CN111552520B - User-defined application identification method and system - Google Patents
User-defined application identification method and system Download PDFInfo
- Publication number
- CN111552520B CN111552520B CN202010277600.8A CN202010277600A CN111552520B CN 111552520 B CN111552520 B CN 111552520B CN 202010277600 A CN202010277600 A CN 202010277600A CN 111552520 B CN111552520 B CN 111552520B
- Authority
- CN
- China
- Prior art keywords
- user
- dimension information
- defined application
- information
- bit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44521—Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method and a system for identifying user-defined application, belongs to the technical field of user-defined application identification, and solves the problem that the identification performance of the user-defined application in the prior art is obviously reduced along with the increase of the number and the dimension of user-defined application rules. A user-defined application identification method initializes global variables; newly adding a custom application rule, storing the dimension information of the custom application, applying for a memory for the dimension information, and assigning the dimension information to a corresponding bitmap pointer; setting the position of the unset dimension information according to the ID of the user-defined application; analyzing the message to obtain the dimension information, obtaining corresponding bitmap pointer information, and performing bit and operation on the bitmap pointer information to obtain the final ID of the user-defined application. The identification performance of the user-defined application is not obviously reduced along with the increase of the number and the dimensionality of the user-defined rules in the identification process of the user-defined application.
Description
Technical Field
The invention relates to the technical field of user-defined application identification, in particular to a user-defined application identification method and system.
Background
With the rapid development of internet services, the number of applications on the internet is rapidly increased, and as a network security manufacturer, application characteristics need to be analyzed periodically, predefined application characteristics need to be updated, and application identification is performed; however, the predefined application number cannot meet all the requirements of the customers, and meanwhile, in a specific application scenario, for example, in an intranet environment, a user needs to self-designate an application name according to the flow characteristics in the intranet environment and perform policy matching processing on the designated application; when a user configures a plurality of rules of the custom application on the network security device, the performance problem identified by the custom application also becomes an important performance influencing part.
At present, most security manufacturers realize the function of self-defining application rule query based on a linked list traversal mode, and the specific implementation process is as follows: configuring a self-defining rule by a user, for example, designating a self-application name as test, and configuring port, IP and domain name information; the self-defined rule is stored in a data structure of a linked list; when a user accesses the internet or the intranet, the network safety equipment can analyze messages, analyze port and IP information, traverse and compare the linked list, match the IP at the same time, consider that the user-defined application is matched when the port and domain name information are matched, stop matching at the same time, return the linked list nodes, and obtain the user-defined application name structurally stored in the linked list.
The effect of searching for the custom application can be achieved based on the mode of comparing the port and the IP by traversing the linked list, and when the number of the configured rules is small, the performance has no great influence, but a plurality of defects exist, specifically as follows: (1) the identification performance of the user-defined application is obviously reduced along with the increase of the number of the user-defined application rules; when a user configures a plurality of self-defined rules, for example, configures 200 self-defined rules, and uses a linked list traversal structure, each message needs to be matched 200 times to determine whether the self-defined application is matched or not in the worst case; the time complexity of the method is O (n), so that the matching time length is linearly increased when a plurality of custom rules are processed; (2) performance decreases significantly as the dimension of the custom application rule increases; at present, the user-defined identification dimensions of most manufacturers are only ports, IP and domain names; when the identification dimensions, such as an IP layer protocol number and a message direction, are subsequently added, performance is degraded due to matching of each dimension.
Disclosure of Invention
The invention aims to overcome at least one technical defect and provides a method and a system for identifying user-defined applications.
In one aspect, the present invention provides a method for identifying a user-defined application, including a user-defined application loading method and a user-defined application matching method, where the user-defined application loading method specifically includes the following steps:
initializing a global variable when the network security equipment is started;
newly adding a custom application rule, storing dimension information of the custom application in an array corresponding to a structural body of the global variable, applying for a memory for the dimension information, and assigning the dimension information to a corresponding bitmap pointer;
searching whether the position of the dimension information is set or not according to the ID of the user-defined application, and if not, setting the position of the dimension information;
the user-defined application matching method specifically comprises the following steps:
analyzing the message to obtain the dimension information, and obtaining a corresponding structural body according to the dimension information;
and obtaining corresponding bitmap pointer information according to the structural body, and performing bit and operation on the bitmap pointer information to obtain the final ID of the custom application.
Further, the dimension information is specifically port information or IP information.
Further, the dimension information of the user-defined application is stored in the array corresponding to the structure body of the global variable, specifically including searching in the array corresponding to the structure body of the global variable through a binary search method to obtain an optimal storage position of the dimension information of the user-defined application, and storing the dimension information of the user-defined application in the optimal storage position.
Further, the method for identifying the user-defined application further includes, if a plurality of bits obtained after performing bit and operation on the bitmap pointer information are all 1, selecting a bit with the lowest bit being 1 as a result of the bit and operation.
On the other hand, the invention also provides an identification system of the user-defined application, which comprises an initialization module, a dimension information processing module, a setting module, a structure body acquisition module and a user-defined application ID acquisition module;
the initialization module is used for initializing a global variable when the network security equipment is started;
the dimension information processing module is used for newly adding a custom application rule, storing dimension information of the custom application in an array corresponding to a structural body of the global variable, applying for a memory for the dimension information, and assigning the dimension information to a corresponding bitmap pointer;
the setting module is used for searching whether the position of the dimension information is set or not according to the ID of the user-defined application, and if not, setting the position of the dimension information;
the structure body acquisition module is used for analyzing the message to obtain the dimension information and acquiring a corresponding structure body according to the dimension information;
and the custom application ID acquisition module is used for acquiring corresponding bitmap pointer information according to the structural body, and performing bit and operation on the bitmap pointer information to obtain the final ID of the custom application.
Further, the dimension information processing module stores the dimension information of the user-defined application in the array corresponding to the structure body of the global variable, specifically includes searching in the array corresponding to the structure body of the global variable by a binary search method to obtain an optimal storage position of the dimension information of the user-defined application, and storing the dimension information of the user-defined application in the optimal storage position.
Further, the identification system of the user-defined application further comprises a bit selection module, wherein the bit selection module is used for selecting the bit with the lowest bit being 1 as the result of the bit and the operation under the condition that a plurality of bits are 1 after the bit and the operation are carried out on the bitmap pointer information.
Compared with the prior art, the invention has the beneficial effects that: when a user-defined application is loaded, initializing a global variable when the network security equipment is started; newly adding a custom application rule, storing dimension information of the custom application in an array corresponding to a structural body of the global variable, applying for a memory for the dimension information, and assigning the dimension information to a corresponding bitmap pointer; searching whether the position of the dimension information is set or not according to the ID of the user-defined application, and if not, setting the position of the dimension information; when the user-defined applications are matched, analyzing the messages to obtain the dimension information, and obtaining a corresponding structural body according to the dimension information; obtaining corresponding bitmap pointer information according to the structural body, and carrying out bit and operation on the bitmap pointer information to obtain the final ID of the user-defined application; the identification performance of the user-defined application is not obviously reduced along with the increase of the number and the dimensionality of the user-defined rules in the identification process of the user-defined application.
Drawings
Fig. 1 is a schematic flowchart of a user-defined application loading method according to embodiment 1 of the present invention;
fig. 2 is a schematic flowchart of a matching method for a user-defined application according to embodiment 1 of the present invention;
FIG. 3 is a schematic diagram of an internal maintenance array structure according to embodiment 1 of the present invention;
fig. 4 is a detailed flowchart of the user-defined application loading method according to embodiment 1 of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Example 1
The embodiment of the invention provides a method for identifying a user-defined application, which comprises a user-defined application loading method and a user-defined application matching method, wherein the flow diagram of the user-defined application loading method is shown in figure 1, and the user-defined application loading method specifically comprises the following steps:
initializing a global variable when the network security equipment is started;
newly adding a custom application rule, storing dimension information of the custom application in an array corresponding to a structural body of the global variable, applying for a memory for the dimension information, and assigning the dimension information to a corresponding bitmap pointer;
searching whether the position of the dimension information is set or not according to the ID of the user-defined application, and if not, setting the position of the dimension information;
as shown in fig. 2, the flow diagram of the user-defined application matching method specifically includes the following steps:
analyzing the message to obtain the dimension information, and obtaining a corresponding structural body according to the dimension information;
and obtaining corresponding bitmap pointer information according to the structural body, and performing bit and operation on the bitmap pointer information to obtain the final ID of the custom application.
It should be noted that a Bitmap data structure is adopted to store each dimension, such as a port and an IP, in a custom application (rule), each dimension independently uses a Bitmap to store a corresponding custom ID, each dimension in the custom application (rule) independently uses a structure array global variable to store information of the dimension, such as a port, and port information is stored in the structure array global variable and is sorted according to the port information;
in the BitMap data structure, the internal maintenance array charm [ N ] may store N × 8 data, but the maximum number may only be N × 8-1, and if the range of data to be stored is 0-15, it is only necessary to make N equal to 1, so that the data may be stored, and the internal maintenance array structure is schematically illustrated as shown in fig. 3; for the internal array char M [8 × 1024], in doing so, 8K × 8 ═ 64K bits can be stored; the positions of the stored bytes and the positions of the stored bits are 0-8191 and 0-7 respectively; internal implementations all use bit operations, such as putting 1234 th position 1, endian 1234> >3 equal to 154; if the bit sequence 0x80> > (1234&0x07) ═ 2, then 1234 is placed at the subscript 154 byte of M, and the number 2 bit (0-7) of the byte is set to 1;
for a set operation (set operation kth bit), M [ k > >3] | (0x80> > (k &0x07)), which can be interpreted such that M [ kth flag bit located byte (k/8 rounding) ] | (number of bits (remainder) of the kth flag bit in the located byte), for a reset operation (set operation kth bit), M [ k > >3] & - (0x80> (k &0x07)), which can be interpreted such that M [ kth flag bit located byte (k/8 rounding) ] & - (number of bits (remainder) of the kth flag bit in the located byte), for an access operation (set operation kth bit), return M [ k > >3] & (0x80> (k &0x07)), which can be interpreted such that M [ k ] of the byte [ kth flag bit located byte (k/8 rounding value (k/8 rounding bit) of the kth flag bit) is located in the located byte, for capacity expansion operation, if the accessed M [ k ] is out of bounds, capacity expansion is needed, similar to the vector capacity expansion principle, the memory is redistributed, the capacity is doubled, and the original data is transferred to a new space;
in a specific embodiment, when a network security device is started, a global variable G _ bitmap _ port is initialized, and the global variable G _ bitmap _ port is used for storing bitmap information; each dimension has independent bitmap structure information;
preferably, the dimension information is port information or IP information.
Preferably, the storing of the dimension information of the user-defined application in the array corresponding to the structure body of the global variable specifically includes searching in the array corresponding to the structure body of the global variable by a binary search method to obtain an optimal storage position of the dimension information of the user-defined application, and storing the dimension information of the user-defined application in the optimal storage position.
In a specific embodiment, a detailed flowchart of the user-defined application loading method is shown in fig. 4; when a custom application rule is newly added, for example, port information is configured, a binary search method is carried out in global variables in the G _ bitmap _ port [ ] to search, and a proper storage position is obtained; specifically, an array index value suitable for insertion of the port is returned through binary search to obtain a G _ bitmap _ port [ ] array index value, and the port configured by the current custom application rule is added into an array corresponding to a G _ bitmap _ port [ ] structure according to the size sequence to obtain a final index value of the G _ bitmap _ port [ ] array; applying for a memory and assigning to bitmap pointer information G _ bitmap _ port [ xx ] - > bitmap, wherein xx is an index value; and calling bitmap _ test () to find whether the bit of the dimension information (port) is set or not according to the user-defined application ID, if not, carrying out bit _ set operation, setting the bit of the dimension information, and ending the loading of the user-defined application.
Preferably, the method for identifying the user-defined application further includes, if a plurality of bits obtained after performing bit and operation on the bitmap pointer information are all 1, selecting a bit with a lowest bit being 1 as a result of the bit and operation.
In another specific embodiment, the dimension information is port information, corresponding port information is obtained through message analysis, and the position in the G _ bitmap _ port [ ] is obtained according to the port information, and because the G _ bitmap _ port [ ] is sequentially increased in the process of saving data, the time complexity of viewing the index position at the position is O (1); according to the searched index position, obtaining corresponding bitmap pointer information g _ bitmap _ port [ n ] - > bitmap; the Bitmap information stores corresponding self-defined application ID information; similarly, matching of other dimension information can be carried out, after bitmap pointer information is obtained, bit and operation are carried out, and a user-defined ID is obtained; the resulting bit and operation here may result in multiple bits all being 1, with the lowest order bit being 1 selected to result in the final custom application ID.
Example 2
The embodiment of the invention also provides an identification method of user-defined application, the maximum number of configurable user-defined application rules is 500, each bit represents a specification ID, which can be expressed by the following forms,
rule _ max _ num: the maximum number of custom application specifications g _ bitmap _ len: the number of bytes required for a Bitmap, g _ Bitmap _ len ═ rule _ max _ num/64) + ((0 ═ rule _ max _ num% 64);
each custom application rule comprises a custom application name, application description information, IP and port information, and the IP, the port information and the custom application are synchronously updated into a bitmap structure when one custom application rule is configured;
when the equipment is started, initializing a global variable G _ bitmap _ port; the G _ Bitmap _ ip is used for storing Bitmap information;
when a user-defined application (rule) is newly added, for example, port information is configured, a binary search method is carried out in global variables in the G _ bitmap _ port [ MAX ] to search and obtain a proper storage position, and when IP information is configured, inquiry is carried out in the G _ bitmap _ IP [ MAX ] to obtain a stored position; (MAX is the maximum number of custom applications);
respectively adding the ports and the IPs configured by the current custom rule into the arrays corresponding to the G _ bitmap _ port [ MAX ] and G _ bitmap _ port [ IP ] structural bodies according to the sequence of the sizes;
respectively applying for memories and assigning to G _ bitmap _ port [ MAX ] - > bitmap and G _ bitmap _ ip [ MAX ] - > bitmap. The applied memory size is G _ bitmap _ size;
calling bitmap _ test () to find whether the bit is set or not according to the user-defined application ID;
carrying out bit _ set operation and carrying out corresponding position bit;
after the message is analyzed, corresponding port and IP information are obtained, a G _ bitmap _ port [ MAX ] array is searched for according to the port as an index to obtain the position of the value in the G _ bitmap _ port [ MAX ], and G _ bitmap _ port [ ] is sequentially increased in the process of saving data; the temporal complexity of looking at the index location here is therefore O (1);
and according to the searched index position, obtaining corresponding bitmap pointer information, g _ bitmap _ port [ n ] - > bitmap. The Bitmap information stores corresponding self-defined application ID information; performing information matching of IP dimension; obtaining Bitmap information of port dimension and IP dimension respectively, and performing bit and operation of the two dimensions to obtain a user-defined ID; the bits and operation obtained here can obtain a plurality of bits all being 1, and the lowest bit is selected to be 1, so as to obtain the final self-defined application ID;
it should be noted that, using the data structure of the Bitmap, it is necessary to initialize a plurality of global structure array variables at the start of the device and store information of each dimension. For example, the specification is 500, each dimension needs to define a structure array with 500 element numbers, and a memory is applied to store bitmap information in each array element.
Example 3
The embodiment of the invention provides an identification system of user-defined application, which comprises an initialization module, a dimension information processing module, a setting module, a structural body acquisition module and a user-defined application ID acquisition module;
the initialization module is used for initializing a global variable when the network security equipment is started;
the dimension information processing module is used for newly adding a custom application rule, storing dimension information of the custom application in an array corresponding to a structural body of the global variable, applying for a memory for the dimension information, and assigning the dimension information to a corresponding bitmap pointer;
the setting module is used for searching whether the position of the dimension information is set or not according to the ID of the user-defined application, and if not, setting the position of the dimension information;
the structure body acquisition module is used for analyzing the message to obtain the dimension information and acquiring a corresponding structure body according to the dimension information;
and the custom application ID acquisition module is used for acquiring corresponding bitmap pointer information according to the structural body, and performing bit and operation on the bitmap pointer information to obtain the final ID of the custom application.
Preferably, the dimension information processing module stores the dimension information of the user-defined application in the array corresponding to the structure body of the global variable, specifically includes searching in the array corresponding to the structure body of the global variable by a binary search method to obtain an optimal storage position of the dimension information of the user-defined application, and storing the dimension information of the user-defined application in the optimal storage position.
Preferably, the identification system of the user-defined application further includes a bit selection module, and the bit selection module is configured to select a bit with the lowest bit being 1 as a result of bit and operation when a plurality of bits are all 1 after the bit and operation are performed on the bitmap pointer information.
The invention discloses a method and a system for identifying user-defined application, wherein when the user-defined application is loaded, a global variable is initialized when a network security device is started; newly adding a custom application rule, storing dimension information of the custom application in an array corresponding to a structural body of the global variable, applying for a memory for the dimension information, and assigning the dimension information to a corresponding bitmap pointer; searching whether the position of the dimension information is set or not according to the ID of the user-defined application, and if not, setting the position of the dimension information; when the user-defined applications are matched, analyzing the messages to obtain the dimension information, and obtaining a corresponding structural body according to the dimension information; obtaining corresponding bitmap pointer information according to the structural body, and carrying out bit and operation on the bitmap pointer information to obtain the final ID of the user-defined application; the identification performance of the user-defined application is not obviously reduced along with the increase of the number and the dimensionality of the user-defined rules in the identification process of the user-defined application.
Those skilled in the art will appreciate that all or part of the flow of the method implementing the above embodiments may be implemented by a computer program, which is stored in a computer readable storage medium, to instruct related hardware. The computer readable storage medium is a magnetic disk, an optical disk, a read-only memory or a random access memory.
The above-described embodiments of the present invention should not be construed as limiting the scope of the present invention. Any other corresponding changes and modifications made according to the technical idea of the present invention should be included in the protection scope of the claims of the present invention.
Claims (5)
1. A method for identifying a user-defined application is characterized by comprising a user-defined application loading method and a user-defined application matching method, wherein the user-defined application loading method specifically comprises the following steps:
initializing a global variable when the network security equipment is started;
newly adding a custom application rule, storing dimension information of the custom application in an array corresponding to a structural body of the global variable, applying for a memory for the dimension information, and assigning the dimension information to a corresponding bitmap pointer;
searching whether the position of the dimension information is set or not according to the ID of the user-defined application, and if not, setting the position of the dimension information;
the user-defined application matching method specifically comprises the following steps:
analyzing the message to obtain the dimension information, and obtaining a corresponding structural body according to the dimension information;
obtaining corresponding bitmap pointer information according to the structural body, and carrying out bit and operation on the bitmap pointer information to obtain the final ID of the user-defined application;
and saving the dimension information of the user-defined application in the array corresponding to the structure body of the global variable, specifically, searching in the array corresponding to the structure body of the global variable through a binary search method to obtain an optimal saving position of the dimension information of the user-defined application, and saving the dimension information of the user-defined application in the optimal saving position.
2. The method according to claim 1, wherein the dimension information is port information or IP information.
3. The method of claim 1, further comprising selecting the bit with the lowest order of 1 as the result of the bit AND operation if the bit map pointer information is subjected to the bit AND operation and the obtained bits are all 1.
4. The identification system of the user-defined application is characterized by comprising an initialization module, a dimension information processing module, a setting module, a structural body acquisition module and a user-defined application ID acquisition module;
the initialization module is used for initializing a global variable when the network security equipment is started;
the dimension information processing module is used for newly adding a custom application rule, storing dimension information of the custom application in an array corresponding to a structural body of the global variable, applying for a memory for the dimension information, and assigning the dimension information to a corresponding bitmap pointer;
the setting module is used for searching whether the position of the dimension information is set or not according to the ID of the user-defined application, and if not, setting the position of the dimension information;
the structure body acquisition module is used for analyzing the message to obtain the dimension information and acquiring a corresponding structure body according to the dimension information;
the user-defined application ID acquisition module is used for acquiring corresponding bitmap pointer information according to the structural body, and performing bit and operation on the bitmap pointer information to obtain the final ID of the user-defined application;
the dimension information processing module is used for storing the dimension information of the user-defined application in the array corresponding to the structure body of the global variable, and specifically comprises the steps of searching in the array corresponding to the structure body of the global variable through a binary search method to obtain the optimal storage position of the dimension information of the user-defined application, and storing the dimension information of the user-defined application in the optimal storage position.
5. The system of claim 4, further comprising a bit selection module, wherein the bit selection module is configured to select a bit with the lowest bit being 1 as a result of a bit AND operation when a plurality of bits obtained after performing the bit AND operation on the bitmap pointer information are all 1.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010277600.8A CN111552520B (en) | 2020-04-10 | 2020-04-10 | User-defined application identification method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010277600.8A CN111552520B (en) | 2020-04-10 | 2020-04-10 | User-defined application identification method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111552520A CN111552520A (en) | 2020-08-18 |
| CN111552520B true CN111552520B (en) | 2021-07-27 |
Family
ID=72002443
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010277600.8A Active CN111552520B (en) | 2020-04-10 | 2020-04-10 | User-defined application identification method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111552520B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112688884B (en) * | 2020-12-30 | 2023-04-07 | 北京安博通科技股份有限公司 | Encrypted flow custom application identification method, system, device and storage medium |
| CN112910894A (en) * | 2021-02-01 | 2021-06-04 | 武汉思普崚技术有限公司 | Method for realizing quick matching of strategies |
| CN113835755B (en) * | 2021-09-24 | 2023-08-22 | 天津津航计算技术研究所 | Method for realizing serial port control console in operating system-free environment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7308446B1 (en) * | 2003-01-10 | 2007-12-11 | Cisco Technology, Inc. | Methods and apparatus for regular expression matching |
| CN104516888A (en) * | 2013-09-27 | 2015-04-15 | 腾讯科技(北京)有限公司 | Authority query method and device of multi-dimensional data |
| CN108647339A (en) * | 2018-05-14 | 2018-10-12 | 五八有限公司 | A kind of dimensionality analysis method, apparatus, equipment and storage medium |
| CN110581857A (en) * | 2019-09-17 | 2019-12-17 | 武汉思普崚技术有限公司 | virtual execution malicious software detection method and system |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8347272B2 (en) * | 2008-07-23 | 2013-01-01 | International Business Machines Corporation | Call graph dependency extraction by static source code analysis |
| CN106354647B (en) * | 2016-08-31 | 2018-02-27 | 腾讯科技(深圳)有限公司 | One kind applies detection method and server |
| CN110633388B (en) * | 2019-08-15 | 2021-12-28 | 广东宜通衡睿科技有限公司 | Real-time index generation method, system and storage medium based on communication XDR |
-
2020
- 2020-04-10 CN CN202010277600.8A patent/CN111552520B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7308446B1 (en) * | 2003-01-10 | 2007-12-11 | Cisco Technology, Inc. | Methods and apparatus for regular expression matching |
| CN104516888A (en) * | 2013-09-27 | 2015-04-15 | 腾讯科技(北京)有限公司 | Authority query method and device of multi-dimensional data |
| CN108647339A (en) * | 2018-05-14 | 2018-10-12 | 五八有限公司 | A kind of dimensionality analysis method, apparatus, equipment and storage medium |
| CN110581857A (en) * | 2019-09-17 | 2019-12-17 | 武汉思普崚技术有限公司 | virtual execution malicious software detection method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111552520A (en) | 2020-08-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111552520B (en) | User-defined application identification method and system | |
| US9269411B2 (en) | Organizing data in a hybrid memory for search operations | |
| CN106852185B (en) | Parallelly compressed encoder based on dictionary | |
| US10491521B2 (en) | Field checking based caching of ACL lookups to ease ACL lookup search | |
| US7469243B2 (en) | Method and device for searching fixed length data | |
| US20060265363A1 (en) | Network processor with single interface supporting tree search engine and cam | |
| US10095720B2 (en) | Database table index | |
| US6928430B1 (en) | Prefix match search scheme | |
| US20090307175A1 (en) | Parallel pattern matching on multiple input streams in a data processing system | |
| US10958770B2 (en) | Realization of a programmable forwarding pipeline through packet header summaries in a data processing unit | |
| CN106844676A (en) | Date storage method and device | |
| CN108664518B (en) | Method and device for realizing table look-up processing | |
| US7788445B2 (en) | Intelligent allocation of programmable comparison operations for reducing the number of associative memory entries required | |
| CN116975061A (en) | Data processing device, method and chip | |
| US9703484B2 (en) | Memory with compressed key | |
| US10795580B2 (en) | Content addressable memory system | |
| US20160105363A1 (en) | Memory system for multiple clients | |
| CN111444218B (en) | Matching method and device of combination rules | |
| US9916086B2 (en) | Content-addressable memory device | |
| CN113434596A (en) | Method and device for generating test data of distributed database | |
| EP3255571B1 (en) | System and method for efficient interval search using locality-preserving hashing | |
| KR102229554B1 (en) | Method and Device for Generating Hash Key | |
| CN115309947B (en) | Method and system for realizing online analysis engine based on graph | |
| EP3293926A1 (en) | System for storing graph data structures | |
| CN117453733B (en) | TCAM (ternary content addressable memory) quick query system based on FPGA (field programmable Gate array) |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |