Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Rule compiling and matching method and device

A matching method and rule technology, applied in the computer field, can solve problems such as time-consuming, and achieve the effect of improving efficiency and reducing the number of rules

Active Publication Date: 2014-08-06
NSFOCUS INFORMATION TECHNOLOGY CO LTD +1
View PDF5 Cites 43 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

When Snort builds the rule tree, it divides all detection rules into Internet Protocol (Internet Protocol, IP), Transmission Control Protocol (Transmission Control Protocol, TCP), User Datagram Protocol (User Datagram Protocol, UDP) and Internet Control Message Protocol (Internet Control Message Protocol, ICMP) four main nodes, and then the detection rules are correspondingly stringed on the four main nodes in the form of a linked list, and after capturing the network data flow, match the IP, TCP, UDP or ICMP, after matching one of the four main nodes, it traverses all the rules in the corresponding linked list from the head of the linked list in sequence. Therefore, Snort consumes a lot of time in matching and detecting network data streams. time

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Rule compiling and matching method and device
  • Rule compiling and matching method and device
  • Rule compiling and matching method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

[0024] Embodiments of the present invention provide a method for compiling and matching rules, such as figure 1 As shown, the method includes:

[0025] Step 101, obtain the data to be matched, and determine the corresponding sub-rule tree in the rule tree after applying and identifying the data to be matched according to the protocol type and por...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention provides a rule compiling and matching method and device, and relates to the field of computers. When network data stream rules are matched, traversal matching does not need to be carried out on all the rules, the number of the rules needing to be matched is reduced, and the searching and matching efficiency is effectively improved. According to the specific scheme, data to be matched are acquired firstly, application identification is carried out on the data to be matched according to protocol types and port types corresponding to the data to be matched, then a corresponding sub-rule tree is determined in a rule tree, the characteristic element types of a plurality of characteristic elements included in the data to be matched are determined, corresponding rule subsets are acquired from the sub-rule tree according to the characteristic element types, and finally the data to be matched are matched according to rules including in the rule subsets. The method and device are used for intrusion detection.

Description

technical field [0001] The embodiments of the present invention relate to the field of computers, and in particular to a method and device for compiling and matching rules. Background technique [0002] With the widespread use of computers and networks, the means of attack from network security threats are gradually becoming more and more complex, and it is becoming more and more important to ensure computer and network security. [0003] Intrusion detection can actively discover attacks and protect in real time, and plays an important role in computer network security. The rule compilation and matching mechanism adopted by the open source intrusion detection and protection system represented by Snort is roughly as follows: generate a rule tree according to the detection rules, where the detection rules It consists of a set of feature elements with logical relationships. The feature elements are pattern strings defined in applications such as intrusion detection, anti-virus,...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06F17/30
Inventor 孙兆兴韩鹏覃永靖
Owner NSFOCUS INFORMATION TECHNOLOGY CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com