CN101252576A - Method for detecting virus based on network flow with DFA in gateway - Google Patents
Method for detecting virus based on network flow with DFA in gateway Download PDFInfo
- Publication number
- CN101252576A CN101252576A CNA2008100197264A CN200810019726A CN101252576A CN 101252576 A CN101252576 A CN 101252576A CN A2008100197264 A CNA2008100197264 A CN A2008100197264A CN 200810019726 A CN200810019726 A CN 200810019726A CN 101252576 A CN101252576 A CN 101252576A
- Authority
- CN
- China
- Prior art keywords
- virus
- network
- dfa
- packet
- http
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a virus detection method based on network flows and taken at gateways by DFA. The virus detection process includes that firstly, network data packets are redirected to a virus detection program in a protocol stack; secondly, the network data packets are organized by the virus detection program according to the network flows; thirdly, the network packets are inputted into a DFA engine by the virus detection program; fourthly, virus detection is taken by the DFA engine according to the pre-compiled virus feature library, a virus warning is sent out to network terminals by the virus detection program and the network flows are cut off if viruses are detected and the network data packets are let to pass if no virus is matched. The network packets in accordance with the features are directly redirected to the virus detection program by the invention so that the data packet delay caused by the protocol stack is largely reduced; the speed of virus detection by DFA is improved by more than 10 times; in addition, a large quantity of TCP connections need no maintenance if the network data packets are organized in the way of network flows, thus CPU and EMS memory resources are saved.
Description
Technical field
The present invention relates to carry out the technology that virus detects on gateway device, particularly a kind of DFA of utilization carries out the method for detecting virus of stream Network Based at the gateway place, belong to the computer network security technology field.
Background technology
Be accompanied by development of computer, computer virus also generates in a large number; Computer virus is threatening the safety of computer data, is disturbing people to work normally, is seriously perplexing the computer and the network user thereof, has brought the loss that can't estimate to the mankind.The development of Internet technology has also brought bigger facility for the extensive widespread of computer virus bring the unprecedented while easily for the mankind.Computer virus is propagated by the Internet unbridledly, is perplexing the increasing computer user of every field, therefore, and killing computer virus and prevent that the task of its propagation is more and more important.Traditional computer anti-virus method carries out on single computer usually, even computer bit also is that so this method has following shortcoming in the Internet:
At first; the method of unit killing virus can only rush out the file that this machine inside is infected by the virus; and do not handle in time for the viral source of really concealing in Internet Server; if this server is not protected, may be that all users in the whole the Internet and internal network are subjected to virus and attack rapidly and widely.Moreover, may be become new viral source again by the computer of virus infections, it is subjected to the control of virus to attack more computer, bring a series of chain reaction thus, strengthened viral firing area, increased viral harmfulness, finally caused the Internet paralysis, to the loss of bringing on a disaster property of Internet user.Secondly, existing various anti-virus softwares are relevant with the operating platform that it is moved, and it needs frequent separately renewal, upgrading, maintenance and supervision, and this will inevitably cause the waste of plenty of time and resource.In addition, because traditional fire compartment wall only possesses the ability of refusal unauthorized access, and the malicious code (as ActiveXControl and java applet) in e-mail virus and some internet web pages can firewall-penetrating, Intranet is attacked, made the enterprise that is attacked suffer tremendous loss.
At this situation, released the checking and killing virus product of gateway level recent years, interception virus on network boundary, the propagation of control virus, virus can not be propagated, and its harmfulness just reduces greatly.The checking and killing virus product of present gateway level, processing for the HTTP data, all be by in gateway, setting up the Proxy program, with the HTTP data redirection in the Proxy program, the Proxy program is carried out seven layers of reduction to the HTTP data, be reassembled as file, and file imported viral engine carry out checking and killing virus, the Proxy program sends to terminal with the HTTP data then.There is following problem in this mode: 1. the Proxy mode can only be according to 80 port identification http protocols, and there is the under-enumeration problem in the HTTP data for non-standard 80 ports a large amount of on the network; 2. each HTTP packet all will be handled through the Proxy program that protocol stack enters application layer, and network performance sharply descends; 3. Proxy must wait all data to arrive, finish file reorganization and finish after the virus scan, just can send the data to terminal, cause the HTTP access time delay sharply to increase, big file can't be downloaded the problem that successfully waits, and buffer memory can take a large amount of internal memories and disk resource simultaneously; 4. Proxy need be maintained into terminal and is connected with a large amount of TCP to http server, and a large amount of connection foundation and dismounting can expend the cpu resource of gateway, and a large amount of connections also expends the memory source of gateway.
Summary of the invention
The objective of the invention is to overcome the deficiency that prior art exists, provide a kind of DFA that in gateway device, utilizes to carry out the method that stream virus Network Based detects.
Purpose of the present invention is achieved through the following technical solutions:
Utilize DFA to carry out the method for detecting virus of stream Network Based at the gateway place, characteristics are: viral testing process may further comprise the steps---
1) in protocol stack, network packet is redirected to virus checker;
2) virus checker is according to network flow organization network packet;
3) virus checker is imported the DFA engine with network packet;
4) the DFA engine carries out the virus detection according to compiled in advance virus characteristic storehouse, if detect virus, virus checker sends virus warning to the network terminal, and interrupt network stream, if do not match virus, and the network packet of then letting pass.
Further, the above-mentioned DFA that utilizes carries out the method for detecting virus of stream Network Based at the gateway place, described network packet is meant the packet of http protocol, the http data bag is by extracting the http protocol condition code and utilizing the DFA coupling to obtain in protocol stack, described DFA is made up of DFA compiler and DFA engine, and the DFA engine is supported in repeatedly hold mode in the input process.
Further, the above-mentioned DFA that utilizes carries out the method for detecting virus of stream Network Based at the gateway place, described virus checker is the application layer program, and it is directly to be delivered to application layer from inner nuclear layer that network packet is redirected, and does not need in layer to be delivered to application layer through protocol stack.
Further, the above-mentioned method for detecting virus that utilizes DFA to carry out stream Network Based at the gateway place, described network flow are by five-tuple: source IP address, purpose IP address, source port, destination interface and transport layer protocol type are formed; Described being meant according to network flow according to network flow organization network packet divided into groups to network packet, according to the Transmission Control Protocol standard tcp data bag recombinated, and makes the data that are input to the DFA engine orderly.
Again further, the above-mentioned method for detecting virus that utilizes DFA to carry out stream Network Based at the gateway place, described DFA engine are a program library or process independently, and the DFA engine is preserved the last scan state and also recover scanning mode when being scanned next time; Needn't once import all data, can import several times, therefore need before looking into poison, not carry out seven layers file reorganization to the DFA engine.Before network packet is imported the DFA engine, the HTTP packet is analyzed, if having only HTTP HEADER, the network packet of then letting pass if contain HTTP BODY data, is then taken out the BODY data, input DFA engine scans.Before letting pass, by analyzing HTTPHEADER, obtain the type information of BODY, to the BODY of some type, think and can not contain virus, directly let pass.
Again further, the above-mentioned DFA that utilizes carries out the method for detecting virus of stream Network Based at the gateway place, and the described network terminal is meant that the network flow that triggers virus is in local area network (LAN) one side corresponding equipment.
Substantive distinguishing features and obvious improvement that technical solution of the present invention is outstanding are mainly reflected in: directly be redirected to virus checker by the network packet that will meet feature in protocol stack, compare with traditional gateway gas defence technology, significantly reduced the packet time-delay that protocol stack brings.The present invention carries out virus by DFA and detects in virus checker, and viral detection speed improves more than 10 times than traditional gateway gas defence technology.And, in virus checker,, do not need to safeguard that a large amount of TCP connect with the mode organization network packet of network flow, saved CPU and memory source.In addition,, significantly reduced the time-delay that viral detection brings, improved user's network and experienced carrying out sending packet when virus detects.
Description of drawings
Below in conjunction with accompanying drawing technical solution of the present invention is described further:
Fig. 1: utilize DFA to carry out the framework of the viral detection system of stream Network Based at the gateway place;
Fig. 2: virus detects the flow chart of application program.
The implication of each Reference numeral sees the following form among the figure:
| Reference numeral | Implication | English name | |
| 1 | | Packets | |
| 2 | Lan interfaces | LAN | |
| 3 | | Kernel | |
| 4 | The formation of kernel data bag | Ipq | |
| 5 | Kernel and user's attitude communication link | Netlink | |
| 6 | User's attitude virus checker | FUM | |
| 7 | Package is knitted and three layers of processing module | PSM | |
| 8 | The core packet handing module | PPM | |
| 9 | Function call | Call | |
| 10 | The DFA engine | DFA Engine |
| Reference numeral | Implication | English name | |
| 11 | Kernel and user's attitude communication link | Netlink | |
| 12 | The formation of kernel | Ipq | |
| 13 | Wide Area Network interface | Wan |
Embodiment
Gateway device of the present invention is looked into malicious method and be may further comprise the steps: the network packet that 1. will meet feature in protocol stack directly is redirected to virus checker; 2. virus checker will be according to network flow organization network packet; 3. virus checker is imported the DFA engine with network packet; 4. the DFA engine carries out virus and detects according to compiled in advance virus characteristic storehouse; If detect, virus checker sends virus warning to the network terminal, and interrupt network stream, if do not match virus, and the network packet of then letting pass.
It should be noted that the HTTP data utilize DFA to discern by HTTP packet feature, do not discern, therefore do not have the under-enumeration problem by port numbers.The HTTP data are directly to be redirected to the application layer virus checker, rather than upwards are delivered to application layer layer by layer by protocol stack, have significantly reduced the time-delay that protocol stack brings.The HTTP data are organized according to the mode of network flow in application layer, do not need the TCP that is maintained into terminal and http server to be connected, and have significantly reduced the resource occupation to gateway, have reduced the hardware requirement of gateway.The HTTP data, are directly imported the DFA engine and are carried out checking and killing virus through after the data recombination in application layer, do not need to wait for that all data arrive, and do not need buffer memory, have saved internal memory and disk resource, have significantly reduced HTTP visit time-delay.By buffer memory HTTP visit information, when terminal next time same URL being initiated the HTTP request, notice terminal Virus Info.Virus checker does not send virus warning to terminal immediately after detecting virus, but the buffer memory Virus Info, and when this terminal is initiated same HTTP request once more, send virus warning to terminal.
Method for detecting virus of the present invention does not rely on specific hardware or software platform, if but select the Linux platform for use, utilize the existing module of platform, implement more convenient, below be example just with the Linux platform, introduce embodiment.
As Fig. 1 is to utilize DFA to carry out the system architecture of the virus detection of stream Network Based at the gateway place, after network packet 1 enters lan interfaces (LAN) 2, after kernel (Kernel) 3 carries out the http protocol feature identification, network packet 1 is gone into kernel data bag formation (Ipq) 4, be redirected to user's attitude virus checker (FUM) 6 by kernel and user's attitude communication link (Netlink) 5, the submodule package of user's attitude virus checker 6 knit with three layers of processing module (PSM) 7 from kernel and user's attitude communication link 5 receiving network data bags 1, according to five-tuple organization network packet 1, then network packet 1 is delivered to core packet handing module (PPM) 8, core packet handing module 8 calls DFA engine 10 and carries out virus scan, if there is not virus, just by kernel and user's attitude communication link (Netlink) 11 network packet 1 is redirected to kernel 3, kernel 3 then sends to internet with network packet 1 by Wide Area Network interface (Wan) 13.
Fig. 2 is the inter-process flow process of user's attitude virus checker FUM, comprises---
The submodule PSM of S11:FUM (user's attitude virus checker) (package is knitted and three layers of processing module) is stored in the buffering area from Netlink (kernel and user's attitude communication link) receiving network data bag;
S12:PSM extracts five-tuple from network packet: source IP address, purpose IP address, source port number, destination slogan, four layer protocol types.According to five-tuple, in the network flow form of system, mate, if the match is successful, then enter S14, if it fails to match, enter S13;
S13:PSM creates new network flow record, and this record is a major key with the five-tuple, and is inserted in the network flow form;
S14: judge that whether network packet only contains HTTP Header information, is then to enter S15, otherwise enters S16;
S15:HTTP Header can not contain virus, the network packet of directly letting pass;
S16: judge whether to be packed data, be then to enter S17, otherwise enter S23;
S17:, detect the compressed file type according to the information of HTTP Header information and several leading network packet;
S18: judge whether this compressed file type supports segmentation to decompress, RAR, ZIP type commonly used all is to support what segmentation decompressed, is then to enter S19, otherwise enters S20;
S19: carry out segmentation and decompress;
S20: judge that whether this network packet is the final stage data, is then to enter S22, otherwise enters S21;
S21: the copy network packet is to system cache, and the clearance network packet;
S22: the system buffer data are taken out, form compressed file, and decompress;
S23: the data input DFA engine with network packet or after decompressing carries out virus characteristic and detects, if virus is arranged, enters S25, does not have virus to enter S24;
S24: the clearance network packet, PPM (core packet handing module) is redirected to kernel by Netlink (kernel and user's attitude communication link) with network packet;
S25:PPM cuts off this data flow.
On probation show that the present invention will meet feature in protocol stack network packet directly is redirected to virus checker, significantly reduced the packet time-delay that protocol stack brings.In virus checker, to carry out virus by DFA and detect, the speed that DFA virus detects can improve more than 10 times.Also have, in virus checker,, do not need to safeguard that a large amount of TCP connect, saved CPU and memory source with the mode organization network packet of network flow.In addition,, significantly reduced the time-delay that viral detection brings, improved user's network and experienced carrying out sending packet when virus detects.
Below only be concrete exemplary applications of the present invention, protection scope of the present invention is not constituted any limitation.All employing equivalents or equivalence are replaced and the technical scheme of formation, all drop within the rights protection scope of the present invention.
Claims (6)
1. utilize DFA at the method for detecting virus that the gateway place carries out stream Network Based, it is characterized in that: viral testing process may further comprise the steps---
1) in protocol stack, network packet is redirected to virus checker;
2) virus checker is according to network flow organization network packet;
3) virus checker is imported the DFA engine with network packet;
4) the DFA engine carries out the virus detection according to compiled in advance virus characteristic storehouse, detects virus, and virus checker sends virus warning to the network terminal, and interrupt network stream, does not match virus, the network packet of then letting pass.
2. the DFA of utilization according to claim 1 carries out the method for detecting virus of stream Network Based at the gateway place, it is characterized in that: described network packet is meant the packet of http protocol, the http data bag is by extracting the http protocol condition code and utilizing the DFA coupling to obtain in protocol stack, described DFA is made up of DFA compiler and DFA engine, and the DFA engine is supported in repeatedly hold mode in the input process.
3. the DFA of utilization according to claim 1 is characterized in that at the method for detecting virus that the gateway place carries out stream Network Based: described virus checker is the application layer program, and it is directly to be delivered to application layer from inner nuclear layer that network packet is redirected.
4. the DFA of utilization according to claim 1 is characterized in that at the method for detecting virus that the gateway place carries out stream Network Based: described network flow is by five-tuple: source IP address, purpose IP address, source port, destination interface and transport layer protocol type are formed; Described being meant according to network flow according to network flow organization network packet divided into groups to network packet, according to the Transmission Control Protocol standard tcp data bag recombinated, and makes the data that are input to the DFA engine orderly.
5. the DFA of utilization according to claim 1 carries out the method for detecting virus of stream Network Based at the gateway place, it is characterized in that: described DFA engine is a program library or process independently, and the DFA engine is preserved the last scan state and also recover scanning mode when being scanned next time; Before network packet is imported the DFA engine, the HTTP packet is analyzed, have only the HTTP HEADER network packet of then letting pass, contain HTTP BODY data and then take out BODY data input DFA engine and scan.
6. the DFA of utilization according to claim 1 is characterized in that at the method for detecting virus that the gateway place carries out stream Network Based: the described network terminal is meant that the network flow that triggers virus is in local area network (LAN) one side corresponding equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008100197264A CN101252576A (en) | 2008-03-13 | 2008-03-13 | Method for detecting virus based on network flow with DFA in gateway |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008100197264A CN101252576A (en) | 2008-03-13 | 2008-03-13 | Method for detecting virus based on network flow with DFA in gateway |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101252576A true CN101252576A (en) | 2008-08-27 |
Family
ID=39955762
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2008100197264A Pending CN101252576A (en) | 2008-03-13 | 2008-03-13 | Method for detecting virus based on network flow with DFA in gateway |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101252576A (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102469450A (en) * | 2010-11-08 | 2012-05-23 | 中国移动通信集团广东有限公司 | Method and device for identifying virus characteristics of mobile phone |
| CN102893580A (en) * | 2012-07-04 | 2013-01-23 | 华为技术有限公司 | Anti-virus method and device and firewall device |
| CN103546448A (en) * | 2012-12-21 | 2014-01-29 | 哈尔滨安天科技股份有限公司 | Network virus detection method and system based on format parsing |
| CN104022924A (en) * | 2014-07-02 | 2014-09-03 | 浪潮电子信息产业股份有限公司 | Method for detecting HTTP (hyper text transfer protocol) communication content |
| CN104424438A (en) * | 2013-09-06 | 2015-03-18 | 华为技术有限公司 | Anti-virus file detection method, anti-virus file detection device and network equipment |
| CN104767710A (en) * | 2014-01-02 | 2015-07-08 | 中国科学院声学研究所 | DFA (Determine Finite Automaton)-based transmission load extraction method for HTTP (Hyper Text Transfer Protocol) chunked transfer encoding |
| CN105119943A (en) * | 2015-09-21 | 2015-12-02 | 上海斐讯数据通信技术有限公司 | Network virus prevention method, network virus prevention router and network virus prevention system |
| CN106657277A (en) * | 2016-11-24 | 2017-05-10 | 上海携程商务有限公司 | Http proxy service method and server and system |
| CN107306264A (en) * | 2016-04-25 | 2017-10-31 | 腾讯科技(深圳)有限公司 | Network security monitoring method and apparatus |
| CN109150649A (en) * | 2018-06-07 | 2019-01-04 | 武汉思普崚技术有限公司 | Network performance test method and system |
| CN109981629A (en) * | 2019-03-19 | 2019-07-05 | 杭州迪普科技股份有限公司 | Antivirus protection method, apparatus, equipment and storage medium |
| CN111565131A (en) * | 2020-04-22 | 2020-08-21 | 烽火通信科技股份有限公司 | Speed measuring method and system for household gateway CPU |
| CN112769790A (en) * | 2020-12-30 | 2021-05-07 | 杭州迪普科技股份有限公司 | Traffic processing method, device, equipment and storage medium |
| CN116743885A (en) * | 2023-08-15 | 2023-09-12 | 深圳华锐分布式技术股份有限公司 | UDP engine-based data transmission method, device, equipment and medium |
-
2008
- 2008-03-13 CN CNA2008100197264A patent/CN101252576A/en active Pending
Cited By (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102469450A (en) * | 2010-11-08 | 2012-05-23 | 中国移动通信集团广东有限公司 | Method and device for identifying virus characteristics of mobile phone |
| CN102469450B (en) * | 2010-11-08 | 2014-06-04 | 中国移动通信集团广东有限公司 | Method and device for recognizing virus characteristics of mobile phone |
| CN102893580A (en) * | 2012-07-04 | 2013-01-23 | 华为技术有限公司 | Anti-virus method and device and firewall device |
| WO2014005303A1 (en) * | 2012-07-04 | 2014-01-09 | 华为技术有限公司 | Anti-virus method and apparatus and firewall device |
| CN103546448A (en) * | 2012-12-21 | 2014-01-29 | 哈尔滨安天科技股份有限公司 | Network virus detection method and system based on format parsing |
| CN104424438B (en) * | 2013-09-06 | 2018-03-16 | 华为技术有限公司 | A kind of antivirus file detection method, device and the network equipment |
| CN104424438A (en) * | 2013-09-06 | 2015-03-18 | 华为技术有限公司 | Anti-virus file detection method, anti-virus file detection device and network equipment |
| CN104767710A (en) * | 2014-01-02 | 2015-07-08 | 中国科学院声学研究所 | DFA (Determine Finite Automaton)-based transmission load extraction method for HTTP (Hyper Text Transfer Protocol) chunked transfer encoding |
| WO2015101152A1 (en) * | 2014-01-02 | 2015-07-09 | 中国科学院声学研究所 | Method for extracting transmission payload of dfa-based http chunked transfer encoding |
| CN104767710B (en) * | 2014-01-02 | 2018-08-07 | 中国科学院声学研究所 | The transmission payload extracting method of HTTP block transmissions coding based on DFA |
| CN104022924A (en) * | 2014-07-02 | 2014-09-03 | 浪潮电子信息产业股份有限公司 | Method for detecting HTTP (hyper text transfer protocol) communication content |
| CN105119943A (en) * | 2015-09-21 | 2015-12-02 | 上海斐讯数据通信技术有限公司 | Network virus prevention method, network virus prevention router and network virus prevention system |
| CN107306264A (en) * | 2016-04-25 | 2017-10-31 | 腾讯科技(深圳)有限公司 | Network security monitoring method and apparatus |
| CN107306264B (en) * | 2016-04-25 | 2019-04-02 | 腾讯科技(深圳)有限公司 | Network security monitoring method and apparatus |
| CN106657277B (en) * | 2016-11-24 | 2020-06-12 | 上海携程商务有限公司 | Http proxy service method, server and system |
| CN106657277A (en) * | 2016-11-24 | 2017-05-10 | 上海携程商务有限公司 | Http proxy service method and server and system |
| CN109150649A (en) * | 2018-06-07 | 2019-01-04 | 武汉思普崚技术有限公司 | Network performance test method and system |
| CN109150649B (en) * | 2018-06-07 | 2021-04-23 | 武汉思普崚技术有限公司 | Network performance test method and system |
| CN109981629A (en) * | 2019-03-19 | 2019-07-05 | 杭州迪普科技股份有限公司 | Antivirus protection method, apparatus, equipment and storage medium |
| CN111565131A (en) * | 2020-04-22 | 2020-08-21 | 烽火通信科技股份有限公司 | Speed measuring method and system for household gateway CPU |
| CN112769790A (en) * | 2020-12-30 | 2021-05-07 | 杭州迪普科技股份有限公司 | Traffic processing method, device, equipment and storage medium |
| CN112769790B (en) * | 2020-12-30 | 2022-06-28 | 杭州迪普科技股份有限公司 | Traffic processing method, device, equipment and storage medium |
| CN116743885A (en) * | 2023-08-15 | 2023-09-12 | 深圳华锐分布式技术股份有限公司 | UDP engine-based data transmission method, device, equipment and medium |
| CN116743885B (en) * | 2023-08-15 | 2023-10-13 | 深圳华锐分布式技术股份有限公司 | UDP engine-based data transmission method, device, equipment and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101252576A (en) | Method for detecting virus based on network flow with DFA in gateway | |
| JP3794491B2 (en) | Attack defense system and attack defense method | |
| KR100612452B1 (en) | Apparatus and Method for Detecting Malicious Code | |
| CN103634315B (en) | The front-end control method and system of name server | |
| CN101436958B (en) | Method for resisting abnegation service aggression | |
| US7904959B2 (en) | Systems and methods for detecting and inhibiting attacks using honeypots | |
| CN1838670A (en) | System safety protection method using multi processing unit structure and related device | |
| CN100558089C (en) | A kind of content filtering gateway implementation method of filter Network Based | |
| GB2357939A (en) | E-mail virus detection and deletion | |
| US7865474B2 (en) | Data processing system | |
| CN100531213C (en) | Network safety protective method for preventing reject service attack event | |
| US20060288418A1 (en) | Computer-implemented method with real-time response mechanism for detecting viruses in data transfer on a stream basis | |
| US20040107361A1 (en) | System for high speed network intrusion detection | |
| US20140223558A1 (en) | Method and device for integrating multiple threat security services | |
| CN101572700A (en) | Method for defending HTTP Flood distributed denial-of-service attack | |
| CN107979581B (en) | Detection method and device for zombie characteristics | |
| CN101213812A (en) | Method for defending against denial of service attacks in IP networks by target victim self-identification and control | |
| CN101213813A (en) | Method for defending against denial of service attacks in IP networks by target victim self-identification and control | |
| CN1960246A (en) | Method for filtering out harmfulness data transferred between terminal and destination host in network | |
| US8336092B2 (en) | Communication control device and communication control system | |
| KR20070103774A (en) | Communication control device and communication control system | |
| CN103248609A (en) | System, device and method for detecting data from end to end | |
| JP2007325293A (en) | System and method for attack detection | |
| CN1152517C (en) | Method of guarding network attack | |
| CN1992595A (en) | Terminal and related computer implemented method for detecting malicious data for computer network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Open date: 20080827 |