Claims
- 1. A method for detecting a substring of interest from a plurality of substrings that arrives out-of-order, comprising:
receiving a substring with an index; determining whether a preceding span exists in a span set; determining whether a succeeding span exists in said span set; and applying an automaton having a list of substrings of interest to determine whether said substring matches one of said substrings of interest.
- 2. The method of claim 1, wherein if said preceding span and said succeeding span do not exist, then said substring is inserted into said span set.
- 3. The method of claim 1, wherein if said succeeding span does exist, then said substring is joined with said succeeding span to produce a join span.
- 4. The method of claim 3, wherein said succeeding span is replaced by said join span.
- 5. The method of claim 1, wherein if said preceding span does exist, then said preceding span is joined with said substring to produce a join span.
- 6. The method of claim 5, wherein said preceding span is replaced by said join span.
- 7. The method of claim 1, wherein if said preceding span and said succeeding span do exist, then said preceding span is joined with said substring to produce a join span.
- 8. The method of claim 7, wherein said join span is joined with said succeeding span to produce a second join span.
- 9. The method of claim 8, wherein said preceding span and said succeeding span are replaced by said second join span.
- 10. The method of claim 1, wherein said substring is forwarded, while parameters of said substring are stored.
- 11. The method of claim 10, wherein said parameters comprise at least one of a state of said automaton, said index, a length of the substring and a prefix.
- 12. The method of claim 1, wherein said method for detecting a substring of interest is performed as a network monitoring function.
- 13. The method of claim 1, wherein said method for detecting a substring of interest is performed as an intrusion detection function.
- 14. The method of claim 1, wherein said method for detecting a substring of interest is performed as a firewall function.
- 15. The method of claim 1, wherein said method for detecting a substring of interest is performed as a routing function.
- 16. The method of claim 1, wherein said method for detecting a substring of interest is performed as a load balancing function.
- 17. The method of claim 1, wherein said method for detecting a substring of interest is performed as an anti-virus filtering function.
- 18. The method of claim 1, wherein said method for detecting a substring of interest is performed as an anti-spam filtering function.
- 19. The method of claim 1, wherein said method for detecting a substring of interest is performed as a document control function.
- 20. The method of claim 1, wherein said method for detecting a substring of interest is performed as a web content filtering function.
- 21. The method of claim 1, wherein said method for detecting a substring of interest is performed as a virtual private network monitoring function.
- 22. The method of claim 1, wherein said method for detecting a substring of interest is performed as a storage area network security function.
- 23. The method of claim 10, further comprising:
determining whether said forwarded substring is subsequently dropped by a target machine.
- 24. The method of claim 23, wherein if said forwarded substring is subsequently dropped, then a connection for passing said forwarded substring is reset.
- 25. The method of claim 24, wherein said connection is a TCP connection.
- 26. An apparatus for detecting a substring of interest from a plurality of substrings that arrives out-of-order, comprising:
means for receiving a substring with an index; means for determining whether a preceding span exists in a span set; means for determining whether a succeeding span exists in said span set; and means for applying an automaton having a list of substrings of interest to determine whether said substring matches one of said substrings of interest.
- 27. The apparatus of claim 26, wherein if said preceding span and said succeeding span do not exist, then said substring is inserted into said span set.
- 28. The apparatus of claim 26, wherein if said succeeding span does exist, then said substring is joined with said succeeding span to produce a join span.
- 29. The apparatus of claim 28, wherein said succeeding span is replaced by said join span.
- 30. The apparatus of claim 26, wherein if said preceding span does exist, then said preceding span is joined with said substring to produce a join span.
- 31. The apparatus of claim 30, wherein said preceding span is replaced by said join span.
- 32. The apparatus of claim 26, wherein if said preceding span and said succeeding span do exist, then said preceding span is joined with said substring to produce a join span.
- 33. The apparatus of claim 32, wherein said join span is joined with said succeeding span to produce a second join span.
- 34. The apparatus of claim 33, wherein said preceding span and said succeeding span are replaced by said second join span.
- 35. The apparatus of claim 26, wherein said substring is forwarded, while parameters of said substring are stored.
- 36. The apparatus of claim 35, wherein said parameters comprise at least one of a state of said automaton, said index, a length of the substring and a prefix.
- 37. The apparatus of claim 26, wherein said apparatus is a network monitor.
- 38. The apparatus of claim 26, wherein said apparatus an intrusion detector.
- 39. The apparatus of claim 26, wherein said apparatus is a firewall.
- 40. The apparatus of claim 26, wherein said apparatus is a router.
- 41. The apparatus of claim 26, wherein said apparatus is a load balancer.
- 42. The apparatus of claim 26, wherein said apparatus is an anti-virus filter.
- 43. The apparatus of claim 26, wherein said apparatus is an anti-spam filter.
- 44. The apparatus of claim 26, wherein said apparatus is a document controller.
- 45. The apparatus of claim 26, wherein said apparatus is a web content filter.
- 46. The apparatus of claim 26, wherein said apparatus is a virtual private network monitor.
- 47. The apparatus of claim 26, wherein said apparatus is a storage area network security device.
- 48. The apparatus of claim 35, further comprising:
means for determining whether said forwarded substring is subsequently dropped by a target machine.
- 49. The apparatus of claim 48, wherein if said forwarded substring is subsequently dropped, then a connection for passing said forwarded substring is reset.
- 50. The apparatus of claim 49, wherein said connection is a TCP connection.
- 51. A computer-readable medium having stored thereon a plurality of instructions, the plurality of instructions including instructions which, when executed by a processor, cause the processor to perform the steps of a method for detecting a substring of interest from a plurality of substrings that arrives out-of-order, comprising of:
receiving a substring with an index; determining whether a preceding span exists in a span set; determining whether a succeeding span exists in said span set; and applying an automaton having a list of substrings of interest to determine whether said substring matches one of said substrings of interest.
- 52. The computer-readable medium of claim 51, wherein if said preceding span and said succeeding span do not exist, then said substring is inserted into said span set.
- 53. The computer-readable medium of claim 51, wherein if said succeeding span does exist, then said substring is joined with said succeeding span to produce a join span.
- 54. The computer-readable medium of claim 53, wherein said succeeding span is replaced by said join span.
- 55. The computer-readable medium of claim 51, wherein if said preceding span does exist, then said preceding span is joined with said substring to produce a join span.
- 56. The computer-readable medium of claim 55, wherein said preceding span is replaced by said join span.
- 57. The computer-readable medium of claim 51, wherein if said preceding span and said succeeding span do exist, then said preceding span is joined with said substring to produce a join span.
- 58. The computer-readable medium of claim 57, wherein said join span is joined with said succeeding span to produce a second join span.
- 59. The computer-readable medium of claim 58, wherein said preceding span and said succeeding span are replaced by said second join span.
- 60. The computer-readable medium of claim 51, wherein said substring is forwarded, while parameters of said substring are stored.
- 61. The computer-readable medium of claim 50, wherein said parameters comprise at least one of a state of said automaton, said index, a length of the substring and a prefix.
- 62. The computer-readable medium of claim 50, further comprising:
determining whether said forwarded substring is subsequently dropped by a target machine.
- 63. The computer-readable medium of claim 62, wherein if said forwarded substring is subsequently dropped, then a connection for passing said forwarded substring is reset.
- 64. The computer-readable medium of claim 63, wherein said connection is a TCP connection.
CROSS-REFERENCE TO RELATED APPLICATIONS
[0001] This application claims benefit of U.S. provisional patent application serial No. 60/454,935, filed Mar. 13, 2003, which is herein incorporated by reference.
Provisional Applications (1)
|
Number |
Date |
Country |
|
60454935 |
Mar 2003 |
US |