Extension Model for Improved Parsing and Describing Protocols
First Claim
1. In a computing environment, a method comprising, parsing data, including arranging modules in a tree-like structure, in which a child module specifies a parent module and specifies a condition set containing at least one condition for when the parent module is to invoke the child module, the parent module parsing the data, evaluating the data to determine whether to invoke the child module, and if so, to invoke the child module when a corresponding condition is met.
2 Assignments
0 Petitions
Accused Products
Abstract
Described is a technology by which an engine parses data based upon modules arranged in a tree-like model structure. Only those modules that meet a condition with respect to the data are invoked for processing the data. Each child module specifies a parent module and specifies a condition for when the parent is to invoke the child module. As a module processes the data, if a child module'"'"'s specified condition is met, it invokes the corresponding child module, (which in turn may invoke a lower child if its condition is met, and so on). When the data corresponds to protocols, the model facilitates protocol layering. A top level parent may represent one protocol (e.g., TCP), a child beneath may represent a lower-layer protocol (e.g., HTTP), whose children may handle certain types of HTTP commands, or correspond to a signature that the child module is programmed to detect.
-
Citations
20 Claims
- 1. In a computing environment, a method comprising, parsing data, including arranging modules in a tree-like structure, in which a child module specifies a parent module and specifies a condition set containing at least one condition for when the parent module is to invoke the child module, the parent module parsing the data, evaluating the data to determine whether to invoke the child module, and if so, to invoke the child module when a corresponding condition is met.
- 10. In a computing environment, a system comprising, a parsing engine, and a tree-structured model comprising at least one parent module having at least one child module, the parsing engine accessing the tree-structured model to parse data, including invoking a parent module from a top-level module based upon a condition being met, the parent module providing processing for parsing the data and invoking a child module for further processing upon another condition being met.
-
18. One or more computer-readable media having computer-executable instructions, which when executed perform steps, comprising, parsing network traffic at an engine, including accessing a model having a top-level module, invoking a parent module from the top-level module upon a first condition corresponding to the network traffic being met, and invoking a child module to the parent module upon a second condition corresponding to the network traffic being met.
-
19. The one or more computer-readable media of claim wherein invoking the parent module comprises detecting a particular port corresponding to receiving the network traffic.
-
20. The one or more computer-readable media of claim wherein the child module corresponds to a signature, and wherein invoking a child module comprises processing the data via logic in the child module to determine if the data matches the signature.
Specification