CN116055170A - Flow data detection method and device - Google Patents
Flow data detection method and device Download PDFInfo
- Publication number
- CN116055170A CN116055170A CN202310035677.8A CN202310035677A CN116055170A CN 116055170 A CN116055170 A CN 116055170A CN 202310035677 A CN202310035677 A CN 202310035677A CN 116055170 A CN116055170 A CN 116055170A
- Authority
- CN
- China
- Prior art keywords
- flow data
- detection
- custom
- logic rule
- rule
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 129
- 238000000034 method Methods 0.000 claims abstract description 39
- 238000004590 computer program Methods 0.000 claims description 10
- 238000012545 processing Methods 0.000 claims description 7
- 230000000694 effects Effects 0.000 abstract description 5
- 238000012423 maintenance Methods 0.000 abstract description 5
- 238000012827 research and development Methods 0.000 abstract description 5
- 230000006870 function Effects 0.000 description 9
- 238000010586 diagram Methods 0.000 description 7
- 230000008569 process Effects 0.000 description 7
- 230000009471 action Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000009133 cooperative interaction Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The application provides a flow data detection method and device, wherein the method comprises the following steps: acquiring flow data; detecting whether the flow data accords with a custom logic rule in a custom detection module; and when the flow data accords with the custom logic rule, alarming the flow data based on the custom logic rule. Therefore, the method and the device can carry out high-efficiency and accurate detection and treatment on the flow in a self-defined manner on the basis of the existing safety protection; meanwhile, the method can also achieve the effects of saving research and development cost and maintenance cost.
Description
Technical Field
The present application relates to the field of flow detection technologies, and in particular, to a flow data detection method and device.
Background
With the rapid development of information technology, computers and networks have become necessary tools and approaches for daily office work, communication and collaborative interaction. However, the user inevitably encounters an attack of the external network in using the network, and thus suffers unnecessary loss. To avoid such loss, users typically deploy some security software to pre-warn or intercept the attack.
In practice, conventional security software is generally dependent on its own detection logic and rules for security protection, so that it cannot detect and identify some potential network risks according to the user's own ideas and wishes, and cannot timely and effectively identify and handle network attacks that are being encountered by the user's network.
Disclosure of Invention
The embodiment of the application aims to provide a flow data detection method and device, which can carry out high-efficiency and accurate detection and treatment on the flow in a self-defined manner on the basis of the existing safety protection; meanwhile, the method can also achieve the effects of saving research and development cost and maintenance cost.
An embodiment of the present application provides a method for detecting traffic data, including:
acquiring flow data;
detecting whether the flow data accords with a custom logic rule in a custom detection module;
and when the flow data accords with the custom logic rule, alarming the flow data based on the custom logic rule.
Further, the method further comprises:
when the flow data does not accord with the custom logic rule, detecting whether the flow data accords with the system built-in logic rule in a system built-in detection module;
and when the flow data accords with the built-in logic rule of the system, alarming the flow data based on the built-in logic rule of the system.
Further, the step of alerting the flow data based on the custom logic rule includes:
generating custom alarm information based on the custom logic rule and the flow data;
and outputting and recording the custom alarm information.
Further, after the step of alerting the flow data based on the custom logic rule, the method further includes:
and processing the flow data based on the custom logic rule.
Further, before the step of acquiring the flow data, the method further includes:
receiving a user-defined security policy input by a user;
adjusting the self-defined security policy based on a system rule format to obtain a self-defined logic rule;
and adding the custom logic rule into a custom detection module in the form of incremental updating.
Further, the step of adjusting the custom security policy based on the system rule format to obtain the custom logic rule includes:
acquiring a system rule format matched with a system built-in detection module;
and adjusting the self-defined security policy based on the system rule format to obtain a self-defined logic rule.
Further, the custom security policy includes one or more of an ip opening detection policy, a port opening detection policy, an external network access detection policy, an illegal software operation detection policy, an access time detection policy, an access frequency detection policy, a black-and-white list detection policy, and a threat severity assessment policy.
A second aspect of the embodiments of the present application provides a traffic data detection device, including:
the acquisition unit is used for acquiring flow data;
the detection unit is used for detecting whether the flow data accords with the custom logic rule in the custom detection module;
and the alarm unit is used for alarming the flow data based on the custom logic rule when the flow data accords with the custom logic rule.
Further, the detecting unit is further configured to detect whether the flow data accords with a system built-in logic rule in a system built-in detecting module when the flow data does not accord with the custom logic rule;
and the alarm unit is also used for alarming the flow data based on the built-in logic rule of the system when the flow data accords with the built-in logic rule of the system.
Further, the alarm unit includes:
the generation subunit is used for generating custom alarm information based on the custom logic rule and the flow data;
and the output subunit is used for outputting and recording the self-defined alarm information.
Further, the flow data detection device further includes:
and the processing unit is used for processing the flow data based on the custom logic rule.
Further, the flow data detection device further includes:
the receiving unit is used for receiving the user-defined security policy input by the user;
the adjusting unit is used for adjusting the self-defined security policy based on a system rule format to obtain a self-defined logic rule;
and the updating unit is used for adding the custom logic rule into the custom detection module in the form of incremental updating.
Further, the adjusting unit includes:
the acquisition subunit is used for acquiring a system rule format matched with the system built-in detection module;
and the adjustment subunit is used for adjusting the self-defined security policy based on the system rule format to obtain a self-defined logic rule.
Further, the custom security policy includes one or more of an ip opening detection policy, a port opening detection policy, an external network access detection policy, an illegal software operation detection policy, an access time detection policy, an access frequency detection policy, a black-and-white list detection policy, and a threat severity assessment policy.
A third aspect of the embodiments of the present application provides an electronic device, including a memory and a processor, where the memory is configured to store a computer program, and the processor is configured to execute the computer program to cause the electronic device to execute the traffic data detection method according to any one of the first aspect of the embodiments of the present application.
A fourth aspect of the embodiments of the present application provides a computer readable storage medium storing computer program instructions which, when read and executed by a processor, perform the method for detecting traffic data according to any one of the first aspect of the embodiments of the present application.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and should not be considered as limiting the scope, and other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flow chart of a flow data detection method provided in an embodiment of the present application;
fig. 2 is a schematic structural diagram of a flow data detection device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only to distinguish the description, and are not to be construed as indicating or implying relative importance.
Example 1
Referring to fig. 1, fig. 1 is a flow chart of a flow data detection method according to the present embodiment. The flow data detection method comprises the following steps:
s101, receiving a user-defined security policy input by a user.
In this embodiment, the custom security policy includes one or more of an ip opening detection policy, a port opening detection policy, an external network access detection policy, an illegal software operation detection policy, an access time detection policy, an access frequency detection policy, a black-and-white list detection policy, and a threat severity assessment policy.
S102, acquiring a system rule format matched with the system built-in detection module.
S103, adjusting the self-defined security policy based on the system rule format to obtain the self-defined logic rule.
S104, adding the custom logic rule into the custom detection module in the form of incremental updating.
In this embodiment, the method may receive a security policy set by a user.
In this embodiment, the user may typically set some security policies, such as: if a certain ip/port has operations on external opening, accessing an external network, if a certain host has illegal software, and the like, the condition is met, and meanwhile, other limiting conditions such as access time point, access frequency, black-white list limitation, and the like are met, a user-defined security policy is triggered to generate an alarm, the generated alarm threat name, threat severity level, whether the user automatically blocks interception, and the like can be self-defined on a page, the user submits the set self-defined policy to a system, so that the system automatically generates rules according to the content set by the user and the requirements of system detection, and the rules are added into a self-defined detection module.
In this embodiment, the custom detection module is built on the basis of the system built-in detection module, and the large flow is unified by multiplexing the detection function library of the system built-in detection module, and the multiplexing method is to independently package a general detection function library in the development process, and the packaged detection function library can be called in parallel by the system built-in detection module and the custom detection module, so that the effects of system research and development cost and maintenance cost are reduced, and meanwhile, the detection scheme is unified, so that the detection result is more stable and reliable.
In this embodiment, after the user finishes customizing and submitting the rule, the custom detection module in the method can strictly generate code service logic and rule according to the format requirement of the built-in detection module of the system (the specific implementation method can set a general rule format in advance, the rule format can be json or xml and other structures, the automation of the service logic is automatically judged by the constraint condition detection module set by the web, for example, the detection has white list constraint, and the detection logic automatically increases the judgment of the white list logic), and meanwhile, the running built-in detection of the system and the existing custom detection cannot be influenced.
In this embodiment, the custom detection module and the system built-in detection module share a detection function library, and the detection function library is not changed by the system built-in detection module or the custom detection module.
In this embodiment, when the custom detection module loads a new rule, an incremental update mode is used, which has no influence on the existing custom detection rule, and in the new process, concurrency control is achieved by a locking mode (a system crash caused by adding multiple rules at the same time is avoided), and finally, the custom detection module and the detection logic rule of the system built-in detection system are integrated.
S105, acquiring flow data.
S106, detecting whether the flow data accords with a custom logic rule in a custom detection module, and if so, executing steps S107 to S109; if not, step S110 is performed.
S107, generating custom alarm information based on the custom logic rules and the flow data.
S108, outputting and recording the self-defined alarm information.
S109, processing the flow data based on the custom logic rule, and ending the flow.
S110, detecting whether the flow data accords with a system built-in logic rule in a system built-in detection module, if so, executing a step S111; if not, the process is ended.
In this embodiment, the system built-in detection module mainly detects according to the detection flow of the system itself, and meanwhile, a rule detection engine supports rule detection built-in the system. The device is generally deployed in a bypass network of enterprises and units and is used for detecting threats existing in the bypass network, performing operations such as threat name, threat classification, threat level classification and the like on detected alarms, performing data format unification (according to json format, web page display and check are convenient) and whitelist passing processing (alarm data in a whitelist are not stored), and storing the alarm results in a database for users to inquire.
S111, alarming the flow data based on the built-in logic rule of the system, and ending the flow.
For example, the overall detection flow of the method can be as follows:
(1) The user configures a security policy of 'host accessing the external network' for threat name on the web page, limits the access time range from 8 a.m. to 5 a.m. and sets a white list, the white list is ip1.1.1.1, sets threat severity level as high-grade, and stores and submits the threat severity level to the system.
(2) And the system generates a user-defined rule according to the related strategy information configured by the user and a system rule format, and adds the user-defined rule into the user-defined detection module in an incremental updating mode.
(3) When the flow enters the detection flow, the system preferentially detects the user-defined logic rule, alarms the flow conforming to the user-defined logic rule, sets output contents according to the user-defined threat name, threat level and the like, simultaneously carries out filtration restriction such as access time, frequency, black-white list and the like according to the user-defined logic rule, carries out blocking interception and the like according to whether the user mark can be blocked or not, and records the alarm result.
In this embodiment, the execution subject of the method may be a computing device such as a computer or a server, which is not limited in this embodiment.
In this embodiment, the execution body of the method may be an intelligent device such as a smart phone or a tablet computer, which is not limited in this embodiment.
Therefore, by implementing the flow data detection method described in the embodiment, the flow can be detected and treated in a self-defined manner on the basis of the existing safety protection; meanwhile, the method can also achieve the effects of saving research and development cost and maintenance cost.
Example 2
Referring to fig. 2, fig. 2 is a schematic structural diagram of a flow data detection device according to the present embodiment. As shown in fig. 2, the flow data detection device includes:
an acquiring unit 210, configured to acquire flow data;
the detecting unit 220 is configured to detect whether the flow data accords with a custom logic rule in the custom detection module;
and an alarm unit 230, configured to alarm the flow data based on the custom logic rule when the flow data conforms to the custom logic rule.
As an optional implementation manner, the detecting unit 220 is further configured to detect, when the flow data does not conform to the custom logic rule, whether the flow data conforms to the system built-in logic rule in the system built-in detection module;
the alarm unit 230 is further configured to alarm the flow data based on the logic rule built in the system when the flow data conforms to the logic rule built in the system.
As an alternative embodiment, the alarm unit 230 includes:
a generating subunit 231, configured to generate custom alarm information based on the custom logic rule and the flow data;
and the output subunit 232 is configured to output and record the custom alarm information.
As an alternative embodiment, the flow data detection device further includes:
the processing unit 240 is configured to process the traffic data based on the custom logic rule.
As an alternative embodiment, the flow data detection device further includes:
a receiving unit 250, configured to receive a user-defined security policy input by a user;
an adjusting unit 260, configured to adjust the custom security policy based on the system rule format to obtain a custom logic rule;
the updating unit 270 is configured to add the custom logic rule to the custom detection module in the form of incremental updating.
As an alternative embodiment, the adjusting unit 260 includes:
an obtaining subunit 261, configured to obtain a system rule format that is matched with the system built-in detection module;
the adjustment subunit 262 is configured to adjust the custom security policy based on the system rule format to obtain the custom logic rule.
In this embodiment, the custom security policy includes one or more of an ip opening detection policy, a port opening detection policy, an external network access detection policy, an illegal software operation detection policy, an access time detection policy, an access frequency detection policy, a black-and-white list detection policy, and a threat severity assessment policy.
In this embodiment, the explanation of the flow data detection device may refer to the description in embodiment 1, and the description is not repeated in this embodiment.
Therefore, the flow data detection device described in the embodiment can perform high-efficiency and accurate detection and treatment on the flow in a self-defined manner on the basis of the existing safety protection; meanwhile, the method can also achieve the effects of saving research and development cost and maintenance cost.
The embodiment of the application provides electronic equipment, which comprises a memory and a processor, wherein the memory is used for storing a computer program, and the processor runs the computer program to enable the electronic equipment to execute the flow data detection method in the embodiment 1 of the application.
The present embodiment provides a computer readable storage medium storing computer program instructions that, when read and executed by a processor, perform the flow data detection method of embodiment 1 of the present application.
In the several embodiments provided in this application, it should be understood that the disclosed apparatus and method may be implemented in other manners as well. The apparatus embodiments described above are merely illustrative, for example, flow diagrams and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, the functional modules in the embodiments of the present application may be integrated together to form a single part, or each module may exist alone, or two or more modules may be integrated to form a single part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is merely exemplary embodiments of the present application and is not intended to limit the scope of the present application, and various modifications and variations may be suggested to one skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principles of the present application should be included in the protection scope of the present application. It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures.
The foregoing is merely specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily think about changes or substitutions within the technical scope of the present application, and the changes and substitutions are intended to be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
Claims (10)
1. A method for detecting traffic data, the method comprising:
acquiring flow data;
detecting whether the flow data accords with a custom logic rule in a custom detection module;
and when the flow data accords with the custom logic rule, alarming the flow data based on the custom logic rule.
2. The flow data detection method according to claim 1, characterized in that the method further comprises:
when the flow data does not accord with the custom logic rule, detecting whether the flow data accords with the system built-in logic rule in a system built-in detection module;
and when the flow data accords with the built-in logic rule of the system, alarming the flow data based on the built-in logic rule of the system.
3. The method of claim 1, wherein alerting the traffic data based on the custom logic rule comprises:
generating custom alarm information based on the custom logic rule and the flow data;
and outputting and recording the custom alarm information.
4. The method of claim 1, wherein after the step of alerting the traffic data based on the custom logic rules, the method further comprises:
and processing the flow data based on the custom logic rule.
5. The flow data detection method according to claim 1, wherein prior to the step of acquiring flow data, the method further comprises:
receiving a user-defined security policy input by a user;
adjusting the self-defined security policy based on a system rule format to obtain a self-defined logic rule;
and adding the custom logic rule into a custom detection module in the form of incremental updating.
6. The method for detecting traffic data according to claim 5, wherein the step of adjusting the custom security policy based on a system rule format to obtain a custom logic rule comprises:
acquiring a system rule format matched with a system built-in detection module;
and adjusting the self-defined security policy based on the system rule format to obtain a self-defined logic rule.
7. The traffic data detection method according to claim 5, wherein the custom security policy comprises one or more of an ip opening detection policy, a port opening detection policy, an external network access detection policy, an illegal software operation detection policy, an access time detection policy, an access frequency detection policy, a black and white list detection policy, and a threat severity assessment policy.
8. A flow data detection device, characterized in that the flow data detection device comprises:
the acquisition unit is used for acquiring flow data;
the detection unit is used for detecting whether the flow data accords with the custom logic rule in the custom detection module;
and the alarm unit is used for alarming the flow data based on the custom logic rule when the flow data accords with the custom logic rule.
9. An electronic device comprising a memory for storing a computer program and a processor that runs the computer program to cause the electronic device to perform the flow data detection method of any one of claims 1 to 7.
10. A readable storage medium having stored therein computer program instructions which, when read and executed by a processor, perform the flow data detection method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310035677.8A CN116055170B (en) | 2023-01-10 | 2023-01-10 | Flow data detection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310035677.8A CN116055170B (en) | 2023-01-10 | 2023-01-10 | Flow data detection method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116055170A true CN116055170A (en) | 2023-05-02 |
| CN116055170B CN116055170B (en) | 2024-01-23 |
Family
ID=86121532
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310035677.8A Active CN116055170B (en) | 2023-01-10 | 2023-01-10 | Flow data detection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116055170B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8217756B2 (en) * | 2004-09-01 | 2012-07-10 | Microsoft Corporation | Rule-based filtering and alerting |
| US20160381057A1 (en) * | 2015-06-29 | 2016-12-29 | Qualcomm Incorporated | Customized Network Traffic Models To Detect Application Anomalies |
| WO2019005512A1 (en) * | 2017-06-29 | 2019-01-03 | Amazon Technologies, Inc. | Security policy monitoring service |
| CN112612680A (en) * | 2020-12-29 | 2021-04-06 | 永辉云金科技有限公司 | Message warning method, system, computer equipment and storage medium |
| CN113542253A (en) * | 2021-07-12 | 2021-10-22 | 杭州安恒信息技术股份有限公司 | Network flow detection method, device, equipment and medium |
| CN114006771A (en) * | 2021-12-30 | 2022-02-01 | 北京微步在线科技有限公司 | Flow detection method and device |
| CN114826662A (en) * | 2022-03-18 | 2022-07-29 | 深圳开源互联网安全技术有限公司 | User-defined rule protection method, device, equipment and readable storage medium |
-
2023
- 2023-01-10 CN CN202310035677.8A patent/CN116055170B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8217756B2 (en) * | 2004-09-01 | 2012-07-10 | Microsoft Corporation | Rule-based filtering and alerting |
| US20160381057A1 (en) * | 2015-06-29 | 2016-12-29 | Qualcomm Incorporated | Customized Network Traffic Models To Detect Application Anomalies |
| WO2019005512A1 (en) * | 2017-06-29 | 2019-01-03 | Amazon Technologies, Inc. | Security policy monitoring service |
| CN112612680A (en) * | 2020-12-29 | 2021-04-06 | 永辉云金科技有限公司 | Message warning method, system, computer equipment and storage medium |
| CN113542253A (en) * | 2021-07-12 | 2021-10-22 | 杭州安恒信息技术股份有限公司 | Network flow detection method, device, equipment and medium |
| CN114006771A (en) * | 2021-12-30 | 2022-02-01 | 北京微步在线科技有限公司 | Flow detection method and device |
| CN114826662A (en) * | 2022-03-18 | 2022-07-29 | 深圳开源互联网安全技术有限公司 | User-defined rule protection method, device, equipment and readable storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 刘蓓;禄凯;程浩;闫桂勋;: "基于异构数据融合的政务网络安全监测平台设计与实现", 信息安全研究, no. 06 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116055170B (en) | 2024-01-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9038193B2 (en) | System and method of data cognition incorporating autonomous security protection | |
| WO2016150313A1 (en) | Method and apparatus for detecting suspicious process | |
| US20090158385A1 (en) | Apparatus and method for automatically generating SELinux security policy based on selt | |
| AU2012223360A1 (en) | User interface and workflow for performing machine learning | |
| Myers et al. | Towards insider threat detection using web server logs | |
| CN109409087B (en) | Anti-privilege-raising detection method and device | |
| JP2005539334A (en) | Searchable information content for pre-selected data | |
| CN112182604A (en) | File detection system and method | |
| US10721236B1 (en) | Method, apparatus and computer program product for providing security via user clustering | |
| CN113992430B (en) | Method and device for processing defect | |
| Asaad et al. | A Review on Big Data Analytics between Security and Privacy Issue | |
| CN116055170B (en) | Flow data detection method and device | |
| CN112600828A (en) | Attack detection and protection method and device for power control system based on data message | |
| EP3704844B1 (en) | Data generation for data protection | |
| CN110874474A (en) | Lessocian virus defense method, Lessocian virus defense device, electronic device and storage medium | |
| Wu et al. | Towards SQL injection attacks detection mechanism using parse tree | |
| Fugkeaw et al. | Design and development of a dynamic and efficient PII data loss prevention system | |
| CN113852641A (en) | Network attack tracing system, method and equipment based on graph database | |
| WO2016180134A1 (en) | Method and apparatus for managing information security specification library | |
| CN113590264A (en) | File tamper-proofing method and device under container environment | |
| CN107169354A (en) | Multi-layer android system malicious act monitoring method | |
| Blanc et al. | Interactions between artificial intelligence and cybersecurity to protect future networks | |
| AlMahmeed et al. | Zero-day Attack Solutions Using Threat Hunting Intelligence: Extensive Survey | |
| Sasaki | Towards detecting suspicious insiders by triggering digital data sealing | |
| Malek et al. | User Behaviour based Intrusion Detection System Overview |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |