Session slicing of mirrored packets
US-12184680-B2 · Dec 31, 2024 · US
System and method for matching pattern
US9392005B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9392005-B2 |
| Application number | US-201113116419-A |
| Country | US |
| Kind code | B2 |
| Filing date | May 26, 2011 |
| Priority date | May 27, 2010 |
| Publication date | Jul 12, 2016 |
| Grant date | Jul 12, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
System and method for matching a pattern are provided. The pattern matching method includes performing a sub pattern matching operation to match at least one sub data of a plurality of sub data of a target data with a pre-stored pattern data, and performing a full pattern matching operation to determine whether the target data is identical to at least the pre-stored pattern data by referring to a result of the sub pattern matching operation, and wherein the full pattern matching operation is performed or not performed according to a type of the pre-stored pattern data. Accordingly, an accurate matching operation is performed with respect to the target data of various patterns.
First claim
Opening claim text (preview).
What is claimed is: 1. A malware pattern matching method comprising: generating a hash matcher table comprising a hash value item displaying a hash value and an item displaying a pre-stored malware pattern data, or comprising the hash value item displaying the hash value and an item displaying whether a hash value of the pre-stored malware pattern data is identical to the hash value displayed on the hash value item; dividing a target data into a plurality of sub data; for at least one sub data of the plurality of sub data, generating a hash value of the sub data and comparing the generated hash value of the sub data and the hash matcher table; generating a sub matcher table which comprises the hash value item displaying the hash value and a malware pattern data item displaying a malware pattern data corresponding to the hash value displayed on the hash value item; only in response to the hash value of at least one sub data of the plurality of sub data existing in the hash matcher table, performing a sub pattern matching operation to match the at least one sub data of the plurality of sub data with the corresponding pre-stored malware pattern data by using the sub matcher table; determining a type of the pre-stored malware pattern data; in response to a determination that the type of the pre-stored malware pattern data is a grammatically complex malware pattern, performing a full pattern matching operation to determine whether the target data is identical to at least the pre-stored malware pattern data by referring to a result of the sub pattern matching operation; and in response to a determination that the type of the pre-stored malware pattern data is a grammatically simple malware pattern, not performing the full pattern matching operation, wherein performing the sub pattern matching operation comprises: performing a light pattern matching operation to match a part of the one sub data with the pre-stored malware pattern data by using the sub matcher table; and if the part of the one sub data is identical to or included in the pre-stored malware pattern data, performing an exact pattern matching operation to match a whole of the one sub data with a whole of the pre-stored malware pattern data. 2. The malware pattern matching method as claimed in claim 1 , wherein, in response to the determination that the type of the pre-stored malware pattern data matched with the one sub data is part of the grammatically complex malware pattern, the result of the sub pattern matching operation is recorded on a sub pattern matrix. 3. The malware pattern matching method as claimed in claim 2 , wherein the performing the full pattern matching operation comprises checking whether the sub pattern matching operation matches all malware sub patterns included in the sub pattern matrix. 4. The malware pattern matching method as claimed in claim 1 , further comprising recording the result of the sub pattern matching operation on a sub pattern matrix, wherein the performing the full pattern matching operation comprises checking whether the sub pattern matching operation matches all malware sub patterns included in the sub pattern matrix. 5. The malware pattern matching method as claimed in claim 1 , wherein the part of the one sub data is at least one of a head value, a middle value, and a tail value of the one sub data. 6. The malware pattern matching method as claimed in claim 1 , wherein the sub matcher table further comprises a middle value item displaying a middle value of the pre-stored malware pattern data and a tail value item displaying a tail value of the pre-stored malware pattern data. 7. The malware pattern matching method as claimed in claim 1 , wherein the pattern data item displays an address where the pre-stored malware pattern data is stored or displays the pre-stored malware pattern data. 8. The malware pattern matching method as claimed in claim 1 , wherein the sub matcher table further comprises a collision pattern offset item displaying a collision pattern offset value indicating whether one of the hash values of the pre-stored malware pattern data collides with another of the hash values of the pre-stored malware pattern data. 9. The malware pattern matching method as claimed in claim 8 , wherein, if the one of the hash values of the pre-stored malware pattern data collides with the other of the hash values of the pre-stored malware pattern data, the collision pattern offset item displays the one of the hash values. 10. The malware pattern matching method as claimed in claim 1 , wherein the performing the sub pattern matching operation comprises: searching for a hash value identical to the hash value of the one sub data among the hash values displayed on the hash value item of the sub matcher table; and comparing a malware pattern data corresponding to the searched for hash value and the one sub data. 11. The malware pattern matching method as claimed in claim 10 , wherein the comparing comprises: performing a light pattern matching operation to match a part of the one sub data with the pre-stored malware pattern data; and only if the part of the one sub data is identical to or included in the pre-stored malware pattern data, performing an exact pattern matching operation to match a whole of the one sub data with the pre-stored malware pattern data. 12. The malware pattern matching method as claimed in claim 10 , wherein the sub matcher table further comprises a collision pattern offset item displaying an collision pattern offset value indicating whether one of the hash values of the pre-stored malware pattern data collides with another of the hash values of the pre-stored malware pattern data, wherein the pattern matching method further comprises, if an offset value exists in the collision pattern offset item, comparing a malware pattern data indicated by the offset value and the one sub data. 13. A malware pattern matching method comprising: generating a hash matcher table comprising a hash value item displaying a hash value and an item displaying a malware pattern data of a pre-stored malware pattern database or comprising the hash value item displaying the hash value and an item indicating whether hash values of the malware pattern data of the pre-stored pattern database are identical to the hash values displayed on the hash value item; dividing a target data into a plurality of sub data; for at least one sub data of the plurality of sub data, generating a hash value of the sub data and comparing the generated hash value of the sub data and the hash matcher table; generating a sub matcher table which comprises the hash value item displaying the hash value and a malware pattern data item displaying a malware pattern data corresponding to the hash value displayed on the hash value item; only in response to the hash value of at least one sub data of the plurality of sub data existing in the hash matcher table, performing a light pattern matching operation to match a part of the at least one sub data of the plurality of sub data with a malware pattern data of a pre-stored malware pattern database by using the sub matcher table; and performing an exact pattern matching operation to match a whole of the one sub data with the malware pattern data only if the part of the one sub data is identical to or included in the malware pattern data. 14. The malware pattern matching method as claimed in claim 13 , wherein the sub matcher table further comprises a collision pattern offset item displaying a collision pattern offset value indicating whether one of the hash values of the malware pattern data collides with another of th
Assignees
Inventors
Classifications
- H04L63/1416Primary
Event detection, e.g. attack signature detection · CPC title
received data contents, e.g. message integrity · CPC title
by virus signature recognition · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9392005B2 cover?
- System and method for matching a pattern are provided. The pattern matching method includes performing a sub pattern matching operation to match at least one sub data of a plurality of sub data of a target data with a pre-stored pattern data, and performing a full pattern matching operation to determine whether the target data is identical to at least the pre-stored pattern data by referring to…
- Who is the assignee on this patent?
- Yoo Inseon, Samsung Sds Co Ltd
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1416. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jul 12 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).