CN102945254A - Method for detecting abnormal data among TB-level mass audit data - Google Patents
Method for detecting abnormal data among TB-level mass audit data Download PDFInfo
- Publication number
- CN102945254A CN102945254A CN2012103957345A CN201210395734A CN102945254A CN 102945254 A CN102945254 A CN 102945254A CN 2012103957345 A CN2012103957345 A CN 2012103957345A CN 201210395734 A CN201210395734 A CN 201210395734A CN 102945254 A CN102945254 A CN 102945254A
- Authority
- CN
- China
- Prior art keywords
- data
- satisfy
- filtercondition
- pending data
- presets
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a method for detecting abnormal data among TB-level mass audit data. The method comprises the following steps: obtaining critical features of to-be-processed data, and judging whether the to-be-processed data satisfy the preset filtration conditions according to the critical features, if not, judging whether the to-be-processed data satisfy the preset harmless judgment conditions according to the critical features; and if not, judging that the to-be-processed data are abnormal. The method for detecting abnormal data among TB-level mass audit data, provided by the invention, can effectively analyze abnormal data by further analysis and judgment whether the to-be-processed data which do not satisfy the preset filtration conditions satisfy the preset harmless judgment conditions. With the technical scheme, a large amount of harmless data can be filtered out and the following analysis is not needed, so that the processing efficiency of the system is increased and the different types of illegal operations can be detected.
Description
Technical field
The present invention relates to be applied in the database audit system for hospital information system, relate in particular to a kind of method of the data that in TB level magnanimity Audit data, note abnormalities.
Background technology
Development along with Hospital Informatization, hospital numerous operation systems are such as HIS, PACS, LIS etc. depend on database, can contact with the personnel in usage data storehouse also more and more, the daily servicing personnel of related service sections in the existing institute have again the third party attendants such as the various information system development merchant of hospital, integrator.Under the present this overall situation, exist the internal security risk, namely enter hospital information system to the compliance of access and the operation of data, to hospital information system maloperation, unauthorized operation etc. with the legal authorization identity.For example, a lot of medicine manufacturers are by the hospital internal channel, and the personal information of extracting the patient by the HIS system reaches the purpose of money-making.Again for example, the non-legally constituted authority side of medicine problem is exactly one of persistent ailment that is difficult to solve fully under this overall background.
Present non-legally constituted authority side means are diversified, complicated and specialized direction development before, obtain related data by the earliest SQL query invasion server mode till now, the side's of system instrument also develops into the professional by the database maintenance software at initial stage writes specialty system equation etc.Because technological means is various and complicated, the method for the anti-medicine system side of present stage hospital's discipline prison department can only be " education is for first, and system is main ", lacks the effective technology means of taking precautions against the behavior of non-legally constituted authority side.And database audit system normally operates relevant packet by crawl and hospital information system, and passes through in vain, the policy filtering of black rule, and realization is to the audit of database manipulation and user behavior, and the discovery harmful act is also reported to the police.
But often there is following shortcoming in said method.
Shortcoming 1: data volume is large, professional complicated, and under the regular auditing mode, the audit efficiency problem becomes " bottleneck ".
Shortcoming 2: traditional defining is white, and the new attack gimmick that the method for blacklist rule can't accurate description emerges in an endless stream causes auditing result inaccurate, might fail to report.
Shortcoming 3: need a large amount of manpowers to come that system is deceived rule in vain and safeguard.
Summary of the invention
For addressing the above problem, a kind of technical scheme that the present invention adopts is: a kind of method of the data that note abnormalities in TB level magnanimity Audit data is provided, comprises:
Obtain the key feature of pending data, and judge according to described key feature whether described pending data satisfy the filtercondition that presets;
If satisfy the filtercondition that presets, then judge described pending data as harmless data and store described pending data; If do not satisfy the filtercondition that presets, judge according to described key feature whether described pending data satisfy the harmless decision condition that presets;
If satisfy the harmless decision condition that presets, judge that then described pending data are harmless data, and generate new filtercondition according to described pending data; If do not satisfy the harmless decision condition that presets, judge that then described pending data are abnormal data.
Wherein, describedly judge that described pending data also comprise as after the step of abnormal data: list the abnormal data of judging in alarm meter, the concurrent alarming information of delivering newspaper.
Wherein, described key feature comprises: main frame ip address, SQL statement feature, operand, table name and working procedure name.
Wherein, the described filtercondition that presets comprises the first filtercondition and the second filtercondition, describedly judge that whether described pending data satisfy the filtercondition that presets and comprise step: judge whether described pending data do not satisfy the first filtercondition but satisfy the second filtercondition, if so, judge that then described pending data do not satisfy the filtercondition that presets.
Wherein, when described key feature was the SQL statement feature, the acquisition methods of described key feature was:
Whether comprise the database manipulation session to database in the session that the identification current system is set up;
If comprise, identify the database operating instruction in the described wide area information server operating sessions, obtain corresponding SQL statement feature.
Wherein, describedly judge that according to described key feature the step whether described pending data satisfy the filtercondition that presets comprises:
Add up described SQL statement feature and according to the difference of SQL statement feature with described pending Data classification;
Whether the statistics number of judging every kind of SQL statement feature reaches a threshold value, if reach, judges that then the pending data corresponding with the SQL statement feature that reaches a threshold value satisfy the first filtercondition;
If do not reach, then judge according to described key feature whether described pending data satisfy the second filtercondition, if satisfy, judge that then described pending data do not satisfy the filtercondition that presets.
Wherein, describedly judge that according to described key feature the step whether described pending data satisfy the harmless decision condition that presets comprises: in the statistics network main frame ip address of main frame and according to the difference of main frame ip address with described pending Data classification; And, judge whether each main frame ip address is present in the credible address table that presets, if exist, judge that then the pending data corresponding with described main frame ip address satisfy harmless decision condition, and generate the first new filtercondition according to these pending data.
Wherein, the acquisition methods of described main frame ip address is: receive and resolve the data message that main frame sends in the network, obtain the main frame ip address of carrying in the data message.
The invention has the beneficial effects as follows: it is white to be different from defining of prior art system, the new attack gimmick that the method for blacklist rule can't accurate description emerges in an endless stream, cause auditing result inaccurate, might fail to report, data volume is large, professional complicated, needing a large amount of manpowers to come that system is deceived rule in vain safeguards, the invention provides a kind of method of the data that in TB level magnanimity Audit data, note abnormalities, by whether the dissatisfied pending data that preset filtercondition being satisfied the judgement of the harmless decision condition that presets, be further analyzed, just can effectively analyze abnormal data.Utilize technique scheme, can filter out a large amount of harmless data, do not carry out next step analysis, thereby improved system's treatment effeciency, and can find various illegal operations.
Description of drawings
Fig. 1 is the method flow diagram of data of noting abnormalities in TB level magnanimity Audit data in an embodiment of the present invention;
Fig. 2 is the method flow diagram of data of noting abnormalities in TB level magnanimity Audit data in another embodiment of the present invention;
Fig. 3 is the method flow diagram that whether pending data satisfy the filtercondition that presets in other embodiment;
Fig. 4 is the method flow diagram that whether pending data satisfy the harmless decision condition that presets in the above-mentioned embodiment;
Fig. 5 is the method particular flow sheet of data of noting abnormalities in TB level magnanimity Audit data in the above-mentioned embodiment;
First filtercondition of Fig. 6 for providing in an embodiment of the present invention;
Second filtercondition of Fig. 7 for providing in the above-mentioned embodiment of the present invention;
The statement form of Fig. 8 for providing in the above-mentioned embodiment of the present invention;
The key feature that Fig. 9 provides for another embodiment of the present invention choose figure.
Embodiment
By describing technology contents of the present invention, structural attitude in detail, realized purpose and effect, below in conjunction with embodiment and cooperate that accompanying drawing is detailed to give explanation.
See also Fig. 1, present embodiment provides a kind of method of the data that note abnormalities in TB level magnanimity Audit data, comprise the steps:
Step S1, obtain the key feature of pending data, and judge according to described key feature whether described pending data satisfy the filtercondition that presets;
If step S2 satisfies the filtercondition that presets, judge that then described pending data are harmless data, and store described pending data; If do not satisfy the filtercondition that presets, judge according to described key feature whether described pending data satisfy the harmless decision condition that presets;
If step S3 satisfies the harmless decision condition that presets, judge that then described pending data are harmless data, and generate new filtercondition according to these pending data; If do not satisfy the harmless decision condition that presets, judge that described pending data are abnormal data.
In above-mentioned embodiment as shown in Figure 2, step S3 judges that described pending data are as also comprising after the abnormal data: step S4, list the abnormal data of judging in alarm meter, the concurrent alarming information of delivering newspaper.
In above-mentioned concrete embodiment, described key feature comprises: SQL statement feature and operand.The described filtercondition that presets comprises the first filtercondition and the second filtercondition, describedly judge that whether described pending data satisfy the filtercondition that presets and comprise step: judge whether described pending data do not satisfy the first filtercondition but satisfy the second filtercondition, if so, judge that then described pending data do not satisfy the filtercondition that presets.Be that the condition that described pending data do not satisfy the filtercondition preset is: described pending data satisfy the first filtercondition, but satisfied the second filtercondition.
See also Fig. 3 and Fig. 4, in above-mentioned another embodiment, when described key feature was the SQL statement feature, step S1 mainly comprised the steps:
Whether comprise the database manipulation session to database in the session that step S11, identification current system are set up; And, if comprise, identify the database operating instruction in the described wide area information server operating sessions, obtain corresponding SQL statement feature.
Step S12, the described SQL statement feature of statistics and according to the difference of SQL statement feature with described pending Data classification;
Step S13, judge whether the statistics number of every kind of SQL statement feature reaches a threshold value;
If step S14 reaches, judge that then the pending data corresponding with the SQL statement feature that reaches a threshold value satisfy the first filtercondition; If do not reach, judge that then the pending data corresponding with the SQL statement feature that reaches a threshold value do not satisfy the first filtercondition, and judge according to described key feature whether described pending data satisfy the second filtercondition;
If do not satisfy, judge that then described pending data satisfy the filtercondition that presets; If satisfy, judge that then described pending data do not satisfy the filtercondition that presets.
In the present invention, for understanding better so-called " SQL statement feature ", the applicant is in this for example explanation.Such as following two sql statements: " select a from b where name=gao " reaches " select a from b where name=huang ", these two statements only are " name condition " differences, other agent structure is all consistent, and it is identical so then to regard as sql statement feature.That is to say that as long as some sql statement effect in medical system is in full accord, it is identical to regard as so sql statement feature.
Step S2 mainly comprise the steps: the main frame ip address of main frame in step 201, the statistics network and according to the difference of main frame ip address with described pending Data classification; Step 202, judge whether each main frame ip address is present in the credible address table that presets; And if step S203 do not exist, judge that then the pending data corresponding with described main frame ip address do not satisfy harmless decision condition; If exist, judge that then the pending data corresponding with described main frame ip address satisfy harmless decision condition, and generate the first new filtercondition according to these pending data.
In the above-described embodiment, the acquisition methods of described main frame ip address is: receive and resolve the data message that main frame sends in the network, obtain the main frame ip address of carrying in the data message.
By foregoing description as can be known, for satisfying the first filtercondition but the pending data that do not satisfy the second filtercondition are the data for doubtful abnormal data, again by whether the dissatisfied pending data that preset filtercondition being satisfied the judgement of the harmless decision condition that presets, be further analyzed, just can effectively analyze abnormal data.Utilize technique scheme, can filter out a large amount of harmless data, do not carry out next step analysis, thereby improved system's treatment effeciency, and can find various illegal operations.The present invention also generates new filtering rule according to the pending data that satisfy harmless decision condition, again whether such pending data are satisfied the judgement of the harmless decision condition that presets when being unlikely to again to filter, further embodied intelligent, real-time of the present invention and accuracy, efficientibility.
Consult Fig. 5 to Fig. 8, the invention provides a concrete embodiment, comprising:
Step S1, gather pending data, obtain the key feature of pending data.
Step S2, according to described key feature described pending data are carried out white list and filter;
If described key feature meets the first filtercondition that white list presets, be harmless data with described pending data judging so, and store; If described key feature does not meet the first filtercondition that white list presets, so then according to described key feature described pending data are carried out blacklist and filter;
If described key feature does not meet the second filtercondition that blacklist presets, be harmless data with described pending data judging so, and store; If described key feature meets the second filtercondition that blacklist presets, so then carry out step S3.In step S2, the embodiment here can be previously described embodiment, does not repeat them here.
In concrete embodiment, the first filtercondition that described white list presets as shown in Figure 6, the second filtercondition that described blacklist presets is as shown in Figure 7.As example among Fig. 6 take ip address, source, can obtain the source ip of official's program by statistics, we just are set to it the first filtercondition, meet the data that the ip address of this first filtercondition transmit and then be harmless data, in Fig. 6, ip address, the source 10.10.19.103,10.10.19.112,10.10.19.113,10.10.19.117,10.10.19.119,10.10.19.129, the 10.10.19.142 that choose are safe ip address, and the data that transmit by these ip addresses so are harmless data.Be exactly the second filtercondition that we arrange among Fig. 7---be the blacklist rule, if choose some rule and activated them, meet so these regular packets and just will be processed by step S3, namely enter accurate alarm meter these packets are classified.But it should be noted that such as us to have defined default rule 3, might not be that the hacker triggers this rule, and major part is hospital management system official operation and triggering.We are just by automatic statistical, warning to triggering rule 3 is classified (such as classifying according to source ip, and obtain the quantity that each source ip triggers, if certain ip frequently triggered within a period of time, it is exactly that official's program is managing or adding up so), and according to quantity, filter out that part of administrators of the hospital's operation triggering, stay to occur probability very low, those all are that some hackers do mostly.Step S3, reception and parsing are by the packet of said process, obtain the main frame ip address that sends described pending data, add up described main frame ip address and according to the difference of main frame ip address with described pending Data classification, and judge whether each main frame ip address is present in the credible address table that presets;
If exist, judge that then the pending data corresponding with described main frame ip address are harmless data, and generate new white list rule according to these pending data, return step S1, use new white list rule to finish next time and filter; If do not exist, judge that then the pending data corresponding with described main frame ip address are abnormal data, list the abnormal data of judging in alarm meter, the concurrent alarming information of delivering newspaper is made corresponding form.In concrete embodiment, statement form comprises the source ip of abnormal data, target ip, and corresponding SQL statement, mode of operation, operand, rule names etc. also can generate bar chart as shown in Figure 8 when making, more directly perceived.
In other embodiment, also can generate the such bar chart of Fig. 9, in Fig. 9, key feature comprises: main frame ip address, SQL statement feature, operand, table name and working procedure name, in the present embodiment, key feature only is not with a certain, also can multiplely use simultaneously, the user can select key feature voluntarily.
In sum, it is white to be different from defining of prior art system, the new attack gimmick that the method for blacklist rule can't accurate description emerges in an endless stream, cause auditing result inaccurate, might fail to report, data volume is large, professional complicated, needing a large amount of manpowers to come that system is deceived rule in vain safeguards, the invention provides a kind of method of the data that in TB level magnanimity Audit data, note abnormalities, by whether the dissatisfied pending data that preset filtercondition being satisfied the judgement of the harmless decision condition that presets, be further analyzed, just can effectively analyze abnormal data.Utilize technique scheme, can filter out a large amount of harmless data, do not carry out next step analysis, thereby improved system's treatment effeciency, and can find various illegal operations.
The above only is embodiments of the invention; be not so limit claim of the present invention; every equivalent structure or equivalent flow process conversion that utilizes instructions of the present invention and accompanying drawing content to do; or directly or indirectly be used in other relevant technical fields, all in like manner be included in the scope of patent protection of the present invention.
Claims (8)
1. the method for data that notes abnormalities in TB level magnanimity Audit data is characterized in that, comprising:
Obtain the key feature of pending data, and judge according to described key feature whether described pending data satisfy the filtercondition that presets;
If satisfy the filtercondition that presets, then judge described pending data as harmless data and store described pending data; If do not satisfy the filtercondition that presets, judge according to described key feature whether described pending data satisfy the harmless decision condition that presets;
If satisfy the harmless decision condition that presets, judge that then described pending data are harmless data, and generate new filtercondition according to described pending data; If do not satisfy the harmless decision condition that presets, judge that then described pending data are abnormal data.
2. the method for the data that in TB level magnanimity Audit data, note abnormalities according to claim 1, it is characterized in that, describedly judge that described pending data also comprise as after the step of abnormal data: list the abnormal data of judging in alarm meter, the concurrent alarming information of delivering newspaper.
3. the method for the data that note abnormalities in TB level magnanimity Audit data according to claim 1 and 2 is characterized in that described key feature comprises: main frame ip address, SQL statement feature, operand, table name and working procedure name.
4. the method for the data that in TB level magnanimity Audit data, note abnormalities according to claim 3, it is characterized in that, the described filtercondition that presets comprises the first filtercondition and the second filtercondition, describedly judge that whether described pending data satisfy the filtercondition that presets and comprise step: judge whether described pending data do not satisfy the first filtercondition but satisfy the second filtercondition, if so, judge that then described pending data do not satisfy the filtercondition that presets.
5. the method for the data that note abnormalities in TB level magnanimity Audit data according to claim 4 is characterized in that when described key feature was the SQL statement feature, the acquisition methods of described key feature was:
Whether comprise the database manipulation session to database in the session that the identification current system is set up;
If comprise, identify the database operating instruction in the described wide area information server operating sessions, obtain corresponding SQL statement feature.
6. the method for the data that note abnormalities in TB level magnanimity Audit data according to claim 5 is characterized in that, describedly judges that according to described key feature the step whether described pending data satisfy the filtercondition that presets comprises:
Add up described SQL statement feature and according to the difference of SQL statement feature with described pending Data classification;
Whether the statistics number of judging every kind of SQL statement feature reaches a threshold value, if reach, judges that then the pending data corresponding with the SQL statement feature that reaches a threshold value satisfy the first filtercondition;
If do not reach, then judge according to described key feature whether described pending data satisfy the second filtercondition, if satisfy, judge that then described pending data do not satisfy the filtercondition that presets.
7. the method for the data that note abnormalities in TB level magnanimity Audit data according to claim 6 is characterized in that, describedly judges that according to described key feature the step whether described pending data satisfy the harmless decision condition that presets comprises:
In the statistics network main frame ip address of main frame and according to the difference of main frame ip address with described pending Data classification;
And, judge whether each main frame ip address is present in the credible address table that presets, if exist, judge that then the pending data corresponding with described main frame ip address satisfy harmless decision condition, and generate the first new filtercondition according to these pending data.
8. the method for the data that in TB level magnanimity Audit data, note abnormalities according to claim 7, it is characterized in that, the acquisition methods of described main frame ip address is: receive and resolve the data message that main frame sends in the network, obtain the main frame ip address of carrying in the data message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210395734.5A CN102945254B (en) | 2012-10-18 | 2012-10-18 | The method of the data that note abnormalities in TB level magnanimity Audit data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210395734.5A CN102945254B (en) | 2012-10-18 | 2012-10-18 | The method of the data that note abnormalities in TB level magnanimity Audit data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102945254A true CN102945254A (en) | 2013-02-27 |
| CN102945254B CN102945254B (en) | 2015-12-16 |
Family
ID=47728198
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210395734.5A Active CN102945254B (en) | 2012-10-18 | 2012-10-18 | The method of the data that note abnormalities in TB level magnanimity Audit data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102945254B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104063473A (en) * | 2014-06-30 | 2014-09-24 | 江苏华大天益电力科技有限公司 | Database auditing monitoring system and database auditing monitoring method |
| CN105704146A (en) * | 2016-03-18 | 2016-06-22 | 四川长虹电器股份有限公司 | System and method for SQL injection prevention |
| CN103678716B (en) * | 2013-12-31 | 2017-01-04 | 中国科学院深圳先进技术研究院 | A kind of Distributed Storage based on formatted data collection and computational methods |
| CN110363014A (en) * | 2019-07-05 | 2019-10-22 | 上海瀚之友信息技术服务有限公司 | A kind of auditing system of database |
| CN112764962A (en) * | 2021-01-29 | 2021-05-07 | 恒鸿达科技有限公司 | Tracking method and system for application version exception recovery |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101741855A (en) * | 2009-12-16 | 2010-06-16 | 中兴通讯股份有限公司 | Maintenance method of address resolution protocol cache list and network equipment |
| CN101895420A (en) * | 2010-07-12 | 2010-11-24 | 西北工业大学 | Rapid detection method for network flow anomaly |
| CN101902366A (en) * | 2009-05-27 | 2010-12-01 | 北京启明星辰信息技术股份有限公司 | Method and system for detecting abnormal service behaviors |
| CN102413127A (en) * | 2011-11-09 | 2012-04-11 | 中国电力科学研究院 | Database generalization safety protection method |
-
2012
- 2012-10-18 CN CN201210395734.5A patent/CN102945254B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101902366A (en) * | 2009-05-27 | 2010-12-01 | 北京启明星辰信息技术股份有限公司 | Method and system for detecting abnormal service behaviors |
| CN101741855A (en) * | 2009-12-16 | 2010-06-16 | 中兴通讯股份有限公司 | Maintenance method of address resolution protocol cache list and network equipment |
| CN101895420A (en) * | 2010-07-12 | 2010-11-24 | 西北工业大学 | Rapid detection method for network flow anomaly |
| CN102413127A (en) * | 2011-11-09 | 2012-04-11 | 中国电力科学研究院 | Database generalization safety protection method |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103678716B (en) * | 2013-12-31 | 2017-01-04 | 中国科学院深圳先进技术研究院 | A kind of Distributed Storage based on formatted data collection and computational methods |
| CN104063473A (en) * | 2014-06-30 | 2014-09-24 | 江苏华大天益电力科技有限公司 | Database auditing monitoring system and database auditing monitoring method |
| CN104063473B (en) * | 2014-06-30 | 2017-11-17 | 北京华电天益信息科技有限公司 | A kind of database audit monitoring system and its method |
| CN105704146A (en) * | 2016-03-18 | 2016-06-22 | 四川长虹电器股份有限公司 | System and method for SQL injection prevention |
| CN110363014A (en) * | 2019-07-05 | 2019-10-22 | 上海瀚之友信息技术服务有限公司 | A kind of auditing system of database |
| CN112764962A (en) * | 2021-01-29 | 2021-05-07 | 恒鸿达科技有限公司 | Tracking method and system for application version exception recovery |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102945254B (en) | 2015-12-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104937886B (en) | Log analysis device, information processing method | |
| CN109951500B (en) | Network attack detection method and device | |
| US9386036B2 (en) | Method for detecting and preventing a DDoS attack using cloud computing, and server | |
| US8819807B2 (en) | Apparatus and method for analyzing and monitoring sap application traffic, and information protection system using the same | |
| EP4060939B1 (en) | Cyber defence system | |
| CN106790023A (en) | Network security Alliance Defense method and apparatus | |
| US20080096526A1 (en) | Apparatus and a security node for use in determining security attacks | |
| WO2019041774A1 (en) | Customer information screening method and apparatus, electronic device, and medium | |
| CN104509034A (en) | Pattern consolidation to identify malicious activity | |
| CN102945254A (en) | Method for detecting abnormal data among TB-level mass audit data | |
| CN105827594A (en) | Suspicion detection method based on domain name readability and domain name analysis behavior | |
| CN106850647B (en) | Malicious domain name detection algorithm based on DNS request period | |
| CN114598525A (en) | IP automatic blocking method and device for network attack | |
| Born et al. | Ngviz: detecting dns tunnels through n-gram visualization and quantitative analysis | |
| CN111181978B (en) | Abnormal network traffic detection method and device, electronic equipment and storage medium | |
| CN109257393A (en) | XSS attack defence method and device based on machine learning | |
| CN102882748A (en) | Network access detection system and network access detection method | |
| CN113360566A (en) | Information content monitoring method and system | |
| CN114785567B (en) | Flow identification method, device, equipment and medium | |
| KR102295488B1 (en) | System and method for exponentiation of security element to analyze danger | |
| KR101666791B1 (en) | System and method of illegal usage prediction and security for private information | |
| CN115632884B (en) | Network security situation perception method and system based on event analysis | |
| CN112769739A (en) | Database operation violation processing method, device and equipment | |
| CN110474888A (en) | A kind of free-standing sql injection defence analysis alarm method and its system based on php | |
| CN105553990A (en) | Network security triple anomaly detection method based on decision tree algorithm |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |