Method and device for reducing network security scanning rule set

A network security and rule-based technology, applied in the information field, can solve problems such as low sequential matching and pattern matching performance, high complexity of malicious code detection rules, and limited portability of detection engines.

Active Publication Date: 2022-05-17
BEIJING ACT TECH DEV CO LTD
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] 4) Match by packet / stream: packet - match by single packet, stream -- match by flow, this configuration is not effective at present;
[0026] The main customers of the detection engine are communication operators. The traffic monitoring equipment deployed by the operators has a large access traffic and the rules for malicious code detection are highly complex. Emphasis on the network security situation, further strengthening of network security supervision, the number of rules will further increase, and the performance of sequential matching and pattern matching is low, so the detection engine has become the performance bottleneck of network security monitoring;
[0027] (2) Portability issues:
[0028] Hyperscan is a high-performance regular expression matching engine library provided by Intel. It can only be used on the x86 hardware platform, and cannot be used on ARM, MIPS, PowerPC and other platforms, so the portability of the detection engine is limited.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for reducing network security scanning rule set

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0055] see figure 1 , the reduction device of the network security scanning rule set provided by the present invention is composed of a rule classifier 1, a classification rule temporary store 2, a character string extractor 3, a regular expression extractor 4, a character string mapping rule set 5 and a regular expression The mapping rule set consists of 6;

[0056] Rule classifier 1 reads the original rule set, which is a standard specification document for network message analysis and detection written according to the MTX rules;

[0057] The rule classifier 1 classifies the rules according to the protocol according to the protocol type field of each rule in the original rule set to form a rule set 20 based on the TCP protocol, a rule set 21 based on the HTTP protocol, a rule set 22 based on the UDP protocol, and a rule set based on the DNS protocol. The rule set 23 of the protocol, each rule set is stored in the classification rule temporary register 2, and there is the f...

Embodiment 2

[0071] When scanning network protocols:

[0072] 1. First read the string mapping rule set 5 and the regular expression mapping rule set 6 into the computer memory;

[0073] 2. According to the type of the network protocol being scanned, select the subset of the string mapping rule set 5 and the subset of the regular expression mapping rule set 6 participating in the scan, and complete the operation of narrowing the calculation range for the first time;

[0074] 3. Extract the string of the scanned network protocol by the character string extractor 3. When the string of the scanned network protocol has a mapped rule number in the subset of the string mapping rule set 5, the output rule number is a character String detailed comparison number set, the rule number in the string detailed comparison number set is the rule number for determining the participating and scanned network protocols for detailed comparison, and completes the second operation of narrowing the calculation ra...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

A method and device for reducing a network security scanning rule set relate to the field of information technology. The invention is composed of a rule classifier, a classification rule temporary register, a character string extractor, a regular expression extractor, a character string mapping rule set and a regular expression mapping rule set. The present invention performs secondary conversion processing on text rules: reads rule files to perform field analysis, extraction, sorting, clustering, and output. Reload the output fields, and use a one-time matching algorithm or a clustering matching algorithm to perform the matching process to improve the low efficiency of rule matching one by one.

Description

technical field [0001] The present invention relates to the field of information technology. Background technique [0002] A rule scanning engine is a component embedded in an application that separates business decisions from application code and writes business decisions using predefined semantic modules. The specific execution can be divided into several processes of accepting data input, interpreting business rules, and making business decisions according to business rules. Using the rule scanning engine can separate complex and redundant business logic from the application support system to achieve reusable portability of the system architecture. Rule scanning engines typically allow users to adjust rules without restarting the system or deploying new executable code, thereby enabling changes in business processing capabilities. The rule scanning engine is intended to be a tool that provides a higher level of abstraction so that users can focus less on development det...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40H04L69/00G06F16/903G06F16/906G06F16/84
CPCH04L63/145H04L63/1408H04L69/03G06F16/90344G06F16/906G06F16/84
Inventor 林飞唐威唐相雄易永波古元毛华阳
Owner BEIJING ACT TECH DEV CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products