CN104426910B - 用于处理有限自动机的方法和装置 - Google Patents
用于处理有限自动机的方法和装置 Download PDFInfo
- Publication number
- CN104426910B CN104426910B CN201410432198.0A CN201410432198A CN104426910B CN 104426910 B CN104426910 B CN 104426910B CN 201410432198 A CN201410432198 A CN 201410432198A CN 104426910 B CN104426910 B CN 104426910B
- Authority
- CN
- China
- Prior art keywords
- pattern
- nfa
- selected sub
- dfa
- sub
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0245—Filtering by information in the payload
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
Abstract
Description
Claims (67)
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/015,929 US9426166B2 (en) | 2013-08-30 | 2013-08-30 | Method and apparatus for processing finite automata |
US14/015,929 | 2013-08-30 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104426910A CN104426910A (zh) | 2015-03-18 |
CN104426910B true CN104426910B (zh) | 2018-11-13 |
Family
ID=52585252
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410432198.0A Active CN104426910B (zh) | 2013-08-30 | 2014-08-28 | 用于处理有限自动机的方法和装置 |
Country Status (3)
Country | Link |
---|---|
US (1) | US9426166B2 (zh) |
CN (1) | CN104426910B (zh) |
HK (1) | HK1208103A1 (zh) |
Families Citing this family (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9398033B2 (en) | 2011-02-25 | 2016-07-19 | Cavium, Inc. | Regular expression processing automaton |
US9203805B2 (en) | 2011-11-23 | 2015-12-01 | Cavium, Inc. | Reverse NFA generation and processing |
US9507563B2 (en) | 2013-08-30 | 2016-11-29 | Cavium, Inc. | System and method to traverse a non-deterministic finite automata (NFA) graph generated for regular expression patterns with advanced features |
US9426165B2 (en) | 2013-08-30 | 2016-08-23 | Cavium, Inc. | Method and apparatus for compilation of finite automata |
US10242125B2 (en) * | 2013-12-05 | 2019-03-26 | Entit Software Llc | Regular expression matching |
US9419943B2 (en) | 2013-12-30 | 2016-08-16 | Cavium, Inc. | Method and apparatus for processing of finite automata |
US10362093B2 (en) * | 2014-01-09 | 2019-07-23 | Netronome Systems, Inc. | NFA completion notification |
US9904630B2 (en) | 2014-01-31 | 2018-02-27 | Cavium, Inc. | Finite automata processing based on a top of stack (TOS) memory |
US9602532B2 (en) * | 2014-01-31 | 2017-03-21 | Cavium, Inc. | Method and apparatus for optimizing finite automata processing |
US10110558B2 (en) | 2014-04-14 | 2018-10-23 | Cavium, Inc. | Processing of finite automata based on memory hierarchy |
US9438561B2 (en) | 2014-04-14 | 2016-09-06 | Cavium, Inc. | Processing of finite automata based on a node cache |
US10002326B2 (en) | 2014-04-14 | 2018-06-19 | Cavium, Inc. | Compilation of finite automata based on memory hierarchy |
US10481881B2 (en) * | 2017-06-22 | 2019-11-19 | Archeo Futurus, Inc. | Mapping a computer code to wires and gates |
US9996328B1 (en) * | 2017-06-22 | 2018-06-12 | Archeo Futurus, Inc. | Compiling and optimizing a computer code by minimizing a number of states in a finite machine corresponding to the computer code |
US11012416B2 (en) * | 2018-01-15 | 2021-05-18 | Akamai Technologies, Inc. | Symbolic execution for web application firewall performance |
US10635419B2 (en) | 2018-07-13 | 2020-04-28 | Fungible, Inc. | Incremental compilation of finite automata for a regular expression accelerator |
US10656949B2 (en) | 2018-07-13 | 2020-05-19 | Fungible, Inc. | Instruction-based non-deterministic finite state automata accelerator |
US10645187B2 (en) | 2018-07-13 | 2020-05-05 | Fungible, Inc. | ARC caching for determininstic finite automata of regular expression accelerator |
US10983721B2 (en) | 2018-07-13 | 2021-04-20 | Fungible, Inc. | Deterministic finite automata node construction and memory mapping for regular expression accelerator |
US11636115B2 (en) | 2019-09-26 | 2023-04-25 | Fungible, Inc. | Query processing using data processing units having DFA/NFA hardware accelerators |
US11636154B2 (en) | 2019-09-26 | 2023-04-25 | Fungible, Inc. | Data flow graph-driven analytics platform using data processing units having hardware accelerators |
US11263190B2 (en) | 2019-09-26 | 2022-03-01 | Fungible, Inc. | Data ingestion and storage by data processing unit having stream-processing hardware accelerators |
WO2021152647A1 (ja) * | 2020-01-27 | 2021-08-05 | 日本電信電話株式会社 | 検査装置、検査方法及びプログラム |
US11934964B2 (en) | 2020-03-20 | 2024-03-19 | Microsoft Technology Licensing, Llc | Finite automata global counter in a data flow graph-driven analytics platform having analytics hardware accelerators |
US11630729B2 (en) | 2020-04-27 | 2023-04-18 | Fungible, Inc. | Reliability coding with reduced network traffic |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1716958A (zh) * | 2004-06-14 | 2006-01-04 | 鸿璟科技股份有限公司 | 使用子表式自动机的系统安全实施方法以及相关的系统 |
CN101360088A (zh) * | 2007-07-30 | 2009-02-04 | 华为技术有限公司 | 正则表达式编译、匹配系统及编译、匹配方法 |
CN101201836B (zh) * | 2007-09-04 | 2010-04-14 | 浙江大学 | 基于带记忆确定有限自动机的正则表达式匹配加速方法 |
CN102148805A (zh) * | 2010-02-09 | 2011-08-10 | 华为技术有限公司 | 特征匹配方法和装置 |
US8051085B1 (en) * | 2008-07-18 | 2011-11-01 | Netlogic Microsystems, Inc. | Determining regular expression match lengths |
CN102420750A (zh) * | 2011-11-28 | 2012-04-18 | 曙光信息产业(北京)有限公司 | 单包正则匹配设备和方法 |
Family Cites Families (77)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5428554A (en) | 1992-09-03 | 1995-06-27 | International Business Machines Corporation | Hierarchical graph analysis method and apparatus |
US5608662A (en) | 1995-01-12 | 1997-03-04 | Television Computer, Inc. | Packet filter engine |
US5893142A (en) | 1996-11-14 | 1999-04-06 | Motorola Inc. | Data processing system having a cache and method therefor |
US6314513B1 (en) | 1997-09-30 | 2001-11-06 | Intel Corporation | Method and apparatus for transferring data between a register stack and a memory resource |
US8010469B2 (en) | 2000-09-25 | 2011-08-30 | Crossbeam Systems, Inc. | Systems and methods for processing data flows |
US20070192863A1 (en) | 2005-07-01 | 2007-08-16 | Harsh Kapoor | Systems and methods for processing data flows |
US20110238855A1 (en) | 2000-09-25 | 2011-09-29 | Yevgeny Korsunsky | Processing data flows with a data flow processor |
US7046848B1 (en) | 2001-08-22 | 2006-05-16 | Olcott Peter L | Method and system for recognizing machine generated character glyphs and icons in graphic images |
US7225188B1 (en) | 2002-02-13 | 2007-05-29 | Cisco Technology, Inc. | System and method for performing regular expression matching with high parallelism |
AU2003259797A1 (en) | 2002-08-05 | 2004-02-23 | Fish, Robert | System and method of parallel pattern matching |
US7119577B2 (en) | 2002-08-28 | 2006-10-10 | Cisco Systems, Inc. | Method and apparatus for efficient implementation and evaluation of state machines and programmable finite state automata |
US7305391B2 (en) | 2003-02-07 | 2007-12-04 | Safenet, Inc. | System and method for determining the start of a match of a regular expression |
US7460473B1 (en) | 2003-02-14 | 2008-12-02 | Istor Networks, Inc. | Network receive interface for high bandwidth hardware-accelerated packet processing |
CA2521576A1 (en) | 2003-02-28 | 2004-09-16 | Lockheed Martin Corporation | Hardware accelerator state table compiler |
US7093231B2 (en) | 2003-05-06 | 2006-08-15 | David H. Alderson | Grammer for regular expressions |
US7685254B2 (en) | 2003-06-10 | 2010-03-23 | Pandya Ashish A | Runtime adaptable search processor |
US7870161B2 (en) * | 2003-11-07 | 2011-01-11 | Qiang Wang | Fast signature scan |
US8560475B2 (en) * | 2004-09-10 | 2013-10-15 | Cavium, Inc. | Content search mechanism that uses a deterministic finite automata (DFA) graph, a DFA state machine, and a walker process |
US7594081B2 (en) | 2004-09-10 | 2009-09-22 | Cavium Networks, Inc. | Direct access to low-latency memory |
US8392590B2 (en) | 2004-09-10 | 2013-03-05 | Cavium, Inc. | Deterministic finite automata (DFA) processing |
US20080189784A1 (en) | 2004-09-10 | 2008-08-07 | The Regents Of The University Of California | Method and Apparatus for Deep Packet Inspection |
US8301788B2 (en) | 2004-09-10 | 2012-10-30 | Cavium, Inc. | Deterministic finite automata (DFA) instruction |
US7260558B1 (en) | 2004-10-25 | 2007-08-21 | Hi/Fn, Inc. | Simultaneously searching for a plurality of patterns definable by complex expressions, and efficiently generating data for such searching |
US7356663B2 (en) | 2004-11-08 | 2008-04-08 | Intruguard Devices, Inc. | Layered memory architecture for deterministic finite automaton based string matching useful in network intrusion detection and prevention systems and apparatuses |
US7710988B1 (en) | 2005-03-11 | 2010-05-04 | Xambala Corporation | Method and system for non-deterministic finite automaton filtering |
US7979368B2 (en) | 2005-07-01 | 2011-07-12 | Crossbeam Systems, Inc. | Systems and methods for processing data flows |
US20080229415A1 (en) | 2005-07-01 | 2008-09-18 | Harsh Kapoor | Systems and methods for processing data flows |
US7702629B2 (en) | 2005-12-02 | 2010-04-20 | Exegy Incorporated | Method and device for high performance regular expression pattern matching |
US20070226362A1 (en) | 2006-03-21 | 2007-09-27 | At&T Corp. | Monitoring regular expressions on out-of-order streams |
US20080097959A1 (en) | 2006-06-14 | 2008-04-24 | Nec Laboratories America, Inc. | Scalable xml filtering with bottom up path matching and encoded path joins |
US20080071783A1 (en) | 2006-07-03 | 2008-03-20 | Benjamin Langmead | System, Apparatus, And Methods For Pattern Matching |
US20080034427A1 (en) | 2006-08-02 | 2008-02-07 | Nec Laboratories America, Inc. | Fast and scalable process for regular expression search |
US8220048B2 (en) | 2006-08-21 | 2012-07-10 | Wisconsin Alumni Research Foundation | Network intrusion detector with combined protocol analyses, normalization and matching |
GB2441351B (en) | 2006-09-01 | 2010-12-08 | 3Com Corp | Positionally dependent pattern checking in character strings using deterministic finite automata |
US8024691B2 (en) | 2006-09-28 | 2011-09-20 | Mcgill University | Automata unit, a tool for designing checker circuitry and a method of manufacturing hardware circuitry incorporating checker circuitry |
GB2443240B (en) | 2006-10-27 | 2009-05-06 | 3Com Corp | Signature checking using deterministic finite state machines |
WO2008073824A1 (en) | 2006-12-08 | 2008-06-19 | Pandya Ashish A | Dynamic programmable intelligent search memory |
US7912808B2 (en) | 2006-12-08 | 2011-03-22 | Pandya Ashish A | 100Gbps security and search architecture using programmable intelligent search memory that uses a power down mode |
US7962434B2 (en) | 2007-02-15 | 2011-06-14 | Wisconsin Alumni Research Foundation | Extended finite state automata and systems and methods for recognizing patterns in a data stream using extended finite state automata |
JP5299272B2 (ja) | 2007-04-12 | 2013-09-25 | 富士通株式会社 | 分析プログラムおよび分析装置 |
US9021582B2 (en) | 2007-04-24 | 2015-04-28 | Juniper Networks, Inc. | Parallelized pattern matching using non-deterministic finite automata |
US7788206B2 (en) | 2007-04-30 | 2010-08-31 | Lsi Corporation | State machine compression using multi-character state transition instructions |
US8024802B1 (en) | 2007-07-31 | 2011-09-20 | Hewlett-Packard Development Company, L.P. | Methods and systems for using state ranges for processing regular expressions in intrusion-prevention systems |
WO2009017131A1 (ja) | 2007-08-02 | 2009-02-05 | Nec Corporation | ε遷移を含まない非決定性有限オートマトン生成システムと方法およびプログラム |
US8086609B2 (en) | 2007-11-01 | 2011-12-27 | Cavium, Inc. | Graph caching |
US8819217B2 (en) * | 2007-11-01 | 2014-08-26 | Cavium, Inc. | Intelligent graph walking |
US8180803B2 (en) | 2007-11-27 | 2012-05-15 | Cavium, Inc. | Deterministic finite automata (DFA) graph compression |
US7949683B2 (en) | 2007-11-27 | 2011-05-24 | Cavium Networks, Inc. | Method and apparatus for traversing a compressed deterministic finite automata (DFA) graph |
US8683590B2 (en) | 2008-10-31 | 2014-03-25 | Alcatel Lucent | Method and apparatus for pattern matching for intrusion detection/prevention systems |
US8473523B2 (en) | 2008-10-31 | 2013-06-25 | Cavium, Inc. | Deterministic finite automata graph traversal with nodal bit mapping |
TWI482083B (zh) | 2008-12-15 | 2015-04-21 | Univ Nat Taiwan | 二階段式正規表示式比對處理方法及系統 |
TWI383618B (zh) | 2008-12-22 | 2013-01-21 | Univ Nat Taiwan | 管線架構型正規表示式樣式比對處理電路 |
US20100192225A1 (en) | 2009-01-28 | 2010-07-29 | Juniper Networks, Inc. | Efficient application identification with network devices |
KR101034389B1 (ko) * | 2009-04-22 | 2011-05-16 | (주) 시스메이트 | 패킷 내 시그니처 위치에 따른 시그니처 검색 방법 |
US20110016154A1 (en) | 2009-07-17 | 2011-01-20 | Rajan Goyal | Profile-based and dictionary based graph caching |
US8566344B2 (en) | 2009-10-17 | 2013-10-22 | Polytechnic Institute Of New York University | Determining whether an input string matches at least one regular expression using lookahead finite automata based regular expression detection |
US8291258B2 (en) | 2010-01-08 | 2012-10-16 | Juniper Networks, Inc. | High availability for network security devices |
US8458354B2 (en) | 2010-01-27 | 2013-06-04 | Interdisciplinary Center Herzliya | Multi-pattern matching in compressed communication traffic |
US8522199B2 (en) | 2010-02-26 | 2013-08-27 | Mcafee, Inc. | System, method, and computer program product for applying a regular expression to content based on required strings of the regular expression |
US8650146B2 (en) | 2010-06-24 | 2014-02-11 | Lsi Corporation | Impulse regular expression matching |
CN102075511B (zh) | 2010-11-01 | 2014-05-14 | 北京神州绿盟信息安全科技股份有限公司 | 一种数据匹配设备和方法以及网络入侵检测设备和方法 |
US9398033B2 (en) | 2011-02-25 | 2016-07-19 | Cavium, Inc. | Regular expression processing automaton |
US20120221494A1 (en) | 2011-02-25 | 2012-08-30 | International Business Machines Corporation | Regular expression pattern matching using keyword graphs |
US9203805B2 (en) | 2011-11-23 | 2015-12-01 | Cavium, Inc. | Reverse NFA generation and processing |
US9558299B2 (en) | 2012-04-30 | 2017-01-31 | Hewlett Packard Enterprise Development Lp | Submatch extraction |
RU2608464C2 (ru) | 2012-09-28 | 2017-01-18 | Телефонактиеболагет Лм Эрикссон (Пабл) | Устройство, способ и сетевой сервер для обнаружения структур данных в потоке данных |
US9064032B2 (en) | 2012-10-05 | 2015-06-23 | Intel Corporation | Blended match mode DFA scanning |
US9304768B2 (en) | 2012-12-18 | 2016-04-05 | Intel Corporation | Cache prefetch for deterministic finite automaton instructions |
US9177253B2 (en) * | 2013-01-31 | 2015-11-03 | Intel Corporation | System and method for DFA-NFA splitting |
US9507563B2 (en) | 2013-08-30 | 2016-11-29 | Cavium, Inc. | System and method to traverse a non-deterministic finite automata (NFA) graph generated for regular expression patterns with advanced features |
US9426165B2 (en) | 2013-08-30 | 2016-08-23 | Cavium, Inc. | Method and apparatus for compilation of finite automata |
US9419943B2 (en) | 2013-12-30 | 2016-08-16 | Cavium, Inc. | Method and apparatus for processing of finite automata |
US9904630B2 (en) | 2014-01-31 | 2018-02-27 | Cavium, Inc. | Finite automata processing based on a top of stack (TOS) memory |
US9602532B2 (en) | 2014-01-31 | 2017-03-21 | Cavium, Inc. | Method and apparatus for optimizing finite automata processing |
US10002326B2 (en) | 2014-04-14 | 2018-06-19 | Cavium, Inc. | Compilation of finite automata based on memory hierarchy |
US9438561B2 (en) | 2014-04-14 | 2016-09-06 | Cavium, Inc. | Processing of finite automata based on a node cache |
US10110558B2 (en) | 2014-04-14 | 2018-10-23 | Cavium, Inc. | Processing of finite automata based on memory hierarchy |
-
2013
- 2013-08-30 US US14/015,929 patent/US9426166B2/en active Active
-
2014
- 2014-08-28 CN CN201410432198.0A patent/CN104426910B/zh active Active
-
2015
- 2015-09-02 HK HK15108607.1A patent/HK1208103A1/zh unknown
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1716958A (zh) * | 2004-06-14 | 2006-01-04 | 鸿璟科技股份有限公司 | 使用子表式自动机的系统安全实施方法以及相关的系统 |
CN101360088A (zh) * | 2007-07-30 | 2009-02-04 | 华为技术有限公司 | 正则表达式编译、匹配系统及编译、匹配方法 |
CN101201836B (zh) * | 2007-09-04 | 2010-04-14 | 浙江大学 | 基于带记忆确定有限自动机的正则表达式匹配加速方法 |
US8051085B1 (en) * | 2008-07-18 | 2011-11-01 | Netlogic Microsystems, Inc. | Determining regular expression match lengths |
CN102148805A (zh) * | 2010-02-09 | 2011-08-10 | 华为技术有限公司 | 特征匹配方法和装置 |
CN102420750A (zh) * | 2011-11-28 | 2012-04-18 | 曙光信息产业(北京)有限公司 | 单包正则匹配设备和方法 |
Also Published As
Publication number | Publication date |
---|---|
CN104426910A (zh) | 2015-03-18 |
US9426166B2 (en) | 2016-08-23 |
HK1208103A1 (zh) | 2016-02-19 |
US20150067863A1 (en) | 2015-03-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104426910B (zh) | 用于处理有限自动机的方法和装置 | |
CN104426911B (zh) | 用于编译有限自动机的方法和装置 | |
US9419943B2 (en) | Method and apparatus for processing of finite automata | |
US9602532B2 (en) | Method and apparatus for optimizing finite automata processing | |
Wang et al. | Hyperscan: A fast multi-pattern regex matcher for modern {CPUs} | |
US9904630B2 (en) | Finite automata processing based on a top of stack (TOS) memory | |
US9823895B2 (en) | Memory management for finite automata processing | |
US10002326B2 (en) | Compilation of finite automata based on memory hierarchy | |
CN103733590B (zh) | 用于正则表达式的编译器 | |
JP4771390B2 (ja) | フィルタコードを使用するipsecポリシー管理を実行するための方法および装置 | |
Razzaq et al. | Ontology for attack detection: An intelligent approach to web application security | |
US8990259B2 (en) | Anchored patterns | |
CN111355686B (zh) | 泛洪攻击的防御方法、装置、系统和存储介质 | |
US20220006782A1 (en) | Efficient matching of feature-rich security policy with dynamic content using user group matching | |
Bouchachia et al. | Nature-inspired techniques for conformance testing of object-oriented software | |
CN102104609B (zh) | 一种网络协议安全缺陷分析方法 | |
Yang et al. | Fast submatch extraction using OBDDs | |
Flior et al. | A knowledge-based system implementation of intrusion detection rules | |
Khurat et al. | An ontology for SNORT rule | |
CN112994931A (zh) | 一种规则匹配的方法及其设备 | |
Leogrande et al. | Modeling complex packet filters with finite state automata | |
US20200145379A1 (en) | Efficient matching of feature-rich security policy with dynamic content using incremental precondition changes | |
US20140214748A1 (en) | Incremental dfa compilation with single rule granularity | |
EP3047382B1 (en) | Input filters and filter-driven input processing applied to input prior to providing input to a target component | |
US20200145377A1 (en) | Efficient matching of feature-rich security policy with dynamic content |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 1208103 Country of ref document: HK |
|
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP01 | Change in the name or title of a patent holder |
Address after: California, USA Patentee after: Cavium, Inc. Address before: California, USA Patentee before: Cavium, Inc. |
|
CP01 | Change in the name or title of a patent holder | ||
TR01 | Transfer of patent right |
Effective date of registration: 20200423 Address after: Singapore City Patentee after: Marvell Asia Pte. Ltd. Address before: Ford street, Grand Cayman, Cayman Islands Patentee before: Kaiwei international Co. Effective date of registration: 20200423 Address after: Ford street, Grand Cayman, Cayman Islands Patentee after: Kaiwei international Co. Address before: California, USA Patentee before: Cavium, Inc. |
|
TR01 | Transfer of patent right |