| 摘要 |
Methods and apparatuses are disclosed for caching portions of a Deterministic Finite Automata (DFA) graph during a compilation stage prior to a run-time stage that identifies attack traffic based on the graph. Cacheable components are identified based on a traffic profile, a dictionary of keywords, and/or a geometrical configuration of the graph. Techniques are disclosed for performing various types of caching alone or in combination with other types. Caching based on a dictionary or profile exploit a tendency of graph traversals performed during non-attack scenarios to remain near root nodes that correspond to the start of patterns designating blacklist traffic. By caching nodes that are near root nodes and that are visited frequently during peacetime (non-attack) scenarios, significant cache hits may be achieved during run-time execution. Caching graph components while compiling patterns using presently disclosed techniques avoids the need for expensive hardware to learn what and when to cache.
|
