CN110737891A - 一种主机入侵检测方法和装置 - Google Patents
一种主机入侵检测方法和装置 Download PDFInfo
- Publication number
- CN110737891A CN110737891A CN201810796167.1A CN201810796167A CN110737891A CN 110737891 A CN110737891 A CN 110737891A CN 201810796167 A CN201810796167 A CN 201810796167A CN 110737891 A CN110737891 A CN 110737891A
- Authority
- CN
- China
- Prior art keywords
- detection
- signal data
- ret
- host
- static
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 229
- 230000003068 static effect Effects 0.000 claims abstract description 92
- 238000000034 method Methods 0.000 claims abstract description 81
- 230000006399 behavior Effects 0.000 claims abstract description 75
- 230000008569 process Effects 0.000 claims abstract description 54
- 238000012549 training Methods 0.000 claims abstract description 44
- 239000002245 particle Substances 0.000 claims abstract description 25
- 239000004576 sand Substances 0.000 claims abstract description 20
- 238000005457 optimization Methods 0.000 claims abstract description 18
- 238000012360 testing method Methods 0.000 claims description 21
- 230000006870 function Effects 0.000 claims description 15
- 238000004590 computer program Methods 0.000 claims description 7
- 230000008859 change Effects 0.000 claims description 6
- 241000764238 Isis Species 0.000 claims description 2
- 206010001488 Aggression Diseases 0.000 claims 1
- 230000016571 aggressive behavior Effects 0.000 claims 1
- 208000012761 aggressive behavior Diseases 0.000 claims 1
- 230000035484 reaction time Effects 0.000 abstract description 6
- 239000002904 solvent Substances 0.000 abstract 1
- 238000012706 support-vector machine Methods 0.000 description 36
- 238000010586 diagram Methods 0.000 description 13
- 238000007726 management method Methods 0.000 description 9
- 238000004891 communication Methods 0.000 description 6
- 238000012545 processing Methods 0.000 description 5
- 230000008901 benefit Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 239000013598 vector Substances 0.000 description 3
- 201000004569 Blindness Diseases 0.000 description 2
- 241001178520 Stomatepia mongo Species 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000007405 data analysis Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 210000004556 brain Anatomy 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/21—Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
- G06F18/214—Generating training patterns; Bootstrap methods, e.g. bagging or boosting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
- G06F18/241—Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
- G06F18/2411—Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches based on the proximity to a decision surface, e.g. support vector machines
Abstract
Description
Claims (16)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810796167.1A CN110737891A (zh) | 2018-07-19 | 2018-07-19 | 一种主机入侵检测方法和装置 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810796167.1A CN110737891A (zh) | 2018-07-19 | 2018-07-19 | 一种主机入侵检测方法和装置 |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110737891A true CN110737891A (zh) | 2020-01-31 |
Family
ID=69235063
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810796167.1A Pending CN110737891A (zh) | 2018-07-19 | 2018-07-19 | 一种主机入侵检测方法和装置 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110737891A (zh) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112182574A (zh) * | 2020-09-10 | 2021-01-05 | 青岛海尔科技有限公司 | 用于入侵检测的方法及装置、服务器 |
CN112182573A (zh) * | 2020-09-10 | 2021-01-05 | 青岛海尔科技有限公司 | 用于入侵检测的方法及装置、设备 |
CN113395237A (zh) * | 2020-03-12 | 2021-09-14 | 中国电信股份有限公司 | 攻击检测方法及装置、计算机可存储介质 |
CN113839904A (zh) * | 2020-06-08 | 2021-12-24 | 北京梆梆安全科技有限公司 | 基于智能网联汽车的安全态势感知方法和系统 |
CN113868646A (zh) * | 2021-08-06 | 2021-12-31 | 华北电力科学研究院有限责任公司 | 基于主机的入侵检测方法及装置 |
CN114090967A (zh) * | 2021-10-25 | 2022-02-25 | 广州大学 | 一种基于pso-msvm的apt组织追踪溯源方法及系统 |
Citations (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN201477598U (zh) * | 2009-09-01 | 2010-05-19 | 北京鼎普科技股份有限公司 | 终端木马监测装置 |
CN103745154A (zh) * | 2013-12-27 | 2014-04-23 | 柳州职业技术学院 | 一种具有自学习能力的入侵检测系统及检测方法 |
CN104361285A (zh) * | 2014-11-20 | 2015-02-18 | 工业和信息化部电信研究院 | 移动设备应用程序的安全检测方法及装置 |
CN104537309A (zh) * | 2015-01-23 | 2015-04-22 | 北京奇虎科技有限公司 | 应用程序漏洞检测方法、装置及服务器 |
CN104598820A (zh) * | 2015-01-14 | 2015-05-06 | 国家电网公司 | 一种基于特征行为分析的木马病检测方法 |
CN104751052A (zh) * | 2013-12-30 | 2015-07-01 | 南京理工大学常熟研究院有限公司 | 基于svm算法的移动智能终端软件的动态行为分析方法 |
CN105069354A (zh) * | 2015-07-31 | 2015-11-18 | 天津大学 | 基于攻击树模型的Android软件混合检测方法 |
CN105530265A (zh) * | 2016-01-28 | 2016-04-27 | 李青山 | 一种基于频繁项集描述的移动互联网恶意应用检测方法 |
CN106055980A (zh) * | 2016-05-30 | 2016-10-26 | 南京邮电大学 | 一种基于规则的JavaScript安全性检测方法 |
CN106650452A (zh) * | 2016-12-30 | 2017-05-10 | 北京工业大学 | 一种Android系统内置应用漏洞挖掘方法 |
CN106709290A (zh) * | 2016-12-16 | 2017-05-24 | 江苏通付盾科技有限公司 | 一种应用安全性分析方法及装置 |
CN106911637A (zh) * | 2015-12-23 | 2017-06-30 | 北京奇虎科技有限公司 | 网络威胁处理方法和装置 |
CN106991324A (zh) * | 2017-03-30 | 2017-07-28 | 兴华永恒(北京)科技有限责任公司 | 一种基于内存保护类型监控的恶意代码跟踪识别方法 |
CN107590388A (zh) * | 2017-09-12 | 2018-01-16 | 南方电网科学研究院有限责任公司 | 恶意代码检测方法和装置 |
CN108038374A (zh) * | 2017-12-26 | 2018-05-15 | 郑州云海信息技术有限公司 | 一种检测实时威胁的方法 |
-
2018
- 2018-07-19 CN CN201810796167.1A patent/CN110737891A/zh active Pending
Patent Citations (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN201477598U (zh) * | 2009-09-01 | 2010-05-19 | 北京鼎普科技股份有限公司 | 终端木马监测装置 |
CN103745154A (zh) * | 2013-12-27 | 2014-04-23 | 柳州职业技术学院 | 一种具有自学习能力的入侵检测系统及检测方法 |
CN104751052A (zh) * | 2013-12-30 | 2015-07-01 | 南京理工大学常熟研究院有限公司 | 基于svm算法的移动智能终端软件的动态行为分析方法 |
CN104361285A (zh) * | 2014-11-20 | 2015-02-18 | 工业和信息化部电信研究院 | 移动设备应用程序的安全检测方法及装置 |
CN104598820A (zh) * | 2015-01-14 | 2015-05-06 | 国家电网公司 | 一种基于特征行为分析的木马病检测方法 |
CN104537309A (zh) * | 2015-01-23 | 2015-04-22 | 北京奇虎科技有限公司 | 应用程序漏洞检测方法、装置及服务器 |
CN105069354A (zh) * | 2015-07-31 | 2015-11-18 | 天津大学 | 基于攻击树模型的Android软件混合检测方法 |
CN106911637A (zh) * | 2015-12-23 | 2017-06-30 | 北京奇虎科技有限公司 | 网络威胁处理方法和装置 |
CN105530265A (zh) * | 2016-01-28 | 2016-04-27 | 李青山 | 一种基于频繁项集描述的移动互联网恶意应用检测方法 |
CN106055980A (zh) * | 2016-05-30 | 2016-10-26 | 南京邮电大学 | 一种基于规则的JavaScript安全性检测方法 |
CN106709290A (zh) * | 2016-12-16 | 2017-05-24 | 江苏通付盾科技有限公司 | 一种应用安全性分析方法及装置 |
CN106650452A (zh) * | 2016-12-30 | 2017-05-10 | 北京工业大学 | 一种Android系统内置应用漏洞挖掘方法 |
CN106991324A (zh) * | 2017-03-30 | 2017-07-28 | 兴华永恒(北京)科技有限责任公司 | 一种基于内存保护类型监控的恶意代码跟踪识别方法 |
CN107590388A (zh) * | 2017-09-12 | 2018-01-16 | 南方电网科学研究院有限责任公司 | 恶意代码检测方法和装置 |
CN108038374A (zh) * | 2017-12-26 | 2018-05-15 | 郑州云海信息技术有限公司 | 一种检测实时威胁的方法 |
Non-Patent Citations (1)
Title |
---|
高昆仑;刘建明;徐茹枝;王宇飞;李怡康;: "基于支持向量机和粒子群算法的信息网络安全态势复合预测模型", 电网技术, no. 04, pages 176 - 182 * |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113395237A (zh) * | 2020-03-12 | 2021-09-14 | 中国电信股份有限公司 | 攻击检测方法及装置、计算机可存储介质 |
CN113839904A (zh) * | 2020-06-08 | 2021-12-24 | 北京梆梆安全科技有限公司 | 基于智能网联汽车的安全态势感知方法和系统 |
CN113839904B (zh) * | 2020-06-08 | 2023-08-22 | 北京梆梆安全科技有限公司 | 基于智能网联汽车的安全态势感知方法和系统 |
CN112182574A (zh) * | 2020-09-10 | 2021-01-05 | 青岛海尔科技有限公司 | 用于入侵检测的方法及装置、服务器 |
CN112182573A (zh) * | 2020-09-10 | 2021-01-05 | 青岛海尔科技有限公司 | 用于入侵检测的方法及装置、设备 |
CN113868646A (zh) * | 2021-08-06 | 2021-12-31 | 华北电力科学研究院有限责任公司 | 基于主机的入侵检测方法及装置 |
CN113868646B (zh) * | 2021-08-06 | 2024-04-26 | 华北电力科学研究院有限责任公司 | 基于主机的入侵检测方法及装置 |
CN114090967A (zh) * | 2021-10-25 | 2022-02-25 | 广州大学 | 一种基于pso-msvm的apt组织追踪溯源方法及系统 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110737891A (zh) | 一种主机入侵检测方法和装置 | |
US10310969B2 (en) | Systems and methods for test prediction in continuous integration environments | |
US11574063B2 (en) | Automatic detection of an incomplete static analysis security assessment | |
US8627469B1 (en) | Systems and methods for using acquisitional contexts to prevent false-positive malware classifications | |
US11503070B2 (en) | Techniques for classifying a web page based upon functions used to render the web page | |
EP3058481B1 (en) | Acceleration based on cached flows | |
US11580294B2 (en) | Techniques for web framework detection | |
US11720825B2 (en) | Framework for multi-tenant data science experiments at-scale | |
CN111193633B (zh) | 异常网络连接的检测方法及装置 | |
JP2018508892A (ja) | 装置指紋をインターネット装置に割り当てるための方法及び機器 | |
CN111669379A (zh) | 行为异常检测方法和装置 | |
CN110677307A (zh) | 一种服务监测方法、装置、设备和存储介质 | |
CN113918438A (zh) | 服务器异常的检测方法、装置、服务器及存储介质 | |
KR102072288B1 (ko) | GANs을 이용한 보안 로그 데이터의 이상 탐지 방법 및 이를 수행하는 장치들 | |
US20220334744A1 (en) | Method, electronic device, and computer program product for processing data | |
CN113590447B (zh) | 埋点处理方法和装置 | |
US8798982B2 (en) | Information processing device, information processing method, and program | |
CN109885472A (zh) | 测试管理方法及系统和计算机可读存储介质 | |
US11599406B2 (en) | Common platform for fulfilling different actions | |
AU2020221855B2 (en) | Activity detection in web applications | |
US11487570B1 (en) | Efficient creation of endpoints for accessing services directly within a cloud-based system | |
CN110580200B (zh) | 数据同步方法和装置 | |
US11012463B2 (en) | Predicting condition of a host for cybersecurity applications | |
GB2546135A (en) | Robust computing device identification framework | |
US20200304539A1 (en) | Detecting denial of service attacks in serverless computing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: 101111 Room 221, 2nd Floor, Block C, 18 Kechuang 11th Street, Beijing Economic and Technological Development Zone Applicant after: Jingdong Technology Holding Co.,Ltd. Address before: 101111 Room 221, 2nd Floor, Block C, 18 Kechuang 11th Street, Beijing Economic and Technological Development Zone Applicant before: Jingdong Digital Technology Holding Co.,Ltd. Address after: 101111 Room 221, 2nd Floor, Block C, 18 Kechuang 11th Street, Beijing Economic and Technological Development Zone Applicant after: Jingdong Digital Technology Holding Co.,Ltd. Address before: 101111 Room 221, 2nd Floor, Block C, 18 Kechuang 11th Street, Beijing Economic and Technological Development Zone Applicant before: JINGDONG DIGITAL TECHNOLOGY HOLDINGS Co.,Ltd. Address after: 101111 Room 221, 2nd Floor, Block C, 18 Kechuang 11th Street, Beijing Economic and Technological Development Zone Applicant after: JINGDONG DIGITAL TECHNOLOGY HOLDINGS Co.,Ltd. Address before: 101111 Room 221, 2nd Floor, Block C, 18 Kechuang 11th Street, Beijing Economic and Technological Development Zone Applicant before: BEIJING JINGDONG FINANCIAL TECHNOLOGY HOLDING Co.,Ltd. |
|
CB02 | Change of applicant information |