Filter for Network Intrusion and Virus Detection

PublishedFebruary 23, 2016

Assigneenot available in USPTO data we have

InventorsVINODH GOPAL Christopher F. Clark Gilbert Wolrich Wajdi Feghali

Technical Abstract

Patent Claims

24 claims

Legal claims defining the scope of protection, as filed with the USPTO.

1. A method to perform string matching for network packet inspection, the method comprising: configuring a set of H slice circuits, each i th slice circuit of the set of H slice circuits being configured to perform the steps of: independently storing an i th input window of W i bytes of data from an input data stream; padding the W i bytes of data if necessary, and multiplying the W i bytes of data by a Galois-field polynomial modulo an irreducible Galois-field polynomial combined with a randomly generated polynomial multiplier to generate an i th hash index; accessing a storage location of a memory corresponding to the i th hash index to generate an i th slice-hit signal of a set of H slice-hit signals; and providing the i th slice-hit signal to an AND-OR logic array as one of the set of H slice-hit signals; and configuring the AND-OR logic array to receive the set of H slice-hit signals and to combine the set of H slice-hit signals into a match result.

2. The method of claim 1 wherein configuring each i th slice circuit of the set of H slice circuits to perform the step of providing the i th slice-hit signal to the AND-OR logic array comprises: storing the i th slice-hit signal in the storage location of the memory corresponding to the i th hash index.

3. The method of claim 2 wherein each i th input window of W i bytes of data from the input data steam comprises a complete data pattern.

4. The method of claim 2 wherein providing the i th slice-hit signal to the AND-OR logic array comprises: reading out the i th slice-hit signal, from the storage location of the memory corresponding to the i th hash index, to the AND-OR logic array as the i th one of the set of H slice-hit signals.

5. The method of claim 2 wherein providing the i th slice-hit signal to the AND-OR logic array comprises: multiplexing the i th slice-hit signal from the storage location of the memory corresponding to the i th hash index, to the AND-OR logic array as the i th one of the set of H slice-hit signals.

6. The method of claim 1 , wherein the AND-OR logic array is configured to receive the set of H slice-hit signals and to logically AND the set of H slice-hit signals into a match result.

7. The method of claim 1 , wherein the AND-OR logic array is configured to receive the set of H slice-hit signals and to logically OR the set of H slice-hit signals into a match result.

8. The method of claim 1 , wherein the AND-OR logic array is configured to receive the set of H slice-hit signals and to logically AND subsets of the set of H slice-hit signals into temporary results, and to logically OR the temporary results into a match result.

9. An apparatus comprising: an AND-OR logic array configurable to receive a set of H slice-hit signals and to combine the set of H slice-hit signals into a match result; and a set of H slice circuits, each i th slice circuit of the set comprising: an input window configurable to independently store W i bytes of data from an input data steam; a Ghash unit coupled with the input window and configurable to receive the W i bytes of data, pad the W i bytes of data if necessary, and multiply the W i bytes of data by a Galois-field polynomial modulo an irreducible Galois-field polynomial combined with a randomly generated polynomial multiplier to generate an index; and a memory coupled with the Ghash unit and configurable to access a storage location responsive to the index to generate a slice-hit signal and to provide the slice-hit signal to said AND-OR logic array as one of the set of H slice-hit signals.

10. The apparatus of claim 9 wherein providing the slice-hit signal to the AND-OR logic array comprises: reading out the slice-hit signal, from the storage location of the memory corresponding to the index of the i th slice circuit, to the AND-OR logic array as the i th one of the set of H slice-hit signals.

11. The apparatus of claim 9 wherein providing the slice-hit signal to the AND-OR logic array comprises: multiplexing the slice-hit signal, from the storage location of the memory corresponding to the index of the i th slice circuit, to the AND-OR logic array as the i th one of the set of H slice-hit signals.

12. The apparatus of claim 9 wherein the AND-OR logic array is configurable to receive the set of H slice-hit signals and to logically AND the set of H slice-hit signals into a match result.

13. The apparatus of claim 9 wherein the AND-OR logic array is configurable to receive the set of H slice-hit signals and to logically OR the set of H slice-hit signals into a match result.

14. The apparatus of claim 9 wherein the AND-OR logic array is configurable to receive the set of H slice-hit signals and to logically AND subsets of the set of H slice-hit signals into temporary results, and to logically OR the temporary results into a match result.

15. The apparatus of claim 9 wherein the same irreducible Galois-field polynomial is used in each i th slice circuit of the set of H slice circuits.

16. The apparatus of claim 15 wherein each the W i bytes of data are multiplied by a different distinct Galois-field polynomial in each i th slice circuit of the set of H slice circuits.

17. A packet processing system to perform string matching for network packet inspection, the system comprising: a system processor; an AND-OR logic array configurable to receive a set of H slice-hit signals and to combine the set of H slice-hit signals into a match result; and a set of H slice circuits, each i th slice circuit of the set comprising: an input window configurable to independently store W i bytes of data from an input data steam; a Ghash unit coupled with the input window and configurable to receive the W i bytes of data, pad the W i bytes of data if necessary, and multiply the W i bytes of data by a Galois-field polynomial modulo an irreducible Galois-field polynomial combined with a randomly generated polynomial multiplier to generate an index; and a memory coupled with the Ghash unit and configurable to access a storage location responsive to the index to generate a slice-hit signal and to provide the slice-hit signal to said AND-OR logic array as one of the set of H slice-hit signals; and a machine readable medium to store executable instructions, such that when said executable instructions are executed by the system processor, the system processor is caused to: set a pointer to a first character of the input data steam to establish a starting point for the input window of each i th slice circuit, and increment the pointer until the match result is positive or until an end-of-file is reached in the input data steam.

18. The system of claim 17 wherein the same irreducible Galois-field polynomial is used in each i th slice circuit of the set of H slice circuits.

19. The system of claim 18 wherein each the W i bytes of data are multiplied by a different distinct Galois-field polynomial in each i th slice circuit of the set of H slice circuits.

20. The system of claim 17 wherein the AND-OR logic array is configurable to receive the set of H slice-hit signals and to logically AND the set of H slice-hit signals into a match result.

21. The system of claim 17 wherein the AND-OR logic array is configurable to receive the set of H slice-hit signals and to logically OR the set of H slice-hit signals into a match result.

22. The system of claim 17 wherein the AND-OR logic array is configurable to receive the set of H slice-hit signals and to logically AND subsets of the set of H slice-hit signals into temporary results, and to logically OR the temporary results into a match result.

23. The system of claim 18 wherein providing the slice-hit signal to the AND-OR logic array comprises: reading out the slice-hit signal, from the storage location of the memory corresponding to the index of the i th slice circuit, to the AND-OR logic array as the i th one of the set of H slice-hit signals.

24. The system of claim 17 wherein providing the slice-hit signal to the AND-OR logic array comprises: multiplexing the slice-hit signal, from the storage location of the memory corresponding to the index of the i th slice circuit, to the AND-OR logic array as the i th one of the set of H slice-hit signals.

Patent Metadata

Filing Date

Unknown

Publication Date

February 23, 2016

Inventors

VINODH GOPAL

Christopher F. Clark

Gilbert Wolrich

Wajdi Feghali

Want to explore more patents?

Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.

Browse All Patents Try Prior Art Search