Virtual resource acquisition behavior detection method and device, equipment and medium

A virtual resource and detection method technology, applied in the detection field of virtual resource acquisition behavior, can solve the problem of low accuracy rate and achieve the effect of improving accuracy rate

Pending Publication Date: 2022-05-24
EVERSEC BEIJING TECH
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The present invention provides a method, device, equipment and medium for detecting virtual resource acquisition behavior, which can solve the problem of low accuracy in the detection of virtual resource acquisition behavior in the prior art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Virtual resource acquisition behavior detection method and device, equipment and medium
  • Virtual resource acquisition behavior detection method and device, equipment and medium
  • Virtual resource acquisition behavior detection method and device, equipment and medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0038] figure 1 Embodiment 1 of the present invention provides a flow chart of a method for detecting virtual resource acquisition behavior. This embodiment is applicable to the case of detecting virtual resource acquisition behavior, and the method can be executed by a detection device for virtual resource acquisition behavior. , the device for detecting virtual resource acquisition behavior may be implemented in the form of hardware and / or software, and the device for detecting virtual resource acquisition behavior may be configured in an electronic device, for example, a deep packet inspection (Deep Packet Inspection, DPI) device. like figure 1 As shown, the method includes:

[0039]S110. Acquire a preset virtual resource acquisition rule base, wherein the virtual resource acquisition rule base includes a virtual resource acquisition protocol rule set and a virtual resource acquisition event rule set.

[0040] The virtual resource acquisition rule base may refer to variou...

Embodiment 2

[0052] Figure 2a This is a flowchart of a method for detecting a virtual resource acquisition behavior provided by the second embodiment of the present invention. This embodiment is refined based on the above-mentioned embodiment. set to perform full traffic matching on the traffic of the network to be monitored, obtain the first traffic packet that hits the virtual resource acquisition protocol rule set, and extract the bill file in the first traffic packet for refinement, which may specifically include: comparing the full traffic The special identification characters of the payload part of the packet header are used to extract keyword information; the keyword information is compared with the virtual resource acquisition protocol rule set, and a first traffic packet that satisfies the virtual resource acquisition protocol rule set is obtained, And extract the bill file in the first traffic packet. like Figure 2a As shown, the method includes:

[0053] S210. Acquire a pre...

Embodiment 3

[0068] Figure 3a This is a schematic structural diagram of an apparatus for detecting virtual resource acquisition behavior provided by Embodiment 3 of the present invention. like Figure 3a As shown, the device includes: a rule acquisition module 310, a first matching module 320, a second matching module 330 and a behavior identification module 340;

[0069] Wherein, the rule acquisition module 310 is configured to acquire a preset virtual resource acquisition rule base; wherein, the virtual resource acquisition rule base includes a virtual resource acquisition protocol rule set and a virtual resource acquisition event rule set;

[0070] The first matching module 320 is configured to perform full flow matching on the traffic of the network to be monitored according to the virtual resource acquisition protocol rule set, obtain the first traffic packet that hits the virtual resource acquisition protocol rule set, and extract the first traffic bill file in the package;

[00...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a virtual resource acquisition behavior detection method and device, equipment and a medium. The method comprises the following steps: acquiring a preset virtual resource acquisition rule base; wherein the virtual resource acquisition rule base comprises a virtual resource acquisition protocol rule set and a virtual resource acquisition event rule set; performing full flow matching on the flow of the network to be monitored according to the virtual resource acquisition protocol rule set, acquiring a first flow packet hitting the virtual resource acquisition protocol rule set, and extracting a ticket file in the first flow packet; performing key field matching on the dialogue document according to the virtual resource acquisition event rule set, and acquiring a second traffic packet hitting the virtual resource acquisition event rule set; and according to a target virtual resource acquisition event rule hit by the second traffic packet, identifying a virtual resource acquisition behavior of the second traffic packet. Through the technical scheme of the invention, the virtual resource acquisition behavior can be accurately identified, and the accuracy of virtual resource acquisition behavior detection is improved.

Description

technical field [0001] The present invention relates to the technical field of network information security, and in particular, to a method, device, device and medium for detecting virtual resource acquisition behavior. Background technique [0002] With the rapid development of network technology, virtual resources have continued to be popular, and the behavior of acquiring virtual resources has gradually appeared. [0003] In order to protect network information security in the prior art, detection technology based on blacklist, detection technology based on virtual resource acquisition behavior, and detection technology based on machine learning are mainly used to detect acquisition behavior of virtual resources. [0004] However, the detection technology based on blacklist in the prior art has a high missed detection rate; the detection technology based on virtual resource acquisition behavior lacks generalization; the detection technology based on machine learning has a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L9/40G06N20/00G06F21/56
CPCH04L63/1416G06N20/00G06F21/56
Inventor 高志明尚程李鹏超王泽政傅强梁彧蔡琳杨满智王杰田野金红陈晓光
Owner EVERSEC BEIJING TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap