CN105488091A - Network data detection method and system based on keyword matching - Google Patents
Network data detection method and system based on keyword matching Download PDFInfo
- Publication number
- CN105488091A CN105488091A CN201510343587.0A CN201510343587A CN105488091A CN 105488091 A CN105488091 A CN 105488091A CN 201510343587 A CN201510343587 A CN 201510343587A CN 105488091 A CN105488091 A CN 105488091A
- Authority
- CN
- China
- Prior art keywords
- data
- suspicious
- network data
- vector table
- sample storehouse
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/955—Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
- G06F16/9566—URL specific, e.g. using aliases, detecting broken or misspelled links
Landscapes
- Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a network data detection method based on keyword matching. The method comprises the following steps of obtaining network data; matching the network data with black and white lists firstly; dismounting network data which is not successfully matched based on a semantic base and a knowledge base, and then obtaining data elements; combining the data elements based on a preset rule to form a data vector table; matching the data vector table with a suspicious sample base; if the matching succeeds, judging that the network data is suspicious data, and otherwise, judging that the network data is secure data; detecting the suspicious data based on the existing malicious code detecting strategy; and feeding back the detection result. The invention also discloses a network data detection system based on keyword matching. The technical scheme provided by the invention can be used for effectively detecting the network data, and can be particularly used for effectively recognizing the behavior of spreading malicious code by hot topics or hot events.
Description
Technical field
The present invention relates to technical field of network security, particularly relate to a kind of network data detection method based on keyword match and system.
Background technology
Network often can provide corresponding web page interlinkage or downloaded resources for much-talked-about topic and focus incident.Usually burning hot discussion atmosphere or curiosity can make people lose vigilance.Meanwhile, some hackers, while providing downloaded resources, can point out user: file comprises and cracks file, may be manslaughtered, so preferably close antivirus software, otherwise cannot normally download by antivirus software.So there is a lot of netizen to take chances, the closedown antivirus software of being obedient to, thus enter extension horse website or fishing website, but know nothing.The method that tradition carries out network detection can take a large amount of system resource, and expends the long period and detect.
Summary of the invention
Technical solutions according to the invention are by splitting the network data obtained, thus acquisition data element, based on preset rules by described data elements groups generated data vector table, described data vector table is mated with pre-prepd suspicious Sample Storehouse, thus judges whether it is suspicious data.Whether method of the present invention is different from traditional network data detection method, be first suspicious data by matching judgment network data, if suspicious data recycling malicious code detecting method detects.Thus can effective location suspicious data, and avoid taking excess resource and detection time long problem.
The present invention adopts and realizes with the following method: a kind of network data detection method based on keyword match, comprising:
Obtain network data;
Described network data is mated with white list, if successful match, then judges that described network data is as secure data, otherwise, described network data is mated with blacklist, if successful match, then judges that described network data is as malicious data;
After not having the network data of successful match to split, data element is obtained based on semantic base and knowledge base;
Based on preset rules, data element combination is formed data vector table;
Described data vector table is mated with suspicious Sample Storehouse, if successful match, then judges that described network data is as suspicious data, otherwise be judged to be secure data;
Based on known malicious code inspection policies, suspicious data is detected, and feed back testing result;
The key word detected for suspicious data formed based on preset rules is comprised in described suspicious Sample Storehouse.
Further, described acquisition network data comprises: obtain network data by responsive URL, or obtains network data when monitoring and there is Traffic Anomaly.
Further, describedly based on preset rules, data element combination is formed data vector table, comprising:
For each data element arranges weights, and calculate the hash value of each data element, described hash value is weighted and merges rear formation data vector table.
Further, described described data vector table to be mated with suspicious Sample Storehouse, if successful match, then judges that described network data is as suspicious data, otherwise be judged to be secure data, be specially:
Key word in described data vector table and suspicious Sample Storehouse is contrasted, judges whether that the similarity that there is key word and data vector table reaches more than preset value, if exist, then judge that described network data is as suspicious data, otherwise be judged to be secure data.
Further, described described data vector table to be mated with suspicious Sample Storehouse, if successful match, then judges that described network data is as suspicious data, otherwise be judged to be secure data, be specially:
Described data vector table and suspicious Sample Storehouse are contrasted, judge whether the ratio of the data element sum in the data element number that occurs in suspicious Sample Storehouse and data vector table exceedes preset value, if so, then judge that described network data is as suspicious data, otherwise be judged to be secure data.
Further, described white list comprises: each official website URL or news media website URL.
The present invention can adopt following system to realize: a kind of network data detection system based on keyword match, comprising:
Data acquisition module, for obtaining network data;
Black and white lists filtering module, for described network data being mated with white list, if successful match, then judge that described network data is as secure data, otherwise, described network data is mated with blacklist, if successful match, then judge that described network data is as malicious data;
Data Division module, for obtaining data element based on semantic base and knowledge base after not having the network data of successful match to split;
Data processing module, for forming data vector table based on preset rules by data element combination;
Determination module, for being mated with suspicious Sample Storehouse by described data vector table, if successful match, then judges that described network data is as suspicious data, otherwise is judged to be secure data;
Detection module, for detecting suspicious data based on known malicious code inspection policies, and feeds back testing result;
Suspicious Sample Storehouse, for storing the key word detected for suspicious data formed based on preset rules.
Further, described data acquisition module, specifically for: obtain network data by responsive URL, or obtain network data when monitoring and there is Traffic Anomaly.
Further, described data processing module, specifically for:
For each data element arranges weights, and calculate the hash value of each data element, described hash value is weighted and merges rear formation data vector table.
Further, described determination module, specifically for:
Key word in described data vector table and suspicious Sample Storehouse is contrasted, judges whether that the similarity that there is key word and data vector table reaches more than preset value, if exist, then judge that described network data is as suspicious data, otherwise be judged to be secure data.
Further, described determination module, specifically for:
Described data vector table and suspicious Sample Storehouse are contrasted, judge whether the ratio of the data element sum in the data element number that occurs in suspicious Sample Storehouse and data vector table exceedes preset value, if so, then judge that described network data is as suspicious data, otherwise be judged to be secure data.
Further, described white list comprises: each official website URL or news media website URL.
To sum up, the present invention provides a kind of network data detection method based on keyword match and system, first network data is extracted based on abnormal network behavior, after black and white lists filters, described network data is split, extracts the helpful data element of identification hostile network data, based on preset rules, rear formation data vector table is processed to described data element, data vector table is mated with suspicious Sample Storehouse, and then judges whether it is suspicious data.
Beneficial effect is: technical scheme of the present invention, under unmanned condition of intervening, initiatively finds hostile network data, with malicious data source, the fastest speed location, reaches the object of malice sample early warning.
Accompanying drawing explanation
In order to be illustrated more clearly in technical scheme of the present invention, be briefly described to the accompanying drawing used required in embodiment below, apparently, the accompanying drawing that the following describes is only some embodiments recorded in the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is a kind of network data detection method embodiment process flow diagram based on keyword match provided by the invention;
Fig. 2 is a kind of network data detection system example structure figure based on keyword match provided by the invention.
Embodiment
The present invention gives a kind of network data detection method based on keyword match and system embodiment, technical scheme in the embodiment of the present invention is understood better in order to make those skilled in the art person, and enable above-mentioned purpose of the present invention, feature and advantage become apparent more, below in conjunction with accompanying drawing, technical scheme in the present invention is described in further detail:
The present invention provide firstly a kind of network data detection method embodiment based on keyword match, as shown in Figure 1, comprising:
S101 obtains network data;
Described network data is mated with white list by S102, and judges whether successful match, if so, then judges that described network data is as secure data, otherwise performs S103;
Described network data is mated with blacklist by S103, and judges whether successful match, if so, then judges that described network data is as malicious data, otherwise performs S104;
S104 obtains data element based on semantic base and knowledge base after not having the network data of successful match to split;
Data element combination is formed data vector table based on preset rules by S105;
Described data vector table mates with suspicious Sample Storehouse by S106, and judges whether successful match, if so, then judges that described network data is as suspicious data, continues to perform S107, otherwise is judged to be secure data, terminates;
S107 detects suspicious data based on known malicious code inspection policies, and feeds back testing result;
The key word detected for suspicious data formed based on preset rules is comprised in described suspicious Sample Storehouse.
Preferably, described acquisition network data, comprising: obtain network data by responsive URL, or obtains network data when monitoring and there is Traffic Anomaly.
Preferably, described white list comprises: each official website URL or news media website URL.
Preferably, describedly based on preset rules, data element combination is formed data vector table, comprising:
For each data element arranges weights, and calculate the hash value of each data element, described hash value is weighted and merges rear formation data vector table.
More preferably, described described data vector table to be mated with suspicious Sample Storehouse, if successful match, then judges that described network data is as suspicious data, otherwise be judged to be secure data, be specially:
Key word in described data vector table and suspicious Sample Storehouse is contrasted, judges whether that the similarity that there is key word and data vector table reaches more than preset value, if exist, then judge that described network data is as suspicious data, otherwise be judged to be secure data.The value of described similarity can be selected as required.
Wherein, the method asking for similarity can be, but not limited to: the method for simhash.
Preferably, described described data vector table to be mated with suspicious Sample Storehouse, if successful match, then judges that described network data is as suspicious data, otherwise be judged to be secure data, be specially:
Described data vector table and suspicious Sample Storehouse are contrasted, judge whether the ratio of the data element sum in the data element number that occurs in suspicious Sample Storehouse and data vector table exceedes preset value, if so, then judge that described network data is as suspicious data, otherwise be judged to be secure data.The value of described preset value can be selected as required, or chooses suitable value after the experiment of repeatedly sample.
Such as: data vector table comprises 6 data elements, by carrying out contrasting rear discovery with suspicious Sample Storehouse, wherein 5 data elements in suspicious Sample Storehouse, are there are, then continue to compare 5/6 and whether exceed preset value, if exceed, then think suspicious data, otherwise think secure data.
Present invention also offers a kind of network data detection system embodiment based on keyword match, as shown in Figure 2, comprising:
Data acquisition module 201, for obtaining network data;
Black and white lists filtering module 202, for described network data being mated with white list, if successful match, then judge that described network data is as secure data, otherwise, described network data is mated with blacklist, if successful match, then judge that described network data is as malicious data;
Data Division module 203, for obtaining data element based on semantic base and knowledge base after not having the network data of successful match to split;
Data processing module 204, for forming data vector table based on preset rules by data element combination;
Determination module 205, for being mated with suspicious Sample Storehouse 207 by described data vector table, if successful match, then judges that described network data is as suspicious data, otherwise is judged to be secure data;
Detection module 206, for detecting suspicious data based on known malicious code inspection policies, and feeds back testing result;
Suspicious Sample Storehouse 207, for storing the key word detected for suspicious data formed based on preset rules.
Preferably, described data acquisition module, specifically for: obtain network data by responsive URL, or obtain network data when monitoring and there is Traffic Anomaly.
Preferably, described white list comprises: each official website URL or news media website URL.
Preferably, described data processing module, specifically for:
For each data element arranges weights, and calculate the hash value of each data element, described hash value is weighted and merges rear formation data vector table.
More preferably, described determination module, specifically for:
Key word in described data vector table and suspicious Sample Storehouse is contrasted, judges whether that the similarity that there is key word and data vector table reaches more than preset value, if exist, then judge that described network data is as suspicious data, otherwise be judged to be secure data.
Preferably, described determination module, specifically for:
Described data vector table and suspicious Sample Storehouse are contrasted, judge whether the ratio of the data element sum in the data element number that occurs in suspicious Sample Storehouse and data vector table exceedes preset value, if so, then judge that described network data is as suspicious data, otherwise be judged to be secure data.
As mentioned above, to embodiment by obtaining network data to be identified, first through presetting the filtration of black and white lists, by website programming such as known safe URL, or after known malicious sample filters, extract data element by from the network data that cannot mate, according to preset rules, process is carried out to data element and form data vector table, data vector table and suspicious Sample Storehouse are contrasted, thus determines whether to belong to suspicious data, namely need the network data detected further.
To sum up, the method of tional identification network data depends on quality and the size of training sample, and all network datas are detected, need to take a large amount of system resource and longer detection time, and the method for identification hostile network data disclosed in this invention, by the process to network data, and the mode of mating is carried out further with suspicious Sample Storehouse, first locate the network data that may there is malice sample further to detect again, thus before malicious data causes harmful effect further, take measures in time to be blocked and control.
Above embodiment is unrestricted technical scheme of the present invention in order to explanation.Do not depart from any modification or partial replacement of spirit and scope of the invention, all should be encompassed in the middle of right of the present invention.
Claims (10)
1., based on a network data detection method for keyword match, it is characterized in that:
Obtain network data;
Described network data is mated with white list, if successful match, then judges that described network data is as secure data, otherwise, described network data is mated with blacklist, if successful match, then judges that described network data is as malicious data;
After not having the network data of successful match to split, data element is obtained based on semantic base and knowledge base;
Based on preset rules, data element combination is formed data vector table;
Described data vector table is mated with suspicious Sample Storehouse, if successful match, then judges that described network data is as suspicious data, otherwise be judged to be secure data;
Based on known malicious code inspection policies, suspicious data is detected, and feed back testing result;
The key word detected for suspicious data formed based on preset rules is comprised in described suspicious Sample Storehouse.
2. the method for claim 1, is characterized in that, described acquisition network data comprises: obtain network data by responsive URL, or obtains network data when monitoring and there is Traffic Anomaly.
3. the method for claim 1, is characterized in that, describedly based on preset rules, data element combination is formed data vector table, comprising:
For each data element arranges weights, and calculate the hash value of each data element, described hash value is weighted and merges rear formation data vector table.
4. method as claimed in claim 3, is characterized in that, is describedly mated with suspicious Sample Storehouse by described data vector table, if successful match, then judges that described network data is as suspicious data, otherwise is judged to be secure data, be specially:
Key word in described data vector table and suspicious Sample Storehouse is contrasted, judges whether that the similarity that there is key word and data vector table reaches more than preset value, if exist, then judge that described network data is as suspicious data, otherwise be judged to be secure data.
5. the method for claim 1, is characterized in that, is describedly mated with suspicious Sample Storehouse by described data vector table, if successful match, then judges that described network data is as suspicious data, otherwise is judged to be secure data, be specially:
Described data vector table and suspicious Sample Storehouse are contrasted, judge whether the ratio of the data element sum in the data element number that occurs in suspicious Sample Storehouse and data vector table exceedes preset value, if so, then judge that described network data is as suspicious data, otherwise be judged to be secure data.
6., based on a network data detection system for keyword match, it is characterized in that, comprising:
Data acquisition module, for obtaining network data;
Black and white lists filtering module, for described network data being mated with white list, if successful match, then judge that described network data is as secure data, otherwise, described network data is mated with blacklist, if successful match, then judge that described network data is as malicious data;
Data Division module, for obtaining data element based on semantic base and knowledge base after not having the network data of successful match to split;
Data processing module, for forming data vector table based on preset rules by data element combination;
Determination module, for being mated with suspicious Sample Storehouse by described data vector table, if successful match, then judges that described network data is as suspicious data, otherwise is judged to be secure data;
Detection module, for detecting suspicious data based on known malicious code inspection policies, and feeds back testing result;
Suspicious Sample Storehouse, for storing the key word detected for suspicious data formed based on preset rules.
7. system as claimed in claim 6, is characterized in that, described data acquisition module, specifically for: obtain network data by responsive URL, or obtain network data when monitoring and there is Traffic Anomaly.
8. system as claimed in claim 6, is characterized in that, described data processing module, specifically for:
For each data element arranges weights, and calculate the hash value of each data element, described hash value is weighted and merges rear formation data vector table.
9. system as claimed in claim 8, is characterized in that, described determination module, specifically for:
Key word in described data vector table and suspicious Sample Storehouse is contrasted, judges whether that the similarity that there is key word and data vector table reaches more than preset value, if exist, then judge that described network data is as suspicious data, otherwise be judged to be secure data.
10. system as claimed in claim 6, is characterized in that, described determination module, specifically for:
Described data vector table and suspicious Sample Storehouse are contrasted, judge whether the ratio of the data element sum in the data element number that occurs in suspicious Sample Storehouse and data vector table exceedes preset value, if so, then judge that described network data is as suspicious data, otherwise be judged to be secure data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510343587.0A CN105488091A (en) | 2015-06-19 | 2015-06-19 | Network data detection method and system based on keyword matching |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510343587.0A CN105488091A (en) | 2015-06-19 | 2015-06-19 | Network data detection method and system based on keyword matching |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105488091A true CN105488091A (en) | 2016-04-13 |
Family
ID=55675069
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510343587.0A Pending CN105488091A (en) | 2015-06-19 | 2015-06-19 | Network data detection method and system based on keyword matching |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105488091A (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106125680A (en) * | 2016-06-23 | 2016-11-16 | 北京东土科技股份有限公司 | Industrial stokehold data safety processing method based on industry internet and device |
| CN107981841A (en) * | 2017-10-27 | 2018-05-04 | 深圳和而泰智能控制股份有限公司 | A kind of signal processing method, device, equipment and medium |
| CN108289088A (en) * | 2017-01-09 | 2018-07-17 | 中国移动通信集团河北有限公司 | Abnormal traffic detection system and method based on business model |
| CN109639654A (en) * | 2018-11-30 | 2019-04-16 | 成都知道创宇信息技术有限公司 | A method of TCP abnormal flow is identified based on adaptive filtering model |
| CN110022304A (en) * | 2019-03-07 | 2019-07-16 | 北京华安普特网络科技有限公司 | A kind of website hung Trojan method for early warning |
| WO2019136990A1 (en) * | 2018-01-12 | 2019-07-18 | 深圳壹账通智能科技有限公司 | Network data detection method, apparatus, computer device and storage medium |
| CN110414232A (en) * | 2019-06-26 | 2019-11-05 | 腾讯科技(深圳)有限公司 | Rogue program method for early warning, device, computer equipment and storage medium |
| CN110414236A (en) * | 2019-07-26 | 2019-11-05 | 北京神州绿盟信息安全科技股份有限公司 | A kind of detection method and device of malicious process |
| CN110611675A (en) * | 2019-09-20 | 2019-12-24 | 哈尔滨安天科技集团股份有限公司 | Vector magnitude detection rule generation method and device, electronic equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101924762A (en) * | 2010-08-18 | 2010-12-22 | 奇智软件(北京)有限公司 | Cloud security-based active defense method |
| CN102035793A (en) * | 2009-09-28 | 2011-04-27 | 成都市华为赛门铁克科技有限公司 | Botnet detecting method, device and network security protective equipment |
| CN103559235A (en) * | 2013-10-24 | 2014-02-05 | 中国科学院信息工程研究所 | Online social network malicious webpage detection and identification method |
| CN103605925A (en) * | 2013-11-29 | 2014-02-26 | 北京奇虎科技有限公司 | Webpage tampering detecting method and device |
| CN103927481A (en) * | 2013-12-17 | 2014-07-16 | 哈尔滨安天科技股份有限公司 | Malicious code detecting method and system based on character string weight adjusting |
-
2015
- 2015-06-19 CN CN201510343587.0A patent/CN105488091A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102035793A (en) * | 2009-09-28 | 2011-04-27 | 成都市华为赛门铁克科技有限公司 | Botnet detecting method, device and network security protective equipment |
| CN101924762A (en) * | 2010-08-18 | 2010-12-22 | 奇智软件(北京)有限公司 | Cloud security-based active defense method |
| CN103559235A (en) * | 2013-10-24 | 2014-02-05 | 中国科学院信息工程研究所 | Online social network malicious webpage detection and identification method |
| CN103605925A (en) * | 2013-11-29 | 2014-02-26 | 北京奇虎科技有限公司 | Webpage tampering detecting method and device |
| CN103927481A (en) * | 2013-12-17 | 2014-07-16 | 哈尔滨安天科技股份有限公司 | Malicious code detecting method and system based on character string weight adjusting |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106125680A (en) * | 2016-06-23 | 2016-11-16 | 北京东土科技股份有限公司 | Industrial stokehold data safety processing method based on industry internet and device |
| CN106125680B (en) * | 2016-06-23 | 2018-09-11 | 北京东土科技股份有限公司 | Industrial stokehold data safety processing method based on industry internet and device |
| CN108289088A (en) * | 2017-01-09 | 2018-07-17 | 中国移动通信集团河北有限公司 | Abnormal traffic detection system and method based on business model |
| CN108289088B (en) * | 2017-01-09 | 2020-12-11 | 中国移动通信集团河北有限公司 | Abnormal flow detection system and method based on business model |
| CN107981841A (en) * | 2017-10-27 | 2018-05-04 | 深圳和而泰智能控制股份有限公司 | A kind of signal processing method, device, equipment and medium |
| WO2019136990A1 (en) * | 2018-01-12 | 2019-07-18 | 深圳壹账通智能科技有限公司 | Network data detection method, apparatus, computer device and storage medium |
| CN109639654A (en) * | 2018-11-30 | 2019-04-16 | 成都知道创宇信息技术有限公司 | A method of TCP abnormal flow is identified based on adaptive filtering model |
| CN110022304A (en) * | 2019-03-07 | 2019-07-16 | 北京华安普特网络科技有限公司 | A kind of website hung Trojan method for early warning |
| CN110022304B (en) * | 2019-03-07 | 2021-05-04 | 北京华安普特网络科技有限公司 | Website horse hanging early warning method |
| CN110414232A (en) * | 2019-06-26 | 2019-11-05 | 腾讯科技(深圳)有限公司 | Rogue program method for early warning, device, computer equipment and storage medium |
| CN110414236A (en) * | 2019-07-26 | 2019-11-05 | 北京神州绿盟信息安全科技股份有限公司 | A kind of detection method and device of malicious process |
| CN110414236B (en) * | 2019-07-26 | 2021-04-16 | 北京神州绿盟信息安全科技股份有限公司 | Malicious process detection method and device |
| CN110611675A (en) * | 2019-09-20 | 2019-12-24 | 哈尔滨安天科技集团股份有限公司 | Vector magnitude detection rule generation method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105488091A (en) | Network data detection method and system based on keyword matching | |
| Wang et al. | Detecting android malware leveraging text semantics of network flows | |
| Sato et al. | Detecting android malware by analyzing manifest files | |
| CN106713324B (en) | Flow detection method and device | |
| CN104640174B (en) | Wireless network access point reminding method and device | |
| CN103428183B (en) | Method and device for identifying malicious website | |
| CN104735074A (en) | Malicious URL detection method and implement system thereof | |
| CN107426202B (en) | Method for automatically testing WAF (Wireless Access Filter) interception rule | |
| CN103888480B (en) | Network information security authentication method and cloud device based on cloud monitoring | |
| CN104850780A (en) | Discrimination method for advanced persistent threat attack | |
| Shin et al. | # twiti: Social listening for threat intelligence | |
| CN105763548A (en) | User login identification method based on behavior model and equipment and system thereof | |
| CN114338064B (en) | Method, device, system, equipment and storage medium for identifying network traffic type | |
| KR101692982B1 (en) | Automatic access control system of detecting threat using log analysis and automatic feature learning | |
| Wang et al. | TextDroid: Semantics-based detection of mobile malware using network flows | |
| CN103401845A (en) | Detection method and device for website safety | |
| CN105516211A (en) | Method, device and system for recognizing database accessing behaviors based on behavior model | |
| CN103488947A (en) | Method and device for identifying instant messaging client-side account number stealing Trojan horse program | |
| CN103955644B (en) | A kind of static Trojan detecting method based on terminal self-starting | |
| CN111783092B (en) | Malicious attack detection method and system for communication mechanism between Android applications | |
| CN106973051B (en) | Establish the method, apparatus and storage medium of detection Cyberthreat model | |
| CN113965418B (en) | Attack success judgment method and device | |
| CN110493253B (en) | Botnet analysis method of home router based on raspberry group design | |
| CN114024761B (en) | Network threat data detection method and device, storage medium and electronic equipment | |
| WO2019242441A1 (en) | Dynamic feature-based malware recognition method and system and related apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 150028 Building 7, Innovation Plaza, Science and Technology Innovation City, Harbin Hi-tech Industrial Development Zone, Heilongjiang Province (838 Shikun Road) Applicant after: Harbin antiy Technology Group Limited by Share Ltd Address before: 506 room 162, Hongqi Avenue, Nangang District, Harbin Development Zone, Heilongjiang, 150090 Applicant before: Harbin Antiy Technology Co., Ltd. |
|
| CB02 | Change of applicant information | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20160413 |
|
| WD01 | Invention patent application deemed withdrawn after publication |