CN108667812A - The white ring border Analysis on confidence method that multi objective for private host scores - Google Patents
The white ring border Analysis on confidence method that multi objective for private host scores Download PDFInfo
- Publication number
- CN108667812A CN108667812A CN201810348128.5A CN201810348128A CN108667812A CN 108667812 A CN108667812 A CN 108667812A CN 201810348128 A CN201810348128 A CN 201810348128A CN 108667812 A CN108667812 A CN 108667812A
- Authority
- CN
- China
- Prior art keywords
- private host
- analysis
- confidence
- ring border
- white
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to a kind of white ring border Analysis on confidence methods that the multi objective for private host scores, and include the following steps:1) CVE vulnerability scannings;2) application program white list monitors;3) peripheral hardware white list monitors;4) network flow white list monitors;5) interim dynamic release file monitor;6) private host security baseline monitors;7) the multidimensional analysis statistics of monitored results.The analysis method allows information security management person more fully, comprehensively to understand the details of white ring border confidence level by the data correlation of multiple dimensions;Increasing the data statistics repeatedly assessed at times, by white ring border confidence level in the situation of change for breaking out or disclosing initial stage, follower is presented in the form of dynamic;Also by more intuitive diagrammatic representation effect, is showed in visual form, drawn a conclusion convenient for information security management person.
Description
Technical field
The invention belongs to white environmental analysis art fields, and in particular to the white ring that a kind of multi objective for private host scores
Border Analysis on confidence method.
Background technology
Common private host Protection Product is divided into two major classes currently on the market:1. the Main Engine Safeguard based on blacklist;2.
Main Engine Safeguard based on white list technology.
The common Main Engine Safeguard product based on blacklist:Such as anti-virus software, worm killing tool etc., it relies primarily on
The modes such as virus base, worm library realize that security protection, this technology have often produced harm when being found that threat, and
The case where usually there is feature database update not in time in many important events (such as Intranet, classified network).
With the rapid development of host infiltration technology, the unknown attacks type such as APT, zero-day attacks becomes current cyberspace
The main bugbear of safety.Dependovirus library, worm library technological means be difficult to cope with this kind of novel threat.
Analysis in view of the above technology, it is proposed that the reason in the white ring border of each domain-specific host is built based on white list technology
It reads.
Pass through crucial mutual interlink inside IT system or at IT system and internal other systems, external network Interconnected Border etc.
Point on-premise network monitoring/safeguard, is in real time acquired network, and all monitoring data are sent to security management center and are led to
Unified statistical analysis and feature extraction are crossed, the different data streams such as normal, abnormal, illegal, malice are taken not according to analysis result
Same safe countermeasure blocks malicious attack and illegitimate traffic, so that the data flow in system is kept normal, clean, we claim
Such environment is white ring border.
Private host white ring border based on white list technology is divided into:Process white ring border, network flow white ring border, peripheral hardware class
White ring border.For private host protection, white list technology may be implemented by disposing initial stage one-step solidification, to reach forever
The target of safety long.
But although the theory that the white ring border of each domain-specific host is built currently based on white list technology achieves centainly
Achievement in research.However, these achievements in research are based largely on a set hypothesis:One new implementation is run for a long time
Private host white ring border is believable, in fact, such hypothesis and our daily cognitive presence error.
Invention content
The purpose of the present invention is to provide a kind of white ring border Analysis on confidence sides that the multi objective for private host scores
Method, solving user may be with the cognitive question of different security risks for different private host white ring borders.
To achieve the above object, the white ring border that a kind of multi objective for private host provided by the present invention scores is credible
Analysis method is spent, the analysis method allows information security management person more fully, entirely by the data correlation of multiple dimensions
Understand to face the details of white ring border confidence level;Increasing the data statistics repeatedly assessed at times, by white ring border confidence level
In the situation of change for breaking out or disclosing initial stage, follower is presented in the form of dynamic;Also pass through more intuitive diagrammatic representation
Effect is showed in visual form, is drawn a conclusion convenient for information security management person.
Specifically, the technical solution adopted by the present invention is:
A kind of white ring border Analysis on confidence method that multi objective for private host scores, the analysis method include such as
Lower step:
1) CVE vulnerability scannings
CVE vulnerability scannings, assessment are carried out to private host using the CVE vulnerability scannings module communicated to connect with private host
Private host current safety situation establishes state baseline, generates CVE vulnerability scannings result and is uploaded to Analysis on confidence unit;
2) application program white list monitors
Using the application program white list monitoring module communicated to connect with private host to the application program of private host into
Row state baseline monitors, and the element for violating private host application program is monitored and is alerted, and generates the white name of application program
Single monitored results are simultaneously uploaded to Analysis on confidence unit, and the application program includes executable file and script;
3) peripheral hardware white list monitors
State base is carried out to the Peripheral Interface of private host using the peripheral hardware white list module communicated to connect with private host
Line monitors, and the behavior for violating Peripheral Interface is monitored and is alerted, and generates peripheral hardware white list monitored results and be uploaded to can
Reliability Analysis unit;
4) network flow white list monitors
The network security of private host is advised using the network flow white list monitoring module communicated to connect with private host
State baseline monitoring is then carried out, and the flow for violating network security rule is monitored and is alerted, generates the white name of network flow
Single monitored results are simultaneously uploaded to Analysis on confidence unit;
5) interim dynamic release file monitor
Using the interim dynamic release file monitor module communicated to connect with private host to the interim dynamic of private host
Releasing document carries out state baseline monitoring, and the file come out to interim dynamic release is monitored and alerts, and generates interim dynamic
State releasing document monitored results are simultaneously uploaded to Analysis on confidence unit;
6) private host security baseline monitors
Using the Host Security baseline monitoring module communicated to connect with private host to the safe bases of the windows of private host
Line carries out state baseline monitoring, and the behavior of the windows security baseline to violating private host alerts, and generates special master
Machine security baseline monitored results are simultaneously uploaded to Analysis on confidence unit;
7) the multidimensional analysis statistics of monitored results
By the general loophole appraisement system CVSS being set in the Analysis on confidence unit, to being uploaded to confidence level point
Analyse CVE vulnerability scannings result, application program white list monitored results, peripheral hardware white list monitored results, the network flow in unit
White list monitored results, interim dynamic release file monitor result and private host security baseline monitored results carry out evaluation point
Analysis generates multidimensional radar map, forms the displaying to private host white ring border Analysis on confidence result.
Further, the CVE vulnerability scannings result includes:CVE-ID, loophole title, loophole type and hazard rating.
Further, the CVE vulnerability scannings carry out CVE vulnerability scannings using vulnerability database with double engines to private host.
Further, the application program white list monitored results include application program execute object, application program father
Process, application response mode and endanger possibility.
Further, the peripheral hardware white list monitored results include Peripheral Interface type, Peripheral Interface response mode and danger
Evil reason.
Further, the network flow white list monitored results include the discharge pattern for violating network security rule, sound
Answer mode and damage reason.
Further, the interim dynamic release file monitor result include interim dynamic release file execution object,
The parent process of object is executed, the response mode of object is executed and endangers possibility.
Further, the private host security baseline monitored results include violating the safe bases of windows of private host
The type of the behavior of line, the response mode of behavior and damage reason.
Further, the area coverage of the multidimensional radar map is bigger, shows that the white ring border confidence level of private host is lower.
Further, Analysis on confidence statistics repeatedly at times, multidimensional thunder are carried out using multidimensional radar map in step 7)
Extended mode is presented in area coverage up to figure, illustrates that the white ring border confidence level of private host is reducing, and area coverage, which is presented, shrinks
State illustrates that the white ring border confidence level of private host is being promoted.
The beneficial effects of the present invention are:
1) by the data correlation of multiple dimensions, allow information security management person more fully, comprehensively understand white ring
The details of border confidence level, that is, CVE vulnerability scannings are carried out to private host by CVE vulnerability scannings module, by applying journey
Sequence white list monitoring module is to the application program progress state baseline monitoring of private host, by peripheral hardware white list module to special
The Peripheral Interface of host carries out the monitoring of state baseline, by network flow white list monitoring module to the network security of private host
Regular carry out state baseline monitoring carries out shape by network flow white list monitoring module to the network security rule of private host
The monitoring of state baseline carries out state baseline prison by Host Security baseline monitoring module to the windows security baseline of private host
Control;
2) by the general loophole appraisement system CVSS being set in the Analysis on confidence unit, to being uploaded to confidence level
CVE vulnerability scannings result, application program white list monitored results in analytic unit, peripheral hardware white list monitored results, network flow
Amount white list monitored results, interim dynamic release file monitor result and private host security baseline monitored results are evaluated
Analysis;Increasing the repeatedly data statistics assessed at times, by white ring border confidence level in the situation of change for breaking out or disclosing initial stage,
Follower is presented in the form of dynamic;
3) multidimensional radar map is generated, the displaying to private host white ring border Analysis on confidence result is formed, by more straight
The diagrammatic representation effect of sight, is showed in visual form, is drawn a conclusion convenient for information security management person.
Description of the drawings
Fig. 1 is the white ring border Analysis on confidence method that a kind of multi objective for private host provided by the present invention scores
In each monitoring module and Analysis on confidence unit structural schematic diagram;
Fig. 2 is the white ring border Analysis on confidence method that a kind of multi objective for private host provided by the present invention scores
The private host white ring border Analysis on confidence multidimensional radar map of generation.
Specific implementation mode
Below by specific embodiment, the present invention is described further, but embodiment is not intended to limit the protection of the present invention
Range.
Embodiment 1
Referring to Fig. 1~Fig. 2, a kind of white ring border confidence level of multi objective scoring for private host provided by the present invention
Analysis method, the analysis method include the following steps:
1) CVE vulnerability scannings
CVE leakages are carried out to private host using the CVE vulnerability scannings module 10 with private host communication connection (not shown)
Hole is scanned, and private host current safety situation is assessed, and establishes state baseline, is generated CVE vulnerability scannings result and is uploaded to credible
Spend analytic unit 100;
2) application program white list monitors
Using the application program white list monitoring module 20 communicated to connect with private host to the application program of private host
Carry out state baseline monitoring, and the element for violating private host application program is monitored and is alerted, it is white to generate application program
List monitored results are simultaneously uploaded to Analysis on confidence unit 100, and the application program includes executable file and script;
3) peripheral hardware white list monitors
State is carried out to the Peripheral Interface of private host using the peripheral hardware white list module 30 communicated to connect with private host
Baseline monitors, and the behavior for violating Peripheral Interface is monitored and is alerted, and generates peripheral hardware white list monitored results and is uploaded to
Analysis on confidence unit 100;
4) network flow white list monitors
Using the network flow white list monitoring module 40 communicated to connect with private host to the network security of private host
Regular carry out state baseline monitoring, and the flow for violating network security rule is monitored and is alerted, it is white to generate network flow
List monitored results are simultaneously uploaded to Analysis on confidence unit 100;
5) interim dynamic release file monitor
Using the interim dynamic release file monitor module 50 communicated to connect with private host to the interim dynamic of private host
State releasing document carries out state baseline monitoring, and the file come out to interim dynamic release is monitored and alerts, and generates interim
Dynamic release file monitor result is simultaneously uploaded to Analysis on confidence unit 100;
6) private host security baseline monitors
Using the Host Security baseline monitoring module 60 communicated to connect with private host to the windows safety of private host
Baseline carries out state baseline monitoring, and the behavior of the windows security baseline to violating private host alerts, and generates special
Host Security baseline monitored results are simultaneously uploaded to Analysis on confidence unit 100;
7) the multidimensional analysis statistics of monitored results
It, can to being uploaded to by the general loophole appraisement system CVSS70 being set in the Analysis on confidence unit 100
CVE vulnerability scannings result, application program white list monitored results in Reliability Analysis unit, peripheral hardware white list monitored results, net
Network flow white list monitored results, interim dynamic release file monitor result and private host security baseline monitored results carry out
Evaluation analysis generates multidimensional radar map, forms the displaying to private host white ring border Analysis on confidence result.
Further, the CVE vulnerability scannings result includes:CVE-ID, loophole title, loophole type and hazard rating.
Further, the application program white list monitored results include application program execute object, application program father
Process, application response mode and endanger possibility.
Further, the peripheral hardware white list monitored results include Peripheral Interface type, Peripheral Interface response mode and danger
Evil reason.
Further, the network flow white list monitored results include the discharge pattern for violating network security rule, sound
Answer mode and damage reason.
Further, the interim dynamic release file monitor result include interim dynamic release file execution object,
The parent process of object is executed, the response mode of object is executed and endangers possibility.
Further, the private host security baseline monitored results include violating the safe bases of windows of private host
The type of the behavior of line, the response mode of behavior and damage reason.
Further, the area coverage of the multidimensional radar map is bigger, shows that the white ring border confidence level of private host is lower.
Embodiment 2
Further, the CVE vulnerability scannings carry out CVE vulnerability scannings using vulnerability database with double engines to private host.
Wherein, vulnerability database with double engines is the leakage using the vulnerability database in antivirus software, such as in kappa this base antivirus software
Vulnerability database in cave depot and McAfee antivirus softwares.
Remaining is the same as embodiment 1.
Embodiment 3
Analysis on confidence statistics repeatedly at times, the covering of multidimensional radar map are carried out using multidimensional radar map in step 7)
Extended mode is presented in area, illustrates that the white ring border confidence level of private host is reducing, and contracted state is presented in area coverage, illustrates special
The white ring border confidence level of host is being promoted.Remaining is the same as embodiment 1.
Although above having used general explanation and specific embodiment, the present invention is described in detail, at this
On the basis of invention, it can be made some modifications or improvements, or some function module is deleted, this is to people in the art
It is obvious for member.Therefore, it these modifications or improvements or deletes without departing from theon the basis of the spirit of the present invention,
Belong to the scope of protection of present invention.
Claims (10)
1. a kind of white ring border Analysis on confidence method that multi objective for private host scores, which is characterized in that the analysis
Method includes the following steps:
1) CVE vulnerability scannings
CVE vulnerability scannings are carried out to private host using the CVE vulnerability scannings module communicated to connect with private host, assessment is special
Host current safety situation establishes state baseline, generates CVE vulnerability scannings result and is uploaded to Analysis on confidence unit;
2) application program white list monitors
Shape is carried out to the application program of private host using the application program white list monitoring module communicated to connect with private host
State baseline monitors, and the element for violating private host application program is monitored and is alerted, and generates application program white list prison
Control result is simultaneously uploaded to Analysis on confidence unit, and the application program includes executable file and script;
3) peripheral hardware white list monitors
State baseline prison is carried out to the Peripheral Interface of private host using the peripheral hardware white list module communicated to connect with private host
Control, and the behavior for violating Peripheral Interface is monitored and is alerted, peripheral hardware white list monitored results are generated and is uploaded to confidence level
Analytic unit;
4) network flow white list monitors
Using the network flow white list monitoring module communicated to connect with private host to the network security rule of private host into
Row state baseline monitors, and the flow for violating network security rule is monitored and is alerted, and generates network flow white list prison
Control result is simultaneously uploaded to Analysis on confidence unit;
5) interim dynamic release file monitor
Using the interim dynamic release file monitor module communicated to connect with private host to the interim dynamic release of private host
File carries out state baseline monitoring, and the file come out to interim dynamic release is monitored and alerts, and generation is dynamically released temporarily
It puts file monitor result and is uploaded to Analysis on confidence unit;
6) private host security baseline monitors
Using the Host Security baseline monitoring module communicated to connect with private host to the windows security baseline of private host into
Row state baseline monitors, and the behavior of the windows security baseline to violating private host alerts, and generates private host peace
Full baseline monitored results are simultaneously uploaded to Analysis on confidence unit;
7) the multidimensional analysis statistics of monitored results
By the general loophole appraisement system CVSS being set in the Analysis on confidence unit, to being uploaded to Analysis on confidence list
CVE vulnerability scannings result, application program white list monitored results, peripheral hardware white list monitored results, the white name of network flow in member
Single monitored results, interim dynamic release file monitor result and private host security baseline monitored results carry out evaluation analysis,
Multidimensional radar map is generated, the displaying to private host white ring border Analysis on confidence result is formed.
2. the white ring border Analysis on confidence method that the multi objective according to claim 1 for private host scores, special
Sign is that the CVE vulnerability scannings result includes:CVE-ID, loophole title, loophole type and hazard rating.
3. the white ring border Analysis on confidence method that the multi objective according to claim 1 or 2 for private host scores,
It is characterized in that, the CVE vulnerability scannings carry out CVE vulnerability scannings using vulnerability database with double engines to private host.
4. the white ring border Analysis on confidence method that the multi objective according to claim 1 for private host scores, special
Sign is that the application program white list monitored results include that application program executes object, the parent process of application program, using journey
Sequence response mode and endanger possibility.
5. the white ring border Analysis on confidence method that the multi objective according to claim 1 for private host scores, special
Sign is that the peripheral hardware white list monitored results include Peripheral Interface type, Peripheral Interface response mode and damage reason.
6. the white ring border Analysis on confidence method that the multi objective according to claim 1 for private host scores, special
Sign is that the network flow white list monitored results include violating discharge pattern, response mode and the danger of network security rule
Evil reason.
7. the white ring border Analysis on confidence method that the multi objective according to claim 1 for private host scores, special
Sign is that the interim dynamic release file monitor result includes the execution object of interim dynamic release file, executes object
Parent process, execute object response mode and endanger possibility.
8. the white ring border Analysis on confidence method that the multi objective according to claim 1 for private host scores, special
Sign is that the private host security baseline monitored results include the behavior for the windows security baseline for violating private host
Type, behavior response mode and damage reason.
9. the white ring border Analysis on confidence method that the multi objective according to claim 1 for private host scores, special
Sign is that the area coverage of the multidimensional radar map is bigger, shows that the white ring border confidence level of private host is lower.
10. the white ring border Analysis on confidence method that the multi objective according to claim 1 for private host scores, special
Sign is, Analysis on confidence statistics repeatedly at times, the covering of multidimensional radar map are carried out using multidimensional radar map in step 7)
Extended mode is presented in area, illustrates that the white ring border confidence level of private host is reducing, and contracted state is presented in area coverage, illustrates special
The white ring border confidence level of host is being promoted.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810348128.5A CN108667812B (en) | 2018-04-18 | 2018-04-18 | White environment credibility analysis method for multi-index scoring of special host |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810348128.5A CN108667812B (en) | 2018-04-18 | 2018-04-18 | White environment credibility analysis method for multi-index scoring of special host |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108667812A true CN108667812A (en) | 2018-10-16 |
| CN108667812B CN108667812B (en) | 2020-12-25 |
Family
ID=63780068
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810348128.5A Active CN108667812B (en) | 2018-04-18 | 2018-04-18 | White environment credibility analysis method for multi-index scoring of special host |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108667812B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2022042010A1 (en) * | 2020-08-27 | 2022-03-03 | 山东英信计算机技术有限公司 | Vulnerability processing method, apparatus and device, and computer-readable storage medium |
| CN115314244A (en) * | 2022-06-27 | 2022-11-08 | 深圳开源互联网安全技术有限公司 | White list safety protection method, device, equipment and readable storage medium |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101635730A (en) * | 2009-08-28 | 2010-01-27 | 深圳市永达电子股份有限公司 | Method and system for safe management of internal network information of small and medium-sized enterprises |
| CN103927491A (en) * | 2014-04-30 | 2014-07-16 | 南方电网科学研究院有限责任公司 | Security baseline assessment method based on SCAP |
| WO2014210289A1 (en) * | 2013-06-28 | 2014-12-31 | Symantec Corporation | Techniques for detecting a security vulnerability |
| CN104767757A (en) * | 2015-04-17 | 2015-07-08 | 国家电网公司 | Multiple-dimension security monitoring method and system based on WEB services |
| CN104852816A (en) * | 2015-04-22 | 2015-08-19 | 国网四川省电力公司电力科学研究院 | Intrusion detection system (IDS) intelligent warning method |
| CN105427172A (en) * | 2015-12-04 | 2016-03-23 | 北京华热科技发展有限公司 | Risk assessment method and system |
| WO2016081837A1 (en) * | 2014-11-21 | 2016-05-26 | Interdigital Patent Holdings, Inc. | Using security posture information to determine access to services |
| CN106649429A (en) * | 2016-08-25 | 2017-05-10 | 北京知道未来信息技术有限公司 | Method and device for rapidly evaluating vulnerability hazard level based on multi-dimensional statistics |
| CN107544470A (en) * | 2017-09-29 | 2018-01-05 | 杭州安恒信息技术有限公司 | A kind of controller guard technology based on white list |
-
2018
- 2018-04-18 CN CN201810348128.5A patent/CN108667812B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101635730A (en) * | 2009-08-28 | 2010-01-27 | 深圳市永达电子股份有限公司 | Method and system for safe management of internal network information of small and medium-sized enterprises |
| WO2014210289A1 (en) * | 2013-06-28 | 2014-12-31 | Symantec Corporation | Techniques for detecting a security vulnerability |
| CN103927491A (en) * | 2014-04-30 | 2014-07-16 | 南方电网科学研究院有限责任公司 | Security baseline assessment method based on SCAP |
| WO2016081837A1 (en) * | 2014-11-21 | 2016-05-26 | Interdigital Patent Holdings, Inc. | Using security posture information to determine access to services |
| CN104767757A (en) * | 2015-04-17 | 2015-07-08 | 国家电网公司 | Multiple-dimension security monitoring method and system based on WEB services |
| CN104852816A (en) * | 2015-04-22 | 2015-08-19 | 国网四川省电力公司电力科学研究院 | Intrusion detection system (IDS) intelligent warning method |
| CN105427172A (en) * | 2015-12-04 | 2016-03-23 | 北京华热科技发展有限公司 | Risk assessment method and system |
| CN106649429A (en) * | 2016-08-25 | 2017-05-10 | 北京知道未来信息技术有限公司 | Method and device for rapidly evaluating vulnerability hazard level based on multi-dimensional statistics |
| CN107544470A (en) * | 2017-09-29 | 2018-01-05 | 杭州安恒信息技术有限公司 | A kind of controller guard technology based on white list |
Non-Patent Citations (2)
| Title |
|---|
| 李显杰,翟易坤,任祥辉,张大健: "专用主机"白环境"构建方法", 《网络安全技术与应用》 * |
| 邓宇珊: "基于安全管理平台的脆弱性量化探讨与应用", 《电信网技术》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2022042010A1 (en) * | 2020-08-27 | 2022-03-03 | 山东英信计算机技术有限公司 | Vulnerability processing method, apparatus and device, and computer-readable storage medium |
| CN115314244A (en) * | 2022-06-27 | 2022-11-08 | 深圳开源互联网安全技术有限公司 | White list safety protection method, device, equipment and readable storage medium |
| CN115314244B (en) * | 2022-06-27 | 2023-10-10 | 深圳开源互联网安全技术有限公司 | White list safety protection method, device, equipment and readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108667812B (en) | 2020-12-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220353282A1 (en) | System and Method for Cyber Security Threat Detection | |
| CN104023034B (en) | Security defensive system and defensive method based on software-defined network | |
| Saeed et al. | A survey on malware and malware detection systems | |
| KR102307534B1 (en) | Systems and methods for tracking malicious behavior across multiple software entities | |
| US11487880B2 (en) | Inferring security incidents from observational data | |
| US8479276B1 (en) | Malware detection using risk analysis based on file system and network activity | |
| US20160099960A1 (en) | System and method for scanning hosts using an autonomous, self-destructing payload | |
| CN109462599B (en) | Honeypot management system | |
| Ahn et al. | Big data analysis system concept for detecting unknown attacks | |
| KR20080047261A (en) | Anomaly malicious code detection method using process behavior prediction technique | |
| CN108667812A (en) | The white ring border Analysis on confidence method that multi objective for private host scores | |
| Jouad et al. | Security challenges in intrusion detection | |
| Mira | A review paper of malware detection using api call sequences | |
| CN112804204A (en) | Intelligent network safety system based on big data analysis | |
| KR101022167B1 (en) | Apparatus for optimizing log of intrusion detection system with consideration of the vulnerability of the network devices | |
| CN111404917B (en) | Industrial control simulation equipment-based threat information analysis and detection method and system | |
| Al Shibani et al. | Automated Threat Hunting Using ELK Stack-A Case Study | |
| Andriatsimandefitra et al. | Diagnosing intrusions in android operating system using system flow graph | |
| Lau et al. | Securing supervisory control and data acquisition control systems | |
| US11886585B1 (en) | System and method for identifying and mitigating cyberattacks through malicious position-independent code execution | |
| CN116956310B (en) | Vulnerability protection method, device, equipment and readable storage medium | |
| CN102855447A (en) | Method for protecting application security of Web | |
| Hassan et al. | Extraction of malware iocs and ttps mapping with coas | |
| Jacquier | A monthly snapshot-based approach for threat hunting within Windows IT environments | |
| Dias | Automated Identification of Attacking Tools in a Honeypot |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220224 Address after: 100000 Room 201, door 1, building 7, Hepingli District 5, Dongcheng District, Beijing Patentee after: Tang Zhibin Address before: 303, block a, Xigema apartment, Zhichun Road, Haidian District, Beijing 100080 Patentee before: BEIJING ZHONGKE XING'AN TECHNOLOGY Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230516 Address after: 102699 floor 2, building 4, yard 8, Haixin Road, Daxing District, Beijing Patentee after: Beijing Simple Network Security Technology Co.,Ltd. Address before: 100000 Room 201, door 1, building 7, Hepingli District 5, Dongcheng District, Beijing Patentee before: Tang Zhibin |