SUSPICIOUS PACKET DETECTION DEVICE AND SUSPICIOUS PACKET DETECTION METHOD THEREOF｜Patents Search｜Patents｜Service

2018.11.27

SUSPICIOUS PACKET DETECTION DEVICE AND SUSPICIOUS PACKET DETECTION METHOD THEREOF

United States

Overview

A suspicious packet detection device and a suspicious packet detection method thereof are provided. The suspicious packet detection device retrieves a HTTP packet transmitted from an internal to an external network, and based on HTTP header of the HTTP packet, determines that the HTTP packet belongs to one of a browser category and an application category and identifies the HTTP packet as one of a normal packet and a suspicious packet. When the HTTP packet is identified as the normal packet, the suspicious packet detection device further verifies whether the HTTP packet is the suspicious packet or not by comparing the HTTP header with relevance information or using a URL classification model.