首页>
外国专利>
De-obfuscating scripted language for network intrusion detection using a regular expression signature
De-obfuscating scripted language for network intrusion detection using a regular expression signature
展开▼
机译:使用正则表达式签名对用于网络入侵检测的脚本语言进行反混淆
展开▼
页面导航
摘要
著录项
相似文献
摘要
A device receives data, identifies a context associated with the data, and identifies a script, within the data, associated with the context. The device parses the script to identify tokens, forms nodes based on the tokens, and assembles a syntax tree using the nodes. The device renames one or more identifiers associated with the nodes and generates a normalized text, associated with the script, based on the syntax tree after renaming the one or more identifiers. The device determines whether the normalized text matches a regular expression signature and processes the data based on determining whether the normalized text matches the regular expression signature. The device processes the data by a first process when the normalized text matches the regular expression signature or by a second process, different from the first process, when the normalized text does not match the regular expression signature.
展开▼