RU2608464C2 - Устройство, способ и сетевой сервер для обнаружения структур данных в потоке данных - Google Patents

Устройство, способ и сетевой сервер для обнаружения структур данных в потоке данных Download PDF

Info

Publication number
RU2608464C2
RU2608464C2 RU2015115889A RU2015115889A RU2608464C2 RU 2608464 C2 RU2608464 C2 RU 2608464C2 RU 2015115889 A RU2015115889 A RU 2015115889A RU 2015115889 A RU2015115889 A RU 2015115889A RU 2608464 C2 RU2608464 C2 RU 2608464C2
Authority
RU
Russia
Prior art keywords
state
data
register
character
state transition
Prior art date
Application number
RU2015115889A
Other languages
English (en)
Russian (ru)
Other versions
RU2015115889A (ru
Inventor
Геза Сабо
Рафаэль АНТОНЕЛЛО
Стенио ФЕРНАНДЕС
Джамель САДОК
Original Assignee
Телефонактиеболагет Лм Эрикссон (Пабл)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Телефонактиеболагет Лм Эрикссон (Пабл) filed Critical Телефонактиеболагет Лм Эрикссон (Пабл)
Publication of RU2015115889A publication Critical patent/RU2015115889A/ru
Application granted granted Critical
Publication of RU2608464C2 publication Critical patent/RU2608464C2/ru

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/903Querying
    • G06F16/90335Query processing
    • G06F16/90344Query processing by using string matching techniques
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V10/00Arrangements for image or video recognition or understanding
    • G06V10/94Hardware or software architectures specially adapted for image or video understanding
    • G06V10/95Hardware or software architectures specially adapted for image or video understanding structured as a network, e.g. client-server architectures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2455Query execution
    • G06F16/24564Applying rules; Deductive queries
    • G06F16/24565Triggers; Constraints
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/50Testing arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2218/00Aspects of pattern recognition specially adapted for signal processing
    • G06F2218/08Feature extraction

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Computational Linguistics (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Multimedia (AREA)
  • Software Systems (AREA)
  • Compression, Expansion, Code Conversion, And Decoders (AREA)
  • Computer And Data Communications (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Document Processing Apparatus (AREA)
RU2015115889A 2012-09-28 2012-09-28 Устройство, способ и сетевой сервер для обнаружения структур данных в потоке данных RU2608464C2 (ru)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2012/069198 WO2014048488A1 (en) 2012-09-28 2012-09-28 An apparatus for, a method of, and a network server for detecting data patterns in a data stream

Publications (2)

Publication Number Publication Date
RU2015115889A RU2015115889A (ru) 2016-11-20
RU2608464C2 true RU2608464C2 (ru) 2017-01-18

Family

ID=46970273

Family Applications (1)

Application Number Title Priority Date Filing Date
RU2015115889A RU2608464C2 (ru) 2012-09-28 2012-09-28 Устройство, способ и сетевой сервер для обнаружения структур данных в потоке данных

Country Status (6)

Country Link
US (1) US9870502B2 (enExample)
EP (1) EP2901643B1 (enExample)
JP (1) JP6055548B2 (enExample)
IN (1) IN2015DN01932A (enExample)
RU (1) RU2608464C2 (enExample)
WO (1) WO2014048488A1 (enExample)

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9398033B2 (en) 2011-02-25 2016-07-19 Cavium, Inc. Regular expression processing automaton
US9203805B2 (en) 2011-11-23 2015-12-01 Cavium, Inc. Reverse NFA generation and processing
US9426166B2 (en) 2013-08-30 2016-08-23 Cavium, Inc. Method and apparatus for processing finite automata
US9426165B2 (en) 2013-08-30 2016-08-23 Cavium, Inc. Method and apparatus for compilation of finite automata
US9563399B2 (en) 2013-08-30 2017-02-07 Cavium, Inc. Generating a non-deterministic finite automata (NFA) graph for regular expression patterns with advanced features
US9419943B2 (en) 2013-12-30 2016-08-16 Cavium, Inc. Method and apparatus for processing of finite automata
US9904630B2 (en) * 2014-01-31 2018-02-27 Cavium, Inc. Finite automata processing based on a top of stack (TOS) memory
US9602532B2 (en) 2014-01-31 2017-03-21 Cavium, Inc. Method and apparatus for optimizing finite automata processing
JP6421436B2 (ja) * 2014-04-11 2018-11-14 富士ゼロックス株式会社 不正通信検知装置及びプログラム
US10002326B2 (en) 2014-04-14 2018-06-19 Cavium, Inc. Compilation of finite automata based on memory hierarchy
US10110558B2 (en) 2014-04-14 2018-10-23 Cavium, Inc. Processing of finite automata based on memory hierarchy
US9438561B2 (en) 2014-04-14 2016-09-06 Cavium, Inc. Processing of finite automata based on a node cache
AU2017238633B2 (en) 2016-03-23 2022-04-21 Johnson Controls Tyco IP Holdings LLP Efficient state machines for real-time dataflow programming
US10033750B1 (en) * 2017-12-05 2018-07-24 Redberry Systems, Inc. Real-time regular expression search engine
JP6873032B2 (ja) * 2017-12-28 2021-05-19 株式会社日立製作所 通信監視システム、通信監視装置および通信監視方法
US10747525B2 (en) * 2018-03-09 2020-08-18 International Business Machines Corporation Distribution of a software upgrade via a network
CN113886482B (zh) * 2021-12-07 2022-03-08 北京华云安信息技术有限公司 面向图数据库的数据自动入库方法、装置和设备

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
RU2117388C1 (ru) * 1994-09-30 1998-08-10 Рикох Компани, Лтд. Способ и устройство кодирования и декодирования данных
WO2003023553A2 (en) * 2001-09-12 2003-03-20 Raqia Networks Inc. Method of generating a dfa state machine that groups transitions into classes in order to conserve memory
US20060120137A1 (en) * 2003-03-12 2006-06-08 Sensory Networks, Inc. Apparatus and method for memory efficient, programmable, pattern matching finite state machine hardware
EP1983717A1 (en) * 2007-04-20 2008-10-22 Juniper Networks, Inc. Network attack detection using partial deterministic finite automaton pattern matching
EP1986390A2 (en) * 2007-04-24 2008-10-29 Juniper Networks, Inc. Parallelized pattern matching using non-deterministic finite automata
US20080270764A1 (en) * 2007-04-30 2008-10-30 Mcmillen Robert James State machine compression

Family Cites Families (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3141428B2 (ja) 1990-06-29 2001-03-05 株式会社日立製作所 数値検索装置およびその方法
JP2921119B2 (ja) 1990-12-26 1999-07-19 株式会社日立製作所 数値検索装置および数値検索方法
US6839751B1 (en) * 1999-06-30 2005-01-04 Hi/Fn, Inc. Re-using information from data transactions for maintaining statistics in network monitoring
US20030149562A1 (en) * 2002-02-07 2003-08-07 Markus Walther Context-aware linear time tokenizer
US7085918B2 (en) * 2003-01-09 2006-08-01 Cisco Systems, Inc. Methods and apparatuses for evaluation of regular expressions of arbitrary size
US7685254B2 (en) 2003-06-10 2010-03-23 Pandya Ashish A Runtime adaptable search processor
JP4565064B2 (ja) 2003-12-25 2010-10-20 学校法人日本大学 高速マッチング法
US20050273450A1 (en) * 2004-05-21 2005-12-08 Mcmillen Robert J Regular expression acceleration engine and processing model
US20060085389A1 (en) * 2004-08-26 2006-04-20 Sensory Networks, Inc. Method for transformation of regular expressions
US7702629B2 (en) * 2005-12-02 2010-04-20 Exegy Incorporated Method and device for high performance regular expression pattern matching
US7725510B2 (en) 2006-08-01 2010-05-25 Alcatel-Lucent Usa Inc. Method and system for multi-character multi-pattern pattern matching
WO2008053762A1 (en) 2006-11-01 2008-05-08 Nec Corporation Information storing/retrieving method and device for state transition table, and program
US7962434B2 (en) 2007-02-15 2011-06-14 Wisconsin Alumni Research Foundation Extended finite state automata and systems and methods for recognizing patterns in a data stream using extended finite state automata
US7991723B1 (en) 2007-07-16 2011-08-02 Sonicwall, Inc. Data pattern analysis using optimized deterministic finite automaton
CN101499065B (zh) * 2008-02-01 2011-11-02 华为技术有限公司 基于fa的表项压缩方法及装置、表项匹配方法及装置
US8473523B2 (en) * 2008-10-31 2013-06-25 Cavium, Inc. Deterministic finite automata graph traversal with nodal bit mapping
US8219581B2 (en) * 2009-05-13 2012-07-10 Teradata Us, Inc. Method and system for analyzing ordered data using pattern matching in a relational database
US8504510B2 (en) * 2010-01-07 2013-08-06 Interdisciplinary Center Herzliya State machine compression for scalable pattern matching
US9305116B2 (en) * 2010-04-20 2016-04-05 International Business Machines Corporation Dual DFA decomposition for large scale regular expression matching
US8515891B2 (en) * 2010-11-19 2013-08-20 Microsoft Corporation Symbolic finite automata

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
RU2117388C1 (ru) * 1994-09-30 1998-08-10 Рикох Компани, Лтд. Способ и устройство кодирования и декодирования данных
WO2003023553A2 (en) * 2001-09-12 2003-03-20 Raqia Networks Inc. Method of generating a dfa state machine that groups transitions into classes in order to conserve memory
US20060120137A1 (en) * 2003-03-12 2006-06-08 Sensory Networks, Inc. Apparatus and method for memory efficient, programmable, pattern matching finite state machine hardware
EP1983717A1 (en) * 2007-04-20 2008-10-22 Juniper Networks, Inc. Network attack detection using partial deterministic finite automaton pattern matching
EP1986390A2 (en) * 2007-04-24 2008-10-29 Juniper Networks, Inc. Parallelized pattern matching using non-deterministic finite automata
US20080270764A1 (en) * 2007-04-30 2008-10-30 Mcmillen Robert James State machine compression

Also Published As

Publication number Publication date
EP2901643B1 (en) 2017-03-22
WO2014048488A1 (en) 2014-04-03
RU2015115889A (ru) 2016-11-20
IN2015DN01932A (enExample) 2015-08-07
US20150262009A1 (en) 2015-09-17
JP2015533243A (ja) 2015-11-19
JP6055548B2 (ja) 2016-12-27
EP2901643A1 (en) 2015-08-05
US9870502B2 (en) 2018-01-16

Similar Documents

Publication Publication Date Title
RU2608464C2 (ru) Устройство, способ и сетевой сервер для обнаружения структур данных в потоке данных
CN110597734B (zh) 一种适用于工控私有协议的模糊测试用例生成方法
CN112272123B (zh) 网络流量分析方法、系统、装置、电子设备和存储介质
US8458354B2 (en) Multi-pattern matching in compressed communication traffic
US9825841B2 (en) Method of and network server for detecting data patterns in an input data stream
US20100153420A1 (en) Dual-stage regular expression pattern matching method and system
WO2004107111A2 (en) Efficient representation of state transition tables
CN113315742A (zh) 攻击行为检测方法、装置及攻击检测设备
CN112532642B (zh) 一种基于改进Suricata引擎的工控系统网络入侵检测方法
CN113946546B (zh) 异常检测方法、计算机存储介质及程序产品
Wang et al. Using CNN-based representation learning method for malicious traffic identification
CN111680303B (zh) 漏洞扫描方法、装置、存储介质及电子设备
CN106254395B (zh) 一种数据过滤方法及系统
US10897401B2 (en) Determining the importance of network devices based on discovered topology, managed endpoints, and activity
CN112580345B (zh) 基于正则匹配的文本识别方法、文本识别装置和电子设备
CN112764791B (zh) 一种增量更新的恶意软件检测方法及系统
CN111080362A (zh) 广告监测系统及方法
CN115801928A (zh) 一种基于工业控制系统网络通信的工控协议解析方法
CN115168755A (zh) 基于url特征的异常数据处理方法及系统
CN101196910B (zh) 一种确定网络资源的方法和装置
CN110719260B (zh) 智能网络安全分析方法、装置及计算机可读存储介质
CN113472654B (zh) 一种网络流量数据转发方法、装置、设备及介质
CN110825924B (zh) 一种数据检测方法、装置及存储介质
CN112162872A (zh) 消息处理方法及装置、存储介质、电子装置
CN116208375A (zh) 异常流量的检测方法、装置和电子设备

Legal Events

Date Code Title Description
MM4A The patent is invalid due to non-payment of fees

Effective date: 20200929