Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Regular expression matching system and regular expression matching method

An expression matching and expression technology, applied in the field of network security, can solve problems such as high memory usage, explosion, and slow matching speed, and achieve the effect of meeting the requirements of rule update time, strong scalability, and fast construction speed

Active Publication Date: 2012-06-27
CERTUS NETWORK TECHNANJING
View PDF4 Cites 19 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

DFA matching speed is fast, but the memory usage is too high. For many complex regular expression rules or large-scale regular expression rule sets, DFA will explode in state and cannot be constructed at all; NFA has a small memory usage, but the matching speed is extremely slow. , it cannot meet the actual network processing requirements on a multi-core or general-purpose processor platform
[0004] At present, the industry generally does not have a good solution for regular expression matching. The methods and bottlenecks are mainly: 1) Use the rule grouping idea proposed by the academic circle to divide the regular expression rules in a set into multiple groups, each A set of regular expression rules constructs a corresponding DFA that meets a certain memory footprint, and uses multiple DFAs for regular expression matching, but this cannot solve the problem that many single rules will cause the DFA state to explode, and it cannot be solved. In large-scale cases, there are too many grouped DFAs and the matching performance is too low; 2) In order to ensure a certain regular expression matching performance, the semantics of regular expression rules are changed to avoid generating DFA with state explosion, which greatly sacrifices regular expressions. 3) Extract the part of the approximate exact string in the regular expression rule as the pre-filtering rule, construct the DFA as the pre-filtering rule with the corresponding pre-filtering rule of all regular expression rules in a set, and Construct the original set of regular expression rules into NFA as the matching engine, filter out most of the determined unmatched content through the pre-filter, and only pass the suspected matching content to the matching engine for exact matching, but this cannot guarantee a match Performance, good or bad depends entirely on whether the matching engine is triggered

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Regular expression matching system and regular expression matching method
  • Regular expression matching system and regular expression matching method
  • Regular expression matching system and regular expression matching method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0036] The specific implementation manners of the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. The following examples are used to illustrate the present invention, but are not intended to limit the scope of the present invention.

[0037] Such as figure 1 As shown, the regular expression matching system of the present invention includes: a preprocessing unit, a matching unit and a forwarding unit, the preprocessing unit splits the rules in the regular expression rule set, and constructs a regular expression according to the split result The expression matching engine sends it to the matching unit, and the matching unit performs regular expression matching processing on the input network packet through the regular expression matching engine, and outputs the matching result to the forwarding unit, and the forwarding unit realizes storage and forwarding of the network packet.

[0038] The preprocessing...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a regular expression matching system and a regular expression matching method, which relate to the technical field of network security. The method comprises a preprocessing unit, a matching unit and a forwarding unit, wherein the preprocessing unit is used for splitting the rules in a regular expression rule set, constructing a regular expression matching engine according to the splitting result and sending the regular expression matching engine to the matching unit; the matching unit is used for performing regular expression matching treatment to an input network packet by the regular expression matching engine and outputting a matching result to the forwarding unit; and the forwarding unit implements storage and forwarding of the network packet. The regular expression matching method has high matching speed, is as good as DFA, takes up small internal memory, is as good as NFA, forms linear relation with the scale of the regular expression rule set, has high expandability, is fast in construction, can finish the preprocessing in a time nearly equal to or even shorter than the time for NFA construction under a non-splitting rule, and can satisfy the requirement on rule renewing time during actual processing.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a regular expression matching system and a matching method. Background technique [0002] Regular expression-based pattern matching, referred to as regular expression matching, is a key component of security gateway systems such as Deep Inspection Firewall, Network Intrusion Detection / Prevention System (NIDS / NIPS), and Unified Threat Management (UTM). and core technology. The regular expression matching monitors or filters the network packets by checking and processing the network packet payload (Payload) above the L4 layer of the OSI network protocol. [0003] Regular expression matching is mainly realized through two data structures of deterministic finite automata (DFA) and non-deterministic finite automata (NFA). DFA matching speed is fast, but the memory usage is too high. For many complex regular expression rules or large-scale regular expression rule sets, DFA w...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06G06F17/30
Inventor 王凯亓亚烜李军
Owner CERTUS NETWORK TECHNANJING
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com