CN112733146B - Penetration testing method, device and equipment based on machine learning and storage medium - Google Patents

Penetration testing method, device and equipment based on machine learning and storage medium Download PDF

Info

Publication number
CN112733146B
CN112733146B CN202011635807.4A CN202011635807A CN112733146B CN 112733146 B CN112733146 B CN 112733146B CN 202011635807 A CN202011635807 A CN 202011635807A CN 112733146 B CN112733146 B CN 112733146B
Authority
CN
China
Prior art keywords
penetration test
target
machine learning
penetration
test case
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011635807.4A
Other languages
Chinese (zh)
Other versions
CN112733146A (en
Inventor
秦翠
黄宙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Ping An Medical Health Technology Service Co Ltd
Original Assignee
Shenzhen Ping An Medical Health Technology Service Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Ping An Medical Health Technology Service Co Ltd filed Critical Shenzhen Ping An Medical Health Technology Service Co Ltd
Priority to CN202011635807.4A priority Critical patent/CN112733146B/en
Publication of CN112733146A publication Critical patent/CN112733146A/en
Application granted granted Critical
Publication of CN112733146B publication Critical patent/CN112733146B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/23Clustering techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/243Classification techniques relating to the number of classes
    • G06F18/24323Tree-organised classifiers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/20Natural language analysis
    • G06F40/237Lexical tools
    • G06F40/242Dictionaries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/20Natural language analysis
    • G06F40/279Recognition of textual entities
    • G06F40/289Phrasal analysis, e.g. finite state techniques or chunking
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning

Abstract

The invention relates to the field of artificial intelligence, and discloses a penetration testing method, a device, equipment and a storage medium based on machine learning, which are used for improving the execution efficiency of a penetration testing process. The penetration testing method based on the machine learning comprises the following steps: acquiring target object network information and vulnerability information; analyzing the target object network information through a penetration test scene to obtain an initial penetration test case rule set and a target machine learning model; identifying and classifying the rule set and the vulnerability information of the initial penetration test case through a target machine learning model to obtain a target penetration test case which accords with a penetration test scene; and sending the target penetration test case to the test terminal so that the test terminal executes the target penetration test case in a preset simulation environment to obtain a penetration test result, and generating a penetration test report based on the penetration test result. In addition, the invention also relates to a block chain technology, and the target penetration test case can be stored in the block chain node.

Description

Penetration testing method, device and equipment based on machine learning and storage medium
Technical Field
The invention relates to the field of machine learning of artificial intelligence, in particular to a penetration testing method, a penetration testing device, penetration testing equipment and a storage medium based on machine learning.
Background
Penetration testing is an evaluation method for evaluating the security of a computer network system by simulating the attack method of a malicious hacker. Existing penetration tests in the industry are in manual and automated forms, whether commercial penetration test services or mass testing platforms, and the main testing method is based on fixed rules.
In the prior art, for a traditional penetration testing method based on a fixed rule, the testing process has singleness and incoherency on threat utilization. The traditional penetration test does not have important factors (such as self-learning multi-rule matching, association of multiple risk points and support of continuous safety detection on targets) for restricting the efficiency and quality of the penetration test, so that the execution efficiency of the penetration test flow is low.
Disclosure of Invention
The invention provides a penetration testing method, a device, equipment and a storage medium based on machine learning, which are used for improving the execution efficiency of a penetration testing process and reducing the penetration testing cost.
In order to achieve the above object, a first aspect of the present invention provides a machine learning-based penetration testing method, including: acquiring target object network information and vulnerability information sent by a target terminal, wherein the target object network information comprises region information, domain name information, fingerprint identification information, component type information and network environment information; performing penetration test scene analysis on the target object network information to obtain an initial penetration test case rule set and a target machine learning model, wherein the initial penetration test case rule set comprises an execution flow of a penetration test case, an execution probability of the penetration test case and a boundary value of penetration test data; identifying and classifying the initial penetration test case rule set and the vulnerability information through the target machine learning model to obtain a target penetration test case which accords with a penetration test scene; and sending the target penetration test case to a test terminal so that the test terminal executes the target penetration test case in a preset simulation environment to obtain a penetration test result, and generating a penetration test report based on the penetration test result.
Optionally, in a first implementation manner of the first aspect of the present invention, the performing a penetration test scenario analysis on the target object network information to obtain an initial penetration test case rule set and a target machine learning model, where the initial penetration test case rule set includes an execution flow of a penetration test case, an execution probability of the penetration test case, and a boundary value of penetration test data, and includes: acquiring a preset word segmentation dictionary, acquiring a matched area name from the area information according to the area name in the preset word segmentation dictionary, and inquiring an area identifier from a preset configuration data table according to the matched area name and the domain name information; determining a scene identifier according to the area identifier, the fingerprint identification information, the component type information and the network environment information, constructing a penetration test scene according to the scene identifier, and acquiring an initial penetration test case rule set corresponding to the penetration test scene, wherein the initial penetration test case rule set comprises an execution flow of a penetration test case, an execution probability of the penetration test case and a boundary value of penetration test data; and determining a target machine learning model based on the scene identification, wherein the target machine learning model is a machine learning model which is trained in advance and accords with a penetration test scene.
Optionally, in a second implementation manner of the first aspect of the present invention, the identifying and classifying the initial penetration test case rule set and the vulnerability information through the target machine learning model to obtain a target penetration test case that conforms to a penetration test scenario includes: extracting an initial characteristic data set from the initial penetration test case rule set and the vulnerability information through a characteristic extraction network in the target machine learning model; clustering and data screening processing are carried out on the initial characteristic data set through a clustering network in the target machine learning model, and screened characteristic data are obtained; and calling a multi-classification scene test network in the target machine learning model to classify the screened feature data to obtain a target penetration test path, and generating a target penetration test case according with a penetration test scene according to the target penetration test path.
Optionally, in a third implementation manner of the first aspect of the present invention, the invoking a multi-classification scenario test network in the target machine learning model to perform classification processing on the filtered feature data to obtain a target penetration test path, and generating a target penetration test case conforming to a penetration test scenario according to the target penetration test path includes: calling a multi-classification scene test network in the target machine learning model to sequentially perform text analysis and feature extraction on the screened feature data to obtain feature vectors, wherein the multi-classification scene test network is a random forest classifier; and classifying the feature vectors to obtain a classification result, screening a target penetration test path from the classification result, and generating a target penetration test case according with a penetration test scene according to the target penetration test path.
Optionally, in a fourth implementation manner of the first aspect of the present invention, the sending the target penetration test case to a test terminal to enable the test terminal to execute the target penetration test case in a preset simulation environment to obtain a penetration test result, and generating a penetration test report based on the penetration test result includes: inserting the target penetration test case into a preset sending queue, and sending the target penetration test case to a test terminal through the preset sending queue so that the test terminal executes the target penetration test case in a preset simulation environment to obtain a penetration test result; when a penetration test result sent by the test terminal is received, acquiring a preset report template, and analyzing the penetration test result to obtain analyzed penetration test content; and updating the analyzed penetration test content into the preset report template to obtain a penetration test report, wherein the penetration test report is a report for carrying out detailed analysis on a penetration test stage.
Optionally, in a fifth implementation manner of the first aspect of the present invention, before the obtaining target object network information and vulnerability information sent by a target terminal, where the target object network information includes area information, domain name information, fingerprint identification information, component type information, and network environment information, the machine learning-based penetration testing method further includes: reading a training sample data set from a preset sample data base, wherein the training sample data set is used for indicating a preset penetration test case data set; and performing model training according to the training sample data set to obtain a plurality of machine learning algorithm analysis models, wherein the plurality of machine learning algorithm analysis models comprise the target machine learning model, and each machine learning algorithm analysis model has a corresponding penetration test scene.
Optionally, in a sixth implementation manner of the first aspect of the present invention, after the sending the target penetration test case to a test terminal to enable the test terminal to execute the target penetration test case in a preset simulation environment to obtain a penetration test result, and generate a penetration test report based on the penetration test result, the penetration test method based on machine learning further includes: performing iterative optimization on the target machine learning model based on the penetration test result to obtain an optimized machine learning model; and regenerating the optimized penetration test case through the optimized machine learning model until the penetration test is finished.
The invention provides a penetration testing device based on machine learning in a second aspect, which comprises: the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring target object network information and vulnerability information sent by a target terminal, and the target object network information comprises region information, domain name information, fingerprint identification information, component type information and network environment information; the analysis module is used for analyzing the penetration test scene of the target object network information to obtain an initial penetration test case rule set and a target machine learning model, wherein the initial penetration test case rule set comprises an execution flow of a penetration test case, an execution probability of the penetration test case and a boundary value of penetration test data; the classification module is used for identifying and classifying the initial penetration test case rule set and the vulnerability information through the target machine learning model to obtain a target penetration test case which accords with a penetration test scene; and the test module is used for sending the target penetration test case to a test terminal so that the test terminal executes the target penetration test case in a preset simulation environment to obtain a penetration test result, and a penetration test report is generated based on the penetration test result.
Optionally, in a first implementation manner of the second aspect of the present invention, the analysis module is specifically configured to: acquiring a preset word segmentation dictionary, acquiring a matched area name from the area information according to the area name in the preset word segmentation dictionary, and inquiring an area identifier from a preset configuration data table according to the matched area name and the domain name information; determining a scene identifier according to the area identifier, the fingerprint identification information, the component type information and the network environment information, constructing a penetration test scene according to the scene identifier, and acquiring an initial penetration test case rule set corresponding to the penetration test scene, wherein the initial penetration test case rule set comprises an execution flow of a penetration test case, an execution probability of the penetration test case and a boundary value of penetration test data; and determining a target machine learning model based on the scene identification, wherein the target machine learning model is a machine learning model which is trained in advance and accords with a penetration test scene.
Optionally, in a second implementation manner of the second aspect of the present invention, the classification module further includes: an extraction unit, configured to extract an initial feature data set from the initial penetration test case rule set and the vulnerability information through a feature extraction network in the target machine learning model; the clustering unit is used for clustering and data screening processing on the initial characteristic data set through a clustering network in the target machine learning model to obtain screened characteristic data; and the classification unit is used for calling a multi-classification scene test network in the target machine learning model to classify the screened feature data to obtain a target penetration test path, and generating a target penetration test case conforming to a penetration test scene according to the target penetration test path.
Optionally, in a third implementation manner of the second aspect of the present invention, the classifying unit is specifically configured to: calling a multi-classification scene test network in the target machine learning model to sequentially perform text analysis and feature extraction on the screened feature data to obtain feature vectors, wherein the multi-classification scene test network is a random forest classifier; and classifying the feature vectors to obtain a classification result, screening a target penetration test path from the classification result, and generating a target penetration test case conforming to a penetration test scene according to the target penetration test path.
Optionally, in a fourth implementation manner of the second aspect of the present invention, the test module is specifically configured to: inserting the target penetration test case into a preset sending queue, and sending the target penetration test case to a test terminal through the preset sending queue so that the test terminal executes the target penetration test case in a preset simulation environment to obtain a penetration test result; when a penetration test result sent by the test terminal is received, acquiring a preset report template, and analyzing the penetration test result to obtain analyzed penetration test content; and updating the analyzed penetration test content into the preset report template to obtain a penetration test report, wherein the penetration test report is a report for carrying out detailed analysis on a penetration test stage.
Optionally, in a fifth implementation manner of the second aspect of the present invention, the machine learning-based penetration testing apparatus further includes: the system comprises a reading module, a processing module and a processing module, wherein the reading module is used for reading a training sample data set from a preset sample data base, and the training sample data set is used for indicating a preset penetration test case data set; and the training module is used for carrying out model training according to the training sample data set to obtain a plurality of machine learning algorithm analysis models, the plurality of machine learning algorithm analysis models comprise the target machine learning model, and each machine learning algorithm analysis model has a corresponding penetration test scene.
Optionally, in a sixth implementation manner of the second aspect of the present invention, the machine learning-based penetration testing apparatus further includes: the optimization module is used for carrying out iterative optimization on the target machine learning model based on the penetration test result to obtain an optimized machine learning model; and the generating module is used for regenerating the optimized penetration test case through the optimized machine learning model until the penetration test is finished.
A third aspect of the present invention provides a machine learning-based penetration testing apparatus, comprising: a memory and at least one processor, the memory having instructions stored therein; the at least one processor invokes the instructions in the memory to cause the machine learning based penetration test apparatus to perform the machine learning based penetration test method described above.
A fourth aspect of the present invention provides a computer-readable storage medium having stored therein instructions, which, when run on a computer, cause the computer to execute the machine learning-based penetration testing method described above.
In the technical scheme provided by the invention, target object network information and vulnerability information sent by a target terminal are obtained, wherein the target object network information comprises regional information, domain name information, fingerprint identification information, component type information and network environment information; performing penetration test scene analysis on the target object network information to obtain an initial penetration test case rule set and a target machine learning model, wherein the initial penetration test case rule set comprises an execution flow of a penetration test case, an execution probability of the penetration test case and a boundary value of penetration test data; identifying and classifying the initial penetration test case rule set and the vulnerability information through the target machine learning model to obtain a target penetration test case which accords with a penetration test scene; and sending the target penetration test case to a test terminal so that the test terminal executes the target penetration test case in a preset simulation environment to obtain a penetration test result, and generating a penetration test report based on the penetration test result. In the embodiment of the invention, the initial penetration test case rule set and the target machine learning model are obtained by analyzing the penetration test scene of the target object network information, the initial penetration test case rule set and the vulnerability information are identified and classified by the target machine learning model, the target penetration test case conforming to the penetration test scene is obtained, and the target penetration test case is executed in the preset simulation environment, so that the execution efficiency of the penetration test process is improved, and the penetration test cost is reduced.
Drawings
FIG. 1 is a schematic diagram of an embodiment of a machine learning-based penetration testing method according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of another embodiment of the penetration testing method based on machine learning in the embodiment of the present invention;
FIG. 3 is a schematic diagram of an embodiment of a machine learning based penetration testing apparatus according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of another embodiment of a machine learning based penetration testing apparatus according to an embodiment of the present invention;
fig. 5 is a schematic diagram of an embodiment of the machine learning-based penetration testing apparatus according to the embodiment of the present invention.
Detailed Description
The embodiment of the invention provides a machine learning-based penetration test method, device, equipment and storage medium, which are used for identifying and classifying an initial penetration test case rule set and vulnerability information through a target machine learning model to obtain a target penetration test case conforming to a penetration test scene, and improve the execution efficiency of a penetration test process.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims, as well as in the drawings, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that the embodiments described herein may be practiced otherwise than as specifically illustrated or described herein. Moreover, the terms "comprises," "comprising," or "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
For understanding, a specific flow of an embodiment of the present invention is described below, and referring to fig. 1, an embodiment of a machine learning-based penetration testing method in an embodiment of the present invention includes:
101. and acquiring target object network information and vulnerability information sent by a target terminal, wherein the target object network information comprises region information, domain name information, fingerprint identification information, component type information and network environment information.
The target object network information may be divided according to user behaviors and a network environment, and may include other information besides the region information, the domain name information, the fingerprint identification information, and the component type information, which is not limited herein. The method includes that a target terminal firstly collects information of a target object to obtain initial information, wherein the information collection comprises database whios information collection, domain name information collection, mailbox information collection and area information collection of detailed information; then, the target terminal scans and detects the initial information to obtain target object network information, wherein the target object network information comprises area information, domain name information, fingerprint identification information and component type information, specifically, the server scans and detects the initial information according to a polling detection strategy, wherein the polling detection strategy comprises port detection, global wide area network (WWAN) web fingerprint identification, web path detection, crawler detection or middleware identification detection, for example, the target terminal performs domain name detection on whios information; and finally, the target terminal performs security detection on the target object network information by means of scanning and the like based on the vulnerability database so as to find available vulnerability information and ensure information accuracy. For example, the server performs vulnerability detection by using an open web application security project OWASP or a general component, or may use other vulnerability detection tools, which is not limited herein.
And then, the terminal calls a preset information uploading interface to package the target object network information and the vulnerability information and sends the packaged target object network information and vulnerability information to the server. The server may also perform data preprocessing on the target object network information and the vulnerability information, for example, the server deletes duplicate data and null data, and the like, which is not limited herein. Further, the target penetration test case is stored in the blockchain database, which is not limited herein.
It is to be understood that the executing subject of the present invention may be a machine learning-based penetration testing apparatus, and may also be a terminal or a server, which is not limited herein. The embodiment of the present invention is described by taking a server as an execution subject.
102. And analyzing the target object network information to obtain an initial penetration test case rule set and a target machine learning model, wherein the initial penetration test case rule set comprises an execution flow of a penetration test case, an execution probability of the penetration test case and a boundary value of penetration test data.
Specifically, the server constructs a penetration test scene according to the area where the penetration test target is located and the network environment (target object network information), distributes test rules (penetration test case rules) optimized by an initial strategy corresponding to the penetration test scene, and then constructs the penetration test scene according to the primary scanning test result. Further, the server sequentially and respectively performs area recognition and scene recognition on the target object network information to obtain an initial penetration test case rule set and a target machine learning model.
It should be noted that the initial rule set of the penetration test case includes an execution flow of the penetration test case, an execution probability of the penetration test case, and a boundary value of the penetration test data. The execution flow of the penetration test case is used for indicating specific execution steps of the penetration test case, the execution probability of the penetration test case is used for indicating the execution times of the penetration test case under the preset judgment condition, and the boundary value of the penetration test data is used for indicating the boundary value analysis of the penetration test case. The preset determination condition may be a path coverage condition, a combination coverage condition, or a statement coverage condition, or may be another determination condition, which is not limited herein.
103. And identifying and classifying the rule set of the initial penetration test case and the vulnerability information through a target machine learning model to obtain a target penetration test case which accords with a penetration test scene.
Specifically, the server analyzes and calculates an initial penetration test case rule set and vulnerability information through a target machine learning model to obtain an initial characteristic data set; and the server carries out aggregation and classification processing based on the initial characteristic data set to obtain a penetration test prediction scheme (namely, a target penetration test case) conforming to a penetration test scene. It should be noted that the server may further mine the system vulnerability risk by combining the target object network information obtained by the intelligent scanning test mode of the actual scene, and at the same time, the risk may be comprehensively evaluated from the line or plane level on the risk rating level instead of individually using the vulnerability information on the point as the main factor, thereby improving the test efficiency and reducing the test cost.
104. And sending the target penetration test case to the test terminal so that the test terminal executes the target penetration test case in a preset simulation environment to obtain a penetration test result, and generating a penetration test report based on the penetration test result.
Further, the test terminal executes a deep penetration test based on an actual situation (namely, a preset simulation environment) according to a new strategy rule (a target penetration test case); and the test terminal returns the penetration test result to the server, then the server analyzes the penetration test result fed back by the test terminal, and combines the target machine learning model to analyze and calculate the optimized penetration test path according to the actual application scene again to aggregate into a penetration test prediction case according with the penetration test scene, and then the penetration test prediction case is synchronized to the test terminal until the penetration test is finished. And then, the server generates penetration test reports of different test stages based on penetration test results of different stages, compares and analyzes the penetration test reports of different test stages to obtain new leak information, plans a new penetration test case, and improves the accuracy of penetration test.
In the embodiment of the invention, the initial penetration test case rule set and the target machine learning model are obtained by analyzing the penetration test scene of the target object network information, the initial penetration test case rule set and the vulnerability information are identified and classified by the target machine learning model, the target penetration test case conforming to the penetration test scene is obtained, and the target penetration test case is executed in the preset simulation environment, so that the execution efficiency of the penetration test process is improved, and the penetration test cost is reduced.
Referring to fig. 2, another embodiment of the penetration testing method based on machine learning according to the embodiment of the present invention includes:
201. and acquiring target object network information and vulnerability information sent by a target terminal, wherein the target object network information comprises region information, domain name information, fingerprint identification information, component type information and network environment information.
The step 201 is similar to the step 101, and details thereof are not repeated here.
202. And analyzing the target object network information through a penetration test scene to obtain an initial penetration test case rule set and a target machine learning model, wherein the initial penetration test case rule set comprises an execution flow of the penetration test case, an execution probability of the penetration test case and a boundary value of penetration test data.
The server combines any one or any several of the execution flow of the penetration test case, the execution probability of the penetration test case and the boundary value of the penetration test data to obtain an initial penetration test case rule set. It should be noted that the server may use the kaffka message queue to construct a penetration test scenario, and set a target machine learning model corresponding to the penetration test scenario for different penetration test scenarios. For example, when the penetration test scenario is a network probing scenario or an app penetration analysis scenario is applied, the corresponding machine learning algorithm models are different.
Optionally, the server obtains a preset segmentation dictionary, obtains a matched region name from the region information according to the region name in the preset segmentation dictionary, and queries a region identifier from a preset configuration data table according to the matched region name and domain name information, for example, the matched region name is named as city a; the method comprises the steps that a server determines a scene identifier according to an area identifier, fingerprint identification information, component type information and network environment information, the server constructs a penetration test scene according to the scene identifier, and obtains an initial penetration test case rule set corresponding to the penetration test scene, wherein the initial penetration test case rule set comprises an execution flow of a penetration test case, an execution probability of the penetration test case and a boundary value of penetration test data; the server determines a target machine learning model based on the scene identification, wherein the target machine learning model is a machine learning model which is trained in advance and accords with the penetration test scene.
It is to be understood that the penetration test scenario may include an operating system use case (e.g., linux and/or windows), a permission use case, and a user account password use case, and may also include other use cases, which are not limited herein, and corresponding scenario labels are marked on the use cases.
203. And extracting an initial characteristic data set from the initial penetration test case rule set and the vulnerability information through a characteristic extraction network in the target machine learning model.
It should be noted that the target machine learning model is a machine learning model which is trained in advance and conforms to the penetration test scenario, before step 201, the server reads a training sample data set from a preset sample database, and the training sample data set is used for indicating a preset penetration test case data set; the server performs model training according to the training sample data set to obtain a plurality of machine learning algorithm analysis models, the plurality of machine learning algorithm analysis models comprise target machine learning models, and each machine learning algorithm analysis model has a corresponding penetration test scene.
The target machine learning model comprises a feature extraction network, a clustering network and a multi-classification scene testing network. It is understood that the heart of the machine learning model is data collection, feature engineering and algorithms. The training sample data set is used for indicating a preset penetration test case data set, for example, the preset penetration test case data set of the server includes situation awareness platform attack chain data, test records of penetration tests (CTFs), a website blog vulnerability exploitation strategy, a security organization attack rule base and the like. Further, the server sequentially performs feature extraction and cluster analysis on the penetration test case data set through each machine learning algorithm analysis model, for example, the server selects a minimum model which is constructed by a k-cluster k-means algorithm and can fully express regional samples as a user profile, and therefore more effective test payload under different scenes is identified. The server screens the test payload by utilizing the clustering network in each machine learning algorithm analysis model, then further establishes a multi-classification scene test network, simultaneously adjusts the network parameters in each machine learning algorithm analysis model, and determines that the training of the feature extraction network, the clustering network and the multi-classification scene test network in each machine learning algorithm analysis model is completed when the loss value is smaller than a preset threshold value.
Further, the server extracts test case characteristics and vulnerability characteristics from the initial penetration test case rule set and the vulnerability information through a characteristic extraction network in the target machine learning model, and screens and combines the test case characteristics and the vulnerability characteristics to obtain an initial characteristic data set.
204. And clustering and data screening processing are carried out on the initial characteristic data set through a clustering network in the target machine learning model, so as to obtain screened characteristic data.
Specifically, the server performs data preprocessing (for example, deleting null values and the like) on the initial feature data set to obtain a preprocessed feature data set; the server inputs the preprocessed feature data set into a clustering network in a target machine learning model to obtain a clustering result; and the server performs qualitative analysis on the clustering result, and extracts each clustering characteristic index in the clustering result and a characteristic value corresponding to each clustering characteristic index to obtain screened characteristic data.
205. And calling a multi-classification scene test network in the target machine learning model to classify the screened feature data to obtain a target penetration test path, and generating a target penetration test case conforming to the penetration test scene according to the target penetration test path.
It can be understood that the multi-classification scene test network in the target machine learning model may be a random forest classifier, and may also be other types of classifiers, which is not limited herein. The random forest classifier combines preset classification trees into a random forest, namely, a server randomizes the use of variables (columns) and the use of data (rows) to generate a plurality of classification trees, and then collects the results of the classification trees. Furthermore, the server abstracts the known attack payload, the scene type and the region position into a plurality of characteristic vectors, then conveys the characteristic vectors into a random forest classifier, and classifies the random forest classifier to construct a multi-classification scene test network, so as to obtain a novel attack path (target penetration test path).
Optionally, the server calls a multi-classification scene test network in the target machine learning model to perform text analysis on the screened feature data to obtain analyzed feature data, and the text analysis includes number processing, letter processing, character processing and text structure analysis. For example, the server has characteristics that Structured Query Language (SQL) injection has SQL keywords and the number ratio is larger than a preset value and the like for different test types, and text analysis mainly performs some statistical processing to obtain analyzed characteristic data. Then, the server performs feature extraction on the analyzed feature data, including extraction of feature words, weights, and keywords, and may also extract other information, which is not limited herein. It can be understood that the feature extraction mainly uses various attack paths in the test type, such as SQL-injected keywords as keywords of a space vector model, the server adopts a preset word segmentation algorithm to strip words of a character string, then counts word frequency, and maps the words to a space vector by combining a target area and a penetration test scene to obtain a feature vector; and finally, the server classifies the feature vectors to obtain a classification result, screens the classification result to obtain a target penetration test path, and generates a target penetration test case conforming to a penetration test scene according to the target penetration test path.
206. And sending the target penetration test case to the test terminal so that the test terminal executes the target penetration test case in a preset simulation environment to obtain a penetration test result, and generating a penetration test report based on the penetration test result.
It can be understood that the server also needs to perform simulation test on the target penetration test case in a preset simulation environment to check whether the target penetration test case is abnormal. Optionally, the server inserts the target penetration test case into a preset sending queue, and sends the target penetration test case to the test terminal through the preset sending queue, so that the test terminal executes the target penetration test case in a preset simulation environment to obtain a penetration test result; when the server receives a penetration test result sent by the test terminal, the server acquires a preset report template, and the server analyzes the content of the penetration test result to obtain analyzed penetration test content; and the server updates the analyzed penetration test content into a preset report template to obtain a penetration test report, wherein the penetration test report is a report for carrying out detailed analysis on a penetration test stage.
It should be noted that, the report template is preset as a preset template file. Furthermore, the server can also send the penetration test report to the test terminal, so that the test terminal can display the penetration test report to target personnel, and the target personnel can conveniently check the penetration test result.
Further, the server performs iterative optimization on the target machine learning model based on the penetration test result to obtain an optimized machine learning model; and the server regenerates the optimized penetration test case through the optimized machine learning model until the penetration test is finished, so that the accuracy of the penetration test is improved.
In the embodiment of the invention, the initial penetration test case rule set and the target machine learning model are obtained by analyzing the penetration test scene of the target object network information, the initial penetration test case rule set and the vulnerability information are identified and classified by the target machine learning model, the target penetration test case conforming to the penetration test scene is obtained, and the target penetration test case is executed in the preset simulation environment, so that the execution efficiency of the penetration test process is improved, and the penetration test cost is reduced.
With reference to fig. 3, the penetration test method based on machine learning in the embodiment of the present invention is described above, and a penetration test apparatus based on machine learning in the embodiment of the present invention is described below, where an embodiment of the penetration test apparatus based on machine learning in the embodiment of the present invention includes:
the acquisition module 301 is configured to acquire target object network information and vulnerability information sent by a target terminal, where the target object network information includes area information, domain name information, fingerprint identification information, component type information, and network environment information;
the analysis module 302 is configured to perform penetration test scene analysis on the target object network information to obtain an initial penetration test case rule set and a target machine learning model, where the initial penetration test case rule set includes an execution flow of a penetration test case, an execution probability of the penetration test case, and a boundary value of penetration test data;
the classification module 303 is configured to identify and classify the initial penetration test case rule set and the vulnerability information through a target machine learning model, so as to obtain a target penetration test case that meets a penetration test scenario;
the test module 304 is configured to send the target penetration test case to the test terminal, so that the test terminal executes the target penetration test case in a preset simulation environment to obtain a penetration test result, and generates a penetration test report based on the penetration test result.
Further, the target penetration test case is stored in the blockchain database, which is not limited herein.
In the embodiment of the invention, the initial penetration test case rule set and the target machine learning model are obtained by analyzing the penetration test scene of the target object network information, the initial penetration test case rule set and the vulnerability information are identified and classified by the target machine learning model, the target penetration test case conforming to the penetration test scene is obtained, and the target penetration test case is executed in the preset simulation environment, so that the execution efficiency of the penetration test process is improved, and the penetration test cost is reduced.
Referring to fig. 4, another embodiment of the penetration testing apparatus based on machine learning according to the embodiment of the present invention includes:
the acquisition module 301 is configured to acquire target object network information and vulnerability information sent by a target terminal, where the target object network information includes area information, domain name information, fingerprint identification information, component type information, and network environment information;
the analysis module 302 is configured to perform penetration test scene analysis on the target object network information to obtain an initial penetration test case rule set and a target machine learning model, where the initial penetration test case rule set includes an execution flow of a penetration test case, an execution probability of the penetration test case, and a boundary value of penetration test data;
the classification module 303 is configured to identify and classify the initial penetration test case rule set and the vulnerability information through a target machine learning model, so as to obtain a target penetration test case that meets a penetration test scenario;
the test module 304 is configured to send the target penetration test case to the test terminal, so that the test terminal executes the target penetration test case in a preset simulation environment to obtain a penetration test result, and generates a penetration test report based on the penetration test result.
Optionally, the analysis module 302 may be further specifically configured to:
acquiring a preset word segmentation dictionary, acquiring a matched area name from area information according to the area name in the preset word segmentation dictionary, and inquiring an area identifier from a preset configuration data table according to the matched area name and domain name information;
determining a scene identifier according to the region identifier, the fingerprint identification information, the component type information and the network environment information, constructing an infiltration test scene according to the scene identifier, and acquiring an initial infiltration test case rule set corresponding to the infiltration test scene, wherein the initial infiltration test case rule set comprises an execution flow of an infiltration test case, an execution probability of the infiltration test case and a boundary value of infiltration test data;
and determining a target machine learning model based on the scene identification, wherein the target machine learning model is a machine learning model which is trained in advance and accords with the penetration test scene.
Optionally, the classifying module 303 further includes:
an extraction unit 3031, configured to extract an initial feature data set for the initial penetration test case rule set and the vulnerability information through a feature extraction network in the target machine learning model;
a clustering unit 3032, configured to perform clustering and data screening on the initial feature data set through a clustering network in the target machine learning model to obtain screened feature data;
a classifying unit 3033, configured to invoke a multi-classification scenario test network in the target machine learning model to perform classification processing on the filtered feature data, so as to obtain a target penetration test path, and generate a target penetration test case that conforms to the penetration test scenario according to the target penetration test path.
Optionally, the classification unit 3033 may further specifically be configured to:
calling a multi-classification scene testing network in the target machine learning model to sequentially perform text analysis and feature extraction on the screened feature data to obtain feature vectors, wherein the multi-classification scene testing network is a random forest classifier;
and classifying the feature vectors to obtain a classification result, screening a target penetration test path from the classification result, and generating a target penetration test case according with a penetration test scene according to the target penetration test path.
Optionally, the test module 304 may be further specifically configured to:
inserting the target penetration test case into a preset sending queue, and sending the target penetration test case to the test terminal through the preset sending queue so that the test terminal can execute the target penetration test case in a preset simulation environment to obtain a penetration test result;
when a penetration test result sent by a test terminal is received, acquiring a preset report template, and analyzing the penetration test result to obtain analyzed penetration test content;
and updating the analyzed penetration test content into a preset report template to obtain a penetration test report, wherein the penetration test report is a report for carrying out detailed analysis on the penetration test stage.
Optionally, the machine learning-based penetration testing apparatus further includes:
a reading module 305, configured to read a training sample data set from a preset sample database, where the training sample data set is used to indicate a preset penetration test case data set;
the training module 306 is configured to perform model training according to the training sample data set to obtain a plurality of machine learning algorithm analysis models, where the plurality of machine learning algorithm analysis models include a target machine learning model, and each machine learning algorithm analysis model has a corresponding penetration test scenario.
Optionally, the machine learning-based penetration testing apparatus further includes:
the optimization module 307 is configured to perform iterative optimization on the target machine learning model based on the penetration test result to obtain an optimized machine learning model;
and the generating module 308 is configured to regenerate the optimized penetration test case through the optimized machine learning model until the penetration test is finished.
In the embodiment of the invention, the initial penetration test case rule set and the target machine learning model are obtained by analyzing the penetration test scene of the target object network information, the initial penetration test case rule set and the vulnerability information are identified and classified by the target machine learning model, the target penetration test case conforming to the penetration test scene is obtained, and the target penetration test case is executed in the preset simulation environment, so that the execution efficiency of the penetration test process is improved, and the penetration test cost is reduced.
Fig. 3 and 4 above describe the penetration test device based on machine learning in the embodiment of the present invention in detail from the perspective of modularization, and the penetration test device based on machine learning in the embodiment of the present invention is described in detail from the perspective of hardware processing.
Fig. 5 is a schematic structural diagram of a machine learning-based penetration test apparatus 500 according to an embodiment of the present invention, which may include one or more processors (CPUs) 510 (e.g., one or more processors) and a memory 520, and one or more storage media 530 (e.g., one or more mass storage devices) storing applications 533 or data 532, where the machine learning-based penetration test apparatus 500 may generate relatively large differences due to different configurations or performances. Memory 520 and storage media 530 may be, among other things, transient or persistent storage. The program stored on the storage medium 530 may include one or more modules (not shown), each of which may include a series of instructions operating on the machine-learning based penetration testing apparatus 500. Still further, the processor 510 may be configured to communicate with the storage medium 530 to execute a series of instruction operations in the storage medium 530 on the machine learning based penetration testing apparatus 500.
The machine learning based penetration test apparatus 500 may also include one or more power supplies 540, one or more wired or wireless network interfaces 550, one or more input-output interfaces 560, and/or one or more operating systems 531, such as Windows Server, mac OS X, unix, linux, freeBSD, and the like. Those skilled in the art will appreciate that the machine learning based penetration test apparatus configuration shown in FIG. 5 does not constitute a limitation of machine learning based penetration test apparatuses and may include more or fewer components than shown, or some components in combination, or a different arrangement of components.
The present invention also provides a computer-readable storage medium, which may be a non-volatile computer-readable storage medium, which may also be a volatile computer-readable storage medium, having stored therein instructions, which, when run on a computer, cause the computer to perform the steps of the machine learning-based penetration testing method.
The invention also provides machine learning-based penetration testing equipment, which comprises a memory and a processor, wherein the memory stores instructions, and the instructions, when executed by the processor, cause the processor to execute the steps of the machine learning-based penetration testing method in the embodiments.
Further, the computer-readable storage medium may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created according to the use of the blockchain node, and the like.
The block chain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product service layer, an application service layer, and the like.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (9)

1. A machine learning-based penetration testing method is characterized by comprising the following steps:
acquiring target object network information and vulnerability information sent by a target terminal, wherein the target object network information comprises region information, domain name information, fingerprint identification information, component type information and network environment information;
analyzing the target object network information to obtain an initial penetration test case rule set and a target machine learning model, wherein the initial penetration test case rule set comprises an execution flow of a penetration test case, an execution probability of the penetration test case and a boundary value of penetration test data;
identifying and classifying the initial penetration test case rule set and the vulnerability information through the target machine learning model to obtain a target penetration test case which accords with a penetration test scene;
the identifying and classifying the initial penetration test case rule set and the vulnerability information through the target machine learning model to obtain the target penetration test case conforming to the penetration test scene comprises the following steps:
extracting an initial characteristic data set from the initial penetration test case rule set and the vulnerability information through a characteristic extraction network in the target machine learning model;
clustering and data screening processing are carried out on the initial characteristic data set through a clustering network in the target machine learning model, and screened characteristic data are obtained;
calling a multi-classification scene test network in the target machine learning model to classify the screened feature data to obtain a target penetration test path, and generating a target penetration test case conforming to a penetration test scene according to the target penetration test path;
and sending the target penetration test case to a test terminal so that the test terminal executes the target penetration test case in a preset simulation environment to obtain a penetration test result, and generating a penetration test report based on the penetration test result.
2. The machine learning-based penetration test method according to claim 1, wherein the penetration test scenario analysis is performed on the target object network information to obtain an initial penetration test case rule set and a target machine learning model, the initial penetration test case rule set includes an execution flow of a penetration test case, an execution probability of the penetration test case, and a boundary value of penetration test data, and includes:
acquiring a preset word segmentation dictionary, acquiring a matched area name from the area information according to the area name in the preset word segmentation dictionary, and inquiring an area identifier from a preset configuration data table according to the matched area name and the domain name information;
determining a scene identifier according to the area identifier, the fingerprint identification information, the component type information and the network environment information, constructing a penetration test scene according to the scene identifier, and acquiring an initial penetration test case rule set corresponding to the penetration test scene, wherein the initial penetration test case rule set comprises an execution flow of a penetration test case, an execution probability of the penetration test case and a boundary value of penetration test data;
and determining a target machine learning model based on the scene identification, wherein the target machine learning model is a machine learning model which is trained in advance and accords with a penetration test scene.
3. The machine learning-based penetration test method according to claim 1, wherein the invoking of a multi-classification scenario test network in the target machine learning model to perform classification processing on the screened feature data to obtain a target penetration test path, and generating a target penetration test case conforming to a penetration test scenario according to the target penetration test path comprises:
calling a multi-classification scene test network in the target machine learning model to sequentially perform text analysis and feature extraction on the screened feature data to obtain feature vectors, wherein the multi-classification scene test network is a random forest classifier;
and classifying the feature vectors to obtain a classification result, screening a target penetration test path from the classification result, and generating a target penetration test case according with a penetration test scene according to the target penetration test path.
4. The machine learning-based penetration test method according to claim 1, wherein the sending the target penetration test case to a test terminal so that the test terminal executes the target penetration test case in a preset simulation environment to obtain a penetration test result, and generating a penetration test report based on the penetration test result comprises:
inserting the target penetration test case into a preset sending queue, and sending the target penetration test case to a test terminal through the preset sending queue so that the test terminal executes the target penetration test case in a preset simulation environment to obtain a penetration test result;
when a penetration test result sent by the test terminal is received, acquiring a preset report template, and analyzing the penetration test result to obtain analyzed penetration test content;
and updating the analyzed penetration test content into the preset report template to obtain a penetration test report, wherein the penetration test report is a report for carrying out detailed analysis on a penetration test stage.
5. The machine learning-based penetration testing method according to any one of claims 1 to 4, wherein before the obtaining target object network information and vulnerability information sent by a target terminal, the target object network information including region information, domain name information, fingerprint identification information, component type information and network environment information, the machine learning-based penetration testing method further comprises:
reading a training sample data set from a preset sample data base, wherein the training sample data set is used for indicating a preset penetration test case data set;
and performing model training according to the training sample data set to obtain a plurality of machine learning algorithm analysis models, wherein the plurality of machine learning algorithm analysis models comprise the target machine learning model, and each machine learning algorithm analysis model has a corresponding penetration test scene.
6. The machine learning-based penetration test method according to any one of claims 1 to 4, wherein after the sending the target penetration test case to a test terminal to enable the test terminal to execute the target penetration test case in a preset simulation environment to obtain a penetration test result, and generating a penetration test report based on the penetration test result, the machine learning-based penetration test method further comprises:
performing iterative optimization on the target machine learning model based on the penetration test result to obtain an optimized machine learning model;
and regenerating the optimized penetration test case through the optimized machine learning model until the penetration test is finished.
7. A machine learning based penetration testing apparatus, comprising:
the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring target object network information and vulnerability information sent by a target terminal, and the target object network information comprises region information, domain name information, fingerprint identification information, component type information and network environment information;
the analysis module is used for analyzing the penetration test scene of the target object network information to obtain an initial penetration test case rule set and a target machine learning model, wherein the initial penetration test case rule set comprises an execution flow of a penetration test case, an execution probability of the penetration test case and a boundary value of penetration test data;
the classification module is used for identifying and classifying the initial penetration test case rule set and the vulnerability information through the target machine learning model to obtain a target penetration test case which accords with a penetration test scene;
the step of identifying and classifying the initial penetration test case rule set and the vulnerability information through the target machine learning model to obtain the target penetration test case according with the penetration test scene comprises the following steps:
extracting an initial characteristic data set from the initial penetration test case rule set and the vulnerability information through a characteristic extraction network in the target machine learning model;
clustering and data screening processing are carried out on the initial characteristic data set through a clustering network in the target machine learning model, and screened characteristic data are obtained;
calling a multi-classification scene test network in the target machine learning model to classify the screened feature data to obtain a target penetration test path, and generating a target penetration test case conforming to a penetration test scene according to the target penetration test path;
and the test module is used for sending the target penetration test case to a test terminal so that the test terminal executes the target penetration test case in a preset simulation environment to obtain a penetration test result, and a penetration test report is generated based on the penetration test result.
8. A machine learning based penetration testing apparatus, comprising: a memory and at least one processor, the memory having instructions stored therein;
the at least one processor invokes the instructions in the memory to cause the machine learning based penetration testing apparatus to perform the machine learning based penetration testing method of any of claims 1-6.
9. A computer-readable storage medium having instructions stored thereon, wherein the instructions, when executed by a processor, implement the machine learning-based penetration testing method of any of claims 1-6.
CN202011635807.4A 2020-12-31 2020-12-31 Penetration testing method, device and equipment based on machine learning and storage medium Active CN112733146B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011635807.4A CN112733146B (en) 2020-12-31 2020-12-31 Penetration testing method, device and equipment based on machine learning and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011635807.4A CN112733146B (en) 2020-12-31 2020-12-31 Penetration testing method, device and equipment based on machine learning and storage medium

Publications (2)

Publication Number Publication Date
CN112733146A CN112733146A (en) 2021-04-30
CN112733146B true CN112733146B (en) 2022-12-13

Family

ID=75608621

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011635807.4A Active CN112733146B (en) 2020-12-31 2020-12-31 Penetration testing method, device and equipment based on machine learning and storage medium

Country Status (1)

Country Link
CN (1) CN112733146B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113923007A (en) * 2021-09-30 2022-01-11 绿盟科技集团股份有限公司 Safety penetration testing method and device, electronic equipment and storage medium
CN113672522B (en) * 2021-10-25 2022-02-08 腾讯科技(深圳)有限公司 Test resource compression method and related equipment
CN114218899A (en) * 2021-11-23 2022-03-22 江苏瑞中数据股份有限公司 Method for extracting report indexes and generating work briefing
CN115941359B (en) * 2023-02-06 2023-05-12 中汽研软件测评(天津)有限公司 Test case generation method, system and equipment for automobile network security detection

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10237296B2 (en) * 2014-01-27 2019-03-19 Cronus Cyber Technologies Ltd Automated penetration testing device, method and system
CN110443045B (en) * 2019-08-13 2020-12-15 北京计算机技术及应用研究所 Fuzzy test case generation method based on machine learning method
CN110688288B (en) * 2019-09-09 2023-11-07 新疆北斗同创信息科技有限公司 Automatic test method, device, equipment and storage medium based on artificial intelligence
CN110866607B (en) * 2019-09-16 2023-08-11 国网河北省电力有限公司电力科学研究院 Permeation behavior prediction algorithm based on machine learning
CN111259403A (en) * 2020-01-09 2020-06-09 深圳壹账通智能科技有限公司 Penetration testing method and device, computer equipment and storage medium
CN111625838A (en) * 2020-05-26 2020-09-04 北京墨云科技有限公司 Vulnerability scene identification method based on deep learning
CN111783105B (en) * 2020-07-08 2024-03-29 国家计算机网络与信息安全管理中心 Penetration test method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN112733146A (en) 2021-04-30

Similar Documents

Publication Publication Date Title
CN112733146B (en) Penetration testing method, device and equipment based on machine learning and storage medium
CN109753801A (en) The intelligent terminal Malware dynamic testing method called based on system
CN111262730B (en) Method and device for processing alarm information
CN111723371B (en) Method for constructing malicious file detection model and detecting malicious file
CN111368289B (en) Malicious software detection method and device
CN111047173B (en) Community credibility evaluation method based on improved D-S evidence theory
CN109740347A (en) A kind of identification of the fragile hash function for smart machine firmware and crack method
CN114553591B (en) Training method of random forest model, abnormal flow detection method and device
CN114389834B (en) Method, device, equipment and product for identifying abnormal call of API gateway
CN107368526A (en) A kind of data processing method and device
CN113205134A (en) Network security situation prediction method and system
CN117081858B (en) Intrusion behavior detection method, system, equipment and medium based on multi-decision tree
CN115577357A (en) Android malicious software detection method based on stacking integration technology
CN105468972B (en) A kind of mobile terminal document detection method
CN114024761A (en) Network threat data detection method and device, storage medium and electronic equipment
CN113723555A (en) Abnormal data detection method and device, storage medium and terminal
CN110808947B (en) Automatic vulnerability quantitative evaluation method and system
CN113722711A (en) Data adding method based on big data security vulnerability mining and artificial intelligence system
CN112532645A (en) Internet of things equipment operation data monitoring method and system and electronic equipment
CN112199388A (en) Strange call identification method and device, electronic equipment and storage medium
CN111581640A (en) Malicious software detection method, device and equipment and storage medium
CN112597498A (en) Webshell detection method, system and device and readable storage medium
CN112733966A (en) Cluster acquisition and identification method, system and storage medium
KR20210100844A (en) Method for family classification by weighted voting for android malware labels, recording medium and device for performing the method
CN111027296A (en) Report generation method and system based on knowledge base

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20220530

Address after: 518000 China Aviation Center 2901, No. 1018, Huafu Road, Huahang community, Huaqiang North Street, Futian District, Shenzhen, Guangdong Province

Applicant after: Shenzhen Ping An medical and Health Technology Service Co.,Ltd.

Address before: Room 12G, Area H, 666 Beijing East Road, Huangpu District, Shanghai 200001

Applicant before: PING AN MEDICAL AND HEALTHCARE MANAGEMENT Co.,Ltd.

GR01 Patent grant
GR01 Patent grant