1. Field
Methods and apparatuses consistent with exemplary embodiments relate system and method for matching patterns, and more particularly, to system and method for swiftly matching a variety of malware patterns which are grammatically complex or simple with a target data.
2. Description of the Related Art
As the Internet has been widely used, invasion of various forms such as worms, Trojan horses, viruses, and DDos has recently appeared with a greater ripple effect. Therefore, there is a demand for methods and apparatuses for dealing with the network invasion to protect information over networks. The most fundamental technique to achieve this is a high-speed pattern matching technique.
In general, the pattern matching technique has been used for multiple purposes in diverse fields from a system for searching for desired letters from a long text file to a security system for detecting network invasion or viruses, a spam mail removing system, or a database system. In particular, a pattern matching method for searching for a specific text line from a payload part of a packet is a core technique in the invasion detecting or blocking system for detecting abnormal activities using a rule.
System administrators use such an invasion detecting or blocking system in order to protect their internal networks from malicious attacks. However, as the malicious attacks become diversified and the number of attacks increases, the number of pattern matching rules to detect the attacks increases. As the number of rules increases, the pattern matching cost of the invasion detecting or blocking system is on the increase
In general, an anti-virus system-on chip (SOC) is mounted in mobile devices such as laptops, smart phones, net-books, or connected devices, which are connected to networks, so that virus-infected files can be found through scanning, searching, and matching of malicious codes.
Such an anti-virus program finds a virus pattern from a data file which has been read out by scanning a file. However, the scanning operation in the mobile devices requires many resources of a central processing unit (CPU) and a memory and thus it is not easy for a user to use a desired program when detecting viruses due to a resource problem.