CN116055205A - Abnormal equipment identification method and device - Google Patents
Abnormal equipment identification method and device Download PDFInfo
- Publication number
- CN116055205A CN116055205A CN202310080359.3A CN202310080359A CN116055205A CN 116055205 A CN116055205 A CN 116055205A CN 202310080359 A CN202310080359 A CN 202310080359A CN 116055205 A CN116055205 A CN 116055205A
- Authority
- CN
- China
- Prior art keywords
- page
- request
- address
- file
- specified file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/50—Testing arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The application discloses an abnormal equipment identification method and device, wherein the method comprises the following steps: the method comprises the steps that a first device obtains a first indication, wherein the first indication is used for indicating a second device to be an abnormal device to be identified; the first device sends a first request to the second device, wherein the first request is used for requesting the second device to create a page and adding the address of the created page to a specified file; after determining that the address of the newly added page exists in the specified file, the first device determines that the second device has an exception. The method can improve the identification accuracy of the abnormal equipment.
Description
Technical Field
The application relates to the technical field of network information security, in particular to a method and a device for identifying abnormal equipment.
Background
Currently, with the rapid development of computer information communication technology, network security events occur, and risks and crimes from inside and outside of the network are increasing. In the prior art, the potential safety hazard in the enterprise network equipment is generally discovered through a scanner and other devices. Because of the huge number of abnormal sites with hidden danger and loopholes, the scanner generally has the problems of false alarm, false omission and the like when identifying abnormal equipment, so that the abnormal equipment identified by the scanner needs to be identified, for example, the abnormal equipment is identified by the scanner.
The existing identification method is generally a method of delayed access through a remote server, and the identification accuracy of the delayed access method to abnormal equipment is low. Therefore, the recognition accuracy of the abnormal device is to be improved.
Disclosure of Invention
The embodiment of the application provides an abnormal equipment identification method and device, which are used for improving the accuracy of abnormal equipment identification.
In a first aspect, an embodiment of the present application provides an abnormal device identification method, including:
the method comprises the steps that a first device obtains a first indication, wherein the first indication is used for indicating a second device to be an abnormal device to be identified; the first device sends a first request to the second device, wherein the first request is used for requesting the second device to create a page and adding the address of the created page to a specified file; after determining that the address of the newly added page exists in the specified file, the first device determines that the second device has an exception.
According to the method, the first device can request the second device to be identified to create the page and store the action of the created page in the designated file, if the address of the page is newly added in the designated file, the second device is indicated to be capable of executing the page creation request of other devices, and loopholes exist, so that after the first device acquires the address of the newly added page in the designated file, the second device can be determined to have abnormality. Therefore, the method can improve the identification accuracy of the abnormal equipment.
In one possible embodiment, the first request includes a first file path, the first file path being an access address of the specified file.
According to the method, the first device can provide the address of the specified file to the second device, so that the second device stores the address to the specified file after generating the page, and the efficiency of the second device obtaining the access address of the specified file can be improved.
In one possible embodiment, the method further comprises: and the first equipment acquires the address in the specified file according to the first file path.
According to the method, the first device can obtain the address of the newly added page in the terminal file by accessing the first file path, so that the efficiency of obtaining the address of the newly added page can be further improved.
In one possible embodiment, the page is a static page.
According to the method, the first device can set the newly added page as a static page, can obtain the address of the page in the appointed file, and can further improve the efficiency of obtaining the address of the newly added page.
In a second aspect, the present application provides an abnormal device identification method, the method further including:
the second device receives a first request from a first device, the first request being for requesting the second device to create a page and adding an address of the created page to a specified file; the second device generates a first page; the second device stores the address of the first page in the specified file.
According to the method, the second device can create the page according to the first request, can add the page in the designated file, and can store the address of the first page in the designated file, so that the efficiency of the first device obtaining the address of the first page can be improved.
In one possible embodiment, the first request includes a first file path, the first file path being an access address of the specified file.
According to the method, the second device can acquire the first file path, and the address of the newly added page is stored under the first file path, so that the efficiency of the first device for acquiring the address of the first page can be further improved.
In one possible embodiment, the page is a static page.
According to the method, the second device can add the static page in the appointed file, and store the address of the static page to the path of the appointed file, so that the efficiency of the first device for obtaining the address of the static page can be improved.
In a third aspect, the present application provides an abnormal device identification apparatus, the apparatus comprising:
the acquisition module is used for acquiring a first instruction, wherein the first instruction is used for indicating the second equipment to be the abnormal equipment to be identified; a processing module, configured to send a first request to the second device, where the first request is used to request the second device to create a page and add an address of the created page to a specified file; and after determining that the address of the newly added page exists in the specified file, the processing module is further used for determining that the second device has an abnormality.
In one possible embodiment, the first request includes a first file path, and the specified file is an access address of the specified file.
In a possible embodiment, the processing module is further configured to: and acquiring the address in the specified file according to the first file path.
In one possible embodiment, the page is a static page.
In a fourth aspect, the present application provides an abnormal device identification apparatus, the apparatus comprising:
an acquisition module, configured to receive a first request from a first device, where the first request is used to request the second device to create a page and add an address of the created page to a specified file; the processing module is used for generating a first page; the processing module is further configured to store an address of the first page to the specified file.
In one possible embodiment, the first request includes a first file path, the first file path being an access address of the specified file.
In one possible embodiment, the page is a static page.
In a fifth aspect, the present application provides an electronic device, comprising:
a memory for storing program instructions;
a processor for invoking program instructions stored in the memory and executing the steps comprised by the method according to any of the first aspects in accordance with the obtained program instructions.
In a sixth aspect, the present application provides a computer readable storage medium storing a computer program comprising program instructions which, when executed by a computer, cause the computer to perform the method of any one of the first aspects.
Drawings
Fig. 1 is a schematic flow chart of an abnormal device identification method provided in an embodiment of the present application;
FIG. 2 is a schematic flow chart of another embodiment of the present application;
fig. 3 is a schematic structural diagram of a device according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of another device according to an embodiment of the present application.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the present application more apparent, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure. Embodiments and features of embodiments in this application may be combined with each other arbitrarily without conflict. Also, while a logical order of illustration is depicted in the flowchart, in some cases the steps shown or described may be performed in a different order than presented.
The terms first and second in the description and claims of the present application and in the above-described figures are used for distinguishing between different objects and not for describing a particular sequential order. Furthermore, the term "include" and any variations thereof is intended to cover non-exclusive protection. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those listed steps or elements but may include other steps or elements not listed or inherent to such process, method, article, or apparatus. The term "plurality" in the present application may mean at least two, for example, two, three or more, and embodiments of the present application are not limited.
In the technical scheme, the data are collected, transmitted, used and the like, and all meet the requirements of national related laws and regulations.
Before describing an abnormal device identification method provided in the embodiments of the present application, for convenience of understanding, a detailed description is first given below of a technical background of the embodiments of the present application.
Currently, with the rapid development of computer information communication technology, network security events occur, and attacks from inside and outside the network are increasing. In the prior art, the potential safety hazard in the enterprise network equipment is generally discovered through a scanner and other devices. For example, scanners are a type of procedure that automatically detects security vulnerabilities of local or remote hosts, and that can quickly and accurately discover vulnerabilities that exist with a scanning object and provide the user with a scanning result. The working principle of the scanner is that a data packet is sent to the target equipment, and then the information such as the type of the operating system, the development port, the provided service and the like of the target equipment is judged according to the information fed back by the target equipment.
Because of the huge number of abnormal sites with hidden danger and loopholes, the scanner generally has the problems of false alarm, missing report and the like when identifying abnormal equipment, so that the abnormal equipment identified by the scanner needs to be identified.
The existing identification method is generally a method for delayed access through a remote server, so that the identification time is long, the identification efficiency is low, and the identification error rate is high. Therefore, the recognition accuracy of the abnormal device is to be improved.
In order to improve the identification accuracy of abnormal equipment, the invention provides an abnormal equipment identification method and device, which are used for improving the identification accuracy of the abnormal equipment.
It is understood that an abnormal device identification method provided by the present application may be performed by a first device and a second device. For example, the first device may scan for a second device to be identified as having an exception, send a page generation request (may be referred to as a first request) to the second device, where the first request may be an exception request, or the first request is used to request generation of an exception page, so that, according to a response result of the second device to the first request, whether a vulnerability exists in the second device may be identified. For example, if the second device generates an exception page in response to the first request, the first device may determine that the second device has a vulnerability exception, i.e., that the second device has a command execution vulnerability; conversely, if the second device does not generate an exception page in response to the first request, the first device may determine that the second device does not have a vulnerability, i.e., that the second device does not have a command execution vulnerability. Based on the method, whether the second equipment is abnormal or not can be effectively verified, and the accuracy of abnormality identification is improved.
Alternatively, the first device in the present application is, for example, a scanner program, or may be a device or means for performing a scanner function. The second device may be a website site, such as a web site.
As shown in fig. 1, specific steps for identifying an abnormal device provided in an embodiment of the present application include:
step 101, a first device obtains a first indication, where the first indication is used to indicate that a second device is an abnormal device to be identified.
In one possible embodiment, the first device may periodically scan for a second device, which may be a scanner program or a scanner, including a network device, and when the second device is scanned for an abnormal device, the second device is taken as an abnormal device to be identified, and the first device identifies whether the second device is abnormal.
In one possible embodiment, the first device may obtain the first indication when the second device is scanned as an anomalous device. The first indication may be generated by the first device itself or transmitted by the second device.
In one possible embodiment, the first device may record anomaly data for the second device. Alternatively, the first device may obtain the exception hole and the payload (payload) of the second device by scanning. After the first device obtains the exception hole and the payload of the second device, a first indication is generated, and the first indication can be used for indicating that the second device is an exception device to be identified.
In one possible embodiment, the exception hole indicates that the second device has an exception, that is, the second device may execute an exception request sent by other network devices to generate a corresponding exception page. The payload may be obtained by the first device through crawler scanning. For example, devices sometimes need to call some function that executes system commands. When the device has a vulnerability, an attacker can control parameters in the functions and splice the malicious system command into the normal command. And when the device receives the malicious command, executing the malicious command to generate an abnormal result.
In one possible embodiment, the first device may obtain the request parameters (requests) received by the second device by scanning. The first device may generate request parameters for the page by replacing the request parameters received by the second device. The first device may determine whether the second device has a vulnerability by determining whether to confirm that the second device performs the page generation request. According to the request execution result of the second device on the first request, whether the second device has a bug or not can be identified, so that whether the second device is abnormal or not is effectively verified, and the accuracy of abnormality identification is improved.
For example, the first device may be a scanner and the second device an anomalous site to be identified. And the scanner scans the abnormal site to be identified through the early crawler and scans out command execution loopholes of the abnormal site to be identified. The scanner may record a vulnerability link and request parameters (requests) corresponding to the vulnerability. The scanner may replace the command execution payload in the recorded request parameters by finding new page request parameters.
Step 102, the first device sends a first request to the second device, where the first request is used to request the second device to create a page and add an address of the created page to a specified file.
In one possible embodiment, the first device replaces the request parameters scanned from the second device with new page request parameters. The first device may generate a static page, determine a website path of the static page, where the website path of the static page is a static page file. The static page (or called static webpage) is a page which exists in practice and can be directly loaded to a client browser for display without compiling by a server.
In one possible embodiment, the first device may select a file that may store an address of the static page as the specified file, and record an access path of the specified file.
In one possible embodiment, the first device may send the new page request parameter and the access path of the specified file as a first request to the second device.
And step 103, the second device generates a first page and stores the address of the first page into the specified file.
In one possible embodiment, the second device may receive a first request from the first device. The second device may determine a designated file according to the first request of the first device, and input a file name of the newly added static page to the designated file.
For example, the scanner sends the request parameter that has been successfully replaced as a first request to the exception site to be identified for the vulnerability link that has been recorded, where the first request includes a payload to which a new page is added. The scanner records the file name of the specified file and the website path of the specified file.
In one possible embodiment, the second device may generate a first page, i.e. a static page, from the first request. The second device stores the address of the first page in the specified file.
For example, an exception site to be identified generates a new static page, and the exception site to be identified may store the address of the new page in a designated file.
Step 104, after determining that the address of the newly added page exists in the specified file, the first device determines that the second device has an exception.
In one possible embodiment, the first device obtains the address in the specified file according to the first file path. The first file path is the access address of the appointed file, and after the second device stores the address of the newly added page in the appointed file, the first device scans whether the newly added page address exists in the appointed file through the access address of the appointed file.
In one possible embodiment, the first device determines that there is an address of a newly added page in the specified file, and determines that there is an exception in the second device. For example, after the scanner sends a first request to the recorded vulnerability link, the scanner accesses the file where the static page is located to see whether there is a newly added static page. If the newly added static page exists in the designated file, determining that command execution loopholes exist for the site; if no newly added static page exists in the designated file, the original vulnerability report belongs to an invalid heuristic attack and is not treated.
Based on the flow shown in fig. 1, the first device may obtain the first indication based on the second device, replace the request parameter with the first request based on the first indication, access the specified file according to the access address of the specified file, obtain the path of the new page, and determine that the second device has an abnormality. The second device may add a new page in the static page, and the static page may be directly loaded to the client browser for display. The first equipment requests the second equipment to newly add the page in the static page, so that the second equipment is confirmed to have abnormality, the identification accuracy of the second equipment is improved, and meanwhile, the identification efficiency of the abnormal equipment can be improved.
The embodiments of the foregoing steps 101 to 103 will be described below with reference to the flow shown in fig. 2. In one possible embodiment, the step 101 may include (1) to (2), the step 102 may include (3) to (4), and the step 103 may include (5) to (6).
(1) The scanner discovers that command execution loopholes exist at the target site through early-stage scanning; the name dvwaPage. Js of the static page of the target site is first found.
(2) And analyzing according to the scanner request packet, matching the command executed by the scanner, namely, a first instruction, and replacing the command with a new page, namely, a first request after replacing. The scanner executes the command id command and the associated request payload 127.0.0.1 id.
(3) The scanner replaces the payload with the payload of the new page: 127.0.0.1|find/-name dvwaPage. Js|while read f; do sh-c' id; pwd; ifconfig' $ (dirname $f)/test.
Where dvwaPage. Js is the name of the static page that was previously sought.
(4) After the scanner performs the replacement, the scanner sends a request after the replacement to the target site.
(5) The scanner accesses the path of the static page and judges whether the target site has the path test.txt of the new page.
(6) If the scanner finds that the target site has a path test. Txt of a new page, the site has a command execution vulnerability. If the scanner does not find a path test. Txt of the new page, the site has no command execution vulnerability.
Based on the same inventive concept, an embodiment of the present application provides an abnormal device identification apparatus, please refer to fig. 3, which includes:
when the function of the first device in the present application is implemented, an obtaining module 301 is configured to obtain a first indication, where the first indication is used to indicate that the second device is an abnormal device to be identified; a processing module 302, configured to send a first request to the second device, where the first request is used to request the second device to create a page and add an address of the created page to a specified file; after determining that the address of the newly added page exists in the specified file, the processing module 302 is further configured to determine that the second device has an exception.
In one possible embodiment, the first request includes a first file path, the first file path being an access address of the specified file.
In one possible embodiment, the processing module 302 is further configured to: and acquiring the address in the specified file according to the first file path.
In one possible embodiment, the page is a static page.
When the function of the second device is implemented, the obtaining module 301 is configured to receive a first request from a first device, where the first request is used to request the second device to create a page and add an address of the created page to a specified file; a processing module 302, configured to generate a first page; the processing module 302 is further configured to store an address of the first page in the specified file.
In one possible embodiment, the first request includes a first file path, the first file path being an access address of the specified file.
In one possible embodiment, the page is a static page.
Based on the same inventive concept, the embodiment of the present application provides an electronic device, which may implement the functions of the abnormal device identification apparatus discussed above, and referring to fig. 4, the device includes a processor 401 and a memory 402.
A memory 401 for storing a computer program executed by the processor 402. The memory 401 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, a program required for running an instant communication function, and the like; the storage data area can store various instant messaging information, operation instruction sets and the like.
The memory 401 may be a volatile memory (RAM) such as a random-access memory (RAM); the memory 401 may also be a nonvolatile memory (non-volatile memory), such as a read-only memory, a flash memory (flash memory), a Hard Disk Drive (HDD) or a Solid State Drive (SSD), or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited thereto. Memory 401 may be a combination of the above.
The processor 402 may include one or more central processing units (central processing unit, CPU) or digital processing units, etc. The processor 402 is configured to implement the above method when invoking a computer program stored in the memory 401.
The specific connection medium between the memory 401 and the processor 402 is not limited in the embodiments of the present application. As an example, the embodiment of the present application is shown in fig. 4, where the memory 401 and the processor 402 are connected by a bus 403, and the bus 403 is shown in a bold line in fig. 4, and the connection manner between other components is merely illustrative, and not limited to the foregoing. The bus 403 may be classified into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in fig. 4, but not only one bus or one type of bus.
Optionally, the processor 402 may be configured to perform the actions performed by any one or more of the acquisition module 301, the processing module 302, and the like.
Based on the same inventive concept, embodiments of the present application provide a computer-readable storage medium, the computer program product comprising: computer program code which, when run on a computer, causes the computer to perform the abnormal device identification method as any of the previous discussions. Since the principle of solving the problem by the computer readable storage medium is similar to that of the abnormal device identification method, implementation of the computer readable storage medium can refer to implementation of the method, and repeated parts are omitted.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of user operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks. It will be apparent to those skilled in the art that various modifications and variations can be made in the present application without departing from the spirit or scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims and the equivalents thereof, the present application is intended to cover such modifications and variations.
Claims (16)
1. An abnormal device identification method, comprising:
the method comprises the steps that a first device obtains a first indication, wherein the first indication is used for indicating a second device to be an abnormal device to be identified;
the first device sends a first request to the second device, wherein the first request is used for requesting the second device to create a page and adding the address of the created page to a specified file;
after determining that the address of the newly added page exists in the specified file, the first device determines that the second device has an exception.
2. The method of claim 1, wherein the first request includes a first file path, the first file path being an access address of the specified file.
3. The method of claim 1, wherein the method further comprises:
and the first equipment acquires the address in the specified file according to the first file path.
4. A method as claimed in claim 1 or 2, wherein the page is a static page.
5. A method of identifying an abnormal device, the method further comprising:
the second device receives a first request from a first device, the first request being for requesting the second device to create a page and adding an address of the created page to a specified file;
the second device generates a first page;
the second device stores the address of the first page in the specified file.
6. The method of claim 5, wherein the first request includes a first file path, the first file path being an access address of the specified file.
7. The method of claim 5 or 6, wherein the page is a static page.
8. An abnormal device identification apparatus, comprising:
the acquisition module is used for acquiring a first instruction, wherein the first instruction is used for indicating the second equipment to be the abnormal equipment to be identified;
a processing module, configured to send a first request to the second device, where the first request is used to request the second device to create a page and add an address of the created page to a specified file;
and after determining that the address of the newly added page exists in the specified file, the processing module is further used for determining that the second device has an abnormality.
9. The apparatus of claim 8, wherein the first request comprises a first file path, the first file path being an access address of the specified file.
10. The apparatus of claim 8, wherein the processing module is further to:
and acquiring the address in the specified file according to the first file path.
11. The apparatus as claimed in claim 8 or 9, wherein the page is a static page.
12. An abnormal equipment identification apparatus, characterized in that the apparatus further comprises:
an acquisition module, configured to receive a first request from a first device, where the first request is used to request the second device to create a page and add an address of the created page to a specified file;
the processing module is used for generating a first page;
the processing module is further configured to store an address of the first page to the specified file.
13. The apparatus of claim 12, wherein the first request includes a first file path, the first file path being an access address of the specified file.
14. The apparatus of claim 12 or 13, wherein the page is a static page.
15. An electronic device comprising a processor and a memory, wherein the memory stores program code that, when executed by the processor, causes the processor to perform the steps of the method of any of claims 1-7.
16. A computer readable storage medium, characterized in that it comprises a program code for causing an electronic device to perform the steps of the method according to any one of claims 1-7, when said program code is run on the electronic device.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310080359.3A CN116055205A (en) | 2023-01-18 | 2023-01-18 | Abnormal equipment identification method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310080359.3A CN116055205A (en) | 2023-01-18 | 2023-01-18 | Abnormal equipment identification method and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN116055205A true CN116055205A (en) | 2023-05-02 |
Family
ID=86129413
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310080359.3A Pending CN116055205A (en) | 2023-01-18 | 2023-01-18 | Abnormal equipment identification method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116055205A (en) |
-
2023
- 2023-01-18 CN CN202310080359.3A patent/CN116055205A/en active Pending
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110209652B (en) | Data table migration method, device, computer equipment and storage medium | |
US20180084001A1 (en) | Enterprise graph method of threat detection | |
US20100235917A1 (en) | System and method for detecting server vulnerability | |
CN111783096B (en) | Method and device for detecting security hole | |
CN103607385A (en) | Method and apparatus for security detection based on browser | |
US11785044B2 (en) | System and method for detection of malicious interactions in a computer network | |
WO2019085074A1 (en) | Website vulnerability scanning method and apparatus, computer device and storage medium | |
CN110059007B (en) | System vulnerability scanning method and device, computer equipment and storage medium | |
CN112818307A (en) | User operation processing method, system, device and computer readable storage medium | |
CN111431753A (en) | Asset information updating method, device, equipment and storage medium | |
CN107741891B (en) | Object reconstruction method, medium, device and computing equipment | |
US11636198B1 (en) | System and method for cybersecurity analyzer update and concurrent management system | |
CN114091031A (en) | Class loading protection method and device based on white rule | |
CN114021123A (en) | Construction method, security check method, device and medium of behavior baseline library | |
KR20120078017A (en) | Cloud computing-based system for supporting analysis of malicious code and analyst terminal using the same | |
CN111723374A (en) | Vulnerability scanning method and device | |
CN111241547B (en) | Method, device and system for detecting override vulnerability | |
CN115174192B (en) | Application security protection method and device, electronic equipment and storage medium | |
CN113824748B (en) | Asset characteristic active detection countermeasure method, device, electronic equipment and medium | |
CN116055205A (en) | Abnormal equipment identification method and device | |
CN112580038A (en) | Anti-virus data processing method, device and equipment | |
CN111475783A (en) | Data detection method, system and equipment | |
KR102535251B1 (en) | Cyber security report generation method of electronic apparatus | |
CN114095245B (en) | Network attack tracing method, device, equipment and medium | |
CN113596056B (en) | Vulnerability scanning method and device, electronic equipment and computer readable storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |