TWM639265U - Advanced Threat Protection Event Information Integration System - Google Patents
Advanced Threat Protection Event Information Integration System Download PDFInfo
- Publication number
- TWM639265U TWM639265U TW111211822U TW111211822U TWM639265U TW M639265 U TWM639265 U TW M639265U TW 111211822 U TW111211822 U TW 111211822U TW 111211822 U TW111211822 U TW 111211822U TW M639265 U TWM639265 U TW M639265U
- Authority
- TW
- Taiwan
- Prior art keywords
- protection
- module
- files
- protection event
- event information
- Prior art date
Links
Images
Landscapes
- Burglar Alarm Systems (AREA)
- Alarm Systems (AREA)
Abstract
一種進階威脅防護事件資訊整合系統,用於將外部主機中的防護日誌檔案進行整合後,提供給系統管理員實施例行防護作業,包括:通訊模組,用於存取外部主機中的防護日誌檔案;資料預處理模組,用於將防護日誌檔案進行資料預處理後產生標準化檔案;資料關聯模組,用於接收標準化檔案,並標準化檔案進行資料關聯作業後產生關聯化檔案;防護建議分析模組,用於接收關聯化檔案,透過大數據分析作業產生防護事件報表,並回傳至該系統管理員裝置以進行例行防護作業;以及資料庫,用於儲存標準化檔案、關聯化檔案、防護事件報表與內部情資。 An advanced threat protection event information integration system, which is used to integrate the protection log files in the external host and provide it to the system administrator to implement routine protection operations, including: a communication module for accessing the protection log files in the external host Log files; data preprocessing module, which is used to generate standardized files after data preprocessing of protection log files; data association module, used to receive standardized files, and perform data association operations on standardized files to generate associated files; protection suggestions The analysis module is used to receive associated files, generate protection event reports through big data analysis operations, and send them back to the system administrator’s device for routine protection operations; and the database is used to store standardized files and associated files , Protection incident reports and internal information.
Description
本新型揭露一種進階威脅防護事件資訊整合系統,尤其是一種可自動分析資料並給予對應風險等級的進階威脅防護事件資訊整合系統。 The present invention discloses an advanced threat protection event information integration system, especially an advanced threat protection event information integration system that can automatically analyze data and give corresponding risk levels.
現行技術中所使用的進階威脅防護系統設備日報,既未提供詳細的事件資訊,也不支援原始資料的匯出,即使透過安全性資訊與事件管理(SIEM)來擷取事件資訊,仍然須將大量資料做分類與分析,例如:內弱掃行為、行內下載行為等;並且,針對外部的惡意連線,需要查詢多個外部情資來決定是否要利用防火牆來做阻擋;此外,針對可疑網域的對外連線,則需要確認是否有被其他資安設備阻擋。有關於通訊安全的問題十分繁雜且難以統一,勢必對資安人員的作業上造成沉重的負擔。 The advanced threat protection system device daily report used in the current technology neither provides detailed event information nor supports the export of raw data. Even if the event information is retrieved through Security Information and Event Management (SIEM), it still needs to Classify and analyze a large amount of data, such as: internal weak scan behavior, in-line download behavior, etc.; and, for external malicious connections, it is necessary to query multiple external information to determine whether to use the firewall to block; For external connections of suspicious domains, it is necessary to confirm whether they are blocked by other information security devices. Issues related to communication security are very complicated and difficult to unify, which will inevitably impose a heavy burden on the operation of information security personnel.
因此,如何發展出一種可自動擷取、分析各個情資資料,並自動給與對應風險等級以便利資安人員做為例行維護作業之參考的進階威脅防護事件資訊整合系統,成為了一個十分重要的議題。 Therefore, how to develop an advanced threat protection event information integration system that can automatically capture and analyze various intelligence data, and automatically give the corresponding risk level to facilitate information security personnel as a reference for routine maintenance operations has become a problem. very important issue.
本新型的目的在於提供一種進階威脅防護事件資訊整合系統,用於將多個外部主機中的多個防護日誌檔案進行防護事件資訊整合作業後,提供給系統管理員利用系統管理員裝置實施例行防護作業,包括:通訊模組、資料預處理模組、資料關聯模組、防護建議分析模組以及資料庫。 The purpose of this new model is to provide an advanced threat protection event information integration system, which is used to integrate multiple protection log files in multiple external hosts after the protection event information integration operation, and provide the system administrator with the system administrator device embodiment Perform protection operations, including: communication module, data preprocessing module, data association module, protection suggestion analysis module and database.
可選地,所述通訊模組,訊號連接外部主機與系統管理員裝置,用於存取外部主機中的防護日誌檔案;所述資料預處理模組,訊號連接通訊模組,用於將防護日誌檔案進行資料預處理作業後產生多個標準化檔案;所述資料關聯模組,訊號連接通訊模組與資料預處理模組,用於接收標準化檔案,並根據內部情資與外部情資,將標準化檔案進行資料關聯作業後產生多個關聯化檔案;防護建議分析模組,訊號連接通訊模組與資料關聯模組,用於接收關聯化檔案,透過大數據分析作業對關聯化檔案進行防護事件資訊整合作業後,產生防護事件報表,並透過通訊模組回傳至系統管理員裝置以進行例行防護作業;所述資料庫,訊號連接資料預處理模組、資料關聯模組與防護建議分析模組,用於儲存標準化檔案、關聯化檔案、防護事件報表與內部情資。 Optionally, the communication module is connected to the external host and the system administrator device for accessing the protection log file in the external host; the data preprocessing module is connected to the communication module for the protection Multiple standardized files are generated after data preprocessing of the log files; the data association module is signal-connected to the communication module and the data preprocessing module for receiving standardized files, and according to internal information and external information, will Multiple associated files are generated after the data association operation of the standardized file; the protection suggestion analysis module, the signal connection communication module and the data association module are used to receive the associated files, and carry out protection events on the associated files through big data analysis operations After the information integration operation, a protection event report is generated and sent back to the system administrator’s device through the communication module for routine protection operations; the database, signal connection data preprocessing module, data association module and protection suggestion analysis Module, used to store standardized files, associated files, protection event reports and internal information.
可選地,所述外部主機包括:安全性資訊與事件管理主機、沙箱分析系統、網路代理伺服器、網頁應用程式防火牆或其組合。 Optionally, the external host includes: a security information and event management host, a sandbox analysis system, a network proxy server, a web application firewall or a combination thereof.
可選地,所述資料預處理作業包括:解壓縮作業、重新命名作業或其組合。 Optionally, the data preprocessing job includes: a decompression job, a renaming job or a combination thereof.
可選地,所述資料關聯模組係透過內部情資之事件分類與外部情資之風險程度進行資料關聯作業。 Optionally, the data association module performs data association operations through event classification of internal information and risk degree of external information.
可選地,所述防護建議分析模組係透過多個防護風險參數執行防護事件資訊整合作業,以產生防護事件報表。 Optionally, the protection suggestion analysis module performs a protection event information integration operation through multiple protection risk parameters to generate a protection event report.
可選地,所述防護風險參數包括外部情資之風險程度與內部情資之內部防火牆性能。 Optionally, the protection risk parameters include the risk degree of external information and the internal firewall performance of internal information.
可選地,所述內部防火牆性能包括:網路流量處理量、威脅行為網路流量處理量、每秒新連線建立數量紀錄能力、最大連線量或其組合。 Optionally, the performance of the internal firewall includes: network traffic processing capacity, threat behavior network traffic processing capacity, ability to record the number of new connections established per second, maximum connection capacity or a combination thereof.
可選地,所述防護事件報表具有建議阻擋天數。 Optionally, the protection event report has recommended blocking days.
可選地,本新型的進階威脅防護事件資訊整合系統更包括:回饋模組,訊號連接通訊模組、資料庫與防護建議分析模組,當系統管理員不接受大數據分析作業產出之防護事件報表,透過系統管理員裝置向回饋模組發送修正指令,修正指令再傳遞至防護建議分析模組,以修正大數據分析作業,並將修正後之防護事件報表儲存至資料庫中。 Optionally, the new advanced threat protection event information integration system further includes: a feedback module, a signal connection communication module, a database and a protection suggestion analysis module, when the system administrator does not accept the output of the big data analysis operation The protection event report sends correction commands to the feedback module through the system administrator device, and the correction commands are then passed to the protection suggestion analysis module to correct the big data analysis operation and store the corrected protection event reports in the database.
綜上所述,本新型的進階威脅防護事件資訊整合系統可以達成以下功效:(1)大幅優化目前例行防護作業的流程,且以更接近例行防護作業之顯示方式來呈現,因此作業人員不需花費太多時間便可快速適應;(2)透過防護事件資訊整合作業,能更有效地判斷並分析事件來源,節省作業人員的工作時間;(3)可以自動按照報表中的建議阻擋天數自動進行阻擋,並於指定期間後自動解除阻擋功能,大幅減輕防火牆的負擔。 To sum up, this new type of advanced threat protection event information integration system can achieve the following effects: (1) greatly optimize the current routine protection operation process, and present it in a display method that is closer to routine protection operations, so the operation It does not take too much time for personnel to adapt quickly; (2) Through the integration of protection event information, the source of the event can be judged and analyzed more effectively, saving the working time of the operator; (3) It can automatically block according to the recommendations in the report The number of days is automatically blocked, and the blocking function is automatically unblocked after the specified period, which greatly reduces the burden on the firewall.
100:進階威脅防護事件資訊整合系統 100: Advanced threat protection event information integration system
110:通訊模組 110: Communication module
120:資料預處理模組 120: Data preprocessing module
130:資料關聯模組 130: Data association module
140:防護建議分析模組 140: Protection suggestion analysis module
150:回饋模組 150: Feedback Module
160:資料庫 160: Database
200:外部主機 200: external host
300:系統管理員裝置 300: System Administrator Device
提供的附圖用以使本新型所屬技術領域具有通常知識者可以進一步理解本新型,並且被併入與構成本新型之說明書的一部分。附圖示出了本新 型的示範實施例,並且用以與本新型之說明書一起用於解釋本新型的原理。以下為本新型各圖的簡單說明:圖1為根據本新型一實施例之進階威脅防護事件資訊整合系統的功能方塊圖。 The accompanying drawings are provided to enable those having ordinary knowledge in the technical field of the present invention to further understand the present invention, and are incorporated and constitute a part of the description of the present invention. The accompanying drawings show the new It is an exemplary embodiment of the model, and is used to explain the principle of the new model together with the description of the new model. The following is a brief description of each figure of the present invention: FIG. 1 is a functional block diagram of an advanced threat protection event information integration system according to an embodiment of the present invention.
圖2為根據本新型一實施例之進階威脅防護事件資訊整合系統的作業流程圖。 FIG. 2 is a flow chart of the operation of the advanced threat protection event information integration system according to an embodiment of the present invention.
下面將結合本實用新型實施例中的圖式,對本新型實施例中的技術方案進行清楚、完整地描述,顯然,所描述的實施例僅僅是本新型的一部分實施例,而不是全部的實施例。基於本新型中的實施例,本領域通常技術人員在沒有做出進步性貢獻前提下所獲得的所有其他實施例,都屬於本新型保護的範圍。 The technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments are only part of the embodiments of the present invention, not all of them. . Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without making progressive contributions all belong to the scope of protection of the present invention.
有鑑於上述問題,本新型之實施例發展出一種進階威脅防護事件資訊整合系統,請參照圖1,圖1為根據本新型一實施例之進階威脅防護事件資訊整合系統的功能方塊圖。上述進階威脅防護事件資訊整合系統100,用於將多個外部主機200中的多個防護日誌檔案進行防護事件資訊整合作業後,提供給系統管理員利用系統管理員裝置300實施例行防護作業,包括:通訊模組110、資料預處理模組120、資料關聯模組130、防護建議分析模組140以及資料庫160。
In view of the above problems, an embodiment of the present invention develops an advanced threat protection event information integration system, please refer to FIG. 1 , which is a functional block diagram of an advanced threat protection event information integration system according to an embodiment of the present invention. The above-mentioned advanced threat protection event information integration system 100 is used to integrate the protection event information of multiple protection log files in multiple external hosts 200, and then provide the system administrator with the
承上所述,通訊模組110,訊號連接所述外部主機200與系統管理員裝置300,用於存取外部主機200中的防護日誌檔案;資料預處理模組
120,訊號連接通訊模組110,用於將所述防護日誌檔案進行資料預處理作業後產生多個標準化檔案;資料關聯模組130,訊號連接通訊模組110與資料預處理模組120,用於接收所述標準化檔案,並根據內部情資與外部情資,將所述標準化檔案進行資料關聯作業後產生多個關聯化檔案;防護建議分析模組140,訊號連接通訊模組110與資料關聯模組130,用於接收所述關聯化檔案,透過大數據分析作業對所述關聯化檔案進行防護事件資訊整合作業後,產生防護事件報表,並透過通訊模組110回傳至系統管理員裝置300以進行例行防護作業;資料庫160,訊號連接資料預處理模組120、資料關聯模組130與防護建議分析模組140,用於儲存所述標準化檔案、關聯化檔案、防護事件報表與內部情資。
As mentioned above, the
接著,所述外部主機200係為與資訊安全事件分析有關的外部主機,可以例如但不限於:安全性資訊與事件管理主機、沙箱分析系統、網路代理伺服器、網頁應用程式防火牆或其組合。 Next, the external host 200 is an external host related to information security event analysis, such as but not limited to: security information and event management host, sandbox analysis system, network proxy server, web application firewall, or combination.
然後,當通訊模組110向所述多個外部主機200存取防護日誌檔案後,將會對其進行資料預處理作業,舉例來說:將各個檔案分別解壓縮、重新命名後產生多個標準化檔案,並傳遞至資料庫160進行留存,但本新型不以此為限。
Then, after the
當資料預處理作業完成後,所述多個標準化檔案將會傳遞至資料關聯模組130以進行資料關聯作業,其中所述資料關連作業係透過內部情資的事件分類以及外部情資的風險程度來進行。也就是說,結合內部情資(例如:IP;Hash詳細用途等)將事件做分類;以及結合外部情資(例如:VirusTotal、AbuseIPDB與X-force),將外部IP、網域按照風險程度來做排序,並產生多個關聯化檔案。
After the data preprocessing operation is completed, the plurality of standardized files will be transmitted to the
再者,當資料關聯作業也完成後,所述多個關聯化檔案會傳遞至防護建議分析模組140以進行防護事件資訊整合作業,其中所述防護事件資訊整合作業係透過多個防護風險參數來執行後,產生防護事件報表。並且,所述多個防護風險參數可以例如是不同外部情資的風險程度以及內部情資中的防火牆性能,但本新型不以此為限。
Furthermore, after the data association operation is completed, the plurality of associated files will be sent to the protection
承上所述,內部防火牆性能可做為特徵的部分可選自於以下群組,但本新型不以此為限。 Based on the above, the characteristic part of the internal firewall performance can be selected from the following groups, but the present invention is not limited thereto.
(1)網路流量處理量(Firewall throughput):為防火牆本身能夠處理的一般網路流量大小,以Gbps為單位。 (1) Network traffic throughput (Firewall throughput): It is the general network traffic size that the firewall itself can handle, in Gbps.
(2)威脅行為網路流量處理量(Threat Prevention throughput):防火牆本身針對威脅行為能夠處理的網路流量大小,以Gbps為單位。 (2) Threat Prevention throughput: The amount of network traffic that the firewall itself can handle against threat behaviors, in Gbps.
(3)每秒新連線建立數量紀錄能力(New sessions per second):防火牆本身能紀錄之每秒新連線建立數量。 (3) The ability to record the number of new connections per second (New sessions per second): the number of new connections per second that the firewall itself can record.
(4)最大連線量(Maximum sessions):防火牆本身能記錄之同一時間最大連線數量。 (4) Maximum sessions: The maximum number of sessions that the firewall itself can record at the same time.
並且,值得注意的是,經過資料預處理作業、資料關聯作業以及防護事件資訊整合作業後所產生的防護事件報表會具有對防火牆的建議阻擋天數。此外,所述防護事件資訊整合作業可以透過AI人工智慧的方式(例如:類神經網路、機器學習等)來進行大數據分析後產出所述防護事件報表,但本新型不以此為限。 Moreover, it is worth noting that the protection event report generated after the data preprocessing operation, data association operation and protection event information integration operation will have the recommended blocking days for the firewall. In addition, the protection event information integration operation can use AI artificial intelligence (such as: neural network, machine learning, etc.) to perform big data analysis and then produce the protection event report, but the present model is not limited to this .
進一步地,本新型的進階威脅防護事件資訊整合系統100還具有回饋模組150,訊號連接通訊模組110、資料庫160與防護建議分析模組140,
當系統管理員不接受大數據分析作業產出之防護事件報表,透過系統管理員裝置300向回饋模組150發送修正指令,修正指令再傳遞至防護建議分析模組140,以修正大數據分析作業,並將修正後之防護事件報表儲存至資料庫160中。
Furthermore, the advanced threat protection event information integration system 100 of the present invention also has a
在此,先舉一個實際的例子以完整說明實施的態樣。舉例來說,金融機構行內之每日日報有很多部分,在此先挑選「惡意網址TOP 20」來說明。首先,通訊模組110向外部主機200存取有關前20大惡意網址的訊息,進行資料預處理作業、資料關聯作業以及防護事件資訊整合作業後,產生統一格式之防護事件報表,並透過通訊模組110傳至系統管理員裝置300進行檢視。
Here, a practical example is given to fully illustrate the implementation. For example, there are many daily newspapers in financial institutions, so let’s first select “Top 20 Malicious Websites” to illustrate. Firstly, the
系統管理員可以透過點選特定欄位,以詳盡查看外部情資的查詢結果,舉例來說,外部情資中的Bluecoat情資判定使用者連線之網站被分類為Suspicious與Health。並且,可以進一步地透過結合上網代理系統日誌資訊,來得知此連線是否有被系統阻擋;此外,結合內部情資中的IP資源管理系統後,可以得知來源IP位址是在哪一部門的電腦以及使用者資訊。 The system administrator can check the query results of external information in detail by clicking on a specific column. For example, the Bluecoat information in the external information determines that the website that the user connects to is classified as Suspicious and Health. In addition, by combining the log information of the Internet proxy system, you can know whether the connection is blocked by the system; in addition, by combining the IP resource management system in the internal information, you can know which department the source IP address is in computer and user information.
接下來,請參照圖2,以了解本新型的運作流程,圖2為根據本新型一實施例之進階威脅防護事件資訊整合系統的作業流程圖。圖2的步驟S202中,通訊模組110向各個外部主機200存取多個防護日誌檔案後,接續步驟S204。
Next, please refer to FIG. 2 to understand the operation process of the present invention. FIG. 2 is a flow chart of an advanced threat protection event information integration system according to an embodiment of the present invention. In step S202 of FIG. 2 , after the
圖2的步驟S204中,資料預處理模組120對所述多個防護日誌檔案進行預處理作業後,產生形式一致的標準化檔案,並儲存於資料庫160中,而後接續步驟S206。
In step S204 of FIG. 2 , after the
圖2的步驟S206中,資料關聯模組130存取所述標準化檔案,並依照內部情資與外部情資對這些標準化檔案進行關聯作業,以產生關聯化檔案,然後接續步驟S208。
In step S206 of FIG. 2 , the
圖2的步驟S208中,防護建議分析模組140再將這些關聯化檔案,以機器學習功能(或者其他AI人工智慧)來進行大數據分析,並產生具有風險等級以及建議阻擋天數的防護事件報表,並透過通訊模組110傳遞至系統管理員裝置300,並接續步驟S210。
In step S208 of FIG. 2 , the protection
圖2的步驟S210中,根據系統管理員是否接受這份防護事件報表,來決定接下來的流程。如果系統管理員接受此報表,則接續步驟S214;反之,如果系統管理員認為所述防護事件報表中有部分的事件其建議阻擋天數和/或風險等級不符合實務上的認定,則接續步驟S212。 In step S210 of FIG. 2 , the next process is determined according to whether the system administrator accepts the protection event report. If the system administrator accepts this report, then continue to step S214; otherwise, if the system administrator believes that there are some events in the protection event report whose recommended blocking days and/or risk levels do not meet the practical determination, then continue to step S212 .
圖2的步驟S212中,當系統管理員不接受所述防護事件報表,其透過系統管理員裝置300向回饋模組150發送修正指令,所述修正指令再傳遞至防護建議分析模組140,以對機器學習的模型進行回饋,並回到步驟S208~210使其重新進行分析後產生修正後的防護事件報表,並再度傳遞給系統管理員裝置300以供系統管理員進行檢視。
In step S212 of FIG. 2 , when the system administrator does not accept the protection event report, it sends a correction instruction to the
圖2的步驟S214中,當系統管理員接受所述防護事件報表(無論是第一次分析出來的,或是經回饋後修正的防護事件報表),則系統管理員根據防護事件報表來進行資安方面的例行防護作業。如此一來,本系統將會隨著修正指令,以慢慢精準化所述大數據分析,並獲得越來越精準的報表,方便資安人員進行作業。 In step S214 of Fig. 2, when the system administrator accepts the protection event report (whether it is analyzed for the first time, or the protection event report corrected after feedback), the system administrator performs data processing according to the protection event report Routine protective work for security. In this way, the system will gradually refine the big data analysis as the instructions are revised, and obtain more and more accurate reports, which is convenient for information security personnel to carry out operations.
綜上所述,本新型的進階威脅防護事件資訊整合系統具有以下功效:(1)大幅優化目前例行防護作業的流程,且以更接近例行防護作業之顯示方式來呈現,因此作業人員不需花費太多時間便可快速適應;(2)透過防護事件資訊整合作業,能更有效地判斷並分析事件來源,節省作業人員的工作時間;(3)可以自動按照報表中的建議阻擋天數自動進行阻擋,並於指定期間後自動解除阻擋功能,大幅減輕防火牆的負擔。 To sum up, the new advanced threat protection event information integration system has the following functions: (1) The current routine protection operation process is greatly optimized, and it is presented in a display method closer to the routine protection operation, so the operating personnel It does not take too much time to adapt quickly; (2) Through the integration of protection event information, the source of the event can be judged and analyzed more effectively, saving the working time of the operator; (3) The number of days that can be blocked automatically according to the recommendations in the report Automatically block and unblock after a specified period, greatly reducing the burden on the firewall.
儘管已經示出和描述了本新型的實施例,對於本領域的通常技術人員而言,可以理解在不脫離本新型的原理和精神的情況下可以對這些實施例進行多種變化、修改、替換和變型,本新型的範圍由所附申請專利範圍及其等同物限定。 Although the embodiments of the present invention have been shown and described, those skilled in the art can understand that various changes, modifications, substitutions and variants, the scope of the present invention is defined by the appended patent scope and its equivalents.
100:進階威脅防護事件資訊整合系統 100: Advanced threat protection event information integration system
110:通訊模組 110: Communication module
120:資料預處理模組 120: Data preprocessing module
130:資料關聯模組 130: Data association module
140:防護建議分析模組 140: Protection suggestion analysis module
150:回饋模組 150: Feedback Module
160:資料庫 160: Database
200:外部主機 200: external host
300:系統管理員裝置 300: System Administrator Device
Claims (9)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW111211822U TWM639265U (en) | 2022-10-28 | 2022-10-28 | Advanced Threat Protection Event Information Integration System |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW111211822U TWM639265U (en) | 2022-10-28 | 2022-10-28 | Advanced Threat Protection Event Information Integration System |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| TWM639265U true TWM639265U (en) | 2023-04-01 |
Family
ID=86943903
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW111211822U TWM639265U (en) | 2022-10-28 | 2022-10-28 | Advanced Threat Protection Event Information Integration System |
Country Status (1)
| Country | Link |
|---|---|
| TW (1) | TWM639265U (en) |
-
2022
- 2022-10-28 TW TW111211822U patent/TWM639265U/en unknown
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8453255B2 (en) | Method for monitoring stored procedures | |
| US12323462B2 (en) | Identifying legitimate websites to remove false positives from domain discovery analysis | |
| US20240354408A1 (en) | Automated threat model generation | |
| US10044753B2 (en) | Intercepting and supervising calls to transformed operations and objects | |
| US12111941B2 (en) | Dynamically controlling access to linked content in electronic communications | |
| US20170083722A1 (en) | Dynamic data masking system and method | |
| CN107958322A (en) | A kind of urban network spatial synthesis governing system | |
| IL218803A (en) | System and method for data masking | |
| KR101942576B1 (en) | System for integrally analyzing and auditing heterogeneous personal information protection products | |
| KR20210110765A (en) | Method for providing ai-based big data de-identification solution | |
| US20230044695A1 (en) | System and method for a scalable dynamic anomaly detector | |
| CN114500122B (en) | Specific network behavior analysis method and system based on multi-source data fusion | |
| US20250337763A1 (en) | Hypertext markup language (html) content analysis using machine learning | |
| KR20200066428A (en) | A unit and method for processing rule based action | |
| TWM639265U (en) | Advanced Threat Protection Event Information Integration System | |
| US20240348623A1 (en) | Unauthorized Activity Detection Based on User Agent String | |
| CN112861125A (en) | Security detection method, device, equipment and storage medium based on open platform | |
| US8756699B1 (en) | Counting unique identifiers securely | |
| CN113037555A (en) | Risk event marking method, risk event marking device and electronic equipment | |
| US20250190563A1 (en) | Response filtering to detect malware | |
| Ogundijo et al. | SQLIA TYPES AND TECHNIQUES-A SYSTEMATIC ANALYSIS OF EFFECTIVE PERFORMANCE METRICS FOR SQL INJECTION VULNERABILITY MITIGATION TECHNIQUES | |
| US20230083977A1 (en) | Method and apparatus for identifying a logic defect in an application | |
| Pogorelko et al. | Building a System for Collecting Process Events from Database Management Systems for the Purpose of Process Analytics Performing | |
| CN121037192A (en) | Alarm information processing method, apparatus, computer equipment, and storage medium based on large language models | |
| CN118643026A (en) | A method for generating complete SQL audit logs based on business information |