BACKGROUND:  Many network based applications are vulnerable to malware such as computer viruses and worms. With the increasing sophistication of malware, new techniques are needed to prevent damage and intrusion of malware. Previous attempts to prevent network intrusions have been based on filtering incoming packets based on header information. However, these techniques cannot stop malware embedded in the packets' payload. Deep packet inspection attempts to remedy this, by examining incoming packets' payloads, and not just their headers.

Most current applications employing deep packet inspection are simple searches of regular expressions within the payload of the packets. However, this approach is only as effective as the list of predefined expressions or keywords being sought.

INNOVATION:  UCLA researchers have developed a new approach to malware detection based on compiler and language theory. They have developed a method that allows for highly efficient searching of language structures, described by a context free grammar (CFG). Utilizing computer compiler technology, a new inspection architecture has been developed that can recognize language structures described a context free grammar (CFG), as opposed to simple regular expressions.

This innovation can be applied to deep packet inspection, and more powerfully perform detect potential malware.

POTENTIAL APPLICATIONS 

• More efficient and powerful deep packet inspection for malware. Due to its ability track context free language structures and not just simple, predefined regular expressions, this innovation offers more powerful malware detection.
• Hardware based filters for firewalls and routers.

DEVELOPMENT-TO-DATE:  This inspection engine has been fully described and validated. Furthermore, a hardware based implementation has been proposed that will very efficiently and quickly detect language structures.

ABOUT THE LAB:  This innovation was created by the researchers from UCLA's Compiler and Architecture Research for Embedded Systems lab which is focused on improving the performance of embedded systems. The web site for the lab is http://cares.icsl.ucla.edu/.

INVENTOR:  Dr. William Mangione-Smith is Professor in the Department of Electrical Engineering, UCLA's Henry Samueli School of Engineering and Applied Science, and is the director of the Compiler and Architecture Research for Embedded Systems (CARES) laboratory at UCLA. Young Cho is a graduate student at UCLA studying under Dr. Mangione-Smith.

Reference: UCLA Case No. 2005-562

PCT Application: WO 2006/113722