CN105243327B - A kind of secure file processing method - Google Patents
A kind of secure file processing method Download PDFInfo
- Publication number
- CN105243327B CN105243327B CN201510792215.6A CN201510792215A CN105243327B CN 105243327 B CN105243327 B CN 105243327B CN 201510792215 A CN201510792215 A CN 201510792215A CN 105243327 B CN105243327 B CN 105243327B
- Authority
- CN
- China
- Prior art keywords
- page file
- scripted code
- file
- sample
- eigenvectors
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides a kind of secure file processing method, this method includes:The invasion mode for judging page file determines corresponding feature extraction and assorting process according to invasion mode, and safety detection is carried out to mobile terminal page file by feature extraction and assorting process.The present invention proposes a kind of file detection recognition method, is detected using different mode classifications to different invasion modes, and introducing Fuzzy Processing prevents the camouflage of malicious code, improves detection success rate.
Description
Technical field
The present invention relates to Computer Data Security, more particularly to a kind of secure file processing method.
Background technology
With Internet continuous development with it is universal, various network safety events emerge one after another, entire mobile Internet
Environment receive serious threat, bring huge loss to society.Network safety event is mostly that hacker attacks behavior is drawn
It rises, and immanent cause is the security breaches of software or document itself.The loophole is utilized in invader, to the page in mobile device
File is distorted or is pretended, and ordinary user's None- identified is made, and takes this opportunity to execute or distribute illegal program.Existing page file inspection
Survey includes static detection and dynamic detection, but all refers to monitor the function triggered when running paper and event, without consider into
The fuzzy treatment technology that the person of invading uses, thus malicious script code discrimination is very low, and existing detection model has been used and has been imitated
True technology makes the computing resource of mobile device end consume excessive.
Invention content
To solve the problems of above-mentioned prior art, the present invention proposes a kind of secure file processing method, including:
The invasion mode for judging page file determines corresponding feature extraction and assorting process according to invasion mode, passes through
Feature extraction and assorting process carry out safety detection to mobile terminal page file.
Preferably, the method further includes:Before the feature extraction, it is first determined scripted code is in page file
Position extracts scripted code from page file, if the scripted code, which passes through, the reasons such as encodes, compresses and obscure,
Original scripted code is restored, set of eigenvectors is finally extracted according to feature extraction algorithm;
It is described that corresponding feature extraction and assorting process are determined according to invasion mode, further comprise, for being based on script
The page file of code invasion, extraction are characterized in that base unit is word;For the page realized based on non-scripted code invasion mode
Page file is divided when extracting feature, then carries out feature extraction by face file;According to two different feature extractions
Mode is based respectively on Bayes assorting processes and decision tree assorting process, establishes two different disaggregated models, then uses simultaneously
Two assorting processes are combined by the mode of connection.
Preferably for the page file realized based on non-scripted code invasion mode, the feature of training sample set is extracted
Vector, the training sample set are divided into two classes, based on non-scripted code invasion malicious file sample set and be free of scripted code
Secure file sample set;In feature extraction, the set of eigenvectors of two different sample sets is extracted respectively, according to scheduled spy
Selection algorithm is levied, two set of eigenvectors are handled, to obtain the set of eigenvectors of learning algorithm needs;Then according to
The set of eigenvectors for practising algorithm and extraction, identification model is established using decision tree assorting process;Finally to unknown page file into
Row identification;When page file is identified, the set of eigenvectors of unknown page file is extracted, utilizes this feature vector set generation
It is identified for page file, the identification for then establishing set of eigenvectors according to oneself as the input of identifier, identifier is right
Classification is identified in set of eigenvectors;Finally obtain the classification results of unknown page file.
Preferably, described to extract two different sample sets respectively when carrying out non-scripted code Intrusion Signatures vector extraction
Set of eigenvectors further comprise following procedure:
1. extracting malice sample set set of eigenvectors Tm, and calculate the word frequency tf of wherein each feature vectorM, i;
2. the safe sample set set of eigenvectors T of extractionnAnd calculate the word frequency tf of wherein each feature vectorN, j;
3. calculating TmIn each inverse-document-frequency idf of the feature vector in the safe sample setM, i;
4. calculating TnIn each inverse-document-frequency idf of the feature vector in the malice sample setN, j;
5. selecting the set of eigenvectors of different sample sets respectively, it is then combined with to obtain the feature vector of non-scripted code invasion
Collection.
The present invention compared with prior art, has the following advantages:
The present invention proposes a kind of file detection recognition method, is carried out using different mode classifications to different invasion modes
Detection, introducing Fuzzy Processing prevents the camouflage of malicious code, improves detection success rate.
Description of the drawings
Fig. 1 is the flow chart of secure file processing method according to the ... of the embodiment of the present invention.
Specific implementation mode
Retouching in detail to one or more embodiment of the invention is hereafter provided together with the attached drawing of the diagram principle of the invention
It states.The present invention is described in conjunction with such embodiment, but the present invention is not limited to any embodiments.The scope of the present invention is only by right
Claim limits, and the present invention covers many replacements, modification and equivalent.Illustrate in the following description many details with
Just it provides a thorough understanding of the present invention.These details are provided for exemplary purposes, and without in these details
Or all details can also realize the present invention according to claims.
An aspect of of the present present invention provides a kind of secure file processing method.Fig. 1 is file according to the ... of the embodiment of the present invention
Security processing flow chart.
The present invention makes detection for two different invasion mode specific aims, using two different feature extractions and divides
Class method establishes identification module, then carries out parallel connection to identification module, is carried out to the scripted code in page file complete anti-
Fuzzy preceding operation ensures the validity for the set of eigenvectors attacked based on scripted code.Based on multiclass classification process, difference is entered
It invades mode to be detected using different assorting processes, improves detection success rate.
The page file detection method of the present invention mainly has three big modules:Data prediction, feature extraction and page file
Identification.
(1) data prediction:It is pre-processed for the text set for invading mode based on scripted code.According to being based on foot
This code invades the analysis of mode and page file structure, positioning, sentencing to can perform scripted code in page file first
Which object disconnected scripted code is present in, and according to the adduction relationship between object, the scripted code in object is extracted,
It is stored in new text file;Then according to the coding mode of scripted code, the scripted code by coding is decoded,
To restore original scripted code;Finally, Anti-fuzzy processing is carried out to scripted code, removes the redundancy in scripted code,
Finally obtain original script code.
(2) feature extraction:The present invention proposes two different feature extraction modes, for what is invaded based on scripted code
Page file, extraction is characterized in that base unit is word, the time required to reducing extraction;Mode is invaded for being based on non-scripted code
The page file of realization divides page file when extracting feature, then still uses identical with existing feature extraction
Method, after feature extraction terminates, by feature selecting algorithm, the dimension for effectively reducing feature selects identification higher
Feature.
(3) page file identifies:According to two different feature extraction modes, it is based on Bayes assorting processes and decision tree
Assorting process establishes two different disaggregated models, then by the way of in parallel, two assorting processes is combined, are carried
The high verification and measurement ratio of model.
Before characteristic vector pickup, it is necessary first to position of the scripted code in page file is determined, from page file
Scripted code is extracted, if the scripted code is by coding, compression and the processing such as fuzzy, needs to restore most original
Scripted code, finally according to feature extraction algorithm extract set of eigenvectors.
When being detected to unknown page file, it is necessary first to it is extracted from unknown page file and can perform scripted code, and
And scripted code is decoded and de-fuzzy processing, obtain original scripted code.Then according to string matching algorithm,
Feature vector matching is carried out, judges that there are which feature vectors in scripted code.Finally according to Bayes algorithms and by training sample
Obtained data judge the classification of the unknown page file.
General detection may be used for the page file detection invaded based on non-scripted code:Training sample is extracted first
The feature vector of this collection.Training sample set is divided into two classes:Based on non-scripted code invasion malicious file sample set and be free of foot
The secure file sample set of this code.In feature extraction, the set of eigenvectors for extracting two different sample sets respectively, root are needed
According to certain feature selecting algorithm, two set of eigenvectors are handled, to obtain the set of eigenvectors of learning algorithm needs.
Then according to the set of eigenvectors of learning algorithm and extraction, identification model is established.The present invention is established using decision tree assorting process
Identification model.Finally unknown page file is identified.
When unknown page file is identified, it is necessary first to extract the set of eigenvectors of unknown page file, the spy
Sign vector set can effectively show the unknown page file, can be known instead of page file using this feature vector set
Not.Then identification set of eigenvectors established as the input of identifier, identifier according to oneself, knows set of eigenvectors
Do not classify.Finally obtain the classification results of unknown page file.
Characteristic extracting module proposed by the present invention invades mode, using two different spies according to existing page file
It levies extracting mode and extracts feature vector.For the characteristic vector pickup for invading mode based on scripted code, first by scripted code
It is extracted from page file, the processing such as Anti-fuzzy is carried out to the scripted code, obtain original scripted code.Then with word
For unit, feature extraction is carried out.Feature selecting processing finally is carried out to the feature vector extracted, and increases key feature vector
Weight, ensure the set of eigenvectors finally obtained have higher validity.Mode is invaded for based on non-scripted code
Set of eigenvectors is extracted, and using by page file piecemeal, extracts feature vector respectively, is then carried out feature selecting processing, is obtained
Last feature vector.
To before invading the characteristic vector pickup of mode based on scripted code, being divided into two to the pretreatment of page file
Step, the first step are positioned and are extracted to the executable scripted code in page file, the script that second step will extract
Code be decoded with the processing such as Anti-fuzzy, finally obtain original scripted code.
In page file, scripted code usually exists in dictionary.The several groups entry that dictionary includes, every group of entry is all
It is made of key and value, wherein key must be moniker, and the key in a dictionary is unique;Value can be any conjunction
Method object.There are two types of embedded modes for scripted code:A kind of is directly with hexadecimal or the character string of text mode, another kind
It is stored in another object, is called indirectly by pointer.In the latter case, it is encrypted to be generally stored inside a process for it
Stream.
In order to reliably extract scripted code, need to being handled on semantic hierarchies in text.In general page file
In, the entry position of scripted code can be positioned according to keyword.Scripted code other than being directly embedded into page file,
It can reside in other page files of local host, it could even be possible to residing on distance host.Scripted code is supported
Dynamic call.
The extraction of scripted code is described below
1. opening page file;
2. initializing internal data structure;
3. carrying out catalog directory retrieval, active dictionary entry address is found;
It may be scanned for containing the position candidate of scripted code 4. pair above-mentioned, and detect the data type of dictionary entry;
5. if its data type is the element in predefined keywords set, just contain scripted code in this dictionary,
Scripted code is extracted;
6. a pair scripted code decompresses.
It is usually the stream by coding in indirect referencing object, in the object, to the script generation after coding
Code decoding:Judge the character in stream whether by coding, that is, judges whether contain coding mode field in the head of stream, if
Have, decoding functions is called to be decoded;Finally preserve result.
Malicious file can escape detection by increasing redundancy section.Page file is opened when page file reader to collapse
Burst when, user will be considered that be page file oneself through damage, actually malicious script code is just in running background.Even some malice
Malicious script code is embedded in before page file head or after end mark by file.Anti-fuzzy processing is in order to by script generation
Code carries out a most originalization processing, lays a solid foundation for the feature extraction of back.In the present invention, Anti-fuzzy processing master
The string segmentation and additional redundancy content the two fuzzy technologys to be directed in scripted code are handled.Firstly the need of removal
Unrelated annotation is run with scripted code, secondly needs to restore the character string after being divided, is reduced to original character
String.Can be more than 50 bytes with its length of a large amount of variable in scripted code, in order to be handled in next step conveniently, to these variables
It is handled, if variable-length is more than 50 bytes, carries out Uniform Name.
By the data prediction of early period, present scripted code oneself through be most original scripted code, extraction feature to
The detailed process of amount is as follows.
1. scripted code to be divided into the character string s as unit of word;
2. establishing word frequency look-up table m;
3. traversing character string s, word w is checked whether in m, if jumping to 4, otherwise, jumping to 5;
4. the word frequency m [w] of word w increases 1 in look-up table;
5. word frequency m [w]=l of word w in look-up table;
6. traversing m, traversal pointer is ptr;
7. if m is keyword, the corresponding feature weights of ptr are increased into maximum value;
8. choosing first five feature vector as last set of eigenvectors.
When carrying out non-scripted code Intrusion Signatures vector extraction, training sample set is divided into two classes:Based on non-script generation
The malicious file sample set and secure file sample set of code technology.Needing the feature vector extracted, there are two features:First, at certain
Occurrence frequency is higher in class sample set, but occurrence frequency is relatively low in another kind of sample set.If meeting the two features,
This feature vector set can be very good to distinguish two different sample sets.According to above to the description of feature vector, non-script generation
The characteristic vector pickup process of code invasion is as follows:
1. extracting malice sample set set of eigenvectors Tm, and calculate the word frequency tf of wherein each feature vectorM, i;
2. the safe sample set set of eigenvectors T of extractionnAnd calculate the word frequency tf of wherein each feature vectorN, j;
3. calculating TmIn each inverse-document-frequency idf of the feature vector in safe sample setM, i;
4. calculating TnIn each inverse-document-frequency idf of the feature vector in malice sample setN, j;
5. selecting the set of eigenvectors of different sample sets respectively, be then combined with, obtain the feature of non-scripted code invasion to
Quantity set.
When the page file detection method of the present invention carries out classification and Detection to unknown page file, first from page file
Scripted code is extracted, which is divided into two parts:One is the scripted code embedded, another part is except script
Remaining page file data other than code.Then two parts of page file are detected respectively, utilize Bayes algorithms
The identification model of structure is detected scripted code, using the identification model of Decision tree classified algorithms structure to the residue of page file
Data are detected.Finally, testing result is handled in result integration module, obtains the page file detection side of the present invention
Final detection result of the method to the page file.Just its detailed process is described below.
Set of eigenvectors based on scripted code invasion is using simple and practical Bayes assorting processes as assorting process.
It calculates separately unknown page file X and belongs to safe sample set CnProbability PNBelong to the probability of malice sample set with page file X
PM, then by PNAnd PMIt is compared, obtains the classification that page file X is most approached, to judge the classification of unknown page file X.
If PM>PNIt then indicates to contain malicious script code in the page file, conversely, not containing malicious script in the page file then
Code.
Before page file detection based on the invasion of non-scripted code, wherein Sample is training sample set, and Vector is base
In the set of eigenvectors of non-scripted code invasion.
Establish decision tree root root nodes;
If Sample all be just, return label be+single node tree root;
If Sample is anti-, return label be _ single node tree root;
If Vector is sky, it is most common object vector value in Sample to return to single node root, label;
Otherwise, for each probable value v of Vectori
Add a new branch v at rooti, enable SamplesiFor SamplesiIt is v to meet Vector attribute valuesiSon
Collection;
If SamplesiFor sky, under this new branch plus a leaf node, the label of node be in Sample most
Universal object vector value;
Otherwise add a subtree under new branch:
(Samplesi, object vector value, Vector), terminate.
When based on decision tree disaggregated model establish complete after, so that it may with according to disaggregated model to unknown page file
It is detected:
1. page file is divided according to 100 byte-sizeds, file data blocks are obtained;
2. the feature vector of each page file data block of extraction;
3. the feature vector of all page file data blocks is carried out Integrated Selection, page file vector to the end is obtained
Collection;
4. using this feature vector set as the input of judgement tree classification model;
5. item according to judgement tree classification model output may determine that whether the page file is to enter using non-scripted code
The page file invaded.
During realization, parallel connection is carried out to two different Classification and Identification models, and need to be to two different identifications
The result of model is handled.By the output of two different identification modules, the input of integration module as a result, according to result
Processing function in integration module, if there are one export result for M (malicious file), not in two different identification modules
It is malicious file to know page file then, unknown if the recognition result of two different identification modules is all N (secure file)
Page file is secure file.
In conclusion the present invention proposes a kind of file detection recognition method, different points is utilized to different invasion modes
Class mode is detected, and introducing Fuzzy Processing prevents the camouflage of malicious code, improves detection success rate.
Obviously, it should be appreciated by those skilled in the art, each module of the above invention or each steps can be with general
Computing system realize that they can be concentrated in single computing system, or be distributed in multiple computing systems and formed
Network on, optionally, they can be realized with the procedure script code that computing system can perform, it is thus possible to by them
Storage is executed by computing system within the storage system.In this way, the present invention is not limited to any specific hardware and softwares to combine.
It should be understood that the above-mentioned specific implementation mode of the present invention is used only for exemplary illustration or explains the present invention's
Principle, but not to limit the present invention.Therefore, that is done without departing from the spirit and scope of the present invention is any
Modification, equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.In addition, appended claims purport of the present invention
Covering the whole variations fallen into attached claim scope and boundary or this range and the equivalent form on boundary and is repairing
Change example.
Claims (2)
1. a kind of secure file processing method, which is characterized in that including:
The invasion mode for judging page file determines corresponding feature extraction and assorting process according to invasion mode, passes through feature
Extraction and assorting process carry out safety detection to mobile terminal page file;
The method further includes:Before the feature extraction, it is first determined position of the scripted code in page file, from the page
Scripted code is extracted in file, if the scripted code restores original foot by coding, compression and Fuzzy Processing
This code finally extracts set of eigenvectors according to feature extraction algorithm;
It is described that corresponding feature extraction and assorting process are determined according to invasion mode, further comprise, for being based on scripted code
The page file of invasion, extraction are characterized in that base unit is word;For the page text realized based on non-scripted code invasion mode
Page file is divided when extracting feature, then carries out feature extraction by part;According to two different feature extraction modes,
It is based respectively on Bayes assorting processes and decision tree assorting process, establishes two different disaggregated models, then uses side in parallel
Two assorting processes are combined by formula;
It is described to extract scripted code from page file, further comprise:
(1) opens page file;
(2) initializes internal data structure;
(3) carries out catalog directory retrieval, finds active dictionary entry address;
(4) containing the position candidate of scripted code to may scan for, and detect the data type of dictionary entry;
(5) if its data type of is the element in predefined keywords set, just contain scripted code in this dictionary, it is right
Scripted code extracts;
(6) decompresses scripted code;
When carrying out classification and Detection to unknown page file, scripted code is extracted from page file first, by the page file point
For two parts:One is the scripted code embedded, another part is the remaining page file data in addition to scripted code;
Then two parts of page file are detected respectively, using Bayes algorithms structure identification model to scripted code into
Row detection, the identification model built using Decision tree classified algorithms are detected the remaining data of page file;Finally, detection is tied
Fruit is handled in result integration module, obtains the final detection result to the page file;Detailed process is:
Set of eigenvectors based on scripted code invasion is using simple and practical Bayes assorting processes as assorting process;Respectively
It calculates unknown page file X and belongs to safe sample set CnProbability PNBelong to the probability P of malice sample set with page file XM, so
Afterwards by PNAnd PMIt is compared, obtains the classification that page file X is most approached, to judge the classification of unknown page file X;If
PM>PNIt then indicates to contain malicious script code in the page file, conversely, not containing malicious script code in the page file then;
Before page file detection based on the invasion of non-scripted code, wherein Sample is training sample set, and Vector is based on non-
The set of eigenvectors of scripted code invasion;
Establish decision tree root root nodes;
If Sample all be just, return label be+single node tree root;
If Sample is anti-, return label be _ single node tree root;
If Vector is sky, it is most common object vector value in Sample to return to single node root, label;
Otherwise, for each probable value v of Vectori
Add a new branch v at rooti, enable SamplesiFor SamplesiIt is v to meet Vector attribute valuesiSubset;
If SamplesiFor sky, a leaf node is added under this new branch, the label of node is most universal in Sample
Object vector value;
Otherwise add a subtree under new branch:
(Samplesi, object vector value, Vector), terminate.
2. according to the method described in claim 1, it is characterized in that, for invading the page that mode is realized based on non-scripted code
File extracts the feature vector of training sample set, and the training sample set is divided into two classes, the malice based on the invasion of non-scripted code
Paper sample collection and secure file sample set without scripted code;In feature extraction, two different sample sets are extracted respectively
Set of eigenvectors two set of eigenvectors are handled according to scheduled feature selecting algorithm, with obtain learning algorithm need
The set of eigenvectors wanted;Then it according to the set of eigenvectors of learning algorithm and extraction, is established and is identified using decision tree assorting process
Model;Finally unknown page file is identified;When page file is identified, the feature of unknown page file is extracted
Vector set is identified using this feature vector set instead of page file, then using set of eigenvectors as the input of identifier,
The identification that identifier is established according to oneself, classification is identified to set of eigenvectors;Finally obtain the classification knot of unknown page file
Fruit.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510792215.6A CN105243327B (en) | 2015-11-17 | 2015-11-17 | A kind of secure file processing method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510792215.6A CN105243327B (en) | 2015-11-17 | 2015-11-17 | A kind of secure file processing method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105243327A CN105243327A (en) | 2016-01-13 |
CN105243327B true CN105243327B (en) | 2018-08-31 |
Family
ID=55040970
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510792215.6A Expired - Fee Related CN105243327B (en) | 2015-11-17 | 2015-11-17 | A kind of secure file processing method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105243327B (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108090354B (en) * | 2017-11-14 | 2021-12-10 | 中国科学院信息工程研究所 | Unsupervised masquerading detection method and system based on file access graph |
CN108429754A (en) * | 2018-03-19 | 2018-08-21 | 深信服科技股份有限公司 | A kind of high in the clouds Distributed Detection method, system and relevant apparatus |
CN112232076A (en) * | 2019-06-26 | 2021-01-15 | 腾讯科技(深圳)有限公司 | Script processing method and device and electronic equipment |
CN112269904B (en) * | 2020-09-28 | 2023-07-25 | 华控清交信息科技(北京)有限公司 | Data processing method and device |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103221960A (en) * | 2012-12-10 | 2013-07-24 | 华为技术有限公司 | Detection method and apparatus of malicious code |
CN103577755A (en) * | 2013-11-01 | 2014-02-12 | 浙江工业大学 | Malicious script static detection method based on SVM (support vector machine) |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100953111B1 (en) * | 2007-01-15 | 2010-04-16 | 주정윤 | On-line file security method |
-
2015
- 2015-11-17 CN CN201510792215.6A patent/CN105243327B/en not_active Expired - Fee Related
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103221960A (en) * | 2012-12-10 | 2013-07-24 | 华为技术有限公司 | Detection method and apparatus of malicious code |
CN103577755A (en) * | 2013-11-01 | 2014-02-12 | 浙江工业大学 | Malicious script static detection method based on SVM (support vector machine) |
Non-Patent Citations (1)
Title |
---|
Web环境下脚本攻击检测与防御研究;黎满;《中国优秀硕士学位论文全文数据库 信息科技辑》;20150430(第04期);1-18 * |
Also Published As
Publication number | Publication date |
---|---|
CN105243327A (en) | 2016-01-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107180192B (en) | Android malicious application detection method and system based on multi-feature fusion | |
CN109753800B (en) | Android malicious application detection method and system fusing frequent item set and random forest algorithm | |
CN107908963B (en) | Method for automatically detecting core characteristics of malicious codes | |
CN107241352B (en) | Network security event classification and prediction method and system | |
CN109359439B (en) | software detection method, device, equipment and storage medium | |
CN109005145B (en) | Malicious URL detection system and method based on automatic feature extraction | |
CN109784056B (en) | Malicious software detection method based on deep learning | |
CN106503558B (en) | A kind of Android malicious code detecting method based on community structure analysis | |
CN109922065B (en) | Quick identification method for malicious website | |
CN105243327B (en) | A kind of secure file processing method | |
CN105468972B (en) | A kind of mobile terminal document detection method | |
CN110263538A (en) | A kind of malicious code detecting method based on system action sequence | |
CN112199677A (en) | Data processing method and device | |
CN113297580B (en) | Code semantic analysis-based electric power information system safety protection method and device | |
CN113221032A (en) | Link risk detection method, device and storage medium | |
CN112487422B (en) | Malicious document detection method and device, electronic equipment and storage medium | |
Manavi et al. | A new method for malware detection using opcode visualization | |
CN117113163A (en) | Malicious code classification method based on bidirectional time domain convolution network and feature fusion | |
CN114448664A (en) | Phishing webpage identification method and device, computer equipment and storage medium | |
Yerima et al. | Bot-IMG: A framework for image-based detection of Android botnets using machine learning | |
CN105224873B (en) | A kind of smart machine document authentication method | |
Sushma et al. | Deep learning for phishing website detection | |
CN116702143A (en) | Intelligent malicious software detection method based on API (application program interface) characteristics | |
CN115314268B (en) | Malicious encryption traffic detection method and system based on traffic fingerprint and behavior | |
CN114817925B (en) | Android malicious software detection method and system based on multi-modal graph features |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20180831 Termination date: 20191117 |