专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07613669B2 Method and apparatus for storing pattern matching data and pattern matching method using the same 有权
标题翻译：用于存储模式匹配数据的方法和装置以及使用其的模式匹配方法
公开(公告)号：US07613669B2
公开(公告)日：2009-11-03
申请号：US11453954
申请日：2006-06-14
申请人： Seung Won Shin , Jin Tae Oh , Jong Soo Jang , Sung Won Sohn
发明人： Seung Won Shin , Jin Tae Oh , Jong Soo Jang , Sung Won Sohn
IPC分类号： G06N5/02 , G06F9/26 , G06F9/34 , G06F7/00 , G06F17/30
CPC分类号： G06F21/56 , G06F17/30949 , G06F21/55 , G06F21/567 , G06K9/62 , Y10S707/99936
摘要： A method and apparatus for storing pattern matching data and a pattern matching method using the method and apparatus are provided. The method of storing original data for pattern matching in a pattern matching apparatus includes: dividing the original data into segments of a predetermined size; performing a hash operation on each of the divided segments; determining whether or not the hash operation value of each segment causes a hash collision with a hash operation value stored in a first external memory disposed outside the pattern matching apparatus; and controlling the hash operation value of each segment determined not to cause a hash collision to be stored in the first external memory. According to the method and apparatus, the original data desired to be used for pattern matching can be stored at a faster speed in a pattern matching data storing apparatus.
摘要翻译：提供一种用于存储模式匹配数据的方法和装置以及使用该方法和装置的模式匹配方法。在模式匹配装置中存储用于模式匹配的原始数据的方法包括：将原始数据划分成预定大小的段; 对每个分割的段执行散列操作; 确定每个段的散列操作值是否与存储在布置在模式匹配装置外部的第一外部存储器中的散列操作值引起哈希冲突; 并且将被确定为不引起散列冲突的每个段的散列操作值控制在第一外部存储器中。根据该方法和装置，可以在模式匹配数据存储装置中以更快的速度存储期望用于模式匹配的原始数据。

2. 发明授权

US07433357B2 Apparatus and method for performing header lookup based on sequential lookup 有权
标题翻译：基于顺序查找执行标题查找的装置和方法
公开(公告)号：US07433357B2
公开(公告)日：2008-10-07
申请号：US10993606
申请日：2004-11-19
申请人： Jintae Oh , Seung Won Shin , Ki Young Kim , Jong Soo Jang , Sung Won Sohn
发明人： Jintae Oh , Seung Won Shin , Ki Young Kim , Jong Soo Jang , Sung Won Sohn
IPC分类号： H04L12/50
CPC分类号： H04L45/00 , H04L45/54 , H04L45/62
摘要： An apparatus and method for performing packet header lookup based on sequential lookup is provided. A header analyzer separates a header from a packet received via a network and outputs a lookup sequence. A unit lookup unit looks up matching the header combination rules with each field to be analyzed and input from the header analyzer based on the lookup sequence input from the header analyzer and outputs a match signal and a match address. A rule combination memory stores identification information for the header combination rules. A sequence combination memory stores lookup sequence information and sequence combination information. A rule combination unit generates match results based on the match signal input from the unit lookup unit and data read from the rule combination memory and the sequence combination memory.
摘要翻译：提供了一种用于基于顺序查找来执行分组报头查找的装置和方法。报头分析器将报头与经由网络接收的分组分离，并输出查找序列。单元查找单元根据从标题分析器输入的查找序列查找与标题组合规则与要分析的每个字段和从标题分析器输入的匹配，并输出匹配信号和匹配地址。规则组合存储器存储标题组合规则的标识信息。序列组合存储器存储查找序列信息和序列组合信息。规则组合单元基于从单元查找单元输入的匹配信号和从规则组合存储器和序列组合存储器读取的数据产生匹配结果。

3. 发明授权

US07571477B2 Real-time network attack pattern detection system for unknown network attack and method thereof 有权
标题翻译：用于未知网络攻击的实时网络攻击模式检测系统及其方法
公开(公告)号：US07571477B2
公开(公告)日：2009-08-04
申请号：US11088975
申请日：2005-03-24
申请人： Jintae Oh , Seung Won Shin , Ki Young Kim , Jong Soo Jang , Sung Won Sohn
发明人： Jintae Oh , Seung Won Shin , Ki Young Kim , Jong Soo Jang , Sung Won Sohn
IPC分类号： G06F21/00
CPC分类号： H04L63/1408
摘要： In a real-time network attack pattern detection system and method, a common pattern is detected in real time from packets, which are suspected to be a network attack such as Worm, to effectively block the attack. The system includes: a suspicious packet detector for classifying a suspicious attack packet from all input packets; a first data delaying unit for receiving the input packet from the suspicious packet detector to output an one-clock delayed data; a second data delaying unit for receiving an output signal from the first data delaying unit to output an one-clock delayed data; a hash key generator for receiving an output data of the suspicious packet detector, an output data of the first data delaying unit and an output data of the second data delaying unit to generate a hash key; a hash table for storing a lookup result obtained by the hash key generated from the hash key generator; and an existence & hit checker for checking the lookup result of the hash table.
摘要翻译：在实时网络攻击模式检测系统和方法中，从被怀疑是网络攻击（如蠕虫）的数据包实时检测到一个共同的模式，以有效地阻止攻击。该系统包括：可疑包检测器，用于从所有输入分组中分类可疑攻击包; 第一数据延迟单元，用于从可疑分组检测器接收输入分组以输出一个时钟延迟的数据; 第二数据延迟单元，用于从第一数据延迟单元接收输出信号以输出一个时钟延迟的数据; 散列密钥发生器，用于接收可疑包检测器的输出数据，第一数据延迟单元的输出数据和第二数据延迟单元的输出数据以产生散列密钥; 哈希表，用于存储通过从所述散列密钥发生器生成的散列密钥获得的查找结果; 以及用于检查哈希表的查找结果的存在和命中检查器。

4. 发明授权

US07565693B2 Network intrusion detection and prevention system and method thereof 有权
标题翻译：网络入侵检测和预防系统及其方法
公开(公告)号：US07565693B2
公开(公告)日：2009-07-21
申请号：US11023384
申请日：2004-12-29
申请人： Seung Won Shin , Jintae Oh , Ki Young Kim , Jong Soo Jang , Sung Won Sohn
发明人： Seung Won Shin , Jintae Oh , Ki Young Kim , Jong Soo Jang , Sung Won Sohn
IPC分类号： G06F11/00
CPC分类号： H04L63/1416 , H04L63/12 , H04L69/22
摘要： The present invention relates to a network intrusion detection and prevention system. The system includes: a signature based detecting device; an anomaly behavior based detecting device; and a new signature creating and verifying device disposed between the signature based detecting device and the anomaly behavior based detecting device, wherein if the anomaly behavior based detecting device detects network-attack-suspicious packets, the new signature creating and verifying device collects and searches the detected suspicious packets for common information, and then creates a new signature on the basis of the searched common information and at the same time, verifies whether or not the created new signature is applicable to the signature based detecting device, and then registers the created new signature to the signature based detecting device if it is determined that the created new signature is applicable.
摘要翻译：本发明涉及网络入侵检测和预防系统。该系统包括：基于签名的检测装置; 基于异常行为的检测装置; 以及设置在基于签名的检测装置和基于异常行为的检测装置之间的新的签名创建和验证装置，其中如果基于异常行为的检测装置检测到网络攻击可疑包，则新的签名创建和验证装置收集并搜索检测出公用信息的可疑包，然后根据搜索到的公共信息创建新的签名，同时验证创建的新签名是否适用于基于签名的检测装置，然后注册创建的新的如果确定所创建的新签名是可应用的，则签名到基于签名的检测设备。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式