公开(公告)号：US20060174345A1

公开(公告)日：2006-08-03

申请号：US11291511

申请日：2005-11-30

申请人： Michael Flanagan ,  Peter Duthie ,  Peter Bisroev ,  Teewoon Tan ,  Darren Williams ,  Robert Barrie ,  Stephen Gould

发明人： Michael Flanagan ,  Peter Duthie ,  Peter Bisroev ,  Teewoon Tan ,  Darren Williams ,  Robert Barrie ,  Stephen Gould

IPC分类号： G06F12/14

CPC分类号： G06F21/554 ,  G06F21/56 ,  G06F21/562 ,  G06F21/564 ,  G06Q10/107 ,  H04L51/12 ,  H04L63/1416 ,  H04L63/1441 ,  H04L63/145

摘要： A data classification system identifies and processes malicious data that may be present in a received data stream. The system includes at least two stages, and a data flow module. The data flow module derives, from an input data stream, a first processed data stream that is transmitted to the first processing stage. The first processing stage derives, from the first processed data stream, a second processed data stream that is transmitted to the second processing stage. The first and second processing stages optionally derive meta data from the data they receive.

摘要翻译： 数据分类系统识别并处理可能存在于接收的数据流中的恶意数据。 该系统至少包括两个阶段，以及数据流模块。 数据流模块从输入数据流中导出发送到第一处理级的第一处理数据流。 第一处理阶段从第一处理数据流导出发送到第二处理阶段的第二处理数据流。 第一和第二处理阶段可选地从它们接收的数据中导出元数据。

公开(公告)号：US20070039051A1

公开(公告)日：2007-02-15

申请号：US11465634

申请日：2006-08-18

申请人： Peter Duthie ,  Peter Bisroev ,  Teewoon Tan ,  Darren Williams ,  Robert Barrie ,  Stephen Gould

发明人： Peter Duthie ,  Peter Bisroev ,  Teewoon Tan ,  Darren Williams ,  Robert Barrie ,  Stephen Gould

IPC分类号： G06F12/14 ,  G06F11/00 ,  H04L9/32 ,  G06F11/30 ,  G06F12/16 ,  G06F15/18 ,  G08B23/00

CPC分类号： G06F21/56

摘要： A first security processing stage performs a first multitude of tasks and a second security processing stage performs a second multitude of tasks. The first and second multitude of tasks may include common tasks. The first security processing stage is a prefilter to the second security processing stage. The input data received as a data stream is first processed by the first security processing stage, which in response, generates one or more first processed data streams. The first processed data streams may be further processed by the second security processing stage or may bypass the second security processing stage. The first security processing stage operates at a speed greater than the speed of the second security processing stage.

摘要翻译： 第一安全处理阶段执行第一多个任务，第二安全处理阶段执行第二大量任务。 第一和第二个任务可能包括常见任务。 第一安全处理阶段是到第二安全处理阶段的预过滤器。 作为数据流接收的输入数据首先由第一安全处理阶段进行处理，第一安全处理阶段响应地生成一个或多个第一处理数据流。 第一处理数据流可以由第二安全处理级进一步处理，或可以绕过第二安全处理级。 第一安全处理级以大于第二安全处理级的速度的速度操作。

公开(公告)号：US20060174343A1

公开(公告)日：2006-08-03

申请号：US11291524

申请日：2005-11-30

申请人： Peter Duthie ,  Peter Bisroev ,  Teewoon Tan ,  Darren Williams ,  Robert Barrie ,  Stephen Gould

发明人： Peter Duthie ,  Peter Bisroev ,  Teewoon Tan ,  Darren Williams ,  Robert Barrie ,  Stephen Gould

IPC分类号： G06F12/14

CPC分类号： G06F21/554 ,  G06F21/56 ,  G06F21/562 ,  G06F21/564 ,  G06Q10/107 ,  H04L51/12 ,  H04L63/1416 ,  H04L63/1441 ,  H04L63/145

摘要： A first security processing stage performs a first multitude of tasks and a second security processing stage performs a second multitude of tasks. The first and second multitude of tasks may include common tasks. The first security processing stage is a prefilter to the second security processing stage. The input data received as a data stream is first processed by the first security processing stage, which in response, generates one or more first processed data streams. The first processed data streams may be further processed by the second security processing stage or may bypass the second security processing stage. The first security processing stage operates at a speed greater than the speed of the second security processing stage.

摘要翻译： 第一安全处理阶段执行第一多个任务，第二安全处理阶段执行第二大量任务。 第一和第二个任务可能包括常见任务。 第一安全处理阶段是到第二安全处理阶段的预过滤器。 作为数据流接收的输入数据首先由第一安全处理阶段进行处理，第一安全处理阶段响应地生成一个或多个第一处理数据流。 第一处理数据流可以由第二安全处理级进一步处理，或可以绕过第二安全处理级。 第一安全处理级以大于第二安全处理级的速度的速度操作。

公开(公告)号：US20060085389A1

公开(公告)日：2006-04-20

申请号：US11213622

申请日：2005-08-26

申请人： Michael Flanagan ,  Darren Williams ,  Stephen Gould ,  Robert Barrie ,  Teewoon Tan

发明人： Michael Flanagan ,  Darren Williams ,  Stephen Gould ,  Robert Barrie ,  Teewoon Tan

IPC分类号： G06F17/30 ,  G06F7/00

CPC分类号： G06F16/90344 ,  H04L63/1416 ,  H04L63/145

摘要： A method and apparatus for transforming regular expressions into a less resource intensive representation is disclosed. The method and apparatus converts a collection of regular expressions into a multi-level representation in which the memory requirements of the lowest level representation is reduced when compared with a conventional finite state automaton representation. The method and apparatus converts a collection of regular expressions into a collection of segments and a higher level representation in a way that retains the semantics of the original set of regular expressions. This transformation is performed through the use of an intermediate form. The resulting representation and collection admit an implementation which avoids the potentially costly memory requirements of a traditional implementation of the original expressions.

摘要翻译： 公开了一种用于将正则表达式转换为较少资源密集型表示的方法和装置。 该方法和装置将正则表达式的集合转换为与常规有限状态自动机表示相比最低级表示的存储器要求减小的多级表示。 该方法和装置以保持原始正则表达式集的语义的方式将正则表达式的集合转换为段的集合和较高级表示。 这种转换是通过使用中间形式进行的。 所得到的表示和集合承认了一种实现，其避免了原始表达式的传统实现的潜在昂贵的存储器需求。

公开(公告)号：US20060191008A1

公开(公告)日：2006-08-24

申请号：US11291530

申请日：2005-11-30

申请人： Amila Fernando ,  Anthony Place ,  Simon Ratner ,  Teewoon Tan ,  Darren Williams ,  Robert Barrie ,  Stephen Gould

发明人： Amila Fernando ,  Anthony Place ,  Simon Ratner ,  Teewoon Tan ,  Darren Williams ,  Robert Barrie ,  Stephen Gould

IPC分类号： G06F12/14

CPC分类号： G06F21/554 ,  G06F21/56 ,  G06F21/562 ,  G06F21/564 ,  G06Q10/107 ,  H04L51/12 ,  H04L63/1416 ,  H04L63/1441 ,  H04L63/145

摘要： An accelerated network intrusion detection and prevention system includes, in part, first, second and third processing stages. The first processing stage receives incoming packets and generates, in response, first and second processed data streams using a first set of rules. The first processing stage optionally detects whether the received packets are suspected of attacking the network and places the received data packets in the first processed data stream. The second processing stage receives the first processed data stream and generates, in response, a third processed data stream using a second set of rules. The second processing stage optionally classifies the first processed data stream, that is suspected of launching a network attack, as either attacks or benign network traffic. A third processing stage receives and processes the second and third processed data streams.

摘要翻译： 加速网络入侵检测和预防系统部分包括第一，第二和第三处理阶段。 第一处理阶段接收传入的分组，并且响应地使用第一组规则生成第一和第二处理数据流。 第一处理阶段可选地检测所接收的分组是否被怀疑攻击网络，并将接收到的数据分组放置在第一处理数据流中。 第二处理阶段接收第一处理数据流，并且响应地使用第二组规则生成第三处理数据流。 第二处理阶段可选地将被怀疑发起网络攻击的第一处理数据流分类为攻击或良性网络流量。 第三处理阶段接收并处理第二和第三处理数据流。

公开(公告)号：US20070162972A1

公开(公告)日：2007-07-12

申请号：US11330973

申请日：2006-01-11

申请人： Teewoon Tan ,  Simon Ratner ,  Darren Williams ,  Stephen Gould ,  Robert Barrie

发明人： Teewoon Tan ,  Simon Ratner ,  Darren Williams ,  Stephen Gould ,  Robert Barrie

IPC分类号： G06F12/14

CPC分类号： G06F21/76 ,  G06F2221/2111

摘要： A method for upgrading one or more security applications, e.g., anti-spam, anti-virus, intrusion detection/prevention. The method includes deriving a second hardware logic from a security knowledge base. The method includes operating a computing system including a security device. The computer system is coupled to the one or more computer networks, e.g., local area networks, wide area networks, Internet. The security device has one or more security logic processors, which include one or more respective first hardware logic. The method transfers an FPGA image representative of at least the second hardware logic through the computer network to one or more first memory devices. The method includes temporarily halting one or more of the security logic processors at a predetermined portion of the stream of information according to a specific embodiment. The method includes loading the second hardware logic onto the one or more security logic processors while the one or more security logic processors have been paused. The method resumes the operation of the one or more security logic processors.

摘要翻译： 一种用于升级一个或多个安全应用的方法，例如反垃圾邮件，防病毒，入侵检测/预防。 该方法包括从安全知识库导出第二硬件逻辑。 该方法包括操作包括安全设备的计算系统。 计算机系统耦合到一个或多个计算机网络，例如局域网，广域网，因特网。 安全设备具有一个或多个安全逻辑处理器，其包括一个或多个相应的第一硬件逻辑。 该方法将表示至少第二硬件逻辑的FPGA图像通过计算机网络传送到一个或多个第一存储器件。 该方法包括根据具体实施例暂时停止信息流的预定部分处的一个或多个安全逻辑处理器。 该方法包括在一个或多个安全逻辑处理器已经暂停时将第二硬件逻辑加载到一个或多个安全逻辑处理器上。 该方法恢复一个或多个安全逻辑处理器的操作。

公开(公告)号：US20060193159A1

公开(公告)日：2006-08-31

申请号：US11326131

申请日：2006-01-04

申请人： Teewoon Tan ,  Stephen Gould ,  Darren Williams ,  Ernest Peltzer ,  Robert Barrie

发明人： Teewoon Tan ,  Stephen Gould ,  Darren Williams ,  Ernest Peltzer ,  Robert Barrie

IPC分类号： G11C15/00

CPC分类号： G06F16/9014

摘要： A pattern matching system includes, in part, a multitude of databases each configured to store and supply compressed data for matching to the received data. The system divides each data stream into a multitude of segments and optionally computes a data pattern from the data stream prior to the division into a multitude of segments. Segments of the data pattern are used to define an address for one or more memory tables. The memory tables are read such that the outputs of one or more memory tables are used to define the address of another memory table. If during any matching cycle, the data retrieved from any of the successively accessed memory tables include an identifier related to any or all previously accessed memory tables, a matched state is detected. A matched state contains information related to the memory location at which the match occurs as well as information related to the matched pattern, such as the match location in the input data stream.

摘要翻译： 模式匹配系统部分地包括多个数据库，每个数据库被配置为存储和提供压缩数据以匹配所接收的数据。 该系统将每个数据流划分成多个段，并且可选地在分割成多个段之前从数据流计算数据模式。 数据模式的段用于定义一个或多个存储表的地址。 读取存储器表，使得一个或多个存储器表的输出用于定义另一个存储器表的地址。 如果在任何匹配周期期间，从任何连续访问的存储器表中检索的数据包括与任何或所有先前访问的存储器表相关的标识符，则检测到匹配状态。 匹配状态包含与匹配发生的存储器位置有关的信息以及与匹配模式相关的信息，例如输入数据流中的匹配位置。

公开(公告)号：US20060184556A1

公开(公告)日：2006-08-17

申请号：US11326123

申请日：2006-01-04

申请人： Teewoon Tan ,  Stephen Gould ,  Darren Williams ,  Ernest Peltzer ,  Robert Barrie

发明人： Teewoon Tan ,  Stephen Gould ,  Darren Williams ,  Ernest Peltzer ,  Robert Barrie

IPC分类号： G06F17/00

CPC分类号： H03M7/30 ,  G06F16/9014

摘要： A data compressor performing the compression algorithm compresses an original uncompressed pattern database to form an associated compressed pattern database configured for fast retrieval and verification. For each data pattern, the data compressor stores a data in an address of a first memory table and that is defined by a first segment of a group of bits associated with the data pattern. The data compressor stores a second data in an address of a second memory table and that is defined by a second segment of the group of bits associated with the data pattern and further defined by the first data stored in the first memory.

摘要翻译： 执行压缩算法的数据压缩器压缩原始未压缩模式数据库以形成配置用于快速检索和验证的相关联的压缩模式数据库。 对于每个数据模式，数据压缩器将数据存储在第一存储器表的地址中，并且由与数据模式相关联的一组位的第一段定义。 数据压缩器将第二数据存储在第二存储器表的地址中，并且由与数据模式相关联的位组的第二段定义，并由存储在第一存储器中的第一数据进一步限定。

公开(公告)号：US20060168329A1

公开(公告)日：2006-07-27

申请号：US11291512

申请日：2005-11-30

申请人： Teewoon Tan ,  Darren Williams ,  Robert Barrie ,  Stephen Gould ,  Craig Cameron

发明人： Teewoon Tan ,  Darren Williams ,  Robert Barrie ,  Stephen Gould ,  Craig Cameron

IPC分类号： G06F15/173

CPC分类号： G06F21/554 ,  G06F21/56 ,  G06F21/562 ,  G06F21/564 ,  G06Q10/107 ,  H04L51/12 ,  H04L63/1416 ,  H04L63/1441 ,  H04L63/145

摘要： A classifier of electronic messages includes one or more pre-filters and a filter. Messages classified as spam or legitimate by one or more of the pre-filters bypass the filter. Messages classified as suspicious are further classified by the filter as either spam or legitimate. Messages classified as spam are routed to a spam quarantine storage area. Messages classified as legitimate are routed to a spam delivery area.

摘要翻译： 电子消息的分类器包括一个或多个预滤波器和滤波器。 由一个或多个预过滤器分类为垃圾邮件或合法的邮件绕过过滤器。 分类为可疑的邮件会被过滤器进一步分类为垃圾邮件或合法邮件。 分类为垃圾邮件的邮件将路由到垃圾邮件隔离区存储区域。 分类为合法的邮件将路由到垃圾邮件传送区域。

公开(公告)号：US20050028114A1

公开(公告)日：2005-02-03

申请号：US10850979

申请日：2004-05-21

申请人： Stephen Gould ,  Robert Barrie ,  Michael Flanagan ,  Darren Williams

发明人： Stephen Gould ,  Robert Barrie ,  Michael Flanagan ,  Darren Williams

IPC分类号： G06F20060101 ,  G06F7/38 ,  G06F9/44 ,  G06F17/50 ,  H01L20060101

CPC分类号： G06F9/4498

摘要： The states associated with a programmable state machine are reordered to compress the storage of transitions which define the state machine. To reorder the states, a score is computed and assigned to each of the states. Next, the states are sorted according to their computed scores. In some embodiments, to compute the score for each current state based on the received input symbol, the number of times that the input symbol causes transition to similar states is added. The sum of the scores in each row of the table is representative of the score for the associated current state associated with that row. The states are sorted according to their score and a new state transition table is generated in accordance with the reordered states.

摘要翻译： 与可编程状态机相关联的状态被重新排序以压缩定义状态机的转换的存储。 要重新排序状态，计算得分并分配给每个状态。 接下来，根据它们的计算分数对状态进行排序。 在一些实施例中，为了基于接收到的输入符号来计算每个当前状态的得分，输入符号引起转变到类似状态的次数被增加。 表中每行的分数之和表示与该行相关联的当前状态的分数。 状态根据其分数进行排序，并根据重新排列的状态生成新的状态转换表。