公开(公告)号：US20220272003A1

公开(公告)日：2022-08-25

申请号：US17742341

申请日：2022-05-11

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Wu Jiang

IPC: H04L41/00 ,  H04L12/66 ,  H04L41/0894 ,  H04L41/5009 ,  H04L41/5006

Abstract: This application discloses a network service processing method, a network service processing system, and a gateway device, to alleviate a problem that the gateway device cannot meet increasing additional function requirements. The gateway device identifies a type of a first intranet device, where the first intranet device belongs to an intranet connected to the gateway device. The gateway device obtains a first software package based on the type of the first intranet device, where the first software package is used to implement a first additional function. The gateway device sends a first indication message and the first software package to the first intranet device, where the first indication message is used to indicate the first intranet device to install the first software package and execute the first additional function.

公开(公告)号：US20200304521A1

公开(公告)日：2020-09-24

申请号：US16897707

申请日：2020-06-10

Applicant: Huawei Technologies Co., Ltd.

Inventor： Wu Jiang

IPC: H04L29/06 ,  G06F21/53 ,  G06F21/56

Abstract: A bot characteristic detection method and apparatus, where the apparatus obtains a first dynamic behavior file and a second dynamic behavior file, where the first dynamic behavior file is a behavior file resulting from dynamic behavior detection performed on a malicious file in a first sandbox, and the second dynamic behavior file is a behavior file resulting from dynamic behavior detection performed on the malicious file in a second sandbox. The apparatus determines a bot characteristic of the malicious file based on a common characteristic of the first dynamic behavior file and the second dynamic behavior file.

公开(公告)号：US20200220896A1

公开(公告)日：2020-07-09

申请号：US16824036

申请日：2020-03-19

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Wu Jiang

IPC: H04L29/06 ,  H04L12/26 ,  H04L12/715

Abstract: A software defined networking (SDN)-based distributed denial of service (DDoS) attack prevention method, an apparatus, and a system, where a controller delivers a traffic statistics collection instruction to a first packet forwarding device. The traffic statistics collection instruction instructs the first packet forwarding device to perform traffic statistics collection, and carries a destination Internet Protocol (IP) address. The controller collects statistical data reported by the first packet forwarding device, obtains, according to the statistical data, a statistical value of global traffic flowing to the destination IP address, and delivers a DDoS prevention policy to a second packet forwarding device based on a determining result that the statistical value of the global traffic exceeds the preset threshold. Correspondingly, the second packet forwarding device receives the DDoS prevention policy from the controller, and performs, according to the DDoS prevention policy, prevention process on the traffic flowing to the destination IP address.

公开(公告)号：US08886927B2

公开(公告)日：2014-11-11

申请号：US13740519

申请日：2013-01-14

Applicant: Huawei Technologies Co., Ltd.

Inventor： Wu Jiang

IPC: H04L29/06 ,  G06F9/455 ,  H04L29/08

CPC classification number: H04L63/1458 ,  G06F9/45533 ,  G06F9/45558 ,  G06F2009/45587 ,  H04L63/1425 ,  H04L67/10 ,  H04L2463/142

Abstract: A method, an apparatus and a system for preventing DDoS (Distributed Denial of Service) attacks in a cloud system. The method for preventing DDoS attacks in a cloud system includes: monitoring, by a protection node in a cloud system, data traffic input into virtual machines, where the cloud system includes the protection node and multiple virtual machines, and data streams communicated between the virtual machines pass through the protection node; extracting data streams to be input into virtual machines if it is detected that the data traffic input into the virtual machines is abnormal; sending the extracted data streams to a traffic cleaning apparatus for cleaning; receiving the data streams cleaned by the traffic cleaning apparatus; and inputting the cleaned data streams into the virtual machines. The technical solutions provided in the embodiments of the present disclosure can effectively prevent DDoS attacks between virtual machines in the cloud system.

Abstract translation: 用于防止云系统中的DDoS（分布式拒绝服务）攻击的方法，装置和系统。 在云系统中防止DDoS攻击的方法包括：由云系统中的保护节点监控输入虚拟机的数据流量，云系统中包括保护节点和多个虚拟机，以及在虚拟机之间传输的数据流 机器通过保护节点; 如果检测到输入虚拟机的数据业务异常，则提取要输入虚拟机的数据流; 将提取的数据流发送到用于清洁的交通清洁设备; 接收由交通清洁装置清洁的数据流; 并将清理的数据流输入到虚拟机中。 在本公开的实施例中提供的技术方案可以有效地防止云系统中的虚拟机之间的DDoS攻击。

公开(公告)号：US12184511B2

公开(公告)日：2024-12-31

申请号：US18511806

申请日：2023-11-16

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Wu Jiang

IPC: H04L41/00 ,  H04L12/66 ,  H04L41/0894 ,  H04L41/5006 ,  H04L41/5009

Abstract: This application discloses a network service processing method, a network service processing system, and a gateway device, to alleviate a problem that the gateway device cannot meet increasing additional function requirements. The gateway device identifies a type of a first intranet device, where the first intranet device belongs to an intranet connected to the gateway device. The gateway device obtains a first software package based on the type of the first intranet device, where the first software package is used to implement a first additional function. The gateway device sends a first indication message and the first software package to the first intranet device, where the first indication message is used to indicate the first intranet device to install the first software package and execute the first additional function.

公开(公告)号：US20180013787A1

公开(公告)日：2018-01-11

申请号：US15711725

申请日：2017-09-21

Applicant: Huawei Technologies Co., Ltd.

Inventor： Wu Jiang

IPC: H04L29/06 ,  H04L12/26 ,  H04L12/715 ,  H04L12/771

CPC classification number: H04L63/1458 ,  H04L29/06 ,  H04L43/0876 ,  H04L43/16 ,  H04L45/56 ,  H04L45/64 ,  H04L63/0254 ,  H04L63/1425 ,  H04L63/20

Abstract: A software defined networking (SDN)-based distributed denial of service (DDoS) attack prevention method, an apparatus, and a system, where a controller delivers a traffic statistics collection instruction to a first packet forwarding device. The traffic statistics collection instruction instructs the first packet forwarding device to perform traffic statistics collection, and carries a destination Internet Protocol (IP) address. The controller collects statistical data reported by the first packet forwarding device, obtains, according to the statistical data, a statistical value of global traffic flowing to the destination IP address, and delivers a DDoS prevention policy to a second packet forwarding device based on a determining result that the statistical value of the global traffic exceeds the preset threshold. Correspondingly, the second packet forwarding device receives the DDoS prevention policy from the controller, and performs, according to the DDoS prevention policy, prevention process on the traffic flowing to the destination IP address.

公开(公告)号：US20140310322A1

公开(公告)日：2014-10-16

申请号：US14314711

申请日：2014-06-25

Applicant: Huawei Technologies Co., Ltd.

Inventor： Linghong Ruan ,  Wu Jiang ,  Shiguang Li ,  Zhenhui Wang

IPC: G06F17/30

CPC classification number: G06F17/30115 ,  G06F17/3012

Abstract: A method and a system for identifying a file type. A modification interface may be provided so that a user inputs a file feature parameter, and the file feature parameter input by the user is added to a file type configuration file, then the file type configuration file is loaded to a state machine to perform file type identification. Therefore, the user can modify a file feature parameter in the original file type configuration file, and when a file feature parameter of a file of a certain type is changed or a file of a new type appears, the user can update a file feature parameter in the state machine in time to identify the changed file or the file of the new type. In this way, the user does not need to search for an identification tool on the Internet.

Abstract translation: 用于识别文件类型的方法和系统。 可以提供修改界面，使得用户输入文件特征参数，并且将由用户输入的文件特征参数添加到文件类型配置文件中，然后将文件类型配置文件加载到状态机以执行文件类型 识别。 因此，用户可以修改原始文件类型配置文件中的文件特征参数，并且当特定类型的文件的文件特征参数改变或新类型的文件出现时，用户可以更新文件特征参数 在状态机中及时识别已更改的文件或新文件的类型。 以这种方式，用户不需要在因特网上搜索识别工具。

公开(公告)号：US08800001B2

公开(公告)日：2014-08-05

申请号：US13856141

申请日：2013-04-03

Applicant: Huawei Technologies Co., Ltd.

Inventor： Wu Jiang

IPC: H04L29/06

CPC classification number: H04L63/08 ,  H04L63/02 ,  H04L63/1466 ,  H04L69/161 ,  H04L69/163

Abstract: A network authentication method, a client and a device are provided. The method includes: receiving SYN data sent by a client, where the SYN data includes a sequence number SEQ1 and a network parameter comprising an ID in the header of the SYN data; sending SYN_ACK data to the client, where the SYN_ACK data includes an acknowledgment number ACK2 obtained by carrying out a function transformation according to the network parameter; receiving RST data sent by the client, where the RST data includes a sequence number SEQ3 or an acknowledgment number ACK3, and the RST data further includes a network parameter the same as that of the SYN data; carrying out the function transformation according to the network parameter of the RST data to obtain a check value CHK; and passing the authentication of the client if CHK matches SEQ3 or ACK3.

Abstract translation: 提供网络认证方法，客户端和设备。 该方法包括：接收客户端发送的SYN数据，其中SYN数据包括序列号SEQ1和包含SYN数据报头中的ID的网络参数; 向客户端发送SYN_ACK数据，其中SYN_ACK数据包括通过根据网络参数执行功能变换获得的确认号码ACK2; 接收由客户发送的RST数据，其中RST数据包括序列号SEQ3或确认号ACK3，并且RST数据还包括与SYN数据相同的网络参数; 根据RST数据的网络参数进行功能变换，得到检查值CHK; 并且如果CHK匹配SEQ3或ACK3，则通过客户端的认证。

公开(公告)号：US12206685B2

公开(公告)日：2025-01-21

申请号：US17851195

申请日：2022-06-28

Applicant: Huawei Technologies Co., Ltd.

Inventor： Qiang Li ,  Wu Jiang ,  Jianwei Yu ,  Yu Huai

IPC: H04L9/40

Abstract: A network security protection method includes receiving a first data flow, where the first data flow includes a source Internet Protocol (IP) address and a destination IP address, where the source IP address is an IP address of a first electronic device, and where the destination IP address is an IP address of a first server, determining first device attribute information corresponding to the source IP address, determining second device attribute information corresponding to the destination IP address, and forwarding the first data flow when the first device attribute information matches the second device attribute information or blocking the first data flow when the first device attribute information does not match the second device attribute information.

公开(公告)号：US20220239687A1

公开(公告)日：2022-07-28

申请号：US17717751

申请日：2022-04-11

Applicant: Huawei Technologies Co., Ltd.

Inventor： Wu Jiang

IPC: H04L9/40

Abstract: A security vulnerability defense method includes obtaining, by a vulnerability management device, asset information of an asset of a first network device, where the asset information includes an asset identifier, an asset model, and an asset version, and the first network device is located in a range of a controlled network; obtaining, by the vulnerability management device based on the asset model and the asset version in the asset information, vulnerability information corresponding to the asset information; and determining, by the vulnerability management device, a vulnerability response playbook corresponding to the vulnerability information, where the vulnerability response playbook is used to execute a vulnerability defense policy for the first network device after being parsed.