US 12,323,443 B2
Attack behavior detection method and apparatus, and attack detection device
Yubin Tang, Shenzhen (CN)
Assigned to HUAWEI TECHNOLOGIES CO., LTD., Shenzhen (CN)
Filed by Huawei Technologies Co., Ltd., Shenzhen (CN)
Filed on Jul. 19, 2022, as Appl. No. 17/867,976.
Application 17/867,976 is a continuation of application No. PCT/CN2020/118782, filed on Sep. 29, 2020.
Claims priority of application No. 202010123839.X (CN), filed on Feb. 27, 2020.
Prior Publication US 2022/0368706 A1, Nov. 17, 2022
Int. Cl. H04L 9/40 (2022.01); H04L 67/02 (2022.01)
CPC H04L 63/1425 (2013.01) [H04L 63/1416 (2013.01); H04L 67/02 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising:
obtaining, from a host within a reference time period, first Hypertext Transfer Protocol (HTTP) packet flow data comprising first data in one or more HTTP packets, wherein the one or more HTTP packets belong to a first data flow, and wherein the reference time period is a reference duration before a current time;
determining, based on the first HTTP packet flow data and using a plurality of first behavior detection models, a plurality of first initial probability values, wherein the first behavior detection models describe different phases of a track of an exploit kit (EK) attack behavior, and wherein each of the first initial probability values is output by one of the first behavior detection models;
determining, based on the first initial probability values, a comprehensive probability value indicating a probability that the host is attacked by an EK in a process in which the host transmits the first data flow; and
determining that the EK attack behavior exists in the process when the comprehensive probability value is greater than a preset probability threshold.