CN104778402A - Intrusion behavior detection method and device - Google Patents
Intrusion behavior detection method and device Download PDFInfo
- Publication number
- CN104778402A CN104778402A CN201510182129.3A CN201510182129A CN104778402A CN 104778402 A CN104778402 A CN 104778402A CN 201510182129 A CN201510182129 A CN 201510182129A CN 104778402 A CN104778402 A CN 104778402A
- Authority
- CN
- China
- Prior art keywords
- image
- intrusion behavior
- feature
- daily record
- pixel format
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Image Analysis (AREA)
Abstract
The invention provides an intrusion behavior detection method and device. The method comprises the following steps: acquiring a log of a text format in a set time period, wherein operation information of a current system in the set time period is recorded in the log; converting the log of the text format into an image of a pixel format; acquiring actual detection characteristic of a to-be-detected intrusion behavior; detecting the image of the pixel format according to the acquired actual detection characteristic; determining that the current system is intruded when detecting that the image comprises the actual detection characteristic. According to the scheme, the image is automatically detected by using the actual detection characteristic of the acquired to-be-detected intrusion behavior, so that the intrusion behavior in the log is detected, and the detection efficiency is improved.
Description
Technical field
The present invention relates to field of computer technology, particularly a kind of intrusion behavior detection method and device.
Background technology
Internet be resource share provide efficiently and easily new way with exchanging of information, but while it also can utilize by the invader of computer information system resource, make the information resources in network be faced with serious security threat.In order to ensure the safety of network information system, the detection that intrusion detection mode realizes attack can be adopted, and further defend.
Existing intrusion detection mode can comprise: obtain the daily record in the time period, wherein, records the operation information of Computer system within this time period in daily record; User can analyze according to each operation information recorded in daily record by hand, to determine the operation information whether comprising malicious intrusions behavior in daily record, thus determines whether computer system suffers the invasion of malicious act.
But in daily record, the data volume of included operation information is comparatively large, and analyze each operation information by hand if utilize, detection efficiency is lower.
Summary of the invention
In view of this, the invention provides a kind of intrusion behavior detection method and device, to solve the lower problem of detection efficiency of the prior art.
The invention provides a kind of intrusion behavior detection method, comprising:
Obtain the daily record of text formatting in setting-up time section, wherein, in described daily record, record the operation information of current system in setting-up time section;
The described daily record of text formatting is converted into the image of pixel format;
Obtain the actual detection feature of intrusion behavior to be detected;
Described reality according to obtaining detects feature, detects the described image of pixel format, when detecting that described image comprises described reality detection feature, determines that current system is invaded.
Preferably, the described described daily record by text formatting is converted into the image of pixel format, comprising:
Utilize scan, print, take pictures, sectional drawing and the one in saving as operate, and the described daily record of text formatting is converted into the image of pixel format.
Preferably, the actual detection feature of described acquisition intrusion behavior to be detected, comprising:
Using multiple do not comprise the normal daily record of intrusion behavior convert the image of pixel format to as multiple negative sample; And the multiple positive sample of image creation of the pixel format to convert to according to multiple abnormal log comprising intrusion behavior;
Determine the initial detecting feature of intrusion behavior to be detected, and according to the initial detecting feature determined, repetitive exercise is carried out to multiple negative sample and multiple positive sample, and after training terminates each time, according to training result each time, initial detecting feature is modified, and utilize amended initial detecting feature to continue to carry out repetitive exercise to multiple negative sample and multiple Zhenyang, until the detection of amended initial detecting feature to multiple negative sample and multiple positive sample reaches detection threshold, the initial detecting feature this being reached detection threshold detects feature as reality.
Preferably,
Before the described described image to pixel format detects, comprise further: described image is divided into multiple sub-rectangular areas;
The described described image to pixel format detects, and comprising: detect each sub-rectangular areas.
Preferably, after the described described image to pixel format detects, comprise further:
According to section update time of setting, obtain the intrusion behavior after upgrading, and perform the actual detection feature of described acquisition intrusion behavior to be detected according to the intrusion behavior after renewal.
Present invention also offers a kind of intrusion behavior pick-up unit, comprising:
First acquiring unit, for obtaining the daily record of text formatting in setting-up time section, wherein, records the operation information of current system in setting-up time section in described daily record;
Conversion unit, for being converted into the image of pixel format by the described daily record of text formatting;
Second acquisition unit, for obtaining the actual detection feature of intrusion behavior to be detected;
Detecting unit, for detecting feature according to the described reality obtained, detecting the described image of pixel format, when detecting that described image comprises described reality detection feature, determining that current system is invaded.
Preferably, described conversion unit, for utilizing scanning, print, take pictures, sectional drawing and the operation of the one in saving as, the described daily record of text formatting is converted into the image of pixel format.
Preferably, described second acquisition unit, for using multiple do not comprise the normal daily record of intrusion behavior convert the image of pixel format to as multiple negative sample; And the multiple positive sample of image creation of the pixel format to convert to according to multiple abnormal log comprising intrusion behavior; Determine the initial detecting feature of intrusion behavior to be detected, and according to the initial detecting feature determined, repetitive exercise is carried out to multiple negative sample and multiple positive sample, and after training terminates each time, according to training result each time, initial detecting feature is modified, and utilize amended initial detecting feature to continue to carry out repetitive exercise to multiple negative sample and multiple Zhenyang, until the detection of amended initial detecting feature to multiple negative sample and multiple positive sample reaches detection threshold, the initial detecting feature this being reached detection threshold detects feature as reality.
Preferably,
Comprise further: division unit, for described image is divided into multiple sub-rectangular areas;
Described detecting unit, for detecting each sub-rectangular areas.
Preferably, comprise further:
3rd acquiring unit, for section update time according to setting, obtains the intrusion behavior after upgrading, and the intrusion behavior after upgrading is sent to described second acquisition unit.
Embodiments provide a kind of intrusion behavior detection method and device, the daily record of text formatting is converted to the image of pixel format, owing to including the operation information of current system in certain time in daily record, if current system is invaded, so can record this invasion information in operation information, and after daily record is converted to image, each word included in daily record shows with the form of pixel, therefore, automatically this image is detected by utilizing the actual detection feature of the intrusion behavior to be detected obtained, thus detect this intrusion behavior in daily record, improve detection efficiency.
Accompanying drawing explanation
Fig. 1 is the method flow diagram that the embodiment of the present invention provides;
Fig. 2 is the method flow diagram that another embodiment of the present invention provides;
Fig. 3 is the image schematic diagram of the pixel format that the embodiment of the present invention provides;
Fig. 4 is the positive sample schematic diagram that the embodiment of the present invention provides;
Fig. 5 is the positive sample schematic diagram that another embodiment of the present invention provides;
Fig. 6 is the hardware structure figure of the device place equipment that the embodiment of the present invention provides;
Fig. 7 is the apparatus structure schematic diagram that the embodiment of the present invention provides;
Fig. 8 is the apparatus structure schematic diagram that another embodiment of the present invention provides.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described.Obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
As shown in Figure 1, embodiments provide a kind of intrusion behavior detection method, the method can comprise the following steps:
Step 101: the daily record obtaining text formatting in setting-up time section, wherein, records the operation information of current system in setting-up time section in daily record.
Step 102: the image daily record of text formatting being converted into pixel format.
Step 103: the actual detection feature obtaining intrusion behavior to be detected.
Step 104: according to the actual detection feature obtained, the image of pixel format being detected, when detecting that image comprises actual detection feature, determining that current system is invaded.
According to such scheme, the daily record of text formatting is converted to the image of pixel format, owing to including the operation information of current system in certain time in daily record, if current system is invaded, so can record this invasion information in operation information, and after daily record is converted to image, each word included in daily record shows with the form of pixel, therefore, automatically this image is detected by utilizing the actual detection feature of the intrusion behavior to be detected obtained, thus detect this intrusion behavior in daily record, improve detection efficiency.
For making the object, technical solutions and advantages of the present invention clearly, below in conjunction with drawings and the specific embodiments, the present invention is described in further detail.
As shown in Figure 2, embodiments provide a kind of intrusion behavior detection method, the method can comprise the following steps:
Step 201: the daily record obtaining text formatting in setting-up time section.
In the present embodiment, daily record records the operation information of current system in certain time with text formatting, this operation information generally comprises: the information such as event level, source, time, therefore, whether can utilize daily record to detect has intrusion behavior in certain time, and the source of this intrusion behavior, the invasion time etc.Wherein, daily record can comprise system journal, application log and security log.
Wherein, a time period can be set, such as, 1 day, 1 week, when this time period set arrives, the daily record in this time period can be obtained, determine whether invaded within this time period to utilize this daily record of acquisition.Wherein, can the daily record in this time period be drawn.Such as, the daily record obtained in the time period of setting comprises:
real pts/28Oct 03 20:08(220.80.52.12)
real pts/28Oct 03 18:40(210.79.56.30)
real pts/28Oct 03 17:25(210.80.65.32)
guest pts/30Oct 03 15:26(attack.crack.net)
real pts/28Oct 03 14:20(220.80.52.12)
real pts/28Oct 03 08:40(210.79.56.30)
real pts/18Oct 03 06:40(210.80.65.30)
Further, with the present embodiment, incoherent data are detected to intrusion behavior owing to may comprise in daily record, therefore, noise reduction can be carried out to the extraneous data in the daily record in this time period.
Step 202: the image daily record of text formatting being converted into pixel format, performs step 205.
Owing to passing through in prior art manually to analyze one by one the operation information recorded in daily record, the efficiency that intrusion behavior is detected is lower, therefore, in the present embodiment, the daily record of text formatting can be converted into the image of pixel format, in image in post-conversion, each symbol of each word in daily record shows with pixel format.
In the present embodiment, by any one operation following the daily record of text formatting can be converted into the image of pixel format: scan, print, take pictures, sectional drawing and saving as.As shown in Figure 3, the image schematic diagram for daily record is converted into.
Wherein, the picture format after conversion can be JPG form, BMP form etc.
Step 203: according to intrusion behavior to be detected, using multiple do not comprise the normal daily record of intrusion behavior convert the image of pixel format to as multiple negative sample; And the multiple positive sample of image creation of the pixel format to convert to according to multiple abnormal log comprising intrusion behavior.
In the present embodiment, intrusion behavior to be detected can comprise: the object of unauthorized access current system, rogue program, object of attack etc.The required intrusion behavior detected of the present embodiment can according to for the previous period in all intrusion behaviors of finding carry out analysis and obtain.Such as, in one section of daily record, following information is recorded:
0315 210.80.65.30[1]USER autumn 331
0315 210.80.65.30[1]PASS–530
032:04 210.80.65.30[1]USER winter 331
032:06 210.80.65.30[1]PASS–530
0322 210.80.65.30[1]USER administrator 331
0324 210.80.65.30[1]PASS–230
Can find out that IP address is that the user of 210.80.65.30 attempts login system always according to above-mentioned daily record, and changed three username and passwords just Successful login, therefore, IP address can, according to the log-on message in this daily record, be that the user of 210.80.65.30 is as the user with intrusion behavior by the present embodiment.Positive sample refers to the image of intrusion behavior, wherein, opencv_createsamples can be utilized to create positive sample.Therefore, can include the image of this IP address in the positive sample created in the present embodiment, as shown in Figure 4, wherein, each lattice can as the pixel of in image for this image.
For another example, following information is recorded in one section of daily record:
real pts/25Feb 03 15:20(210.80.65.30)
real pts/23Feb 03 08:40(210.80.65.30)
real pts/15Feb 03 11:40(210.80.65.30)
guest pts/30Feb 03 18:26(attack.crack.net)
Can know this user of guest according to above-mentioned daily record, although user name is legal, the IP address sources attack.crack.net of this user is more dangerous, therefore, and can using this source attack.crack.net as having intrusion behavior source.So, can include the image in this source in the positive sample created in the present embodiment, this image as shown in Figure 5.
In the present embodiment, negative sample refers to the image not comprising intrusion behavior, generally refers to background image, can be prepared by hand by artificial.Such as, prepare 100 samples, comprise 30 positive samples and 70 negative samples.Wherein, positive sample can not be identical with the size of negative sample, but size need be greater than the size of training window.
After getting out 100 samples, can the filename of each sample in these 100 samples be preserved in a text-only file, in this document, comprise the corresponding relation of file directory and filename.
Step 204: the initial detecting feature determining intrusion behavior to be detected, and according to the initial detecting feature determined, repetitive exercise is carried out to multiple negative sample and multiple positive sample, and after training terminates each time, according to training result each time, initial detecting feature is modified, and utilize amended initial detecting feature to continue to carry out repetitive exercise to multiple negative sample and multiple Zhenyang, until the detection of amended initial detecting feature to multiple negative sample and multiple positive sample reaches detection threshold, the initial detecting feature this being reached detection threshold detects feature as reality, perform step 205.
In the present embodiment, can according to intrusion behavior determination initial detecting feature, initial detecting feature can comprise the area size etc. of each feature of Distance geometry between gradation of color, two features.
Opencv_traincascade.exe can be used to align sample according to initial detecting feature for the present embodiment and negative sample carries out repetitive exercise, after training each time, such as, for the first time in training process, this initial detecting feature is utilized to detect 10 positive samples in 100 samples, so detect that the ratio of positive sample is lower, therefore need to modify to initial detecting feature according to repetitive exercise result, and utilize amended initial detecting feature to proceed training, until when amended initial detecting feature can detect that the probability of positive sample reaches a detection threshold, the initial detecting feature this being reached detection threshold detects feature as reality.Detection threshold can be 90%, and namely amended initial detecting feature can detect 27 positive samples in 100 samples, and initial detecting feature is now detected feature as reality.
Wherein, the present embodiment can align sample according to the process utilizing adaboost algorithm to carry out recognition of face and negative sample carries out repetitive exercise.
Step 205: according to the actual detection feature obtained, the image of pixel format being detected, when detecting that image comprises actual detection feature, determining that current system is invaded.
In the present embodiment, need to utilize the actual image of feature to pixel format that detect to detect.Such as, utilize actual detection feature as shown in Figure 4, Figure 5, the image shown in Fig. 3 is detected, detects that the image shown in Fig. 3 comprises the actual detection feature shown in Fig. 5, so, determine that current system is invaded.
In a preferred embodiment of the invention, image can be divided into multiple sub-rectangular areas, and utilize the actual feature that detects to detect each sub-rectangular areas.Thus improve accuracy of detection.
Step 206: according to section update time of setting, obtains the intrusion behavior after upgrading, and performs according to the intrusion behavior after upgrading the actual detection feature obtaining intrusion behavior to be detected.
In the present embodiment, because intrusion behavior is ever-changing, often there will be the intrusion behavior that some are new, therefore, need update time a setting in section, intrusion behavior is upgraded, to ensure the accuracy detected daily record.
As shown in Figure 6, Figure 7, a kind of intrusion behavior pick-up unit is embodiments provided.Device embodiment can pass through software simulating, also can be realized by the mode of hardware or software and hardware combining.Say from hardware view; as shown in Figure 6; for a kind of hardware structure diagram of embodiment of the present invention intrusion behavior pick-up unit place equipment; except the processor shown in Fig. 6, internal memory, network interface and nonvolatile memory; in embodiment, the equipment at device place can also comprise other hardware usually, as the forwarding chip etc. of responsible process message.For software simulating, as shown in Figure 7, as the device on a logical meaning, be by the CPU of its place equipment, computer program instructions corresponding in nonvolatile memory is read operation in internal memory to be formed.The intrusion behavior pick-up unit 70 that the present embodiment provides comprises:
First acquiring unit 701, for obtaining the daily record of text formatting in setting-up time section, wherein, records the operation information of current system in setting-up time section in described daily record;
Conversion unit 702, for being converted into the image of pixel format by the described daily record of text formatting;
Second acquisition unit 703, for obtaining the actual detection feature of intrusion behavior to be detected;
Detecting unit 704, for detecting feature according to the described reality obtained, detecting the described image of pixel format, when detecting that described image comprises described reality detection feature, determining that current system is invaded.
Further, described conversion unit 702, for utilizing scanning, print, take pictures, sectional drawing and the operation of the one in saving as, the described daily record of text formatting is converted into the image of pixel format.
Further, described second acquisition unit 703, for using multiple do not comprise the normal daily record of intrusion behavior convert the image of pixel format to as multiple negative sample; And the multiple positive sample of image creation of the pixel format to convert to according to multiple abnormal log comprising intrusion behavior; Determine the initial detecting feature of intrusion behavior to be detected, and according to the initial detecting feature determined, repetitive exercise is carried out to multiple negative sample and multiple positive sample, and after training terminates each time, according to training result each time, initial detecting feature is modified, and utilize amended initial detecting feature to continue to carry out repetitive exercise to multiple negative sample and multiple Zhenyang, until the detection of amended initial detecting feature to multiple negative sample and multiple positive sample reaches detection threshold, the initial detecting feature this being reached detection threshold detects feature as reality.
In an embodiment of the invention, as shown in Figure 8, this intrusion behavior pick-up unit comprises further:
Division unit 801, for being divided into multiple sub-rectangular areas by described image;
Described detecting unit 704, for detecting each sub-rectangular areas.
Comprise further: the 3rd acquiring unit 802, for section update time according to setting, obtain the intrusion behavior after upgrading, and the intrusion behavior after upgrading is sent to described second acquisition unit.
In sum, the embodiment of the present invention at least can comprise following beneficial effect:
1, the daily record of text formatting is converted to the image of pixel format, owing to including the operation information of current system in certain time in daily record, if current system is invaded, so can record this invasion information in operation information, and after daily record is converted to image, each word included in daily record shows with the form of pixel, therefore, automatically this image is detected by utilizing the actual detection feature of the intrusion behavior to be detected obtained, thus detect this intrusion behavior in daily record, improve detection efficiency.
2, because intrusion behavior is ever-changing, often there will be the intrusion behavior that some are new, therefore, need update time a setting in section, intrusion behavior is upgraded, to ensure the accuracy detected daily record.
The content such as information interaction, implementation between each unit in the said equipment, due to the inventive method embodiment based on same design, particular content can see in the inventive method embodiment describe, repeat no more herein.
It should be noted that, in this article, the relational terms of such as first and second and so on is only used for an entity or operation to separate with another entity or operational zone, and not necessarily requires or imply the relation that there is any this reality between these entities or operation or sequentially.And, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thus make to comprise the process of a series of key element, method, article or equipment and not only comprise those key elements, but also comprise other key elements clearly do not listed, or also comprise by the intrinsic key element of this process, method, article or equipment.When not more restrictions, the key element " being comprised " limited by statement, and be not precluded within process, method, article or the equipment comprising described key element and also there is other same factor.
One of ordinary skill in the art will appreciate that: all or part of step realizing said method embodiment can have been come by the hardware that programmed instruction is relevant, aforesaid program can be stored in the storage medium of embodied on computer readable, this program, when performing, performs the step comprising said method embodiment; And aforesaid storage medium comprises: ROM, RAM, magnetic disc or CD etc. various can be program code stored medium in.
Finally it should be noted that: the foregoing is only preferred embodiment of the present invention, only for illustration of technical scheme of the present invention, be not intended to limit protection scope of the present invention.All any amendments done within the spirit and principles in the present invention, equivalent replacement, improvement etc., be all included in protection scope of the present invention.
Claims (10)
1. an intrusion behavior detection method, is characterized in that, comprising:
Obtain the daily record of text formatting in setting-up time section, wherein, in described daily record, record the operation information of current system in setting-up time section;
The described daily record of text formatting is converted into the image of pixel format;
Obtain the actual detection feature of intrusion behavior to be detected;
Described reality according to obtaining detects feature, detects the described image of pixel format, when detecting that described image comprises described reality detection feature, determines that current system is invaded.
2. method according to claim 1, is characterized in that, the described described daily record by text formatting is converted into the image of pixel format, comprising:
Utilize scan, print, take pictures, sectional drawing and the one in saving as operate, and the described daily record of text formatting is converted into the image of pixel format.
3. method according to claim 1, is characterized in that, the actual detection feature of described acquisition intrusion behavior to be detected, comprising:
Using multiple do not comprise the normal daily record of intrusion behavior convert the image of pixel format to as multiple negative sample; And the multiple positive sample of image creation of the pixel format to convert to according to multiple abnormal log comprising intrusion behavior;
Determine the initial detecting feature of intrusion behavior to be detected, and according to the initial detecting feature determined, repetitive exercise is carried out to multiple negative sample and multiple positive sample, and after training terminates each time, according to training result each time, initial detecting feature is modified, and utilize amended initial detecting feature to continue to carry out repetitive exercise to multiple negative sample and multiple Zhenyang, until the detection of amended initial detecting feature to multiple negative sample and multiple positive sample reaches detection threshold, the initial detecting feature this being reached detection threshold detects feature as reality.
4. method according to claim 1, is characterized in that,
Before the described described image to pixel format detects, comprise further: described image is divided into multiple sub-rectangular areas;
The described described image to pixel format detects, and comprising: detect each sub-rectangular areas.
5., according to described method arbitrary in claim 1-4, it is characterized in that, after the described described image to pixel format detects, comprise further:
According to section update time of setting, obtain the intrusion behavior after upgrading, and perform the actual detection feature of described acquisition intrusion behavior to be detected according to the intrusion behavior after renewal.
6. an intrusion behavior pick-up unit, is characterized in that, comprising:
First acquiring unit, for obtaining the daily record of text formatting in setting-up time section, wherein, records the operation information of current system in setting-up time section in described daily record;
Conversion unit, for being converted into the image of pixel format by the described daily record of text formatting;
Second acquisition unit, for obtaining the actual detection feature of intrusion behavior to be detected;
Detecting unit, for detecting feature according to the described reality obtained, detecting the described image of pixel format, when detecting that described image comprises described reality detection feature, determining that current system is invaded.
7. device according to claim 6, is characterized in that, described conversion unit, for utilizing scanning, print, take pictures, sectional drawing and the operation of the one in saving as, the described daily record of text formatting is converted into the image of pixel format.
8. device according to claim 6, is characterized in that, described second acquisition unit, for using multiple do not comprise the normal daily record of intrusion behavior convert the image of pixel format to as multiple negative sample; And the multiple positive sample of image creation of the pixel format to convert to according to multiple abnormal log comprising intrusion behavior; Determine the initial detecting feature of intrusion behavior to be detected, and according to the initial detecting feature determined, repetitive exercise is carried out to multiple negative sample and multiple positive sample, and after training terminates each time, according to training result each time, initial detecting feature is modified, and utilize amended initial detecting feature to continue to carry out repetitive exercise to multiple negative sample and multiple Zhenyang, until the detection of amended initial detecting feature to multiple negative sample and multiple positive sample reaches detection threshold, the initial detecting feature this being reached detection threshold detects feature as reality.
9. device according to claim 6, is characterized in that,
Comprise further: division unit, for described image is divided into multiple sub-rectangular areas;
Described detecting unit, for detecting each sub-rectangular areas.
10., according to described device arbitrary in claim 6-9, it is characterized in that, comprise further:
3rd acquiring unit, for section update time according to setting, obtains the intrusion behavior after upgrading, and the intrusion behavior after upgrading is sent to described second acquisition unit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510182129.3A CN104778402A (en) | 2015-04-16 | 2015-04-16 | Intrusion behavior detection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510182129.3A CN104778402A (en) | 2015-04-16 | 2015-04-16 | Intrusion behavior detection method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104778402A true CN104778402A (en) | 2015-07-15 |
Family
ID=53619858
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510182129.3A Pending CN104778402A (en) | 2015-04-16 | 2015-04-16 | Intrusion behavior detection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104778402A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106844179A (en) * | 2017-02-07 | 2017-06-13 | 上海与德信息技术有限公司 | log storing method and device |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1761203A (en) * | 2005-11-03 | 2006-04-19 | 上海交通大学 | System for synthetical analyzing and monitoring safety of information on network |
| US20070174432A1 (en) * | 2006-01-20 | 2007-07-26 | Samsung Electronics Co., Ltd. | Apparatus for and method of displaying communication log using GUI image |
-
2015
- 2015-04-16 CN CN201510182129.3A patent/CN104778402A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1761203A (en) * | 2005-11-03 | 2006-04-19 | 上海交通大学 | System for synthetical analyzing and monitoring safety of information on network |
| US20070174432A1 (en) * | 2006-01-20 | 2007-07-26 | Samsung Electronics Co., Ltd. | Apparatus for and method of displaying communication log using GUI image |
Non-Patent Citations (2)
| Title |
|---|
| 李鹏: "图像型垃圾邮件过滤关键技术研究", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
| 王玮: "入侵检测系统的研究与实现", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106844179A (en) * | 2017-02-07 | 2017-06-13 | 上海与德信息技术有限公司 | log storing method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109922052B (en) | Malicious URL detection method combining multiple features | |
| CN108833186B (en) | Network attack prediction method and device | |
| CN108471429B (en) | Network attack warning method and system | |
| US20180309772A1 (en) | Method and device for automatically verifying security event | |
| Dezfoli et al. | Digital forensic trends and future | |
| CN112866023B (en) | Network detection method, model training method, device, equipment and storage medium | |
| CN103279710B (en) | Method and system for detecting malicious codes of Internet information system | |
| CN105844140A (en) | Website login brute force crack method and system capable of identifying verification code | |
| CN108446559B (en) | APT organization identification method and device | |
| CN111917740A (en) | Abnormal flow alarm log detection method, device, equipment and medium | |
| CN107332804B (en) | Method and device for detecting webpage bugs | |
| US11270001B2 (en) | Classification apparatus, classification method, and classification program | |
| CN114760106B (en) | Network attack determination method, system, electronic equipment and storage medium | |
| Kaur et al. | Review of various steganalysis techniques | |
| CN110708292A (en) | IP processing method, device, medium and electronic equipment | |
| CN113904861B (en) | Encryption traffic safety detection method and device | |
| Lovanshi et al. | Comparative study of digital forensic tools | |
| Khan et al. | Digital forensics and cyber forensics investigation: security challenges, limitations, open issues, and future direction | |
| CN111245784A (en) | Method for multi-dimensional detection of malicious domain name | |
| WO2020016906A1 (en) | Method and system for intrusion detection in an enterprise | |
| US9959406B2 (en) | System and method for zero-day privilege escalation malware detection | |
| CN113190838A (en) | Web attack behavior detection method and system based on expression | |
| CN113065026A (en) | Intelligent abnormal event detection system, method and medium based on security micro-service architecture | |
| CN113886829B (en) | Method and device for detecting defect host, electronic equipment and storage medium | |
| CN114024761B (en) | Network threat data detection method and device, storage medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150715 |
|
| WD01 | Invention patent application deemed withdrawn after publication |