CN111027061A - A data packet-based terminal virus detection method, device and storage device - Google Patents
A data packet-based terminal virus detection method, device and storage device Download PDFInfo
- Publication number
- CN111027061A CN111027061A CN201910141319.9A CN201910141319A CN111027061A CN 111027061 A CN111027061 A CN 111027061A CN 201910141319 A CN201910141319 A CN 201910141319A CN 111027061 A CN111027061 A CN 111027061A
- Authority
- CN
- China
- Prior art keywords
- data packet
- suspicious process
- memory
- virtual machine
- callback information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Virology (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention discloses a data packet-based terminal virus detection method, a data packet-based terminal virus detection device and storage equipment, which are used for solving the problem that a terminal infected by a virus attacks other terminals with more vulnerabilities in a local area network. The method comprises the following steps: performing memory detection on all terminals; if a suspicious process is found, suspending the suspicious process; sending the suspicious process to a virtual machine; monitoring a data packet sent by a suspicious process in the virtual machine and a received callback information data packet, analyzing and matching with a preset attack mode or callback rule; if the matching similarity is not lower than the threshold value, the suspicious process is a process infected by the virus, and the process is treated; and if the matched similarity is lower than the threshold value, traversing the whole virtual machine memory and changing the CnC server address in the virtual machine memory into the address of a preset system.
Description
Technical Field
The embodiment of the invention relates to the field of virus detection, in particular to a terminal virus detection method and device based on a data packet and a storage device.
Background
Malicious attacks have become a problem that is faced everyday for internet users and related devices over the last few years. Software vulnerabilities in networked machines are increasingly discovered, many of which are system vulnerabilities. It is with these vulnerabilities that the lawless person penetrates into each terminal. Although these software vulnerabilities continue to be patched, network devices may still be continuously attacked.
The general manufacturers analyze the network traffic so as to resist the malicious attacks. For example, conventional IPS devices are often deployed by enterprises to combat known cyber attacks. However, the conventional IPS device cannot effectively protect unknown attacks, and cannot correspondingly repair the attacked terminal.
In addition, some other types of security systems are also often deployed by enterprises in order to be able to detect unknown attacks. These systems do not protect against attacks from those terminals that have become infected. This creates a gap between the compromised terminals and terminals that employ other measures to deter malicious activity.
It is assumed that there is a virus that can spread laterally, so that there are a lot of terminals attacked in the intranet, which will cause more serious damage to the network, and the time required to repair all the terminals is increased. Even if the patch of the software can be repaired quickly, and the repaired software cannot be destroyed by the malicious software, the terminals are still vulnerable to attacks and repeated infection of other malicious programs. There is therefore a great need for a method which can close this gap.
Disclosure of Invention
Based on the existing problems, embodiments of the present invention provide a method and an apparatus for detecting a terminal virus based on a data packet, and a storage device, so as to solve the problem that a host infected by a virus attacks more other hosts with vulnerabilities in a local area network.
The embodiment of the invention discloses a terminal virus detection method based on a data packet, which comprises the following steps:
performing memory detection on all terminals; if a suspicious process is found, suspending the suspicious process; sending the suspicious process to a virtual machine; monitoring a data packet sent by a suspicious process in the virtual machine and a received callback information data packet, analyzing and matching with a preset attack mode or callback rule; if the matching similarity is not lower than the threshold value, the suspicious process is a process infected by the virus, and the process is treated; and if the matched similarity is lower than the threshold value, traversing the whole virtual machine memory and changing the CnC server address in the virtual machine memory into the address of a preset system.
Further, if the matching similarity is lower than the threshold, after traversing the entire memory and changing the address of the CnC server in the memory of the virtual machine to the address of the preset system, the method further includes: and if receiving the data packet sent by the suspicious process, the preset system forges a corresponding callback information data packet and sends the callback information data packet back to the suspicious process, so that the suspicious process responds to the forged callback information.
Furthermore, the callback information corresponding to each data packet sent by the suspicious process or the callback information forged by a preset system is counted to form a database, and the callback information for closing the attack is obtained through analysis and statistics.
The embodiment of the invention discloses a terminal virus detection device based on a data packet, which comprises a memory and a processor, wherein the memory is used for storing a plurality of instructions, and the processor is used for loading the instructions stored in the memory to execute:
performing memory detection on all terminals; if a suspicious process is found, suspending the suspicious process; sending the suspicious process to a virtual machine; monitoring a data packet sent by a suspicious process in the virtual machine and a received callback information data packet, analyzing and matching with a preset attack mode or callback rule; if the matching similarity is not lower than the threshold value, the suspicious process is a process infected by the virus, and the process is treated; and if the matched similarity is lower than the threshold value, traversing the whole virtual machine memory and changing the CnC server address in the virtual machine memory into the address of a preset system.
Further, the processor is also configured to load instructions stored in the memory to perform:
if the matched similarity is lower than the threshold value, after traversing the whole memory and changing the address of the CnC server in the memory of the virtual machine into the address of a preset system, the method further comprises the following steps: and if receiving the data packet sent by the suspicious process, the preset system forges a corresponding callback information data packet and sends the callback information data packet back to the suspicious process, so that the suspicious process responds to the forged callback information.
Further, the processor is also configured to load instructions stored in the memory to perform:
and counting callback information corresponding to each data packet sent by the suspicious process or callback information forged by a preset system to form a database, and obtaining callback information for closing the attack by analyzing and counting.
The embodiment of the invention also discloses a terminal virus detection device based on the data packet, which comprises the following steps:
a memory detection module: the system is used for detecting the memory of all terminals;
a suspicious process suspension module: the system comprises a processor, a processor and a controller, wherein the processor is used for suspending a suspicious process if the suspicious process is found;
a suspicious process sending module: the suspicious process is sent to the virtual machine;
an analysis module: the system comprises a monitoring module, a callback information module and a callback information module, wherein the monitoring module is used for monitoring a data packet sent by a suspicious process in a virtual machine and a received callback information data packet and analyzing the data packet;
a matching module: for matching with predetermined attack patterns or callback rules;
a treatment module: if the matching similarity is not lower than the threshold, the suspicious process is a process infected by the virus, and the process judged to be infected by the virus is treated;
an address change module: and traversing the whole virtual machine memory and changing the CnC server address in the virtual machine memory into the address of a preset system if the matched similarity is lower than a threshold value.
The embodiment of the invention provides a storage device, wherein a plurality of instructions are stored in the storage device, and the instructions are suitable for being loaded by a processor and executing the steps of the data packet-based terminal virus detection method provided by the embodiment of the invention.
Compared with the prior art, the terminal virus detection method, the terminal virus detection device and the storage equipment based on the data packet, provided by the invention, at least realize the following beneficial effects:
performing memory detection on all terminals; if a suspicious process is found, suspending the suspicious process; sending the suspicious process to a virtual machine; monitoring a data packet sent by a suspicious process in the virtual machine and a received callback information data packet, analyzing and matching with a preset attack mode or callback rule; if the matching similarity is not lower than the threshold value, the suspicious process is a process infected by the virus, and the process is treated; and if the matched similarity is lower than the threshold value, traversing the whole virtual machine memory and changing the CnC server address in the virtual machine memory into the address of a preset system. The method utilizes the virtual machine technology, on the basis of detecting the received callback information data packet, the sent data packet is detected at the same time, when the existence of the process infected by the virus is found, the process can be disguised as a remote CnC server and sent to the terminal infected by the virus, and the callback information which is forged relatively is sent, so that the probability that other terminals with more loopholes in the local area network are attacked is reduced.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a flowchart of a method for detecting a terminal virus based on a data packet according to an embodiment of the present invention;
fig. 2 is a flowchart of another method for detecting a terminal virus based on a data packet according to an embodiment of the present invention;
fig. 3 is a block diagram of a terminal virus detection apparatus based on data packets according to an embodiment of the present invention;
fig. 4 is a block diagram of another apparatus for detecting a terminal virus based on a data packet according to an embodiment of the present invention.
Detailed Description
In order to make the object, technical solution and advantages of the present invention clearer, a specific implementation of a terminal virus detection method based on a data packet according to an embodiment of the present invention is described in detail below with reference to the accompanying drawings. It should be understood that the preferred embodiments described below are only for illustrating and explaining the present invention and are not to be used for limiting the present invention. And the embodiments and features of the embodiments in the present application may be combined with each other without conflict.
A common manufacturer deploys a traditional IPS device to resist known network attacks, but the traditional IPS device cannot effectively protect unknown attacks and can not correspondingly repair attacked terminals, wherein the IPS is an intrusion prevention system and is used for detecting and preventing malicious behaviors which are definitely judged as attack behaviors and can cause harm to networks and data; some other types of security systems are deployed by the enterprise in order to be able to detect unknown attacks, but these systems are not able to repair terminals that have become infected. This creates a gap between the compromised terminals and terminals that employ other measures to deter malicious activity.
Based on this, an embodiment of the present invention provides a flow chart of a terminal virus detection method based on a data packet, as shown in fig. 1, including:
the suspicious process is suspended in order to prevent the suspicious process from continuing other threat operations.
the suspicious process is stored in a preset virtual machine, so that the suspicious process can be monitored, and other terminals in the local area network cannot be threatened.
after the suspicious process is sent to the virtual machine, the data packets sent by the suspicious process are monitored, meanwhile, the fact that the suspicious process receives callback information data packets of the remote server is detected, and the data packets are analyzed. The preset attack mode and callback rule are analyzed from the sample and the attack events which occur in the past, and most of the attack mode and the callback rule are similar.
And step 15, if the matching similarity is not lower than the threshold, the suspicious process is a process infected by the virus, and the process is treated.
the CnC Server is a Command & Control Server, and generally refers to a master Control Server that directs a botnet to Control botnets, and is used to communicate with and direct each host infected with malicious software (malware) in botnets.
The method utilizes the virtual machine technology, on the basis of detecting the received callback information data packet, the sent data packet is detected at the same time, when the existence of the process infected by the virus is found, the process can be disguised as a remote CnC server and sent to the terminal infected by the virus, and the callback information which is forged relatively is sent, so that the probability that other terminals with more loopholes in the local area network are attacked is reduced.
As shown in fig. 2, a flowchart of another data-packet-based terminal virus detection method provided in the embodiment of the present invention includes:
step 24, monitoring data packets sent by suspicious processes in the virtual machines and received callback information data packets, analyzing, and matching with a preset attack mode or callback rule;
step 25, if the matching similarity is not lower than the threshold, the suspicious process is a process infected by the virus, and the process is treated;
when the callback information is analyzed and collected, all data packets sent and received by the process can be sensed, and the callback information is interacted basically by a common protocol, so that the information of the data packets can be analyzed. Through statistics, callback information corresponding to each data packet sent by the suspicious process or callback information forged by a preset system can be obtained, and a database is formed. Generally, the virus has callback information about the attack closing, so that through statistical analysis, the instruction callback of the attack closing can be obtained. Therefore, after analysis, a callback information data packet for closing the attack can be sent to the whole network, so that all infected terminals in the whole network are suspended, and the harm of the virus is reduced to the minimum.
An embodiment of the present invention further provides a terminal virus detection apparatus based on a data packet, as shown in fig. 3, including: the apparatus comprises a memory 31 and a processor 32, wherein the memory 31 is used for storing a plurality of instructions, and the processor 32 is used for loading the instructions stored in the memory 31 to execute:
performing memory detection on all terminals; if a suspicious process is found, suspending the suspicious process; sending the suspicious process to a virtual machine; monitoring a data packet sent by a suspicious process in the virtual machine and a received callback information data packet, analyzing and matching with a preset attack mode or callback rule; if the matching similarity is not lower than the threshold value, the suspicious process is a process infected by the virus, and the process is treated; and if the matched similarity is lower than the threshold value, traversing the whole virtual machine memory and changing the CnC server address in the virtual machine memory into the address of a preset system.
The processor 32 is configured to load the instructions stored in the memory 31 to perform:
if the matched similarity is lower than the threshold value, after traversing the whole memory and changing the address of the CnC server in the memory of the virtual machine into the address of a preset system, the method further comprises the following steps: and if receiving the data packet sent by the suspicious process, the preset system forges a corresponding callback information data packet and sends the callback information data packet back to the suspicious process, so that the suspicious process responds to the forged callback information.
The processor 32 is configured to load the instructions stored in the memory 31 to perform:
and counting callback information corresponding to each data packet sent by the suspicious process or callback information forged by a preset system to form a database, and obtaining callback information for closing the attack by analyzing and counting.
The embodiment of the present invention also provides another terminal virus detection apparatus based on a data packet, as shown in fig. 4, including:
the memory detection module 41: the system is used for detecting the memory of all terminals;
suspicious process suspension module 42: the system comprises a processor, a processor and a controller, wherein the processor is used for suspending a suspicious process if the suspicious process is found;
the suspicious process sending module 43: the suspicious process is sent to the virtual machine;
the analysis module 44: the system comprises a monitoring module, a callback information module and a callback information module, wherein the monitoring module is used for monitoring a data packet sent by a suspicious process in a virtual machine and a received callback information data packet and analyzing the data packet;
the matching module 45: for matching with predetermined attack patterns or callback rules;
the treatment module 46: if the matching similarity is not lower than the threshold, the suspicious process is a process infected by the virus, and the process judged to be infected by the virus is treated;
the address change module 47: and traversing the whole virtual machine memory and changing the CnC server address in the virtual machine memory into the address of a preset system if the matched similarity is lower than a threshold value.
The embodiment of the invention also provides a storage device, wherein a plurality of instructions are stored in the storage device, and the instructions are suitable for being loaded by the processor and executing the steps of the data packet-based terminal virus detection method provided by the embodiment of the invention.
Through the above description of the embodiments, it is clear to those skilled in the art that the embodiments of the present invention may be implemented by hardware, or by software plus a necessary general hardware platform. Based on such understanding, the technical solutions of the embodiments of the present invention may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.), and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods according to the embodiments of the present invention.
Those skilled in the art will appreciate that the drawings are merely schematic representations of one preferred embodiment and that the blocks or flow diagrams in the drawings are not necessarily required to practice the present invention.
Those skilled in the art will appreciate that the modules in the devices in the embodiments may be distributed in the devices in the embodiments according to the description of the embodiments, and may be correspondingly changed in one or more devices different from the embodiments. The modules of the above embodiments may be combined into one module, or further split into multiple sub-modules.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (8)
1. A terminal virus detection method based on data packets is characterized in that:
performing memory detection on all terminals;
if a suspicious process is found, suspending the suspicious process;
sending the suspicious process to a virtual machine;
monitoring a data packet sent by a suspicious process in the virtual machine and a received callback information data packet, analyzing and matching with a preset attack mode or callback rule;
if the matching similarity is not lower than the threshold value, the suspicious process is a process infected by the virus, and the process is treated;
and if the matched similarity is lower than the threshold value, traversing the whole virtual machine memory and changing the CnC server address in the virtual machine memory into the address of a preset system.
2. The method of claim 1, wherein if the matching similarity is below a threshold, after traversing the entire memory and changing the address of the CnC server in the virtual machine memory to the address of the preset system, further comprising:
and if receiving the data packet sent by the suspicious process, the preset system forges a corresponding callback information data packet and sends the callback information data packet back to the suspicious process, so that the suspicious process responds to the forged callback information.
3. The method of claim 2, further comprising:
and counting callback information corresponding to each data packet sent by the suspicious process or callback information forged by a preset system to form a database, and obtaining callback information for closing the attack by analyzing and counting.
4. A packet-based terminal virus detection apparatus, comprising a memory for storing a plurality of instructions and a processor for loading the instructions stored in the memory to perform:
performing memory detection on all terminals;
if a suspicious process is found, suspending the suspicious process;
sending the suspicious process to a virtual machine;
monitoring a data packet sent by a suspicious process in the virtual machine and a received callback information data packet, analyzing and matching with a preset attack mode or callback rule;
if the matching similarity is not lower than the threshold value, the suspicious process is a process infected by the virus, and the process is treated;
and if the matched similarity is lower than the threshold value, traversing the whole virtual machine memory and changing the CnC server address in the virtual machine memory into the address of a preset system.
5. The apparatus of claim 4, wherein the processor is further to load instructions stored in the memory to perform:
if the matched similarity is lower than the threshold value, after traversing the whole memory and changing the address of the CnC server in the memory of the virtual machine into the address of a preset system, the method further comprises the following steps:
and if receiving the data packet sent by the suspicious process, the preset system forges a corresponding callback information data packet and sends the callback information data packet back to the suspicious process, so that the suspicious process responds to the forged callback information.
6. The apparatus of claim 5, wherein the processor is further to load instructions stored in the memory to perform:
and counting callback information corresponding to each data packet sent by the suspicious process or callback information forged by a preset system to form a database, and obtaining callback information for closing the attack by analyzing and counting.
7. A packet-based terminal virus detection apparatus, comprising:
a memory detection module: the system is used for detecting the memory of all terminals;
a suspicious process suspension module: the system comprises a processor, a processor and a controller, wherein the processor is used for suspending a suspicious process if the suspicious process is found;
a suspicious process sending module: the suspicious process is sent to the virtual machine;
an analysis module: the system comprises a monitoring module, a callback information module and a callback information module, wherein the monitoring module is used for monitoring a data packet sent by a suspicious process in a virtual machine and a received callback information data packet and analyzing the data packet;
a matching module: for matching with predetermined attack patterns or callback rules;
a treatment module: if the matching similarity is not lower than the threshold, the suspicious process is a process infected by the virus, and the process judged to be infected by the virus is treated;
an address change module: and traversing the whole virtual machine memory and changing the CnC server address in the virtual machine memory into the address of a preset system if the matched similarity is lower than a threshold value.
8. A memory device having stored therein a plurality of instructions adapted to be loaded by a processor and to perform the steps of the method of any of claims 1-3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910141319.9A CN111027061A (en) | 2019-02-26 | 2019-02-26 | A data packet-based terminal virus detection method, device and storage device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910141319.9A CN111027061A (en) | 2019-02-26 | 2019-02-26 | A data packet-based terminal virus detection method, device and storage device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111027061A true CN111027061A (en) | 2020-04-17 |
Family
ID=70203474
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910141319.9A Pending CN111027061A (en) | 2019-02-26 | 2019-02-26 | A data packet-based terminal virus detection method, device and storage device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111027061A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112153062A (en) * | 2020-09-27 | 2020-12-29 | 北京北信源软件股份有限公司 | Multi-dimension-based suspicious terminal equipment detection method and system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2012064208A (en) * | 2010-09-15 | 2012-03-29 | Chunghwa Telecom Co Ltd | Network virus prevention method and system |
| US20150372980A1 (en) * | 2014-06-24 | 2015-12-24 | Fireeye, Inc. | Intrusion prevention and remedy system |
| CN108762888A (en) * | 2018-05-17 | 2018-11-06 | 湖南文盾信息技术有限公司 | A kind of virus detection system examined oneself based on virtual machine and method |
-
2019
- 2019-02-26 CN CN201910141319.9A patent/CN111027061A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2012064208A (en) * | 2010-09-15 | 2012-03-29 | Chunghwa Telecom Co Ltd | Network virus prevention method and system |
| US20150372980A1 (en) * | 2014-06-24 | 2015-12-24 | Fireeye, Inc. | Intrusion prevention and remedy system |
| CN108762888A (en) * | 2018-05-17 | 2018-11-06 | 湖南文盾信息技术有限公司 | A kind of virus detection system examined oneself based on virtual machine and method |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112153062A (en) * | 2020-09-27 | 2020-12-29 | 北京北信源软件股份有限公司 | Multi-dimension-based suspicious terminal equipment detection method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107426242B (en) | Network security protection method, device and storage medium | |
| US8931099B2 (en) | System, method and program for identifying and preventing malicious intrusions | |
| EP2988468B1 (en) | Apparatus, method, and program | |
| CN107659583B (en) | Method and system for detecting attack in fact | |
| CN111600880A (en) | Method, system, storage medium and terminal for detecting abnormal access behavior | |
| US9479521B2 (en) | Software network behavior analysis and identification system | |
| WO2022088633A1 (en) | Lateral penetration protection method and apparatus, device and storage medium | |
| CN113079185B (en) | Industrial firewall control method and equipment for realizing deep data packet detection control | |
| US20180103058A1 (en) | System and method for iteratively updating network attack mitigation countermeasures | |
| US10757029B2 (en) | Network traffic pattern based machine readable instruction identification | |
| CN110401638B (en) | Method and device for analyzing network traffic | |
| Sumanth et al. | Raspberry pi based intrusion detection system using k-means clustering algorithm | |
| KR101499470B1 (en) | Advanced Persistent Threat attack defense system and method using transfer detection of malignant code | |
| CN115913720A (en) | Network protection method, device, electronic equipment and medium | |
| CN109218315B (en) | Safety management method and safety management device | |
| US20160149933A1 (en) | Collaborative network security | |
| CN111027061A (en) | A data packet-based terminal virus detection method, device and storage device | |
| EP4485860A1 (en) | Malware beacon detection system | |
| Subbulakshmi et al. | A unified approach for detection and prevention of DDoS attacks using enhanced support vector machines and filtering mechanisms | |
| CN114124560A (en) | Method and device for detecting defect host, electronic equipment and storage medium | |
| CN109951484B (en) | Test method and system for attacking machine learning product | |
| CN115499236B (en) | Access request processing method, device, medium and computing device | |
| US12462029B2 (en) | Virus autonomous defense system (VADS) | |
| Paramaputra et al. | Mitigation of Multi Target Denial of Service (dos) Attacks Using Wazuh Active Response | |
| Park et al. | Identification of bot commands by run-time execution monitoring |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200417 |