CN108667812B - White environment credibility analysis method for multi-index scoring of special host - Google Patents
White environment credibility analysis method for multi-index scoring of special host Download PDFInfo
- Publication number
- CN108667812B CN108667812B CN201810348128.5A CN201810348128A CN108667812B CN 108667812 B CN108667812 B CN 108667812B CN 201810348128 A CN201810348128 A CN 201810348128A CN 108667812 B CN108667812 B CN 108667812B
- Authority
- CN
- China
- Prior art keywords
- monitoring
- white list
- host
- special host
- white
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention relates to a white environment credibility analysis method for multi-index scoring of a special host, which comprises the following steps of: 1) CVE vulnerability scanning; 2) monitoring an application program white list; 3) monitoring a white list of peripheral equipment; 4) monitoring a white list of network traffic; 5) monitoring a temporary dynamic release file; 6) monitoring the safety base line of the special host; 7) and monitoring the multidimensional analysis statistics of the results. The analysis method enables an information security manager to more fully and comprehensively know detailed information of the white environment reliability through data association of multiple dimensions; when data statistics of multiple time-interval evaluation is added, the change situation of white environment reliability in the initial period of outbreak or disclosure is presented to a spotlighter in a dynamic mode; and the chart is displayed in a visual mode through a more intuitive chart display effect, so that an information security manager can draw a conclusion conveniently.
Description
Technical Field
The invention belongs to the field of white environment analysis technology, and particularly relates to a white environment credibility analysis method for multi-index scoring of a special host.
Background
Common special host computer protection products in the existing market are divided into two main categories: 1. host protection based on blacklist; 2. host protection based on white list technology.
Common blacklist-based host protection products: for example, antivirus software, worm searching and killing tools and the like mainly rely on virus libraries, worm libraries and other modes to realize safety protection, the technology often generates harm when a threat is discovered, and the situation that the feature libraries are not updated timely often occurs in a plurality of important occasions (such as internal networks, secret-involved networks and the like).
With the rapid development of the host penetration technology, unknown attack types such as APT and zero-day attack become the main problem of the security of the current network space. The technical means relying on virus libraries and worm libraries are difficult to deal with the novel threats.
Aiming at the analysis of the technology, the concept of constructing the white environment of the special host in each field based on the white list technology is provided.
The method comprises the steps of deploying network monitoring/protection equipment at key interconnection nodes such as interconnection boundaries of an IT system or interconnection boundaries of the IT system and other internal systems and an external network, collecting the network in real time, sending all monitoring data to a security management center, adopting different security coping strategies for different data streams such as normal, abnormal, illegal and malicious data streams according to analysis results through unified statistical analysis and feature extraction, blocking malicious attack and illegal flow, and enabling the data streams in the system to be kept normal and clean.
The special host white environment based on the white list technology is divided into: a process white environment, a network traffic white environment, a peripheral white environment. For the protection of the special host, the white list technology can achieve the aim of permanent safety by one-time curing at the initial stage of deployment.
However, the current concept of building the white environment of the special host in each field based on the white list technology has achieved certain research results. However, these findings are largely based on a given assumption: a newly implemented or long-running private host environment is trusted and, in fact, such assumptions are in error from our daily awareness.
Disclosure of Invention
The invention aims to provide a white environment credibility analysis method for multi-index scoring of a special host, which solves the cognitive problem that a user may have different security risks for different special host white environments.
In order to achieve the purpose, the invention provides the white environment credibility analysis method for the multi-index scoring of the special host, and the analysis method enables an information security manager to more fully and comprehensively know the detailed information of the white environment credibility through the data association of multiple dimensions; when data statistics of multiple time-interval evaluation is added, the change situation of white environment reliability in the initial period of outbreak or disclosure is presented to a spotlighter in a dynamic mode; and the chart is displayed in a visual mode through a more intuitive chart display effect, so that an information security manager can draw a conclusion conveniently.
Specifically, the technical scheme adopted by the invention is as follows:
a white-context trustworthiness analysis method for multi-index scoring of private hosts, the analysis method comprising the steps of:
1) CVE vulnerability scanning
Adopting a CVE vulnerability scanning module in communication connection with the special host to carry out CVE vulnerability scanning on the special host, evaluating the current safety condition of the special host, establishing a state baseline, generating a CVE vulnerability scanning result and uploading the CVE vulnerability scanning result to a credibility analysis unit;
2) application white list monitoring
An application program white list monitoring module in communication connection with the special host is adopted to perform state baseline monitoring on an application program of the special host, monitor and alarm elements violating the application program of the special host, generate an application program white list monitoring result and upload the application program white list monitoring result to a reliability analysis unit, wherein the application program comprises an executable file and a script;
3) peripheral white list monitoring
A peripheral white list module in communication connection with the special host is adopted to perform state base line monitoring on a peripheral interface of the special host, monitor and alarm behaviors violating the peripheral interface, generate a peripheral white list monitoring result and upload the result to a reliability analysis unit;
4) network traffic white list monitoring
A network flow white list monitoring module in communication connection with the special host is adopted to perform state base line monitoring on the network security rule of the special host, monitor and alarm the flow violating the network security rule, generate a network flow white list monitoring result and upload the network flow white list monitoring result to a reliability analysis unit;
5) temporary dynamic release file monitoring
A temporary dynamic release file monitoring module in communication connection with the special host is adopted to perform state baseline monitoring on the temporary dynamic release file of the special host, monitor and alarm the temporarily dynamically released file, generate a monitoring result of the temporary dynamic release file and upload the monitoring result to a reliability analysis unit;
6) private host security baseline monitoring
A host security baseline monitoring module in communication connection with the special host is adopted to perform state baseline monitoring on the windows security baseline of the special host, and alarm is performed on the behavior of violating the windows security baseline of the special host, so that a special host security baseline monitoring result is generated and uploaded to a reliability analysis unit;
7) multidimensional analytical statistics of monitoring results
And evaluating and analyzing the CVE vulnerability scanning result, the application program white list monitoring result, the peripheral white list monitoring result, the network flow white list monitoring result, the temporary dynamic release file monitoring result and the special host security baseline monitoring result which are uploaded to the credibility analysis unit through a general vulnerability evaluation system CVSS arranged in the credibility analysis unit to generate a multi-dimensional radar map and display the credibility analysis result of the special host white environment.
Further, the CVE vulnerability scanning result includes: CVE-ID, vulnerability header, vulnerability type, and hazard level.
Further, the CVE vulnerability scanning adopts a double-engine vulnerability library to carry out the CVE vulnerability scanning on the special host.
Further, the application white list monitoring result comprises an application execution object, a parent process of the application, an application response mode and a hazard possibility.
Further, the monitoring result of the white list of the peripheral equipment comprises the type of the peripheral equipment interface, the response mode of the peripheral equipment interface and the hazard reason.
Further, the network traffic white list monitoring result comprises a traffic type, a response mode and a hazard reason which violate a network security rule.
Further, the monitoring result of the temporary dynamic release file comprises an execution object of the temporary dynamic release file, a parent process of the execution object, a response mode of the execution object and a hazard possibility.
Further, the private host security baseline monitoring result comprises the type of behavior, the response mode of the behavior and the hazard reason of the behavior violating the windows security baseline of the private host.
Further, the larger the coverage area of the multi-dimensional radar map is, the lower the white environment reliability of the special host is.
Further, in the step 7), a multidimensional radar map is adopted to perform credibility analysis statistics for multiple time intervals, the coverage area of the multidimensional radar map is in an expanded state, which shows that the credibility of the white environment of the special host is reduced, the coverage area is in a contracted state, which shows that the credibility of the white environment of the special host is improved.
The invention has the beneficial effects that:
1) through data association of multiple dimensions, an information security manager can more fully and comprehensively know detailed information of the white environment reliability, namely, CVE vulnerability scanning is carried out on a special host through a CVE vulnerability scanning module, state baseline monitoring is carried out on an application program of the special host through an application program white list monitoring module, state baseline monitoring is carried out on a peripheral interface of the special host through a peripheral white list module, state baseline monitoring is carried out on network security rules of the special host through a network flow white list monitoring module, state baseline monitoring is carried out on the network security rules of the special host through a network flow white list monitoring module, and state baseline monitoring is carried out on windows security baselines of the special host through a host security baseline monitoring module;
2) evaluating and analyzing a CVE vulnerability scanning result, an application program white list monitoring result, an external white list monitoring result, a network flow white list monitoring result, a temporary dynamic release file monitoring result and a special host security baseline monitoring result which are uploaded to the credibility analysis unit through a general vulnerability evaluation system (CVSS) arranged in the credibility analysis unit; when data statistics of multiple time-interval evaluation is added, the change situation of white environment reliability in the initial period of outbreak or disclosure is presented to a spotlighter in a dynamic mode;
3) and generating a multi-dimensional radar map, displaying the reliability analysis result of the white environment of the special host, and displaying the result in a visual mode through a more visual chart display effect, so that an information security manager can draw a conclusion conveniently.
Drawings
Fig. 1 is a schematic structural diagram of each monitoring module and a reliability analysis unit in a white environment reliability analysis method for multi-index scoring of a special host according to the present invention;
fig. 2 is a multi-dimensional radar chart for analyzing the white environment reliability of the private host generated by the white environment reliability analysis method for multi-index scoring of the private host provided by the present invention.
Detailed Description
The present invention is further illustrated by the following specific examples, which are not intended to limit the scope of the invention.
Example 1
Referring to fig. 1 to 2, the present invention provides a white environment reliability analysis method for multi-index scoring of a private host, where the analysis method includes the following steps:
1) CVE vulnerability scanning
A CVE vulnerability scanning module 10 which is in communication connection with a special host (not shown) is adopted to carry out CVE vulnerability scanning on the special host, evaluate the current security condition of the special host, establish a state baseline, generate a CVE vulnerability scanning result and upload the CVE vulnerability scanning result to a credibility analysis unit 100;
2) application white list monitoring
An application white list monitoring module 20 in communication connection with the special host is adopted to perform state baseline monitoring on the application program of the special host, monitor and alarm elements violating the application program of the special host, generate an application white list monitoring result and upload the application white list monitoring result to a reliability analysis unit 100, wherein the application program comprises an executable file and a script;
3) peripheral white list monitoring
The peripheral white list module 30 which is in communication connection with the special host is adopted to perform state baseline monitoring on the peripheral interface of the special host, monitor and alarm behaviors violating the peripheral interface, generate a peripheral white list monitoring result and upload the result to the reliability analysis unit 100;
4) network traffic white list monitoring
A network flow white list monitoring module 40 which is in communication connection with the special host is adopted to perform state baseline monitoring on the network security rule of the special host, monitor and alarm the flow which violates the network security rule, generate a network flow white list monitoring result and upload the network flow white list monitoring result to a reliability analysis unit 100;
5) temporary dynamic release file monitoring
A temporary dynamic release file monitoring module 50 in communication connection with the special host is adopted to perform state baseline monitoring on the temporary dynamic release files of the special host, monitor and alarm the temporarily dynamically released files, generate a monitoring result of the temporary dynamic release files and upload the monitoring result to a reliability analysis unit 100;
6) private host security baseline monitoring
A host security baseline monitoring module 60 in communication connection with the special host is adopted to perform state baseline monitoring on the windows security baseline of the special host, and alarm is performed on the behavior of violating the windows security baseline of the special host, so that a special host security baseline monitoring result is generated and uploaded to the reliability analysis unit 100;
7) multidimensional analytical statistics of monitoring results
And evaluating and analyzing the CVE vulnerability scanning result, the application program white list monitoring result, the peripheral white list monitoring result, the network flow white list monitoring result, the temporary dynamic release file monitoring result and the special host security baseline monitoring result which are uploaded to the credibility analysis unit through a general vulnerability evaluation system CVSS70 arranged in the credibility analysis unit 100 to generate a multi-dimensional radar map and display the credibility analysis result of the special host white environment.
Further, the CVE vulnerability scanning result includes: CVE-ID, vulnerability header, vulnerability type, and hazard level.
Further, the application white list monitoring result comprises an application execution object, a parent process of the application, an application response mode and a hazard possibility.
Further, the monitoring result of the white list of the peripheral equipment comprises the type of the peripheral equipment interface, the response mode of the peripheral equipment interface and the hazard reason.
Further, the network traffic white list monitoring result comprises a traffic type, a response mode and a hazard reason which violate a network security rule.
Further, the monitoring result of the temporary dynamic release file comprises an execution object of the temporary dynamic release file, a parent process of the execution object, a response mode of the execution object and a hazard possibility.
Further, the private host security baseline monitoring result comprises the type of behavior, the response mode of the behavior and the hazard reason of the behavior violating the windows security baseline of the private host.
Further, the larger the coverage area of the multi-dimensional radar map is, the lower the white environment reliability of the special host is.
Example 2
Further, the CVE vulnerability scanning adopts a double-engine vulnerability library to carry out the CVE vulnerability scanning on the special host.
The dual-engine vulnerability library is a vulnerability library in antivirus software, such as a vulnerability library in the Kabaski antivirus software and a vulnerability library in the McAafe antivirus software.
The rest is the same as example 1.
Example 3
And 7) performing credibility analysis statistics for multiple time intervals by adopting the multidimensional radar map, wherein the coverage area of the multidimensional radar map is in an expanded state, which shows that the credibility of the white environment of the special host is reduced, the coverage area is in a contracted state, which shows that the credibility of the white environment of the special host is improved. The rest is the same as example 1.
Although the present invention has been described in detail with respect to the general description and the specific embodiments, it will be apparent to those skilled in the art that modifications or improvements may be made to the invention or a functional block may be deleted. Accordingly, such modifications or improvements or omissions may be made without departing from the spirit of the invention and within the scope of the appended claims.
Claims (8)
1. A white environment credibility analysis method for multi-index scoring of a special host, which is characterized by comprising the following steps:
1) CVE vulnerability scanning
Adopting a CVE vulnerability scanning module in communication connection with the special host to carry out CVE vulnerability scanning on the special host, evaluating the current safety condition of the special host, establishing a state baseline, generating a CVE vulnerability scanning result and uploading the CVE vulnerability scanning result to a credibility analysis unit;
2) application white list monitoring
An application program white list monitoring module in communication connection with the special host is adopted to perform state baseline monitoring on an application program of the special host, monitor and alarm elements violating the application program of the special host, generate an application program white list monitoring result and upload the application program white list monitoring result to a reliability analysis unit, wherein the application program comprises an executable file and a script;
3) peripheral white list monitoring
A peripheral white list module in communication connection with the special host is adopted to perform state base line monitoring on a peripheral interface of the special host, monitor and alarm behaviors violating the peripheral interface, generate a peripheral white list monitoring result and upload the result to a reliability analysis unit;
4) network traffic white list monitoring
A network flow white list monitoring module in communication connection with the special host is adopted to perform state base line monitoring on the network security rule of the special host, monitor and alarm the flow violating the network security rule, generate a network flow white list monitoring result and upload the network flow white list monitoring result to a reliability analysis unit;
5) temporary dynamic release file monitoring
A temporary dynamic release file monitoring module in communication connection with the special host is adopted to perform state baseline monitoring on the temporary dynamic release file of the special host, monitor and alarm the temporarily dynamically released file, generate a monitoring result of the temporary dynamic release file and upload the monitoring result to a reliability analysis unit;
6) private host security baseline monitoring
A host security baseline monitoring module in communication connection with the special host is adopted to perform state baseline monitoring on the windows security baseline of the special host, and alarm is performed on the behavior of violating the windows security baseline of the special host, so that a special host security baseline monitoring result is generated and uploaded to a reliability analysis unit;
7) multidimensional analytical statistics of monitoring results
Evaluating and analyzing a CVE vulnerability scanning result, an application program white list monitoring result, an external white list monitoring result, a network flow white list monitoring result, a temporary dynamic release file monitoring result and a special host security baseline monitoring result which are uploaded to a credibility analysis unit through a general vulnerability evaluation system CVSS arranged in the credibility analysis unit to generate a multi-dimensional radar map and display the credibility analysis result of the special host white environment;
the application program white list monitoring result comprises an application program execution object, a parent process of the application program, an application program response mode and harm possibility;
the monitoring result of the peripheral white list comprises the type of the peripheral interface, the response mode of the peripheral interface and the hazard reason.
2. The method of claim 1, wherein the CVE vulnerability scanning results comprise: CVE-ID, vulnerability header, vulnerability type, and hazard level.
3. The method for multi-index-scored white-environment credibility analysis for private hosts according to claim 1 or 2, wherein the CVE vulnerability scanning employs a dual-engine vulnerability library to perform CVE vulnerability scanning on the private hosts.
4. The method of claim 1, wherein the network traffic white list monitoring result comprises a traffic type, a response mode and a hazard reason violating network security rules.
5. The method of claim 1, wherein the monitoring result of the temporary dynamic release file comprises an execution object of the temporary dynamic release file, a parent process of the execution object, a response mode of the execution object, and a possibility of harm.
6. The method of claim 1, wherein the private host security baseline monitoring results comprise types of behaviors violating a windows security baseline of the private host, response patterns of the behaviors, and cause of damage.
7. The method according to claim 1, wherein a larger coverage area of the multidimensional radar map indicates a lower white-environment reliability of the private host.
8. The white environment reliability analysis method for multi-index scoring of a special host according to claim 1, wherein in step 7), a multi-dimensional radar chart is used for reliability analysis statistics of multiple time intervals, the coverage area of the multi-dimensional radar chart is in an expanded state, which indicates that the white environment reliability of the special host is reduced, and the coverage area is in a contracted state, which indicates that the white environment reliability of the special host is improved.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810348128.5A CN108667812B (en) | 2018-04-18 | 2018-04-18 | White environment credibility analysis method for multi-index scoring of special host |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810348128.5A CN108667812B (en) | 2018-04-18 | 2018-04-18 | White environment credibility analysis method for multi-index scoring of special host |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108667812A CN108667812A (en) | 2018-10-16 |
| CN108667812B true CN108667812B (en) | 2020-12-25 |
Family
ID=63780068
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810348128.5A Active CN108667812B (en) | 2018-04-18 | 2018-04-18 | White environment credibility analysis method for multi-index scoring of special host |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108667812B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111967021B (en) * | 2020-08-27 | 2022-06-03 | 山东英信计算机技术有限公司 | Vulnerability processing method, device and equipment and computer readable storage medium |
| CN115314244B (en) * | 2022-06-27 | 2023-10-10 | 深圳开源互联网安全技术有限公司 | White list safety protection method, device, equipment and readable storage medium |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101635730A (en) * | 2009-08-28 | 2010-01-27 | 深圳市永达电子股份有限公司 | Method and system for safe management of internal network information of small and medium-sized enterprises |
| CN103927491A (en) * | 2014-04-30 | 2014-07-16 | 南方电网科学研究院有限责任公司 | Security baseline assessment method based on SCAP |
| WO2014210289A1 (en) * | 2013-06-28 | 2014-12-31 | Symantec Corporation | Techniques for detecting a security vulnerability |
| CN104767757A (en) * | 2015-04-17 | 2015-07-08 | 国家电网公司 | Multiple-dimension security monitoring method and system based on WEB services |
| CN104852816A (en) * | 2015-04-22 | 2015-08-19 | 国网四川省电力公司电力科学研究院 | Intrusion detection system (IDS) intelligent warning method |
| CN105427172A (en) * | 2015-12-04 | 2016-03-23 | 北京华热科技发展有限公司 | Risk assessment method and system |
| WO2016081837A1 (en) * | 2014-11-21 | 2016-05-26 | Interdigital Patent Holdings, Inc. | Using security posture information to determine access to services |
| CN106649429A (en) * | 2016-08-25 | 2017-05-10 | 北京知道未来信息技术有限公司 | Method and device for rapidly evaluating vulnerability hazard level based on multi-dimensional statistics |
| CN107544470A (en) * | 2017-09-29 | 2018-01-05 | 杭州安恒信息技术有限公司 | A kind of controller guard technology based on white list |
-
2018
- 2018-04-18 CN CN201810348128.5A patent/CN108667812B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101635730A (en) * | 2009-08-28 | 2010-01-27 | 深圳市永达电子股份有限公司 | Method and system for safe management of internal network information of small and medium-sized enterprises |
| WO2014210289A1 (en) * | 2013-06-28 | 2014-12-31 | Symantec Corporation | Techniques for detecting a security vulnerability |
| CN103927491A (en) * | 2014-04-30 | 2014-07-16 | 南方电网科学研究院有限责任公司 | Security baseline assessment method based on SCAP |
| WO2016081837A1 (en) * | 2014-11-21 | 2016-05-26 | Interdigital Patent Holdings, Inc. | Using security posture information to determine access to services |
| CN104767757A (en) * | 2015-04-17 | 2015-07-08 | 国家电网公司 | Multiple-dimension security monitoring method and system based on WEB services |
| CN104852816A (en) * | 2015-04-22 | 2015-08-19 | 国网四川省电力公司电力科学研究院 | Intrusion detection system (IDS) intelligent warning method |
| CN105427172A (en) * | 2015-12-04 | 2016-03-23 | 北京华热科技发展有限公司 | Risk assessment method and system |
| CN106649429A (en) * | 2016-08-25 | 2017-05-10 | 北京知道未来信息技术有限公司 | Method and device for rapidly evaluating vulnerability hazard level based on multi-dimensional statistics |
| CN107544470A (en) * | 2017-09-29 | 2018-01-05 | 杭州安恒信息技术有限公司 | A kind of controller guard technology based on white list |
Non-Patent Citations (2)
| Title |
|---|
| 专用主机"白环境"构建方法;李显杰,翟易坤,任祥辉,张大健;《网络安全技术与应用》;20160630;全文 * |
| 基于安全管理平台的脆弱性量化探讨与应用;邓宇珊;《电信网技术》;20170731;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108667812A (en) | 2018-10-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Milajerdi et al. | Holmes: real-time apt detection through correlation of suspicious information flows | |
| US10701089B2 (en) | System and method for cyber security threat detection | |
| CN106790186B (en) | Multi-step attack detection method based on multi-source abnormal event correlation analysis | |
| KR101737726B1 (en) | Rootkit detection by using hardware resources to detect inconsistencies in network traffic | |
| CN109495443B (en) | Method and system for resisting Lexong software attack based on host honeypot | |
| KR101057432B1 (en) | System, method, program and recording medium for detection and blocking the harmful program in a real-time throught behavior analysis of the process | |
| CN109462599B (en) | Honeypot management system | |
| CN101714931A (en) | Early warning method, device and system of unknown malicious code | |
| US20160373447A1 (en) | Unauthorized access detecting system and unauthorized access detecting method | |
| CA2996966A1 (en) | Process launch, monitoring and execution control | |
| CN111835680A (en) | Safety protection system of industry automatic manufacturing | |
| CN113839935A (en) | Network situation awareness method, device and system | |
| CN108667812B (en) | White environment credibility analysis method for multi-index scoring of special host | |
| CN111859374B (en) | Method, device and system for detecting social engineering attack event | |
| CN114422255A (en) | Cloud security simulation detection system and detection method | |
| CN116305155A (en) | Program safety detection protection method, device, medium and electronic equipment | |
| CN114584363A (en) | Network attack detection method, device, equipment and computer readable storage medium | |
| CN116319074B (en) | Method and device for detecting collapse equipment based on multi-source log and electronic equipment | |
| Tanaka et al. | IoT system security issues and solution approaches | |
| Duncan et al. | A combined attack-tree and kill-chain approach to designing attack-detection strategies for malicious insiders in cloud computing | |
| Mira | A review paper of malware detection using api call sequences | |
| CN110460558B (en) | Method and system for discovering attack model based on visualization | |
| KR101022167B1 (en) | Apparatus for optimizing log of intrusion detection system with consideration of the vulnerability of the network devices | |
| KR20130033161A (en) | Intrusion detection system for cloud computing service | |
| KR101518233B1 (en) | Security Apparatus for Threats Detection in the Enterprise Internal Computation Environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220224 Address after: 100000 Room 201, door 1, building 7, Hepingli District 5, Dongcheng District, Beijing Patentee after: Tang Zhibin Address before: 303, block a, Xigema apartment, Zhichun Road, Haidian District, Beijing 100080 Patentee before: BEIJING ZHONGKE XING'AN TECHNOLOGY Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230516 Address after: 102699 floor 2, building 4, yard 8, Haixin Road, Daxing District, Beijing Patentee after: Beijing Simple Network Security Technology Co.,Ltd. Address before: 100000 Room 201, door 1, building 7, Hepingli District 5, Dongcheng District, Beijing Patentee before: Tang Zhibin |