Multi-mode regular expression matching method and apparatus

An expression matching and expression technology, which is applied in the field of network security, can solve problems such as large data volume, affecting matching performance, and poor filtering effect, and achieve the effects of reducing the pass rate, improving the filtering effect, and maximizing the filtering speed

Active Publication Date: 2015-09-09
NEUSOFT CORP
View PDF5 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Since the strings in this method are directly extracted from the regular expressions, the length and quantity of the strings cannot guarantee the quality of filtering. Strings or non-discriminative strings, the filtering effect of this method is not good, resulting in a huge amount of data entering the regular expression matching, which seriously affects the entire matching performance

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Multi-mode regular expression matching method and apparatus
  • Multi-mode regular expression matching method and apparatus
  • Multi-mode regular expression matching method and apparatus

Examples

Experimental program
Comparison scheme
Effect test

example 1

[0101] Example 1: Regular expression

[0102] "(20[01][\\x09-\\x0d-~]*(AUTH IN FO U SE R|new s)finger" can be divided into "20, [01][\\x09-\\x0d-~ ]*(AUTH IN FO U SE R|new s), 3 character strings of finger". The first "20" and the last "finger" are exact strings, the middle "[01][\\x09 -\\X0d-~]*(AUTH IN FO U SE R|new s)" is a fuzzy character string.

[0103] After the segmentation, the fuzzy character string can also be further determinized. Next, the determinization process of the fuzzy character string will be explained by way of examples.

[0104] The determinization method is to further determinize some fuzzy strings of specific composition. The implementation principles are: simple operation, no reduction of semantic coverage, merging of adjacent precise strings, and controllable number of divided strings. For example, it can be implemented step by step:

[0105] (1) For ambiguous strings containing suffix characters or phrases, determine them into strings that carry precise c...

example 2

[0106] Example 2: The regular expression "abc{3,10}de" is divided into "ab,c{3,10},de", and c{3,10} is determined as cccc{0, after fuzzy string determinization, 7}, then merge it with the exact string "ab" adjacent to the left to get "abccc,c{0,7},de".

[0107] For another example, "a+" is determined as "aa*", and the exact character after the determination is merged with the exact character string obtained by the adjacent segmentation.

example 3

[0108] Example 3: Split the regular expression "abc+de" into "ab, c+, de", determine the fuzzy string "c+" into "cc*", and then divide it according to the position of the split string Combine with the adjacent exact string "ab" to get "abc, c*, de";

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention provides a multi-mode regular expression matching method and apparatus. The method comprises: filtering to-be-matched data according to a fist layer filter feature set to obtain data segments and targeted exact character strings upon the first layer filtering; searching for a corresponding regular expression superset according to the targeted exact character strings, and conducting second layer filtering on the data segments obtained via the first layer filtering to obtain data segments and a targeted regular expression superset upon the second layer filtering; determining a corresponding regular expression according to the targeted regular expression superset, and matching the data segments upon the second layer filtering by using the regular expression. According to the technical solutions provided by the present invention, the filtering rate and effect are improved via two layer filtering, thereby ensuring stability of the matching performance, and preventing passage of pure data.

Description

Technical field [0001] This application relates to the field of network security technology, and in particular to a method and device for multi-pattern regular expression matching. Background technique [0002] Regular expression is a form of expression that describes character strings, with free and accurate expression capabilities. It has a wide range of applications in the field of network security and is often used to describe network data with attack intent. In an intrusion detection system, it usually contains a collection of regular expressions describing a large number of attack characteristics. In the detection process, a multi-pattern regular expression matching method is used to match the regular expression set with the network data stream to discover the attack behavior. With the development of the Internet, network services have increased, the network environment has become increasingly complex, and the bandwidth of data traffic has continued to increase. Multi-mode...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F17/30
CPCG06F16/903
Inventor 侯智瀚邹荣珠
Owner NEUSOFT CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap