Software Architecture

Figure 1 shows the data distribution software architecture.

Suricata is a network traffic analysis tool that supports multi-thread traffic detection and identifies malicious traffic based on preset rules.

Hyperscan is a high-performance regular expression matching engine that powers open source tools such as Suricata.

The multi-pattern matching acceleration library is developed based on the hash algorithm and Aho–Corasick (AC) algorithm. It accelerates matching of massive-scale fixed-length rules or matching of 100,000 variable-length rules.