-
公开(公告)号:US10757135B2
公开(公告)日:2020-08-25
申请号:US16372923
申请日:2019-04-02
Applicant: Huawei Technologies Co., Ltd.
Inventor: Wu Jiang
Abstract: A bot characteristic detection method and apparatus, where the apparatus obtains a first dynamic behavior file and a second dynamic behavior file, where the first dynamic behavior file is a behavior file resulting from dynamic behavior detection performed on a malicious file in a first sandbox, and the second dynamic behavior file is a behavior file resulting from dynamic behavior detection performed on the malicious file in a second sandbox. The apparatus determines a bot characteristic of the malicious file based on a common characteristic of the first dynamic behavior file and the second dynamic behavior file.
-
公开(公告)号:US10673874B2
公开(公告)日:2020-06-02
申请号:US16156514
申请日:2018-10-10
Applicant: Huawei Technologies Co., Ltd.
Inventor: Wu Jiang , Xingshui Dong
Abstract: A method, an apparatus, and a device for detecting an electronic mail (E-mail) attack. The device receives a data flow, obtains an E-mail traffic parameter of each statistic period within a predetermined number of statistic periods, where within each statistic period, the E-mail traffic parameter of each of the statistic periods is determined according to a protocol type of the received data flow, and determines that an E-mail attack is detected when the E-mail traffic parameter of each statistic period within the predetermined number of statistic periods matches a first threshold.
-
公开(公告)号:US20190230097A1
公开(公告)日:2019-07-25
申请号:US16372923
申请日:2019-04-02
Applicant: Huawei Technologies Co., Ltd.
Inventor: Wu Jiang
Abstract: A bot characteristic detection method and apparatus, where the apparatus obtains a first dynamic behavior file and a second dynamic behavior file, where the first dynamic behavior file is a behavior file resulting from dynamic behavior detection performed on a malicious file in a first sandbox, and the second dynamic behavior file is a behavior file resulting from dynamic behavior detection performed on the malicious file in a second sandbox. The apparatus determines a bot characteristic of the malicious file based on a common characteristic of the first dynamic behavior file and the second dynamic behavior file.
-
公开(公告)号:US20190044962A1
公开(公告)日:2019-02-07
申请号:US16156514
申请日:2018-10-10
Applicant: Huawei Technologies Co., Ltd.
Inventor: Wu Jiang , Xingshui Dong
CPC classification number: H04L63/1416 , H04L51/12 , H04L63/1408 , H04L63/1441 , H04L63/1458 , H04L69/28
Abstract: A method, an apparatus, and a device for detecting an electronic mail (E-mail) attack. The device receives a data flow, obtains an E-mail traffic parameter of each statistic period within a predetermined number of statistic periods, where within each statistic period, the E-mail traffic parameter of each of the statistic periods is determined according to a protocol type of the received data flow, and determines that an E-mail attack is detected when the E-mail traffic parameter of each statistic period within the predetermined number of statistic periods matches a first threshold.
-
15.发明授权公开(公告)号:US09380067B2
公开(公告)日:2016-06-28
申请号:US14317278
申请日:2014-06-27
Applicant: Huawei Technologies Co., Ltd.
Inventor: Zhihui Xue , Wu Jiang , Shiguang Li , Shiguang Wan
CPC classification number: H04L63/1416 , H04L43/026 , H04L63/02 , H04L63/0263 , H04L63/1441
Abstract: An IPS detection processing method, a network security device and a system are disclosed. The method includes: determining, by a network security device, whether an internal network device is a client or a server; if the internal network device is the client, simplifying an IPS signature rule base to obtain an IPS signature rule base corresponding to the client, or if the internal network device is the server, simplifying the IPS signature rule base to obtain an IPS signature rule base corresponding to the server; generating a state machine according to a signature rule in the IPS signature rule base obtained through simplifying processing; and performing IPS detection on flowing-through traffic by applying the state machine. In embodiments of the present invention, the network security device performs IPS detection by adopting the state machine with a redundant state removed, thereby improving IPS detection efficiency.
Abstract translation: 公开了IPS检测处理方法,网络安全装置和系统。 该方法包括:由网络安全设备确定内部网络设备是客户端还是服务器; 如果内部网络设备是客户端,则简化IPS签名规则库,以获取与客户端相对应的IPS签名规则库,或者内部网络设备为服务器,简化IPS签名规则库以获取IPS签名规则库 对应于服务器; 根据通过简化处理获得的IPS签名规则库中的签名规则生成状态机; 并通过应用状态机对流量进行IPS检测。 在本发明的实施例中,网络安全装置通过采用去除冗余状态的状态机来执行IPS检测,从而提高IPS检测效率。
-
Patent Agency Ranking
公开(公告)号:US08990936B2
公开(公告)日:2015-03-24
申请号:US13681703
申请日:2012-11-20
Applicant: Huawei Technologies Co., Ltd.
Inventor: Wu Jiang
CPC classification number: G06F21/50 , H04L63/1425 , H04L67/02 , H04L69/22
Abstract: Disclosed is a flood attack detection method, wherein the total number of keywords of a source packet is acquired, and the number of feature parameters corresponding to the source packet is acquired. A ratio of the number of feature parameters to the total number of keywords is compared with a preset threshold, and if the ratio is greater than or equal to the preset threshold, it is determined that a flood attack occurs.
Abstract translation: 公开了一种洪水攻击检测方法,其中获取源分组的关键字的总数,并且获取与源分组对应的特征参数的数量。 将特征参数的数量与关键字总数的比率与预设阈值进行比较,如果比率大于或等于预设阈值,则确定发生洪泛攻击。
-
公开(公告)号:US20240089178A1
公开(公告)日:2024-03-14
申请号:US18511806
申请日:2023-11-16
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Inventor: Wu Jiang
IPC: H04L41/00 , H04L12/66 , H04L41/0894 , H04L41/5006 , H04L41/5009
CPC classification number: H04L41/20 , H04L12/66 , H04L41/0894 , H04L41/5006 , H04L41/5009
Abstract: This application discloses a network service processing method, a network service processing system, and a gateway device, to alleviate a problem that the gateway device cannot meet increasing additional function requirements. The gateway device identifies a type of a first intranet device, where the first intranet device belongs to an intranet connected to the gateway device. The gateway device obtains a first software package based on the type of the first intranet device, where the first software package is used to implement a first additional function. The gateway device sends a first indication message and the first software package to the first intranet device, where the first indication message is used to indicate the first intranet device to install the first software package and execute the first additional function.
-
公开(公告)号:US20220329609A1
公开(公告)日:2022-10-13
申请号:US17851195
申请日:2022-06-28
Applicant: Huawei Technologies Co., Ltd.
Inventor: Qiang Li , Wu Jiang , Jianwei Yu , Yu Huai
IPC: H04L9/40
Abstract: A network security protection method includes receiving a first data flow, where the first data flow includes a source Internet Protocol (IP) address and a destination IP address, where the source IP address is an IP address of a first electronic device, and where the destination IP address is an IP address of a first server, determining first device attribute information corresponding to the source IP address, determining second device attribute information corresponding to the destination IP address, and forwarding the first data flow when the first device attribute information matches the second device attribute information or blocking the first data flow when the first device attribute information does not match the second device attribute information.
-
公开(公告)号:US10929538B2
公开(公告)日:2021-02-23
申请号:US15631337
申请日:2017-06-23
Applicant: Huawei Technologies Co., Ltd.
Inventor: Wu Jiang
Abstract: A network security protection method is executed by a network security protection device and includes obtaining at least one of network environment data or threat detection data of a host that is in a protected network and that is connected to the network security protection device, where the network environment data includes an identifier of an operating system, a parameter of the operating system, an identifier of software with a network port access function, or a parameter of the software; and the threat detection data includes a threat type or a threat identifier, where the threat type includes a vulnerability or a malicious program; searching, according to the obtained at least one of network environment data or threat detection data, for corresponding information used to eliminate a security threat in the host; and sending the found information to the host.
-
公开(公告)号:US09411957B2
公开(公告)日:2016-08-09
申请号:US14300409
申请日:2014-06-10
Applicant: Huawei Technologies Co., Ltd.
CPC classification number: G06F21/554 , G06F21/552 , H04L43/028 , H04L43/18 , H04L63/0236 , H04L63/0263 , H04L63/1416
Abstract: A method and a device for optimizing and configuring a detection rule, where the method includes: a network entity receives network traffic; extracts a packet from the network traffic, and identifies, according to a feature of the packet, protocol related information used in the network; saves the protocol related information and correspondence between pieces of information in the protocol related information to a first learning association table; and matches a corresponding rule from a vulnerability rule base according to the protocol related information to generate a first compact rule set. Through the generated compact rule set in the present invention, subsequent protocol detection is performed only for a protocol threat that may occur in a live network; therefore, content that needs to be detected subsequently is reduced, the detection efficiency is improved, and unnecessary performance consumption is avoided at the same time.
Abstract translation: 一种用于优化和配置检测规则的方法和设备,其中所述方法包括:网络实体接收网络流量; 从网络流量提取分组,并根据分组的特征识别网络中使用的协议相关信息; 将协议相关信息中的协议相关信息和协议相关信息中的信息之间的对应关系保存到第一学习关联表; 并根据协议相关信息匹配来自漏洞规则库的相应规则,以生成第一个紧凑规则集。 通过本发明生成的紧凑规则,仅对可能在实时网络中发生的协议威胁进行后续协议检测; 因此,随后需要检测的内容减少,提高了检测效率,同时避免了不必要的性能消耗。
-
-
-
-
-
-
-
-
-
Search Results
35
records
(took 0.028 seconds)
