Patent · US Active

Network attack detection using partial deterministic finite automaton pattern matching

US7904961B2 · kind B2 · utility

2Cited by

4References

28Claims

0Family size

Assignee

Juniper Networks, Inc. · US

Inventors

Qingming Ma · Santa Clara, US
Bryan Burns · Portland, US
Krishna Narayanaswamy · Saratoga, US
Vipin Rawat · Fremont, US
Michael Chuong Shieh · San Jose, US

Key dates

Filing date	Apr 20, 2007
Grant date	Mar 8, 2011
Priority date	—
Expiry date	Jan 5, 2030

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/0227
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

This disclosure describes techniques for determining whether network traffic contains one or more computer security threats. In order to determine whether a symbol stream conforms to the symbol pattern, a security device stores a full deterministic finite automaton (fDFA) that accepts streams of symbols that conform to the symbol pattern. The security device also creates a partial deterministic finite automaton (pDFA) that includes nodes that correspond to the nodes in the fDFA that have the highest visitation levels. The security device processes each symbol in the symbol stream using the pDFA until a symbol causes the pDFA to transition to a failure node or to an accepting node. If the symbol causes the pDFA to transition to the failure node, the security device processes the symbol and subsequent symbols in the symbol stream using the fDFA.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.