CN104182248B - Business rule base upgrade method and device - Google Patents
Business rule base upgrade method and device Download PDFInfo
- Publication number
- CN104182248B CN104182248B CN201410369313.4A CN201410369313A CN104182248B CN 104182248 B CN104182248 B CN 104182248B CN 201410369313 A CN201410369313 A CN 201410369313A CN 104182248 B CN104182248 B CN 104182248B
- Authority
- CN
- China
- Prior art keywords
- business
- upgraded
- business rule
- state machine
- matching state
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a kind of business rule base upgrade method and device, belong to computer realm, methods described includes:Determine business to be upgraded;The multimode matching state machine of the business to be upgraded is generated, the multimode matching state machine of the business to be upgraded is merged with the multimode matching state machine for other business being retained in Installed System Memory, realizes the business rule base upgrading of the business to be upgraded.The embodiment of the present invention is by determining business to be upgraded, generate the multimode matching state machine of the business to be upgraded, the multimode matching state machine of the business to be upgraded is merged with the multimode matching state machine for other business being retained in Installed System Memory, the business rule base upgrading of the business to be upgraded is realized, so as to shorten the update time of business rule base.
Description
Technical field
The present invention relates to computer realm, more particularly to a kind of business rule base upgrade method and device.
Background technology
Fire wall is based on integrated packet check engine, and the multimode matching state machine of the engine is an entirety, and it is included
The state machine of multiple business, if the business rule base in upgrading one of which service condition machine, other business need to be entered together
Row upgrading flow.
It can be seen that if this method upgrades to the rule base of a certain business, other all business are all risen together
Level flow, the time of upgrading will be increased.
The content of the invention
The embodiment of the present invention provides a kind of business rule base upgrade method and device, can shorten the upgrading of business rule base
Time.
The embodiment of the present invention adopts the following technical scheme that:
A kind of business rule base upgrade method, including:
Determine business to be upgraded;
Generate the multimode matching state machine of the business to be upgraded, by the multimode matching state machine of the business to be upgraded with
The multimode matching state machine for other business being retained in Installed System Memory merges, and realizes the business rule base of the business to be upgraded
Upgrading.
Optionally, it is described to determine that business to be upgraded includes:
The upgrade command that user sends is received, the business to be upgraded is determined according to the upgrade command.
Optionally, the multimode matching state machine of the generation business to be upgraded includes:
The business rule library file of the business to be upgraded is obtained, and the business rule library file is loaded into internal memory,
The business rule library file includes a plurality of business rule;
By the process of analysis of every business rule, every business rule in the business rule base is parsed one by one, is obtained
The feature and SID information of every business rule;
The feature and SID information of every business rule are stored in chained list;
Row mode compiling is entered to the feature of every business rule and SID information stored in the chained list, obtains described treat
The multimode matching state machine of staging business.
Optionally, the multimode matching state machine of the business to be upgraded is non deterministic finite automaton NFA, it is described other
The multimode matching state machine of business is NFA.
Optionally, in addition to:
NFA in business rule base after upgrading is converted into deterministic finite automaton DFA.
A kind of business rule base update device, including:
Determining module, for determining business to be upgraded;
Upgraded module, for generating the multimode matching state machine of the business to be upgraded, by the more of the business to be upgraded
Mould matching status machine merges with the multimode matching state machine for other business being retained in Installed System Memory, realizes the industry to be upgraded
The business rule base upgrading of business.
Optionally, the determining module is specifically used for, and receives the upgrade command that user sends, true according to the upgrade command
The fixed business to be upgraded.
Optionally, the upgraded module is specifically used for, and obtains the business rule library file of the business to be upgraded, and by institute
State business rule library file and be loaded into internal memory, the business rule library file includes a plurality of business rule;By every business rule
Process of analysis, parse every business rule in the business rule base one by one, obtain the feature and SID of every business rule
Information;The feature and SID information of every business rule are stored in chained list;To every business rule being stored in the chained list
Feature and SID information enter row mode compiling, obtain the multimode matching state machine of the business to be upgraded.
Optionally, the multimode matching state machine of the business to be upgraded is non deterministic finite automaton NFA, it is described other
The multimode matching state machine of business is NFA.
Optionally, the upgraded module is additionally operable to the NFA in the business rule base after upgrading being converted into certainty limited
Automatic machine DFA.
Based on above-mentioned technical proposal, the business rule base upgrade method and device of the embodiment of the present invention, by determining to wait to rise
Level business, generate the multimode matching state machine of the business to be upgraded, by the multimode matching state machine of the business to be upgraded with
The multimode matching state machine for other business being retained in Installed System Memory merges, and realizes the business rule base of the business to be upgraded
Upgrading.So, the state machine that each business compiles out is advanced in Installed System Memory, if a business rule base becomes
Change, perform the upgrading flow of the business, merge the multimode matching state machine that other state machines are integrally formed, so as to shorten
The update time of business rule base.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
There is the required accompanying drawing used in technology description to be briefly described, it should be apparent that, drawings in the following description are this hairs
Some bright embodiments, for those of ordinary skill in the art, on the premise of not paying creative work, can be with root
Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 is the flow chart of the business rule base upgrade method of the embodiment of the present invention;
Fig. 2 is the schematic flow sheet of business rule base upgrade method of the embodiment of the present invention
Fig. 3 is the structural representation of business rule base update device of the embodiment of the present invention.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention
In accompanying drawing, the technical scheme in the embodiment of the present invention is explicitly described, it is clear that described embodiment be the present invention
Part of the embodiment, rather than whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art are not having
The every other embodiment obtained under the premise of creative work is made, belongs to the scope of protection of the invention.
Inventive embodiments can apply to fire wall of future generation, and so-called fire wall of future generation is using safety service rule base
Upgrading flow is based on integrated packet check engine, so-called integration, is exactly rule or the rule of each application layer security business
Then string matching (including the pure character string and canonical) unified integration in storehouse is into a multimode matching state machine.
As shown in figure 1, the embodiment of the present invention provides a kind of business rule base upgrade method, including:
11st, business to be upgraded is determined;
12nd, the multimode matching state machine of the business to be upgraded is generated, by the multimode matching state of the business to be upgraded
Machine merges with the multimode matching state machine for other business being retained in Installed System Memory, realizes the business rule of the business to be upgraded
Then qurush level.
The business rule base upgrade method of the embodiment of the present invention, by determining business to be upgraded, generate the industry to be upgraded
The multimode matching state machine of business, by the multimode matching state machine of the business to be upgraded and other industry being retained in Installed System Memory
The multimode matching state machine of business merges, and realizes the business rule base upgrading of the business to be upgraded.So, each business is compiled out
The state machine come is advanced in Installed System Memory, if a business rule base change, performs the upgrading flow of the business, close
And the multimode matching state machine that other state machines are integrally formed, so as to shorten the update time of business rule base.
Optionally, it is described to determine that business to be upgraded includes:
The upgrade command that user sends is received, the business to be upgraded is determined according to the upgrade command.
Specifically, as shown in Fig. 2 the embodiment of the present invention can set Web/Cli modules be responsible for receive user upgrading please
Ask, the upgrade request of user is such as received by Web request mode and command line mode.
Optionally, the multimode matching state machine of the generation business to be upgraded includes:
111st, the business rule library file of the business to be upgraded is obtained, and in the business rule library file is loaded into
Deposit, the business rule library file includes a plurality of business rule.
Specifically, as shown in Fig. 2 the embodiment of the present invention can be by loading rule library module by regular library text to be upgraded
Part is loaded into internal memory.
112nd, by the process of analysis of every business rule, every business rule in the business rule base is parsed one by one,
Obtain the feature and SID information of every business rule.
Specifically, as shown in Fig. 2 the embodiment of the present invention can be parsed in business rule base one by one by rule parsing module
Every rule, the analysis mode of the module follows each rule parsing flow using safety service, such as using layer service IPS
(intrusion prevention system), it will parse the fields such as IPS rule port, direction, harmful grade to RTN (the several sections of points of rule), OTN
In the tree structure of (the several sections of points of option).
113rd, the feature and SID information of every business rule are stored in chained list.
Specifically, as shown in Fig. 2 the embodiment of the present invention can be completed by pattern add module to feature in rule and
SID (characteristic ID) parsing and pattern storage, modular service resolution rules line by line, feature and SID information are with chained list node
Mode stores.
114th, row mode compiling is entered to the feature of every business rule and SID information that are stored in the chained list, obtains institute
State the multimode matching state machine of business to be upgraded.
Specifically, as shown in Fig. 2 the embodiment of the present invention can apply security industry by the way that the completion of pattern collector is to be upgraded
The compiling of the one-piece pattern of business.All patterns in rock mechanism chained list, row mode compiling is entered to it, form the multimode of the business
Matching status machine, typically NFA (non deterministic finite automaton).
Specifically, as shown in Fig. 2 the embodiment of the present invention can pass through the merging and conversion of merging module completion status machine.
Do not change using safety service rule base due to other, so the multi-mode states machine (being typically NFA) of other business is not required to
Recompilate, the module merges the multimode matching state machine of each application layer security business into the state machine of merging.
Optionally, in addition to:
NFA in business rule base after upgrading is converted into deterministic finite automaton DFA.
The specific flow that merges is each business NFA----->The NFA----- of merging>DFA.
The method of the embodiment of the present invention, by determining business to be upgraded, generate the multimode matching shape of the business to be upgraded
State machine, by the multimode matching state machine of the business to be upgraded and the multimode matching shape for other business being retained in Installed System Memory
State machine merges, and realizes the business rule base upgrading of the business to be upgraded.So, the state machine for each business being compiled out is advance
It is retained in Installed System Memory, if a business rule base change, performs the upgrading flow of the business, merge other state machines
The multimode matching state machine being integrally formed, so as to shorten the update time of business rule base.
Corresponding with the business rule base upgrade method of the embodiments of the present invention, the embodiment of the present invention also provides a kind of industry
Business rule base update device, as shown in figure 3, the device includes:
Determining module 31, for determining business to be upgraded;
Upgraded module 32, for generating the multimode matching state machine of the business to be upgraded, by the business to be upgraded
Multimode matching state machine merges with the multimode matching state machine for other business being retained in Installed System Memory, realizes described to be upgraded
The business rule base upgrading of business.
Optionally, the determining module 31 is specifically used for, and the upgrade command that user sends is received, according to the upgrade command
Determine the business to be upgraded.
Optionally, the upgraded module 32 is specifically used for, and obtains the business rule library file of the business to be upgraded, and will
The business rule library file is loaded into internal memory, and the business rule library file includes a plurality of business rule;Advised by every business
Process of analysis then, parse every business rule in the business rule base one by one, obtain every business rule feature and
SID information;The feature and SID information of every business rule are stored in chained list;The every business stored in the chained list is advised
Feature and SID information then enters row mode compiling, obtains the multimode matching state machine of the business to be upgraded.
Optionally, the multimode matching state machine of the business to be upgraded is non deterministic finite automaton NFA, it is described other
The multimode matching state machine of business is NFA.
Optionally, upgraded module 32, be additionally operable to by the NFA in the business rule base after upgrading be converted into certainty it is limited from
Motivation DFA.
The business rule base update device of the embodiment of the present invention can realize above method embodiment, modules in device
Function be only to briefly describe, detailed embodiment refers to above method embodiment, do not repeat herein.
The device of the embodiment of the present invention, by determining business to be upgraded, generate the multimode matching shape of the business to be upgraded
State machine, by the multimode matching state machine of the business to be upgraded and the multimode matching shape for other business being retained in Installed System Memory
State machine merges, and realizes the business rule base upgrading of the business to be upgraded.So, the state machine for each business being compiled out is advance
It is retained in Installed System Memory, if a business rule base change, performs the upgrading flow of the business, merge other state machines
The multimode matching state machine being integrally formed, so as to shorten the update time of business rule base.
Those skilled in the art can to the present invention carry out it is various change and modification without departing from the present invention spirit and
Scope.So, if these modifications and variations of the present invention belong within the scope of the claims in the present invention and its equivalent technologies,
Then the present invention is also intended to comprising including these changes and modification.
Claims (4)
- A kind of 1. business rule base upgrade method, it is characterised in that including:Determine business to be upgraded;The multimode matching state machine of the business to be upgraded is generated, by the multimode matching state machine of the business to be upgraded with retaining The multimode matching state machine of other business in Installed System Memory merges, and realizes the business rule qurush of the business to be upgraded Level;The multimode matching state machine of the generation business to be upgraded includes:The business rule library file of the business to be upgraded is obtained, and the business rule library file is loaded into internal memory, it is described Business rule library file includes a plurality of business rule;By the process of analysis of every business rule, every business rule in the business rule base is parsed one by one, obtains every The feature and feature id information of business rule;The feature and feature id information of every business rule are stored in chained list;Pattern compiling is carried out to the feature of every business rule and feature id information stored in the chained list, obtains described waiting to rise The multimode matching state machine of level business;The multimode matching state machine of the business to be upgraded is non deterministic finite automaton NFA, the multimode of other business Matching status machine is NFA;NFA in business rule base after upgrading is converted into deterministic finite automaton DFA.
- 2. according to the method for claim 1, it is characterised in that described to determine that business to be upgraded includes:The upgrade command that user sends is received, the business to be upgraded is determined according to the upgrade command.
- A kind of 3. business rule base update device, it is characterised in that including:Determining module, for determining business to be upgraded;Upgraded module, for generating the multimode matching state machine of the business to be upgraded, by the multimode of the business to be upgraded Merge with state machine with the multimode matching state machine for other business being retained in Installed System Memory, realize the business to be upgraded Business rule base upgrades;The upgraded module is specifically used for, and obtains the business rule library file of the business to be upgraded, and by the business rule Library file is loaded into internal memory, and the business rule library file includes a plurality of business rule;By the process of analysis of every business rule, Every business rule in the business rule base is parsed one by one, obtains the feature and feature id information of every business rule; The feature and feature id information of every business rule are stored in chained list;To the feature of the every business rule stored in the chained list Pattern compiling is carried out with feature id information, obtains the multimode matching state machine of the business to be upgraded;The multimode matching state machine of the business to be upgraded is non deterministic finite automaton NFA, the multimode of other business Matching status machine is NFA;The upgraded module is additionally operable to the NFA in the business rule base after upgrading being converted into certainty limited Automatic machine DFA.
- 4. device according to claim 3, it is characterised in that the determining module is specifically used for, and receives what user sent Upgrade command, the business to be upgraded is determined according to the upgrade command.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410369313.4A CN104182248B (en) | 2014-07-25 | 2014-07-25 | Business rule base upgrade method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410369313.4A CN104182248B (en) | 2014-07-25 | 2014-07-25 | Business rule base upgrade method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104182248A CN104182248A (en) | 2014-12-03 |
| CN104182248B true CN104182248B (en) | 2017-11-14 |
Family
ID=51963324
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410369313.4A Active CN104182248B (en) | 2014-07-25 | 2014-07-25 | Business rule base upgrade method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104182248B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112579618B (en) * | 2019-09-30 | 2022-07-05 | 奇安信安全技术(珠海)有限公司 | Feature library upgrading method and device, storage medium and computer equipment |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101150433A (en) * | 2007-10-19 | 2008-03-26 | 中兴通讯股份有限公司 | A method for setting alarm filtering rule |
| CN102156646A (en) * | 2010-02-11 | 2011-08-17 | 华为技术有限公司 | Feature library upgrading method and device thereof |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2008504737A (en) * | 2004-06-23 | 2008-02-14 | クゥアルコム・インコーポレイテッド | Efficient classification of network packets |
-
2014
- 2014-07-25 CN CN201410369313.4A patent/CN104182248B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101150433A (en) * | 2007-10-19 | 2008-03-26 | 中兴通讯股份有限公司 | A method for setting alarm filtering rule |
| CN102156646A (en) * | 2010-02-11 | 2011-08-17 | 华为技术有限公司 | Feature library upgrading method and device thereof |
Non-Patent Citations (1)
| Title |
|---|
| 提高Snort规则匹配速度方法的研究;王会霞等;《电脑与信息技术》;20130228;第21卷(第1期);正文第一部分和第二部分 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104182248A (en) | 2014-12-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103092742A (en) | Optimization method and system of program logging | |
| EP3230861B1 (en) | Technologies for fast synchronization barriers for many-core processing | |
| US20170139691A1 (en) | Pos application development method and cloud server | |
| CN103544074A (en) | Method and device for verifying service | |
| CN103853650A (en) | Test case generating method and device for fuzz testing | |
| CN104536797A (en) | Java program precompiling method and precompiler | |
| CN103927305B (en) | It is a kind of that the method and apparatus being controlled is overflowed to internal memory | |
| CN104331315B (en) | A kind of parsing of arbitrary levels json objects and generation method and system | |
| CN101339501A (en) | WS-BPEL control loop detection method based on directed graph | |
| CN105138339A (en) | Distributed communication midware developing method based on DDS standard | |
| CN104572644A (en) | Database updating device and database updating method | |
| CN108037941B (en) | Based on the application program update method of public plug-in unit, electronic equipment, storage medium | |
| CN104133733A (en) | Memory error detection method | |
| CN103327080A (en) | Method and device for establishing control system of internet of things | |
| CN104133699A (en) | Equipment system software updating method and equipment system software updating system | |
| CN106845227A (en) | A kind of malicious script detection method and system based on ragel state machines | |
| CN104133676A (en) | Function execution method and function execution device based on scripts | |
| CN101526947A (en) | SQL resisting injection technology using regular expression | |
| CN113377661A (en) | Interface testing method and device, electronic equipment and storage medium | |
| CN116132139A (en) | Scenario execution method, scenario execution device, scenario execution equipment, scenario execution storage medium and scenario execution program product | |
| CN104182248B (en) | Business rule base upgrade method and device | |
| CN110795091B (en) | Modularized route decoupling method, storage medium, electronic equipment and system | |
| CN107679423A (en) | Partition integrity inspection method and device | |
| CN101056210B (en) | An event processing system and method of network central management platform | |
| CN104317723B (en) | Method and system for tracking running information of drive program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| PP01 | Preservation of patent right | ||
| PP01 | Preservation of patent right |
Effective date of registration: 20180528 Granted publication date: 20171114 |