple and very fast, but it is not very efficient when there are multiple integers to compare and it is done in conjunction with a string match. [0003] In the current various monitoring systems such as IDS and auditing, integer comparisons are performed separately from string comparisons, and then all matching results ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/24H04L29/06G06F21/00
Inventor 许金鹏邓炜赵东宾王虹
Owner BEIJING VENUS INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap