CN112257076A - Vulnerability detection method based on random detection algorithm and information aggregation - Google Patents
Vulnerability detection method based on random detection algorithm and information aggregation Download PDFInfo
- Publication number
- CN112257076A CN112257076A CN202011254177.6A CN202011254177A CN112257076A CN 112257076 A CN112257076 A CN 112257076A CN 202011254177 A CN202011254177 A CN 202011254177A CN 112257076 A CN112257076 A CN 112257076A
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- vulnerability detection
- information
- information aggregation
- method based
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 81
- 230000002776 aggregation Effects 0.000 title claims abstract description 41
- 238000004220 aggregation Methods 0.000 title claims abstract description 41
- 238000004422 calculation algorithm Methods 0.000 title claims abstract description 26
- 230000006870 function Effects 0.000 claims abstract description 32
- 238000013528 artificial neural network Methods 0.000 claims abstract description 20
- 239000013598 vector Substances 0.000 claims abstract description 19
- 238000012549 training Methods 0.000 claims abstract description 17
- 230000002159 abnormal effect Effects 0.000 claims abstract description 10
- 230000000306 recurrent effect Effects 0.000 claims abstract description 10
- 238000012545 processing Methods 0.000 claims abstract description 4
- 238000012216 screening Methods 0.000 claims description 7
- 238000003066 decision tree Methods 0.000 claims description 6
- 239000011159 matrix material Substances 0.000 claims description 6
- 230000003068 static effect Effects 0.000 claims description 6
- 238000004088 simulation Methods 0.000 claims description 4
- 230000006399 behavior Effects 0.000 claims description 3
- 238000004364 calculation method Methods 0.000 claims description 3
- 210000002569 neuron Anatomy 0.000 claims description 3
- 238000007781 pre-processing Methods 0.000 claims description 3
- 238000000605 extraction Methods 0.000 abstract description 5
- 230000009471 action Effects 0.000 abstract description 4
- 238000010801 machine learning Methods 0.000 abstract description 4
- 238000000034 method Methods 0.000 abstract description 4
- 238000007637 random forest analysis Methods 0.000 abstract description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000012038 vulnerability analysis Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/53—Decompilation; Disassembly
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/045—Combinations of networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Health & Medical Sciences (AREA)
- Evolutionary Computation (AREA)
- Molecular Biology (AREA)
- Data Mining & Analysis (AREA)
- Computational Linguistics (AREA)
- Biophysics (AREA)
- Mathematical Physics (AREA)
- Biomedical Technology (AREA)
- Artificial Intelligence (AREA)
- Life Sciences & Earth Sciences (AREA)
- Health & Medical Sciences (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A vulnerability detection method based on a random detection algorithm and information aggregation comprises the steps of establishing an information collection; decompiling; establishing a binary training set; establishing a vulnerability detection model; judging abnormal points by the vulnerability detection model; and (5) processing the vulnerability. According to the method, through the information aggregation module, network data flow information in each module of the software is collected, screened, organized and integrated for many times to obtain a binary training set with high purity, then a vulnerability detection model is established under the action of the radial basis function neural network and the recurrent neural network, the detection capability of the model on possible security vulnerabilities in the binary software is continuously improved through machine learning, meanwhile, the random forest algorithm is adopted, the accuracy of extraction of functions and corresponding feature vectors of a binary program to be detected is improved, and the purpose of rapid and accurate vulnerability detection is achieved.
Description
Technical Field
The invention relates to the field of vulnerability detection, in particular to a vulnerability detection method based on a random detection algorithm and information aggregation.
Background
With the rapid development of computer information technology, network space security is increasingly important, because network events caused by software bugs are in a high-incidence trend, great threat is caused to network space security, and a bug analysis technology becomes a research hotspot in the field of network security.
The vulnerability detection is an important branch of vulnerability analysis technology, and mostly starts from the existing vulnerability, similar vulnerabilities with homologous relations are searched, and even undisclosed vulnerabilities are found according to vulnerability code characteristics. However, when the existing vulnerability detection method is used for feature extraction, the number of samples is large and complicated, so that the working efficiency of a vulnerability detection model is low, and the accuracy and pertinence of vulnerability detection are further influenced.
In order to solve the above problems, the present application provides a vulnerability detection method based on a random detection algorithm and information aggregation.
Disclosure of Invention
Objects of the invention
The invention provides a vulnerability detection method based on a random detection algorithm and information aggregation, which comprises the steps of collecting, screening, organizing and integrating network data stream information in each module of software for multiple times through an information aggregation module to obtain a binary training set with high purity, establishing a vulnerability detection model by matching with the action of a radial basis function neural network and a recurrent neural network, continuously improving the detection capability of the model on possible security vulnerabilities in binary software through machine learning, and simultaneously improving the accuracy of the function of a binary program to be detected and the corresponding feature vector extraction by adopting a random forest algorithm to achieve the purpose of rapid and accurate vulnerability detection.
(II) technical scheme
In order to solve the problems, the invention provides a vulnerability detection method based on a random detection algorithm and information aggregation, which comprises the following steps:
s1, establishing an information aggregation module, and acquiring, screening, organizing and integrating network data flow information in each module of the software to obtain an information collection consisting of java/C + + codes;
s2, performing decompiling by taking byte codes as the minimum unit in the information collection to obtain operation codes corresponding to the byte codes one by one;
s3, extracting the lightweight static features of the operation codes, and simultaneously, collecting, screening, organizing and integrating all extracted feature information again by the information aggregation module to establish a binary training set;
s4, extracting functions and corresponding feature vectors in the binary training set, and linking and matching the functions and the corresponding feature vectors with a random algorithm to obtain a vulnerability detection model;
s5, continuously acquiring new dynamic features and static features by the information aggregation module, and perfecting the vulnerability detection model;
s6, the vulnerability detection model carries out vulnerability detection on the binary program, the extracted function of the binary program to be detected and the corresponding characteristic vector are input into the vulnerability detection model, the vulnerability detection model is compared with the function of the binary program with known vulnerabilities and the corresponding characteristic vector, the similarity is analyzed, and abnormal points are judged;
s7, fitting the abnormal points of the binary program to be detected to T decision trees, and calculating the depth h of the leaf node of the sample on each decision treet(x) Therefore, the average height h (x) can be calculated to obtain the abnormal probability, and the calculation formula is as follows:
the expression of (c) (m) is:
xi is the Euler constant; s (x, m) is in the range of [0,1 ]]The closer the value is to 1, the greater the probability of being an outlier is;
and S8, sending the judgment result to the vulnerability processing module.
Preferably, a radial basis function neural network and a recurrent neural network are adopted to perfect the vulnerability detection model.
Preferably, the radial basis function neural network is provided with a first input layer, a hidden layer and a second output layer; the first input layer and the second output layer are positioned at the upper end and the lower end of the hidden layer.
Preferably, the weight between adjacent neurons is initially 1, varying with the degree of training.
Preferably, the recurrent neural network cuts the time series data in the training set to obtain a time series matrix, and then returns the time series matrix to the vulnerability detection model.
Preferably, in S3, the information aggregation module removes the operation codes in the information collection whose content repetition rate is higher than the repetition threshold, and counts the number of operation code samples.
Preferably, in S3, the statistics of the information aggregation module are purified by using the kini index.
Preferably, the information aggregation module converts the codes in the information collection into XML texts.
Preferably, each node of the XML text is taken as a minimum unit during feature information collection, and syntax, semantics and function behaviors are taken as collection targets, and the feature information is divided into a basic information feature, a binary operator feature, a code complexity feature and a path feature.
Preferably, the preprocessing module is configured to preprocess the binary program to be detected, and extract the code function and the corresponding feature vector.
Preferably, in S8, a simulation attack module is provided to simulate an attack on each detected vulnerability and verify the risk level of the vulnerability.
The technical scheme of the invention has the following beneficial technical effects:
according to the method, through the information aggregation module, network data flow information in each module of the software is collected, screened, organized and integrated for many times to obtain a binary training set with high purity, then a vulnerability detection model is established under the action of the radial basis function neural network and the recurrent neural network, the detection capability of the model on possible security vulnerabilities in the binary software is continuously improved through machine learning, meanwhile, the random forest algorithm is adopted, the accuracy of extraction of functions and corresponding feature vectors of a binary program to be detected is improved, and the purpose of rapid and accurate vulnerability detection is achieved.
Drawings
Fig. 1 is a flowchart of a vulnerability detection method based on a random detection algorithm and information aggregation according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail with reference to the accompanying drawings in conjunction with the following detailed description. It should be understood that the description is intended to be exemplary only, and is not intended to limit the scope of the present invention. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present invention.
As shown in fig. 1, the vulnerability detection method based on the random detection algorithm and the information aggregation provided by the present invention includes the following steps:
s1, establishing an information aggregation module, and acquiring, screening, organizing and integrating network data flow information in each module of the software to obtain an information collection consisting of java/C + + codes;
s2, performing decompiling by taking byte codes as the minimum unit in the information collection to obtain operation codes corresponding to the byte codes one by one;
s3, extracting the lightweight static features of the operation codes, and simultaneously, collecting, screening, organizing and integrating all extracted feature information again by the information aggregation module to establish a binary training set;
s4, extracting functions and corresponding feature vectors in the binary training set, and linking and matching the functions and the corresponding feature vectors with a random algorithm to obtain a vulnerability detection model;
s5, continuously acquiring new dynamic features and static features by the information aggregation module, and perfecting the vulnerability detection model;
s6, the vulnerability detection model carries out vulnerability detection on the binary program, the extracted function of the binary program to be detected and the corresponding characteristic vector are input into the vulnerability detection model, the vulnerability detection model is compared with the function of the binary program with known vulnerabilities and the corresponding characteristic vector, the similarity is analyzed, and abnormal points are judged;
s7, fitting the abnormal points of the binary program to be detected to T decision trees, and calculating the depth h of the leaf node of the sample on each decision treet(x) Therefore, the average height h (x) can be calculated to obtain the abnormal probability, and the calculation formula is as follows:
the expression of (c) (m) is:
xi is the Euler constant; s (x, m) is in the range of [0,1 ]]The closer the value is to 1, the greater the probability of being an outlier is;
and S8, sending the judgment result to the vulnerability processing module.
In an optional embodiment, the vulnerability detection model is perfected by adopting a radial basis function neural network and a recurrent neural network.
In an alternative embodiment, the radial basis function neural network is provided with a first input layer, a hidden layer and a second output layer; the first input layer and the second output layer are positioned at the upper end and the lower end of the hidden layer.
In an alternative embodiment, the weight between adjacent neurons starts at 1 and varies with the degree of training.
In an optional embodiment, the recurrent neural network cuts the time series data in the training set to obtain a time series matrix, and then returns the time series matrix to the vulnerability detection model.
In an alternative embodiment, in S3, the information aggregation module removes the operation codes in the information collection whose content repetition rate is higher than the repetition threshold, and counts the number of operation code samples.
In an alternative embodiment, in S3, the statistics of the information aggregation module are purified using the kini index.
In an alternative embodiment, the information aggregation module translates the code within the collection of information into XML text.
In an optional embodiment, when feature information is collected, each node of an XML text is taken as a minimum unit, and grammar, semantics and function behaviors are taken as collection targets, and the feature information is divided into a basic information feature, a binary operator feature, a code complexity feature and a path feature.
In an optional embodiment, the preprocessing module is configured to preprocess the binary program to be detected, and extract the code function and the corresponding feature vector.
In an optional embodiment, in S8, a simulation attack module is provided to perform attack simulation on each detected vulnerability and verify the risk level of the vulnerability.
According to the method, through the information aggregation module, network data flow information in each module of the software is collected, screened, organized and integrated for many times to obtain a binary training set with high purity, then a vulnerability detection model is established under the action of the radial basis function neural network and the recurrent neural network, the detection capability of the model on possible security vulnerabilities in the binary software is continuously improved through machine learning, meanwhile, the random forest algorithm is adopted, the accuracy of extraction of functions and corresponding feature vectors of a binary program to be detected is improved, and the purpose of rapid and accurate vulnerability detection is achieved.
It is to be understood that the above-described embodiments of the present invention are merely illustrative of or explaining the principles of the invention and are not to be construed as limiting the invention. Therefore, any modification, equivalent replacement, improvement and the like made without departing from the spirit and scope of the present invention should be included in the protection scope of the present invention. Further, it is intended that the appended claims cover all such variations and modifications as fall within the scope and boundaries of the appended claims or the equivalents of such scope and boundaries.
Claims (10)
1. A vulnerability detection method based on a random detection algorithm and information aggregation is characterized by comprising the following steps:
s1, establishing an information aggregation module, and acquiring, screening, organizing and integrating network data flow information in each module of the software to obtain an information collection consisting of java/C + + codes;
s2, performing decompiling by taking byte codes as the minimum unit in the information collection to obtain operation codes corresponding to the byte codes one by one;
s3, extracting the lightweight static features of the operation codes, and simultaneously, collecting, screening, organizing and integrating all extracted feature information again by the information aggregation module to establish a binary training set;
s4, extracting functions and corresponding feature vectors in the binary training set, and linking and matching the functions and the corresponding feature vectors with a random algorithm to obtain a vulnerability detection model;
s5, continuously acquiring new dynamic features and static features by the information aggregation module, and perfecting the vulnerability detection model;
s6, the vulnerability detection model carries out vulnerability detection on the binary program, the extracted function of the binary program to be detected and the corresponding characteristic vector are input into the vulnerability detection model, the vulnerability detection model is compared with the function of the binary program with known vulnerabilities and the corresponding characteristic vector, the similarity is analyzed, and abnormal points are judged;
s7, fitting the abnormal points of the binary program to be detected to T decision trees, and calculating the depth h of the leaf node of the sample on each decision treet(x) Therefore, the average height h (x) can be calculated to obtain the abnormal probability, and the calculation formula is as follows:
the expression of (c) (m) is:
xi is the Euler constant; s (x, m) is in the range of [0,1 ]]The closer the value is to 1, the greater the probability of being an outlier is;
and S8, sending the judgment result to the vulnerability processing module.
2. The vulnerability detection method based on random detection algorithm and information aggregation according to claim 1, characterized in that a radial basis function neural network and a recurrent neural network are adopted to perfect a vulnerability detection model.
3. The vulnerability detection method based on random detection algorithm and information aggregation according to claim 2, characterized in that the radial basis function neural network is provided with a first input layer, a hidden layer and a second output layer; the first input layer and the second output layer are positioned at the upper end and the lower end of the hidden layer; the weight between adjacent neurons starts at 1 and varies with the degree of training.
4. The vulnerability detection method based on the stochastic detection algorithm and the information aggregation as claimed in claim 2, characterized in that the recurrent neural network cuts the time series data in the training set to obtain a time series matrix, and then returns the time series matrix to the vulnerability detection model.
5. The vulnerability detection method based on random detection algorithm and information aggregation according to claim 1, characterized in that in S3, the information aggregation module removes operation codes whose content repetition rate is higher than the repetition threshold in the information collection, and counts the number of operation code samples.
6. The vulnerability detection method based on random detection algorithm and information aggregation according to claim 1, characterized in that in S3, the statistic results of the information aggregation module are purified by using a kini index.
7. The vulnerability detection method based on random detection algorithm and information aggregation according to claim 1, characterized in that the information aggregation module converts codes in the information collection into XML text.
8. The vulnerability detection method based on random detection algorithm and information aggregation according to claim 7, characterized in that each node of XML text is taken as the minimum unit during feature information collection, and grammar, semantics and function behaviors are taken as collection targets, and the feature information is divided into basic information features, binary operator features, code complexity features and path features.
9. The vulnerability detection method based on the random detection algorithm and the information aggregation according to claim 1, characterized in that a preprocessing module is arranged to preprocess the binary program to be detected and extract the code function and the corresponding feature vector.
10. The vulnerability detection method based on the random detection algorithm and the information aggregation as claimed in claim 1, wherein in S8, a simulation attack module is provided to simulate the attack of each detected vulnerability and verify the risk level of the vulnerability.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011254177.6A CN112257076B (en) | 2020-11-11 | 2020-11-11 | Vulnerability detection method based on random detection algorithm and information aggregation |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011254177.6A CN112257076B (en) | 2020-11-11 | 2020-11-11 | Vulnerability detection method based on random detection algorithm and information aggregation |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112257076A true CN112257076A (en) | 2021-01-22 |
CN112257076B CN112257076B (en) | 2023-12-15 |
Family
ID=74265229
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011254177.6A Active CN112257076B (en) | 2020-11-11 | 2020-11-11 | Vulnerability detection method based on random detection algorithm and information aggregation |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112257076B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115277067A (en) * | 2022-06-15 | 2022-11-01 | 广州理工学院 | Computer network information vulnerability detection method based on artificial fish swarm algorithm |
CN116933272A (en) * | 2023-08-03 | 2023-10-24 | 浙江十勇士网络科技有限公司 | Game vulnerability real-time analysis method, device and system |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8826439B1 (en) * | 2011-01-26 | 2014-09-02 | Symantec Corporation | Encoding machine code instructions for static feature based malware clustering |
CN104063309A (en) * | 2013-03-22 | 2014-09-24 | 南京理工大学常熟研究院有限公司 | Web application program bug detection method based on simulated strike |
CN110737899A (en) * | 2019-09-24 | 2020-01-31 | 暨南大学 | machine learning-based intelligent contract security vulnerability detection method |
CN110796485A (en) * | 2019-10-11 | 2020-02-14 | 上海上湖信息技术有限公司 | Method and device for improving prediction precision of prediction model |
CN111310191A (en) * | 2020-02-12 | 2020-06-19 | 广州大学 | Block chain intelligent contract vulnerability detection method based on deep learning |
CN111639344A (en) * | 2020-07-31 | 2020-09-08 | 中国人民解放军国防科技大学 | Vulnerability detection method and device based on neural network |
-
2020
- 2020-11-11 CN CN202011254177.6A patent/CN112257076B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8826439B1 (en) * | 2011-01-26 | 2014-09-02 | Symantec Corporation | Encoding machine code instructions for static feature based malware clustering |
CN104063309A (en) * | 2013-03-22 | 2014-09-24 | 南京理工大学常熟研究院有限公司 | Web application program bug detection method based on simulated strike |
CN110737899A (en) * | 2019-09-24 | 2020-01-31 | 暨南大学 | machine learning-based intelligent contract security vulnerability detection method |
CN110796485A (en) * | 2019-10-11 | 2020-02-14 | 上海上湖信息技术有限公司 | Method and device for improving prediction precision of prediction model |
CN111310191A (en) * | 2020-02-12 | 2020-06-19 | 广州大学 | Block chain intelligent contract vulnerability detection method based on deep learning |
CN111639344A (en) * | 2020-07-31 | 2020-09-08 | 中国人民解放军国防科技大学 | Vulnerability detection method and device based on neural network |
Non-Patent Citations (1)
Title |
---|
文伟平 等: ""一种基于随机探测算法和信息聚合的漏洞检测方法"", 《信息网络安全》 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115277067A (en) * | 2022-06-15 | 2022-11-01 | 广州理工学院 | Computer network information vulnerability detection method based on artificial fish swarm algorithm |
CN116933272A (en) * | 2023-08-03 | 2023-10-24 | 浙江十勇士网络科技有限公司 | Game vulnerability real-time analysis method, device and system |
CN116933272B (en) * | 2023-08-03 | 2024-04-12 | 浙江十勇士网络科技有限公司 | Game vulnerability real-time analysis method, device and system |
Also Published As
Publication number | Publication date |
---|---|
CN112257076B (en) | 2023-12-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106131071B (en) | A kind of Web method for detecting abnormality and device | |
CN109190372B (en) | JavaScript malicious code detection method based on bytecode | |
CN110245496A (en) | A kind of source code leak detection method and detector and its training method and system | |
CN109462575B (en) | Webshell detection method and device | |
CN111798312A (en) | Financial transaction system abnormity identification method based on isolated forest algorithm | |
CN107169355B (en) | Worm homology analysis method and device | |
US10187412B2 (en) | Robust representation of network traffic for detecting malware variations | |
CN109005145A (en) | A kind of malice URL detection system and its method extracted based on automated characterization | |
CN106357618A (en) | Web abnormality detection method and device | |
CN109194677A (en) | A kind of SQL injection attack detection, device and equipment | |
CN107360152A (en) | A kind of Web based on semantic analysis threatens sensory perceptual system | |
CN108268777A (en) | A kind of similarity detection method that unknown loophole discovery is carried out using patch information | |
CN112307473A (en) | Malicious JavaScript code detection model based on Bi-LSTM network and attention mechanism | |
Zhu et al. | Android malware detection based on multi-head squeeze-and-excitation residual network | |
CN110392013A (en) | A kind of Malware recognition methods, system and electronic equipment based on net flow assorted | |
CN108446559A (en) | A kind of recognition methods of APT tissue and device | |
CN112257076A (en) | Vulnerability detection method based on random detection algorithm and information aggregation | |
CN103455597B (en) | Distributed information towards magnanimity web graph picture hides detection method | |
CN109088903A (en) | A kind of exception flow of network detection method based on streaming | |
CN112685738B (en) | Malicious confusion script static detection method based on multi-stage voting mechanism | |
CN113297580B (en) | Code semantic analysis-based electric power information system safety protection method and device | |
CN109697361A (en) | A kind of wooden horse classification method based on Trojan characteristics | |
CN111431883B (en) | Web attack detection method and device based on access parameters | |
CN1223941C (en) | Hierarchial invasion detection system based on related characteristic cluster | |
CN107832611B (en) | Zombie program detection and classification method combining dynamic and static characteristics |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20220914 Address after: 361000 units 1702 and 1703, No. 59, Chengyi North Street, phase III, software park, Xiamen, Fujian Applicant after: XIAMEN USEEAR INFORMATION TECHNOLOGY Co.,Ltd. Address before: Unit 1701, 59 Chengyi North Street, phase III, software park, Xiamen City, Fujian Province, 361000 Applicant before: FUJIAN QIDIAN SPACE-TIME DIGITAL TECHNOLOGY Co.,Ltd. |
|
GR01 | Patent grant | ||
GR01 | Patent grant |