Confusion command line detection method, device and system

Confusion command line detection method, device and system

The invention provides a confusion command line detection method, device and system. The method comprises the steps of obtaining a to-be-detected command line; performing vectorization operation on the to-be-detected command line to obtain a feature vector of the to-be-detected command line; travers...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
1. Verfasser: LIU TINGHUI
Format: Patent
Sprache:chi ; eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The invention provides a confusion command line detection method, device and system. The method comprises the steps of obtaining a to-be-detected command line; performing vectorization operation on the to-be-detected command line to obtain a feature vector of the to-be-detected command line; traversing each isolated tree in a pre-trained isolated forest model by adopting the feature vector to obtain a path length of the feature vector corresponding to each isolated tree; based on the path length corresponding to each isolated tree, calculating an abnormal score used for representing whether the to-be-detected command line is a confused command line or not; and under the condition that the abnormal score is greater than an abnormal threshold, determining that the to-be-detected command behavior confuses the command line. According to the method, the to-be-detected command line can be detected through the pre-trained isolated forest model, whether the to-be-detected command line is the confused command line or