×

Method and an apparatus to perform multiple packet payloads analysis

  • US 7,600,257 B2
  • Filed: 10/13/2004
  • Issued: 10/06/2009
  • Est. Priority Date: 10/13/2004
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • receiving, by a network interface of a data security system, a plurality of data packets, each of the plurality of data packets containing a portion of a data pattern;

    determining, by a processor of the data security system, whether each of the plurality of data packets is out of order; and

    making and storing a local copy of the corresponding data packet in a storage device of the data security system if the corresponding data packet is out of order and at least one preceding packet of the corresponding data packet is not yet received;

    the processor performing pattern matching on the corresponding data packet against at least a portion of an attack pattern comprising a plurality of predetermined patterns if all preceding packets of the corresponding data packet, if any, have been received;

    the processor pointing a first pointer at a Deterministic Finite Automaton (DFA) of a plurality of DFAs representing the attack pattern such that each one of the plurality of DFAs represents a distinct one of the plurality of predetermined patterns, the DFA representing one of the plurality of predetermined patterns that is currently being matched, and the plurality of DFAs being arranged in a tree structure; and

    the processor pointing a second pointer at a node of the tree structure, the node corresponding to the one of the plurality of predetermined patterns that is currently being matched, and the node comprising the DFA.

View all claims
  • 22 Assignments
Timeline View
Assignment View
    ×
    ×