CN109714342A - The guard method of a kind of electronic equipment and device - Google Patents
The guard method of a kind of electronic equipment and device Download PDFInfo
- Publication number
- CN109714342A CN109714342A CN201811620782.3A CN201811620782A CN109714342A CN 109714342 A CN109714342 A CN 109714342A CN 201811620782 A CN201811620782 A CN 201811620782A CN 109714342 A CN109714342 A CN 109714342A
- Authority
- CN
- China
- Prior art keywords
- user
- request
- electronic equipment
- management server
- unconventional
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Computer And Data Communications (AREA)
Abstract
The embodiment of the present invention proposes guard method and the device of a kind of electronic equipment.When user's request does not include attack signature, analyze whether user's request includes unconventional feature, unconventional feature is sent to management server, and it receives management server and analyses whether that there is also doubtful attack signatures according to the mode of the first judgement result of unconventional profile feedback, the safety of electronic equipment is improved by way of dual judgement, the application program in electron equipment provides safer network environment.
Description
Technical field
The present invention relates to technical field of network security, guard method and device in particular to a kind of electronic equipment.
Background technique
Application firewall filtering technique is typically configured in the entrance of application program, for intercepting in advance and analyzing all users
User request.If user's request includes the corresponding attack signature of certain attack, forbids user's request to enter and answer
It is responded with program.It is but limited to the recognition capability of itself, existing application firewall filtering technique, which can miss part, to be had
Certain unconventional attack signatures, leave security risk to equipment.
Summary of the invention
In view of this, the purpose of the present invention is to provide the guard method of a kind of electronic equipment and devices.
To achieve the goals above, technical solution used in the embodiment of the present invention is as follows:
In a first aspect, the embodiment of the invention provides the guard methods of a kind of electronic equipment, comprising:
Obtain user's request;
When user request does not include attack signature, whether user's request is analyzed comprising unconventional feature;
If so, the unconventional feature is sent to management server;
Receive first judgement result of the management server according to the unconventional profile feedback;
When it does not include doubtful attack signature that the first judgement result, which is the unconventional feature, responds the user and ask
It asks and executes and request associated operation with the user;
When it includes doubtful attack signature that the first judgement result, which is the unconventional feature, warning information is generated, and
The warning information is sent to O&M end.
Second aspect, the embodiment of the invention also provides the protective devices of a kind of electronic equipment, comprising:
Obtain module: for obtaining user's request;
Processing module: for when user request does not include attack signature, analyze user request whether include
Unconventional feature;
Transceiver module: for if so, the unconventional feature is sent to management server;
The transceiver module is also used to receive the management server and determines according to the first of the unconventional profile feedback
As a result;
The processing module is used to when the first judgement result is the unconventional feature not include doubtful attack signature
When, it responds the user and requests and execute to request associated operation with the user;When the first judgement result is described non-
When general characteristics include doubtful attack signature, warning information is generated, and the warning information is sent to O&M end.
The guard method of a kind of electronic equipment provided in an embodiment of the present invention and having the beneficial effect that when user requests for device
When not comprising attack signature, whether analysis user request includes unconventional feature, and unconventional feature is sent to management server,
And it receives management server and analyses whether that there is also doubtful attacks according to the mode of the first judgement result of unconventional profile feedback
Feature, improves the safety of electronic equipment by way of dual judgement, and the application program in electron equipment provides more
The network environment of safety.
To enable the above objects, features and advantages of the present invention to be clearer and more comprehensible, preferred embodiment is cited below particularly, and cooperate
Appended attached drawing, is described in detail below.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be to needed in the embodiment attached
Figure is briefly described, it should be understood that the following drawings illustrates only certain embodiments of the present invention, therefore is not construed as pair
The restriction of range for those of ordinary skill in the art without creative efforts, can also be according to this
A little attached drawings obtain other relevant attached drawings.
Fig. 1 shows the structural block diagram of electronic equipment provided in an embodiment of the present invention;
Fig. 2 shows communication environment schematic diagrames provided in an embodiment of the present invention;
Fig. 3 shows the flow diagram of the guard method of electronic equipment provided in an embodiment of the present invention;
Fig. 4 shows the flow diagram of the guard method of another electronic equipment provided in an embodiment of the present invention;
Fig. 5 shows the flow diagram of the guard method of the third electronic equipment provided in an embodiment of the present invention;
Fig. 6 shows the functional unit schematic diagram of the protective device of electronic equipment provided in an embodiment of the present invention.
Icon: 100- electronic equipment;101- processor;102- memory;103- bus;104- communication interface;105- people
Machine interactive device;200- management server;300- O&M end;401- obtains module;402- processing module;403- transceiver module;
404- update module.
Specific embodiment
Below in conjunction with attached drawing in the embodiment of the present invention, technical solution in the embodiment of the present invention carries out clear, complete
Ground description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.Usually exist
The component of the embodiment of the present invention described and illustrated in attached drawing can be arranged and be designed with a variety of different configurations herein.
Therefore, the detailed description of the embodiment of the present invention provided in the accompanying drawings is not intended to limit below claimed
The scope of the present invention, but be merely representative of selected embodiment of the invention.Based on the embodiment of the present invention, those skilled in the art
Member's every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
It should be noted that the relational terms of term " first " and " second " or the like be used merely to an entity or
Operation is distinguished with another entity or operation, and without necessarily requiring or implying between these entities or operation, there are any
This actual relationship or sequence.Moreover, the terms "include", "comprise" or its any other variant be intended to it is non-exclusive
Property include so that include a series of elements process, method, article or equipment not only include those elements, but also
Further include other elements that are not explicitly listed, or further include for this process, method, article or equipment it is intrinsic
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including described
There is also other identical elements in the process, method, article or equipment of element.
The embodiment of the invention provides the guard methods of a kind of electronic equipment, are applied to electronic equipment 100.Fig. 1 is please referred to,
It is the block diagram of electronic equipment 100.Electronic equipment 100 includes processor 101, memory 102, bus 103, communication interface
104 and human-computer interaction device 105.Processor 101, memory 102, communication interface 104, human-computer interaction device 105 pass through always
Line 103 connects, and processor 101 is for executing the executable module stored in memory 102, such as computer program.In one kind
In possible implementation, as shown in Fig. 2, electronic equipment 100 by wired or wireless network respectively with management server
200,300 communication connection of O&M end.
Processor 101 may be a kind of IC chip, the processing capacity with signal.During realization, electronics
Each step of the guard method of equipment can pass through the integrated logic circuit of the hardware in processor 101 or the finger of software form
It enables and completing.Above-mentioned processor 101 can be general processor, including central processing unit (Central Processing
Unit, abbreviation CPU), network processing unit (Network Processor, abbreviation NP) etc.;It can also be digital signal processor
(Digital Signal Processor, abbreviation DSP), specific integrated circuit (Application Specific
Integrated Circuit, abbreviation ASIC), ready-made programmable gate array (Field-Programmable Gate Array,
Abbreviation FPGA) either other programmable logic device, discrete gate or transistor logic, discrete hardware components.
Memory 102 may include high-speed random access memory (RAM:Random Access Memory), it is also possible to
It further include non-labile memory (non-volatile memory), for example, at least a magnetic disk storage.
Bus 103 can be ISA (Industry Standard Architecture) bus, PCI (Peripheral
Component Interconnect) bus or EISA (Extended Industry Standard Architecture) be total
Line etc..It is only indicated with a four-headed arrow in Fig. 1, it is not intended that an only bus 103 or a type of bus 103.
Electronic equipment 100 passes through its of the realization of at least one communication interface 104 (can be wired or wireless) and outside
Communication connection between its equipment.Memory 102 is for storing program, such as the protective device of electronic equipment.Electronic equipment
Protective device includes that at least one can be stored in memory 102 or be solidificated in electricity in the form of software or firmware (firmware)
Software function module in the operating system (operating system, OS) of sub- equipment 100.Processor 101 is held receiving
After row instruction, described program is executed to realize the guard method of electronic equipment.
Keyboard, mouse or touch display screen can be used in human-computer interaction device 105, it is not limited here.Human-computer interaction device
105 are transferred to processor 101 for acquiring user's request of user's input, and by user's request.
It should be understood that structure shown in FIG. 1 is only the structure application schematic diagram of electronic equipment 100, electronic equipment 100
It may also include than shown in Fig. 1 more perhaps less component or with the configuration different from shown in Fig. 1.Shown in Fig. 1
Each component can be realized using hardware, software, or its combination.
The guard method of a kind of electronic equipment provided in an embodiment of the present invention is applied to electronic equipment 100, specific to flow
Journey refers to Fig. 3:
S10: user's request is obtained.
Specifically, in a kind of mode of possible realization, the user that human-computer interaction device 105 collects user's input is asked
After asking, collected user request is sent to processor 101, processor 101 receives user's request.In alternatively possible reality
In existing mode, the user for correspondence some application program that other equipment are transmitted by communication interface 104 to electronic equipment 100 is asked
It asks.Processor 101 is obtained by real-time guard probe (Runtime application self-protection, RASP) interception
The user is taken to request.
S11: when user's request does not include attack signature, whether analysis user request includes unconventional feature.If so,
Execute S12;If it is not, then executing S16.
Specifically, when processor 101 analyzes user request not comprising attack signature, in a kind of possible implementation
In, user's request fails the unconventional characteristic information of identification comprising some processors 101, and unconventional characteristic information is, for example, to encrypt
Information.By whether further analyzing user's request comprising unconventional feature, it is implicit to judge whether that there is also safety, such as comprising non-
When general characteristics, S12 is executed, to promote the security information of electronic equipment 100.
S12: unconventional feature is sent to management server.
Specifically, the above-mentioned unconventional feature analyzed is sent to by management server 200 by communication interface 104.
S13: first judgement result of the management server according to unconventional profile feedback is received.
Specifically, management server 200 is when receiving unconventional feature, according to preset feature database or preset decryption
Whether the unconventional feature of model analysis includes doubtful attack signature, and the result according to analysis forms first and determines as a result, and by the
One judgement result feeds back to electronic equipment 100.To which the reception reception management server of electronic equipment 100 is anti-according to unconventional feature
The first of feedback determines result.Wherein, doubtful attack signature may damage electronic equipment 100, and electronic equipment 100 fails
The characteristic information identified.
S14: it includes doubtful attack signature that whether analysis the first judgement result, which is unconventional feature,.If so, executing S15;
If it is not, then executing S16.
It specifically, include doubtful attack signature when analyzing the first judgement result as unconventional feature, it is likely that harm
Electronic equipment 100, executes S15 at this time;Conversely, then executing S16.
S15: stop response user's request, generate warning information, and warning information is sent to O&M end.
Specifically, stop response user's request, such as stop the user request in detail of some application program.Generate alarm
Information, warning information are, for example, " danger ", " under attack " or " there are risks " etc., it is not limited here.And pass through communication
Warning information is sent to O&M end 300 by interface 104, to remind operation maintenance personnel, is checked in time, is avoided unnecessary damage
It loses.In a kind of possible implementation, when instruction can be responded by receiving the transmission of O&M end 300,100 Ren Ranke of electronic equipment
It to respond user request, avoids misidentifying, promotes the efficiency that electronic equipment 100 is run.
S16: response user requests and executes to request associated operation with user.
Specifically, response user request, and execute and request associated operation with user.Associated operation is, for example, that modification is used
Name in an account book etc..
In the guard method of a kind of electronic equipment provided in an embodiment of the present invention: processor does not include attack when user's request
When feature, whether analysis user request includes unconventional feature, unconventional feature is sent to management server, and receive management
Server analyses whether that there is also doubtful attack signatures according to the mode of the first judgement result of unconventional profile feedback, by double
The fixed mode of major punishment improves the safety of electronic equipment, and the application program in electron equipment provides safer network rings
Border.
On the basis of Fig. 3, the embodiment of the invention also provides the guard method of a kind of electronic equipment, detailed process steps
It is as shown in Figure 4:
S17: generated operation data during responding user's request is obtained.
Specifically, processor 101 can generate operation data during relative users are requested.In a kind of possible realization
In mode, processor 101 by Integrated Avionic System Trainer (Integrated Avionic System Trainer,
IAST the operation data) is obtained.
S18: analyzing according to presetting vulnerability scan whether there is loophole data in operation data.If so, executing
S15;If it is not, then executing S19.
Specifically, vulnerability scan is set in the memory 102 in advance.Processor 101 is by calling vulnerability scan
It analyzes and whether there is loophole data in operation data, and if it exists, be then possible to make electronic equipment 100 and its interior application program
At damage, S15 is executed at this time;Conversely, then executing S19, further to check operation data, the safety of electronic equipment 100 is promoted
Property.
S19: by operation data real-time Transmission to management server.
Specifically, by communication interface 104 by operation data real-time Transmission to management server 200, further to check
Operation data.
S20: second judgement result of the management server according to operation data feedback is received.
Specifically, it when management server 200 receives operation data, further checks operation data, judges operation data
In whether include doubtful attack signature, according to accordingly generate the second judgement as a result, and by second judgement result feed back to electronic equipment
100。
S21: when the second judgement result includes doubtful attack signature for operation data, stop response user's request, generate
Warning information, and warning information is sent to O&M end.
Specifically, when the second judgement result includes doubtful attack signature for operation data, continuing to run may be to electronics
Equipment 100 and its interior application program damage, at this time provide stop response user request, with protect electronic equipment 100 and
Application program in it.
On the basis of Fig. 3, for " when user's request does not include attack signature, whether analysis user's request is wrapped in S11
Containing unconventional feature " content, give in the guard method of another kind electronic equipment provided in an embodiment of the present invention a kind of
Implementation specifically refers to Fig. 5:
Whether S111: including attack signature according to attacks results decision model analysis user request.If so, executing S15;If
It is no, then execute S112.
Specifically, attack judgment models are pre-set neural network model.In one possible implementation should
Steps are as follows for neural network model:
Extract user request unconventional feature and/or encrypted feature as input, the text data of anomalous event and/or
Data are controlled as output.
Establish the neural network model being made of input layer, hidden layer and output layer.
Input layer includes unconventional feature and/or encrypted feature, i.e. one or two input neuron;Output layer includes text
Notebook data and/or control data, i.e. one or two output neuron.The selection of hidden layer neuron quantity passes through formula n1=
N+m+a is determined, in formula, n1 is hidden layer unit number, and m is output unit number, and a is the constant between 1 to 10.
It generally can determine whether the quantitative range of a hidden layer neuron by above-mentioned formula, then select different number respectively
Hidden layer neuron establishes multiple neural network models, pre-training is carried out according to Establishment of Neural Model, by comparing nerve
Network convergence precision and convergence rate determine the quantity of most suitable hidden layer neuron.
Pre-training process can be to be realized by default training function trainlm;Set training objective, such as convergence precision
0.001, respectively to the neural network model training with different hidden layer neurons, determined according to result convergence precision and speed
The quantity of hidden layer neuron.
Neural network model, call format are as follows: Net=newff are further created using function newff in MATLAB
(PR, [S1S2 ... SN1], { TF1TF2 ... TEN1 }, BTF, BLF, PF);
Net=newff: for creating neural network in dialog box;
PR: the matrix tieed up by the R × 2 that the maximum value and minimum value of every group of input (shared R group input) element form;Si:
I-th layer of length amounts to N1 layers;
TFi: the i-th layer of transmission function is defaulted as " tansig ";The training function of BTF:BP network, is defaulted as
"trainlm";
BLF: the BP learning function of weight and threshold values is defaulted as " learngdm ";
PF: the performance function of network is defaulted as " mse ".
After creating neural network, reselection transmission function appropriate, training function and learning function, to realize neural network
Study, feedback and the forecast function of model.It is analyzed according to convergence precision, selects logsig-purelin form (linear-right respectively
Number form formula) transmission function, Levenberg-Marguart training function and gradient decline momentum learning function learngdm.
It in one possible implementation, whether include attack signature according to attacks results decision model analysis user request
Steps are as follows.
After establishing neural network model, using existing unconventional feature and/or encrypted feature and text data and/or
Data are controlled respectively as input, obtain whether exporting comprising attack signature.
S112: whether analysis user request includes unconventional feature.If so, executing S12;If it is not, then executing S16.
S22 is also executed in the corresponding method of Fig. 5 executing S15.
S22: it requests to update attacks results decision model according to user.
Specifically, it requests to update attacks results decision model according to user, to enrich attacks results decision model, convenient for later more smart
Whether standard quickly identifies in user's request comprising attack signature, promotes the accuracy that electronic equipment 100 sets attack signature
And efficiency.
Referring to Fig. 6, Fig. 6 is the protective device for a kind of electronic equipment that present pre-ferred embodiments provide.It needs to illustrate
, the protective device of electronic equipment provided by the present embodiment, the technical effect and above-mentioned implementation of basic principle and generation
Example is identical, and to briefly describe, the present embodiment part does not refer to place, can refer to corresponding contents in the above embodiments.
The protective device of electronic equipment includes: to obtain module 401, processing module 402, transceiver module 403 and update mould
Block 404.
Obtain module 401: for obtaining user's request.It is to be appreciated that above-described embodiment can be executed by obtaining module 401
In S10.
Processing module 402: for when user's request does not include attack signature, whether analysis user request to be comprising unconventional
Feature.It is to be appreciated that processing module 402 can execute the S11 in above-described embodiment.
Transceiver module 403: for if so, unconventional feature is sent to management server.It is to be appreciated that transmitting-receiving mould
Block 403 can execute the S12 in above-described embodiment.
Transceiver module 403 is also used to receive management server and determines result according to the first of unconventional profile feedback.It can be with
Understand that ground, transceiver module 403 can execute the S13 in above-described embodiment.
Processing module 402 is used for when it does not include doubtful attack signature that the first judgement result, which is unconventional feature, and response is used
It requests and executes to request associated operation with user in family.It is to be appreciated that processing module 402 can execute in above-described embodiment
S14 and S16.
Processing module 402 is also used to generate and accuse when it includes doubtful attack signature that the first judgement result, which is unconventional feature,
Alert information, and warning information is sent to O&M end.It is to be appreciated that processing module 402 can execute in above-described embodiment
S14 and S15.
It obtains module 401 to be also used to request and execute in response user with after the associated operation of user's request, obtain in sound
Generated operation data during being requested using family.It is to be appreciated that obtaining module 401 can execute in above-described embodiment
S17.
Transceiver module 403 is used for operation data real-time Transmission to management server, and receives management server according to fortune
The second of row data feedback determines result.It is to be appreciated that transceiver module 403 can execute S19 in above-described embodiment and
S20。
Processing module 402 is used to stop response when the second judgement result includes doubtful attack signature for operation data and use
Family request, is sent to O&M end for generating warning information, and by warning information.It is to be appreciated that processing module 402 can be held
S21 in row above-described embodiment.
Before by operation data real-time Transmission to management server,
Processing module 402 is also used to whether there is loophole number according in presetting vulnerability scan analysis operation data
According to.It is to be appreciated that processing module 402 can execute the S18 in above-described embodiment.
Whether processing module 402 is used to according to attacks results decision model analysis user request include attack signature;If so, stopping
Only response user request, generates warning information, and warning information is sent to O&M end;If it is not, whether then analyzing user's request
Include unconventional feature.It is to be appreciated that processing module 402 can execute S111 and S112 in above-described embodiment.
Update module 404: for when first determines result to be unconventional feature include doubtful attack signature, according to user
Request updates attacks results decision model.It is to be appreciated that update module 404 can execute the S22 in above-described embodiment.
In conclusion in the guard method of electronic equipment provided in an embodiment of the present invention and device: firstly, when user requests
When not comprising attack signature, whether analysis user request includes unconventional feature, and unconventional feature is sent to management server,
And it receives management server and analyses whether that there is also doubtful attacks according to the mode of the first judgement result of unconventional profile feedback
Feature, improves the safety of electronic equipment by way of dual judgement, and the application program in electron equipment provides more
The network environment of safety;Secondly, further being examined by analyzing operation data and operation data being sent to management server
Whether safe survey operation;Finally, promoting verification efficiency and accuracy by the challenge model that timely updates.
In several embodiments provided herein, it should be understood that disclosed device and method can also pass through
Other modes are realized.The apparatus embodiments described above are merely exemplary, for example, flow chart and block diagram in attached drawing
Show the device of multiple embodiments according to the present invention, the architectural framework in the cards of method and computer program product,
Function and operation.In this regard, each box in flowchart or block diagram can represent the one of a module, section or code
Part, a part of the module, section or code, which includes that one or more is for implementing the specified logical function, to be held
Row instruction.It should also be noted that function marked in the box can also be to be different from some implementations as replacement
The sequence marked in attached drawing occurs.For example, two continuous boxes can actually be basically executed in parallel, they are sometimes
It can execute in the opposite order, this depends on the function involved.It is also noted that every in block diagram and or flow chart
The combination of box in a box and block diagram and or flow chart can use the dedicated base for executing defined function or movement
It realizes, or can realize using a combination of dedicated hardware and computer instructions in the system of hardware.
In addition, each functional module in each embodiment of the present invention can integrate one independent portion of formation together
Point, it is also possible to modules individualism, an independent part can also be integrated to form with two or more modules.
It, can be with if the function is realized and when sold or used as an independent product in the form of software function module
It is stored in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially in other words
The part of the part that contributes to existing technology or the technical solution can be embodied in the form of software products, the meter
Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be a
People's computer, server or network equipment etc.) it performs all or part of the steps of the method described in the various embodiments of the present invention.
And storage medium above-mentioned includes: that USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited
The various media that can store program code such as reservoir (RAM, Random Access Memory), magnetic or disk.
The foregoing is only a preferred embodiment of the present invention, is not intended to restrict the invention, for the skill of this field
For art personnel, the invention may be variously modified and varied.All within the spirits and principles of the present invention, made any to repair
Change, equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.
Claims (10)
1. the guard method of a kind of electronic equipment characterized by comprising
Obtain user's request;
When user request does not include attack signature, whether user's request is analyzed comprising unconventional feature;
If so, the unconventional feature is sent to management server;
Receive first judgement result of the management server according to the unconventional profile feedback;
When it does not include doubtful attack signature that the first judgement result, which is the unconventional feature, user's request is responded simultaneously
It executes and requests associated operation with the user;
When described first determines result to be the unconventional feature include doubtful attack signature when, generate warning information, and by institute
It states warning information and is sent to O&M end.
2. the guard method of electronic equipment according to claim 1, which is characterized in that further include:
Request and execute and after the user requests associated operation responding the user, obtains and request responding the user
During generated operation data;
It gives the operation data real-time Transmission to the management server, and receives the management server according to the operation number
According to feedback second determine as a result,
When it includes doubtful attack signature that the second judgement result, which is the operation data, stop responding user's request,
The warning information is generated, and the warning information is sent to the O&M end.
3. the guard method of electronic equipment according to claim 2, which is characterized in that described that the operation data is real
When be transferred to before the management server, further includes:
Analyzing according to presetting vulnerability scan whether there is loophole data in the operation data;
If so, stopping responding user's request, the warning information is generated, and the warning information is sent to the fortune
Tie up end;
If it is not, then giving the operation data real-time Transmission to the management server.
4. the guard method of electronic equipment according to claim 1, which is characterized in that described when the user requests not
When comprising attack signature, analyze that the step of whether user's request includes unconventional feature includes:
It whether include the attack signature according to the request of user described in attacks results decision model analysis;
If so, stopping responding user's request, the warning information is generated, and the warning information is sent to the fortune
End is tieed up,
If it is not, whether then analyzing user's request comprising unconventional feature.
5. the guard method of electronic equipment according to claim 4, which is characterized in that further include:
When it includes doubtful attack signature that the first judgement result, which is the unconventional feature, request to update according to the user
The attacks results decision model.
6. the protective device of a kind of electronic equipment characterized by comprising
Obtain module: for obtaining user's request;
Processing module: for whether when user request does not include attack signature, analyzing user's request comprising very
Advise feature;
Transceiver module: for if so, the unconventional feature is sent to management server;
The transceiver module is also used to receive the management server and determines result according to the first of the unconventional profile feedback;
The processing module is used to ring when it does not include doubtful attack signature that the first judgement result, which is the unconventional feature,
It answers the user to request and executes and request associated operation with the user;When the first judgement result is the unconventional spy
When sign includes doubtful attack signature, warning information is generated, and the warning information is sent to O&M end.
7. the protective device of electronic equipment according to claim 6, which is characterized in that
The acquisition module is also used to request and execute in the response user with after the associated operation of user request, obtains
Generated operation data during responding user request;
The transceiver module by the operation data real-time Transmission give the management server, and receive the management server according to
According to the operation data feedback second determine as a result,
When it includes doubtful attack signature that the second judgement result, which is the operation data, the processing module is for stopping ringing
It answers the user to request, generates the warning information, and the warning information is sent to the O&M end.
8. the protective device of electronic equipment according to claim 7, which is characterized in that described that the operation data is real
When be transferred to before the management server,
The processing module is also used to analyze in the operation data according to presetting vulnerability scan with the presence or absence of loophole number
According to;
The processing module is also used to if so, stop response user request, generates the warning information, and by the announcement
Alert information is sent to the O&M end;
The transceiver module is used for if it is not, then by the operation data real-time Transmission to the management server.
9. the protective device of electronic equipment according to claim 6, which is characterized in that
Whether the processing module is used to according to the request of user described in attacks results decision model analysis include the attack signature;If
It is then to stop responding user's request, generates the warning information, and the warning information is sent to the O&M end;
If it is not, whether then analyzing user's request comprising unconventional feature.
10. the protective device of electronic equipment according to claim 9, which is characterized in that further include:
Update module: for when described first determines result to be the unconventional feature include doubtful attack signature, according to institute
User is stated to request to update the attacks results decision model.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811620782.3A CN109714342B (en) | 2018-12-28 | 2018-12-28 | Protection method and device for electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811620782.3A CN109714342B (en) | 2018-12-28 | 2018-12-28 | Protection method and device for electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109714342A true CN109714342A (en) | 2019-05-03 |
| CN109714342B CN109714342B (en) | 2021-07-20 |
Family
ID=66257878
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811620782.3A Active CN109714342B (en) | 2018-12-28 | 2018-12-28 | Protection method and device for electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109714342B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110266669A (en) * | 2019-06-06 | 2019-09-20 | 武汉大学 | A kind of Java Web frame loophole attacks the method and system of general detection and positioning |
| CN112637205A (en) * | 2020-12-22 | 2021-04-09 | 北京天融信网络安全技术有限公司 | Web attack recognition method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103532944A (en) * | 2013-10-08 | 2014-01-22 | 百度在线网络技术(北京)有限公司 | Method and device for capturing unknown attack |
| CN107995179A (en) * | 2017-11-27 | 2018-05-04 | 深信服科技股份有限公司 | A kind of unknown threat cognitive method, device, equipment and system |
| CN108460279A (en) * | 2018-03-12 | 2018-08-28 | 北京知道创宇信息技术有限公司 | Attack recognition method, apparatus and computer readable storage medium |
| CN108881265A (en) * | 2018-06-29 | 2018-11-23 | 北京奇虎科技有限公司 | A kind of network attack detecting method and system based on artificial intelligence |
-
2018
- 2018-12-28 CN CN201811620782.3A patent/CN109714342B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103532944A (en) * | 2013-10-08 | 2014-01-22 | 百度在线网络技术(北京)有限公司 | Method and device for capturing unknown attack |
| CN107995179A (en) * | 2017-11-27 | 2018-05-04 | 深信服科技股份有限公司 | A kind of unknown threat cognitive method, device, equipment and system |
| CN108460279A (en) * | 2018-03-12 | 2018-08-28 | 北京知道创宇信息技术有限公司 | Attack recognition method, apparatus and computer readable storage medium |
| CN108881265A (en) * | 2018-06-29 | 2018-11-23 | 北京奇虎科技有限公司 | A kind of network attack detecting method and system based on artificial intelligence |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110266669A (en) * | 2019-06-06 | 2019-09-20 | 武汉大学 | A kind of Java Web frame loophole attacks the method and system of general detection and positioning |
| CN110266669B (en) * | 2019-06-06 | 2021-08-17 | 武汉大学 | Method and system for universal detection and positioning of Java Web framework vulnerability attack |
| CN112637205A (en) * | 2020-12-22 | 2021-04-09 | 北京天融信网络安全技术有限公司 | Web attack recognition method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109714342B (en) | 2021-07-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Henman | Improving public services using artificial intelligence: possibilities, pitfalls, governance | |
| Montañez et al. | Human cognition through the lens of social engineering cyberattacks | |
| EP3353700B1 (en) | Computer system for discovery of vulnerabilities in applications including guided tester paths based on application coverage measures | |
| Weisburd et al. | Block randomized trials at places: rethinking the limitations of small N experiments | |
| US8438386B2 (en) | System and method for developing a risk profile for an internet service | |
| EP4319054A2 (en) | Identifying legitimate websites to remove false positives from domain discovery analysis | |
| CN109711200B (en) | Precise poverty alleviation method, device, equipment and medium based on block chain | |
| CN107888616A (en) | The detection method of construction method and Webshell the attack website of disaggregated model based on URI | |
| TWI734466B (en) | Risk assessment method and device for leakage of privacy data | |
| CN108683666A (en) | A kind of web page identification method and device | |
| CN106104555A (en) | For protecting the behavior analysis of ancillary equipment | |
| CA3115124A1 (en) | Continuous and anonymous risk evaluation | |
| CN105357221A (en) | Method and apparatus for identifying phishing website | |
| Weber | Deciphering deportation practices across the Global North | |
| US20230040895A1 (en) | System and method for developing a risk profile for an internet service | |
| Morrison | Searching for causality in the wrong places | |
| US20210392153A1 (en) | System and method for vulnerability remediation prioritization | |
| US20140007242A1 (en) | Notification of Security Question Compromise Level based on Social Network Interactions | |
| CN110097170A (en) | Information pushes object prediction model acquisition methods, terminal and storage medium | |
| CN109271762A (en) | User authen method and device based on sliding block identifying code | |
| CN109714342A (en) | The guard method of a kind of electronic equipment and device | |
| CN110912874A (en) | Method and system for effectively identifying machine access behaviors | |
| CN109543117A (en) | Service push method and terminal device based on intelligent recommendation | |
| US20130325731A1 (en) | Systems and methods for providing organizational compliance monitoring | |
| CN111680167A (en) | Service request response method and server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |