Method, device and system for recognizing network behavior of program
US9749341B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Sep 17, 2013 |
| Grant date | Aug 29, 2017 |
| Priority date | — |
| Expiry date | Jan 29, 2034 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04W12/128
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
The present disclosure discloses a method, device and system for recognizing network behavior of a program. The method comprises: during the program's access to a network, acquiring application layer data in a current network behavior of the program; judging whether the application layer data includes an unknown protocol; if protocols in the application layer data are all known protocols, identifying the current network behavior of the program as a network behavior of a recognizable program; and if the application layer data includes an unknown protocol, identifying the current network behavior of the program as a network behavior of a suspicious program. As such, a accurate recognition of a network behavior of a program is realized, the network behavior of the program including an unknown protocol is identified as a network behavior of a suspicious program, risk prompt information can be sent to a user, and a final selection is performed by the user, thereby solving the problem that conventional solutions for recognizing a network behavior of a program cannot accurately recognize a network behavior of a newly-emerging or new variant program.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.