CN115563622B - Method, device and system for detecting operation environment - Google Patents
Method, device and system for detecting operation environment Download PDFInfo
- Publication number
- CN115563622B CN115563622B CN202211198109.1A CN202211198109A CN115563622B CN 115563622 B CN115563622 B CN 115563622B CN 202211198109 A CN202211198109 A CN 202211198109A CN 115563622 B CN115563622 B CN 115563622B
- Authority
- CN
- China
- Prior art keywords
- detection
- data
- abnormality
- parameter
- algorithm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims description 22
- 238000001514 detection method Methods 0.000 claims abstract description 96
- 230000005856 abnormality Effects 0.000 claims abstract description 53
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 38
- 230000002159 abnormal effect Effects 0.000 claims abstract description 23
- 238000012544 monitoring process Methods 0.000 claims abstract description 10
- 238000004140 cleaning Methods 0.000 claims abstract description 4
- 238000004590 computer program Methods 0.000 claims description 13
- 238000003745 diagnosis Methods 0.000 claims description 9
- 230000006870 function Effects 0.000 claims description 4
- 238000007635 classification algorithm Methods 0.000 claims description 3
- 238000012790 confirmation Methods 0.000 claims description 3
- 230000009191 jumping Effects 0.000 claims description 3
- 230000002093 peripheral effect Effects 0.000 claims description 3
- 230000004044 response Effects 0.000 claims description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3664—Environments for testing or debugging software
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Quality & Reliability (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a detection method of an operating environment, which comprises the steps that after the electronic equipment to be subjected to the operating environment detection is electrified, network connection detection is firstly carried out, a signal to be activated is sent through a specific network address, an abnormal detection component is arranged in an operating environment monitoring server, after the system loading is completed, the abnormal detection component collects the operating environment attribute data of the electronic equipment, then different detection intervals are divided according to the operating environment similarity of the electronic equipment, and the deployment quantity of the abnormal detection components is adjusted according to the quantity of the detection intervals; in each detection interval, sending the acquired interval corresponding performance parameter data to an abnormality detection component in the interval; after the anomaly detection assembly receives the collected multi-region data, cleaning, standardizing, balancing and dimension reducing the data are carried out on the data; and then using the processed data, and selecting an algorithm conforming to the detection parameter characteristics from the abnormality detection algorithm library to detect the abnormality.
Description
Technical Field
The present invention relates to the field of computer security technologies, and in particular, to a method, an apparatus, and a system for detecting an operating environment.
Background
Computer files can be classified into executable files and non-executable files according to the executable conditions. An executable file is a file that stores specific instructions or code that can be loaded into the memory of a computer and run on the computer to perform specific tasks. For example, in a common Windows (Windows) operating system, some executable files (such as notated. Exe) with suffixes of exe are executed by a user to complete a series of tasks by running the executable files and using functions provided by the executable files, for example, executing notated. Exe can implement editing, saving and other operations on a text document. Generally, an executable file runs in a specific operating system, and when the operating system runs, a corresponding running environment is constructed for the executable file, so that corresponding service support, such as memory allocation and scheduling, is provided.
In the background of the increasing popularity of computers and the large-scale application of computer software products, software products are also the targets of many hacking attacks, some hacking attacks and disseminate software products which are not legally authorized by technical means, the behavior of which causes great economic loss to owners of the software products, technical protection measures are also technically implemented on the software products in the process of developing the software except for legal means for protecting the rights of the owners of the software products, and the addition of the shell is one common means. The shell can prevent the hacker from reversely analyzing the software to a certain extent, thereby achieving the purpose of protecting the software product.
The existing application platform can only roughly detect the general running environment of all applications generally, but cannot detect the running environment comprehensively for each application, so that the accuracy is low and the reliability is low. Moreover, the existing application platform cannot detect whether the local hardware configuration condition meets the requirement of an application running environment; or only when the installation package of the application is downloaded and installed, detecting the local hardware configuration condition of the client to judge whether the client meets the requirement of the application running environment. This will likely result in the user not being able to run after the application has been downloaded, wasting a lot of download time and download traffic, not only causing inconvenience to the user, but also causing a loss of time and money to the user.
Moreover, the detection of the payment environment is also rough detection when the payment operation is performed or the payment application is opened, and the detection of the running environment of the entire operating system cannot be completed well.
Disclosure of Invention
The present invention aims to solve at least one of the technical problems existing in the prior art. Therefore, the invention discloses a detection method of an operation environment, which comprises the following steps:
step 1, after the electronic equipment to be subjected to running environment detection is powered on, firstly performing network connection detection, and sending a signal to be activated through a specific network address, wherein the specific network address is used for representing a running environment monitoring server, and after the running environment monitoring server feeds back response information to the electronic equipment, loading and starting of a system are allowed;
step 2, arranging an abnormality detection component in an operation environment monitoring server, collecting operation environment attribute data of the electronic equipment after the system loading is completed, dividing different detection intervals according to the operation environment similarity of the electronic equipment, and adjusting the deployment quantity of the abnormality detection component according to the quantity of the detection intervals;
step 3, in each detection interval, sending the acquired interval corresponding performance parameter data to an abnormality detection assembly;
step 4, after the anomaly detection component receives the collected multi-region data, cleaning, standardizing, balancing and dimension reducing the data are carried out on the data; and then using the processed data, and selecting an algorithm conforming to the detection parameter characteristics from the abnormality detection algorithm library to detect the abnormality.
Further, if no abnormal data is detected, the running environment is considered to be an unsafe environment.
And if no abnormality occurs, continuing to detect the abnormality of the electronic equipment according to a certain time frequency, if the abnormality is found, performing feature selection on the performance parameter data of the abnormal system, and performing abnormality diagnosis through a system call sequence and system log data, wherein the abnormality type is discriminated through an abnormality diagnosis algorithm, an abnormality detection result report generated according to the abnormality diagnosis algorithm is sent to an administrator of the electronic equipment, and the administrator further confirms the abnormality condition.
Still further, the dividing the different detection intervals according to the similarity of the operating environments of the electronic device in the step 2 further includes:
step 201, setting the threshold value of the detection interval as T1 and T2, wherein the value of T1 is larger than T2, collecting the running environment of the initial safety system, and storing the environment parameter data in the form of a data set list;
step 202, randomly taking one piece of running environment parameter data from the original running environment parameter data set list as an initial reference parameter, and deleting the data object from the original running environment parameter data set list;
step 203, randomly selecting running environment parameter data of a system from the rest running environment parameter data set List, calculating the Euclidean distance between the running environment parameter data and the initial reference parameter, if the distance between the running environment parameter data and the initial reference parameter is smaller than T1 and larger than T2, marking the data object as weak mark, adding the data object into the initial reference parameter, if the distance between the data object and the initial reference parameter is smaller than T2, marking the data object as strong mark, and deleting the data object from the rest running environment index data set List;
if the distances between the arbitrarily selected data object and the reference parameters are all greater than T1, then constructing an arbitrarily selected data as a new reference parameter, and jumping to step 203 until the data set list is empty, and completing the confirmation of the detection interval based on the strong flag and the weak flag and all the constructed reference parameters.
Further, the normal state and the abnormal state of the running environment are recorded, and the condition of CPU resources and the memory state when the running environment is abnormal are set to be simulated and recorded in an abnormal mode.
Further, the mode of simulating the abnormal state is as follows: the CPU computing resource of the electronic equipment is consumed by simulating and calculating the peripheral rate pi so as to improve the CPU utilization rate, simulating the CPU parameter condition when the CPU resource is consumed abnormally by software, setting a script to repeatedly call a Malloc () function to continuously apply for dynamic memory without releasing the applied memory so as to cause memory leakage, and recording the parameter condition when the memory is in an abnormal state; and setting a plurality of I/O intensive threads, continuously reading and writing a large file to control the consumption of disk I/O resources, and recording the disk parameter condition at the moment.
Further, the selecting the algorithm conforming to the detection parameter characteristics from the abnormality detection algorithm library to perform abnormality detection further includes: the anomaly detection algorithm includes: SVM anomaly detection algorithm, bayesian algorithm, rule-based classifier algorithm, nearest neighbor classification algorithm.
Further, a corresponding anomaly detection algorithm is selected according to the data volume corresponding to the detection parameter.
The invention also discloses a device, which comprises: the device comprises a memory, a processor and a computer program stored in the memory and capable of running on the processor, wherein the processor realizes the steps in the detection method when executing the computer program.
The invention also discloses a system, which comprises a computer readable storage medium and a processor, wherein the computer readable storage medium is stored with a computer program, and the computer program realizes the steps in the detection method when being executed by the processor.
Compared with the prior art, the invention has the beneficial effects that: the invention needs the system to communicate with the detection server to allow the system loading of the equipment, divides the parameters of the system into a plurality of detection intervals according to different correlations, sets a parallel detection method to detect the running environment of the system, adopts different detection algorithms for different system running parameters, considers that a single algorithm can cause different correlation degrees of different detection data, and has no way to keep high detection rate for all parameters such as CPU, memory data, network occupation, I/O occupation and the like, so the invention selects according to the matching degree of different parameters and algorithms.
Drawings
The invention will be further understood from the following description taken in conjunction with the accompanying drawings. The components in the figures are not necessarily to scale, emphasis instead being placed upon illustrating the principles of the embodiments. In the figures, like reference numerals designate corresponding parts throughout the different views.
FIG. 1 is a flow chart of a method of detecting an operating environment of the present invention.
Detailed Description
The technical scheme of the invention will be described in more detail below with reference to the accompanying drawings and examples.
A mobile terminal implementing various embodiments of the present invention will now be described with reference to the accompanying drawings. In the following description, suffixes such as "module", "component", or "unit" for representing elements are used only for facilitating the description of the present invention, and are not of specific significance per se. Thus, "module" and "component" may be used in combination.
Mobile terminals may be implemented in a variety of forms. For example, the terminals described in the present invention may include mobile terminals such as mobile phones, smart phones, notebook computers, digital broadcast receivers, PDAs (personal digital assistants), PADs (tablet computers), PMPs (portable multimedia players), navigation devices, and the like, and fixed terminals such as digital TVs, desktop computers, and the like. In the following, it is assumed that the terminal is a mobile terminal. However, it will be understood by those skilled in the art that the configuration according to the embodiment of the present invention can be applied to a fixed type terminal in addition to elements particularly used for a moving purpose.
A method for detecting an operating environment as shown in fig. 1, the method comprising the steps of:
step 1, after the electronic equipment to be subjected to running environment detection is powered on, firstly performing network connection detection, and sending a signal to be activated through a specific network address, wherein the specific network address is used for representing a running environment monitoring server, and after the running environment monitoring server feeds back response information to the electronic equipment, loading and starting of a system are allowed;
step 2, arranging an abnormality detection component in an operation environment monitoring server, collecting operation environment attribute data of the electronic equipment after the system loading is completed, dividing different detection intervals according to the operation environment similarity of the electronic equipment, and adjusting the deployment quantity of the abnormality detection component according to the quantity of the detection intervals;
step 3, in each detection interval, sending the acquired interval corresponding performance parameter data to an abnormality detection assembly;
step 4, after the anomaly detection component receives the collected multi-region data, cleaning, standardizing, balancing and dimension reducing the data are carried out on the data; and then using the processed data, and selecting an algorithm conforming to the detection parameter characteristics from the abnormality detection algorithm library to detect the abnormality.
Further, if no abnormal data is detected, the running environment is considered to be an unsafe environment.
And if no abnormality occurs, continuing to detect the abnormality of the electronic equipment according to a certain time frequency, if the abnormality is found, performing feature selection on the performance parameter data of the abnormal system, and performing abnormality diagnosis through a system call sequence and system log data, wherein the abnormality type is discriminated through an abnormality diagnosis algorithm, an abnormality detection result report generated according to the abnormality diagnosis algorithm is sent to an administrator of the electronic equipment, and the administrator further confirms the abnormality condition.
Still further, the dividing the different detection intervals according to the similarity of the operating environments of the electronic device in the step 2 further includes:
step 201, setting the threshold value of the detection interval as T1 and T2, wherein the value of T1 is larger than T2, collecting the running environment of the initial safety system, and storing the environment parameter data in the form of a data set list;
step 202, randomly taking one piece of running environment parameter data from the original running environment parameter data set list as an initial reference parameter, and deleting the data object from the original running environment parameter data set list;
step 203, randomly selecting running environment parameter data of a system from the rest running environment parameter data set List, calculating the Euclidean distance between the running environment parameter data and the initial reference parameter, if the distance between the running environment parameter data and the initial reference parameter is smaller than T1 and larger than T2, marking the data object as weak mark, adding the data object into the initial reference parameter, if the distance between the data object and the initial reference parameter is smaller than T2, marking the data object as strong mark, and deleting the data object from the rest running environment index data set List;
if the distances between the arbitrarily selected data object and the reference parameters are all greater than T1, then constructing an arbitrarily selected data as a new reference parameter, and jumping to step 203 until the data set list is empty, and completing the confirmation of the detection interval based on the strong flag and the weak flag and all the constructed reference parameters.
Further, the normal state and the abnormal state of the running environment are recorded, and the condition of CPU resources and the memory state when the running environment is abnormal are set to be simulated and recorded in an abnormal mode.
Further, the mode of simulating the abnormal state is as follows: the CPU computing resource of the electronic equipment is consumed by simulating and calculating the peripheral rate pi so as to improve the CPU utilization rate, simulating the CPU parameter condition when the CPU resource is consumed abnormally by software, setting a script to repeatedly call a Malloc () function to continuously apply for dynamic memory without releasing the applied memory so as to cause memory leakage, and recording the parameter condition when the memory is in an abnormal state; and setting a plurality of I/O intensive threads, continuously reading and writing a large file to control the consumption of disk I/O resources, and recording the disk parameter condition at the moment.
Further, the selecting the algorithm conforming to the detection parameter characteristics from the abnormality detection algorithm library to perform abnormality detection further includes: the anomaly detection algorithm includes: SVM anomaly detection algorithm, bayesian algorithm, rule-based classifier algorithm, nearest neighbor classification algorithm.
Further, a corresponding anomaly detection algorithm is selected according to the data volume corresponding to the detection parameter.
The invention also discloses a device, which comprises: the device comprises a memory, a processor and a computer program stored in the memory and capable of running on the processor, wherein the processor realizes the steps in the detection method when executing the computer program.
The invention also discloses a system, which is characterized by comprising a computer readable storage medium and a processor, wherein the computer readable storage medium is stored with a computer program, and the computer program realizes the steps in the detection method when being executed by the processor.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises the element.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
While the invention has been described above with reference to various embodiments, it should be understood that many changes and modifications can be made without departing from the scope of the invention. It is therefore intended that the foregoing detailed description be regarded as illustrative rather than limiting, and that it be understood that it is the following claims, including all equivalents, that are intended to define the spirit and scope of this invention. The above examples should be understood as illustrative only and not limiting the scope of the invention. Various changes and modifications to the present invention may be made by one skilled in the art after reading the teachings herein, and such equivalent changes and modifications are intended to fall within the scope of the invention as defined in the appended claims.
Claims (9)
1. A method for detecting an operating environment, the method comprising the steps of:
step 1, after power-on, an electronic device to be subjected to running environment detection firstly performs network connection detection, and sends a signal to be activated through a specific network address, wherein the specific network address is used for representing a running environment monitoring server, and the running environment monitoring server allows loading and starting of a system after feeding back response information to the electronic device;
step 2, arranging an abnormality detection component in an operation environment monitoring server, wherein the abnormality detection component acquires operation environment attribute data of the electronic equipment after system loading is completed, then divides different detection intervals according to the operation environment similarity of the electronic equipment, and adjusts the deployment quantity of the abnormality detection component according to the quantity of the detection intervals, and the step 2 further comprises the steps of:
step 201, setting the threshold value of the detection interval as T1 and T2, wherein the value of T1 is larger than T2, collecting the running environment of the initial safety system, and storing the environment parameter data in the form of a data set list;
step 202, randomly taking one piece of operation environment parameter data from the original operation environment parameter data set list as an initial reference parameter, randomly taking one piece of operation environment parameter data as a selected data object, and deleting the data object from the original operation environment parameter data set list;
step 203, randomly selecting running environment parameter data of a system from the rest running environment parameter data set List, calculating the Euclidean distance between the running environment parameter data and the initial reference parameter, if the distance between the running environment parameter data and the initial reference parameter is smaller than T1 and larger than T2, marking the data object as weak mark, adding the data object into the initial reference parameter, if the distance between the data object and the initial reference parameter is smaller than T2, marking the data object as strong mark, and deleting the data object from the rest running environment index data set List;
step 204, if the distances between the arbitrarily selected data object and the reference parameters are all greater than T1, constructing an arbitrarily selected data as a new reference parameter, and jumping to step 203 until the data set list is empty, and completing the confirmation of the detection interval based on the strong flag and the weak flag and all the constructed reference parameters;
step 3, in each detection interval, sending the acquired interval corresponding performance parameter data to an abnormality detection assembly;
step 4, after the anomaly detection component receives the collected multi-region data, cleaning, standardizing, balancing and dimension reducing the data are carried out on the data; and then using the processed data, and selecting an algorithm conforming to the detection parameter characteristics from the abnormality detection algorithm library to detect the abnormality.
2. The method of claim 1, wherein the operating environment is considered to be unsafe if no abnormal data is detected.
3. The method for detecting an operating environment according to claim 2, wherein if no abnormality occurs, the abnormality detection is continued for the electronic device at a certain time frequency, and if an abnormality is found, feature selection is performed for the performance parameter data of the abnormal system, and abnormality diagnosis is performed by a system call sequence and system log data, wherein the abnormality type is discriminated by an abnormality diagnosis algorithm, an abnormality detection result report generated according to the abnormality diagnosis algorithm is sent to an administrator of the electronic device, and the administrator further confirms the abnormality condition.
4. The method for detecting an operating environment according to claim 1, wherein a normal state and an abnormal state of the operating environment are recorded, and an abnormality is set to simulate the condition of the CPU resource and the memory state when the recording of the operating environment is abnormal.
5. The method for detecting an operating environment according to claim 4, wherein the means for simulating the abnormal state is as follows: the CPU computing resource of the electronic equipment is consumed by simulating and calculating the peripheral rate pi so as to improve the CPU utilization rate, simulating the CPU parameter condition when the CPU resource is consumed abnormally by software, setting a script to repeatedly call a Malloc () function to continuously apply for dynamic memory without releasing the applied memory so as to cause memory leakage, and recording the parameter condition when the memory is in an abnormal state; and setting a plurality of I/O intensive threads, continuously reading and writing a large file to control the consumption of disk I/O resources, and recording the disk parameter condition at the moment.
6. The method for detecting an operating environment according to claim 1, wherein said selecting an algorithm conforming to the feature of the detection parameter for abnormality detection by selecting an abnormality detection algorithm library further comprises: the anomaly detection algorithm includes: SVM anomaly detection algorithm, bayesian algorithm, rule-based classifier algorithm, nearest neighbor classification algorithm.
7. The method of claim 6, wherein the anomaly detection algorithm is selected based on an amount of data corresponding to the detection parameter.
8. An apparatus, comprising: memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps in the detection method according to any one of claims 1 to 7 when the computer program is executed.
9. A system comprising a computer readable storage medium having a computer program stored thereon, which when executed by a processor, implements the steps of the detection method according to any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211198109.1A CN115563622B (en) | 2022-09-29 | 2022-09-29 | Method, device and system for detecting operation environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211198109.1A CN115563622B (en) | 2022-09-29 | 2022-09-29 | Method, device and system for detecting operation environment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115563622A CN115563622A (en) | 2023-01-03 |
| CN115563622B true CN115563622B (en) | 2024-03-12 |
Family
ID=84742850
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211198109.1A Active CN115563622B (en) | 2022-09-29 | 2022-09-29 | Method, device and system for detecting operation environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115563622B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108363294A (en) * | 2017-01-26 | 2018-08-03 | 安徽东方果园生物科技有限公司 | A kind of the environmental monitoring method for early warning and environmental monitoring early warning system of agricultural product transport closing and semiclosed carriage body |
| CN109980781A (en) * | 2019-03-26 | 2019-07-05 | 惠州学院 | A kind of transformer substation intelligent monitoring system |
| CN110825545A (en) * | 2019-08-31 | 2020-02-21 | 武汉理工大学 | Cloud service platform anomaly detection method and system |
| CN111127825A (en) * | 2019-12-25 | 2020-05-08 | 深圳供电局有限公司 | Environment prediction method and device and electronic equipment |
| CN111546854A (en) * | 2020-06-18 | 2020-08-18 | 中南大学 | On-road identification and diagnosis method for intelligent train air conditioning unit |
| CN112365163A (en) * | 2020-11-12 | 2021-02-12 | 杭州未名信科科技有限公司 | Industrial equipment anomaly detection method and device, storage medium and terminal |
| CN114281069A (en) * | 2021-12-22 | 2022-04-05 | 北京三快在线科技有限公司 | Control method and device of unmanned equipment |
| CN114358152A (en) * | 2021-12-21 | 2022-04-15 | 国网江苏省电力有限公司苏州供电分公司 | Intelligent power data anomaly detection method and system |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CA2531410A1 (en) * | 2005-12-23 | 2007-06-23 | Snipe Network Security Corporation | Behavioural-based network anomaly detection based on user and group profiling |
| CN112783731B (en) * | 2021-01-29 | 2023-09-05 | 北京百度网讯科技有限公司 | Abnormal device detection method, device and storage medium |
-
2022
- 2022-09-29 CN CN202211198109.1A patent/CN115563622B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108363294A (en) * | 2017-01-26 | 2018-08-03 | 安徽东方果园生物科技有限公司 | A kind of the environmental monitoring method for early warning and environmental monitoring early warning system of agricultural product transport closing and semiclosed carriage body |
| CN109980781A (en) * | 2019-03-26 | 2019-07-05 | 惠州学院 | A kind of transformer substation intelligent monitoring system |
| CN110825545A (en) * | 2019-08-31 | 2020-02-21 | 武汉理工大学 | Cloud service platform anomaly detection method and system |
| CN111127825A (en) * | 2019-12-25 | 2020-05-08 | 深圳供电局有限公司 | Environment prediction method and device and electronic equipment |
| CN111546854A (en) * | 2020-06-18 | 2020-08-18 | 中南大学 | On-road identification and diagnosis method for intelligent train air conditioning unit |
| CN112365163A (en) * | 2020-11-12 | 2021-02-12 | 杭州未名信科科技有限公司 | Industrial equipment anomaly detection method and device, storage medium and terminal |
| CN114358152A (en) * | 2021-12-21 | 2022-04-15 | 国网江苏省电力有限公司苏州供电分公司 | Intelligent power data anomaly detection method and system |
| CN114281069A (en) * | 2021-12-22 | 2022-04-05 | 北京三快在线科技有限公司 | Control method and device of unmanned equipment |
Non-Patent Citations (1)
| Title |
|---|
| 基于Top-k(σ)的无线传感器网络异常数据检测算法;胡石;李光辉;冯海林;;南京大学学报(自然科学)(第02期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115563622A (en) | 2023-01-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10721264B1 (en) | Systems and methods for categorizing security incidents | |
| CN112567367B (en) | Similarity-based method for clustering and accelerating multiple incident surveys | |
| US8572007B1 (en) | Systems and methods for classifying unknown files/spam based on a user actions, a file's prevalence within a user community, and a predetermined prevalence threshold | |
| US9258316B1 (en) | Systems and methods for generating reputation-based ratings for uniform resource locators | |
| US8806644B1 (en) | Using expectation measures to identify relevant application analysis results | |
| CN101777062B (en) | Context-aware real-time computer-protection systems and methods | |
| US10339304B2 (en) | Systems and methods for generating tripwire files | |
| JP6777732B2 (en) | Detecting software attacks on processes in computing devices | |
| US10003606B2 (en) | Systems and methods for detecting security threats | |
| US8336100B1 (en) | Systems and methods for using reputation data to detect packed malware | |
| CN102938039A (en) | Selective file access for applications | |
| US10735468B1 (en) | Systems and methods for evaluating security services | |
| CN102736954A (en) | Addressing system degradation by application disabling | |
| US10678917B1 (en) | Systems and methods for evaluating unfamiliar executables | |
| Martinelli et al. | Classifying android malware through subgraph mining | |
| CN108156127B (en) | Network attack mode judging device, judging method and computer readable storage medium thereof | |
| US11023580B1 (en) | Systems and methods for cross-product malware categorization | |
| US9646157B1 (en) | Systems and methods for identifying repackaged files | |
| CN115563622B (en) | Method, device and system for detecting operation environment | |
| US11227052B2 (en) | Malware detection with dynamic operating-system-level containerization | |
| US8402545B1 (en) | Systems and methods for identifying unique malware variants | |
| US10310948B2 (en) | Evaluation of risk of data loss and backup procedures | |
| US8918873B1 (en) | Systems and methods for exonerating untrusted software components | |
| KR101582420B1 (en) | Method and apparatus for checking integrity of processing module | |
| KR20190123369A (en) | Method for Feature Selection of Machine Learning Based Malware Detection, RECORDING MEDIUM and Apparatus FOR PERFORMING THE METHOD |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |