System security approaches using multiple processing units
First Claim
1. A method for monitoring a plurality of data units, comprising:
- performing a set of tasks by a first processing unit prior to identifying a set of suspected data units out of said plurality of said data units by a second processing unit, wherein said set of said tasks includes;
identifying a plurality of patterns from the content of said plurality of said data units;
splitting a regular expression that corresponds to said patterns into a plurality of sub-expressions; and
causing the maintenance of dependency relationships among a plurality of finite automata that correspond to said sub-expressions; and
identifying said set of said suspected data units by moving said plurality of said data units through said finite automata in a sequence specified by said dependency relationships, wherein the content of said set of said suspected data units collectively matches any of said patterns by merging results from said finite automata.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for ensuring system security is disclosed. The method and system utilize a first processing unit to split a regular expression that corresponds to a number of patterns into sub-expressions and maintain the dependency relationships among the finite automata that correspond to the sub-expressions. Then, the method and system utilize a second processing unit to move the data units through these finite automata in a sequence that is based on the dependency relationships to identify the suspected data units. The suspected data units are the ones containing content that collectively matches one or more of the aforementioned patterns. Identification of the suspected data units is based on the merged results of the finite automata.
48 Citations
24 Claims
-
1. A method for monitoring a plurality of data units, comprising:
-
performing a set of tasks by a first processing unit prior to identifying a set of suspected data units out of said plurality of said data units by a second processing unit, wherein said set of said tasks includes;
identifying a plurality of patterns from the content of said plurality of said data units;
splitting a regular expression that corresponds to said patterns into a plurality of sub-expressions; and
causing the maintenance of dependency relationships among a plurality of finite automata that correspond to said sub-expressions; and
identifying said set of said suspected data units by moving said plurality of said data units through said finite automata in a sequence specified by said dependency relationships, wherein the content of said set of said suspected data units collectively matches any of said patterns by merging results from said finite automata. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for monitoring a plurality of data units, comprising:
-
first processing means for performing a set of tasks prior to identifying a set of suspected data units out of said plurality of said data units by a second processing means, wherein said set of said tasks includes;
identifying a plurality of patterns from the content of said plurality of said data units;
splitting a regular expression that corresponds to said patterns into a plurality of sub-expressions; and
causing the maintenance of dependency relationships among a plurality of finite automata that correspond to said sub-expressions;
second processing means for identifying said set of said suspected data units by moving said plurality of said data units through said finite automata in a sequence specified by said dependency relationships, wherein the content of said set of said suspected data units collectively matches any of said patterns by merging results from said finite automata. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system for monitoring a plurality of data units, comprising:
-
a distribution engine;
a processing unit, coupled to said distribution engine;
a content inspection engine, coupled to said distribution engine and said processing unit;
a memory controller, coupled to said distribution engine, said processing unit, and said content inspection engine, wherein;
said processing unit performs a set of tasks prior to identifying a set of suspected data units out of said plurality of said data units by said content inspection engine, wherein said set of said tasks includes;
identifying a plurality of patterns from the content of said plurality of said data units;
splitting a regular expression that corresponds to said patterns into a plurality of sub-expressions; and
causing said memory controller to maintain dependency relationships among a plurality of finite automata that correspond to said sub-expressions; and
said content inspection engine identifies said set of said suspected data units by moving said plurality of said data units through said finite automata in a sequence specified by said dependency relationships, wherein the content of said set of said suspected data units collectively matches any of said patterns by merging results from said finite automata. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A system for monitoring a plurality of data units, comprising:
-
a general purpose processor;
a content inspection co-processor directly or indirectly coupled to said general purpose processor, wherein said content inspection co-processor further includes;
a distribution engine;
a content inspection engine, coupled to said distribution engine;
a memory controller, coupled to said distribution engine and said content inspection engine, wherein;
said general purpose processor performs a set of tasks prior to identifying a set of suspected data units out of said plurality of said data units by said content inspection engine, wherein said set of said tasks includes;
identifying a plurality of patterns from the content of said plurality of said data units;
splitting a regular expression that corresponds to said patterns into a plurality of sub-expressions; and
causing said memory controller to maintain dependency relationships among a plurality of finite automata that correspond to said sub-expressions; and
said content inspection engine identifies said set of said suspected data units by moving said plurality of said data units through said finite automata in a sequence specified by said dependency relationships, wherein the content of said set of said suspected data units collectively matches any of said patterns by merging results from said finite automata. - View Dependent Claims (20, 21, 22, 23, 24)
-
Specification