CN109977672A - The discovery method and system of software vulnerability - Google Patents
The discovery method and system of software vulnerability Download PDFInfo
- Publication number
- CN109977672A CN109977672A CN201711400076.3A CN201711400076A CN109977672A CN 109977672 A CN109977672 A CN 109977672A CN 201711400076 A CN201711400076 A CN 201711400076A CN 109977672 A CN109977672 A CN 109977672A
- Authority
- CN
- China
- Prior art keywords
- software
- information
- loophole
- host
- library
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/951—Indexing; Web crawling techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/71—Version control; Configuration management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Computing Systems (AREA)
- Data Mining & Analysis (AREA)
- Stored Programmes (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a kind of discovery method and systems of software vulnerability, wherein discovery method includes: S1, periodically inquiry is with the presence or absence of new loophole, if so then execute step S2;S2, loophole software-related information is obtained according to the new loophole, the loophole software-related information includes the title and software version for the software that the new loophole is influenced;S3, it is inquired in preset software version library according to the loophole software-related information with the presence or absence of the software influenced by the new loophole, if so, exporting host software information to be analyzed.The carry out loophole discovery that the discovery method and system of software vulnerability provided by the invention can automate, rapidly and accurately there are loopholes to need patch upgrading for the software on which host of automatic identification network internal to be analyzed, and it frees O&M engineer from the work of heavy complexity, while avoiding artificial careless omission harm caused by network security.
Description
Technical field
The present invention relates to technical field of network security, in particular to the discovery method and system of a kind of software vulnerability.
Background technique
With the continuous development of Internet technology, constantly occurred using the network safety event that loophole is attacked, and is in day
Become serious situation.System vulnerability is more and more in recent years, is getting faster using the speed of loophole, cyber-attack techniques and attack
Tool makes rapid progress, network security situation very severe.Although present various security patch and upgrade procedure can be timely
Publication, the harm that may cause to prevent leak-stopping hole.But since enterprises software asset is numerous, operation maintenance personnel people is only depended on
Work identification needs the host of patch installing and its software version just to become extremely difficult and complicated.For loophole upgrade job often
A large amount of artificial participation is needed, the operation cost of enterprise certainly will be increased, in addition artificial treatment may cause artificial careless omission, to enterprise
Industry network security leaves hidden danger.
Summary of the invention
The technical problem to be solved by the present invention is in order to overcome the software vulnerability in Intranet in the prior art to know
Other heavy workload, artificial treatment easily slip and cause the defect of security risk to enterprise network security, provide a kind of software vulnerability
It was found that method and system.
The present invention is to solve above-mentioned technical problem by following technical proposals:
A kind of discovery method of software vulnerability, it is characterized in that, comprising: S1, periodically inquiry whether there is new loophole, if
It is to then follow the steps S2;S2, loophole software-related information, the loophole software-related information packet are obtained according to the new loophole
Include the title and software version of the software that the new loophole is influenced;S3, it is being preset according to the loophole software-related information
Software version library in inquiry with the presence or absence of the software that is influenced by the new loophole, if so, exporting host software to be analyzed
Information, the host software information to be analyzed include that being influenced by the new loophole of inquiring in the software version library is soft
The mark of part title, software version and host where software;The software version library is for storing host software information, the master
Machine software information is the software information of every host installation in network to be analyzed, and every host software information includes soft
Mark, dbase and the software version of host where part are periodically swept using NMAP (a network connection end scanning software)
The network to be analyzed is retouched to update the software version library.
In the present solution, in order to rapidly and accurately find the software needs on which host of network internal to be analyzed automatically
Patch upgrading, to make O&M engineer free from the work of heavy complexity, by the new vulnerability information of fixed-period crawling, such as
Using existing web crawlers technology, new loophole is found in time, obtains software and the software version number that new loophole is influenced,
Then inquire whether have the software version influenced by new loophole in preset software version library, if there is where then needing to export
Host upgrades the software patch installing on the host for subsequent network operation maintenance personnel, to avoid new loophole to the peace of network to be analyzed
It causes damages entirely.Wherein, the foundation and update in software version library utilize distributed computing technology, using NMAP tool to network to be analyzed
In every host installation software version information carry out Periodic probe so that software version information is timely updated.This
The carry out loophole discovery that scheme can automate carries out inquiry comparison to software version library after having detected that new loophole generates,
Loophole processing speed is accelerated, also saves workload manual confirmation which host needs to carry out loophole patch upgrading, simultaneously
It avoids easily to slip due to artificial treatment and causes the defect of security risk to network security to be analyzed.
Preferably, the discovery method is further comprising the steps of: S0, default vulnerability information library, the vulnerability information library is used
In storage vulnerability information record, every vulnerability information record includes the title for the software that the title of loophole, loophole are influenced
With software version and whether be new loophole, the vulnerability information library is regularly updated;In step S1 in the vulnerability information library
Periodically inquiry whether there is new loophole;The leakage is obtained in the vulnerability information library according to the new loophole in step S2
Hole software-related information.
In the present solution, can be by designing the web crawlers process completion for vulnerability information issuing web site to new loophole
The crawl of information, preset in advance vulnerability information library, wherein every vulnerability information record in vulnerability information library is in addition to including loophole
Title, outside the title of software that is influenced of loophole and software version, whether further include is new loophole, subsequent step S1 and step
S2 is to inquire to complete in vulnerability information library, and vulnerability information library regularly updates, and can guarantee that vulnerability information updates timely
Property.
Preferably, the discovery method is further comprising the steps of: S4, by the host software information to be analyzed and expectation
The time that patch upgrading is completed deposits to patch information library.
In the present solution, when there is new loophole to generate, the software version information according to involved in loophole, query software version
Library obtains and needs to carry out the host software information to be analyzed of patch upgrading, by the time that the information and expectation are completed save to
Patch information library is inquired for subsequent operation maintenance personnel and Security Officer and determines patch installing upgrading plan arrangement.
Preferably, further comprising the steps of after the step S3: the host in S5, the host software information to be analyzed
The represented host of mark is destination host, is scanned using NMAP to destination host, judges to install on the destination host
The host software information to be analyzed in the version of software of dbase whether be the host software information to be analyzed
In software version, if then needing to upgrade.
In the present solution, in order to ensure the version information of the software of destination host did not make change between the update cycle,
Version confirmation program destination host current software version can be detected, and judge whether need to continue to the host into
Row patch upgrading can carry out subsequent processing, will such as need the information of the destination host of patch upgrading if necessary to patch upgrading
It is sent to operation maintenance personnel and Security Officer.
Preferably, it is primary to update the software version library periodically using NMAP to scan the network to be analyzed weekly;
The primary vulnerability information library is updated in step S0 daily.
In the present solution, preferentially selection vulnerability information library updates once daily, software version library updates weekly once, both guarantees
The timeliness that vulnerability information and software version library update, and reasonably control the influence for updating and operating normally environment to network
And workload brought by updating.
The present invention also provides a kind of discovery systems of software vulnerability, it is characterized in that, comprising: new loophole enquiry module is used
It whether there is new loophole in regular inquiry, if new loophole software is then called to obtain module;New loophole software obtains module, uses
In obtaining loophole software-related information according to the new loophole, the loophole software-related information includes the new loophole institute
The title and software version of the software of influence;Software version library inquiry module, for being existed according to the loophole software-related information
Inquiry is with the presence or absence of the software influenced by the new loophole in preset software version library, if so, exporting host to be analyzed
Software information, the host software information to be analyzed include being influenced by the new loophole of inquiring in the software version library
Dbase, host where software version and software mark;The software version library is for storing host software information, institute
State the software information that host software information is every host installation in network to be analyzed, every host software packet
Include mark, dbase and the software version of the host where software, periodically using NMAP scan the network to be analyzed with
Update the software version library.
Preferably, the discovery system further include: vulnerability information library processing module, it is described for presetting vulnerability information library
Vulnerability information library is for storing vulnerability information record, and every vulnerability information records the title for including loophole, loophole is influenced
Software title and software version and whether be new loophole, the vulnerability information library regularly updates;The new loophole inquiry
Periodically inquiry whether there is new loophole to module in the vulnerability information library;The new loophole software obtains module according to
New loophole obtains the loophole software-related information in the vulnerability information library.
Preferably, the discovery system further include: patch information library processing module is used for the host software to be analyzed
The time that information and expectation patch upgrading are completed deposits to patch information library.
Preferably, the discovery system further includes upgrading judgment module, the host in the host software information to be analyzed
The represented host of mark is destination host, and the upgrading judgment module is sentenced for being scanned using NMAP to destination host
Whether the version of the software of the dbase in the host software information to be analyzed installed on the destination host of breaking is institute
The software version in host software information to be analyzed is stated, if then needing to upgrade.
Preferably, the software version library inquiry module periodically scans the network to be analyzed using NMAP weekly with more
The new software version library is primary;Vulnerability information library processing module updates the primary vulnerability information library daily.
The positive effect of the present invention is that: the discovery method and system of software vulnerability provided by the invention passes through network
Crawlers collect vulnerability information, realize the timely acquisition of newest vulnerability information;Using distributed computing technology, treated using NMAP
It analyzes software version information in network and carries out Periodic probe, so that software version information is timely updated;When having detected
After new loophole generates, inquiry comparison is carried out to software version library, accelerates loophole processing speed, also save manual confirmation which
Host needs to carry out the workload of loophole patch upgrading.The carry out loophole discovery that the present invention can automate, rapidly and accurately certainly
There are loopholes to need patch upgrading for software on dynamic identification which host of network internal to be analyzed, and makes O&M engineer from numerous
It repeats to free in miscellaneous work, while avoiding artificial careless omission harm caused by network security.
Detailed description of the invention
Fig. 1 is the flow chart of the discovery method of the software vulnerability of the embodiment of the present invention 1.
Fig. 2 is the schematic diagram of the discovery system of the software vulnerability of the embodiment of the present invention 2.
Specific embodiment
The present invention is further illustrated below by the mode of embodiment, but does not therefore limit the present invention to the reality
It applies among a range.
Embodiment 1
As shown in Figure 1, a kind of discovery method of software vulnerability, comprising the following steps:
101, vulnerability information library is preset, vulnerability information library is for storing vulnerability information record, every vulnerability information record packet
It includes the title of loophole, the title for the software that loophole is influenced and software version and whether is new loophole, execute primary leakage daily
Hole information scratching crawlers are to update vulnerability information library.
102, periodically inquiry whether there is new loophole in vulnerability information library, if so then execute step 103;
103, loophole software-related information, loophole software-related information packet are obtained in vulnerability information library according to new loophole
Include the title and software version of the software that new loophole is influenced.
104, it is inquired in preset software version library according to loophole software-related information with the presence or absence of by new loophole shadow
Loud software, if so, thening follow the steps 105;Wherein, software version library is for storing host software information, host software information
For the software information of every host installation in network to be analyzed, every host software information includes the host where software
Mark, dbase and software version, scan network to be analyzed using NMAP once a week to update software version library.
105, the time for being analysed to host software information and it is expected that patch upgrading is completed deposits to patch information library, wait divide
Analysing host software information includes the dbase influenced by new loophole, software version and the software inquired in software version library
The mark of place host.
106, host represented by the host identification in host software information to be analyzed is destination host, using NMAP to mesh
Mark host is scanned.
107, judging the version of the software of the dbase in the host software information to be analyzed installed on destination host is
The no software version in host software information to be analyzed, if so then execute step 108;
108, destination host needs to upgrade, and information such as destination host etc. is sent to related personnel, and be recorded in data
In library, for subsequent processing.
Subsequent secure personnel can also write Hole Detection script, update Hole Detection script bank, include loophole title, inspection
Survey script name;It can also inquire in patch information library with the presence or absence of the patch upgrading note for reaching the expectation patch upgrading deadline
Record, and if it exists, then inquire Hole Detection script bank obtain be directed to the loophole detection script, using NMAP using detection script into
Row patch upgrading confirmation deletes this record if loophole has been not present from patch information library.
The discovery method of software vulnerability provided in this embodiment can be realized new vulnerability information and software version information from
Dynamicization compares, and quickly filters out the host and software information for needing to upgrade, and realizes the timely discovery and processing in time of loophole, increases
The strong timeliness of loophole processing, can prevent artificial careless omission influence caused by enterprise network security, rapidly and accurately
Automatically it finds that the software of which host in network to be analyzed needs patch upgrading, solves operation maintenance personnel from the work of heavy complexity
It releases, and then is quickly confirmed whether software all promoted completions of all hosts.
Embodiment 2
As shown in Fig. 2, a kind of discovery system of software vulnerability, including vulnerability information library processing module 1, new loophole inquire mould
Block 2, new loophole software obtain module 3, software version library inquiry module 4, patch information library processing module 5 and upgrading judgment module
6。
Wherein, vulnerability information library processing module 1 is for presetting vulnerability information library, and vulnerability information library is for storing vulnerability information
Record, every vulnerability information record include the software that the title of loophole, loophole are influenced title and software version and whether
For new loophole.Vulnerability information library processing module 1 updates a vulnerability information library daily.
New loophole enquiry module 2 is for periodically inquiry to whether there is new loophole in vulnerability information library.
New loophole software obtains module 3 for obtaining loophole related software letter in vulnerability information library according to new loophole
Breath, loophole software-related information includes the title and software version for the software that new loophole is influenced.
Software version library inquiry module 4 is used to be inquired in preset software version library according to loophole software-related information
It is no to there is the software influenced by new loophole, if so, host software information to be analyzed is exported, host software packet to be analyzed
The mark of host where including the dbase influenced by new loophole, software version and software inquired in software version library.
Wherein, software version library is every host peace in network to be analyzed for storing host software information, host software information
The software information of dress, every host software information include mark, dbase and the software version of the host where software.Software
It is primary to update software version library that version repository enquiry module 4 scans network to be analyzed using NMAP weekly.
Patch information library processing module 5 is used to be analysed to host software information and it is expected the time that patch upgrading is completed
It deposits to patch information library, wherein the time that expectation patch upgrading is completed is generally week age.
Upgrade judgment module 6 to be used for using NMAP to host represented by the host identification in host software information to be analyzed
I.e. destination host is scanned, and judges the software of the dbase in the host software information to be analyzed installed on destination host
Whether version is software version in host software information to be analyzed, if then needing to upgrade.
Although specific embodiments of the present invention have been described above, it will be appreciated by those of skill in the art that this is only
For example, protection scope of the present invention is to be defined by the appended claims.Those skilled in the art without departing substantially from
Under the premise of the principle and substance of the present invention, many changes and modifications may be made, but these change and
Modification each falls within protection scope of the present invention.
Claims (10)
1. a kind of discovery method of software vulnerability characterized by comprising
S1, periodically inquiry whether there is new loophole, if so then execute step S2;
S2, loophole software-related information is obtained according to the new loophole, the loophole software-related information includes described new
The title and software version for the software that loophole is influenced;
S3, it is inquired in preset software version library according to the loophole software-related information with the presence or absence of by the new loophole
The software of influence, if so, exporting host software information to be analyzed, the host software information to be analyzed includes the software version
The mark of host where the dbase influenced by the new loophole, software version and the software that are inquired in this library;
The software version library is every in network to be analyzed for storing host software information, the host software information
The software information of host installation, every host software information include the mark of the host where software, dbase and soft
Part version periodically scans the network to be analyzed using NMAP to update the software version library.
2. the discovery method of software vulnerability as described in claim 1, which is characterized in that the discovery method further includes following step
It is rapid:
S0, default vulnerability information library, the vulnerability information library is for storing vulnerability information record, every vulnerability information record
The title and software version of the software that title, loophole including loophole are influenced and whether be new loophole, the vulnerability information
Library regularly updates;
Periodically inquiry whether there is new loophole in the vulnerability information library in step S1;
The loophole software-related information is obtained in the vulnerability information library according to the new loophole in step S2.
3. the discovery method of software vulnerability as described in claim 1, which is characterized in that the discovery method further includes following step
It is rapid:
S4, the time that the host software information to be analyzed and expectation patch upgrading are completed is deposited to patch information library.
4. the discovery method of software vulnerability as described in any one of claims 1 to 3, which is characterized in that after the step S3
It is further comprising the steps of:
Host represented by host identification in S5, the host software information to be analyzed is destination host, using NMAP to mesh
Mark host is scanned, and judges the soft of the dbase in the host software information to be analyzed installed on the destination host
Whether the version of part is software version in the host software information to be analyzed, if then needing to upgrade.
5. the discovery method of software vulnerability as claimed in claim 2, which is characterized in that weekly periodically using described in NMAP scanning
Network to be analyzed is primary to update the software version library;The primary vulnerability information library is updated in step S0 daily.
6. a kind of discovery system of software vulnerability characterized by comprising
New loophole enquiry module, for periodically inquiring with the presence or absence of new loophole, if new loophole software is then called to obtain module;
New loophole software obtains module, and for obtaining loophole software-related information according to the new loophole, the loophole is related
Software information includes the title and software version for the software that the new loophole is influenced;
Software version library inquiry module is for being inquired in preset software version library according to the loophole software-related information
No to there is the software influenced by the new loophole, if so, exporting host software information to be analyzed, the host to be analyzed is soft
Part information includes dbase, software version and the software influenced by the new loophole inquired in the software version library
The mark of place host;
The software version library is every in network to be analyzed for storing host software information, the host software information
The software information of host installation, every host software information include the mark of the host where software, dbase and soft
Part version periodically scans the network to be analyzed using NMAP to update the software version library.
7. the discovery system of software vulnerability as claimed in claim 6, which is characterized in that the discovery system further include:
Vulnerability information library processing module, for presetting vulnerability information library, the vulnerability information library is recorded for storing vulnerability information,
Every vulnerability information record include the software that the title of loophole, loophole are influenced title and software version and whether
For new loophole, the vulnerability information library is regularly updated;
Periodically inquiry whether there is new loophole to the new loophole enquiry module in the vulnerability information library;
The new loophole software obtains module and obtains the loophole correlation in the vulnerability information library according to the new loophole
Software information.
8. the discovery system of software vulnerability as claimed in claim 6, which is characterized in that the discovery system further include: patch
Information bank processing module, the time for completing the host software information to be analyzed and expectation patch upgrading deposit to patch
Information bank.
9. such as the discovery system of the described in any item software vulnerabilities of claim 6 to 8, which is characterized in that the discovery system is also
Including upgrading judgment module,
Host represented by host identification in the host software information to be analyzed is destination host, the upgrading judgment module
For using NMAP to be scanned destination host, the host software information to be analyzed installed on the destination host is judged
In the version of software of dbase whether be software version in the host software information to be analyzed, if then needing to rise
Grade.
10. the discovery system of software vulnerability as claimed in claim 7, which is characterized in that the software version library inquiry module
It is primary to update the software version library periodically using NMAP to scan the network to be analyzed weekly;At the vulnerability information library
Reason module updates the primary vulnerability information library daily.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711400076.3A CN109977672A (en) | 2017-12-22 | 2017-12-22 | The discovery method and system of software vulnerability |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711400076.3A CN109977672A (en) | 2017-12-22 | 2017-12-22 | The discovery method and system of software vulnerability |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109977672A true CN109977672A (en) | 2019-07-05 |
Family
ID=67072111
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711400076.3A Withdrawn CN109977672A (en) | 2017-12-22 | 2017-12-22 | The discovery method and system of software vulnerability |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109977672A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110569648A (en) * | 2019-09-16 | 2019-12-13 | 杭州安恒信息技术股份有限公司 | method and device for organizing version cave library |
CN110647344A (en) * | 2019-09-27 | 2020-01-03 | 上海赛可出行科技服务有限公司 | Vulnerability-containing software automatic updating method based on Internet |
CN112579476A (en) * | 2021-02-23 | 2021-03-30 | 北京北大软件工程股份有限公司 | Method and device for aligning vulnerability and software and storage medium |
CN114021144A (en) * | 2021-11-08 | 2022-02-08 | 安天科技集团股份有限公司 | Software vulnerability detection method and device, computer equipment and storage medium |
-
2017
- 2017-12-22 CN CN201711400076.3A patent/CN109977672A/en not_active Withdrawn
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110569648A (en) * | 2019-09-16 | 2019-12-13 | 杭州安恒信息技术股份有限公司 | method and device for organizing version cave library |
CN110569648B (en) * | 2019-09-16 | 2021-07-27 | 杭州安恒信息技术股份有限公司 | Method and device for organizing version cave library |
CN110647344A (en) * | 2019-09-27 | 2020-01-03 | 上海赛可出行科技服务有限公司 | Vulnerability-containing software automatic updating method based on Internet |
CN112579476A (en) * | 2021-02-23 | 2021-03-30 | 北京北大软件工程股份有限公司 | Method and device for aligning vulnerability and software and storage medium |
CN114021144A (en) * | 2021-11-08 | 2022-02-08 | 安天科技集团股份有限公司 | Software vulnerability detection method and device, computer equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106503564B (en) | The discovery method and system of software vulnerability | |
CN109977672A (en) | The discovery method and system of software vulnerability | |
US9715588B2 (en) | Method of detecting a malware based on a white list | |
US8667583B2 (en) | Collecting and analyzing malware data | |
CN101924762B (en) | Cloud security-based active defense method | |
EP2893447B1 (en) | Systems and methods for automated memory and thread execution anomaly detection in a computer network | |
US8429642B1 (en) | Viral updating of software based on neighbor software information | |
CN101923617B (en) | Cloud-based sample database dynamic maintaining method | |
WO2016060067A1 (en) | Specification device, specification method, and specification program | |
CN109918907B (en) | Method, controller and medium for obtaining evidence of malicious codes in process memory of Linux platform | |
CN104573515A (en) | Virus processing method, device and system | |
CN1610887A (en) | Automated computer vulnerability resolution system | |
CN107302530B (en) | Industrial control system attack detection device based on white list and detection method thereof | |
CN103607381B (en) | White list generation method, malicious program detection method, client and server | |
CN105743877A (en) | Network security threat information processing method and system | |
CN109360029B (en) | Self-management method of remote terminal advertising machine | |
US20130254524A1 (en) | Automated configuration change authorization | |
CN103428212A (en) | Malicious code detection and defense method | |
CN111859399A (en) | Vulnerability detection method and device based on oval | |
CN112738115A (en) | Advanced persistent attack detection method, apparatus, computer device and medium | |
CN112528279A (en) | Method and device for establishing intrusion detection model | |
CN103684900A (en) | Business polling method and system | |
US20090292675A1 (en) | System for Notification of Group Membership Changes in Directory Service | |
CN107463493B (en) | Test system and test method for host computer anti-virus product | |
US10671725B2 (en) | Malicious process tracking |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20190705 |
|
WW01 | Invention patent application withdrawn after publication |