CN110417751A - A kind of network safety pre-warning method, device and storage medium - Google Patents
A kind of network safety pre-warning method, device and storage medium Download PDFInfo
- Publication number
- CN110417751A CN110417751A CN201910619821.6A CN201910619821A CN110417751A CN 110417751 A CN110417751 A CN 110417751A CN 201910619821 A CN201910619821 A CN 201910619821A CN 110417751 A CN110417751 A CN 110417751A
- Authority
- CN
- China
- Prior art keywords
- data
- loophole
- current
- current system
- parameter
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Debugging And Monitoring (AREA)
Abstract
The embodiment of the present application discloses a kind of network safety pre-warning method, device and storage medium, wherein the embodiment of the present application can obtain system vulnerability data from data source;History dependence verification result based on the corresponding source-information of the system vulnerability data and legacy system loophole data, obtains the security association parameters between the system vulnerability data and current system;According to the security association parameters, the goal systems loophole data safely with current system with correlation are chosen from the system vulnerability data;The goal systems loophole data are verified with the correlation between current system safety;When history dependence verification result includes being verified, early warning is carried out to the user of current system.The present embodiment is based on the corresponding data source of system vulnerability data and history dependence verification result, screens to system vulnerability data, therefore, more accurately can carry out network safety pre-warning to user.
Description
Technical field
This application involves the technical fields of network security, and in particular to a kind of network safety pre-warning method, device and storage
Medium.
Background technique
In recent years, network security problem has attracted more and more attention from people, and thereby produces some Network Warning platforms, can
To remind user, patching bugs in time.But existing network safety pre-warning platform for vulnerability information processing and selected
Filtering method is not accurate enough, therefore, can be made to user more mistake, with the unrelated early warning safely of the system of user.
Summary of the invention
The embodiment of the present application provides a kind of network safety pre-warning method, device and storage medium, can accurately to
Family carries out network safety pre-warning.
In a first aspect, the embodiment of the present application provides a kind of network safety pre-warning method, comprising:
System vulnerability data are obtained from data source;
History dependence based on the corresponding source-information of the system vulnerability data and legacy system loophole data is tested
Card is as a result, obtain the security association parameters between the system vulnerability data and current system, wherein history dependence result is
Relevance verification result between legacy system loophole data and current system safety;
According to the security association parameters, choosing from the system vulnerability data has safely correlation with current system
Goal systems loophole data;
The goal systems loophole data are verified with the correlation between current system safety;
When history dependence verification result includes being verified, early warning is carried out to the user of current system.
In some embodiments, the corresponding source-information of the system vulnerability data and legacy system loophole number are based on
According to history dependence verification result, obtain the security association parameters between the system vulnerability data and current system, comprising:
When history dependence verification result is to be verified, the feature phrase of the legacy system loophole data is obtained;
Obtain the corresponding source-information of the legacy system loophole data;
According to the feature phrase and corresponding source-information of all legacy system loophole data, each data source pair is generated
The feature phrase set answered;
According to the corresponding feature phrase set of each data source, the peace between the system vulnerability data and current system is obtained
Fully associative parameter.
In some embodiments, according to the corresponding feature phrase set of each data source, obtain the system vulnerability data with
Security association parameters between current system, comprising:
Determine the corresponding current data source of current system loophole data;
Obtain the corresponding feature phrase set in current data source;
Based on the corresponding feature phrase set in the current data source, obtain current system loophole data and current system it
Between security association parameters.
In some embodiments, it is based on the corresponding feature phrase set in the current data source, obtains current system loophole
Security association parameters between data and current system, comprising:
Extract the fisrt feature phrase in the corresponding feature phrase set in the current data source;
Obtain the second feature phrase of current system loophole data;
Based on default measuring similarity function, the similarity of the fisrt feature phrase and second feature phrase is obtained;
Summarize the similarity, obtains the security association parameters between the system vulnerability data and current system.
In some embodiments, the feature phrase of the legacy system loophole data is obtained, comprising:
Syntactic analysis is carried out to the legacy system loophole data, obtains lexical unit;
According to the frequency that the lexical unit occurs in the legacy system loophole data, the lexical unit is determined
Word frequency parameter;
According to the frequency that the lexical unit occurs in all legacy system loophole data, the lexical unit is determined
Inverse document frequency parameter;
Based on the word frequency parameter and inverse document frequency parameter, the feature phrase of the legacy system loophole data is determined.
In some embodiments, it is based on the word frequency parameter and inverse document frequency parameter, determines the legacy system loophole
The feature phrase of data, comprising:
Based on the word frequency parameter and inverse document frequency parameter, the characteristic parameter of the lexical unit is obtained;
According to the characteristic parameter of the lexical unit, the Feature Words of the legacy system loophole data are determined;
The Feature Words are combined, the feature phrase of the legacy system loophole data is obtained.
In some embodiments, described according to the security association parameters, it chooses and works as from the system vulnerability data
Preceding system has safely the goal systems loophole data of correlation, comprising:
When the security association parameters are within the scope of the first default value, current system loophole data are chosen as target
System vulnerability data;
When the security association parameters are within the scope of the second default value, the hot topic of the current system loophole data is obtained
Extent index;
Obtain the safety verification result statistical parameter of the corresponding data source of the current system loophole data;
According to the popular degree parameter and safety verification result statistical parameter, goal systems building loophole data are chosen.
In some embodiments, the popular degree parameter of the current system loophole data is obtained, comprising:
Based on the issuing time of the current system loophole data, from the system vulnerability data, candidate system is chosen
Loophole data;
Based on the candidate system loophole data, the candidate system loophole data are chosen from the feature phrase set
Feature Words;
The repetition frequency of Feature Words in Feature Words based on the candidate system loophole data creates popular feature phrase collection
It closes;
Based on the Feature Words of the current system loophole, in the frequency of the middle appearance of the popular feature phrase set, really
The popular degree parameter of settled preceding candidate system loophole data.
In some embodiments, the safety verification result statistics of the corresponding data source of the current system loophole data is obtained
Parameter, comprising:
Based on the history dependence verification result, the corresponding data source of the legacy system loophole data is determined;
All history verifying correlation results are divided according to corresponding data source, the safety for obtaining each data source is tested
Demonstrate,prove result statistical parameter;
Determine the safety verification result statistical parameter of the corresponding data source of current system loophole data.
In some embodiments, the network safety pre-warning method further include:
When verifying does not pass through, it is determined that the corresponding target data source of current goal system vulnerability data;
Based on current goal system vulnerability data, obtain and current system unrelated target signature phrase safely;
Based on the target signature phrase, the feature phrase set of target data source is updated.
In some embodiments, the safe early warning method further include:
When the failure of goal systems loophole data decimation, obtain and the safety-related system vulnerability data set of current system;
If the system vulnerability data set includes supplement different from target loophole data, and safety-related with current system
System vulnerability data;
Obtain the complementary features phrase of the replenishment system loophole data;
Based on the complementary features phrase, the feature phrase collection of the corresponding data source of the replenishment system loophole data is updated
It closes.
In some embodiments, system vulnerability data are obtained from data source, comprising:
Initial data is acquired from the data source;
Semantic analysis is carried out to the initial data, obtains system vulnerability data.
In some embodiments, from the data source, initial data is acquired, comprising:
Multiple network address are obtained from default collection of network addresses;
Initial data is acquired from multiple data sources respectively based on the multiple network address.
Second aspect, embodiments herein provide a kind of network safety pre-warning device, comprising:
Acquiring unit, for obtaining system vulnerability data from data source;
Computing unit, for based on the corresponding data source of the system vulnerability data and legacy system loophole data
History dependence verification result obtains the security association parameters between the system vulnerability data and current system, wherein history
Relevance verification result of the correlation results between legacy system loophole data and current system safety;
Selection unit is used for according to the security association parameters, selection and current system from the system vulnerability data
Safety has the goal systems loophole data of correlation;
Authentication unit, for being tested with the correlation between current system safety the goal systems loophole data
Card;
Prewarning unit, for being carried out to the user of current system when history dependence verification result includes being verified
Early warning.
The third aspect, the storage medium that embodiments herein provides, is stored thereon with computer program, when computer journey
When sequence is run on computers, so that computer executes the network safety pre-warning method provided such as the application any embodiment.
The embodiment of the present application can obtain system vulnerability data from data source;It is corresponding based on the system vulnerability data
The history dependence verification result of data source and legacy system loophole data obtains the system vulnerability data and current system
Security association parameters between system, wherein history dependence result is between legacy system loophole data and current system safety
Relevance verification result;According to the security association parameters, chosen from the system vulnerability data and current system safety
Goal systems loophole data with correlation;To the correlation between the goal systems loophole data and current system safety
It is verified;When history dependence verification result includes being verified, early warning is carried out to the user of current system.The present embodiment
Based on the corresponding data source of system vulnerability data and history dependence verification result, system vulnerability data are screened, are chosen
It is related to user, be possible to system vulnerability data impact to user, correct, and based on the goal systems chosen
Loophole data carry out network safety pre-warning to user.It therefore, can be more quickly and accurately pre- to user's progress network security
It is alert.
Detailed description of the invention
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment
Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for
For those skilled in the art, without creative efforts, it can also be obtained according to these attached drawings other attached
Figure.
Fig. 1 is the application scenarios schematic diagram of network safety pre-warning method provided by the embodiments of the present application.
Fig. 2 is a flow diagram of network safety pre-warning method provided by the embodiments of the present application.
Fig. 3 is another flow diagram of network safety pre-warning method provided by the embodiments of the present application.
Fig. 4 a is the schematic diagram of terminal interface provided by the embodiments of the present application.
Fig. 4 b is functional hierarchy schematic diagram provided by the embodiments of the present application.
Fig. 4 c is server incidence relation schematic diagram provided by the embodiments of the present application.
Fig. 4 d is network safety pre-warning method algorithm flow schematic diagram provided by the embodiments of the present application.
Fig. 5 a is a kind of structural schematic diagram of network safety pre-warning device provided by the embodiments of the present application.
Fig. 5 b is another structural schematic diagram of network safety pre-warning device provided by the embodiments of the present application.
Fig. 6 is the schematic diagram of the network equipment provided by the embodiments of the present application.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, those skilled in the art's every other implementation obtained without creative efforts
Example, shall fall within the protection scope of the present invention.
The embodiment of the present invention provides a kind of network safety pre-warning method, device and storage medium.
The embodiment provides a kind of network security warning system, the net including any offer of the embodiment of the present invention
Network safety early warning device, the network safety pre-warning device can specifically integrate in the server.
In addition, the network security warning system can also include other equipment, such as terminal etc..
For example, network security warning system, including terminal and server, terminal and server pass through lattice chain with reference to Fig. 1
It connects.It wherein, include the network entities such as router, gateway in network.
Server can obtain system vulnerability data from data source;Based on the corresponding data of the system vulnerability data
The history dependence verification result of source and legacy system loophole data, obtain the system vulnerability data and current system it
Between security association parameters, wherein phase of the history dependence result between legacy system loophole data and current system safety
Closing property verification result;According to the security association parameters, choosing from the system vulnerability data has safely with current system
The goal systems loophole data of correlation;Correlation between the goal systems loophole data and current system safety is carried out
Verifying;When history dependence verification result includes being verified, early warning is carried out to the user of current system.
Wherein, server can crawl initial data by network linking from data source, and data source may include country
Information security loophole shared platform, loophole researcher or the blog of loophole research team, system component manufacturer official website,
Secure e-mail list etc..By taking the official website of system component manufacturer as an example, server can crawl the bulletin page in official website
Face, and semantic analysis is carried out to the data of the bulletin page, it obtains about the content of bulletin and publisher, issuing time
Etc. information.
In one embodiment, server can be responsible for the transmission target loophole number of the terminal of relevance verification into system
According to server can save the target loophole data, and verify to the target loophole data, and to the end where user
End forwards the target loophole data,
The example of above-mentioned Fig. 1 is a system architecture example for realizing the embodiment of the present invention, and the embodiment of the present invention is unlimited
In above-mentioned system structure shown in FIG. 1, it is based on the system architecture, proposes each embodiment of the present invention.
It is described in detail separately below.It should be noted that the serial number of following embodiment is not as preferably suitable to embodiment
The restriction of sequence.
The present embodiment will be described from the angle of network safety pre-warning device, which specifically can be with
It integrates in the server.
As shown in Fig. 2, providing a kind of network safety pre-warning method, this method can be executed by the processor of server,
The detailed process of the network safety pre-warning method is as follows:
101, system vulnerability data are obtained from data source.
Wherein, data source refers to the source for obtaining system vulnerability data and channel, and in message area, data source is properly termed as
Information source.
In one embodiment, information source may include national information security breaches shared platform, loophole researcher or leakage
Multiple data sources such as the blog of hole research team, the official website of system component manufacturer, secure e-mail list are (for example, in reality
In, the present embodiment is by long-term screening, it is determined that more than 150 more reliable information source).Data in the embodiment of the present application
Source can be the data source for obtaining system vulnerability data, and required system vulnerability data can be generally obtained from data source
Wherein, system vulnerability (Systemvulnerabilities) refers to application software or operating system software in logic
Defect or mistake in design, are utilized by illegal person, are implanted into the modes such as wooden horse, virus by network to attack or control entire electricity
Brain steals capsule information and information in computer, or even destroys system.
Correspondingly, system vulnerability data refer to the data about system vulnerability got.
Wherein, the system vulnerability data in data source are mostly primal system loophole data, for example, the official of system component manufacturer
It is newest, original vulnerability information that square website, which is generally issued all, is not by the proficiency of reprinting, translation, duplication and typesetting
Vulnerability information, the system vulnerability data got from the official website of system component manufacturer are primal system loophole data.
System vulnerability data are obtained from original data source, it can be to avoid key caused by reprinting, translation, duplication and typesetting
Information loss, mistake, so as to improve the accuracy of safe early warning, and obtain newest system vulnerability number much sooner
According to.
System vulnerability data are obtained from multiple data sources, are also beneficial to much sooner, comprehensively obtain fresh system
Loophole data.For example, certain data sources are unstable, such as loophole researcher deletes blog or website revision, server can not
System vulnerability data are obtained, then server can also obtain system vulnerability data from other data sources.
In one embodiment, system vulnerability data are obtained from data source includes:
Initial data is acquired from the data source;
Semantic analysis is carried out to the initial data, obtains system vulnerability data.
Wherein, initial data is the content shown in data source, for example, initial data can be the bulletin in official website
The page.
Wherein, after system vulnerability data are to the semantic analyses such as lexical unit identification, sentence division are carried out in initial data
Obtained data, system vulnerability data may include the bulletin content in bulletin page, and time, the publication of publication bulletin
The information such as person, issuing web site.Bulletin content can be the form of article, and article may include loophole program, and endanger to loophole
Harmful brief introduction.
Wherein, in one embodiment, then available dynamic data renders dynamic data to obtain original number
According to for example, some data source websites are to be programmed using javascript programming to the page, in the page of data source website only
It shows static information, needs to show hiding information by user's operation triggering command, or over time, service
Device can obtain the information hidden in the page, and the letter that will be hidden by splash by docker in local runtime browser
Breath is rendered into browser page, to get whole initial data.
In one embodiment, from the data source, initial data is acquired, comprising:
Multiple network address are obtained from default collection of network addresses;
Initial data is acquired from multiple data sources respectively based on the multiple network address.
Wherein, network address (Network address) is the logical address that the node on internet has in a network,
Data can be based on network address, transmit between different devices according to the regulation of network protocol.
In one embodiment, network address may include the address ip, and the different addresses ip can be used to different data sources
Acquisition request is issued, so that initial data is obtained, in case a certain address ip, which is frequently issued to same data source, acquires request, and by
Data source forbids accessing.
If issuing acquisition request to a certain data source using a certain address ip, but corresponding original number is not got
According to it is possible to the address ip be replaced, again to the sending acquisition request of the described data source.
102, the history based on the corresponding source-information of the system vulnerability data and legacy system loophole data is related
Property verification result, obtains the security association parameters between the system vulnerability data and current system.
Wherein, the system vulnerability data that get before legacy system loophole data are current time, for example, before 3 days from
The system vulnerability data of data source crawled.
Wherein, relevance verification knot of the history dependence result between legacy system loophole data and current system safety
Fruit, namely in historical time, after carrying out relevance verification safely to legacy system loophole data and current system, obtained knot
Fruit.
Wherein, with reference to Fig. 4 b, current system includes network security warning system and the use of the network security warning system
System applied by the terminal that family uses.For example, network security warning system can to the public platform early warning of cooperation, or outward
Portion user, or cooperation early warning platform issue early warning, can also to network security warning system issue early warning, so as into
Row risk self-inspection.
Wherein, security association parameters are the ginsengs for degree of correlation between gauging system loophole data and current system safety
Number, for example, the bigger expression of the numerical value of security association parameters, system vulnerability data are more related to current system safety;Security association
Parameter can define according to actual needs, for example, in one embodiment, can indicate system vulnerability data by similarity and work as
Degree of correlation namely security association parameters between preceding system safety may include: legacy system loophole data and current system
Similarity between loophole data.
In one embodiment, after obtaining the similarity between legacy system loophole data and current system loophole data,
The quantity that similarity is greater than a certain preset value can also be counted, security association parameters can also include the resulting quantity of the statistics.
In one embodiment, based on the corresponding data source of the system vulnerability data and legacy system loophole data
History dependence verification result obtains the security association parameters between the system vulnerability data and current system, comprising:
When history dependence verification result is to be verified, the feature phrase of the legacy system loophole data is obtained;
Obtain the corresponding source-information of the legacy system loophole data;
According to the feature phrase and corresponding source-information of all legacy system loophole data, each data source pair is generated
The feature phrase set answered;
According to the corresponding feature phrase set of each data source, the peace between the system vulnerability data and current system is obtained
Fully associative parameter.
Wherein, feature phrase is the feature for characterizing system vulnerability data, distinguishes different legacy system loophole data
Phrase.
Wherein, source-information is information relevant to the source of the legacy system loophole, for example, source-information can wrap
It includes: loophole program, publisher, issuing time and corresponding data source etc..
Wherein, feature phrase set includes that same data source is corresponding all by verifying, the spy of legacy system loophole
Levy phrase.This feature phrase set can be to be obtained according to verification result System.
In one embodiment, the feature phrase of the legacy system loophole data is obtained, following steps reality can be specifically used
It is existing:
Syntactic analysis is carried out to the legacy system loophole data, obtains lexical unit;
According to the frequency that lexical unit occurs in legacy system loophole data, the word frequency ginseng of the lexical unit is determined
Number;
According to the frequency that the lexical unit occurs in all legacy system loophole data, the lexical unit is determined
Inverse document frequency parameter;
Based on the word frequency parameter and inverse document frequency parameter, the characteristic parameter of the lexical unit is obtained;
According to the characteristic parameter of the lexical unit, the Feature Words of the legacy system loophole data are determined;
The Feature Words are combined, the feature phrase of the legacy system loophole data is obtained.
Wherein, lexical unit is the significant character field of character composition adjacent in legacy system loophole data, service
Device can identify the lexical unit in legacy system loophole data by semantic analysis.
Wherein, word frequency parameter is used to indicate that the parameter for the frequency that lexical unit occurs in legacy system loophole data,
Wherein, inverse document frequency parameter is used to indicate that the parameter of the degree of particularity of the lexical unit, wherein characteristic parameter is for table
Show lexical unit for the parameter of the significance level of differentiation legacy system loophole data and other legacy system loophole data.
In some embodiments, the number that word frequency parameter can be occurred in legacy system loophole data by lexical unit,
Divided by the number summation that lexical units all in the legacy system loophole data occur, then it is normalized to obtain, it is inverse
Document frequency parameter can be by total legacy system loophole data number divided by the legacy system loophole data comprising the lexical unit
Number, then take logarithm to obtain obtained quotient.
In some embodiments, characteristic parameter can use the product of word frequency parameter and inverse document frequency parameter, to indicate.
It in some embodiments, can be with the biggish lexical unit of selected characteristic parameter, as Feature Words, the feature that will be obtained
Word is combined, and obtains the feature phrase of legacy system loophole data.
In one embodiment, according to the corresponding feature phrase set of each data source, the system vulnerability data is obtained and are worked as
Security association parameters between preceding system, may include steps of:
Determine the corresponding current data source of current system loophole data;
Obtain the corresponding feature phrase set in current data source;
Based on the corresponding feature phrase set in the current data source, obtain current system loophole data and current system it
Between security association parameters.
Based on the corresponding feature phrase set in the current data source, obtain current system loophole data and current system it
Between security association parameters, may include steps of:
Extract the fisrt feature phrase in the corresponding feature phrase set in the current data source;
Obtain the second feature phrase of current system loophole data;
Based on default measuring similarity function, the similarity of the fisrt feature phrase and second feature phrase is obtained;
Summarize the similarity, obtains the security association parameters between the system vulnerability data and current system.
Wherein, fisrt feature phrase includes all feature phrases in the corresponding feature phrase set in current data source, the
The acquisition methods of two feature phrases are repeated no more referring to the acquisition methods of the feature phrase of legacy system loophole data.
Wherein, presetting measuring similarity function is the function for calculating fisrt feature phrase and second feature phrase, can
To include diversified forms, such as Euclidean distance formula, COS distance formula.
In one embodiment, can be according to the size order of the characteristic parameter numerical value of Feature Words, it will be in fisrt feature phrase
Feature Words rearrange, obtain first eigenvector, correspondingly, the Feature Words in second feature phrase rearranged, are obtained
To second feature vector, it is similar with the vector of second feature vector that first eigenvector then is calculated with measuring similarity function
Degree.
Wherein, security association parameters are used to indicate that the ginseng of the degree of correlation of system vulnerability data and current system safety
Number.
In one embodiment, the similarity that can calculate each fisrt feature phrase and second feature phrase, then unites
The quantity that similarity is greater than preset value is counted, if the quantity is within the scope of the first default value, then it is assumed that the system vulnerability data
A possibility that safety-related with current system, is larger, and the similarity that statistics can be obtained is greater than the quantity of preset value, as institute
State the security association parameters between system vulnerability data and current system.
Based on the corresponding data source of system vulnerability data and history dependence verification result, system vulnerability data are sieved
Choosing, choose it is related to user, be possible to system vulnerability data impact to user, correct and can more accurately select
The system vulnerability data that current system is safety-related are taken, so as to more accurately, quickly, comprehensively carry out network peace to user
Full early warning.
102, according to the security association parameters, choosing from the system vulnerability data has safely phase with current system
The goal systems loophole data of closing property.
In one embodiment, described according to the security association parameters, it is chosen from the system vulnerability data and current
System has safely the goal systems loophole data of correlation, can specifically be realized with following steps:
When the security association parameters are within the scope of the first default value, current system loophole data are chosen as target
System vulnerability data;
When the security association parameters are within the scope of the second default value, the hot topic of the current system loophole data is obtained
Extent index;
Obtain the safety verification result statistical parameter of the corresponding data source of the current system loophole data;
According to the popular degree parameter and safety verification result statistical parameter, goal systems building loophole data are chosen.
In another embodiment, semantic analysis can be carried out, according to TF-IDF to the title of legacy system loophole data
(term frequency-inverse document frequency) technology obtains the legacy system loophole number by verifying
According to title keyword, and according to the corresponding data source of legacy system loophole data, by all legacy system loophole data
The keyword of title is divided into the corresponding key word library of each data source, then obtains the keyword of current system loophole data, root
According in key word library whether include current system loophole data keyword, choose goal systems loophole data candidate target system
Loophole data of uniting carry out similarity calculation then to candidate target system vulnerability data one by one, obtain security association parameters, and
Based on security association parameters, goal systems loophole data are therefrom chosen.
Wherein, popular degree parameter is used to indicate that current system loophole data are the popular loophole in nearest a period of time
The parameter of a possibility that information.
If the security association parameters are in third preset range, then it is assumed that current system loophole data and current system
A possibility that safety-related, is smaller, it is therefore contemplated that current system loophole data cannot be chosen for goal systems loophole number
According to.
Wherein, the first default value range, the union of the second default value range and third default value range, including peace
All numerical value that fully associative parameter can be got.
In one embodiment, the division of the first default value range, the second default value range and third preset range, can
To be updated according to history dependence verification result.
In one embodiment, popular degree parameter can be obtained with following steps: being based on the current system loophole data
Issuing time, from the system vulnerability data, choose candidate system loophole data;Based on the candidate system loophole number
According to choosing the Feature Words of the candidate system loophole data from the feature phrase set;Based on the candidate system loophole
The repetition frequency of Feature Words in the Feature Words of data creates popular feature phrase set;Spy based on the current system loophole
The frequency for levying middle appearance of the word in the popular feature phrase set determines the popular degree ginseng of current candidate system vulnerability data
Number.
Wherein, candidate system loophole data are system vulnerability data of the issuing time in candidate time section, wherein candidate
Period is the period near the issuing time of current system loophole data.
Wherein, popular feature phrase set includes in nearest a period of time, in the safety-related system vulnerability of current system
The more popular Feature Words of frequency of occurrence in data.
Wherein, safety verification result statistical parameter is used to indicate that the goal systems loophole number chosen from a certain data source
According to the parameter to current system a possibility that related, in one embodiment, safety verification result statistical parameter may include correlation
Property is verified rate.
In one embodiment, safety verification result statistical parameter can be specifically obtained as follows: being gone through based on described
History relevance verification is as a result, determine the corresponding data source of the legacy system loophole data;All history are verified into correlation knot
Fruit divides according to corresponding data source, obtains the safety verification result statistical parameter of each data source;Determine current system loophole number
According to the safety verification result statistical parameter of corresponding data source.
In one embodiment, described according to the popular degree parameter and safety verification result statistical parameter, choose target
System building loophole data, specifically include:
When the popular degree parameter is greater than the first preset value, chooses current system loophole data and leaked as goal systems
Hole data;
When the popular degree parameter is less than the first preset value, judge whether the safety verification result statistical parameter is big
In the second preset value;
If the safety verification result statistical parameter is greater than the second preset value, current system loophole data are chosen as mesh
Mark system loophole data.
Certainly, if popular degree parameter is less than the first preset value, and safety verification result statistical parameter is default less than second
Value, it may be considered that current system loophole data are smaller a possibility that safety-related with current system, it is therefore contemplated that currently
System vulnerability data cannot be chosen for goal systems loophole data.
In another embodiment, the security association that current system loophole data and legacy system loophole data are calculated is joined
After number, then the safety verification percent of pass of the corresponding data source of available current system loophole data uses security association parameters
With the product of safety verification percent of pass, as choose goal systems loophole data reference parameter.If the product is greater than a certain pre-
If value, then choose the current system vulnerability data, as goal systems loophole data.If the product is less than a certain preset value,
The popular degree parameter of current system loophole data is obtained, if the popular degree parameter is greater than another preset value, selection is deserved
Preceding system vulnerability data, as goal systems loophole data, otherwise it is assumed that current system loophole data and the safe phase of current system
A possibility that pass, is smaller.
It is referred to based on security association parameters, is referred to supplemented by popular degree parameter and safety verification result statistical parameter,
Goal systems loophole data are chosen, the system vulnerability data safety-related with current system can be more accurately obtained.For example,
If popular degree parameter is larger, illustrate in nearest a period of time, loophole researcher leakage similar for current system loophole data
The research in hole is more, illustrates that the number of times of attack of hacker's loophole similar for current system loophole data is more, therefore chooses heat
The door biggish system vulnerability data of extent index, it is preferable for the early warning effect of the safety of current system.
For another example, if the safety verification result statistical parameter of the corresponding data source of current system loophole data is larger, explanation
The data source is more relative to the relevant loophole research of current system, more authoritative, therefore, chooses safety verification result statistics ginseng
The biggish system vulnerability data of number, it is more likely safety-related with current system, for the early warning effect of the safety of current system
Also more preferable.
Goal systems loophole data are chosen based on the above principle, not only can be safety-related with current system a possibility that is more
Height, and the goal systems loophole data bulk chosen is less, it can be to avoid alarm windstorm, wherein alarm windstorm refers to
When large scale network is abnormal, receives a large amount of goal systems loophole data in a short time, cause biggish verifying
Difficulty.
103, the goal systems loophole data are verified with the correlation between current system safety.
Wherein, the purpose of relevance verification is the loophole program verified in goal systems loophole data, if may be to working as
The safety of preceding system impacts.
Wherein, there are many ways to verifying, for example, degree and the goal systems loophole data institute of current system can be transferred
The degree for including compares, to judge whether goal systems loophole data are related to current system.
In one embodiment, when obtaining system vulnerability data from data source, loophole program may be included in data source
Restorative procedure, server can crawl restorative procedure, include the recovery scenario of loophole, server in obtained system vulnerability data
Can judge whether recovery scenario is correct by experiment or machine recognition.
In some embodiments, the restorative procedure of loophole program is not included in data source, it can be from middle acquisition be locally stored
General mitigation scheme, for example, close port or stopping using network etc..
In one embodiment, goal systems loophole data can also be sent to the terminal for being responsible for verifying in system, by people
Work is judged and is verified the operator for being responsible for verifying may determine that whether recovery scenario is correct, or according to loophole program
Recovery scenario is analyzed, or obtains correspondingly mitigation scheme.
104, when relevance verification result includes being verified, early warning is carried out to the user of current system.
When being verified, illustrate the loophole program in goal systems loophole data, it is possible to the safety of current system
It impacts.
When being verified, warning information can be sent to the user of current system, warning information includes the title of loophole,
Component belonging to loophole, the hazard rating of loophole, the recovery scenario of the influence and loophole that may cause and mitigation scheme etc..
Specifically, in one embodiment, server can send warning information to the terminal where user, in warning information
Containing instruction interface, there are many forms for instruction interface, for example, the forms such as input frame, choice box, icon, button.User can lead to
Cross instruction interface triggering loophole reparation instruction.
In one embodiment, instruction interface can be confirmation and repair button, and user clicks the button, that is, can trigger triggering leakage
Instruction is repaired in hole, can use the loophole program in the program replacement current system in recovery scenario.
User can replace the loophole program in current system, or close according to recovery scenario and mitigation scheme manually
Corresponding port avoids current system because the loophole is by network attack.
In one embodiment, when verifying does not pass through, it is determined that the corresponding target data of current goal system vulnerability data
Source;
Based on current goal system vulnerability data, obtain and current system unrelated target signature phrase safely;
Based on the target signature phrase, the feature phrase set of target data source is updated.
Wherein, target signature phrase is the feature for characterizing current goal system vulnerability data, distinguishes different targets
The phrase of system vulnerability data.The method for obtaining target signature phrase, referring to being previously with regard to obtain legacy system loophole data
Method repeats no more.
If verifying does not pass through, illustrate that goal systems loophole data are unrelated safely with current system, server chooses target system
The method for loophole data of uniting is not accurate enough, it is therefore desirable to according to target signature phrase, adjust the feature phrase in target data source
Set.Guarantee the security association parameters obtained according to feature phrase set in turn, can accurately reflect degree of correlation.
In one embodiment, when goal systems loophole data decimation fail when, obtain with current system it is safety-related be
System loophole data set;
If the system vulnerability data set includes supplement different from target loophole data, and safety-related with current system
System vulnerability data;
Obtain the complementary features phrase of the replenishment system loophole data;
Based on the complementary features word, the feature phrase collection of the corresponding data source of the replenishment system loophole data is updated
It closes.
Wherein, in one embodiment, system vulnerability data set includes choosing goal systems loophole data This move hair
The system vulnerability data got after life.
In one embodiment, selection acts generating as a result, including without choosing to goal systems loophole data, Huo Zhexuan
Get goal systems loophole data.
Wherein, it includes a variety of for choosing to goal systems loophole data, for example, choosing to all safety-related with current system
System vulnerability data, or choose to part system vulnerability data safety-related with current system.Wherein, it chooses to all
While safety-related with current system system vulnerability data, it is also possible to choose to current system unrelated system safely
Loophole data.
Wherein, goal systems loophole data decimation unsuccessfully includes: not choose goal systems loophole data, or choose
The system vulnerability data safety-related with current system to part.
Wherein, replenishment system loophole data are that target loophole data are different, and leak with the safety-related system of current system
Hole data.
Wherein, complementary features phrase is the feature for characterizing replenishment system loophole data, compartment system loophole data set
The phrase of interior difference system vulnerability data.Obtain complementary features phrase method, referring to be previously with regard to obtain legacy system loophole
The method of data, repeats no more.
In one embodiment, if crawling replenishment system loophole data before selection movement occurs, but not by it
Goal systems loophole data are chosen for, then complementary features phrase can be added in corresponding feature phrase set.
In one embodiment, if not crawling replenishment system loophole data before selection movement occurs, can supplementing
The corresponding data source conduct of system vulnerability data obtains the source of system vulnerability data from now on, obtains system vulnerability data from now on
When, acquisition request can be also sent to the data source.
According to relevance verification as a result, updating feature phrase set, or data source is added, constantly training server,
The goal systems loophole data chosen can be made higher and higher by the probability of relevance verification in this way.
From the foregoing, it will be observed that the embodiment of the present application can obtain system vulnerability data from data source;Based on the system vulnerability
The history dependence verification result of the corresponding data source of data and legacy system loophole data obtains the system vulnerability number
According to the security association parameters between current system, wherein history dependence result is legacy system loophole data and current system
Relevance verification result between safety of uniting;According to the security association parameters, chooses and work as from the system vulnerability data
Preceding system has safely the goal systems loophole data of correlation;To the goal systems loophole data and current system safety
Between correlation verified;When history dependence verification result includes being verified, carried out to the user of current system pre-
It is alert.
The present embodiment is based on the corresponding data source of system vulnerability data and history dependence verification result, to system vulnerability number
According to being screened, choose it is related to user, be possible to system vulnerability data impact to user, correct, and be based on
The goal systems loophole data chosen carry out network safety pre-warning to user.It therefore, can be more quickly and accurately to user
Carry out network safety pre-warning.
Network safety pre-warning device can integrate in a server, also can integrate the clothes in multiple servers composition
It is engaged in device cluster, the method according to described in preceding embodiment will specifically be integrated in clothes below with the network safety pre-warning device
It illustrates and is described in further detail in business device cluster.
With reference to Fig. 3 and Fig. 4 d, the detailed process of the network safety pre-warning method of the embodiment of the present invention is as follows:
201, server obtains system vulnerability data from data source.
With reference to Fig. 4 c, server cluster includes crawling server and big data server, wherein crawling server can determine
When to multiple data sources send acquisition request, and based on acquisition request, obtain data source in initial data, then by original number
According to semantic analysis is carried out, loophole content, issuing time, publisher, influence version, the detection method etc. in initial data are identified,
System vulnerability data are obtained, then big data server will be transferred to after system vulnerability data format, with reference to Fig. 4 b, according to pre-
The format standard of definition is stored in the memory of big data server.
In one embodiment, with reference to Fig. 4 a, network security warning system further includes terminal, and terminal and big data server are logical
Network linking is crossed, a variety of instruction interfaces such as time of receipt, risk class, search input frame, operation are provided on the page of terminal
Personnel can trigger information acquisition instruction by instruction interface, and by information acquisition instruction, terminal can be from big number
According in server, the informations such as information number, information type, information title, risk class are obtained, and by accessed feelings
Breath of notifying is shown in the page.And operator can also be got big by " checking details " instruction interface in the page
System vulnerability data in data server.To allow operator to observe the working condition of big data server, and
Other researchs are carried out using the system vulnerability data in big data server.
202, server is based on the history of the corresponding data source of the system vulnerability data and legacy system loophole data
Relevance verification is as a result, obtain the security association parameters between the system vulnerability data and current system.
In one embodiment, with reference to Fig. 4 c, server cluster further includes central server, and wherein central server can be with base
In feature phrase set and current system loophole data, the security association between current system loophole data and current system is obtained
Parameter.
In one embodiment, central server can be between the goal systems loophole data and current system safety
Correlation is verified, and after relevance verification, based on the legacy system loophole data for passing through security verification, generates feature
Phrase set.
In one embodiment, with reference to Fig. 4 b, the feature of the available history loophole data by verifying of central server
Phrase is divided into multiple feature phrases according to its corresponding data source then by the feature phrase of all history loophole data
Collection.Wherein, the mode of the feature phrase of legacy system loophole data is obtained referring to the embodiment of front, is repeated no more.
In one embodiment, obtained feature phrase collection can be stored in the memory of central server by central server
In or the memory of big data server in.
In one embodiment, central server can obtain current system loophole data from big data server, then
The second feature phrase of current system loophole data is obtained, and determines the corresponding current data source of current system loophole data, from
Fisrt feature phrase is extracted in the corresponding feature phrase set in current data source, calculates fisrt feature word using COS distance algorithm
The similarity of group and second feature phrase, statistics similarity is greater than the quantity of preset value, using the quantity as security association parameters.
In one embodiment, central server can be according to TF-IDF (term frequency-inversedocument
Frequency) technology, to obtain the feature phrase of current system loophole data, wherein TF means word frequency (Term
Frequency), IDF means inverse document frequency (Inverse DocumentFrequency).TF-IDF technology can be with
A lexical unit is assessed for one of system vulnerability in a system vulnerability data or a system vulnerability data set
The significance level of data.The importance of lexical unit with the directly proportional increase of number that it occurs in system vulnerability data, but
Can be inversely proportional decline with the frequency that it occurs in all system vulnerability data simultaneously.
In one embodiment, word frequency parameter can be calculated using following formula:
Wherein, word frequency parameter is indicated with tfij, ni, j are what the lexical unit occurred in current system loophole data
Number, denominator are then the number summations that all lexical units occur in current system loophole data.
In one embodiment, inverse document frequency can be calculated using following formula:
Wherein, inverse document frequency is indicated with idfi, | D | the sum of system vulnerability data.| { j:ti ∈ dj } | table
Show that the system vulnerability data number comprising lexical unit ti, dj indicate system vulnerability data, ti indicates lexical unit.
Then, use word frequency and the product of inverse document frequency as the characteristic parameter of the lexical unit, selected characteristic ginseng
Number is greater than the lexical unit of a certain preset value, and as Feature Words, combination is characterized phrase.
In one embodiment, it calculates, the Feature Words in feature phrase can be calculated according to TF-IDF technology for convenience
Characteristic parameter out is combined into feature vector according to the descending sequence of characteristic parameter.
First eigenvector is generated by fisrt feature phrase, second feature vector is generated by second feature phrase, using remaining
The similarity of chordal distance function calculating first eigenvector and second feature vector.
According to TF-IDF (term frequency-inverse document frequency) technology, keyword is obtained
Method repeated no more referring to the embodiment of front.
203, server is chosen and current system safety according to the security association parameters from the system vulnerability data
Goal systems loophole data with correlation.
In one embodiment, central server can be referring initially to security association parameters, referring again to popular degree parameter and peace
Full verification result statistical parameter, to determine whether choose current system loophole data, as goal systems loophole data.
Specifically, if security association parameters are sufficiently large, it may be considered that current system loophole data and current system safety
A possibility that related, is very big, and therefore, can directly choose current system loophole data is goal systems loophole data.
If security association parameters are larger, can come referring again to popular degree parameter and safety verification result statistical parameter
Determine whether choose current system loophole data, as goal systems loophole data.
If popular degree parameter is larger, illustrate in nearest a period of time, loophole researcher is for current system loophole data
The research of similar loophole is more, illustrates that the number of times of attack of hacker's loophole similar for current system loophole data is more, because
This chooses the biggish system vulnerability data of popular degree parameter, preferable for the early warning effect of the safety of current system.If current
The safety verification result statistical parameter of the corresponding data source of system vulnerability data is larger, illustrates the data source relative to current system
Relevant loophole research is more, more authoritative, therefore, chooses the biggish system vulnerability data of safety verification result statistical parameter,
It is more likely safety-related with current system, it is also more preferable for the early warning effect of the safety of current system.
In one embodiment, network security warning system further includes verifying terminal, and central server can be to goal systems
Loophole data carry out semantic analysis, generate goal systems vulnerability information, goal systems vulnerability information includes loophole program, target system
The hazard rating for loophole data of uniting, influences the contents such as version, information brief introduction, and be sent to verifying terminal, operator can root
Correlation is analyzed and verified according to goal systems vulnerability information.
204, server verifies the goal systems loophole data with the correlation between current system safety.
Central server can transfer the degree of current system from being locally stored and goal systems loophole data are included
Program compare, to judge whether goal systems loophole data related to current system.
Central server can obtain general alleviation side from being locally stored, or by network connection from internet
Case, for example, close port or stopping using network etc., in one embodiment, central server can be leaked according to goal systems
The feature phrase of hole data, obtains corresponding mitigation scheme.
In some embodiments, central server can also obtain recovery scenario, center service from system vulnerability data
System vulnerability data and its corresponding mitigation scheme, central server are stored in the memory of device can pass through analysis system
The incidence relation of the feature phrase of loophole data and its corresponding mitigation scheme judges the reparation in goal systems loophole data
Whether scheme is reasonable.
If being verified, central server can generate warning information, and will be pre- according to mitigation scheme or recovery scenario
Alert information is sent to user.
In one embodiment, network security warning system further includes verifying terminal, and central server can be by by target
System vulnerability data are sent to verifying terminal.Verifying can be specifically sent in a manner of mail, short message, chat software information eventually
End.Operator can analyze and verify correlation according to goal systems loophole data.
205, when being verified, server carries out early warning to the user of current system.
In one embodiment, network security warning system further includes the terminal where the user of current system, center service
Warning information can be sent to the terminal where the user of current system by device, and the instruction in warning information connects when the user clicks
Mouthful, that is, it can trigger loophole reparation instruction.
In one embodiment, warning information can be sent to the user of current system by central server by network linking
The terminal at place.It specifically can be in a manner of mail, short message, chat software information to user's early warning.
206, server obtains loophole and repairs result.
With reference to Fig. 4 d, after button is repaired in the confirmation in warning information when the user clicks, the terminal where user is available
Recovery scenario, and the loophole program being automatically repaired in current system.Central server can monitor reparation progress, and obtain reparation
As a result, and result and recovery scenario will be repaired being stored in local storage.
In one embodiment, central server can also will repair result and be sent to a certain terminal in system, operator
Member can pass through the utilization power (i.e. whether user selects patching bugs) of the terminal monitoring loophole degree and loophole program
Repair progress.
In some embodiments, with reference to Fig. 4 b, central server, which can save the content of monitoring, to be entered in knowledge base, and
According to the utilization power of the type of system vulnerability data, degree of danger and loophole and situation is repaired, training air control model carries out wind
Danger analysis.
From the foregoing, it will be observed that the embodiment of the present application can obtain system vulnerability data from data source;Based on the system vulnerability
The history dependence verification result of the corresponding data source of data and legacy system loophole data obtains the system vulnerability number
According to the security association parameters between current system;According to the security association parameters, chosen from the system vulnerability data
There are safely the goal systems loophole data of correlation with current system;The goal systems loophole data and current system are pacified
Correlation between complete is verified;When history dependence verification result include be verified when, to current system user into
Row early warning.The present embodiment is based on the corresponding data source of system vulnerability data and history dependence verification result, to system vulnerability number
According to being screened, therefore, network safety pre-warning more accurately can be carried out to user.
In order to better implement above method, the embodiment of the present invention also provides a kind of network safety pre-warning device, the network
Safety early warning device specifically can integrate in the electronic device, which can be server, server, PC etc.
Equipment.
For example, in the present embodiment, will implement so that network safety pre-warning device is integrated in the server as an example to the present invention
Example ground method is described in detail.
For example, as shown in Figure 5 a, which may include acquiring unit 301, computing unit 302, choosing
Take unit 303, authentication unit 304 and prewarning unit 305.It is as follows:
(1) acquiring unit 301, for obtaining system vulnerability data from data source.
In some embodiments, acquiring unit 301 may include acquisition subelement and analyze subelement, as follows:
Subelement is acquired, for acquiring initial data from the data source;
Subelement is analyzed, for carrying out semantic analysis to the initial data, obtains system vulnerability data.
Wherein, acquisition subelement specifically can be used for:
Multiple network address are obtained from default collection of network addresses;
Initial data is acquired from multiple data sources respectively based on the multiple network address.
(2) computing unit 302, for being based on the corresponding data source of the system vulnerability data and legacy system loophole
The history dependence verification result of data obtains the security association parameters between the system vulnerability data and current system.
Wherein, relevance verification knot of the history dependence result between legacy system loophole data and current system safety
Fruit;
In some embodiments, with reference to Fig. 5 b, computing unit 302 may include extracting subelement 3021, summarizing subelement
3022 and computation subunit 3023.
(1) subelement 3021 is extracted, for obtaining the feature phrase of legacy system loophole data.
In some embodiments, subelement 3021 is extracted, specifically can be used for:
When history dependence verification result includes being verified, legacy system loophole data are obtained;
Syntactic analysis is carried out to the legacy system loophole data, obtains lexical unit;
According to the frequency that lexical unit occurs in legacy system loophole data, the word frequency ginseng of the lexical unit is determined
Number;
According to the frequency that the lexical unit occurs in all legacy system loophole data, the lexical unit is determined
Inverse document frequency parameter;
Based on the word frequency parameter and the inverse document frequency parameter, the characteristic parameter of the lexical unit is obtained;
According to the characteristic parameter of the lexical unit, the Feature Words of the legacy system loophole data are determined;
The Feature Words are combined, the feature phrase of the legacy system loophole data is obtained.
(2) summarize subelement 3022, for obtaining the corresponding feature phrase set of each data source.
In some embodiments, summarizing subelement 3021 specifically can be used for:
When history dependence verification result is to be verified, the feature phrase of the legacy system loophole data is obtained;
Obtain the corresponding source-information of the legacy system loophole data;
According to the feature phrase and corresponding source-information of all legacy system loophole data, each data source pair is generated
The feature phrase set answered;
Determine the corresponding current data source of current system loophole data;
Obtain the corresponding feature phrase set in current data source.
(3) computation subunit 3023, for obtaining the ginseng of the security association between the system vulnerability data and current system
Number.
In some embodiments, computation subunit 3023 specifically can be used for:
Extract the fisrt feature phrase in the corresponding feature phrase set in the current data source;
Obtain the second feature phrase of current system loophole data;
Based on default measuring similarity function, the similarity of the fisrt feature phrase and second feature phrase is obtained;
Summarize the similarity, obtains the security association parameters between the system vulnerability data and current system.
(3) selection unit 303, for choosing and working as from the system vulnerability data according to the security association parameters
Preceding system has safely the goal systems loophole data of correlation.
In some embodiments, selection unit 303 may include the first selection subelement 3031, the first parameter acquisition
Unit 3032, the second parameter obtains subelement 3033 and second chooses subelement 3034, as follows:
First chooses subelement 3031, for choosing when the security association parameters are within the scope of the first default value
Current system loophole data are as goal systems loophole data.
First parameter obtains subelement 3032, for working as the security association parameters within the scope of the second default value, obtains
Take the popular degree parameter of the current system loophole data.
In some embodiments, the first parameter obtains subelement 3032 and specifically can be used for:
Based on the issuing time of the current system loophole data, from the system vulnerability data, candidate system is chosen
Loophole data;
Based on the candidate system loophole data, the candidate system loophole data are chosen from the feature phrase set
Feature Words;
The repetition frequency of Feature Words in Feature Words based on the candidate system loophole data creates popular feature phrase collection
It closes;
Feature Words based on the current system loophole are determined in the frequency of the middle appearance of the popular feature phrase set
The popular degree parameter of current candidate system vulnerability data.
Second parameter obtains subelement 3033, for obtaining the safety of the corresponding data source of the current system loophole data
Verification result statistical parameter.
In some embodiments, the second parameter obtains subelement 3033 and specifically can be used for:
Based on the history dependence verification result, the corresponding data source of the legacy system loophole data is determined;
All history verifying correlation results are divided according to corresponding data source, obtain the safety verification knot of each data source
Fruit statistical parameter;
Determine the safety verification result statistical parameter of the corresponding data source of current system loophole data.
Second chooses subelement 3034, for according to the popular degree parameter and safety verification result statistics ginseng
Number chooses goal systems building loophole data.
In some embodiments, the second selection subelement 3034 specifically can be used for:
When the popular degree parameter is greater than the first preset value, chooses current system loophole data and leaked as goal systems
Hole data;
When the popular degree parameter is less than the first preset value, judge whether the safety verification result statistical parameter is big
In the second preset value;
If the safety verification result statistical parameter is greater than the second preset value, current system loophole data are chosen as mesh
Mark system loophole data.
(4) authentication unit 304, for the correlation between the goal systems loophole data and current system safety
It is verified.
(5) prewarning unit 305, for when history dependence verification result include be verified when, to the use of current system
Family carries out early warning.
From the foregoing, it will be observed that the embodiment of the present application can obtain system vulnerability data from data source;Based on the system vulnerability
The history dependence verification result of the corresponding data source of data and legacy system loophole data obtains the system vulnerability number
According to the security association parameters between current system, wherein history dependence result is legacy system loophole data and current system
Relevance verification result between safety of uniting;According to the security association parameters, chooses and work as from the system vulnerability data
Preceding system has safely the goal systems loophole data of correlation;To the goal systems loophole data and current system safety
Between correlation verified;When history dependence verification result includes being verified, carried out to the user of current system pre-
It is alert.
The present embodiment is based on the corresponding data source of system vulnerability data and history dependence verification result, to system vulnerability number
According to being screened, choose it is related to user, be possible to system vulnerability data impact to user, correct, and be based on
The goal systems loophole data chosen carry out network safety pre-warning to user.It therefore, can be more quickly and accurately to user
Carry out network safety pre-warning.
The embodiment of the present invention also provides a kind of server, which can integrate any provided by the embodiment of the present invention
Kind network safety pre-warning device, the server can be tablet computer, miniature processing box, unmanned plane or Image Acquisition and set
It is standby etc..
For example, as shown in fig. 6, specifically coming it illustrates the structural schematic diagram of server involved in the embodiment of the present invention
It says:
The server may include one or processor 401, one or more meters of more than one processing core
The components such as 404 component of memory 402, power supply 403 and input module of calculation machine readable storage medium storing program for executing.Those skilled in the art can
To understand, server architecture shown in Fig. 6 does not constitute the restriction to server, may include more more or fewer than illustrating
Component perhaps combines certain components or different component layouts.Wherein:
Processor 401 is the control centre of the server, utilizes each of various interfaces and the entire server of connection
Part by running or execute the software program and/or module that are stored in memory 402, and calls and is stored in memory
Data in 402, the various functions and processing data of execute server, to carry out integral monitoring to server.In some realities
It applies in example, processor 401 may include one or more processing cores;In some embodiments, processor 401 can integrate at
Manage device and modem processor, wherein the main processing operation system of application processor, user interface and application program etc. are adjusted
Demodulation processor processed mainly handles wireless communication.It is understood that above-mentioned modem processor can not also integrate everywhere
It manages in device 401.
Memory 402 can be used for storing software program and module, and processor 401 is stored in memory 402 by operation
Software program and module, thereby executing various function application and data processing.Memory 402 can mainly include storage journey
Sequence area and storage data area, wherein storing program area can the (ratio of application program needed for storage program area, at least one function
Such as sound-playing function, image player function) etc.;Storage data area, which can be stored, uses created data according to server
Deng.In addition, memory 402 may include high-speed random access memory, it can also include nonvolatile memory, for example, at least
One disk memory, flush memory device or other volatile solid-state parts.Correspondingly, memory 402 can also include
Memory Controller, to provide access of the processor 401 to memory 402.
Server further includes the power supply 403 powered to all parts, and in some embodiments, power supply 403 can pass through electricity
Management system and processor 401 are logically contiguous, to realize management charging, electric discharge and power consumption by power-supply management system
The functions such as management.Power supply 403 can also include one or more direct current or AC power source, recharging system, power supply event
Hinder the random components such as detection circuit, power adapter or inverter, power supply status indicator.
The server may also include input module 404, which can be used for receiving the number or character letter of input
Breath, and generation keyboard related with user setting and function control, mouse, operating stick, optics or trackball signal are defeated
Enter.
Although being not shown, server can also be including display unit etc., and details are not described herein.Specifically in the present embodiment,
Processor 401 in server can according to following instruction, by the process of one or more application program is corresponding can
It executes file to be loaded into memory 402, and runs the application program being stored in memory 402 by processor 401, thus
Realize various functions, as follows:
System vulnerability data are obtained from data source;
It is verified based on the history dependence of the corresponding data source of the system vulnerability data and legacy system loophole data
As a result, obtaining the security association parameters between the system vulnerability data and current system, wherein history dependence result is to go through
Relevance verification result between history system vulnerability data and current system safety;
According to the security association parameters, choosing from the system vulnerability data has safely correlation with current system
Goal systems loophole data;
The goal systems loophole data are verified with the correlation between current system safety;
When history dependence verification result includes being verified, early warning is carried out to the user of current system.
The specific embodiment of above each operation can be found in the embodiment of front, and details are not described herein.
From the foregoing, it will be observed that the embodiment of the present application can obtain system vulnerability data from data source;Based on the system vulnerability
The history dependence verification result of the corresponding data source of data and legacy system loophole data obtains the system vulnerability number
According to the security association parameters between current system, wherein history dependence result is legacy system loophole data and current system
Relevance verification result between safety of uniting;According to the security association parameters, chooses and work as from the system vulnerability data
Preceding system has safely the goal systems loophole data of correlation;To the goal systems loophole data and current system safety
Between correlation verified;When history dependence verification result includes being verified, carried out to the user of current system pre-
It is alert.
The present embodiment is based on the corresponding data source of system vulnerability data and history dependence verification result, to system vulnerability number
According to being screened, choose it is related to user, be possible to system vulnerability data impact to user, correct, and be based on
The goal systems loophole data chosen carry out network safety pre-warning to user.It therefore, can be more quickly and accurately to user
Carry out network safety pre-warning.
It will appreciated by the skilled person that all or part of the steps in the various methods of above-described embodiment can be with
It is completed by instructing, or relevant hardware is controlled to complete by instruction, which can store in computer-readable storage
In medium, and is loaded and executed by processor.
For this purpose, the embodiment of the present application provides a kind of storage medium, wherein being stored with a plurality of instruction, which can be processed
Device is loaded, to execute the step in any network safety pre-warning method provided by the embodiment of the present application.For example, this refers to
Order can execute following steps:
System vulnerability data are obtained from data source;
It is verified based on the history dependence of the corresponding data source of the system vulnerability data and legacy system loophole data
As a result, obtaining the security association parameters between the system vulnerability data and current system, wherein history dependence result is to go through
Relevance verification result between history system vulnerability data and current system safety;
According to the security association parameters, choosing from the system vulnerability data has safely correlation with current system
Goal systems loophole data;
The goal systems loophole data are verified with the correlation between current system safety;
When history dependence verification result includes being verified, early warning is carried out to the user of current system.
Wherein, which may include: read-only memory (ROM, Read Only Memory), random access memory
Body (RAM, Random Access Memory), disk or CD etc..
By the instruction stored in the storage medium, any network peace provided by the embodiment of the present application can be executed
Step in full method for early warning, it is thereby achieved that any network safety pre-warning method institute provided by the embodiment of the present application
The beneficial effect being able to achieve is detailed in the embodiment of front, and details are not described herein.
It is situated between above to a kind of network safety pre-warning method, device provided by the embodiment of the present application, server and storage
Matter is described in detail, and specific examples are used herein to illustrate the principle and implementation manner of the present application, above
The explanation of embodiment is merely used to help understand the present processes and its core concept;Meanwhile for those skilled in the art
Member, according to the thought of the application, there will be changes in the specific implementation manner and application range, to sum up, in this specification
Hold the limitation that should not be construed as to the application.
Claims (13)
1. a kind of network safety pre-warning method characterized by comprising
System vulnerability data are obtained from data source;
It is verified and is tied based on the history dependence of the corresponding source-information of the system vulnerability data and legacy system loophole data
Fruit obtains the security association parameters between the system vulnerability data and current system, wherein history dependence result is history
Relevance verification result between system vulnerability data and current system safety;
According to the security association parameters, the mesh safely with current system with correlation is chosen from the system vulnerability data
Mark system loophole data;
The goal systems loophole data are verified with the correlation between current system safety;
When being verified, early warning is carried out to the user of current system.
2. network safety pre-warning method as described in claim 1, which is characterized in that corresponding based on the system vulnerability data
The history dependence verification result of source-information and legacy system loophole data obtains system vulnerability data and current
Security association parameters between system, comprising:
When history dependence verification result is to be verified, the feature phrase of the legacy system loophole data is obtained;
Obtain the corresponding source-information of the legacy system loophole data;
According to the feature phrase and corresponding source-information of all legacy system loophole data, it is corresponding to generate each data source
Feature phrase set;
According to the corresponding feature phrase set of each data source, the safety obtained between the system vulnerability data and current system is closed
Join parameter.
3. network safety pre-warning method as claimed in claim 2, which is characterized in that according to the corresponding feature phrase of each data source
Set, obtains the security association parameters between the system vulnerability data and current system, comprising:
Determine the corresponding current data source of current system loophole data;
Obtain the corresponding feature phrase set in current data source;
Based on the corresponding feature phrase set in the current data source, obtain between current system loophole data and current system
Security association parameters.
4. network safety pre-warning method as claimed in claim 3, which is characterized in that be based on the corresponding spy in the current data source
Phrase set is levied, the security association parameters between current system loophole data and current system are obtained, comprising:
Extract the fisrt feature phrase in the corresponding feature phrase set in the current data source;
Obtain the second feature phrase of current system loophole data;
Based on default measuring similarity function, the similarity of the fisrt feature phrase and second feature phrase is obtained;
Summarize the similarity, obtains the security association parameters between the system vulnerability data and current system.
5. network safety pre-warning method as claimed in claim 4, which is characterized in that obtain the legacy system loophole data
Feature phrase, comprising:
Syntactic analysis is carried out to the legacy system loophole data, obtains lexical unit;
According to the frequency that the lexical unit occurs in the legacy system loophole data, the word frequency of the lexical unit is determined
Parameter;
According to the frequency that the lexical unit occurs in all legacy system loophole data, the inverse text of the lexical unit is determined
Shelves frequency parameter;
Based on the word frequency parameter and the inverse document frequency parameter, the feature phrase of the legacy system loophole data is determined.
6. network safety pre-warning method as claimed in claim 5, which is characterized in that based on the word frequency parameter and inverse document frequency
Rate parameter determines the feature phrase of the legacy system loophole data, comprising:
Based on the word frequency parameter and the inverse document frequency parameter, the characteristic parameter of the lexical unit is obtained;
According to the characteristic parameter of the lexical unit, the Feature Words of the legacy system loophole data are determined;
The Feature Words are combined, the feature phrase of the legacy system loophole data is obtained.
7. network safety pre-warning method as described in claim 1, which is characterized in that it is described according to the security association parameters,
The goal systems loophole data safely with current system with correlation are chosen from the system vulnerability data, comprising:
When the security association parameters are within the scope of the first default value, current system loophole data are chosen as goal systems
Loophole data;
When the security association parameters are within the scope of the second default value, the popular degree of the current system loophole data is obtained
Parameter;
Obtain the safety verification result statistical parameter of the corresponding data source of the current system loophole data;
According to the popular degree parameter and the safety verification result statistical parameter, goal systems building loophole data are chosen.
8. network safety pre-warning method as claimed in claim 7, which is characterized in that obtain the current system loophole data
Popular degree parameter, comprising:
Based on the issuing time of the current system loophole data, from the system vulnerability data, candidate system loophole is chosen
Data;
Based on the candidate system loophole data, the spy of the candidate system loophole data is chosen from the feature phrase set
Levy word;
The repetition frequency of Feature Words in Feature Words based on the candidate system loophole data creates popular feature phrase set;
Based on the Feature Words of the current system loophole, in the frequency of the middle appearance of the popular feature phrase set, determination is worked as
The popular degree parameter of preceding candidate system loophole data.
9. network safety pre-warning method as claimed in claim 7, which is characterized in that obtain the current system loophole data pair
The safety verification result statistical parameter for the data source answered, comprising:
Based on the history dependence verification result, the corresponding data source of the legacy system loophole data is determined;
All history verifying correlation results are divided according to corresponding data source, obtain the safety verification knot of each data source
Fruit statistical parameter;
Determine the safety verification result statistical parameter of the corresponding data source of current system loophole data.
10. network safety pre-warning method as claimed in claim 5, which is characterized in that the network safety pre-warning method also wraps
It includes:
When verifying does not pass through, it is determined that the corresponding target data source of current goal system vulnerability data;
Based on current goal system vulnerability data, obtain and current system unrelated target signature phrase safely;
Based on the target signature phrase, the feature phrase set of target data source is updated.
11. network safety pre-warning method as claimed in claim 5, which is characterized in that the safe early warning method further include:
When the failure of goal systems loophole data decimation, obtain and the safety-related system vulnerability data set of current system;
If the system vulnerability data set includes replenishment system different from target loophole data, and safety-related with current system
Loophole data;
Obtain the complementary features phrase of the replenishment system loophole data;
Based on the complementary features phrase, the feature phrase set of the corresponding data source of the replenishment system loophole data is updated.
12. a kind of network safety pre-warning device characterized by comprising
Acquiring unit, for obtaining system vulnerability data from data source;
Computing unit, for going through based on the corresponding source-information of the system vulnerability data and legacy system loophole data
History relevance verification is as a result, obtain the security association parameters between the system vulnerability data and current system, wherein history phase
Relevance verification result of the closing property result between legacy system loophole data and current system safety;
Selection unit, for according to the security association parameters, being chosen from the system vulnerability data and current system safety
Goal systems loophole data with correlation;
Authentication unit, for being verified to the goal systems loophole data with the correlation between current system safety;
Prewarning unit, for carrying out early warning to the user of current system when history dependence verification result includes being verified.
13. a kind of storage medium, is stored thereon with computer program, which is characterized in that when computer program is transported on computers
When row, so that the computer executes the method as described in any one of claims 1 to 11.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910619821.6A CN110417751B (en) | 2019-07-10 | 2019-07-10 | Network security early warning method, device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910619821.6A CN110417751B (en) | 2019-07-10 | 2019-07-10 | Network security early warning method, device and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110417751A true CN110417751A (en) | 2019-11-05 |
| CN110417751B CN110417751B (en) | 2021-07-02 |
Family
ID=68360914
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910619821.6A Active CN110417751B (en) | 2019-07-10 | 2019-07-10 | Network security early warning method, device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110417751B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111431869A (en) * | 2020-03-09 | 2020-07-17 | 北京神州绿盟信息安全科技股份有限公司 | Method and device for acquiring vulnerability information heat |
| CN111865979A (en) * | 2020-07-20 | 2020-10-30 | 北京丁牛科技有限公司 | Vulnerability information processing method and network attack and defense platform |
| CN114584342A (en) * | 2022-01-17 | 2022-06-03 | 北京中科微澜科技有限公司 | Network vulnerability identification and detection system based on data analysis |
Citations (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101853277A (en) * | 2010-05-14 | 2010-10-06 | 南京信息工程大学 | Vulnerability data mining method based on classification and association analysis |
| CN102446254A (en) * | 2011-12-30 | 2012-05-09 | 中国信息安全测评中心 | Similar loophole inquiry method based on text mining |
| CN103366120A (en) * | 2012-04-10 | 2013-10-23 | 中国信息安全测评中心 | Bug attack graph generation method based on script |
| CN104951553A (en) * | 2015-06-30 | 2015-09-30 | 成都蓝码科技发展有限公司 | Content collecting and data mining platform accurate in data processing and implementation method thereof |
| CN106357635A (en) * | 2016-09-09 | 2017-01-25 | 浪潮软件集团有限公司 | Vulnerability comparison analysis method based on homologous framework |
| CN106407803A (en) * | 2016-08-30 | 2017-02-15 | 北京奇虎科技有限公司 | Detection method and device of SQL (Structured Query Language) injection vulnerabilities |
| US20170061133A1 (en) * | 2015-09-02 | 2017-03-02 | Sap Se | Automated Security Vulnerability Exploit Tracking on Social Media |
| CN106897625A (en) * | 2017-01-22 | 2017-06-27 | 北京理工大学 | The leak automatic classification method for supporting vulnerability correlation to excavate |
| CN107241352A (en) * | 2017-07-17 | 2017-10-10 | 浙江鹏信信息科技股份有限公司 | A kind of net security accident classificaiton and Forecasting Methodology and system |
| CN108268777A (en) * | 2018-01-18 | 2018-07-10 | 中国人民大学 | A kind of similarity detection method that unknown loophole discovery is carried out using patch information |
| CN108763931A (en) * | 2018-05-28 | 2018-11-06 | 上海交通大学 | Leak detection method based on Bi-LSTM and text similarity |
| CN109672666A (en) * | 2018-11-23 | 2019-04-23 | 北京丁牛科技有限公司 | A kind of network attack detecting method and device |
| CN109698823A (en) * | 2018-11-29 | 2019-04-30 | 广东电网有限责任公司信息中心 | A kind of Cyberthreat discovery method |
| CN109858018A (en) * | 2018-12-25 | 2019-06-07 | 中国科学院信息工程研究所 | A kind of entity recognition method and system towards threat information |
| CN109871696A (en) * | 2018-12-29 | 2019-06-11 | 重庆城市管理职业学院 | A kind of automatic collection and vulnerability scanning system and method, computer of vulnerability information |
| CN109886020A (en) * | 2019-01-24 | 2019-06-14 | 燕山大学 | Software vulnerability automatic classification method based on deep neural network |
| CN109918505A (en) * | 2019-02-26 | 2019-06-21 | 西安电子科技大学 | A kind of network security incident visualization method based on text-processing |
-
2019
- 2019-07-10 CN CN201910619821.6A patent/CN110417751B/en active Active
Patent Citations (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101853277A (en) * | 2010-05-14 | 2010-10-06 | 南京信息工程大学 | Vulnerability data mining method based on classification and association analysis |
| CN102446254A (en) * | 2011-12-30 | 2012-05-09 | 中国信息安全测评中心 | Similar loophole inquiry method based on text mining |
| CN103366120A (en) * | 2012-04-10 | 2013-10-23 | 中国信息安全测评中心 | Bug attack graph generation method based on script |
| CN104951553A (en) * | 2015-06-30 | 2015-09-30 | 成都蓝码科技发展有限公司 | Content collecting and data mining platform accurate in data processing and implementation method thereof |
| US10127385B2 (en) * | 2015-09-02 | 2018-11-13 | Sap Se | Automated security vulnerability exploit tracking on social media |
| US20170061133A1 (en) * | 2015-09-02 | 2017-03-02 | Sap Se | Automated Security Vulnerability Exploit Tracking on Social Media |
| CN106407803A (en) * | 2016-08-30 | 2017-02-15 | 北京奇虎科技有限公司 | Detection method and device of SQL (Structured Query Language) injection vulnerabilities |
| CN106357635A (en) * | 2016-09-09 | 2017-01-25 | 浪潮软件集团有限公司 | Vulnerability comparison analysis method based on homologous framework |
| CN106897625A (en) * | 2017-01-22 | 2017-06-27 | 北京理工大学 | The leak automatic classification method for supporting vulnerability correlation to excavate |
| CN107241352A (en) * | 2017-07-17 | 2017-10-10 | 浙江鹏信信息科技股份有限公司 | A kind of net security accident classificaiton and Forecasting Methodology and system |
| CN108268777A (en) * | 2018-01-18 | 2018-07-10 | 中国人民大学 | A kind of similarity detection method that unknown loophole discovery is carried out using patch information |
| CN108763931A (en) * | 2018-05-28 | 2018-11-06 | 上海交通大学 | Leak detection method based on Bi-LSTM and text similarity |
| CN109672666A (en) * | 2018-11-23 | 2019-04-23 | 北京丁牛科技有限公司 | A kind of network attack detecting method and device |
| CN109698823A (en) * | 2018-11-29 | 2019-04-30 | 广东电网有限责任公司信息中心 | A kind of Cyberthreat discovery method |
| CN109858018A (en) * | 2018-12-25 | 2019-06-07 | 中国科学院信息工程研究所 | A kind of entity recognition method and system towards threat information |
| CN109871696A (en) * | 2018-12-29 | 2019-06-11 | 重庆城市管理职业学院 | A kind of automatic collection and vulnerability scanning system and method, computer of vulnerability information |
| CN109886020A (en) * | 2019-01-24 | 2019-06-14 | 燕山大学 | Software vulnerability automatic classification method based on deep neural network |
| CN109918505A (en) * | 2019-02-26 | 2019-06-21 | 西安电子科技大学 | A kind of network security incident visualization method based on text-processing |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111431869A (en) * | 2020-03-09 | 2020-07-17 | 北京神州绿盟信息安全科技股份有限公司 | Method and device for acquiring vulnerability information heat |
| CN111431869B (en) * | 2020-03-09 | 2022-04-19 | 绿盟科技集团股份有限公司 | Method and device for acquiring vulnerability information heat |
| CN111865979A (en) * | 2020-07-20 | 2020-10-30 | 北京丁牛科技有限公司 | Vulnerability information processing method and network attack and defense platform |
| CN114584342A (en) * | 2022-01-17 | 2022-06-03 | 北京中科微澜科技有限公司 | Network vulnerability identification and detection system based on data analysis |
| CN114584342B (en) * | 2022-01-17 | 2024-02-06 | 北京中科微澜科技有限公司 | Network vulnerability recognition and detection system based on data analysis |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110417751B (en) | 2021-07-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Chen et al. | Exploiting blockchain data to detect smart ponzi schemes on ethereum | |
| Bai et al. | Formal modeling and verification of smart contracts | |
| US11356482B2 (en) | Message validation using machine-learned user models | |
| Mirakhorli et al. | Detecting, tracing, and monitoring architectural tactics in code | |
| CN110417751A (en) | A kind of network safety pre-warning method, device and storage medium | |
| CN103544074B (en) | The method of calibration of a kind of business and device | |
| CN106027577A (en) | Exception access behavior detection method and device | |
| CN110851288B (en) | Message processing method and device | |
| CN102004752B (en) | Cube data warehousing flexibly | |
| US11361068B2 (en) | Securing passwords by using dummy characters | |
| CN107122669A (en) | A kind of method and apparatus for assessing leaking data risk | |
| US11023625B2 (en) | Computational accelerator architecture for change control in model-based system engineering | |
| US20220129816A1 (en) | Methods and arrangements to manage requirements and controls, and data at the intersection thereof | |
| CN109412839A (en) | A kind of recognition methods, device, equipment and the storage medium of exception account | |
| CN109614319B (en) | Automatic testing method and device, electronic equipment and computer readable medium | |
| CN110109888A (en) | A kind of document handling method and device | |
| CN106201843A (en) | The processing method of a kind of terminal data, device and terminal | |
| JP6777612B2 (en) | Systems and methods to prevent data loss in computer systems | |
| Dror et al. | Zero-shot on-the-fly event schema induction | |
| CN104462311A (en) | Information displaying method and device | |
| CN109543959A (en) | Examine chain generation method, device, computer equipment and storage medium | |
| KR20190022430A (en) | Systems, methods, electronic devices and storage media for identifying social events based risk events | |
| CN107679400A (en) | Verification method and system during social networks safe operation based on source code pitching pile | |
| Lee et al. | Apply fuzzy decision tree to information security risk assessment. | |
| CN116860311A (en) | Script analysis method, script analysis device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |