Systems and methods for accelerated pattern matching
First Claim
1. A computer-implemented method performed by a security service comprising a plurality of microservices, the method comprising:
- searching, by a deep packet inspection (DPI) microservice of the plurality of microservices, a data item using a first pattern matching table;
determining that one or more first patterns of the first pattern matching table exist in a first portion of the data item;
in response to determining that the one or more first patterns of the first pattern matching table exist in the first portion of the data item, selecting a second pattern matching table from a plurality of pattern matching tables;
searching a second portion of the data item for patterns using the second pattern matching table, wherein the second portion of the data item does not include the first portion of the data item;
determining that one or more second patterns of the second pattern matching table exist in the second portion of the data item; and
performing an action relative to the data item based at least in part on the determination that the one or more first patterns exist in the first portion of the data item and the one or more second patterns exist in the second portion of the data item.
4 Assignments
0 Petitions
Accused Products
Abstract
System, methods, and apparatuses enable a network security system to more efficiently perform pattern matching against data items. For example, the disclosed approaches may be used to improve the way in which a deep packet inspection (DPI) microservice performs pattern matching against data items (e.g., network traffic, files, email messages, etc.) in order to detect various types of network security threats (e.g., network intrusion attempts, viruses, spam, and other potential network security issues). A DPI microservice generally refers to an executable component of a network security system that monitors and performs actions relative to input data items for purposes related to computer network security.
11 Citations
30 Claims
-
1. A computer-implemented method performed by a security service comprising a plurality of microservices, the method comprising:
-
searching, by a deep packet inspection (DPI) microservice of the plurality of microservices, a data item using a first pattern matching table; determining that one or more first patterns of the first pattern matching table exist in a first portion of the data item; in response to determining that the one or more first patterns of the first pattern matching table exist in the first portion of the data item, selecting a second pattern matching table from a plurality of pattern matching tables; searching a second portion of the data item for patterns using the second pattern matching table, wherein the second portion of the data item does not include the first portion of the data item; determining that one or more second patterns of the second pattern matching table exist in the second portion of the data item; and performing an action relative to the data item based at least in part on the determination that the one or more first patterns exist in the first portion of the data item and the one or more second patterns exist in the second portion of the data item. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. One or more non-transitory computer-readable storage media storing instructions which, when executed by one or more hardware processors implementing a security service comprising a plurality of microservices, cause performance of:
-
searching, by a deep packet inspection (DPI) microservice of the plurality of microservices, a data item using a first pattern matching table; determining that one or more first patterns of the first pattern matching table exist in a first portion of the data item; in response to determining that the one or more first patterns of the first pattern matching table exist in the first portion of the data item, selecting a second pattern matching table from a plurality of pattern matching tables; searching a second portion of the data item for patterns using the second pattern matching table, wherein the second portion of the data item does not include the first portion of the data item; determining that one or more second patterns of the second pattern matching table exist in the second portion of the data item; and performing an action relative to the data item based at least in part on the determination that the one or more first patterns exist in the first portion of the data item and the one or more second patterns exist in the second portion of the data item. - View Dependent Claims (20, 21, 22, 23, 24)
-
-
25. An apparatus, comprising:
-
one or more hardware processors implementing a security service comprising a plurality of microservices; memory coupled to the one or more hardware processors, the memory storing instructions which, when executed by the one or more hardware processors, causes a deep packet inspection (DPI) microservice of the plurality of microservices to; search a data item using a first pattern matching table; determine that one or more first patterns of the first pattern matching table exist in a first portion of the data item; in response to determining that the one or more first patterns of the first pattern matching table exist in the first portion of the data item, select a second pattern matching table from a plurality of pattern matching tables; search a second portion of the data item for patterns using the second pattern matching table, wherein the second portion of the data item does not include the first portion of the data item determine that one or more second patterns of the second pattern matching table exist in the second portion of the data item; and perform an action relative to the data item based at least in part on the determination that the one or more first patterns exist in the first portion of the data item and the one or more second patterns exist in the second portion of the data item. - View Dependent Claims (26, 27, 28, 29, 30)
-
Specification