Abstract: The present disclosure provides an automatic proxy method includes steps as follows. A controller selects one proxy host as a first designated proxy host from a plurality of proxy hosts and uses the Internet protocol address of the first designated proxy host as an external Internet protocol address of a main server; then, the controller communicates with a domain name system, so that the domain name system can update a record of a mapping between a domain name of the main server and the Internet protocol address of the first designated proxy host.

Abstract: A packet transmission method is disclosed herein. The packet transmission method includes the following operations. The first packet is transmitted to a first proxy server terminal by a first user terminal. A header of received first packet is changed to generate a first header, and the first packet with the first header is transmitted to a gateway terminal by the first proxy server terminal. The first header of the received first packet is changed to generate a second header, and the first packet with the second header is transmitted to a server terminal by the gateway terminal. The header of the first packet includes a source address field and a destination address field.

Abstract: The present disclosure provides a system and a method of fileless malware detection, and the method of the fileless malware detection includes steps as follows. The execution of the writable section in the memory is intercepted; the executable code corresponding to the execution is extracted from the writable section; whether the executable code is malicious is analyzed.

Abstract: A packet transmission method is disclosed herein. The packet transmission method includes the following operations: transmitting a first packet to a first proxy server terminal by a first user terminal; changing a header of received first packet to generate a first header, and transmitting the first packet with the first header to a gateway terminal by the first proxy server terminal; changing the header of received first packet to generate a second header, and transmitting the first packet with the second header to a server terminal by the gateway terminal, wherein the header of the first packet includes a source address field and a destination address field.

Abstract: A data protection method includes: detecting whether a web transmission behavior occurs or not; analyzing a transmitter and a first file of the web transmission behavior, wherein the transmitter is corresponding to a first application program, and the first file is corresponding to a first file characteristic; extracting a historical accessing record of the transmitter from a memory; extracting a second file characteristic of a second file from the memory in a state that the historical accessing record indicates that the transmitter accesses the second file of a second application program; comparing the first file characteristic with the second file characteristic, to generate a first similarity degree; and blocking the web transmission behavior according to the first similarity degree.

Abstract: A method for live migrating a virtual machine includes connecting to a virtual machine operated in a first host by a client; transmitting condition data of the virtual machine to a second host by the first host during a transmitting time, the first host and the second host being located at different net domains; transmitting a variance of condition data of the virtual machine generated in the transmitting time to the second host by the first host; providing a notification to the client to reconnect to the second host by the first host; modifying a network packets transmitting rule by the client based on the notification of the first host, and activating the virtual machine by the second host based on the condition data of the virtual machine and the variance of the condition data of the virtual machine thereby maintaining the connection between the client and the virtual machine.

Abstract: A method for live migrating a virtual machine includes connecting to a virtual machine operated in a first host by a client; transmitting condition data of the virtual machine to a second host by the first host during a transmitting time, the first host and the second host being located at different net domains; transmitting a variance of condition data of the virtual machine generated in the transmitting time to the second host by the first host; providing a notification to the client to reconnect to the second host by the first host; modifying a network packets transmitting rule by the client based on the notification of the first host, and activating the virtual machine by the second host based on the condition data of the virtual machine and the variance of the condition data of the virtual machine thereby maintaining the connection between the client and the virtual machine.

Abstract: A computer worm curing system includes a string receiving module, a string generating module and a string replying module. The string receiving module receives an infected string, which is generated by a computer worm, from an infected host, which is infected by the computer worm, through a network. The infected string includes a shellcode, and the shellcode is executed utilizing a vulnerable process. The string generating module generates a curing code for curing the computer worm, and replaces the shellcode in the infected string with the curing code to generate a curing string, such that the curing string can be executed utilizing the vulnerable process. The string replying module replies the curing string to the infected host, such that the curing code of the curing string can be executed utilizing the vulnerable process of the infected host to cure the infected host of the computer worm.

Abstract: A safety protection method which is performed with a controller includes steps of providing an index table, calling one of the APIs (API), filtering the called API based on a predetermined condition, and blocking the API if the API confirms the predetermined condition. Furthermore, a safety protection device is also disclosed herein.

Abstract: A phishing processing method includes: an information input web page comprising an information input interface, through which information is transmitted to an information receiving address, is received. Determine if the information input web page is a phishing web page. If it is determined that the information input web page is the phishing web page, fake input information is transmitted to the information receiving address. When information for verification is received from an information transmitting address, if the received information for verification is the fake input information is determined. If the received information for verification is the fake input information, it is determined that the information transmitting address is a malicious address.

Abstract: A phishing processing method includes: an information input web page comprising an information input interface, through which information is transmitted to an information receiving address, is received. Determine if the information input web page is a phishing web page. If it is determined that the information input web page is the phishing web page, fake input information is transmitted to the information receiving address. When information for verification is received from an information transmitting address, if the received information for verification is the fake input information is determined. If the received information for verification is the fake input information, it is determined that the information transmitting address is a malicious address.

Abstract: A computer worm curing system includes a string receiving module, a string generating module and a string replying module. The string receiving module receives an infected string, which is generated by a computer worm, from an infected host, which is infected by the computer worm, through a network. The infected string includes a shellcode, and the shellcode is executed utilizing a vulnerable process. The string generating module generates a curing code for curing the computer worm, and replaces the shellcode in the infected string with the curing code to generate a curing string, such that the curing string can be executed utilizing the vulnerable process. The string replying module replies the curing string to the infected host, such that the curing code of the curing string can be executed utilizing the vulnerable process of the infected host to cure the infected host of the computer worm.