Unlock instant, AI-driven research and patent intelligence for your innovation.

Fast matching method for WAF security rules

A matching method and rule technology, applied in the direction of electrical components, transmission systems, etc., can solve the problem of low matching efficiency of WAF rules, and achieve the effect of maintaining efficient matching and efficient matching methods

Inactive Publication Date: 2017-03-22
成都知道创宇信息技术有限公司
View PDF9 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The technical problem to be solved by the present invention is to provide a fast matching method for WAF security rules, by converting the rule set into a strictly layered rule graph, using the rule graph to match data packets, and adjusting the rule graph according to the rule interception ratio. Layers and other methods to solve the problem of low efficiency of WAF rule matching

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Fast matching method for WAF security rules
  • Fast matching method for WAF security rules
  • Fast matching method for WAF security rules

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0022] The present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments. The method of the present invention includes structuring the rule set using a directed graph, generating a rule graph, using the rule direction to perform security rule matching, adjusting the layering of the rule graph according to the interception statistical data of a fixed period, and generating a new rule directed graph . The details are as follows:

[0023] 1. Convert the existing rules into a logical statement according to the principle of logical atomization, for example: rule R1 is converted into R1a&(R1b|R1c)&R1D, which consists of four sub-conditions and logical operators.

[0024] 2. Convert the rule set composed of logical statements into a rule graph. The rule graph is strictly hierarchical. If the same sub-condition exists in rule R1 and rule R2, the sub-condition will be merged in the rule graph and sink to the bottom ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a fast matching method for WAF security rules. The fast matching method for WAF security rules comprises the following steps: converting an existing rule to a logical statement according to the principle of logical atomization, wherein the logical statement comprises a plurality of logical sub conditions and logical operators; converting the rule set including the logical statements to a rule graph; preprocessing the data packets, including data format processing and data decoding; matching the processed packets hierarchically by means of the rule graph, and checking whether the end node is matched or not; counting the intercepted data, and adjusting the layering of the rule graph according to the interception ratio, wherein the rules with high interception ratio are overall adjusted downward, and the rules with low interception ratio are overall adjusted upward. The fast matching method for WAF security rules disclosed by the invention is more efficient, and by means of the fast matching method for WAF security rules, the layering of the rule graph is adjusted periodically according to the attack situation, therefore, the purpose of maintaining efficient matching is achieved.

Description

technical field [0001] The invention relates to the field of WAF security rules, in particular to a fast matching method for WAF security rules. Background technique [0002] A regular graph is a strictly hierarchical directed acyclic graph generated according to rules. The WAF rule graph converts each rule into a logical statement according to the internal logical relationship of the WAF rules, then merges the same statements, and generates a strictly hierarchical directed acyclic graph according to the importance of each sub-statement. [0003] In the prior art, WAF rules are used serially to match data packets until a rule is matched or all rules are matched. Using this method, the main problem is: sequential matching often results in a lot of unnecessary matching before the real interception rules are matched. If it is a normal data packet, all the rules are often matched. Therefore, Its matching efficiency is low, often causing normal business to slow down. Contents...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/0263
Inventor 邓金城
Owner 成都知道创宇信息技术有限公司