Abstract: The present invention discloses a malicious file detection technology based on a random forest algorithm. In order to solve the shortcomings or defects of detecting a malicious file by using a feature matching method in the conventional art, a solution of extracting an effective feature and detecting the malicious file by using a machine learning algorithm is adopted, and thus the purpose of accurately and effectively identifying known and unknown malicious file is achieved.

Abstract: The present invention discloses a method for optimizing a sandbox. By changing a mode of the sandbox for processing a file, the present invention optimizes original pure database processing into database and file queue processing. The novel processing manner modifies an original behavior of the sandbox, reduces a load of a built-in database, and greatly reduces a probability of suspended animation of the sandbox.

Abstract: The present invention discloses a method for detecting Structured Query Language (SQL) injection based on a big data algorithm. According to the method, by simulating an attack, extracting a great number of SQL injection statements, performing a series of word segmentation and URL character conversion, and performing cross verification and learning, a training set of a naive Bayes algorithm is constructed; network audit data is processed by characteristic engineering and then substituted into the algorithm, so that a result for detecting the SQL injection is obtained; and furthermore, a business expert may make a further confirmation on the result to store the statement, which is confirmed as the SQL injection, to the training set again, so that the training set is increasingly rich, the identification accuracy is gradually increased, and the false alarm rate and the alarm leakage rate are gradually decreased.

Abstract: The present invention discloses a method for detecting a lost account based on multiple dimensions. The method includes the steps of obtaining security event information of an account via a security device such as an Intrusion Prevention System (IPS)/an Intrusion Detection System (IDS)/a firewall/an anti-virus wall/or the like; obtaining uplink and downlink traffic information of the account via analysis on a traffic log; identifying a covert communication signal of the account via the analysis on the traffic log; identifying abnormal login information of the account according to the traffic log; identifying data leakage information of the account according to the traffic log; obtaining functional use information of the account in a service system according to the traffic log; obtaining service process security information according to the traffic log; and determining a risk score and a loss probability of the account to the abnormal information of the account.

Abstract: The present invention discloses a method for implementing heterogeneous database synchronization in a security isolation gap based on data stream analysis. The method includes the steps of connecting a non-secret-related external network database via an Open Database Connectivity (ODBC) database driver, monitoring a port of a source database server for packet capture and analysis, extracting data, converting the data into a self-defined format, sending the data to a target database via an internal private protocol of an isolated card of the gap, then converting the data into a target database format when the data is synchronized to a target database, and sending analyzed data to an outer end of the uni-directional gap, thus completing data synchronization between the source database and the target database.

Abstract: Disclosed is a system for mobile data isolation, comprising of a tag control management module and a mobile data management module. The tag control management module comprises a tag generator, a tag storage management module and a tag transmission control module. The mobile data management module primarily identifies user authority and data confidentiality level according to tags, operates and controls the mobile application of mobile data, to realize fine-grained confidentiality security protections of the mobile data. The mobile data management module is divided into security isolation control of a data processing process, security control of a data transmission process and security isolation control in data storage. Meanwhile, a method for mobile data isolation is also disclosed. Isolation and fine-grained operation and control of data on a mobile intelligent terminal can be performed effectively, realizing different confidentiality policies and ensuring the confidentiality security of mobile data.

Abstract: Disclosed is a system for mobile data isolation, comprising of a tag control management module and a mobile data management module. The tag control management module comprises a tag generator, a tag storage management module and a tag transmission control module. The mobile data management module primarily identifies user authority and data confidentiality level according to tags, operates and controls the mobile application of mobile data, to realize fine-grained confidentiality security protections of the mobile data. The mobile data management module is divided into security isolation control of a data processing process, security control of a data transmission process and security isolation control in data storage. Meanwhile, a method for mobile data isolation is also disclosed. Isolation and fine-grained operation and control of data on a mobile intelligent terminal can be performed effectively, realizing different confidentiality policies and ensuring the confidentiality security of mobile data.