| 摘要 |
Methods, systems and computer program products are disclosed for detecting patterns in a data stream that match multi-pattern rules. One embodiment of the invention provides a method of recognizing a specified group of patterns in a data stream. The method comprises identifying a rule for said specified group of patterns in the data stream, and using a first array of finite state machines to scan the data stream for at least some of the patterns in the specified group. For patterns in the specified group that are found in the data stream by the first array of finite state machines, pattern identifiers are sent to a second array of finite state machines. The second array of finite state machines determines if the specified group of patterns is in the data stream in accordance with the identified rule by, at least in part, using said pattern identifiers. |
| 主权项 |
1. A method of recognizing specified groups of patterns in a data stream, the method comprising:
identifying a multi-pattern rule for each group of said specified groups of patterns; using a first array of finite state machines, in a first, pattern scanner stage, to scan the data stream for at least some of the patterns in the specified groups, including
splitting at least a first pattern of the specified groups of patterns into a plurality of subpatterns,using the first array of finite state machines to scan the data stream for the subpatterns of said first pattern, andusing a second array of finite state machines to check if the supatterns are found in the data stream in a specified order; for each of the patterns in the specified groups of patterns that are found in the data stream by the first array of finite state machines, sending a pattern identifier identifying said each pattern to the second array of finite state machines, in a second, rule processor stage; and using the second array of finite state machines for determining if any of the specified groups of patterns is in the data stream in accordance with the identified multi-pattern rule. |
