CN104091122A - Detection system of malicious data in mobile internet - Google Patents
Detection system of malicious data in mobile internet Download PDFInfo
- Publication number
- CN104091122A CN104091122A CN201410272857.9A CN201410272857A CN104091122A CN 104091122 A CN104091122 A CN 104091122A CN 201410272857 A CN201410272857 A CN 201410272857A CN 104091122 A CN104091122 A CN 104091122A
- Authority
- CN
- China
- Prior art keywords
- data
- module
- malice
- machine learning
- scanning
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides a detection system of malicious data in a mobile internet and belongs to the technical field of network communication security. The system comprises a data preprocessing module, a feature scanning module, a machine learning module and a decision-making module, wherein the data preprocessing module is used for preprocessing and transmitting data collected from a mobile gateway Cn interface; the feature scanning module is used for carrying out feature scanning on the preprocessed data and outputting a scanning result; the machine learning module is used for carrying out machine learning monitoring on the preprocessed data and outputting a monitoring result; the decision-making module is used for judging whether the data is safe or malicious according to the scanning result and the monitoring result. The detection system has the benefits that after being preprocessed, the data collected from the mobile gateway Cn interface at a high speed is respectively transmitted to the feature scanning module and the machine study module to be detected, then the decision-making module combines the monitoring result and judges whether the data is safe or malicious through calculating the malicious coefficient of the data, and the detection system has the characteristics that the detection accuracy is higher, and data in a sample can also be monitored.
Description
Technical field
The present invention relates to a kind of detection system of mobile Internet malicious data, belong to Network Communicate Security technical field.
Background technology
Along with scientific and technological development, various being applied in when enriching people's life also for mobile phone security has increased a hidden danger on mobile phone, lawless person can utilize mobile phone rogue program to steal user privacy information or send a large amount of refuse messages, thus the safety of harm user's legitimate interests and mobile Internet.Due to rogue program must by mobile radio communication realize its steal privacy of user and malice fee suction object, if therefore can in time, effectively find and tackle the online fallacious message of mobile communication, just can stop the propagation of rogue program, thereby greatly reduce the number of users of being injured.The existing safety detection product of mobile radio communication comprises two large series products: the one, and the safe killing of installing in cell phone intelligent terminal and defence series products, the 2nd, the safety detection series products carrying out at server end.
But because these two kinds of products all require user that mobile phone viruses killing software is initiatively installed or upload malice sample to Cloud Server, such mode not only has performance consumption to mobile terminal, also the sense of security of users is had relatively high expectations.Therefore realizing the safety detecting system of a mobile Internet data in mobile gateway aspect, is the basic method that ensures mobile Internet data safety to the safety detection of whole network data.
Current safety detecting system mainly contains two kinds of methods, comprises that abnormality detection and misuse detect.Abnormality detection is to analyze safe data, set up detection model, if the data that band detects cannot be mated the model that secure data is set up, be judged to be abnormal data, the normal machine learning algorithm that adopts is set up detection model, advantage is to detect sample set new data in addition, and shortcoming is that rate of false alarm is higher.It is the mode of rule of analyzing malicious data that misuse detects, if the mode of rule of data to be tested coupling malicious data, is judged to be malicious data, often employing method is the methods such as virus base mark scanning, advantage is that accuracy in detection is higher, and shortcoming is that the data to not having in sample do not have detectability.
Summary of the invention
The present invention solves the rate of false alarm problem higher, that cannot monitor the data that do not have in sample that the safety monitoring technology of existing mobile Internet exists, and then a kind of detection system of mobile Internet malicious data is provided.For this reason, the invention provides following technical scheme:
A detection system for mobile Internet malicious data, comprising:
For carrying out the data preprocessing module of data pre-service transmission from the data of mobile gateway gn interface collection;
For the pretreated data of process being carried out to the mark scanning module of mark scanning output scanning result;
For the machine learning module of carrying out machine learning monitoring and exporting monitoring result passing through pretreated data;
For judging that according to described scanning result and described testing result described data are decision-making modules of safety or malice.
The present invention by from the data of mobile gateway gn interface high speed acquisition after data pre-service, deliver to respectively mark scanning module and machine learning module detects, then merge testing result and judge that by the malice coefficient of computational data data are safe or malice by decision-making module, there is Detection accuracy higher, the feature that also can monitor the data that do not have in sample.
Brief description of the drawings
In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, below the accompanying drawing of required use during embodiment is described is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.
Fig. 1 is the structural representation of the detection system of the mobile Internet malicious data that provides of this embodiment;
Fig. 2 is the workflow schematic diagram of the data preprocessing module that provides of this embodiment;
Fig. 3 is the testing process schematic diagram of the mark scanning module that provides of this embodiment;
Fig. 4 is the testing process schematic diagram of the machine learning module that provides of this embodiment;
Fig. 5 is the decision process schematic diagram of the decision-making module that provides of this embodiment;
Fig. 6 is the workflow schematic diagram of the system optimization module that provides of this embodiment.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiment.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtaining under creative work prerequisite, belong to the scope of protection of the invention.
This embodiment provides a kind of detection system of mobile Internet malicious data, as shown in Figure 1, comprising:
For carrying out the data preprocessing module of data pre-service transmission from the data of mobile gateway gn interface collection;
For the pretreated data of process being carried out to the mark scanning module of mark scanning output scanning result;
For the machine learning module of carrying out machine learning monitoring and exporting monitoring result passing through pretreated data;
For judging that according to described scanning result and described testing result described data are decision-making modules of safety or malice.
The detection system of the mobile Internet malicious data that this embodiment provides from the data of mobile gateway gn interface high speed acquisition after data preprocessing module is processed, deliver to respectively mark scanning module and machine learning module detects, then merged the testing result of mark scanning module and machine learning module by decision-making module, judge that by the malice coefficient of computational data data are safe or malice, and meet the malicious data of certain condition for satisfied malice coefficient, can carry out further sample examination & verification, and for abundant malice feature database and machine learning data set.
In order to be illustrated more clearly in the detection system of the mobile Internet malicious data that this embodiment provides, describe method of the present invention in detail with a specific embodiment below.
1, first can deliver to data preprocessing module from the data of mobile Internet gateway collection and carry out data pre-service.Fig. 2 shows data preprocessing module workflow diagram, describes it in detail mobile Internet gateway image data is carried out to the pretreated flow process of data.Support the Gn mouth image data of node GGSN at service support node SGSN to gateway, send into data preprocessing module processing.The function that data pre-service realizes comprises that basic rule-based filtering falls part and do not need the data of analyzing, the data that buffer memory is to be analyzed installation sessions restructuring.Finally from session data, extract essential characteristic and traffic characteristic characterizes session data.Therefore, data pre-service engine mainly comprises three submodules:
Filter submodule S1, can set series of rules and filter out the data that do not need systematic analysis.As set URL white list and can be filled into the data that URL is white list the inside, can largely reduce like this data volume of data to be analyzed.The filtering rule of filtering module S1 the inside can be various, as IP address white list, URL blacklist etc.
Session reassemble submodule S2, carries out Session reassemble to the data after filtering.First need the data of buffer memory a period of time or certain amount of ram, then carry out Session reassemble according to IP five-tuple.Session packet after restructuring has contained than more comprehensive data message.
First Characteristic extracts submodule S3, from the session data restructuring, extracts correlated characteristic.The feature of extracting is divided into essential characteristic and the large class of traffic characteristic two.Essential characteristic comprises access method, connection status, protocol type, URL, source IP, object IP, source port, destination interface, No. IMSI, whether carries annex, type of attachment, reception file or Transmit message, whether comprises suspicious key word, whether comprises link etc., and traffic characteristic comprises up-downgoing data packet length, sends bag number, receives bag number, rate of connections etc.Through the processing of characteristic extracting module, session data can represent with essential characteristic and traffic characteristic.
2, mark scanning module can be delivered to respectively through data preprocessing module session data after treatment and machine learning module is carried out safety detection.Fig. 3 shows the process flow diagram that mark scanning module detects, and utilizes mark scanning module scanning malice feature first from session data, to extract correlated characteristic, then carries out malice mark scanning, and therefore mark scanning module comprises two submodules:
Second Characteristic extracts submodule S4: from session data, extract the correlated characteristic that scanning need to be used, as URL, download file information, packet content etc.
Mark scanning submodule S5: comprise two kinds of scan modes, a class does not need to use malice feature database, as URL encryption detection; One class need to be used malice feature database, as the hostile content occurring in scan-data content.The malice mark scanning result of session data need to be saved as vectorial form, represents the distribution situation of the every malice feature of this session.
3, Fig. 4 shows the process flow diagram that machine learning module detects, and machine learning detection module also comprises two submodules:
The 3rd feature extraction submodule S6: extract the correlated characteristic that need to use of scanning from session data, as protocol type, type of attachment, whether comprise connections, up-downgoing data packet length, send bag number, receive and wrap number etc.
Machine learning model detection sub-module S7: can have multiple machine learning model, as Bayesian Classification Model, Decision-Tree Classifier Model.The machine learning model is here all the disaggregated model training, and can session data be categorized as to secured session or malice session according to session characteristics.Can select one or more machine learning model to detect session, if there be N detection model, the testing result of machine learning engine is exactly a N dimensional vector so, and every one-dimensional vector is exactly the testing result of a detection model.
4, mark scanning module and machine learning module are carried out after safety detection session data respectively, and its testing result all can be imported decision-making module into, carry out session malice coefficient calculations by decision-making module, and judge that session is safety or malice.Fig. 5 is the process flow diagram of decision-making module.Decision-making module two processes that made a policy, first need to calculate the malice coefficient of this session, and then carry out threshold value comparison decision, and therefore decision engine is made up of following two submodules:
Malice coefficient calculations submodule S8: the malice coefficient that calculates this session according to the testing result of mark scanning module and machine learning module.Malice coefficient is the numerical value for evaluating a session malice degree, and its value is larger, and session may be more malice.First malice coefficient calculations submodule can be merged into the testing result vector of mark scanning engine and machine learning engine a new synthesis result vector, have one with the identical weight vector of synthesis result vector dimension, the dot product of synthesis result vector sum weight vector is exactly the value of the malice coefficient of this session.The value of weight vector is adjustable, and such as to machine learning module, if the Performance Ratio of certain model is better, other model is given higher weights relatively; For mark scanning module, be that possibility is maliciously very large if there is certain this session of malice feature, can be this feature and give higher weights.
Decision sub-module S9: this session of malice coefficient decision of calculating according to malice coefficient calculations submodule S8 is safety or malice.The threshold value that the malice coefficient of session is less than setting is judged to be secured session, otherwise is malice session.
5, for optimum detection model performance, if this embodiment also provides a malice coefficient that is judged to be data maliciously for described decision-making module lower than threshold value, safety or malice to the data of described malice by manual analysis specified data, and then the data of described malice are carried out to signature analysis, for the system optimization module of the weights of regeneration characteristics scan module and the machine learning model of threshold value and renewal machine learning module.System optimization module S10 is as shown in the dotted line frame part of Fig. 6.Be judged to be the data of malice for decision-making module, if its malice coefficient (is greater than malice threshold value lower than threshold value, but approach malice threshold value), this part data is carried out to manual analysis, first further specified data is safe or malice, and then this part data is carried out to signature analysis, for weights and the threshold value of complete malice feature set and adjusting decision system, finally this part data is used for upgrading each machine learning model of machine learning module.The effect of optimization of the system optimization module system initial stage is especially obvious.
The above; it is only preferably embodiment of the present invention; but protection scope of the present invention is not limited to this; any be familiar with those skilled in the art the embodiment of the present invention disclose technical scope in; the variation that can expect easily or replacement, within all should being encompassed in protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection domain of claim.
Claims (6)
1. a detection system for mobile Internet malicious data, is characterized in that, comprising:
For carrying out the data preprocessing module of data pre-service transmission from the data of mobile gateway gn interface collection;
For the pretreated data of process being carried out to the mark scanning module of mark scanning output scanning result;
For the machine learning module of carrying out machine learning monitoring and exporting monitoring result passing through pretreated data;
For judging that according to described scanning result and described testing result described data are decision-making modules of safety or malice.
2. system according to claim 1, is characterized in that, described data preprocessing module comprises:
For the filtration submodule described data being filtered according to pre-defined rule;
For the data after filtering being carried out to the Session reassemble submodule of Session reassemble;
Extract the First Characteristic of correlated characteristic for the session data from restructuring and get submodule.
3. system according to claim 1, is characterized in that, described mark scanning module comprises:
The Second Characteristic of the correlated characteristic needing for the extracting data scanning from gathering extracts submodule;
For by not based on malice feature database and the mark scanning submodule that based on malice feature database, the correlated characteristic of extraction carried out to mark scanning.
4. system according to claim 1, is characterized in that, described machine learning module comprises:
The 3rd feature extraction submodule of the correlated characteristic needing for the extracting data scanning from gathering;
Be used for by predetermined machine learning classification model is the machine learning model detection sub-module of secured session or malice session by the Data classification of collection according to the correlated characteristic extracting.
5. according to the system shown in claim 1, it is characterized in that, described decision-making module comprises:
Be used for according to the malice coefficient calculations submodule of the malice coefficient of the data of described scanning result and described testing result calculating collection;
It is the decision sub-module of safety or malice for the corresponding session of malice coefficient decision obtaining according to calculating.
6. according to the system shown in claim 1, it is characterized in that, described system also comprises:
If the malice coefficient that is judged to be data maliciously for described decision-making module is lower than threshold value, safety or malice to the data of described malice by manual analysis specified data, and then the data of described malice are carried out to signature analysis, for the system optimization module of the weights of regeneration characteristics scan module and the machine learning model of threshold value and renewal machine learning module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410272857.9A CN104091122A (en) | 2014-06-17 | 2014-06-17 | Detection system of malicious data in mobile internet |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410272857.9A CN104091122A (en) | 2014-06-17 | 2014-06-17 | Detection system of malicious data in mobile internet |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104091122A true CN104091122A (en) | 2014-10-08 |
Family
ID=51638837
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410272857.9A Pending CN104091122A (en) | 2014-06-17 | 2014-06-17 | Detection system of malicious data in mobile internet |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104091122A (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104598816A (en) * | 2014-12-22 | 2015-05-06 | 安一恒通(北京)科技有限公司 | File scanning method and device |
| CN105007282A (en) * | 2015-08-10 | 2015-10-28 | 济南大学 | Malicious software network behavior detection method specific to network service provider and system thereof |
| CN105072045A (en) * | 2015-08-10 | 2015-11-18 | 济南大学 | Wireless router capable of discovering malicious software network behaviors |
| CN105187392A (en) * | 2015-08-10 | 2015-12-23 | 济南大学 | Mobile terminal malicious software detection method based on network access point and system thereof |
| CN105187395A (en) * | 2015-08-10 | 2015-12-23 | 济南大学 | Method and system for performing malicious software network behavior detection based on access router |
| CN106650446A (en) * | 2016-12-26 | 2017-05-10 | 北京邮电大学 | Identification method and system of malicious program behavior, based on system call |
| CN106685813A (en) * | 2016-11-16 | 2017-05-17 | 国家数字交换系统工程技术研究中心 | Output service response device and method for access network gateway security |
| CN108306864A (en) * | 2018-01-12 | 2018-07-20 | 深圳壹账通智能科技有限公司 | Network data detection method, device, computer equipment and storage medium |
| CN108804918A (en) * | 2017-12-31 | 2018-11-13 | 北京安天网络安全技术有限公司 | Safety defence method, device, electronic equipment and storage medium |
| CN108830103A (en) * | 2018-06-14 | 2018-11-16 | 西安交通大学 | A kind of automation generates method and device thereof, the handheld device of privacy of user strategy |
| CN109101577A (en) * | 2018-07-19 | 2018-12-28 | 清华大学 | A kind of data circulation method, apparatus and system |
| CN109525551A (en) * | 2018-10-07 | 2019-03-26 | 杭州安恒信息技术股份有限公司 | A method of the CC based on statistical machine learning attacks protection |
| CN109993233A (en) * | 2016-06-13 | 2019-07-09 | 第四范式(北京)技术有限公司 | Based on machine learning come the method and system of prediction data audit target |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003069491A1 (en) * | 2002-02-15 | 2003-08-21 | Science Park Corporation | Authentication method using input feature of input unit of computer, its program, and program recorded medium |
| CN102779249A (en) * | 2012-06-28 | 2012-11-14 | 奇智软件(北京)有限公司 | Malicious program detection method and scan engine |
| CN103516563A (en) * | 2013-10-18 | 2014-01-15 | 北京奇虎科技有限公司 | Equipment and method for monitoring abnormal or normal command |
| CN103839006A (en) * | 2010-11-29 | 2014-06-04 | 北京奇虎科技有限公司 | Program identification method and device based on machine learning |
-
2014
- 2014-06-17 CN CN201410272857.9A patent/CN104091122A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003069491A1 (en) * | 2002-02-15 | 2003-08-21 | Science Park Corporation | Authentication method using input feature of input unit of computer, its program, and program recorded medium |
| CN103839006A (en) * | 2010-11-29 | 2014-06-04 | 北京奇虎科技有限公司 | Program identification method and device based on machine learning |
| CN102779249A (en) * | 2012-06-28 | 2012-11-14 | 奇智软件(北京)有限公司 | Malicious program detection method and scan engine |
| CN103516563A (en) * | 2013-10-18 | 2014-01-15 | 北京奇虎科技有限公司 | Equipment and method for monitoring abnormal or normal command |
Non-Patent Citations (1)
| Title |
|---|
| 印杰: "基于支持向量机的入侵检测研究", 《中国优秀硕士学位论文全文数据库》 * |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104598816A (en) * | 2014-12-22 | 2015-05-06 | 安一恒通(北京)科技有限公司 | File scanning method and device |
| CN104598816B (en) * | 2014-12-22 | 2017-07-04 | 安一恒通(北京)科技有限公司 | A kind of file scanning method and device |
| CN105007282B (en) * | 2015-08-10 | 2018-08-10 | 济南大学 | The Malware network behavior detection method and system of network-oriented service provider |
| CN105007282A (en) * | 2015-08-10 | 2015-10-28 | 济南大学 | Malicious software network behavior detection method specific to network service provider and system thereof |
| CN105072045A (en) * | 2015-08-10 | 2015-11-18 | 济南大学 | Wireless router capable of discovering malicious software network behaviors |
| CN105187392A (en) * | 2015-08-10 | 2015-12-23 | 济南大学 | Mobile terminal malicious software detection method based on network access point and system thereof |
| CN105187395A (en) * | 2015-08-10 | 2015-12-23 | 济南大学 | Method and system for performing malicious software network behavior detection based on access router |
| CN105187395B (en) * | 2015-08-10 | 2018-10-23 | 济南大学 | The method and system of Malware network behavior detection are carried out based on couple in router |
| CN105187392B (en) * | 2015-08-10 | 2018-01-02 | 济南大学 | Mobile terminal from malicious software detecting method and its system based on Network Access Point |
| CN105072045B (en) * | 2015-08-10 | 2018-12-18 | 济南大学 | A kind of wireless router with Malware network behavior ability of discovery |
| CN109993233B (en) * | 2016-06-13 | 2022-11-01 | 第四范式(北京)技术有限公司 | Method and system for predicting data auditing objective based on machine learning |
| CN109993233A (en) * | 2016-06-13 | 2019-07-09 | 第四范式(北京)技术有限公司 | Based on machine learning come the method and system of prediction data audit target |
| CN106685813A (en) * | 2016-11-16 | 2017-05-17 | 国家数字交换系统工程技术研究中心 | Output service response device and method for access network gateway security |
| CN106685813B (en) * | 2016-11-16 | 2019-05-10 | 国家数字交换系统工程技术研究中心 | Suitable for accessing the output service response device and method of net gateway security |
| CN106650446A (en) * | 2016-12-26 | 2017-05-10 | 北京邮电大学 | Identification method and system of malicious program behavior, based on system call |
| CN108804918A (en) * | 2017-12-31 | 2018-11-13 | 北京安天网络安全技术有限公司 | Safety defence method, device, electronic equipment and storage medium |
| CN108306864A (en) * | 2018-01-12 | 2018-07-20 | 深圳壹账通智能科技有限公司 | Network data detection method, device, computer equipment and storage medium |
| CN108830103A (en) * | 2018-06-14 | 2018-11-16 | 西安交通大学 | A kind of automation generates method and device thereof, the handheld device of privacy of user strategy |
| CN109101577A (en) * | 2018-07-19 | 2018-12-28 | 清华大学 | A kind of data circulation method, apparatus and system |
| CN109525551A (en) * | 2018-10-07 | 2019-03-26 | 杭州安恒信息技术股份有限公司 | A method of the CC based on statistical machine learning attacks protection |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104091122A (en) | Detection system of malicious data in mobile internet | |
| CN109951500B (en) | Network attack detection method and device | |
| CN111277587A (en) | Malicious encrypted traffic detection method and system based on behavior analysis | |
| CN104937886B (en) | Log analysis device, information processing method | |
| CN107948172A (en) | A kind of car networking Network Intrusion detection method and system based on artificial intelligence behavioural analysis | |
| CN106357685A (en) | Method and device for defending distributed denial of service attack | |
| CN103023725A (en) | Anomaly detection method based on network flow analysis | |
| CN107911244A (en) | The multi-user's honey jar terminal system and its implementation that a kind of cloud net combines | |
| CN103916288B (en) | A kind of Botnet detection methods and system based on gateway with local | |
| CN108183888A (en) | A kind of social engineering Network Intrusion path detection method based on random forests algorithm | |
| CN103532957A (en) | Device and method for detecting trojan remote shell behavior | |
| CN103840983A (en) | WEB tunnel detection method based on protocol behavior analysis | |
| CN101364981A (en) | Hybrid intrusion detection method based on Internet protocol version 6 | |
| CN115134099B (en) | Network attack behavior analysis method and device based on full flow | |
| CN102130920A (en) | Botnet discovery method and system thereof | |
| CN113259943A (en) | Method and system for analyzing and blocking abnormal flow of power wireless private network | |
| CN111698209A (en) | Network abnormal flow detection method and device | |
| CN107070952A (en) | A kind of network node Traffic Anomaly analysis method and system | |
| CN110719286A (en) | Network optimization scheme sharing system and method based on big data | |
| CN113660267B (en) | Botnet detection system, method and storage medium for IoT environment | |
| CN108667804B (en) | DDoS attack detection and protection method and system based on SDN architecture | |
| CN114338171A (en) | Black product attack detection method and device | |
| CN111262826B (en) | Method for identifying network communication behavior deviation, intelligent switch, device and system | |
| CN115442159B (en) | Household routing-based risk management and control method, system and storage medium | |
| CN102905236A (en) | Method, device and system for monitoring spam short messages |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| AD01 | Patent right deemed abandoned | ||
| AD01 | Patent right deemed abandoned |
Effective date of abandoning: 20180504 |