Abstract: A log processing device and a log processing method thereof are provided. The log processing device divides the original log data into a plurality of block data, transforms a numeric variable of each of the block data into a representative code, and determines whether to perform a combination process for continuous block data to generate a plurality of combinational block data according to a data integrity of each of the block data. The log processing data takes the combinational block data as a log template, and each of the combinational block data corresponds to an event.

Abstract: A log processing device and a log processing method thereof are provided. The log processing device divides the original log data into a plurality of block data, transforms a numeric variable of each of the block data into a representative code, and determines whether to perform a combination process for continuous block data to generate a plurality of combinational block data according to a data integrity of each of the block data. The log processing data takes the combinational block data as a log template, and each of the combinational block data corresponds to an event.

Abstract: A malicious software recognition apparatus and method are provided. The malicious software recognition apparatus stores a training dataset, which includes a plurality of network flow datasets. Each network flow dataset corresponds to one of a plurality of software categories, and the software categories include a plurality of malicious software categories. The malicious software recognition apparatus tests a malicious software recognition model and learns that a plurality of recognition accuracies of a subset of the malicious software categories are low, determines that an overlap degree of the network flow datasets corresponding to the subset is high, updates the software categories by combining the malicious software categories corresponding to the subset, updates the training dataset by integrating the network flow datasets corresponding to the subset, trains the malicious software recognition model according to the updated training dataset.

Abstract: A malicious software recognition apparatus and method are provided. The malicious software recognition apparatus stores a training dataset, which includes a plurality of network flow datasets. Each network flow dataset corresponds to one of a plurality of software categories, and the software categories include a plurality of malicious software categories. The malicious software recognition apparatus tests a malicious software recognition model and learns that a plurality of recognition accuracies of a subset of the malicious software categories are low, determines that an overlap degree of the network flow datasets corresponding to the subset is high, updates the software categories by combining the malicious software categories corresponding to the subset, updates the training dataset by integrating the network flow datasets corresponding to the subset, trains the malicious software recognition model according to the updated training dataset.

Abstract: A data protection method includes: detecting whether a web transmission behavior occurs or not; analyzing a transmitter and a first file of the web transmission behavior, wherein the transmitter is corresponding to a first application program, and the first file is corresponding to a first file characteristic; extracting a historical accessing record of the transmitter from a memory; extracting a second file characteristic of a second file from the memory in a state that the historical accessing record indicates that the transmitter accesses the second file of a second application program; comparing the first file characteristic with the second file characteristic, to generate a first similarity degree; and blocking the web transmission behavior according to the first similarity degree.

Abstract: A mobile device includes a memory and a processor. The memory is configured to store a plurality of commands; the processor is configured to receive the commands and execute the following steps: receiving a function call and datum of a mobile application; determining if the received function call is a call to an predetermined application programming interface; determining if the received datum is labeled datum; and processing the received function call with a predetermined monitoring procedure when the received function call is the call to the predetermined application programming interface and the received datum is the labeled datum.

Abstract: A mobile device includes a memory and a processor. The memory is configured to store a plurality of commands; the processor is configured to receive the commands and execute the following steps: receiving a function call and datum of a mobile application; determining if the received function call is a call to an predetermined application programming interface; determining if the received datum is labeled datum; and processing the received function call with a predetermined monitoring procedure when the received function call is the call to the predetermined application programming interface and the received datum is the labeled datum.

Abstract: A safety protection method which is performed with a controller includes steps of providing an index table, calling one of the APIs (API), filtering the called API based on a predetermined condition, and blocking the API if the API confirms the predetermined condition. Furthermore, a safety protection device is also disclosed herein.