diff --git a/inc/Maat_command.h b/inc/Maat_command.h
index 816dd63..5e0c6e1 100644
--- a/inc/Maat_command.h
+++ b/inc/Maat_command.h
@@ -109,6 +109,7 @@ struct Maat_region_t
 struct Maat_group_t
 {
 	const char* table_name;
+	const char* virtual_table_name;
 	int group_id;	//If MAAT_OPT_CMD_AUTO_NUMBERING==1, maat will assigned one. Or users must assign a unique number.
 	int parent_id;
 	int not_flag;
diff --git a/src/entry/Maat_command.cpp b/src/entry/Maat_command.cpp
index 51d407d..6d061fd 100644
--- a/src/entry/Maat_command.cpp
+++ b/src/entry/Maat_command.cpp
@@ -247,11 +247,17 @@ int invalidate_line(char* line, enum MAAT_TABLE_TYPE type,int valid_column_seq)
 void serialize_group(const struct Maat_group_t* p_group, enum MAAT_OPERATION op, char* buff, size_t sz)
 {
 	if(op==MAAT_OP_RENEW_TIMEOUT) op=MAAT_OP_ADD;
-	snprintf(buff, sz, "%d\t%d\t%d\t%d\t%d\tnull", p_group->group_id, 
+	const char* vt_name="null";
+	if(p_group->virtual_table_name!=NULL)
+	{
+		vt_name=p_group->virtual_table_name;
+	}
+	snprintf(buff, sz, "%d\t%d\t%d\t%d\t%d\t%s", p_group->group_id, 
 									p_group->parent_id,
 									op,
 									p_group->not_flag,
-									p_group->parent_type);
+									p_group->parent_type,
+									vt_name);
 	return;
 }
 void serialize_compile(const struct Maat_rule_t* p_m_rule, const char* huge_service_defined, int group_num, enum MAAT_OPERATION op, char* buff, size_t sz)
@@ -276,65 +282,65 @@ void serialize_region(const struct Maat_region_t* p, int group_id, char* buff, s
 	switch(p->region_type)
 	{
 		case REGION_IP:
-			ret=snprintf(buff,sz,"%d\t%d\t%d\t%s\t%s\t%hu\t%hu\t%s\t%s\t%hu\t%hu\t%d\t%d\t1"
-					,p->region_id
-					,group_id
-					,p->ip_rule.addr_type
-					,p->ip_rule.src_ip
-					,p->ip_rule.mask_src_ip
-					,p->ip_rule.src_port
-					,p->ip_rule.mask_src_port
-					,p->ip_rule.dst_ip
-					,p->ip_rule.mask_dst_ip
-					,p->ip_rule.dst_port
-					,p->ip_rule.mask_dst_port
-					,p->ip_rule.protocol
-					,p->ip_rule.direction);	
+			ret=snprintf(buff,sz,"%d\t%d\t%d\t%s\t%s\t%hu\t%hu\t%s\t%s\t%hu\t%hu\t%d\t%d\t1",
+					p->region_id,
+					group_id,
+					p->ip_rule.addr_type,
+					p->ip_rule.src_ip,
+					p->ip_rule.mask_src_ip,
+					p->ip_rule.src_port,
+					p->ip_rule.mask_src_port,
+					p->ip_rule.dst_ip,
+					p->ip_rule.mask_dst_ip,
+					p->ip_rule.dst_port,
+					p->ip_rule.mask_dst_port,
+					p->ip_rule.protocol,
+					p->ip_rule.direction);	
 			break;
 		case REGION_EXPR:
 			if(p->expr_rule.district==NULL)
 			{
-				ret=snprintf(buff,sz,"%d\t%d\t%s\t%d\t%d\t%d\t1"
-						,p->region_id
-						,group_id
-						,p->expr_rule.keywords
-						,p->expr_rule.expr_type
-						,p->expr_rule.match_method
-						,p->expr_rule.hex_bin);	
+				ret=snprintf(buff,sz,"%d\t%d\t%s\t%d\t%d\t%d\t1",
+						p->region_id,
+						group_id,
+						p->expr_rule.keywords,
+						p->expr_rule.expr_type,
+						p->expr_rule.match_method,
+						p->expr_rule.hex_bin);	
 			}
 			else	//expr_plus
 			{
-				ret=snprintf(buff,sz,"%d\t%d\t%s\t%s\t%d\t%d\t%d\t1"
-						,p->region_id
-						,group_id
-						,p->expr_rule.keywords
-						,p->expr_rule.district
-						,p->expr_rule.expr_type
-						,p->expr_rule.match_method
-						,p->expr_rule.hex_bin);	
+				ret=snprintf(buff,sz,"%d\t%d\t%s\t%s\t%d\t%d\t%d\t1",
+						p->region_id,
+						group_id,
+						p->expr_rule.district,
+						p->expr_rule.keywords,
+						p->expr_rule.expr_type,
+						p->expr_rule.match_method,
+						p->expr_rule.hex_bin);	
 			}
 			break;
 		case REGION_INTERVAL:
-			ret=snprintf(buff,sz,"%d\t%d\t%u\t%u\t1"
-					,p->region_id
-					,group_id
-					,p->interval_rule.low_boundary
-					,p->interval_rule.up_boundary);
+			ret=snprintf(buff,sz,"%d\t%d\t%u\t%u\t1",
+					p->region_id,
+					group_id,
+					p->interval_rule.low_boundary,
+					p->interval_rule.up_boundary);
 			break;
 		case REGION_DIGEST:
-			ret=snprintf(buff,sz,"%d\t%d\t%llu\t%s\t%hd\t1"
-					,p->region_id
-					,group_id
-					,p->digest_rule.orgin_len
-					,p->digest_rule.digest_string
-					,p->digest_rule.confidence_degree);
+			ret=snprintf(buff,sz,"%d\t%d\t%llu\t%s\t%hd\t1",
+					p->region_id,
+					group_id,
+					p->digest_rule.orgin_len,
+					p->digest_rule.digest_string,
+					p->digest_rule.confidence_degree);
 			break;
 		case REGION_SIMILARITY:
-			ret=snprintf(buff,sz,"%d\t%d\t%s\t%hd\t1"
-					,p->region_id
-					,group_id
-					,p->similarity_rule.target
-					,p->similarity_rule.threshold);
+			ret=snprintf(buff,sz,"%d\t%d\t%s\t%hd\t1",
+					p->region_id,
+					group_id,
+					p->similarity_rule.target,
+					p->similarity_rule.threshold);
 			break;
 		default:
 			assert(0);
diff --git a/test/test_maatframe.cpp b/test/test_maatframe.cpp
index 5682666..3cffc1b 100644
--- a/test/test_maatframe.cpp
+++ b/test/test_maatframe.cpp
@@ -2292,6 +2292,123 @@ TEST_F(MaatCmdTest,    RefGroup)
 	EXPECT_EQ(result[0].config_id, compile1.config_id);
 	Maat_clean_status(&mid);
 
+}
+#define MaatCmdTest_VirtualTable
+TEST_F(MaatCmdTest,   VirtualTable)
+{
+	Maat_feather_t feather=MaatCmdTest::_shared_feather;
+	const char* group_table_name="GROUP";
+	const char* compile_table_name="COMPILE";
+	const char* region_table_name="HTTP_SIGNATURE";
+
+	struct Maat_rule_t compile1;
+	struct Maat_group_t group1, group2;
+	struct Maat_region_t region1, region2;
+
+	memset(&compile1, 0, sizeof(compile1));
+	compile1.config_id=(int)Maat_cmd_incrby(feather, "TEST_SEQ", 1);
+	Maat_command_raw_set_compile(feather, MAAT_OP_ADD, &compile1, compile_table_name, NULL, 2);
+
+	
+	//group1->compile1
+	memset(&group1, 0, sizeof(group1));
+	group1.group_id=Maat_cmd_get_new_group_id(feather);
+	group1.table_name=group_table_name;
+	group1.virtual_table_name="HTTP_REQUEST_HEADER";
+	group1.parent_id=compile1.config_id;
+	group1.parent_type=PARENT_TYPE_COMPILE;
+	Maat_command_raw_set_group(feather, MAAT_OP_ADD, &group1);
+
+
+	/*region1->group1->compile1
+	*/
+	memset(&region1, 0, sizeof(region1));
+	region1.region_id=Maat_cmd_get_new_region_id(feather);
+	region1.region_type=REGION_EXPR;
+	region1.table_name=region_table_name;
+	region1.expr_rule.district="User-Agent";
+	region1.expr_rule.keywords="AppleWebKit";
+	region1.expr_rule.expr_type=EXPR_TYPE_STRING;
+	Maat_command_raw_set_region(feather, MAAT_OP_ADD, &region1, group1.group_id);
+
+
+	//group2->compile1
+	memset(&group2, 0, sizeof(group2));
+	group2.group_id=Maat_cmd_get_new_group_id(feather);
+	group2.table_name=group_table_name;
+	group2.virtual_table_name="HTTP_RESPONSE_HEADER";
+	group2.parent_id=compile1.config_id;
+	group2.parent_type=PARENT_TYPE_COMPILE;
+	Maat_command_raw_set_group(feather, MAAT_OP_ADD, &group2);
+
+	//region2->group2
+	memset(&region2, 0, sizeof(region2));
+	region2.region_id=Maat_cmd_get_new_region_id(feather);
+	region2.region_type=REGION_EXPR;
+	region2.table_name=region_table_name;
+	region2.expr_rule.district="Cookie";
+	region2.expr_rule.keywords="uid=12345678;";
+	region2.expr_rule.expr_type=EXPR_TYPE_STRING;
+	Maat_command_raw_set_region(feather, MAAT_OP_ADD, &region2, group2.group_id);
+
+	sleep(1);
+
+	int ret=0, table_id=0;
+	const char* http_req_hdr_ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36";
+	const char* http_resp_hdr_cookie="uid=12345678;BDORZ=B490B5EBF6F3CD402E515D22BCDA1598; sugstore=1;";
+	
+	struct Maat_rule_t result[4];
+	memset(result, 0, sizeof(result));
+	
+	scan_status_t mid=NULL;
+
+	table_id=Maat_table_register(feather, "HTTP_REQUEST_HEADER");	
+	ASSERT_GT(table_id, 0);
+	
+	ret=Maat_set_scan_status(feather, &mid, MAAT_SET_SCAN_DISTRICT, "User-Agent", strlen("User-Agent"));
+	ASSERT_EQ(ret, 0);
+	
+	ret=Maat_full_scan_string(feather, table_id, CHARSET_GBK, http_req_hdr_ua, strlen(http_req_hdr_ua), 
+						result, NULL, 4, &mid, 0);
+
+	EXPECT_EQ(ret, -2);
+	
+
+	table_id=Maat_table_register(feather, "HTTP_RESPONSE_HEADER");
+	ASSERT_GT(table_id, 0);
+
+	ret=Maat_set_scan_status(feather, &mid, MAAT_SET_SCAN_DISTRICT, "Cookie", strlen("Cookie"));
+	ASSERT_EQ(ret, 0);
+
+	ret=Maat_full_scan_string(feather, table_id, CHARSET_GBK, http_resp_hdr_cookie, strlen(http_resp_hdr_cookie), 
+						result, NULL, 4, &mid, 0);
+
+	EXPECT_EQ(ret, 1);
+	EXPECT_EQ(result[0].config_id, compile1.config_id);	
+
+	Maat_clean_status(&mid);
+
+	//Delete group1
+	Maat_command_raw_set_group(feather, MAAT_OP_DEL, &group1);
+	Maat_command_raw_set_compile(feather, MAAT_OP_DEL, &compile1, compile_table_name, NULL, 2);	
+	Maat_command_raw_set_compile(feather, MAAT_OP_ADD, &compile1, compile_table_name, NULL, 1);	
+
+	sleep(1);
+
+	table_id=Maat_table_register(feather, "HTTP_RESPONSE_HEADER");
+	ASSERT_GT(table_id, 0);
+
+	ret=Maat_set_scan_status(feather, &mid, MAAT_SET_SCAN_DISTRICT, "Cookie", strlen("Cookie"));
+	ASSERT_EQ(ret, 0);
+
+	ret=Maat_full_scan_string(feather, table_id, CHARSET_GBK, http_resp_hdr_cookie, strlen(http_resp_hdr_cookie), 
+						result, NULL, 4, &mid, 0);
+
+	EXPECT_EQ(ret, 1);
+	EXPECT_EQ(result[0].config_id, compile1.config_id);	
+	Maat_clean_status(&mid);
+	return;
+
 }
 
 TEST_F(MaatCmdTest, SetLines)