本文介绍了一种签名生成设备,它通过收集威胁信息,利用提取单元从威胁中抽取攻击数据,并在生成单元中生成签名。特别地,如果发现多个相同字符字符串的攻击数据,该设备会临时生成包含这些字符串的签名,然后评估是否包含非攻击数据中的字符,若存在则移除,从而生成最终签名以提高精确性。
摘要:
This signature-generating device (2) comprises: a collection unit (11) which collects threat information; an extraction unit (21) which extracts attack data from the threat data collected by the collection unit (11); and a generation unit (31) which generates a signature on the basis of attack data extracted by the extraction unit (21). If a plurality of attack data having the same character string are extracted by the extraction unit (21), the generation unit (31) temporarily generates a signature including the same character string, evaluates whether the temporarily generated signature includes a character string used in non-attack data, and if the temporarily generated signature contains a character string used in non-attack data, that character string is removed from the temporarily generated signature to generate a signature.
展开
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
