CN101119373B - Gateway stream type virus scanning method and system - Google Patents
Gateway stream type virus scanning method and system Download PDFInfo
- Publication number
- CN101119373B CN101119373B CN2007101213221A CN200710121322A CN101119373B CN 101119373 B CN101119373 B CN 101119373B CN 2007101213221 A CN2007101213221 A CN 2007101213221A CN 200710121322 A CN200710121322 A CN 200710121322A CN 101119373 B CN101119373 B CN 101119373B
- Authority
- CN
- China
- Prior art keywords
- data
- virus
- streaming
- scanning
- type
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The invention discloses a gateway level streaming virus scanning method and the system. The method is characterized in that a dialogue data packet is organized into a data unit array; analyzing whether the data types inside the data unit support the streaming scanning operation or not and carrying out text scanning and streaming scanning operations to the data. The system includes a data flow obtaining device, a preprocessing device, a virus scanning device and a meter device of memorized context information. The gateway level streaming virus scanning method and the system disclosed in the invention improves the responding speed of the gateway to the client terminal and conserves the memorized resources of the gateway under the circumstance of assuring of carrying out effective and accurate virus inspection of the data.
Description
Technical field
The present invention relates to a kind ofly, belong to computer network and data communication technology field based on gateway stream type virus scanning method and system thereof.
Background technology
Along with virus is propagated networking day by day, make that gateway level virus filtration more and more obtains paying close attention to.Gateway level virus filtration instrument makes virus promptly obtain killing in the local area network (LAN) porch, has limited viral propagation as soon as possible.Yet owing to be subjected to the restriction of traditional method for detecting virus, most of gateway level virus filtration instruments have all used file-type killing mode, promptly earlier in external memory or internal memory a plurality of network packet are reintegrated into a complete file, carry out virus scan again.This method needs earlier at a plurality of packets of gateway place buffer memory, transmits once more after being integrated into the file Scan for Viruses, therefore can cause the time-delay of packet, reduces network performance.Especially the application of having relatively high expectations for real-time as Web service, influences bigger.
By file mode killing virus,, also can take a large amount of internal memories at the gateway place except influencing real-time performance.In the big local area network (LAN) of network traffics, if buffer memory is all carried out in all sessions, and after killing virus, discharge, will increase a large amount of memory cost of gateway, when serious even can influence the stability of gateway operation.In addition, some virus appears at the beginning of session, but file-type killing mode needs just to carry out virus scan behind the full content of buffer memory session, has not only wasted system resource, has also influenced the promptness of killing virus.
In addition, sentence file mode killing virus at gateway, the agreement of support is also relatively limited.Because total data is all at gateway place buffer memory, so gateway must simulate actual client and server communication, and after killing virus finished, emulating server connected with the client of reality and finishes and communicate by letter once more.For some complicated application protocols, gateway is difficult to the whole communication process of simulation, therefore also is difficult to obtain complete communication data and forms file.
Summary of the invention
The object of the present invention is to provide a kind of novel gateway stream type virus scanning method and system thereof.
The streaming virus scan needn't wait for that promptly being reduced into file after the session data of network all arrives carries out virus scan, and can be along with the transmission of session data, data flow is cut into data cell carries out continuous scanning, the reception of data cell, scanning, process of transmitting walk abreast and carry out.
The present invention adopts following technical scheme to realize purpose of the present invention:
A kind of novel gateway stream type virus scanning method the steps include:
1) the session data packet group is made into the data cell formation;
2) whether the data type in the judgment data unit supports streaming scanning;
If do not support streaming scanning, then carry out file-type scanning;
If support streaming scanning, then carry out the following step:
A) virus scan is carried out in the data cell grouping;
B) if data cell of judging scanning safety whether dangerous then stop to scan and close and being connected of client, withdraws from case process; If safety would send this group data;
C) judge whether session finishes,, utilize the meter apparatus of contextual information to carry out BORDER PROCESSING if do not have to finish then keep the boundary information of these group data; Its method is: A) to the session data packet copies of supporting streaming scanning in the buffer buffering area of the meter apparatus of contextual information, the initial address of duplicating is: buffer+offset+cur_buff_len; If there is the data boundary of last scanning in the buffering area, the data of then newly reading in are closelyed follow in the back of data boundary, and next step scan operation can be done as a whole calculating with these two parts data; B) will organize among the data cell formation bb that meter apparatus that data copy to contextual information simultaneously safeguards; C) the streaming scan interface of the data among the buffer of the meter apparatus of contextual information by the virus scan device passed to the virus scan device;
Wherein, the data structure key of the meter apparatus of described contextual information comprises: buffer: its function store data to be scanned for based under the streaming scan pattern, and the data that need store during the processing boundary effect, and data type is the character type array; Cur_buff_len: its function is the value of storage data length among the current buffer of storage, and data type is an integer; Offset: its function is for storing the skew of the original position of data apart from the buffer first address among the current buffer of storage, data type is an integer; TmpFile: its function is based in the file scan pattern, the temporary file of storage queue data, and data type is a file pointer; Partcnt: its function is streaming when scanning, in the record virus scan process, and the subpattern information of having mated at the multi-mode virus signature, and their position relation, data type is the structure chained list;
D) repeating step 1) and 2), if finish then withdraw from case process.
Described boundary information is organized in data cell for this, the end data of the maximum virus characteristic code length of the virus base that comprises.
Described boundary information comprises in these group data of record at the sequence number of the detected subpattern of multi-mode virus signature, and the position between each subpattern concerns.
The method of handling border issue when utilizing the meter apparatus of contextual information to carry out multi-mode virus signature coupling in the described streaming scan method is: record multi-mode virus signature sequence number in partcnt, and the subpattern information of having mated, proceed coupling when arriving for follow-up data; If scan-data has mated the whole subpatterns that define in the virus signature of this multi-mode type, and satisfy the position relation of stipulating, think that then current data is infected.
Described session data is made of a plurality of data cell formations, has end mark EOS in last data cell of last formation.
The described packet load data type of not supporting that streaming scans includes but not limited to one or more of following type: gzip, zip, bz, rar, base64.
A kind of gateway stream type virus scanning system, it comprises:
The data flow deriving means is used to obtain the data cell of inflow, is made into the data cell formation at conversation group;
Pretreatment unit is analyzed data type and whether is supported streaming scanning;
The virus scan device carries out virus scan at the data of streaming virus scan and two kinds of interfaces of file-type virus scan respectively and handles;
The data flow dispensing device is used to transmit the data after processing finishes;
The meter apparatus of storage contextual information, the viral segmentation problem that causes because of splitting traffic when being used to handle streaming scanning; Its data structure key comprises:
Buffer: its function is based under the streaming scan pattern, stores data to be scanned, and the data that need store when handling boundary effect, and data type is the character type array;
Cur_buff_len: its function is the value of storage data length among the current buffer of storage, and data type is an integer;
Offset: its function is for storing the skew of the original position of data apart from the buffer first address among the current buffer of storage, data type is an integer;
TmpFile: its function is based in the file scan pattern, the temporary file of storage queue data, and data type is a file pointer;
Partcnt: when its function is streaming scanning, in the record multi-mode virus scan process, the subpattern information of having mated, and their position relation, data type is the structure chained list.
Good effect of the present invention and advantage
This streaming virus detection system and method proposed by the invention, method of the present invention is that the network data flow of flowing through is carried out virus scan according to the order of flowing through, the reception of data cell, scanning, process of transmitting walk abreast and carry out, and need not be with all data pack buffers, scan again after being integrated into file, thereby reduced the delay of transfer of data, improved scan efficiency; Improve the response speed of gateway, and saved the storage resources of gateway when virus detects effectively accurately having guaranteed data are carried out for client.
Description of drawings
Fig. 1 is the flow chart of the inventive method;
Fig. 2 is the network topological diagram of the embodiment of the invention;
Fig. 3 is a system construction drawing of the present invention.
Embodiment
Followingly gateway stream type virus scanning of the present invention system is elaborated with reference to accompanying drawing.
The flow process of the inventive method as shown in Figure 1, its course of work is as follows:
(1) system initialization.This step comprises the work of two aspects, the one, and initialization is used to store the data structure of the meter apparatus of contextual information, finishes the streaming virus scan with auxiliary, and the 2nd, initialization virus scan device.Initialization virus scan device comprises the importing virus base, calculate the length m axpatlen of maximum virus code in the current virus base in the importing process according to the length gauge of every virus signature: the length of monotype virus signature is the length of condition code character string, and the length of multi-mode virus signature is then calculated according to the length and the offset relationship thereof that comprise subpattern.The cycle of operation of virus scan device is first packet arrival from the protocol layer session, to a last data end-of-packet.Therefore, the virus scan device should carry out contextual protection in a complete protocol layer discourse referent.When gateway was whenever received the data of a packet, data acquisition facility just can be created a virus scan device example that is specific to this request and be used to handle current queue.When the next data that belong to this session arrived, the data flow deriving means can call the filtration example that belongs to same request automatically.After all data processing of this session finished, this virus scan example will withdraw from, and finished operation.The meter apparatus of storage contextual information runs through the processing procedure of whole session.
(2) data flow is obtained, and the session data packet group is made into the data cell formation.The packet that belongs to same session has essential informations such as identical source address, destination address, source port, destination interface, protocol number, and affiliated upper-layer protocol has signs such as corresponding state information, timestamp.Data acquisition module can be according to session under the above data separation packet.
When gateway was whenever received a packet, data acquisition module is the session under the judgment data bag just, and deposited in the data cell according to the packet of inflow order with some, the data cell formation of session under again this data cell being inserted into.If the current data cell formation that does not have this session, then newly-built exclusive data cell formation.If comprise the end mark of session in the packet, the data flow deriving means then inserts " EOS " sign in the data cell at affiliated formation end.Once complete session will be made of a plurality of data cell formations.The data flow deriving means passes to the virus scan device with the data cell formation of organizing.
Whether (3) data flow preliminary treatment, the data type of judgment data unit support streaming scanning.The purpose in this step is to prepare for next step scanning process, and mechanism is divided into two kinds of situations: based on the preliminary treatment of streaming scanning; Preliminary treatment based on file-type scanning.
Stated the data type that some do not support streaming scanning in the system in advance, for example: gzip, zip, bz, rar, base64 etc.Simultaneously the viral segmentation problem that causes when assisting the virus scan device to handle streaming killing virus has been set up the meter apparatus of storage contextual information, because during data cell formation transmission data, between data cell and the data cell, can form boundary effect between formation and the formation.The meter apparatus of storage contextual information is as shown in table 1.
Table 1.streamav_ctx table
Data message | Data type | Implication |
buffer | The character type array | Be used for the streaming scan pattern, store data to be scanned, and the data that need store when handling boundary effect |
cur_buff_len | Integer | Be used for the streaming scan pattern, the data length of storing among the current buffer |
offset | Integer | Be used for the streaming scan pattern, the original position of the data of storing among the current buffer is apart from the skew of buffer first address |
tmpFile | File pointer | Be used for the file-type scan pattern, the temporary file of storage queue data |
bb | The character type array linked list | Be used for the streaming scan pattern, the data cell formation that virus scan device example is controlled oneself and safeguarded |
partcnt | The structure chained list | Be used for the streaming scan pattern, in the record multi-mode virus scan process, the subpattern information of having mated, and their position relation |
During the data flow preliminary treatment, if the data type analysis result is a specific type, then need to use the pattern based on file-type scanning that data are carried out preliminary treatment, promptly the data unit data that directly the data flow deriving means is obtained buffers into temporary file (the temporary file pointer deposits the tmpFile territory of streamav_ctx list structure in).Behind inferior conversation end, will suitably handle (as file is decompressed) to the data content in the temporary file, call the file-type scan interface of virus scan device again.
If data type is non-specific type, the virus scan device uses the data preliminary treatment mechanism based on the streaming scan pattern, call the streaming scan interface of virus scan device, carry out the streaming virus scan, in the process of streaming virus scan, the virus scan device is divided into one group with per three the data unit in the formation, three current data unit is carried out after the complete processing at every turn, comprise preliminary treatment, scanning, transmission, just remaining data cell is handled.It below is certain once pretreated detailed process.
A) data with the first three data unit in the data cell formation copy in the buffer buffering area of table streamav_ctx, and the initial address of duplicating is: buffer+offset+cur_buff_len.If there is the data boundary of last scanning in the buffering area, the data of then newly reading in are closelyed follow in the back of data boundary, and next step scan operation can be done as a whole calculating with these two parts data.
B) data in these three data unit are copied to simultaneously among the data cell formation bb of streamav_ctx maintenance.
C) will show data passes among the buffer of streamav_ctx to the virus scan device.
(4) virus scan.The virus scan device provides file-type scan interface and streaming scan interface.In initialization and pretreated process, be the virus scan scan-data of the corresponding interface all set, the corresponding interface that this step only need directly be called the virus scan device gets final product.If file-type scanning, then the tmpFile temporary file pointed of virus scan device scanning streamav_ctx; If streaming scanning, the then data unit data in the virus scan device scanning streamav_ctx table bb formation.If the scanning result video data is a safety, and also have data to need to handle in this session, promptly do not have conversation end sign EOS to occur, then the virus scan device carries out the protection processing of data boundary.The virus scan device has virus base, comprises the virus signature set in the virus base.If be scanned content comprise with virus base in the character string sequence that is complementary of virus signature, can judge that then this scans content is infected by this kind virus.The virus scan device writes down the maximum length of virus signature in the virus base in initialization procedure, cut apart the boundary effect that causes for virus scan system deal with data in the virus scan process.The virus scan device is preserved the data of buffer institute storage data units end maxpatlen length get off when carrying out BORDER PROCESSING.If scan-data has mated the virus signature of certain monotype type, think that then current data is infected.If scan-data has mated the whole subpatterns that define in the virus signature of certain multi-mode type, and satisfy the position relation of stipulating, think that then current data is infected.If scan-data has mated the parton pattern that defines in the virus signature of certain multi-mode type, then in the partcnt of streamav_ctx table, write down this multi-mode virus signature sequence number, and the subpattern information of having mated, proceed coupling when arriving for follow-up data.Detected infected data will directly be abandoned, and do not continue to handle follow-up data.The virus scan device is submitted to the data flow dispensing device with scanning result.
(5) data flow output.If detected data is safe, and the data flow dispensing device sends to client with this part data at once.For the streaming scan pattern, if also have in the data cell formation of pre-treatment data cell etc. pending, or the data cell formation of working as pre-treatment has not had data, but the EOS data cell that the expression conversation end do not occur, then virus scan device example continues to be retained in the internal memory, handle or etc. pending remaining data unit data.
If measured data contains virus, the data flow dispensing device sends information to client, closes and being connected of client, and withdraws from case process.If all data of this session that the virus scan device is treated, it also will withdraw from case process.Can discharge the memory headroom of applying in the scanning process before withdrawing from case process.
A kind of gateway stream type virus scanning system, as shown in Figure 3.Accompanying drawing 2 runs on the gateway place for system of the present invention, between local area network (LAN) and outer net.The system that the present invention proposes comprises: the data flow deriving means, be used to obtain the packet of inflow, and be made into traffic queue at conversation group; Pretreatment unit is used to analyze traffic queue, the judgment data type; The virus scan device is supported streaming virus scan and two kinds of interfaces of file-type virus scan, carries out virus scan at data of different types respectively and handles; The data flow dispensing device is used to transmit the data after processing finishes, and discharges the memory headroom that takies in the scanning process; The meter apparatus of storage contextual information, the viral segmentation problem that causes because of splitting traffic when being used to handle streaming scanning.Wherein, the streaming virus scan is meant that the network data flow to flowing through carries out virus scan according to the order of flowing through, the reception of data cell, scanning, process of transmitting walk abreast and carry out, and need not be with all data cell buffer memorys, scan again after being integrated into file, thereby reduced the delay of transfer of data, improved scan efficiency.
Wherein, the data flow deriving means can divide the network packet that flows into according to conversation area, and according to the inflow order packet of some is stored together and forms " data cell " that is beneficial to virus scan, " data cell " that will belong to same session again is arranged in " data cell formation ".Wherein, " data cell ", " data cell formation " be the specific data structure of corresponding data acquisition module definition all, is used for internal memory operation and management efficiently.In the data structure of data cell correspondence, each territory mainly comprises content, size, the function pointer of basic operation and the data cell queue pointer at place etc. of the network packet that comprises.The data structure of data cell formation correspondence is the ring-type chained list that comprises a series of associated data unit, is used to provide flexible and efficient internal memory operation, as the distribution of data unit, recovery etc., uses for other modules.Once complete session will be made of a plurality of data cell formations.The data flow deriving means can judge whether session finishes, and inserts one " EOS " sign in the data cell at formation end, with the end of sign session.The data flow deriving means passes to the virus scan device with the data cell formation of organizing.
Pretreatment unit is analyzed the data type in the data cell queue, if data (are compressed type as gzip, rar etc. for the data type of not supporting streaming scanning, or type of coding such as base64), then need all metadata caches when time session are become complete file, after suitably handling (as file is decompressed), call the file-type scan interface of virus scan device again.If the data type in the data cell formation is not a specific type, then call the streaming scan interface of virus scan device, carry out the streaming virus scan.
The virus scan device scans specific data with process mode independent operating after receiving the scan request of pretreatment unit.The virus scan device has virus base, comprises the virus signature set in the virus base, and virus signature is divided into monotype and two kinds of forms of multi-mode.Comprise the character string sequence that the virus signature with monotype is complementary if be scanned content, can judge that then this scans content is infected by this kind virus.Can mate a plurality of patterns that define in certain multi-mode virus signature if be scanned the character string sequence that content comprises, and certain condition up to specification, can judge that then this scans content is infected by this kind virus.
The meter apparatus of storage contextual information, as shown in table 1, the viral segmentation problem that causes when being used to assist the virus scan device to handle streaming killing virus.
Claims (7)
1. a gateway stream type virus scanning method the steps include:
1) the session data packet group is made into the data cell formation;
2) whether the data type in the judgment data unit supports streaming scanning;
If do not support streaming scanning, then carry out file-type scanning;
If support streaming scanning, then carry out the following step:
A) virus scan is carried out in the data cell grouping;
B) if data cell of judging scanning safety whether dangerous then stop to scan and close and being connected of client, withdraws from case process; If safety would send this group data;
C) judge whether session finishes,, utilize the meter apparatus of contextual information to carry out BORDER PROCESSING if do not have to finish then keep the boundary information of these group data; Its method is: A) to the session data packet copies of supporting streaming scanning in the buffer buffering area of the meter apparatus of contextual information, the initial address of duplicating is: buffer+offset+cur_buff_len; If there is the data boundary of last scanning in the buffering area, the data of then newly reading in are closelyed follow in the back of data boundary, and next step scan operation can be done as a whole calculating with these two parts data; B) will organize among the data cell formation bb that meter apparatus that data copy to contextual information simultaneously safeguards; C) the streaming scan interface of the data among the buffer of the meter apparatus of contextual information by the virus scan device passed to the virus scan device;
Wherein, the data structure key of the meter apparatus of described contextual information comprises: buffer: its function store data to be scanned for based under the streaming scan pattern, and the data that need store during the processing boundary effect, and data type is the character type array; Cur_buff_len: its function is the value of storage data length among the current buffer of storage, and data type is an integer; Offset: its function is for storing the skew of the original position of data apart from the buffer first address among the current buffer of storage, data type is an integer; TmpFile: its function is based in the file scan pattern, the temporary file of storage queue data, and data type is a file pointer; Partcnt: its function is streaming when scanning, in the record virus scan process, and the subpattern information of having mated at the multi-mode virus signature, and their position relation, data type is the structure chained list;
D) repeating step 1) and 2), if finish then withdraw from case process.
2. the method for claim 1 is characterized in that described boundary information in this group data cell, the end data of the maximum virus characteristic code length of the virus base that comprises.
3. the method for claim 1, it is characterized in that described boundary information in these group data of record at the sequence number of the detected subpattern of multi-mode virus signature, and the position between each subpattern concerns.
4. the method for claim 1, the method for handling border issue when it is characterized in that utilizing in the streaming scanning meter apparatus of contextual information to carry out multi-mode virus signature coupling is:
Record multi-mode virus signature sequence number in partcnt, and the subpattern information of having mated are proceeded coupling when arriving for follow-up data; If scan-data has mated the whole subpatterns that define in the virus signature of this multi-mode type, and satisfy the position relation of stipulating, think that then current data is infected.
5. the method for claim 1 is characterized in that described session data is made of a plurality of data cell formations, has end mark EOS in last data cell of last formation.
6. the method for claim 1 is characterized in that the described packet load data type of not supporting that streaming scans includes but not limited to one or more of following type: gzip, zip, bz, rar, base64.
7. gateway stream type virus scanning system, it comprises:
The data flow deriving means is used to obtain the data cell of inflow, is made into the data cell formation at conversation group;
Pretreatment unit is analyzed data type and whether is supported streaming scanning;
The virus scan device carries out virus scan at the data of streaming virus scan and two kinds of interfaces of file-type virus scan respectively and handles;
The data flow dispensing device is used to transmit the data after processing finishes;
The meter apparatus of storage contextual information, the viral segmentation problem that causes because of splitting traffic when being used to handle streaming scanning; Its data structure key comprises:
Buffer: its function is based under the streaming scan pattern, stores data to be scanned, and the data that need store when handling boundary effect, and data type is the character type array;
Cur_buff_len: its function is the value of storage data length among the current buffer of storage, and data type is an integer;
Offset: its function is for storing the skew of the original position of data apart from the buffer first address among the current buffer of storage, data type is an integer;
TmpFile: its function is based in the file scan pattern, the temporary file of storage queue data, and data type is a file pointer;
Partcnt: when its function is streaming scanning, in the record multi-mode virus scan process, the subpattern information of having mated, and their position relation, data type is the structure chained list.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2007101213221A CN101119373B (en) | 2007-09-04 | 2007-09-04 | Gateway stream type virus scanning method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2007101213221A CN101119373B (en) | 2007-09-04 | 2007-09-04 | Gateway stream type virus scanning method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101119373A CN101119373A (en) | 2008-02-06 |
CN101119373B true CN101119373B (en) | 2010-09-08 |
Family
ID=39055307
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2007101213221A Expired - Fee Related CN101119373B (en) | 2007-09-04 | 2007-09-04 | Gateway stream type virus scanning method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101119373B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2021074802A1 (en) * | 2019-10-17 | 2021-04-22 | International Business Machines Corporation | Maintaining system security |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102905269B (en) * | 2011-07-26 | 2017-06-13 | 西门子公司 | The detection method and device of a kind of mobile phone viruses |
CN102811146B (en) * | 2012-08-31 | 2015-03-04 | 飞天诚信科技股份有限公司 | Method and device for detecting message processing environment |
CN103546449A (en) * | 2012-12-24 | 2014-01-29 | 哈尔滨安天科技股份有限公司 | E-mail virus detection method and device based on attachment formats |
CN103580949A (en) * | 2012-12-27 | 2014-02-12 | 哈尔滨安天科技股份有限公司 | Method and system for non-complete flow detection and complete flow detection in switchable mode |
CN104424438B (en) * | 2013-09-06 | 2018-03-16 | 华为技术有限公司 | A kind of antivirus file detection method, device and the network equipment |
CN104216946B (en) * | 2014-07-31 | 2019-03-26 | 百度在线网络技术(北京)有限公司 | A kind of method and apparatus for beating again packet application program for determination |
CN109981629A (en) * | 2019-03-19 | 2019-07-05 | 杭州迪普科技股份有限公司 | Antivirus protection method, apparatus, equipment and storage medium |
CN110610087A (en) * | 2019-09-06 | 2019-12-24 | 武汉达梦数据库有限公司 | Data acquisition safety detection method and device |
CN113132341B (en) * | 2020-01-16 | 2023-03-21 | 深信服科技股份有限公司 | Network attack behavior detection method and device, electronic equipment and storage medium |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5495607A (en) * | 1993-11-15 | 1996-02-27 | Conner Peripherals, Inc. | Network management system having virtual catalog overview of files distributively stored across network domain |
US7246227B2 (en) * | 2003-02-10 | 2007-07-17 | Symantec Corporation | Efficient scanning of stream based data |
-
2007
- 2007-09-04 CN CN2007101213221A patent/CN101119373B/en not_active Expired - Fee Related
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5495607A (en) * | 1993-11-15 | 1996-02-27 | Conner Peripherals, Inc. | Network management system having virtual catalog overview of files distributively stored across network domain |
US7246227B2 (en) * | 2003-02-10 | 2007-07-17 | Symantec Corporation | Efficient scanning of stream based data |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2021074802A1 (en) * | 2019-10-17 | 2021-04-22 | International Business Machines Corporation | Maintaining system security |
Also Published As
Publication number | Publication date |
---|---|
CN101119373A (en) | 2008-02-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101119373B (en) | Gateway stream type virus scanning method and system | |
CN109033471B (en) | Information asset identification method and device | |
CN104156389B (en) | Deep-packet detection system and method based on Hadoop platform | |
CN102469132A (en) | Method and system for grabbing web pages from servers with different IPs (Internet Protocols) in website | |
CN101661513A (en) | Detection method of network focus and public sentiment | |
CN102571946B (en) | Realization method of protocol identification and control system based on P2P (peer-to-peer network) | |
CN104850784B (en) | A kind of Malware cloud detection method of optic and system based on Hash characteristic vector | |
CN105677615A (en) | Distributed machine learning method based on weka interface | |
CN108846275A (en) | Unknown Method of Detecting Operating System based on RIPPER algorithm | |
CN105657677A (en) | Short message sending method, short message gateway and service platform | |
CN107241305A (en) | A kind of network protocol analysis system and its analysis method based on polycaryon processor | |
CN108512763A (en) | A kind of tracking of flow table rule generating process | |
CN109525803A (en) | Video structural processing unit and method based on FPGA and artificial intelligence | |
CN103428249B (en) | A kind of Collecting and dealing method of HTTP request bag, system and server | |
CN205983466U (en) | Algorithm accelerator card based on FPGA | |
CN110493302A (en) | A kind of document transmission method, equipment and computer readable storage medium | |
CN103684739B (en) | A kind of device for realizing that clock is synchronous, device and method | |
CN106650449A (en) | Script heuristic detection method and system based on variable name confusion degree | |
CN108920955B (en) | Webpage backdoor detection method, device, equipment and storage medium | |
CN102270223B (en) | The generation method in source codec storehouse, device and source codec method, device | |
CN104009982B (en) | File grouping group sending device and file grouping method for group sending based on ultrashort wave radio set | |
CN106101117B (en) | A kind of fishing website blocking-up method, device and system | |
CN103793398B (en) | The method and apparatus for detecting junk data | |
CN100477668C (en) | Stream sampling device and method for detecting high speed network super connection host | |
CN105046561A (en) | Method capable of adapting to various bank transaction message formats |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
C17 | Cessation of patent right | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20100908 Termination date: 20130904 |