公开(公告)号：US20140310322A1

公开(公告)日：2014-10-16

申请号：US14314711

申请日：2014-06-25

Applicant: Huawei Technologies Co., Ltd.

Inventor： Linghong Ruan ,  Wu Jiang ,  Shiguang Li ,  Zhenhui Wang

IPC: G06F17/30

CPC classification number: G06F17/30115 ,  G06F17/3012

Abstract: A method and a system for identifying a file type. A modification interface may be provided so that a user inputs a file feature parameter, and the file feature parameter input by the user is added to a file type configuration file, then the file type configuration file is loaded to a state machine to perform file type identification. Therefore, the user can modify a file feature parameter in the original file type configuration file, and when a file feature parameter of a file of a certain type is changed or a file of a new type appears, the user can update a file feature parameter in the state machine in time to identify the changed file or the file of the new type. In this way, the user does not need to search for an identification tool on the Internet.

Abstract translation: 用于识别文件类型的方法和系统。 可以提供修改界面，使得用户输入文件特征参数，并且将由用户输入的文件特征参数添加到文件类型配置文件中，然后将文件类型配置文件加载到状态机以执行文件类型 识别。 因此，用户可以修改原始文件类型配置文件中的文件特征参数，并且当特定类型的文件的文件特征参数改变或新类型的文件出现时，用户可以更新文件特征参数 在状态机中及时识别已更改的文件或新文件的类型。 以这种方式，用户不需要在因特网上搜索识别工具。

公开(公告)号：US09405758B2

公开(公告)日：2016-08-02

申请号：US14314711

申请日：2014-06-25

Applicant: Huawei Technologies Co., Ltd.

Inventor： Linghong Ruan ,  Wu Jiang ,  Shiguang Li ,  Zhenhui Wang

IPC: G06F17/30

CPC classification number: G06F17/30115 ,  G06F17/3012

Abstract: A method and a system for identifying a file type. A modification interface may be provided so that a user inputs a file feature parameter, and the file feature parameter input by the user is added to a file type configuration file, then the file type configuration file is loaded to a state machine to perform file type identification. Therefore, the user can modify a file feature parameter in the original file type configuration file, and when a file feature parameter of a file of a certain type is changed or a file of a new type appears, the user can update a file feature parameter in the state machine in time to identify the changed file or the file of the new type. In this way, the user does not need to search for an identification tool on the Internet.

Abstract translation: 用于识别文件类型的方法和系统。 可以提供修改界面，使得用户输入文件特征参数，并且将由用户输入的文件特征参数添加到文件类型配置文件中，然后将文件类型配置文件加载到状态机以执行文件类型 识别。 因此，用户可以修改原始文件类型配置文件中的文件特征参数，并且当特定类型的文件的文件特征参数改变或新类型的文件出现时，用户可以更新文件特征参数 在状态机中及时识别已更改的文件或新文件的类型。 以这种方式，用户不需要在因特网上搜索识别工具。

公开(公告)号：US09398027B2

公开(公告)日：2016-07-19

申请号：US14305723

申请日：2014-06-16

Applicant: Huawei Technologies Co., Ltd.

Inventor： Shiguang Li ,  Wu Jiang ,  Zhihui Xue ,  Linghong Ruan

IPC: H04L29/00 ,  H04L29/06 ,  H04L12/26 ,  H04L12/24

CPC classification number: H04L63/14 ,  H04L41/082 ,  H04L43/028 ,  H04L63/0236 ,  H04L63/1408

Abstract: A data detecting method and apparatus for a firewall device connected with a network to identify security threat in the data, where the method is implemented by a fast forwarder in the firewall device and includes: the fast forwarder receives application data; obtains application information in the received application data; determines an application protocol type corresponding to the application data according to the application information and an application identifying table; queries a configuration item for threat detection according to the application protocol type to determine whether the application data requires threat detection; and if the application data does not require threat detection, forwarding the application data. The data detecting method avoids a problem that performance of a firewall is degraded because all application data is sent to a detecting processor in the firewall device for detection, thereby improving an performance of the firewall device.

Abstract translation: 一种用于与网络连接以识别数据中的安全威胁的防火墙设备的数据检测方法和装置，其中该方法由防火墙设备中的快速转发器实现，并且包括：快速转发器接收应用数据; 获取所接收的应用数据中的应用信息; 根据应用信息和应用识别表确定与应用数据相对应的应用协议类型; 根据应用协议类型查询配置项进行威胁检测，以确定应用数据是否需要威胁检测; 并且如果应用程序数据不需要威胁检测，则转发应用程序数据。 数据检测方法避免了防火墙性能下降的问题，因为所有应用数据都发送到防火墙设备中的检测处理器进行检测，从而提高了防火墙设备的性能。

公开(公告)号：US20140298466A1

公开(公告)日：2014-10-02

申请号：US14305723

申请日：2014-06-16

Applicant: Huawei Technologies Co., Ltd.

Inventor： Shiguang Li ,  Wu Jiang ,  Zhihui Xue ,  Linghong Ruan

IPC: H04L29/06

CPC classification number: H04L63/14 ,  H04L41/082 ,  H04L43/028 ,  H04L63/0236 ,  H04L63/1408

Abstract: A data detecting method and apparatus for a firewall device connected with a network to identify security threat in the data, where the method is implemented by a fast forwarder in the firewall device and includes: the fast forwarder receives application data; obtains application information in the received application data; determines an application protocol type corresponding to the application data according to the application information and an application identifying table; queries a configuration item for threat detection according to the application protocol type to determine whether the application data requires threat detection; and if the application data does not require threat detection, forwarding the application data. The data detecting method avoids a problem that performance of a firewall is degraded because all application data is sent to a detecting processor in the firewall device for detection, thereby improving an performance of the firewall device.

Abstract translation: 一种用于与网络连接以识别数据中的安全威胁的防火墙设备的数据检测方法和装置，其中该方法由防火墙设备中的快速转发器实现，并且包括：快速转发器接收应用数据; 获取所接收的应用数据中的应用信息; 根据应用信息和应用识别表确定与应用数据相对应的应用协议类型; 根据应用协议类型查询配置项进行威胁检测，以确定应用数据是否需要威胁检测; 并且如果应用程序数据不需要威胁检测，则转发应用程序数据。 数据检测方法避免了防火墙性能下降的问题，因为所有应用数据都发送到防火墙设备中的检测处理器进行检测，从而提高了防火墙设备的性能。

公开(公告)号：US20140189879A1

公开(公告)日：2014-07-03

申请号：US14198326

申请日：2014-03-05

Applicant: Huawei Technologies Co., Ltd.

Inventor： Linghong Ruan ,  Wu Jiang ,  Shiguang Li ,  Zhenhui Wang

IPC: G06F21/60

CPC classification number: G06F21/60 ,  G06F21/64 ,  H04L63/0245 ,  H04L63/145 ,  H04L67/06

Abstract: A method for identifying a file type and an apparatus for identifying a file type, so as to solve a problem in the prior art that a file type cannot be effectively identified when a sender tampers with a file being transmitted. The method includes: acquiring, from a transmitted data packet, a file header of a file to be identified, and determining whether a magic number can be obtained from the file header; if the magic number can be obtained, searching for the file type that corresponds to the magic number; determining whether data of the file to be identified complies with a data structure feature of the file type; if yes, determining that a file type of the file to be identified is the file type that corresponds to the magic number; and if not, determining that a file type of the file is an abnormal type.

Abstract translation: 用于识别文件类型的方法和用于识别文件类型的装置，以便解决现有技术中当发送者篡改正在发送的文件时文件类型不能被有效识别的问题。 该方法包括：从发送的数据分组中获取要识别的文件的文件头，并且确定是否可以从文件头获取幻数; 如果可以获得魔法数，则搜索对应于魔数的文件类型; 确定要识别的文件的数据是否符合文件类型的数据结构特征; 如果是，确定要识别的文件的文件类型是对应于魔术数字的文件类型; 如果不是，则确定文件的文件类型是异常类型。