Expression analysis for preventing cyberattacks
US12101346B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Jul 26, 2023 |
| Grant date | Sep 24, 2024 |
| Priority date | — |
| Expiry date | Jul 26, 2043 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1458
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method for assessing a regular expression for vulnerability to ReDoS attacks includes receiving a regular expression for evaluating a string defined by ordered set of characters from an alphanumeric input device, and evaluating the regular expression for determining if a parsing operation of the string according to the regular expression results in a disproportionate resource consumption. The evaluation determines if the resource consumption constitutes a Regular expression Denial of Service (ReDOS) attack by providing a vulnerability indication of a single valid attack string, rather than attempting to find all possible attack strings. The valid attack string is defined by an input string for which evaluation based on the regular expression would result in disproportionate resource consumption.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.