CN113452710A - Unauthorized vulnerability detection method, device, equipment and computer program product - Google Patents

Unauthorized vulnerability detection method, device, equipment and computer program product Download PDF

Info

Publication number
CN113452710A
CN113452710A CN202110722722.8A CN202110722722A CN113452710A CN 113452710 A CN113452710 A CN 113452710A CN 202110722722 A CN202110722722 A CN 202110722722A CN 113452710 A CN113452710 A CN 113452710A
Authority
CN
China
Prior art keywords
hash value
service request
splicing
response data
unauthorized vulnerability
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110722722.8A
Other languages
Chinese (zh)
Other versions
CN113452710B (en
Inventor
刘宇滨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
WeBank Co Ltd
Original Assignee
WeBank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by WeBank Co Ltd filed Critical WeBank Co Ltd
Priority to CN202110722722.8A priority Critical patent/CN113452710B/en
Publication of CN113452710A publication Critical patent/CN113452710A/en
Priority to PCT/CN2021/134315 priority patent/WO2023273139A1/en
Application granted granted Critical
Publication of CN113452710B publication Critical patent/CN113452710B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of financial technology (Fintech), and discloses an unauthorized vulnerability detection method, device, equipment and product, wherein the method comprises the following steps: receiving a first service request including a first identity identifier of a system to be detected, and modifying the first identity identifier to obtain a second service request; executing the first service request and the second service request to obtain response data; respectively slicing each response data, and hashing each sliced data to obtain a first sliced hash value and a second sliced hash value; splicing the first sliced hash values to obtain first spliced hash values, and splicing the second sliced hash values to obtain second spliced hash values; and determining whether the system to be detected has the unauthorized vulnerability according to the similarity of the two spliced hash values. By carrying out fragmentation processing on the response data and then carrying out similarity comparison according to the hash value of the obtained fragmentation data, the efficiency of unauthorized vulnerability detection is improved on the premise of ensuring the unauthorized vulnerability detection precision.

Description

Unauthorized vulnerability detection method, device, equipment and computer program product
Technical Field
The present invention relates to the field of financial technology (Fintech), and in particular, to a method, apparatus, device, and computer program product for detecting unauthorized vulnerabilities.
Background
With the development of computer technology, more and more technologies (big data, distributed, Blockchain, artificial intelligence, and the like) are applied to the financial field, the traditional financial industry is gradually changing to financial technology (Fintech), but higher requirements are provided for the unauthorized vulnerability detection technology due to the requirements of security and real-time performance of the financial industry.
With the recent outbreak of various high-risk vulnerabilities, network security issues have attracted increasing attention. An unauthorized vulnerability, a common security vulnerability in a Web application, refers to that a programmer is neglected, and does not strictly limit the authority/user required by a certain operation, so that a user without an operation authority can normally operate, and the threat lies in that one account can control all-station user data, that is, an attacker can use one legal account to illegally operate other account data with an unauthorized vulnerability, such as conventional database commands of query, insertion, deletion, modification and the like.
In the prior art, the detection of the unauthorized vulnerability mainly comprises the steps of manually logging in an account and modifying the account ID, acquiring request response data returned by different account IDs, and judging whether the unauthorized vulnerability exists or not by calculating text similarity of different response data.
Disclosure of Invention
The invention mainly aims to provide an unauthorized vulnerability detection method, an unauthorized vulnerability detection device, unauthorized vulnerability detection equipment and a computer program product, and aims to solve the technical problem that the existing unauthorized vulnerability detection is low in efficiency.
In order to achieve the above object, the present invention provides an unauthorized vulnerability detection method, which comprises the following steps:
receiving a first service request including a first identity identifier of a system to be detected, and modifying the first identity identifier in the first service request to obtain a second service request;
executing the first service request and the second service request through the system to be detected to obtain first response data corresponding to the first service request and second response data corresponding to the second service request;
respectively carrying out fragmentation processing on the first response data and the second response data, and carrying out hash operation on each fragmentation data obtained by fragmentation processing to obtain a first fragmentation hash value corresponding to the first response data and a second fragmentation hash value corresponding to the second response data;
splicing the first sliced hash value to obtain a first spliced hash value, and splicing the second sliced hash value to obtain a second spliced hash value;
and determining the similarity of the first splicing hash value and the second splicing hash value, and determining whether the system to be detected has the unauthorized vulnerability according to the similarity.
Optionally, the step of splicing the first sliced hash value to obtain a first spliced hash value, and the step of splicing the second sliced hash value to obtain a second spliced hash value includes:
performing data extraction on the first sliced hash value to obtain a first sliced extracted hash value with a second preset character length, and performing splicing processing on the first sliced extracted hash value to obtain a first spliced hash value, wherein the preset character length is smaller than the character length of the first sliced hash value;
and performing data extraction on the second split hash value to obtain a second split extracted hash value with a second preset character length, and performing splicing processing on the second split extracted hash value to obtain a second spliced hash value.
Optionally, the step of modifying the first identity in the first service request to obtain a second service request includes:
deleting the first identity identifier in the first service request to obtain a second service request;
and/or the presence of a gas in the gas,
and replacing the first identity in the first service request with a second identity to obtain a second service request, wherein the second identity is different from the first identity.
Optionally, the step of determining the similarity between the first concatenation hash value and the second concatenation hash value includes:
calculating the minimum editing operation times of the first splicing hash value and the second splicing hash value;
and determining the similarity of the first splicing hash value and the second splicing hash value according to the sum of the character lengths of the first splicing hash value and the second splicing hash value and the minimum number of editing operations.
Optionally, the step of calculating the minimum number of editing operations of the first splicing hash value and the second splicing hash value includes:
constructing an editing operation time matrix according to the character length of the first splicing hash value, the character length of the second splicing hash value, the character content of the first splicing hash value and the character content of the second splicing hash value, and performing initialization assignment on the editing operation time matrix;
circularly calculating the editing operation times corresponding to each matrix element in the editing operation time matrix according to a preset editing operation time formula; the preset editing operation frequency formula is as follows:
dp[i,j]=min(dp[i-1,j]+1,dp[i,j-1]+1,dp[i-1,j-1]+temp),
wherein dp [ i, j ] is the editing operation times corresponding to the matrix elements of the ith row and the jth column in the editing operation time matrix;
dp [ i-1, j ] is the number of editing operations corresponding to the matrix elements of the ith-1 row and the jth column in the matrix of the number of editing operations;
dp [ i, j-1] is the editing operation times corresponding to the matrix elements of the ith row and the jth-1 column in the editing operation times matrix;
dp [ i-1, j-1] is the number of editing operations corresponding to the matrix elements of the ith-1 row and the jth-1 column in the matrix of the number of editing operations;
if two characters corresponding to matrix elements of an ith row and a jth column in the matrix are the same, temp is 0; if two characters corresponding to matrix elements of an ith row and a jth column in the matrix are different, temp is 1;
and determining the minimum editing operation times according to the editing operation times corresponding to each matrix element.
Optionally, the step of determining whether the system to be detected has the unauthorized vulnerability according to the similarity includes:
if the similarity is larger than or equal to a preset similarity threshold value, determining that the system to be detected has an unauthorized vulnerability;
and if the similarity is smaller than a preset similarity threshold value, determining that the unauthorized vulnerability does not exist in the system to be detected.
Optionally, after the step of receiving the first service request including the first identity identifier of the system to be detected, the method further includes:
determining whether the first service request relates to sensitive information;
if yes, executing the following steps: and modifying the first identity identifier in the first service request to obtain a second service request.
In addition, to achieve the above object, the present invention further provides an unauthorized vulnerability detection apparatus, including:
the identity modification module is used for receiving a first service request including a first identity of a system to be detected, and modifying the first identity in the first service request to obtain a second service request;
a request execution module, configured to execute the first service request and the second service request through the system to be detected, so as to obtain first response data corresponding to the first service request and second response data corresponding to the second service request;
the fragment hash module is used for respectively carrying out fragment processing on the first response data and the second response data, and carrying out hash operation on each fragment data obtained by the fragment processing to obtain a first fragment hash value corresponding to the first response data and a second fragment hash value corresponding to the second response data;
a Hash splicing module used for splicing the first sliced Hash value to obtain a first spliced Hash value, and splicing the second sliced Hash value to obtain a second spliced Hash value
And the unauthorized determining module is used for determining the similarity of the first splicing hash value and the second splicing hash value and determining whether the unauthorized vulnerability exists in the system to be detected according to the similarity.
In addition, to achieve the above object, the present invention further provides an unauthorized vulnerability detection apparatus, including: the unauthorized vulnerability detection method comprises a memory, a processor and an unauthorized vulnerability detection program which is stored on the memory and can run on the processor, wherein the unauthorized vulnerability detection program realizes the steps of the unauthorized vulnerability detection method when being executed by the processor.
In addition, to achieve the above object, the present invention further provides a computer storage medium having an unauthorized vulnerability detection program stored thereon, wherein the unauthorized vulnerability detection program, when executed by a processor, implements the steps of the unauthorized vulnerability detection method as described above.
In addition, to achieve the above object, the present invention further provides a computer program product, which includes an unauthorized vulnerability detection program, and when the unauthorized vulnerability detection program is executed by a processor, the unauthorized vulnerability detection program implements the steps of the unauthorized vulnerability detection method as described above.
The method comprises the steps of receiving a first service request including a first identity identifier of a system to be detected, and modifying the first identity identifier in the first service request to obtain a second service request; executing the first service request and the second service request through the system to be detected to obtain first response data corresponding to the first service request and second response data corresponding to the second service request; respectively carrying out fragmentation processing on the first response data and the second response data, and carrying out hash operation on each fragmentation data obtained by fragmentation processing to obtain a first fragmentation hash value corresponding to the first response data and a second fragmentation hash value corresponding to the second response data; splicing the first sliced hash value to obtain a first spliced hash value, and splicing the second sliced hash value to obtain a second spliced hash value; and determining the similarity of the first splicing hash value and the second splicing hash value, and determining whether the system to be detected has the unauthorized vulnerability according to the similarity. On one hand, the similarity comparison is carried out on the hash values of the response data, so that the comparison efficiency of the similarity pair is improved, and the detection efficiency of the unauthorized vulnerability is further improved; on the other hand, the response data is subjected to fragmentation processing, and similarity comparison is performed according to the obtained hash value of the fragmentation data, so that the unauthorized vulnerability detection efficiency is improved on the premise of ensuring the unauthorized vulnerability detection precision.
Drawings
Fig. 1 is a schematic structural diagram of an unauthorized vulnerability detection device in a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a first embodiment of the unauthorized vulnerability detection method according to the present invention;
fig. 3 is a schematic block diagram of the unauthorized vulnerability detection apparatus according to the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
As shown in fig. 1, fig. 1 is a schematic structural diagram of an unauthorized vulnerability detection device in a hardware operating environment according to an embodiment of the present invention.
The unauthorized vulnerability detection equipment in the embodiment of the invention can be a PC or server equipment, and a virtual machine runs on the unauthorized vulnerability detection equipment.
As shown in fig. 1, the unauthorized vulnerability detection apparatus may include: a processor 1001, such as a CPU, a network interface 1004, a user interface 1003, a memory 1005, a communication bus 1002. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may include a Display screen (Display), an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface). The memory 1005 may be a high-speed RAM memory or a non-volatile memory (e.g., a magnetic disk memory). The memory 1005 may alternatively be a storage device separate from the processor 1001.
Those skilled in the art will appreciate that the unauthorized vulnerability detection apparatus configuration shown in FIG. 1 does not constitute a limitation of the apparatus, and may include more or fewer components than shown, or some components in combination, or a different arrangement of components.
As shown in fig. 1, a memory 1005, which is a kind of computer storage medium, may include therein an operating system, a network communication module, a user interface module, and an unauthorized vulnerability detection program.
In the unauthorized vulnerability detection apparatus shown in fig. 1, the network interface 1004 is mainly used for connecting to a background server and performing data communication with the background server; the user interface 1003 is mainly used for connecting a client (user side) and performing data communication with the client; and the processor 1001 may be configured to call an unauthorized vulnerability detection program stored in the memory 1005 and perform operations in the unauthorized vulnerability detection method described below.
Based on the hardware structure, the embodiment of the unauthorized vulnerability detection method is provided.
Referring to fig. 2, fig. 2 is a schematic flow chart of a first embodiment of the unauthorized vulnerability detection method of the present invention, wherein the method includes:
step S10, receiving a first service request including a first identity identifier of a system to be detected, and modifying the first identity identifier in the first service request to obtain a second service request;
the unauthorized vulnerability detection method is applied to unauthorized vulnerability detection equipment, wherein the unauthorized vulnerability detection equipment can be a terminal, a robot or PC equipment.
In the prior art, the detection of the unauthorized vulnerability mainly comprises the steps of manually logging in an account and modifying the account ID, acquiring request response data returned by different account IDs, and judging whether the unauthorized vulnerability exists or not by calculating text similarity of different response data.
On the background, the embodiment provides an unauthorized vulnerability detection scheme, on one hand, by comparing the similarity of the hash values of the response data, the comparison efficiency of the similarity pair is improved, and further, the detection efficiency of the unauthorized vulnerability is improved; on the other hand, the response data is subjected to fragmentation processing, and similarity comparison is performed according to the obtained hash value of the fragmentation data, so that the unauthorized vulnerability detection efficiency is improved on the premise of ensuring the unauthorized vulnerability detection precision.
In this embodiment, the identity refers to information indicating an identity of an initiator of the service request, and the identity may be at least one of a cookie or a user account identifier. Where a cookie refers to data stored on the user's local terminal, a simple text file stored in the client machine, associated with a particular Web document, that stores information (e.g., user profile information) when the client machine accesses the Web document, which information is available to the Web document when the client machine accesses the Web document again.
In this embodiment, the unauthorized vulnerability detection device collects the first service request for accessing the system to be detected, and after the first service request is collected, modifies the identity identifier in the first service request, and keeps other contents in the request unchanged to obtain the second service request.
Further, the mode of modifying the identity in the first service request includes two processing modes of deletion and/or replacement, where deletion refers to deleting the first identity in the first service request and reserving other contents in the request to obtain a second service request; the replacing means replacing a first identity in the first service request with a second identity different from the first identity to obtain a second service request. The first identity mark is used for marking identity information of a first user, the second identity mark is used for marking identity information of a second user, and the first user and the second user are two legal users with different operation authorities in the system to be detected.
Step S20, executing the first service request and the second service request by the system to be detected, to obtain first response data corresponding to the first service request and second response data corresponding to the second service request;
it can be understood that, in this embodiment, the generation of the second service request and the execution sequence of the first service request are not limited, that is, after the first service request is received, the second service request may be generated first and then the first service request is executed, the first service request may be executed first and then the second service request may be generated, or both may be executed simultaneously.
Further, after the first service request is executed to obtain corresponding first response data, whether the character length of the first response data is larger than a preset character length threshold value or not can be determined, if not, the character length of the first response data is short, the unauthorized vulnerability detection speed cannot be obviously influenced, the first response data and the second response data can be directly subjected to similarity comparison, and fragmentation and hash are not needed; if yes, it indicates that the character length of the first response data is shorter, and the similarity between the first response data and the second response data is directly compared, and the calculation speed is significantly reduced, then step S30 is performed. Therefore, the scheme with higher detection speed can be dynamically selected according to the character length of the response data.
Step S30, performing fragmentation processing on the first response data and the second response data, and performing hash operation on each fragmented data obtained by the fragmentation processing to obtain a first fragmented hash value corresponding to the first response data and a second fragmented hash value corresponding to the second response data;
after the first service request and the second service request are obtained, the system to be detected executes the first service request and the second service request to respectively obtain first response data corresponding to the first service request and second response data corresponding to the second service request. Generally, when the unauthorized vulnerability is detected, similarity comparison is directly performed on the first response data and the second response data, and whether the unauthorized vulnerability exists in the system to be detected is determined according to a similarity comparison result, but the comparison method generates huge workload when the character length of the response data is long, and the efficiency is low.
In order to avoid such a situation, in this embodiment, after the response data is obtained, the hash operation is performed on the response data, and the response data with any length is converted into a hash value with a fixed length, so that the similarity comparison is performed according to the hash value of the response data in the subsequent steps, so as to reduce the workload of the similarity calculation; further, since the hash operation has an input change sensitivity, that is, even if the input original data has an extremely slight change, the output hash value will have a great change, if the similarity comparison is directly performed according to the hash values of the response data, even if the first response data and the second response data have only a slight difference, because the hash values of the first response data and the second response data have a great difference, the similarity determined according to the hash values of the first response data and the second response data cannot reflect the true similarity of the first response data and the second response data, so that the embodiment performs the fragmentation processing on the response data first, that is, the response data is fragmented according to the first preset character length, and the response data is fragmented into a plurality of fragmented data.
The first preset character length is set by a manager according to the unauthorized vulnerability detection precision requirement and the unauthorized vulnerability detection efficiency requirement, and it can be understood that the larger the first preset character length is, the lower the unauthorized vulnerability detection precision is, and the higher the detection efficiency is; the smaller the first preset character length is, the higher the unauthorized vulnerability detection precision is, and the lower the detection efficiency is.
After the respective fragment data of the first response data and the second response data are obtained, hash operation is performed on the respective fragment data, so that a hash value of each fragment data of the first response data, namely a first fragment hash value, and a hash value of each fragment data of the second response data, namely a second fragment hash value, are obtained. The hash Algorithm may be MD5(Message Digest MD 5), or other hash function algorithms, such as at least one of MD4, SHA1, SHA-224, SHA-256, SHA-384, SHA-512, and the like.
Step S40, splicing the first sliced hash value to obtain a first spliced hash value, and splicing the second sliced hash value to obtain a second spliced hash value;
in this embodiment, after obtaining the first sliced hash value corresponding to the first response data, the sliced data corresponding to the first sliced hash value are spliced in the position of the first response data to obtain a first spliced hash value; after the second fragment hash value corresponding to the second response data is obtained, the fragment data corresponding to the second fragment hash value is spliced according to the position of the fragment data in the second response data, and a second spliced hash value is obtained.
And step S50, determining the similarity of the first splicing hash value and the second splicing hash value, and determining whether the system to be detected has an unauthorized vulnerability according to the similarity.
In this embodiment, after the first splicing hash value and the second splicing hash value are obtained, the similarity between the first splicing hash value and the second splicing hash value can be calculated, the higher the similarity between the first splicing hash value and the second splicing hash value is, the higher the tendency of the unauthorized vulnerability exists, and the lower the similarity between the first splicing hash value and the second splicing hash value is, the lower the tendency of the unauthorized vulnerability exists, so that a critical similarity threshold value for distinguishing whether the unauthorized vulnerability exists or not, namely a preset similarity threshold value, can be set according to the accuracy requirement of unauthorized vulnerability detection, and if the similarity is greater than or equal to the preset similarity threshold value, the existence of the unauthorized vulnerability in the system to be detected is determined; and if the similarity is smaller than a preset similarity threshold value, determining that the unauthorized vulnerability does not exist in the system to be detected.
Further, if the first service request is a, the identity identifier in the first service request is deleted and replaced to obtain second service requests B and C, according to the foregoing embodiment, the similarity between the splicing hash value corresponding to a and the splicing hash value corresponding to B is calculated according to the response data of a and B, the similarity between the splicing hash value corresponding to a and the splicing hash value corresponding to C is calculated according to the response data of a and C, and if one of the two similarities is greater than or equal to a preset similarity threshold value, it is determined that a vulnerability exists in the system to be detected; and if the two similarities are smaller than a preset similarity threshold value, determining that the unauthorized vulnerability does not exist in the system to be detected.
Further, if it is determined that the system to be detected has the unauthorized bug, an unauthorized bug alarm can be output. The unauthorized vulnerability alarm comprises one or more of identification information of the system to be detected, the similarity of the first splicing hash value and the second splicing hash value.
Further, the step of outputting the unauthorized vulnerability alert may specifically include: and determining a corresponding alarm grade according to the similarity, and outputting the unauthorized vulnerability alarm of the corresponding grade according to the determined alarm grade.
The embodiment modifies a first identity identifier in a first service request by receiving the first service request including the first identity identifier of a system to be detected, so as to obtain a second service request; executing the first service request and the second service request through the system to be detected to obtain first response data corresponding to the first service request and second response data corresponding to the second service request; respectively carrying out fragmentation processing on the first response data and the second response data, and carrying out hash operation on each fragmentation data obtained by fragmentation processing to obtain a first fragmentation hash value corresponding to the first response data and a second fragmentation hash value corresponding to the second response data; splicing the first sliced hash value to obtain a first spliced hash value, and splicing the second sliced hash value to obtain a second spliced hash value; and determining the similarity of the first splicing hash value and the second splicing hash value, and determining whether the system to be detected has the unauthorized vulnerability according to the similarity. On one hand, the embodiment improves the efficiency of similarity comparison by comparing the similarity of the hash values of the response data, and further improves the efficiency of unauthorized vulnerability detection; on the other hand, the response data is subjected to fragmentation processing, and similarity comparison is performed according to the obtained hash value of the fragmentation data, so that the unauthorized vulnerability detection efficiency is improved on the premise of ensuring the unauthorized vulnerability detection precision.
Further, based on the above embodiment, a second embodiment of the unauthorized vulnerability detection method is provided.
The step S40 includes:
step S41, performing data extraction on the first sliced hash value to obtain a first sliced extracted hash value with a second preset character length, and performing concatenation processing on the first sliced extracted hash value to obtain a first concatenated hash value, where the preset character length is smaller than the character length of the first sliced hash value;
and step S42, performing data extraction on the second split hash value to obtain a second split extracted hash value with a second preset character length, and performing splicing processing on the second split extracted hash value to obtain a second spliced hash value.
In this embodiment, to further improve the unauthorized vulnerability detection efficiency, after the fragment hash value is obtained, data extraction is performed on the fragment hash value according to the second preset character length, the fragment extracted hash value with the character length of the second preset character length is obtained, and then the fragment extracted hash values are spliced to shorten the character length of the spliced hash value. It is understood that the second preset character length is smaller than the character length of the sliced hash value; the data extraction mode adopted by the first sliced hash value and the second sliced hash value is the same.
The data extraction method may be to extract the hash value by taking a string with a preset specified position and a second preset character length of each shard hash value, for example, taking a string with 12 bits at the head or the tail of the shard hash value as a shard. It can be understood that the second preset character length is set by a manager according to the unauthorized vulnerability detection precision requirement and the unauthorized vulnerability detection efficiency requirement, and the larger the second preset character length is, the higher the unauthorized vulnerability detection precision is, and the lower the detection efficiency is; the smaller the first preset character length is, the lower the unauthorized vulnerability detection precision is, and the higher the detection efficiency is.
In this embodiment, the data extraction is performed on the segment hash value, and then the extracted segment hash value is spliced, so that the character length of the spliced hash value can be shortened, the speed of similarity calculation is increased, and the efficiency of unauthorized vulnerability detection is improved.
Further, based on the above embodiments, a third embodiment of the unauthorized vulnerability detection method of the present invention is provided.
In the above step S50, the step of determining the similarity between the first splicing hash value and the second splicing hash value includes:
step S51, calculating the minimum number of editing operations of the first concatenation hash value and the second concatenation hash value;
step S52, determining the similarity between the first concatenation hash value and the second concatenation hash value according to the sum of the character lengths of the first concatenation hash value and the second concatenation hash value and the minimum number of editing operations.
In this embodiment, a scheme of calculating a similarity according to a minimum number of editing operations is provided, and specifically, a minimum number dp [ m, n ] of editing operations of a first concatenation hash value and a second concatenation hash value is determined, and then a sum m + n of character lengths of the first concatenation hash value and the second concatenation hash value is determined, where the similarity is dp [ m, n ]/(m + n).
Further, the step S51 includes:
step S511, constructing an editing operation time matrix according to the character length of the first splicing hash value, the character length of the second splicing hash value, the character content of the first splicing hash value and the character content of the second splicing hash value, and performing initialization assignment on the editing operation time matrix;
step S512, according to the character length of the first splicing hash value, the character length of the second splicing hash value, the character content of the first splicing hash value and the character content of the second splicing hash value, constructing an editing operation time matrix, and performing initialization assignment on the editing operation time matrix;
circularly calculating the editing operation times corresponding to each matrix element in the editing operation time matrix according to a preset editing operation time formula; the preset editing operation frequency formula is as follows:
dp[i,j]=min(dp[i-1,j]+1,dp[i,j-1]+1,dp[i-1,j-1]+temp),
wherein dp [ i, j ] is the editing operation times corresponding to the matrix elements of the ith row and the jth column in the editing operation time matrix;
dp [ i-1, j ] is the number of editing operations corresponding to the matrix elements of the ith-1 row and the jth column in the matrix of the number of editing operations;
dp [ i, j-1] is the editing operation times corresponding to the matrix elements of the ith row and the jth-1 column in the editing operation times matrix;
dp [ i-1, j-1] is the number of editing operations corresponding to the matrix elements of the ith-1 row and the jth-1 column in the matrix of the number of editing operations;
if two characters corresponding to matrix elements of an ith row and a jth column in the matrix are the same, temp is 0; if two characters corresponding to matrix elements of an ith row and a jth column in the matrix are different, temp is 1;
in step S513, the minimum number of editing operations is determined according to the number of editing operations corresponding to each matrix element.
This embodiment is a specific process of determining the minimum number of editing operations. Firstly, creating an editing operation time matrix, setting the lengths of character strings of the character lengths of a first splicing hash value and a second splicing hash value to be m and n respectively, then setting the dimensionality of the editing operation time matrix to be (m +1) × (n +1), and filling the first splicing hash value and the second splicing hash value into a first row and a first column respectively to obtain a matrix shown in the following table 1 (setting the first splicing hash value to be ABCD and the second splicing hash value to be ACD);
A B C D
A
C
D
TABLE 1
Performing initialization assignment on the matrix corresponding to the table 1 to enable each character of each spliced hash value to have a corresponding positioning character, and obtaining the matrix shown in the table 2;
A B C D
0 1 2 3 4
A 1
C 2
D 3
TABLE 2
And traversing from the upper left corner to the lower right corner of the matrix according to a preset editing operation frequency formula, and circularly calculating the editing operation frequency corresponding to each matrix element in the table 2 to obtain the matrix shown in the table 3, wherein the minimum editing operation frequency dp [ m, n ] is 1. The formula of the preset editing operation times is dp [ i, j ] ═ min (dp [ i-1, j ] +1, dp [ i, j-1] +1, dp [ i-1, j-1] + temp), wherein dp [ i, j ] refers to the editing operation times corresponding to the matrix elements in the ith row and the jth column in the matrix; dp [ i-1, j ] refers to the number of editing operations corresponding to the matrix elements of the ith-1 row and the jth column in the matrix; dp [ i, j-1] refers to the number of editing operations corresponding to the matrix elements of the ith row and the jth-1 column in the matrix; dp [ i-1, j-1] refers to the number of editing operations corresponding to the matrix elements of the ith-1 row and the jth-1 column in the matrix; regarding temp, if two characters corresponding to matrix elements in the ith row and the jth column in the matrix are the same, temp is 0, and if two characters corresponding to matrix elements in the ith row and the jth column in the matrix are not the same, temp is 1.
A B C D
0 1 2 3 4
A 1 0 1 2 3
C 2 1 1 1 2
D 3 2 2 2 1
TABLE 3
In this embodiment, the similarity is determined according to the minimum number of editing operations, so that the complexity of text similarity calculation can be reduced, and the efficiency of unauthorized vulnerability detection is improved.
Further, when the similarity between the first concatenation hash value and the second concatenation hash value is calculated, other similarity calculation methods, such as a cosine similarity calculation method, may also be used.
Further, in step S10, after the step of receiving the first service request including the first identity identifier of the system to be detected, the method further includes:
determining whether the first service request relates to sensitive information;
if yes, executing the following steps: and modifying the first identity identifier in the first service request to obtain a second service request.
In this embodiment, after receiving a first service request including a first identity, analyzing the first service request to obtain a request content of the first service request, and determining whether the request content includes sensitive information such as a mobile phone number, an email box, an account password, a bank card number or an identity card number, if so, indicating that unauthorized vulnerability detection needs to be performed on a system to be detected corresponding to the request to prevent the sensitive information from being obtained by an illegal user; if not, the unauthorized vulnerability detection can not be carried out.
According to the method and the device, the automatic triggering condition of the unauthorized vulnerability detection is set, so that the unauthorized vulnerability detection scheme can be automatically executed when the triggering condition is met, and the unauthorized vulnerability detection is more flexible and efficient.
The present invention also provides an unauthorized vulnerability detection apparatus, referring to fig. 3, the unauthorized vulnerability detection apparatus includes:
an identity modification module 10, configured to receive a first service request including a first identity of a system to be detected, and modify the first identity in the first service request to obtain a second service request;
a request execution module 20, configured to execute the first service request and the second service request through the system to be detected, so as to obtain first response data corresponding to the first service request and second response data corresponding to the second service request;
the fragment hash module 30 is configured to perform fragment processing on the first response data and the second response data, and perform hash operation on each fragment data obtained through the fragment processing to obtain a first fragment hash value corresponding to the first response data and a second fragment hash value corresponding to the second response data;
a hash splicing module 40, configured to splice the first sliced hash value to obtain a first spliced hash value, and splice the second sliced hash value to obtain a second spliced hash value
And the override determining module 50 is configured to determine similarity between the first splicing hash value and the second splicing hash value, and determine whether the system to be detected has an override bug according to the similarity.
Optionally, the fragment hashing module is further configured to:
performing data extraction on the first sliced hash value to obtain a first sliced extracted hash value with a second preset character length, and performing splicing processing on the first sliced extracted hash value to obtain a first spliced hash value, wherein the preset character length is smaller than the character length of the first sliced hash value;
and performing data extraction on the second split hash value to obtain a second split extracted hash value with a second preset character length, and performing splicing processing on the second split extracted hash value to obtain a second spliced hash value.
Optionally, the identity modification module is further configured to:
deleting the first identity identifier in the first service request to obtain a second service request;
and/or the presence of a gas in the gas,
and replacing the first identity in the first service request with a second identity to obtain a second service request, wherein the second identity is different from the first identity.
Optionally, the override determination module is further configured to:
calculating the minimum editing operation times of the first splicing hash value and the second splicing hash value;
and determining the similarity of the first splicing hash value and the second splicing hash value according to the sum of the character lengths of the first splicing hash value and the second splicing hash value and the minimum number of editing operations.
Optionally, the override determination module is further configured to:
constructing an editing operation time matrix according to the character length of the first splicing hash value, the character length of the second splicing hash value, the character content of the first splicing hash value and the character content of the second splicing hash value, and performing initialization assignment on the editing operation time matrix;
circularly calculating the editing operation times corresponding to each matrix element in the editing operation time matrix according to a preset editing operation time formula; the preset editing operation frequency formula is as follows:
dp[i,j]=min(dp[i-1,j]+1,dp[i,j-1]+1,dp[i-1,j-1]+temp),
wherein dp [ i, j ] is the editing operation times corresponding to the matrix elements of the ith row and the jth column in the editing operation time matrix;
dp [ i-1, j ] is the number of editing operations corresponding to the matrix elements of the ith-1 row and the jth column in the matrix of the number of editing operations;
dp [ i, j-1] is the editing operation times corresponding to the matrix elements of the ith row and the jth-1 column in the editing operation times matrix;
dp [ i-1, j-1] is the number of editing operations corresponding to the matrix elements of the ith-1 row and the jth-1 column in the matrix of the number of editing operations;
if two characters corresponding to matrix elements of an ith row and a jth column in the matrix are the same, temp is 0; if two characters corresponding to matrix elements of an ith row and a jth column in the matrix are different, temp is 1;
and determining the minimum editing operation times according to the editing operation times corresponding to each matrix element.
Optionally, the override determination module is further configured to:
if the similarity is larger than or equal to a preset similarity threshold value, determining that the system to be detected has an unauthorized vulnerability;
and if the similarity is smaller than a preset similarity threshold value, determining that the unauthorized vulnerability does not exist in the system to be detected.
Optionally, the identity modification module is further configured to:
determining whether the first service request relates to sensitive information;
if yes, executing the following steps: and modifying the first identity identifier in the first service request to obtain a second service request.
The method executed by each program unit can refer to each embodiment of the unauthorized vulnerability detection method of the present invention, and is not described herein again.
The invention also provides an unauthorized vulnerability detection device, which comprises: the memory, the processor and the unauthorized vulnerability detection program stored on the memory and capable of running on the processor, and the method for realizing the unauthorized vulnerability detection program when being executed by the processor can refer to each embodiment of the unauthorized vulnerability detection method of the invention, and the details are not repeated here.
The invention also provides a computer storage medium.
The computer storage medium of the invention stores the unauthorized vulnerability detection program, and the unauthorized vulnerability detection program realizes the steps of the unauthorized vulnerability detection method when being executed by the processor.
The method implemented when the unauthorized vulnerability detection program running on the processor is executed may refer to each embodiment of the unauthorized vulnerability detection method of the present invention, and will not be described herein again.
The invention also provides a computer program product.
The computer program product of the present invention includes an override vulnerability detection program that, when executed by a processor, implements the steps of the override vulnerability detection method described above.
The method implemented when the unauthorized vulnerability detection program running on the processor is executed may refer to each embodiment of the unauthorized vulnerability detection method of the present invention, and will not be described herein again.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) as described above and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (10)

1. An unauthorized vulnerability detection method is characterized by comprising the following steps:
receiving a first service request including a first identity identifier of a system to be detected, and modifying the first identity identifier in the first service request to obtain a second service request;
executing the first service request and the second service request through the system to be detected to obtain first response data corresponding to the first service request and second response data corresponding to the second service request;
respectively carrying out fragmentation processing on the first response data and the second response data, and carrying out hash operation on each fragmentation data obtained by fragmentation processing to obtain a first fragmentation hash value corresponding to the first response data and a second fragmentation hash value corresponding to the second response data;
splicing the first sliced hash value to obtain a first spliced hash value, and splicing the second sliced hash value to obtain a second spliced hash value;
and determining the similarity of the first splicing hash value and the second splicing hash value, and determining whether the system to be detected has the unauthorized vulnerability according to the similarity.
2. The unauthorized vulnerability detection method of claim 1, wherein the step of splicing the first sliced hash value to obtain a first spliced hash value and splicing the second sliced hash value to obtain a second spliced hash value comprises:
performing data extraction on the first sliced hash value to obtain a first sliced extracted hash value with a second preset character length, and performing splicing processing on the first sliced extracted hash value to obtain a first spliced hash value, wherein the preset character length is smaller than the character length of the first sliced hash value;
and performing data extraction on the second split hash value to obtain a second split extracted hash value with a second preset character length, and performing splicing processing on the second split extracted hash value to obtain a second spliced hash value.
3. The unauthorized vulnerability detection method of claim 1, wherein the step of modifying the first identity in the first service request to obtain a second service request comprises:
deleting the first identity identifier in the first service request to obtain a second service request;
and/or the presence of a gas in the gas,
and replacing the first identity in the first service request with a second identity to obtain a second service request, wherein the second identity is different from the first identity.
4. The unauthorized vulnerability detection method of claim 1, wherein the step of determining the similarity of the first concatenation hash value and the second concatenation hash value comprises:
calculating the minimum editing operation times of the first splicing hash value and the second splicing hash value;
and determining the similarity of the first splicing hash value and the second splicing hash value according to the sum of the character lengths of the first splicing hash value and the second splicing hash value and the minimum number of editing operations.
5. The unauthorized vulnerability detection method of claim 4, wherein the step of calculating the minimum number of editing operations of the first concatenation hash value and the second concatenation hash value comprises:
constructing an editing operation time matrix according to the character length of the first splicing hash value, the character length of the second splicing hash value, the character content of the first splicing hash value and the character content of the second splicing hash value, and performing initialization assignment on the editing operation time matrix;
circularly calculating the editing operation times corresponding to each matrix element in the editing operation time matrix according to a preset editing operation time formula; the preset editing operation frequency formula is as follows:
dp[i,j]=min(dp[i-1,j]+1,dp[i,j-1]+1,dp[i-1,j-1]+temp),
wherein dp [ i, j ] is the editing operation times corresponding to the matrix elements of the ith row and the jth column in the editing operation time matrix;
dp [ i-1, j ] is the number of editing operations corresponding to the matrix elements of the ith-1 row and the jth column in the matrix of the number of editing operations;
dp [ i, j-1] is the editing operation times corresponding to the matrix elements of the ith row and the jth-1 column in the editing operation times matrix;
dp [ i-1, j-1] is the number of editing operations corresponding to the matrix elements of the ith-1 row and the jth-1 column in the matrix of the number of editing operations;
if two characters corresponding to matrix elements of an ith row and a jth column in the matrix are the same, temp is 0; if two characters corresponding to matrix elements of an ith row and a jth column in the matrix are different, temp is 1;
and determining the minimum editing operation times according to the editing operation times corresponding to each matrix element.
6. The unauthorized vulnerability detection method according to claim 1, wherein the step of determining whether the system to be detected has the unauthorized vulnerability according to the similarity comprises:
if the similarity is larger than or equal to a preset similarity threshold value, determining that the system to be detected has an unauthorized vulnerability;
and if the similarity is smaller than a preset similarity threshold value, determining that the unauthorized vulnerability does not exist in the system to be detected.
7. The unauthorized vulnerability detection method of claim 1, wherein after the step of receiving a first service request including a first identity of a system to be detected, further comprising:
determining whether the first service request relates to sensitive information;
if yes, executing the following steps: and modifying the first identity identifier in the first service request to obtain a second service request.
8. The unauthorized vulnerability detection device is characterized by comprising:
the identity modification module is used for receiving a first service request including a first identity of a system to be detected, and modifying the first identity in the first service request to obtain a second service request;
a request execution module, configured to execute the first service request and the second service request through the system to be detected, so as to obtain first response data corresponding to the first service request and second response data corresponding to the second service request;
the fragment hash module is used for respectively carrying out fragment processing on the first response data and the second response data, and carrying out hash operation on each fragment data obtained by the fragment processing to obtain a first fragment hash value corresponding to the first response data and a second fragment hash value corresponding to the second response data;
a Hash splicing module used for splicing the first sliced Hash value to obtain a first spliced Hash value, and splicing the second sliced Hash value to obtain a second spliced Hash value
And the unauthorized determining module is used for determining the similarity of the first splicing hash value and the second splicing hash value and determining whether the unauthorized vulnerability exists in the system to be detected according to the similarity.
9. An unauthorized vulnerability detection apparatus, comprising: a memory, a processor, and a custom chart generator stored on the memory and executable on the processor, the custom chart generator when executed by the processor implementing the steps of the unauthorized vulnerability detection method of any of claims 1-7.
10. A computer program product, characterized in that the computer program product comprises a computer program which, when being executed by a processor, carries out the steps of the unauthorized vulnerability detection method according to any of claims 1 to 7.
CN202110722722.8A 2021-06-28 2021-06-28 Unauthorized vulnerability detection method, device, equipment and computer program product Active CN113452710B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202110722722.8A CN113452710B (en) 2021-06-28 2021-06-28 Unauthorized vulnerability detection method, device, equipment and computer program product
PCT/CN2021/134315 WO2023273139A1 (en) 2021-06-28 2021-11-30 Unauthorized access vulnerability detection method, apparatus and device, and computer program product

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110722722.8A CN113452710B (en) 2021-06-28 2021-06-28 Unauthorized vulnerability detection method, device, equipment and computer program product

Publications (2)

Publication Number Publication Date
CN113452710A true CN113452710A (en) 2021-09-28
CN113452710B CN113452710B (en) 2022-12-27

Family

ID=77813550

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110722722.8A Active CN113452710B (en) 2021-06-28 2021-06-28 Unauthorized vulnerability detection method, device, equipment and computer program product

Country Status (2)

Country Link
CN (1) CN113452710B (en)
WO (1) WO2023273139A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114244581A (en) * 2021-11-29 2022-03-25 西安四叶草信息技术有限公司 Cache poisoning vulnerability detection method and device, electronic equipment and storage medium
WO2023273139A1 (en) * 2021-06-28 2023-01-05 深圳前海微众银行股份有限公司 Unauthorized access vulnerability detection method, apparatus and device, and computer program product

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117807575A (en) * 2024-01-02 2024-04-02 广州优加市场调研有限公司 Visitor management method and system based on cloud computing
CN118041700B (en) * 2024-04-12 2024-06-18 江西曼荼罗软件有限公司 Medical knowledge distribution method and system

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107577949A (en) * 2017-09-05 2018-01-12 郑州云海信息技术有限公司 A kind of Web goes beyond one's commission leak detection method and system
CN111125718A (en) * 2019-12-24 2020-05-08 北京三快在线科技有限公司 Unauthorized vulnerability detection method, device, equipment and storage medium
CN111416811A (en) * 2020-03-16 2020-07-14 携程旅游信息技术(上海)有限公司 Unauthorized vulnerability detection method, system, equipment and storage medium
CN112217835A (en) * 2020-10-23 2021-01-12 中国工商银行股份有限公司 Message data processing method and device, server and terminal equipment
WO2021051941A1 (en) * 2019-09-18 2021-03-25 平安科技(深圳)有限公司 Information processing method and apparatus
CN112612810A (en) * 2020-12-23 2021-04-06 贝壳技术有限公司 Slow SQL statement identification method and system
CN112818371A (en) * 2021-02-23 2021-05-18 建信金融科技有限责任公司 Resource access control method, system, device, equipment and medium

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11323484B2 (en) * 2015-10-28 2022-05-03 Qomplx, Inc. Privilege assurance of enterprise computer network environments
CN112866228B (en) * 2017-09-28 2023-04-18 中国银联股份有限公司 Method and device for controlling unauthorized access of web system
CN112115475A (en) * 2020-08-05 2020-12-22 杭州数梦工场科技有限公司 Unauthorized vulnerability detection method and device, storage medium and computer equipment
CN113452710B (en) * 2021-06-28 2022-12-27 深圳前海微众银行股份有限公司 Unauthorized vulnerability detection method, device, equipment and computer program product

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107577949A (en) * 2017-09-05 2018-01-12 郑州云海信息技术有限公司 A kind of Web goes beyond one's commission leak detection method and system
WO2021051941A1 (en) * 2019-09-18 2021-03-25 平安科技(深圳)有限公司 Information processing method and apparatus
CN111125718A (en) * 2019-12-24 2020-05-08 北京三快在线科技有限公司 Unauthorized vulnerability detection method, device, equipment and storage medium
CN111416811A (en) * 2020-03-16 2020-07-14 携程旅游信息技术(上海)有限公司 Unauthorized vulnerability detection method, system, equipment and storage medium
CN112217835A (en) * 2020-10-23 2021-01-12 中国工商银行股份有限公司 Message data processing method and device, server and terminal equipment
CN112612810A (en) * 2020-12-23 2021-04-06 贝壳技术有限公司 Slow SQL statement identification method and system
CN112818371A (en) * 2021-02-23 2021-05-18 建信金融科技有限责任公司 Resource access control method, system, device, equipment and medium

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023273139A1 (en) * 2021-06-28 2023-01-05 深圳前海微众银行股份有限公司 Unauthorized access vulnerability detection method, apparatus and device, and computer program product
CN114244581A (en) * 2021-11-29 2022-03-25 西安四叶草信息技术有限公司 Cache poisoning vulnerability detection method and device, electronic equipment and storage medium
CN114244581B (en) * 2021-11-29 2024-03-29 西安四叶草信息技术有限公司 Cache poisoning vulnerability detection method and device, electronic equipment and storage medium

Also Published As

Publication number Publication date
WO2023273139A1 (en) 2023-01-05
CN113452710B (en) 2022-12-27

Similar Documents

Publication Publication Date Title
CN113452710B (en) Unauthorized vulnerability detection method, device, equipment and computer program product
EP2452287B1 (en) Anti-virus scanning
Crussell et al. Andarwin: Scalable detection of android application clones based on semantics
CN111414334A (en) File fragment uploading method, device, equipment and storage medium based on cloud technology
WO2020000743A1 (en) Webshell detection method and related device
US20170149830A1 (en) Apparatus and method for automatically generating detection rule
CN111651784A (en) Log desensitization method, device, equipment and computer readable storage medium
CN104978521B (en) A kind of method and system for realizing malicious code mark
US8656494B2 (en) System and method for optimization of antivirus processing of disk files
US9355250B2 (en) Method and system for rapidly scanning files
CN110084064B (en) Big data analysis processing method and system based on terminal
CN111813845A (en) ETL task-based incremental data extraction method, device, equipment and medium
KR20110086198A (en) Malignancy code infection blocking apparatus and system, method for the same
CN107437088B (en) File identification method and device
CN114172703A (en) Malicious software identification method, device and medium
CN111756750A (en) Secure access method, device, equipment and storage medium
CN113190838A (en) Web attack behavior detection method and system based on expression
CN112600864A (en) Verification code verification method, device, server and medium
CN114254069A (en) Domain name similarity detection method and device and storage medium
KR20210098297A (en) Computet program for detecting software vulnerability based on binary code clone
JP6258189B2 (en) Specific apparatus, specific method, and specific program
CN115495740A (en) Virus detection method and device
CN116028917A (en) Authority detection method and device, storage medium and electronic equipment
CN106789899B (en) Cross-domain message sending method and device based on HTML5
CN108255533B (en) System configuration changing method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant