CN116069380A - Rule-based host asset detection method, device and readable storage medium - Google Patents
Rule-based host asset detection method, device and readable storage medium Download PDFInfo
- Publication number
- CN116069380A CN116069380A CN202310127333.XA CN202310127333A CN116069380A CN 116069380 A CN116069380 A CN 116069380A CN 202310127333 A CN202310127333 A CN 202310127333A CN 116069380 A CN116069380 A CN 116069380A
- Authority
- CN
- China
- Prior art keywords
- rule
- host asset
- asset
- host
- sub
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/71—Version control; Configuration management
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The embodiment of the invention discloses a rule-based host asset detection method, a rule-based host asset detection device and a readable storage medium. The method comprises the following steps: establishing a host asset identification rule, wherein the rule comprises a plurality of fields for recording host asset information; deploying the host asset identification rule and establishing a rule field index; based on the host asset identification rule, detecting whether all fields are established or not, and obtaining a detection result; establishing a rule and/or a rule according to the field proportion satisfied in the detection result; whether the current host asset exists is determined according to whether the current host asset detection execution and rule or the rule. The invention can realize the purpose of host asset collection and has the characteristics of flexibility, portability, user definition, reusability, stability and high safety.
Description
Technical Field
The present invention relates to the field of host asset detection counting, and in particular, to a rule-based host asset detection method, device, and readable storage medium.
Background
Host asset information includes host base information (hostname, host IP, host management information), system hardware information (various types of hardware information such as system kernel, CPU, memory, hard disk, disk usage distribution, etc.), all installed software (applications, drivers, utilities and plugins and their respective versions), virtual environment details (including mirroring), approved user accounts, and open ports, etc. With the rapid development of the internet at present, a significant portion of relevant plug-ins, software packages, applications, services and the like installed by a host, whether enterprises or individuals, are not seen or unknown to users. Host assets are at risk of being utilized by an attacker or having vulnerabilities, and once the associated risk is triggered, it is also difficult for a user to find the source. The collection and detection of host assets is also particularly important.
Traditional information technology equipment asset management generally relies on non-automated paper file-based systems for recording and tracking, and is implemented entirely manually, thus resulting in extremely inefficient management, slow data entry speeds, and low accuracy. Because of the difficulty in manual statistics of the information technology equipment assets, the incapability of achieving real-time and timely updating, difficulty in collecting vulnerability detection programs and the like, the information technology equipment assets are difficult to comprehensively incorporate into the category of normalized management. The host is used as the most abundant and concentrated of the assets, so that the whole condition of the assets can be known clearly in real time. It is necessary to collect and detect host assets through new techniques.
Disclosure of Invention
In view of the above, an object of the embodiments of the present invention is to provide a rule-based host asset detection method, device and readable storage medium, which can achieve the purpose of host asset collection, and has the characteristics of flexibility, portability, user definition, reusability, stability and high security.
In a first aspect, an embodiment of the present invention provides a rule-based host asset detection method, including:
a host asset identification rule is established, the rule comprising a number of fields that describe host asset information.
And deploying the host asset identification rule and establishing a rule field index.
And based on the host asset identification rule, detecting whether all the fields are established or not, and obtaining a detection result.
And establishing a rule and/or a rule according to the field proportion satisfied in the detection result.
Whether the current host asset exists is determined according to whether the current host asset detection execution and rule or the rule.
With reference to the first aspect, the embodiment of the present invention provides a first possible implementation manner of the first aspect, where before deploying the host asset identification rule, a system-level interface of the host to be detected is modified into a cross-platform unified interface.
The method mainly comprises the steps of modifying a process and a file system, wherein a Windows interface is packaged by adopting COM and Win Base, and a Linux interface is packaged by adopting Unix series functions.
With reference to the first aspect, the embodiment of the present invention provides a second possible implementation manner of the first aspect, wherein the fields in the host asset identification rule include:
type asset Type, assetName scan asset name, isCheck detect switch, isReport report switch, rule or rule, rule and rule, funclst method list, argsList parameter list, isMust necessary flag, isContinue continue flag, timeOut time, memSize memory size, loopSize cycle number, percentage condition, funcName function name, whether IsOut goes out of parameters and whether IsStore is stored.
The Type asset types include applications, installation packages, and services, among others.
Rule and rule or rule peer and may be included with each other. To ensure the efficiency, timeliness, and flexibility of the rules, one or some of the validation may be set, or a percentage mechanism may be set.
The FuncList method list identifies which operations are required for an asset, and each operation is a process flow that includes constraint flags such as an exit parameter, an entry parameter, a timeout, a number of cycles, a memory constraint, and whether to store.
With reference to the first aspect, an embodiment of the present invention provides a third possible implementation manner of the first aspect, where the deploying the host asset identification rule, establishing a rule field index includes:
loading and updating the host asset identification rule.
And updating the host asset identification rule at the server side, and sending the updated rule to the detection side.
And verifying the validity of the current host asset detection.
If the rule is legal, the rule analysis operation is carried out, and the rule field index is established.
With reference to the first aspect, an embodiment of the present invention provides a fourth possible implementation manner of the first aspect, where the performing, based on the host asset identification rule, whether detection is true on all fields, to obtain a detection result, includes:
the detection process is divided into a number of sub-processes, each sub-process comprising identification detection of one or more fields.
The ArgsList parameter list comprises a plurality of parameters, and each sub-process is acquired according to the attribute of each parameter.
The identification detection process is matched to the FuncList method list.
And loading and executing the operation function corresponding to each sub-process according to the sequence in the FuncList method list to obtain the detection result of each sub-process.
With reference to the first aspect, an embodiment of the present invention provides a fourth possible implementation manner of the first aspect, where after execution of an operation function corresponding to each sub-process is completed, whether the sub-process is executed is determined according to whether an exit parameter is cached, if so, the sub-process is saved according to a function name and a rule field index, and the saved sub-process is not executed twice.
The technical effects are as follows: preventing the secondary execution from consuming resources.
With reference to the first aspect, an embodiment of the present invention provides a fourth possible implementation manner of the first aspect, where the establishing a rule and/or a rule according to a field proportion satisfied in the detection result includes:
for the AND rule, the current host asset is deemed to exist as long as a sub-process is established.
For the or rule, counting each established sub-process, and if the ratio of the sum of the counts to the total number of rules is greater than a preset ratio value P (the value of the percentage condition), then the asset is considered to exist, wherein P is a percentage between 0 and 100 Percent.
With reference to the first aspect, an embodiment of the present invention provides a fourth possible implementation manner of the first aspect, where in the or rule, if the preset proportion value P is 0, it indicates that each sub-process is established, and the asset is determined to exist.
In a second aspect, embodiments of the present invention also provide a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing a rule-based host asset detection method as described above when executing the computer program.
In a third aspect, embodiments of the present invention also provide a computer readable storage medium having stored thereon a computer program which when executed by a processor implements a rule-based host asset detection method as described above.
The embodiment of the invention has the beneficial effects that:
the invention realizes the purpose of host asset collection based on host asset identification rules and combined with related system-level interfaces, and has the characteristics of flexibility, portability, self definition, reusability, high stability and high safety.
The host asset collection core function of the invention is mainly realized by a system C language interface. The method is an effective method by packaging and secondarily reforming the file and the process related function and combining established rules to realize host asset collection, and can realize flexible deployment equivalent to a shell.
The detection mode of the invention is safe, reliable, controllable and stable, the control of the resource occupation can be customized, the compatibility is good, and most of confusion and counterfeit assets can be avoided.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a rule-based host asset detection method of the present invention;
FIG. 2 is a schematic flow chart of a rule field index establishment by deploying host asset identification rules in the rule-based host asset detection method of the present invention;
FIG. 3 is a flow chart illustrating the detection of all fields performed in the rule-based host asset detection method of the present invention;
FIG. 4 is a flow chart of the rule and/or rules in the rule-based host asset detection method of the present invention;
FIG. 5 is a complete flow chart of the rule-based host asset detection method of the present invention;
FIG. 6 is a diagram of the relationship of the fields in the host asset identification rule of the rule-based host asset detection method of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. The components of the embodiments of the present invention generally described and illustrated in the figures herein can be arranged and designed in a wide variety of different configurations.
Referring to fig. 1, a first embodiment of the present invention provides a rule-based host asset detection method, which includes:
s100, establishing a host asset identification rule, wherein the rule comprises a plurality of fields for recording host asset information.
S200, deploying the host asset identification rule and establishing a rule field index.
And S300, based on the host asset identification rule, detecting whether all fields are established or not, and obtaining a detection result.
S400, establishing a rule and/or a rule according to the field proportion satisfied in the detection result.
S500, whether the current host asset exists is determined according to whether the current host asset detection execution and rule or the rule.
Specifically, before the host asset identification rule is deployed, the system-level interface of the host to be detected is modified into a unified interface capable of crossing platforms.
The method mainly comprises the steps of modifying a process and a file system, wherein a Windows interface is packaged by adopting COM and Win Base, and a Linux interface is packaged by adopting Unix series functions.
Specifically, as shown in fig. 6, the fields in the host asset identification rule include:
type asset Type, assetName scan asset name, isCheck detect switch, isReport report switch, rule or rule, rule and rule, funclst method list, argsList parameter list, isMust necessary flag, isContinue continue flag, timeOut time, memSize memory size, loopSize cycle number, percentage condition, funcName function name, whether IsOut goes out of parameters and whether IsStore is stored.
The Type asset types include applications, installation packages, and services, among others.
Rule and rule or rule peer and may be included with each other. To ensure the efficiency, timeliness, and flexibility of the rules, one or some of the validation may be set, or a percentage mechanism may be set.
The FuncList method list identifies which operations are required for an asset, and each operation is a process flow that includes constraint flags such as an exit parameter, an entry parameter, a timeout, a number of cycles, a memory constraint, and whether to store.
In the example scene, for example, a java frame asset is identified to need a precondition web container to exist, so that a nesting mechanism exists, a layer of cache is needed to be made for the nesting mechanism so as to ensure that repeated scanning is avoided to consume resources, and the method is characterized in that fields in a self-developed knowledge dictionary are not modifiable, are not newly added and are encrypted.
Wherein, the format of the host asset identification rule is as follows:
through the detection of fine granularity and the coexistence of a plurality of rules, the method ensures that a host asset is accurately established through the rules, and can achieve the purpose of identifying a certain character and authenticity in a certain file under a certain folder of the system. Meanwhile, in the identification process, a layer of hash check is established to prevent other risks such as file tampering.
Compared with the json format with simple hierarchy, the format can be configured and applied more flexibly, and the FunList can flexibly combine various sub-processes to realize the identification of complex scenes, so that the method can replace the processes of related shell and lua scripts.
Specifically, as shown in fig. 2, the deploying the host asset identification rule, and establishing a rule field index includes:
s201, loading and updating the host asset identification rule.
The host asset identification rule is updated at the server side, and the updated rule is sent to the detection side.
S202, verifying the validity of the current host asset detection.
And S203, if the rule is legal, performing rule analysis operation, and establishing a rule field index.
Specifically, as shown in fig. 3, the detecting whether all fields are established based on the host asset identification rule, to obtain a detection result includes:
s301, dividing the detection process into a plurality of sub-processes, wherein each sub-process comprises identification detection of one or more fields.
S302, the ArgsList parameter list comprises a plurality of parameters, and each sub-process is acquired according to the attribute of each parameter.
S303, matching the identification detection process with the FuncList method list.
S304, loading and executing the operation function corresponding to each sub-process according to the sequence in the FuncList method list, and obtaining the detection result of each sub-process.
Specifically, after the execution of the operation function corresponding to each sub-process is finished, judging whether the sub-process is executed according to whether the outlet parameter is cached, if so, storing the sub-process according to the function name and the rule field index, and the stored sub-process is not executed for the second time.
The technical effects are as follows: preventing the secondary execution from consuming resources.
Specifically, as shown in fig. 4, the establishing a rule and/or a rule according to the field proportion satisfied in the detection result includes:
s401, regarding the AND rule, as long as one sub-process is established, the existence of the current host asset is determined.
S402, counting each established sub-process for the or rule, and if the ratio of the sum of the counts to the total number of rules is greater than a preset ratio value P (the value of the percentage condition), determining that the asset exists, wherein P is a percentage between 0 and 100 Percent.
Specifically, in the or rule, if the preset proportion value P is 0, it indicates that each sub-process is established, and the asset is identified to exist.
A second embodiment of the invention provides a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing a rule-based host asset detection method as described above when executing the computer program.
A third embodiment of the invention provides a computer readable storage medium having stored thereon a computer program which when executed by a processor implements a rule-based host asset detection method as described above.
The embodiment of the invention aims to protect a rule-based host asset detection method, a rule-based host asset detection device and a readable storage medium, and has the following effects:
1. the invention realizes the purpose of host asset collection based on host asset identification rules and combined with related system-level interfaces, and has the characteristics of flexibility, portability, self definition, reusability, high stability and high safety.
2. The host asset collection core function of the invention is mainly realized by a system C language interface. The method is an effective method by packaging and secondarily reforming the file and the process related function and combining established rules to realize host asset collection, and can realize flexible deployment equivalent to a shell.
3. The detection mode of the invention is safe, reliable, controllable and stable, the control of the resource occupation can be customized, the compatibility is good, and most of confusion and counterfeit assets can be avoided.
The computer program product of the rule-based host asset detection method and device provided by the embodiments of the present invention includes a computer readable storage medium storing program codes, and the instructions included in the program codes may be used to execute the method in the foregoing method embodiment, and specific implementation may refer to the method embodiment and will not be described herein.
Specifically, the storage medium can be a general storage medium, such as a mobile disk, a hard disk, and the like, and when a computer program on the storage medium is run, the rule-based host asset detection method can be executed, so that the purpose of host asset collection can be achieved, and the method has the characteristics of flexibility, portability, customization, reusability, stability and high safety.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a non-volatile computer readable storage medium executable by a processor. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
Finally, it should be noted that: the above examples are only specific embodiments of the present invention, and are not intended to limit the scope of the present invention, but it should be understood by those skilled in the art that the present invention is not limited thereto, and that the present invention is described in detail with reference to the foregoing examples: any person skilled in the art may modify or easily conceive of the technical solution described in the foregoing embodiments, or perform equivalent substitution of some of the technical features, while remaining within the technical scope of the present disclosure; such modifications, changes or substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention, and are intended to be included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. A rule-based host asset detection method, comprising:
establishing a host asset identification rule, wherein the rule comprises a plurality of fields for recording host asset information;
deploying the host asset identification rule and establishing a rule field index;
based on the host asset identification rule, detecting whether all fields are established or not, and obtaining a detection result;
establishing a rule and/or a rule according to the field proportion satisfied in the detection result;
whether the current host asset exists is determined according to whether the current host asset detection execution and rule or the rule.
2. The rule-based host asset detection method of claim 1, wherein prior to deploying the host asset identification rule, a system level interface of a host to be detected is adapted to be a cross-platform unified interface.
3. The rule-based host asset detection method of claim 1, wherein the fields in the host asset identification rule comprise:
type asset Type, assetName scan asset name, isCheck detect switch, isReport report switch, rule or rule, rule and rule, funclst method list, argsList parameter list, isMust necessary flag, isContinue continue flag, timeOut time, memSize memory size, loopSize cycle number, percentage condition, funcName function name, whether IsOut goes out of parameters and whether IsStore is stored.
4. The rule-based host asset detection method of claim 1, wherein deploying the host asset identification rule, creating a rule field index, comprises:
loading and updating the host asset identification rule;
verifying the legitimacy of the current host asset detection;
if the rule is legal, the rule analysis operation is carried out, and the rule field index is established.
5. A rule-based host asset detection method according to claim 3, wherein the detecting whether all fields are valid based on the host asset identification rule, to obtain a detection result, comprises:
dividing the detection process into a plurality of sub-processes, each sub-process comprising identification detection of one or more fields;
the ArgsList parameter list comprises a plurality of parameters, and each sub-process is obtained according to the attribute of each parameter;
matching the identification detection process with a FuncList method list;
and loading and executing the operation function corresponding to each sub-process according to the sequence in the FuncList method list to obtain the detection result of each sub-process.
6. The rule-based host asset detection method of claim 5, wherein,
after the execution of the operation function corresponding to each sub-process is finished, judging whether the sub-process is executed or not according to whether the outlet parameter is cached, if so, storing the sub-process according to the function name and the rule field index, and executing the stored sub-process for no second time.
7. The rule-based host asset detection method of claim 5, wherein the establishing a sum or a rule according to the field proportion satisfied in the detection result comprises:
for the AND rule, as long as one sub-process is established, the existence of the current host asset is considered;
for the or rule, counting each established sub-process, and if the ratio of the sum of the counts to the total number of rules is greater than a preset ratio value P, determining that the asset exists, wherein P is a percentage between 0 and 100 percent.
8. The rule-based host asset detection method of claim 7, wherein the or rule indicates that each sub-process is true if the predetermined ratio P is 0, and the asset is identified as present.
9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the rule-based host asset detection method of any one of claims 1 to 8 when the computer program is executed.
10. A computer readable storage medium having stored thereon a computer program, which when executed by a processor implements a rule-based host asset detection method according to any of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310127333.XA CN116069380B (en) | 2023-02-02 | 2023-02-02 | Rule-based host asset detection method, device and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310127333.XA CN116069380B (en) | 2023-02-02 | 2023-02-02 | Rule-based host asset detection method, device and readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116069380A true CN116069380A (en) | 2023-05-05 |
| CN116069380B CN116069380B (en) | 2023-09-12 |
Family
ID=86172980
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310127333.XA Active CN116069380B (en) | 2023-02-02 | 2023-02-02 | Rule-based host asset detection method, device and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116069380B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060053476A1 (en) * | 2004-09-03 | 2006-03-09 | Bezilla Daniel B | Data structure for policy-based remediation selection |
| CN113987519A (en) * | 2021-11-05 | 2022-01-28 | 湖北天融信网络安全技术有限公司 | Vulnerability rule base generation method and device, electronic equipment, storage medium and system |
| CN114826671A (en) * | 2022-03-18 | 2022-07-29 | 中国人民解放军国防科技大学 | Network asset identification method and device based on fingerprint hierarchical matching |
| CN114972827A (en) * | 2021-02-26 | 2022-08-30 | 腾讯科技(北京)有限公司 | Asset identification method, device, equipment and computer readable storage medium |
-
2023
- 2023-02-02 CN CN202310127333.XA patent/CN116069380B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060053476A1 (en) * | 2004-09-03 | 2006-03-09 | Bezilla Daniel B | Data structure for policy-based remediation selection |
| CN114972827A (en) * | 2021-02-26 | 2022-08-30 | 腾讯科技(北京)有限公司 | Asset identification method, device, equipment and computer readable storage medium |
| CN113987519A (en) * | 2021-11-05 | 2022-01-28 | 湖北天融信网络安全技术有限公司 | Vulnerability rule base generation method and device, electronic equipment, storage medium and system |
| CN114826671A (en) * | 2022-03-18 | 2022-07-29 | 中国人民解放军国防科技大学 | Network asset identification method and device based on fingerprint hierarchical matching |
Non-Patent Citations (1)
| Title |
|---|
| 吴进;戴海彬;: "一种面向未知攻击的安全威胁发现技术研究", 通信管理与技术, no. 04 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116069380B (en) | 2023-09-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20250015999A1 (en) | Security Privilege Escalation Exploit Detection and Mitigation | |
| JP7531816B2 (en) | Image-based malicious code detection method and device and artificial intelligence-based endpoint threat detection and response system using the same | |
| CN111401416B (en) | Abnormal website identification method and device and abnormal countermeasure identification method | |
| CN104123493B (en) | The safety detecting method and device of application program | |
| CN110602029B (en) | Method and system for identifying network attack | |
| US9798981B2 (en) | Determining malware based on signal tokens | |
| Demir et al. | Security smells in smart contracts | |
| US11861015B1 (en) | Risk scoring system for vulnerability mitigation | |
| Salehi et al. | Not so immutable: Upgradeability of smart contracts on ethereum | |
| KR20090043530A (en) | Software authorization method and system using software reflection, and computer-readable medium therefor | |
| CN104040554A (en) | Calculating quantitative asset risk | |
| WO2015016952A1 (en) | Determining malware based on signal tokens | |
| Haque et al. | Well begun is half done: An empirical study of exploitability & impact of base-image vulnerabilities | |
| CN116324773A (en) | Method and apparatus for protecting smart contracts from attacks | |
| CN108028843B (en) | Method, system and computing device for securing delivery of computer-implemented functionality | |
| JP2011233081A (en) | Application determination system and program | |
| KR102541888B1 (en) | Image-based malicious code analysis method and apparatus and artificial intelligence-based endpoint detection and response system using the same | |
| Bani-Hani et al. | Vulnerability Detection and Classification of Ethereum Smart Contracts Using Deep Learning. | |
| CN111191240A (en) | Internet electronic evidence collection method, device and equipment | |
| CN116069380B (en) | Rule-based host asset detection method, device and readable storage medium | |
| KR102498265B1 (en) | Privacy preserving applications and device fault detection | |
| Nahum et al. | OSSIntegrity: Collaborative open-source code integrity verification | |
| CN118940273A (en) | A security vulnerability grading assessment method, device, equipment and storage medium | |
| CN112613893A (en) | Method, system, equipment and medium for identifying malicious user registration | |
| Zhang | Quantitative risk assessment under multi-context environments |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |