Patent application number | Description | Published |
20110265181 | METHOD, SYSTEM AND GATEWAY FOR PROTECTION AGAINST NETWORK ATTACKS - A method, a system and a gateway for protection against network attacks are provided. The method includes: receiving source request information and destination request information that are sent by a client, where the destination request information is notified by a Domain Name System (DNS) to the client sending the source request information; checking the source request information and the destination request information; and discarding the source request information and the destination request information when the checking result is undesirable. Through the technical solution, the DNS selects the destination request information according to the source request information sent by the client, and establishes a corresponding relation between the client and a server according to a matching relation between the source request information and the destination request information, so as to prevent DDOS attacks. | 10-27-2011 |
20120204264 | METHOD, APPARATUS AND SYSTEM FOR DETECTING BOTNET - A method, an apparatus, and a system for detecting Botnet are disclosed. The method for detecting Botnet includes: obtaining an address information about a control host in a Bot sample by using an auto breakout environment; sending a query request message to a traffic analysis device to obtain an address information of a Bot host connected with the control host, in which the query request message carries the address information about the control host; and receiving a query response message returned by the traffic analysis device, in which the query response message carries the address information of the Bot host connected with the control host. The method for detecting Botnet can obtain the Botnet information in real time and construct a topology of the Botnet. | 08-09-2012 |
20120233691 | METHOD, DEVICE AND SYSTEM FOR ALERTING AGAINST UNKNOWN MALICIOUS CODES - A method, a device, and a system for alerting against unknown malicious codes are disclosed. The method includes: detecting characteristics of a packet; judging whether any suspicious code exists in the packet according to a result of the detection; recording a source address of the suspicious code if the suspicious code exists in the packet; and sending alert information that carries the source address to a monitoring device. The embodiments of the present invention can report source addresses of numerous suspicious codes proactively at the earliest possible time, lay a foundation for shortening the time required for overcoming virus threats, and avoid the trouble of installing software on the client. | 09-13-2012 |
20120254977 | METHOD, DEVICE, AND SYSTEM FOR NETWORK ATTACK PROTECTION - The present invention discloses a method for network attack protection, a device, and a system thereof. The method includes: receiving information about attack source, in which the information about the attack source carries address information about an attacker; obtaining address information about a gateway corresponding to the attacker according to the address information about the attacker and a preset mapping relationship between the attacker and the gateway corresponding to the attacker; and sending a first control message to the gateway corresponding to the attacker according to the address information about the gateway corresponding to the attacker, wherein the first control message instructs the gateway corresponding to the attacker to control traffic of the attacker. The present invention may be used on a communications network to prevent the attacker from attacking victim hosts on the network from the root, avoid blockage on the upstream network of the victim hosts. | 10-04-2012 |
20130081136 | METHOD AND DEVICE FOR DETECTING FLOOD ATTACKS - Disclosed is a flood attack detection method, wherein the total number of keywords of a source packet is acquired, and the number of feature parameters corresponding to the source packet is acquired. A ratio of the number of feature parameters to the total number of keywords is compared with a preset threshold, and if the ratio is greater than or equal to the preset threshold, it is determined that a flood attack occurs. | 03-28-2013 |
20130133068 | METHOD, APPARATUS AND SYSTEM FOR PREVENTING DDOS ATTACKS IN CLOUD SYSTEM - A method, an apparatus and a system for preventing DDoS (Distributed Denial of Service) attacks in a cloud system. The method for preventing DDoS attacks in a cloud system includes: monitoring, by a protection node in a cloud system, data traffic input into virtual machines, where the cloud system includes the protection node and multiple virtual machines, and data streams communicated between the virtual machines pass through the protection node; extracting data streams to be input into virtual machines if it is detected that the data traffic input into the virtual machines is abnormal; sending the extracted data streams to a traffic cleaning apparatus for cleaning; receiving the data streams cleaned by the traffic cleaning apparatus; and inputting the cleaned data streams into the virtual machines. The technical solutions provided in the embodiments of the present disclosure can effectively prevent DDoS attacks between virtual machines in the cloud system. | 05-23-2013 |
20130219467 | NETWORK AUTHENTICATION METHOD, METHOD FOR CLIENT TO REQUEST AUTHENTICATION, CLIENT, AND DEVICE - A network authentication method, a client and a device are provided. The method includes: receiving SYN data sent by a client, where the SYN data includes a sequence number SEQ1 and a network parameter comprising an ID in the header of the SYN data; sending SYN_ACK data to the client, where the SYN_ACK data includes an acknowledgment number ACK2 obtained by carrying out a function transformation according to the network parameter; receiving RST data sent by the client, where the RST data includes a sequence number SEQ3 or an acknowledgment number ACK3, and the RST data further includes a network parameter the same as that of the SYN data; carrying out the function transformation according to the network parameter of the RST data to obtain a check value CHK; and passing the authentication of the client if CHK matches SEQ3 or ACK3. | 08-22-2013 |
20140189879 | METHOD FOR IDENTIFYING FILE TYPE AND APPARATUS FOR IDENTIFYING FILE TYPE - A method for identifying a file type and an apparatus for identifying a file type, so as to solve a problem in the prior art that a file type cannot be effectively identified when a sender tampers with a file being transmitted. The method includes: acquiring, from a transmitted data packet, a file header of a file to be identified, and determining whether a magic number can be obtained from the file header; if the magic number can be obtained, searching for the file type that corresponds to the magic number; determining whether data of the file to be identified complies with a data structure feature of the file type; if yes, determining that a file type of the file to be identified is the file type that corresponds to the magic number; and if not, determining that a file type of the file is an abnormal type. | 07-03-2014 |
20140289856 | Method and Device for Optimizing and Configuring Detection Rule - A method and a device for optimizing and configuring a detection rule, where the method includes: a network entity receives network traffic; extracts a packet from the network traffic, and identifies, according to a feature of the packet, protocol related information used in the network; saves the protocol related information and correspondence between pieces of information in the protocol related information to a first learning association table; and matches a corresponding rule from a vulnerability rule base according to the protocol related information to generate a first compact rule set. Through the generated compact rule set in the present invention, subsequent protocol detection is performed only for a protocol threat that may occur in a live network; therefore, content that needs to be detected subsequently is reduced, the detection efficiency is improved, and unnecessary performance consumption is avoided at the same time. | 09-25-2014 |
20140298445 | Method and Apparatus for Filtering URL - A method and an apparatus for filtering a uniform resource locator (URL). According to the method, a first category corresponding to a URL connection request can be found in a pre-stored category information table; when the first category conforms to a predetermined URL passing through policy, the URL connection request is allowed to pass through; the URL connection request is forwarded to a corresponding server; a second category corresponding to a URL is determined according to web page content returned by the server; if the second category conforms to the predetermined URL passing through policy, the web page content is sent to a client; if the second category does not conform to the predetermined URL passing through policy, the web page content is blocked. A category to which a URL belongs can be determined in real time, and implementing a function of accurate category filtration. | 10-02-2014 |
20140298466 | Data Detecting Method and Apparatus for Firewall - A data detecting method and apparatus for a firewall device connected with a network to identify security threat in the data, where the method is implemented by a fast forwarder in the firewall device and includes: the fast forwarder receives application data; obtains application information in the received application data; determines an application protocol type corresponding to the application data according to the application information and an application identifying table; queries a configuration item for threat detection according to the application protocol type to determine whether the application data requires threat detection; and if the application data does not require threat detection, forwarding the application data. The data detecting method avoids a problem that performance of a firewall is degraded because all application data is sent to a detecting processor in the firewall device for detection, thereby improving an performance of the firewall device. | 10-02-2014 |
20140310322 | Method and System for Identifying File Type - A method and a system for identifying a file type. A modification interface may be provided so that a user inputs a file feature parameter, and the file feature parameter input by the user is added to a file type configuration file, then the file type configuration file is loaded to a state machine to perform file type identification. Therefore, the user can modify a file feature parameter in the original file type configuration file, and when a file feature parameter of a file of a certain type is changed or a file of a new type appears, the user can update a file feature parameter in the state machine in time to identify the changed file or the file of the new type. In this way, the user does not need to search for an identification tool on the Internet. | 10-16-2014 |
20140317718 | IPS Detection Processing Method, Network Security Device, and System - An IPS detection processing method, a network security device and a system are disclosed. The method includes: determining, by a network security device, whether an internal network device is a client or a server; if the internal network device is the client, simplifying an IPS signature rule base to obtain an IPS signature rule base corresponding to the client, or if the internal network device is the server, simplifying the IPS signature rule base to obtain an IPS signature rule base corresponding to the server; generating a state machine according to a signature rule in the IPS signature rule base obtained through simplifying processing; and performing IPS detection on flowing-through traffic by applying the state machine. In embodiments of the present invention, the network security device performs IPS detection by adopting the state machine with a redundant state removed, thereby improving IPS detection efficiency. | 10-23-2014 |
20140331306 | Anti-Virus Method and Apparatus and Firewall Device - An anti-virus method which includes receiving, by a first thread, data packets belonging to the same data stream, and sequentially buffering payload data of data packets bearing file content among the received data packets into a first queue, reading, by a second thread, payload data of at least one data packet from a start position of the first queue, and determining whether payload data in the first queue is file content of a compressed file. If yes, identifying a compressed format of the compressed file, querying a decompression algorithm from a mapping between a compressed format and a decompression algorithm, by using the queried decompression algorithm, reading payload data of data packets one by one from the first queue, and performing decompression processing separately on payload data that is read each time, and performing anti-virus detection separately on file content that is obtained. | 11-06-2014 |
20150033343 | Method, Apparatus, and Device for Detecting E-Mail Attack - A method, an apparatus, and a device for detecting an E-mail attack. The device receives a data flow; obtains an E-mail traffic parameter of each statistic period within a predetermined number of statistic periods, where within each statistic period, the E-mail traffic parameter of each of the statistic periods is determined according to a protocol type of the received data flow; and determines that an E-mail attack is detected when the E-mail traffic parameter of each statistic period within the predetermined number of statistic periods matches a first threshold. By applying the disclosed embodiments, a detection result of the E-mail attack is more accurate. | 01-29-2015 |