A firewall rule matching algorithm based on feature value generation and retrieval

A matching algorithm and eigenvalue technology, applied in the field of information security, can solve problems such as unstable performance, and achieve the effects of improving performance, improving matching efficiency, improving processing throughput and response performance

Active Publication Date: 2019-05-07
G CLOUD TECH
View PDF5 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The disadvantage of this type of algorithm is that it relies on the statistics of historical matching numbers, the characteristics of the data to be processed and the matching statistics; therefore, the performance is unstable; the advantage is that the implementation is very simple

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A firewall rule matching algorithm based on feature value generation and retrieval
  • A firewall rule matching algorithm based on feature value generation and retrieval
  • A firewall rule matching algorithm based on feature value generation and retrieval

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0034] The invention is divided into two parts, the first part is a processing method for the rule set, and the second part is a method for matching data packets based on the rule set generated by the first part processing. The firewall described in the present invention refers to a device, system or device that performs rule matching on data according to preset or automatically generated rules and executes preset policies, covering web firewalls, traditional network firewalls, database firewalls, and special application layers Firewall etc. The data matching algorithm and related algorithm processing flow described in the present invention are applicable to all of them. The following description takes the network firewall as an example by default.

[0035] figure 1 is a flowchart of firewall rule set processing. The method includes:

[0036] S10: Input and initialize a rule set.

[0037] Input and initialize the rule set, including clearing the rules with repetitive sema...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a firewall rule matching algorithm based on feature value generation and retrieval. The method comprises the steps of rule set processing and data packet matching. Wherein therule set processing comprises the steps of inputting and initializing a rule set, producing a characteristic value for each rule, and sorting the characteristic values based on the digital size of the rule characteristic values; Wherein the step of matching the data packets comprises the sub-steps of generating characteristic values for the to-be-matched data packets; Carrying out binary search on the generated characteristic values in the rule characteristic value set; If a consistent characteristic value is found, executing a strategy corresponding to the rule; If the data packet cannot befound, matching a rule characteristic value which is greater than the characteristic value of the data packet upwards; Searching a rule matched with the characteristic value of the data packet; If yes, executing a strategy set by the rule, and if not, executing a default strategy. The invention provides a firewall rule matching algorithm which is excellent in performance, controllable in space complexity and friendly to increase and decrease rules.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a firewall rule matching algorithm based on characteristic value generation and retrieval. Background technique [0002] In the Internet and information age, organizations and individuals are generating and requesting large amounts of data all the time. The data is transmitted interactively through the network, and a large amount of malicious information is hidden in it. As an important means and facility to ensure network security, firewall plays an indispensable role. One of the core working principles of a firewall device is to check, match and process past data packets according to preset or learned rules. Among them, communication data matching performance becomes the key to affect firewall network throughput and response speed. High-performance packet matching strategies and algorithms are of great significance to optimize the network performance of firewall...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
Inventor 韩飞季统凯
Owner G CLOUD TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap