CN115733701A - Method and device for collecting threat information source, electronic equipment and storage medium - Google Patents
Method and device for collecting threat information source, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN115733701A CN115733701A CN202211701195.3A CN202211701195A CN115733701A CN 115733701 A CN115733701 A CN 115733701A CN 202211701195 A CN202211701195 A CN 202211701195A CN 115733701 A CN115733701 A CN 115733701A
- Authority
- CN
- China
- Prior art keywords
- source
- threat intelligence
- threat
- target
- current
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The embodiment of the invention relates to the technical field of internet security, in particular to a method and a device for collecting threat information sources, electronic equipment and a storage medium. The method comprises the following steps: obtaining source addresses of all target threat information sources; detecting and evaluating threat intelligence in the target threat intelligence sources based on source addresses of the target threat intelligence sources to obtain evaluation results corresponding to the target threat intelligence sources; and reporting the source address and the evaluation result corresponding to each target threat intelligence source. The scheme can automatically collect the target threat information source to enhance the collection capability of the threat information source and further increase the collection amount of the threat information.
Description
Technical Field
The embodiment of the invention relates to the technical field of internet security, in particular to a method and a device for collecting threat information sources, electronic equipment and a storage medium.
Background
Because the world is in the high-speed development stage of the internet, the network attack and defense environment is also increasingly complex, and the rapid and accurate killing of the network threat becomes a necessary requirement of the network environment. And threat information is used as a medium for providing network security information, is ballast stone for guaranteeing network security, is a stabilizer for assisting the network security, and is a key point for promoting the network security to well develop.
The existing collection method of the threat information source mainly artificially searches and collects the threat information source, which undoubtedly influences the collection efficiency of the threat information source.
Therefore, a new method for collecting threat information sources is needed.
Disclosure of Invention
In order to solve the problem that the efficiency for manually acquiring threat information sources is low at present, the embodiment of the invention provides an acquisition method, an acquisition device, electronic equipment and a storage medium for the threat information sources.
In a first aspect, an embodiment of the present invention provides a method for collecting a threat intelligence source, including:
obtaining source addresses of all target threat information sources;
detecting and evaluating threat intelligence in the target threat intelligence sources based on source addresses of the target threat intelligence sources to obtain evaluation results of each target threat intelligence source;
and reporting the source address of each target threat intelligence source and the evaluation result.
Preferably, the obtaining mode of the source address of the target threat intelligence source comprises a first obtaining mode based on a known threat intelligence source and a second obtaining mode based on a GitHub platform.
Preferably, the first obtaining means obtains the source address of each target threat intelligence source by:
obtaining a source address list of a known threat intelligence source;
for each known source of threat intelligence in the list of source addresses, performing:
accessing a source address of a current known threat intelligence source;
and acquiring a website link in an access page of the current known threat intelligence source to determine a source address of a target threat intelligence source corresponding to the current known threat intelligence source.
Preferably, after obtaining the website link in the access page of the current known threat intelligence source, before determining the source address of the target threat intelligence source corresponding to the current known threat intelligence source, the method further includes:
acquiring a domain name of a current known threat information source based on a source address of the current known threat information source;
judging whether each website link in the access page of the current known threat intelligence source is the same as the domain name of the current known threat intelligence source or not;
and linking the website which is not the same as the domain name of the current known threat intelligence source, and determining the website as the source address of the target threat intelligence source corresponding to the current known threat intelligence source.
Preferably, the second obtaining means obtains the source address of each target threat intelligence source by:
determining a plurality of keywords for searching a target threat intelligence source;
and searching each keyword in a Github platform, and determining each warehouse address obtained by searching as a source address of a target threat intelligence source.
Preferably, the detecting and evaluating threat intelligence in the targeted threat intelligence sources based on source addresses of the targeted threat intelligence sources to obtain evaluation results of each targeted threat intelligence source includes:
for each target threat intelligence source, executing:
detecting the quantity of threat intelligence in the current target threat intelligence source based on the source address of the current target threat intelligence source;
judging whether the format of each threat intelligence meets the requirement or not based on the type of each threat intelligence in the detected current target threat intelligence source;
judging whether each threat information in the current target threat information source is recorded into a pre-constructed threat information library or not;
and obtaining the evaluation result of the current target threat intelligence source.
Preferably, after the determining whether each threat intelligence in the current target threat intelligence source has been included in a pre-constructed threat intelligence library, before the obtaining of the evaluation result of the current target threat intelligence source, the method further includes:
for each threat intelligence in the current target threat intelligence source, executing:
if the current threat information is recorded into the threat information library, obtaining the threat type of the current threat information from the threat information library so as to add the threat type of the current threat information into the evaluation result of the current target threat information source
In a second aspect, an embodiment of the present invention further provides an apparatus for acquiring a threat intelligence source, including:
the acquisition unit is used for acquiring source addresses of all target threat information sources;
the evaluation unit is used for detecting and evaluating threat intelligence in the target threat intelligence source based on a source address of the target threat intelligence source to obtain an evaluation result corresponding to the target threat intelligence source;
and the reporting unit is used for reporting the source address corresponding to the target threat information source and the evaluation result.
In a third aspect, an embodiment of the present invention further provides an electronic device, which includes a memory and a processor, where the memory stores a computer program, and the processor executes the computer program to implement the method according to any embodiment of this specification.
In a fourth aspect, the present invention further provides a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed in a computer, the computer program causes the computer to execute the method described in any embodiment of the present specification.
The embodiment of the invention provides a method, a device, electronic equipment and a storage medium for collecting threat information sources, which comprises the steps of firstly, automatically obtaining a source address of each target threat information source, and detecting and evaluating threat information in each target threat information source based on the obtained source address of each target threat information source to obtain an evaluation result of each target threat information source; finally, the source address of each target threat information source and the corresponding evaluation result are reported so as to automatically acquire the target threat information sources, thereby enhancing the acquisition capacity of the threat information sources and further increasing the acquisition quantity of the threat information.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a flowchart of a method for collecting a threat information source according to an embodiment of the present invention;
FIG. 2 is a diagram of a hardware architecture of a computing device according to an embodiment of the present invention;
fig. 3 is a structural diagram of an acquisition apparatus for a threat information source according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer and more complete, the technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention, and based on the embodiments of the present invention, all other embodiments obtained by a person of ordinary skill in the art without creative efforts belong to the scope of the present invention.
As mentioned above, the conventional method for collecting threat information sources mainly searches and collects the threat information sources artificially, which undoubtedly affects the collection efficiency of the threat information sources.
In order to solve the above technical problem, the inventor may consider that the source address of each target threat information source is automatically obtained, however, the quality of each target threat information source obtained automatically is uneven, and may detect and evaluate the threat information in each target threat information source based on the source address of each target threat information source, and report the source address of each target threat information source and the corresponding evaluation result, thereby completing automatic search and collection of the threat information source.
Specific implementations of the above concepts are described below.
Referring to fig. 1, an embodiment of the present invention provides a method for collecting a threat intelligence source, where the method includes:
step 100: obtaining source addresses of all target threat information sources;
step 102: detecting and evaluating threat intelligence in the target threat intelligence sources based on source addresses of the target threat intelligence sources to obtain evaluation results of each target threat intelligence source;
step 104: and reporting the source address and the evaluation result of each target threat intelligence source.
In the embodiment of the invention, firstly, the source address of each target threat information source is automatically obtained, and the threat information in each target threat information source is detected and evaluated based on the obtained source address of each target threat information source to obtain the evaluation result of each target threat information source; finally, the source address of each target threat information source and the corresponding evaluation result are reported so as to automatically acquire the target threat information sources, thereby enhancing the acquisition capacity of the threat information sources and further increasing the acquisition quantity of the threat information.
The manner in which the various steps shown in fig. 1 are performed is described below.
With respect to step 100:
in some embodiments, the means for obtaining the source address of the target threat intelligence source includes a first means for obtaining based on a known threat intelligence source and a second means for obtaining based on a GitHub platform.
It should be noted that, the known threat information source contains several threat information and the homed website links of the threat information, and the homed website links are not collected yet, so that the source address of the target threat information source can be obtained based on the known threat information source. And the GitHub is a hosting platform facing open source and private software projects, and a plurality of threat intelligence warehouses can be contained in the platform, so that the source address of the target threat intelligence source can be obtained from the GitHub platform. By the first obtaining mode based on the known threat information source and the second obtaining mode based on the GitHub platform, the obtaining quantity of the source address of the target threat information source can be increased, the collecting capacity of the target threat information source is enhanced, and the storage of threat information in the threat information library is further expanded.
In some embodiments, the first obtaining means obtains the source address of each targeted threat intelligence source by:
obtaining a source address list of a known threat intelligence source;
for each known source of threat intelligence in the list of source addresses, performing:
accessing a source address of a current known threat intelligence source;
and acquiring a website link in an access page of the current known threat intelligence source to determine a source address of a target threat intelligence source corresponding to the current known threat intelligence source.
In the embodiment, a source address list of known threat intelligence sources is obtained first, a crawler technology is used for sequentially accessing the source address of each known threat intelligence source, and the attributive website link in the access page of each known threat intelligence source is reserved so as to determine each reserved website link as the source address of the target threat intelligence source.
In some embodiments, after the step "obtaining website links in visiting pages of current known threat intelligence sources", before the step "determining source addresses of target threat intelligence sources corresponding to current known threat intelligence sources", the method further includes:
acquiring a domain name of a current known threat intelligence source based on a source address of the current known threat intelligence source;
judging whether each website link in the access page of the current known threat intelligence source is the same as the domain name of the current known threat intelligence source or not;
and linking the website which is different from the domain name of the current known threat information source, and determining the website as the source address of the target threat information source corresponding to the current known threat information source.
In this embodiment, since the website links contained in the known threat information source are the attributions of the threat information in the known threat information source, most of the website links in the website links having the same domain name as the known threat information source are explanations of the threat information in the known threat information source, and the threat information in the known threat information source is already recorded in the threat information library, it is necessary to exclude the website links having the same domain name as the known threat information source, so that many invaluable threat information sources can be screened out.
In some embodiments, the second obtaining means obtains the source address of each targeted threat intelligence source by:
determining a plurality of keywords for searching a target threat intelligence source;
and searching each keyword in the GitHub platform, and determining each warehouse address obtained by searching as a source address of a target threat intelligence source.
In this embodiment, "IOC", "Blacklist", "Intelligence", and "Malicious" may be used as keywords, each keyword may be recursively searched in the GitHub platform, each searched warehouse address may be determined as a source address of a target threat Intelligence source, and files in these warehouse addresses may be cloned locally, so as to facilitate and quickly obtain files in these warehouse addresses.
With respect to step 102:
in order to improve the collectability of each target threat intelligence source automatically obtained through step 100, the threat intelligence in each target threat intelligence source may be detected and evaluated based on the source address of each target threat intelligence source to obtain an evaluation report of each target threat intelligence source.
In some embodiments, step 102 may comprise:
for each target threat intelligence source, executing the following steps:
detecting the quantity of threat intelligence in the current target threat intelligence source based on the source address of the current target threat intelligence source;
judging whether the format of each threat intelligence meets the requirement or not based on the type of each threat intelligence in the detected current target threat intelligence source;
judging whether each threat information in the current target threat information source is recorded into a pre-constructed threat information library or not;
and obtaining the evaluation result of the current target threat intelligence source.
In this embodiment, since the target threat intelligence sources obtained in step 100 may contain blogs in which threat intelligence appears, but the number of blogs is small, and the blogs belong to information blogs, it is necessary to detect the number of threat intelligence contained in each threat intelligence source. In addition, the threat intelligence contains multiple types, such as an IP type, a domain name type, a URL type (link type), a fingerprint type, and the like, and the present embodiment can detect the type of each threat intelligence in the target threat intelligence source and determine whether the format of each threat intelligence meets the requirement based on the type of each threat intelligence. In addition, it is necessary to determine whether each threat intelligence in the target threat intelligence source has been included in the threat intelligence repository. Thus, the evaluation result of each target threat intelligence source can be obtained.
In some embodiments, after the step of "determining whether each threat intelligence in the current targeted threat intelligence source has been included in a pre-constructed threat intelligence library", before the step of "obtaining an evaluation result of the current targeted threat intelligence source", the method further includes:
for each threat intelligence in the current target threat intelligence source, executing:
if the current threat intelligence is recorded into the threat intelligence base, the threat type of the current threat intelligence is obtained from the threat intelligence base so as to add the threat type of the current threat intelligence into the evaluation result of the current target threat intelligence source.
In this embodiment, in order to obtain a more comprehensive evaluation result, the threat types of the threat intelligence recorded in the threat intelligence library may be retrieved from the threat intelligence library and added to the corresponding evaluation result, so that the evaluation result contains the threat types of the recorded threat intelligence, which is convenient for the collecting personnel to evaluate and judge the target threat intelligence source in step 104.
It should be noted that the threat types in this embodiment may be classified into three types, namely, threat, no threat, and unknown, and may further include a more detailed threat type level, so that the threat types are not specifically limited herein.
With respect to step 104:
in the embodiment of the invention, the source address and the evaluation result of each target threat information source are sent to a mailbox of a threat information acquisition personnel in the form of mails, and the acquisition personnel further study, judge and contain the threat information in each target threat information source.
As shown in fig. 2 and fig. 3, an embodiment of the present invention provides an apparatus for collecting a threat intelligence source. The device embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. From a hardware aspect, as shown in fig. 2, a hardware architecture diagram of an electronic device in which an acquisition apparatus of a threat intelligence source provided in an embodiment of the present invention is located is shown, where the electronic device in which the apparatus is located in the embodiment may generally include other hardware, such as a forwarding chip responsible for processing a message, in addition to the processor, the memory, the network interface, and the nonvolatile memory shown in fig. 2. Taking a software implementation as an example, as shown in fig. 3, as a logical device, a CPU of the electronic device reads a corresponding computer program in the non-volatile memory into the memory for running.
As shown in fig. 3, the apparatus for collecting threat information source provided in this embodiment includes:
an obtaining unit 301, configured to obtain source addresses of target threat intelligence sources;
the evaluation unit 302 is configured to detect and evaluate threat intelligence in the target threat intelligence sources based on source addresses of the target threat intelligence sources to obtain evaluation results of each target threat intelligence source;
a reporting unit 303, configured to report the source address and the evaluation result of each target threat information source.
In an embodiment of the present invention, the obtaining means of the source address of the target threat intelligence source in the obtaining unit 301 includes a first obtaining means based on a known threat intelligence source and a second obtaining means based on a GitHub platform.
In an embodiment of the present invention, in the obtaining unit 301, the first obtaining manner is to obtain the source address of each target threat intelligence source by:
obtaining a source address list of a known threat intelligence source;
for each known source of threat intelligence in the list of source addresses, performing:
accessing a source address of a current known threat intelligence source;
and acquiring a website link in an access page of the current known threat intelligence source to determine a source address of a target threat intelligence source corresponding to the current known threat intelligence source.
In an embodiment of the present invention, after performing the acquiring of the website link in the access page of the current known threat intelligence source, before performing the determining of the source address of the target threat intelligence source corresponding to the current known threat intelligence source, the acquiring unit 301 is further configured to:
acquiring a domain name of a current known threat intelligence source based on a source address of the current known threat intelligence source;
judging whether each website link in the access page of the current known threat intelligence source is the same as the domain name of the current known threat intelligence source or not;
and linking the website which is not the same as the domain name of the current known threat intelligence source, and determining the website as the source address of the target threat intelligence source corresponding to the current known threat intelligence source.
In an embodiment of the present invention, in the obtaining unit 301, the second obtaining manner is to obtain the source address of each target threat intelligence source by:
determining a plurality of keywords for searching a target threat intelligence source;
and searching each keyword in the Github platform, and determining each warehouse address obtained by searching as a source address of a target threat intelligence source.
In an embodiment of the invention, the evaluation unit 302 is configured to perform:
for each target threat intelligence source, executing the following steps:
detecting the quantity of threat intelligence in the current target threat intelligence source based on the source address of the current target threat intelligence source;
judging whether the format of each threat intelligence meets the requirement or not based on the type of each threat intelligence in the detected current target threat intelligence source;
judging whether each threat intelligence in the current target threat intelligence source is recorded into a pre-constructed threat intelligence library or not;
and obtaining the evaluation result of the current target threat intelligence source.
In an embodiment of the present invention, after performing the determination of whether each threat intelligence in the current target threat intelligence source has been included in a pre-constructed threat intelligence library, before performing the evaluation result of the current target threat intelligence source, the evaluation unit 302 further includes:
for each threat intelligence in the current target threat intelligence source, executing:
if the current threat intelligence is recorded into the threat intelligence base, the threat type of the current threat intelligence is obtained from the threat intelligence base so as to add the threat type of the current threat intelligence into the evaluation result of the current target threat intelligence source.
It is to be understood that the illustrated structure of the embodiments of the present invention does not constitute a specific limitation on the collecting apparatus of a threat intelligence source. In other embodiments of the invention, a threat intelligence source acquisition apparatus may include more or fewer components than shown, or some components may be combined, or some components may be split, or a different arrangement of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.
Because the content of information interaction, execution process, and the like among the modules in the device is based on the same concept as the method embodiment of the present invention, specific content can be referred to the description in the method embodiment of the present invention, and is not described herein again.
The embodiment of the invention also provides electronic equipment which comprises a memory and a processor, wherein the memory is stored with a computer program, and when the processor executes the computer program, the method for acquiring the threat intelligence source in any embodiment of the invention is realized.
An embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the computer program causes the processor to execute a method for collecting a threat intelligence source according to any embodiment of the present invention.
Specifically, a system or an apparatus equipped with a storage medium on which software program codes that realize the functions of any of the embodiments described above are stored may be provided, and a computer (or a CPU or MPU) of the system or the apparatus is caused to read out and execute the program codes stored in the storage medium.
In this case, the program code itself read from the storage medium can realize the functions of any of the above-described embodiments, and thus the program code and the storage medium storing the program code constitute a part of the present invention.
Examples of the storage medium for supplying the program code include a floppy disk, a hard disk, a magneto-optical disk, an optical disk (e.g., CD-ROM, CD-R, CD-RW, DVD-ROM, DVD-RAM, DVD-RW, DVD + RW), a magnetic tape, a nonvolatile memory card, and a ROM. Alternatively, the program code may be downloaded from a server computer by a communications network.
Further, it should be clear that the functions of any one of the above-described embodiments may be implemented not only by executing the program code read out by the computer, but also by causing an operating system or the like operating on the computer to perform a part or all of the actual operations based on instructions of the program code.
Further, it is to be understood that the program code read out from the storage medium is written to a memory provided in an expansion board inserted into the computer or to a memory provided in an expansion module connected to the computer, and then causes a CPU or the like mounted on the expansion board or the expansion module to perform part or all of the actual operations based on instructions of the program code, thereby realizing the functions of any of the above-described embodiments.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. A method for collecting threat intelligence sources is characterized by comprising the following steps:
obtaining source addresses of all target threat information sources;
detecting and evaluating threat intelligence in the target threat intelligence sources based on source addresses of the target threat intelligence sources to obtain evaluation results of each target threat intelligence source;
and reporting the source address of each target threat intelligence source and the evaluation result.
2. The method of claim 1, wherein the means for obtaining the source address of the target threat intelligence source comprises a first means for obtaining based on a known threat intelligence source and a second means for obtaining based on a GitHub platform.
3. The method of claim 2, wherein the first obtaining means obtains the source address of each targeted threat intelligence source by:
acquiring a source address list of a known threat intelligence source;
for each known source of threat intelligence in the list of source addresses, performing:
accessing a source address of a current known threat intelligence source;
and acquiring a website link in an access page of the current known threat intelligence source to determine a source address of a target threat intelligence source corresponding to the current known threat intelligence source.
4. The method according to claim 3, wherein after said obtaining the website link in the visited page of the current known threat intelligence source, before said determining the source address of the target threat intelligence source corresponding to the current known threat intelligence source, further comprising:
acquiring a domain name of a current known threat information source based on a source address of the current known threat information source;
judging whether each website link in the access page of the current known threat intelligence source is the same as the domain name of the current known threat intelligence source or not;
and linking the website which is not the same as the domain name of the current known threat intelligence source, and determining the website as the source address of the target threat intelligence source corresponding to the current known threat intelligence source.
5. The method of claim 2, wherein the second obtaining means obtains the source address of each targeted threat intelligence source by:
determining a plurality of keywords for searching a target threat intelligence source;
and searching each keyword in a Github platform, and determining each warehouse address obtained by searching as a source address of a target threat intelligence source.
6. The method of any of claims 2-5, wherein the performing detection evaluations on threat intelligence in the targeted threat intelligence sources based on source addresses of the targeted threat intelligence sources to obtain evaluation results for each of the targeted threat intelligence sources comprises:
for each target threat intelligence source, performing:
detecting the quantity of threat intelligence in the current target threat intelligence source based on the source address of the current target threat intelligence source;
judging whether the format of each threat intelligence meets the requirement or not based on the type of each threat intelligence in the detected current target threat intelligence source;
judging whether each threat intelligence in the current target threat intelligence source is recorded into a pre-constructed threat intelligence library or not;
and obtaining the evaluation result of the current target threat intelligence source.
7. The method of claim 6, wherein after said determining whether each threat intelligence in a current targeted threat intelligence source has been included in a pre-built threat intelligence repository, and prior to said obtaining an assessment of the current targeted threat intelligence source, further comprising:
for each threat intelligence in the current target threat intelligence source, executing:
and if the current threat intelligence is recorded into the threat intelligence library, acquiring the threat type of the current threat intelligence from the threat intelligence library so as to add the threat type of the current threat intelligence into the evaluation result of the current target threat intelligence source.
8. An acquisition device for a threat intelligence source, comprising:
the acquiring unit is used for acquiring source addresses of all target threat information sources;
the evaluation unit is used for detecting and evaluating threat intelligence in the target threat intelligence source based on a source address of the target threat intelligence source to obtain an evaluation result corresponding to the target threat intelligence source;
and the reporting unit is used for reporting the source address corresponding to the target threat information source and the evaluation result.
9. An electronic device comprising a memory having stored therein a computer program and a processor that, when executing the computer program, implements the method of any of claims 1-7.
10. A computer-readable storage medium, on which a computer program is stored which, when executed in a computer, causes the computer to carry out the method of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211701195.3A CN115733701A (en) | 2022-12-28 | 2022-12-28 | Method and device for collecting threat information source, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211701195.3A CN115733701A (en) | 2022-12-28 | 2022-12-28 | Method and device for collecting threat information source, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115733701A true CN115733701A (en) | 2023-03-03 |
Family
ID=85302105
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211701195.3A Pending CN115733701A (en) | 2022-12-28 | 2022-12-28 | Method and device for collecting threat information source, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115733701A (en) |
-
2022
- 2022-12-28 CN CN202211701195.3A patent/CN115733701A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Patil et al. | Malicious URLs detection using decision tree classifiers and majority voting technique | |
| KR100723867B1 (en) | Apparatus and method for blocking access to phishing web page | |
| US20090287641A1 (en) | Method and system for crawling the world wide web | |
| CN112019519B (en) | Method and device for detecting threat degree of network security information and electronic device | |
| CN108667766B (en) | File detection method and file detection device | |
| CN109104421B (en) | Website content tampering detection method, device, equipment and readable storage medium | |
| US20080209554A1 (en) | Spam honeypot domain identification | |
| EP3913888A1 (en) | Detection method for malicious domain name in domain name system and detection device | |
| CN112839061B (en) | Tracing method and device based on regional characteristics | |
| CN109547294B (en) | Networking equipment model detection method and device based on firmware analysis | |
| CN113518077A (en) | Malicious web crawler detection method, device, equipment and storage medium | |
| Sujatha | Improved user navigation pattern prediction technique from web log data | |
| Tuomi | Evolution of the Linux credits file: methodological challenges and reference data for open source research | |
| KR101832292B1 (en) | Collection method of incident information, and computer-readable recording medium recorded with program to perform the same | |
| CN103440454A (en) | Search engine keyword-based active honeypot detection method | |
| US12088602B2 (en) | Estimation apparatus, estimation method and program | |
| CN115733701A (en) | Method and device for collecting threat information source, electronic equipment and storage medium | |
| JP5462713B2 (en) | Web page collection apparatus, method, and program | |
| Algiryage et al. | Distinguishing real web crawlers from fakes: googlebot example | |
| CN115309968A (en) | Method and device for generating webpage fingerprint rule based on resource search engine | |
| CN113962218A (en) | Illegal application identification method, device and equipment and readable storage medium | |
| CN115314271A (en) | Access request detection method, system and computer storage medium | |
| CN113378172B (en) | Method, apparatus, computer system and medium for identifying sensitive web pages | |
| Simpson et al. | Scalable misinformation mitigation in social networks using reverse sampling | |
| CN116032564A (en) | Asset detection method and device for attack end |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |