CN1232922C - Method for improving fire wall performance - Google Patents
Method for improving fire wall performanceDownload PDFInfo
- Publication number
- CN1232922C CN1232922CCN 02104228CN02104228ACN1232922CCN 1232922 CCN1232922 CCN 1232922CCN 02104228CN02104228CN 02104228CN 02104228 ACN02104228 ACN 02104228ACN 1232922 CCN1232922 CCN 1232922C
- Authority
- CN
- China
- Prior art keywords
- node
- network
- address
- rule
- source
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034methodMethods0.000titleclaimsabstractdescription32
- 238000004458analytical methodMethods0.000claimsabstractdescription7
- 230000009471actionEffects0.000claimsdescription16
- 230000003068static effectEffects0.000claimsdescription9
- 238000006243chemical reactionMethods0.000claimsdescription8
- 238000005538encapsulationMethods0.000claimsdescription8
- 238000007689inspectionMethods0.000claimsdescription5
- 230000008859changeEffects0.000claimsdescription4
- 238000002203pretreatmentMethods0.000claimsdescription4
- 230000008929regenerationEffects0.000claimsdescription4
- 238000011069regeneration methodMethods0.000claimsdescription4
- 230000008569processEffects0.000claimsdescription3
- 235000010425Sorbus domesticaNutrition0.000claimsdescription2
- 240000005332Sorbus domesticaSpecies0.000claimsdescription2
- 230000015572biosynthetic processEffects0.000claimsdescription2
- 230000000875corresponding effectEffects0.000abstractdescription8
- 238000001914filtrationMethods0.000abstractdescription8
- 238000007781pre-processingMethods0.000abstract1
- 238000007726management methodMethods0.000description4
- 230000000694effectsEffects0.000description2
- 239000000284extractSubstances0.000description2
- 230000006870functionEffects0.000description2
- 230000008676importEffects0.000description2
- 230000004048modificationEffects0.000description2
- 238000012986modificationMethods0.000description2
- 238000011282treatmentMethods0.000description2
- 238000012550auditMethods0.000description1
- 230000007423decreaseEffects0.000description1
- 238000010586diagramMethods0.000description1
- 238000005516engineering processMethods0.000description1
- 238000009472formulationMethods0.000description1
- 210000001503jointAnatomy0.000description1
- 238000004519manufacturing processMethods0.000description1
- 238000013507mappingMethods0.000description1
- 239000000203mixtureSubstances0.000description1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
Technical field
The present invention relates to firewall security model in the computer network system,, improve the forward efficiency of fire wall by utilization to fire wall hyperspace model and method for fast searching.
Background technology
Existing firewall package filtering rule generally is to take action according to some parameters such as ip source address, ip destination address, service port number, user's sign, time etc., as receiving, abandoning, and perhaps network address translation etc.Fire wall is stored rule in order, when the filtering data bag, according to the header packet information that extracts in the packet (ip source address, ip destination address, source port, destination interface) the n bar rule with fire wall contrasts one by one, up to finding certain bar rule information matches in the packet therewith, can use this rule this moment, takes certain action, not through optimizing, average length of search is (n+1)/2 to this method for search procedure.There is the following shortcoming in existing fire wall: sequential search efficient is slow, and when regular number increased, forward efficiency descended; The search rule complexity is o (N) (N is a simple rule bar number) or the like.
Summary of the invention
The present invention improves firewall security rule treatments speed and throughput by a kind of method of improving the firewall security regular weaves.Method of the present invention is represented above-mentioned traditional parameters on hyperspace, and action can be abstracted into the Function Mapping on hyperspace.Action=f (x1, x2 ...., xn) x1 wherein, x2 ...., the independent variable of xn on hyperspace, representing, action is a functional value, in order to represent one group of specific action.Spatial model method and classic method rule treatments ability comparison search rule complexity are o (logN) (N is a simple rule bar number).The present invention reorganizes packet filtering rules, forms one tree; The semantic structure tree is launched firewall rule in hyperspace, make total rule searching calculated amount decline to a great extent, and computation complexity is reduced to o (logN).
Description of drawings
Fig. 1 is a kind of typical network environment
Fig. 2 is the process flow diagram of method that the formed search rule according to the present invention is searched
Embodiment
Describe the present invention below in conjunction with specific embodiment and relevant drawings.The production method of safety rule tree of having used the hyperspace model is as follows: 1) user imports the security strategy step; 2) pre-treatment step that the safety rule of user's input is carried out spatial division, syntax check, semantic analysis.3), generate security strategy semantic structure tree, and install to the generation step of going in the core down to compiling, optimize through pretreated rule list.4) step that the firewall security policy that generates is as stated above inquired about.Network environment among Fig. 1 is to have disposed the representative network applied environment of cygergate2.0, and the in-house network user can visit dns service, the www service in DMZ district, can visit internet; User on the internet can visit the service that the DMZ district provides.On the fire wall main frame, extranets there are three legal IP address, be respectively to be used for the externally 159.226.232.254 of visit of user, be used for the 159.226.232.73 of domain name service and the 159.226.232.116 that serves as web, in-house network and DMZ respectively there is a local I P address, be respectively 172.16.1.222 (in-house network), 172.16.9.222 (DMZ).Generally speaking, allow following several visits in the example of Fig. 1:
1. extranets are visited the server of DMZ, and the user who is specially Internet can visit the http service that websrv provides;
2. in-house network user capture extranets, the domestic consumer that is specially in-house network can visit some service that Internet provides,
3. we do not use the IP address directly to visit usually, so the domain name service that allows the dnssrv of intranet access DMZ to provide also allows the name server of dnssrv and extranets to visit mutually.
Be described in below under such network environment, how implement the safety rule hyperspace model of cygergate2.0 fire wall.At first, the user imports safety rule: fire wall is before carrying out packet filtering, and the user at first is configured fire wall, and content comprises network object, network interface object, the input of rule list.Network object is the fundamental element that constitutes access control rule.We give one section ip, and perhaps single ip names sb, and are convenient to user's memory.For example server, normal hosts, the network segment etc.Fire wall is exactly according to these the most basic elements, constitutes the rule of access control as source or purpose.Can be referring to figure below.
| Title | Interface | Minimum IP | Maximum IP |
| net1 | qfe0 | 1.0.0.1 | 9.255.255.254 |
| net2 | qfe0 | 11.0.0.1 | 126.255.255.254 |
| net3 | qfe0 | 128.0.0.1 | 172.15.255.254 |
| net4 | qfe0 | 172.32.0.1 | 192.167.255.254 |
| net5 | qfe0 | 192.169.0.1 | 223.255.255.254 |
| Title | Network address translation | Conversion back IP | Interface | Server ip address |
| websrv | Static purpose pattern | 172.16.9.94 | Qfe2 | 159.226.232.116 |
| Title | Network address translation | Conversion back IP | Interface | Server ip address |
| Dnssrv | Static purpose pattern | 172.16.9.95 | qfe2 | 159.226.232.73 |
The configuration of network interface object is to allow the user set the information of the interface on the fire wall, mainly comprises all network interface card information of searching for fire wall, the inside network interface card of fire wall is set, outside network interface card.Can be referring to figure below.
| Sequence number | Interface name | The IP address | The position | The gateway name |
| 1 | qfe0 | 159.226.232.254 | Outside | gate |
| 2 | qfe1 | 172.16.1.222 | Inner | gate |
| 3 | qfe2 | 172.16.9.222 | Inner | gate |
Rule list, rule list are exactly the set of the access control rule of user's formulation.Can be referring to figure below.
Article one, rule:
| Source address | Destination address | Service | Action |
| Net1 Net2 Net3 Net4 Net5 | websrv | http | Accept |
Input according to the user generates following database:
(1) network object management database, (2) network interface Object Management group database, (3) rule table database
Then carry out spatial division, they are divided into the zone that does not have common factor with the port numbers of service and the IP address of network object, leave lane database in, through after the spatial division, network object and service have been divided into mutual disjunct fritter, and they leave in the database for dress function use down.The effect of spatial division is to prepare for syntax check, semantic analysis, reduces grammar mistake, semantic conflict as far as possible and compilation process is oversimplified.
According to people's custom, the rule of input had repetition when the user imported control law, the phenomenon of contradiction, and load module carries out pre-service to the rule of user input, obtains inerrancy on the grammer, reconcilable regular collection semantically.Therefore, carry out the grammatical and semantic inspection, promptly regular pre-treatment step.Check the following situation that whether occurs:
1. to the inspection of the formation element of rule: comprise that source and destination can not be identical; That rule must contain is active, purpose, service;
2. to the inspection of the relation between many rules: comprise that semantic conflict is arranged between the rule, then the principle that has a right of priority with the rule that comes the rule list front is handled
3. check the appearance avoid invalid rule: comprise that inner invalid address can not visit the outside without network address translation.
4. check so that network object conforms to network interface, the network address, the translative mode of reality: comprise that source or purpose in same the rule should have identical interface, the network address, translative mode.
Every rule will enter database and must check through so more, when rule just can correct input enter database after tested.
If the problems referred to above do not occur, then enter compile step, the create-rule tree, described rule tree structurally has three grades: Snet, Dnet, Port.The effect of rule tree is to make the packet filtering module will obtain the information of the action type that should trigger after the tertiary structure of having looked into rule tree step by step.The semantic analysis concrete steps of create-rule tree:
1. retrieve the rule of all id ∈ action numberings from rule table database, the Snet node in these rules is generated a Snet chained list, each node in the chained list all contains id, rule numbers, network object number information.
2. in like manner, retrieve the Dnet node of the strictly all rules of all id ∈ action numberings from rule table database, generate a Dnet chained list, each node in the chained list all contains id, rule numbers, network object number information.
3. in like manner, retrieve the service node of the strictly all rules of all id ∈ action numberings from rule table database, generate a service chained list, each node in the chained list all contains id, rule numbers information.
4. from first node of Snet chained list, generate its Dnet chained list, the service chained list of first node in its Dnet chained list of regeneration, and with this service chaining table generation balanced binary tree tree, be connected on the Dnet node.Then the tree of first Dnet node of first Snet node generates.
5. successively, the tree of second Dnet node of first Snet node of regeneration generates until the service tree of last Dnet node of first Snet node, at this moment the Dnet tree of first Snet node can be generated, and is connected on this first Snet node.
6. be similar to step 4,5, then handle second Snet node.All Snet chained lists all dispose in the Snet chained list, then this Snet chained list are generated the balanced binary tree tree.The tertiary structure of rule tree is finished thus.Only need load networks information of address conversion in the rule list Query Result of each service node.
7. network address translation analysis.Can specifically be divided into following steps:
(a) after the structure of whole rule tree all generated, each Snet node in the traverse tree was handled the load networks information of address conversion successively to each Snet node.Specific as follows:
Read the network object id (being the network object numbering) of each Snet, in the network object database, search one by one, will draw pairing several information: ip, Ipsrc after effective ip, network interface card numbering, network address translation pattern, the network address translation according to the network object numbering.
(b) if a network object of reading is numbered corresponding effective ip=1, promptly this Ipsrc is a legal address, then need not pass through network address translation.
At this moment put network address translation pattern=0/*0:needn ' t network address translation * of this node/;
In network interface Object Management group table, find corresponding N IC according to the network interface card numbering again;
With these NIC, network address translation pattern, the encapsulation of Ipsrc information, travel through each service node of each Dnet under this Snet node, with the Action information that loaded on each service node together with above NIC, network address translation pattern, Ipsrc information, together be packaged among the fg_RuleResult, still load on each service node.
(c) if a network object of reading is numbered corresponding effective ip=0, promptly this Ipsrc is the local address, reads its network address translation pattern, and at this moment the value of network address translation pattern has two kinds of possibility 1:hide (stealth mode); 2:static src (static father pattern); The ip of record after the network address translation (at present for the network address translation of Hide pattern, only corresponding legal IP after the conversion) puts the ip after the IpAddr=network address translation; Put network address translation pattern=hide; Record NIC; Write down the Ipsrc of this Snet.
(d) then travel through each Dnet node under this Snet node, read the network object numbering of each Dnet node correspondence.Read a corresponding effective ip of network object numbering,
As effective ip=0, then the next stage service node that is connected in this Dnet node under this Snet node is traveled through, in the rule list Query Result of each service node, will put its network address translation pattern=0 (no network address translation); Its NIC is changed to the NIC that network object is numbered,
If effectively ip=1 (Ipdst is a legal address) finds its effective ip and network address translation pattern according to the value of this network object numbering, record network address translation pattern then continues to find its NIC and location in network interface Object Management group table, record NIC,
(1) if location=0 (this Ipdst is bundled on the inner network interface), then check the network address translation pattern of the Dnet node that has write down, (a) if meaning this Ipdst, network address translation pattern=0 (no network address translation) is placed on inner legal IP, need not change, then put its network address translation pattern=0 (no network address translation); Put the NIC of its NIC for the Snet that write down; Encapsulation.(b) as if network address translation pattern=3 (static dst), this Ipdst is the DMZ that is placed on inner network interface, change by static purpose, then puts its network address translation pattern=3; Put its NIC NIC of Dnet node for this reason.Encapsulation.
(2), then check the NIC, network address translation pattern, the IpAddr that in rapid c step by step, have write down, encapsulation if location=1 (this Ipdst is bundled on the outside network interface).
(e) travel through each service node under this Dnet node, and packaged information is carried in the rule list Query Result of each service node.
Butt joint and accompanying drawing 2 are described the search procedure of rule tree in detail below.Searching of rule tree is fairly simple, when the filtering data bag, from packet, extract header packet information (ip source address, the ip destination address, source port, destination interface), search in rule tree with the ip source address, finally can obtain a pointer, be root node in proper order, continues to search the ip destination address in the subtree space; In like manner, continue to look into destination interface, obtain a rule tree Query Result at last, in view of the above, the packet filtering module can be taked corresponding action.
The present invention can move under a large amount of different operating systems of many computing machines or computer set.What the present invention set forth is tissue filter rule on firewall system, thereby improve a kind of improved general model of seek rate, for the realization of model on different hardware platforms according to this, and serve as the further expansion that carry out this model on the basis with this model, all belong within the range of rights and interests of the present invention.For example, this kind method is at the windows platform, and various unix platforms comprise solaris, linux, the realization on the platform, perhaps realization on different hardware platforms such as pc machine, sparc machine.Perhaps to some expansions of this method, as in the rule to the user, the support of the notion of group, to the support of authentication, to the support of audit, support that note take, to the support of encryption, to the support of vpn.And be the modification that the administration interface on the firewall system set up of basis is done to inventing with this; And some modifications that some aspect of rule tree itself is done.All include rights and interests of the present invention.
Claims (9)
1. method of improving fire wall performance comprises step:
1) input step is imported the security strategy step by the user;
2) pre-treatment step, the pre-treatment step that the safety rule of user input is carried out spatial division, syntax check, semantic analysis;
3) generate step,, generate corresponding security strategy semantic structure tree, and install to the step of going in the core down compiling, optimize through pretreated rule list;
4) query steps, the step that the firewall security policy that generates is as stated above inquired about according to the binary tree search method.
2. the method for improvement fire wall performance as claimed in claim 1, wherein step 2) also further comprise in the rule the address carry out the step of spatial division;
3. the method for improvement fire wall performance as claimed in claim 1, wherein step 2) also further comprise the process that generates network object management database, network interface Object Management group database, rule table database;
4. the method for improvement fire wall performance as claimed in claim 1, wherein step 2) also further comprise inspection to the formation element of rule.
5. the method for improvement fire wall performance as claimed in claim 1, wherein step 2) also further comprise inspection to the relation between many rules.
6. the method for improvement fire wall performance as claimed in claim 1, wherein step 2) also further comprise and check the appearance of avoiding invalid rule.
7. the method for improvement fire wall performance as claimed in claim 1, wherein step 2) also further comprise and checking so that network object conforms to network interface, the network address, the translative mode of reality.
8. the method for improvement fire wall performance as claimed in claim 1, wherein step 3) also further comprises the steps:
(1) from rule table database, retrieves all rules that same action indicates that belongs to, all source IP address sets of node in these rules are generated a source IP address set of node chained list, and each node in the chained list all contains sign, rule numbers, network object number information;
(2) in like manner, from rule table database, retrieve all rules that same action indicates that belongs to, all purpose IP address sets of node in these rules are generated a purpose IP address set of node chained list, and each node in the chained list all contains sign, rule numbers, network object number information;
(3) in like manner, retrieve all service node network-side slogans that belong to the rule that same action indicates from rule table database, generate a service chained list, each node in the chained list all contains sign, rule numbers information;
(4) from first node of source IP address set of node chained list, generate all purpose IP address node chained lists of its same rule, from purpose IP address first node of node chained list, the service chained list of its same rule of regeneration, and with this service chaining table generation balanced binary tree, level is associated on first node of node chained list of purpose IP address; Then in the source IP address set of node in the purpose IP address set of node of first node the tree of first node generate;
(5) successively, the tree of second node of purpose IP address node chained list of first node in the regeneration source IP address set of node, the service tree of last node in the purpose IP address node chained list of first node of source IP address set of node generates, and level is associated on first node of this source IP address set of node;
(6), then handle second node of source IP address set of node with step 4,5; All nodes all dispose in source IP address set of node chained list, then this source IP address set of node chained list are generated balanced binary tree; The tertiary structure of rule tree is finished thus; Only need load networks information of address conversion in the rule list Query Result of each service node;
(7) network address translation analysis;
9. the method for improvement fire wall performance as claimed in claim 8, wherein step (7) also further comprises the steps:
(a) after the structure of whole rule tree all generates, each source IP node in the traverse tree, each source IP node is handled the load networks information of address conversion successively, specific as follows: the network object numbering of reading each source IP node, in the network object database, search one by one, will draw pairing several information: the IP address after effective IP, network interface card numbering, network address translation pattern, the network address translation according to the network object numbering;
(b) if a network object of reading is numbered corresponding effective IP=1, promptly this source IP is a legal address, then need not pass through network address translation;
At this moment put network address translation pattern=0 of this node, neither need network address translation;
In network interface Object Management group table, find corresponding network interface unit according to the network interface card numbering again;
With these network interface unit, network address translation pattern, the encapsulation of source IP address information, travel through each service node of each the purpose IP address set of node under this source IP address set of node, with the action message that loaded on each service node together with above network interface unit, network address translation pattern, source IP address information, together be packaged in the processing procedure, still load on each service node;
(c) if a network object of reading is numbered corresponding effective IP=0, promptly this source IP address is the local address, reads its network address translation pattern, and at this moment the value of network address translation pattern has two kinds of possibilities 1: stealth mode; 2: the static father pattern; IP address after the record network address translation, for the network address translation of stealth mode, only corresponding legal IP puts through the IP address after the network address translation after the conversion at present; Put network address translation pattern=stealth mode; The record network interface unit; Write down the source IP address in this source IP address set of node;
(d) each that then travels through institute's cascade under this source IP address set of node belongs to the node of purpose IP set of node, reads the network object numbering of each node correspondence; Read a corresponding effective IP of network object numbering, as effective IP=0, then the next stage service node that the node that belongs to purpose IP set of node that is connected under this source IP address set of node is joined in one's power travels through, in the rule list Query Result of each service node, will put its network address translation pattern=0, no network address translation: it is changed to the network interface unit of network object numbering, if effectively IP=1 purpose IP is a legal address, value according to this network object numbering is found its effective IP and network address translation pattern, record network address translation pattern, then in network interface Object Management group table, continue to find its network interface unit and local address, the record network interface unit
(1) if local address=0 this purpose IP is bundled on the inner network interface, then check the network address translation pattern of the purpose IP set of node that has write down, (a) if meaning this purpose IP, the no network address translation in network address translation pattern=0 is placed on inner legal IP, need not change, then put its no network address translation in network address translation pattern=0; Put the network interface unit of its network interface unit for the source IP address set of node that write down; Encapsulation; (b) as if the static purpose pattern in network address translation pattern=3, this purpose IP is the demilitarized zone that is placed on inner network interface, change by static purpose pattern, then puts its network address translation pattern=3; Put its network interface unit network interface unit of IP set of node for this purpose, encapsulation;
(2) if local address=1 this purpose IP is bundled on the outside network interface, then check the network interface unit, network address translation pattern, the IP address value that in step c, have write down, encapsulation;
(e) travel through each service node of this purpose IP set of node institute cascade, and packaged information is carried in the rule list Query Result of each service node.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 02104228CN1232922C (en) | 2002-02-20 | 2002-02-20 | Method for improving fire wall performance |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 02104228CN1232922C (en) | 2002-02-20 | 2002-02-20 | Method for improving fire wall performance |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1439985A CN1439985A (en) | 2003-09-03 |
| CN1232922Ctrue CN1232922C (en) | 2005-12-21 |
Family
ID=27793058
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 02104228Expired - Fee RelatedCN1232922C (en) | 2002-02-20 | 2002-02-20 | Method for improving fire wall performance |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1232922C (en) |
Families Citing this family (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100384143C (en)* | 2004-08-24 | 2008-04-23 | 华为技术有限公司 | A method for network switching equipment to detect malicious IP scanning |
| US7490235B2 (en)* | 2004-10-08 | 2009-02-10 | International Business Machines Corporation | Offline analysis of packets |
| CN100359889C (en)* | 2004-10-29 | 2008-01-02 | 江苏南大苏富特软件股份有限公司 | Packet Filtering and Management Method Based on Policy Tree |
| CN1863193B (en)* | 2005-05-10 | 2010-10-13 | 联想网御科技(北京)有限公司 | Method for implementing safety tactics of network safety apparatus |
| CN100395997C (en)* | 2005-07-12 | 2008-06-18 | 华为技术有限公司 | A method for protecting the security of access users |
| CN1988447B (en)* | 2006-12-22 | 2010-08-18 | 华为技术有限公司 | Method and device for treating communication network service |
| CN101242260B (en)* | 2007-02-08 | 2010-12-15 | 北京天融信网络安全技术有限公司 | Automatic repair method for firewall system |
| CN101330495B (en)* | 2007-06-19 | 2012-07-25 | 瑞达信息安全产业股份有限公司 | Control method and control system for implementing non-equity access in a computer network |
| US8238238B2 (en)* | 2008-05-16 | 2012-08-07 | Microsoft Corporation | Performing networking tasks based on destination networks |
| CN101299683B (en)* | 2008-06-25 | 2012-07-18 | 中兴通讯股份有限公司 | Collocation device and method for off-line data |
| CN102833271B (en)* | 2012-09-20 | 2014-11-26 | 桂林电子科技大学 | Solution for potential safety hazards in VPN (virtual private network) |
| US9692727B2 (en)* | 2014-12-02 | 2017-06-27 | Nicira, Inc. | Context-aware distributed firewall |
| CN106603524A (en)* | 2016-12-09 | 2017-04-26 | 浙江宇视科技有限公司 | Method for combining safety rules and intelligent device |
| TW201926108A (en)* | 2017-12-04 | 2019-07-01 | 和碩聯合科技股份有限公司 | Network security system and method thereof |
| CN111698110B (en)* | 2019-03-14 | 2023-07-18 | 深信服科技股份有限公司 | Network equipment performance analysis method, system, equipment and computer medium |
- 2002
- 2002-02-20CNCN 02104228patent/CN1232922C/ennot_activeExpired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN1439985A (en) | 2003-09-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1232922C (en) | Method for improving fire wall performance | |
| CN103858392B (en) | Method and apparatus for updating rule compilation data structure | |
| CN103581363B (en) | To malice domain name and the control method and device of unauthorized access | |
| US7089240B2 (en) | Longest prefix match lookup using hash function | |
| CN102857493B (en) | Content filtering method and device | |
| Cheung et al. | Optimal routing table design for IP address lookups under memory constraints | |
| Qiao et al. | Fast Bloom filters and their generalization | |
| US20130218853A1 (en) | Rule Modification in Decision Trees | |
| US9647947B2 (en) | Block mask register key processing by compiling data structures to traverse rules and creating a new rule set | |
| CN104579974B (en) | The Hash Bloom Filter and data forwarding method of Name Lookup towards in NDN | |
| CN1272656A (en) | Contents-index search system and its method | |
| CN103733590A (en) | Compiler for regular expressions | |
| CN108123962A (en) | A kind of method that BFS algorithms generation attack graph is realized using Spark | |
| CN114328962A (en) | A method for identifying abnormal behavior of web logs based on knowledge graph | |
| CN103685222A (en) | A data matching detection method based on a determinacy finite state automation | |
| WO2020171410A1 (en) | Method, apparatus and computer program for collecting data from multiple domains | |
| Jepsen et al. | Forwarding and routing with packet subscriptions | |
| CN118199908A (en) | A network security threat processing method, device and electronic equipment | |
| CN101931557A (en) | User behaviour auditing method and system | |
| US20150032732A1 (en) | Classification engine for data packet classification | |
| Taylor | Models, algorithms, and architectures for scalable packet classification | |
| Hsieh et al. | Multiprefix trie: A new data structure for designing dynamic router-tables | |
| Liu et al. | Overlay automata and algorithms for fast and scalable regular expression matching | |
| Nottingham | GPF: A framework for general packet classification on GPU co-processors | |
| Lucchesi et al. | High-performance IP lookup using Intel Xeon Phi: a Bloom filters based approach |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee | Granted publication date:20051221 Termination date:20110220 |