CN109698820A - A kind of domain name Similarity measures and classification method and system - Google Patents

A kind of domain name Similarity measures and classification method and system Download PDF

Info

Publication number
CN109698820A
CN109698820A CN201811391153.8A CN201811391153A CN109698820A CN 109698820 A CN109698820 A CN 109698820A CN 201811391153 A CN201811391153 A CN 201811391153A CN 109698820 A CN109698820 A CN 109698820A
Authority
CN
China
Prior art keywords
domain name
feature vector
classification
magnanimity
similitude
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811391153.8A
Other languages
Chinese (zh)
Inventor
司俊俊
羊晋
涂波
尚秋里
张慧琳
张英伟
张洛什
李少华
王楠
闻博
梅锋
程晶玻
丛珊
王永清
康春建
刘鑫沛
刘丙双
戴帅夫
张建宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CHANGAN COMMUNICATION TECHNOLOGY Co Ltd
National Computer Network and Information Security Management Center
Original Assignee
CHANGAN COMMUNICATION TECHNOLOGY Co Ltd
National Computer Network and Information Security Management Center
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CHANGAN COMMUNICATION TECHNOLOGY Co Ltd, National Computer Network and Information Security Management Center filed Critical CHANGAN COMMUNICATION TECHNOLOGY Co Ltd
Publication of CN109698820A publication Critical patent/CN109698820A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/22Matching criteria, e.g. proximity measures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Data Mining & Analysis (AREA)
  • Evolutionary Biology (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Evolutionary Computation (AREA)
  • Artificial Intelligence (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The present invention provides a kind of domain name Similarity measures and classification method and system.This method comprises: 1) acquire and obtain magnanimity domain name access log;2) data cleansing is carried out to the magnanimity domain name access log of acquisition;3) feature vector is carried out to the domain name in the domain name access log after cleaning;4) it is based on domain name feature vector computational domain name similitude;5) classified based on domain name similitude to domain name.Specifically, domain name and its feature vector are stored using chart database, is classified using nomography to domain name.The present invention is capable of handling magnanimity domain name log, and carries out Similarity measures, retrieval and classification to it, is of great significance for virus discovery, malicious network attacks detection etc..

Description

A kind of domain name Similarity measures and classification method and system
Technical field
The present invention relates to network safety filed more particularly to a kind of domain name Similarity measures and classification methods and system.
Background technique
Domain name system (Domain Name system) is a kind of technology that domain name (host name) is mapped as to IP address, energy Enough user is made easily to access internet.A certain calculates on the internet that domain name is formed by a string with the character that " point " separates Machine or the title for calculating unit, for identifying electronic bearing (sometimes referred to as geographical location, the geography of computer when data are transmitted On domain name, refer to have administrative autonomy weigh a local area).
Malicious network attacks usually carry out the propagation of corpse virus using malice domain name and Internet resources are stolen.A kind of virus The domain name utilized of propagating and launch a offensive is usually similar, has the characteristics that its own.In magnanimity domain name access log, to domain Name carries out Similarity measures, searches similar domain name, and carrying out domain name classification has virus discovery, malicious network attacks detection etc. Significance.
Domain name Similarity measures, it is common practice to be handled based on character, such as statistics n-gram etc..So only It is very big that similar domain name, limitation on character can be found out.Because the possible purposes of similar domain name and meaning are entirely different on character. A kind of improved way is made a concrete analysis of for every viroid, extracts domain name feature, is trained, and obtains domain name classification Device identifies unknown domain name using classifier.However, the accuracy of domain name classifier depend heavilys on training sample The high efficiency that quality and manual features are extracted.Therefore, such usual false recognition rate of domain name classifier is higher in practice.This Outside, for unknown virus sample and domain name classification, due to that can not be trained in advance, and it can not be identified.
Summary of the invention
Domain name Similarity measures and classification method and system of the present invention proposition based on magnanimity domain name access log, this method Similarity measures can be carried out to magnanimity domain name and domain name feature vector stores, and classify to domain name.
A kind of magnanimity domain name Similarity measures of the invention and classification method, comprising the following steps:
1) it acquires and obtains magnanimity domain name access log;
2) data cleansing is carried out to the magnanimity domain name access log of acquisition;
3) feature vector is carried out to the domain name in the domain name access log after cleaning;
4) it is based on domain name feature vector computational domain name similitude;
5) classified based on domain name similitude to domain name.
Further, the step 2) data cleansing includes: routing domain name access record between reject region, filters out and do not meet rule The domain name access record of model filters out common known domain name access record etc..
Further, step 3) is grouped domain name access log according to client (optional IP), then according to visit Ask that the time is ranked up domain name access log;Regard the domain name after grouping as an article, each domain name regards a word as, benefit Word embedded mobile GIS calculates domain name feature vector.
Further, step 3) establishes domain name feature vector library, for giving domain name, carries out phase to it in feature vector library It retrieves and sorts out like property;When given domain name is not present in feature vector library, fitting generates its feature vector, carries out similitude inspection Rope and classification.
Further, for the domain name being not present in feature vector library, feature vector is according to the n-gram of known domain name Feature vector is fitted and predicts.Optionally, use the mean value of n-gram feature vector as candidate.
Further, step 3) training one domain name feature vector builders, domain name translation be computable feature to Amount.
Further, step 4) stores domain name feature vector using figure relational database, be then based on feature to Amount calculates domain name similitude;Step 5) is based on figure relational database, is classified using nomography to domain name.
Further, dimensionality reduction is carried out to domain name feature vector, obtains plane or 3 D stereo feature vector, realized to domain name The visualization of classification.
Corresponding with above method, the present invention also provides a kind of magnanimity domain name Similarity measures and categorizing systems comprising:
Data acquisition module is responsible for acquiring and obtains magnanimity domain name access log;
Data cleansing module is responsible for the magnanimity domain name access log to acquisition and carries out data cleansing;
Feature vector generation module is responsible for carrying out feature vector to the domain name after cleaning;
Similarity calculation engine is responsible for being based on domain name feature vector computational domain name similitude;
Data memory module is responsible for storing domain name and its feature vector;
Domain name classification engine is responsible for classifying to domain name based on domain name similitude.
Further, the system also includes visualization model, it is responsible for carrying out dimensionality reduction to domain name feature vector, obtains plane Feature vector realizes the visualization classified to domain name.
The present invention also provides a kind of malicious network attacks detection methods, comprising the following steps:
1 > use method described above to carry out Similarity measures and classification to domain name;
2 > malice domain name detected according to the result of domain name Similarity measures and classification, comprising:
2.1 > to known certain amount malice domain name the case where, gone out belonging to known malicious domain name using step 1 > association analysis Malice domain name family type, and its adjoint unknown malice domain name is further detected, to attack entire malice domain name Network is portrayed;
2.2 > the situation unknown to malice domain name, setting similarity threshold constrain, and the domain of constraint condition is met to similitude Name, the situation that accesses, access originator, access distribution comprehensive analysis, carries out attack and studies and judges, to detect malice domain name.
The present invention Similarity measures can be carried out to magnanimity domain name and domain name feature vector stores, and divides domain name Class, feature and beneficial effect are:
It 1) being capable of efficient process magnanimity domain name access log;
2) it is trained in advance independent of data sample, but it is similar with term vector according to the access relation between domain name Property carry out domain name classification;
3) domain name classification is carried out using the method for the present invention, had for virus discovery, malicious network attacks detection etc. important Meaning.
Detailed description of the invention
The step flow chart of Fig. 1 domain name Similarity measures, classification and method for visualizing.
A kind of specific embodiment exemplary diagram of Fig. 2 domain name classification method.
Fig. 3 carries out the domain name kind instance graph of domain name classification based on domain name similitude.
Fig. 4 shows schematic diagram based on the visualization that domain name similitude carries out domain name classification.
The module of Fig. 5 domain name Similarity measures, classification and visualization system forms figure.
Specific embodiment
To keep above objects, features, and advantages more obvious and easy to understand, with reference to the accompanying drawings and detailed description to this hair It is bright to be described in further detail.
Embodiment 1: domain name Similarity measures, classification and method for visualizing
Fig. 1 is the general steps flow chart of the domain name Similarity measures, classification and method for visualizing, and Fig. 2 is this method Specific steps flow chart.Method includes the following steps:
Data acquisition: the first step obtains domain name access log, number in passive name server end, the province world Kou Huo mouth etc. According to the period optionally from 1 minute to 24 hour.
Data cleansing: second step is screened and is filtered to the domain name access log of the magnanimity got.Including but it is unlimited Domain name access record is routed between reject region, filters out the domain name access record comprising not meeting specification, filters out common known domain name Access record, such as the domain name access record of Alexa Top10k.
Third step, domain name feature vector calculate: the domain name access after cleaning recorded and is grouped according to client ip, and Domain name is ranked up according to access time.The domain name sequence of each client ip access regards an article as, and each domain name is seen A word in making an issue of calculates domain name feature vector using word insertion (Word Embedding) algorithm.For example it utilizes Word2vec, doc2vec algorithm calculate domain name feature vector.
The third step can also train a domain name feature vector builders, by domain name feature vector builders by domain name It is converted into computable feature vector.
The third step can also establish domain name feature vector library, for giving domain name, carry out phase to it in feature vector library It retrieves and sorts out like property.When given domain name is not present in feature vector library, generate its feature vector, carry out similarity retrieval and Sort out.Preferably for the domain name being not present in feature vector library, feature vector is set as the equal of its n-gram feature vector Value.
Domain name Similarity measures: 4th step carries out domain name similarity calculation based on domain name feature vector, optionally for example counts Vector distance is calculated as similarity.
5th step, domain name and feature vector storage: storing domain name and its feature vector using chart database, optional Chart database such as Neo4j.
Domain name classification: 6th step is classified to domain name using nomography, is marked using known domain name to unknown domain name It is fixed, optional nomography such as label broadcast algorithm.Fig. 3 is calculated based on domain name similitude of the invention and classification method One domain name kind example.
Domain name classification visualization: 7th step carries out dimensionality reduction to domain name feature vector, obtains two-dimensional feature vector, each domain One point of the corresponding two-dimensional surface of name, similar domain name, plan range is close, to realize the visualization classified to domain name.Fig. 4 It is that the visualization for carrying out domain name classification based on domain name similitude shows schematic diagram, wherein different gray scales (or different colours) represent Different classification.
Embodiment 2: domain name Similarity measures, classification and visualization system
Fig. 5 is the module composition figure of the domain name Similarity measures of the present embodiment, classification and visualization system, including data obtain Modulus block, data cleansing module, similarity calculation engine, data memory module, domain name classification engine, visualization model.Wherein:
Data acquisition module is responsible for acquiring and obtains magnanimity domain name access log;
Data cleansing module is responsible for the magnanimity domain name access log to acquisition and carries out data cleansing;
Feature vector generation module is responsible for carrying out feature vector to the domain name after cleaning;
Similarity calculation engine is responsible for being based on domain name feature vector computational domain name similitude;
Data memory module is responsible for storing domain name and its feature vector;
Domain name classification engine is responsible for classifying to domain name based on domain name similitude.
Embodiment 3: malicious network attacks detection method
The case where to known certain amount malice domain name, can use method of the invention to unknown domain name and known malicious Domain name carries out Similarity measures, classification and visualization, so that association analysis goes out malice domain name family belonging to known malicious domain name Type, and further detect its adjoint unknown malice domain name, to portray entire malice domain name attacking network.
The situation unknown to malice domain name firstly, carrying out Similarity measures to the Fully Qualified Domain Name in access log, and is arranged Similarity threshold constraint, the domain name of constraint condition is met to similitude, the situation that accesses, access originator, comprehensive point of access distribution Analysis carries out attack and studies and judges, to detect malice domain name.
In the present invention, domain name access record can be connect based on internets such as any local area network, private network, intercity/inter-provincial/worlds Mouth is acquired acquisition;Data cleansing mode can be modified according to business demand and data source feature and accommodation.
The above embodiments are merely illustrative of the technical solutions of the present invention rather than is limited, the ordinary skill of this field Personnel can be with modification or equivalent replacement of the technical solution of the present invention are made, without departing from the spirit and scope of the present invention, this The protection scope of invention should be subject to described in claims.

Claims (11)

1. a kind of magnanimity domain name Similarity measures and classification method, which comprises the following steps:
1) it acquires and obtains magnanimity domain name access log;
2) data cleansing is carried out to the magnanimity domain name access log of acquisition;
3) feature vector is carried out to the domain name in the domain name access log after cleaning;
4) it is based on domain name feature vector computational domain name similitude;
5) classified based on domain name similitude to domain name.
2. the method according to claim 1, wherein the step 2) data cleansing includes: to filter out inter-domain routing Domain name access record filters out and does not meet the domain name access record of specification, filters out common known domain name access record.
3. the method according to claim 1, wherein step 3) divides domain name access log according to client Then group is ranked up domain name access log according to access time;Regard the domain name after grouping as an article, each domain name Regard a word as, calculates domain name feature vector using word embedded mobile GIS.
4. the method according to claim 1, wherein step 3) establishes domain name feature vector library, for giving localization Name, carries out similarity retrieval to it in feature vector library and sorts out;When given domain name is not present in feature vector library, fitting life At its feature vector, similarity retrieval and classification are carried out.
5. according to the method described in claim 4, it is characterized in that, domain name for being not present in feature vector library, feature Vector is fitted and predicts according to the n-gram feature vector of known domain name.
6. the method according to claim 1, wherein step 3) train a domain name feature vector builders, Domain name translation is computable feature vector.
7. the method according to claim 1, wherein step 4) is using figure relational database to domain name feature vector It is stored, is then based on feature vector computational domain name similitude;Step 5) is based on figure relational database, using nomography to domain Name is classified.
8. obtaining plane or three the method according to claim 1, wherein carrying out dimensionality reduction to domain name feature vector Stereoscopic features vector is tieed up, realizes the visualization classified to domain name.
9. a kind of magnanimity domain name Similarity measures and categorizing system characterized by comprising
Data acquisition module is responsible for acquiring and obtains magnanimity domain name access log;
Data cleansing module is responsible for the magnanimity domain name access log to acquisition and carries out data cleansing;
Feature vector generation module is responsible for carrying out feature vector to the domain name after cleaning;
Similarity calculation engine is responsible for being based on domain name feature vector computational domain name similitude;
Data memory module is responsible for storing domain name and its feature vector;
Domain name classification engine is responsible for classifying to domain name based on domain name similitude.
10. system according to claim 9, which is characterized in that further include visualization model, be responsible for domain name feature vector Dimensionality reduction is carried out, plane characteristic vector is obtained, realizes the visualization classified to domain name.
11. a kind of malicious network attacks detection method, which comprises the following steps:
1 > use any claim the method in claim 1~8 to carry out Similarity measures and classification to domain name;
2 > malice domain name detected according to the result of domain name Similarity measures and classification, comprising:
2.1 > to known certain amount malice domain name the case where, go out evil belonging to known malicious domain name using step 1 > association analysis Meaning domain name family type, and further detect its adjoint unknown malice domain name, thus to entire malice domain name attacking network It is portrayed;
2.2 > the situation unknown to malice domain name using step 1 > carry out Similarity measures and classification to unknown domain name, and is arranged Similarity threshold constraint, the domain name of constraint condition is met to similitude, the situation that accesses, access originator, comprehensive point of access distribution Analysis carries out attack and studies and judges, to detect malice domain name.
CN201811391153.8A 2018-09-03 2018-11-21 A kind of domain name Similarity measures and classification method and system Pending CN109698820A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201811019254 2018-09-03
CN2018110192542 2018-09-03

Publications (1)

Publication Number Publication Date
CN109698820A true CN109698820A (en) 2019-04-30

Family

ID=66230143

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811391153.8A Pending CN109698820A (en) 2018-09-03 2018-11-21 A kind of domain name Similarity measures and classification method and system

Country Status (1)

Country Link
CN (1) CN109698820A (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110099059A (en) * 2019-05-06 2019-08-06 腾讯科技(深圳)有限公司 A kind of domain name recognition methods, device and storage medium
CN111131260A (en) * 2019-12-24 2020-05-08 邑客得(上海)信息技术有限公司 Mass network malicious domain name identification and classification method and system
CN111818198A (en) * 2020-09-10 2020-10-23 腾讯科技(深圳)有限公司 Domain name detection method, domain name detection device, equipment and medium
CN112256838A (en) * 2020-11-06 2021-01-22 山东伏羲智库互联网研究院 Similar domain name searching method and device and electronic equipment
CN113271292A (en) * 2021-04-07 2021-08-17 中国科学院信息工程研究所 Malicious domain name cluster detection method and device based on word vectors
WO2021196446A1 (en) * 2020-04-03 2021-10-07 北京市天元网络技术股份有限公司 Method and device for analyzing content delivery network scheduling process, and electronic apparatus
CN113572719A (en) * 2020-04-29 2021-10-29 深信服科技股份有限公司 Domain name detection method, device, equipment and readable storage medium
CN114866966A (en) * 2022-07-08 2022-08-05 安徽创瑞信息技术有限公司 Short message user management method based on big data

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102790762A (en) * 2012-06-18 2012-11-21 东南大学 Phishing website detection method based on uniform resource locator (URL) classification
CN103001825A (en) * 2012-11-15 2013-03-27 中国科学院计算机网络信息中心 Method and system for detecting DNS (domain name system) traffic abnormality
CN103714130A (en) * 2013-12-12 2014-04-09 深圳先进技术研究院 Video recommendation system and method thereof
CN104486461A (en) * 2014-12-29 2015-04-01 北京奇虎科技有限公司 Domain name classification method and device and domain name recognition method and system
CN104579773A (en) * 2014-12-31 2015-04-29 北京奇虎科技有限公司 Domain name system analysis method and device
CN105915555A (en) * 2016-06-29 2016-08-31 北京奇虎科技有限公司 Method and system for detecting network anomalous behavior
CN107046586A (en) * 2017-04-14 2017-08-15 四川大学 A kind of algorithm generation domain name detection method based on natural language feature
CN107241352A (en) * 2017-07-17 2017-10-10 浙江鹏信信息科技股份有限公司 A kind of net security accident classificaiton and Forecasting Methodology and system
CN108282450A (en) * 2017-01-06 2018-07-13 阿里巴巴集团控股有限公司 The detection method and device of abnormal domain name

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102790762A (en) * 2012-06-18 2012-11-21 东南大学 Phishing website detection method based on uniform resource locator (URL) classification
CN103001825A (en) * 2012-11-15 2013-03-27 中国科学院计算机网络信息中心 Method and system for detecting DNS (domain name system) traffic abnormality
CN103714130A (en) * 2013-12-12 2014-04-09 深圳先进技术研究院 Video recommendation system and method thereof
CN104486461A (en) * 2014-12-29 2015-04-01 北京奇虎科技有限公司 Domain name classification method and device and domain name recognition method and system
CN104579773A (en) * 2014-12-31 2015-04-29 北京奇虎科技有限公司 Domain name system analysis method and device
CN105915555A (en) * 2016-06-29 2016-08-31 北京奇虎科技有限公司 Method and system for detecting network anomalous behavior
CN108282450A (en) * 2017-01-06 2018-07-13 阿里巴巴集团控股有限公司 The detection method and device of abnormal domain name
CN107046586A (en) * 2017-04-14 2017-08-15 四川大学 A kind of algorithm generation domain name detection method based on natural language feature
CN107241352A (en) * 2017-07-17 2017-10-10 浙江鹏信信息科技股份有限公司 A kind of net security accident classificaiton and Forecasting Methodology and system

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
宋杰: "《大数据处理平台耗能优化方法的研究》", 30 November 2016, 沈阳:东北大学出版社 *
程远航: "《计算机信息管理Visual FoxPro程序设计》", 30 September 2016, 贵阳:贵州大学出版社 *
袁鹏飞: "《Intranet网络建设与应用开发》", 31 May 1999, 北京:人民邮电出版社 *
龚静: "《中文文本聚类研究》", 31 March 2012, 北京:中国传媒大学出版社 *

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110099059A (en) * 2019-05-06 2019-08-06 腾讯科技(深圳)有限公司 A kind of domain name recognition methods, device and storage medium
CN110099059B (en) * 2019-05-06 2021-08-31 腾讯科技(深圳)有限公司 Domain name identification method and device and storage medium
CN111131260A (en) * 2019-12-24 2020-05-08 邑客得(上海)信息技术有限公司 Mass network malicious domain name identification and classification method and system
CN111131260B (en) * 2019-12-24 2020-09-15 邑客得(上海)信息技术有限公司 Mass network malicious domain name identification and classification method and system
WO2021196446A1 (en) * 2020-04-03 2021-10-07 北京市天元网络技术股份有限公司 Method and device for analyzing content delivery network scheduling process, and electronic apparatus
CN113572719A (en) * 2020-04-29 2021-10-29 深信服科技股份有限公司 Domain name detection method, device, equipment and readable storage medium
CN113572719B (en) * 2020-04-29 2023-03-24 深信服科技股份有限公司 Domain name detection method, device, equipment and readable storage medium
CN111818198A (en) * 2020-09-10 2020-10-23 腾讯科技(深圳)有限公司 Domain name detection method, domain name detection device, equipment and medium
CN112256838A (en) * 2020-11-06 2021-01-22 山东伏羲智库互联网研究院 Similar domain name searching method and device and electronic equipment
CN113271292A (en) * 2021-04-07 2021-08-17 中国科学院信息工程研究所 Malicious domain name cluster detection method and device based on word vectors
CN114866966A (en) * 2022-07-08 2022-08-05 安徽创瑞信息技术有限公司 Short message user management method based on big data
CN114866966B (en) * 2022-07-08 2022-09-06 安徽创瑞信息技术有限公司 Short message user management method based on big data

Similar Documents

Publication Publication Date Title
CN109698820A (en) A kind of domain name Similarity measures and classification method and system
CN107566376B (en) Threat information generation method, device and system
Nguyen et al. Automatic image filtering on social networks using deep learning and perceptual hashing during crises
CN108092962A (en) A kind of malice URL detection method and device
CN106650799B (en) A kind of electronic evidence classification extracting method and system
August et al. AI naturalists might hold the key to unlocking biodiversity data in social media imagery
CN109167799A (en) A kind of vulnerability monitoring detection system for intelligent network information system
CN109684913A (en) A kind of video human face mask method and system based on community discovery cluster
CN112491796A (en) Intrusion detection and semantic decision tree quantitative interpretation method based on convolutional neural network
CN106446124B (en) A kind of Website classification method based on cyberrelationship figure
CN105488100A (en) Efficient detection and discovery system for secret-associated geographic data in non secret-associated environment
CN106534784A (en) Acquisition analysis storage statistical system for video analysis data result set
CN110177123A (en) Botnet detection method based on DNS mapping association figure
CN115378629A (en) Ether mill network anomaly detection method and system based on graph neural network and storage medium
CN116384736A (en) Smart city risk perception method and system
CN115086004A (en) Security event identification method and system based on heterogeneous graph
Lee et al. Predicting livelihood indicators from community-generated street-level imagery
CN107493275A (en) The extracted in self-adaptive and analysis method and system of heterogeneous network security log information
CN112925899B (en) Ordering model establishment method, case clue recommendation method, device and medium
CN101527001B (en) Secret information detecting system based on expert system method
Yin et al. An improved k-means using in anomaly detection
Raj et al. Detection of Botnet Using Deep Learning Architecture Using Chrome 23 Pattern with IOT
CN108965249A (en) A kind of network information security detection system and its detection method
CN112422505A (en) Network malicious traffic identification method based on high-dimensional extended key feature vector
CN111611483A (en) Object portrait construction method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190430