Abstract: Methods and apparatus consistent with the present disclosure may be performed by a Cloud computing device may use instrumentation code that remains transparent to an application program that the instrumentation code has been injected into, may perform deep packet inspection (DPI) on computer data, or identify a content rating associated with computer data. In certain instances, data sets that include executable code may be received via packetized communications or be received via other means, such as, receiving a file from a data store. The present technique allows one or more processors executing instrumentation code to monitor actions performed by the program code included in a received data set. Malware can be detected using exception handling to track memory allocations of the program code included in the received data set. Furthermore, access to content associated with malware, potential malware, or with inappropriate content ratings may be blocked.

Abstract: Methods and apparatus consistent with the present disclosure may be performed by a Cloud computing device may use instrumentation code that remains transparent to an application program that the instrumentation code has been injected into, may perform deep packet inspection (DPI) on computer data, or identify a content rating associated with computer data. In certain instances, data sets that include executable code may be received via packetized communications or be received via other means, such as, receiving a file from a data store. The present technique allows one or more processors executing instrumentation code to monitor actions performed by the program code included in a received data set. Malware can be detected using exception handling to track memory allocations of the program code included in the received data set. Furthermore, access to content associated with malware, potential malware, or with inappropriate content ratings may be blocked.

Abstract: Methods and apparatus consistent with the present disclosure may be performed by a Cloud computing device may use instrumentation code that remains transparent to an application program that the instrumentation code has been injected into, may perform deep packet inspection (DPI) on computer data, or identify a content rating associated with computer data. In certain instances, data sets that include executable code may be received via packetized communications or be received via other means, such as, receiving a file from a data store. The present technique allows one or more processors executing instrumentation code to monitor actions performed by the program code included in a received data set. Malware can be detected using exception handling to track memory allocations of the program code included in the received data set. Furthermore, access to content associated with malware, potential malware, or with inappropriate content ratings may be blocked.

Abstract: Methods and apparatus consistent with the present disclosure may be performed by a Cloud computing device may use instrumentation code that remains transparent to an application program that the instrumentation code has been injected into, may perform deep packet inspection (DPI) on computer data, or identify a content rating associated with computer data. In certain instances, data sets that include executable code may be received via packetized communications or be received via other means, such as, receiving a file from a data store. The present technique allows one or more processors executing instrumentation code to monitor actions performed by the program code included in a received data set. Malware can be detected using exception handling to track memory allocations of the program code included in the received data set. Furthermore, access to content associated with malware, potential malware, or with inappropriate content ratings may be blocked.

Abstract: Methods and apparatus consistent with the present disclosure may be performed by a Cloud computing device may use instrumentation code that remains transparent to an application program that the instrumentation code has been injected into, may perform deep packet inspection (DPI) on computer data, or identify a content rating associated with computer data. In certain instances, data sets that include executable code may be received via packetized communications or be received via other means, such as, receiving a file from a data store. The present technique allows one or more processors executing instrumentation code to monitor actions performed by the program code included in a received data set. Malware can be detected using exception handling to track memory allocations of the program code included in the received data set. Furthermore, access to content associated with malware, potential malware, or with inappropriate content ratings may be blocked.

Abstract: A character class is detected in a regular expression and substituted with a pseudo character. A table is created with a bit vector for each pseudo character inserted into the regular expression. Each bit in the bit-vector represents one character of the alphabet from which the expression is generated. The status of the bits in a bit-vector indicates which characters of the alphabet are included in the character class. The pseudo character in the modified regular expression is used to construct a non-deterministic finite automaton (NFA). The NFA with the pseudo character is then used to construct a deterministic finite automaton (DFA). When constructing the DFA, the bit-vectors are used to determine if a certain transition should be constructed in the DFA.

Abstract: DFA construction may be aborted if the DFA will become too big for the computing device to handle or based on user preferences. A DFA may be constructed from an NFA, which is constructed from an expression. The expression may have a total number of operands and operators r. The determination to abort DFA construction may be based on the operands. If the number of DFA nodes constructed is more than a lower threshold and the number of DFA nodes constructed is greater than a function, f(r), the DFA construction may be aborted. If the number of DFA nodes is greater than a higher threshold, the DFA construction may be aborted. The lower threshold may be determined based on computing device capabilities and user preference. The higher threshold may be based on computing device capabilities.

Abstract: A character class is detected in a regular expression and substituted with a pseudo character. A table is created with a bit vector for each pseudo character inserted into the regular expression. Each bit in the bit-vector represents one character of the alphabet from which the expression is generated. The status of the bits in a bit-vector indicates which characters of the alphabet are included in the character class. The pseudo character in the modified regular expression is used to construct a non-deterministic finite automaton (NFA). The NFA with the pseudo character is then used to construct a deterministic finite automaton (DFA). When constructing the DFA, the bit-vectors are used to determine if a certain transition should be constructed in the DFA.

Abstract: DFA construction may be aborted if the DFA will become too big for the computing device to handle or based on user preferences. A DFA may be constructed from an NFA, which is constructed from an expression. The expression may have a total number of operands and operators r. The determination to abort DFA construction may be based on the operands. If the number of DFA nodes constructed is more than a lower threshold and the number of DFA nodes constructed is greater than a function, f(r), the DFA construction may be aborted. If the number of DFA nodes is greater than a higher threshold, the DFA construction may be aborted. The lower threshold may be determined based on computing device capabilities and user preference. The higher threshold may be based on computing device capabilities.