[go: up one dir, main page]

CN109033815A - Webshell detection method based on matrix decomposition - Google Patents

Webshell detection method based on matrix decomposition Download PDF

Info

Publication number
CN109033815A
CN109033815A CN201810620475.9A CN201810620475A CN109033815A CN 109033815 A CN109033815 A CN 109033815A CN 201810620475 A CN201810620475 A CN 201810620475A CN 109033815 A CN109033815 A CN 109033815A
Authority
CN
China
Prior art keywords
webshell
detection method
text
matrix
feature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810620475.9A
Other languages
Chinese (zh)
Inventor
姚杨
姚一杨
王彦波
卢新岱
章姝俊
戴波
梅峰
叶伟静
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Zhejiang Electric Power Co Ltd
Information and Telecommunication Branch of State Grid Zhejiang Electric Power Co Ltd
Original Assignee
State Grid Zhejiang Electric Power Co Ltd
Information and Telecommunication Branch of State Grid Zhejiang Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Zhejiang Electric Power Co Ltd, Information and Telecommunication Branch of State Grid Zhejiang Electric Power Co Ltd filed Critical State Grid Zhejiang Electric Power Co Ltd
Priority to CN201810620475.9A priority Critical patent/CN109033815A/en
Publication of CN109033815A publication Critical patent/CN109033815A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2119Authenticating web pages, e.g. with suspicious links

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Technology Law (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明提供了基于矩阵分解的Webshell检测方法,属于信息安全领域,包括建立以三元组保存得分信息的计分矩阵;从待检测文本中选取预设数量的特征构建特征集合,基于特征集合中的特征获取对三元组中分数参数进行预测,根据预测结果判定待检测文本中存在WebShell的可能性。基于机器学习算法,能够快速、准确地了解WebShell页面的特点。该方法克服了传统特征匹配方法的缺点,提高了网络炮弹检测的准确性和召回率。通过对已知现有和非现有WebShell页面的分析和学习特性,该算法可以对未知页面进行预测,效率高,具有较高的精度和召回率。

The present invention provides a Webshell detection method based on matrix decomposition, which belongs to the field of information security, including establishing a scoring matrix that saves scoring information in triplets; selecting a preset number of features from the text to be detected to construct a feature set, based on the The feature acquisition predicts the score parameters in the triples, and judges the possibility of WebShell in the text to be detected according to the prediction results. Based on machine learning algorithms, it can quickly and accurately understand the characteristics of WebShell pages. This method overcomes the shortcomings of traditional feature matching methods and improves the accuracy and recall of network shell detection. By analyzing and learning characteristics of known existing and non-existing WebShell pages, the algorithm can predict unknown pages with high efficiency and high precision and recall.

Description

Webshell detection method based on matrix decomposition
Technical field
The invention belongs to information security fields, in particular to the Webshell detection method based on matrix decomposition.
Background technique
Nowadays computer network plays an important role in human society life, and server protection is used as computer network Core, be to guarantee the stable important component of computer network security.Around the attack and defence of server, WebShell is often used as the weapon for obtaining server permission by most of invaders.WebShell is a kind of order execution ring Border occurs usually in the form of webpage back door, such as asp, php, jsp or cgi page, can also be referred to as webpage back door.
Administrator is usually prevented or is detected WebShell, static detection method by static detection and dynamic monitoring method Network shell is detected using characteristic value and dangerous function.This method is easy to operate, can quickly detect the presence of WebShell. Hujian Kang etc. is extracted the different characteristic of target pages, and WebShell is classified and detected using decision tree;Ye Fei Etc. the structure and text feature for analyzing the page, using bag-of-words model extraction keyword, SVM method pair is then used WebShell is classified and is detected.But for some newest WebShell, leak detection rate will be relatively high.It is dynamic State monitoring can solve invader and encrypt the problem of WebShell is to avoid detection, but detect WebShell to a certain extent, But it is difficult to detect certain specific WebShell.In existing method, there is also following disadvantages:
1. usually above two kind of method is assisted to complete detection, but for the major company for possessing a large amount of hosts, it is non- Often consumption, efficiency are lower
2. there are many time that traditional detection method is spent, and precision and recall rate are all relatively low
3. currently existing scheme is difficult to find new portal management permission, accuracy rate is low.
Summary of the invention
In order to solve shortcoming and defect existing in the prior art, the present invention provides the Webshell based on matrix decomposition Detection method, for improving detection accuracy.
It is described the present invention provides the Webshell detection method based on matrix decomposition in order to reach above-mentioned technical purpose Detection method includes:
Establish the score matrix that score information is saved with triple;
The feature construction characteristic set that preset quantity is chosen from text to be detected, is obtained based on the feature in characteristic set Triple mid-score parameter is predicted, a possibility that there are WebShell in text to be detected is determined according to prediction result.
Optionally, the foundation saves the score matrix of score information with triple, comprising:
Define a mu×miThe score matrix R of size uses triple s=(u, i, a rui) represent a score and disappear Breath, all information are stored in data set S={ (u, i, rui)|ruiIt is unknown } in.
WithTo ruiPrediction, processing formula are as follows:
Wherein puIndicate the k denapon subvector of each column u, qiIndicate that the k of each row i maintains number vector
Optionally, the detection method further include:
To avoid parameter overfitting, the processing of the reduction as shown in formula two is carried out to parameter
Optionally, the feature construction characteristic set that preset quantity is chosen from text to be detected, is based on characteristic set In feature acquisition triple mid-score parameter is predicted, comprising:
It selects right quantity and influences characteristic set as big as possible, these Feature Conversions are the available shape of matrix decomposition model Formula: being grouped each text and other features and is combined the feature as u and i, obtain matrix it is corresponding column and The number of row vector;
It is calculated according to the feature combination formula three including text feature
Wherein μ represents the average value of all predictions of rating matrix, buAnd biText feature u and other are respectively represented The combination of feature i.
Optionally, described to include: according to there are a possibility that WebShell in prediction result judgement text to be detected
IfResult be greater than 0.5, file more likely has WebShell;On the contrary, if result less than 0.5, more It can not include WebShell.
Optionally, the detection method further includes trained process, and the trained process includes:
Prediction error is obtained according to formula four
Decline formula according to gradient and updates puAnd qi:
Wherein γ is the step-length of gradient descent algorithm, and λ is learning rate.
Optionally, the detection method further include:
Training process is optimized based on formula six,
Technical solution provided by the invention has the benefit that
Based on machine learning algorithm, the characteristics of capable of quickly and accurately understanding the WebShell page.The method overcome biographies The shortcomings that system feature matching method, improve the accuracy and recall rate of the detection of network shell.By to known existing and non-existing There are analysis and the learning characteristic of the WebShell page, which can predict the unknown page, it is high-efficient, it is with higher Precision and recall rate.
Detailed description of the invention
It, below will be to attached drawing needed in embodiment description in order to illustrate more clearly of technical solution of the present invention It is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, general for this field For logical technical staff, without creative efforts, it is also possible to obtain other drawings based on these drawings.
Fig. 1 is the flow diagram of the Webshell detection method provided by the invention based on matrix decomposition.
Specific embodiment
To keep structure and advantage of the invention clearer, structure of the invention is made further below in conjunction with attached drawing Description.
Embodiment one
The present invention provides the Webshell detection methods based on matrix decomposition, as shown in Figure 1, the detection method packet It includes:
11, the score matrix that score information is saved with triple is established;
12, the feature construction characteristic set that preset quantity is chosen from text to be detected, based on the feature in characteristic set Triple mid-score parameter is predicted in acquisition, determines the possibility in text to be detected there are WebShell according to prediction result Property.
In an implementation, the Webshell detection method of the invention based on matrix decomposition, step successively include: that (1) is built Vertical matrix decomposition model;(2) feature is measured;(3) it is trained using matrix decomposition model;(4) model prediction is utilized Webshell.
A kind of Webshell detection method based on matrix decomposition of the present embodiment is based on machine learning algorithm, can be fast Speed accurately understands the characteristics of WebShell page, passes through the analysis and to the known existing and non-existing WebShell page Characteristic is practised, the shortcomings that can predicting the unknown page, overcome traditional characteristic matching process, improves the detection of network shell Accuracy and recall rate.Flow or the service of only matching characteristic value in the prior art or detection generation are overcome, This is difficult to find the technical problems such as the webpage back door of new type.
Optionally, the foundation saves the score matrix of score information with triple, comprising:
Define a mu×miThe score matrix R of size uses triple s=(u, i, a rui) represent a score and disappear Breath, all information are stored in data set S={ (u, i, rui)|ruiIt is unknown } in.
WithTo ruiPrediction, processing formula are as follows:
Wherein puIndicate the k denapon subvector of each column u, qiIndicate that the k of each row i maintains number vector.
In an implementation, a m is definedu×miThe score matrix R of size uses triple s=(u, i, a rui) represent One score message, all information are stored in data set S={ (u, i, rui)|ruiIt is unknown } in.
To ruiIt is predicted: rui∈ [0,1] is the corresponding score of object u, if ruiCloser to 1, then respective column feature The corresponding row feature i of u more likely includes Webshell.WithTo ruiPrediction, processing formula are formula one.
Optionally, the detection method further include:
To avoid parameter overfitting, the processing of the reduction as shown in formula two is carried out to parameter
Optionally, the feature construction characteristic set that preset quantity is chosen from text to be detected, is based on characteristic set In feature acquisition triple mid-score parameter is predicted, comprising:
It selects right quantity and influences characteristic set as big as possible, these Feature Conversions are the available shape of matrix decomposition model Formula: being grouped each text and other features and is combined the feature as u and i, obtain matrix it is corresponding column and The number of row vector;
It is calculated according to the feature combination formula three including text feature
Wherein μ represents the average value of all predictions of rating matrix, buAnd biText feature u and other are respectively represented The combination of feature i.
In an implementation, the selection right quantity characteristic set as big as possible with influence.Feature is divided into text spy by this method It seeks peace other features, specific features are as shown in table 1.
It is the available form of matrix decomposition model by these Feature Conversions: each text and other features is grouped, Spcial character is divided into three groups: 0 to 10,10 to 50, and more than 50;The length of word is divided into three groups: 0 to 10,10 to 20, More than 20 and so on.After by six characteristics grouping in text feature, a combination is randomly choosed from each characteristic.Often A feature is segmented into three groups, we can be obtained by 36 features, i.e., 729 in total combinations.It combines other features one It rises.Each feature is divided into two groups, we can obtain 2 from other features8Feature, a total of 64 kinds of combinations;By number of combinations point Feature not as u and i obtains the number of the corresponding columns and rows vector of matrix are as follows: 729 × 64.
It is trained using matrix decomposition model;Specifically includes the following steps:
(1) text and other feature calculations are combined Calculation method it is as follows:
Wherein μ represents the average value of all predictions of rating matrix, buAnd biText feature u and other are respectively represented The combination of feature i, the average value of the probabilistic forecasting corresponding to WebShell.
(2) optimize training process: to reduce the loss function after training, training process being optimized.Handle formula such as Under:
Training process is as follows:
(2.1) result r is given in each of training setui, can be predicted by formula 3
(2.2) error is predicted:
(2.3) formula is declined according to gradient and updates puAnd qi:
pu←pu+γ·(∈uiqi-λ·pu) formula 5
qi←qi+γ·(∈uipu-λ·qi) formula 6
Wherein parameter γ is the step-length of gradient descent algorithm, is arranged to 0.1 in the present invention, and parameter lambda is learning rate, if It is set to 0.05.
Optionally, described to include: according to there are a possibility that WebShell in prediction result judgement text to be detected
IfResult be greater than 0.5, file more likely has WebShell;On the contrary, if result less than 0.5, more It can not include WebShell.
The present invention provides the Webshell detection methods based on matrix decomposition, including establish and save score letter with triple The score matrix of breath;The feature construction characteristic set that preset quantity is chosen from text to be detected, based on the spy in characteristic set Sign is obtained and is predicted triple mid-score parameter, according to prediction result determine in text to be detected there are WebShell can It can property.Based on machine learning algorithm, the characteristics of capable of quickly and accurately understanding the WebShell page.The method overcome tradition The shortcomings that feature matching method, improves the accuracy and recall rate of the detection of network shell.By to known existing and non-existing The analysis of the WebShell page and learning characteristic, which can predict the unknown page, high-efficient, essence with higher Degree and recall rate.
Each serial number in above-described embodiment is for illustration only, the assembling for not representing each component or the elder generation in use process Sequence afterwards.
The above description is only an embodiment of the present invention, is not intended to limit the invention, all in the spirit and principles in the present invention Within, any modification, equivalent replacement, improvement and so on should all be included in the protection scope of the present invention.

Claims (7)

1.基于矩阵分解的Webshell检测方法,其特征在于,所述检测方法包括:1. The Webshell detection method based on matrix decomposition, is characterized in that, described detection method comprises: 建立以三元组保存得分信息的计分矩阵;Create a scoring matrix that saves scoring information in triplets; 从待检测文本中选取预设数量的特征构建特征集合,基于特征集合中的特征获取对三元组中分数参数进行预测,根据预测结果判定待检测文本中存在WebShell的可能性。Select a preset number of features from the text to be detected to construct a feature set, predict the score parameters in the triples based on the features in the feature set, and determine the possibility of WebShell in the text to be detected based on the prediction results. 2.根据权利要求1所述的基于矩阵分解的Webshell检测方法,其特征在于,所述建立以三元组保存得分信息的计分矩阵,包括:2. the Webshell detection method based on matrix decomposition according to claim 1, is characterized in that, described establishment saves the scoring matrix of score information with triplet, comprises: 定义一个mu×mi大小的计分矩阵R,使用一个三元组s=(u,i,rui)代表一个得分消息,所有的信息都存储在数据集S={(u,i,rui)|rui未知}中;Define a scoring matrix R of size m u ×m i , use a triplet s=(u,i,r ui ) to represent a scoring message, and all information is stored in the data set S={(u,i, r ui )|r ui unknown}; 对rui预测,处理公式如下:use For r ui prediction, the processing formula is as follows: 其中pu表示各列u的k维因子向量,qi表示各行i的k维系数向量。Among them, p u represents the k-dimensional factor vector of each column u, and q i represents the k-dimensional coefficient vector of each row i. 3.根据权利要求1所述的基于矩阵分解的Webshell检测方法,其特征在于所述检测方法还包括:3. the Webshell detection method based on matrix decomposition according to claim 1, is characterized in that described detection method also comprises: 为避免参数过度拟合,对参数进行如公式二所示的减小处理In order to avoid parameter overfitting, the parameters are reduced as shown in formula 2 4.根据权利要求1所述的基于矩阵分解的Webshell检测方法,其特征在于,所述从待检测文本中选取预设数量的特征构建特征集合,基于特征集合中的特征获取对三元组中分数参数进行预测,包括:4. the Webshell detection method based on matrix decomposition according to claim 1, is characterized in that, described selects the feature construction feature set of preset quantity from the text to be detected, based on the feature acquisition in the feature set in the triplet Score parameters for prediction, including: 择适当数量和影响尽可能大的特征集合,这些特征转换为矩阵分解模型的可用形式:对每个文本和其他特征进行分组并进行组合作为u和i的特征,得到矩阵的相应的列和行向量的个数;Select the appropriate number and influence set of features as large as possible, these features are converted into a usable form of the matrix factorization model: each text and other features are grouped and combined as features of u and i, and the corresponding columns and rows of the matrix are obtained the number of vectors; 根据包括文本特征在内的特征结合公式三计算 Calculated according to feature combination formula 3 including text features 其中μ代表了评分矩阵的所有预测的平均值,bu和bi分别代表了文本特征u和其他特征i的组合。where μ represents the average of all predictions of the scoring matrix, and b u and b i represent the combination of text feature u and other features i, respectively. 5.根据权利要求4所述的基于矩阵分解的Webshell检测方法,其特征在于,所述根据预测结果判定待检测文本中存在WebShell的可能性包括:5. the method for detecting Webshell based on matrix decomposition according to claim 4, wherein the possibility of determining the presence of WebShell in the text to be detected according to the prediction result comprises: 如果的结果大于0.5,文件更有可能有WebShell;相反,如果结果小于0.5,则更不可能包含WebShell。if If the result is greater than 0.5, the file is more likely to have a WebShell; conversely, if the result is less than 0.5, it is less likely to contain a WebShell. 6.根据权利要求1至5任一项所述的基于矩阵分解的Webshell检测方法,其特征在于,所述检测方法还包括训练流程,所述训练流程包括:6. according to the Webshell detection method based on matrix decomposition according to any one of claims 1 to 5, it is characterized in that, described detection method also comprises training process, and described training process comprises: 根据公式四获取预测误差Obtain the prediction error according to formula 4 根据梯度下降公式更新pu和qi:Update p u and q i according to the gradient descent formula: 其中γ是梯度下降算法的步长,λ是学习速率。where γ is the step size of the gradient descent algorithm and λ is the learning rate. 7.根据权利要求6所述的基于矩阵分解的Webshell检测方法,其特征在于,所述检测方法还包括:7. the Webshell detection method based on matrix decomposition according to claim 6, is characterized in that, described detection method also comprises: 基于公式六对训练过程进行优化,Optimize the training process based on formula 6,
CN201810620475.9A 2018-06-15 2018-06-15 Webshell detection method based on matrix decomposition Pending CN109033815A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810620475.9A CN109033815A (en) 2018-06-15 2018-06-15 Webshell detection method based on matrix decomposition

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810620475.9A CN109033815A (en) 2018-06-15 2018-06-15 Webshell detection method based on matrix decomposition

Publications (1)

Publication Number Publication Date
CN109033815A true CN109033815A (en) 2018-12-18

Family

ID=64609829

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810620475.9A Pending CN109033815A (en) 2018-06-15 2018-06-15 Webshell detection method based on matrix decomposition

Country Status (1)

Country Link
CN (1) CN109033815A (en)

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101794351A (en) * 2010-03-09 2010-08-04 哈尔滨工业大学 Protein secondary structure engineering prediction method based on large margin nearest central point
US7849509B2 (en) * 2005-10-07 2010-12-07 Microsoft Corporation Detection of security vulnerabilities in computer programs
CN102117325A (en) * 2011-02-24 2011-07-06 清华大学 Method for predicting dynamic social network user behaviors
CN102254540A (en) * 2010-05-21 2011-11-23 精工爱普生株式会社 Processing color sub-pixels
CN102647421A (en) * 2012-04-09 2012-08-22 北京百度网讯科技有限公司 Web backdoor detection method and device based on behavioral characteristics
CN104184728A (en) * 2014-08-14 2014-12-03 电子科技大学 Safety detection method and device for Web application system
CN105260390A (en) * 2015-09-11 2016-01-20 合肥工业大学 Group-oriented project recommendation method based on joint probability matrix decomposition
CN106202377A (en) * 2016-07-08 2016-12-07 北京大学 A kind of online collaborative sort method based on stochastic gradient descent
CN106845462A (en) * 2017-03-20 2017-06-13 大连理工大学 A Face Recognition Method Based on Simultaneous Selection of Features and Clustering Induced by Triplets
CN106961419A (en) * 2017-02-13 2017-07-18 深信服科技股份有限公司 WebShell detection methods, apparatus and system
CN107294982A (en) * 2017-06-29 2017-10-24 深信服科技股份有限公司 Webpage back door detection method, device and computer-readable recording medium
CN107451476A (en) * 2017-07-21 2017-12-08 上海携程商务有限公司 Webpage back door detection method, system, equipment and storage medium based on cloud platform
WO2017215532A1 (en) * 2016-06-12 2017-12-21 北京集创北方科技股份有限公司 Biological characteristic recognition device and method and biological characteristic template registration method

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7849509B2 (en) * 2005-10-07 2010-12-07 Microsoft Corporation Detection of security vulnerabilities in computer programs
CN101794351A (en) * 2010-03-09 2010-08-04 哈尔滨工业大学 Protein secondary structure engineering prediction method based on large margin nearest central point
CN102254540A (en) * 2010-05-21 2011-11-23 精工爱普生株式会社 Processing color sub-pixels
CN102117325A (en) * 2011-02-24 2011-07-06 清华大学 Method for predicting dynamic social network user behaviors
CN102647421A (en) * 2012-04-09 2012-08-22 北京百度网讯科技有限公司 Web backdoor detection method and device based on behavioral characteristics
CN104184728A (en) * 2014-08-14 2014-12-03 电子科技大学 Safety detection method and device for Web application system
CN105260390A (en) * 2015-09-11 2016-01-20 合肥工业大学 Group-oriented project recommendation method based on joint probability matrix decomposition
WO2017215532A1 (en) * 2016-06-12 2017-12-21 北京集创北方科技股份有限公司 Biological characteristic recognition device and method and biological characteristic template registration method
CN106202377A (en) * 2016-07-08 2016-12-07 北京大学 A kind of online collaborative sort method based on stochastic gradient descent
CN106961419A (en) * 2017-02-13 2017-07-18 深信服科技股份有限公司 WebShell detection methods, apparatus and system
CN106845462A (en) * 2017-03-20 2017-06-13 大连理工大学 A Face Recognition Method Based on Simultaneous Selection of Features and Clustering Induced by Triplets
CN107294982A (en) * 2017-06-29 2017-10-24 深信服科技股份有限公司 Webpage back door detection method, device and computer-readable recording medium
CN107451476A (en) * 2017-07-21 2017-12-08 上海携程商务有限公司 Webpage back door detection method, system, equipment and storage medium based on cloud platform

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
戴世超: "基于图计算模型的矩阵分解并行化研究", 《信息科技辑》 *

Similar Documents

Publication Publication Date Title
Hu et al. A distributed framework for large-scale protein-protein interaction data analysis and prediction using mapreduce
CN111614491B (en) Power monitoring system oriented safety situation assessment index selection method and system
CN110855648B (en) Early warning control method and device for network attack
Mao et al. A comprehensive algorithm for evaluating node influences in social networks based on preference analysis and random walk
CN112565301B (en) An abnormal data detection method for server running network traffic based on small sample learning
CN114124460A (en) Industrial control system intrusion detection method, device, computer equipment and storage medium
CN110138762A (en) Tender spots detection system, method and storage medium based on attack graph network
KR20220074531A (en) A method for generating security event traning data and an apparatus for generating security event traning data
CN108804635A (en) A kind of method for measuring similarity based on Attributions selection
Jung et al. Survey of network-based approaches of drug-target interaction prediction
Wei et al. Exploring local discriminative information from evolutionary profiles for cytokine–receptor interaction prediction
Georgopoulou et al. A multi-objective metamodel-assisted memetic algorithm with strength-based local refinement
CN112820347B (en) Disease gene prediction method based on multiple protein network pulse dynamics process
CN109033815A (en) Webshell detection method based on matrix decomposition
CN114462040A (en) Malicious software detection model training method, malicious software detection method and malicious software detection device
CN120068073A (en) A method and device for analyzing and identifying malware
Correia et al. Handling noise in protein interaction networks
Wang et al. Toward Efficient Neural Networks Through Predictor-Assisted NSGA-III for Anomaly Traffic Detection of IoT
CN110457896A (en) The detection method and detection device of online access
CN117495325A (en) Method and device for predicting email disclosure, storage medium and electronic equipment
CN114091019B (en) Dataset construction, malware identification, identification model construction method and device
CN114124456A (en) Safety detection method and device for comprehensive energy system, electronic equipment and storage medium
Li et al. MTMO: an efficient network‐centric algorithm for subtree counting and enumeration
García-Pérez et al. Predictability of missing links in complex networks
CN112001176A (en) Text data homogenization detection method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20181218