Method and system for adaptive rule-based content scanners

  • US 8,225,408 B2
  • Filed: 08/30/2004
  • Issued: 07/17/2012
  • Est. Priority Date: 11/06/1997
  • Status: Expired due to Term
First Claim
Patent Images

1. A computer processor-based multi-lingual method for scanning incoming program code, comprising:

  • receiving, by a computer, an incoming stream of program code;

    determining, by the computer, any specific one of a plurality of programming languages in which the incoming stream is written;

    instantiating, by the computer, a scanner for the specific programming language, in response to said determining, the scanner comprising parser rules and analyzer rules for the specific programming language, wherein the parser rules define certain patterns in terms of tokens, tokens being lexical constructs for the specific programming language, and wherein the analyzer rules identify certain combinations of tokens and patterns as being indicators of potential exploits, exploits being portions of program code that are malicious;

    identifying, by the computer, individual tokens within the incoming stream;

    dynamically building, by the computer while said receiving receives the incoming stream, a parse tree whose nodes represent tokens and patterns in accordance with the parser rules;

    dynamically detecting, by the computer while said dynamically building builds the parse tree, combinations of nodes in the parse tree which are indicators of potential exploits, based on the analyzer rules; and

    indicating, by the computer, the presence of potential exploits within the incoming stream, based on said dynamically detecting.

View all claims

    Thank you for your feedback