Abstract: Disclosed are a method and apparatus for detecting traffic anomaly, a device and a medium. The method includes: performing a network topology division operation on a network topology architecture to be detected, so as to obtain a plurality of security domains; acquiring a regional full traffic in each of the plurality of security domains, determining a traffic characteristic time series on the basis of regional full traffics, and analyzing the traffic characteristic time series to obtain a new traffic characteristic time series; constructing a traffic anomaly detection model, and performing distributed anomaly detection on the traffic characteristic time series by the traffic anomaly detection model, so as to obtain a detection result; and sending the detection result to an information processing center, so that the information processing center obtains anomalous asset devices and anomalous information according to the detection result.

Abstract: Provided are a method and apparatus for identifying a malicious mining behavior, an electronic device, and a storage medium. The method includes: obtaining operation data corresponding to a target operation, on capturing of the target operation; extracting a wallet address from the operation data to obtain a wallet address set obtaining data of a network outgoing connection for external access, and determining whether the data of the network outgoing connection comprises a wallet address belonging to the wallet address set and determining that the data of the network outgoing connection corresponds to the malicious mining behavior, on determining that the data of the network outgoing connection comprises a wallet address belonging to the wallet address set.

Abstract: A network traffic anomaly detection method and apparatus, and an electronic apparatus and a storage medium are provided. The network traffic anomaly detection method includes: acquiring multiple segments of traffic data in different monitoring states; acquiring an anomaly feature vector from the multiple segments of traffic data; training an initial classification model according to the anomaly feature vector and on the basis of a KNN algorithm, so as to obtain multiple initial classifiers; training an initial Adaboost classification model according to the anomaly feature vector and the multiple initial classifiers and on the basis of an Adaboost algorithm, so as to obtain an Adaboost classifier; and classifying collected traffic data via the Adaboost classifier.

Abstract: An asset risk assessment method, an apparatus, a computer device, and a storage medium are provided. The asset risk assessment method includes: receiving an alert message of an asset to be assessed; obtaining an attack depth of the alert message based on the alert message, and the attack depth being a degree to which the asset to be assessed is subjected to attack; obtaining a security feature value of the asset to be assessed; obtaining a feature weight of the security feature value based on the attack depth; and performing a risk assessment of the asset to be assessed based on the security feature value and the feature weight thereof, to obtain a risk assessment result.

Abstract: A weak password detection method and device based on deep learning, an electronic device, and a storage medium are provided. The method includes: acquiring a password character string to be detected; processing, by applying a fully trained weak password detection model, the password character string to be detected to obtain a strong/weak password classification label of the password character string to be detected, the fully trained weak password detection model being obtained by training a deep learning model with a password character string as an input and a strong/weak password classification label corresponding to the password character string as a supervision; and marking the password character string to be detected as a weak password under the condition that the strong/weak password classification label is a weak password label.

Abstract: Disclosed are a method and apparatus for detecting a logic vulnerability allowing arbitrary password reset for an account, and a computer readable storage medium. The method includes: invoking a preset identification program to determine whether a request for a verification code is initiated in a to-be-detected webpage; obtaining, from a front-end page, a response packet sent in response to the request for a verification code, and determining whether there is a short message service (SMS) verification code in the response packet, on determining that a request for a verification code is initiated in the to-be-detected webpage; and; and determining that the logic vulnerability allowing arbitrary password reset for an account exists in the to-be-detected webpage, on determining that there is an SMS verification code in the response packet.

Abstract: An asset scoring method and apparatus, a computer device, and a storage medium are provided. The method includes: obtaining multi-dimensional threat information data of assets to be assessed; obtaining sub-scores of dimensions according to the multi-dimensional threat information data and a preset security scoring model; according to the sub-scores of the dimensions, determining a security scoring result of the corresponding assets to be assessed; and according to the security scoring result and a preset level division rule, determining security levels of the corresponding assets to be assessed.

Abstract: A TEE-based method to establish trusted and secure channel between the user and public cloud environment, an apparatus, a computer device, and a computer-readable storage medium are provided. After a TEE is started, a trusted measurement mechanism of the TEE is called to perform security measurement on an operation environment and an operation content of a computing node operated in the TEE, and a measurement result is sent to a trusted verification module. Relevant verification information is acquired from a remote verification server of the TEE, and the trusted verification module is controlled to verify the measurement result according to the relevant verification information. When it is confirmed that the operation environment of the computing node is credible and the operation content of the computing node is secure, a communication channel is established between the user and the computing node.

Abstract: Provided are a method and apparatus for identifying a malicious mining behavior, an electronic device, and a storage medium. The method includes: obtaining operation data corresponding to a target operation, on capturing of the target operation; extracting a wallet address from the operation data to obtain a wallet address set obtaining data of a network outgoing connection for external access, and determining whether the data of the network outgoing connection comprises a wallet address belonging to the wallet address set and determining that the data of the network outgoing connection corresponds to the malicious mining behavior, on determining that the data of the network outgoing connection comprises a wallet address belonging to the wallet address set.

Abstract: Provided are a method and apparatus for identifying a malicious mining behavior, an electronic device, and a storage medium. The method includes: obtaining operation data corresponding to a target operation, on capturing of the target operation; extracting a wallet address from the operation data to obtain a wallet address set obtaining data of a network outgoing connection for external access, and determining whether the data of the network outgoing connection comprises a wallet address belonging to the wallet address set and determining that the data of the network outgoing connection corresponds to the malicious mining behavior, on determining that the data of the network outgoing connection comprises a wallet address belonging to the wallet address set.

Abstract: A test method and device for simulating a customer series deployment environment, an electronic device, and a storage medium are provided. The test method for simulating a customer series deployment environment includes: obtaining traffic data of an on-site protected host; obtaining session data between the on-site protected host and a server on the basis of the traffic data, and extracting application layer data from the session data; and transmitting and receiving the application layer data in a local test environment to carry out simulation test.

Abstract: Disclosed are a method and apparatus for detecting a logic vulnerability allowing arbitrary password reset for an account, and a computer readable storage medium. The method includes: invoking a preset identification program to determine whether a request for a verification code is initiated in a to-be-detected webpage; obtaining, from a front-end page, a response packet sent in response to the request for a verification code, and determining whether there is a short message service (SMS) verification code in the response packet, on determining that a request for a verification code is initiated in the to-be-detected webpage; and; and determining that the logic vulnerability allowing arbitrary password reset for an account exists in the to-be-detected webpage, on determining that there is an SMS verification code in the response packet.