CN110020190A - A kind of suspected threat index verification method and system based on multi-instance learning - Google Patents
A kind of suspected threat index verification method and system based on multi-instance learning Download PDFInfo
- Publication number
- CN110020190A CN110020190A CN201810727300.8A CN201810727300A CN110020190A CN 110020190 A CN110020190 A CN 110020190A CN 201810727300 A CN201810727300 A CN 201810727300A CN 110020190 A CN110020190 A CN 110020190A
- Authority
- CN
- China
- Prior art keywords
- index
- threat index
- suspected threat
- suspected
- instance learning
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/953—Querying, e.g. by the use of web search engines
- G06F16/9535—Search customisation based on user profiles and personalisation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/20—Natural language analysis
- G06F40/279—Recognition of textual entities
- G06F40/284—Lexical analysis, e.g. tokenisation or collocates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/20—Natural language analysis
- G06F40/279—Recognition of textual entities
- G06F40/289—Phrasal analysis, e.g. finite state techniques or chunking
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/30—Semantic analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/045—Combinations of networks
Abstract
The invention discloses a kind of suspected threat index verification method and system based on multi-instance learning.The method include the steps that handling the relevant information content of text of each suspected threat index, the word sequence containing former semantic information is generated;For each suspected threat index, corresponding multiple treated the word sequences of the suspected threat index are selected, be trained using each suspicious index corresponding word sequence of the multi-instance learning algorithm to selection and generate multi-instance learning verifying model;It is handled using information text of the natural language processing technique to suspected threat index to be measured, generating this to be measured can threaten the corresponding word sequence of index;Then prediction verifying is carried out to the corresponding word sequence of the suspected threat index to be measured using multi-instance learning verifying model, determines whether the suspected threat index to be predicted is deliberate threat index.The present invention can efficiently and accurately complete the verifying to suspected threat index.
Description
Technical field
The present invention relates to cyberspace security fields, in particular to a kind of suspected threat index based on multi-instance learning is tested
Demonstrate,prove method and system.
Background technique
Suspected threat index verification is to carry out malicious judgement to the suspicious index occurred in network or log, that is, determines it
The problem of whether being true deliberate threat index.Suspected threat index is verified, can identify Cyberthreat in time, guarantees network peace
Entirely.
For specific suspected threat index, can be verified according to relative information.Currently, the type
Verification method there are mainly three types of: one is manual verification's methods based on security expert, i.e., using security expert analysis received
The related information of collection, manually determines the menace of suspicious index;One is rule-based matched verification methods, i.e., simply
Ground matches existing information using regular expression or custom rule, judges suspicious index according to matching result;It is a kind of
The verification method based on specific context vocabulary, i.e., by check in information in the context of suspected threat index whether
Study and judge whether suspicious index is true deliberate threat index containing specific context vocabulary.
Manual verification's method based on security expert, tend to rely on security expert accumulation experience, manual analysis with it is whole
Existing information is managed, human cost is high.
Rule-based matched verification method is directly applied the suspicious index of regular expression matching, is ignored in information
Semantic information, cause verifying rate of false alarm it is higher.
Based on the verification method of specific context vocabulary, needs to collect candidate contexts vocabulary in advance, then extract information
Context vocabulary matching in information, this method complexity is high, and if Candidate Set update not in time, then the accuracy rate verified
Also it has no idea to guarantee.
Summary of the invention
In view of the deficiencies of the prior art, the purpose of the present invention is to provide a kind of suspected threats based on multi-instance learning to refer to
Mark verification method and system, the present invention make full use of the multiple active threat information being collected into, efficiently and accurately complete to suspicious
The verifying of index is threatened, provides a kind of effective method and thinking to solve suspected threat index verification.
The technical solution of the present invention is as follows:
A kind of suspected threat index verification method based on multi-instance learning, step include:
The relevant information content of text of each suspected threat index is handled using natural language processing technique, it is raw
Unified set is substituted at the word sequence containing former semantic information, and by the suspected threat index in each information text
Determine phrase;Each suspected threat index is same category of suspected threat index, and each suspected threat index corresponds to multiple feelings
It notifies informative text;
For each suspected threat index, corresponding multiple treated the word sequences of the suspected threat index are selected,
It is trained using each suspicious index corresponding word sequence of the multi-instance learning algorithm to selection and generates more than one example
Practise verifying model;
It is handled using information text of the natural language processing technique to suspected threat index to be measured, generating should be to
Survey can threaten the corresponding word sequence of index;Then using multi-instance learning verifying model to the suspected threat index to be measured
Corresponding word sequence carries out prediction verifying, determines whether the suspected threat index to be predicted is deliberate threat index.
Further, the method for the multi-instance learning verifying model is generated are as follows: by each suspected threat index
Corresponding each word sequence is wrapped as one, each word sequence as an example, generates the training of corresponding suspected threat index
Collection;Each training set is trained using multi-instance learning algorithm, generates the multi-instance learning verifying model.
Further, the multi-instance learning algorithm is multi-instance neural networks model.
Further, the multi-instance neural networks model include Embedding layers, sub-neural network layer and more examples
Practise pond layer;The multi-instance neural networks model is completed to convert the word sequence of each input first with Embedding layers
It for term vector and is entered into the sub-neural network layer, which excavates and analyze the suspected threat index
Semantic feature;Finally the multi-instance learning pond layer classifies to the suspected threat index according to the semantic feature of input
Verifying.
Further, which is AlexNet or RCNN.
Further, each suspected threat index corresponds to multiple information texts.
A kind of suspected threat index verification system based on multi-instance learning, which is characterized in that locate in advance including information
Manage module, multi-instance learning verifying model training module and verifying model prediction module;Wherein,
Information preprocessing module, for using natural language processing technique to the relevant information of each suspected threat index
Information text content is handled, and generates the word sequence containing former semantic information, and by each information text can
It doubts and index is threatened to be substituted for unified setting phrase;Each suspected threat index is same category of suspected threat index, often
One suspected threat index corresponds to multiple information texts;
Multi-instance learning verifies model training module, for corresponding to each suspicious index using multi-instance learning algorithm
Word sequence be trained and generate a multi-instance learning verifying model;For each suspected threat index, select this can
It doubts and threatens corresponding multiple treated the word sequences of index for training;
Model prediction module is verified, for corresponding to suspected threat index to be measured using multi-instance learning verifying model
Word sequence carry out prediction verifying, determine whether the suspected threat index to be predicted is deliberate threat index;Wherein, using nature
Language processing techniques handle the information text of the suspected threat index to be measured, and generating this to be measured can threaten index
Corresponding word sequence.
Further, multi-instance learning verifying model training module using multi-instance learning algorithm to each training set into
Row training generates the multi-instance learning verifying model;Wherein, by the corresponding each word sequence of each described suspected threat index
It is wrapped as one, each word sequence as an example, generates the training set of corresponding suspected threat index.
Further, the multi-instance learning algorithm is multi-instance neural networks model;The multi-instance neural networks mould
Type includes Embedding layers, sub-neural network layer and multi-instance learning pond layer;The multi-instance neural networks model is sharp first
Term vector is converted to the word sequence of each input with Embedding layers of completion and is entered into the sub-neural network layer,
The sub-neural network layer excavates the semantic feature with the analysis suspected threat index;Finally the multi-instance learning pond layer according to
The semantic feature of input carries out classification verifying to the suspected threat index.
Further, each suspected threat index corresponds to multiple information texts.
The suspected threat index verification method based on multi-instance learning that the present invention provides a kind of, as shown in Figure 1, main packet
Include the following steps: information pre-treatment step, multi-instance learning verify model training step and verifying model prediction step.
Information pre-treatment step is used for the information relevant to suspected threat index being collected into advance
Natural language processing technique handles content of text, generates the word sequence containing former semantic information.
Multi-instance learning verifies model training step, selects multiple treated information word order column informations of same index,
Using multi-instance learning algorithm, training simultaneously generates available multi-instance learning verifying model.
Model prediction step is verified, verifying model trained in above-mentioned steps and suspected threat index to be measured are utilized
Information text carries out prediction verifying to it, determines whether the suspected threat index to be measured is deliberate threat index.
Further, the pretreated specific practice of the information are as follows: will first with canonical matching and replacement technology
Suspected threat index in existing information identifies and is substituted for unified particular phrase, avoids the name of different indexs to testing
Demonstrate,prove the influence of result.Then text information is segmented using the participle technique in natural language processing, and is removed and stops
The processing such as word, retains the former semantic information of text as much as possible, so as to later period study.
Further, the specific practice of multi-instance learning verifying model training are as follows: using the index marked and its
Relevant information (i.e. training set) training verifying model, in training set, by all treated related word order of each index
Column are regarded as one " packet ", each word sequence is regarded as one " example ", select multi-instance learning algorithm, such as more exemplary neural nets
Network considers multiple example informations jointly, generates the verifying higher verifying model of accuracy rate.Each index has multiple and different samples
Example segments multiple examples, and treated, and word sequence is not identical.
Further, the specific practice of the verifying model prediction are as follows: for suspected threat index to be verified and its phase
It closes and threatens information (i.e. test set), pretreatment obtains its relevant more example word order column information, then utilizes trained verifying
Model malicious carries out prediction verifying to its.
Key problem in technology point of the invention is:
1) define a kind of suspected threat index verification method based on multi-instance learning, can low cost, efficiently and accurately
Verifying is made to suspected threat index.
2) a kind of information data processing method is provided, related word sequence is obtained after processing, retains letter as much as possible
Semantic information in breath.
3) multiple informations relevant to suspected threat index are utilized, can sufficiently excavate the potential of suspected threat index
Feature more accurately judges whether it is malice index.
4) devise a kind of multi-instance neural networks structure, can be automatically performed verifying end-to-endly, reduce artificial investment with
Mistake interference.
Compared with prior art, the positive effect of the present invention are as follows:
1, this method has carried out serializing processing to relevant information, remains text semantic information, and can be improved can
Doubt the accuracy rate for threatening index verification.
2, this method is comprehensive uses a plurality of related term sequence information, can reinforce the active analysis to suspicious index, reduction is tested
The rate of false alarm of card.
3, this method devises efficient multi-instance neural networks structure, can sufficiently excavate the potential feature of word sequence, real
The existing automatic verifying in end-to-end ground, reduces expense cost.
4, this method not merely can be applied to simple suspected threat index verification, apply also for Cyberthreat information
IOC index is excavated, and can update the threat index after accurate validation into existing information bank.
Detailed description of the invention
Suspected threat index verification method flow diagram of the Fig. 1 based on multi-instance learning.
Suspected threat index verification method model instance figure of the Fig. 2 based on multi-instance learning.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with attached drawing to of the invention
Specific embodiment is described, so that those skilled in the art more fully understands the present invention.It should be noted that following
In description, when perhaps the detailed description of known function and design can desalinate main contents of the invention, these descriptions are herein
It will be ignored.
A kind of suspected threat index verification method based on multi-instance learning of example 1
Present invention can apply to the automatic verifyings of a plurality of types of suspected threat indexs.Example by taking suspicious APT domain name as an example,
Illustrate concrete application of the invention.
For some suspicious APT domain names and relative more threats information, verified automatically using this method
Its whether be APT attack in malice domain name.Here is specific steps:
1) related information pretreatment
Illustrate pre-treatment step by taking a suspicious APT domain name " jerrycoper.org " as an example, existing 3 relative
Threat information report, first matches the suspicious APT domain name in every report first, is substituted for " IS_APT_DOMAIN " spy
Determine phrase, avoids influence of the different suspicious APT domain names to later period model training.
Then the participle tool or parser for utilizing natural language processing carry out word segmentation processing to every article.Finally
Useless stop words is removed, but retains the semantic information of former report as much as possible, arrangement obtains corresponding word sequence, for rear
Phase training and verifying.
2) the verifying model training of multi-instance learning
Select the domain name index of existing classification mark, i.e., known APT domain name and non-APT domain name and relative
Input of the information word sequence as verifying model that treated, is input in designed multi-instance neural networks model, such as Fig. 2
It is shown.
It is integrally input in model using multiple word sequences of single index as " packet ", model is first with Embedding
Layer is completed to convert the term vector of each word sequence.Then the term vector after converting is linked into subsequent sub-neural network layer
In, the sub-neural network flexible structure, the neural network that can be directly built up using advanced group, such as AlexNet, RCNN;?
The neural network from building can be used, such as the combination of convolutional layer and full articulamentum, which is stealthy feature extraction
With study, the semantic feature of automatic mining and analysis domain name index.Finally the multi-instance learning pond layer utilizes and learns front
From neural network learning to semantic feature, classification verifying is carried out to the suspected threat index.
By aforesaid operations, model is verified using the multi-instance learning that good classification effect can be obtained after training set training.It should
Model is input with domain name index and its word order column vector of information, exports the verification result of domain name index.
3) model prediction is verified
After having pre-training model, suspicious domain name index can be verified automatically.For suspicious domain name and and its
Relevant information first carries out 1) step operation to it, obtains corresponding information word sequence.It is then enter into 2) step
In rapid trained model, model can be automatically performed classification verifying, export last verification result.
In specific experiment, we pass through the pond of neural net layer structure and multi-instance learning pond layer in modification model
Change method, can be obtained a variety of classification verifying models, they may be up to up to 92% or more, most the verifying accuracy rate of suspicious domain name
Height can be to 98% or so.The experimental result of the example also demonstrates proposed by the present invention based on the suspicious of multi-instance learning again
Threaten the high efficiency and accuracy of index verification method.
Although the illustrative specific embodiment of the present invention is described above, in order to the research of the art
Personnel understand the present invention, it should be apparent that the present invention is not limited to the range of specific embodiment, to the common skill of the art
For art personnel, all within the spirits and principles of the present invention, any modification, equivalent substitution, improvement and etc. done should all include
Within the scope of protection of the invention.
Claims (10)
1. a kind of suspected threat index verification method based on multi-instance learning, step include:
The relevant information content of text of each suspected threat index is handled using natural language processing technique, generation contains
There is the word sequence of former semantic information, and it is short that the suspected threat index in each information text is substituted for unified setting
Language;Each suspected threat index is same category of suspected threat index, and each suspected threat index corresponds to multiple information letters
Informative text;
For each suspected threat index, corresponding multiple treated word sequence, the applications of the suspected threat index are selected
Multi-instance learning algorithm is trained to the corresponding word sequence of each suspicious index of selection and generates a multi-instance learning and tests
Model of a syndrome;
Handled using information text of the natural language processing technique to suspected threat index to be measured, generate this it is to be measured can
To threaten the corresponding word sequence of index;Then corresponding to the suspected threat index to be measured using multi-instance learning verifying model
Word sequence carry out prediction verifying, determine whether the suspected threat index to be predicted is deliberate threat index.
2. the method as described in claim 1, which is characterized in that the method for generating the multi-instance learning verifying model are as follows: will
The corresponding each word sequence of each described suspected threat index is wrapped as one, each word sequence as an example, generates
The training set of corresponding suspected threat index;Each training set is trained using multi-instance learning algorithm, is generated described more
Learn-by-example verifying model.
3. method according to claim 1 or 2, which is characterized in that the multi-instance learning algorithm is multi-instance neural networks
Model.
4. method as claimed in claim 3, which is characterized in that the multi-instance neural networks model includes Embedding layers,
Sub-neural network layer and multi-instance learning pond layer;The multi-instance neural networks model is completed first with Embedding layers
Term vector is converted to the word sequence of each input and is entered into the sub-neural network layer, which excavates
With the semantic feature for analyzing the suspected threat index;Finally the multi-instance learning pond layer is according to the semantic feature of input to institute
It states suspected threat index and carries out classification verifying.
5. method as claimed in claim 4, which is characterized in that the sub-neural network layer is AlexNet or RCNN.
6. the method as described in claim 1, which is characterized in that each suspected threat index corresponds to multiple information texts
This.
7. a kind of suspected threat index verification system based on multi-instance learning, which is characterized in that pre-processed including information
Module, multi-instance learning verifying model training module and verifying model prediction module;Wherein,
Information preprocessing module, for using natural language processing technique to the relevant information of each suspected threat index
Content of text is handled, and generates the word sequence containing former semantic information, and by the suspicious prestige in each information text
Side of body index is substituted for unified setting phrase;Each suspected threat index is same category of suspected threat index, Mei Yike
It doubts and index is threatened to correspond to multiple information texts;
Multi-instance learning verifies model training module, for using multi-instance learning algorithm to the corresponding word of each suspicious index
Sequence is trained and generates multi-instance learning verifying model;For each suspected threat index, the suspicious prestige is selected
Corresponding multiple treated the word sequences of side of body index are for training;
Model prediction module is verified, for verifying model to the corresponding word of suspected threat index to be measured using the multi-instance learning
Sequence carries out prediction verifying, determines whether the suspected threat index to be predicted is deliberate threat index;Wherein, using natural language
Processing technique handles the information text of the suspected threat index to be measured, and generating this to be measured can threaten index corresponding
Word sequence.
8. system as claimed in claim 7, which is characterized in that the multi-instance learning verifying model training module utilizes to be shown more
Example learning algorithm is trained each training set, generates the multi-instance learning verifying model;Wherein, each is described suspicious
The corresponding each word sequence of index is threatened to wrap as one, each word sequence as an example, generates corresponding suspected threat and refers to
Target training set.
9. system as claimed in claim 7, which is characterized in that the multi-instance learning algorithm is multi-instance neural networks mould
Type;The multi-instance neural networks model includes Embedding layers, sub-neural network layer and multi-instance learning pond layer;It is described
Multi-instance neural networks model first with Embedding layers complete to the word sequence of each input be converted to term vector and by its
It is input in the sub-neural network layer, which excavates the semantic feature with the analysis suspected threat index;Most
The multi-instance learning pond layer carries out classification verifying to the suspected threat index according to the semantic feature of input afterwards.
10. system as claimed in claim 7, which is characterized in that each suspected threat index corresponds to multiple informations
Text.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810727300.8A CN110020190B (en) | 2018-07-05 | 2018-07-05 | Multi-instance learning-based suspicious threat index verification method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810727300.8A CN110020190B (en) | 2018-07-05 | 2018-07-05 | Multi-instance learning-based suspicious threat index verification method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110020190A true CN110020190A (en) | 2019-07-16 |
| CN110020190B CN110020190B (en) | 2021-06-01 |
Family
ID=67188326
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810727300.8A Active CN110020190B (en) | 2018-07-05 | 2018-07-05 | Multi-instance learning-based suspicious threat index verification method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110020190B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111291378A (en) * | 2019-12-05 | 2020-06-16 | 中国船舶重工集团公司第七0九研究所 | Threat information judging and researching method and device |
| CN115225413A (en) * | 2022-09-20 | 2022-10-21 | 北京微步在线科技有限公司 | Method and device for extracting defect index, electronic equipment and storage medium |
| CN116723051A (en) * | 2023-08-07 | 2023-09-08 | 北京安天网络安全技术有限公司 | Domain name information generation method, device and medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140259114A1 (en) * | 2013-03-08 | 2014-09-11 | Next Level Security Systems, Inc. | System and method for monitoring a threat |
| CN105205113A (en) * | 2015-09-01 | 2015-12-30 | 西安交通大学 | System and method for excavating abnormal change process of time series data |
| CN105955952A (en) * | 2016-05-03 | 2016-09-21 | 成都数联铭品科技有限公司 | Information extraction method based on bi-directional recurrent neural network |
| CN106685996A (en) * | 2017-02-23 | 2017-05-17 | 上海万雍科技股份有限公司 | Method for detecting account abnormal logging based on HMM model |
| CN107241352A (en) * | 2017-07-17 | 2017-10-10 | 浙江鹏信信息科技股份有限公司 | A kind of net security accident classificaiton and Forecasting Methodology and system |
| CN107564526A (en) * | 2017-07-28 | 2018-01-09 | 北京搜狗科技发展有限公司 | Processing method, device and machine readable media |
| CN107992746A (en) * | 2017-12-14 | 2018-05-04 | 华中师范大学 | Malicious act method for digging and device |
-
2018
- 2018-07-05 CN CN201810727300.8A patent/CN110020190B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140259114A1 (en) * | 2013-03-08 | 2014-09-11 | Next Level Security Systems, Inc. | System and method for monitoring a threat |
| CN105205113A (en) * | 2015-09-01 | 2015-12-30 | 西安交通大学 | System and method for excavating abnormal change process of time series data |
| CN105955952A (en) * | 2016-05-03 | 2016-09-21 | 成都数联铭品科技有限公司 | Information extraction method based on bi-directional recurrent neural network |
| CN106685996A (en) * | 2017-02-23 | 2017-05-17 | 上海万雍科技股份有限公司 | Method for detecting account abnormal logging based on HMM model |
| CN107241352A (en) * | 2017-07-17 | 2017-10-10 | 浙江鹏信信息科技股份有限公司 | A kind of net security accident classificaiton and Forecasting Methodology and system |
| CN107564526A (en) * | 2017-07-28 | 2018-01-09 | 北京搜狗科技发展有限公司 | Processing method, device and machine readable media |
| CN107992746A (en) * | 2017-12-14 | 2018-05-04 | 华中师范大学 | Malicious act method for digging and device |
Non-Patent Citations (3)
| Title |
|---|
| ONUR CATAKOGLU 等: "Automatic Extraction of Indicators of Compromise for Web Applications", 《ACM》 * |
| XIAOJING LIAO 等: "Acing the IOC Game: Toward Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence", 《ACM》 * |
| 邢宁: "面向文本分类任务的主题强化词句嵌入模型研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111291378A (en) * | 2019-12-05 | 2020-06-16 | 中国船舶重工集团公司第七0九研究所 | Threat information judging and researching method and device |
| CN111291378B (en) * | 2019-12-05 | 2022-08-02 | 中国船舶重工集团公司第七0九研究所 | Threat information judging and researching method and device |
| CN115225413A (en) * | 2022-09-20 | 2022-10-21 | 北京微步在线科技有限公司 | Method and device for extracting defect index, electronic equipment and storage medium |
| CN116723051A (en) * | 2023-08-07 | 2023-09-08 | 北京安天网络安全技术有限公司 | Domain name information generation method, device and medium |
| CN116723051B (en) * | 2023-08-07 | 2023-10-27 | 北京安天网络安全技术有限公司 | Domain name information generation method, device and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110020190B (en) | 2021-06-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105897714A (en) | Botnet detection method based on DNS (Domain Name System) flow characteristics | |
| CN110245496A (en) | A kind of source code leak detection method and detector and its training method and system | |
| CN110035049A (en) | Earlier cyber-defence | |
| CN104598535B (en) | A kind of event extraction method based on maximum entropy | |
| CN110233849A (en) | The method and system of network safety situation analysis | |
| CN106570513A (en) | Fault diagnosis method and apparatus for big data network system | |
| CN110162478B (en) | Defect code path positioning method based on defect report | |
| CN110020190A (en) | A kind of suspected threat index verification method and system based on multi-instance learning | |
| CN109005145A (en) | A kind of malice URL detection system and its method extracted based on automated characterization | |
| CN105516127A (en) | Internal threat detection-oriented user cross-domain behavior pattern mining method | |
| CN110276068A (en) | Law merit analysis method and device | |
| CN109670306A (en) | Electric power malicious code detecting method, server and system based on artificial intelligence | |
| CN110177114A (en) | The recognition methods of network security threats index, unit and computer readable storage medium | |
| CN109918505A (en) | A kind of network security incident visualization method based on text-processing | |
| CN113821804B (en) | Cross-architecture automatic detection method and system for third-party components and security risks thereof | |
| CN103870754A (en) | Malicious program recognition and training model generation method and device | |
| CN112685738B (en) | Malicious confusion script static detection method based on multi-stage voting mechanism | |
| CN115186015B (en) | Network security knowledge graph construction method and system | |
| CN109871688A (en) | vulnerability threat degree evaluation method | |
| CN107180190A (en) | A kind of Android malware detection method and system based on composite character | |
| CN108256329A (en) | Fine granularity RAT program detecting methods, system and corresponding APT attack detection methods based on dynamic behaviour | |
| CN112333128B (en) | Web attack behavior detection system based on self-encoder | |
| CN115277180A (en) | Block chain log anomaly detection and tracing system | |
| CN115017513A (en) | Intelligent contract vulnerability detection method based on artificial intelligence | |
| Partenza et al. | Automatic identification of vulnerable code: Investigations with an ast-based neural network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |