HIGH-PERFORMANCE CONTEXT-FREE PARSER FOR POLYMORPHIC MALWARE DETECTION
摘要
<p>The invention provides a method and apparatus for advanced network intrusion detection. The system uses deep packet inspection that can recognize languages described by context-free grammars. The system combines deep packet inspection with one or more grammar parsers. The invention can detect token streams even when polymorphic. The system looks for tokens at multiple byte alignments and is capable of detecting multiple suspicious token streams. The invention is capable of detecting languages expressed in LL(1) or LR(1) grammar. The result is a system that can detect attacking code wherever it is located in the data stream.</p>
申请公布号
WO2006113722(A2)
申请公布日期
2006.10.26
申请号
WO2006US14574
申请日期
2006.04.18
申请人
THE REGENTS OF THE UNIVERSITY OF CALIFORNIA;CHO, YOUNG, H.;MANGIONE-SMITH, WILLIAM, H.