发明名称 |
Method and apparatus for pattern matching for intrusion detection/prevention systems |
摘要 |
A packet is compared to a pattern defined by a regular expression with back-references (backref-regex) in a single pass of a non-deterministic finite automaton corresponding to the backref-regex (backref-NFA) that includes representations for all backref-regex's back-references. The packet's characters are sequentially selected and analyzed against the backref-NFA until a match or no-match between the packet and pattern is determined. Upon selecting a character, a corresponding configurations-set is updated, where the set includes configurations associated with respective NFA-states of the backref-NFA and indicating whether the selected character is being matched against a back-reference. With the configurations-set being updated the comparison process proceeds along backref-NFA's NFA-states. The updated configurations-set includes configurations associated with NFA-states reachable from the configurations in the pre-updated set. When the configurations-set includes a final state, a match is determined. When the configurations-set becomes empty, or upon selection of all characters lacks the final state, a no-match is determined. |
申请公布号 |
US8683590(B2) |
申请公布日期 |
2014.03.25 |
申请号 |
US20090610825 |
申请日期 |
2009.11.02 |
申请人 |
NAMJOSHI KEDAR S.;NARLIKAR GIRIJA J.;ALCATEL LUCENT |
发明人 |
NAMJOSHI KEDAR S.;NARLIKAR GIRIJA J. |
分类号 |
G06F11/00;G06K9/00;G06K9/68;G06K9/72 |
主分类号 |
G06F11/00 |
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|