CN107493275A - The extracted in self-adaptive and analysis method and system of heterogeneous network security log information - Google Patents
The extracted in self-adaptive and analysis method and system of heterogeneous network security log information Download PDFInfo
- Publication number
- CN107493275A CN107493275A CN201710671932.2A CN201710671932A CN107493275A CN 107493275 A CN107493275 A CN 107493275A CN 201710671932 A CN201710671932 A CN 201710671932A CN 107493275 A CN107493275 A CN 107493275A
- Authority
- CN
- China
- Prior art keywords
- daily record
- logging mode
- extracted
- adaptive
- network security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a kind of extracted in self-adaptive of heterogeneous network security log information and analysis method and system, including:Sample daily record is classified according to daily record similarity, constructs the logging mode object per class daily record;Based on logging mode object, original log is classified, obtains daily record classification results;Based on daily record classification results, key business modeling and analysis are carried out.The extracted in self-adaptive and analysis method of heterogeneous network security log information proposed by the present invention, dynamic field is extracted by the regular expression for building optimization automatically, the performance trap that implementation personnel's manual compiling regular expression is likely encountered is avoided, improves the extraction to isomery log information and matching efficiency;Implementation personnel are freed from numerous and diverse ins and outs simultaneously, directed attention on the semantic understanding to daily record.
Description
Technical field
The invention belongs to information security field, more particularly, to a kind of the adaptive of heterogeneous network security log information
Extraction and analysis method and system.
Background technology
Enterprise network, server, safety means, operation system can all produce substantial amounts of security log, but these days daily
Often data volume is larger, information is scrappy for will data, and great difficulty is brought to safety analysis.Enterprise and safe team more thirst for can
The data of operation.
Security information and incident management (SIEM) and Log Administration System have been present for a long time.This system is commonly used
Data analysis is carried out in the medium-sized and IT departments of large enterprise.However, in the past ten years, the main application of this technology is
Through being changed.Security information and incident management (SIEM) and log management are used primarily for security purpose, i.e., in order to detect into
Enter system wooden horse, system detection, it is unauthorized change etc..IT professionals think that SIEM and log management can be used for improving
Operation;They, come orientation problem, and help to run team's more effectively management environment using journal file and data.Then,
The emphasis that SIEM is used has been turned to conjunction rule from operation, helps to ensure that enterprise is protected with laws and regulations using SIEM and log management
Hold unification.
The change of security threat causes the change of safety product.Nowadays, before being analysed in depth, tediously long collection is passed through
In, the means such as to collect, standardize, indexing outdated to handle event.Enterprise needs real-time or near real-time point
Analysis and reply attack.In order to often be taken a significant amount of time in the effective usage log analysis system of enterprises, operation maintenance personnel
It is used for combing Log Types and form with energy, it is therefore necessary to provide a kind of the adaptive of heterogeneous network security log information
Extraction and analysis method, improve the efficiency that daily record combs.
The information for being disclosed in background of invention part is merely intended to deepen the reason of the general background technology to the present invention
Solution, and be not construed as recognizing or imply known to those skilled in the art existing of the information structure in any form
Technology.
The content of the invention
Present invention aim to address heterogeneous network security log critical field in the extraction of current traditional logs and analysis to carry
Take complex steps, implementation amount big;Log field extracts relied on regular expression performance heavy dependence and implements personnel's warp
Test and without reliable Performance Evaluation means;The accumulation of daily record knowledge base lacks convenient means, the problem of complex management.
According to an aspect of the invention, it is proposed that a kind of extracted in self-adaptive of heterogeneous network security log information and analysis side
Method, methods described can include:Sample daily record is classified according to daily record similarity, constructs the logging mode object per class daily record;
Based on the logging mode object, original log is classified, obtains daily record classification results;Classified based on the daily record and tied
Fruit, carry out key business modeling and analysis.
Preferably, the regular expressions of the logging mode object are matched by the structure structure of the logging mode object
Formula, and in the regular expression add daily record dynamic content capture group.
Preferably, the structure of the logging mode object includes:Set of keywords, key sequence number, dynamic content position
Put set and dynamic content data type.
Preferably, the regular expression passes through programming automatic generation and optimization.
Preferably, in addition to by manual type the dynamic content is associated with certain semantic, forms generalized daily record.
Preferably, by continuous learning, emerging Log Types is identified and improve logging mode storehouse.
Preferably, logging mode identification and classification are carried out by the way of multithreading.
Preferably, the sample daily record randomly selects.
According to another aspect of the invention, it is proposed that extracted in self-adaptive and the analysis of a kind of heterogeneous network security log information
System, the system include:
Memory, it is stored thereon with computer executable instructions;
Processor, following steps are performed during computer executable instructions on memory described in the computing device:
Sample daily record is classified according to daily record similarity, constructs the logging mode object per class daily record;Based on the daily record
Schema object, original log is classified, obtain daily record classification results;Based on the daily record classification results, crucial industry is carried out
Business modeling and analysis.
Preferably, the regular expressions of the logging mode object are matched by the structure structure of the logging mode object
Formula, and in the regular expression add daily record dynamic content capture group.
The beneficial effects of the present invention are:Sample daily record is classified according to similarity, constructs the logging mode per class daily record
Object, and by programming automatic generation and optimization regular expression, original log is classified, carry out key business modeling and
Analysis, it is cumbersome, real effectively to solve heterogeneous network security log critical field extraction step in traditional logs extraction and analysis
It is big to apply workload;Log field extracts relied on regular expression performance heavy dependence and implements personnel's experience and without reliable property
Can evaluation measures;The accumulation of daily record knowledge base lacks convenient means, the problem of complex management.
Other features and advantages of the present invention will be described in detail in subsequent specific embodiment part.
Brief description of the drawings
Exemplary embodiment of the invention is described in more detail in conjunction with the accompanying drawings, it is of the invention above-mentioned and its
Its purpose, feature and advantage will be apparent, wherein, in exemplary embodiment of the invention, identical reference number
Typically represent same parts.
Fig. 1 shows the step of extracted in self-adaptive and analysis method according to the heterogeneous network security log information of the present invention
Flow chart.
Fig. 2 shows the flow of the step of method of construction logging mode object according to an embodiment of the invention
Figure.
Embodiment
The preferred embodiment of the present invention is described in more detail below.Although the following describe being preferable to carry out for the present invention
Mode, however, it is to be appreciated that may be realized in various forms the present invention without should be limited by embodiments set forth herein.Phase
Instead, there is provided these embodiments be in order that the present invention is more thorough and complete, and can be by the scope of the present invention intactly
It is communicated to those skilled in the art.
Embodiment 1
In this embodiment, can according to the extracted in self-adaptive of the heterogeneous network security log information of the present invention and analysis method
With including:Sample daily record is classified according to daily record similarity, constructs the logging mode object per class daily record;Based on logging mode pair
As classifying to original log, obtaining daily record classification results;Based on daily record classification results, carry out key business modeling and divide
Analysis.
The embodiment solves heterogeneous network security log critical field extraction step in current traditional logs extraction and analysis
It is rapid it is cumbersome, implementation amount is big;Log field extract relied on regular expression performance heavy dependence implement personnel's experience and
Without reliable Performance Evaluation means;The accumulation of daily record knowledge base lacks convenient means, the problem of complex management.
Fig. 1 shows the step of extracted in self-adaptive and analysis method according to the heterogeneous network security log information of the present invention
Flow chart.According to the extracted in self-adaptive of the heterogeneous network security log information of the present invention and divide below with reference to Fig. 1 detailed descriptions
The specific steps of analysis method.
Step 101, sample daily record is classified according to daily record similarity, constructs the logging mode object per class daily record.
Specifically, logging mode identification and classification engine are created, the engine includes logging mode identification module and daily record point
Generic module, logging mode identification module classify sample daily record according to daily record similarity, construct the logging mode pair per class daily record
As.
Fig. 2 shows the flow of the step of method of construction logging mode object according to an embodiment of the invention
Figure.Describe the specific steps of the method for the construction logging mode object according to the present invention in detail below with reference to Fig. 2.
Step 201, logging mode storehouse is loaded.
Before learning to arrive new logging mode, pattern classification is carried out merely with the knowledge in logging mode storehouse, with logging mode
Study renewal, daily record classification results will follow change.
Step 202, daily record sample is chosen.
In one example, sample daily record randomly selects.
Specifically, according to certain sampling than randomly selecting a number of daily record as sample, and daily record sampling ratio is only
Pace of learning is influenceed, sampling ratio can be adjusted by way of changing parameter, with balanced learning speed and resource consumption.
Step 203, dynamic content is identified.
Dynamic content can be based on configuration constantly extension, identify specific dynamic content in sample daily record, include but is not limited to:
Content in ipV4 addresses, ipV6 addresses, Time of Day, Email, domain name, mono-/bis-quotation marks etc..
Step 204, daily record similarity is calculated.
The sample daily record for having rejected dynamic content is compared two-by-two and calculates its similarity, meets the two of threshold value for similarity
Bar daily record, it can determine whether as same type daily record.
Step 205, identidication key.
Same type daily record is filtered and iterative learning, identify daily record keyword.
Step 206, iterative learning and logging mode object is generated.
Daily record sample size has considerable influence for dynamic content identification and keyword extraction accuracy, is changed using multiple
The mode in generation ensures that calculating performance and accuracy of identification is in optimum balance;Pass through the result of iterative learning (daily record keyword and dynamic
State content and type) generation logging mode.
In one example, the data structure of logging mode object is as follows:
In one example, the logging mode object factory property and order of each part of daily record, passes through daily record mould
The regular expression of the structure structure matching logging mode object of formula object, and daily record dynamic content is added in regular expression
Capture group.
Specifically, it is as follows can be based on configuration constantly extension, the data type of dynamic content for dynamic content:
In one example, regular expression passes through programming automatic generation and optimization.
In one example, in addition to by manual type dynamic content is associated with certain semantic, forms generalized daily record.
Specifically, generalized daily record is a kind of general journal format, can include semanteme and core with compatible various daily records
Heart attribute, assayer abandons the part nonsensical to safety analysis from daily record dynamic content, and automatically removes canonical table
Up to the corresponding capture group in formula;For analyzing significant dynamic content, by assayer consider its practical business implication and with
Generalized log field associates;Other generalized fields are improved according to Log Source device type, Log Types supplement, pass through above-mentioned behaviour
Make, the original log of various different-formats is more easily converted to generalized daily record by us.
Compared with the artificial generalized of traditional daily record, assayer can concentrate on energy in the business implication of daily record, no
Need to carry out the nigglings such as regular expression is write, capture group is set.
In one example, by continuous learning, emerging Log Types is identified and improve logging mode storehouse.
Specifically, when business changes, new Log Types and form mutation can be produced constantly, be ensured by continuous learning
The instantaneity and validity of information search;Closed in addition, the accuracy of identification of logging mode and the spatio-temporal distribution of daily record are present
Connection, daily record quantity is more, the abundanter accuracy of identification of content is higher.
Step 102, based on logging mode object, original log is classified, obtains daily record classification results.
Specifically, logging mode identification and the daily record sort module of classification engine using programming automatic generation and optimize just
Then expression formula is classified to original log, obtains daily record classification results.
In one example, logging mode identification and classification are carried out by the way of multithreading to improve systematic entirety
Energy.
Specifically, logging mode identification and the logging mode identification module in classification engine and both daily record sort modules be simultaneously
Row operation, is separately operable in different threads, therefore the operation of logging mode identification module will not make to daily record sort module
Into significant impact.
Step 103, based on daily record classification results, key business modeling and analysis are carried out.
1) daily record is classified according to the logging mode of self study, and is weighed and whether included according to the diary service degree of association
Business diagnosis.
Daily record is classified to be realized with traditional log field extractive technique bottom using regular expression, therefore performance differs
It is very few;Because daily record classification employs the regular expression of programming automatic generation, and optimization means are taken, its operational efficiency is bright
The aobvious regular expression higher than operation maintenance personnel hand-coding.
2) modeling field, modeling pattern, alarm threshold and data are specified to deposit manually for including the logging mode of analysis
Store up the cycle;Modeling pattern includes but is not limited to the frequency, scope, rolling average baseline, periodicity baseline etc.;Alarm threshold can be set
It is set to fixed threshold or rolling average (dynamic) threshold value.
The embodiment classifies sample daily record according to similarity, constructs the logging mode object per class daily record, and pass through journey
Sequence is automatically generated and optimizes regular expression, and original log is classified, and carries out key business modeling and analysis, effective solution
Traditional logs of having determined extract and analysis in heterogeneous network security log critical field extraction step is cumbersome, implementation amount is big;Day
Will field extracts relied on regular expression performance heavy dependence and implements personnel's experience and without reliable Performance Evaluation means;Day
The accumulation of will knowledge base lacks convenient means, the problem of complex management.
Using example
For ease of understanding the scheme of the embodiment of the present invention and its effect, a concrete application example given below.This area
It should be understood to the one skilled in the art that the example, only for the purposes of understanding the present invention, its any detail is not intended to be limited in any way
The system present invention.
First, logging mode identification and classification engine are created, the engine includes logging mode identification module and daily record is classified
Module, loading logging mode storehouse, logging mode identification module randomly select a number of daily record as sample, Rejection of samples day
Dynamic content in will, and pattern-recognition is carried out to sample daily record according to the knowledge in logging mode storehouse, continuous learning identifies newly
Schema object, and new logging mode object is added in logging mode storehouse.Then, logging mode identification and classification engine
Daily record sort module original log is classified using programming automatic generation and the regular expression that optimizes, obtain daily record point
Class result;Daily record classification results are finally based on, carry out key business modeling and analysis.
This classifies sample daily record according to similarity using example, constructs the logging mode object per class daily record, and pass through
Programming automatic generation and optimization regular expression, classify to original log, carry out key business modeling and analysis, effectively
Solve in traditional logs extraction and analysis that heterogeneous network security log critical field extraction step is cumbersome, implementation amount is big;
Log field extracts relied on regular expression performance heavy dependence and implements personnel's experience and without reliable Performance Evaluation means;
The accumulation of daily record knowledge base lacks convenient means, the problem of complex management.
It will be understood by those skilled in the art that the purpose of the description to embodiments of the invention is only for exemplarily saying above
The beneficial effect of bright embodiments of the invention, it is not intended to limit embodiments of the invention to given any example.
Embodiment 2
According to an embodiment of the invention, there is provided a kind of extracted in self-adaptive of heterogeneous network security log information and analysis are
System, the system include:
Memory, it is stored thereon with computer executable instructions;
Processor, following steps are performed during computer executable instructions on memory described in the computing device:
Sample daily record is classified according to daily record similarity, constructs the logging mode object per class daily record;Based on logging mode
Object, original log is classified, obtain daily record classification results;Based on daily record classification results, carry out key business modeling and
Analysis.
In one example, the regular expression of logging mode object is matched by the structure structure of logging mode object,
And the capture group of daily record dynamic content is added in regular expression.
The embodiment classifies sample daily record according to similarity, constructs the logging mode object per class daily record, and pass through journey
Sequence is automatically generated and optimizes regular expression, and original log is classified, and carries out key business modeling and analysis, effective solution
Traditional logs of having determined extract and analysis in heterogeneous network security log critical field extraction step is cumbersome, implementation amount is big;Day
Will field extracts relied on regular expression performance heavy dependence and implements personnel's experience and without reliable Performance Evaluation means;Day
The accumulation of will knowledge base lacks convenient means, the problem of complex management.
It will be understood by those skilled in the art that the purpose of the description to embodiments of the invention is only for exemplarily saying above
The beneficial effect of bright embodiments of the invention, it is not intended to limit embodiments of the invention to given any example.
It is described above various embodiments of the present invention, described above is exemplary, and non-exclusive, and
It is not limited to disclosed each embodiment.In the case of without departing from the scope and spirit of illustrated each embodiment, for this skill
Many modifications and changes will be apparent from for the those of ordinary skill in art field.
Claims (10)
1. a kind of extracted in self-adaptive and analysis method of heterogeneous network security log information, it is characterised in that this method includes:
Sample daily record is classified according to daily record similarity, constructs the logging mode object per class daily record;
Based on the logging mode object, original log is classified, obtains daily record classification results;
Based on the daily record classification results, key business modeling and analysis are carried out.
2. the extracted in self-adaptive and analysis method of heterogeneous network security log information according to claim 1, wherein, pass through
The structure structure of the logging mode object matches the regular expression of the logging mode object, and in the regular expression
The capture group of middle addition daily record dynamic content.
3. the extracted in self-adaptive and analysis method of heterogeneous network security log information according to claim 2, wherein, it is described
The structure of logging mode object includes:Set of keywords, key sequence number, dynamic content location sets and dynamic content data
Type.
4. the extracted in self-adaptive and analysis method of heterogeneous network security log information according to claim 2, wherein, it is described
Regular expression passes through programming automatic generation and optimization.
5. the extracted in self-adaptive and analysis method of heterogeneous network security log information according to claim 2, wherein, also wrap
Include and associated the dynamic content with certain semantic by manual type, form generalized daily record.
6. the extracted in self-adaptive and analysis method of heterogeneous network security log information according to claim 1, wherein, pass through
Continuous learning, identify emerging Log Types and improve logging mode storehouse.
7. the extracted in self-adaptive and analysis method of heterogeneous network security log information according to claim 1, wherein, use
The mode of multithreading carries out logging mode identification and classification.
8. the extracted in self-adaptive and analysis method of heterogeneous network security log information according to claim 1, wherein, it is described
Sample daily record randomly selects.
9. a kind of extracted in self-adaptive and analysis system of heterogeneous network security log information, it is characterised in that the system includes:
Memory, it is stored thereon with computer executable instructions;
Processor, following steps are performed during computer executable instructions on memory described in the computing device:
Sample daily record is classified according to daily record similarity, constructs the logging mode object per class daily record;
Based on the logging mode object, original log is classified, obtains daily record classification results;
Based on the daily record classification results, key business modeling and analysis are carried out.
10. the extracted in self-adaptive and analysis system of heterogeneous network security log information according to claim 9, wherein, lead to
The structure structure for crossing the logging mode object matches the regular expression of the logging mode object, and in the regular expressions
The capture group of daily record dynamic content is added in formula.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710671932.2A CN107493275A (en) | 2017-08-08 | 2017-08-08 | The extracted in self-adaptive and analysis method and system of heterogeneous network security log information |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710671932.2A CN107493275A (en) | 2017-08-08 | 2017-08-08 | The extracted in self-adaptive and analysis method and system of heterogeneous network security log information |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107493275A true CN107493275A (en) | 2017-12-19 |
Family
ID=60643959
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710671932.2A Pending CN107493275A (en) | 2017-08-08 | 2017-08-08 | The extracted in self-adaptive and analysis method and system of heterogeneous network security log information |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107493275A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108459921A (en) * | 2018-02-23 | 2018-08-28 | 北京奇艺世纪科技有限公司 | Collapse file memory method, device and electronic equipment |
| CN111221702A (en) * | 2019-11-18 | 2020-06-02 | 上海维谛信息科技有限公司 | Exception handling method, system, terminal and medium based on log analysis |
| CN116226213A (en) * | 2023-02-22 | 2023-06-06 | 广州集联信息技术有限公司 | Information recommendation system and method based on big data |
| CN116455678A (en) * | 2023-06-16 | 2023-07-18 | 中国电子科技集团公司第十五研究所 | Network security log tandem method and system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101399658A (en) * | 2007-09-24 | 2009-04-01 | 北京启明星辰信息技术有限公司 | Safe log analyzing method and system |
| CN105049247A (en) * | 2015-07-06 | 2015-11-11 | 中国科学院信息工程研究所 | Network safety log template extraction method and device |
| CN105550378A (en) * | 2016-02-04 | 2016-05-04 | 贵州电网有限责任公司信息中心 | Extraction and analysis method for heterogeneous security log information under complex network system |
| CN105653444A (en) * | 2015-12-23 | 2016-06-08 | 北京大学 | Internet log data-based software defect failure recognition method and system |
-
2017
- 2017-08-08 CN CN201710671932.2A patent/CN107493275A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101399658A (en) * | 2007-09-24 | 2009-04-01 | 北京启明星辰信息技术有限公司 | Safe log analyzing method and system |
| CN105049247A (en) * | 2015-07-06 | 2015-11-11 | 中国科学院信息工程研究所 | Network safety log template extraction method and device |
| CN105653444A (en) * | 2015-12-23 | 2016-06-08 | 北京大学 | Internet log data-based software defect failure recognition method and system |
| CN105550378A (en) * | 2016-02-04 | 2016-05-04 | 贵州电网有限责任公司信息中心 | Extraction and analysis method for heterogeneous security log information under complex network system |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108459921A (en) * | 2018-02-23 | 2018-08-28 | 北京奇艺世纪科技有限公司 | Collapse file memory method, device and electronic equipment |
| CN111221702A (en) * | 2019-11-18 | 2020-06-02 | 上海维谛信息科技有限公司 | Exception handling method, system, terminal and medium based on log analysis |
| CN111221702B (en) * | 2019-11-18 | 2024-02-27 | 上海维谛信息科技有限公司 | Log analysis-based exception handling method, system, terminal and medium |
| CN116226213A (en) * | 2023-02-22 | 2023-06-06 | 广州集联信息技术有限公司 | Information recommendation system and method based on big data |
| CN116226213B (en) * | 2023-02-22 | 2023-11-10 | 广州集联信息技术有限公司 | Information recommendation system and method based on big data |
| CN116455678A (en) * | 2023-06-16 | 2023-07-18 | 中国电子科技集团公司第十五研究所 | Network security log tandem method and system |
| CN116455678B (en) * | 2023-06-16 | 2023-09-05 | 中国电子科技集团公司第十五研究所 | Network security log tandem method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110223168B (en) | Label propagation anti-fraud detection method and system based on enterprise relationship map | |
| CN105653444B (en) | Software defect fault recognition method and system based on internet daily record data | |
| Ektefa et al. | Intrusion detection using data mining techniques | |
| CN107577688B (en) | Original article influence analysis system based on media information acquisition | |
| CN107872454B (en) | Threat information monitoring and analyzing system and method for ultra-large Internet platform | |
| CN107111625A (en) | Realize the method and system of the efficient classification and exploration of data | |
| CN102542061B (en) | Intelligent product classification method | |
| CN114389834B (en) | Method, device, equipment and product for identifying abnormal call of API gateway | |
| WO2008106668A1 (en) | User query mining for advertising matching | |
| CN107493275A (en) | The extracted in self-adaptive and analysis method and system of heterogeneous network security log information | |
| CN103064971A (en) | Scoring and Chinese sentiment analysis based review spam detection method | |
| CN109150873A (en) | Malice domain name detection system and method based on PSO_SVM optimization algorithm | |
| CN107392022A (en) | Reptile identification, processing method and relevant apparatus | |
| CN105260849A (en) | Scientific researcher evaluation method across social networks | |
| CN106027528A (en) | WEB horizontal authority automatic identification method and device | |
| CN109657119A (en) | A kind of web crawlers detection method based on access log IP analysis | |
| CN109635089B (en) | Literature work novelty evaluation system and method based on semantic network | |
| CN117081858A (en) | Intrusion behavior detection method, system, equipment and medium based on multi-decision tree | |
| CN112395513A (en) | Public opinion transmission power analysis method | |
| CN115794803A (en) | Engineering audit problem monitoring method and system based on big data AI technology | |
| CN105138552A (en) | Fashion tendency analysis system mining online sale data | |
| CN110166302A (en) | A kind of log analysis method based on decision tree, device and storage equipment | |
| Teoh et al. | Analyst intuition inspired high velocity big data analysis using PCA ranked fuzzy k-means clustering with multi-layer perceptron (MLP) to obviate cyber security risk | |
| CN116562785B (en) | Auditing and welcome system | |
| CN116723005A (en) | Method and system for tracking malicious code implicit information under polymorphic hiding |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171219 |
|
| RJ01 | Rejection of invention patent application after publication |