CN112948830B - File risk identification method and device - Google Patents
File risk identification method and device Download PDFInfo
- Publication number
- CN112948830B CN112948830B CN202110269555.6A CN202110269555A CN112948830B CN 112948830 B CN112948830 B CN 112948830B CN 202110269555 A CN202110269555 A CN 202110269555A CN 112948830 B CN112948830 B CN 112948830B
- Authority
- CN
- China
- Prior art keywords
- file
- detected
- technical stack
- technical
- stack
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 41
- 230000002159 abnormal effect Effects 0.000 claims abstract description 25
- 238000004590 computer program Methods 0.000 claims description 9
- 238000011161 development Methods 0.000 claims description 7
- 238000010276 construction Methods 0.000 claims description 6
- 230000008520 organization Effects 0.000 claims description 6
- 238000013515 script Methods 0.000 claims description 4
- 238000000605 extraction Methods 0.000 claims description 3
- 230000005856 abnormality Effects 0.000 abstract description 3
- 238000007619 statistical method Methods 0.000 abstract description 3
- 238000005516 engineering process Methods 0.000 description 16
- 230000009191 jumping Effects 0.000 description 8
- 238000004891 communication Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 238000001514 detection method Methods 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 239000000284 extract Substances 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 239000002360 explosive Substances 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention relates to a method and a device for identifying file risk, wherein the method comprises the following steps: extracting a technical stack of a file to be detected; judging whether the technical stack of the file to be detected exists in a preset safety technical stack set or not; if yes, judging the file to be detected as a normal file, otherwise triggering an abnormal alarm. According to the invention, through carrying out statistical analysis on the technical stacks in the environment and judging and comparing the technical stacks of the files to be detected, the possible abnormality can be effectively found, and the safety risk early warning can be timely carried out.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a method and a device for identifying file risks.
Background
At present, with the explosive growth of the number of malicious files, the destructiveness of the types of the malicious files is continuously enhanced, and the timely detection of unknown malicious files becomes one of the main problems faced by network security analysis and risk discovery.
In the prior art, the risk of the file is judged by matching with known malicious features or threat information library, and unknown threats, risks and other abnormal conditions are difficult to quickly identify and judge.
Disclosure of Invention
First, the technical problem to be solved
The invention aims to solve the technical problem of how to quickly identify and judge unknown abnormal conditions.
(II) technical scheme
In order to solve the above technical problem, according to an aspect of the present invention, there is provided a method for identifying risk of a file, including: extracting a technical stack of a file to be detected; judging whether the technical stack of the file to be detected exists in a preset safety technical stack set or not; if yes, judging the file to be detected as a normal file, otherwise triggering an abnormal alarm.
Optionally, the anomaly alarm includes: and directly judging the file to be detected as an abnormal file or judging whether the file to be detected is a normal file in a preset mode.
Optionally, after judging whether the file to be detected is a normal file in a preset manner, the method further includes: if the file to be detected is a normal file, adding the technical stack of the file to be detected to the safety technical stack set, otherwise, judging that the file to be detected is an abnormal file.
Optionally, before determining whether the technical stack of the file to be detected exists in the preset security technical stack set, the method further includes: and extracting, merging and classifying the technical stacks of the files in the known security environment to obtain the security technical stack set.
Optionally, the known secure environment includes any one or more of the following environments that are known to be secure: a single host environment, a work group environment, an organization environment.
Optionally, the method of the present invention further comprises: when unloading or deleting files in the known security environment is detected, extracting a technical stack from the unloaded or deleted files, and judging whether the technical stack of the unloaded or deleted files still operates in the known security environment; if yes, no operation is performed; otherwise, deleting the technical stack of the unloaded or deleted file from the safety technical stack set.
According to still another aspect of the present invention, there is provided an apparatus for file risk identification, including:
the information extraction module is used for extracting a technical stack of the file to be detected;
the information judging module judges whether the technical stack of the file to be detected exists in a preset safety technical stack set or not; if yes, judging the file to be detected as a normal file;
and the alarm execution module triggers an abnormal alarm when the file to be detected is judged to be not a normal file.
Optionally, the anomaly alarm includes: and directly judging the file to be detected as an abnormal file or judging whether the file to be detected is a normal file in a preset mode.
Optionally, the alarm execution module is further configured to: and after judging whether the file to be detected is a normal file or not by adopting a preset mode, if the file to be detected is the normal file, adding the technical stack of the file to be detected to the safety technical stack set, otherwise, judging that the file to be detected is an abnormal file.
Optionally, the apparatus of the present invention further comprises a set construction module configured to: before judging whether the technical stack of the file to be detected exists in a preset safety technical stack set, extracting, merging and classifying the technical stack of the file under the known safety environment to obtain the safety technical stack set.
Optionally, the known secure environment includes any one or more of the following environments that are known to be secure: a single host environment, a work group environment, an organization environment.
Optionally, the apparatus of the present invention further comprises a set construction module configured to: when the unloading or deleting of the file in the known security environment is detected, extracting a technical stack from the unloaded or deleted file, and judging whether the technical stack of the unloaded or deleted file still operates in the known security environment; if yes, no operation is performed; otherwise, deleting the technology stack of the unloaded or deleted file from the security technology stack set.
According to another aspect of the present invention, there is provided a document risk identification electronic device including: one or more processors, and a storage device for storing one or more programs; the one or more processors implement the method of file risk identification of the present invention when the one or more programs are executed by the one or more processors.
According to yet another aspect of the present invention, there is provided a computer readable medium having stored thereon a computer program which when executed by a processor implements the method of file risk identification of the present invention.
(III) beneficial effects
The technical scheme of the invention has the following advantages: according to the invention, through carrying out statistical analysis on the technical stacks in the environment and judging and comparing the technical stacks of the files to be detected, the possible abnormality can be effectively found, and the safety risk early warning can be timely carried out.
Drawings
FIG. 1 is a schematic flow chart of a method for identifying file risk according to an embodiment of the present invention;
FIG. 2 is a flow chart of a method for creating a security technology stack set according to an embodiment of the present invention;
FIG. 3 is a flowchart of a method for updating a security technology stack set according to an embodiment of the present invention;
FIG. 4 is a flow chart of another method for updating a security technology stack set according to further embodiments of the present invention;
FIG. 5 is a schematic diagram of an apparatus for risk identification of documents according to an embodiment of the present invention;
FIG. 6 is an exemplary system architecture diagram in which embodiments of the present invention may be applied;
fig. 7 is a schematic diagram of a computer system suitable for use in implementing an embodiment of the invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
According to one aspect of the invention, a method of file risk identification is provided.
A large number of malicious file detection methods are matched with known malicious features or threat information libraries, so that unknown threats and risks are difficult to quickly identify and judge. But besides code features, dynamic parameters, family features, etc. of the file, the characteristics exhibited by malicious files can be seen from other angles. For example, from the technical stacks required for file development, there may be some corresponding technical stacks, such as programming languages, programming tools, scripts, etc., some of which combine high frequencies for attacker applications, while actual user use is not common.
Furthermore, in a stable IT scenario, whether this scenario is a host system comprising a single point or a work group or even an entire organization system, in principle, the application software used by IT depends on a relatively stable technical stack, i.e. the corresponding script, development language, development environment, compiler, etc. When a previously unavailable technical stack occurs in a scenario, this means a potentially high suspected risk.
The invention utilizes the technical stack to quickly find unknown suspicious malicious files and identify malicious attacks. Fig. 1 is a flow chart of a method for identifying file risk according to an embodiment of the present invention, where, as shown in fig. 1, the method for identifying file risk includes:
step S101, extracting a technical stack of a file to be detected.
Step S102, judging whether the technical stack of the file to be detected exists in a preset safety technical stack set. If yes, jumping to step S103, otherwise jumping to step S104;
step S103, judging the file to be detected as a normal file;
step S104, triggering an abnormal alarm.
In the practical application process, the files to be detected can be scanned, including all embedded files of the files to be detected.
The construction mode of the safety technology stack set can be selectively set according to actual conditions. For example, a technology stack of an application program published by a software publisher with higher awareness and credit is directly added to the set of security technology stacks. Fig. 2 is a flow chart of a method for creating a security technology stack set according to an embodiment of the present invention, as shown in fig. 2, the method is constructed according to the following steps: step S201, scanning and extracting files under a known safe environment; step S202, extracting, merging and classifying technical stacks of files in a known security environment to obtain a security technical stack set.
Fig. 3 is a flowchart of a method for updating a security technology stack set according to an embodiment of the present invention. As shown in fig. 3, the process of updating the set of security technology stacks may include: step S301, detecting a known safe environment; step S302, whether to unload or delete the file, if yes, jumping to step S303, otherwise, directly jumping to step S301 without any operation; step S303, extracting a technical stack from the uninstalled or deleted file; step S304, judging whether the technical stack of the unloaded or deleted file still operates in a known safe environment; if yes, directly jumping to the step S301 without any operation, otherwise jumping to the step S305; step S305, deleting the technology stack of the uninstalled or deleted file from the secure technology stack set. By dynamically maintaining and dynamically expanding the set, the detection efficiency and accuracy can be further improved. Known secure environments include any one or more of the following environments that are known to be secure: a single host environment, a work group environment, an organization environment.
The invention extracts the technical stack in the known safety environment to form a technical stack resource library which is dynamically maintained. When analysis of the file finds that a new technical stack different from the known technical stack resource library appears, whether the technical stack is common or not, the technical stack can be used as an abnormal event to be checked. When a technical stack commonly used by a rare, new or malicious attacker appears, an abnormal technical stack alarm can be triggered, further analysis is initiated, and the security risk is found in time.
The method of merging and classifying the extracted technical stacks can be selectively set according to actual situations, for example, the technical stacks are divided into file stacks in the electronic commerce field, file stacks in the medical system field, file stacks in the education system field and the like according to the application field of the technical stacks, and the technical stacks are further divided into front-end, rear-end, storage architecture and other types according to the application environment of the technical stacks. By classifying the technical stacks, the security technical stacks for comparison can be rapidly acquired when the files to be detected are detected, and the efficiency and accuracy of file risk identification are improved.
The abnormal alarm can be to directly judge the file to be detected as an abnormal file, or to further judge whether the file to be detected is a normal file or not by adopting other preset modes. The preset mode can be selectively set according to actual conditions, such as manual judgment. By adopting a preset mode to carry out further judgment, the accuracy of risk warning can be further improved.
Fig. 4 is a flowchart of another method for updating a security technology stack set according to an embodiment of the present invention. As shown in fig. 4, includes: step S401, further judging the file to be detected triggering the abnormal alarm; step S402, judging whether the file is a normal file; if yes, jumping to step S403, otherwise jumping to step S404; step S403, adding the technical stack of the file to be detected to a safety technical stack set; step S404, determining the file to be detected as an abnormal file. By dynamically maintaining and dynamically expanding the set, the detection efficiency and accuracy can be further improved.
The invention constructs a safety technical stack set, and then queries and compares the technical stacks of all files to be detected in real time. If the technical stack of the file to be detected does not belong to the safety technical stack set, the file to be detected can be reasonably suspected to have a certain risk, so that an abnormal malicious file is found and an alarm is given. By acquiring technical stacks under all known security environments to construct a security technical stack set, query and comparison are performed on the technical stacks of all files to be detected in real time, the characteristic of the technical stacks can be fully utilized, and some unknown malicious files possibly appearing in the environment can be found.
According to a further aspect of the present invention there is provided an apparatus for carrying out the above method.
Fig. 5 is a schematic diagram of a device for identifying risk of a file according to an embodiment of the present invention. As shown in fig. 5, the apparatus 500 for file risk identification includes:
the information extraction module 501 extracts a technical stack of a file to be detected;
the information judging module 502 judges whether the technical stack of the file to be detected exists in a preset safety technical stack set; if yes, judging the file to be detected as a normal file;
the alarm execution module 503 triggers an abnormal alarm when it is determined that the file to be detected is not a normal file.
In some embodiments of the invention, the anomaly alert includes: and directly judging whether the file to be detected is an abnormal file or not by adopting a preset mode.
In some embodiments of the present invention, the alert execution module is further configured to: and after judging whether the file to be detected is a normal file or not by adopting a preset mode, if the file to be detected is the normal file, adding a technical stack of the file to be detected to a safety technical stack set, otherwise, judging that the file to be detected is an abnormal file.
In some embodiments of the present invention, the apparatus of the present invention further includes a set construction module configured to: before judging whether the technical stack of the file to be detected exists in a preset safety technical stack set, extracting, merging and classifying the technical stack of the file under the known safety environment to obtain the safety technical stack set.
In some embodiments of the present invention, the known secure environment includes any one or more of the following environments that are known to be secure: a single host environment, a work group environment, an organization environment.
In some embodiments of the present invention, the apparatus of the present invention further includes a set construction module configured to: when unloading or deleting files in the known safe environment is detected, extracting a technical stack from the unloaded or deleted files, and judging whether the technical stack of the unloaded or deleted files still operates in the known safe environment; if yes, no operation is performed; otherwise, deleting the technology stack of the unloaded or deleted file from the security technology stack set.
According to another aspect of the present invention, there is provided a document risk identification electronic device including: one or more processors, and a storage device for storing one or more programs; the one or more processors implement the method of file risk identification of the present invention when the one or more programs are executed by the one or more processors.
According to yet another aspect of the present invention, there is provided a computer readable medium having stored thereon a computer program which when executed by a processor implements the method of file risk identification of the present invention.
FIG. 6 illustrates an exemplary system architecture 600 of a method of file risk identification or apparatus of file risk identification to which embodiments of the present invention may be applied.
As shown in fig. 6, the system architecture 600 may include terminal devices 601, 602, 603, a network 604, and a server 605. The network 604 is used as a medium to provide communication links between the terminal devices 601, 602, 603 and the server 605. The network 604 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
A user may interact with the server 605 via the network 604 using the terminal devices 601, 602, 603 to receive or send messages, etc. Various communication client applications, such as shopping class applications, web browser applications, search class applications, instant messaging tools, mailbox clients, social platform software, etc., may be installed on the terminal devices 601, 602, 603.
The terminal devices 601, 602, 603 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The server 605 may be a server providing various services, such as a background management server providing support for shopping-type websites browsed by the user using the terminal devices 601, 602, 603. The background management server may analyze and process the received data such as the product information query request, and feedback the processing result (e.g., the target push information, the product information—only an example) to the terminal device.
It should be noted that, the method for identifying file risk provided in the embodiment of the present invention is generally executed by the server 605, and accordingly, the device for identifying file risk is generally disposed in the server 605.
It should be understood that the number of terminal devices, networks and servers in fig. 6 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
Referring now to FIG. 7, there is illustrated a schematic diagram of a computer system 700 suitable for use in implementing an embodiment of the present invention. The terminal device shown in fig. 7 is only an example, and should not impose any limitation on the functions and the scope of use of the embodiment of the present invention.
As shown in fig. 7, the computer system 700 includes a Central Processing Unit (CPU) 701, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 702 or a program loaded from a storage section 708 into a Random Access Memory (RAM) 703. In the RAM 703, various programs and data required for the operation of the system 700 are also stored. The CPU 701, ROM 702, and RAM 703 are connected to each other through a bus 704. An input/output (I/O) interface 705 is also connected to bus 704.
The following components are connected to the I/O interface 705: an input section 706 including a keyboard, a mouse, and the like; an output portion 707 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, a speaker, and the like; a storage section 708 including a hard disk or the like; and a communication section 709 including a network interface card such as a LAN card, a modem, or the like. The communication section 709 performs communication processing via a network such as the internet. The drive 710 is also connected to the I/O interface 705 as needed. A removable medium 711 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 710 as necessary, so that a computer program read therefrom is mounted into the storage section 708 as necessary.
In particular, according to embodiments of the present disclosure, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication portion 709, and/or installed from the removable medium 711. The above-described functions defined in the system of the present invention are performed when the computer program is executed by a Central Processing Unit (CPU) 701.
As another aspect, the present invention also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be present alone without being fitted into the device. The computer readable medium carries one or more programs which, when executed by a device, cause the device to include: extracting a technical stack of a file to be detected; judging whether a technical stack of a file to be detected exists in a preset safety technical stack set; if yes, judging the file to be detected as a normal file, otherwise triggering an abnormal alarm.
According to the invention, through carrying out statistical analysis on the technical stacks in the environment and judging and comparing the technical stacks of the files to be detected, the possible abnormality can be effectively found, and the safety risk early warning can be timely carried out.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (8)
1. A method for risk identification of documents, comprising: extracting a technical stack of a file to be detected; judging whether the technical stack of the file to be detected exists in a preset safety technical stack set or not; if yes, judging the file to be detected as a normal file, otherwise triggering an abnormal alarm; the technical stack is at least one of programming language, programming tool, script, development environment and compiler required by the development of the file to be detected;
before judging whether the technical stack of the file to be detected exists in a preset safety technical stack set, extracting, merging and classifying the technical stack of the file under the known safety environment to obtain the safety technical stack set.
2. The method of claim 1, wherein the anomaly alert comprises: and directly judging the file to be detected as an abnormal file or judging whether the file to be detected is a normal file in a preset mode.
3. The method according to claim 2, wherein after determining whether the file to be detected is a normal file in a preset manner, further comprising: if the file to be detected is a normal file, adding the technical stack of the file to be detected to the safety technical stack set, otherwise, judging that the file to be detected is an abnormal file.
4. The method of claim 1, wherein the known secure environment comprises any one or more of the following environments that are known to be secure: a single host environment, a work group environment, an organization environment.
5. The method as recited in claim 1, further comprising: when unloading or deleting files in the known security environment is detected, extracting a technical stack from the files of the unloading or deleting files, and judging whether the technical stack of the unloading or deleting files still operates in the known security environment; if yes, no operation is performed; otherwise, deleting the technical stack of the unloaded or deleted file from the safety technical stack set.
6. An apparatus for risk identification of documents, comprising:
the information extraction module is used for extracting a technical stack of the file to be detected; the technical stack is at least one of programming language, programming tool, script, development environment and compiler required by the development of the file to be detected;
the information judging module judges whether the technical stack of the file to be detected exists in a preset safety technical stack set or not; if yes, judging the file to be detected as a normal file;
the alarm execution module triggers an abnormal alarm when judging that the file to be detected is not a normal file;
the device further comprises a set construction module for: before judging whether the technical stack of the file to be detected exists in a preset safety technical stack set, extracting, merging and classifying the technical stack of the file under the known safety environment to obtain the safety technical stack set.
7. An electronic device for file risk identification, comprising: one or more processors, and a storage device for storing one or more programs; the one or more processors implement the method of any of claims 1-5 when the one or more programs are executed by the one or more processors.
8. A computer readable medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the method according to any of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110269555.6A CN112948830B (en) | 2021-03-12 | 2021-03-12 | File risk identification method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110269555.6A CN112948830B (en) | 2021-03-12 | 2021-03-12 | File risk identification method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112948830A CN112948830A (en) | 2021-06-11 |
| CN112948830B true CN112948830B (en) | 2023-11-10 |
Family
ID=76229567
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110269555.6A Active CN112948830B (en) | 2021-03-12 | 2021-03-12 | File risk identification method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112948830B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102768717A (en) * | 2012-06-29 | 2012-11-07 | 腾讯科技(深圳)有限公司 | Malicious file detection method and malicious file detection device |
| CN108920250A (en) * | 2018-06-05 | 2018-11-30 | 麒麟合盛网络技术股份有限公司 | The method and device of Application Container |
| CN110020530A (en) * | 2018-12-24 | 2019-07-16 | 中国银联股份有限公司 | For determining the method and device thereof of the safety of application program at runtime |
| CN111399897A (en) * | 2020-02-21 | 2020-07-10 | 北京值得买科技股份有限公司 | Application issuing method and system based on kubernets |
| CN111563257A (en) * | 2020-04-15 | 2020-08-21 | 成都欧珀通信科技有限公司 | Data detection method and device, computer readable medium and terminal equipment |
| CN111737692A (en) * | 2020-08-17 | 2020-10-02 | 腾讯科技(深圳)有限公司 | Application program risk detection method and device, equipment and storage medium |
| CN112101335A (en) * | 2020-08-25 | 2020-12-18 | 深圳大学 | APP violation monitoring method based on OCR and transfer learning |
| CN112230930A (en) * | 2020-10-22 | 2021-01-15 | 贝壳技术有限公司 | Method and device for constructing and packaging hybrid technology stack and machine-readable storage medium |
| CN112422582A (en) * | 2020-12-02 | 2021-02-26 | 天翼电子商务有限公司 | Heterogeneous protocol application access method |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180121658A1 (en) * | 2016-10-27 | 2018-05-03 | Gemini Cyber, Inc. | Cyber risk assessment and management system and method |
| US10706156B2 (en) * | 2017-10-13 | 2020-07-07 | 1230604 BC Ltd. | Security risk identification in a secure software lifecycle |
-
2021
- 2021-03-12 CN CN202110269555.6A patent/CN112948830B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102768717A (en) * | 2012-06-29 | 2012-11-07 | 腾讯科技(深圳)有限公司 | Malicious file detection method and malicious file detection device |
| CN108920250A (en) * | 2018-06-05 | 2018-11-30 | 麒麟合盛网络技术股份有限公司 | The method and device of Application Container |
| CN110020530A (en) * | 2018-12-24 | 2019-07-16 | 中国银联股份有限公司 | For determining the method and device thereof of the safety of application program at runtime |
| CN111399897A (en) * | 2020-02-21 | 2020-07-10 | 北京值得买科技股份有限公司 | Application issuing method and system based on kubernets |
| CN111563257A (en) * | 2020-04-15 | 2020-08-21 | 成都欧珀通信科技有限公司 | Data detection method and device, computer readable medium and terminal equipment |
| CN111737692A (en) * | 2020-08-17 | 2020-10-02 | 腾讯科技(深圳)有限公司 | Application program risk detection method and device, equipment and storage medium |
| CN112101335A (en) * | 2020-08-25 | 2020-12-18 | 深圳大学 | APP violation monitoring method based on OCR and transfer learning |
| CN112230930A (en) * | 2020-10-22 | 2021-01-15 | 贝壳技术有限公司 | Method and device for constructing and packaging hybrid technology stack and machine-readable storage medium |
| CN112422582A (en) * | 2020-12-02 | 2021-02-26 | 天翼电子商务有限公司 | Heterogeneous protocol application access method |
Non-Patent Citations (2)
| Title |
|---|
| AIS Big Data Framework for Maritime Safety Supervision;Kexin Bao 等;《2020 International Conference on Robots & Intelligent System (ICRIS)》;第150-153页 * |
| 等保2.0时代下的数字电网安全风险及防护研究;杨盛明 等;《电子质量》(第11期);第13-18页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112948830A (en) | 2021-06-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6126672B2 (en) | Malicious code detection method and system | |
| RU2573265C2 (en) | Method of detecting false positive results of scanning files for malware | |
| US8805995B1 (en) | Capturing data relating to a threat | |
| US10795991B1 (en) | Enterprise search | |
| CN104778415B (en) | A kind of leakage-preventing system and method for data based on computer behavior | |
| CN111586005B (en) | Scanner scanning behavior identification method and device | |
| CN107689975B (en) | Cloud computing-based computer virus identification method and system | |
| CN112560090A (en) | Data detection method and device | |
| CN115495740A (en) | Virus detection method and device | |
| US20190370476A1 (en) | Determination apparatus, determination method, and determination program | |
| US11372971B2 (en) | Threat control | |
| CN116305129A (en) | Document detection method, device, equipment and medium based on VSTO | |
| CN114969840A (en) | Data leakage prevention method and device | |
| CN108040036A (en) | A kind of industry cloud Webshell safety protecting methods | |
| US11012450B2 (en) | Detection device, detection method, detection system, and detection program | |
| CN113536300A (en) | PDF file trust filtering and analyzing method, device, equipment and medium | |
| CN112948831B (en) | Application risk identification method and device | |
| CN111181914B (en) | Method, device and system for monitoring internal data security of local area network and server | |
| CN112948830B (en) | File risk identification method and device | |
| CN111611585A (en) | Terminal device monitoring method and device, electronic device and medium | |
| CN111737695A (en) | White list optimization method, device, equipment and computer readable storage medium | |
| CN111488580A (en) | Potential safety hazard detection method and device, electronic equipment and computer readable medium | |
| CN115296895B (en) | Request response method and device, storage medium and electronic equipment | |
| CN114143074B (en) | webshell attack recognition device and method | |
| CN110399131A (en) | Improve method, apparatus, the computer equipment of application program stability |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 150028 building 7, innovation and entrepreneurship square, science and technology innovation city, Harbin high tech Industrial Development Zone, Heilongjiang Province (No. 838, Shikun Road) Applicant after: Antan Technology Group Co.,Ltd. Address before: Room 506, 162 Hongqi Street, Nangang 17 building, high tech entrepreneurship center, high tech Industrial Development Zone, Songbei District, Harbin City, Heilongjiang Province Applicant before: Harbin Antian Science and Technology Group Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |