公开(公告)号：US20140298445A1

公开(公告)日：2014-10-02

申请号：US14307014

申请日：2014-06-17

Applicant: Huawei Technologies Co., Ltd.

Inventor： Wu Jiang ,  Zhihui Xue ,  Shiguang Li ,  Shiguang Wan

IPC: H04L29/06

CPC classification number: H04L63/0245 ,  G06F17/30876 ,  H04L63/0227 ,  H04L63/0236 ,  H04L63/20 ,  H04L67/02

Abstract: A method and an apparatus for filtering a uniform resource locator (URL). According to the method, a first category corresponding to a URL connection request can be found in a pre-stored category information table; when the first category conforms to a predetermined URL passing through policy, the URL connection request is allowed to pass through; the URL connection request is forwarded to a corresponding server; a second category corresponding to a URL is determined according to web page content returned by the server; if the second category conforms to the predetermined URL passing through policy, the web page content is sent to a client; if the second category does not conform to the predetermined URL passing through policy, the web page content is blocked. A category to which a URL belongs can be determined in real time, and implementing a function of accurate category filtration.

Abstract translation: 用于过滤统一资源定位符（URL）的方法和装置。 根据该方法，可以在预先存储的类别信息表中找到对应于URL连接请求的第一类别; 当第一类别符合通过策略的预定URL时，允许URL连接请求通过; URL连接请求被转发到相应的服务器; 根据服务器返回的网页内容确定与URL对应的第二类别; 如果第二类符合通过策略的预定URL，则将网页内容发送给客户端; 如果第二类别不符合通过策略的预定URL，则网页内容被阻止。 可以实时确定URL所属的类别，并实现准确的类别过滤功能。

公开(公告)号：US09380067B2

公开(公告)日：2016-06-28

申请号：US14317278

申请日：2014-06-27

Applicant: Huawei Technologies Co., Ltd.

Inventor： Zhihui Xue ,  Wu Jiang ,  Shiguang Li ,  Shiguang Wan

IPC: G06F21/55 ,  H04L29/06 ,  H04L12/26

CPC classification number: H04L63/1416 ,  H04L43/026 ,  H04L63/02 ,  H04L63/0263 ,  H04L63/1441

Abstract: An IPS detection processing method, a network security device and a system are disclosed. The method includes: determining, by a network security device, whether an internal network device is a client or a server; if the internal network device is the client, simplifying an IPS signature rule base to obtain an IPS signature rule base corresponding to the client, or if the internal network device is the server, simplifying the IPS signature rule base to obtain an IPS signature rule base corresponding to the server; generating a state machine according to a signature rule in the IPS signature rule base obtained through simplifying processing; and performing IPS detection on flowing-through traffic by applying the state machine. In embodiments of the present invention, the network security device performs IPS detection by adopting the state machine with a redundant state removed, thereby improving IPS detection efficiency.

Abstract translation: 公开了IPS检测处理方法，网络安全装置和系统。 该方法包括：由网络安全设备确定内部网络设备是客户端还是服务器; 如果内部网络设备是客户端，则简化IPS签名规则库，以获取与客户端相对应的IPS签名规则库，或者内部网络设备为服务器，简化IPS签名规则库以获取IPS签名规则库 对应于服务器; 根据通过简化处理获得的IPS签名规则库中的签名规则生成状态机; 并通过应用状态机对流量进行IPS检测。 在本发明的实施例中，网络安全装置通过采用去除冗余状态的状态机来执行IPS检测，从而提高IPS检测效率。

公开(公告)号：US09331981B2

公开(公告)日：2016-05-03

申请号：US14307014

申请日：2014-06-17

Applicant: Huawei Technologies Co., Ltd.

Inventor： Wu Jiang ,  Zhihui Xue ,  Shiguang Li ,  Shiguang Wan

IPC: H04L29/06 ,  G06F17/30 ,  H04L29/08

CPC classification number: H04L63/0245 ,  G06F17/30876 ,  H04L63/0227 ,  H04L63/0236 ,  H04L63/20 ,  H04L67/02

Abstract: A method and an apparatus for filtering a uniform resource locator (URL). According to the method, a first category corresponding to a URL connection request can be found in a pre-stored category information table; when the first category conforms to a predetermined URL passing through policy, the URL connection request is allowed to pass through; the URL connection request is forwarded to a corresponding server; a second category corresponding to a URL is determined according to web page content returned by the server; if the second category conforms to the predetermined URL passing through policy, the web page content is sent to a client; if the second category does not conform to the predetermined URL passing through policy, the web page content is blocked. A category to which a URL belongs can be determined in real time, and implementing a function of accurate category filtration.

Abstract translation: 用于过滤统一资源定位符（URL）的方法和装置。 根据该方法，可以在预先存储的类别信息表中找到对应于URL连接请求的第一类别; 当第一类别符合通过策略的预定URL时，允许URL连接请求通过; URL连接请求被转发到相应的服务器; 根据服务器返回的网页内容确定与URL对应的第二类别; 如果第二类符合通过策略的预定URL，则将网页内容发送给客户端; 如果第二类别不符合通过策略的预定URL，则网页内容被阻止。 可以实时确定URL所属的类别，并实现准确的类别过滤功能。

公开(公告)号：US20140317718A1

公开(公告)日：2014-10-23

申请号：US14317278

申请日：2014-06-27

Applicant: Huawei Technologies Co., Ltd.

Inventor： Zhihui Xue ,  Wu Jiang ,  Shiguang Li ,  Shiguang Wan

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  H04L43/026 ,  H04L63/02 ,  H04L63/0263 ,  H04L63/1441

Abstract: An IPS detection processing method, a network security device and a system are disclosed. The method includes: determining, by a network security device, whether an internal network device is a client or a server; if the internal network device is the client, simplifying an IPS signature rule base to obtain an IPS signature rule base corresponding to the client, or if the internal network device is the server, simplifying the IPS signature rule base to obtain an IPS signature rule base corresponding to the server; generating a state machine according to a signature rule in the IPS signature rule base obtained through simplifying processing; and performing IPS detection on flowing-through traffic by applying the state machine. In embodiments of the present invention, the network security device performs IPS detection by adopting the state machine with a redundant state removed, thereby improving IPS detection efficiency.

Abstract translation: 公开了IPS检测处理方法，网络安全装置和系统。 该方法包括：由网络安全设备确定内部网络设备是客户端还是服务器; 如果内部网络设备是客户端，则简化IPS签名规则库，以获取与客户端相对应的IPS签名规则库，或者内部网络设备为服务器，简化IPS签名规则库以获取IPS签名规则库 对应于服务器; 根据通过简化处理获得的IPS签名规则库中的签名规则生成状态机; 并通过应用状态机对流量进行IPS检测。 在本发明的实施例中，网络安全装置通过采用去除冗余状态的状态机来执行IPS检测，从而提高IPS检测效率。