查看文章

BACKGROUND

One conventional approach to preventing malicious activ ity on a computer network is to Scan network traffic for malicious signatures listed on a signature blacklist. For example, network devices such as a firewall can be configured to block network traffic containing a specific domain (ie, website), a specific IP address, or a specific Uniform Resource Locator (URL). Some network devices may even block network traffic if the network devices find blacklisted signatures within files, javascript and/or Flash objects. Another conventional approach to preventing malicious activity on a computer network is to intercept network traffic containing potentially malicious code and then run that code in a sandbox (ie, a computerized platform which is isolated from the network). If the code running in the sandbox turns out to be malicious (eg, by infecting a sandbox device with a computer virus, by attempting to spread …