METHOD, DEVICE AND SYSTEM FOR ALERTING AGAINST UNKNOWN MALICIOUS CODES
First Claim
1. A method for alerting against unknown malicious codes, comprising:
- receiving, by a network device, a request sent by a terminal for obtaining a file from a network entity and a data stream carrying the file;
recording, by the network device, a source path carried in the request, wherein the network entity providing the file on the source path;
judging, by the network device, whether the file is an executable file according to the request or the data stream carried the file; and
sending, by the network device, first alert information that carries the source path to a monitoring device, if the network device judges the file is the executable file.
3 Assignments
0 Petitions
Accused Products
Abstract
A method, a device, and a system for alerting against unknown malicious codes are disclosed. The method includes: detecting characteristics of a packet; judging whether any suspicious code exists in the packet according to a result of the detection; recording a source path of the suspicious code if the suspicious code exists in the packet; and sending alert information that carries the source path to a monitoring device. The embodiments of the present disclosure can report source path of numerous suspicious codes proactively at the earliest possible time, lay a foundation for shortening the time required for overcoming virus threats, and avoid the trouble of installing software on the terminal.
13 Citations
12 Claims
-
1. A method for alerting against unknown malicious codes, comprising:
-
receiving, by a network device, a request sent by a terminal for obtaining a file from a network entity and a data stream carrying the file; recording, by the network device, a source path carried in the request, wherein the network entity providing the file on the source path; judging, by the network device, whether the file is an executable file according to the request or the data stream carried the file; and sending, by the network device, first alert information that carries the source path to a monitoring device, if the network device judges the file is the executable file. - View Dependent Claims (2, 3, 4)
-
-
5. A network device, comprising:
-
a receiving module, configured to receive a request sent by a terminal for obtaining a file from a network entity and receive a data stream carrying the file; a recording module, configured to record a source path carried in the request, wherein the network entity providing the file on the source path; a detecting module, configured to judge whether the file is an executable file according to the request or the data stream carried the file; and a sending module, configured to send first alert information that carries the source path to a monitoring device, if the network device judges the file is the executable file. - View Dependent Claims (6, 7, 8, 9, 10)
-
-
11. A network device, comprising:
-
a memory storing instructions thereon; and a processor coupled to the memory and implements the instructions to; receive a request sent by a terminal for obtaining a file from a network entity and receive a data stream carrying the file; record a source path carried in the request, wherein the network entity providing the file on the source path; judge whether the file is an executable file according to the request or the data stream carried the file; and send first alert information that carries the source path to a monitoring device, if the network device judges the file is the executable file. - View Dependent Claims (12)
-
Specification