Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Matching rule engine supporting combined expression of multivariate protocol variables

An expression and rule technology, applied in the field of information and information security, can solve problems such as the inability to determine the loading of constant strings, the inability to directly embed constant data strings, and the inability to satisfy multi-variable protocol variable combination rule matching, etc.

Pending Publication Date: 2020-08-25
江苏省互联网行业管理服务中心 +1
View PDF6 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

When multiple protocol variables need to be combined for detection, because each protocol variable is not in the same continuous address space, the extended Berkeley packet filtering technology program cannot be executed correctly
[0012] In the existing technology, the extended Berkeley packet filtering technology program cannot determine which address the constant string will be loaded into the memory in the future when compiling, so it is stipulated that the constant data string cannot be directly embedded in the source code of the ebpf program, including: character strings, regular expressions and binary strings and mixed character and binary strings
However, it is often necessary to input a keyword string or a regular expression string or a binary string to be matched in a security matching rule, which results in the prior art's extended Berkeley packet filtering technology mechanism being unable to meet the rule matching requirements of multiple protocol variable combinations

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Matching rule engine supporting combined expression of multivariate protocol variables

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0048] see figure 1 The matching rule engine that realizes the combination expression that supports multiple protocol variables that the present invention provides is made up of rule definer 1, lexical analyzer 2, syntax analyzer 3, compiler 4 and binary code generator 5; Rule definer is made up of rule input It consists of a device, a rule detection engine and a rule output device;

[0049] The rule input device 10 receives the rule text input from the computer input device, and when the rule text conforms to the rule specification defined by the rule detection engine 11, the rule detection engine 11 converts the rule text into a compiler text that the instant compiler can recognize according to the rule specification , the compiler text is stored as pre-compiled text by the rule output device 12; when the rule text does not meet the rule specification defined by the rule detection engine 11, the rule detection engine 11 outputs the rule specification to the computer output d...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a matching rule engine supporting a combined expression of multivariate protocol variables, and relates to the technical field of information. The matching rule engine is composed of a rule definition device, a lexical parser, a grammar parser, a compiler and a binary code generator. The rule definition device is composed of a rule input device, a rule detection engine anda rule output device. According to the matching rule engine, an extended Berkeley packet filtering technology is improved, so that rule grammar of the matching rule engine can be customized, and function nesting calling, function variable reference, cache range offset and nesting expression evaluation are supported. According to the matching rule engine, the JIT technology is adopted, dynamic compilation is carried out into machine code operation, the execution efficiency can be comparable to that of a C program, and good system portability is achieved.

Description

technical field [0001] The present invention relates to the field of information technology, especially the field of information security technology. Background technique [0002] With the rapid development of network communication technology and information technology, the Internet has penetrated into all areas of people's work, study and life. While the Internet is profoundly changing people's real life, it also brings unprecedented problems of network security and information security. At present, the global network security situation is extremely severe. Network threats such as network attacks, infiltration and privilege escalation, viruses, Trojan horses, extortion and extortion are increasingly rampant, and network attacks represented by APT are increasing; personal information and commercial data are subject to large-scale leakage and violations. Taking advantage of the frequent occurrence of malicious website attacks targeting critical information infrastructure, th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F9/455G06F8/41G06F8/76H04L29/06
CPCG06F9/45516G06F9/45512G06F8/427G06F8/425G06F8/76H04L63/0263H04L63/1441H04L63/20
Inventor 蔡蓓蓓王林汝唐威林飞毛华阳古元
Owner 江苏省互联网行业管理服务中心
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com