CN109698820A - A kind of domain name Similarity measures and classification method and system - Google Patents
A kind of domain name Similarity measures and classification method and system Download PDFInfo
- Publication number
- CN109698820A CN109698820A CN201811391153.8A CN201811391153A CN109698820A CN 109698820 A CN109698820 A CN 109698820A CN 201811391153 A CN201811391153 A CN 201811391153A CN 109698820 A CN109698820 A CN 109698820A
- Authority
- CN
- China
- Prior art keywords
- domain name
- feature vector
- classification
- magnanimity
- similitude
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/22—Matching criteria, e.g. proximity measures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Data Mining & Analysis (AREA)
- Evolutionary Biology (AREA)
- Life Sciences & Earth Sciences (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Evolutionary Computation (AREA)
- Artificial Intelligence (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Bioinformatics & Computational Biology (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention provides a kind of domain name Similarity measures and classification method and system.This method comprises: 1) acquire and obtain magnanimity domain name access log;2) data cleansing is carried out to the magnanimity domain name access log of acquisition;3) feature vector is carried out to the domain name in the domain name access log after cleaning;4) it is based on domain name feature vector computational domain name similitude;5) classified based on domain name similitude to domain name.Specifically, domain name and its feature vector are stored using chart database, is classified using nomography to domain name.The present invention is capable of handling magnanimity domain name log, and carries out Similarity measures, retrieval and classification to it, is of great significance for virus discovery, malicious network attacks detection etc..
Description
Technical field
The present invention relates to network safety filed more particularly to a kind of domain name Similarity measures and classification methods and system.
Background technique
Domain name system (Domain Name system) is a kind of technology that domain name (host name) is mapped as to IP address, energy
Enough user is made easily to access internet.A certain calculates on the internet that domain name is formed by a string with the character that " point " separates
Machine or the title for calculating unit, for identifying electronic bearing (sometimes referred to as geographical location, the geography of computer when data are transmitted
On domain name, refer to have administrative autonomy weigh a local area).
Malicious network attacks usually carry out the propagation of corpse virus using malice domain name and Internet resources are stolen.A kind of virus
The domain name utilized of propagating and launch a offensive is usually similar, has the characteristics that its own.In magnanimity domain name access log, to domain
Name carries out Similarity measures, searches similar domain name, and carrying out domain name classification has virus discovery, malicious network attacks detection etc.
Significance.
Domain name Similarity measures, it is common practice to be handled based on character, such as statistics n-gram etc..So only
It is very big that similar domain name, limitation on character can be found out.Because the possible purposes of similar domain name and meaning are entirely different on character.
A kind of improved way is made a concrete analysis of for every viroid, extracts domain name feature, is trained, and obtains domain name classification
Device identifies unknown domain name using classifier.However, the accuracy of domain name classifier depend heavilys on training sample
The high efficiency that quality and manual features are extracted.Therefore, such usual false recognition rate of domain name classifier is higher in practice.This
Outside, for unknown virus sample and domain name classification, due to that can not be trained in advance, and it can not be identified.
Summary of the invention
Domain name Similarity measures and classification method and system of the present invention proposition based on magnanimity domain name access log, this method
Similarity measures can be carried out to magnanimity domain name and domain name feature vector stores, and classify to domain name.
A kind of magnanimity domain name Similarity measures of the invention and classification method, comprising the following steps:
1) it acquires and obtains magnanimity domain name access log;
2) data cleansing is carried out to the magnanimity domain name access log of acquisition;
3) feature vector is carried out to the domain name in the domain name access log after cleaning;
4) it is based on domain name feature vector computational domain name similitude;
5) classified based on domain name similitude to domain name.
Further, the step 2) data cleansing includes: routing domain name access record between reject region, filters out and do not meet rule
The domain name access record of model filters out common known domain name access record etc..
Further, step 3) is grouped domain name access log according to client (optional IP), then according to visit
Ask that the time is ranked up domain name access log;Regard the domain name after grouping as an article, each domain name regards a word as, benefit
Word embedded mobile GIS calculates domain name feature vector.
Further, step 3) establishes domain name feature vector library, for giving domain name, carries out phase to it in feature vector library
It retrieves and sorts out like property;When given domain name is not present in feature vector library, fitting generates its feature vector, carries out similitude inspection
Rope and classification.
Further, for the domain name being not present in feature vector library, feature vector is according to the n-gram of known domain name
Feature vector is fitted and predicts.Optionally, use the mean value of n-gram feature vector as candidate.
Further, step 3) training one domain name feature vector builders, domain name translation be computable feature to
Amount.
Further, step 4) stores domain name feature vector using figure relational database, be then based on feature to
Amount calculates domain name similitude;Step 5) is based on figure relational database, is classified using nomography to domain name.
Further, dimensionality reduction is carried out to domain name feature vector, obtains plane or 3 D stereo feature vector, realized to domain name
The visualization of classification.
Corresponding with above method, the present invention also provides a kind of magnanimity domain name Similarity measures and categorizing systems comprising:
Data acquisition module is responsible for acquiring and obtains magnanimity domain name access log;
Data cleansing module is responsible for the magnanimity domain name access log to acquisition and carries out data cleansing;
Feature vector generation module is responsible for carrying out feature vector to the domain name after cleaning;
Similarity calculation engine is responsible for being based on domain name feature vector computational domain name similitude;
Data memory module is responsible for storing domain name and its feature vector;
Domain name classification engine is responsible for classifying to domain name based on domain name similitude.
Further, the system also includes visualization model, it is responsible for carrying out dimensionality reduction to domain name feature vector, obtains plane
Feature vector realizes the visualization classified to domain name.
The present invention also provides a kind of malicious network attacks detection methods, comprising the following steps:
1 > use method described above to carry out Similarity measures and classification to domain name;
2 > malice domain name detected according to the result of domain name Similarity measures and classification, comprising:
2.1 > to known certain amount malice domain name the case where, gone out belonging to known malicious domain name using step 1 > association analysis
Malice domain name family type, and its adjoint unknown malice domain name is further detected, to attack entire malice domain name
Network is portrayed;
2.2 > the situation unknown to malice domain name, setting similarity threshold constrain, and the domain of constraint condition is met to similitude
Name, the situation that accesses, access originator, access distribution comprehensive analysis, carries out attack and studies and judges, to detect malice domain name.
The present invention Similarity measures can be carried out to magnanimity domain name and domain name feature vector stores, and divides domain name
Class, feature and beneficial effect are:
It 1) being capable of efficient process magnanimity domain name access log;
2) it is trained in advance independent of data sample, but it is similar with term vector according to the access relation between domain name
Property carry out domain name classification;
3) domain name classification is carried out using the method for the present invention, had for virus discovery, malicious network attacks detection etc. important
Meaning.
Detailed description of the invention
The step flow chart of Fig. 1 domain name Similarity measures, classification and method for visualizing.
A kind of specific embodiment exemplary diagram of Fig. 2 domain name classification method.
Fig. 3 carries out the domain name kind instance graph of domain name classification based on domain name similitude.
Fig. 4 shows schematic diagram based on the visualization that domain name similitude carries out domain name classification.
The module of Fig. 5 domain name Similarity measures, classification and visualization system forms figure.
Specific embodiment
To keep above objects, features, and advantages more obvious and easy to understand, with reference to the accompanying drawings and detailed description to this hair
It is bright to be described in further detail.
Embodiment 1: domain name Similarity measures, classification and method for visualizing
Fig. 1 is the general steps flow chart of the domain name Similarity measures, classification and method for visualizing, and Fig. 2 is this method
Specific steps flow chart.Method includes the following steps:
Data acquisition: the first step obtains domain name access log, number in passive name server end, the province world Kou Huo mouth etc.
According to the period optionally from 1 minute to 24 hour.
Data cleansing: second step is screened and is filtered to the domain name access log of the magnanimity got.Including but it is unlimited
Domain name access record is routed between reject region, filters out the domain name access record comprising not meeting specification, filters out common known domain name
Access record, such as the domain name access record of Alexa Top10k.
Third step, domain name feature vector calculate: the domain name access after cleaning recorded and is grouped according to client ip, and
Domain name is ranked up according to access time.The domain name sequence of each client ip access regards an article as, and each domain name is seen
A word in making an issue of calculates domain name feature vector using word insertion (Word Embedding) algorithm.For example it utilizes
Word2vec, doc2vec algorithm calculate domain name feature vector.
The third step can also train a domain name feature vector builders, by domain name feature vector builders by domain name
It is converted into computable feature vector.
The third step can also establish domain name feature vector library, for giving domain name, carry out phase to it in feature vector library
It retrieves and sorts out like property.When given domain name is not present in feature vector library, generate its feature vector, carry out similarity retrieval and
Sort out.Preferably for the domain name being not present in feature vector library, feature vector is set as the equal of its n-gram feature vector
Value.
Domain name Similarity measures: 4th step carries out domain name similarity calculation based on domain name feature vector, optionally for example counts
Vector distance is calculated as similarity.
5th step, domain name and feature vector storage: storing domain name and its feature vector using chart database, optional
Chart database such as Neo4j.
Domain name classification: 6th step is classified to domain name using nomography, is marked using known domain name to unknown domain name
It is fixed, optional nomography such as label broadcast algorithm.Fig. 3 is calculated based on domain name similitude of the invention and classification method
One domain name kind example.
Domain name classification visualization: 7th step carries out dimensionality reduction to domain name feature vector, obtains two-dimensional feature vector, each domain
One point of the corresponding two-dimensional surface of name, similar domain name, plan range is close, to realize the visualization classified to domain name.Fig. 4
It is that the visualization for carrying out domain name classification based on domain name similitude shows schematic diagram, wherein different gray scales (or different colours) represent
Different classification.
Embodiment 2: domain name Similarity measures, classification and visualization system
Fig. 5 is the module composition figure of the domain name Similarity measures of the present embodiment, classification and visualization system, including data obtain
Modulus block, data cleansing module, similarity calculation engine, data memory module, domain name classification engine, visualization model.Wherein:
Data acquisition module is responsible for acquiring and obtains magnanimity domain name access log;
Data cleansing module is responsible for the magnanimity domain name access log to acquisition and carries out data cleansing;
Feature vector generation module is responsible for carrying out feature vector to the domain name after cleaning;
Similarity calculation engine is responsible for being based on domain name feature vector computational domain name similitude;
Data memory module is responsible for storing domain name and its feature vector;
Domain name classification engine is responsible for classifying to domain name based on domain name similitude.
Embodiment 3: malicious network attacks detection method
The case where to known certain amount malice domain name, can use method of the invention to unknown domain name and known malicious
Domain name carries out Similarity measures, classification and visualization, so that association analysis goes out malice domain name family belonging to known malicious domain name
Type, and further detect its adjoint unknown malice domain name, to portray entire malice domain name attacking network.
The situation unknown to malice domain name firstly, carrying out Similarity measures to the Fully Qualified Domain Name in access log, and is arranged
Similarity threshold constraint, the domain name of constraint condition is met to similitude, the situation that accesses, access originator, comprehensive point of access distribution
Analysis carries out attack and studies and judges, to detect malice domain name.
In the present invention, domain name access record can be connect based on internets such as any local area network, private network, intercity/inter-provincial/worlds
Mouth is acquired acquisition;Data cleansing mode can be modified according to business demand and data source feature and accommodation.
The above embodiments are merely illustrative of the technical solutions of the present invention rather than is limited, the ordinary skill of this field
Personnel can be with modification or equivalent replacement of the technical solution of the present invention are made, without departing from the spirit and scope of the present invention, this
The protection scope of invention should be subject to described in claims.
Claims (11)
1. a kind of magnanimity domain name Similarity measures and classification method, which comprises the following steps:
1) it acquires and obtains magnanimity domain name access log;
2) data cleansing is carried out to the magnanimity domain name access log of acquisition;
3) feature vector is carried out to the domain name in the domain name access log after cleaning;
4) it is based on domain name feature vector computational domain name similitude;
5) classified based on domain name similitude to domain name.
2. the method according to claim 1, wherein the step 2) data cleansing includes: to filter out inter-domain routing
Domain name access record filters out and does not meet the domain name access record of specification, filters out common known domain name access record.
3. the method according to claim 1, wherein step 3) divides domain name access log according to client
Then group is ranked up domain name access log according to access time;Regard the domain name after grouping as an article, each domain name
Regard a word as, calculates domain name feature vector using word embedded mobile GIS.
4. the method according to claim 1, wherein step 3) establishes domain name feature vector library, for giving localization
Name, carries out similarity retrieval to it in feature vector library and sorts out;When given domain name is not present in feature vector library, fitting life
At its feature vector, similarity retrieval and classification are carried out.
5. according to the method described in claim 4, it is characterized in that, domain name for being not present in feature vector library, feature
Vector is fitted and predicts according to the n-gram feature vector of known domain name.
6. the method according to claim 1, wherein step 3) train a domain name feature vector builders,
Domain name translation is computable feature vector.
7. the method according to claim 1, wherein step 4) is using figure relational database to domain name feature vector
It is stored, is then based on feature vector computational domain name similitude;Step 5) is based on figure relational database, using nomography to domain
Name is classified.
8. obtaining plane or three the method according to claim 1, wherein carrying out dimensionality reduction to domain name feature vector
Stereoscopic features vector is tieed up, realizes the visualization classified to domain name.
9. a kind of magnanimity domain name Similarity measures and categorizing system characterized by comprising
Data acquisition module is responsible for acquiring and obtains magnanimity domain name access log;
Data cleansing module is responsible for the magnanimity domain name access log to acquisition and carries out data cleansing;
Feature vector generation module is responsible for carrying out feature vector to the domain name after cleaning;
Similarity calculation engine is responsible for being based on domain name feature vector computational domain name similitude;
Data memory module is responsible for storing domain name and its feature vector;
Domain name classification engine is responsible for classifying to domain name based on domain name similitude.
10. system according to claim 9, which is characterized in that further include visualization model, be responsible for domain name feature vector
Dimensionality reduction is carried out, plane characteristic vector is obtained, realizes the visualization classified to domain name.
11. a kind of malicious network attacks detection method, which comprises the following steps:
1 > use any claim the method in claim 1~8 to carry out Similarity measures and classification to domain name;
2 > malice domain name detected according to the result of domain name Similarity measures and classification, comprising:
2.1 > to known certain amount malice domain name the case where, go out evil belonging to known malicious domain name using step 1 > association analysis
Meaning domain name family type, and further detect its adjoint unknown malice domain name, thus to entire malice domain name attacking network
It is portrayed;
2.2 > the situation unknown to malice domain name using step 1 > carry out Similarity measures and classification to unknown domain name, and is arranged
Similarity threshold constraint, the domain name of constraint condition is met to similitude, the situation that accesses, access originator, comprehensive point of access distribution
Analysis carries out attack and studies and judges, to detect malice domain name.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811019254 | 2018-09-03 | ||
CN2018110192542 | 2018-09-03 |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109698820A true CN109698820A (en) | 2019-04-30 |
Family
ID=66230143
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811391153.8A Pending CN109698820A (en) | 2018-09-03 | 2018-11-21 | A kind of domain name Similarity measures and classification method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109698820A (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110099059A (en) * | 2019-05-06 | 2019-08-06 | 腾讯科技(深圳)有限公司 | A kind of domain name recognition methods, device and storage medium |
CN111131260A (en) * | 2019-12-24 | 2020-05-08 | 邑客得(上海)信息技术有限公司 | Mass network malicious domain name identification and classification method and system |
CN111818198A (en) * | 2020-09-10 | 2020-10-23 | 腾讯科技(深圳)有限公司 | Domain name detection method, domain name detection device, equipment and medium |
CN112256838A (en) * | 2020-11-06 | 2021-01-22 | 山东伏羲智库互联网研究院 | Similar domain name searching method and device and electronic equipment |
CN113271292A (en) * | 2021-04-07 | 2021-08-17 | 中国科学院信息工程研究所 | Malicious domain name cluster detection method and device based on word vectors |
WO2021196446A1 (en) * | 2020-04-03 | 2021-10-07 | 北京市天元网络技术股份有限公司 | Method and device for analyzing content delivery network scheduling process, and electronic apparatus |
CN113572719A (en) * | 2020-04-29 | 2021-10-29 | 深信服科技股份有限公司 | Domain name detection method, device, equipment and readable storage medium |
CN114866966A (en) * | 2022-07-08 | 2022-08-05 | 安徽创瑞信息技术有限公司 | Short message user management method based on big data |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102790762A (en) * | 2012-06-18 | 2012-11-21 | 东南大学 | Phishing website detection method based on uniform resource locator (URL) classification |
CN103001825A (en) * | 2012-11-15 | 2013-03-27 | 中国科学院计算机网络信息中心 | Method and system for detecting DNS (domain name system) traffic abnormality |
CN103714130A (en) * | 2013-12-12 | 2014-04-09 | 深圳先进技术研究院 | Video recommendation system and method thereof |
CN104486461A (en) * | 2014-12-29 | 2015-04-01 | 北京奇虎科技有限公司 | Domain name classification method and device and domain name recognition method and system |
CN104579773A (en) * | 2014-12-31 | 2015-04-29 | 北京奇虎科技有限公司 | Domain name system analysis method and device |
CN105915555A (en) * | 2016-06-29 | 2016-08-31 | 北京奇虎科技有限公司 | Method and system for detecting network anomalous behavior |
CN107046586A (en) * | 2017-04-14 | 2017-08-15 | 四川大学 | A kind of algorithm generation domain name detection method based on natural language feature |
CN107241352A (en) * | 2017-07-17 | 2017-10-10 | 浙江鹏信信息科技股份有限公司 | A kind of net security accident classificaiton and Forecasting Methodology and system |
CN108282450A (en) * | 2017-01-06 | 2018-07-13 | 阿里巴巴集团控股有限公司 | The detection method and device of abnormal domain name |
-
2018
- 2018-11-21 CN CN201811391153.8A patent/CN109698820A/en active Pending
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102790762A (en) * | 2012-06-18 | 2012-11-21 | 东南大学 | Phishing website detection method based on uniform resource locator (URL) classification |
CN103001825A (en) * | 2012-11-15 | 2013-03-27 | 中国科学院计算机网络信息中心 | Method and system for detecting DNS (domain name system) traffic abnormality |
CN103714130A (en) * | 2013-12-12 | 2014-04-09 | 深圳先进技术研究院 | Video recommendation system and method thereof |
CN104486461A (en) * | 2014-12-29 | 2015-04-01 | 北京奇虎科技有限公司 | Domain name classification method and device and domain name recognition method and system |
CN104579773A (en) * | 2014-12-31 | 2015-04-29 | 北京奇虎科技有限公司 | Domain name system analysis method and device |
CN105915555A (en) * | 2016-06-29 | 2016-08-31 | 北京奇虎科技有限公司 | Method and system for detecting network anomalous behavior |
CN108282450A (en) * | 2017-01-06 | 2018-07-13 | 阿里巴巴集团控股有限公司 | The detection method and device of abnormal domain name |
CN107046586A (en) * | 2017-04-14 | 2017-08-15 | 四川大学 | A kind of algorithm generation domain name detection method based on natural language feature |
CN107241352A (en) * | 2017-07-17 | 2017-10-10 | 浙江鹏信信息科技股份有限公司 | A kind of net security accident classificaiton and Forecasting Methodology and system |
Non-Patent Citations (4)
Title |
---|
宋杰: "《大数据处理平台耗能优化方法的研究》", 30 November 2016, 沈阳:东北大学出版社 * |
程远航: "《计算机信息管理Visual FoxPro程序设计》", 30 September 2016, 贵阳:贵州大学出版社 * |
袁鹏飞: "《Intranet网络建设与应用开发》", 31 May 1999, 北京:人民邮电出版社 * |
龚静: "《中文文本聚类研究》", 31 March 2012, 北京:中国传媒大学出版社 * |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110099059A (en) * | 2019-05-06 | 2019-08-06 | 腾讯科技(深圳)有限公司 | A kind of domain name recognition methods, device and storage medium |
CN110099059B (en) * | 2019-05-06 | 2021-08-31 | 腾讯科技(深圳)有限公司 | Domain name identification method and device and storage medium |
CN111131260A (en) * | 2019-12-24 | 2020-05-08 | 邑客得(上海)信息技术有限公司 | Mass network malicious domain name identification and classification method and system |
CN111131260B (en) * | 2019-12-24 | 2020-09-15 | 邑客得(上海)信息技术有限公司 | Mass network malicious domain name identification and classification method and system |
WO2021196446A1 (en) * | 2020-04-03 | 2021-10-07 | 北京市天元网络技术股份有限公司 | Method and device for analyzing content delivery network scheduling process, and electronic apparatus |
CN113572719A (en) * | 2020-04-29 | 2021-10-29 | 深信服科技股份有限公司 | Domain name detection method, device, equipment and readable storage medium |
CN113572719B (en) * | 2020-04-29 | 2023-03-24 | 深信服科技股份有限公司 | Domain name detection method, device, equipment and readable storage medium |
CN111818198A (en) * | 2020-09-10 | 2020-10-23 | 腾讯科技(深圳)有限公司 | Domain name detection method, domain name detection device, equipment and medium |
CN112256838A (en) * | 2020-11-06 | 2021-01-22 | 山东伏羲智库互联网研究院 | Similar domain name searching method and device and electronic equipment |
CN113271292A (en) * | 2021-04-07 | 2021-08-17 | 中国科学院信息工程研究所 | Malicious domain name cluster detection method and device based on word vectors |
CN114866966A (en) * | 2022-07-08 | 2022-08-05 | 安徽创瑞信息技术有限公司 | Short message user management method based on big data |
CN114866966B (en) * | 2022-07-08 | 2022-09-06 | 安徽创瑞信息技术有限公司 | Short message user management method based on big data |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109698820A (en) | A kind of domain name Similarity measures and classification method and system | |
CN107566376B (en) | Threat information generation method, device and system | |
Nguyen et al. | Automatic image filtering on social networks using deep learning and perceptual hashing during crises | |
CN108092962A (en) | A kind of malice URL detection method and device | |
CN106650799B (en) | A kind of electronic evidence classification extracting method and system | |
August et al. | AI naturalists might hold the key to unlocking biodiversity data in social media imagery | |
CN109167799A (en) | A kind of vulnerability monitoring detection system for intelligent network information system | |
CN109684913A (en) | A kind of video human face mask method and system based on community discovery cluster | |
CN112491796A (en) | Intrusion detection and semantic decision tree quantitative interpretation method based on convolutional neural network | |
CN106446124B (en) | A kind of Website classification method based on cyberrelationship figure | |
CN105488100A (en) | Efficient detection and discovery system for secret-associated geographic data in non secret-associated environment | |
CN106534784A (en) | Acquisition analysis storage statistical system for video analysis data result set | |
CN110177123A (en) | Botnet detection method based on DNS mapping association figure | |
CN115378629A (en) | Ether mill network anomaly detection method and system based on graph neural network and storage medium | |
CN116384736A (en) | Smart city risk perception method and system | |
CN115086004A (en) | Security event identification method and system based on heterogeneous graph | |
Lee et al. | Predicting livelihood indicators from community-generated street-level imagery | |
CN107493275A (en) | The extracted in self-adaptive and analysis method and system of heterogeneous network security log information | |
CN112925899B (en) | Ordering model establishment method, case clue recommendation method, device and medium | |
CN101527001B (en) | Secret information detecting system based on expert system method | |
Yin et al. | An improved k-means using in anomaly detection | |
Raj et al. | Detection of Botnet Using Deep Learning Architecture Using Chrome 23 Pattern with IOT | |
CN108965249A (en) | A kind of network information security detection system and its detection method | |
CN112422505A (en) | Network malicious traffic identification method based on high-dimensional extended key feature vector | |
CN111611483A (en) | Object portrait construction method, device, equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190430 |