CN103701769A - Method and system for detecting hazardous network source - Google Patents
Method and system for detecting hazardous network source Download PDFInfo
- Publication number
- CN103701769A CN103701769A CN201310547444.2A CN201310547444A CN103701769A CN 103701769 A CN103701769 A CN 103701769A CN 201310547444 A CN201310547444 A CN 201310547444A CN 103701769 A CN103701769 A CN 103701769A
- Authority
- CN
- China
- Prior art keywords
- module
- data
- rule
- fusion
- harm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method and a system for detecting a hazardous network source, and particularly relates to the method and the system for detecting the hazardous network source based on data fusion. The method and the system are applied to safety detection for daily visited websites. The system is characterized by comprising a system information acquisition module including a data packet capture and link analysis module, a system behavior analysis module including a webpage Trojan analysis, malicious code detection and suspected website detection module, a system behavior result processing module including in-depth behavior rules and evaluation data mining, fusion and the like, a data disaster tolerance module including local backup control and remote backup control, and an expert system module. The method and the system for detecting the hazardous network source disclosed by the invention can quickly and accurately find risky states and harmful ways and give out an alarm to a user to carry out further processing, and particularly the hazardous source can be found through analyzing layer upon layer.
Description
Technical field
The present invention relates to the method and system in a kind of Sampling network harm source, particularly detection method and the system in the harm of the network based on data fusion method source.Being the important component part of Network Security Construction, has been the prerequisite and basis of network security alarm and even running.
Technical background
Current network security fields exist webpage Trojan horse complicated and changeable, malicious code invasion etc., serious harm the safety of the Internet.To this, traditional network hazard detection method can not accomplish to detect fast and accurately, and the source of identification harm, and cannot construct rapidly perfect detection model towards all kinds of compromise data of collecting.
Summary of the invention
Shortcoming in view of above-mentioned prior art, the invention discloses a kind of method and system that utilizes data fusion method Sampling network harm source, method can be found precarious position and hazard approach quickly and accurately, to user, give a warning and assisting users is done corresponding processing, can find harm source by resolving layer by layer especially.
A kind of method and system that utilizes data fusion method Sampling network harm source disclosed by the invention, is characterized in that, comprising: system information acquisition module, comprises packet crawl, link analysis module; System action analysis module, comprises webpage Trojan horse analysis and malicious code detection, the suspected site detection module; System action result treatment module, comprises and gos deep into rule of conduct, test and appraisal data mining fusion etc.; Data disaster tolerance module, comprises local backup control, remote backup control; Expert system module.
System information acquisition module by Depth Priority Algorithm (DFS), realizes and automatically analyzes continuously link and capture file, and the information that realizes is comprehensive, at many levels, exhaustively gather; By Network card setup being become to listen mode, monitor, capture the packet on network.
System action analysis module can be processed webpage Trojan horse analysis concurrently, malicious code detection module and the suspected site detection module, wherein: webpage Trojan horse analysis and malicious code detection module, comprise packet interception module, packet is resolved and pretreatment module, heuristic monitoring modular and suspicious analysis module, it is characterized in that: the packet of intercepting is carried out to packet parsing and preliminary treatment, first packet is pressed to function, traffic classification, dismounting framing, and record its source address, destination address, port information, then carry out heuristic scanning detection, if higher with the Expert Rules matching degree in fusion rule storehouse, may be suspect code or wooden horse, after the analysis judgement of suspicious analysis module and expert system, carry out the processing of behavior outcome.
Preferably, the Data Update of feature database data center can be carried out mode excavation by the data after suspicious analysis module is extracted, again further after the analysis of expert system is summed up, valuable pattern and the former rule pre-existing are merged and upgrade operation.
The suspected site detection module, comprising: harm webpage monitoring modular, comprises webcrawler module, site data repository, behavior outcome analysis module, the coupling that comprises fusion rule storehouse, the recommendation of harm website, the deep excavation module of harm rule, it is characterized in that: via webcrawler module, capture the site data repository that web page resources forms, utilize AC string matching algorithm to mate with the rule feature in fusion rule storehouse, calculate matching degree, if matching degree is higher, add this website to harm recommendation of websites module, after judging via expert system module analysis, add harm website to harm storehouse, website, carrying out deep excavation and the behavior outcome of follow-up harm rule processes.
Preferably, described rule feature can, by deeply excavating module according to the storehouse, website of judging via expert system module analysis, be carried out in depth mode excavation, utilize classification and the method for predicting, find implicit relation and pattern, add in rule base, merge with original rule base.
More preferably, what described rule base matching process adopted is based on Aho-Corasick string matching algorithm, when this algorithm has scan text, do not need the feature of recalling completely, and time complexity is only O (n), time complexity and keyword number, length are all irrelevant.
System action result treatment module, comprises the processing of problem website, comprises to user and sends early warning, and declare and put on record to network police, and complete industrial chain service is provided; Improve detection module, according to testing result and Study on Trend, in the mode of self study, improve the function of detection module; The fusion of test and appraisal data and the rule of conduct that excavates, according to the Study on Trend of harm website of having found and the theoretical research of present stage carry out deep rule digging and with existing rule fusion, further improve behavior, feature rule base.
Data disaster tolerance module, it is characterized in that local control system periodically sends to data strange land control centre and backs up, and receive successful inverse signal, when strange land control centre does not receive Backup Data for a long time, to local control centre, do once inquiry, if no problem occurs, local control centre returns to one and replys; If do not receive and reply over predefined threshold time, automatically user's service request is taken over and come, and continue to wait for the secure answer of local control centre, and preserve daily record of work.
Preferably, data disaster tolerance module adopts the mode of the hot standby switching of distributed file system (HDFS) binode, HDFS adopts host-guest architecture pattern, by a pair of NameNode management node and several DataNode, formed, data center, by the mutual switching of live-vertex and backup node, solves the paralysis problem of data center.
As mentioned above, detection method and the system in the network harm source based on data fusion method of the present invention, there is following beneficial effect: during user's browsing page, can didactic monitoring website whether be the website that has harm character with being connected, when webpage is identified as illegal webpage or for hanging horse webpage, during the webpage of nested malicious code, system will give a warning to user, and to there being the webpage of potential threat to carry out deep parsing, and excavate the rule of conduct of potential variation, and be integrated in rule base, and the dangerous industrial chain that this website is related to is submitted to network police, review and block to break and endanger source, because system adopts modularized design, system can be carried out network data packets parsing concurrently, and the dual role that has harm website to assert is processed, stop the wrong report of system and fail to report, faster than traditional supervisory control system, more stable.
Preferably, the fusion rule storehouse of described system, by DS (Dempster-Shafter) evidence theory fusion method, the fusion rule storehouse that the data fusion such as typical rule of conduct, feature rule, operational mode, activity situation are formed, and be provided with corresponding regular weight.
More preferably, associated fusion can be carried out to expert system in site data repository, fusion rule storehouse, harm storehouse, website and form harm fused data center, realize high efficiency smart data are inquired about and analyzed, can complete the tracking of complete industrial chain and the Study on Trend of all kinds of threats to harm website.
Accompanying drawing explanation
Fig. 1 is shown as the network harm detection method in source and the system block diagram of system based on data fusion method;
Fig. 2 is shown as webpage Trojan horse analysis and malicious code detection module is carried out functional block diagram;
Fig. 3 is shown as the execution functional block diagram of the suspected site detection module;
Fig. 4 is shown as data disaster tolerance module and carries out function diagram.
Embodiment
Below by specific instantiation explanation embodiments of the present invention, those skilled in the art can understand other advantages of the present invention and effect easily by the disclosed content of this specification, the present invention can also be implemented or be applied by other different embodiment, every details in this specification also can be based on different viewpoints and application, carries out various modifications or change not deviating under spirit of the present invention.
Refer to accompanying drawing, it should be noted that, the diagram providing in the present embodiment only illustrates basic conception of the present invention in a schematic way, satisfy and only show with assembly relevant in the present invention in graphic but not component count, shape and size drafting while implementing according to reality, during its actual enforcement, kenel, quantity and the ratio of each assembly can be a kind of random change, and its assembly layout kenel also may be more complicated.
Detection method and the system in the network harm source based on data fusion method of the present invention, be applicable to have the types of applications place of network security demand and network security monitoring, usually, system architecture has on the computer of management function, server zone, realizes centralized management and monitoring in network.
Consult Fig. 1 below, Fig. 1 is shown as the network harm detection method in source and the system block diagram of system based on data fusion method, wherein:
Step S1 represents the test and assess acquired original of information of system information acquisition module, by Depth Priority Algorithm (DFS), realizes and automatically analyzes continuously link and capture file, and the information that realizes is comprehensive, at many levels, exhaustively gather; By Network card setup being become to listen mode, monitor, capture the packet on network;
Step S2 represents that the parallel acceptance of system action analysis module is from URL and the network data packets of system information acquisition module, and deals with;
Webpage Trojan horse is analyzed and malicious code detection module, it is characterized in that:
1) packet interception module carries out packet parsing and preliminary treatment by the packet of intercepting, first packet is pressed to function, traffic classification, and dismounting framing also records its source address, destination address, port information, then carries out heuristic scanning detection;
2) in heuristic detection module, according to the weight k pre-setting in rule base
i(i is regular number), and ask for assessment mark
(f when coupling
ibe 1, otherwise be 0);
3) if higher with the Expert Rules matching degree in fusion rule storehouse, may be suspect code or wooden horse, and according to assessing mark after the analysis judgement of suspicious analysis module and expert system, carry out the processing of behavior outcome;
4) if problem website is carried out behavior outcome processing and carried out mode excavation by the data after suspicious analysis module is extracted problem website, valuable pattern and the former rule pre-existing merged and upgrade operation, assigning weight;
The suspected site detection module, is characterized in that:
1) by webcrawler module, URL is carried out to crawling of profound level, multithreading according to rule, form site data repository, and on-line analysis and two kinds of analytical models of off-line analysis are provided;
2) content in site data repository is mated with the rule feature in fusion rule storehouse by AC string matching algorithm, and according to corresponding regular authority, calculate matching degree, to distinguish hazard level;
3) if matching degree is higher, may be harm website, add this website to harm recommendation of websites module, by expert system module analysis, judged;
4) harm website is joined in harm storehouse, website, according to hazard level, carry out behavior outcome processing and deeply excavate module and carry out mode excavation by endangering rule, valuable pattern and the former rule pre-existing are merged and upgrade operation, assign weight;
Step S3 represents system action result treatment module, comprises the processing of problem website, proposes alarm and forbids, and declare and put on record to network police to user, and complete industrial chain service is provided; Improve detection module, according to testing result and Study on Trend, in the mode of self study, improve the function of detection module; The fusion of test and appraisal data and the rule of conduct that excavates, according to the Study on Trend of harm website of having found and the theoretical research of present stage carry out deep rule digging and with existing rule fusion, further improve behavior, feature rule base;
Step S4 represents data disaster tolerance module, it is characterized in that:
1) local control system periodically sends to data strange land control centre and backs up, and receive successful inverse signal, when strange land control centre does not receive Backup Data for a long time, to local control centre, do once inquiry, if no problem occurs, local control centre returns to one and replys; If do not receive and reply over predefined threshold time, automatically user's service request is taken over and come, and continue to wait for the secure answer of local control centre, and preserve daily record of work;
2) when there is paralysis in the live-vertex data center of the NameNode of local control system, can be switched to fast backup node and recover data extraction and memory function, when local system is paralysed completely, can be switched to strange land control centre, work on, and return to local error message;
3) when local control system breaks down completely, stop sending data to strange land control centre, and carry out dormancy work, write down daily record of work, etc. powering up after to be repaired, restart, after recovering, local system will, according to daily record of work, return to secure answer, Bing Cong strange land control centre extracts after the data of losing, recover local service, close long-range temporary transient service, and continue to send Backup Data to remote control center and carry out disaster-tolerant backup.
Preferably, the fusion rule storehouse of described system, is by DS evidence theory fusion method, the fusion rule storehouse that the data fusion such as typical rule of conduct, feature rule, operational mode, activity situation are formed, and be provided with corresponding regular weight.
More preferably, associated fusion can be carried out to expert system in site data repository, fusion rule storehouse, harm storehouse, website and form harm fused data center, realize high efficiency smart data are inquired about and analyzed, can complete the tracking of complete industrial chain and the Study on Trend of all kinds of threats to harm website.
In sum, detection method and the system in the network harm source based on data fusion method of the present invention, there is following beneficial effect: during user's browsing page, can didactic monitoring website whether be the website that has harm character with being connected, when webpage is identified as illegal webpage or for hanging horse webpage, during the webpage of nested malicious code, system will give a warning to user, and to there being the webpage of potential threat to carry out deep parsing, and excavate the rule of conduct of potential variation, and be integrated in rule base, and the dangerous industrial chain that this website is related to is submitted to network police, review and block to break and endanger source, because system adopts modularized design, system can be carried out network data packets parsing concurrently, and the dual role that has harm website to assert is processed, stop the wrong report of system and fail to report, faster than traditional supervisory control system, more stable.
Above-described embodiment is illustrative principle of the present invention and effect thereof only, but not for limiting the present invention, any person skilled in the art scholar all can be under spirit of the present invention and category, above-described embodiment is modified or changed, therefore, such as in affiliated technical field, have and conventionally know that the knowledgeable, not departing from all equivalence modifications that complete under disclosed spirit and technological thought or changing, must be contained by claim of the present invention.
Claims (8)
1. a Sampling network endangers the method and system in source, particularly the harm source detection method of the network based on data fusion and system, be applied to the fail safe of daily access websites to detect, and it is characterized in that, comprise: system information acquisition module, comprises packet crawl, link analysis module; System action analysis module, comprises webpage Trojan horse analysis and malicious code detection, the suspected site detection module; System action result treatment module, comprises and gos deep into rule of conduct, test and appraisal data mining fusion etc.; Data disaster tolerance module, comprises local backup control, remote backup control; Expert system module.
2. the network based on data fusion according to claim 1 endangers source detection method and system, it is characterized in that:
A. system information acquisition module is by Depth Priority Algorithm, and it is comprehensive, at many levels, exhaustively gather that part is realized information;
B. system information acquisition module is by becoming Network card setup listen mode to monitor, capture the packet on network.
3. according to network harm source detection method and system based on data fusion described in claim 1,2, it is characterized in that:
A. described webpage Trojan horse analysis and malicious code detection module, comprise packet interception module, packet parsing and pretreatment module, heuristic monitoring modular and suspicious analysis module;
B. the renewal of described feature database data center can be goed deep into mode excavation by the data that suspicious analysis module is drawn, after the analysis of expert system is summed up, valuable pattern and the former rule pre-existing is merged and upgrade operation;
C. the rule base of system action analysis module, by DS (Dempster-Shafter) evidence theory fusion method, the fusion rule storehouse that the data fusion such as typical rule of conduct, feature rule, operational mode, activity situation are formed, and corresponding regular weight is set.
4. according to network harm source detection method and system based on data fusion described in claim 1,2,3, it is characterized in that, the packet of intercepting is carried out to parsing and the preliminary treatment of packet, first packet is pressed to function, traffic classification, dismounting framing also records its source address, destination address, port information, then carry out heuristic scanning detection, if higher with the Expert Rules matching degree in fusion rule storehouse, may be suspect code or wooden horse, after the analysis judgement of suspicious analysis module and expert system, carry out the processing of behavior outcome.
5. according to network harm source detection method and system based on data fusion described in claim 1,2, it is characterized in that:
A. described the suspected site detection module, comprising: harm webpage monitoring modular, comprises webcrawler module; Behavior outcome analysis module, the recommendation of the coupling that comprises fusion rule storehouse, harm website, the deep excavation module of harm rule;
B. described webcrawler module can be according to initial URL according to the degree of depth of appointment and Thread Count the extract Type of website and web page contents, form site data repository, by on-line analysis and two kinds of comprehensive, multi-period detections of analysis mode of off-line analysis, prevent from endangering webpage and escape detection, it is perfectly safe to guarantee;
C. the data in site data repository are utilized AC algorithm to mate with the rule feature in fusion rule storehouse, if the higher harm recommendation of websites module of this website being added to of matching degree, after judging via expert system module analysis, add harm website to harm storehouse, website, carry out deep excavation and the behavior outcome of follow-up harm rule and process.
6. according to the network hazard detection method and system based on data fusion described in claim 1,2,3,5, it is characterized in that:
What A. described rule base matching process adopted is the string matching algorithm based on Aho-Corasick, do not need completely to recall, and time complexity is O (n) advantage that time complexity and keyword number and length are irrelevant when this algorithm has scan text;
B. described harm rule can be by deeply excavating module, according to the storehouse, website of judging via expert system module analysis, carry out deep mode excavation, utilize classification and the method for predicting, find valuable relation and pattern, append in rule base, merge with original rule base and upgrade operation.
7. the network based on data fusion according to claim 1 endangers source detection method and system, it is characterized in that described system action result treatment module, comprise the processing of problem website, comprise to user and propose alarm, and declare and put on record to network police, complete industrial chain is provided; Improve detection module, according to testing result and Study on Trend, in the mode of self study, improve the function of detection module; The fusion of test and appraisal data and the rule of conduct that excavates, according to the Study on Trend of harm website of having found and the theoretical research of present stage carry out deep rule digging and with existing rule fusion, further improve behavior, feature rule base.
8. the network based on data fusion according to claim 1 endangers source detection method and system, it is characterized in that:
A. described data disaster tolerance module adopts the mode of the hot standby switching of distributed file system (HDFS) binode, HDFS adopts host-guest architecture pattern, by a pair of NameNode management node and several DataNode, formed, data center, by the mutual switching of live-vertex and backup node, solves the paralysis problem of data center;
B. when there is paralysis in the live-vertex data center of the NameNode of local control system, can be switched to fast backup node and recover data extraction and memory function, when local system is paralysed completely, can be switched to strange land control centre, work on, and return to local error message;
C. local control system periodically sends to data strange land control centre and backs up, and receive successful inverse signal, when strange land control centre does not receive data for a long time, to local control centre, do once inquiry, if no problem occurs, local control centre returns to one and replys; If do not receive and reply over the threshold time strange land control time, automatically user's service request is taken over and come, and continue to wait for the secure answer of local control centre, preserve daily record of work.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310547444.2A CN103701769A (en) | 2013-11-07 | 2013-11-07 | Method and system for detecting hazardous network source |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310547444.2A CN103701769A (en) | 2013-11-07 | 2013-11-07 | Method and system for detecting hazardous network source |
Publications (1)
Publication Number | Publication Date |
---|---|
CN103701769A true CN103701769A (en) | 2014-04-02 |
Family
ID=50363166
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310547444.2A Pending CN103701769A (en) | 2013-11-07 | 2013-11-07 | Method and system for detecting hazardous network source |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103701769A (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104065532A (en) * | 2014-06-26 | 2014-09-24 | 国家计算机网络与信息安全管理中心 | Unrecorded website search method and system based on multi-channel data access method |
CN105656944A (en) * | 2016-03-19 | 2016-06-08 | 浙江大学 | Network data flow based Trojan detection method |
CN108243189A (en) * | 2018-01-08 | 2018-07-03 | 平安科技(深圳)有限公司 | A kind of Cyberthreat management method, device, computer equipment and storage medium |
CN108550380A (en) * | 2018-04-12 | 2018-09-18 | 北京深度智耀科技有限公司 | A kind of drug safety information monitoring method and device based on public network |
CN108650235A (en) * | 2018-04-13 | 2018-10-12 | 北京网藤科技有限公司 | A kind of invasion detecting device and its detection method |
CN110502521A (en) * | 2019-08-28 | 2019-11-26 | 上海寰创通信科技股份有限公司 | A kind of method for building up of file store |
CN110958129A (en) * | 2018-09-26 | 2020-04-03 | 北京国双科技有限公司 | Method, system and device for flow analysis |
CN112084746A (en) * | 2020-09-11 | 2020-12-15 | 广东电网有限责任公司 | Entity identification method, system, storage medium and equipment |
CN112214418A (en) * | 2020-12-04 | 2021-01-12 | 支付宝(杭州)信息技术有限公司 | Application compliance detection method and device and electronic equipment |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101026496A (en) * | 2007-01-26 | 2007-08-29 | 华为技术有限公司 | Disaster recovery system, method and network device |
CN101557320A (en) * | 2009-05-25 | 2009-10-14 | 杭州华三通信技术有限公司 | Disaster tolerance realizing method and communication equipment thereof |
CN101789931A (en) * | 2009-12-31 | 2010-07-28 | 暨南大学 | Network intrusion detection system and method based on data mining |
CN102111420A (en) * | 2011-03-16 | 2011-06-29 | 上海电机学院 | Intelligent NIPS framework based on dynamic cloud/fire wall linkage |
CN102307189A (en) * | 2011-08-18 | 2012-01-04 | 成都市华为赛门铁克科技有限公司 | Malicious code detection method and network equipment |
CN103281177A (en) * | 2013-04-10 | 2013-09-04 | 广东电网公司信息中心 | Method and system for detecting hostile attack on Internet information system |
-
2013
- 2013-11-07 CN CN201310547444.2A patent/CN103701769A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101026496A (en) * | 2007-01-26 | 2007-08-29 | 华为技术有限公司 | Disaster recovery system, method and network device |
CN101557320A (en) * | 2009-05-25 | 2009-10-14 | 杭州华三通信技术有限公司 | Disaster tolerance realizing method and communication equipment thereof |
CN101789931A (en) * | 2009-12-31 | 2010-07-28 | 暨南大学 | Network intrusion detection system and method based on data mining |
CN102111420A (en) * | 2011-03-16 | 2011-06-29 | 上海电机学院 | Intelligent NIPS framework based on dynamic cloud/fire wall linkage |
CN102307189A (en) * | 2011-08-18 | 2012-01-04 | 成都市华为赛门铁克科技有限公司 | Malicious code detection method and network equipment |
CN103281177A (en) * | 2013-04-10 | 2013-09-04 | 广东电网公司信息中心 | Method and system for detecting hostile attack on Internet information system |
Non-Patent Citations (8)
Title |
---|
单长虹 等: ""一种启发式木马查杀模型的设计与分析"", 《计算机工程与应用》 * |
宋华 等: ""入侵检测中一种新的快速字符串匹配算法"", 《计算机工程与应用》 * |
徐进: ""基于数据融合的入侵检测系统"", 《中国优秀硕士学位论文全文数据库INFORMATION SCIENCE AND TECHNOLOGY辑》 * |
杨玲 等: ""基于启发式分析的木马检测技术研究"", 《计算机应用》 * |
董世博 等: ""一种改进的字符串多模式匹配算法"", 《计算机工程与应用》 * |
陆璐 等: ""基于客户端的恶意网页收集系统"", 《计算机工程》 * |
陈珂: ""一个基于规则匹配入侵检测系统的设计"", 《武汉工业学院学报》 * |
颜会娟 等: ""基于行为分析的木马检测系统"", 《网络安全技术与应用》 * |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104065532A (en) * | 2014-06-26 | 2014-09-24 | 国家计算机网络与信息安全管理中心 | Unrecorded website search method and system based on multi-channel data access method |
CN105656944A (en) * | 2016-03-19 | 2016-06-08 | 浙江大学 | Network data flow based Trojan detection method |
CN108243189A (en) * | 2018-01-08 | 2018-07-03 | 平安科技(深圳)有限公司 | A kind of Cyberthreat management method, device, computer equipment and storage medium |
WO2019134224A1 (en) * | 2018-01-08 | 2019-07-11 | 平安科技(深圳)有限公司 | Network threat management method and device, computer device and storage medium |
CN108243189B (en) * | 2018-01-08 | 2020-08-18 | 平安科技(深圳)有限公司 | Network threat management method and device, computer equipment and storage medium |
CN108550380A (en) * | 2018-04-12 | 2018-09-18 | 北京深度智耀科技有限公司 | A kind of drug safety information monitoring method and device based on public network |
CN108650235B (en) * | 2018-04-13 | 2021-06-04 | 北京网藤科技有限公司 | Intrusion detection device and detection method thereof |
CN108650235A (en) * | 2018-04-13 | 2018-10-12 | 北京网藤科技有限公司 | A kind of invasion detecting device and its detection method |
CN110958129A (en) * | 2018-09-26 | 2020-04-03 | 北京国双科技有限公司 | Method, system and device for flow analysis |
CN110502521A (en) * | 2019-08-28 | 2019-11-26 | 上海寰创通信科技股份有限公司 | A kind of method for building up of file store |
CN110502521B (en) * | 2019-08-28 | 2023-05-09 | 上海寰创通信科技股份有限公司 | Method for establishing archive |
CN112084746A (en) * | 2020-09-11 | 2020-12-15 | 广东电网有限责任公司 | Entity identification method, system, storage medium and equipment |
CN112214418A (en) * | 2020-12-04 | 2021-01-12 | 支付宝(杭州)信息技术有限公司 | Application compliance detection method and device and electronic equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103701769A (en) | Method and system for detecting hazardous network source | |
CN104767757B (en) | Various dimensions safety monitoring method and system based on WEB service | |
CN102647421B (en) | The web back door detection method of Behavior-based control feature and device | |
US9838419B1 (en) | Detection and remediation of watering hole attacks directed against an enterprise | |
CN101971591B (en) | System and method of analyzing web addresses | |
CN102467633A (en) | Method and system for safely browsing webpage | |
Kim et al. | Analysis of fire-accident factors using big-data analysis method for construction areas | |
CN103281177A (en) | Method and system for detecting hostile attack on Internet information system | |
CN105704146A (en) | System and method for SQL injection prevention | |
CN103294952B (en) | A kind of method and system detecting webshell based on page relation | |
CN104509034A (en) | Pattern consolidation to identify malicious activity | |
CN104283889A (en) | Electric power system interior APT attack detection and pre-warning system based on network architecture | |
CN102663000A (en) | Establishment method for malicious website database, method and device for identifying malicious website | |
CN101490685A (en) | A method for increasing the security level of a user machine browsing web pages | |
US10505986B1 (en) | Sensor based rules for responding to malicious activity | |
CN106357689A (en) | Method and system for processing threat data | |
CN107392028A (en) | The detection method and its detection means of sensitive information, storage medium, electronic equipment | |
CN103699844A (en) | Safety protection system and safety protection method | |
CN107800686A (en) | A kind of fishing website recognition methods and device | |
CN114036059A (en) | Automatic penetration testing system and method for power grid system and computer equipment | |
CN103220277B (en) | The monitoring method of cross-site scripting attack, Apparatus and system | |
CN108874802A (en) | Page detection method and device | |
Eijk et al. | The impact of user location on cookie notices (inside and outside of the European union) | |
Guo et al. | Knowledge discovery of correlations between unsafe behaviors within construction accidents | |
US20160277422A9 (en) | System and method for detecting final distribution site and landing site of malicious code |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20140402 |
|
WD01 | Invention patent application deemed withdrawn after publication |