Methods and system for simultaneous multiple rules checking
First Claim
Patent Images
1. A method for filtering network packets, the method comprising:
- receiving, with the network traffic appliance, a data string associated with one or more of the network packets and identifying one or more keywords in the data string;
iteratively examining, with the network traffic appliance, the one or more keywords in the data string against at least one rule keyword associated with each of a plurality of rules to determine whether the one or more keywords matches at least a portion of the at least one rule keyword for each of the plurality of rules, wherein each of the plurality of rules represents one or more network access policies;
updating, with the network traffic appliance, a counter associated with each of the plurality of rules for each of the one or more keywords that matches the at least a portion of the at least one rule keyword associated with each of the plurality of rules;
determining, with a network traffic appliance, whether the updated counter associated with each of the plurality of rules is equal to a preset matched keyword value for each of the plurality of rules;
writing, with the network traffic appliance, one or more of the plurality of rules into a list of satisfied rules associated with the data string when it is determined that the updated counter associated with the one or more of the plurality of rules is equal to the preset matched keyword value for the one or more of the plurality of rules; and
determining, with the network traffic appliance, whether to grant access of the one or more network packets to at least one server based on the list of satisfied rules.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for checking data against a plurality of rules simultaneously. A data string having keywords in the data string is received. All of the keywords in the data string are simultaneously examined against rule keywords using for example, a finite state machine constructed by the Aho-Corasick algorithm. The rule keyword represents at least one rule of the plurality of rules. It is determined which of the plurality of rules are satisfied by the data string based on whether each keyword matches the rule keywords. Such rules may be used for application such as negative security policies.
-
Citations
30 Claims
-
1. A method for filtering network packets, the method comprising:
-
receiving, with the network traffic appliance, a data string associated with one or more of the network packets and identifying one or more keywords in the data string; iteratively examining, with the network traffic appliance, the one or more keywords in the data string against at least one rule keyword associated with each of a plurality of rules to determine whether the one or more keywords matches at least a portion of the at least one rule keyword for each of the plurality of rules, wherein each of the plurality of rules represents one or more network access policies; updating, with the network traffic appliance, a counter associated with each of the plurality of rules for each of the one or more keywords that matches the at least a portion of the at least one rule keyword associated with each of the plurality of rules; determining, with a network traffic appliance, whether the updated counter associated with each of the plurality of rules is equal to a preset matched keyword value for each of the plurality of rules; writing, with the network traffic appliance, one or more of the plurality of rules into a list of satisfied rules associated with the data string when it is determined that the updated counter associated with the one or more of the plurality of rules is equal to the preset matched keyword value for the one or more of the plurality of rules; and determining, with the network traffic appliance, whether to grant access of the one or more network packets to at least one server based on the list of satisfied rules. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A non-transitory machine readable medium having stored thereon instructions for filtering network packets, comprising machine executable code which when executed by at least one processor, causes the processor to perform steps comprising:
-
receiving a data string associated with one or more of the network packets and identifying one or more keywords in the data string; iteratively examining the one or more keywords in the data string against at least one rule keyword associated with each of a plurality of rules to determine whether the one or more keywords matches at least a portion of the at least one rule keyword for each of the plurality of rules, wherein each of the plurality of the rules represents one or more network access policies; updating a counter associated with each of the plurality of rules for each of the one or more keywords that matches the at least a portion of the at least one rule keyword associated with each of the plurality of rules; determining whether the updated counter associated with each of the plurality of rules is equal to a preset matched keyword value for each of the plurality of rules; writing one or more of the plurality of rules into a list of satisfied rules associated with the data string when it is determined that the updated counter associated with the one or more of the plurality of rules is equal to the preset matched keyword value for the one or more of the plurality of rules; and determining whether to grant access of the one or more network packets to at least one server based on the list of satisfied rules. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A network traffic appliance for filtering network packets, the network traffic appliance comprising:
one or more processors and a network interface, at least one of the processors or the network interface configured to be capable of executing instructions to implement; receiving a data string associated with one or more of the network packets and identifying one or more keywords in the data string; iteratively examining the one or more keywords in the data string against at least one rule keyword associated with each of a plurality of rules to determine whether the one or more keywords matches at least a portion of the at least one rule keyword for each of the plurality of rules, wherein each of the plurality of the rules represents one or more network access policies; updating a counter associated with each of the plurality of rules for each of the one or more keywords that matches the at least a portion of the at least one rule keyword associated with each of the plurality of rules; determining whether the updated counter associated with each of the plurality of rules is equal to a preset matched keyword value for each of the plurality of rules; writing one or more of the plurality of rules into a list of satisfied rules associated with the data string when it is determined that the updated counter associated with the one or more of the plurality of rules is equal to the preset matched keyword value for the one or more of the plurality of rules; and determining whether to grant access of the one or more network packets to at least one server based on the list of satisfied rules. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
Specification