JP6055548B2 - データストリームにおいてデータパターンを検出する装置、方法、及びネットワークサーバ - Google Patents

データストリームにおいてデータパターンを検出する装置、方法、及びネットワークサーバ Download PDF

Info

Publication number
JP6055548B2
JP6055548B2 JP2015533458A JP2015533458A JP6055548B2 JP 6055548 B2 JP6055548 B2 JP 6055548B2 JP 2015533458 A JP2015533458 A JP 2015533458A JP 2015533458 A JP2015533458 A JP 2015533458A JP 6055548 B2 JP6055548 B2 JP 6055548B2
Authority
JP
Japan
Prior art keywords
state
data
state transition
register
alphabet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
JP2015533458A
Other languages
English (en)
Japanese (ja)
Other versions
JP2015533243A (ja
Inventor
ゲザ スザボ,
ゲザ スザボ,
ラファエル アントネロ,
ラファエル アントネロ,
ステニオ フェルナンデス,
ステニオ フェルナンデス,
ドジャメル サドク,
ドジャメル サドク,
Original Assignee
テレフオンアクチーボラゲット エルエム エリクソン(パブル)
テレフオンアクチーボラゲット エルエム エリクソン(パブル)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by テレフオンアクチーボラゲット エルエム エリクソン(パブル), テレフオンアクチーボラゲット エルエム エリクソン(パブル) filed Critical テレフオンアクチーボラゲット エルエム エリクソン(パブル)
Publication of JP2015533243A publication Critical patent/JP2015533243A/ja
Application granted granted Critical
Publication of JP6055548B2 publication Critical patent/JP6055548B2/ja
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V10/00Arrangements for image or video recognition or understanding
    • G06V10/94Hardware or software architectures specially adapted for image or video understanding
    • G06V10/95Hardware or software architectures specially adapted for image or video understanding structured as a network, e.g. client-server architectures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2455Query execution
    • G06F16/24564Applying rules; Deductive queries
    • G06F16/24565Triggers; Constraints
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/903Querying
    • G06F16/90335Query processing
    • G06F16/90344Query processing by using string matching techniques
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/50Testing arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2218/00Aspects of pattern recognition specially adapted for signal processing
    • G06F2218/08Feature extraction

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Computational Linguistics (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Multimedia (AREA)
  • Software Systems (AREA)
  • Compression, Expansion, Code Conversion, And Decoders (AREA)
  • Computer And Data Communications (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Document Processing Apparatus (AREA)
JP2015533458A 2012-09-28 2012-09-28 データストリームにおいてデータパターンを検出する装置、方法、及びネットワークサーバ Expired - Fee Related JP6055548B2 (ja)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2012/069198 WO2014048488A1 (en) 2012-09-28 2012-09-28 An apparatus for, a method of, and a network server for detecting data patterns in a data stream

Publications (2)

Publication Number Publication Date
JP2015533243A JP2015533243A (ja) 2015-11-19
JP6055548B2 true JP6055548B2 (ja) 2016-12-27

Family

ID=46970273

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2015533458A Expired - Fee Related JP6055548B2 (ja) 2012-09-28 2012-09-28 データストリームにおいてデータパターンを検出する装置、方法、及びネットワークサーバ

Country Status (6)

Country Link
US (1) US9870502B2 (enExample)
EP (1) EP2901643B1 (enExample)
JP (1) JP6055548B2 (enExample)
IN (1) IN2015DN01932A (enExample)
RU (1) RU2608464C2 (enExample)
WO (1) WO2014048488A1 (enExample)

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9398033B2 (en) 2011-02-25 2016-07-19 Cavium, Inc. Regular expression processing automaton
US9203805B2 (en) 2011-11-23 2015-12-01 Cavium, Inc. Reverse NFA generation and processing
US9426166B2 (en) 2013-08-30 2016-08-23 Cavium, Inc. Method and apparatus for processing finite automata
US9426165B2 (en) 2013-08-30 2016-08-23 Cavium, Inc. Method and apparatus for compilation of finite automata
US9563399B2 (en) 2013-08-30 2017-02-07 Cavium, Inc. Generating a non-deterministic finite automata (NFA) graph for regular expression patterns with advanced features
US9419943B2 (en) 2013-12-30 2016-08-16 Cavium, Inc. Method and apparatus for processing of finite automata
US9904630B2 (en) * 2014-01-31 2018-02-27 Cavium, Inc. Finite automata processing based on a top of stack (TOS) memory
US9602532B2 (en) 2014-01-31 2017-03-21 Cavium, Inc. Method and apparatus for optimizing finite automata processing
JP6421436B2 (ja) * 2014-04-11 2018-11-14 富士ゼロックス株式会社 不正通信検知装置及びプログラム
US10002326B2 (en) 2014-04-14 2018-06-19 Cavium, Inc. Compilation of finite automata based on memory hierarchy
US10110558B2 (en) 2014-04-14 2018-10-23 Cavium, Inc. Processing of finite automata based on memory hierarchy
US9438561B2 (en) 2014-04-14 2016-09-06 Cavium, Inc. Processing of finite automata based on a node cache
AU2017238633B2 (en) 2016-03-23 2022-04-21 Johnson Controls Tyco IP Holdings LLP Efficient state machines for real-time dataflow programming
US10033750B1 (en) * 2017-12-05 2018-07-24 Redberry Systems, Inc. Real-time regular expression search engine
JP6873032B2 (ja) * 2017-12-28 2021-05-19 株式会社日立製作所 通信監視システム、通信監視装置および通信監視方法
US10747525B2 (en) * 2018-03-09 2020-08-18 International Business Machines Corporation Distribution of a software upgrade via a network
CN113886482B (zh) * 2021-12-07 2022-03-08 北京华云安信息技术有限公司 面向图数据库的数据自动入库方法、装置和设备

Family Cites Families (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3141428B2 (ja) 1990-06-29 2001-03-05 株式会社日立製作所 数値検索装置およびその方法
JP2921119B2 (ja) 1990-12-26 1999-07-19 株式会社日立製作所 数値検索装置および数値検索方法
CA2156889C (en) 1994-09-30 1999-11-02 Edward L. Schwartz Method and apparatus for encoding and decoding data
US6839751B1 (en) * 1999-06-30 2005-01-04 Hi/Fn, Inc. Re-using information from data transactions for maintaining statistics in network monitoring
WO2003023553A2 (en) 2001-09-12 2003-03-20 Raqia Networks Inc. Method of generating a dfa state machine that groups transitions into classes in order to conserve memory
US20030149562A1 (en) * 2002-02-07 2003-08-07 Markus Walther Context-aware linear time tokenizer
US7085918B2 (en) * 2003-01-09 2006-08-01 Cisco Systems, Inc. Methods and apparatuses for evaluation of regular expressions of arbitrary size
US7082044B2 (en) * 2003-03-12 2006-07-25 Sensory Networks, Inc. Apparatus and method for memory efficient, programmable, pattern matching finite state machine hardware
US7685254B2 (en) 2003-06-10 2010-03-23 Pandya Ashish A Runtime adaptable search processor
JP4565064B2 (ja) 2003-12-25 2010-10-20 学校法人日本大学 高速マッチング法
US20050273450A1 (en) * 2004-05-21 2005-12-08 Mcmillen Robert J Regular expression acceleration engine and processing model
US20060085389A1 (en) * 2004-08-26 2006-04-20 Sensory Networks, Inc. Method for transformation of regular expressions
US7702629B2 (en) * 2005-12-02 2010-04-20 Exegy Incorporated Method and device for high performance regular expression pattern matching
US7725510B2 (en) 2006-08-01 2010-05-25 Alcatel-Lucent Usa Inc. Method and system for multi-character multi-pattern pattern matching
WO2008053762A1 (en) 2006-11-01 2008-05-08 Nec Corporation Information storing/retrieving method and device for state transition table, and program
US7962434B2 (en) 2007-02-15 2011-06-14 Wisconsin Alumni Research Foundation Extended finite state automata and systems and methods for recognizing patterns in a data stream using extended finite state automata
US7904961B2 (en) 2007-04-20 2011-03-08 Juniper Networks, Inc. Network attack detection using partial deterministic finite automaton pattern matching
US9021582B2 (en) 2007-04-24 2015-04-28 Juniper Networks, Inc. Parallelized pattern matching using non-deterministic finite automata
US7788206B2 (en) 2007-04-30 2010-08-31 Lsi Corporation State machine compression using multi-character state transition instructions
US7991723B1 (en) 2007-07-16 2011-08-02 Sonicwall, Inc. Data pattern analysis using optimized deterministic finite automaton
CN101499065B (zh) * 2008-02-01 2011-11-02 华为技术有限公司 基于fa的表项压缩方法及装置、表项匹配方法及装置
US8473523B2 (en) * 2008-10-31 2013-06-25 Cavium, Inc. Deterministic finite automata graph traversal with nodal bit mapping
US8219581B2 (en) * 2009-05-13 2012-07-10 Teradata Us, Inc. Method and system for analyzing ordered data using pattern matching in a relational database
US8504510B2 (en) * 2010-01-07 2013-08-06 Interdisciplinary Center Herzliya State machine compression for scalable pattern matching
US9305116B2 (en) * 2010-04-20 2016-04-05 International Business Machines Corporation Dual DFA decomposition for large scale regular expression matching
US8515891B2 (en) * 2010-11-19 2013-08-20 Microsoft Corporation Symbolic finite automata

Also Published As

Publication number Publication date
EP2901643B1 (en) 2017-03-22
WO2014048488A1 (en) 2014-04-03
RU2015115889A (ru) 2016-11-20
RU2608464C2 (ru) 2017-01-18
IN2015DN01932A (enExample) 2015-08-07
US20150262009A1 (en) 2015-09-17
JP2015533243A (ja) 2015-11-19
EP2901643A1 (en) 2015-08-05
US9870502B2 (en) 2018-01-16

Similar Documents

Publication Publication Date Title
JP6055548B2 (ja) データストリームにおいてデータパターンを検出する装置、方法、及びネットワークサーバ
CN110597734B (zh) 一种适用于工控私有协议的模糊测试用例生成方法
US9825841B2 (en) Method of and network server for detecting data patterns in an input data stream
KR102387725B1 (ko) 멀웨어 호스트 넷플로우 분석 시스템 및 방법
US7411418B2 (en) Efficient representation of state transition tables
CN112003870A (zh) 一种基于深度学习的网络加密流量识别方法及装置
US20220368706A1 (en) Attack Behavior Detection Method and Apparatus, and Attack Detection Device
KR20140051914A (ko) 규칙적 표현들에 대한 컴파일러
JP2019110513A (ja) 異常検知方法、学習方法、異常検知装置、および、学習装置
US20110004936A1 (en) Botnet early detection using hybrid hidden markov model algorithm
CN107222491A (zh) 一种基于工业控制网络变种攻击的入侵检测规则创建方法
CN116192527B (zh) 攻击流量检测规则生成方法、装置、设备及存储介质
CN118709184A (zh) 恶意代码逃逸检测方法及装置
CN113810372A (zh) 一种低吞吐量dns隐蔽信道检测方法及装置
CN112995218A (zh) 域名的异常检测方法、装置及设备
CN117014198A (zh) 游戏平台网络安全检测方法及其系统
CN111680303A (zh) 漏洞扫描方法、装置、存储介质及电子设备
CN114363005A (zh) 基于机器学习的icmp检测方法、系统、设备及介质
CN112565259A (zh) 过滤dns隧道木马通信数据的方法及装置
CN112583827A (zh) 一种数据泄露检测方法及装置
US8289854B1 (en) System, method, and computer program product for analyzing a protocol utilizing a state machine based on a token determined utilizing another state machine
CN113382003A (zh) 一种基于两级过滤器的rtsp混合入侵检测方法
JP7682828B2 (ja) 異常通信検知装置、異常通信検知方法及び異常通信検知プログラム
CN114745336B (zh) 基于rfc的报文分类方法、装置、计算机设备和存储介质
CN119025922B (zh) 融合可解释模型与大语言模型的入侵检测与诊断方法

Legal Events

Date Code Title Description
A529 Written submission of copy of amendment under article 34 pct

Free format text: JAPANESE INTERMEDIATE CODE: A529

Effective date: 20150511

A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20150511

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20160223

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20160229

A601 Written request for extension of time

Free format text: JAPANESE INTERMEDIATE CODE: A601

Effective date: 20160530

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20160825

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20161107

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20161202

R150 Certificate of patent or registration of utility model

Ref document number: 6055548

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

LAPS Cancellation because of no payment of annual fees