| 摘要 |
A high-speed network invasion detecting method is provided to be capable of designing each block, which is a minimum standard comparative unit, in consideration of a characteristic of text and the frequency of generation within patterns, in constructing shift and hash tables. Shift and hash(prefix) tables are initialized. N patterns are read from a rule of a rule set file established so as to be used in an invasion detection system, and length of the shortest pattern is stored as m. ASCII(American Standard Code for Information Interchange) values for each length B block having a predetermined second position from a predetermined first position as a starting position of a block for each N pattern are calculated and stored as indexes. As windows of length B are moved to the right 1 byte by 1 byte, the frequency of generation of each length B block is counted. Strings of length m, where a predetermined block determined by the counted results exists as a final block to the second position from the first position of each pattern, are searched for each pattern, and the starting position is stored. Shift and hash(prefix) tables are configured with the searched strings of each pattern. The patterns within text are searched with the shift and hash(prefix) tables.
|
