CN112202867A - Workflow node disposal method and system applied to network security environment - Google Patents

Workflow node disposal method and system applied to network security environment Download PDF

Info

Publication number
CN112202867A
CN112202867A CN202011030185.2A CN202011030185A CN112202867A CN 112202867 A CN112202867 A CN 112202867A CN 202011030185 A CN202011030185 A CN 202011030185A CN 112202867 A CN112202867 A CN 112202867A
Authority
CN
China
Prior art keywords
flow
recommended
resource library
candidate
node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202011030185.2A
Other languages
Chinese (zh)
Inventor
董方辉
王蒙
李兴国
苗功勋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING ZHONGFU TAIHE TECHNOLOGY DEVELOPMENT CO LTD
Nanjing Zhongfu Information Technology Co Ltd
Zhongfu Information Co Ltd
Zhongfu Safety Technology Co Ltd
Original Assignee
BEIJING ZHONGFU TAIHE TECHNOLOGY DEVELOPMENT CO LTD
Nanjing Zhongfu Information Technology Co Ltd
Zhongfu Information Co Ltd
Zhongfu Safety Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING ZHONGFU TAIHE TECHNOLOGY DEVELOPMENT CO LTD, Nanjing Zhongfu Information Technology Co Ltd, Zhongfu Information Co Ltd, Zhongfu Safety Technology Co Ltd filed Critical BEIJING ZHONGFU TAIHE TECHNOLOGY DEVELOPMENT CO LTD
Priority to CN202011030185.2A priority Critical patent/CN112202867A/en
Publication of CN112202867A publication Critical patent/CN112202867A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/10Complex mathematical operations
    • G06F17/16Matrix or vector computation, e.g. matrix-matrix or matrix-vector multiplication, matrix factorization
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/22Matching criteria, e.g. proximity measures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computational Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Analysis (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Computer Hardware Design (AREA)
  • Evolutionary Computation (AREA)
  • Artificial Intelligence (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Evolutionary Biology (AREA)
  • Algebra (AREA)
  • Databases & Information Systems (AREA)
  • Software Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides a workflow node disposal method and a system applied to a network security environment, which delete the processes which do not meet the process matching degree in a process resource library from the process resource library to construct a candidate process set, and finds the flows satisfying the given flow matching degree with the recommended flow p in the candidate flow set, extracts the flow path taking the ending node of the flow p as the starting node from each found flow as the recommended flow path to form the recommended flow path set, thereby realizing the disposal of workflow nodes, meeting the diversity of the flow, being suitable for complex and diversified flow scenes, and through the breadth-first search algorithm, the execution efficiency is high, the intelligent matching is realized, the flow does not need to be solidified and realized in a complicated manner, and the automatic matching and dynamic adjustment efficiency of the event handling flow nodes is greatly improved. The present invention is not limited to current network security environments and can be abstractly used in more generalized scenarios.

Description

Workflow node disposal method and system applied to network security environment
Technical Field
The present invention relates to the field of network security technologies, and in particular, to a method and a system for processing workflow nodes in a network security environment.
Background
Big data in a network security environment has great data type diversity, such as hundreds of security events of different subclasses under the major categories of virus checking and killing, identity authentication, operation and maintenance monitoring and the like, and the diverse security event processing closes the flow, so different disposal schemes are inevitably used, and further, personnel of various roles of different units and different departments are involved.
The number of traditional business processes may be large, but most of the business processes are single in scene and type, the whole business processes are not complex, most of the nodes and the hierarchies are fixed or not changed greatly, for example, several fixed roles are configured, the processes flow in the middle period, the diversity is not too much, and therefore, the process configuration modes which can be referred to in the industry at present are not too many.
Disclosure of Invention
The invention aims to provide a workflow node disposal method and a workflow node disposal system applied to a network security environment, which aim to solve the problem of low efficiency of event disposal of workflow nodes in the prior art and improve the efficiency of automatic matching and dynamic adjustment of event disposal process nodes.
To achieve the above technical object, the present invention provides a workflow node handling method applied to a network security environment, the method including the operations of:
s1, recording process data and constructing a process resource library;
s2, deleting the processes which do not meet the process matching degree with the recommended process p from the process resource library, wherein the rest process resource library forms a candidate process set;
and S3, finding the flows which meet the given flow matching degree with the recommended flow p from the candidate flow set, and extracting the flow path which takes the ending node of the flow p as the starting node from each found flow as the recommended flow path to form the recommended flow path set.
Preferably, the step S2 is as follows:
traversing each process q in the process resource library, and searching the breadth-first search sequence depth H in the process resource libraryqBreadth-first search sequence depth H less than recommended flow ppThe process of (1) is eliminated;
number of nodes NqNumber of nodes N less than recommended procedure ppThe process of (1) is eliminated;
the node difference sets of the process p and the process q are diffset, and the number of the node difference sets is more than a threshold value Hp*(1-θRH) Is excluded from the flow path ofRHMatching a threshold value of depth for the flow;
and adding the excluded processes into a candidate process set.
Preferably, the step S3 is specifically:
traversing each flow q in the candidate flow set, and constructing a flow matrix according to the breadth-first search sequences of the two flows;
calculating the matrix path distance of each group of flow matrixes;
when the distance of the matrix path is larger than the flow matching precision threshold thetaDAnd adding the nodes into the recommended flow path set.
Preferably, the flow matrix is:
Figure BDA0002703425770000021
wherein psi (p)i,qj) As a comparison function of sequence elements:
Figure BDA0002703425770000022
the invention also provides a workflow node disposal system applied to a network security environment, which comprises:
the process resource library construction module is used for inputting process data and constructing a process resource library;
the candidate process set building module is used for deleting the processes which do not meet the process matching degree with the recommended process p from the process resource library, and the rest process resource library part forms a candidate process set;
and the recommended flow path set building module is used for finding the flows which meet the given flow matching degree with the recommended flow p from the candidate flow set, and extracting the flow path which takes the end node of the flow p as the initial node from each found flow as the recommended flow path to form the recommended flow path set.
Preferably, the candidate process set is a process resource library excluding breadth-first search sequence depth HqBreadth-first search sequence depth H less than recommended flow ppFlow and number of nodes NqNumber of nodes N less than recommended procedure ppAnd the number of node difference sets is greater than a threshold value Hp*(1-θRH) The section after the flow of (1).
Preferably, each flow q in the candidate flow set is constructed as a flow matrix according to the breadth-first search sequences of the two flows, and the path distance in the matrix is greater than the flow matching precision threshold θDThe nodes of (a) constitute a set of recommended flow paths.
Preferably, the flow matrix is:
Figure BDA0002703425770000031
wherein psi (p)i,qj) As a comparison function of sequence elements:
Figure BDA0002703425770000032
the effect provided in the summary of the invention is only the effect of the embodiment, not all the effects of the invention, and one of the above technical solutions has the following advantages or beneficial effects:
compared with the prior art, the method and the device have the advantages that the processes which do not meet the process matching degree in the process resource library are deleted from the process resource library, the candidate process set is constructed, the processes which meet the given process matching degree with the recommended process p are found in the candidate process set, the process path which takes the end node of the process p as the starting node is extracted from each found process and serves as the recommended process path, and the recommended process path set is formed, so that the disposal of the workflow nodes is realized. The present invention is not limited to current network security environments and can be abstractly used in more generalized scenarios.
Drawings
Fig. 1 is a flowchart of a workflow node handling method applied to a network security environment according to an embodiment of the present invention;
fig. 2 is a block diagram of a workflow node handling system applied to a network security environment provided in an embodiment of the present invention.
Detailed Description
In order to clearly explain the technical features of the present invention, the following detailed description of the present invention is provided with reference to the accompanying drawings. The following disclosure provides many different embodiments, or examples, for implementing different features of the invention. To simplify the disclosure of the present invention, the components and arrangements of specific examples are described below. Furthermore, the present invention may repeat reference numerals and/or letters in the various examples. This repetition is for the purpose of simplicity and clarity and does not in itself dictate a relationship between the various embodiments and/or configurations discussed. It should be noted that the components illustrated in the figures are not necessarily drawn to scale. Descriptions of well-known components and processing techniques and procedures are omitted so as to not unnecessarily limit the invention.
The following describes a workflow node handling method and system applied to a network security environment according to an embodiment of the present invention in detail with reference to the accompanying drawings.
As shown in fig. 1, an embodiment of the present invention discloses a method for handling a workflow node applied to a network security environment, where the method includes the following operations:
inputting process data and constructing a process resource library;
deleting the flows which do not meet the matching degree of the recommended flows p from the flow resource library, wherein the rest flow resource library part forms a candidate flow set;
and finding the flows meeting the given flow matching degree with the recommended flow p from the candidate flow set, and extracting a flow path taking the end node of the flow p as the initial node from each found flow as a recommended flow path to form a recommended flow path set.
In the preprocessing process, a process resource library is constructed through a breadth-first search algorithm, manual identification and data entry are adopted, and the process resource library is kept unchanged under the condition that no new process is added, which is equivalent to an initialization process.
According to the recommended flow p, the flow resource library and the threshold theta of the flow matching depthRHAcquiring a single process p in the process resource library, wherein the breadth of the process p is prior to the depth H of the search sequencepBreadth-first search sequence depth H of flow qqNumber of nodes N of flow ppNumber of nodes N of flow qq
Constructing a candidate process set, deleting processes which cannot meet the process matching degree from the process resource library, and forming the candidate process set by the finally remaining process resource library part, wherein the steps are as follows:
traversing each process q in the process resource library, and searching the breadth-first search sequence depth H in the process resource libraryqBreadth-first search sequence depth H less than recommended flow ppThe process of (1) is eliminated;
number of nodes NqNumber of nodes N less than recommended procedure ppThe process of (1) is eliminated;
the node difference sets of the process p and the process q are diffset, and the number of the node difference sets is more than a threshold value Hp*(1-θRH) The process of (1) is eliminated;
and adding the excluded processes into a candidate process set.
And constructing a recommended flow path set, finding the flows which meet the given flow matching degree with the recommended flow p from the candidate flow set, and extracting a flow path which takes the end node of the flow p as the initial node from each found flow as the recommended flow path.
Let S (P) be { p1,p2,L,pmAnd s (q) ═ q1,q2,L,qnAnd represents a set of two flows respectively, representing a breadth-first search criterion sequence. The comparison function for the sequence elements is:
Figure BDA0002703425770000051
the flow matrix is normalized to:
Figure BDA0002703425770000052
according to the recommended process p, the candidate process set CPS and the process matching depth threshold thetaRHThreshold of flow matching accuracy θDThe candidate process sets a single process q, and the breadth-first search sequence B of the process qqBreadth-first search sequence B of Process pp
Traversing each flow q in the candidate flow set, and constructing a flow matrix according to the breadth-first search sequences of the two flows;
calculating the matrix path distance of each group of flow matrixes;
when the distance of the matrix path is larger than the flow matching precision threshold thetaDAnd adding the nodes into the recommended flow path set.
At the time of threshold setting, when the flow matching depth threshold θ is setRHAnd a flow matching accuracy threshold thetaDIf the set value is 1, the recommendation is accurate, and if the set value is not 1, the recommendation is fuzzy.
The method and the device have the advantages that the processes which do not meet the process matching degree in the process resource library are deleted from the process resource library, the candidate process set is constructed, the processes which meet the given process matching degree with the recommended process p are found in the candidate process set, the process path which takes the end node of the process p as the initial node is extracted from each found process and serves as the recommended process path, the recommended process path set is formed, and therefore the treatment of the workflow nodes is achieved. The present invention is not limited to current network security environments and can be abstractly used in more generalized scenarios.
As shown in fig. 2, an embodiment of the present invention further discloses a workflow node handling system applied to a network security environment, where the system includes:
the process resource library construction module is used for inputting process data and constructing a process resource library;
the candidate process set building module is used for deleting the processes which do not meet the process matching degree with the recommended process p from the process resource library, and the rest process resource library part forms a candidate process set;
and the recommended flow path set building module is used for finding the flows which meet the given flow matching degree with the recommended flow p from the candidate flow set, and extracting the flow path which takes the end node of the flow p as the initial node from each found flow as the recommended flow path to form the recommended flow path set.
In the preprocessing process, a process resource library is constructed through a breadth-first search algorithm, manual identification and data entry are adopted, and the process resource library is kept unchanged under the condition that no new process is added, which is equivalent to an initialization process.
According to the recommended flow p, the flow resource library and the threshold theta of the flow matching depthRHAcquiring a single process p in the process resource library, wherein the breadth of the process p is prior to the depth H of the search sequencepBreadth-first search sequence depth H of flow qqNumber of nodes N of flow ppNumber of nodes N of flow qq
Constructing a candidate process set, deleting processes which cannot meet the process matching degree from the process resource library, and forming the candidate process set by the finally remaining process resource library part, wherein the steps are as follows:
traversing each process q in the process resource library, and searching the breadth-first search sequence depth H in the process resource libraryqBreadth-first search sequence depth H less than recommended flow ppThe process of (1) is eliminated;
number of nodes NqNumber of nodes N less than recommended procedure ppThe process of (1) is eliminated;
the node difference sets of the process p and the process q are diffset, and the number of the node difference sets is more than a threshold value Hp*(1-θRH) The process of (1) is eliminated;
and adding the excluded processes into a candidate process set.
And constructing a recommended flow path set, finding the flows which meet the given flow matching degree with the recommended flow p from the candidate flow set, and extracting a flow path which takes the end node of the flow p as the initial node from each found flow as the recommended flow path.
Let S (P) be { p1,p2,L,pmAnd s (q) ═ q1,q2,L,qnAnd represents a set of two flows respectively, representing a breadth-first search criterion sequence. The comparison function for the sequence elements is:
Figure BDA0002703425770000071
the flow matrix is normalized to:
Figure BDA0002703425770000072
according to the recommended process p, the candidate process set CPS and the process matching depth threshold thetaRHThreshold of flow matching accuracy θDThe candidate process sets a single process q, and the breadth-first search sequence B of the process qqBreadth-first search sequence B of Process pp
Traversing each flow q in the candidate flow set, and constructing a flow matrix according to the breadth-first search sequences of the two flows;
calculating the matrix path distance of each group of flow matrixes;
when the distance of the matrix path is larger than the flow matching precision threshold thetaDAnd adding the nodes into the recommended flow path set.
At the time of threshold setting, when the flow matching depth threshold θ is setRHAnd a flow matching accuracy threshold thetaDIf the set value is 1, the recommendation is accurate, and if the set value is not 1, the recommendation is fuzzy.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims (8)

1. A method of workflow node handling for application in a network security environment, the method comprising the operations of:
s1, recording process data and constructing a process resource library;
s2, deleting the processes which do not meet the process matching degree with the recommended process p from the process resource library, wherein the rest process resource library forms a candidate process set;
and S3, finding the flows which meet the given flow matching degree with the recommended flow p from the candidate flow set, and extracting the flow path which takes the ending node of the flow p as the starting node from each found flow as the recommended flow path to form the recommended flow path set.
2. The method for handling workflow nodes applied to network security environment according to claim 1, wherein the step S2 is as follows:
traversing each process q in the process resource library, and searching the breadth-first search sequence depth H in the process resource libraryqBreadth-first search sequence depth H less than recommended flow ppThe process of (1) is eliminated;
number of nodes NqNumber of nodes N less than recommended procedure ppThe process of (1) is eliminated;
the node difference sets of the process p and the process q are diffset, and the number of the node difference sets is more than a threshold value Hp*(1-θRH) Is excluded from the flow path ofRHMatching a threshold value of depth for the flow;
and adding the excluded processes into a candidate process set.
3. The method for handling workflow nodes applied to a network security environment according to claim 1, wherein the step S3 is specifically as follows:
traversing each flow q in the candidate flow set, and constructing a flow matrix according to the breadth-first search sequences of the two flows;
calculating the matrix path distance of each group of flow matrixes;
when the distance of the matrix path is larger than the flow matching precision threshold thetaDAnd adding the nodes into the recommended flow path set.
4. The method of claim 3, wherein the flow matrix is:
Figure FDA0002703425760000021
wherein psi (p)i,qj) As a comparison function of sequence elements:
Figure FDA0002703425760000022
5. a workflow node disposal system for application in a network security environment, the system comprising:
the process resource library construction module is used for inputting process data and constructing a process resource library;
the candidate process set building module is used for deleting the processes which do not meet the process matching degree with the recommended process p from the process resource library, and the rest process resource library part forms a candidate process set;
and the recommended flow path set building module is used for finding the flows which meet the given flow matching degree with the recommended flow p from the candidate flow set, and extracting the flow path which takes the end node of the flow p as the initial node from each found flow as the recommended flow path to form the recommended flow path set.
6. The system as claimed in claim 5, wherein the candidate process set is a process resource library excluding breadth-first search sequence depth HqBreadth-first search sequence depth H less than recommended flow ppFlow and number of nodes NqNumber of nodes N less than recommended procedure ppAnd the number of node difference sets is greater than a threshold value Hp*(1-θRH) The section after the flow of (1).
7. Workflow node handling system applied to a network security environment according to claim 5Each flow q in the candidate flow set is constructed as a flow matrix according to the breadth-first search sequences of the two flows, and the distance of the paths in the matrix is greater than a flow matching precision threshold thetaDThe nodes of (a) constitute a set of recommended flow paths.
8. The system of claim 5, wherein the flow matrix is:
Figure FDA0002703425760000031
wherein psi (p)i,qj) As a comparison function of sequence elements:
Figure FDA0002703425760000032
CN202011030185.2A 2020-09-27 2020-09-27 Workflow node disposal method and system applied to network security environment Withdrawn CN112202867A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011030185.2A CN112202867A (en) 2020-09-27 2020-09-27 Workflow node disposal method and system applied to network security environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011030185.2A CN112202867A (en) 2020-09-27 2020-09-27 Workflow node disposal method and system applied to network security environment

Publications (1)

Publication Number Publication Date
CN112202867A true CN112202867A (en) 2021-01-08

Family

ID=74007356

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011030185.2A Withdrawn CN112202867A (en) 2020-09-27 2020-09-27 Workflow node disposal method and system applied to network security environment

Country Status (1)

Country Link
CN (1) CN112202867A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112785194A (en) * 2021-02-04 2021-05-11 中国地质大学(北京) Workflow recommendation method and device, readable storage medium and electronic equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110246483A1 (en) * 2006-03-21 2011-10-06 21St Century Technologies, Inc. Pattern Detection and Recommendation
CN103400227A (en) * 2013-08-05 2013-11-20 浙江大学 Graph mining and graph distance-based flow recommendation method
CN111062757A (en) * 2019-12-17 2020-04-24 山大地纬软件股份有限公司 Information recommendation method and system based on multi-path optimization matching

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110246483A1 (en) * 2006-03-21 2011-10-06 21St Century Technologies, Inc. Pattern Detection and Recommendation
CN103400227A (en) * 2013-08-05 2013-11-20 浙江大学 Graph mining and graph distance-based flow recommendation method
CN111062757A (en) * 2019-12-17 2020-04-24 山大地纬软件股份有限公司 Information recommendation method and system based on multi-path optimization matching

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
叶岩明等: ""基于流程规整矩阵的流程推荐技术"", 《计算机集成制造***》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112785194A (en) * 2021-02-04 2021-05-11 中国地质大学(北京) Workflow recommendation method and device, readable storage medium and electronic equipment
CN112785194B (en) * 2021-02-04 2024-01-26 中国地质大学(北京) Workflow recommendation method and device, readable storage medium and electronic equipment

Similar Documents

Publication Publication Date Title
US20240163684A1 (en) Method and System for Constructing and Analyzing Knowledge Graph of Wireless Communication Network Protocol, and Device and Medium
CN110046297B (en) Operation and maintenance violation identification method and device and storage medium
CN109150859B (en) Botnet detection method based on network traffic flow direction similarity
CN114915478A (en) Multi-Agent-based network attack scene identification method for intelligent park industrial control system based on distributed correlation analysis
CN109446816A (en) A kind of user behavior analysis method based on big data platform audit log
CN111709022B (en) Hybrid alarm association method based on AP clustering and causal relationship
CN115378733A (en) Multi-step attack scene construction method and system based on dynamic graph embedding
CN110333990B (en) Data processing method and device
CN112202867A (en) Workflow node disposal method and system applied to network security environment
CN116668082A (en) Lateral movement attack detection method and system based on heterogeneous graph network
CN112887323B (en) Network protocol association and identification method for industrial internet boundary security
Yang et al. Deep learning-based reverse method of binary protocol
CN116545733A (en) Power grid intrusion detection method and system
CN114661658B (en) Data analysis method and system applied to remote video conference
CN107622201B (en) A kind of Android platform clone's application program rapid detection method of anti-reinforcing
CN116418565A (en) Domain name detection method based on attribute heterograph neural network
Ju et al. A robust approach to adversarial attack on tabular data for classification algorithm testing
CN113162904B (en) Power monitoring system network security alarm evaluation method based on probability graph model
CN111586052B (en) Multi-level-based crowd sourcing contract abnormal transaction identification method and identification system
CN112118259B (en) Unauthorized vulnerability detection method based on classification model of lifting tree
CN110781309A (en) Entity parallel relation similarity calculation method based on pattern matching
Mařík Threshold Selection Based on Extreme Value Theory
CN114553580B (en) Network attack detection method and device based on rule generalization and attack reconstruction
CN111125699B (en) Malicious program visual detection method based on deep learning
CN114037004A (en) IP network attack group classification method based on behavior sequence

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20210108