Data matching equipment and method as well as network intrusion detection equipment and method

A matching method and data technology, applied in the field of network security, can solve the problems such as the memory cannot be ignored, the scope of use is limited, and the matching efficiency of the DFA state machine is reduced, so as to achieve the effect of solving the problem of state expansion.

Active Publication Date: 2011-05-25
NSFOCUS INFORMATION TECHNOLOGY CO LTD +1
View PDF2 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, this method of compressing the number of states also has certain defects: first, when the DFA state machine itself is relatively complex, the memory occupied by the additional information (state bits) introduced by this method cannot be ignored; secondly, this method The method also lacks universality. For example, this method can better solve the state expansion problem of the regular expression .*ab.*cd|.*ef.*gh, but it cannot solve the regular expression .*ab[^ The state expansion caused by \n]*cd |.*ef[^\n]*gh
However

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Data matching equipment and method as well as network intrusion detection equipment and method
  • Data matching equipment and method as well as network intrusion detection equipment and method
  • Data matching equipment and method as well as network intrusion detection equipment and method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] Before describing the specific implementation of the present invention, first analyze the cause of the state machine in the DFA regular engine, it can be considered that most of the state number expansion problems are caused by the interaction between regular expressions , if the two regular expressions {pattern1} and {pattern2} are compiled independently, there will be no state expansion problem. However, compiling the regular expressions {pattern1} and {pattern2} together as a regular expression group (equivalent to the new regular expression pattern1|pattern2) may cause the problem of state number expansion. The study also found that only complex regular expressions with certain characteristics can interact to cause the number of states to expand. These complex regular expressions are, for example:

[0028] 1. A regular expression in the form of {subpattern1}.*{subpattern2} or {subpattern1}.+{subpattern2}. Among them, {subpattern1}.*{subpattern2} means to include 0 ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a regular expression based data matching method for matching data on the basis of a regular expression set comprising one or more regular expressions. The method comprises the following steps of: concentratively searching one or more complex regular expressions causing state number generated on the basis of the regular expressions to quickly increase in an index way during interaction in the regular expression set; constructing a simplified expression corresponding to each complex regular expression for each of the one or more searched complex regular expressions; compiling a simplified state machine on the basis of the constructed simplified expression and other regular expressions except for the one or more searched complex regular expressions in the regular expression set; compiling one or more state submachines, wherein each of the one or more state submachines is compiled on the basis of a corresponding complex regular expression in the one or more complex regular expressions; and matching data on the basis of the simplified state machine and the one or more state submachines. The invention also discloses data matching equipment with the data matching method as well as an intrusion detection equipment and method adopting the data matching method and equipment.

Description

technical field [0001] The invention relates to the field of network security, in particular to a network intrusion detection device and method for intrusion detection, and a regular expression-based data matching device and method thereof. Background technique [0002] In the field of network intrusion detection, regular expressions are often used to detect whether malicious data in a specific format is contained in network data to determine whether a network intrusion has occurred. Because regular expressions are flexible and expressive, they are widely used in the field of network intrusion detection. [0003] In order to use regular expressions for data matching, it is usually necessary to construct a regular engine based on regular expressions. Currently, there are two kinds of regular engines, namely NFA regular engine and DFA regular engine. However, since the backtracking characteristics of NFA cannot be changed, its matching speed cannot be greatly improved. There...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06G06F21/00
CPCH04L63/14H04L63/1408
Inventor 么刚韩啸张涛韩鹏程利军
Owner NSFOCUS INFORMATION TECHNOLOGY CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap