Abstract: Mechanisms are provided for workflow data redistribution in a hybrid computing environment comprising a private portion and a public portion of the hybrid computing environment. A received user request, that is serviced by a workflow executed by one or more computing devices of the hybrid computing environment, is parsed to extract criteria of the workflow for servicing the user request. It is determined whether a catalog data structure exists in a public catalog data store of the public portion that satisfies the criteria of the workflow and if not, the user request is processed in a workflow manager computing system of the private portion to generate a catalog that satisfies the criteria of the workflow and generate a result. A portion of the catalog is redistributed by storing the portion of the catalog in the public catalog data store of the public portion.

Abstract: A network security protection method includes receiving a first data flow, where the first data flow includes a source Internet Protocol (IP) address and a destination IP address, where the source IP address is an IP address of a first electronic device, and where the destination IP address is an IP address of a first server, determining first device attribute information corresponding to the source IP address, determining second device attribute information corresponding to the destination IP address, and forwarding the first data flow when the first device attribute information matches the second device attribute information or blocking the first data flow when the first device attribute information does not match the second device attribute information.

Abstract: This application discloses a network service processing method, a network service processing system, and a gateway device, to alleviate a problem that the gateway device cannot meet increasing additional function requirements. The gateway device identifies a type of a first intranet device, where the first intranet device belongs to an intranet connected to the gateway device. The gateway device obtains a first software package based on the type of the first intranet device, where the first software package is used to implement a first additional function. The gateway device sends a first indication message and the first software package to the first intranet device, where the first indication message is used to indicate the first intranet device to install the first software package and execute the first additional function.

Abstract: A security vulnerability defense method includes obtaining, by a vulnerability management device, asset information of an asset of a first network device, where the asset information includes an asset identifier, an asset model, and an asset version, and the first network device is located in a range of a controlled network; obtaining, by the vulnerability management device based on the asset model and the asset version in the asset information, vulnerability information corresponding to the asset information; and determining, by the vulnerability management device, a vulnerability response playbook corresponding to the vulnerability information, where the vulnerability response playbook is used to execute a vulnerability defense policy for the first network device after being parsed.

Abstract: A software defined networking (SDN)-based distributed denial of service (DDoS) attack prevention method, an apparatus, and a system, where a controller delivers a traffic statistics collection instruction to a first packet forwarding device. The traffic statistics collection instruction instructs the first packet forwarding device to perform traffic statistics collection, and carries a destination Internet Protocol (IP) address. The controller collects statistical data reported by the first packet forwarding device, obtains, according to the statistical data, a statistical value of global traffic flowing to the destination IP address, and delivers a DDoS prevention policy to a second packet forwarding device based on a determining result that the statistical value of the global traffic exceeds the preset threshold.

Abstract: A bot characteristic detection method and apparatus, where the apparatus obtains a first dynamic behavior file and a second dynamic behavior file, where the first dynamic behavior file is a behavior file resulting from dynamic behavior detection performed on a malicious file in a first sandbox, and the second dynamic behavior file is a behavior file resulting from dynamic behavior detection performed on the malicious file in a second sandbox. The apparatus determines a bot characteristic of the malicious file based on a common characteristic of the first dynamic behavior file and the second dynamic behavior file.

Abstract: A network security protection method is executed by a network security protection device and includes obtaining at least one of network environment data or threat detection data of a host that is in a protected network and that is connected to the network security protection device, where the network environment data includes an identifier of an operating system, a parameter of the operating system, an identifier of software with a network port access function, or a parameter of the software; and the threat detection data includes a threat type or a threat identifier, where the threat type includes a vulnerability or a malicious program; searching, according to the obtained at least one of network environment data or threat detection data, for corresponding information used to eliminate a security threat in the host; and sending the found information to the host.

Abstract: An optical system for a multi-color, multi-emitter LED-based lighting device can include a lens array. The lens array can include a number of color-mixing rod members extending parallel to each other along an optical axis, the color-mixing rod members being arranged and spaced so that the rear end of each color-mixing rod member aligns with a different one of the emitters. A beam-forming section can be formed at the front ends of the color mixing rod members. The beam-forming section can include nonplanar (e.g., convex or concave) front surface features, each nonplanar front surface feature being aligned with a front end of a corresponding one of the color-mixing rod members. The beam-forming section and color-mixing rod members can be formed as a unitary structure.

Abstract: A bot characteristic detection method and apparatus, where the apparatus obtains a first dynamic behavior file and a second dynamic behavior file, where the first dynamic behavior file is a behavior file resulting from dynamic behavior detection performed on a malicious file in a first sandbox, and the second dynamic behavior file is a behavior file resulting from dynamic behavior detection performed on the malicious file in a second sandbox. The apparatus determines a bot characteristic of the malicious file based on a common characteristic of the first dynamic behavior file and the second dynamic behavior file.

Abstract: A bot characteristic detection method and apparatus, where the apparatus obtains a first dynamic behavior file and a second dynamic behavior file, where the first dynamic behavior file is a behavior file resulting from dynamic behavior detection performed on a malicious file in a first sandbox, and the second dynamic behavior file is a behavior file resulting from dynamic behavior detection performed on the malicious file in a second sandbox. The apparatus determines a bot characteristic of the malicious file based on a common characteristic of the first dynamic behavior file and the second dynamic behavior file.

Abstract: A software defined networking (SDN)-based distributed denial of service (DDoS) attack prevention method, an apparatus, and a system, where a controller delivers a traffic statistics collection instruction to a first packet forwarding device. The traffic statistics collection instruction instructs the first packet forwarding device to perform traffic statistics collection, and carries a destination Internet Protocol (IP) address. The controller collects statistical data reported by the first packet forwarding device, obtains, according to the statistical data, a statistical value of global traffic flowing to the destination IP address, and delivers a DDoS prevention policy to a second packet forwarding device based on a determining result that the statistical value of the global traffic exceeds the preset threshold.

Abstract: A method, an apparatus, and a device for detecting an electronic mail (E-mail) attack. The device receives a data flow, obtains an E-mail traffic parameter of each statistic period within a predetermined number of statistic periods, where within each statistic period, the E-mail traffic parameter of each of the statistic periods is determined according to a protocol type of the received data flow, and determines that an E-mail attack is detected when the E-mail traffic parameter of each statistic period within the predetermined number of statistic periods matches a first threshold.

Abstract: A software defined networking (SDN)-based distributed denial of service (DDoS) attack prevention method, an apparatus, and a system, where a controller delivers a traffic statistics collection instruction to a first packet forwarding device. The traffic statistics collection instruction instructs the first packet forwarding device to perform traffic statistics collection, and carries a destination Internet Protocol (IP) address. The controller collects statistical data reported by the first packet forwarding device, obtains, according to the statistical data, a statistical value of global traffic flowing to the destination IP address, and delivers a DDoS prevention policy to a second packet forwarding device based on a determining result that the statistical value of the global traffic exceeds the preset threshold.

Abstract: A webshell detection method and apparatus are provided. The apparatus obtains first web traffic of a protected host; generates a web page visit record of the protected host based on the first web traffic, where the web page visit record is used to save at least one uniform resource locator (URL), an IP address visiting each URL, and a total quantity of visits to each URL; determines a suspicious URL from the at least one URL based on the web page visit record, where a total quantity of visits to the suspicious URL is less than a first threshold, and a ratio of a quantity of different IP addresses visiting the suspicious URL to the total quantity of visits to the suspicious URL is less than a second threshold; and determines whether a web page identified by the suspicious URL contains a webshell signature.

Abstract: A lens system includes a TIR (Total Internal Reflection) lens and a diffuser. The lens has an optical body member including an upper end, a lower end opposite the upper end, and an outer surface. The outer surface is shaped to provide total internal reflection for light from a light source. An upper surface extends in a series of steps from the upper end to a first interior portion of the optical body member. A substantially cylindrical cavity extends from the lower end to a second interior portion of the optical body member. A middle portion separates the first and second interior portions and has a flat upper surface and a curved lower surface. The diffuser has a curved shell configured for disposing over a light source and configured to fit inside the cylindrical cavity of the optical body member, the diffuser having a circular rim fused to the lower end of the optical body member.

Abstract: An optical system for a multi-color, multi-emitter LED-based lighting device can include a lens array. The lens array can include a number of color-mixing rod members extending parallel to each other along an optical axis, the color-mixing rod members being arranged and spaced so that the rear end of each color-mixing rod member aligns with a different one of the emitters. A beam-forming section can be formed at the front ends of the color mixing rod members. The beam-forming section can include nonplanar (e.g., convex or concave) front surface features, each nonplanar front surface feature being aligned with a front end of a corresponding one of the color-mixing rod members. The beam-forming section and color-mixing rod members can be formed as a unitary structure.

Abstract: A bot characteristic detection method and apparatus, where the apparatus obtains a first dynamic behavior file and a second dynamic behavior file, where the first dynamic behavior file is a behavior file resulting from dynamic behavior detection performed on a malicious file in a first sandbox, and the second dynamic behavior file is a behavior file resulting from dynamic behavior detection performed on the malicious file in a second sandbox. The apparatus determines a bot characteristic of the malicious file based on a common characteristic of the first dynamic behavior file and the second dynamic behavior file.

Abstract: A method, an apparatus, and a device for detecting an electronic mail (E-mail) attack. The device receives a data flow, obtains an E-mail traffic parameter of each statistic period within a predetermined number of statistic periods, where within each statistic period, the E-mail traffic parameter of each of the statistic periods is determined according to a protocol type of the received data flow, and determines that an E-mail attack is detected when the E-mail traffic parameter of each statistic period within the predetermined number of statistic periods matches a first threshold.

Abstract: A method, an apparatus, and a device for detecting an E-mail attack. The device receives a data flow; obtains an E-mail traffic parameter of each statistic period within a predetermined number of statistic periods, where within each statistic period, the E-mail traffic parameter of each of the statistic periods is determined according to a protocol type of the received data flow; and determines that an E-mail attack is detected when the E-mail traffic parameter of each statistic period within the predetermined number of statistic periods matches a first threshold. By applying the disclosed embodiments, a detection result of the E-mail attack is more accurate.

Abstract: A method, a device, and a system for alerting against unknown malicious codes includes judging whether any suspicious code exists in the packet, recording a source path of the suspicious code and sending alert information that carries the source path to a monitoring device. The embodiments of the present disclosure report the source paths of suspicious codes proactively at the earliest possible time, which lays a foundation for shortening the time required for overcoming virus threats, and avoids the trouble of installing software on the terminal.