摘要 |
<p>Disclosed are a method, device and system for recognizing network behaviour of a program. The method comprises: during the process of a program accessing a network, acquiring application-layer data in the current network behaviour of the program; judging whether the application-layer data includes unknown protocols; if the protocols in the application-layer data are all known protocols, identifying the current network behaviour of the program to be the network behaviour of a recognizable program; and if the application-layer data includes unknown protocols, identifying the current network behaviour of the program to be the network behaviour of a suspicious program.Thus the accurate recognition of network behaviour of a program is realized, the network behaviour of a program including unknown protocols is identified as the network behaviour of a suspicious program, and risk prompt information can be sent to a user, and the final selection is performed by the user, thereby solving the problem that a conventional solution for recognizing the network behaviour of a program cannot accurately recognize the network behaviour of a newly-emerged or newly-varied program.</p> |