Abstract: |
The method includes following steps: first, building two hop tables for two pieces of character block possessing specific length, located at specific position of mode set setup by user for identifying character of network flows; building first and second mappers between two hop tables and modes; using ¡®bit and¡¯ operation obtains third mapper; building hop table in deep layer based on the third mapper, and finally building potential matching table; based on built three kinds of tables, detecting data stream transferred through quick network stream continuously. Through digging out heuristic information in mode set, the invention reduces unnecessary operation of comparison in detection procedure. Layered data structure of table makes the method stable and quick speed for searching. The method is applicable to firewall in high performance, content detection, virus protection etc. |
Relevancy information
