Data-flow mode matching method and apparatus

A pattern matching and data flow technology, applied in the direction of electrical components, transmission systems, etc., can solve the problem that the evasion of pattern recognition cannot be completely prevented, and achieve the effect of avoiding message forwarding delay and reducing memory usage

Inactive Publication Date: 2007-06-13
NEW H3C TECH CO LTD
View PDF0 Cites 14 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This method can reduce the delay and memory usage to a certain extent, but due to the control of the length of the flow recovery, this method cannot completely prevent the evasion of pattern recognition introduced by the data flow segmentation technology.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Data-flow mode matching method and apparatus
  • Data-flow mode matching method and apparatus
  • Data-flow mode matching method and apparatus

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0041] The technical solutions of the present invention will be described in further detail below in conjunction with the accompanying drawings and embodiments.

[0042] The basic concept of the present invention is: for the existing art in order to completely prevent the attack mode scattered in different segmented messages by using the data flow segmentation technology, it is necessary to preserve the order and restore the segmented messages, resulting in extreme Large message forwarding delay and memory usage; and if the order preservation and recovery of segmented messages are controlled, although the delay and memory usage can be reduced to a certain extent, it cannot completely prevent the fragments scattered in different segments The defect of the attack mode in the message provides a pattern matching method and device of the data flow. The combination of segmented messages is restored into a complete message, but the segmented messages are directly pattern-matched with...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The method includes steps: after order preserving for segmented message of received data stream, carrying out pattern matching between segmented message of data stream and finite state machine setup in advance in sequence; after carrying out pattern matching for each segmented message, based on pattern matching result, executing prearranged corresponding operation for the segmented message; and after pattern matching for the segmented message, saving state of the finite state machine to be as initial state for the finite state machine to carry out pattern matching next segmented message. The invention also discloses a pattern-matching device for data stream. The invention prevents attack mode, which uses technique for segmenting data stream to disperse attack codes on different segmented messages. The invention can reduce memory use and time delay for forwarding message greatly since segmented message recovery is not needed.

Description

technical field [0001] The invention relates to a pattern matching method and device, in particular to a data stream pattern matching method and device, belonging to the communication field. Background technique [0002] Pattern matching is a technique that compares collected information to a database of known network intrusion and system misuse patterns to discover violations of security policies. Simple pattern matching methods, such as string matching to find a simple entry or instruction, complex pattern matching methods, such as using mathematical expressions to represent changes in security status. [0003] The pattern matching technology for the payload of the data stream has a wide range of applications in fields such as Intrusion Detection System (IDS for short), Intrusion Prevention System (IPS for short), Anti-Virus (AV for short), etc. . In order to evade pattern matching, network attackers usually use data flow segmentation technology to disperse attack patter...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
Inventor 陈忠良
Owner NEW H3C TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap