CN116561752B - Safety testing method for application software - Google Patents
Safety testing method for application software Download PDFInfo
- Publication number
- CN116561752B CN116561752B CN202310829116.5A CN202310829116A CN116561752B CN 116561752 B CN116561752 B CN 116561752B CN 202310829116 A CN202310829116 A CN 202310829116A CN 116561752 B CN116561752 B CN 116561752B
- Authority
- CN
- China
- Prior art keywords
- application software
- password
- security
- representing
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 21
- 238000009781 safety test method Methods 0.000 title claims description 6
- 238000012360 testing method Methods 0.000 claims abstract description 59
- 238000012544 monitoring process Methods 0.000 claims abstract description 30
- 238000007726 management method Methods 0.000 claims abstract description 24
- 238000002955 isolation Methods 0.000 claims abstract description 23
- 238000012795 verification Methods 0.000 claims abstract description 17
- 238000010998 test method Methods 0.000 claims abstract description 10
- 238000001514 detection method Methods 0.000 claims abstract description 9
- 238000013528 artificial neural network Methods 0.000 claims abstract description 5
- 238000012550 audit Methods 0.000 claims abstract description 5
- 230000001537 neural effect Effects 0.000 claims description 71
- 230000006399 behavior Effects 0.000 claims description 61
- 238000013145 classification model Methods 0.000 claims description 38
- 238000012549 training Methods 0.000 claims description 20
- 230000006870 function Effects 0.000 claims description 19
- 238000012545 processing Methods 0.000 claims description 19
- 239000011159 matrix material Substances 0.000 claims description 15
- 239000013598 vector Substances 0.000 claims description 15
- 238000003066 decision tree Methods 0.000 claims description 11
- 238000012986 modification Methods 0.000 claims description 10
- 230000004048 modification Effects 0.000 claims description 10
- 238000007637 random forest analysis Methods 0.000 claims description 10
- 238000013480 data collection Methods 0.000 claims description 9
- 238000000605 extraction Methods 0.000 claims description 7
- 230000004913 activation Effects 0.000 claims description 6
- 238000004364 calculation method Methods 0.000 claims description 6
- 238000004140 cleaning Methods 0.000 claims description 6
- 238000005516 engineering process Methods 0.000 claims description 6
- 238000011156 evaluation Methods 0.000 claims description 6
- 238000007781 pre-processing Methods 0.000 claims description 6
- 230000035945 sensitivity Effects 0.000 claims description 6
- 230000005856 abnormality Effects 0.000 claims description 5
- 238000003860 storage Methods 0.000 claims description 5
- 238000004590 computer program Methods 0.000 claims description 4
- 206010000117 Abnormal behaviour Diseases 0.000 claims description 3
- 230000002457 bidirectional effect Effects 0.000 claims description 3
- 238000010276 construction Methods 0.000 claims description 3
- 238000012217 deletion Methods 0.000 claims description 3
- 230000037430 deletion Effects 0.000 claims description 3
- 238000001914 filtration Methods 0.000 claims description 3
- 238000005457 optimization Methods 0.000 claims description 3
- 238000005520 cutting process Methods 0.000 claims description 2
- 238000005192 partition Methods 0.000 claims description 2
- 230000008569 process Effects 0.000 abstract description 6
- 238000004422 calculation algorithm Methods 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 5
- 230000002159 abnormal effect Effects 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 230000002155 anti-virotic effect Effects 0.000 description 2
- 230000008030 elimination Effects 0.000 description 2
- 238000003379 elimination reaction Methods 0.000 description 2
- 230000035515 penetration Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 210000005036 nerve Anatomy 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 230000000246 remedial effect Effects 0.000 description 1
- 238000011076 safety test Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3688—Test management for test execution, e.g. scheduling of test suites
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/21—Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
- G06F18/214—Generating training patterns; Bootstrap methods, e.g. bagging or boosting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
- G06F18/241—Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/561—Virus type analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Abstract
The invention relates to the technical field of software security test, and discloses a security test method of application software, which is characterized in that the application software is classified by BP neural network algorithm, network function virtualization is utilized to perform network security detection, password intensity verification and password error isolation are utilized to perform account password management, user operation is performed and data security monitoring is performed, erasure operation is performed when the user is withdrawn from use, security audit management is performed in the whole process, potential safety hazards are monitored in a multi-dimensional manner, the security test of the software can be ensured in an all-around manner, damage to a host computer in the security test process can be avoided, and the security test method has very important practical significance to the security test of the software.
Description
Technical Field
The invention relates to the technical field of software security testing, in particular to a security testing method of application software.
Background
In recent years, the development of the network technology in China is faster, the application range of the computer technology is continuously enlarged, and the popularity of various software is continuously increased. Under an open network environment, the complexity of software and software loopholes are increased continuously, so that a plurality of losses are increased continuously, the problem of software safety is highly concerned by multiple fields of society, and the software safety test is an important aspect for guaranteeing the software safety and reducing the safety risk, so that higher requirements are also put forward for the software safety test. Most of the prior art is to perform security test on a certain aspect of software security, and damage to a host may be caused by using a security test method, but the security test cannot be performed on the software in all aspects, and damage to the host in the security test process cannot be avoided.
The Chinese patent with the application publication number of CN105187403A discloses a network security testing method facing a software defined network, which comprises a security testing framework, a security testing strategy, a classified security testing method, a project security testing method and a security testing step aiming at a target software defined network. The testing framework comprises dividing a target software defined network into four network planes, namely data, control, application and management, and respectively unfolding security tests on each network element and link of each network plane and interfaces between each network plane; the test strategy comprises a selection and flow programming method for testing each unit in the security test framework; the classified safety testing method is used for carrying out safety tests of different types according to the classification characteristics of each unit; the project security testing method realizes the specific security test for the target network element, the link or the interface, and the test flow defines the complete security testing process and steps for the target software defined network.
The problems presented in the background art exist in the above patents: the security test cannot be performed on the software in all aspects, and damage to the host computer during the security test cannot be avoided. In order to solve the problem, the invention provides a safety testing method of application software.
Disclosure of Invention
This section is intended to outline some aspects of embodiments of the application and to briefly introduce some preferred embodiments. Some simplifications or omissions may be made in this section as well as in the description of the application and in the title of the application, which may not be used to limit the scope of the application.
The present application has been made in view of the above-mentioned problems with the existing security test methods for application software.
Therefore, the application aims to provide a security testing method for application software.
In order to solve the technical problems, the application provides the following technical scheme: classifying application software;
detecting network security of the application software;
after the network security detection is finished, account password management is carried out;
after the account password is managed, user operation is executed, and data security monitoring is carried out;
and the data is withdrawn from use without subsequent operation after safety monitoring.
As a preferable scheme of the security testing method of the application software, the application comprises the following steps: the application software classification comprises data collection, data preprocessing and classification model construction;
The data collected by the data collection includes the name, description, functional characteristics and class of the application software;
the data preprocessing comprises data cleaning and standardization processing of the data in the data collection, wherein the data cleaning comprises repeated data deletion, missing data processing and error data processing, and the standardization processing comprises data filtering, missing data processing and error data processing to form a data set;
constructing the classification model comprises feature selection and classification model training, wherein the classification model training comprises data division, model training and model evaluation;
and adopting a BP neural network as a classification model, wherein the feature selection encodes and vectorizes the application software according to a security level, and the security level classification formula is as follows:
;
in the formula Representing security levels including SSS, S, a, B, C, D.
As a preferable scheme of the security testing method of the application software, the invention comprises the following steps: the classification model further comprises an input layer, an implicit layer and an output layer, the description, the functional characteristics and the categories of the application software are input into the input layer, then the implicit layer performs characteristic extraction and optimization, and finally the security level is output from the output layer;
The number of the neural nodes of the input layer is 3, the description, the functional characteristics and the categories of the application software are included, the 3 neural nodes of the input layer are collectively called as input vectors, and the expression is as follows:
;
in the formula Representing the description->Representing said functional properties->Representation ofThe category;
the number of the neural nodes of the hidden layer is 8, the 2 neural nodes of the hidden layer are used for extracting and optimizing the characteristics of the described neural nodes in the input layer, the 4 neural nodes of the hidden layer are used for extracting and optimizing the characteristics of the neural nodes of the functional characteristics in the input layer, the 2 neural nodes of the hidden layer are used for extracting and optimizing the characteristics of the class of the neural nodes in the input layer, and the expression of the characteristic extraction is as follows:
;
in the formula ,representing an activation function->A weight matrix representing the weight matrix from the neural node of the input layer to the neural node of the hidden layer, the expression is +.>,/>3 neural nodes representing the input layer, < >>8 neural nodes representing the hidden layer, < ->Representing the input vector,/->Representing the bias parameters from the neural node of the input layer to the neural node of the hidden layer, the expression is +. >,/>3 neural nodes representing the input layer, < >>Representing a matrix transpose;
wherein ,the expression of (2) is +.>;
in the formula ,represents natural constant, is one of common override numbers, < ->Representing the input vector;
and the characteristics are extracted and input to an output layer is optimized by the hidden layer, and the optimized expression is as follows:
;
in the formula ,representing an activation function->A weight matrix from the neural node of the hidden layer to the neural node of the output layer is expressed as +.>,/>8 neural nodes representing the hidden layer, < ->Representing the said transfusion6 nerve nodes out of layer, +.>The bias parameter from the neural node of the hidden layer to the neural node of the output layer is expressed as +.>,/>Representing a matrix transpose;
wherein ,the expression of (2) is +.>;
The number of the neural nodes of the output layer is 6, the 6 different security levels are respectively corresponding to the neural nodes as output vectors, and the expression of the output vectors is as follows:
;
in the formula ,representing the SSS level in said security level, < > in->Representing a level S, a +.>Represents level a, +_in the security level>Represents level B, < > in said security level>Represents level C, +_in the security level >Representing a level D of the security levels;
the data partition includes a 20% test set and an 80% training set, and the model training uses the training set to train the classification model.
As a preferable scheme of the security testing method of the application software, the invention comprises the following steps: the model evaluation includes overall classification sensitivityAnd accuracy->The calculation formula of the overall classification sensitivity is as follows:
;
in the formula ,indicating classification sensitivity according to said security level, < >>Representing sample set,/->Representing the total number of said application software in the sample set, < >>Representing the number of the application software in the sample set classified according to different security levels;
the accuracy is calculated as follows:
;
in the formula ,representing sample sets as per different security etcThe number of said application software of the hierarchy, +.>Representing the total number of the application software in the sample set;
if it isAnd->Indicating that the classification model is excellent;
if it isAnd->Representing that the classification model is general;
if it isAnd->Representing that the classification model is general;
if it isAnd->Representing that the classification model is general;
if it isOr->And if the classification model does not meet the requirements, continuing to optimize.
As a preferable scheme of the security testing method of the application software, the invention comprises the following steps: the account password management comprises password security verification, wherein the password security verification comprises password strength verification and password error isolation;
the password strength verification comprises password types and password counts, and the calculation of the password strength verification is as follows:
;
in the formula ,representing the number of cipher bits->Representing a cryptographic counting function, ++>Representing a function of the type of password,represents a positive integer;
the cryptographic count function expression is as follows:
;
in the formula ,representing the password entered by the judgment->Representing the number of bits of the statistically entered password;
wherein ,the expression of (2) is +.>,/>The expression of (2) is;
in the formula ,representing the entered password @, @>Representing the number of cipher bits;
the cryptographic kind function expression is as follows:
;
in the formula ,representing the number of the password classes, said password classes comprising uppercase letters, lowercase letters, numbers and special symbols, +>Representing the number of non-repeated arrangement of all kinds;
and calculating the formula for verifying the password strength to obtain five types of weak, medium, strong and strong password strength.
As a preferable scheme of the security testing method of the application software, the invention comprises the following steps: the rules of the password intensity include:
If it isAnd->The password strength is weaker, and the password needs to be replaced as soon as possible;
if it isAnd->The password strength is weak, and the password needs to be replaced;
if it isAnd->The password strength is weak, and the password needs to be replaced;
if it isAnd->The password strength is medium, and the password is general;
if it isAnd->The password strength is medium, and the password is general;
if it isAnd->The password strength is medium, and the password is general;
if it isAnd->The password strength is strong, indicating that the password is relatively safe;
if it isAnd->The password strength is strong, indicating that the password is relatively safe;
if it isAnd->And the password strength is stronger, so that the password security is indicated.
As a preferable scheme of the security testing method of the application software, the invention comprises the following steps: the password error isolation comprises time isolation and IP isolation, and the rule flow of the password error isolation is as follows:
firstly, recording the number of attempts, login time and IP address, judging whether the number of the wrong attempts exceeds 3 times and whether the same IP fails to log in multiple accounts;
if the number of the error attempts exceeds 3 and the login of the same IP multi-account fails, isolating the application software account and the logged-in IP address;
If the number of the error attempts does not exceed 3 and the same IP does not have multi-account login failure, ending the rule flow;
when the number of error attempts exceeds 3 and the login of the same IP multi-account fails, judging the security level of the application software;
if the security level of the application software is SSS level, isolating the application software for 24 hours and requiring contact with an administrator;
if the security level of the application software is S level, isolating the application software for 1 hour;
if the security level of the application software is A level, isolating the application software for 30 minutes;
if the security level of the application software is B level, isolating the application software for 20 minutes;
if the security level of the application software is C level, isolating the application software for 10 minutes;
if the security level of the application software is level D, isolating the application software for 5 minutes;
and finally, ending the rule flow after the password error isolation is completed.
As a preferable scheme of the security testing method of the application software, the invention comprises the following steps: the data security monitoring is needed to be carried out when the user operates, and the abnormality of the data security monitoring relates to an application software account and user operation behavior of the account password management;
Firstly, reading the condition of logging in an application software account, verifying whether the application software account has the condition of logging in directly inquiring sensitive data after logging in for a long time, verifying whether the application software account has the condition of logging in multiple persons simultaneously and logging in different IP addresses, and then reading the user operation behaviors, wherein the user operation behaviors comprise inquiry behaviors and modification behaviors, and checking whether behavior data of the inquiry behaviors and behavior data of the modification behaviors exceed a threshold value;
if the behavior data of the query behavior and the behavior data of the modification behavior exceed the threshold, page warning the abnormal behavior of the user, after the page warning, the user can see whether to continue operation or not, if so, account locking is carried out and the system is alarmed, and if not, monitoring is finished;
ending monitoring if the behavior data of the query behavior and the behavior data of the modified behavior do not exceed the threshold value;
wherein the threshold comprises: the repeated data of the query is 100 times in one day, one user is queried 10 times in one day, one user is queried 100 times in one month, millions of data are queried singly, the modified data is 100 times in half a day, and the inserted and deleted data is 100 times in half a day.
As a preferable scheme of the security testing method of the application software, the invention comprises the following steps: the exit from use includes erasing sensitive information of the application account, the erasing including a permanent erasure and a deadline erasure, the erasing being as follows:
firstly, defining the sensitive information, including user data, login information and browsing history of the application software account, and then judging the security level of the application software;
if the security level of the application software is SSS level, permanently erasing the sensitive information;
if the security level of the application software is S level, defining the sensitive information as 7 days free of erasure;
if the security level of the application software is A level, defining the sensitive information as one month erasure-free;
if the security level of the application software is B level, defining the sensitive information as three months free of erasure;
if the security level of the application software is C level, defining the sensitive information as half-year erasure-free;
if the security level of the application software is level D, defining the sensitive information as one-year erasure-free;
and finally, ending the rule after the erasing is finished.
As a preferable scheme of the security testing method of the application software, the invention comprises the following steps: the safety test method of the application software further comprises safety audit management, multi-dimensional monitoring of potential safety hazards and generation of decision trees;
The decision tree is respectively constructed according to the account password management, the data use and the user operation behavior;
integrating the three decision trees constructed according to the account password management, the data use and the user operation behaviors into a random forest, predicting the potential safety hazard by utilizing the predictability of the random forest, and prompting the prediction result to an interface of the application software.
A computer device comprising, a memory for storing instructions; and the processor is used for executing the instructions to enable the equipment to execute a security testing method for realizing the application software.
A computer readable storage medium having stored thereon a computer program which, when executed by the processor, implements a security testing method for application software.
The invention has the beneficial effects that: according to the invention, application software classification is carried out through a BP neural network algorithm, network function virtualization is utilized to carry out network security detection, account password management is carried out by password strength verification and password error isolation, user operation is carried out and data security monitoring is carried out, erasure operation is carried out when the user exits from use, security audit management is carried out in the whole course, safety hidden danger is monitored in multiple dimensions, security test can be carried out on software in all aspects, damage to a host computer in the security test process can be avoided, and the method has very important practical significance on software security test.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art. Wherein:
FIG. 1 is a flow chart of a method of testing the security of application software according to the present invention.
Fig. 2 is a system frame diagram based on network function virtualization according to the security testing method of application software of the present invention.
FIG. 3 is a diagram of a rule diagram for isolating cryptographic errors according to the security test method of application software of the present invention.
Fig. 4 is a flow chart of data security monitoring according to the security testing method of the application software of the present invention.
Fig. 5 is a diagram illustrating the judgment of the erasure rule according to the security test method of the application software of the present invention.
FIG. 6 is a diagram of a decision tree and random forest according to the security test method of the application software of the present invention.
Detailed Description
In order that the above-recited objects, features and advantages of the present invention will become more readily apparent, a more particular description of the invention will be rendered by reference to specific embodiments thereof which are illustrated in the appended drawings.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, but the present invention may be practiced in other ways other than those described herein, and persons skilled in the art will readily appreciate that the present invention is not limited to the specific embodiments disclosed below.
Further, reference herein to "one embodiment" or "an embodiment" means that a particular feature, structure, or characteristic can be included in at least one implementation of the invention. The appearances of the phrase "in one embodiment" in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments.
Further, in describing the embodiments of the present invention in detail, the cross-sectional view of the device structure is not partially enlarged to a general scale for convenience of description, and the schematic is only an example, which should not limit the scope of protection of the present invention. In addition, the three-dimensional dimensions of length, width and depth should be included in actual fabrication.
Example 1
In this embodiment, referring to fig. 1, a method flowchart of a security testing method of application software is provided, and as shown in fig. 1, the security testing method of application software includes the following steps:
S1: application software classification.
The application software classification comprises data collection, data preprocessing and classification model construction;
the data collected by data collection comprises the name, description, functional characteristics and category of the application software, and is realized by inquiring an application store and web crawler technology;
the data preprocessing comprises data cleaning and standardization processing of data in the data collection, wherein the data cleaning comprises repeated data deletion, missing data processing and error data processing, and the standardization processing comprises data filtering, missing data processing and error data processing to form a data set;
the method comprises the steps of constructing a classification model, wherein the classification model comprises feature selection and classification model training, and the classification model training comprises data division, model training and model evaluation;
the BP neural network is used as a classification model, the application software is coded and vectorized according to the security level by the feature selection, and the security level classification formula is as follows:
;
in the formula Representing security levels, wherein the security levels comprise SSS level, S level, A level, B level, C level and D level;
the classification model also comprises an input layer, an implicit layer and an output layer, wherein the description, the functional characteristics and the category of the application software are input into the input layer, then the implicit layer performs characteristic extraction and optimization, and finally the security level is output from the output layer;
The number of the neural nodes of the input layer is 3, including the description, the functional characteristics and the category of the application software, and the 3 neural nodes of the input layer are collectively called as input vectors, and the expression is as follows:
;
in the formula Representing the description->Representing said functional properties->Representing a category;
the number of the neural nodes of the hidden layer is 8, the 2 neural nodes of the hidden layer are used for extracting and optimizing the characteristics of the neural nodes described in the input layer, the 4 neural nodes of the hidden layer are used for extracting and optimizing the characteristics of the neural nodes of the functional characteristics in the input layer, the 2 neural nodes of the hidden layer are used for extracting and optimizing the characteristics of the neural nodes of the category in the input layer, and the expression of the characteristic extraction is as follows:
;
in the formula ,representing an activation function->A weight matrix representing the weight matrix from the neural node of the input layer to the neural node of the hidden layer, the expression is +.>,/>3 neural nodes representing the input layer, < >>8 neural nodes representing the hidden layer, < ->Representing the input vector,/->Representing the bias parameters from the neural node of the input layer to the neural node of the hidden layer, the expression is +.>,/>3 neural nodes representing the input layer, < > >Representing a matrix transpose;
wherein ,the expression of (2) is +.>;
in the formula ,represents natural constant, is one of common override numbers, < ->Representing an input vector;
after feature extraction, the input layer and the output layer are optimized by the hidden layer, and the optimized expression is as follows:
;
in the formula ,representing an activation function->A weight matrix from the neural node of the hidden layer to the neural node of the output layer is expressed as +.>,/>8 neural nodes representing the hidden layer, < ->6 neural nodes representing the output layer, < >>The bias parameter from the neural node of the hidden layer to the neural node of the output layer is expressed as +.>,/>Representing a matrix transpose;
wherein ,the expression of (2) is +.>;
The number of the neural nodes of the output layer is 6, the neural nodes respectively correspond to 6 different security levels and serve as output vectors, and the expression of the output vectors is as follows:
;
in the formula ,representing the SSS level in said security level, < > in->Representing a level S, a +.>Represents level a, +_in the security level>Represents level B, < > in said security level>Represents level C, +_in the security level>Representing a level D of the security levels;
the data division comprises 20% of test sets and 80% of training sets, and model training uses the training sets to train the classification model;
Model evaluation includes overall classification sensitivityAnd accuracy->The saidThe overall classification sensitivity is calculated as follows:
;
in the formula ,indicating classification sensitivity according to said security level, < >>Representing sample set,/->Representing the total number of said application software in the sample set, < >>Representing the number of the application software in the sample set classified according to different security levels;
the accuracy is calculated as follows:
;
in the formula ,representing the number of said applications in the sample set, classified according to different security levels,/for each application>Representing the total number of the application software in the sample set;
if it isAnd->Indicating that the classification model is excellent;
if it isAnd->Representing that the classification model is general;
if it isAnd->Representing that the classification model is general;
if it isAnd->Representing that the classification model is general;
if it isOr->And if the classification model does not meet the requirements, continuing to optimize.
In the specific application, the trained classification model is utilized to classify the shopping platform, the security level of the shopping platform is determined to be S level, and network security detection is carried out.
S2: network security detection.
The network security detection is to ensure that the whole network system is not threatened and infringed, prevent unauthorized access attack and malicious activity, realize flexible sharing of resources, and in order to avoid any threat and infringement, the software needs to be in an isolated state to prevent damage to a host caused by the attack, and realize double protection of network security based on network function virtualization;
The realization of double protection is that firstly, a physical server is cut into a plurality of logic servers by using a virtualization technology, a plurality of virtual machines are generated, each virtual machine is provided with an own operating system and application programs, then, a cloud platform is built in the virtual machines, a database is installed, different software systems are installed, then, a two-way gateway is used for connecting the cloud platform and an external network, and finally, a host is used for connecting the external network to achieve the effect of driving the software systems;
an anti-virus protection system, a cloud firewall, a web server, an application server, a database server and a background server are respectively arranged in the cloud platform, data encryption processing is implemented in the cloud platform, identity authentication is carried out, and in order to avoid the cloud platform from being attacked, the cloud primary technology is utilized to carry out micro-isolation on a plurality of servers, so that the servers are independent and have a complete life cycle, and the independence and safety of each module in the cloud platform are ensured;
the network function virtualization is to deploy the traditional service into the cloud platform to realize decoupling of software and hardware, and then to realize intercommunication between the external network and the cloud platform by utilizing a bidirectional gatekeeper, as shown in fig. 2;
the deploying step includes obtaining version data corresponding to the application software, including but not limited to operating system version, kernel version number, installation time, system manufacturer and physical memory; creating virtual servers corresponding to the version data using virtualization techniques, including but not limited to web servers, application servers, database servers, and background servers; adding an anti-virus protection system and a cloud firewall corresponding to the version data; creating a virtual machine corresponding to the version data; starting a virtual machine and creating application software corresponding to version data;
The two-way gateway realizes the intercommunication between the external network and the cloud platform, firstly, the original internet connection mode is disconnected, the two-way gateway is deployed between the cloud platform and the firewall by using the virtualized network function to realize uplink and downlink access, then, the two-way gateway is utilized to transmit partial data of the external network to the cloud platform, finally, network attached storage is deployed, and data synchronization is realized through the two-way gateway;
the real-time monitoring network security is realized based on the virtualized network function, the security problem occurs, the real-time alarm is given out, the two-way gatekeeper is cut off, the external security threat is isolated, and the security threat of the host computer caused by the penetration test operation is avoided;
the alarm mechanism comprises: and reading the system behavior of the application software, and if the phenomena of system patch missing, safe penetration failure and network transmission abnormality occur, timely alarming and cutting off the bidirectional gatekeeper.
In the specific application, the network security detection of the shopping platform is confirmed to pass, and account password management is carried out.
S3: account password management.
The account password management comprises password security verification, wherein the password security verification comprises password strength verification and password error isolation;
the password strength verification comprises password types and password counts, and the calculation of the password strength verification is as follows:
;
in the formula ,representing the number of cipher bits->Representing a cryptographic counting function, ++>Representing a function of the type of password,represents a positive integer;
the cryptographic count function expression is as follows:
;
in the formula ,representing the password entered by the judgment->Representing the number of bits of the statistically entered password;
wherein ,the expression of (2) is +.>,/>The expression of (2) is;
in the formula ,representing the entered password @, @>Representing the number of cipher bits;
the cryptographic kind function expression is as follows:
;
in the formula ,representing the number of the password classes, said password classes comprising uppercase letters, lowercase letters, numbers and special symbols, +>Representing the number of non-repeated arrangement of all kinds;
and calculating the formula for verifying the password strength to obtain five types of weak, medium, strong and strong password strength.
As a preferable scheme of the security testing method of the application software, the invention comprises the following steps: the rules of the password intensity include:
if it isAnd->The password strength is weaker, and the password needs to be replaced as soon as possible;
if it isAnd->The password strength is weak, and the password needs to be replaced;
if it isAnd->The password strength is weak, and the password needs to be replaced;
if it isAnd->The password strength is medium, and the password is general;
If it isAnd->The password strength is medium, and the password is general;
if it isAnd->The password strength is medium, and the password is general;
if it isAnd->The password strength is strong, indicating that the password is relatively safe;
if it isAnd->The password strength is strong, indicating that the password is relatively safe;
if it isAnd->The password strength is stronger, indicating the password security;
the password error isolation comprises time isolation and IP isolation, the rule flow of the password error isolation is shown in fig. 3, and the specific rule is as follows: firstly, recording the number of attempts, login time and IP address, judging whether the number of the wrong attempts exceeds 3 times and whether the same IP fails to log in multiple accounts;
if the number of the error attempts exceeds 3 and the login of the same IP multi-account fails, isolating the application software account and the logged-in IP address;
if the number of the error attempts is not more than 3 and the same IP has no multi-account login failure, ending the rule flow;
when the number of error attempts exceeds 3 and the login of the same IP multi-account fails, judging the security level of the application software;
if the security level of the application software is SSS level, isolating the application software for 24 hours and requiring contact with an administrator;
If the security level of the application software is S level, isolating the application software for 1 hour;
if the security level of the application software is A level, isolating the application software for 30 minutes;
if the security level of the application software is B level, isolating the application software for 20 minutes;
if the security level of the application software is C level, isolating the application software for 10 minutes;
if the security level of the application software is D level, isolating the application software for 5 minutes;
and finally, ending the rule flow after the password error isolation is completed.
In a specific application, the password input by the user is known as adgr123frg&ht@ the cipher counting function isThe password type function isIf the calculation result is 20, the formula for verifying the password strength is calculated as follows:, wherein And->Judging that the password strength of the password is strong, indicating that the password is relatively safe, and the security level of the shopping platform is S-level, if the user is successful in logging in more than 3 times or if the same IP has multiple accounts and fails to log in, isolating the shopping software for 1 hour, and if logging in successfully, executing user operation and carrying out data security monitoring, and if logging in successfully in 3 times, executing user operation and carrying out data security monitoring.
S4: and executing user operation and carrying out data security monitoring.
When a user operates, data security monitoring is needed, wherein the data security monitoring is to protect confidentiality, integrity and availability of data, so that the data stored in the software is not damaged, changed and leaked by the outside, the monitoring flow is shown in fig. 4, and the abnormality of the data security monitoring relates to an application software account managed by account passwords and user operation behaviors;
firstly, reading the login situation of an application software account, verifying whether the application software account has the direct inquiry sensitive data after logging in for a long time, verifying whether the application software account has the simultaneous login situation of multiple persons and different login IP addresses, and then reading user operation behaviors, wherein the user operation behaviors comprise inquiry behaviors and modification behaviors, and checking whether the behavior data of the inquiry behaviors and the behavior data of the modification behaviors exceed a threshold value;
if the behavior data of the query behavior and the behavior data of the modification behavior exceed the threshold, the page alerts the user of abnormal behavior, after page alert, the user looks at whether to continue operation, if so, account locking is carried out and the system is alarmed, if not, monitoring is ended;
If the behavior data of the query behavior and the behavior data of the modification behavior do not exceed the threshold value, ending the monitoring;
wherein the threshold comprises: the repeated data of the query is 100 times in one day, one user is queried 10 times in one day, one user is queried 100 times in one month, millions of data are queried singly, the modified data is 100 times in half a day, and the inserted and deleted data is 100 times in half a day.
In the specific application, the user does not have the condition of directly inquiring the sensitive data after logging in for a long time when the user performs the user operation, and also does not have the condition that a plurality of people log in the account simultaneously and the login IP addresses are different, so that the user operation behavior is judged to be normal, and the monitoring is ended.
S5: and (5) taking out.
The erasure includes permanent erasure and deadline erasure, the rules of erasure are shown in fig. 5, and the specific rules are as follows:
firstly, defining sensitive information comprising user data, login information and browsing history of an application software account, and then judging the security level of the application software;
if the security level of the application software is SSS level, permanently erasing the sensitive information;
if the security level of the application software is S level, defining the sensitive information as 7 days free of erasure;
If the security level of the application software is A level, defining the sensitive information as one month erasure-free;
if the security level of the application software is B level, defining the sensitive information as three months free from erasure;
if the security level of the application software is C level, defining the sensitive information as half-year erasure-free;
if the security level of the application software is D level, defining the sensitive information as one-year erasure-free;
and finally, ending the rule after the erasing is finished.
In a specific application, when the user has no abnormal operation behavior and no signs of continuous use, the user exits from the use, and the security level of the shopping platform is known as S level, the user data, login information and browsing history are not erased within 7 days, and the erasing work is executed after 7 days.
The method comprises the steps of carrying out security audit management in the whole process, tracking all application software activities, carrying out multidimensional monitoring on application software, monitoring potential safety hazards, generating decision trees, integrating a plurality of decision trees into a random forest, predicting the potential safety hazards by utilizing the predictability of the random forest, prompting prediction information to the application software, ensuring that potential safety hazard points in the application software can be found in time, taking various remedial measures including hidden danger elimination, data recovery and personnel responsibility elimination according to different severity, guiding the application software not to repeat similar problems, and managing and analyzing system logs.
The decision tree and the random forest are as shown in fig. 6, and whether the application software is safe or not is refined according to the dimensions of account password management, data use, user operation behaviors and the like;
the account password management sequentially considers whether the password is plaintext, the password policy is strong or weak, whether password error isolation exists or not to determine the safety of the application software, the data use sequentially considers whether no data backup exists or not, whether remote access is limited or not and whether safety consciousness training exists or not to determine the safety of the application software, and the user operation behavior sequentially considers whether abnormal operation exists or not, whether unauthorized attack is effective or not and whether network transmission safety is abnormal or not to determine the safety of the application software.
And integrating the three decision trees constructed according to the account password management, the data use and the user operation behaviors into a random forest, predicting potential safety hazards by utilizing the predictability of the random forest, and prompting the prediction result to an interface of the application software.
In the specific application, the password of the shopping platform is not plaintext, the password policy is strong, the password error isolation is provided, the data backup is provided, the remote access is limited, the security consciousness training is provided, the user has no abnormal operation, the unauthorized attack is invalid, the network transmission is safe and has no abnormality, and the security of the shopping platform is determined.
Example 2
In this embodiment, a computer device is provided, including a memory and a processor, where the memory is configured to store instructions, and the processor is configured to execute the instructions, so that the computer device executes steps of implementing a security testing method of the application software.
Example 3
In this embodiment, a computer-readable storage medium is provided, on which a computer program is stored, which when executed by a processor, implements the steps of the security test method of application software described above.
The computer readable storage medium may include: various media capable of storing program codes, such as a U disk, a mobile hard disk, a read-only memory, a random access memory, a magnetic disk or an optical disk.
It should be noted that the above embodiments are only for illustrating the technical solution of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that the technical solution of the present invention may be modified or substituted without departing from the spirit and scope of the technical solution of the present invention, which is intended to be covered in the scope of the claims of the present invention.
Claims (9)
1. A security testing method for application software is characterized in that: comprising the steps of (a) a step of,
classifying application software;
the method comprises the steps of performing network security detection on application software, firstly cutting a physical server into a plurality of logic servers by using a virtualization technology to generate a plurality of virtual machines, then building a cloud platform in the virtual machines, installing a database and installing different software systems, connecting the cloud platform with an external network by using a bidirectional gatekeeper, and finally connecting the external network by using a host computer to drive the software systems;
after the network security detection is finished, account password management is carried out;
after the account password is managed, user operation is executed, and data security monitoring is carried out;
the data is withdrawn from use after no subsequent operation is performed after the data safety monitoring;
the application software classification comprises data collection, data preprocessing and classification model construction;
the data collected by the data collection includes the name, description, functional characteristics and class of the application software;
the data preprocessing comprises data cleaning and standardization processing of the data in the data collection, wherein the data cleaning comprises repeated data deletion, missing data processing and error data processing, and the standardization processing comprises data filtering, missing data processing and error data processing to form a data set;
Constructing the classification model comprises feature selection and classification model training, wherein the classification model training comprises data division, model training and model evaluation;
and adopting a BP neural network as a classification model, wherein the feature selection encodes and vectorizes the application software according to a security level, and the security level classification formula is as follows:
;
in the formula Representing a security level, the security level comprisingSSS, S, a, B, C, D;
the classification model further comprises an input layer, an implicit layer and an output layer, the description, the functional characteristics and the categories of the application software are input into the input layer, then the implicit layer performs characteristic extraction and optimization, and finally the security level is output from the output layer;
the number of the neural nodes of the input layer is 3, the description, the functional characteristics and the categories of the application software are included, the 3 neural nodes of the input layer are collectively called as input vectors, and the expression is as follows:
;
in the formula Representing the description->Representing said functional properties->Representing the category;
the number of the neural nodes of the hidden layer is 8, the 2 neural nodes of the hidden layer are used for extracting and optimizing the characteristics of the described neural nodes in the input layer, the 4 neural nodes of the hidden layer are used for extracting and optimizing the characteristics of the neural nodes of the functional characteristics in the input layer, the 2 neural nodes of the hidden layer are used for extracting and optimizing the characteristics of the class of the neural nodes in the input layer, and the expression of the characteristic extraction is as follows:
;
in the formula ,representing an activation function->A weight matrix representing the weight matrix from the neural node of the input layer to the neural node of the hidden layer, the expression is +.>,/>3 neural nodes representing the input layer, < >>8 neural nodes representing the hidden layer, < ->Representing the input vector,/->Representing the bias parameters from the neural node of the input layer to the neural node of the hidden layer, the expression is +.>,/>3 neural nodes representing the input layer, < >>Representing a matrix transpose;
wherein ,the expression of (2) is +.>;
in the formula ,represents natural constant, is one of common override numbers, < ->Representing the input vector;
and the characteristics are extracted and input to an output layer is optimized by the hidden layer, and the optimized expression is as follows:
;
in the formula ,representing an activation function->A weight matrix from the neural node of the hidden layer to the neural node of the output layer is expressed as +.>,/>8 neural nodes representing the hidden layer, < ->6 neural nodes representing the output layer, < >>The bias parameter from the neural node of the hidden layer to the neural node of the output layer is expressed as +.>,/>Representing a matrix transpose;
wherein ,the expression of (2) is +. >;
The number of the neural nodes of the output layer is 6, the 6 different security levels are respectively corresponding to the neural nodes as output vectors, and the expression of the output vectors is as follows:
;
in the formula ,representing the SSS level in said security level, < > in->Representing a level S, a +.>Represents level a, +_in the security level>Represents level B, < > in said security level>Represents level C, +_in the security level>Representing a level D of the security levels;
the data partition includes a 20% test set and an 80% training set, the model training the classification model using the training set;
the model evaluation includes overall classification sensitivityAnd accuracy->The calculation formula of the overall classification sensitivity is as follows:
;
in the formula ,indicating classification sensitivity according to said security level, < >>Representing sample set,/->Representing the total number of said application software in the sample set, < >>Representing the number of the application software in the sample set classified according to different security levels;
the accuracy is calculated as follows:
;
in the formula ,representing the number of said applications in the sample set, classified according to different security levels,/for each application>Representing the total number of the application software in the sample set;
If it isAnd->Indicating that the classification model is excellent;
if it isAnd->Representing that the classification model is general;
if it isAnd->Representing that the classification model is general;
if it isAnd->Representing that the classification model is general;
if it isOr->And if the classification model does not meet the requirements, continuing to optimize.
2. The security testing method of application software according to claim 1, wherein: the account password management comprises password security verification, wherein the password security verification comprises password strength verification and password error isolation;
the password strength verification comprises password types and password counts, and the calculation of the password strength verification is as follows:
;
in the formula ,representing the number of cipher bits->Representing a cryptographic counting function, ++>Representing a cryptographic kind function->Represents a positive integer;
the cryptographic count function expression is as follows:
;
in the formula ,representing the password entered by the judgment->Representing the number of bits of the statistically entered password;
wherein ,the expression of (2) is +.>,/>The expression of (2) is +.>;
in the formula ,representing the entered password @, @>Representing the number of cipher bits;
the cryptographic kind function expression is as follows:
;
in the formula ,representing the number of the password classes, said password classes comprising uppercase letters, lowercase letters, numbers and special symbols, + >Representing the number of non-repeated arrangement of all kinds;
and calculating the formula for verifying the password strength to obtain five types of weak, medium, strong and strong password strength.
3. The security testing method of application software according to claim 2, wherein: the rules of the password intensity include:
if it isAnd->The password strength is weaker, and the password needs to be replaced as soon as possible;
if it isAnd->The password strength is weak, and the password needs to be replaced;
if it isAnd->The password strength is weak, and the password needs to be replaced;
if it isAnd->The password strength is medium, and the password is general;
if it isAnd->The password strength is medium, and the password is general;
if it isAnd->The password strength is medium, and the password is general;
if it isAnd->The password strength is strong, indicating that the password is relatively safe;
If it isAnd->The password strength is strong, indicating that the password is relatively safe;
if it isAnd->And the password strength is stronger, so that the password security is indicated.
4. A method of testing the security of application software according to claim 3, wherein: the password error isolation comprises time isolation and IP isolation, and the rule flow of the password error isolation is as follows:
Firstly, recording the number of attempts, login time and IP address, judging whether the number of the wrong attempts exceeds 3 times and whether the same IP fails to log in multiple accounts;
if the number of the error attempts exceeds 3 and the login of the same IP multi-account fails, isolating the application software account and the logged-in IP address;
if the number of the error attempts does not exceed 3 and the same IP does not have multi-account login failure, ending the rule flow;
when the number of error attempts exceeds 3 and the login of the same IP multi-account fails, judging the security level of the application software;
if the security level of the application software is SSS level, isolating the application software for 24 hours and requiring contact with an administrator;
if the security level of the application software is S level, isolating the application software for 1 hour;
if the security level of the application software is A level, isolating the application software for 30 minutes;
if the security level of the application software is B level, isolating the application software for 20 minutes;
if the security level of the application software is C level, isolating the application software for 10 minutes;
if the security level of the application software is level D, isolating the application software for 5 minutes;
And finally, ending the rule flow after the password error isolation is completed.
5. The method for testing the security of application software according to claim 4, wherein: the data security monitoring is needed to be carried out when the user operates, and the abnormality of the data security monitoring relates to an application software account and user operation behavior of the account password management;
firstly, reading the condition of logging in an application software account, verifying whether the application software account has the condition of logging in directly inquiring sensitive data after logging in for a long time, verifying whether the application software account has the condition of logging in multiple persons simultaneously and logging in different IP addresses, and then reading the user operation behaviors, wherein the user operation behaviors comprise inquiry behaviors and modification behaviors, and checking whether behavior data of the inquiry behaviors and behavior data of the modification behaviors exceed a threshold value;
if the behavior data of the query behavior and the behavior data of the modification behavior exceed the threshold, page warning the abnormal behavior of the user, after the page warning, the user can see whether to continue operation or not, if so, account locking is carried out and the system is alarmed, and if not, monitoring is finished;
Ending monitoring if the behavior data of the query behavior and the behavior data of the modified behavior do not exceed the threshold value;
wherein the threshold comprises: the repeated data of the query is 100 times in one day, one user is queried 10 times in one day, one user is queried 100 times in one month, millions of data are queried singly, the modified data is 100 times in half a day, and the inserted and deleted data is 100 times in half a day.
6. The method for testing the security of application software according to claim 5, wherein: the exit from use includes erasing sensitive information of the application account, the erasing including a permanent erasure and a deadline erasure, the erasing being as follows:
firstly, defining the sensitive information, including user data, login information and browsing history of the application software account, and then judging the security level of the application software;
if the security level of the application software is SSS level, permanently erasing the sensitive information;
if the security level of the application software is S level, defining the sensitive information as 7 days free of erasure;
if the security level of the application software is A level, defining the sensitive information as one month erasure-free;
If the security level of the application software is B level, defining the sensitive information as three months free of erasure;
if the security level of the application software is C level, defining the sensitive information as half-year erasure-free;
if the security level of the application software is level D, defining the sensitive information as one-year erasure-free;
and finally, ending the rule after the erasing is finished.
7. The method for testing the security of application software according to claim 6, wherein: the safety test method of the application software further comprises safety audit management, multi-dimensional monitoring of potential safety hazards and generation of decision trees;
the decision tree is respectively constructed according to the account password management, the data use and the user operation behavior;
integrating the three decision trees constructed according to the account password management, the data use and the user operation behaviors into a random forest, predicting the potential safety hazard by utilizing the predictability of the random forest, and prompting the prediction result to an interface of the application software.
8. A computer device, characterized by: comprising the steps of (a) a step of,
a memory for storing instructions;
a processor for executing the instructions to cause the apparatus to perform a security testing method implementing the application software of any of claims 1-7.
9. A computer-readable storage medium having stored thereon a computer program, characterized by: the computer program, when executed by a processor, implements a method for security testing of application software according to any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310829116.5A CN116561752B (en) | 2023-07-07 | 2023-07-07 | Safety testing method for application software |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310829116.5A CN116561752B (en) | 2023-07-07 | 2023-07-07 | Safety testing method for application software |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116561752A CN116561752A (en) | 2023-08-08 |
| CN116561752B true CN116561752B (en) | 2023-09-15 |
Family
ID=87491884
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310829116.5A Active CN116561752B (en) | 2023-07-07 | 2023-07-07 | Safety testing method for application software |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116561752B (en) |
Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20010087106A (en) * | 2000-03-04 | 2001-09-15 | 민택기 | System For Cooperating Management Of Electronic Commerce And Its Method |
| GB0819221D0 (en) * | 2008-10-20 | 2008-11-26 | Univ Nottingham Trent | Data analysis method and system |
| WO2014012106A2 (en) * | 2012-07-13 | 2014-01-16 | Sourcefire, Inc. | Method and apparatus for retroactively detecting malicious or otherwise undesirable software as well as clean software through intelligent rescanning |
| CN105681314A (en) * | 2016-01-29 | 2016-06-15 | 博雅网信(北京)科技有限公司 | Cloud environment security scanner and method |
| CN105701503A (en) * | 2016-01-07 | 2016-06-22 | 西安电子科技大学 | Interferometric synthetic aperture radar (SAR) image classification method based on deep belief network (DBN) model |
| CN107403101A (en) * | 2016-05-20 | 2017-11-28 | 松下航空电子公司 | The remote wipe of aircraft data |
| CN108959948A (en) * | 2018-07-18 | 2018-12-07 | 四川师范大学 | Separation of the three powers graduation authorization management method applied to data safety management |
| CN109858506A (en) * | 2018-05-28 | 2019-06-07 | 哈尔滨工程大学 | A kind of visualized algorithm towards convolutional neural networks classification results |
| CN110826319A (en) * | 2019-10-30 | 2020-02-21 | 维沃移动通信有限公司 | Application information processing method and terminal equipment |
| CN110933048A (en) * | 2019-11-14 | 2020-03-27 | 北京卓讯科信技术有限公司 | Method and equipment for identifying abnormal application operation based on message |
| CN112783518A (en) * | 2021-01-26 | 2021-05-11 | 电子科技大学 | Vehicle-mounted application containerization isolation framework system based on IPFS and implementation method |
| TW202123651A (en) * | 2019-07-31 | 2021-06-16 | 美商數據輸出入公司 | Device programming with system generation |
| CN113254930A (en) * | 2021-05-28 | 2021-08-13 | 北京理工大学 | Back door confrontation sample generation method of PE (provider edge) malicious software detection model |
| JP2023021877A (en) * | 2021-08-02 | 2023-02-14 | 広海 大谷 | Development of internet and service, and method for enhancing security |
| CN116361815A (en) * | 2023-06-01 | 2023-06-30 | 北京比瓴科技有限公司 | Code sensitive information and hard coding detection method and device based on machine learning |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050060295A1 (en) * | 2003-09-12 | 2005-03-17 | Sensory Networks, Inc. | Statistical classification of high-speed network data through content inspection |
| US20070162890A1 (en) * | 2005-12-29 | 2007-07-12 | Microsoft Corporation | Security engineering and the application life cycle |
| US11201877B2 (en) * | 2018-12-11 | 2021-12-14 | Cisco Technology, Inc. | Detecting encrypted malware with SPLT-based deep networks |
-
2023
- 2023-07-07 CN CN202310829116.5A patent/CN116561752B/en active Active
Patent Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20010087106A (en) * | 2000-03-04 | 2001-09-15 | 민택기 | System For Cooperating Management Of Electronic Commerce And Its Method |
| GB0819221D0 (en) * | 2008-10-20 | 2008-11-26 | Univ Nottingham Trent | Data analysis method and system |
| WO2014012106A2 (en) * | 2012-07-13 | 2014-01-16 | Sourcefire, Inc. | Method and apparatus for retroactively detecting malicious or otherwise undesirable software as well as clean software through intelligent rescanning |
| CN105701503A (en) * | 2016-01-07 | 2016-06-22 | 西安电子科技大学 | Interferometric synthetic aperture radar (SAR) image classification method based on deep belief network (DBN) model |
| CN105681314A (en) * | 2016-01-29 | 2016-06-15 | 博雅网信(北京)科技有限公司 | Cloud environment security scanner and method |
| CN107403101A (en) * | 2016-05-20 | 2017-11-28 | 松下航空电子公司 | The remote wipe of aircraft data |
| CN109858506A (en) * | 2018-05-28 | 2019-06-07 | 哈尔滨工程大学 | A kind of visualized algorithm towards convolutional neural networks classification results |
| CN108959948A (en) * | 2018-07-18 | 2018-12-07 | 四川师范大学 | Separation of the three powers graduation authorization management method applied to data safety management |
| TW202123651A (en) * | 2019-07-31 | 2021-06-16 | 美商數據輸出入公司 | Device programming with system generation |
| CN110826319A (en) * | 2019-10-30 | 2020-02-21 | 维沃移动通信有限公司 | Application information processing method and terminal equipment |
| CN110933048A (en) * | 2019-11-14 | 2020-03-27 | 北京卓讯科信技术有限公司 | Method and equipment for identifying abnormal application operation based on message |
| CN112783518A (en) * | 2021-01-26 | 2021-05-11 | 电子科技大学 | Vehicle-mounted application containerization isolation framework system based on IPFS and implementation method |
| CN113254930A (en) * | 2021-05-28 | 2021-08-13 | 北京理工大学 | Back door confrontation sample generation method of PE (provider edge) malicious software detection model |
| JP2023021877A (en) * | 2021-08-02 | 2023-02-14 | 広海 大谷 | Development of internet and service, and method for enhancing security |
| CN116361815A (en) * | 2023-06-01 | 2023-06-30 | 北京比瓴科技有限公司 | Code sensitive information and hard coding detection method and device based on machine learning |
Non-Patent Citations (4)
| Title |
|---|
| 三级系统信息安全等级保护测评指标体系研究;姚洪磊;杨文;;铁路计算机应用(第02期);59-61+65 * |
| 基于直觉模糊集的城市供水安全预警评价模型;王威;宋卓;刘晓然;刘朝峰;;中国安全生产科学技术(第04期);180-185 * |
| 研发桌面云系统设计及其在电力系统的应用;胡竹青;杨文清;;电力信息与通信技术(第11期);113-117 * |
| 面向结构化数据集的敏感属性识别与分级算法;何文竹;彭长根;王毛妮;丁兴;樊玫玫;丁红发;;计算机应用研究;第37卷(第10期);3077-3082 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116561752A (en) | 2023-08-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Berlin et al. | Malicious behavior detection using windows audit logs | |
| US11316891B2 (en) | Automated real-time multi-dimensional cybersecurity threat modeling | |
| US20200186569A1 (en) | Security Rule Generation Based on Cognitive and Industry Analysis | |
| Salem et al. | A survey of insider attack detection research | |
| Stolfo et al. | A comparative evaluation of two algorithms for windows registry anomaly detection | |
| Dong‐Her et al. | Internet security: malicious e‐mails detection and protection | |
| CN113660224B (en) | Situation awareness defense method, device and system based on network vulnerability scanning | |
| Ramprakash et al. | Host-based intrusion detection system using sequence of system calls | |
| CN110213226B (en) | Network attack scene reconstruction method and system based on risk full-factor identification association | |
| CN104283889A (en) | Electric power system interior APT attack detection and pre-warning system based on network architecture | |
| Chalvatzis et al. | Evaluation of security vulnerability scanners for small and medium enterprises business networks resilience towards risk assessment | |
| Ho et al. | Hopper: Modeling and detecting lateral movement | |
| Khan | Misuse intrusion detection using machine learning for gas pipeline SCADA networks | |
| Yadav et al. | Assessment of SCADA system vulnerabilities | |
| Sharma et al. | Layered approach for intrusion detection using naïve Bayes classifier | |
| RU2610395C1 (en) | Method of computer security distributed events investigation | |
| CN112637108B (en) | Internal threat analysis method and system based on anomaly detection and emotion analysis | |
| Elfeshawy et al. | Divided two-part adaptive intrusion detection system | |
| US20230252136A1 (en) | Apparatus for processing cyber threat information, method for processing cyber threat information, and medium for storing a program processing cyber threat information | |
| Cao et al. | Learning state machines to monitor and detect anomalies on a kubernetes cluster | |
| Borhan et al. | A framework of TPM, SVM and boot control for securing forensic logs | |
| CN116561752B (en) | Safety testing method for application software | |
| US20240054210A1 (en) | Cyber threat information processing apparatus, cyber threat information processing method, and storage medium storing cyber threat information processing program | |
| CN116418591A (en) | Intelligent computer network safety intrusion detection system | |
| US20230048076A1 (en) | Cyber threat information processing apparatus, cyber threat information processing method, and storage medium storing cyber threat information processing program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |