CN115906048A - Equipment identification method and system based on terminal information - Google Patents
Equipment identification method and system based on terminal information Download PDFInfo
- Publication number
- CN115906048A CN115906048A CN202211560270.9A CN202211560270A CN115906048A CN 115906048 A CN115906048 A CN 115906048A CN 202211560270 A CN202211560270 A CN 202211560270A CN 115906048 A CN115906048 A CN 115906048A
- Authority
- CN
- China
- Prior art keywords
- information
- equipment
- terminal information
- terminal
- identifying
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The invention provides a device identification method and system based on terminal information, and relates to the technical field of terminal identification. The method comprises the following steps: acquiring terminal information of equipment; matching static information of the equipment from the terminal information based on a preset static rule; extracting dynamic information of the equipment from the terminal information through a preset dynamic learning rule; and expanding the static information and the dynamic information to obtain incremental information of the equipment, and identifying the equipment from the incremental information through a pre-trained equipment identification model. The static information of the equipment is matched from the acquired terminal information through the preset static rule, the dynamic information of the equipment is extracted from the terminal information through the dynamic learning rule comprising the machine learning algorithm, then the static information and the dynamic information are expanded to obtain high-quality equipment increment information, and the corresponding equipment is identified through association analysis of the pre-trained equipment identification model, so that the accuracy of the identification of the terminal equipment is improved.
Description
Technical Field
The invention belongs to the technical field of terminal identification, and particularly relates to a device identification method and system based on terminal information.
Background
With the wide use of the internet of things technology, more and more internet of things terminal devices are continuously added into the network, so that data interaction between various terminal devices and a cloud service system is not limited by geographical positions or time any more, and the problem of fuzzy security boundary is brought. However, most of the existing terminal equipment identification is based on simple equipment MAC information, IMEI information, and the like, and even if there is identification based on HTTP message, the situation that the browser does not report the terminal type occurs, so the current terminal equipment identification scheme generally has the problem of low identification accuracy.
Disclosure of Invention
The invention aims to provide a terminal information-based equipment identification method and a terminal information-based equipment identification system, which match static information of equipment from acquired terminal information through a preset static rule, extract dynamic information of the equipment from the terminal information through a dynamic learning rule comprising a machine learning algorithm, expand the static information and the dynamic information to obtain high-quality equipment incremental information, perform association analysis through a pre-trained equipment identification model, identify equipment corresponding to the acquired terminal information, and improve the accuracy of terminal equipment identification.
The technical scheme of the invention is realized as follows:
in a first aspect, the present invention provides a device identification method based on terminal information, including the following steps:
acquiring terminal information of equipment;
matching static information of the equipment from the terminal information based on a preset static rule;
extracting dynamic information of the equipment from the terminal information through a preset dynamic learning rule;
and expanding the static information and the dynamic information to obtain incremental information of the equipment, and identifying the equipment from the incremental information through a pre-trained equipment identification model.
Further, the step of matching the static information of the device from the terminal information based on the preset static rule specifically includes:
and matching the identity authentication information and the running state information of the equipment from the terminal information through a regular expression.
Further, the step of extracting the dynamic information of the device from the terminal information through a preset dynamic learning rule specifically includes:
identifying the type information of the equipment from the terminal information through an improved naive Bayes algorithm;
and identifying the behavior information of the equipment from the terminal information by using a KNN algorithm.
Further, the step of identifying the type information of the device from the terminal information through the improved naive bayes algorithm specifically comprises:
extracting network event information of the equipment from the terminal information;
establishing a naive Bayes model based on the network event information of the equipment, and regulating and controlling the naive Bayes model by a preset control factor;
and judging the classification information of the equipment according to the model regulation and control result.
Further, the identifying the behavior information of the device from the terminal information by using the KNN algorithm includes:
constructing a KNN model and training by using a KDD CUP99 data set to obtain a trained KNN model;
and identifying the behavior information of the equipment from the terminal information through the trained KNN model.
Further, the step of expanding the static information and the dynamic information to obtain incremental information of the device, and identifying the device from the incremental information through a pre-trained device identification model specifically includes:
expanding the static information and the dynamic information through a self-province variational self-encoder to obtain incremental information of the equipment;
constructing an equipment identification model based on a random forest algorithm and pre-training the equipment identification model to obtain a pre-trained equipment identification model;
and performing correlation analysis on the incremental information through the pre-trained equipment identification model to identify equipment.
In a second aspect, the present invention provides a device identification system based on terminal information, which includes:
the acquisition module is used for acquiring terminal information of the equipment;
the matching module is used for matching the static information of the equipment from the terminal information based on a preset static rule;
the extraction module is used for extracting the dynamic information of the equipment from the terminal information through a preset dynamic learning rule;
and the expansion and identification module is used for expanding the static information and the dynamic information to obtain incremental information of the equipment, and identifying the equipment from the incremental information through a pre-trained equipment identification model.
Further, the extraction module specifically includes:
the first identification submodule is used for identifying the type information of the equipment from the terminal information through an improved naive Bayesian algorithm;
and the second identification submodule is used for identifying the behavior information of the equipment from the terminal information by using a KNN algorithm.
In a third aspect, the present invention provides an electronic device comprising a memory for storing one or more programs; a processor for carrying out the method according to any one of the above first aspects when said one or more programs are executed by said processor.
In a fourth aspect, the invention provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, performs the method as described above in any of the first aspects.
Compared with the prior art, the invention at least has the following advantages or beneficial effects:
the invention provides a terminal information-based equipment identification method, which comprises the steps of matching static information of equipment from obtained terminal information through a preset static rule, extracting dynamic information of the equipment from the terminal information through a dynamic learning rule comprising a machine learning algorithm, then combining and expanding the static information and the dynamic information to obtain high-quality equipment increment information, carrying out association analysis through a pre-trained equipment identification model, identifying the equipment corresponding to the obtained terminal information, and improving the identification accuracy of the terminal equipment.
Drawings
In order to more clearly illustrate the technical solution of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to these drawings without inventive effort.
Fig. 1 is a flowchart of a device identification method based on terminal information according to the present invention;
FIG. 2 is a detailed flowchart of the step of extracting the dynamic information of the device from the terminal information according to the preset dynamic learning rule according to the present invention;
FIG. 3 is a detailed flowchart of the steps of the present invention for identifying device type information from the terminal information through a modified naive Bayesian algorithm;
FIG. 4 is a detailed flowchart of the steps of identifying behavior information of a device from the terminal information using the KNN algorithm according to the present invention;
FIG. 5 is a flowchart illustrating steps of expanding the static information and the dynamic information to obtain incremental information of a device and identifying the device from the incremental information through a pre-trained device identification model according to the present invention;
fig. 6 is a block diagram of a device identification system based on terminal information according to the present invention;
fig. 7 is a block diagram of an electronic device according to the present invention.
An icon: 1. an acquisition module; 2. a matching module; 3. an extraction module; 4. an expansion and identification module; 5. a processor; 6. a memory; 7. a data bus.
Detailed Description
To make the objects, technical solutions and advantages of the present invention clearer, the technical solutions of the present invention will be described clearly and completely with reference to the accompanying drawings in the present invention, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Example 1
Referring to fig. 1 to 5, the present invention provides a terminal information-based device identification method, which matches static information of a device from acquired terminal information through a preset static rule, extracts dynamic information of the device from the terminal information through a dynamic learning rule including a machine learning algorithm, then expands the static information and the dynamic information to obtain high-quality device incremental information, performs association analysis through a pre-trained device identification model, identifies a device corresponding to the acquired terminal information, and improves accuracy of terminal device identification.
The equipment identification method based on the terminal information comprises the following steps:
step S101: and acquiring terminal information of the equipment.
In the above steps, the terminal probe (such as an application probe) may be set in the terminal device to obtain the terminal information of the device body, and the traffic mirror gateway may further intercept the network traffic of the terminal device to obtain the terminal information in the network message format, where the terminal information includes, but is not limited to, device identity information, state information, network event information, behavior information, and the like.
Step S102: and matching the static information of the equipment from the terminal information based on a preset static rule.
In the above step, the preset static rule may be a text rule expressed by a regular expression, and the text rule composed of the regular expression is used to match static information such as identity authentication information and operation state information of the device from the acquired terminal information (e.g., HTTP message), where the identity authentication information includes manufacturer information, certificate information, device serial number, network card serial number, and the like, and the operation state information includes device online/offline state, service information, process information, storage information, port information, and the like.
Step S103: and extracting the dynamic information of the equipment from the terminal information through a preset dynamic learning rule.
Accordingly, as shown in fig. 2, the above step S103: the step of extracting the dynamic information of the device from the terminal information through a preset dynamic learning rule specifically includes:
step S1031: identifying the type information of the equipment from the terminal information through an improved naive Bayesian algorithm;
referring to fig. 3, in step S1031: the step of identifying the type information of the device from the terminal information through an improved naive Bayesian algorithm specifically comprises the steps of:
step S10311: extracting network event information of the equipment from the terminal information;
step S10312: establishing a naive Bayes model based on the network event information of the equipment, and regulating and controlling the naive Bayes model through a preset control factor;
step S10313: and judging the classification information of the equipment according to the model regulation and control result.
In the above steps, the network event may include an access event, an attack event, and the like of the terminal device, and may be roughly divided into a normal event and an abnormal event, and in order to correctly classify the event, the network event information of the terminal device needs to be distinguished through a naive bayesian model, so as to identify the type of the device.
Specifically, an attribute value-added algorithm can be introduced on the basis of an original primitive Bayesian model, the network event Ai to be classified is classified into a normal event Cn or an abnormal event Cj, if a full set Uc = { Cn, cj, | E (P (Cn) + P (Cj)) =1}, posterior probabilities P (Cn | Ai) and P (Cj | Ai) are respectively calculated according to naive Bayes, and fuzzy judgment P (Cj | Ai) > P (Cn | Ai) is carried out according to the calculated maximum posterior probability;
and finally, optimizing, namely introducing an attribute addition method, namely regulating and controlling the naive Bayes model by a preset control factor q, so as to further control the classification precision by the control factor q, wherein the method specifically comprises the following steps:
introducing a control factor q according to the P (Cj | Ai)/P (Cn | Ai) >1 to obtain ln (P (Cj | Ai)/P (Cn | Ai)) > q, and finally calculating the value of q to correspondingly improve the discriminant: p (Cj | Ai)/P (Cn | Ai) > e ^ q = > P (Cj | Ai)/(1-P (Cj | Ai) > e ^0= > P (Cj | Ai) > e ^0/1+ ^ 1 ^ P
e0;
According to the derivation formula, the formula f { UMax [ e ^ 0/(1 + e ^ 0) ] - > g } can be deduced through the mapping relation function, and a judgment value g is calculated; then, according to the clip approximation theorem, given a limit limP (Cj | Ai) = g, according to an arbitrary positive number o, | P (Cj | Ai) -o | < g, that is, o-g < = P (Cj | Ai) <= o + g holds, o-g >0 and o + g <1, when the number of labels N of the normal event is greater than the number of samples N of the normal event; and finally, calculating a limit function f (Xp) according to the probability Xp of the sample X event to estimate the most suitable g value, and more accurately judging a certain type of the network event Ai, namely a normal event Cn or an abnormal event Cj, according to the judgment value g, so as to correspondingly judge the classification information of the terminal equipment, namely normal equipment or abnormal (such as attacking) equipment.
Step S1032: and identifying the behavior information of the equipment from the terminal information by using a KNN algorithm.
As shown in fig. 4, the above step S1032: the step of identifying the behavior information of the device from the terminal information by using the KNN algorithm specifically includes:
step S10321: constructing a KNN model and training by using a KDD CUP99 data set to obtain a trained KNN model;
step S10322: and identifying the behavior information of the equipment from the terminal information through the trained KNN model.
In the above steps, a KNN model can be constructed through a model interface provided by a sklern model library, and then the KNN model is trained by using a KDD CUP99 data set, which can be used to simulate behavior information of network connection, such as normal access behavior information, abnormal intrusion behavior information, and the like; firstly, preprocessing a data set, then dividing the data set into training data with marks and test data without marks, wherein the test data and the training data have different probability distributions, and the test data comprise network attack types which do not appear in the training data, so that the network intrusion detection is more practical.
The classification of the terminal information can be realized by performing feature selection, feature weighting, euclidean distance calculation and sequencing on the terminal information through a KNN model obtained after training a KDD CUP99 data set, so that the network behavior information of the terminal equipment is identified, wherein the network behavior information comprises normal behavior information (such as access) and abnormal behavior information, such as Dos denial of service attack, illegal access of R2L from a remote machine, probing monitoring and detection activities and the like, for example, for the network access event information of the terminal equipment, a URL (Uniform resource locator), an access port, access time and a position accessed by the terminal equipment can be selected as feature information, and the behavior of the terminal equipment can be accurately identified after the classification is performed through the trained KNN model.
Step S104: and expanding the static information and the dynamic information to obtain incremental information of the equipment, and identifying the equipment from the incremental information through a pre-trained equipment identification model.
Accordingly, referring to fig. 5, the step S104: the step of expanding the static information and the dynamic information to obtain incremental information of the equipment, and identifying the equipment from the incremental information through a pre-trained equipment identification model specifically comprises the following steps:
step S1041: expanding the static information and the dynamic information through a provincial variational self-encoder to obtain incremental information of the equipment;
step S1042: constructing an equipment identification model based on a random forest algorithm and pre-training the equipment identification model to obtain a pre-trained equipment identification model;
step S1043: and performing correlation analysis on the incremental information through the pre-trained equipment identification model to identify equipment.
In the above steps, the introspection variational self-encoder (IntroVAE) introduces the antagonistic learning (GAN) into the variational self-encoder VAE based on the generative model variational self-encoder VAE, realizing a introspection learning model, which can judge the quality of the generation sample and make corresponding changes to improve the performance. In the embodiment of the invention, the obtained static information and dynamic information are expanded by the provincial variational self-encoder, so that the increment information of the terminal equipment, which is high in quality and connects the static information and the dynamic information, can be obtained, and then the association analysis of the dynamic information and the static information is carried out on the obtained increment information by combining a random forest algorithm, so that the accurate classification of the terminal equipment is realized.
Specifically, the steps of constructing an equipment recognition model based on a random forest algorithm and pre-training are as follows: randomly putting back samples from the data set to take m training samples and generate m training sets; respectively constructing and training m decision tree models for the m training sets through a tree structure; for a single decision tree model, selecting n training sample characteristics in a training set, and selecting the best characteristic according to information gain/information gain ratio/kini coefficient when a decision tree is generated in each training iteration; and combining the generated decision trees into a pre-trained equipment recognition model. And then, performing classification or regression association analysis on the incremental information by using a decision tree in the equipment identification model, and identifying the terminal equipment according to a classification result or a regression result, for example, voting the processing results of a plurality of decision trees to determine a final classification result, or averaging the processing results of the plurality of decision trees to determine the type of the terminal equipment, thereby accurately identifying the terminal equipment.
It should be noted that technical contents that are not specifically described in the embodiments of the present invention may be implemented by the existing related technologies, which belong to the prior art, and are not described in detail in the embodiments of the present invention.
Example 2
Accordingly, referring to fig. 6, the present invention provides a device identification system based on terminal information, which includes:
the acquisition module 1 is used for acquiring terminal information of equipment; the matching module 2 is used for matching the static information of the equipment from the terminal information based on a preset static rule; the extraction module 3 is used for extracting the dynamic information of the equipment from the terminal information through a preset dynamic learning rule; and the expansion and identification module 4 is used for expanding the static information and the dynamic information to obtain incremental information of the equipment, and identifying the equipment from the incremental information through a pre-trained equipment identification model.
Wherein, the extraction module specifically comprises: the first identification submodule is used for identifying the type information of the equipment from the terminal information through an improved naive Bayesian algorithm; and the second identification submodule is used for identifying the behavior information of the equipment from the terminal information by using a KNN algorithm.
For a detailed implementation process of the system, please refer to the method for identifying a device based on terminal information provided in embodiment 1, which is not described herein again.
Example 3
Referring to fig. 7, the present invention provides an electronic device, which includes at least one processor 5, at least one memory 6 and a data bus 7; wherein: the processor 5 and the memory 6 are communicated with each other through a data bus 7; the memory 6 stores program instructions executable by the processor 5, and the processor 5 calls the program instructions to perform a device identification method based on the terminal information.
For example, the following steps are realized:
acquiring terminal information of equipment; matching static information of the equipment from the terminal information based on a preset static rule; extracting dynamic information of the equipment from the terminal information through a preset dynamic learning rule; and expanding the static information and the dynamic information to obtain incremental information of the equipment, and identifying the equipment from the incremental information through a pre-trained equipment identification model.
The Memory 6 may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Read-Only Memory (EPROM), an electrically Erasable Read-Only Memory (EEPROM), and the like.
The processor 5 may be an integrated circuit chip having signal processing capabilities. The Processor 5 may be a general-purpose Processor including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), application Specific Integrated Circuits (ASICs), field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components.
It will be appreciated that the configuration shown in fig. 7 is merely illustrative and that the electronic device may include more or fewer components than shown in fig. 7 or have a different configuration than shown in fig. 7. The components shown in fig. 7 may be implemented in hardware, software, or a combination thereof.
Example 4
The present invention provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor 5, implements a method for device identification based on terminal information. For example, the following steps are realized:
acquiring terminal information of equipment; matching static information of the equipment from the terminal information based on a preset static rule; extracting dynamic information of the equipment from the terminal information through a preset dynamic learning rule; and expanding the static information and the dynamic information to obtain incremental information of the equipment, and identifying the equipment from the incremental information through a pre-trained equipment identification model.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, the functional modules in the embodiments of the present invention may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Claims (10)
1. A device identification method based on terminal information is characterized by comprising the following steps:
acquiring terminal information of equipment;
matching static information of the equipment from the terminal information based on a preset static rule;
extracting dynamic information of the equipment from the terminal information through a preset dynamic learning rule;
and expanding the static information and the dynamic information to obtain incremental information of the equipment, and identifying the equipment from the incremental information through a pre-trained equipment identification model.
2. The method for identifying a device based on terminal information according to claim 1, wherein the step of matching the static information of the device from the terminal information based on the preset static rule specifically includes:
and matching the identity authentication information and the running state information of the equipment from the terminal information through a regular expression.
3. The method as claimed in claim 1, wherein the step of extracting the dynamic information of the device from the terminal information according to the preset dynamic learning rule specifically comprises:
identifying the type information of the equipment from the terminal information through an improved naive Bayes algorithm;
and identifying the behavior information of the equipment from the terminal information by using a KNN algorithm.
4. The method as claimed in claim 3, wherein the step of identifying the type information of the device from the terminal information through the modified naive bayes algorithm specifically comprises:
extracting network event information of the equipment from the terminal information;
establishing a naive Bayes model based on the network event information of the equipment, and regulating and controlling the naive Bayes model by a preset control factor;
and judging the classification information of the equipment according to the model regulation and control result.
5. The method for device identification based on terminal information according to claim 3, wherein the step of identifying the behavior information of the device from the terminal information using the KNN algorithm specifically comprises:
constructing a KNN model and training by using a KDD CUP99 data set to obtain a trained KNN model;
and identifying the behavior information of the equipment from the terminal information through the trained KNN model.
6. The method for identifying a device based on terminal information according to claim 1, wherein the step of expanding the static information and the dynamic information to obtain incremental information of the device, and identifying the device from the incremental information through a pre-trained device identification model specifically includes:
expanding the static information and the dynamic information through a provincial variational self-encoder to obtain incremental information of the equipment;
constructing an equipment identification model based on a random forest algorithm and pre-training the equipment identification model to obtain a pre-trained equipment identification model;
and performing correlation analysis on the incremental information through the pre-trained equipment identification model to identify equipment.
7. A device identification system based on terminal information, comprising:
the acquisition module is used for acquiring terminal information of the equipment;
the matching module is used for matching the static information of the equipment from the terminal information based on a preset static rule;
the extraction module is used for extracting the dynamic information of the equipment from the terminal information through a preset dynamic learning rule;
and the expansion and identification module is used for expanding the static information and the dynamic information to obtain incremental information of the equipment, and identifying the equipment from the incremental information through a pre-trained equipment identification model.
8. The system for identifying equipment based on terminal information according to claim 7, wherein the extracting module specifically includes:
the first identification submodule is used for identifying the type information of the equipment from the terminal information through an improved naive Bayesian algorithm;
and the second identification submodule is used for identifying the behavior information of the equipment from the terminal information by using a KNN algorithm.
9. An electronic device comprising at least one processor, at least one memory, and a data bus; wherein: the processor and the memory complete mutual communication through the data bus; the memory stores program instructions for execution by the processor, the processor calling the program instructions to perform the method of any of claims 1-6.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211560270.9A CN115906048A (en) | 2022-12-07 | 2022-12-07 | Equipment identification method and system based on terminal information |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211560270.9A CN115906048A (en) | 2022-12-07 | 2022-12-07 | Equipment identification method and system based on terminal information |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115906048A true CN115906048A (en) | 2023-04-04 |
Family
ID=86481196
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211560270.9A Pending CN115906048A (en) | 2022-12-07 | 2022-12-07 | Equipment identification method and system based on terminal information |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115906048A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117278423A (en) * | 2023-11-07 | 2023-12-22 | 国家工业信息安全发展研究中心 | Model construction method, test platform, computer device and storage medium |
-
2022
- 2022-12-07 CN CN202211560270.9A patent/CN115906048A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117278423A (en) * | 2023-11-07 | 2023-12-22 | 国家工业信息安全发展研究中心 | Model construction method, test platform, computer device and storage medium |
| CN117278423B (en) * | 2023-11-07 | 2024-06-21 | 国家工业信息安全发展研究中心 | Model construction method, test platform, computer device and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111177714B (en) | Abnormal behavior detection method and device, computer equipment and storage medium | |
| CN110071829B (en) | DNS tunnel detection method and device and computer readable storage medium | |
| CN111259952B (en) | Abnormal user identification method, device, computer equipment and storage medium | |
| CN114553523A (en) | Attack detection method and device based on attack detection model, medium and equipment | |
| CN112765324B (en) | Concept drift detection method and device | |
| CN115906048A (en) | Equipment identification method and system based on terminal information | |
| CN111064719B (en) | Method and device for detecting abnormal downloading behavior of file | |
| CN116389023A (en) | Resource access authority control method and system | |
| CN115618415A (en) | Sensitive data identification method and device, electronic equipment and storage medium | |
| CN111783812A (en) | Method and device for identifying forbidden images and computer readable storage medium | |
| CN113949525A (en) | Method and device for detecting abnormal access behavior, storage medium and electronic equipment | |
| CN111371581A (en) | Method, device, equipment and medium for detecting business abnormity of Internet of things card | |
| CN116821777A (en) | Novel basic mapping data integration method and system | |
| CN115514620B (en) | Anomaly detection method and cloud network platform | |
| CN111813593A (en) | Data processing method, equipment, server and storage medium | |
| CN111488950A (en) | Classification model information output method and device | |
| CN116112209A (en) | Vulnerability attack flow detection method and device | |
| CN113535449B (en) | Abnormal event restoration processing method and device, computer equipment and storage medium | |
| CN115643044A (en) | Data processing method, device, server and storage medium | |
| CN114021118A (en) | Multi-element behavior detection method, system and medium based on super-fusion server system | |
| CN111209567B (en) | Method and device for judging perceptibility of improving robustness of detection model | |
| CN112966988A (en) | XGboost model-based data evaluation method, device, equipment and storage medium | |
| CN109977992B (en) | Electronic device, method for identifying batch registration behaviors and storage medium | |
| CN116841913B (en) | Test case generation method and device, electronic equipment and storage medium | |
| LU501931B1 (en) | Data exception analysis method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |