Method and apparatus for performing complex pattern matching in a data stream within a computer network
First Claim
1. An apparatus for performing complex pattern matching in a data stream within a computer network, said apparatus comprising:
- a serial array register for receiving a data stream; and
a content-addressable memory (CAM), coupled to said serial array register, for performing comparison operations between a data pattern within said serial array register and a plurality of CAM entries within said CAM, wherein said plurality of CAM entries includes a k-byte pattern of concatenated with an n-byte mask, wherein the positions of said k-byte pattern and n-byte mask in each of said plurality of CAM entries offset from other CAM entries by an offset.
1 Assignment
0 Petitions
Accused Products
Abstract
An apparatus for performing complex pattern matching in a data stream within a computer network is disclosed. The apparatus includes a serial array register and a content-addressable memory (CAM). The CAM includes multiple CAM entries, and each of the CAM entries includes a k-byte pattern concatenated with an n-byte mask. The positions of the k-byte pattern and n-byte mask in each of the CAM entries offset from those in other CAM entries by one byte. Preferably, the k-byte pattern is each of the CAM entries represents a known computer virus pattern. After the capture of a data pattern from a data stream by the serial array register, the CAM register performs a comparison operation between the captured data pattern and all the CAM entries. If there is a match between the captured data pattern and one of the CAM entries, the CAM signals that the data stream contains information that are potentially harmful to the computer network.
-
Citations
9 Claims
-
1. An apparatus for performing complex pattern matching in a data stream within a computer network, said apparatus comprising:
-
a serial array register for receiving a data stream; and
a content-addressable memory (CAM), coupled to said serial array register, for performing comparison operations between a data pattern within said serial array register and a plurality of CAM entries within said CAM, wherein said plurality of CAM entries includes a k-byte pattern of concatenated with an n-byte mask, wherein the positions of said k-byte pattern and n-byte mask in each of said plurality of CAM entries offset from other CAM entries by an offset. - View Dependent Claims (2, 3)
-
-
4. An apparatus for performing complex pattern matching in a data stream within a computer network, said apparatus comprising:
-
a serial array register for receiving a data stream; and
a content-addressable memory (CAM), coupled to said serial array register, for performing comparison operations between a data pattern within said serial array register and a plurality of CAM entries within said CAM, wherein said plurality of CAM entries are divided into multiple groups, each group includes a pattern of variable width concatenated with a mask of variable width, wherein the positions of said variable width pattern and said variable width mask in each CAM entries within each of said groups offset from other CAM entries within said each of said groups by an offset, wherein the total width of said variable width pattern and said variable width mask are identical within each of said groups. - View Dependent Claims (5, 6)
-
-
7. A method for performing complex pattern matching in a data stream within a computer network, said method comprising:
-
receiving a data stream by a serial array register; and
performing comparison operations between a data pattern within said received data stream and a plurality of content-addressable memory (CAM) entries within a CAM, wherein said plurality of CAM entries includes a k-byte pattern concatenated with an n-byte mask, wherein the positions of said k-byte pattern and n-byte mask in each of said plurality of CAM entries offset from other CAM entries by an offset. - View Dependent Claims (8, 9)
-
Specification
-
- Resources
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsLingafelt, Charles Steven, Davis, Gordon Taylor, Strole, Norman Clark
-
Application NumberUS10/395,722Publication NumberTime in Patent OfficeDaysField of SearchUS Class Current370/389CPC Class CodesH04L 63/145 the attack involving the pr...
