CN108712403B - Illegal domain name mining method based on domain name construction similarity - Google Patents
Illegal domain name mining method based on domain name construction similarity Download PDFInfo
- Publication number
- CN108712403B CN108712403B CN201810419153.8A CN201810419153A CN108712403B CN 108712403 B CN108712403 B CN 108712403B CN 201810419153 A CN201810419153 A CN 201810419153A CN 108712403 B CN108712403 B CN 108712403B
- Authority
- CN
- China
- Prior art keywords
- domain name
- domain
- illegal
- similar
- class
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 28
- 238000005065 mining Methods 0.000 title claims abstract description 12
- 238000010276 construction Methods 0.000 title claims abstract description 10
- 230000002776 aggregation Effects 0.000 claims abstract description 15
- 238000004220 aggregation Methods 0.000 claims abstract description 15
- 238000001514 detection method Methods 0.000 claims description 14
- 238000012216 screening Methods 0.000 claims description 5
- 230000004931 aggregating effect Effects 0.000 claims 1
- 230000009286 beneficial effect Effects 0.000 description 3
- 208000001613 Gambling Diseases 0.000 description 2
- 238000010219 correlation analysis Methods 0.000 description 2
- 238000000605 extraction Methods 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/23—Clustering techniques
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
Landscapes
- Engineering & Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Life Sciences & Earth Sciences (AREA)
- Computing Systems (AREA)
- Artificial Intelligence (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Bioinformatics & Computational Biology (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Evolutionary Biology (AREA)
- Evolutionary Computation (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention provides an illegal domain name mining method based on domain name construction similarity, which solves the technical problem that the existing method can not actively mine a large number of illegal domain names; the method comprises the following steps: step 1, reading an illegal domain name from a domain name blacklist; step 2, judging whether the successfully aggregated class exists, if not, turning to step 10; otherwise, continuing the next step; step 3, judging whether the current domain name can be classified into the ith aggregation class or not, and if not, turning to the step 10; otherwise, continuing the next step; judging whether the current domain name is similar to a central domain name or not, wherein the central domain name refers to a representative domain name in an aggregation class; step 4, merging the current domain name into the ith aggregation class, extracting a generation mode generated in the matching process of the current domain name and the class center domain name, and continuing the next step; the generation mode is a wildcard character string extracted from each domain name and the central domain name in the cluster class. The invention is widely applied to the technical field of information.
Description
Technical Field
The invention relates to an illegal domain name mining method, in particular to an illegal domain name mining method based on domain name construction similarity.
Background
With the rapid development of the internet, a domain name, which is one of the products appearing along with the internet, is gradually recognized and popularized by people, and the domain name brings convenience for memorizing websites and modifying the IP, and meanwhile, some unavoidable potential safety hazards are hidden.
In recent years, more and more illegal organizations bear some illegal behaviors through domain names, such as botnet, phishing websites, yellow gambling virus websites and the like, and vast netizens bring immeasurable damage on property and spirit, so that a method for efficiently and quickly mining illegal domain names is urgently required to be provided.
At present, most browsers adopt a blacklist prepared in advance, access of netizens to illegal websites is restrained by regularly updating and maintaining the blacklist, but the timeliness is lacked due to the lack of a method for actively mining a large number of illegal domain names.
Disclosure of Invention
The invention provides an illegal domain name mining method based on domain name structure similarity, which can actively mine a large number of illegal domain names, aiming at the technical problem that the existing method can not actively mine a large number of illegal domain names.
Therefore, the technical scheme of the invention is that the method comprises the following steps:
step 1, reading an illegal domain name from a domain name blacklist;
step 2, judging whether the successfully aggregated class exists, if not, turning to step 10; otherwise, continuing the next step;
step 3, judging whether the current domain name can be classified into the ith aggregation class or not, and if not, turning to the step 10; otherwise, continuing the next step; the ith aggregation class is an ith class which aggregates similar domain names according to a similarity rule;
judging whether the current domain name is similar to a central domain name or not, wherein the central domain name refers to a representative domain name in an aggregation class;
the specific method for judging whether the current domain name is similar to the central domain name comprises the following steps:
(1) if only the top level domain of the two domain names is different, and the other parts are the same, the two domain names are similar;
(2) if the top level domains of the two domain names are the same, when the lengths of the two level domains are the same, the same positions of the two level domains are not more than 2 characters different; or if a plurality of continuous same characters at the same position are different, the two domain names are similar; when the length difference of the two domain names of the second-level domain is 1 and the long domain name can be changed into a short domain name by removing one character, the two domain names are similar;
(3) if the two domain names are not judged to be similar in the steps (1) and (2), the two domain names are not similar;
step 4, merging the current domain name into the ith aggregation class, extracting a generation mode generated in the matching process of the current domain name and the class center domain name, and continuing the next step;
the generation mode is a wildcard character string extracted from each domain name and the central domain name in the cluster class;
step 5, enumerating in the generation mode to generate similar domain names which are similar to the central domain name and possibly exist, screening out illegal domain names which are put in storage in the similar domain names, and continuing the next step;
step 6, judging whether the similar domain names screened in the step 5 exist one by acquiring domain name WHOIS information, and if not, discarding; otherwise, keeping and continuing the next step;
step 7, detecting whether the reserved domain name is illegal, and if the reserved domain name is detected to be illegal, adding the domain name to an illegal domain name set; otherwise, adding the domain name into the unknown domain name set; continuing the next step;
step 8, judging whether the detection of the similar domain names screened in the step 5 is finished, and if the detection is finished, continuing the next step; otherwise, go to step 6;
step 9, judging whether the illegal domain names in the step 1 are clustered, and if so, finishing the algorithm; otherwise, go to step 1;
step 10, creating a new class, setting the current domain name as the central domain name of the class, and going to step 9.
Preferably, in step 4, the generation pattern uses wildcards instead of the difference between two illegal domain names, and an indicator to indicate an enumeration operation that specifies wildcards.
Preferably, in step 7, the detection is performed through an authoritative third party detection interface.
The invention has the beneficial effects that: the method is based on the analysis of a large number of existing illegal domain names, so that a large number of illegal domain names which are not included are mined. Firstly, clustering illegal domain name sets in a prepared blacklist, and clustering structurally similar illegal domain names into one class so as to form a plurality of clustering classes; then, extracting one or more generation modes from each class to obtain a set of generation modes; enumerating through a generation mode to generate suspected illegal similar domain names; and finally, detecting the suspected illegal generated domain name set by using a third party authority detection interface, and screening out illegal similar domain names. The method actively excavates a large number of illegal domain names which do not exist in the database from the angle of the similarity of the illegal domain name construction, and the illegal domain names excavated based on the similarity of the domain name construction have strong correlation, thereby being beneficial to the correlation analysis and the group analysis of the illegal domain names.
Drawings
FIG. 1 is an overall functional flow diagram of an embodiment of the present invention;
fig. 2 is a flow chart of a method of an embodiment of the present invention.
Detailed Description
The present invention will be further described with reference to the following examples.
Structural similarity exists among illegal domain names, batch illegal domain names can be generated by slightly modifying the structure of a single illegal domain name, and the obtained batch illegal domain names are most likely to be registered by the same registrant or the same illegal organization. More similar illegal domain names 00080e.com, 00080f.com, 00080w.com and the like can be mined by the illegal domain names 00080 d.com.
As shown in fig. 1 and 2, the present embodiment provides an illegal domain name mining method based on domain name structure similarity, and the main steps include four major steps of similar clustering, pattern extraction, similar domain name generation, and detection of existence and illegal of similar domain names. In the embodiment, gambling, pornographic and fraud illegal domain name sets are used as blacklists for clustering, user-defined similar rules are adopted, domain names with similar structures are clustered into one class, then a generation mode of each class is extracted to generate similar domain names, and finally the illegal and actually existing similar domain names are detected. The method comprises the following specific steps:
step 1, reading an illegal domain name from a domain name blacklist;
step 2, judging whether the successfully aggregated class exists, if not, turning to step 10; otherwise, continuing the next step;
step 3, judging whether the current domain name can be classified into the ith aggregation class or not, and if not, turning to the step 10; otherwise, continuing the next step;
judging whether the domain name is similar to a central domain name or not, wherein the central domain name refers to a representative domain name in an aggregation class;
the ith aggregation class is an ith class which aggregates similar domain names according to a customized similarity rule, and the similarity rule is as follows:
(1) if the two domain names only have different top-level domains and the other parts are the same, such as 08vip.vip and 08vip.tv, the two domain names are similar;
(2) if the top level domains of two domain names are the same, when the lengths of the secondary domains are the same, the same positions of the secondary domains are not more than 2 characters different, such as 00037b.com and 00037c.com, 099sun.com and 099sky.com, 1188030.com and 1388033. com; or a plurality of same characters in succession at the same position are different, such as 4148ww.com and 4148nn.com, 4040uuu.com and 4040 jj.com, the two domain names are similar; when the length difference of the second-level domain of the two domain names is 1 and the long domain name can become a short domain name by removing one character, such as 0000524.com and 00001524.com, the two domain names are similar;
(3) and if the two domains are not judged to be similar in the steps (1) and (2), the two domains are not similar.
Step 4, merging the current domain name into the ith aggregation class, extracting a generation mode generated in the matching process of the current domain name and the class center domain name, and continuing the next step;
the generation mode is a wildcard character string extracted from each domain name and the central domain name in the cluster class; the extraction method of the generation pattern is to use a wildcard to replace a difference part between two illegal domain names and use an indicator to represent an enumeration operation of specifying the wildcard, and the specific description is as follows:
(1) if the two domain names only have top-level domains different, such as 08vip.vip and 08vip.tv, a generation pattern of 08 vip.% can be extracted;
(2) if two domain names are similar and differ by only one character, such as 0000524.com and 00001524.com, patterns 00001524-com or 0000524+. com can be extracted;
(3) if the two domain names are similar and the same position does not exceed 2 characters, when the different characters at the same position are all numbers, such as 1188030.com and 1388033.com, the mode 1#8803# com can be extracted; when different characters in the same position are all letters, such as 00037b.com and 00037c.com, 099sun.com, and 099sky.com, patterns 00037#. com, 099s × com can be extracted; when different characters at the same position are numbers and letters, such as 004zyz.com and 0044y8.com, a pattern of 004$ y $. com can be extracted;
(4) if two domain names are similar and only the same position is different by a plurality of continuous same characters, such as 4148ww.com and 4148nn.com, 4040uuu.com and 4040 jj.com, 1186655.com and 1186699.com, matching patterns 4148 &. com, 4040 &. com, 11866# &. com can be extracted respectively.
Step 5, generating a wildcard character and an indicator in the mode to conduct enumeration to generate a similar domain name which is similar to the central domain name and possibly exists, screening out an illegal domain name which is put in storage in the similar domain name, and continuing the next step;
the wildcard character and the indicator are specifically explained as follows:
(1) % is a wildcard character of the top-level domain, and% is replaced by the top-level domain extracted from the blacklist during enumeration;
(2) -, + are indicators, indicating that a certain character in the secondary domain needs to be deleted or added during enumeration;
(3) the letters are wildcards, the numbers are wildcards, the alphanumerical wildcards are alphanumeric wildcards, the letters a-z are changed during enumeration, the numbers are changed into 0-9 during enumeration, and the numbers are changed into 0-9 and a-z during enumeration;
(4) the & is a continuous indicator, which indicates that all wildcards replace the same character during enumeration;
step 6, judging whether the similar domain names screened in the step 5 exist one by acquiring domain name WHOIS information, and if not, discarding; otherwise, keeping and continuing the next operation;
step 7, detecting whether the reserved domain name is illegal through an authoritative third party detection interface, and if so, adding the domain name into an illegal domain name set; otherwise, adding the domain name into the unknown domain name set, and continuing the next step;
detecting the domain name in the unknown domain name set regularly, judging whether the domain name is an illegal domain name or not, and if the domain name is detected to be illegal, adding the domain name into the illegal domain name set; otherwise, the domain name is kept in the unknown domain name set;
step 8, judging whether the detection of the similar domain names screened in the step 5 is finished, and if the detection is finished, continuing the next step; otherwise, go to step 6;
step 9, judging whether the illegal domain names in the step 1 are clustered, and if so, finishing the algorithm; otherwise, go to step 1;
step 10, creating a new class, setting the current domain name as the central domain name of the class, and going to step 9.
The method is based on the analysis of a large number of existing illegal domain names, so that a large number of illegal domain names which are not included are mined. Firstly, clustering illegal domain name sets in a prepared blacklist, and clustering structurally similar illegal domain names into one class so as to form a plurality of clustering classes; then, extracting one or more generation modes from each class to obtain a set of generation modes; enumerating through a generation mode to generate suspected illegal similar domain names; and finally, detecting the suspected illegal generated domain name set by using a third party authority detection interface, and screening out illegal similar domain names. The method actively excavates a large number of illegal domain names which do not exist in the database from the angle of the similarity of the illegal domain name construction, and the illegal domain names excavated based on the similarity of the domain name construction have strong correlation, thereby being beneficial to correlation analysis, group analysis and the like of the illegal domain names.
However, the above embodiments are only examples of the present invention, and the scope of the present invention should not be limited thereby, and the substitution of equivalent elements or the equivalent changes and modifications made according to the scope of the present invention should be covered by the claims.
Claims (3)
1. An illegal domain name mining method based on domain name structure similarity is characterized by comprising the following steps:
step 1, reading an illegal domain name from a domain name blacklist;
step 2, judging whether the successfully aggregated class exists, if not, turning to step 10; otherwise, continuing the next step;
step 3, judging whether the current domain name can be classified into the ith aggregation class or not, and if not, turning to the step 10; otherwise, continuing the next step; the ith aggregation class is an ith class formed by aggregating similar domain names according to a similarity rule;
the judgment is based on whether the current domain name is similar to a central domain name, wherein the central domain name is a representative domain name in an aggregation class;
the specific method for judging whether the current domain name is similar to the central domain name comprises the following steps:
(1) if only the top level domain of the two domain names is different, and the other parts are the same, the two domain names are similar;
(2) if the top level domains of the two domain names are the same, when the lengths of the two level domains are the same, the same positions of the two level domains are not more than 2 characters different; or if a plurality of continuous same characters at the same position are different, the two domain names are similar; when the length difference of the two domain names of the second-level domain is 1 and the long domain name can be changed into a short domain name by removing one character, the two domain names are similar;
(3) if the two domain names are not judged to be similar in the steps (1) and (2), the two domain names are not similar;
step 4, merging the current domain name into the ith aggregation class, extracting a generation mode generated in the matching process of the current domain name and the class center domain name, and continuing the next step;
the generation mode is a wildcard character string extracted from each domain name and the central domain name in the cluster class;
step 5, enumerating in the generation mode to generate similar domain names which are similar to the central domain name and possibly exist, screening out illegal domain names which are put in storage in the similar domain names, and continuing the next step;
step 6, judging whether the similar domain names screened in the step 5 exist one by acquiring domain name WHOIS information, and if not, discarding; otherwise, keeping and continuing the next step;
step 7, detecting whether the reserved domain name is illegal, and if the reserved domain name is detected to be illegal, adding the domain name to an illegal domain name set; otherwise, adding the domain name into the unknown domain name set; continuing the next step;
step 8, judging whether the detection of the similar domain names screened in the step 5 is finished, and if the detection is finished, continuing the next step; otherwise, go to step 6;
step 9, judging whether the illegal domain names in the step 1 are clustered, and if so, finishing the algorithm; otherwise, go to step 1;
step 10, creating a new class, setting the current domain name as the central domain name of the class, and going to step 9.
2. The illegal domain name mining method based on similarity of domain name constructions according to claim 1, wherein in the step 4, the generation pattern uses wildcards to replace the difference part between two illegal domain names, and indicators are used to represent enumeration operations of the specified wildcards.
3. The illegal domain name mining method based on domain name construction similarity according to claim 1, characterized in that in step 7, the detection is performed through an authoritative third party detection interface.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810419153.8A CN108712403B (en) | 2018-05-04 | 2018-05-04 | Illegal domain name mining method based on domain name construction similarity |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810419153.8A CN108712403B (en) | 2018-05-04 | 2018-05-04 | Illegal domain name mining method based on domain name construction similarity |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108712403A CN108712403A (en) | 2018-10-26 |
| CN108712403B true CN108712403B (en) | 2020-08-04 |
Family
ID=63867784
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810419153.8A Active CN108712403B (en) | 2018-05-04 | 2018-05-04 | Illegal domain name mining method based on domain name construction similarity |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108712403B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109495475B (en) * | 2018-11-19 | 2022-03-18 | 中国联合网络通信集团有限公司 | Domain name detection method and device |
| CN109889491A (en) * | 2019-01-02 | 2019-06-14 | 兰州理工大学 | A kind of malice domain name rapid detection method based on lexical characteristics |
| CN110336777B (en) * | 2019-04-30 | 2020-10-16 | 北京邮电大学 | Communication interface acquisition method and device for android application |
| CN113157997B (en) * | 2020-01-23 | 2024-09-27 | 华为技术有限公司 | Domain name feature extraction method and feature extraction device |
| CN113315739A (en) * | 2020-02-26 | 2021-08-27 | 深信服科技股份有限公司 | Malicious domain name detection method and system |
| CN112073549B (en) * | 2020-08-25 | 2023-06-02 | 山东伏羲智库互联网研究院 | Domain name based system relation determining method and device |
| CN114710468B (en) * | 2022-03-31 | 2024-05-14 | 绿盟科技集团股份有限公司 | Domain name generation and identification method, device, equipment and medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102098235A (en) * | 2011-01-18 | 2011-06-15 | 南京邮电大学 | Fishing mail inspection method based on text characteristic analysis |
| CN102523311A (en) * | 2011-11-25 | 2012-06-27 | 中国科学院计算机网络信息中心 | Illegal domain name recognition method and device |
| CN103812966A (en) * | 2014-03-03 | 2014-05-21 | 刁永平 | Implementation method of autonomous extensible IP internet (AEIP) by loose source and record route (LSRR) |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110289138A1 (en) * | 2010-05-20 | 2011-11-24 | Bhavin Turakhia | Method, machine and computer program product for sharing an application session across a plurality of domain names |
| US8850474B2 (en) * | 2010-07-26 | 2014-09-30 | Cisco Technology, Inc. | Virtual content store in interactive services architecture |
| CN102299978A (en) * | 2011-09-23 | 2011-12-28 | 上海西默通信技术有限公司 | Black list adding, filtering and redirecting method applied to DNS (Domain Name System) |
| CN102831248B (en) * | 2012-09-18 | 2016-05-11 | 北京奇虎科技有限公司 | Network focus method for digging and device |
| US8914883B2 (en) * | 2013-05-03 | 2014-12-16 | Fortinet, Inc. | Securing email communications |
| CN106330811A (en) * | 2015-06-15 | 2017-01-11 | 中兴通讯股份有限公司 | Domain name credibility determination method and device |
-
2018
- 2018-05-04 CN CN201810419153.8A patent/CN108712403B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102098235A (en) * | 2011-01-18 | 2011-06-15 | 南京邮电大学 | Fishing mail inspection method based on text characteristic analysis |
| CN102523311A (en) * | 2011-11-25 | 2012-06-27 | 中国科学院计算机网络信息中心 | Illegal domain name recognition method and device |
| CN103812966A (en) * | 2014-03-03 | 2014-05-21 | 刁永平 | Implementation method of autonomous extensible IP internet (AEIP) by loose source and record route (LSRR) |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108712403A (en) | 2018-10-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108712403B (en) | Illegal domain name mining method based on domain name construction similarity | |
| CN109510815B (en) | Multi-level phishing website detection method and system based on supervised learning | |
| US10178107B2 (en) | Detection of malicious domains using recurring patterns in domain names | |
| US9479524B1 (en) | Determining string similarity using syntactic edit distance | |
| US10033757B2 (en) | Identifying malicious identifiers | |
| Mowbray et al. | Finding domain-generation algorithms by looking at length distribution | |
| KR102271449B1 (en) | Artificial intelligence model platform and operation method thereof | |
| US20170053031A1 (en) | Information forecast and acquisition method based on webpage link parameter analysis | |
| CN112866023B (en) | Network detection method, model training method, device, equipment and storage medium | |
| Marchal et al. | Proactive discovery of phishing related domain names | |
| CN101702179B (en) | Method and device for removing duplication from data mining | |
| CN102664878B (en) | Method and equipment for detection of counterfeit domain names | |
| US20160063541A1 (en) | Method for detecting brand counterfeit websites based on webpage icon matching | |
| FI3972192T3 (en) | Method and system for layered detection of phishing websites | |
| CN111935097B (en) | Method for detecting DGA domain name | |
| CN108111526A (en) | A kind of illegal website method for digging based on abnormal WHOIS information | |
| CA2859131A1 (en) | Systems and methods for spam detection using character histograms | |
| CN102622553A (en) | Method and device for detecting webpage safety | |
| CN105786800A (en) | Police standard address acquiring method and system | |
| Li et al. | Detection method of phishing email based on persuasion principle | |
| CN110324273A (en) | A kind of Botnet detection method combined based on DNS request behavior with domain name constitutive characteristic | |
| CN108023868A (en) | Malice resource address detection method and device | |
| CN112751804B (en) | Method, device and equipment for identifying counterfeit domain name | |
| CN103455754B (en) | A kind of malicious searches keyword recognition methods based on regular expression | |
| Zheng et al. | Preprocessing method for encrypted traffic based on semisupervised clustering |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20240924 Address after: 298-1 Huanhai Road, Sunjiatuan Town, Huancui District, Weihai City, Shandong Province 264200, China 201-2 Patentee after: Shandong Tianhe Cyberspace Security Technology Research Institute Co.,Ltd. Country or region after: China Address before: 264209 No. 2, Wenhua West Road, Shandong, Weihai Patentee before: HARBIN INSTITUTE OF TECHNOLOGY (WEIHAI) Country or region before: China |
|
| TR01 | Transfer of patent right |