CN114417079A - Cloud edge collaborative application real-time identification method and system - Google Patents

Cloud edge collaborative application real-time identification method and system Download PDF

Info

Publication number
CN114417079A
CN114417079A CN202111586019.5A CN202111586019A CN114417079A CN 114417079 A CN114417079 A CN 114417079A CN 202111586019 A CN202111586019 A CN 202111586019A CN 114417079 A CN114417079 A CN 114417079A
Authority
CN
China
Prior art keywords
application
information
characteristic
identification
feature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111586019.5A
Other languages
Chinese (zh)
Inventor
王春文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Maxnet Network Safety Technology Co ltd
Original Assignee
Suzhou Maxnet Network Safety Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Maxnet Network Safety Technology Co ltd filed Critical Suzhou Maxnet Network Safety Technology Co ltd
Priority to CN202111586019.5A priority Critical patent/CN114417079A/en
Publication of CN114417079A publication Critical patent/CN114417079A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/903Querying
    • G06F16/90335Query processing
    • G06F16/90344Query processing by using string matching techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/901Indexing; Data structures therefor; Storage structures

Abstract

The invention discloses a cloud edge collaborative application real-time identification method and system. According to the invention, the computing power of the equipment is fully utilized by combining the cloud computing and the edge computing, and the efficiency of the identification process and the accuracy of the identification result are improved. In the execution process of the method, the cloud can customize different feature libraries according to different gateway access conditions, effectively save the storage space of the gateway and avoid the influence on the identification speed. Meanwhile, the cloud terminal also has the capability of issuing conditions in real time, so that the timeliness of the feature library in the method execution process is fully guaranteed, and a foundation is laid for the development of other subsequent services.

Description

Cloud edge collaborative application real-time identification method and system
Technical Field
The invention relates to an application identification scheme, in particular to a cloud-edge collaborative application real-time identification method and system, and belongs to the field of edge computing and cloud computing.
Background
Edge computing refers to that an open platform integrating core capabilities such as network, computing, storage, application and the like is adopted on one side close to an object or a data source to provide nearest-end service nearby. The application program is initiated at the edge side, so that a faster network service response can be generated, and the basic requirements of the industry in the aspects of real-time business, application intelligence, safety, privacy protection and the like are met. Typically, the edge computation is between the physical entity and the industrial connection, or on top of the physical entity.
In the current stage of service scene, the traffic is usually identified only by using an edge calculation mode, that is, by using a gateway side application identification plug-in, this operation mode makes all the features need to be stored on the gateway, which not only occupies a large space and affects the identification speed, but also results in that real-time update cannot be realized in the later stage. The fact that the scheme cannot be updated in real time means that timeliness is lost, for example, a characteristic of timeliness such as an IP address is often bound to different domain names in different time periods, and if updating cannot be achieved in time, other services such as user imaging and threat warning in the later period must be affected. Also for the above reasons, the prior art cannot fully satisfy the use requirement for part of service scenarios.
Cloud computing is one of distributed computing, and refers to decomposing a huge data computing processing program into countless small programs through a network cloud, and then processing and analyzing the small programs through a system consisting of a plurality of servers to obtain results and returning the results to a user. With this technique, tens of thousands of data can be processed in a short time (several seconds), thereby realizing various network services.
In summary, if a brand-new cloud-edge collaborative application real-time identification scheme can be provided on the basis of the prior art, the application frequently accessed by each gateway is analyzed, and the feature library is updated in a cloud delivery manner, so that not only can gateway resources be saved, but also the real-time requirement of a service scene can be met.
Disclosure of Invention
In view of the above defects in the prior art, the present invention provides a cloud-edge collaborative application real-time identification method and system, which are as follows.
A cloud edge collaborative application real-time identification method comprises an edge side flow, wherein the edge side flow comprises the following steps:
acquiring feature information with different dimensionalities according to access information of a user, identifying the acquired feature information, and reporting a feature identification result;
receiving issued characteristic information from an application identification platform, wherein the issued characteristic information is data information generated after the application identification platform identifies, processes and encapsulates the reported characteristic identification result, and identifies and processes the issued characteristic information;
receiving the issuing configuration from the user, and executing corresponding operation according to the issuing configuration.
Preferably, the acquiring feature information of different dimensions according to the access information of the user, identifying the acquired feature information, and reporting a feature identification result includes:
acquiring feature information of different dimensions according to access information of a user, wherein the feature information at least comprises domain name information in an analysis message and payload information in an http message;
and performing application characteristic identification on the characteristic information by using an application identification engine, reporting the identified characteristic information to an application identification platform, performing aggregation and sorting on the unidentified characteristic information, and reporting the characteristic information to the application identification platform after a reporting period is reached.
Preferably, the receiving the delivered feature information from the application identification platform, where the delivered feature information is data information generated by the application identification platform after identifying, processing and encapsulating the reported feature identification result, and the identifying and processing the delivered feature information includes:
receiving issued characteristic information from an application identification platform, and identifying and processing the issued characteristic information;
and storing the first N processed issued feature information into a feature library, wherein the feature library mainly comprises five fields respectively representing an application number, an application feature value, an application Chinese name and an application feature type, and N represents a default threshold value set manually.
Preferably, the receiving the delivery configuration from the user, and executing the corresponding operation according to the delivery configuration includes:
and processing the flow accessed by the user, and if the flow is in accordance with the rule in the feature library, performing subsequent strategy matching and executing corresponding operation, wherein the corresponding operation at least comprises flow interception and safety alarm.
A cloud-edge collaborative application real-time recognition system, comprising an application recognition plug-in, the application recognition plug-in comprising:
the characteristic acquisition and identification module is used for acquiring characteristic information with different dimensions according to the access information of the user, identifying the acquired characteristic information and reporting a characteristic identification result;
the characteristic receiving and managing module is used for receiving issued characteristic information from an application identification platform, wherein the issued characteristic information is data information generated after the application identification platform identifies, processes and encapsulates the reported characteristic identification result, and identifies and processes the issued characteristic information;
and the strategy matching module is used for receiving the issuing configuration from the user and executing corresponding operation according to the issuing configuration.
Preferably, the feature acquisition and identification module comprises:
the characteristic acquisition unit is used for acquiring characteristic information of different dimensions according to access information of a user, wherein the characteristic information at least comprises domain name information in an analysis message and payload information in an http message;
and the real-time identification unit is used for carrying out application characteristic identification on the characteristic information by using an application identification engine, reporting the identified characteristic information to an application identification platform, carrying out aggregation and sorting on the unidentified characteristic information, and reporting the unidentified characteristic information to the application identification platform after a reporting period is reached.
Preferably, the feature receiving and managing module includes:
the system comprises a characteristic receiving unit, a characteristic processing unit and a characteristic processing unit, wherein the characteristic receiving unit is used for receiving issued characteristic information from an application identification platform and identifying and processing the issued characteristic information;
and the feature library management unit is used for storing the first N processed issued feature information into a feature library, wherein the feature library mainly comprises five fields which respectively represent an application number, an application feature value, an application Chinese name and an application feature type, and N represents a default threshold which is set manually.
Preferably, the policy matching module includes:
and the strategy matching unit is used for processing the bar flow accessed by the user, and if the bar flow is in accordance with the rule in the feature library, performing subsequent strategy matching and executing corresponding operation, wherein the corresponding operation at least comprises flow interception and safety alarm.
A terminal comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the steps in the cloud-edge collaborative application real-time recognition method as described above when executing the computer program.
A computer-readable storage medium, in which a computer program is stored, wherein the computer program, when being executed by a processor, implements the steps of the cloud-edge collaborative application real-time recognition method as described above.
The advantages of the invention are mainly embodied in the following aspects:
according to the cloud-edge collaborative application real-time identification method, the computing power of the equipment is fully utilized in a mode of combining the cloud computing and the edge computing, and the efficiency of the identification process and the accuracy of the identification result are improved. In the execution process of the method, the cloud can customize different feature libraries according to different gateway access conditions, effectively save the storage space of the gateway and avoid the influence on the identification speed. Meanwhile, the cloud terminal also has the capability of issuing conditions in real time, so that the timeliness of the feature library in the method execution process is fully guaranteed, and a foundation is laid for the development of other subsequent services.
Corresponding to the method, the cloud-edge collaborative application real-time identification system, the terminal and the storage medium meet the requirement of the application real-time identification service scene, and simultaneously ensure the timeliness of the feature library, and the overall adaptability and universality of the scheme are strong.
The invention also provides reference for other related problems in the same field, can be expanded and extended based on the reference, is applied to other technical schemes related to application real-time identification in the same field, and has very wide application prospect.
The following detailed description of the embodiments of the present invention is provided in connection with the accompanying drawings for the purpose of facilitating understanding and understanding of the technical solutions of the present invention.
Drawings
FIG. 1 is a schematic diagram of an edge-side process of the method of the present invention;
FIG. 2 is a schematic diagram of a cloud process in the method of the present invention;
FIG. 3 is a diagram of an application identification plug-in architecture in the system of the present invention;
FIG. 4 is a diagram of an application recognition platform architecture in the system of the present invention.
Detailed Description
In order to solve the timeliness problem of a feature library and meet a service scene of a real-time identification requirement, the invention provides a cloud-edge collaborative application real-time identification method and system, and the specific scheme is as follows.
In one aspect, the present invention relates to a cloud-edge collaborative application real-time identification method, including an edge side (i.e., a plug-in side) flow and a cloud side (i.e., an application identification platform side) flow, as shown in fig. 1, where the edge side flow includes:
s11, collecting feature information of different dimensions according to the access information of the user, identifying the collected feature information, and reporting the feature identification result. This step may be embodied as follows.
And S111, acquiring feature information of different dimensions according to the access information of the user, wherein the feature information at least comprises domain name information in the analysis message and payload information in the http message. The payload information collected here can be completely matched according to the features in the feature library, and the identification dimension is increased.
S112, carrying out application characteristic identification on the characteristic information by using an application identification engine, reporting the identified characteristic information to an application identification platform, carrying out aggregation and arrangement on the unidentified characteristic information, and reporting the characteristic information to the application identification platform after a reporting period is reached. Through the operation mode, if the characteristic information in the application identification platform is wrong, the characteristic information can be timely discovered.
In this scheme, the reporting period may be set arbitrarily, and is preferably 5 seconds.
S12, receiving issued characteristic information from an application identification platform, wherein the issued characteristic information is data information generated after the application identification platform identifies, processes and encapsulates the reported characteristic identification result, and identifying and processing the issued characteristic information. This step may be embodied as follows.
And S121, receiving the issued characteristic information from the application identification platform, and identifying and processing the issued characteristic information.
And S122, storing the first N processed issued feature information into a feature library.
The feature library mainly comprises five fields of appid, rule id, value, cn _ name and rule _ type, wherein the five fields respectively represent an application number, an application feature value, an application Chinese name and an application feature type.
appid is used to distinguish between different applications in the recognition process; ruleid is used to mark the uniqueness of a feature value; value is a characteristic value; the cn _ name is mainly used in the analysis process and can increase readability; the rule _ type is a feature type, and mainly has four types of port/payload/host/disport.
The N represents an artificially set default threshold value and can be modified as required, and N in the scheme is preferably 5000 so as to prevent the local storage space from occupying too large, and more than 5000 pieces of feature data which are not commonly used can be deleted according to the use frequency.
And S13, receiving the issuing configuration from the user, and executing corresponding operation according to the issuing configuration. This step may be embodied as follows.
Processing a flow accessed by a user, if the flow is in accordance with rules in a feature library, performing subsequent strategy matching and executing corresponding operation, wherein the strategy matching is mainly used for business layer events, and the corresponding operation at least comprises flow interception and safety alarm. The main purpose here is to implement an application access barring function, and the application scenario is parental control. And may be adjusted appropriately according to defined rules.
As shown in fig. 2, the cloud process includes:
and S21, receiving and processing the reported data, analyzing the data and delivering the analyzed data to an application identification engine, and identifying the characteristic data by the application identification engine to generate an identification result.
And S22, packaging the identification result into a required format to obtain and send down the feature information.
And S23, connecting and managing the feature library, and extracting the unidentified feature information.
The following describes a specific process of the above method in conjunction with a specific case.
Collecting feature data by a user accessing a microblog plug-in
Figure DEST_PATH_IMAGE002
And is not identified as a case. The processing flow is as follows:
the edge side process comprises:
1) and the plug-in takes domain name resolution in the address accessed by the user as a feature according to a predefined rule, and generates a feature type of ' host ' and a feature value of ' weibo.
2) And the plug-in uses a local feature library to perform matching identification on the features. Com is not related to the matching rule of weibo in the feature library, so that the feature library cannot be identified. And reporting to the platform after subsequent polymerization.
3) And the plug-in aggregates the characteristics of the domain name of weibo.
4) And (5) after the platform receives the unidentified feature 'weibo.com' of the plug-in, analyzing and identifying. And issuing the recognition result to the plug-in. The issued content is fields appid, ruleid, value and rule _ type in the feature library, and the fields are respectively as follows: 11483,3626, "weibo.com," host ".
5) And after receiving the characteristics, the plug-in unit updates the characteristics to a local characteristic library, and can identify the next time when meeting the related traffic of' weibo.
The cloud process comprises the following steps:
1) the platform analyzes the encrypted data reported by the plug-in and delivers the unidentified characteristics to the application identification engine for processing. The platform resolves the above features into: "host: [ weibo.com ]".
2) Firstly, judging that the characteristic type is attributed to 'host' by using an identification engine; after the feature type is judged, putting the 'weibo.com' into a feature library for matching, and if the 'weibo.com' exists in the feature library, completely matching according to the character string; after identification, corresponding feature information "approximate: 11483, ruloid: 3626, value: weibo.com, rul _ type: host" is generated.
3) And the platform finally issues the generated characteristic information to the plug-in.
An application interception case is introduced as follows:
1) and intercepting the application of 'micro blog' by the user configuration interception strategy.
2) Checking whether the strategy is effective from the background, configuring a strategy that ' action ' is ' drop ' for an application of which ' appid ' is ' 11483 ', wherein ' microblog ' in a feature library corresponding to ' 11483 ', drop ' represents that access is forbidden, and ' info _ count ' represents the number of times that access is forbidden, and is 0 at present.
3) And opening a 'microblog' APP by using the mobile phone, wherein the software function cannot be used, and simultaneously checking the interception state to intercept 623 streams.
In summary, the cloud-edge collaborative application real-time identification method provided by the invention fully utilizes the computing power of the equipment by combining the cloud computing and the edge computing, and improves the efficiency of the identification process and the accuracy of the identification result. In the execution process of the method, the cloud can customize different feature libraries according to different gateway access conditions, effectively save the storage space of the gateway and avoid the influence on the identification speed. Meanwhile, the cloud terminal also has the capability of issuing conditions in real time, so that the timeliness of the feature library in the method execution process is fully guaranteed, and a foundation is laid for the development of other subsequent services.
On the other hand, the invention also relates to a cloud-edge collaborative application real-time identification system which comprises an application identification plug-in and an application identification platform.
As shown in fig. 3, the application identification plug-in includes:
the characteristic acquisition and identification module is used for acquiring characteristic information with different dimensions according to the access information of the user, identifying the acquired characteristic information and reporting a characteristic identification result;
the characteristic receiving and managing module is used for receiving issued characteristic information from an application identification platform, wherein the issued characteristic information is data information generated after the application identification platform identifies, processes and encapsulates the reported characteristic identification result, and identifies and processes the issued characteristic information;
and the strategy matching module is used for receiving the issuing configuration from the user and executing corresponding operation according to the issuing configuration.
The feature acquisition and identification module includes:
the characteristic acquisition unit is used for acquiring characteristic information of different dimensions according to access information of a user, wherein the characteristic information at least comprises domain name information in an analysis message and payload information in an http message;
and the real-time identification unit is used for carrying out application characteristic identification on the characteristic information by using an application identification engine, reporting the identified characteristic information to an application identification platform, carrying out aggregation and sorting on the unidentified characteristic information, and reporting the unidentified characteristic information to the application identification platform after a reporting period is reached.
The feature receiving and management module comprising:
the system comprises a characteristic receiving unit, a characteristic processing unit and a characteristic processing unit, wherein the characteristic receiving unit is used for receiving issued characteristic information from an application identification platform and identifying and processing the issued characteristic information;
and the feature library management unit is used for storing the first N processed issued feature information into a feature library, wherein the feature library mainly comprises five fields which respectively represent an application number, an application feature value, an application Chinese name and an application feature type, and N represents a default threshold which is set manually.
The policy matching module includes:
and the strategy matching unit is used for processing the bar flow accessed by the user, and if the bar flow is in accordance with the rule in the feature library, performing subsequent strategy matching and executing corresponding operation, wherein the corresponding operation at least comprises flow interception and safety alarm.
As shown in fig. 4, the application recognition platform includes:
the reported data receiving and identifying module is used for receiving and processing the reported data, analyzing the data and delivering the analyzed data to an application identifying engine, and the application identifying engine is used for identifying the characteristic data to generate an identifying result;
and the issuing characteristic generating module is used for packaging the identification result into a required format to obtain issuing characteristic information and issuing the issuing characteristic information.
And the characteristic library management and off-line analysis module is used for connecting and managing the characteristic library and extracting the unidentified characteristic information.
In yet another aspect, the present invention also relates to a terminal, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and the processor implements the steps in the cloud-edge collaborative application real-time identification method as described above when executing the computer program. Alternatively, the processor, when executing the computer program, implements the functions of each module/unit in the above-described apparatus embodiments.
In yet another aspect, the present invention further relates to a computer-readable storage medium, which stores a computer program, which when executed by a processor implements the steps in the cloud-edge collaborative application real-time identification method as described above.
Corresponding to the method, the cloud-edge collaborative application real-time identification system, the terminal and the storage medium meet the requirement of the application real-time identification service scene, and simultaneously ensure the timeliness of the feature library, and the overall adaptability and universality of the scheme are strong.
The invention also provides reference for other related problems in the same field, can be expanded and extended based on the reference, is applied to other technical schemes related to application real-time identification in the same field, and has very wide application prospect.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein, and any reference signs in the claims are not intended to be construed as limiting the claim concerned.
Furthermore, it should be understood that although the present description refers to embodiments, not every embodiment may contain only a single embodiment, and such description is for clarity only, and those skilled in the art should integrate the description, and the embodiments may be combined as appropriate to form other embodiments understood by those skilled in the art.

Claims (10)

1. The cloud edge collaborative application real-time identification method is characterized by comprising an edge side flow, wherein the edge side flow comprises the following steps:
acquiring feature information with different dimensionalities according to access information of a user, identifying the acquired feature information, and reporting a feature identification result;
receiving issued characteristic information from an application identification platform, wherein the issued characteristic information is data information generated after the application identification platform identifies, processes and encapsulates the reported characteristic identification result, and identifies and processes the issued characteristic information;
receiving the issuing configuration from the user, and executing corresponding operation according to the issuing configuration.
2. The method according to claim 1, wherein the method for identifying the cloud-edge collaborative application in real time includes the steps of collecting feature information of different dimensions according to access information of a user, identifying the collected feature information, and reporting a feature identification result, and includes:
acquiring feature information of different dimensions according to access information of a user, wherein the feature information at least comprises domain name information in an analysis message and payload information in an http message;
and performing application characteristic identification on the characteristic information by using an application identification engine, reporting the identified characteristic information to an application identification platform, performing aggregation and sorting on the unidentified characteristic information, and reporting the characteristic information to the application identification platform after a reporting period is reached.
3. The method according to claim 2, wherein the receiving of the delivered feature information from the application identification platform, the delivered feature information being data information generated by the application identification platform after identifying, processing and encapsulating the reported feature identification result, identifies and processes the delivered feature information, includes:
receiving issued characteristic information from an application identification platform, and identifying and processing the issued characteristic information;
and storing the first N processed issued feature information into a feature library, wherein the feature library mainly comprises five fields respectively representing an application number, an application feature value, an application Chinese name and an application feature type, and N represents a default threshold value set manually.
4. The method according to claim 3, wherein the receiving an issued configuration from a user and performing a corresponding operation according to the issued configuration includes:
and processing the flow accessed by the user, and if the flow is in accordance with the rule in the feature library, performing subsequent strategy matching and executing corresponding operation, wherein the corresponding operation at least comprises flow interception and safety alarm.
5. The method of claim 1, further comprising a cloud process, wherein the cloud process comprises:
the cloud process comprises:
receiving and processing reported data from the application identification plug-in, analyzing the data and then delivering the analyzed data to an application identification engine, and identifying the characteristic data by the application identification engine to generate an identification result;
packaging the identification result into a required format to obtain issuing characteristic information and issuing the issuing characteristic information to the application identification plug-in;
and connecting and managing the feature library, and extracting the unidentified feature information.
6. A cloud-edge collaborative application real-time identification system is characterized by comprising an application identification plug-in, wherein the application identification plug-in comprises:
the characteristic acquisition and identification module is used for acquiring characteristic information with different dimensions according to the access information of the user, identifying the acquired characteristic information and reporting a characteristic identification result;
the characteristic receiving and managing module is used for receiving issued characteristic information from an application identification platform, wherein the issued characteristic information is data information generated after the application identification platform identifies, processes and encapsulates the reported characteristic identification result, and identifies and processes the issued characteristic information;
and the strategy matching module is used for receiving the issuing configuration from the user and executing corresponding operation according to the issuing configuration.
7. The cloud-edge collaborative application real-time identification system according to claim 6, wherein the feature collection and identification module comprises:
the characteristic acquisition unit is used for acquiring characteristic information of different dimensions according to access information of a user, wherein the characteristic information at least comprises domain name information in an analysis message and payload information in an http message;
and the real-time identification unit is used for carrying out application characteristic identification on the characteristic information by using an application identification engine, reporting the identified characteristic information to an application identification platform, carrying out aggregation and sorting on the unidentified characteristic information, and reporting the unidentified characteristic information to the application identification platform after a reporting period is reached.
8. The cloud-edge collaborative application real-time identification system according to claim 7, wherein the feature receiving and managing module includes:
the system comprises a characteristic receiving unit, a characteristic processing unit and a characteristic processing unit, wherein the characteristic receiving unit is used for receiving issued characteristic information from an application identification platform and identifying and processing the issued characteristic information;
and the feature library management unit is used for storing the first N processed issued feature information into a feature library, wherein the feature library mainly comprises five fields which respectively represent an application number, an application feature value, an application Chinese name and an application feature type, and N represents a default threshold which is set manually.
9. The cloud-edge collaborative application real-time identification system according to claim 8, wherein the policy matching module comprises:
and the strategy matching unit is used for processing the bar flow accessed by the user, and if the bar flow is in accordance with the rule in the feature library, performing subsequent strategy matching and executing corresponding operation, wherein the corresponding operation at least comprises flow interception and safety alarm.
10. The cloud-edge collaborative application real-time identification system according to claim 6, comprising an application identification platform, wherein the application identification platform comprises:
the reported data receiving and identifying module is used for receiving and processing the reported data, analyzing the data and delivering the analyzed data to an application identifying engine, and the application identifying engine is used for identifying the characteristic data to generate an identifying result;
the issuing characteristic generating module is used for packaging the identification result into a required format to obtain issuing characteristic information and issuing the issuing characteristic information;
and the characteristic library management and off-line analysis module is used for connecting and managing the characteristic library and extracting the unidentified characteristic information.
CN202111586019.5A 2021-12-23 2021-12-23 Cloud edge collaborative application real-time identification method and system Pending CN114417079A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111586019.5A CN114417079A (en) 2021-12-23 2021-12-23 Cloud edge collaborative application real-time identification method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111586019.5A CN114417079A (en) 2021-12-23 2021-12-23 Cloud edge collaborative application real-time identification method and system

Publications (1)

Publication Number Publication Date
CN114417079A true CN114417079A (en) 2022-04-29

Family

ID=81267956

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111586019.5A Pending CN114417079A (en) 2021-12-23 2021-12-23 Cloud edge collaborative application real-time identification method and system

Country Status (1)

Country Link
CN (1) CN114417079A (en)

Similar Documents

Publication Publication Date Title
US10795992B2 (en) Self-adaptive application programming interface level security monitoring
CN110798472B (en) Data leakage detection method and device
Lee et al. Effective value of decision tree with KDD 99 intrusion detection datasets for intrusion detection system
CN109688105B (en) Threat alarm information generation method and system
US11706258B2 (en) Core services detection for a segmented network environment
CN110809010B (en) Threat information processing method, device, electronic equipment and medium
CN110113350B (en) Internet of things system security threat monitoring and defense system and method
CN113315742B (en) Attack behavior detection method and device and attack detection equipment
CN114679292B (en) Honeypot identification method, device, equipment and medium based on network space mapping
CN112751835B (en) Flow early warning method, system, equipment and storage medium
CN112769623A (en) Internet of things equipment identification method under edge environment
CN112688932A (en) Honeypot generation method, honeypot generation device, honeypot generation equipment and computer readable storage medium
Zhao et al. Identifying known and unknown mobile application traffic using a multilevel classifier
CN104640105A (en) Method and system for mobile phone virus analyzing and threat associating
CN114357447A (en) Attacker threat scoring method and related device
CN114972827A (en) Asset identification method, device, equipment and computer readable storage medium
Zhang et al. Software defined security architecture with deep learning-based network anomaly detection module
CN109740328B (en) Authority identification method and device, computer equipment and storage medium
US11233703B2 (en) Extending encrypted traffic analytics with traffic flow data
CN114417079A (en) Cloud edge collaborative application real-time identification method and system
CN113794731B (en) Method, device, equipment and medium for identifying CDN (content delivery network) -based traffic masquerading attack
CN114567678A (en) Resource calling method and device of cloud security service and electronic equipment
KR20200005137A (en) Method and apparatus for issueing threat ticket to handle security event
CN114416668B (en) Method and system for generating PKG (public key gateway) decoy file
CN114844691B (en) Data processing method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination