CN105243327A - Security processing method for files - Google Patents
Security processing method for files Download PDFInfo
- Publication number
- CN105243327A CN105243327A CN201510792215.6A CN201510792215A CN105243327A CN 105243327 A CN105243327 A CN 105243327A CN 201510792215 A CN201510792215 A CN 201510792215A CN 105243327 A CN105243327 A CN 105243327A
- Authority
- CN
- China
- Prior art keywords
- pagefile
- eigenvectors
- scripted code
- feature extraction
- extract
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a security processing method for files. The method comprises the following steps: judging an invasion mode of a page file, determining corresponding feature extraction and classification processes according to the invasion mode, and performing security detection on the page file of a mobile terminal by the feature extraction and classification processes. The invention provides a file detection and identification method for detecting different invasion modes by different classification modes; fuzzy processing is introduced, thus preventing pretending of malicious codes, and the detection success rate is increased.
Description
Technical field
The present invention relates to Computer Data Security, particularly a kind of secure file processing method.
Background technology
Along with the development of Internet is with universal, various network safety event emerges in an endless stream, and the environment of whole mobile Internet receives serious threat, brings huge loss to society.Mostly network safety event is that hacker attacks behavior causes, and immanent cause is the security breaches of software or document self.Invader make use of this leak, distorts or pretend the pagefile in mobile device, makes domestic consumer's None-identified, takes this opportunity to perform or distribution illegal program.Existing pagefile detects and comprises Static Detection and detection of dynamic, but the function triggered when all relating to monitoring running paper and event, and do not consider the fuzzy treatment technology that invader uses, thus malicious script code discrimination is very low, and existing detection model employs emulation technology, the computational resource of mobile device end is consumed excessive.
Summary of the invention
For solving the problem existing for above-mentioned prior art, the present invention proposes a kind of secure file processing method, comprising:
Judge the invasion mode of pagefile, determine corresponding feature extraction and assorting process according to invasion mode, by feature extraction and assorting process, safety detection is carried out to mobile terminal pagefile.
Preferably, described method also comprises: before described feature extraction, first the position of scripted code in pagefile is determined, from pagefile, scripted code is extracted, if this scripted code is through reasons such as encoding, compress and be fuzzy, then reduce original scripted code, finally extract set of eigenvectors according to feature extraction algorithm;
Describedly determine corresponding feature extraction and assorting process according to invasion mode, comprise further, for the pagefile of invading based on scripted code, to extract feature be base unit is word; For the pagefile realized based on non-scripted code invasion mode, when extracting feature, pagefile is divided, then carries out feature extraction; According to two kinds of different feature extraction modes, respectively based on Bayes assorting process and decision tree assorting process, set up two different disaggregated models, then adopt mode in parallel, two assorting processes are combined.
Preferably, for the pagefile realized based on non-scripted code invasion mode, extract the proper vector of training sample set, described training sample set is divided into two classes, the malicious file sample set of invading based on non-scripted code and do not contain the secure file sample set of scripted code; When feature extraction, extract the set of eigenvectors of two different sample sets respectively, according to predetermined feature selecting algorithm, two set of eigenvectors are processed, to obtain the set of eigenvectors that learning algorithm needs; Then according to the set of eigenvectors of learning algorithm and extraction, decision tree assorting process is adopted to set up model of cognition; Finally unknown pagefile is identified; When identifying pagefile, extract the set of eigenvectors of unknown pagefile, utilize this set of eigenvectors to replace pagefile to identify, then using the input of set of eigenvectors as recognizer, the identification that recognizer is set up according to oneself, carries out discriminator to set of eigenvectors; Finally draw the classification results of unknown pagefile.
Preferably, when carrying out non-scripted code Intrusion Signatures vector and extracting, the described set of eigenvectors extracting two different sample sets respectively comprises following process further:
1. extract malice sample set set of eigenvectors T
m, and calculate the word frequency tf of wherein each proper vector
m, i;
2. extract safe sample set set of eigenvectors T
nand calculate the word frequency tf of wherein each proper vector
n, j;
3. calculate T
min the inverse-document-frequency idf of each proper vector in described safe sample set
m, i;
4. calculate T
nin the inverse-document-frequency idf of each proper vector in described malice sample set
n, j;
5. select the set of eigenvectors of different sample set respectively, then merge the set of eigenvectors obtaining the invasion of non-scripted code.
The present invention compared to existing technology, has the following advantages:
The present invention proposes a kind of file and detect recognition methods, utilize different mode classifications to detect to difference invasion mode, introduce the camouflage that Fuzzy Processing prevents malicious code, improve and be detected as power.
Accompanying drawing explanation
Fig. 1 is the process flow diagram of the secure file processing method according to the embodiment of the present invention.
Embodiment
Detailed description to one or more embodiment of the present invention is hereafter provided together with the accompanying drawing of the diagram principle of the invention.Describe the present invention in conjunction with such embodiment, but the invention is not restricted to any embodiment.Scope of the present invention is only defined by the claims, and the present invention contain many substitute, amendment and equivalent.Set forth many details in the following description to provide thorough understanding of the present invention.These details are provided for exemplary purposes, and without in these details or all details also can realize the present invention according to claims.
An aspect of of the present present invention provides a kind of secure file processing method.Fig. 1 is the secure file processing method process flow diagram according to the embodiment of the present invention.
The present invention is directed to two kinds of different invasion mode specific aims and make detection, two kinds of different feature extractions and sorting technique is adopted to set up identification module, then parallel connection is carried out to identification module, complete Anti-fuzzy pre-service is carried out to the scripted code in pagefile, ensures the validity of the set of eigenvectors of attacking based on scripted code.Based on multiclass classification process, utilize different assorting processes to detect to difference invasion mode, improve and be detected as power.
Pagefile detection method of the present invention mainly contains three large modules: data prediction, feature extraction and pagefile identification.
(1) data prediction: carry out pre-service for the text set based on scripted code invasion mode.According to based on scripted code invasion mode and the analysis of pagefile structure, first position scripted code can be performed in pagefile, judge which object scripted code is present in, according to the adduction relationship between object, scripted code in object is extracted, is stored in new text; Then according to the coded system of scripted code, the scripted code through coding is decoded, to reduce original scripted code; Finally, Anti-fuzzy process is carried out to scripted code, remove the redundant information in scripted code, finally obtain original script code.
(2) feature extraction: the present invention proposes two kinds of different feature extraction modes, for the pagefile of invading based on scripted code, to extract feature be base unit is word, decreases extraction required time; For the pagefile realized based on non-scripted code invasion mode, when extracting feature, pagefile is divided, then still the method identical with existing feature extraction is adopted, after feature extraction terminates, by feature selecting algorithm, namely the dimension effectively reducing feature selects the feature that identification is higher.
(3) pagefile identification: according to two kinds of different feature extraction modes, based on Bayes assorting process and decision tree assorting process, set up two different disaggregated models, then adopt mode in parallel, two assorting processes are combined, improves the verification and measurement ratio of model.
Before characteristic vector pickup, first need to determine the position of scripted code in pagefile, from pagefile, scripted code is extracted, if this scripted code is through coding, compression and the process such as fuzzy, then need to reduce the most original scripted code, finally extract set of eigenvectors according to feature extraction algorithm.
When detecting unknown pagefile, first needing to extract from unknown pagefile and can perform scripted code, and scripted code being decoded and de-fuzzy process, obtaining original scripted code.Then according to string matching algorithm, carry out proper vector coupling, judge in scripted code, to there is which proper vector.Finally according to Bayes algorithm and the data that obtained by training sample, judge the classification of this unknown pagefile.
Detect for the pagefile of invading based on non-scripted code and can adopt general detection: the proper vector first extracting training sample set.Training sample set is divided into two classes: the malicious file sample set of invading based on non-scripted code and not containing the secure file sample set of scripted code.When feature extraction, need the set of eigenvectors extracting two different sample sets respectively, according to certain feature selecting algorithm, two set of eigenvectors are processed, to obtain the set of eigenvectors that learning algorithm needs.Then according to the set of eigenvectors of learning algorithm and extraction, model of cognition is set up.The present invention adopts decision tree assorting process to set up model of cognition.Finally unknown pagefile is identified.
When identifying unknown pagefile, first need the set of eigenvectors extracting unknown pagefile, this set of eigenvectors effectively can show this unknown pagefile, and this set of eigenvectors can be utilized to replace pagefile to identify.Then using the input of set of eigenvectors as recognizer, the identification that recognizer is set up according to oneself, carries out discriminator to set of eigenvectors.Finally draw the classification results of unknown pagefile.
The characteristic extracting module that the present invention proposes, according to existing pagefile invasion mode, adopts two kinds of different feature extraction modes to extract proper vector.For the characteristic vector pickup based on scripted code invasion mode, first scripted code is extracted from pagefile, this scripted code is carried out to the process such as Anti-fuzzy, obtain original scripted code.Then, in units of word, feature extraction is carried out.Finally feature selecting process is carried out to the proper vector extracted, and increase the weight of key feature vector, ensure that the set of eigenvectors finally obtained has higher validity.Extract for the set of eigenvectors based on non-scripted code invasion mode, adopt pagefile piecemeal, extract proper vector respectively, then carry out feature selecting process, draw last proper vector.
Before to the characteristic vector pickup based on scripted code invasion mode, two steps are divided into the pre-service of pagefile, the first step positions the performed scripted code in pagefile and extracts, the scripted code extracted is carried out the process such as decoding and Anti-fuzzy by second step, finally obtains original scripted code.
In pagefile, scripted code exists usually in dictionary.The some groups of entries that dictionary comprises, often organize entry and be all made up of key and value, wherein key must be moniker, and the key in a dictionary is unique; Value can be any legal object.Scripted code has two kinds of embedded modes: a kind of for directly with the character string of sexadecimal or text mode, another kind is stored in another object, by pointer indirect call.In the case of the latter, it is stored in the stream through encryption usually.
In order to reliably extract scripted code, need in literary composition at the enterprising row relax of semantic hierarchies.In general pagefile, the entry position of scripted code can be located according to key word.Scripted code, except being directly embedded into except in pagefile, can also residing in other pagefiles of local host, even likely reside on distance host.Scripted code supports dynamic call.
Below the extraction of scripted code is described
1. open pagefile;
2. initialize internal data structure;
3. carry out catalog directory retrieval, find active dictionary entry address;
4. pair above-mentioned position candidate that may contain scripted code is searched for, and detects the data type of dictionary entry;
If 5. its data type is the element in predefined keywords set, then just contains scripted code in this dictionary, scripted code is extracted;
6. pair scripted code carries out decompress(ion).
In indirect referencing object, the stream that one is passed through coding is generally, the scripted code decoding to after coding: judge whether the character in flowing passes through coding, whether namely judge in the head flowed containing coded system field in this object, if had, call decoding functions and decode; Last saving result.
Malicious file can escape detection by increasing redundancy section.When pagefile collapse opened by pagefile reader, user can think that pagefile is own through damaging, and in fact malicious script code is just at running background.Before even malicious script code is embedded in pagefile head by some malicious file or after end mark.Anti-fuzzy process is to scripted code be carried out a most primitivation process, for the feature extraction of back is laid a solid foundation.In the present invention, Anti-fuzzy process processes mainly for the string segmentation in scripted code and these two fuzzy technologys of additional redundancy content.First need to remove and to run irrelevant annotation with scripted code, next needs the character string after divided to reduce, and is reduced to original character string.In scripted code, by its length of a large amount of variablees more than 50 bytes, in order to next step process is convenient, these variablees can be processed, if variable-length is more than 50 bytes, then carry out Uniform Name.
Through the data prediction in early stage, oneself warp of present scripted code is the most original scripted code, and the detailed process extracting proper vector is as follows.
1. scripted code is divided into the character string s in units of word;
2. set up word frequency look-up table m;
3. travel through character string s, check word w whether in m, if, jump to 4, otherwise, jump to 5;
4. in look-up table, the word frequency m [w] of word w increases 1;
5. word frequency m [the w]=l of word w in look-up table;
6. travel through m, its traversal pointer is ptr;
If 7. m is keyword, ptr characteristic of correspondence weights are increased to maximal value;
8. choose the first five proper vector as last set of eigenvectors.
When carrying out non-scripted code Intrusion Signatures vector and extracting, its training sample set is divided into two classes: based on malicious file sample set and the secure file sample set of non-scripted code technology.The proper vector extracted is needed to have two features: one is that occurrence frequency is higher in certain class sample set, but occurrence frequency is lower in another kind of sample set.If meet this two features, then this set of eigenvectors can well distinguish two different sample sets.According to the above description to proper vector, the characteristic vector pickup process of non-scripted code invasion is as follows:
1. extract malice sample set set of eigenvectors T
m, and calculate the word frequency tf of wherein each proper vector
m, i;
2. extract safe sample set set of eigenvectors T
nand calculate the word frequency tf of wherein each proper vector
n, j;
3. calculate T
min the inverse-document-frequency idf of each proper vector in safe sample set
m, i;
4. calculate T
nin the inverse-document-frequency idf of each proper vector in malice sample set
n, j;
5. select the set of eigenvectors of different sample set respectively, then merge, obtain the set of eigenvectors of non-scripted code invasion.
When pagefile detection method of the present invention carries out classification and Detection to unknown pagefile, first from pagefile, scripted code is extracted, this pagefile is divided into two parts: one is embedded scripted code, another part is remaining pagefile data except scripted code.Then detect two parts of pagefile respectively, the model of cognition utilizing Bayes algorithm to build detects scripted code, and the remaining data of the model of cognition utilizing Decision tree classified algorithms to build to pagefile detects.Finally, testing result is processed at result integration module, obtain pagefile detection method of the present invention to the final detection result of this pagefile.Just its idiographic flow is described below.
Set of eigenvectors based on scripted code invasion adopts simple and practical Bayes assorting process as assorting process.Calculate unknown pagefile X respectively and belong to safe sample set C
nprobability P
nthe probability P of malice sample set is belonged to pagefile X
m, then by P
nand P
mcompare, draw the classification of the most convergence of pagefile X, thus judge the classification of unknown pagefile X.If P
m>P
nthen represent containing malicious script code in this pagefile, otherwise, then do not contain malicious script code in this pagefile.
Based on before the pagefile detection that non-scripted code is invaded, wherein Sample is training sample set, and Vector is the set of eigenvectors of invading based on non-scripted code.
Set up decision tree root root node;
If Sample is just, return label and be+single node tree root;
If Sample is anti-, return label and be _ single node tree root;
If Vector is empty, so return single node root, label is object vector value the most general in Sample;
Otherwise, for each probable value v of Vector
i
A new branch v is added under root
i, make Sample
sifor Sample
simeeting Vector property value is v
isubset;
If Sample
sifor sky, add a leaf node under this new branch, the label of node is object vector value the most general in Sample;
Otherwise under new branch, add a subtree:
(Sample
si, object vector value, Vector), terminate.
After the disaggregated model based on decision tree has been set up, just can detect according to the pagefile of disaggregated model to the unknown:
1. pagefile is divided according to 100 byte-sized, obtain file data blocks;
2. extract the proper vector of each pagefile data block;
3. the proper vector of all pagefile data blocks is carried out Integrated Selection, obtain last pagefile vector set;
4. using the input of this set of eigenvectors as decision tree disaggregated model;
5. item can judge that whether this pagefile is the pagefile of the non-scripted code invasion of application according to the output of decision tree disaggregated model.
In implementation procedure, parallel connection is carried out to two kinds of different Classification and Identification models, and need process the result of two kinds of different model of cognition.By the output of two different identification modules, the input of integration module as a result, according to the process function in result integration module, if have an Output rusults to be M (malicious file) in two different identification modules, then unknown pagefile is then malicious file, if the recognition result of two different identification modules is all N (secure file), then unknown pagefile is secure file.
In sum, the present invention proposes a kind of file and detect recognition methods, utilize different mode classifications to detect to difference invasion mode, introduce the camouflage that Fuzzy Processing prevents malicious code, improve and be detected as power.
Obviously, it should be appreciated by those skilled in the art, above-mentioned of the present invention each module or each step can realize with general computing system, they can concentrate on single computing system, or be distributed on network that multiple computing system forms, alternatively, they can realize with the executable procedure script code of computing system, thus, they can be stored and be performed by computing system within the storage system.Like this, the present invention is not restricted to any specific hardware and software combination.
Should be understood that, above-mentioned embodiment of the present invention only for exemplary illustration or explain principle of the present invention, and is not construed as limiting the invention.Therefore, any amendment made when without departing from the spirit and scope of the present invention, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.In addition, claims of the present invention be intended to contain fall into claims scope and border or this scope and border equivalents in whole change and modification.
Claims (4)
1. a secure file processing method, is characterized in that, comprising:
Judge the invasion mode of pagefile, determine corresponding feature extraction and assorting process according to invasion mode, by feature extraction and assorting process, safety detection is carried out to mobile terminal pagefile.
2. method according to claim 1, it is characterized in that, described method also comprises: before described feature extraction, first the position of scripted code in pagefile is determined, from pagefile, scripted code is extracted, if this scripted code is through coding, compression and the reason such as fuzzy, then reduce original scripted code, finally extract set of eigenvectors according to feature extraction algorithm;
Describedly determine corresponding feature extraction and assorting process according to invasion mode, comprise further, for the pagefile of invading based on scripted code, to extract feature be base unit is word; For the pagefile realized based on non-scripted code invasion mode, when extracting feature, pagefile is divided, then carries out feature extraction; According to two kinds of different feature extraction modes, respectively based on Bayes assorting process and decision tree assorting process, set up two different disaggregated models, then adopt mode in parallel, two assorting processes are combined.
3. method according to claim 2, it is characterized in that, for the pagefile realized based on non-scripted code invasion mode, extract the proper vector of training sample set, described training sample set is divided into two classes, the malicious file sample set of invading based on non-scripted code and not containing the secure file sample set of scripted code; When feature extraction, extract the set of eigenvectors of two different sample sets respectively, according to predetermined feature selecting algorithm, two set of eigenvectors are processed, to obtain the set of eigenvectors that learning algorithm needs; Then according to the set of eigenvectors of learning algorithm and extraction, decision tree assorting process is adopted to set up model of cognition; Finally unknown pagefile is identified; When identifying pagefile, extract the set of eigenvectors of unknown pagefile, utilize this set of eigenvectors to replace pagefile to identify, then using the input of set of eigenvectors as recognizer, the identification that recognizer is set up according to oneself, carries out discriminator to set of eigenvectors; Finally draw the classification results of unknown pagefile.
4. method according to claim 3, is characterized in that, when carrying out non-scripted code Intrusion Signatures vector and extracting, the described set of eigenvectors extracting two different sample sets respectively comprises following process further:
1. extract malice sample set set of eigenvectors T
m, and calculate the word frequency tf of wherein each proper vector
m, i;
2. extract safe sample set set of eigenvectors T
nand calculate the word frequency tf of wherein each proper vector
n, j;
3. calculate T
min the inverse-document-frequency idf of each proper vector in described safe sample set
m, i;
4. calculate T
nin the inverse-document-frequency idf of each proper vector in described malice sample set
n, j;
5. select the set of eigenvectors of different sample set respectively, then merge the set of eigenvectors obtaining the invasion of non-scripted code.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510792215.6A CN105243327B (en) | 2015-11-17 | 2015-11-17 | A kind of secure file processing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510792215.6A CN105243327B (en) | 2015-11-17 | 2015-11-17 | A kind of secure file processing method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105243327A true CN105243327A (en) | 2016-01-13 |
| CN105243327B CN105243327B (en) | 2018-08-31 |
Family
ID=55040970
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510792215.6A Expired - Fee Related CN105243327B (en) | 2015-11-17 | 2015-11-17 | A kind of secure file processing method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105243327B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108090354A (en) * | 2017-11-14 | 2018-05-29 | 中国科学院信息工程研究所 | Non-supervisory disguiser's detection method and system based on file access figure |
| CN108429754A (en) * | 2018-03-19 | 2018-08-21 | 深信服科技股份有限公司 | A kind of high in the clouds Distributed Detection method, system and relevant apparatus |
| CN112232076A (en) * | 2019-06-26 | 2021-01-15 | 腾讯科技(深圳)有限公司 | Script processing method and device and electronic equipment |
| CN112269904A (en) * | 2020-09-28 | 2021-01-26 | 华控清交信息科技(北京)有限公司 | Data processing method and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100953111B1 (en) * | 2007-01-15 | 2010-04-16 | 주정윤 | On-line file security method |
| CN103221960A (en) * | 2012-12-10 | 2013-07-24 | 华为技术有限公司 | Detection method and apparatus of malicious code |
| CN103577755A (en) * | 2013-11-01 | 2014-02-12 | 浙江工业大学 | Malicious script static detection method based on SVM (support vector machine) |
-
2015
- 2015-11-17 CN CN201510792215.6A patent/CN105243327B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100953111B1 (en) * | 2007-01-15 | 2010-04-16 | 주정윤 | On-line file security method |
| CN103221960A (en) * | 2012-12-10 | 2013-07-24 | 华为技术有限公司 | Detection method and apparatus of malicious code |
| CN103577755A (en) * | 2013-11-01 | 2014-02-12 | 浙江工业大学 | Malicious script static detection method based on SVM (support vector machine) |
Non-Patent Citations (1)
| Title |
|---|
| 黎满: "Web环境下脚本攻击检测与防御研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108090354A (en) * | 2017-11-14 | 2018-05-29 | 中国科学院信息工程研究所 | Non-supervisory disguiser's detection method and system based on file access figure |
| CN108090354B (en) * | 2017-11-14 | 2021-12-10 | 中国科学院信息工程研究所 | Unsupervised masquerading detection method and system based on file access graph |
| CN108429754A (en) * | 2018-03-19 | 2018-08-21 | 深信服科技股份有限公司 | A kind of high in the clouds Distributed Detection method, system and relevant apparatus |
| CN112232076A (en) * | 2019-06-26 | 2021-01-15 | 腾讯科技(深圳)有限公司 | Script processing method and device and electronic equipment |
| CN112269904A (en) * | 2020-09-28 | 2021-01-26 | 华控清交信息科技(北京)有限公司 | Data processing method and device |
| CN112269904B (en) * | 2020-09-28 | 2023-07-25 | 华控清交信息科技(北京)有限公司 | Data processing method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105243327B (en) | 2018-08-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Wang et al. | PDRCNN: Precise phishing detection with recurrent convolutional neural networks | |
| CN109359439B (en) | software detection method, device, equipment and storage medium | |
| CN111585955B (en) | HTTP request abnormity detection method and system | |
| US11418485B2 (en) | Pattern-based malicious URL detection | |
| CN109922065B (en) | Quick identification method for malicious website | |
| CN110191096B (en) | Word vector webpage intrusion detection method based on semantic analysis | |
| CN111581355A (en) | Method, device and computer storage medium for detecting subject of threat intelligence | |
| Xiang et al. | A word-embedding-based steganalysis method for linguistic steganography via synonym substitution | |
| CN107341399A (en) | Assess the method and device of code file security | |
| CN105243327A (en) | Security processing method for files | |
| CN105468972A (en) | Mobile terminal file detection method | |
| CN111181922A (en) | Fishing link detection method and system | |
| CN112199677A (en) | Data processing method and device | |
| CN111866004A (en) | Security assessment method, apparatus, computer system, and medium | |
| CN110321707A (en) | A kind of SQL injection detection method based on big data algorithm | |
| CN116015703A (en) | Model training method, attack detection method and related devices | |
| Assefa et al. | Intelligent phishing website detection using deep learning | |
| CN112817877B (en) | Abnormal script detection method and device, computer equipment and storage medium | |
| KR102246405B1 (en) | TF-IDF-based Vector Conversion and Data Analysis Apparatus and Method | |
| WO2010149986A2 (en) | A method, a computer program and apparatus for analysing symbols in a computer | |
| CN105224873A (en) | A kind of smart machine document authentication method | |
| CN114143074B (en) | webshell attack recognition device and method | |
| KR20240013640A (en) | Method for detecting harmful url | |
| CN109992666A (en) | Method, apparatus and non-transitory machine readable media for processing feature library | |
| CN112163217B (en) | Malware variant identification method, device, equipment and computer storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20180831 Termination date: 20191117 |