34 results about "Nondeterministic finite automaton" patented technology

A system and method in accordance with the present invention determines in real-time the portions of a set of characters from a data or character stream which satisfies one or more predetermined regular expressions. A Real-time Deterministic Finite state Automaton (RDFA) ensures that the set of characters is processed at high speeds with relatively small memory requirements. An optimized state machine models the regular expression(s) and state related alphabet lookup and next state tables are generated. Characters from the data stream are processed in parallel using the alphabet lookup and next state tables, to determine whether to transition to a next state or a terminal state, until the regular expression is satisfied or processing is terminated. Additional means may be implemented to determine a next action from satisfaction of the regular expression.

The invention discloses a method for inspecting deep packets based on a suffix automaton regular engine structure. The method comprises the following steps: S1, intruding an inspection system, extracting attack features and constructing regular expression, S2, constructing suffix nondeterministic finite automaton (NFA) engine and utilizing the suffix NFA engine to conduct multiple-pattern matching, S3, obtaining application layer protocol data packets and Web server log files from a Web server, S4, conducting deep packet inspecting on the protocol data packets and the log files and sending inspecting results to a firewall. According to the method for inspecting the deep packets based on the suffix automaton regular engine structure, matching of the multiple regular expression of a deterministic finite automaton (DFA) can be achieved by using a single automaton in a NFA mode, the problems that the NFA can not achieve the matching of the multiple regular expression and space explosion occurs when the DFA achieves the matching of the multiple regular expression are solved, the space size of the NFA is effectively reduced, the problems that a traditional NFA engine constructing method is waste in space and invalid traversal exists in the process of executing mode matching are solved, response time of deep packet inspecting is effectively shortened, and whole performance and efficiency of a system are improved.

Deterministic Finite Automatons (DFAs) and Nondeterministic Finite Automatons (NFAs) are two typical automatons used in the Network Intrusion Detection System (NIDS). Although they both perform regular expression matching, they have quite different performance and memory usage properties. DFAs provide fast and deterministic matching performance but suffer from the well-known state explosion problem. NFAs are compact, but their matching performance is unpredictable and with no worst case guarantee. A new automaton representation of regular expressions, called Tunable Finite Automaton (TFA), is described. TFAs resolve the DFAs' state explosion problem and the NFAs' unpredictable performance problem. Different from a DFA, which has only one active state, a TFA allows multiple concurrent active states. Thus, the total number of states required by the TFA to track the matching status is much smaller than that required by the DFA. Different from an NFA, a TFA guarantees that the number of concurrent active states is bounded by a bound factor b that can be tuned during the construction of the TFA according to the needs of the application for speed and storage. A TFA can achieve significant reductions in the number of states and memory space.

The invention provides regular expression matching equipment and a method on the basis of a deterministic finite automaton. The regular expression matching equipment comprises a packet dispatcher and a result collecting module. A regular expression matching system comprises a matching unit and a storage unit connected with the matching unit, the matching unit is respectively connected with the packet dispatcher and the result collecting module. In the method, each status transfer table is disintegrated into a character substitution table and a simplified status table, many statuses have identical character substitution tables and can be shared after disintegration, and furthermore, many statuses have identical character substitution tables, and can share the identical character substitution tables after minority skips are extracted. By the regular expression matching equipment and the method on the basis of the deterministic finite automaton, storage space for the DFA (deterministic finite automaton) is greatly reduced, and more regular expressions can be stored in a limited space.

The invention discloses a character string searching method based on a non-determined finite automaton. The character string searching method based on the non-determined finite automaton includes: building the non-determined finite automaton and setting a state variable for the non-determined finite automaton; loading a matching expression in the non-determined finite automaton and transforming the matching expression in the non-determined finite automaton into a directed graph according to the operator transformational rule of the directed graph; conducting matching on the characters in the character string of the non-determined finite automaton according to the state position of the state variable; updating the state variable according to the final position directed by the position in the directed graph if the characters are matched successfully, conducting the matching on the next character from the position in the updated state variable and completing the matching till the character string which conforms to the matching expression is obtained or the character matching fails, and placing the state variable as the starting position when the matching is completed. The character string searching method based on the non-determined finite automation can realize more accuracy of the character string searching. The invention further provides a character string searching device based on the non-determined finite automaton.

The invention provides a multi-character-string mode matching method, a device, computer equipment and a storage medium. The method comprises the steps of obtaining a character string matching rule set; extracting a character pattern string set and a logic relation thereof; constructing an unconditional transfer table and a failure transfer table according to the character pattern string set based on an automaton algorithm; encoding the state of the transfer table, and distributing a ternary code and a precise code for each state of the transfer table; constructing a non-deterministic finite state automaton matching table according to the transfer table; constructing a strategy matching table according to the character pattern string set and the logic relationship; matching the character string according to the matching table, and outputting a matching result; the complete semantic meaning of the non-deterministic finite state automaton in an automaton algorithm is realized, the number of table items is ensured to be equal to the number of state transition table items of the unconditional transition table, the storage space is greatly saved, the limitation of a programmable switch calculation model and storage resources is overcome, and the number of characters processed by matching each time is increased to increase throughput.

The invention relates to a deterministic finite automaton (DFA) matching method and device based on TCAM (ternary content addressable memory). The method comprises the following steps: expressing all states of a DFA with a plurality of TCAM items, and identifying a chain structure in the DFA based on a chain structure in a nondeterministic finite automata (NFA) for generating the DFA and the features of an internal chain structure between the NFA and the DFA, wherein each TCAM item comprises a source state field, an input character field and a targeted state field; renumbering and recoding the DFA state based on the chain structure in the DFA, and recoding the state transitional edge of the DFA in the TCAM; and taking the matching of the specific source state field and the input character field as a search keyword, searching in all TCAM items of the DFA based on the search keyword, and taking the searched targeted state field as an output result. Through coding and compressing the state transitional edge of the DFA in the TCAM, the deterministic finite automaton matching method and device, provided by the embodiment of the invention, enable the transcript chain structure of the DFA to be combined in the TCAM so as to fulfill the purpose of reducing the storage space.

The invention discloses a hash structure complex event detection method for mass data flow, which mainly solves the problems of long detection time, low response speed, low detection efficiency and the like in the existing SASE method when the complex events of a mass event stream are detected. The complex event detection method for the mass event stream by an NFA (nondeterministic finite automaton) and a hash table technology has the advantages that the complex event detection capability for the mass event stream is greatly improved; the existing complex event mode detection method based on the NFA is improved, and the existing complex event detection technology is extended, so the complex event detection for the mass event stream is completed at high efficiency.

The invention disclosesa deterministic finite-state machine construction method based on a classification counter, and belongs to the field of Internet intrusion inspection. The deterministic finite-state machine construction method comprises the following steps: firstly, classifying all regular expressions in a regular expression set (rule set) into a linear-level complexity class, a multiplication-level complexity class, a square-level complexity class and an exponential-level complexity class according to DFA (Deterministic Finite Automaton) construction complexity; then, generating a specific DFA with the counter for the regular expressions of each class of complexity; and finally, combining states which contain the same output excitation, and are not internal start states and internal end states in the DFA to generate a final ODFA (Overlaid Deterministic Finite Automaton). The reception message inspection speed of an intrusion inspection system can be quickened, accuracy is improved, a false alarm rate is lowered, and the consumption of memory resources by the system can be reduced. The construction method has a great practical application value.

Deterministic Finite Automatons (DFAs) and Nondeterministic Finite Automatons (NFAs) are two typical automatons used in the Network Intrusion Detection System (NIDS). Although they both perform regular expression matching, they have quite different performance and memory usage properties. DFAs provide fast and deterministic matching performance but suffer from the well-known state explosion problem. NFAs are compact, but their matching performance is unpredictable and with no worst case guarantee. A new automaton representation of regular expressions, called Tunable Finite Automaton (TFA), is described. TFAs resolve the DFAs' state explosion problem and the NFAs' unpredictable performance problem. Different from a DFA, which has only one active state, a TFA allows multiple concurrent active states. Thus, the total number of states required by the TFA to track the matching status is much smaller than that required by the DFA. Different from an NFA, a TFA guarantees that the number of concurrent active states is bounded by a bound factor b that can be tuned during the construction of the TFA according to the needs of the application for speed and storage. A TFA can achieve significant reductions in the number of states and memory space.

Modifying Xpath queries dynamically during an ongoing Xpath evaluation. A modification request comprising at least one Xpath query in response to an input is received in an ongoing Xpath evaluation on an online stream of XML messages. A current generation of Nondeterministic Finite Automaton (NFA) is generated and the branches starting from the root node are identified according to the modification request. The identified branches are copied and modified to create a new generation of NFA. New generation of NFA is used for subsequent Xpath evaluations.

The invention discloses a detection method for complex events in mass disordered data streams of Internet of Things Manufacturing, and aims at solving the problem of low efficiency on detecting the events in mass disordered data streams in the Internet of Things Manufacturing. The method is characterized in that ENFA (Extended Nondeterministic Finite Automaton) is utilized for selecting events in mass disordered data streams, and the storage relationship of a hash table structure is utilized to handle events in the mass disordered data streams, so as to realize the detection of the complex events in mass disordered data streams. The method has the advantages that the existing automaton-based complex event mode detection method is improved, the existing complex event detection technology is expanded to be able to efficiently detect the complex events in the mass disordered data streams, and therefore, the detection efficiency is raised.

The invention relates to a printing and dyeing quotation structured demand data extraction method based on a finite state automaton. The method is characterized in that a formalized definition of theuncertain finite-state automaton is given according to an actual quotation process and requirements, a real quotation process is simulated through the uncertain finite-state automaton, a user is gradually guided to give an accurate requirement, and structured data is arranged and provided for a customer service. Compared with the prior art, the printing and dyeing quotation structured demand dataextraction method based on the finite state automaton provided by the invention has the beneficial effects that the method does not depend on manual collection and arrangement demands, and the efficiency is remarkably improved. The method is short in processing period and has reusability; the method is low in processing cost and high in accuracy.

The invention relates to a privacy protection medical diagnosis and treatment system based on a non-deterministic finite automaton. The system comprises a key generation center which is responsible for generating system public parameters, distributing a private key of a server and a public/private key of a user and executing remote medical authorization operation; a hospital which is used for designing different medical models for different diseases and outsourcing the encrypted medical models to the cloud platform so as to provide remote diagnosis and treatment service; a patient who sends the encrypted medical data to the cloud platform to request to obtain the diagnosis and treatment service, and decrypts the diagnosis and treatment result returned by the cloud server by using the own key; a cloud platform which is used for providing storage service of the encrypted medical model for the hospital; and a computing server which is used for interactively executing a security outsourcing computing protocol by the computing server and the cloud platform after receiving a remote diagnosis and treatment request of the patient, and calculating an optimal encryption treatment process. The optimal encryption treatment suggestion can be recommended to the patient, and the privacy of the patient cannot be leaked.

A method and corresponding apparatus relate to converting a nondeterministic finite automata (NFA) graph for a given set of patterns to a deterministic finite automata (DFA) graph having a number of states. Each of the DFA states is mapped to one or more states of the NFA graph. A hash value of the one or more states of the NFA graph mapped to each DFA state is computed. A DFA states table correlates each of the number of DFA states to the hash value of the one or more states of the NFA graph for the given pattern.

The invention provides a method for obtaining an LTLf minimum automaton. According to the method, LTLf to minimum DFA construction is completed on the basis of a Brzozowski minimum automaton construction theory. Comprising the steps that for a given LTLf formula, firstly, a reverse deterministic automaton corresponding to LTLf is constructed through a tool MONA, and the automaton can receive a reverse sequence of an original LTLf receiving language; the method comprises the steps that a reverse deterministic automaton is obtained, the reverse deterministic automaton is inverted, and therefore a non-deterministic finite state automaton (NFA) is obtained; subset construction method calculation is performed on the NFA, and reachable state calculation is performed after the calculation, thereby deleting all unreachable states. According to the Brzozowski theory, the DFA is the minimum DFA corresponding to the LTLf formula.