-
公开(公告)号:US09331981B2
公开(公告)日:2016-05-03
申请号:US14307014
申请日:2014-06-17
Applicant: Huawei Technologies Co., Ltd.
Inventor: Wu Jiang , Zhihui Xue , Shiguang Li , Shiguang Wan
CPC classification number: H04L63/0245 , G06F17/30876 , H04L63/0227 , H04L63/0236 , H04L63/20 , H04L67/02
Abstract: A method and an apparatus for filtering a uniform resource locator (URL). According to the method, a first category corresponding to a URL connection request can be found in a pre-stored category information table; when the first category conforms to a predetermined URL passing through policy, the URL connection request is allowed to pass through; the URL connection request is forwarded to a corresponding server; a second category corresponding to a URL is determined according to web page content returned by the server; if the second category conforms to the predetermined URL passing through policy, the web page content is sent to a client; if the second category does not conform to the predetermined URL passing through policy, the web page content is blocked. A category to which a URL belongs can be determined in real time, and implementing a function of accurate category filtration.
Abstract translation: 用于过滤统一资源定位符(URL)的方法和装置。 根据该方法,可以在预先存储的类别信息表中找到对应于URL连接请求的第一类别; 当第一类别符合通过策略的预定URL时,允许URL连接请求通过; URL连接请求被转发到相应的服务器; 根据服务器返回的网页内容确定与URL对应的第二类别; 如果第二类符合通过策略的预定URL,则将网页内容发送给客户端; 如果第二类别不符合通过策略的预定URL,则网页内容被阻止。 可以实时确定URL所属的类别,并实现准确的类别过滤功能。
-
公开(公告)号:US20140331306A1
公开(公告)日:2014-11-06
申请号:US14333788
申请日:2014-07-17
Applicant: Huawei Technologies Co., Ltd.
Inventor: Jiwei Zhao , Wu Jiang , Shiguang Li , Zhigang Chen
IPC: H04L29/06
CPC classification number: H04L63/1408 , H04L63/02 , H04L63/1416 , H04L63/145
Abstract: An anti-virus method which includes receiving, by a first thread, data packets belonging to the same data stream, and sequentially buffering payload data of data packets bearing file content among the received data packets into a first queue, reading, by a second thread, payload data of at least one data packet from a start position of the first queue, and determining whether payload data in the first queue is file content of a compressed file. If yes, identifying a compressed format of the compressed file, querying a decompression algorithm from a mapping between a compressed format and a decompression algorithm, by using the queried decompression algorithm, reading payload data of data packets one by one from the first queue, and performing decompression processing separately on payload data that is read each time, and performing anti-virus detection separately on file content that is obtained.
Abstract translation: 一种防病毒方法,包括由第一线程接收属于相同数据流的数据分组,并且将接收到的数据分组中承载文件内容的数据分组的有效载荷数据顺序地缓存到第一队列中,由第二线程 来自第一队列的开始位置的至少一个数据分组的有效载荷数据,以及确定第一队列中的有效载荷数据是否是压缩文件的文件内容。 如果是,则通过使用查询解压缩算法,从第一队列逐个读取数据包的有效载荷数据,识别压缩文件的压缩格式,从压缩格式和解压缩算法之间的映射查询解压缩算法,以及 对每次读取的有效载荷数据分别进行解压缩处理,并对获得的文件内容分别进行防病毒检测。
-
23.发明申请公开(公告)号:US20140317718A1
公开(公告)日:2014-10-23
申请号:US14317278
申请日:2014-06-27
Applicant: Huawei Technologies Co., Ltd.
Inventor: Zhihui Xue , Wu Jiang , Shiguang Li , Shiguang Wan
IPC: H04L29/06
CPC classification number: H04L63/1416 , H04L43/026 , H04L63/02 , H04L63/0263 , H04L63/1441
Abstract: An IPS detection processing method, a network security device and a system are disclosed. The method includes: determining, by a network security device, whether an internal network device is a client or a server; if the internal network device is the client, simplifying an IPS signature rule base to obtain an IPS signature rule base corresponding to the client, or if the internal network device is the server, simplifying the IPS signature rule base to obtain an IPS signature rule base corresponding to the server; generating a state machine according to a signature rule in the IPS signature rule base obtained through simplifying processing; and performing IPS detection on flowing-through traffic by applying the state machine. In embodiments of the present invention, the network security device performs IPS detection by adopting the state machine with a redundant state removed, thereby improving IPS detection efficiency.
Abstract translation: 公开了IPS检测处理方法,网络安全装置和系统。 该方法包括:由网络安全设备确定内部网络设备是客户端还是服务器; 如果内部网络设备是客户端,则简化IPS签名规则库,以获取与客户端相对应的IPS签名规则库,或者内部网络设备为服务器,简化IPS签名规则库以获取IPS签名规则库 对应于服务器; 根据通过简化处理获得的IPS签名规则库中的签名规则生成状态机; 并通过应用状态机对流量进行IPS检测。 在本发明的实施例中,网络安全装置通过采用去除冗余状态的状态机来执行IPS检测,从而提高IPS检测效率。
-
公开(公告)号:US20140289856A1
公开(公告)日:2014-09-25
申请号:US14300409
申请日:2014-06-10
Applicant: Huawei Technologies Co., Ltd.
IPC: G06F21/55
CPC classification number: G06F21/554 , G06F21/552 , H04L43/028 , H04L43/18 , H04L63/0236 , H04L63/0263 , H04L63/1416
Abstract: A method and a device for optimizing and configuring a detection rule, where the method includes: a network entity receives network traffic; extracts a packet from the network traffic, and identifies, according to a feature of the packet, protocol related information used in the network; saves the protocol related information and correspondence between pieces of information in the protocol related information to a first learning association table; and matches a corresponding rule from a vulnerability rule base according to the protocol related information to generate a first compact rule set. Through the generated compact rule set in the present invention, subsequent protocol detection is performed only for a protocol threat that may occur in a live network; therefore, content that needs to be detected subsequently is reduced, the detection efficiency is improved, and unnecessary performance consumption is avoided at the same time.
Abstract translation: 一种用于优化和配置检测规则的方法和设备,其中所述方法包括:网络实体接收网络流量; 从网络流量提取分组,并根据分组的特征识别网络中使用的协议相关信息; 将协议相关信息中的协议相关信息和协议相关信息中的信息之间的对应关系保存到第一学习关联表; 并根据协议相关信息匹配来自漏洞规则库的相应规则,以生成第一个紧凑规则集。 通过本发明生成的紧凑规则,仅对可能在实时网络中发生的协议威胁进行后续协议检测; 因此,随后需要检测的内容减少,提高了检测效率,同时避免了不必要的性能消耗。
-
公开(公告)号:US11863587B2
公开(公告)日:2024-01-02
申请号:US16440795
申请日:2019-06-13
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Inventor: Wu Jiang
CPC classification number: H04L63/1483 , H04L63/0236 , H04L63/1425 , H04L63/20 , H04L69/22
Abstract: A webshell detection method and apparatus are provided. The apparatus obtains first web traffic of a protected host; generates a web page visit record of the protected host based on the first web traffic, where the web page visit record is used to save at least one uniform resource locator (URL), an IP address visiting each URL, and a total quantity of visits to each URL; determines a suspicious URL from the at least one URL based on the web page visit record, where a total quantity of visits to the suspicious URL is less than a first threshold, and a ratio of a quantity of different IP addresses visiting the suspicious URL to the total quantity of visits to the suspicious URL is less than a second threshold; and determines whether a web page identified by the suspicious URL contains a webshell signature.
-
Patent Agency Ranking
公开(公告)号:US11843518B2
公开(公告)日:2023-12-12
申请号:US17742341
申请日:2022-05-11
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Inventor: Wu Jiang
IPC: H04L41/00 , H04L12/66 , H04L41/0894 , H04L41/5006 , H04L41/5009
CPC classification number: H04L41/20 , H04L12/66 , H04L41/0894 , H04L41/5006 , H04L41/5009
Abstract: This application discloses a network service processing method, a network service processing system, and a gateway device, to alleviate a problem that the gateway device cannot meet increasing additional function requirements. The gateway device identifies a type of a first intranet device, where the first intranet device belongs to an intranet connected to the gateway device. The gateway device obtains a first software package based on the type of the first intranet device, where the first software package is used to implement a first additional function. The gateway device sends a first indication message and the first software package to the first intranet device, where the first indication message is used to indicate the first intranet device to install the first software package and execute the first additional function.
-
公开(公告)号:US11290484B2
公开(公告)日:2022-03-29
申请号:US16897707
申请日:2020-06-10
Applicant: Huawei Technologies Co., Ltd.
Inventor: Wu Jiang
Abstract: A bot characteristic detection method and apparatus, where the apparatus obtains a first dynamic behavior file and a second dynamic behavior file, where the first dynamic behavior file is a behavior file resulting from dynamic behavior detection performed on a malicious file in a first sandbox, and the second dynamic behavior file is a behavior file resulting from dynamic behavior detection performed on the malicious file in a second sandbox. The apparatus determines a bot characteristic of the malicious file based on a common characteristic of the first dynamic behavior file and the second dynamic behavior file.
-
公开(公告)号:US10135844B2
公开(公告)日:2018-11-20
申请号:US14512777
申请日:2014-10-13
Applicant: Huawei Technologies Co., Ltd.
Inventor: Wu Jiang , Xingshui Dong
Abstract: A method, an apparatus, and a device for detecting an E-mail attack. The device receives a data flow; obtains an E-mail traffic parameter of each statistic period within a predetermined number of statistic periods, where within each statistic period, the E-mail traffic parameter of each of the statistic periods is determined according to a protocol type of the received data flow; and determines that an E-mail attack is detected when the E-mail traffic parameter of each statistic period within the predetermined number of statistic periods matches a first threshold. By applying the disclosed embodiments, a detection result of the E-mail attack is more accurate.
-
公开(公告)号:US20170302689A1
公开(公告)日:2017-10-19
申请号:US15631337
申请日:2017-06-23
Applicant: Huawei Technologies Co., Ltd.
Inventor: Wu Jiang
CPC classification number: H04L63/1416 , G06F21/562 , G06F21/564 , G06F21/568 , G06F21/57 , G06F21/577 , H04L29/06 , H04L63/02 , H04L63/1408 , H04L63/1433 , H04L63/1441 , H04W12/12
Abstract: A network security protection method and apparatus are provided. The method is executed by a network security protection device, and includes obtaining at least one of network environment data or threat detection data of a host that is in a protected network and that is connected to the network security protection device, where the network environment data includes an identifier of an operating system, a parameter of the operating system, an identifier of software with a network port access function, or a parameter of the software; and the threat detection data includes a threat type or a threat identifier, where the threat type includes a vulnerability or a malicious program; searching, according to the obtained at least one of network environment data or threat detection data, for corresponding information used to eliminate a security threat in the host; and sending the found information to the host.
-
公开(公告)号:US09405758B2
公开(公告)日:2016-08-02
申请号:US14314711
申请日:2014-06-25
Applicant: Huawei Technologies Co., Ltd.
Inventor: Linghong Ruan , Wu Jiang , Shiguang Li , Zhenhui Wang
IPC: G06F17/30
CPC classification number: G06F17/30115 , G06F17/3012
Abstract: A method and a system for identifying a file type. A modification interface may be provided so that a user inputs a file feature parameter, and the file feature parameter input by the user is added to a file type configuration file, then the file type configuration file is loaded to a state machine to perform file type identification. Therefore, the user can modify a file feature parameter in the original file type configuration file, and when a file feature parameter of a file of a certain type is changed or a file of a new type appears, the user can update a file feature parameter in the state machine in time to identify the changed file or the file of the new type. In this way, the user does not need to search for an identification tool on the Internet.
Abstract translation: 用于识别文件类型的方法和系统。 可以提供修改界面,使得用户输入文件特征参数,并且将由用户输入的文件特征参数添加到文件类型配置文件中,然后将文件类型配置文件加载到状态机以执行文件类型 识别。 因此,用户可以修改原始文件类型配置文件中的文件特征参数,并且当特定类型的文件的文件特征参数改变或新类型的文件出现时,用户可以更新文件特征参数 在状态机中及时识别已更改的文件或新文件的类型。 以这种方式,用户不需要在因特网上搜索识别工具。
-
-
-
-
-
-
-
-
-
Search Results
35
records
(took 0.022 seconds)
