Abstract: An apparatus for collecting meta data related to malicious code meta information, includes: an application programming interface (API) key setting unit configured to register as a member of a collection channel related to malicious code of cyber attacks, and set the API key as an initialization input; a collection channel access unit configured to, upon input of the set API key, access the collection channel; an execution command interpretation unit configured to, subsequent to accessing the collection channel, upon input of an execution command, interpret the input execution command; and a meta information management unit configured to, based on API information provided from the collection channel according to the interpreted execution command, extract at least one piece of meta information for identifying an attack group, and manage the at least one piece of meta information in a JSON format for each attack group.

Abstract: A device for automatically sorting a cyber attack includes an event feature generator that extracts a unique attacker IP by analyzing attacker IPs for each of the different kinds of security devices, and generates AI learning features of the security events of the different kinds of security devices including feature numerical data quantifying at least two or more features through attack information analysis recorded in the different kinds of security devices based on the information on the security events of the different kinds of security devices mapped to the extracted unique attacker IP, and an attack type sorter that learns the generated feature numerical data using an unsupervised learning algorithm, generates clustering data by sorting the feature numerical data into similar attack data and clustering sorted feature numerical data, and then analyzes the generated clustering data to identify a short-term or long-term attacker's cyber attack type.

Abstract: A method of supporting decision-making of security control includes: (a) when an system for automatically analyzing a security threat receives a security warning from a security device, collecting security threat events generating the security warning from the security device; (b) when the collected security threat events exceed a preset event processing threshold, generating, by the system for automatically analyzing a security threat, a first request message for preferentially processing a security event; (c) when receiving the first request message generated from the system, determining, by the system for supporting priority of security control, a priority processing order of the security threat events, and notifying the system; and (d) when receiving the second request message generated from the system, determining, by the system for supporting priority of security control, a priority processing order and notifying the system for automatically analyzing a security threat of the determined priority process

Abstract: Disclosed are a system and method for automatically generating a playbook and verifying validity of a playbook based on artificial intelligence, wherein the system present invention includes a system for automatically generating a playbook that automatically generates the playbook, and a system for verifying validity of a playbook that is connected to the system for automatically generating a playbook through a network to perform the verification of the validity on the playbook received from the system for automatically generating a playbook.

Abstract: Disclosed are a system and a method for detecting session initiation protocol (SIP) noncoding, and more particularly, to a system and a method for detecting SIP noncoding, which can manage reputation of a client terminal according to whether or not the client terminal sends an encoded SIP message through a 5G non-standalone/Standalone (5G NSA/SA), thereby preventing an SIP spoofing attack.

Abstract: Disclosed is a system and a method of supporting a decision-making for security management to cause a security controller to rapidly take precautions against a threat, the system comprising: an interface unit configured to receive a request for support of a decision-making, and a processing unit configured to support at least one decision-making concerning materialization of the threat, the selection of a security event to be preferentially processed, or the recommendation of a most suitable response according to the request for the support of the decision-making.

Abstract: Disclosed is a system and a method of automatizing a threat analysis based on artificial intelligence according to the present invention, the system comprising: a playbook automatic-generation module configured to generate a playbook based on a template by utilizing an artificial learning model; a playbook verification and management module configured to verify effectiveness of the playbook generated by the playbook automatic-generation module; a playbook database configured to save the playbook verified by the playbook verification and management module; and a playbook execution module configured to automatically execute any playbook corresponding to a detected event through matching therebetween from the playbook database.

Abstract: Disclosed is a system and a method of detecting an abnormal act threatening to security based on artificial intelligence according to the present invention, and, more particularly, a system and a method of detecting an abnormal act threatening to security based on artificial intelligence that are capable of rapidly carrying out pre-processing of a large-scaled data set based on multi processing, and efficiently detecting the abnormal act threatening to security via various pieces of security device on the basis of studied artificial intelligence.

Abstract: A method and apparatus for input prediction. The method includes: obtaining an input current text; obtaining a first state parameter of a first text from a cache; inputting the current text and the first state parameter into the recurrent neural network, determining a state parameter of the current text through the recurrent neural network according to the first state parameter; and determining a predicted text of the current text from the word library according to the state parameter of the current text. The first text is a previous text of the current text; the first state parameter is determined through a preset recurrent neural network according to the first text and a state parameter of a previous text of the first text; the recurrent neural network is trained with a preset word library; the word library is used to store words. Through the method and apparatus, time for determining a predicted text is reduced.

Abstract: Embodiments of the present application provide a packet processing method, an electronic device and a readable storage medium. The method is applied to an electronic device installed with a Virtual Private Network VPN application, and includes: a non-VPN application in the electronic device sending a packet that is to be sent by the non-VPN application to the VPN application through a hardware network module and a virtual network module in the electronic device; the VPN application receiving and analyzing the packet; if the analysis indicates that the packet contains a Domain Name System (DNS) resolution request, the VPN application redirecting the DNS resolution request packet to a preset secure DNS server through the virtual network module and the hardware network module. With embodiments of the present application, the security of software, hardware, and data of an electronic device can be effectively ensured with a reduced cost.

Abstract: A method, apparatus, and mobile terminal for presenting a screen saver of an application are disclosed. The method comprises: sending broadcast information by a first application installed on the mobile terminal to other applications when a screen saver is to be activated; obtaining version numbers of the configuration information saved by other applications based on the received broadcast information from other applications; obtaining the latest version of configuration information based on the version number of the configuration information saved by the first application and the received version numbers of the configuration information saved by other applications; determining whether the first application has the highest priority among the first application and other applications based on the priorities of the applications contained in the latest version of configuration information; and if so, presenting the screen saver of the first application.

Abstract: Provided are a method and apparatus for selecting key information of each group in grouped graph data. According to embodiments, key information of each group is selected using a term frequency-inverse document frequency (TF-IDF) value obtained for each node belonging to each group by using a TD-IDF algorithm for obtaining the importance of each term or keyword in a document.

Abstract: Provided are a method for abbreviating grouped graph data and an apparatus to which the method is applied. According to an embodiment, the method for abbreviating graph data comprises obtaining source information that is information on a graph structure and grouping information that reflects a result of clustering for the source information, obtaining one or more abbreviation candidate network motifs that all member nodes of the network motifs belong to the same group, among original network motifs extracted from the source information, selecting an abbreviation target network motif based on a sum of levels of edges belonging to the abbreviation candidate network motif of the abbreviation candidate network motifs and replacing the abbreviation target network motif with a single node.

Abstract: A cache folder identification method and device, the method comprising: in the process of running target software, acquiring a plurality of sample values x1, x2, . . . xn of the number of files in the target folder according to a preset rule, the target folder being a folder used in the process of running the target software, n?2; according to a preset algorithm, calculating the statistical value of the plurality of sample values, the statistical value being used to represent the degree of dispersion of the sample values; determining whether the statistical value is greater than a preset first threshold; if so, identifying the target folder as a cache folder. The method has high identification efficiency, and can continuously monitor specific software without missing a cache folder.

Abstract: Embodiments of the present application provide a method and apparatus for removing a root-privileged virus and an electronic device. The method includes: scanning the smart device to find a root-privileged virus file; obtaining a root-privileged removing process according to the virus file; and removing the root-privileged virus file according to a preset removing strategy by using the root-privileged removing process. As a root-privileged process is directly obtained in this embodiment by using a found virus file, the smart device can obtain the root privileges more quickly, improving the speed of killing the root-privileged virus.

Abstract: Embodiments of the present application provide a method, apparatus, electronic device for displaying an image and a storage medium. The method and apparatus are applied to an electronic device. The method comprises: determining a display angle of a 3D wallpaper containing elements, wherein the 3D wallpaper is obtained by pasting an overall spherical panoramic image containing all the elements onto one 3D model; determining a graphic to be displayed corresponding to the display angle in the overall spherical panoramic image; and rendering the graphic to be displayed and displaying the rendered graphic. In the embodiments, when the graphic to be displayed corresponding to the display angle of the 3D wallpaper is rendered, the operation on unnecessary occluded parts is avoided, thereby reducing the amount of computation in displaying the 3D wallpaper and saving the computing resources.

Abstract: Embodiments of the present application disclose a method, an apparatus and an electronic device for presenting to-be-cleaned data. The method comprises: after identifying the to-be-cleaned data comprising to-be-cleaned files and to-be-cleaned folders in storage space of the electronic device, determining first-type feature information of the to-be-cleaned files and second-type feature information of the to-be-cleaned folders are (S101); determining data categories of the to-be-cleaned files based on the obtained first-type feature information of the to-be-cleaned files (S102); determining data categories of the to-be-cleaned folders based on the obtained second-type feature information of the to-be-cleaned folders (S103); presenting the to-be-cleaned files and the to-be-cleaned folders in accordance with an order set based on data categories and with a rule of presenting to-be-cleaned data of a same data category in a centralized manner (S104).

Abstract: A method and device for identifying junk picture files, which are used for a server side to identify junk picture files in cached network data. The method comprises: obtaining a directory to be detected; determining whether the number of files in the directory is greater than or equal to a first preset value; if so, determining whether file names of the files in the directory contain keywords which represent the cached network data; if the keywords are contained, determining that the files in the directory are the cached network data, and then, determining whether keywords which represent useless picture files exist in the cached network data, so as to find out whether junk picture files exist; if the junk picture files exist, identifying the found picture files as cached junk picture files; and recording a directory path where the cached junk picture files are located. By means of the above solution, the cached network junk picture files can be accurately identified.