System security approaches using sub-expression automata
First Claim
1. A method, comprising:
- splitting a regular expression that corresponds to a plurality of patterns into a plurality of sub-expressions;
maintaining dependency relationships among a plurality of finite automata that correspond to said sub-expressions with initial state information and final state information of each of said finite automata;
putting a plurality of data units through said finite automata in a sequence that is based on said dependency relationships, said initial state information, and said final state information;
identifying a set of suspected data units out of said plurality of said data units, wherein the content of said set of said suspected data units collectively matches any of said plurality of said patterns; and
performing an action based on the result of said identifying of said set of said suspected data units.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for ensuring system security is disclosed. The method and system split a regular expression that corresponds to a number of patterns into sub-expressions. The dependency relationships among the finite automata that correspond to the sub-expressions are maintained. Then, as data units are put through these finite automata in a sequence that is based on the dependency relationships, suspected data units are identified. The suspected data units are the ones containing content that collectively matches one or more of the aforementioned patterns. Identification of the suspected data units is based on the merged results of the finite automata. Depending on the result of identifying the suspected data units, different actions are performed.
-
Citations
50 Claims
-
1. A method, comprising:
-
splitting a regular expression that corresponds to a plurality of patterns into a plurality of sub-expressions;
maintaining dependency relationships among a plurality of finite automata that correspond to said sub-expressions with initial state information and final state information of each of said finite automata;
putting a plurality of data units through said finite automata in a sequence that is based on said dependency relationships, said initial state information, and said final state information;
identifying a set of suspected data units out of said plurality of said data units, wherein the content of said set of said suspected data units collectively matches any of said plurality of said patterns; and
performing an action based on the result of said identifying of said set of said suspected data units. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-readable medium containing one or more sequences of instructions for ensuring system security, which instructions, when executed by one or more processors, cause the one or more processors to:
-
split a regular expression that corresponds to a plurality of patterns into a plurality of sub-expressions;
maintain dependency relationships among a plurality of finite automata that correspond to said sub-expressions with initial state information and final state information of each of said finite automata;
put a plurality of data units through said finite automata in a sequence that is based on said dependency relationships, said initial state information, and said final state information;
identify a set of suspected data units out of said plurality of said data units, wherein the content of said set of said suspected data units collectively matches any of said plurality of said patterns; and
perform an action based on the result of said identifying of said set of said suspected data units. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A method, comprising:
-
splitting a regular expression that corresponds to a plurality of patterns into a plurality of sub-expressions;
maintaining dependency relationships among a plurality of finite automata that correspond to said sub-expressions;
putting a plurality of data units through said finite automata in a sequence that is based on said dependency relationships;
identifying a set of suspected data units out of said plurality of said data units, wherein the content of said set of said suspected data units collectively matches any of said plurality of said patterns by merging results from said finite automata; and
performing an action based on the result of said identifying of said set of said suspected data units. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
-
24. A system, comprising:
-
means for splitting a regular expression that corresponds to a plurality of patterns into a plurality of sub-expressions;
means for maintaining dependency relationships among a plurality of finite automata that correspond to said sub-expressions;
means for putting a plurality of data units through said finite automata in a sequence that is based on said dependency relationships;
means for identifying a set of suspected data units out of said plurality of said data units, wherein the content of said set of said suspected data units collectively matches any of said plurality of said patterns by merging results from said finite automata; and
means for performing an action based on the result of said identifying of said set of said suspected data units. - View Dependent Claims (25, 26, 27, 28)
-
-
29. A system, comprising:
-
means for splitting a regular expression that corresponds to a plurality of patterns into a plurality of sub-expressions;
means for maintaining dependency relationships among a plurality of finite automata that correspond to said sub-expressions with initial state information and final state information of each of said finite automata;
means for putting a plurality of data units through said finite automata in a sequence that is based on said dependency relationships, said initial state information, and said final state information;
means for identifying a set of suspected data units out of said plurality of said data units, wherein the content of said set of said suspected data units collectively matches any of said plurality of said patterns; and
means for performing an action based on the result of said identifying of said set of said suspected data units. - View Dependent Claims (30, 31, 32)
-
-
33. A system, comprising:
-
a processor, a bus, coupled to said processor, a communication interface, coupled to said bus, wherein said communication interface receives a plurality of data units, a main memory, coupled to the bus, wherein said memory includes instructions when executed by said processor, causes said processor to;
split a regular expression that corresponds to a plurality of patterns into a plurality of sub-expressions;
maintain dependency relationships among a plurality of finite automata that correspond to said sub-expressions;
put said plurality of said data units through said finite automata in a sequence that is based on said dependency relationships;
identify a set of suspected data units out of said plurality of said data units, wherein the content of said set of said suspected data units collectively matches any of said plurality of said patterns by merging results from said finite automata; and
perform an action based on the result of said identifying of said set of said suspected data units. - View Dependent Claims (34, 35, 36, 37)
-
-
38. A system, comprising:
-
a processor, a bus, coupled to said processor, a communication interface, coupled to said bus, wherein said communication interface receives a plurality of data units, a main memory, coupled to the bus, wherein said memory includes instructions that when executed by said processor, cause said processor to;
split a regular expression that corresponds to a plurality of patterns into a plurality of sub-expressions;
maintain dependency relationships among a plurality of finite automata that correspond to said sub-expressions with initial state information and final state information of each of said finite automata;
put a plurality of data units through said finite automata in a sequence that is based on said dependency relationships, said initial state information, and said final state information;
identify a set of suspected data units out of said plurality of said data units, wherein the content of said set of said suspected data units collectively matches any of said plurality of said patterns; and
perform an action based on the result of said identifying of said set of said suspected data units. - View Dependent Claims (39, 40, 41)
-
-
42. A system, comprising:
-
a processor, a co-processor unit, electrically coupled to said processor, wherein said co-processor unit;
splits a regular expression that corresponds to a plurality of patterns into a plurality of sub-expressions;
maintains dependency relationships among a plurality of finite automata that correspond to said sub-expressions;
puts a plurality of data units that said system receives through said finite automata in a sequence that is based on said dependency relationships;
identifies a set of suspected data units out of said plurality of said data units, wherein the content of said set of said suspected data units collectively matches any of said plurality of said patterns by merging results from said finite automata; and
performs an action based on the result of said identifying of said set of said suspected data units. - View Dependent Claims (43, 44, 45, 46)
-
-
47. A system, comprising:
-
a processor, a co-processor unit, electrically coupled to said processor, wherein said co-processor unit;
splits a regular expression that corresponds to a plurality of patterns into a plurality of sub-expressions;
maintains dependency relationships among a plurality of finite automata that correspond to said sub-expressions with initial state information and final state information of each of said finite automata;
puts a plurality of data units that said system receives through said finite automata in a sequence that is based on said dependency relationships, said initial state information, and said final state information;
identifies a set of suspected data units out of said plurality of said data units, wherein the content of said set of said suspected data units collectively matches any of said plurality of said patterns; and
performs an action based on the result of said identifying of said set of said suspected data units. - View Dependent Claims (48, 49, 50)
-
Specification