| 摘要 |
A system, method, apparatus and mechanism for estimating worst-case time complexity of a regular expression defining a pattern adapted for identifying malicious packets and comprising one or more back-references (backref-regex) by constructing a non-deterministic finite automaton (NFA) corresponding to the backref-regex (backref-NFA), wherein the backref-NFA comprises a plurality of NFA-states and a respectively labeled edge for each of the one or more back-references of the backref-regex; performing liveness analysis on the backref-NFA to determine for each NFA-state of the backref-NFA a set of back-references alive at the NFA-state; and determining a maximum number of alive back-references over the plurality of NFA-states, wherein the determined maximum number is indicative of the worst-case time complexity of the backref-regex. |
