CN115398861A - 异常文件检测方法及相关产品 - Google Patents

异常文件检测方法及相关产品 Download PDF

Info

Publication number
CN115398861A
CN115398861A CN202080099571.9A CN202080099571A CN115398861A CN 115398861 A CN115398861 A CN 115398861A CN 202080099571 A CN202080099571 A CN 202080099571A CN 115398861 A CN115398861 A CN 115398861A
Authority
CN
China
Prior art keywords
target
file
access
extracting
graph
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202080099571.9A
Other languages
English (en)
Other versions
CN115398861B (zh
Inventor
蔡杰
沈璐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Oppo Mobile Telecommunications Corp Ltd
Shenzhen Huantai Technology Co Ltd
Original Assignee
Guangdong Oppo Mobile Telecommunications Corp Ltd
Shenzhen Huantai Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Oppo Mobile Telecommunications Corp Ltd, Shenzhen Huantai Technology Co Ltd filed Critical Guangdong Oppo Mobile Telecommunications Corp Ltd
Publication of CN115398861A publication Critical patent/CN115398861A/zh
Application granted granted Critical
Publication of CN115398861B publication Critical patent/CN115398861B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

本申请实施例公开了一种异常文件检测方法及相关产品,该方法包括:获取预设范围内的所有主机的进出流量数据,并从所述进出流量数据中提取出目标访问关系,所述目标访问关系为以下至少一种:文件与文件之间的访问关系和文件与IP地址之间的访问关系;依据所述目标访问关系确定访问关系图;依据所述访问关系图提取出目标可疑文件;对所述目标可疑文件进行检测,得到检测结果,并输出所述检测结果。采用本申请实施例,能够提升异常文件检测效率。

Description

PCT国内申请,说明书已公开。

Claims (20)

  1. PCT国内申请,权利要求书已公开。
CN202080099571.9A 2020-05-07 2020-05-07 异常文件检测方法及相关产品 Active CN115398861B (zh)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2020/089033 WO2021223177A1 (zh) 2020-05-07 2020-05-07 异常文件检测方法及相关产品

Publications (2)

Publication Number Publication Date
CN115398861A true CN115398861A (zh) 2022-11-25
CN115398861B CN115398861B (zh) 2023-06-27

Family

ID=78467766

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202080099571.9A Active CN115398861B (zh) 2020-05-07 2020-05-07 异常文件检测方法及相关产品

Country Status (2)

Country Link
CN (1) CN115398861B (zh)
WO (1) WO2021223177A1 (zh)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114363212B (zh) * 2021-12-27 2023-12-26 绿盟科技集团股份有限公司 一种设备检测方法、装置、设备和存储介质
CN114650187B (zh) * 2022-04-29 2024-02-23 深信服科技股份有限公司 一种异常访问检测方法、装置、电子设备及存储介质

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140215619A1 (en) * 2013-01-28 2014-07-31 Infosec Co., Ltd. Webshell detection and response system
CN107135199A (zh) * 2017-03-29 2017-09-05 国家电网公司 网页后门的检测方法和装置
CN107294982A (zh) * 2017-06-29 2017-10-24 深信服科技股份有限公司 网页后门检测方法、装置及计算机可读存储介质
US10237294B1 (en) * 2017-01-30 2019-03-19 Splunk Inc. Fingerprinting entities based on activity in an information technology environment
CN109831429A (zh) * 2019-01-30 2019-05-31 新华三信息安全技术有限公司 一种Webshell检测方法及装置
CN110162973A (zh) * 2019-05-24 2019-08-23 新华三信息安全技术有限公司 一种Webshell文件检测方法及装置
CN110807194A (zh) * 2019-10-17 2020-02-18 新华三信息安全技术有限公司 一种webshell检测方法及装置
CN110855661A (zh) * 2019-11-11 2020-02-28 杭州安恒信息技术股份有限公司 一种WebShell检测方法、装置、设备及介质

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108337218A (zh) * 2017-07-20 2018-07-27 北京安天网络安全技术有限公司 一种基于页面访问量特征识别webshell的方法及***

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140215619A1 (en) * 2013-01-28 2014-07-31 Infosec Co., Ltd. Webshell detection and response system
US10237294B1 (en) * 2017-01-30 2019-03-19 Splunk Inc. Fingerprinting entities based on activity in an information technology environment
CN107135199A (zh) * 2017-03-29 2017-09-05 国家电网公司 网页后门的检测方法和装置
CN107294982A (zh) * 2017-06-29 2017-10-24 深信服科技股份有限公司 网页后门检测方法、装置及计算机可读存储介质
CN109831429A (zh) * 2019-01-30 2019-05-31 新华三信息安全技术有限公司 一种Webshell检测方法及装置
CN110162973A (zh) * 2019-05-24 2019-08-23 新华三信息安全技术有限公司 一种Webshell文件检测方法及装置
CN110807194A (zh) * 2019-10-17 2020-02-18 新华三信息安全技术有限公司 一种webshell检测方法及装置
CN110855661A (zh) * 2019-11-11 2020-02-28 杭州安恒信息技术股份有限公司 一种WebShell检测方法、装置、设备及介质

Also Published As

Publication number Publication date
CN115398861B (zh) 2023-06-27
WO2021223177A1 (zh) 2021-11-11

Similar Documents

Publication Publication Date Title
CN111368290B (zh) 一种数据异常检测方法、装置及终端设备
US20160241589A1 (en) Method and apparatus for identifying malicious website
CN105867751B (zh) 操作信息处理方法和装置
CN109947650B (zh) 脚本步骤处理方法、装置和***
CN110995810B (zh) 一种基于人工智能的对象识别方法和相关装置
CN106874936B (zh) 图像传播监测方法及装置
US10394194B2 (en) Adaptive control methods for buildings with security
CN107171894A (zh) 终端设备、分布式云端检测***以及样本检测的方法
CA3076319C (en) Systems and methods for device recognition
CN115398861B (zh) 异常文件检测方法及相关产品
CN111125523A (zh) 搜索方法、装置、终端设备及存储介质
US10067484B2 (en) Adaptive control systems for buildings with redundant circuitry
US10496047B2 (en) Adaptive control systems methods for buildings with security
US20180120780A1 (en) Adaptive control methods for buildings with redundant circuitry
CN109450853B (zh) 恶意网站判定方法、装置、终端及服务器
CN112256748A (zh) 一种异常检测方法、装置、电子设备及存储介质
CN109657469B (zh) 一种脚本检测方法及装置
CN116307394A (zh) 产品用户体验评分方法、装置、介质及设备
CN107948460B (zh) 图像处理方法和装置、计算机设备、计算机可读存储介质
CN116959059A (zh) 一种活体检测的方法、装置以及存储介质
CN114840570A (zh) 数据处理方法、装置、电子设备及存储介质
CN110856173B (zh) 网络接入方法、装置及电子设备
US10481563B2 (en) Adaptive control methods for buildings with dual band slot antenna
CN113285940B (zh) 一种设备连接方法及装置
CN108287860A (zh) 模型生成方法、垃圾文件识别方法及装置

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant