Method, Apparatus, and Device for Detecting E-Mail Attack
First Claim
1. A method implemented by a network device for detecting an electronic mail (E-mail) attack, comprising:
- receiving a data flow;
obtaining an E-mail traffic parameter of each statistic period within a predetermined number of statistic periods;
determining, within each statistic period, the E-mail traffic parameter of each of the statistic periods according to a protocol type of the received data flow; and
determining that an E-mail attack is detected when the E-mail traffic parameter of each statistic period within the predetermined number of statistic periods matches a first threshold.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, an apparatus, and a device for detecting an E-mail attack. The device receives a data flow; obtains an E-mail traffic parameter of each statistic period within a predetermined number of statistic periods, where within each statistic period, the E-mail traffic parameter of each of the statistic periods is determined according to a protocol type of the received data flow; and determines that an E-mail attack is detected when the E-mail traffic parameter of each statistic period within the predetermined number of statistic periods matches a first threshold. By applying the disclosed embodiments, a detection result of the E-mail attack is more accurate.
-
Citations
15 Claims
-
1. A method implemented by a network device for detecting an electronic mail (E-mail) attack, comprising:
-
receiving a data flow; obtaining an E-mail traffic parameter of each statistic period within a predetermined number of statistic periods; determining, within each statistic period, the E-mail traffic parameter of each of the statistic periods according to a protocol type of the received data flow; and determining that an E-mail attack is detected when the E-mail traffic parameter of each statistic period within the predetermined number of statistic periods matches a first threshold. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A device for detecting an E-mail attack, comprising:
-
a network interface configured to receive a data flow; and a processor configured to; obtain an electronic mail (E-mail) traffic parameter of each statistic period within a predetermined number of statistic periods; determine, within each statistic period, the E-mail traffic parameter of each of the statistic periods according to a protocol type of the data flow received by the network interface; and determine, when the E-mail traffic parameter of each statistic period within the predetermined number of statistic periods matches a first threshold, that an E-mail attack is detected. - View Dependent Claims (11, 12, 13, 14, 15)
-
Specification