CN113949526A - Access control method and device, storage medium and electronic equipment - Google Patents
Access control method and device, storage medium and electronic equipment Download PDFInfo
- Publication number
- CN113949526A CN113949526A CN202111045819.6A CN202111045819A CN113949526A CN 113949526 A CN113949526 A CN 113949526A CN 202111045819 A CN202111045819 A CN 202111045819A CN 113949526 A CN113949526 A CN 113949526A
- Authority
- CN
- China
- Prior art keywords
- access request
- data
- access
- http
- attack
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 238000004891 communication Methods 0.000 claims description 15
- 230000009467 reduction Effects 0.000 claims description 13
- 238000007781 pre-processing Methods 0.000 claims description 6
- 230000009466 transformation Effects 0.000 claims description 6
- 238000000605 extraction Methods 0.000 claims description 2
- 238000001514 detection method Methods 0.000 abstract description 12
- 238000000513 principal component analysis Methods 0.000 description 9
- 238000012545 processing Methods 0.000 description 5
- 238000013459 approach Methods 0.000 description 3
- 230000004044 response Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000010801 machine learning Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000012549 training Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000011022 operating instruction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Evolutionary Biology (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Bioinformatics & Computational Biology (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Artificial Intelligence (AREA)
- Life Sciences & Earth Sciences (AREA)
- Evolutionary Computation (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention discloses an access control method, an access control device, a storage medium and electronic equipment, wherein when an access request is received, a security model is used for judging whether the access request is a normal access request; and if the access request is not a normal access request, intercepting the access request, wherein the security model is obtained by performing unsupervised learning and supervised learning based on flow sample data, so that the detection of the access request is more sensitive, the detection accuracy and the data security are improved, and a feature library is not required to be configured, so that the frequent updating of the feature library is avoided.
Description
Technical Field
The invention relates to the technical field of computers, in particular to an access control method, an access control device, a storage medium and electronic equipment.
Background
With the development of the times, computer technology has penetrated into the aspects of people's lives, and the competition of the internet industry is more intense. While benefiting from the network to speed up the business operation, some organizations and departments have different degrees of attack and damage to the data on the network, and therefore, special protection needs to be performed on the data on the network by using a firewall so as to prevent attackers from obtaining the data. However, the existing firewall detects malicious access by adopting a feature library, and the detection accuracy is low, so that the data security is reduced.
Disclosure of Invention
In view of this, embodiments of the present invention provide an access control method, an access control device, a storage medium, and an electronic device, which mainly solve the problem that an existing firewall detects malicious access by using a feature library, and the detection accuracy is low, thereby reducing the security of data.
In a first aspect, an embodiment of the present invention provides an access control method, including:
acquiring flow sample data;
extracting Http/Http protocol traffic data based on the traffic sample data;
carrying out supervised learning and unsupervised learning on the Http/Http protocol traffic data to generate a safety model;
when an access request is received, judging whether the access request is a normal access request or not by using the security model; and if the access request is not a normal access request, intercepting the access request.
In a possible manner, the determining, by using the security model, whether the access request is a normal access request includes:
analyzing and acquiring request parameters carried by the access request according to the access request;
and matching the request parameters with normal access data in the security model, if the matching is successful, determining that the access request is a normal access request, and if the matching is failed, determining that the access request is not a normal access request.
In one possible approach, the method further comprises:
acquiring dynamic parameters;
and judging whether the dynamic parameters contain attack characters or not by using the security model, and deleting the attack characters or sending alarm information if the dynamic parameters contain the attack characters.
In one possible approach, the method further comprises:
obtaining a legal URL;
and marking the legal URL.
In one possible approach, the performing supervised learning and unsupervised learning on the Http/Http protocol traffic data to generate a safety model includes:
classifying the Http/Http protocol traffic data during unsupervised learning;
performing dimensionality reduction on the classified data by using a first preset algorithm;
adjusting the data subjected to the dimensionality reduction to obtain normal access data and attack access data;
acquiring calibrated service sample data and attack sample data when supervised learning is carried out;
reducing the dimension of the calibrated service sample data and attack sample data by using a second preset algorithm to obtain dimension-reduced data;
and optimizing the normal access data and the attack access data based on the data after the dimension reduction to obtain a security model.
In a possible mode, before performing the dimension reduction processing and the adjustment on the classified data, the method further includes:
and preprocessing the classified data, wherein the preprocessing comprises linear transformation, noise removal and redundant data.
In a possible manner, the first predetermined algorithm is a PCA algorithm, and the second predetermined algorithm is an LDA algorithm.
In a second aspect, an embodiment of the present invention provides an access control apparatus, including:
the acquisition module is used for acquiring flow sample data;
the extraction module is used for extracting Http/Http protocol flow data based on the flow sample data;
the generating module is used for performing supervised learning and unsupervised learning on the Http/Http protocol traffic data to generate a safety model;
the judging module is used for judging whether the access request is a normal access request or not by utilizing the security model when receiving the access request; and if the access request is not a normal access request, intercepting the access request.
In a third aspect, an embodiment of the present invention provides a storage medium, where at least one executable instruction is stored in the storage medium, and the executable instruction causes a processor to execute an operation corresponding to the access control method in any one of the above-mentioned aspects.
In a fourth aspect, an embodiment of the present invention provides an electronic device, including: the system comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction enables the processor to execute the operation corresponding to the access control method of any scheme.
According to the access control method, the access control device, the storage medium and the electronic equipment provided by the embodiment of the invention, when an access request is received, whether the access request is a normal access request is judged by using the security model; and if the access request is not a normal access request, intercepting the access request, wherein the security model is obtained by performing unsupervised learning and supervised learning based on flow sample data, so that the detection of the access request is more sensitive, the detection accuracy and the data security are improved, and a feature library is not required to be configured, so that the frequent updating of the feature library is avoided.
Drawings
The following drawings of the invention are included to provide a further understanding of the invention as a part of the examples. The drawings illustrate embodiments of the invention and, together with the description, serve to explain the principles of the invention.
In the drawings:
FIG. 1 is a flow diagram of an access control method according to an alternative embodiment of the present invention;
FIG. 2 is a flowchart of step S104 according to an alternative embodiment of the present invention;
FIG. 3 is a flowchart of step S103 according to an alternative embodiment of the present invention;
FIG. 4 is a flow chart of an access control method according to another alternative embodiment of the present invention;
FIG. 5 is a flow chart of an access control method according to yet another alternative embodiment of the present invention;
fig. 6 is a schematic structural diagram of an access control device according to an alternative embodiment of the present invention.
Detailed Description
In the following description, numerous specific details are set forth in order to provide a more thorough understanding of the present invention. It will be apparent, however, to one skilled in the art, that the present invention may be practiced without one or more of these specific details. In other instances, well-known features have not been described in order to avoid obscuring the invention.
It should be noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of exemplary embodiments according to the invention. As used herein, the singular is intended to include the plural unless the context clearly dictates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
Exemplary embodiments according to the present invention will now be described in more detail with reference to the accompanying drawings. These exemplary embodiments may, however, be embodied in many different forms and should not be construed as limited to only the embodiments set forth herein. It is to be understood that these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of these exemplary embodiments to those skilled in the art.
In a first aspect, an embodiment of the present invention provides an access control method, where an execution subject of the method may be a network device or a server in a network, or a module or a chip integrated on the network device or the server. Specifically, as shown in fig. 1, an access control method includes:
step S101: and acquiring flow sample data.
The traffic sample data may flow through a certain network element in the existing network architecture, such as: radio Network Controller (RNC), Serving GPRS Support Node (SGSN), and Gateway GPRS Support Node (GGSN). The traffic sample data may be obtained by periodically performing data acquisition on the network element by the execution main body, that is, obtaining traffic within a preset time period to form traffic sample data.
Step S102: and extracting the Http/Http protocol traffic data based on the traffic sample data.
The Http/Http protocol traffic data includes Http header information and payload information of access requests and responses, and specifically includes but is not limited to packet header parameters and parameter values, time, event classification, request and response context, source and destination information.
Step S103: and carrying out supervised learning and unsupervised learning on the Http/Http protocol flow data to generate a safety model.
One of unsupervised learning and machine learning with supervision. The unsupervised learning is a training mode of machine learning, which is essentially a statistical means, and can find potential structures in unlabeled data.
The supervised learning refers to a process of training a model by enabling a machine to learn a large amount of sample data with labels, and enabling the model to obtain corresponding output according to input. A function is generated by mapping a portion of the input data to an output data, such as a class, to map the output to an appropriate output.
The security model is obtained by performing unsupervised learning and supervised learning based on flow sample data, so that the detection of the access request is more sensitive, the detection accuracy and the data security are improved, a feature library does not need to be configured, and the feature library is prevented from being updated frequently.
Step S104: when receiving an access request, judging whether the access request is a normal access request by using a security model; if the access request is not a normal access request, step S105 is performed.
Step S105: an access request is intercepted.
Judging whether the access request is a normal access request or not through a security model, and if the access request is the normal access request, accessing normally; and if the access request is not a normal access request, intercepting the access request to protect the data to be accessed.
In the access control method provided by this embodiment, when an access request is received, a security model is used to determine whether the access request is a normal access request; and if the access request is not a normal access request, intercepting the access request, wherein the security model is obtained by performing unsupervised learning and supervised learning based on flow sample data, so that the detection of the access request is more sensitive, the detection accuracy and the data security are improved, and a feature library is not required to be configured, so that the frequent updating of the feature library is avoided.
Specifically, as shown in fig. 2, step S104 in the foregoing embodiment specifically includes:
Step S201: and analyzing and acquiring the request parameters carried by the access request according to the access request.
The request parameters include, but are not limited to, packet header parameters and parameter values, time, event classification, request and response context, source and destination information.
Step S202: the request parameters are matched with normal access data in the security model.
Step S203 a: and if the matching is successful, determining that the access request is a normal access request.
Step S203 b: if the matching fails, it is determined that the access request is not a normal access request.
The request parameters are matched with normal access data in the security model, the successfully matched access request is determined to be a normal access request, the unsuccessfully matched access request is determined not to be a normal access request, namely, the unsuccessfully matched access request is determined to be an access request of malicious attack, and therefore the request parameters are matched with the normal access data to determine whether the access request is a normal access mode.
Specifically, as shown in fig. 3, step S103 in the above embodiment includes:
step S301: and classifying the Http/Http protocol traffic data during unsupervised learning.
In the step, firstly, the Http/Http protocol flow data is subjected to dimension-increasing processing, and then classification processing is performed.
Step S302: and preprocessing the classified data, wherein the preprocessing comprises linear transformation, noise removal and redundant data.
And performing linear transformation on the classified data, and removing noise and redundant data, thereby reducing the interference of redundant data and noise and reducing the computation of subsequent processing.
Step S303: and performing dimensionality reduction on the classified data by using a first preset algorithm.
The first preset algorithm is a PCA algorithm, PCA (principal component analysis), also called principal component analysis, and aims to convert multiple indexes into a few comprehensive indexes by using the idea of dimension reduction. In statistics, principal component analysis, PCA, is a technique that simplifies the data set, and is a linear transformation. This transformation transforms the data into a new coordinate system such that the first large variance of any data projection is at the first coordinate (called the first principal component), the second large variance is at the second coordinate (the second principal component), and so on. Principal component analysis is often used to reduce the dimensionality of the data set while maintaining the features of the data set that contribute most to the variance. The high dimensional data is projected to a low latitude using the PCA algorithm in this step.
Step S304: and adjusting the data subjected to the dimensionality reduction to obtain normal access data and attack access data.
Step S305: and acquiring calibrated service sample data and attack sample data during supervised learning.
Step S306: and performing dimensionality reduction on the calibrated service sample data and the attack sample data by using a second preset algorithm to obtain dimensionality-reduced data.
And the second preset algorithm is an LDA algorithm. The LDA algorithm is a method which projects the points into a space with lower dimensionality, so that the projected points can be distinguished according to categories, under the condition that the points are clustered, and the points of the same category are closer to each other in the projected space.
Step S307: and optimizing the normal access data and the attack access data based on the data subjected to dimensionality reduction to obtain a security model.
In the embodiment, the normal access data and the attack access data obtained by unsupervised learning are optimized by using supervised learning, so that the normal access data and the attack access data are more accurate, and the accuracy of the security model is improved.
In other embodiments, as shown in fig. 4, the method further comprises:
step S401: and acquiring dynamic parameters. Wherein, the dynamic parameter is the parameter input by the visitor.
Step S402: and judging whether the dynamic parameters contain attack characters or not by using the security model, and deleting the attack characters or sending alarm information if the dynamic parameters contain the attack characters.
Specifically, the dynamic parameters are matched with normal access data in the security model, if partial characters in the dynamic parameters are not matched with the normal access data, attack characters are determined to be contained in the dynamic parameters, the unmatched characters are determined to be the attack characters, and then the attack characters are deleted, so that the submitted contents can not form cross-site scripting attacks, and the access security is further improved.
In some realizable modes, after the attack character is determined, the attack character is not deleted, but alarm information is sent to an administrator, and whether the attack character is deleted or not is determined by the administrator, so that the accuracy of attack character determination is improved.
In still other embodiments, as shown in fig. 5, the method further comprises:
step S501: and obtaining a legal URL.
The legal URL determining process comprises the following steps: and matching the URL with the normal access data in the security model, and if the matching is successful, determining that the URL is a legal URL.
Step S502: the legal URL is marked.
After the legal URL is marked, the legal URL can be distinguished from other URLs, so that whether the URL is legal or not can be conveniently identified.
In a second aspect, as shown in fig. 6, an embodiment of the present invention provides an access control apparatus, including:
an obtaining module 601, configured to obtain traffic sample data;
an extracting module 602, configured to extract Http/Http protocol traffic data based on traffic sample data;
a generating module 603, configured to perform supervised learning and unsupervised learning on Http/Http protocol traffic data, and generate a security model;
a judging module 604, configured to, when receiving an access request, judge whether the access request is a normal access request by using the security model; if the access request is not a normal access request, the access request is intercepted.
According to the access control device provided by the embodiment of the invention, when an access request is received, whether the access request is a normal access request is judged by using the security model; and if the access request is not a normal access request, intercepting the access request, wherein the security model is obtained by performing unsupervised learning and supervised learning based on flow sample data, so that the detection of the access request is more sensitive, the detection accuracy and the data security are improved, and a feature library is not required to be configured, so that the frequent updating of the feature library is avoided.
In a third aspect, an embodiment of the present invention provides a storage medium, where at least one executable instruction is stored in the storage medium, and the executable instruction causes a processor to execute an operation corresponding to any one of the foregoing access control methods.
In a fourth aspect, an embodiment of the present invention provides an electronic device, including: the processor, the memory, the communication interface and the communication bus, and the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction enables the processor to execute the operation corresponding to the access control method of any scheme.
In particular, the program may include program code comprising computer operating instructions.
The processor may be a central processing unit CPU or an application Specific Integrated circuit asic or one or more Integrated circuits configured as an embodiment of the invention. The computer device includes one or more processors, which may be the same type of processor, such as one or more CPUs; or may be different types of processors such as one or more CPUs and one or more ASICs.
And the memory is used for storing programs. The memory may comprise high-speed RAM memory, and may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
The present invention has been illustrated by the above embodiments, but it should be understood that the above embodiments are for illustrative and descriptive purposes only and are not intended to limit the invention to the scope of the described embodiments. Furthermore, it will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, and that many variations and modifications may be made in accordance with the teachings of the present invention, which variations and modifications are within the scope of the present invention as claimed. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (10)
1. An access control method, comprising:
acquiring flow sample data;
extracting Http/Http protocol traffic data based on the traffic sample data;
carrying out supervised learning and unsupervised learning on the Http/Http protocol traffic data to generate a safety model;
when an access request is received, judging whether the access request is a normal access request or not by using the security model; and if the access request is not a normal access request, intercepting the access request.
2. The method of claim 1, wherein said determining whether the access request is a normal access request using the security model comprises:
analyzing and acquiring request parameters carried by the access request according to the access request;
and matching the request parameters with normal access data in the security model, if the matching is successful, determining that the access request is a normal access request, and if the matching is failed, determining that the access request is not a normal access request.
3. The method of claim 1, further comprising:
acquiring dynamic parameters;
and judging whether the dynamic parameters contain attack characters or not by using the security model, and deleting the attack characters or sending alarm information if the dynamic parameters contain the attack characters.
4. The method of claim 3, further comprising:
obtaining a legal URL;
and marking the legal URL.
5. The method of claim 1, wherein the learning the Http/Http protocol traffic data with and without supervision, generating a security model comprises:
Classifying the Http/Http protocol traffic data during unsupervised learning;
performing dimensionality reduction on the classified data by using a first preset algorithm;
adjusting the data subjected to the dimensionality reduction to obtain normal access data and attack access data;
acquiring calibrated service sample data and attack sample data when supervised learning is carried out;
reducing the dimension of the calibrated service sample data and attack sample data by using a second preset algorithm to obtain dimension-reduced data;
and optimizing the normal access data and the attack access data based on the data after the dimension reduction to obtain a security model.
6. The method of claim 5, wherein before performing the dimensionality reduction and adjustment on the classified data, the method further comprises:
and preprocessing the classified data, wherein the preprocessing comprises linear transformation, noise removal and redundant data.
7. The method of claim 5, wherein the first predetermined algorithm is a PCA algorithm and the second predetermined algorithm is an LDA algorithm.
8. An access control apparatus, comprising:
the acquisition module is used for acquiring flow sample data;
The extraction module is used for extracting Http/Http protocol flow data based on the flow sample data;
the generating module is used for performing supervised learning and unsupervised learning on the Http/Http protocol traffic data to generate a safety model;
the judging module is used for judging whether the access request is a normal access request or not by utilizing the security model when receiving the access request; and if the access request is not a normal access request, intercepting the access request.
9. A storage medium having stored therein at least one executable instruction for causing a processor to perform operations corresponding to the access control method according to any one of claims 1 to 7.
10. An electronic device, comprising: the system comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction causes the processor to execute the corresponding operation of the access control method according to any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111045819.6A CN113949526A (en) | 2021-09-07 | 2021-09-07 | Access control method and device, storage medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111045819.6A CN113949526A (en) | 2021-09-07 | 2021-09-07 | Access control method and device, storage medium and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113949526A true CN113949526A (en) | 2022-01-18 |
Family
ID=79328135
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111045819.6A Pending CN113949526A (en) | 2021-09-07 | 2021-09-07 | Access control method and device, storage medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113949526A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114598552A (en) * | 2022-03-29 | 2022-06-07 | 邹瀴 | Interface access control method and device, electronic equipment and storage medium |
| CN114679320A (en) * | 2022-03-29 | 2022-06-28 | 杭州安恒信息技术股份有限公司 | Server protection method and device and readable storage medium |
| CN115189938A (en) * | 2022-07-06 | 2022-10-14 | 武汉极意网络科技有限公司 | Service safety protection method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105915555A (en) * | 2016-06-29 | 2016-08-31 | 北京奇虎科技有限公司 | Method and system for detecting network anomalous behavior |
| CN109143848A (en) * | 2017-06-27 | 2019-01-04 | 中国科学院沈阳自动化研究所 | Industrial control system intrusion detection method based on FCM-GASVM |
| WO2019109743A1 (en) * | 2017-12-07 | 2019-06-13 | 阿里巴巴集团控股有限公司 | Url attack detection method and apparatus, and electronic device |
| CN110427958A (en) * | 2019-06-13 | 2019-11-08 | 浙江师范大学 | A kind of reaction type classification method merging unsupervised learning and supervised learning |
-
2021
- 2021-09-07 CN CN202111045819.6A patent/CN113949526A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105915555A (en) * | 2016-06-29 | 2016-08-31 | 北京奇虎科技有限公司 | Method and system for detecting network anomalous behavior |
| CN109143848A (en) * | 2017-06-27 | 2019-01-04 | 中国科学院沈阳自动化研究所 | Industrial control system intrusion detection method based on FCM-GASVM |
| WO2019109743A1 (en) * | 2017-12-07 | 2019-06-13 | 阿里巴巴集团控股有限公司 | Url attack detection method and apparatus, and electronic device |
| CN110427958A (en) * | 2019-06-13 | 2019-11-08 | 浙江师范大学 | A kind of reaction type classification method merging unsupervised learning and supervised learning |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114598552A (en) * | 2022-03-29 | 2022-06-07 | 邹瀴 | Interface access control method and device, electronic equipment and storage medium |
| CN114679320A (en) * | 2022-03-29 | 2022-06-28 | 杭州安恒信息技术股份有限公司 | Server protection method and device and readable storage medium |
| CN115189938A (en) * | 2022-07-06 | 2022-10-14 | 武汉极意网络科技有限公司 | Service safety protection method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10860720B2 (en) | Static anomaly-based detection of malware files | |
| CN113949526A (en) | Access control method and device, storage medium and electronic equipment | |
| CN103888490B (en) | A kind of man-machine knowledge method for distinguishing of full automatic WEB client side | |
| CN109768992B (en) | Webpage malicious scanning processing method and device, terminal device and readable storage medium | |
| US10038706B2 (en) | Systems, devices, and methods for separating malware and background events | |
| EP3051767A1 (en) | Method and apparatus for automatically identifying signature of malicious traffic using latent dirichlet allocation | |
| US11019096B2 (en) | Combining apparatus, combining method, and combining program | |
| CN114553523A (en) | Attack detection method and device based on attack detection model, medium and equipment | |
| CN111164575B (en) | Sample data generating device, sample data generating method, and computer-readable storage medium | |
| CN111586005B (en) | Scanner scanning behavior identification method and device | |
| CN110888838A (en) | Object storage based request processing method, device, equipment and storage medium | |
| CN109948335B (en) | System and method for detecting malicious activity in a computer system | |
| CN104023046B (en) | Mobile terminal recognition method and device | |
| CN113472803A (en) | Vulnerability attack state detection method and device, computer equipment and storage medium | |
| US11550920B2 (en) | Determination apparatus, determination method, and determination program | |
| US8224997B2 (en) | Document source debugger | |
| CN108156127B (en) | Network attack mode judging device, judging method and computer readable storage medium thereof | |
| CN113704328A (en) | User behavior big data mining method and system based on artificial intelligence | |
| CN115695043A (en) | Vulnerability scanning attack detection method, model training method and device | |
| CN110955890B (en) | Method and device for detecting malicious batch access behaviors and computer storage medium | |
| CN113949528A (en) | Access control method and device based on flow data, storage medium and equipment | |
| CN113765850B (en) | Internet of things abnormality detection method and device, computing equipment and computer storage medium | |
| CN108650274B (en) | Network intrusion detection method and system | |
| CN107995167B (en) | Equipment identification method and server | |
| CN116015772A (en) | Malicious website processing method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 101100 No. 9-2074, Liangli Third Street, East District, economic development zone, Tongzhou District, Beijing Applicant after: Zhongyun Wangan Technology Co.,Ltd. Address before: 705, floor 7, block D, floor 6, building 1, No. 6, Jianguomenwai street, Chaoyang District, Beijing 100022 (inner 1) Applicant before: Zhongyun Wangan Technology Co.,Ltd. |