CN116561752A - Safety testing method for application software - Google Patents

Safety testing method for application software Download PDF

Info

Publication number
CN116561752A
CN116561752A CN202310829116.5A CN202310829116A CN116561752A CN 116561752 A CN116561752 A CN 116561752A CN 202310829116 A CN202310829116 A CN 202310829116A CN 116561752 A CN116561752 A CN 116561752A
Authority
CN
China
Prior art keywords
application software
security
password
representing
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202310829116.5A
Other languages
Chinese (zh)
Other versions
CN116561752B (en
Inventor
程国青
宋远薇
刘良萍
何超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Test Software Technology Service Nanjing Co ltd
Original Assignee
China Test Software Technology Service Nanjing Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Test Software Technology Service Nanjing Co ltd filed Critical China Test Software Technology Service Nanjing Co ltd
Priority to CN202310829116.5A priority Critical patent/CN116561752B/en
Publication of CN116561752A publication Critical patent/CN116561752A/en
Application granted granted Critical
Publication of CN116561752B publication Critical patent/CN116561752B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3688Test management for test execution, e.g. scheduling of test suites
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/21Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
    • G06F18/214Generating training patterns; Bootstrap methods, e.g. bagging or boosting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/241Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/561Virus type analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Evolutionary Computation (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Virology (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Evolutionary Biology (AREA)
  • Biomedical Technology (AREA)
  • Biophysics (AREA)
  • Computational Linguistics (AREA)
  • Molecular Biology (AREA)
  • Computing Systems (AREA)
  • Mathematical Physics (AREA)
  • Quality & Reliability (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of software security test, and discloses a security test method of application software, which is characterized in that the application software is classified by BP neural network algorithm, network function virtualization is utilized to perform network security detection, password intensity verification and password error isolation are utilized to perform account password management, user operation is performed and data security monitoring is performed, erasure operation is performed when the user is withdrawn from use, security audit management is performed in the whole process, potential safety hazards are monitored in a multi-dimensional manner, the security test of the software can be ensured in an all-around manner, damage to a host computer in the security test process can be avoided, and the security test method has very important practical significance to the security test of the software.

Description

Safety testing method for application software
Technical Field
The invention relates to the technical field of software security testing, in particular to a security testing method of application software.
Background
In recent years, the development of the network technology in China is faster, the application range of the computer technology is continuously enlarged, and the popularity of various software is continuously increased. Under an open network environment, the complexity of software and software loopholes are increased continuously, so that a plurality of losses are increased continuously, the problem of software safety is highly concerned by multiple fields of society, and the software safety test is an important aspect for guaranteeing the software safety and reducing the safety risk, so that higher requirements are also put forward for the software safety test. Most of the prior art is to perform security test on a certain aspect of software security, and damage to a host may be caused by using a security test method, but the security test cannot be performed on the software in all aspects, and damage to the host in the security test process cannot be avoided.
The Chinese patent with the application publication number of CN105187403A discloses a network security testing method facing a software defined network, which comprises a security testing framework, a security testing strategy, a classified security testing method, a project security testing method and a security testing step aiming at a target software defined network. The testing framework comprises dividing a target software defined network into four network planes, namely data, control, application and management, and respectively unfolding security tests on each network element and link of each network plane and interfaces between each network plane; the test strategy comprises a selection and flow programming method for testing each unit in the security test framework; the classified safety testing method is used for carrying out safety tests of different types according to the classification characteristics of each unit; the project security testing method realizes the specific security test for the target network element, the link or the interface, and the test flow defines the complete security testing process and steps for the target software defined network.
The problems presented in the background art exist in the above patents: the security test cannot be performed on the software in all aspects, and damage to the host computer during the security test cannot be avoided. In order to solve the problem, the invention provides a safety testing method of application software.
Disclosure of Invention
This section is intended to outline some aspects of embodiments of the invention and to briefly introduce some preferred embodiments. Some simplifications or omissions may be made in this section as well as in the description summary and in the title of the application, to avoid obscuring the purpose of this section, the description summary and the title of the invention, which should not be used to limit the scope of the invention.
The present invention has been made in view of the above-mentioned problems with the existing security test methods for application software.
Therefore, the invention aims to provide a security testing method for application software.
In order to solve the technical problems, the invention provides the following technical scheme: classifying application software;
detecting network security of the application software;
after the network security detection is finished, account password management is carried out;
after the account password is managed, user operation is executed, and data security monitoring is carried out;
and the data is withdrawn from use without subsequent operation after safety monitoring.
As a preferable scheme of the security testing method of the application software, the invention comprises the following steps: the application software classification comprises data collection, data preprocessing and classification model construction;
The data collected by the data collection includes the name, description, functional characteristics and class of the application software;
the data preprocessing comprises data cleaning and standardization processing of the data in the data collection, wherein the data cleaning comprises repeated data deletion, missing data processing and error data processing, and the standardization processing comprises data filtering, missing data processing and error data processing to form a data set;
constructing the classification model comprises feature selection and classification model training, wherein the classification model training comprises data division, model training and model evaluation;
and adopting a BP neural network as a classification model, wherein the feature selection encodes and vectorizes the application software according to a security level, and the security level classification formula is as follows:
in the formula Representing security levels including SSS, S, a, B, C, D.
As a preferable scheme of the security testing method of the application software, the invention comprises the following steps: the classification model further comprises an input layer, an implicit layer and an output layer, the description, the functional characteristics and the categories of the application software are input into the input layer, then the implicit layer performs characteristic extraction and optimization, and finally the security level is output from the output layer;
The number of the neural nodes of the input layer is 3, the description, the functional characteristics and the categories of the application software are included, the 3 neural nodes of the input layer are collectively called as input vectors, and the expression is as follows:
in the formula Representing the description->Representing said functional properties->Representing the category;
the number of the neural nodes of the hidden layer is 8, the 2 neural nodes of the hidden layer are used for extracting and optimizing the characteristics of the described neural nodes in the input layer, the 4 neural nodes of the hidden layer are used for extracting and optimizing the characteristics of the neural nodes of the functional characteristics in the input layer, the 2 neural nodes of the hidden layer are used for extracting and optimizing the characteristics of the class of the neural nodes in the input layer, and the expression of the characteristic extraction is as follows:
in the formula ,representing an activation function->A weight matrix representing the weight matrix from the neural node of the input layer to the neural node of the hidden layer, the expression is +.>,/>3 neural nodes representing the input layer, < >>8 neural nodes representing the hidden layer, < ->Representing the input vector,/->Representing the bias parameters from the neural node of the input layer to the neural node of the hidden layer, the expression is +. >,/>3 neural nodes representing the input layer, < >>Representing a matrix transpose;
wherein ,the expression of (2) is +.>
in the formula ,represents natural constant, is one of common override numbers, < ->Representing the input vector;
and the characteristics are extracted and input to an output layer is optimized by the hidden layer, and the optimized expression is as follows:
in the formula ,representing an activation function->A weight matrix from the neural node of the hidden layer to the neural node of the output layer is expressed as +.>,/>8 neural nodes representing the hidden layer, < ->6 neural nodes representing the output layer, < >>The bias between the neural node of the hidden layer and the neural node of the output layerSetting parameters, wherein the expression is->,/>Representing a matrix transpose;
wherein ,the expression of (2) is +.>
The number of the neural nodes of the output layer is 6, the 6 different security levels are respectively corresponding to the neural nodes as output vectors, and the expression of the output vectors is as follows:
in the formula ,representing the SSS level in said security level, < > in->Representing a level S, a +.>Represents level a, +_in the security level>Represents level B, < > in said security level>Represents level C, +_in the security level >Representing a level D of the security levels;
the data partition includes a 20% test set and an 80% training set, and the model training uses the training set to train the classification model.
As a preferable scheme of the security testing method of the application software, the invention comprises the following steps: the model evaluation includes overall classification sensitivityAnd accuracy->The calculation formula of the overall classification sensitivity is as follows:
in the formula ,indicating classification sensitivity according to said security level, < >>Representing sample set,/->Representing the total number of said application software in the sample set, < >>Representing the number of the application software in the sample set classified according to different security levels;
the accuracy is calculated as follows:
in the formula ,representing the number of said applications in the sample set, classified according to different security levels,/for each application>Representing the total number of the application software in the sample set;
if it isAnd->Indicating that the classification model is excellent;
if it isAnd->Representing that the classification model is general;
if it isAnd->Representing that the classification model is general;
if it isAnd->Representing that the classification model is general;
if it isOr->And if the classification model does not meet the requirements, continuing to optimize.
As a preferable scheme of the security testing method of the application software, the invention comprises the following steps: the account password management comprises password security verification, wherein the password security verification comprises password strength verification and password error isolation;
the password strength verification comprises password types and password counts, and the calculation of the password strength verification is as follows:
in the formula ,representing the number of cipher bits->Representing a cryptographic counting function, ++>Representing a cryptographic kind function->Represents a positive integer;
the cryptographic count function expression is as follows:
in the formula ,representing the password entered by the judgment->Representing the number of bits of the statistically entered password;
wherein ,the expression of (2) is +.>,/>The expression of (2) is +.>
in the formula ,representing the entered password @, @>Representing the number of cipher bits;
the cryptographic kind function expression is as follows:
in the formula ,representing the number of the password classes, said password classes comprising uppercase letters, lowercase letters, numbers and special symbols, +>Representing the number of non-repeated arrangement of all kinds;
and calculating the formula for verifying the password strength to obtain five types of weak, medium, strong and strong password strength.
As a preferable scheme of the security testing method of the application software, the invention comprises the following steps: the rules of the password intensity include:
If it isAnd->The password strength is weaker, and the password needs to be replaced as soon as possible;
if it isAnd->The password strength is weak, and the password needs to be replaced;
if it isAnd->The password strength is weak, and the password needs to be replaced;
if it isAnd->The password strength is medium, and the password is general;
if it isAnd->The password strength is medium, and the password is general;
if it isAnd->The password strength is medium, and the password is general;
if it isAnd->The password strength is strong, indicating that the password is relatively safe;
if it isAnd->The password strength is strong, indicating that the password is relatively safe;
if it isAnd->And the password strength is stronger, so that the password security is indicated.
As a preferable scheme of the security testing method of the application software, the invention comprises the following steps: the password error isolation comprises time isolation and IP isolation, and the rule flow of the password error isolation is as follows:
firstly, recording the number of attempts, login time and IP address, judging whether the number of the wrong attempts exceeds 3 times and whether the same IP fails to log in multiple accounts;
if the number of the error attempts exceeds 3 and the login of the same IP multi-account fails, isolating the application software account and the logged-in IP address;
If the number of the error attempts does not exceed 3 and the same IP does not have multi-account login failure, ending the rule flow;
when the number of error attempts exceeds 3 and the login of the same IP multi-account fails, judging the security level of the application software;
if the security level of the application software is SSS level, isolating the application software for 24 hours and requiring contact with an administrator;
if the security level of the application software is S level, isolating the application software for 1 hour;
if the security level of the application software is A level, isolating the application software for 30 minutes;
if the security level of the application software is B level, isolating the application software for 20 minutes;
if the security level of the application software is C level, isolating the application software for 10 minutes;
if the security level of the application software is level D, isolating the application software for 5 minutes;
and finally, ending the rule flow after the password error isolation is completed.
As a preferable scheme of the security testing method of the application software, the invention comprises the following steps: the data security monitoring is needed to be carried out when the user operates, and the abnormality of the data security monitoring relates to an application software account and user operation behavior of the account password management;
Firstly, reading the condition of logging in an application software account, verifying whether the application software account has the condition of logging in directly inquiring sensitive data after logging in for a long time, verifying whether the application software account has the condition of logging in multiple persons simultaneously and logging in different IP addresses, and then reading the user operation behaviors, wherein the user operation behaviors comprise inquiry behaviors and modification behaviors, and checking whether behavior data of the inquiry behaviors and behavior data of the modification behaviors exceed a threshold value;
if the behavior data of the query behavior and the behavior data of the modification behavior exceed the threshold, page warning the abnormal behavior of the user, after the page warning, the user can see whether to continue operation or not, if so, account locking is carried out and the system is alarmed, and if not, monitoring is finished;
ending monitoring if the behavior data of the query behavior and the behavior data of the modified behavior do not exceed the threshold value;
wherein the threshold comprises: the repeated data of the query is 100 times in one day, one user is queried 10 times in one day, one user is queried 100 times in one month, millions of data are queried singly, the modified data is 100 times in half a day, and the inserted and deleted data is 100 times in half a day.
As a preferable scheme of the security testing method of the application software, the invention comprises the following steps: the exit from use includes erasing sensitive information of the application account, the erasing including a permanent erasure and a deadline erasure, the erasing being as follows:
firstly, defining the sensitive information, including user data, login information and browsing history of the application software account, and then judging the security level of the application software;
if the security level of the application software is SSS level, permanently erasing the sensitive information;
if the security level of the application software is S level, defining the sensitive information as 7 days free of erasure;
if the security level of the application software is A level, defining the sensitive information as one month erasure-free;
if the security level of the application software is B level, defining the sensitive information as three months free of erasure;
if the security level of the application software is C level, defining the sensitive information as half-year erasure-free;
if the security level of the application software is level D, defining the sensitive information as one-year erasure-free;
and finally, ending the rule after the erasing is finished.
As a preferable scheme of the security testing method of the application software, the invention comprises the following steps: the safety test method of the application software further comprises safety audit management, multi-dimensional monitoring of potential safety hazards and generation of decision trees;
The decision tree is respectively constructed according to the account password management, the data use and the user operation behavior;
integrating the three decision trees constructed according to the account password management, the data use and the user operation behaviors into a random forest, predicting the potential safety hazard by utilizing the predictability of the random forest, and prompting the prediction result to an interface of the application software.
A computer device comprising, a memory for storing instructions; and the processor is used for executing the instructions to enable the equipment to execute a security testing method for realizing the application software.
A computer readable storage medium having stored thereon a computer program which, when executed by the processor, implements a security testing method for application software.
The invention has the beneficial effects that: according to the invention, application software classification is carried out through a BP neural network algorithm, network function virtualization is utilized to carry out network security detection, account password management is carried out by password strength verification and password error isolation, user operation is carried out and data security monitoring is carried out, erasure operation is carried out when the user exits from use, security audit management is carried out in the whole course, safety hidden danger is monitored in multiple dimensions, security test can be carried out on software in all aspects, damage to a host computer in the security test process can be avoided, and the method has very important practical significance on software security test.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art. Wherein:
FIG. 1 is a flow chart of a method of testing the security of application software according to the present invention.
Fig. 2 is a system frame diagram based on network function virtualization according to the security testing method of application software of the present invention.
FIG. 3 is a diagram of a rule diagram for isolating cryptographic errors according to the security test method of application software of the present invention.
Fig. 4 is a flow chart of data security monitoring according to the security testing method of the application software of the present invention.
Fig. 5 is a diagram illustrating the judgment of the erasure rule according to the security test method of the application software of the present invention.
FIG. 6 is a diagram of a decision tree and random forest according to the security test method of the application software of the present invention.
Detailed Description
In order that the above-recited objects, features and advantages of the present invention will become more readily apparent, a more particular description of the invention will be rendered by reference to specific embodiments thereof which are illustrated in the appended drawings.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, but the present invention may be practiced in other ways other than those described herein, and persons skilled in the art will readily appreciate that the present invention is not limited to the specific embodiments disclosed below.
Further, reference herein to "one embodiment" or "an embodiment" means that a particular feature, structure, or characteristic can be included in at least one implementation of the invention. The appearances of the phrase "in one embodiment" in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments.
Further, in describing the embodiments of the present invention in detail, the cross-sectional view of the device structure is not partially enlarged to a general scale for convenience of description, and the schematic is only an example, which should not limit the scope of protection of the present invention. In addition, the three-dimensional dimensions of length, width and depth should be included in actual fabrication.
Example 1
In this embodiment, referring to fig. 1, a method flowchart of a security testing method of application software is provided, and as shown in fig. 1, the security testing method of application software includes the following steps:
S1: application software classification.
The application software classification comprises data collection, data preprocessing and classification model construction;
the data collected by data collection comprises the name, description, functional characteristics and category of the application software, and is realized by inquiring an application store and web crawler technology;
the data preprocessing comprises data cleaning and standardization processing of data in the data collection, wherein the data cleaning comprises repeated data deletion, missing data processing and error data processing, and the standardization processing comprises data filtering, missing data processing and error data processing to form a data set;
the method comprises the steps of constructing a classification model, wherein the classification model comprises feature selection and classification model training, and the classification model training comprises data division, model training and model evaluation;
the BP neural network is used as a classification model, the application software is coded and vectorized according to the security level by the feature selection, and the security level classification formula is as follows:
in the formula Representing security levels, wherein the security levels comprise SSS level, S level, A level, B level, C level and D level;
the classification model also comprises an input layer, an implicit layer and an output layer, wherein the description, the functional characteristics and the category of the application software are input into the input layer, then the implicit layer performs characteristic extraction and optimization, and finally the security level is output from the output layer;
The number of the neural nodes of the input layer is 3, including the description, the functional characteristics and the category of the application software, and the 3 neural nodes of the input layer are collectively called as input vectors, and the expression is as follows:
in the formula Representing the description->Representing said functional properties->Representing a category;
the number of the neural nodes of the hidden layer is 8, the 2 neural nodes of the hidden layer are used for extracting and optimizing the characteristics of the neural nodes described in the input layer, the 4 neural nodes of the hidden layer are used for extracting and optimizing the characteristics of the neural nodes of the functional characteristics in the input layer, the 2 neural nodes of the hidden layer are used for extracting and optimizing the characteristics of the neural nodes of the category in the input layer, and the expression of the characteristic extraction is as follows:
in the formula ,representing an activation function->A weight matrix representing the weight matrix from the neural node of the input layer to the neural node of the hidden layer, the expression is +.>,/>3 neural nodes representing the input layer, < >>8 neural nodes representing the hidden layer, < ->Representing the input vector,/->Representing the bias parameters from the neural node of the input layer to the neural node of the hidden layer, the expression is +.>,/>3 neural nodes representing the input layer, < > >Representing a matrix transpose;
wherein ,the expression of (2) is +.>
in the formula ,represents natural constant, is one of common override numbers, < ->Representing an input vector;
after feature extraction, the input layer and the output layer are optimized by the hidden layer, and the optimized expression is as follows:
in the formula ,representing an activation function->A weight matrix from the neural node of the hidden layer to the neural node of the output layer is expressed as +.>,/>8 neural nodes representing the hidden layer, < ->6 neural nodes representing the output layer, < >>The bias parameter from the neural node of the hidden layer to the neural node of the output layer is expressed as +.>,/>Representing a matrix transpose;
wherein ,the expression of (2) is +.>
The number of the neural nodes of the output layer is 6, the neural nodes respectively correspond to 6 different security levels and serve as output vectors, and the expression of the output vectors is as follows:
in the formula ,representing the SSS level in said security level, < > in->Representing a level S, a +.>Represents level a, +_in the security level>Represents level B, < > in said security level>Represents level C, +_in the security level>Representing a level D of the security levels;
the data division comprises 20% of test sets and 80% of training sets, and model training uses the training sets to train the classification model;
Model evaluation includes overall classification sensitivityAnd accuracy->The calculation formula of the overall classification sensitivity is as follows:
in the formula ,indicating classification sensitivity according to said security level, < >>Representing sample set,/->Representing the total number of said application software in the sample set, < >>Representing the number of the application software in the sample set classified according to different security levels;
the accuracy is calculated as follows:
in the formula ,representing the number of said applications in the sample set, classified according to different security levels,/for each application>Representing the total number of the application software in the sample set;
if it isAnd->Indicating that the classification model is excellent;
if it isAnd->Representing that the classification model is general;
if it isAnd->Representing that the classification model is general;
if it isAnd->Representing that the classification model is general;
if it isOr->And if the classification model does not meet the requirements, continuing to optimize.
In the specific application, the trained classification model is utilized to classify the shopping platform, the security level of the shopping platform is determined to be S level, and network security detection is carried out.
S2: network security detection.
The network security detection is to ensure that the whole network system is not threatened and infringed, prevent unauthorized access attack and malicious activity, realize flexible sharing of resources, and in order to avoid any threat and infringement, the software needs to be in an isolated state to prevent damage to a host caused by the attack, and realize double protection of network security based on network function virtualization;
The realization of double protection is that firstly, a physical server is cut into a plurality of logic servers by using a virtualization technology, a plurality of virtual machines are generated, each virtual machine is provided with an own operating system and application programs, then, a cloud platform is built in the virtual machines, a database is installed, different software systems are installed, then, a two-way gateway is used for connecting the cloud platform and an external network, and finally, a host is used for connecting the external network to achieve the effect of driving the software systems;
an anti-virus protection system, a cloud firewall, a web server, an application server, a database server and a background server are respectively arranged in the cloud platform, data encryption processing is implemented in the cloud platform, identity authentication is carried out, and in order to avoid the cloud platform from being attacked, the cloud primary technology is utilized to carry out micro-isolation on a plurality of servers, so that the servers are independent and have a complete life cycle, and the independence and safety of each module in the cloud platform are ensured;
the network function virtualization is to deploy the traditional service into the cloud platform to realize decoupling of software and hardware, and then to realize intercommunication between the external network and the cloud platform by utilizing a bidirectional gatekeeper, as shown in fig. 2;
the deploying step includes obtaining version data corresponding to the application software, including but not limited to operating system version, kernel version number, installation time, system manufacturer and physical memory; creating virtual servers corresponding to the version data using virtualization techniques, including but not limited to web servers, application servers, database servers, and background servers; adding an anti-virus protection system and a cloud firewall corresponding to the version data; creating a virtual machine corresponding to the version data; starting a virtual machine and creating application software corresponding to version data;
The two-way gateway realizes the intercommunication between the external network and the cloud platform, firstly, the original internet connection mode is disconnected, the two-way gateway is deployed between the cloud platform and the firewall by using the virtualized network function to realize uplink and downlink access, then, the two-way gateway is utilized to transmit partial data of the external network to the cloud platform, finally, network attached storage is deployed, and data synchronization is realized through the two-way gateway;
the real-time monitoring network security is realized based on the virtualized network function, the security problem occurs, the real-time alarm is given out, the two-way gatekeeper is cut off, the external security threat is isolated, and the security threat of the host computer caused by the penetration test operation is avoided;
the alarm mechanism comprises: and reading the system behavior of the application software, and if the phenomena of system patch missing, safe penetration failure and network transmission abnormality occur, timely alarming and cutting off the bidirectional gatekeeper.
In the specific application, the network security detection of the shopping platform is confirmed to pass, and account password management is carried out.
S3: account password management.
The account password management comprises password security verification, wherein the password security verification comprises password strength verification and password error isolation;
the password strength verification comprises password types and password counts, and the calculation of the password strength verification is as follows:
in the formula ,representing the number of cipher bits->Representing a cryptographic counting function, ++>Representing a cryptographic kind function->Represents a positive integer;
the cryptographic count function expression is as follows:
in the formula ,representing the password entered by the judgment->Representing the number of bits of the statistically entered password;
wherein ,the expression of (2) is +.>,/>The expression of (2) is +.>
in the formula ,representing the entered password @, @>Representing the number of cipher bits;
the cryptographic kind function expression is as follows:
in the formula ,representing the number of the password classes, said password classes comprising uppercase letters, lowercase letters, numbers and special symbols, +>Representing the number of non-repeated arrangement of all kinds;
and calculating the formula for verifying the password strength to obtain five types of weak, medium, strong and strong password strength.
As a preferable scheme of the security testing method of the application software, the invention comprises the following steps: the rules of the password intensity include:
if it isAnd->The password strength is weaker, and the password needs to be replaced as soon as possible;
if it isAnd->The password strength is weak, and the password needs to be replaced;
if it isAnd->The password strength is weak, and the password needs to be replaced;
if it isAnd->The password strength is medium, and the password is general;
If it isAnd->The password strength is medium, and the password is general;
if it isAnd->The password strength is medium, and the password is general;
if it isAnd->The password strength is strong, indicating that the password is relatively safe;
if it isAnd->The password strength is strong, indicating that the password is relatively safe;
if it isAnd->The password strength is stronger, indicating the password security;
the password error isolation comprises time isolation and IP isolation, the rule flow of the password error isolation is shown in fig. 3, and the specific rule is as follows: firstly, recording the number of attempts, login time and IP address, judging whether the number of the wrong attempts exceeds 3 times and whether the same IP fails to log in multiple accounts;
if the number of the error attempts exceeds 3 and the login of the same IP multi-account fails, isolating the application software account and the logged-in IP address;
if the number of the error attempts is not more than 3 and the same IP has no multi-account login failure, ending the rule flow;
when the number of error attempts exceeds 3 and the login of the same IP multi-account fails, judging the security level of the application software;
if the security level of the application software is SSS level, isolating the application software for 24 hours and requiring contact with an administrator;
If the security level of the application software is S level, isolating the application software for 1 hour;
if the security level of the application software is A level, isolating the application software for 30 minutes;
if the security level of the application software is B level, isolating the application software for 20 minutes;
if the security level of the application software is C level, isolating the application software for 10 minutes;
if the security level of the application software is D level, isolating the application software for 5 minutes;
and finally, ending the rule flow after the password error isolation is completed.
In a specific application, the password input by the user is known as adgr123frg&ht@ the cipher counting function isThe password type function is->If the calculation result is 20, the formula for verifying the password strength is calculated as follows: />, wherein />And->Judging that the password strength of the password is strong, indicating that the password is relatively safe, and the security level of the shopping platform is S-level, if the user is successful in logging in more than 3 times or if the same IP has multiple accounts and fails to log in, isolating the shopping software for 1 hour, and if logging in successfully, executing user operation and carrying out data security monitoring, and if logging in successfully in 3 times, executing user operation and carrying out data security monitoring.
S4: and executing user operation and carrying out data security monitoring.
When a user operates, data security monitoring is needed, wherein the data security monitoring is to protect confidentiality, integrity and availability of data, so that the data stored in the software is not damaged, changed and leaked by the outside, the monitoring flow is shown in fig. 4, and the abnormality of the data security monitoring relates to an application software account managed by account passwords and user operation behaviors;
firstly, reading the login situation of an application software account, verifying whether the application software account has the direct inquiry sensitive data after logging in for a long time, verifying whether the application software account has the simultaneous login situation of multiple persons and different login IP addresses, and then reading user operation behaviors, wherein the user operation behaviors comprise inquiry behaviors and modification behaviors, and checking whether the behavior data of the inquiry behaviors and the behavior data of the modification behaviors exceed a threshold value;
if the behavior data of the query behavior and the behavior data of the modification behavior exceed the threshold, the page alerts the user of abnormal behavior, after page alert, the user looks at whether to continue operation, if so, account locking is carried out and the system is alarmed, if not, monitoring is ended;
If the behavior data of the query behavior and the behavior data of the modification behavior do not exceed the threshold value, ending the monitoring;
wherein the threshold comprises: the repeated data of the query is 100 times in one day, one user is queried 10 times in one day, one user is queried 100 times in one month, millions of data are queried singly, the modified data is 100 times in half a day, and the inserted and deleted data is 100 times in half a day.
In the specific application, the user does not have the condition of directly inquiring the sensitive data after logging in for a long time when the user performs the user operation, and also does not have the condition that a plurality of people log in the account simultaneously and the login IP addresses are different, so that the user operation behavior is judged to be normal, and the monitoring is ended.
S5: and (5) taking out.
The erasure includes permanent erasure and deadline erasure, the rules of erasure are shown in fig. 5, and the specific rules are as follows:
firstly, defining sensitive information comprising user data, login information and browsing history of an application software account, and then judging the security level of the application software;
if the security level of the application software is SSS level, permanently erasing the sensitive information;
if the security level of the application software is S level, defining the sensitive information as 7 days free of erasure;
If the security level of the application software is A level, defining the sensitive information as one month erasure-free;
if the security level of the application software is B level, defining the sensitive information as three months free from erasure;
if the security level of the application software is C level, defining the sensitive information as half-year erasure-free;
if the security level of the application software is D level, defining the sensitive information as one-year erasure-free;
and finally, ending the rule after the erasing is finished.
In a specific application, when the user has no abnormal operation behavior and no signs of continuous use, the user exits from the use, and the security level of the shopping platform is known as S level, the user data, login information and browsing history are not erased within 7 days, and the erasing work is executed after 7 days.
The method comprises the steps of carrying out security audit management in the whole process, tracking all application software activities, carrying out multidimensional monitoring on application software, monitoring potential safety hazards, generating decision trees, integrating a plurality of decision trees into a random forest, predicting the potential safety hazards by utilizing the predictability of the random forest, prompting prediction information to the application software, ensuring that potential safety hazard points in the application software can be found in time, taking various remedial measures including hidden danger elimination, data recovery and personnel responsibility elimination according to different severity, guiding the application software not to repeat similar problems, and managing and analyzing system logs.
The decision tree and the random forest are as shown in fig. 6, and whether the application software is safe or not is refined according to the dimensions of account password management, data use, user operation behaviors and the like;
the account password management sequentially considers whether the password is plaintext, the password policy is strong or weak, whether password error isolation exists or not to determine the safety of the application software, the data use sequentially considers whether no data backup exists or not, whether remote access is limited or not and whether safety consciousness training exists or not to determine the safety of the application software, and the user operation behavior sequentially considers whether abnormal operation exists or not, whether unauthorized attack is effective or not and whether network transmission safety is abnormal or not to determine the safety of the application software.
And integrating the three decision trees constructed according to the account password management, the data use and the user operation behaviors into a random forest, predicting potential safety hazards by utilizing the predictability of the random forest, and prompting the prediction result to an interface of the application software.
In the specific application, the password of the shopping platform is not plaintext, the password policy is strong, the password error isolation is provided, the data backup is provided, the remote access is limited, the security consciousness training is provided, the user has no abnormal operation, the unauthorized attack is invalid, the network transmission is safe and has no abnormality, and the security of the shopping platform is determined.
Example 2
In this embodiment, a computer device is provided, including a memory and a processor, where the memory is configured to store instructions, and the processor is configured to execute the instructions, so that the computer device executes steps of implementing a security testing method of the application software.
Example 3
In this embodiment, a computer-readable storage medium is provided, on which a computer program is stored, which when executed by a processor, implements the steps of the security test method of application software described above.
The computer readable storage medium may include: various media capable of storing program codes, such as a U disk, a mobile hard disk, a read-only memory, a random access memory, a magnetic disk or an optical disk.
It should be noted that the above embodiments are only for illustrating the technical solution of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that the technical solution of the present invention may be modified or substituted without departing from the spirit and scope of the technical solution of the present invention, which is intended to be covered in the scope of the claims of the present invention.

Claims (12)

1. A security testing method for application software is characterized in that: comprising the steps of (a) a step of,
classifying application software;
detecting network security of the application software;
after the network security detection is finished, account password management is carried out;
after the account password is managed, user operation is executed, and data security monitoring is carried out;
and the data is withdrawn from use without subsequent operation after safety monitoring.
2. The security testing method of application software according to claim 1, wherein: the application software classification comprises data collection, data preprocessing and classification model construction;
the data collected by the data collection includes the name, description, functional characteristics and class of the application software;
the data preprocessing comprises data cleaning and standardization processing of the data in the data collection, wherein the data cleaning comprises repeated data deletion, missing data processing and error data processing, and the standardization processing comprises data filtering, missing data processing and error data processing to form a data set;
constructing the classification model comprises feature selection and classification model training, wherein the classification model training comprises data division, model training and model evaluation;
And adopting a BP neural network as a classification model, wherein the feature selection encodes and vectorizes the application software according to a security level, and the security level classification formula is as follows:
in the formula Representing security levels including SSS, S, a, B, C, D.
3. The security testing method of application software according to claim 2, wherein: the classification model further comprises an input layer, an implicit layer and an output layer, the description, the functional characteristics and the categories of the application software are input into the input layer, then the implicit layer performs characteristic extraction and optimization, and finally the security level is output from the output layer;
the number of the neural nodes of the input layer is 3, the description, the functional characteristics and the categories of the application software are included, the 3 neural nodes of the input layer are collectively called as input vectors, and the expression is as follows:
in the formula Representing the description->Representing said functional properties->Representing the category;
the number of the neural nodes of the hidden layer is 8, the 2 neural nodes of the hidden layer are used for extracting and optimizing the characteristics of the described neural nodes in the input layer, the 4 neural nodes of the hidden layer are used for extracting and optimizing the characteristics of the neural nodes of the functional characteristics in the input layer, the 2 neural nodes of the hidden layer are used for extracting and optimizing the characteristics of the class of the neural nodes in the input layer, and the expression of the characteristic extraction is as follows:
in the formula ,representing an activation function->A weight matrix representing the weight matrix from the neural node of the input layer to the neural node of the hidden layer, the expression is +.>,/>3 neural nodes representing the input layer, < >>8 neural nodes representing the hidden layer, < ->Representing the input vector,/->Representing the bias parameters from the neural node of the input layer to the neural node of the hidden layer, the expression is +.>,/>3 neural nodes representing the input layer, < >>Representing a matrix transpose;
wherein ,the expression of (2) is +.>
in the formula ,represents natural constant, is one of common override numbers, < ->Representing the input vector;
and the characteristics are extracted and input to an output layer is optimized by the hidden layer, and the optimized expression is as follows:
in the formula ,representing activation functionsCount (n)/(l)>A weight matrix from the neural node of the hidden layer to the neural node of the output layer is expressed as +.>,/>8 neural nodes representing the hidden layer, < ->6 neural nodes representing the output layer, < >>The bias parameter from the neural node of the hidden layer to the neural node of the output layer is expressed as +.>,/>Representing a matrix transpose;
wherein ,the expression of (2) is +. >
The number of the neural nodes of the output layer is 6, the 6 different security levels are respectively corresponding to the neural nodes as output vectors, and the expression of the output vectors is as follows:
in the formula ,representing the SSS level in said security level, < > in->Representing a level S, a +.>Represents level a, +_in the security level>Represents level B, < > in said security level>Represents level C, +_in the security level>Representing a level D of the security levels;
the data partition includes a 20% test set and an 80% training set, and the model training uses the training set to train the classification model.
4. A method of testing the security of application software according to claim 3, wherein: the model evaluation includes overall classification sensitivityAnd accuracy->The calculation formula of the overall classification sensitivity is as follows:
in the formula ,representation according toThe security level classifies the sensitivity of classification, +.>Representing sample set,/->Representing the total number of said application software in the sample set, < >>Representing the number of the application software in the sample set classified according to different security levels;
the accuracy is calculated as follows:
in the formula ,representing the number of said applications in the sample set, classified according to different security levels,/for each application >Representing the total number of the application software in the sample set;
if it isAnd->Indicating that the classification model is excellent;
if it isAnd->Representing that the classification model is general;
if it isAnd->Representing that the classification model is general;
if it isAnd->Representing that the classification model is general;
if it isOr->And if the classification model does not meet the requirements, continuing to optimize.
5. The method for testing the security of application software according to claim 4, wherein: the account password management comprises password security verification, wherein the password security verification comprises password strength verification and password error isolation;
the password strength verification comprises password types and password counts, and the calculation of the password strength verification is as follows:
in the formula ,representing the number of cipher bits->Representing a cryptographic counting function, ++>Representing a cryptographic kind function->Represents a positive integer;
the cryptographic count function expression is as follows:
in the formula ,representing the password entered by the judgment->Representing the number of bits of the statistically entered password;
wherein ,the expression of (2) is +.>,/>The expression of (2) is +.>
in the formula ,representing the entered password @, @>Representing the number of cipher bits;
the cryptographic kind function expression is as follows:
in the formula ,representing the number of the password classes, said password classes comprising uppercase letters, lowercase letters, numbers and special symbols, +>Representing the number of non-repeated arrangement of all kinds;
and calculating the formula for verifying the password strength to obtain five types of weak, medium, strong and strong password strength.
6. The method for testing the security of application software according to claim 5, wherein: the rules of the password intensity include:
if it isAnd->The password strength is weaker, and the password needs to be replaced as soon as possible;
if it isAnd->The password strength is weak, and the password needs to be replaced;
if it isAnd->The password strength is weak, and the password needs to be replaced;
if it isAnd->The password strength is medium, and the password is general;
if it isAnd->The password strength is medium, and the password is general;
if it isAnd->The password strength is medium, and the password is general;
if it isAnd->The password strength is strong, indicating that the password is relatively safe;
if it isAnd->The password strength is strong, indicating that the password is relatively safe;
if it isAnd->The password isThe intensity is stronger, indicates the password security.
7. The method for testing the security of application software according to claim 6, wherein: the password error isolation comprises time isolation and IP isolation, and the rule flow of the password error isolation is as follows:
Firstly, recording the number of attempts, login time and IP address, judging whether the number of the wrong attempts exceeds 3 times and whether the same IP fails to log in multiple accounts;
if the number of the error attempts exceeds 3 and the login of the same IP multi-account fails, isolating the application software account and the logged-in IP address;
if the number of the error attempts does not exceed 3 and the same IP does not have multi-account login failure, ending the rule flow;
when the number of error attempts exceeds 3 and the login of the same IP multi-account fails, judging the security level of the application software;
if the security level of the application software is SSS level, isolating the application software for 24 hours and requiring contact with an administrator;
if the security level of the application software is S level, isolating the application software for 1 hour;
if the security level of the application software is A level, isolating the application software for 30 minutes;
if the security level of the application software is B level, isolating the application software for 20 minutes;
if the security level of the application software is C level, isolating the application software for 10 minutes;
if the security level of the application software is level D, isolating the application software for 5 minutes;
And finally, ending the rule flow after the password error isolation is completed.
8. The method for testing the security of application software according to claim 7, wherein: the data security monitoring is needed to be carried out when the user operates, and the abnormality of the data security monitoring relates to an application software account and user operation behavior of the account password management;
firstly, reading the condition of logging in an application software account, verifying whether the application software account has the condition of logging in directly inquiring sensitive data after logging in for a long time, verifying whether the application software account has the condition of logging in multiple persons simultaneously and logging in different IP addresses, and then reading the user operation behaviors, wherein the user operation behaviors comprise inquiry behaviors and modification behaviors, and checking whether behavior data of the inquiry behaviors and behavior data of the modification behaviors exceed a threshold value;
if the behavior data of the query behavior and the behavior data of the modification behavior exceed the threshold, page warning the abnormal behavior of the user, after the page warning, the user can see whether to continue operation or not, if so, account locking is carried out and the system is alarmed, and if not, monitoring is finished;
Ending monitoring if the behavior data of the query behavior and the behavior data of the modified behavior do not exceed the threshold value;
wherein the threshold comprises: the repeated data of the query is 100 times in one day, one user is queried 10 times in one day, one user is queried 100 times in one month, millions of data are queried singly, the modified data is 100 times in half a day, and the inserted and deleted data is 100 times in half a day.
9. The method for testing the security of application software according to claim 8, wherein: the exit from use includes erasing sensitive information of the application account, the erasing including a permanent erasure and a deadline erasure, the erasing being as follows:
firstly, defining the sensitive information, including user data, login information and browsing history of the application software account, and then judging the security level of the application software;
if the security level of the application software is SSS level, permanently erasing the sensitive information;
if the security level of the application software is S level, defining the sensitive information as 7 days free of erasure;
if the security level of the application software is A level, defining the sensitive information as one month erasure-free;
If the security level of the application software is B level, defining the sensitive information as three months free of erasure;
if the security level of the application software is C level, defining the sensitive information as half-year erasure-free;
if the security level of the application software is level D, defining the sensitive information as one-year erasure-free;
and finally, ending the rule after the erasing is finished.
10. The method for testing the security of application software according to claim 9, wherein: the safety test method of the application software further comprises safety audit management, multi-dimensional monitoring of potential safety hazards and generation of decision trees;
the decision tree is respectively constructed according to the account password management, the data use and the user operation behavior;
integrating the three decision trees constructed according to the account password management, the data use and the user operation behaviors into a random forest, predicting the potential safety hazard by utilizing the predictability of the random forest, and prompting the prediction result to an interface of the application software.
11. A computer device, characterized by: comprising the steps of (a) a step of,
a memory for storing instructions;
and the processor is used for executing the instructions to enable the equipment to execute the security testing method for realizing the application software according to any one of claims 1-10.
12. A computer-readable storage medium having stored thereon a computer program, characterized by: the computer program, when executed by the processor, implements the security testing method for application software according to any one of claims 1 to 10.
CN202310829116.5A 2023-07-07 2023-07-07 Safety testing method for application software Active CN116561752B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310829116.5A CN116561752B (en) 2023-07-07 2023-07-07 Safety testing method for application software

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310829116.5A CN116561752B (en) 2023-07-07 2023-07-07 Safety testing method for application software

Publications (2)

Publication Number Publication Date
CN116561752A true CN116561752A (en) 2023-08-08
CN116561752B CN116561752B (en) 2023-09-15

Family

ID=87491884

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310829116.5A Active CN116561752B (en) 2023-07-07 2023-07-07 Safety testing method for application software

Country Status (1)

Country Link
CN (1) CN116561752B (en)

Citations (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20010087106A (en) * 2000-03-04 2001-09-15 민택기 System For Cooperating Management Of Electronic Commerce And Its Method
US20050060295A1 (en) * 2003-09-12 2005-03-17 Sensory Networks, Inc. Statistical classification of high-speed network data through content inspection
US20070162890A1 (en) * 2005-12-29 2007-07-12 Microsoft Corporation Security engineering and the application life cycle
GB0819221D0 (en) * 2008-10-20 2008-11-26 Univ Nottingham Trent Data analysis method and system
WO2014012106A2 (en) * 2012-07-13 2014-01-16 Sourcefire, Inc. Method and apparatus for retroactively detecting malicious or otherwise undesirable software as well as clean software through intelligent rescanning
CN105681314A (en) * 2016-01-29 2016-06-15 博雅网信(北京)科技有限公司 Cloud environment security scanner and method
CN105701503A (en) * 2016-01-07 2016-06-22 西安电子科技大学 Interferometric synthetic aperture radar (SAR) image classification method based on deep belief network (DBN) model
CN107403101A (en) * 2016-05-20 2017-11-28 松下航空电子公司 The remote wipe of aircraft data
CN108959948A (en) * 2018-07-18 2018-12-07 四川师范大学 Separation of the three powers graduation authorization management method applied to data safety management
CN109858506A (en) * 2018-05-28 2019-06-07 哈尔滨工程大学 A kind of visualized algorithm towards convolutional neural networks classification results
CN110826319A (en) * 2019-10-30 2020-02-21 维沃移动通信有限公司 Application information processing method and terminal equipment
CN110933048A (en) * 2019-11-14 2020-03-27 北京卓讯科信技术有限公司 Method and equipment for identifying abnormal application operation based on message
US20200186547A1 (en) * 2018-12-11 2020-06-11 Cisco Technology, Inc. Detecting encrypted malware with splt-based deep networks
CN112783518A (en) * 2021-01-26 2021-05-11 电子科技大学 Vehicle-mounted application containerization isolation framework system based on IPFS and implementation method
TW202123651A (en) * 2019-07-31 2021-06-16 美商數據輸出入公司 Device programming with system generation
CN113254930A (en) * 2021-05-28 2021-08-13 北京理工大学 Back door confrontation sample generation method of PE (provider edge) malicious software detection model
US20220129561A1 (en) * 2020-10-26 2022-04-28 Hewlett Packard Enterprise Development Lp Security level-based and trust-based recommendations for software components
JP2023021877A (en) * 2021-08-02 2023-02-14 広海 大谷 Development of internet and service, and method for enhancing security
CN116361815A (en) * 2023-06-01 2023-06-30 北京比瓴科技有限公司 Code sensitive information and hard coding detection method and device based on machine learning

Patent Citations (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20010087106A (en) * 2000-03-04 2001-09-15 민택기 System For Cooperating Management Of Electronic Commerce And Its Method
US20050060295A1 (en) * 2003-09-12 2005-03-17 Sensory Networks, Inc. Statistical classification of high-speed network data through content inspection
US20070162890A1 (en) * 2005-12-29 2007-07-12 Microsoft Corporation Security engineering and the application life cycle
GB0819221D0 (en) * 2008-10-20 2008-11-26 Univ Nottingham Trent Data analysis method and system
WO2014012106A2 (en) * 2012-07-13 2014-01-16 Sourcefire, Inc. Method and apparatus for retroactively detecting malicious or otherwise undesirable software as well as clean software through intelligent rescanning
CN105701503A (en) * 2016-01-07 2016-06-22 西安电子科技大学 Interferometric synthetic aperture radar (SAR) image classification method based on deep belief network (DBN) model
CN105681314A (en) * 2016-01-29 2016-06-15 博雅网信(北京)科技有限公司 Cloud environment security scanner and method
CN107403101A (en) * 2016-05-20 2017-11-28 松下航空电子公司 The remote wipe of aircraft data
CN109858506A (en) * 2018-05-28 2019-06-07 哈尔滨工程大学 A kind of visualized algorithm towards convolutional neural networks classification results
CN108959948A (en) * 2018-07-18 2018-12-07 四川师范大学 Separation of the three powers graduation authorization management method applied to data safety management
US20200186547A1 (en) * 2018-12-11 2020-06-11 Cisco Technology, Inc. Detecting encrypted malware with splt-based deep networks
TW202123651A (en) * 2019-07-31 2021-06-16 美商數據輸出入公司 Device programming with system generation
CN110826319A (en) * 2019-10-30 2020-02-21 维沃移动通信有限公司 Application information processing method and terminal equipment
CN110933048A (en) * 2019-11-14 2020-03-27 北京卓讯科信技术有限公司 Method and equipment for identifying abnormal application operation based on message
US20220129561A1 (en) * 2020-10-26 2022-04-28 Hewlett Packard Enterprise Development Lp Security level-based and trust-based recommendations for software components
CN112783518A (en) * 2021-01-26 2021-05-11 电子科技大学 Vehicle-mounted application containerization isolation framework system based on IPFS and implementation method
CN113254930A (en) * 2021-05-28 2021-08-13 北京理工大学 Back door confrontation sample generation method of PE (provider edge) malicious software detection model
JP2023021877A (en) * 2021-08-02 2023-02-14 広海 大谷 Development of internet and service, and method for enhancing security
CN116361815A (en) * 2023-06-01 2023-06-30 北京比瓴科技有限公司 Code sensitive information and hard coding detection method and device based on machine learning

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
何文竹;彭长根;王毛妮;丁兴;樊玫玫;丁红发;: "面向结构化数据集的敏感属性识别与分级算法", 计算机应用研究, vol. 37, no. 10, pages 3077 - 3082 *
姚洪磊;杨文;: "三级系统信息安全等级保护测评指标体系研究", 铁路计算机应用, no. 02, pages 59 - 61 *
王威;宋卓;刘晓然;刘朝峰;: "基于直觉模糊集的城市供水安全预警评价模型", 中国安全生产科学技术, no. 04, pages 180 - 185 *
胡竹青;杨文清;: "研发桌面云系统设计及其在电力系统的应用", 电力信息与通信技术, no. 11, pages 113 - 117 *

Also Published As

Publication number Publication date
CN116561752B (en) 2023-09-15

Similar Documents

Publication Publication Date Title
Berlin et al. Malicious behavior detection using windows audit logs
US20200186569A1 (en) Security Rule Generation Based on Cognitive and Industry Analysis
Salem et al. A survey of insider attack detection research
CN105247532B (en) Use the unsupervised detection to abnormal process of hardware characteristics
Stolfo et al. A comparative evaluation of two algorithms for windows registry anomaly detection
CN113660224B (en) Situation awareness defense method, device and system based on network vulnerability scanning
Dong‐Her et al. Internet security: malicious e‐mails detection and protection
Zoppi et al. Unsupervised anomaly detectors to detect intrusions in the current threat landscape
Sharma et al. DFA-AD: a distributed framework architecture for the detection of advanced persistent threats
CN104283889A (en) Electric power system interior APT attack detection and pre-warning system based on network architecture
CN112637108B (en) Internal threat analysis method and system based on anomaly detection and emotion analysis
CN110213226A (en) Associated cyber attack scenarios method for reconstructing and system are recognized based on risk total factor
US11663329B2 (en) Similarity analysis for automated disposition of security alerts
Yadav et al. Assessment of SCADA system vulnerabilities
US20230252136A1 (en) Apparatus for processing cyber threat information, method for processing cyber threat information, and medium for storing a program processing cyber threat information
Elfeshawy et al. Divided two-part adaptive intrusion detection system
US20240054210A1 (en) Cyber threat information processing apparatus, cyber threat information processing method, and storage medium storing cyber threat information processing program
Yockey et al. Cyber threat assessment of machine learning driven autonomous control systems of nuclear power plants
Borhan et al. A framework of TPM, SVM and boot control for securing forensic logs
CN116561752B (en) Safety testing method for application software
Mihailescu et al. Unveiling Threats: Leveraging User Behavior Analysis for Enhanced Cybersecurity
CN116418591A (en) Intelligent computer network safety intrusion detection system
US20230048076A1 (en) Cyber threat information processing apparatus, cyber threat information processing method, and storage medium storing cyber threat information processing program
CN115859298A (en) Dynamic trusted computing environment architecture and method for power master station system
Zhao et al. Automated approach to intrusion detection in VM-based dynamic execution environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant