CN105224873B - A kind of smart machine document authentication method - Google Patents
A kind of smart machine document authentication method Download PDFInfo
- Publication number
- CN105224873B CN105224873B CN201510790427.0A CN201510790427A CN105224873B CN 105224873 B CN105224873 B CN 105224873B CN 201510790427 A CN201510790427 A CN 201510790427A CN 105224873 B CN105224873 B CN 105224873B
- Authority
- CN
- China
- Prior art keywords
- web page
- page files
- scripted code
- code
- sample
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides a kind of smart machine document authentication method, this method includes:The feature vector of scripted code in extraction web page files simultaneously classifies to feature vector, identifies that the web page files whether there is malicious code according to classification results.The present invention proposes a kind of file detection recognition method, and different invasion modes are detected using different mode classifications, and introducing Fuzzy Processing prevents the camouflage of malicious code, improves detection success rate.
Description
Technical field
The present invention relates to Computer Data Security, more particularly to a kind of smart machine document authentication method.
Background technology
As the continuous development of Internet is with universal, various network safety events emerge in an endless stream, entire mobile Internet
Environment receive serious threat, to society bring huge loss.Network safety event is mostly that hacker attacks behavior is drawn
It rises, and immanent cause is the security breaches of software or document itself.The loophole is utilized in invader, to the webpage in mobile equipment
File is distorted or is pretended, and makes ordinary user's None- identified, takes this opportunity to perform or distribute illegal program.Existing web page files inspection
Survey includes static detection and dynamic detection, but the function that triggers and event when all referring to monitor running paper, without consider into
The fuzzy treatment technology that the person of invading uses, thus malicious script code discrimination is very low, and existing detection model has been used and imitated
True technology, the computing resource consumption for making mobile device end are excessive.
Invention content
To solve the problems of above-mentioned prior art, the present invention proposes a kind of smart machine document authentication method,
Including:
The feature vector of scripted code in extraction web page files simultaneously classifies to feature vector, is known according to classification results
Not described web page files whether there is malicious code.
Preferably, the feature of the extraction code, further comprises:
Scripted code from web page files is extracted first, then as unit of word, feature extraction is carried out, to extraction
The feature vector arrived carries out feature selecting processing, and increases the weight of key feature vector;In web page files, according to keyword
Position the entry position of scripted code;Wherein, the extraction of scripted code is specifically included below:
1. open web page files;
2. initialize internal data structure;
3. carrying out catalog directory retrieval, active dictionary entry address is found;
4. pair position candidate containing scripted code scans for, and detects the data type of dictionary entry;
5. if its data type is the element in predefined keywords set, just contain scripted code in this dictionary,
Scripted code is extracted;
6. a pair scripted code decompresses;
Scripted code stream after coding is decoded, judges that the character in stream whether by coding, that is, judges generation
Whether containing coding mode field in the head of code stream, if so, decoding functions is called to be decoded;Finally preserve result;
This method further includes:Before described eigenvector extraction, web page files are pre-processed, the first step is to webpage text
Executable scripted code in part is positioned and is extracted, and the scripted code extracted is decoded and Anti-fuzzy by second step
Processing, finally obtains original scripted code.
Preferably, it is described to classify to feature vector, further comprise:
Web page files are divided into two parts, a part is embedded scripted code, another part is except script generation
Remaining web page files data other than code, are then respectively detected two parts of web page files, utilize Bayes algorithm structures
Identification model is built, scripted code is detected, specific identification process includes:Unknown web page files X is calculated respectively belongs to safety
Sample set CnProbability PNBelong to the probability P of malice sample set with web page files XM, then by PNAnd PMIt is compared, obtains webpage
The classification that file X is most approached, so as to judge the classification of unknown web page files X, if PM>PNIt then represents to contain in the web page files
Otherwise malicious script code does not contain malicious script code in the web page files;
The identification model built using Decision tree classified algorithms examines web page files data remaining in addition to scripted code
It surveys;Finally, testing result is merged into processing, obtains final recognition result;If in the recognition result of one of two parts
There are one output result malicious files, then unknown web page files are identified as malicious file, if the recognition result of two parts is all
For secure file, then unknown web page files are secure file.
The present invention compared with prior art, has the following advantages:
The present invention proposes a kind of file detection recognition method, and different invasion modes are carried out using different mode classifications
Detection, introducing Fuzzy Processing prevents the camouflage of malicious code, improves detection success rate.
Description of the drawings
Fig. 1 is the flow chart of smart machine document authentication method according to embodiments of the present invention.
Specific embodiment
Retouching in detail to one or more embodiment of the invention is hereafter provided together with the attached drawing for illustrating the principle of the invention
It states.The present invention is described with reference to such embodiment, but the present invention is not limited to any embodiments.The scope of the present invention is only by right
Claim limits, and the present invention covers many replacements, modification and equivalent.Illustrate in the following description many details with
Just it provides a thorough understanding of the present invention.These details are provided for exemplary purposes, and without in these details
Or all details can also realize the present invention according to claims.
An aspect of of the present present invention provides a kind of smart machine document authentication method.Fig. 1 is according to embodiments of the present invention
Smart machine document authentication method flow chart.
The present invention makes detection for two different invasion mode specific aims, using two different feature extractions and divides
Class method establishes identification module, then carries out parallel connection to identification module, the scripted code in web page files is carried out complete anti-
Fuzzy preceding operation ensures the validity for the set of eigenvectors attacked based on scripted code.Based on multiclass classification process, difference is entered
It invades mode to be detected using different assorting processes, improves detection success rate.
The web page files detection method of the present invention mainly has three big modules:Data prediction, feature extraction and web page files
Identification.
(1) data prediction:It is pre-processed for the text set based on scripted code invasion mode.According to being based on foot
This code invades the analysis of mode and web page files structure, positioning, sentencing to can perform scripted code in web page files first
Which object disconnected scripted code is present in, and according to the adduction relationship between object, the scripted code in object is extracted,
It is stored in new text file;Then according to the coding mode of scripted code, the scripted code by coding is decoded,
To restore original scripted code;Finally, Anti-fuzzy processing is carried out to scripted code, removes the redundancy in scripted code,
Finally obtain original script code.
(2) feature extraction:The present invention proposes two different feature extraction modes, for what is invaded based on scripted code
Web page files, extraction is characterized in base unit for word, the time required to reducing extraction;For being based on non-scripted code invasion mode
When extracting feature, web page files are divided for the web page files of realization, then still using identical with existing feature extraction
Method, after feature extraction terminates, by feature selecting algorithm, the dimension for effectively reducing feature selects identification higher
Feature.
(3) web page files identify:According to two different feature extraction modes, based on Bayes assorting processes and decision tree
Assorting process establishes two different disaggregated models, then by the way of in parallel, two assorting processes is combined, are carried
The high verification and measurement ratio of model.
Before characteristic vector pickup, it is necessary first to position of the scripted code in web page files is determined, from web page files
Scripted code is extracted, if the scripted code is by the processing such as encoding, compressing and obscure, need to restore most original
Scripted code, finally according to feature extraction algorithm extract set of eigenvectors.
When being detected to unknown web page files, it is necessary first to executable scripted code is extracted never in Hownet page file, and
And scripted code is decoded and de-fuzzy processing, obtain original scripted code.Then according to string matching algorithm,
Feature vector matching is carried out, judges that there are which feature vectors in scripted code.Finally according to Bayes algorithms and by training sample
Obtained data judge the classification of the unknown web page files.
General detection may be used for the web page files detection invaded based on non-scripted code:Training sample is extracted first
The feature vector of this collection.Training sample set is divided into two classes:Based on non-scripted code invasion malicious file sample set and without foot
The secure file sample set of this code.In feature extraction, need to extract the set of eigenvectors of two different sample sets, root respectively
According to certain feature selecting algorithm, two set of eigenvectors are handled, to obtain the set of eigenvectors of learning algorithm needs.
Then according to learning algorithm and the set of eigenvectors of extraction, identification model is established.The present invention is established using decision tree assorting process
Identification model.Finally unknown web page files are identified.
When unknown web page files are identified, it is necessary first to extract the set of eigenvectors of unknown web page files, the spy
Sign vector set can effectively show the unknown web page files, can be known using this feature vector set instead of web page files
Not.Then identification set of eigenvectors established as the input of identifier, identifier according to oneself, knows set of eigenvectors
Do not classify.Finally obtain the classification results of unknown web page files.
Characteristic extracting module proposed by the present invention invades mode, using two different spies according to existing web page files
Levy extracting mode extraction feature vector.For the characteristic vector pickup based on scripted code invasion mode, first by scripted code
It is extracted from web page files, the processing such as Anti-fuzzy is carried out to the scripted code, obtain original scripted code.Then with word
For unit, feature extraction is carried out.Feature selecting processing finally is carried out to the feature vector extracted, and increases key feature vector
Weight, ensure the set of eigenvectors finally obtained have higher validity.For based on non-scripted code invasion mode
Set of eigenvectors is extracted, and using by web page files piecemeal, extracts feature vector respectively, is then carried out feature selecting processing, is obtained
Last feature vector.
Before to the characteristic vector pickup based on scripted code invasion mode, two are divided into the pretreatment of web page files
Step, the first step are positioned and are extracted to the executable scripted code in web page files, the script that second step will extract
Code be decoded with the processing such as Anti-fuzzy, finally obtain original scripted code.
In web page files, scripted code usually exists in dictionary.Several groups of entries that dictionary includes, every group of entry is all
It is made of key and value, wherein key must be moniker, and the key in a dictionary is unique;Value can be any conjunction
Method object.There are two types of embedded modes for scripted code:A kind of is directly with hexadecimal or the character string of text mode, another kind
It is stored in another object, is called indirectly by pointer.In the latter case, it is encrypted to be generally stored inside a process for it
Stream.
In order to reliably extract scripted code, need to being handled on semantic hierarchies in text.In general web page files
In, it can be according to the entry position of keyword positioning scripted code.Scripted code other than being directly embedded into web page files,
It can reside in other web page files of local host, it could even be possible to residing on distance host.Scripted code is supported
Dynamic call.
The extraction of scripted code is described below
1. open web page files;
2. initialize internal data structure;
3. carrying out catalog directory retrieval, active dictionary entry address is found;
It may be scanned for 4. pair above-mentioned containing the position candidate of scripted code, and detect the data type of dictionary entry;
5. if its data type is the element in predefined keywords set, just contain scripted code in this dictionary,
Scripted code is extracted;
6. a pair scripted code decompresses.
It is usually the stream by coding in indirect referencing object, in the object, to the script generation after coding
Code decoding:Judge whether the character in stream passes through coding, that is, judge whether containing coding mode field in the head of stream, if
Have, decoding functions is called to be decoded;Finally preserve result.
Malicious file can escape detection by increasing redundancy section.Web page files are opened when web page files reader to collapse
Burst when, user will be considered that be web page files oneself through damage, actually malicious script code is just in running background.Even some malice
Malicious script code is embedded in before web page files head or after end mark by file.Anti-fuzzy processing is in order to by script generation
Code carries out a most originalization processing, and the feature extraction for back is laid a solid foundation.In the present invention, Anti-fuzzy processing master
The string segmentation and additional redundancy content the two fuzzy technologys to be directed in scripted code are handled.Firstly the need of removal
Secondly the annotation unrelated with scripted code operation needs to restore the character string after being divided, is reduced to original character
String.Can be more than 50 bytes with its length of a large amount of variable, in order to be handled in next step conveniently, to these variables in scripted code
It is handled, if variable-length is more than 50 bytes, carries out Uniform Name.
By the data prediction of early period, present scripted code oneself through for most original scripted code, extraction feature to
The detailed process of amount is as follows.
1. scripted code is divided into the character string s as unit of word;
2. establish word frequency look-up table m;
3. traversing character string s, word w is checked whether in m, if jumping to 4, otherwise, jumping to 5;
4. the word frequency m [w] of word w increases 1 in look-up table;
5. word frequency m [w]=l of word w in look-up table;
6. traversing m, traversal pointer is ptr;
7. if m is keyword, the corresponding feature weights of ptr are increased into maximum value;
8. first five feature vector is chosen as last set of eigenvectors.
When carrying out non-scripted code Intrusion Signatures vector extraction, training sample set is divided into two classes:Based on non-script generation
The code malicious file sample set of technology and secure file sample set.Needing the feature vector extracted, there are two features:First, at certain
Occurrence frequency is higher in class sample set, but occurrence frequency is relatively low in another kind of sample set.If meeting the two features,
This feature vector set can be very good to distinguish two different sample sets.According to above to the description of feature vector, non-script generation
The characteristic vector pickup process of code invasion is as follows:
1. extract malice sample set set of eigenvectors Tm, and calculate the word frequency tf of wherein each feature vectorM, i;
2. the safe sample set set of eigenvectors T of extractionnAnd calculate the word frequency tf of wherein each feature vectorN, j;
3. calculate TmIn each inverse-document-frequency idf of the feature vector in safe sample setM, i;
4. calculate TnIn each inverse-document-frequency idf of the feature vector in malice sample setN, j;
5. selecting the set of eigenvectors of different sample sets respectively, be then combined with, obtain the feature of non-scripted code invasion to
Quantity set.
When the web page files detection method of the present invention carries out classification and Detection to unknown web page files, first from web page files
Scripted code is extracted, which is divided into two parts:One is embedded scripted code, another part is except script
Remaining web page files data other than code.Then two parts of web page files are detected respectively, utilize Bayes algorithms
The identification model of structure is detected scripted code, using the identification model that Decision tree classified algorithms are built to the residue of web page files
Data are detected.Finally, testing result in result integration module is handled, obtains the web page files detection side of the present invention
Method is to the final detection result of the web page files.Just its idiographic flow is described below.
Set of eigenvectors based on scripted code invasion is using simple and practical Bayes assorting processes as assorting process.
Unknown web page files X is calculated respectively belongs to safe sample set CnProbability PNBelong to the probability of malice sample set with web page files X
PM, then by PNAnd PMIt is compared, obtains the classification that web page files X is most approached, so as to judge the classification of unknown web page files X.
If PM>PNIt then represents containing malicious script code in the web page files, conversely, then not containing malicious script in the web page files
Code.
Before web page files detection based on the invasion of non-scripted code, wherein Sample is training sample set, and Vector is base
In the set of eigenvectors of non-scripted code invasion.
Establish decision tree root root nodes;
If Sample all for just, return label be+single node tree root;
If Sample is anti-, return label be _ single node tree root;
If Vector is sky, then it is most common object vector value in Sample to return to single node root, label;
Otherwise, for each probable value v of Vectori
Add a new branch v under rooti, enable SamplesiFor SamplesiMeet Vector property values for viSon
Collection;
If SamplesiFor sky, under this new branch plus a leaf node, the label of node in Sample most
Universal object vector value;
Otherwise add a subtree under new branch:
(Samplesi, object vector value, Vector), terminate.
After the disaggregated model based on decision tree, which is established, to be completed, it is possible to according to disaggregated model to unknown web page files
It is detected:
1. web page files are divided according to 100 byte-sizeds, file data blocks are obtained;
2. the feature vector of each web page files data block of extraction;
3. the feature vector of all web page files data blocks is carried out Integrated Selection, web page files vector to the end is obtained
Collection;
4. using this feature vector set as the input of judgement tree classification model;
5. item according to judgement tree classification model output may determine that whether the web page files are to enter using non-scripted code
The web page files invaded.
During realization, parallel connection is carried out, and need to be to two different identifications to two different Classification and Identification models
The result of model is handled.By the input of the output of two different identification modules, as a result integration module, according to result
Processing function in integration module, if there are one result is exported as M (malicious file) in two different identification modules, not
Hownet page file is then malicious file, unknown if the recognition result of two different identification modules is all N (secure file)
Web page files are secure file.
In conclusion the present invention proposes a kind of file detection recognition method, different points is utilized to different invasion modes
Class mode is detected, and introducing Fuzzy Processing prevents the camouflage of malicious code, improves detection success rate.
It obviously, can be with general it should be appreciated by those skilled in the art each module or each step of, the above-mentioned present invention
Computing system realize that they can concentrate in single computing system or be distributed in multiple computing systems and be formed
Network on, optionally, they can be realized with the procedure script code that computing system can perform, it is thus possible to by them
Storage is performed within the storage system by computing system.It to be combined in this way, the present invention is not limited to any specific hardware and softwares.
It should be understood that the above-mentioned specific embodiment of the present invention is used only for exemplary illustration or explains the present invention's
Principle, without being construed as limiting the invention.Therefore, that is done without departing from the spirit and scope of the present invention is any
Modification, equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.In addition, appended claims purport of the present invention
Covering the whole variations fallen into scope and boundary or this range and the equivalent form on boundary and repairing
Change example.
Claims (2)
1. a kind of smart machine document authentication method, which is characterized in that including:
The feature vector of scripted code in extraction web page files simultaneously classifies to feature vector, and institute is identified according to classification results
Web page files are stated with the presence or absence of malicious code;
If the result is invaded for non-scripted code, before web page files detection, decision tree root root nodes are established;
If Sample all for just, return label be+single node tree root;
If Sample is anti-, return label be _ single node tree root;
If Vector is sky, then it is most common object vector value in Sample to return to single node root, label;Wherein
Sample is training sample set, and Vector is the set of eigenvectors invaded based on non-scripted code;
Otherwise, for each probable value v of Vectori
Add a new branch v under rooti, enable SamplesiFor SamplesiMeet Vector property values for viSubset;
If SamplesiFor sky, a leaf node is added under this new branch, the label of node is most universal in Sample
Object vector value;
Otherwise add a subtree under new branch:
(Samplesi, object vector value, Vector), terminate;
After the disaggregated model based on decision tree, which is established, to be completed, it is possible to unknown web page files be carried out according to disaggregated model
Detection:
1. web page files are divided according to 100 byte-sizeds, file data blocks are obtained;
2. the feature vector of each web page files data block of extraction;
3. the feature vector of all web page files data blocks is carried out Integrated Selection, web page files vector set to the end is obtained;
4. using this feature vector set as the input of judgement tree classification model;
5. item according to judgement tree classification model output may determine that whether the web page files are to be invaded using non-scripted code
Web page files;
During realization, parallel connection is carried out, and need to be to two different identification models to two different Classification and Identification models
Result handled;By the input of the output of two different identification modules, as a result integration module, integrated according to result
Mould processing function in the block, if exporting result there are one in two different identification modules as M, that is, malicious file, non-Hownet
Page file is then malicious file, if the recognition result of two different identification modules is all N, that is, secure file, unknown webpage
File is secure file;
The feature of the extraction code, further comprises:
Scripted code from web page files is extracted first, then as unit of word, feature extraction is carried out, to what is extracted
Feature vector carries out feature selecting processing, and increases the weight of key feature vector;In web page files, positioned according to keyword
The entry position of scripted code;Wherein, the extraction of scripted code is specifically included below:
1. open web page files;
2. initialize internal data structure;
3. carrying out catalog directory retrieval, active dictionary entry address is found;
4. pair position candidate containing scripted code scans for, and detects the data type of dictionary entry;
5. if its data type is the element in predefined keywords set, just contain scripted code in this dictionary, to foot
This code extracts;
6. a pair scripted code decompresses;
Scripted code stream after coding is decoded, judges that the character in stream whether by coding, that is, judges code flow
Head in whether containing coding mode field, if so, decoding functions is called to be decoded;Finally preserve result;
This method further includes:Before described eigenvector extraction, web page files are pre-processed, the first step is in web page files
Executable scripted code positioned and extracted, second step by the scripted code extracted be decoded at Anti-fuzzy
Reason, finally obtains original scripted code;
By the own scripted code through for most original of the scripted code of the data prediction of early period, the detailed mistake of feature vector is extracted
Journey is as follows:
1. scripted code is divided into the character string s as unit of word;
2. establish word frequency look-up table m;
3. traversing character string s, word w is checked whether in m, if jumping to 4, otherwise, jumping to 5;
4. the word frequency m [w] of word w increases 1 in look-up table;
5. word frequency m [w]=l of word w in look-up table;
6. traversing m, traversal pointer is ptr;
7. if m is keyword, the corresponding feature weights of ptr are increased into maximum value;
8. first five feature vector is chosen as last set of eigenvectors.
2. according to the method described in claim 1, it is characterized in that, described classify to feature vector, further comprise:
Web page files are divided into two parts, a part is embedded scripted code, another part be except scripted code with
Outer remaining web page files data, are then respectively detected two parts of web page files, are built and known using Bayes algorithms
Other model, is detected scripted code, and specific identification process includes:Unknown web page files X is calculated respectively belongs to safe sample
Collect CnProbability PNBelong to the probability P of malice sample set with web page files XM, then by PNAnd PMIt is compared, obtains web page files
The classification that X is most approached, so as to judge the classification of unknown web page files X, if PM>PNIt then represents in the web page files containing malice
Otherwise scripted code does not contain malicious script code in the web page files;
The identification model built using Decision tree classified algorithms is detected web page files data remaining in addition to scripted code;Most
Afterwards, testing result is merged into processing, obtains final recognition result;If there are one in the recognition result of one of two parts
Result malicious file is exported, then identifies unknown web page files as malicious file, if the recognition result of two parts is all safety
File, then unknown web page files are secure file.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510790427.0A CN105224873B (en) | 2015-11-17 | 2015-11-17 | A kind of smart machine document authentication method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510790427.0A CN105224873B (en) | 2015-11-17 | 2015-11-17 | A kind of smart machine document authentication method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105224873A CN105224873A (en) | 2016-01-06 |
CN105224873B true CN105224873B (en) | 2018-06-08 |
Family
ID=54993835
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510790427.0A Expired - Fee Related CN105224873B (en) | 2015-11-17 | 2015-11-17 | A kind of smart machine document authentication method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105224873B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020047782A1 (en) * | 2018-09-05 | 2020-03-12 | 西门子股份公司 | Malicious code scanning method and system, computer device, storage medium and program |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103221960A (en) * | 2012-12-10 | 2013-07-24 | 华为技术有限公司 | Detection method and apparatus of malicious code |
CN103577755A (en) * | 2013-11-01 | 2014-02-12 | 浙江工业大学 | Malicious script static detection method based on SVM (support vector machine) |
-
2015
- 2015-11-17 CN CN201510790427.0A patent/CN105224873B/en not_active Expired - Fee Related
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103221960A (en) * | 2012-12-10 | 2013-07-24 | 华为技术有限公司 | Detection method and apparatus of malicious code |
CN103577755A (en) * | 2013-11-01 | 2014-02-12 | 浙江工业大学 | Malicious script static detection method based on SVM (support vector machine) |
Non-Patent Citations (1)
Title |
---|
Web环境下脚本攻击检测与防御研究;黎满;《中国优秀硕士学位论文全文数据库 信息科技辑》;20150415(第04期);第1-17页 * |
Also Published As
Publication number | Publication date |
---|---|
CN105224873A (en) | 2016-01-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109753800B (en) | Android malicious application detection method and system fusing frequent item set and random forest algorithm | |
CN109005145B (en) | Malicious URL detection system and method based on automatic feature extraction | |
CN107180192A (en) | Android malicious application detection method and system based on multi-feature fusion | |
CN109922065B (en) | Quick identification method for malicious website | |
CN112199677A (en) | Data processing method and device | |
CN105243327B (en) | A kind of secure file processing method | |
CN107341399A (en) | Assess the method and device of code file security | |
CN105468972B (en) | A kind of mobile terminal document detection method | |
CN107180190A (en) | A kind of Android malware detection method and system based on composite character | |
CN113297580B (en) | Code semantic analysis-based electric power information system safety protection method and device | |
CN113221032A (en) | Link risk detection method, device and storage medium | |
CN106874762B (en) | Android malicious code detecting method based on API dependence graph | |
Janet et al. | Anti-phishing System using LSTM and CNN | |
CN108197474A (en) | The classification of mobile terminal application and detection method | |
CN115314268B (en) | Malicious encryption traffic detection method and system based on traffic fingerprint and behavior | |
US9600644B2 (en) | Method, a computer program and apparatus for analyzing symbols in a computer | |
Assefa et al. | Intelligent phishing website detection using deep learning | |
CN1223941C (en) | Hierarchial invasion detection system based on related characteristic cluster | |
WO2018047027A1 (en) | A method for exploring traffic passive traces and grouping similar urls | |
CN105224873B (en) | A kind of smart machine document authentication method | |
CN112817877A (en) | Abnormal script detection method and device, computer equipment and storage medium | |
Sushma et al. | Deep learning for phishing website detection | |
CN116702143A (en) | Intelligent malicious software detection method based on API (application program interface) characteristics | |
CN114491530B (en) | Android application program classification method based on abstract flowsheet and graph neural network | |
CN109992666A (en) | Method, apparatus and non-transitory machine readable media for processing feature library |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20180608 Termination date: 20191117 |