Abstract: Techniques are described for managing communications for a managed computer network by using a defined pool of alternative computing nodes of the managed computer network that are configured to operate as intermediate destinations to handle at least some communications that are sent by and/or directed to one or more other computing nodes of the managed computer network. For example, a manager module associated with a source computing node may select a particular alternative intermediate destination computing node from a defined pool to use for one or more particular communications from the source computing node to an indicated final destination, such as based on a configured logical network topology for the managed computer network and/or on one or more other selection criteria (e.g., to enable load balancing between the alternative computing nodes). The manager module then forwards those communications to the selected intermediate destination computing node for further handling.

Abstract: The disclosed computer-implemented method for preventing malicious applications from exploiting application services may include (i) identifying an attempt by an application, executing within a sandboxed environment that isolates the application's data and code execution from at least one other application executing within an operating system on the computing device, to launch at least one application service, (ii) determining that the application represents a potential security risk, (iii) prompting a user of the computing device to remediate the potential security risk posed by the application by performing a recommended security action, and (iv) while waiting for the user to perform the recommended security action, securing the computing device by blocking the attempt by the application to launch the application service. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: In one embodiment, a network security device monitors network communications between a computer and another computer. A periodicity of transmissions made by one computer to the other computer is determined, with the periodicity being used to identify candidate time point pairs having intervals that match the periodicity. A graph is constructed with time points of the candidate time point pairs as nodes and with intervals of time point pairs as edges. A longest path that continuously links one time point to another time point on the graph is compared to a threshold length to verify that the transmissions are periodic, and are thus potentially indicative of malicious network communications.

Abstract: A request to create a set of security policies for an application is received at a graphical user interface. Information identifying a set of source VMs, a set of destination VMs, and a set of target VMs also are received, wherein the target VMs are executing the application and are supported by (a) node(s) in a clustered virtualization environment. A set of inbound rules identifying (a) category(ies) of source VMs permitted to initiate connections with a subset of target VMs and a set of outbound rules identifying (a) category(ies) of destination VMs to which the subset of target VMs are permitted to initiate connections are received at the graphical user interface. Upon receiving a request to apply the security policies, the policies are configured based at least in part on the inbound and outbound rules and a visual representation of the security policies is presented in the graphical user interface.

Abstract: Methods and apparatus to provide a distributed firewall in a network are disclosed. Example firewall controllers disclosed herein are to instruct a first network node of a software-defined network to implement a first firewall instance of a distributed firewall, the first network node to implement the first firewall instance with a first virtual machine. Disclosed example firewall controllers are also to configure a second network node of the software-defined network to route network traffic through the first firewall instance and, after at least some of the network traffic is dropped by the first firewall instance, instruct the second network node to implement a second firewall instance of the distributed firewall, the second network node to implement the second firewall instance with a second virtual machine.

Abstract: A port listening request dynamically generated by an application process hosted in a container can be identified. Whether the application process hosted in the container is trusted can be determined. Responsive to determining that the application process hosted in the container is trusted, a first port to be used as an external port for the application process can be dynamically selected, and a port assignment can be communicated to a container engine, the port assignment indicating the first port is assigned to the application process. The first port can be mapped to a second port assigned as an internal port for the application process. The first port can be opened for the application process.

Abstract: A port listening request dynamically generated by an application process hosted in a container can be identified. Whether the application process hosted in the container is trusted can be determined. Responsive to determining that the application process hosted in the container is trusted, a first port to be used as an external port for the application process can be dynamically selected, and a port assignment can be communicated to a container engine, the port assignment indicating the first port is assigned to the application process. The first port can be mapped to a second port assigned as an internal port for the application process. The first port can be opened for the application process.

Abstract: There is provided a computer implemented method of disabling a malicious electronic control unit (ECU) of a plurality of ECUs in communication with a controller area network (CAN) bus network, the method executed by a computing device in communication with the plurality of ECUs and the CAN bus network, the method comprising: detecting a malicious message transmitted by the malicious ECU over the CAN bus network, and injecting a plurality of bits over the CAN bus network to trigger a predefined plurality of errors for disabling the malicious ECU before the malicious ECU makes an additional attempt to retransmit an additional instance of the malicious message.

Abstract: A system and method that utilize data from co-sited cells that transmit and receive data on frequencies that are licensed to different operators facilitate sharing cellular configuration and performance data without revealing proprietary data to competing operators. Detection of external interference is enhanced by data from different operators.

Abstract: A system including a network communication device, a storage device, and a controller is provided. The storage device stores first mappings between IP addresses and devices, and second mappings between software and devices. The controller obtains a connection log from the proxy server or the firewall device via the network communication device, uses the first mappings and the second mappings to analyze the connection log to determine one or more different connections between connections of devices on which first software is installed and connections of devices on which the first software is not installed, determines whether the first software functions normally on a first device blocking the different connections, and adds destination addresses of the different connections into a blocking list in response to the first software functioning normally on the first device, such that the proxy server or the firewall device blocks all connections towards the destination addresses.

Abstract: Described herein is a system for automatically capturing configuration changes to the cloud computing resources. The system for automatically capturing configuration changes may detect changes to configurations of cloud computing resources across the geographic regions, in real-time. The changes may be stored in a central data storage device instantiated by a central cloud computing account. Furthermore, a relationship graph indicating the relationships between the different cloud computing resources may be generated.

Abstract: A method of enforcing security rules for a packet on a host is provided. The method at a security service dispatcher, determines a dispatching action on a packet for each of a group of security services. Each security service is for enforcing a set of security rules on each packet. The method for each security service, sends the packet to the security service when the dispatch rule for the security service indicates that the set of security rules of the security service has to be enforced on the packet. The method for each security service, bypasses the enforcement of the security rules of the security service when the dispatch rule for the security service indicates that the set of security rules of the security service has to be bypassed for the packet.

Abstract: Some embodiments of the invention provide a novel architecture for capturing contextual attributes on host computers that execute one or more machines and providing the captured contextual attributes to middlebox service engines executing at the edge of a physical datacenter. In some embodiments, the middlebox service engines run in an edge host (e.g., an NSX Edge) that provides routing services and connectivity to external networks (e.g., networks external to an NSX-T deployment). Some embodiments execute a context header insertion processor that receives contextual attributes relating to network events and/or process events on the machines collected using a guest-introspection (GI) agent on each machine. In some embodiments, the context header insertion processor uses these contextual attributes to generate a header including data regarding the contextual attributes (a “context header”) that is used to encapsulate a data message that is processed by the SFE.

Abstract: A network device identifies an Internet Protocol Security (IPsec) tunnel that connects the network device to a remote device and determines that dead peer detection (DPD) is enabled at the network device. The network device receives a first DPD request message from the remote device via the IPsec tunnel, and sends a first DPD response message to the remote device via the IPsec tunnel. The network device determines that a workload of the network device satisfies a threshold amount, and sends one or more encapsulating security payload (ESP) packets that include traffic flow confidentiality (TFC) payload data to the remote device via the IPsec tunnel. The network device determines that the workload of the network device does not satisfy the threshold amount. The network device receives a second DPD request message from the remote device and sends a second DPD response message to the remote device via the IPsec tunnel.

Abstract: Systems and methods are disclosed herein for opening files via local applications. A first application on a local device receives a request to open a document specified by a user via a user interface associated with the first application, the document having a document identifier and associated with a first file stored on a server. The first application communicates the request to open the document associated with the first file to a second application on the local device, and receives, from the second application, information identifying one of the plurality of document processing applications that are on the local device and are capable of opening a second file that is stored on the local device and has the same document identifier as the document specified by the user, the second file being a local copy of the first file.

Abstract: In example implementations, a method is provided that is executed by a processor. A multiplexed data stream is received over a single transmission control protocol (TCP) connection that uses a SPDY protocol. The multiplexed data stream contains data packets associated with a plurality of different data streams. A plurality of sub-contexts are generated. Each one of the sub-contexts is associated with a different one of the plurality of different data streams. The data packets are demultiplexed from the multiplexed data stream into a respective one of the plurality of sub-contexts. The plurality of different data streams in the respective one of the plurality of sub-contexts are examined to detect a malware.

Abstract: A method and an apparatus to perform multi-connection traffic analysis and management are described. In one embodiment, the method includes analyzing data packets in the first data flow of a client application for a pattern of interest, where the client application communicates data using first and second data flows. In response to the method detecting a pattern of interest in the first data flow, the method identifies the second data flow and identifies a traffic policy for the second data flow. The method applies the identified traffic policy to the second data flow. Other embodiments have been claimed and described.

Abstract: A service registration method and usage method, and a related apparatus are used to reduce risks generated when a service of an AP-type service providing node cannot be registered and a CP-type service providing node provides a service since distributed characteristics of a service providing node are not distinguished in a network partition scenario. The method is: obtaining, by a registration service node, network partition information, and receiving a registration request of a service providing node, where the registration request carries a distributed characteristic of the service providing node, and the distributed characteristic meets both consistency and partition tolerance, or meets both availability and partition tolerance; and determining, by the registration service node according to the network partition information and the distributed characteristic of the service providing node, whether registration of a service provided by the service providing node is allowed.

Abstract: A method for configuring, via a website, a device to provide printing services to a local network is described. The method includes creating, via a website, a service host object that comprises a network address of a device on a local network and a service host name. The method also includes configuring, via the website, one or more printing settings for one or more printing services. The method further includes sending an indication to the device on the local network to run a service manager. The method additionally includes sending an indication to the service manager to run the one or more printing services on the local network based on the one or more printing service settings.

Abstract: A request to establish a session with a first server is received from a client device. The first server is associated with a first hostname, and the request includes information identifying a second hostname purported to correspond to the first server. A Domain Name System (DNS) lookup using the second hostname is performed. A determination that the second hostname was spoofed by the client device is determined based on a response to the DNS lookup. In response to the determination being made that the request received from the client device includes the spoofed second hostname, a determination that the client device has injected or overridden at least one of an HTTP Host header and a Server Name Indicator in the request is made, and an action to take with respect to the client device is determined.

Abstract: Methods, non-transitory computer readable media, rendezvous gateway (RG) apparatuses, and network security systems that send an RG synchronization message (SYN) to an application in a secure domain following receipt, from a client, of a client SYN comprising an indication of the application. A rendezvous agent (RA) SYN is received, via a firewall coupled to the security domain and in response to the RG SYN, from an RA in the secure domain. A first RG synchronization-acknowledgement message (SYN+ACK) is sent to the client in response to the client SYN. A second RG SYN+ACK is sent, via the firewall, to the RA in response to the RA SYN. The RA is notified of receipt of a client acknowledgement message (ACK) from the client. An RA ACK is received, from the RA and via the firewall, in response to the notification, to thereby establish a full connection between the client and the application.

Abstract: Disclosed are systems and methods for firewall configuration. A request can be transmitted to a DNS server. A response to the DNS request can include an Internet Protocol (IP) address. A firewall rule can be generated permitting access to the IP address. The firewall rule can be configured to be valid until expiration of a time-to-live value in the response to the DNS request. Thus, firewall rules can be automatically created as needed by executed processes, eliminating the need for manual firewall rule creation. As the firewall rule is invalid after the expiration of the time-to-live value, risks associated with maintaining out-of-date firewall rules are eliminated, as is the requirement to manually remove or modify out-of-date firewall rules.

Abstract: Apparatus and methods for controlling access by a browser to one or more Internet servers are disclosed. Access control is performed by ascertaining an IP address of an internet server that the user is trying to access and performing lookup of the IP address in an IP address rating database. If the lookup reveals that the IP address to be suspicious and data received from the internet server is encrypted, block the access to the internet server. Alternatively, if the lookup reveals the IP address to be suspicious, block the access to the first internet server by the browser without first performing content analysis on the data from the internet server.

Abstract: Access to transactional multimedia content may be based on network routing. Some multimedia content may be best delivered via a private network. Other multimedia content may be best delivered via a public network. A type of the multimedia content may thus determine network routing.

Abstract: In an embodiment, a computer-implemented method comprises receiving, by at least one broker computing devices, identity awareness data from a plurality of directory services in a federation; posting, by the at least one broker computing device, the identity awareness data to a distributed data repository; establishing, at a networking hardware device having a first type, firewall rules using the identity awareness data from the distributed data repository; controlling, by the networking hardware device having the first type, network traffic based on the identity awareness data.

Abstract: Methods and systems for protecting a secured network are presented. For example, one or more packet security gateways may be associated with a security policy management server. At each packet security gateway, a dynamic security policy may be received from the security policy management server, packets associated with a network protected by the packet security gateway may be received, and at least one of multiple packet transformation functions specified by the dynamic security policy may be performed on the packets.

Abstract: A system architecture encoded on a non-transitory computer readable medium, the system architecture includes a first protocol. The first protocol is configured to receive a plurality of outputs from an ICS used in controlling an industrial system. The first protocol is configured to receive a plurality of inputs from a physical module. The physical module includes at least one of a component, a sensor, or the ICS. Additionally, the system architecture includes a second protocol, wherein the second protocol is configured to validate the plurality of inputs from the first protocol. Moreover, the system architectures includes a third protocol, wherein the third protocol is configured to validate the plurality of outputs from the first protocol. Further, the system architecture includes a fourth protocol, wherein the fourth protocol is configured to manage the ICS based on the second protocol and the third protocol.

Abstract: A method, computer program product, and computer system for utilizing a first plurality of APIs operating on a first module, wherein the first module may be transportable during operation. A second plurality of APIs operating on a second module may be utilized, wherein the second module may be transportable during operation, wherein the second module may include kernel level binary validation and restoration software, and wherein at least one of the first module and the second module may be interconnected to a mesh topology that maintains asymmetric redundancy. An asset may be interfaced with the second module. It may be determined whether the asset is end-to-end secure based upon, at least in part, the kernel level binary validation and restoration software. An interface may be established between the asset and the first module based upon, at least in part, determining that the asset is secure.

Abstract: A smart process control switch can implement a lockdown routine to lockdown its communication ports exclusively for use by devices having known physical addresses, enabling the smart process control switch to prevent new, potentially hostile, devices from communicating with other devices to which the smart process control switch is connected. Further, the smart process control switch can implement an address mapping routine to identify “known pairs” of physical and network addresses for each device communicating via a port of the smart process control switch. Thus, even if a new hostile device is able to spoof a known physical address in an attempt to bypass locked ports, the smart process control switch can detect the hostile device by checking the network address of the hostile device against the expected network address for the “known pair.

Abstract: A server hosted by a server computer is protected against anomalous logons. A working time profile is generated from an access log that has a record of logons to the server. Counts of access events per time period (e.g., per hour) are parsed from the access log, and processed using statistical procedures to find candidate working hours. A working time range includes candidate working hours. An account logging on the server is detected. The logon by the account is deemed to be anomalous when the logon is at a time outside the candidate working hours.

Abstract: A method includes obtaining usage metrics for assets of an enterprise system and extracting sets of features from the obtained usage metrics, the sets of features characterizing relative importance of each of the assets for each of two or more designated time windows. The method also includes determining, utilizing the extracted features, an importance of each of the assets. The method further includes establishing a baseline behavior of the assets based on the extracted features, monitoring behavior of the assets during at least one additional time window, and modifying a configuration of a given asset responsive to detecting that the monitored behavior of the given asset during the at least one additional time window exhibits a threshold difference from the established baseline behavior of the given asset, wherein the modification is based at least in part on the importance of the given asset relative to one or more other assets.

Abstract: The present disclosure discloses a packet cleaning method and apparatus. The method includes: acquiring a packet type and a destination address of a target packet; acquiring, from a configuration file, a first attack type set according to the packet type and a second attack type set according to the destination address, wherein the second attack type set comprises types of attacks that a device corresponding to the destination address receives from within a period of time; generating a cleaning strategy chain corresponding to the target packet according to the first attack type set and the second attack type set; and cleaning the target packet based on the cleaning strategy chain.

Abstract: A method and a system for contextually managing and executing a change in security behavior of a target user are provided. The system extracts multiple context attributes including activity telemetry, skill, etc., from multiple external applications. The system dynamically generates one or more security behavioral models for each user based on behavior modeling criteria. The system dynamically generates a security behavior score for each user by scoring a selection of the context attributes from their security behavioral models. The system dynamically generates targeted, contextual control elements specific to a target user identified from among the users using the security behavioral models, the security behavior score, and one or more context libraries. The system dynamically renders one or more of the targeted, contextual control elements on a user device of the target user through one or more delivery channels for executing a change in the security behavior of the target user.

Abstract: A system and method for detecting vulnerabilities in software containers at runtime are provided. The method includes monitoring events triggered as a result of changes to an application layer of a software container; based on the monitored events, determining if at least one file has been changed; upon determination that at least one file has been changed, scanning the at least one file to detect at least one type of vulnerability; and upon determination of at least one type of known vulnerability, generating a detection event.

Abstract: In one embodiment, a device analyzes network traffic data using a clustering process, to identify a cluster of addresses associated with the network traffic data for which the associated network traffic has similar behavioral characteristics. The device calculates a set of rankings for the cluster by comparing the cluster to different sets of malicious addresses. The device aggregates the set of rankings into a final ranking by setting the rankings in the set as current rankings and iteratively calculating an average of any subset of the current rankings that comprises correlated rankings. The calculated average replaces the rankings in the subset as a current ranking. When none of the current rankings are correlated, the device performs an aggregation across all of the current rankings to form the final ranking. The device provides data indicative of the cluster for review by a supervisor, based on the final ranking.

Abstract: An application server environment that uses connection pooling is augmented to include a database access control system having a database firewall. When the database firewall detects a security violation with respect to a request received via a pooled connection, the firewall skips over (i.e. do not forward) the violating request and instead creates an artificial error database protocol packet corresponding to the application request. The database firewall then sends the error database protocol packet as a response back to the application, using the pool connection. The application receives the database error as a response to the security violating request, and it responds by releasing the connection of the policy violation database user. By releasing the pool connection is this manner, the performance of other applications (or other clients) using the connection pool is not impacted. Preferably, the error packets include no sensitive information.

Abstract: A method and system for perimeter defense of a network are provided. The method comprises receiving, at a system deployed in a perimeter of the network, traffic to or from the network, wherein the network includes a plurality of protection resources; determining, based on the received traffic, at least one potential cyber-attack; and upon determining the at least one potential cyber-attack, causing a mitigation reconfiguration of at least one protection resource of the plurality of protection resources, wherein the mitigation reconfiguration includes reconfiguring each of the at least one protection resource to mitigate the at least one potential cyber-attack.

Abstract: Disclosed embodiments relate to systems and methods for securely provisioning sensitive data elements to virtualized execution instances. The techniques may include: identifying a request to provision a new virtualized execution instance; determining, in association with the request, that the new virtualized execution instance will require a prohibited data element in order to communicate with a target network resource; without providing the new virtualized execution instance the prohibited data element, registering the new virtualized execution instance; identifying a request from the new virtualized execution instance to communicate with the target network resource; performing a verification process for the request to communicate with the target network resource; and conditional on the verification process, provisioning the prohibited data element to the new virtualized execution instance.

Abstract: Systems and methods for NAC access policy creation and reconfiguration of access points to enforce same are provided. According to one embodiment, access policies are decoupled from underlying implementation details of access points by: (i) maintaining by a NAC device an access point model that maps logical networks to corresponding enforcement action implementations for the access points; and (ii) representing the access policies in a form of a current state of a particular endpoint device and an enforcement action specified with reference to a logical network. An attribute of an endpoint is received by the NAC device based upon which a matching access policy is identified. The corresponding enforcement action implementation for the access point to which the endpoint is connected is retrieved based on the logical network specified in the matching access policy and is used to reconfigure the access point to perform the enforcement action.

Abstract: The present disclosure provides communication systems, switching devices and methods for switching air-to-ground (ATG) antennas of an aircraft. An air-to-ground (ATG) communication unit has a first set of ports for in-flight ATG communication and a second set of ports for ground communication comprising terrestrial communication and accessing fixed base operator (FBO) services. A switching device is configured to switch connectivity of at least one antenna to the first set of ports of the ATG communication unit when the aircraft is in-flight and is configured to switch connectivity of the at least one antenna to the second set of ports when the aircraft is not in-flight.

Abstract: The technology disclosed herein enables micro-segmentation of virtual computing elements. In a particular embodiment, a method provides identifying one or more multi-tier applications comprising a plurality of virtual machines. Each application tier of the one or more multi-tier applications comprises at least one of the plurality of virtual machines. The method further provides maintaining information about the one or more multi-tier applications. The information at least indicates a security group for each virtual machine of the plurality of virtual machines. Additionally, the method provides identifying communication traffic flows between virtual machines of the plurality of virtual machines and identifying one or more removable traffic flows of the communication traffic flows based, at least in part, on the information. The method then provides blocking the one or more removable traffic flows.

Abstract: Disclosed are a traffic delivery method, apparatus and system, and a relevant computer storage medium. The method may include: determining the number of traffic flows according to a traffic bandwidth of a traffic to be transmitted; grouping the traffic flows of the traffic to be transmitted according to the number of the traffic flows and a preset grouping policy to obtain a plurality of traffic groups of the traffic to be transmitted; where the number of the traffic groups is equal to the number of physical layer (PHY) transport channels; and determining a PHY transport channel corresponding to each of the traffic groups of the traffic to be transmitted according to a matching relationship between traffic bandwidths of the traffic groups and transmission rates of the PHY transport channels, and sending the each of the traffic groups of the traffic to be transmitted through the PHY transport channel corresponding to the each of the traffic groups of the traffic to be transmitted.

Abstract: A system comprises data processing hardware and memory hardware. The memory hardware is in communication with the data processing hardware, and stores instructions that, when executed on the data processing hardware, cause the data processing hardware to perform a plurality of operations. In some examples, one of the operations may include receiving instance management configuration data for a single-tenant software-as-a-service (SaaS) application. Another operation may include further include receiving an image of the single-tenant SaaS application. Yet another operation can include generating, by the control plane manager, a control plane based on the instance management configuration data. The control plane is configured to create multiple instances of the single-tenant SaaS application based on the received image, and to manage the instances of the single-tenant SaaS application based on the received instance management configuration data.

Abstract: A video sender loads sender video processing JavaScript into a browser, the sender video processing JavaScript being configured to receive video from a source connected to the first computer, encode images of the video into a H.26x encoded video format, package the encoded video into WebM or FMP4 format, and output the packaged/encoded video on the communication network. A video receiver loads receiver video JavaScript in its browser, the receiver video JavaScript comprising a video format detector, a WebM deboxer, a FMP4 deboxer, a H.26x video decoder, and a rendering engine. The video format detector determines whether received video is packaged using WebM or FMP4 and sends the video to the respective deboxer. The deboxed video is then decoded using the H.26x decoder and the images are rendered by the rendering engine. Timestamps and byte counts are inserted into the video packages, and acknowledgments are used to determine excess latency.

Abstract: Example implementations described herein are directed to systems and methods for policy based management of access to networked applications in compliance with rules or policies. An example implementation includes a method to manage access to a program where in response to receiving a request, the method identifies a source location indicated by program information and a destination location indicated by user information, determines a rule type based on the source location and the destination location, determines a rule for the program based on the source location, the destination location, and the rule type, applies a procedure to approve access based on the rule; and allows access to the program based on successful completion of the procedure.

Abstract: A computer-implemented method, computer program product and computing system for: receiving updated threat event information concerning a computing platform; enabling the updated threat event information for use with one or more security-relevant subsystems within the computing platform; and retroactively applying the updated threat event information to previously-generated information associated with the one or more security-relevant subsystems.

Abstract: A small piece of hardware connects to a mobile device and filters out attacks and malicious code. Using the piece of hardware, a mobile device can be protected by greater security and possibly by the same level of security offered by its associated corporation/enterprise. In one embodiment, a mobile security system includes a connection mechanism for connecting to a data port of a mobile device and for communicating with the mobile device; a network connection module for acting as a gateway to a network; a security policy for determining whether to forward content intended for the mobile device to the mobile device; and a security engine for executing the security policy.

Abstract: A processing system having at least one processor may obtain domain name system (DNS) traffic records of a DNS platform, the DNS traffic records associated with a source device having a first status and that is submitting DNS queries, where a first-tier DNS authoritative server of the DNS platform is configured to forward the DNS queries from the source device to at least a first second-tier DNS authoritative server of the DNS platform designated for the first status. The processing system may further detect anomalous DNS traffic records from the DNS traffic records, identify a change of the source device from a first status to a second status, based upon the detecting the anomalous DNS traffic records, and reconfigure the first-tier DNS authoritative server to redirect the DNS queries from the source device to at least a second second-tier DNS authoritative server designated for the second status.

Abstract: In the field of government engagement management, an agent guide or script-flow in an employee desktop web client is implemented. In such a system and method, when agents create interactions with clients they can follow a script-flow which will guide the agent through the interaction through a series of menu selections and automated sets of instructions. This feature of the government engagement management system allows existing customer investment from the rich desktop client or non-web client in developing specific scripts, that can also now function in the web client atmosphere. This system and method also enables an agent to handle calls with the web client more efficiently, and allows agents on the web client to automatically classify.

Abstract: The present disclosure provides a method and devices for defending against distributed denial of service attacks. The method comprises: intercepting, by a defending device, a service message transmitted by a client to a server; obtaining, by the defending device, information carried in a first preset field of the service message and information carried in a second preset field of the service message according to a rule agreed on with the client; processing, by the defending device, the information carried in the second preset field and a preset key according to a hash algorithm agreed on with the client, and obtaining a hash value; and discarding, by the defending device, the service message upon determining that the hash value is different from the information carried in the first preset field.