Security threat detection method and device, computer equipment and storage medium

A detection method and computer program technology, applied in the field of data processing, can solve problems such as high false positive rate, missing security threats, affecting user experience, etc., and achieve the effect of improving security performance and detection ability

Active Publication Date: 2020-11-27
BEIJING QIANXIN TECH +1
View PDF9 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Further research on the security defense mechanism in the prior art finds that in conventional technical means, this situation is often ignored due to the consideration of efficiency and user experience. For this situation, if forcibly intercepted, there will be a high risk False positive rate seriously affects user experience, and if interception is not done, there is a high possibility that possible security threats will be missed

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security threat detection method and device, computer equipment and storage medium
  • Security threat detection method and device, computer equipment and storage medium
  • Security threat detection method and device, computer equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0029] An embodiment of the present invention provides a security threat detection method, through which the security threat detection capability can be improved, specifically, figure 1 It is a flow chart of the security threat detection method provided in Embodiment 1 of the present invention, such as figure 1 As shown, the security threat detection method provided by this embodiment includes the following steps S101 to S103.

[0030] Step S101: Obtain process information of the client within the observation time period.

[0031] Wherein, the process information includes the processes running on the client terminal during the observation time period and the calling relationship between the processes.

[0032] Specifically, the client includes terminals such as personal computers, mobile phones, and handheld computers, as well as servers or intermediate network devices; the observation time period is a detection time window set according to actual needs, for example, the obse...

Embodiment 2

[0054] Embodiment 2 of the present invention provides a method for preferably detecting security threats. For some technical features and corresponding technical effects, reference may be made to the relevant description of Embodiment 1 above, and details will not be repeated in this embodiment. specifically, figure 2 It is a flow chart of the security threat detection method provided by Embodiment 2 of the present invention, such as figure 2 As shown, the security threat detection method provided by the second embodiment includes the following steps S201 to S210.

[0055] Step S201: Obtain process information of the client within the observation time period.

[0056] Wherein, the process information includes the processes running on the client terminal during the observation time period and the calling relationship between the processes.

[0057] Step S202: Extract multiple process chains in the log.

[0058] Wherein, the process chain includes at least two processes hav...

Embodiment 3

[0079] Embodiment 3 of the present invention provides a method for preferably detecting security threats. For some technical features and corresponding technical effects, reference may be made to the relevant descriptions of Embodiment 1 and Embodiment 2 above, and details will not be repeated in this embodiment. Specifically, in the security threat detection method provided in this embodiment, to restore the long process chain based on the user's cloud killing log, first sort the parent-child process short chains appearing in the user log by timestamp, and then set the sliding The time window (the length of the time window adopted in this embodiment is 5 seconds) processes each user's parent-child process chain log. In the same time window, if the front and rear short process chains meet the splicing conditions, a splicing is completed. The specific splicing conditions include: 1) the last process of the previous process chain is the same as the first process of the latter pr...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a security threat detection method and device, computer equipment and a storage medium. The security threat detection method comprises the steps of: acquiring process information of a user side in an observation time period, wherein the process information comprises the processes operated by the user side in the observation time period and call relations between the processes; identifying a long process chain in the process information, wherein the long process chain comprises a plurality of processes having call relations; and analyzing the long process chain to judge whether the long process chain comprises a security threat or not. According to the security threat detection method and the device, the security threat detection capability is improved.

Description

technical field [0001] The present invention relates to the technical field of data processing, in particular to a detection method, device, computer equipment and storage medium of a security threat. Background technique [0002] In the prior art, in order to improve network security, when an unknown sample with an unknown security level appears on the client side, including unknown computer programs and unknown documents, etc., it can be uploaded to the cloud, and the virus detection and killing engine in the cloud can check the unknown sample security level, and leave an antivirus log in the cloud, which is the cloud antivirus log. After the virus detection and killing engine checks, if it is identified as a safe sample, the unknown sample belongs to the white sample, and if it is identified as an unsafe sample, then the unknown sample belongs to the black sample. [0003] The inventor found through research on the prior art that network security threats often use white ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1408H04L63/1425
Inventor 彭力扬李振博谢冉
Owner BEIJING QIANXIN TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap