CN113645222A - Message flow detection method, system, device and computer readable storage medium - Google Patents
Message flow detection method, system, device and computer readable storage medium Download PDFInfo
- Publication number
- CN113645222A CN113645222A CN202110907955.5A CN202110907955A CN113645222A CN 113645222 A CN113645222 A CN 113645222A CN 202110907955 A CN202110907955 A CN 202110907955A CN 113645222 A CN113645222 A CN 113645222A
- Authority
- CN
- China
- Prior art keywords
- request message
- detected
- message
- information
- detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/30—Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
- G06F16/35—Clustering; Classification
- G06F16/353—Clustering; Classification into predefined classes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/20—Natural language analysis
- G06F40/205—Parsing
- G06F40/216—Parsing using statistical methods
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/20—Natural language analysis
- G06F40/279—Recognition of textual entities
- G06F40/284—Lexical analysis, e.g. tokenisation or collocates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/045—Combinations of networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Physics & Mathematics (AREA)
- Artificial Intelligence (AREA)
- Health & Medical Sciences (AREA)
- Computational Linguistics (AREA)
- General Health & Medical Sciences (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Data Mining & Analysis (AREA)
- Computer Hardware Design (AREA)
- Biophysics (AREA)
- Software Systems (AREA)
- Mathematical Physics (AREA)
- Molecular Biology (AREA)
- Evolutionary Computation (AREA)
- Biomedical Technology (AREA)
- Life Sciences & Earth Sciences (AREA)
- Audiology, Speech & Language Pathology (AREA)
- Databases & Information Systems (AREA)
- Probability & Statistics with Applications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses a message flow detection method, a system, a device and a computer readable storage medium, comprising: acquiring a request message to be detected; analyzing the request message to be detected, and acquiring dimension information of the request message to be detected; extracting feature information of the request message to be detected from the dimension information by using a preset feature extraction model; and analyzing the characteristic information by using a preset detection and identification model, and judging whether the request message to be detected belongs to a normal message. According to the method and the device, the request message is linearly analyzed to obtain bitmap information capable of reflecting the characteristics of the request message, useless data is filtered for subsequent characteristic extraction, extraction speed is increased, the characteristic information of the request message is extracted and analyzed by using a characteristic extraction model and a detection identification model of machine learning, whether the request message to be detected is a normal message or an abnormal message can be accurately and quickly judged, detection speed and accuracy are improved, and filtering performance and protective performance are improved.
Description
Technical Field
The present invention relates to the field of cloud security, and in particular, to a method, a system, an apparatus, and a computer-readable storage medium for detecting packet traffic.
Background
Along with the informatization of life, people can not leave the internet in life, and the internet brings convenience to people and provides a criminal way for lawbreakers. The network attacker can customize the malicious request message to carry out network attack by utilizing the network characteristics.
In order to effectively prevent network attacks, the network security protection engine needs to detect the flow of each request message, but there are many normal request messages and few abnormal request messages every day, and if each request message is detected, the detection performance of the protection engine is greatly lost.
At present, a common method is to add rules to filter some normal request messages before detection, but the rules can only filter specific messages and cannot identify and filter some messages with similar semantics.
Therefore, a message traffic detection method with better protection performance is needed.
Disclosure of Invention
In view of this, the present invention provides a method, a system, a device and a computer readable storage medium for detecting message traffic, so as to improve protection performance. The specific scheme is as follows:
a message flow detection method comprises the following steps:
acquiring a request message to be detected;
analyzing the request message to be detected to acquire dimension information of the request message to be detected;
extracting the feature information of the request message to be detected from the dimension information by using a preset feature extraction model;
analyzing the characteristic information by using a preset detection identification model, and judging whether the request message to be detected belongs to a normal message or not;
the feature extraction model is obtained by training through the dimension information of the historical request message to be detected, and the detection identification model is obtained by training through the feature information of the historical request message to be detected.
Optionally, the process of extracting the feature information of the request packet to be detected from the dimension information by using a preset feature extraction model includes:
and extracting the feature information of the request message to be detected from the dimension information by using a feature extraction model established based on a TFIDF algorithm or a word2vec algorithm.
Optionally, the analyzing the characteristic information by using a preset detection and identification model to determine whether the request packet to be detected belongs to a normal packet includes:
and analyzing the characteristic information by using a detection and identification model established based on a two-classification algorithm, and judging whether the request message to be detected belongs to a normal message.
Optionally, the process of analyzing the request packet to be detected and acquiring the dimension information of the request packet to be detected includes:
and analyzing the request message to be detected, and acquiring a request message header, a request URL (uniform resource locator) and a request message body of the request message to be detected.
The invention also discloses a message flow detection system, which comprises:
the message acquisition module is used for acquiring a request message to be detected;
the message analysis module is used for analyzing the request message to be detected and acquiring the dimension information of the request message to be detected;
the characteristic extraction module is used for extracting the characteristic information of the request message to be detected from the dimension information by using a preset characteristic extraction model;
the identification detection module is used for analyzing the characteristic information by using a preset detection identification model and judging whether the request message to be detected belongs to a normal message or not;
the feature extraction model is obtained by training through the dimension information of the historical request message to be detected, and the detection identification model is obtained by training through the feature information of the historical request message to be detected.
Optionally, the feature extraction module is specifically configured to extract feature information of the request packet to be detected from the dimensional information by using a feature extraction model established based on a TFIDF algorithm or a word2vec algorithm.
Optionally, the identification detection module is specifically configured to analyze the feature information by using a detection identification model established based on a binary algorithm, and determine whether the request packet to be detected belongs to a normal packet.
Optionally, the message parsing module is specifically configured to parse the request message to be detected, and obtain a request message header, a request URL, and a request message body of the request message to be detected.
The invention also discloses a message flow detection device, which comprises:
a memory for storing a computer program;
a processor for executing the computer program to implement the message flow detection method as described above.
The invention also discloses a computer readable storage medium, which stores a computer program, and the computer program is executed by a processor to realize the message flow detection method.
The invention discloses a message flow detection method, which comprises the following steps: acquiring a request message to be detected; analyzing the request message to be detected, and acquiring dimension information of the request message to be detected; extracting feature information of the request message to be detected from the dimension information by using a preset feature extraction model; analyzing the characteristic information by using a preset detection recognition model, and judging whether the request message to be detected belongs to a normal message or not; the characteristic extraction model is obtained by training through the dimension information of the historical request message to be detected, and the detection identification model is obtained by training through the characteristic information of the historical request message to be detected.
According to the method and the device, the request message is linearly analyzed to obtain bitmap information capable of reflecting the characteristics of the request message, useless data is filtered for subsequent characteristic extraction, the extraction speed is increased, the characteristic information of the request message is extracted and analyzed by using a characteristic extraction model and a detection identification model of machine learning respectively, whether the request message to be detected is a normal message or an abnormal message can be accurately and quickly judged, the detection speed and the detection accuracy are improved, and the filtering performance and the protection performance are improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a schematic flow chart of a message traffic detection method disclosed in the embodiment of the present invention;
fig. 2 is a schematic structural diagram of an http protocol disclosed in an embodiment of the present invention;
fig. 3 is a schematic diagram of an http message structure disclosed in the embodiment of the present invention;
fig. 4 is a schematic structural diagram of a message traffic detection system according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The embodiment of the invention discloses a message flow detection method, which is shown in figure 1 and comprises the following steps:
s11: acquiring a request message to be detected;
s12: and analyzing the request message to be detected to obtain the dimension information of the request message to be detected.
Specifically, after the request message to be detected is obtained, the dimensional information of the request message to be detected can be separated from the request message to be detected by using a simple analysis tool, and the dimensional information can be data capable of embodying the characteristics of the request message, such as a request message header, a request URL, a request message body, and the like. By preliminarily extracting the dimension information of the request message to be detected, a large amount of information which cannot reflect the characteristics of the request message in the request message can be filtered, so that the subsequent characteristic extraction speed is accelerated.
S13: and extracting the characteristic information of the request message to be detected from the dimension information by using a preset characteristic extraction model.
Specifically, a machine learning method is used for training the dimensional information of the historical request message to be detected to obtain a feature extraction model, and the feature information of the request message to be detected can be rapidly extracted from the dimensional information through the feature extraction model.
Further, the step of extracting the feature information of the request packet to be detected from the dimension information by using the preset feature extraction model in S13 may specifically include:
s131: and calculating a word frequency inverse document frequency matrix of the dimension information by using a TFIDF algorithm in the feature extraction model.
In particular, TF-IDF (Term Frequency Inverse Document Frequency) is a statistical method for evaluating the importance of a word to a Document set or one of the documents in a corpus. The importance of a word increases in proportion to the number of times it appears in a document, but at the same time decreases in inverse proportion to the frequency with which it appears in the corpus. The specific calculation formula is as follows:
TFIDF=TF*IDF;
in the formula, TFwIndicating the word frequency, IDF, of the word wwDenotes the inverse text frequency index of the word w and TFIDF denotes the word frequency inverse document frequency.
Specific examples are as follows:
suppose there are four documents, the contents of which are: "Chinese Beijing Chinese", "Chinese Chinese Shanghai", "Chinese Macao", "Tokyo Japan Chinese".
The feature vectors are [ 'beijing', 'chinensis', 'japan', 'macao', 'shanghai', 'tokyo' ].
The TF matrix is then:
[[1 2 0 0 0 0]
[0 2 0 0 1 0]
[0 1 0 1 0 0]
[0 1 1 0 0 1]]
the TFIDF matrix is then:
it can be understood that, in the process of calculating the word frequency inverse document frequency matrix for the request message, since the request message is all english, the letters in english can be extracted, and the word frequency can be calculated by permutation and combination of twelve files.
S132: and normalizing the word frequency inverse document frequency matrix by using a word2vec algorithm in the feature extraction model, and extracting feature information of the request message to be detected from the dimension information.
In particular, word2vec includes a series of models used to generate word vectors. These models are shallow, two-layer neural networks that are trained to reconstruct linguistic word text. The network is represented by words and the input words in adjacent positions are guessed, and the order of the words is unimportant under the assumption of the bag-of-words model in word2 vec. After training is completed, the word2vec model can be used to map each word to a vector, which can be used to represent word-to-word relationships, and the vector is a hidden layer of the neural network. After the vector of each word is obtained, the vectors of all words in a sentence can be added and averaged to be used as the vector representation of the sentence. word2vec includes both CBOW and Skip-gram models.
Specifically, the word frequency inverse document frequency matrix is subjected to normalization processing through a word2vec algorithm, and the dimension reduction can be performed on the word frequency inverse document frequency matrix, so that the feature information capable of effectively reflecting the features of the request message to be detected is screened out.
S14: and analyzing the characteristic information by using a preset detection and identification model, and judging whether the request message to be detected belongs to a normal message.
Specifically, the initial detection recognition model is trained by utilizing the characteristic information of the historical request messages to be detected, the obtained black samples with wrong recognition are added into the training set of the next training again for continuous training, and thus, the detection recognition model finally trained can be ensured to accurately recognize most request messages to be detected through repeated training, and the accuracy can be improved to more than 98%.
Specifically, the characteristic information may be analyzed by using a detection and recognition model established based on a two-classification algorithm, and whether the request packet to be detected belongs to a normal packet or not may be determined. Integrating feature information data of each dimension, and inputting the feature information data into a detection identification model to obtain a probability value result (p, q) of a request message to be detected, wherein p is a normal tendency value, q is an abnormal tendency value, p + q is 1, and both p and q are numerical values which are greater than or equal to 0 and less than or equal to 1; and adding threshold filtering, wherein if p is greater than or equal to a preset filtering threshold, the request message to be detected belongs to normal message data, and otherwise, the request message to be detected belongs to abnormal message data.
The binary algorithm can specifically select a support vector machine algorithm, an XGboost algorithm, a LightGBM algorithm and the like, can construct 5 layers of cross identification verification on the detection identification model, or can increase the number of verification layers according to the actual application requirements to improve the accuracy, or reduce the number of verification layers to improve the verification speed.
Therefore, the embodiment of the invention obtains the bitmap information capable of reflecting the characteristics of the request message by linearly analyzing the request message, filters useless data for subsequent characteristic extraction and accelerates the extraction speed, and extracts and analyzes the characteristic information of the request message by utilizing the characteristic extraction model and the detection identification model of machine learning respectively, so that whether the request message to be detected is a normal message or an abnormal message can be accurately and quickly judged, the detection speed and the detection accuracy are improved, and the filtering performance and the protection performance are improved.
Further, the embodiment of the present invention also discloses a specific application scenario of a message flow detection method for a request message to be detected in an http protocol, which includes:
specifically, as shown in fig. 2 and fig. 3, in general, attacks generally occur in a URI (uniform resource Identifier), a value field of a request header, and a request body part, and different feature extraction methods are adopted for different message types, for example, when extracting a feature value for a GET message, a feature value is extracted from the URI and the request header, and when extracting a feature value for a POST message, a feature value is extracted from the URI, the request header, and the request body string. Wherein, the initial line is the request line in the request message.
The processing mode of the URI part in the request message is as follows:
for example, http:// www.example.com/path/file. typeparam ═ value;
the http:// www.example.com/does not need to be processed, and path, file, file.type and value need to be extracted as four types of data with different dimensions.
The processing mode of the request header field in the request message is as follows:
for example: head 1: value 1;
header2:value2;
the header1_ value1, header2_ value2, value1 and value2 are required to be extracted as four types of data with different dimensions.
The extraction process of the request main body in the POST message is as follows:
specifically, the POST message analyzes the request body according to the Content-Type classification in the request header, for example, as shown in fig. 3, the Content-Type: extracting each value character string in key value in a request subject as feature extraction; and as Content-Type: and in application/json, extracting a value character string in { "key": value "} in the json message as feature extraction.
Correspondingly, the embodiment of the present invention further discloses a message traffic detection system, as shown in fig. 4, the system includes:
a message obtaining module 11, configured to obtain a request message to be detected;
the message analysis module 12 is configured to analyze the request message to be detected, and acquire dimension information of the request message to be detected;
the feature extraction module 13 is configured to extract feature information of the request message to be detected from the dimension information by using a preset feature extraction model;
the identification detection module 14 is configured to analyze the characteristic information by using a preset detection identification model, and determine whether the request message to be detected belongs to a normal message;
the characteristic extraction model is obtained by training through the dimension information of the historical request message to be detected, and the detection identification model is obtained by training through the characteristic information of the historical request message to be detected.
Therefore, the embodiment of the invention obtains the bitmap information capable of reflecting the characteristics of the request message by linearly analyzing the request message, filters useless data for subsequent characteristic extraction and accelerates the extraction speed, and extracts and analyzes the characteristic information of the request message by utilizing the characteristic extraction model and the detection identification model of machine learning respectively, so that whether the request message to be detected is a normal message or an abnormal message can be accurately and quickly judged, the detection speed and the detection accuracy are improved, and the filtering performance and the protection performance are improved.
Specifically, the feature extraction module 13 is specifically configured to extract feature information of the request packet to be detected from the dimension information by using a feature extraction model established based on a TFIDF algorithm or a word2vec algorithm.
Specifically, the identification detection module 14 is specifically configured to analyze the characteristic information by using a detection identification model established based on a binary algorithm, and determine whether the request packet to be detected belongs to a normal packet.
Specifically, the message parsing module 12 is specifically configured to parse the request message to be detected, and obtain a request message header, a request URL, and a request message body of the request message to be detected.
In addition, the embodiment of the invention also discloses a message flow detection device, which comprises:
a memory for storing a computer program;
and the processor is used for executing the computer program to realize the message flow detection method.
In addition, the embodiment of the invention also discloses a computer readable storage medium, wherein a computer program is stored on the computer readable storage medium, and when being executed by a processor, the computer program realizes the message flow detection method.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The technical content provided by the present invention is described in detail above, and the principle and the implementation of the present invention are explained in this document by applying specific examples, and the above description of the examples is only used to help understanding the method of the present invention and the core idea thereof; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (10)
1. A message flow detection method is characterized by comprising the following steps:
acquiring a request message to be detected;
analyzing the request message to be detected to acquire dimension information of the request message to be detected;
extracting the feature information of the request message to be detected from the dimension information by using a preset feature extraction model;
analyzing the characteristic information by using a preset detection identification model, and judging whether the request message to be detected belongs to a normal message or not;
the feature extraction model is obtained by training through the dimension information of the historical request message to be detected, and the detection identification model is obtained by training through the feature information of the historical request message to be detected.
2. The message traffic detection method according to claim 1, wherein the process of extracting the feature information of the request message to be detected from the dimensional information by using a preset feature extraction model includes:
calculating a word frequency inverse document frequency matrix of the dimension information by using a TFIDF algorithm in the feature extraction model;
and normalizing the word frequency inverse document frequency matrix by using a word2vec algorithm in the feature extraction model, and extracting feature information of the request message to be detected from the dimension information.
3. The message traffic detection method according to claim 2, wherein the process of analyzing the feature information by using a preset detection recognition model and determining whether the request message to be detected belongs to a normal message comprises:
and analyzing the characteristic information by using a detection and identification model established based on a two-classification algorithm, and judging whether the request message to be detected belongs to a normal message.
4. The message flow detection method according to any one of claims 1 to 3, wherein the process of analyzing the request message to be detected and acquiring the dimension information of the request message to be detected includes:
and analyzing the request message to be detected, and acquiring a request message header, a request URL (uniform resource locator) and a request message body of the request message to be detected.
5. A message traffic detection system, comprising:
the message acquisition module is used for acquiring a request message to be detected;
the message analysis module is used for analyzing the request message to be detected and acquiring the dimension information of the request message to be detected;
the characteristic extraction module is used for extracting the characteristic information of the request message to be detected from the dimension information by using a preset characteristic extraction model;
the identification detection module is used for analyzing the characteristic information by using a preset detection identification model and judging whether the request message to be detected belongs to a normal message or not;
the feature extraction model is obtained by training through the dimension information of the historical request message to be detected, and the detection identification model is obtained by training through the feature information of the historical request message to be detected.
6. The message traffic detection system according to claim 5, wherein the feature extraction module is specifically configured to extract the feature information of the request message to be detected from the dimensional information by using a feature extraction model established based on a TFIDF algorithm or a word2vec algorithm.
7. The message traffic detection system according to claim 6, wherein the identification detection module is specifically configured to analyze the feature information by using a detection identification model established based on a classification algorithm, and determine whether the request message to be detected belongs to a normal message.
8. The message flow detection system according to any one of claims 5 to 7, wherein the message parsing module is specifically configured to parse the request message to be detected, and obtain a request message header, a request URL, and a request message body of the request message to be detected.
9. A message flow detection device is characterized by comprising:
a memory for storing a computer program;
a processor for executing the computer program to implement the message traffic detection method according to any of claims 1 to 4.
10. A computer-readable storage medium, wherein a computer program is stored on the computer-readable storage medium, and when executed by a processor, the computer program implements the message traffic detection method according to any one of claims 1 to 4.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110907955.5A CN113645222A (en) | 2021-08-09 | 2021-08-09 | Message flow detection method, system, device and computer readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110907955.5A CN113645222A (en) | 2021-08-09 | 2021-08-09 | Message flow detection method, system, device and computer readable storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113645222A true CN113645222A (en) | 2021-11-12 |
Family
ID=78420252
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110907955.5A Withdrawn CN113645222A (en) | 2021-08-09 | 2021-08-09 | Message flow detection method, system, device and computer readable storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113645222A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114297641A (en) * | 2021-12-31 | 2022-04-08 | 深信服科技股份有限公司 | Method, system, storage medium and terminal for detecting abnormality of Web application |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110276640A (en) * | 2019-06-10 | 2019-09-24 | 北京云莱坞文化传媒有限公司 | More granularities of copyright are split and its method for digging of commercial value |
CN111526141A (en) * | 2020-04-17 | 2020-08-11 | 福州大学 | Web anomaly detection method and system based on Word2vec and TF-IDF |
US20210019422A1 (en) * | 2019-07-17 | 2021-01-21 | Vmware, Inc. | Feature selection using term frequency-inverse document frequency (tf-idf) model |
-
2021
- 2021-08-09 CN CN202110907955.5A patent/CN113645222A/en not_active Withdrawn
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110276640A (en) * | 2019-06-10 | 2019-09-24 | 北京云莱坞文化传媒有限公司 | More granularities of copyright are split and its method for digging of commercial value |
US20210019422A1 (en) * | 2019-07-17 | 2021-01-21 | Vmware, Inc. | Feature selection using term frequency-inverse document frequency (tf-idf) model |
CN111526141A (en) * | 2020-04-17 | 2020-08-11 | 福州大学 | Web anomaly detection method and system based on Word2vec and TF-IDF |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114297641A (en) * | 2021-12-31 | 2022-04-08 | 深信服科技股份有限公司 | Method, system, storage medium and terminal for detecting abnormality of Web application |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106961419B (en) | WebShell detection method, device and system | |
CN109858248B (en) | Malicious Word document detection method and device | |
CN111818198B (en) | Domain name detection method, domain name detection device, equipment and medium | |
CN113194058B (en) | WEB attack detection method, equipment, website application layer firewall and medium | |
CN110909531B (en) | Information security screening method, device, equipment and storage medium | |
EP3703329A1 (en) | Webpage request identification | |
CN111444349A (en) | Information extraction method and device, computer equipment and storage medium | |
CN113076735A (en) | Target information acquisition method and device and server | |
CN112948725A (en) | Phishing website URL detection method and system based on machine learning | |
CN112492606A (en) | Classification and identification method and device for spam messages, computer equipment and storage medium | |
CN114650176A (en) | Phishing website detection method and device, computer equipment and storage medium | |
CN113645222A (en) | Message flow detection method, system, device and computer readable storage medium | |
CN113918936A (en) | SQL injection attack detection method and device | |
CN115314268B (en) | Malicious encryption traffic detection method and system based on traffic fingerprint and behavior | |
CN114169432B (en) | Cross-site scripting attack recognition method based on deep learning | |
CN111083705A (en) | Group-sending fraud short message detection method, device, server and storage medium | |
CN113472686B (en) | Information identification method, device, equipment and storage medium | |
CN112468444B (en) | Internet domain name abuse identification method and device, electronic equipment and storage medium | |
CN109977298A (en) | A method of extracting the accurate substring of longest from regular expression | |
CN114722385A (en) | Flow information analysis method, system and related components | |
CN116414976A (en) | Document detection method and device and electronic equipment | |
CN114048311A (en) | Phishing early warning method, device, equipment and storage medium | |
CN113992390A (en) | Phishing website detection method and device and storage medium | |
KR20220157565A (en) | Apparatus and method for detecting web scanning attack | |
CN115329756B (en) | Execution body extraction method and device, storage medium and electronic equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20211112 |
|
WW01 | Invention patent application withdrawn after publication |