CN111027052A - Application program version-based virtual machine document discrimination method and device and storage equipment - Google Patents
Application program version-based virtual machine document discrimination method and device and storage equipment Download PDFInfo
- Publication number
- CN111027052A CN111027052A CN201910097416.2A CN201910097416A CN111027052A CN 111027052 A CN111027052 A CN 111027052A CN 201910097416 A CN201910097416 A CN 201910097416A CN 111027052 A CN111027052 A CN 111027052A
- Authority
- CN
- China
- Prior art keywords
- document
- virtual machine
- documents
- application program
- versions
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012850 discrimination method Methods 0.000 title claims description 6
- 238000000034 method Methods 0.000 claims abstract description 45
- 230000006399 behavior Effects 0.000 claims description 30
- 230000015654 memory Effects 0.000 claims description 26
- 238000004458 analytical method Methods 0.000 claims description 21
- 238000012544 monitoring process Methods 0.000 claims description 5
- 230000003068 static effect Effects 0.000 claims description 5
- 230000005540 biological transmission Effects 0.000 claims description 3
- 238000001514 detection method Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 241000700605 Viruses Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Debugging And Monitoring (AREA)
Abstract
The embodiment of the invention discloses a method, a device and a storage device for judging a virtual machine document based on an application program version, which are used for solving the problems that related threats cannot be accurately detected and the report is missed because a single document is operated by utilizing a single version of an application program in a single virtual machine in the prior art. The method comprises the following steps: collecting the documents with attributes to be judged; classifying the documents in the same file format into one class; installing an application program supporting the opening of a certain type of document in a virtual machine, wherein the application program comprises a plurality of versions; sending the type of document to a virtual machine, and opening each document in the type of document by the virtual machine by using application programs of various versions; and sequentially running the documents and judging the document attributes.
Description
Technical Field
The embodiment of the invention relates to the field of network security, in particular to a method and a device for judging a virtual machine document based on an application program version and a storage device.
Background
With the rapid development of the internet, network security events emerge endlessly, and attack events as large as the national level, as small as blackened events of personal websites, stolen events of account numbers, and the like are all closely related to network security. In recent years, document attacks are one of the most frequently used attack methods by lawbreakers, and attackers generally send mails with malicious attachments to victims by means of mails with deceptive or decoy characters and induce the victims to open the attachments. Once an attacker is in the hands, the attacker can acquire the complete control authority of the computer, so that not only can highly confidential data stored in the computer be stolen, but also the computer can be used as a springboard, and the whole intranet is completely sunk; meanwhile, document attacks also increase the risk of Leso virus attacks, and if key documents, data, pictures and the like of governments and enterprises are encrypted by an attacker through a high-strength algorithm, the victim can give up the data or pay the attacker with valuable redemption, so that immeasurable loss is caused.
Therefore, document analysis plays an increasingly important role in threat identification and tracing, while the existing document analysis method generally runs a single document in a single virtual machine by using a single version of an application program, and if a certain document only runs in a specific application program version to trigger a malicious attack behavior, the existing analysis method can cause that a related threat cannot be accurately detected and a report omission situation occurs.
Disclosure of Invention
Based on the existing problems, embodiments of the present invention provide a method, an apparatus, and a storage device for determining a document of a virtual machine based on an application version, so as to solve the problem that a single document is run by using a single version of an application in a single virtual machine, which may cause a related threat to be not accurately detected and a false negative occurs.
The embodiment of the invention discloses a virtual machine document discrimination method based on an application program version, which comprises the following steps:
collecting the documents with attributes to be judged; classifying the documents in the same file format into one class; installing an application program supporting the opening of a certain type of document in a virtual machine, wherein the application program comprises a plurality of versions; sending the type of document to a virtual machine, and opening each document in the type of document by the virtual machine by using application programs of various versions; and sequentially running the documents and judging the document attributes.
Further, installing an application program supporting opening of the document in the virtual machine, wherein the application program comprises a plurality of versions, and the method further comprises the following steps: the versions of each application are marked with different identifiers and recorded in a separate directory.
Further, sequentially operating the documents and judging the document attributes, specifically: running the documents in sequence; collecting various dynamic behaviors and static behaviors of the document during operation; identifying unknown threats by kernel-level application behavior monitoring and/or behavior analysis of big data behavior threat metrics; known threats are detected by a method for comparing the file name, the service name, the IP of the access network, the domain name and the character information in the memory in the operation result with the characteristic information of the malicious sample library and/or a method for detecting processes, services, registries, memories and networks.
Further, the sequentially running the documents, after determining the document attributes, specifically further includes:
if the document is opened one by the application programs of the plurality of versions, restarting the virtual machine; and generating a document analysis report according to the operation result of the document, and if a malicious document is detected, sending an alarm notice.
The embodiment of the invention discloses a virtual machine document distinguishing device based on an application program version, which comprises a memory and a processor, wherein the memory is used for storing a plurality of instructions, and the processor is used for loading the instructions stored in the memory to execute:
collecting the documents with attributes to be judged; classifying the documents in the same file format into one class; installing an application program supporting the opening of a certain type of document in a virtual machine, wherein the application program comprises a plurality of versions; sending the type of document to a virtual machine, and opening each document in the type of document by the virtual machine by using application programs of various versions; and sequentially running the documents and judging the document attributes.
Further, the processor is also configured to load instructions stored in the memory to perform:
installing an application program supporting the opening of the document in the virtual machine, wherein the application program comprises a plurality of versions and further comprises: the versions of each application are marked with different identifiers and recorded in a separate directory.
Further, the processor is also configured to load instructions stored in the memory to perform:
sequentially operating the documents and judging the document attributes, specifically: running the documents in sequence; collecting various dynamic behaviors and static behaviors of the document during operation; identifying unknown threats by kernel-level application behavior monitoring and/or behavior analysis of big data behavior threat metrics; known threats are detected by a method for comparing the file name, the service name, the IP of the access network, the domain name and the character information in the memory in the operation result with the characteristic information of the malicious sample library and/or a method for detecting processes, services, registries, memories and networks.
Further, the processor is also configured to load instructions stored in the memory to perform:
sequentially operating the documents, and after judging the document attributes, specifically further comprising:
if the document is opened one by the application programs of the plurality of versions, restarting the virtual machine; and generating a document analysis report according to the operation result of the document, and if a malicious document is detected, sending an alarm notice.
The embodiment of the invention also discloses a device for discriminating the document of the virtual machine based on the version of the application program, which comprises the following steps:
the document collection module: the document collection module is used for collecting documents with attributes to be determined;
a document classification module: the file sharing method is used for classifying the files in the same file format into one class;
an application program installation module: the method comprises the steps of installing an application program supporting the opening of a certain type of document in a virtual machine, wherein the application program comprises a plurality of versions;
a transmission module: the method comprises the steps of sending a certain type of document to a virtual machine;
an operation module: the system comprises a virtual machine, a storage unit, a document management unit and a document management unit, wherein the virtual machine is used for opening each document in the documents by using each version of application program and running;
a determination module: the document attributes are determined.
The embodiment of the invention provides a storage device, wherein a plurality of instructions are stored in the storage device, and the instructions are suitable for being loaded by a processor and executing the steps of the virtual machine document discrimination method based on the application program version provided by the embodiment of the invention.
Compared with the prior art, the method, the device and the storage equipment for judging the virtual machine document based on the application program version, provided by the invention, at least realize the following beneficial effects:
collecting the documents with attributes to be judged; classifying the documents in the same file format into one class; installing an application program supporting the opening of a certain type of document in a virtual machine, wherein the application program comprises a plurality of versions; sending the type of document to a virtual machine, and opening each document in the type of document by the virtual machine by using application programs of various versions; and sequentially running the documents and judging the document attributes. Because the existing document analysis method usually runs a single document by using a single version of an application program in a single virtual machine, if a certain document only runs in a specific application program version and can trigger malicious attack behaviors, the existing analysis method can not accurately detect related threats and the condition of false alarm occurs; the method can trigger the document with the malicious behavior by utilizing more application program versions within the same time, and improves the detection rate of the malicious document.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
FIG. 1 is a flowchart of a method for determining a virtual machine document based on an application version according to an embodiment of the present invention;
FIG. 2 is a flowchart of a method for determining a virtual machine document based on an application version according to an embodiment of the present invention;
FIG. 3 is a diagram of a device for determining a document of a virtual machine based on an application version according to an embodiment of the present invention;
fig. 4 is a structural diagram of a virtual machine document determination apparatus based on an application version according to an embodiment of the present invention.
Detailed Description
In order to make the object, technical solution and advantages of the present invention clearer, a detailed description will be given below of a specific implementation of a virtual machine document identification method based on an application version according to an embodiment of the present invention with reference to the accompanying drawings. It should be understood that the preferred embodiments described below are only for illustrating and explaining the present invention and are not to be used for limiting the present invention. And the embodiments and features of the embodiments in the present application may be combined with each other without conflict.
The existing document analysis method generally runs a single document by using a single version of an application program in a single virtual machine, and if a certain document only runs in a specific application program version and can trigger a malicious attack behavior, the existing analysis method can not accurately detect related threats and the condition of false alarm occurs.
Based on this, an embodiment of the present invention provides a flowchart for discriminating a virtual machine document based on an application version, as shown in fig. 1, including:
the application versions differ from one another.
Therefore, the method provided by the embodiment of the invention can trigger the document with possibly malicious behaviors by utilizing more application program versions within the same time, and the detection rate of the malicious document is improved.
The flowchart of another method for discriminating a document based on an application version virtual machine according to the embodiment of the present invention, as shown in fig. 2, includes:
step 21, collecting the document with the attribute to be judged;
step 25, judging whether the application programs of all versions complete the task of opening and analyzing N documents, if so, executing step 28, otherwise, executing step 26;
and step 30, generating a document analysis report according to the operation result of the document, completing the analysis, and restarting the virtual machine.
The method provided by the embodiment of the invention opens multiple documents by utilizing the multi-version application program within equal time, and can improve the efficiency of analysis and detection compared with the detection of opening a single document.
An embodiment of the present invention further provides an apparatus for determining a document of a virtual machine based on an application version, as shown in fig. 3, including: the apparatus comprises a memory 31 and a processor 32, wherein the memory 31 is used for storing a plurality of instructions, and the processor 32 is used for loading the instructions stored in the memory 31 to execute:
collecting the documents with attributes to be judged; classifying the documents in the same file format into one class; installing an application program supporting the opening of a certain type of document in a virtual machine, wherein the application program comprises a plurality of versions; sending the type of document to a virtual machine, and opening each document in the type of document by the virtual machine by using application programs of various versions; and sequentially running the documents and judging the document attributes.
The processor 32 is configured to load the instructions stored in the memory 31 to perform:
installing an application program supporting the opening of the document in the virtual machine, wherein the application program comprises a plurality of versions and further comprises: the versions of each application are marked with different identifiers and recorded in a separate directory.
The processor 32 is configured to load the instructions stored in the memory 31 to perform:
sequentially operating the documents and judging the document attributes, specifically: running the documents in sequence; collecting various dynamic behaviors and static behaviors of the document during operation; identifying unknown threats by kernel-level application behavior monitoring and/or behavior analysis of big data behavior threat metrics; known threats are detected by a method for comparing the file name, the service name, the IP of the access network, the domain name and the character information in the memory in the operation result with the characteristic information of the malicious sample library and/or a method for detecting processes, services, registries, memories and networks.
The processor 32 is configured to load the instructions stored in the memory 31 to perform:
sequentially operating the documents, and after judging the document attributes, specifically further comprising:
if the document is opened one by the application programs of the plurality of versions, restarting the virtual machine; and generating a document analysis report according to the operation result of the document, and if a malicious document is detected, sending an alarm notice.
The embodiment of the present invention also provides another apparatus for discriminating a document based on an application version virtual machine, as shown in fig. 4, including:
the document collection module 41: the document collection module is used for collecting documents with attributes to be determined;
document classification module 42: the file sharing method is used for classifying the files in the same file format into one class;
the application installation module 43: the method comprises the steps of installing an application program supporting the opening of a certain type of document in a virtual machine, wherein the application program comprises a plurality of versions;
the transmission module 44: the method comprises the steps of sending a certain type of document to a virtual machine;
the operation module 45: the system comprises a virtual machine, a storage unit, a document management unit and a document management unit, wherein the virtual machine is used for opening each document in the documents by using each version of application program and running;
the determination module 46: the document attributes are determined.
The embodiment of the invention also provides a storage device, wherein a plurality of instructions are stored in the storage device, and the instructions are suitable for being loaded by a processor and executing the steps of the virtual machine document discrimination method based on the application program version provided by the embodiment of the invention.
Through the above description of the embodiments, it is clear to those skilled in the art that the embodiments of the present invention may be implemented by hardware, or by software plus a necessary general hardware platform. Based on such understanding, the technical solutions of the embodiments of the present invention may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.), and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods according to the embodiments of the present invention.
Those skilled in the art will appreciate that the drawings are merely schematic representations of one preferred embodiment and that the blocks or flow diagrams in the drawings are not necessarily required to practice the present invention.
Those skilled in the art will appreciate that the modules in the devices in the embodiments may be distributed in the devices in the embodiments according to the description of the embodiments, and may be correspondingly changed in one or more devices different from the embodiments. The modules of the above embodiments may be combined into one module, or further split into multiple sub-modules.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (10)
1. A virtual machine document discrimination method based on an application program version method is characterized in that:
collecting the documents with attributes to be judged;
classifying the documents in the same file format into one class;
installing an application program supporting the opening of a certain type of document in a virtual machine, wherein the application program comprises a plurality of versions;
sending the type of document to a virtual machine, and opening each document in the type of document by the virtual machine by using application programs of various versions;
and sequentially running the documents and judging the document attributes.
2. The method of claim 1, wherein installing an application in a virtual machine that supports opening the document, the application comprising a plurality of versions, further comprises:
the versions of each application are marked with different identifiers and recorded in a separate directory.
3. The method of claim 1, wherein the document is run in sequence, and the document attributes are determined, specifically:
running the documents in sequence;
collecting various dynamic behaviors and static behaviors of the document during operation;
identifying unknown threats by kernel-level application behavior monitoring and/or behavior analysis of big data behavior threat metrics;
known threats are detected by a method for comparing the file name, the service name, the IP of the access network, the domain name and the character information in the memory in the operation result with the characteristic information of the malicious sample library and/or a method for detecting processes, services, registries, memories and networks.
4. The method of claim 1, wherein the documents are run in sequence, and after determining the attributes of the documents, the method further comprises:
if the document is opened one by the application programs of the plurality of versions, restarting the virtual machine;
and generating a document analysis report according to the operation result of the document, and if a malicious document is detected, sending an alarm notice.
5. An apparatus for discriminating between virtual machine documents based on application versions, wherein the processor is further configured to load instructions stored in the memory to perform:
collecting the documents with attributes to be judged;
classifying the documents in the same file format into one class;
installing an application program supporting the opening of a certain type of document in a virtual machine, wherein the application program comprises a plurality of versions;
sending the type of document to a virtual machine, and opening each document in the type of document by the virtual machine by using application programs of various versions;
and sequentially running the documents and judging the document attributes.
6. The apparatus of claim 5, wherein the processor is further to load instructions stored in the memory to perform:
installing an application program supporting the opening of the document in the virtual machine, wherein the application program comprises a plurality of versions and further comprises: the versions of each application are marked with different identifiers and recorded in a separate directory.
7. The apparatus of claim 5, wherein the processor is further to load instructions stored in the memory to perform:
sequentially operating the documents and judging the document attributes, specifically:
running the documents in sequence;
collecting various dynamic behaviors and static behaviors of the document during operation;
identifying unknown threats by kernel-level application behavior monitoring and/or behavior analysis of big data behavior threat metrics;
known threats are detected by a method for comparing the file name, the service name, the IP of the access network, the domain name and the character information in the memory in the operation result with the characteristic information of the malicious sample library and/or a method for detecting processes, services, registries, memories and networks.
8. The apparatus of claim 5, wherein the processor is further to load instructions stored in the memory to perform:
sequentially operating the documents, and after judging the document attributes, specifically further comprising:
if the document is opened one by the application programs of the plurality of versions, restarting the virtual machine;
and generating a document analysis report according to the operation result of the document, and if a malicious document is detected, sending an alarm notice.
9. The device for discriminating the document of the virtual machine based on the application program version is characterized by comprising the following steps:
the document collection module: the document collection module is used for collecting documents with attributes to be determined;
a document classification module: the file sharing method is used for classifying the files in the same file format into one class;
an application program installation module: the method comprises the steps of installing an application program supporting the opening of a certain type of document in a virtual machine, wherein the application program comprises a plurality of versions;
a transmission module: the method comprises the steps of sending a certain type of document to a virtual machine;
an operation module: the system comprises a virtual machine, a storage unit, a document management unit and a document management unit, wherein the virtual machine is used for opening each document in the documents by using each version of application program and running;
a determination module: the document attributes are determined.
10. A memory device having stored therein a plurality of instructions adapted to be loaded by a processor and to perform the steps of the method of any of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910097416.2A CN111027052A (en) | 2019-01-31 | 2019-01-31 | Application program version-based virtual machine document discrimination method and device and storage equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910097416.2A CN111027052A (en) | 2019-01-31 | 2019-01-31 | Application program version-based virtual machine document discrimination method and device and storage equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111027052A true CN111027052A (en) | 2020-04-17 |
Family
ID=70199482
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910097416.2A Pending CN111027052A (en) | 2019-01-31 | 2019-01-31 | Application program version-based virtual machine document discrimination method and device and storage equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111027052A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111669371A (en) * | 2020-05-18 | 2020-09-15 | 深圳供电局有限公司 | Network attack restoration system and method suitable for power network |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20120130626A (en) * | 2011-05-23 | 2012-12-03 | 한국전자통신연구원 | Apparatus and method for detecting malignant code based on document |
| CN103778373A (en) * | 2014-01-10 | 2014-05-07 | 深圳市深信服电子科技有限公司 | Virus detection method and device |
| CN107346390A (en) * | 2017-07-04 | 2017-11-14 | 深信服科技股份有限公司 | A kind of malice sample testing method and device |
-
2019
- 2019-01-31 CN CN201910097416.2A patent/CN111027052A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20120130626A (en) * | 2011-05-23 | 2012-12-03 | 한국전자통신연구원 | Apparatus and method for detecting malignant code based on document |
| CN103778373A (en) * | 2014-01-10 | 2014-05-07 | 深圳市深信服电子科技有限公司 | Virus detection method and device |
| CN107346390A (en) * | 2017-07-04 | 2017-11-14 | 深信服科技股份有限公司 | A kind of malice sample testing method and device |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111669371A (en) * | 2020-05-18 | 2020-09-15 | 深圳供电局有限公司 | Network attack restoration system and method suitable for power network |
| CN111669371B (en) * | 2020-05-18 | 2022-09-30 | 深圳供电局有限公司 | Network attack restoration system and method suitable for power network |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110324310B (en) | Network asset fingerprint identification method, system and equipment | |
| CN109586282B (en) | Power grid unknown threat detection system and method | |
| CN110929264B (en) | Vulnerability detection method and device, electronic equipment and readable storage medium | |
| KR101132197B1 (en) | Apparatus and Method for Automatically Discriminating Malicious Code | |
| CN104598824A (en) | Method and device for detecting malicious programs | |
| CN110351248B (en) | Safety protection method and device based on intelligent analysis and intelligent current limiting | |
| CN111988341B (en) | Data processing method, device, computer system and storage medium | |
| CN111460445A (en) | Method and device for automatically identifying malicious degree of sample program | |
| CN111104579A (en) | Identification method and device for public network assets and storage medium | |
| CN108256329B (en) | Fine-grained RAT program detection method and system based on dynamic behavior and corresponding APT attack detection method | |
| CN113468524B (en) | RASP-based machine learning model security detection method | |
| CN109815702B (en) | Software behavior safety detection method, device and equipment | |
| CN114386032A (en) | Firmware detection system and method for power Internet of things equipment | |
| Aslan | Performance comparison of static malware analysis tools versus antivirus scanners to detect malware | |
| CN111049828B (en) | Network attack detection and response method and system | |
| Park et al. | Antibot: Clustering common semantic patterns for bot detection | |
| KR20160090566A (en) | Apparatus and method for detecting APK malware filter using valid market data | |
| CN114024761A (en) | Network threat data detection method and device, storage medium and electronic equipment | |
| JP5613000B2 (en) | Application characteristic analysis apparatus and program | |
| US11321453B2 (en) | Method and system for detecting and classifying malware based on families | |
| CN111027052A (en) | Application program version-based virtual machine document discrimination method and device and storage equipment | |
| CN114629711B (en) | Method and system for detecting special Trojan horse on Windows platform | |
| CN116170186A (en) | Attack code online detection method and device based on network traffic analysis | |
| CN115913634A (en) | Network security abnormity detection method and system based on deep learning | |
| CN117056918A (en) | Code analysis method and related equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 518000 Shenzhen, Baoan District, Guangdong Xixiang Baoan District street, the source of excellent industrial products display procurement center, block B, 7 floor, No. Applicant after: Shenzhen Antan Network Security Technology Co.,Ltd. Address before: 518000 Shenzhen, Baoan District, Guangdong Xixiang Baoan District street, the source of excellent industrial products display procurement center, block B, 7 floor, No. Applicant before: SHENZHEN ANZHITIAN INFORMATION TECHNOLOGY Co.,Ltd. |
|
| CB02 | Change of applicant information |