CN103685171A - Attack control method for protecting account system - Google Patents
Attack control method for protecting account system Download PDFInfo
- Publication number
- CN103685171A CN103685171A CN201210331667.0A CN201210331667A CN103685171A CN 103685171 A CN103685171 A CN 103685171A CN 201210331667 A CN201210331667 A CN 201210331667A CN 103685171 A CN103685171 A CN 103685171A
- Authority
- CN
- China
- Prior art keywords
- account
- control
- attack
- engine
- accounts
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses an attack control method for protecting an account system. The method comprises the following steps: (1) an initiative deception system is established for pre-defense of a network defense system, wherein the initiative deception system comprises an attack control engine in a core system and used for defense in the aspects of an account database, an account authentication system, an account authorization system and an account audit system; (2) the attack control engine reinforces the security of the account system automatically; (3) control activities such as creating, concealing and cloning of accounts are prevented, functions of the activities are inhibited, and then all the activities are deleted from the account system; (4) the attack control engine prevents the control activities for decoding and gives an alarm; (5) an account attack is controlled. According to the invention, the method can judge whether an activity is a control activity or not, resist malicious code attacks in the aspects of the account database, the account authentication system, the account authorization system, the account audit system and the like, and reinforce the security of the account system automatically, so as to prevent malicious codes from creating anonymous accounts, concealed accounts, cloned accounts and other illegal accounts.
Description
Technical field
The present invention is specifically related to protect the attack control method of account system, for controlling the controlled malicious act of assailant to account system core position, and the authority control system of protection operating system.
Background technology
Nowadays along with the extensive use of network technology, assault emerges in an endless stream, network security becomes the focus of current study hotspot and social concerns, and existing network safe practice lags behind various attack technologies conventionally with defense techniques such as fire compartment wall, antivirus protection technology, intruding detection system, authentication and digital signature technologies.
As the authority control system of operating system, account and Verification System are the safety-valves of whole operating system, need high Security Techniques.
Data Control technology is exactly one of existing Security Techniques.Take the method for " wide-in and strict-out ", can the data that flow out be monitored and be followed the trail of.
The unknown attack of the non-feature formula of current appearance to existing Prevention-Security System forming serious threat.Unknown attack is exactly unknown threat, refers to not yet foundly to have unknown characteristics and information system is existed the Activity Type of potential threat simultaneously.Unknown threat may be to be caused by unknown virus, wooden horse, hacker, or a kind of illegal abuse to resource.
Although Data Control technology is under the cooperation of the safety measures such as network firewall, intruding detection system, can make up the deficiency of original Prevention-Security, but still there is the shortcoming that some cannot overcome: for data, just played the effect of record, known and the unknown attack of None-identified, easily become springboard machine, then cause inner other real server to be attacked.
Summary of the invention
The present invention produces in order to solve the shortcoming of available data control technology just; its object is to provide the attack control method of protection account system; can control the controlled malicious act of assailant to account system core position; that behavior is controlled in the known attack of condition code formula or the unknown attack of potential threat control all has good protection effect, the authority control system of protection operating system.
For realizing above-mentioned technical purpose, the technical solution adopted in the present invention is:
The attack control method of protection account system of the present invention, the embodiment of the present invention provides a kind of attack control method of protecting account system, comprises the following steps:
(1) initiatively trapping system is set up in the defence in advance in cyber-defence system, trapping system is deployed with to attack in account system controls engine, to account data storehouse, account Verification System, account authoring system, account audit system, these aspects are resisted;
(2) attack control engine and will carry out automatic safe reinforcing to account system;
(3) stop control behavior to create, hide, clone account; Stop the use of its function; From account system, delete afterwards;
(4) attacking control engine stops control behavior password is cracked and report to the police;
(5) account is attacked and is controlled.
With said method, in account system, dispose to attack and control engine.Stop that control behavior creates, hides, clone's account with and the use of function, can also stop control behavior to crack password, and delete from account system, finally realize account and attack and control.
The present invention also provides the another kind of execution mode of attack control method of protection account system, comprising:
Interception carrys out the attack of automatic network; To coming the attack of automatic network to judge, whether be control behavior; If the determination result is YES, block the control behavior that enters kernel system; If the determination result is NO, let pass; Finally blocking-up enters the control behavior of account system.
The operations such as further, default password account invasion, the invasion of weak passwurd account, the invasion of keeper's account, other account password invasions.
Further; the controlled malicious act of engine control assailant to system core position controlled in described attack; according to the judged result of behavior danger classes, guarantee the not victim control of trapping system, protection trapping computer does not become attacks inner other real server.
With respect to existing technology, the attack control method of protection account system of the present invention, has following useful technique effect:
The invention has the beneficial effects as follows: at kernel system made, attack and control engine, can determine whether control behavior, by crossing, account data storehouse, account Verification System, account authoring system, these aspects of account audit system are resisted simultaneously, guaranteed the not victim control of account system.
Accompanying drawing explanation
Fig. 1 is the flow chart of an embodiment of the present invention;
Fig. 2 is the composition diagram of the embodiment of the present invention based on Fig. 1
Embodiment
The embodiment of the present invention provides the attack control method of protection account system, to solve existing traditional Data Control technology, only the data that enter honey pot system is recorded or is revised, and data itself are not had to recognition capability.The present invention is mainly used in defense system in advance, server, the active trapping system of network and carries out active, efficient, system-level Prevention-Security.
For making object of the present invention, technical scheme and advantage clearer, referring to the accompanying drawing embodiment that develops simultaneously, the present invention is described in more detail.
The present invention attacks engine by the control being deployed in account system, is deployed with to attack controls engine in kernel system, and to account data storehouse, account Verification System, account authoring system, account audit system, these aspects are resisted.Attack control engine and will carry out automatic safe reinforcing to account system; Stop that control behavior creates, hides, clone's account with and the use of function; From account system, delete afterwards; In addition, can also stop control behavior to crack password; Finally realize account and attack control.Some malicious acts of defending comprise: the invasion of default password account, the invasion of weak passwurd account, the invasion of keeper's account, other account password invasions etc.The controlled malicious act of engine control assailant to system core position controlled in described attack, according to the judged result of behavior danger classes, guarantees the not victim control of trapping system, and protection trapping computer does not become attacks inner other real server.
Flow chart in conjunction with Fig. 1 illustrates.
Step 101: initiatively trapping system is set up in the defence in advance in cyber-defence system, trapping system is deployed with to attack in account system controls engine, to account data storehouse, account Verification System, account authoring system, account audit system, these aspects are resisted;
Step 102: the attack control engine being deployed in kernel system obtains the information from step 101, proceeds to next step; Attack control engine and will carry out automatic safe reinforcing to account system;
Step 103: stop control behavior to create, hide, clone account; Stop the use of its function; From account system, delete afterwards;
Step 104: attack control engine and stop control behavior to crack password; And report to the police; 103 steps and 104 steps enter next step simultaneously;
Step 105: account is attacked and controlled.
Flow process by above embodiment is described, be deployed in that attack in account system controls that engine stops that control behavior creates, hides, clone's account with and the use of function, can also stop control behavior to crack password, and delete from account system, finally realize account and attack control.Stoping and unload not to be corrupted to system file, is before malicious act occurs, and this abnormal behavior detected, from having prevented that malicious code from creating anonymous account, hide account, cloning the illegal accounts such as account.
The present invention adopts and attacks the method for controlling, and provides the attack of protection account system to control engine.
Composition diagram in conjunction with Fig. 2 illustrates.
Step 101: interception carrys out the attack of automatic network;
Step 102: to coming the attack of automatic network to judge, whether be control behavior;
Step 103: if the determination result is YES, proceed to step 105, blocking-up enters the control behavior of kernel system;
Step 104: if the determination result is NO, let pass;
Step 105: blocking-up enters the control behavior of account system.
Attacking and controlling engine is an engine being deployed in account system, and it is according to the judged result of behavior danger classes, thus the controlled malicious act of control assailant to system core position.Attacking control technology is to guarantee the not victim control of trapping system, is that protection trapping computer does not become the important technology of attacking inner other real server.Control computer and can control target of attack by account system.
To the embodiment of the present invention, just for technical conceive of the present invention and feature being described, its objective is, be to allow one of ordinary skilled in the art can understand content of the present invention and implement according to this above, can not limit the scope of the invention with this.Every equivalent variation or modification that according to the present invention, the essence of content has been done, all should be encompassed in protection scope of the present invention.
Claims (4)
1. the attack control method of protection account system, is characterized in that, comprises the following steps:
(1) initiatively trapping system is set up in the defence in advance in cyber-defence system, trapping system is deployed with to attack in account system controls engine, to account data storehouse, account Verification System, account authoring system, account audit system, these aspects are resisted;
(2) attack control engine and will carry out automatic safe reinforcing to account system;
(3) stop control behavior to create, hide, clone account; Stop the use of its function; From account system, delete afterwards;
(4) attacking control engine stops control behavior password is cracked and report to the police;
(5) account is attacked and is controlled.
2. the attack control method of protection account system according to claim 1, is characterized in that: some malicious acts of defending comprise: the operations such as the invasion of default password account, the invasion of weak passwurd account, the invasion of keeper's account, other account password invasions.
3. the attack control method of protection kernel system according to claim 2, is characterized in that: as the authority control system of operating system, account and Verification System are the safety-valves of whole operating system, needs high Security Techniques.
4. described in, attack and control the controlled malicious act of engine control assailant to system core position, by account data storehouse, account Verification System, account authoring system, these aspects of account audit system are resisted, guarantee the not victim control of account system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210331667.0A CN103685171A (en) | 2012-09-10 | 2012-09-10 | Attack control method for protecting account system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210331667.0A CN103685171A (en) | 2012-09-10 | 2012-09-10 | Attack control method for protecting account system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103685171A true CN103685171A (en) | 2014-03-26 |
Family
ID=50321503
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210331667.0A Pending CN103685171A (en) | 2012-09-10 | 2012-09-10 | Attack control method for protecting account system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103685171A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105376210A (en) * | 2014-12-08 | 2016-03-02 | 哈尔滨安天科技股份有限公司 | Account threat identification and defense method and system |
| CN106411955A (en) * | 2016-12-01 | 2017-02-15 | 微鲸科技有限公司 | Modulus m congruence class ring based account generation method |
| CN113098823A (en) * | 2019-12-23 | 2021-07-09 | 中国移动通信集团山西有限公司 | Weak password detection method, device, equipment and medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060023721A1 (en) * | 2004-07-29 | 2006-02-02 | Ntt Docomo, Inc. | Server device, method for controlling a server device, and method for establishing a connection using the server device |
| EP1748342A1 (en) * | 2005-07-29 | 2007-01-31 | H+BEDV Datentechnik GmbH | Honeypot computer system for detecting viruses in computer networks |
| CN101262351A (en) * | 2008-05-13 | 2008-09-10 | 华中科技大学 | A network tracking system |
| CN101582817A (en) * | 2009-06-29 | 2009-11-18 | 华中科技大学 | Method for extracting network interactive behavioral pattern and analyzing similarity |
-
2012
- 2012-09-10 CN CN201210331667.0A patent/CN103685171A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060023721A1 (en) * | 2004-07-29 | 2006-02-02 | Ntt Docomo, Inc. | Server device, method for controlling a server device, and method for establishing a connection using the server device |
| EP1748342A1 (en) * | 2005-07-29 | 2007-01-31 | H+BEDV Datentechnik GmbH | Honeypot computer system for detecting viruses in computer networks |
| CN101262351A (en) * | 2008-05-13 | 2008-09-10 | 华中科技大学 | A network tracking system |
| CN101582817A (en) * | 2009-06-29 | 2009-11-18 | 华中科技大学 | Method for extracting network interactive behavioral pattern and analyzing similarity |
Non-Patent Citations (1)
| Title |
|---|
| 陈凌, 等.: "网络诱捕式入侵防御模型的设计", 《计算机应用》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105376210A (en) * | 2014-12-08 | 2016-03-02 | 哈尔滨安天科技股份有限公司 | Account threat identification and defense method and system |
| CN105376210B (en) * | 2014-12-08 | 2018-09-07 | 哈尔滨安天科技股份有限公司 | A kind of account threat identification and defence method and system |
| CN106411955A (en) * | 2016-12-01 | 2017-02-15 | 微鲸科技有限公司 | Modulus m congruence class ring based account generation method |
| CN106411955B (en) * | 2016-12-01 | 2019-07-23 | 微鲸科技有限公司 | A kind of account generation method based on mould m congruence class ring |
| CN113098823A (en) * | 2019-12-23 | 2021-07-09 | 中国移动通信集团山西有限公司 | Weak password detection method, device, equipment and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Brewer | Advanced persistent threats: minimising the damage | |
| Denning | Reflections on Cyberweapons Control | |
| Khari et al. | Role of cyber security in today's scenario | |
| Ask et al. | Advanced persistent threat (APT) beyond the hype | |
| CN103581104A (en) | Active trapping method based on behavior capturing | |
| Lachow | The Stuxnet enigma: Implications for the future of cybersecurity | |
| Shackelford et al. | Rethinking active defense: a comparative analysis of proactive cybersecurity policymaking | |
| CN103685171A (en) | Attack control method for protecting account system | |
| Kello | Private-Sector Cyberweapons: An Adequate Response to the Sovereignty Gap? | |
| Dewar | Active cyber defense | |
| Vávra et al. | An evaluation of cyber threats to industrial control systems | |
| Appelbaum et al. | NSA Preps America for Future Battle | |
| Tarnowski | How to use cyber kill chain model to build cybersecurity? | |
| KR101752880B1 (en) | Advanced Persistent Threat attack tolerance system and method using cloud computing virtualization | |
| Mendyk-Krajewska et al. | Problem of network security threats | |
| Fischer | The concept of deterrence and its applicability in the cyber domain | |
| CN109460658B (en) | Detection method for malicious Lesso sample | |
| Rubenstein | Nation state cyber espionage and its impacts | |
| Broadhurst et al. | Cyber terrorism: research review: research report of the Australian national university cybercrime observatory for the Korean institute of criminology | |
| CN103679015A (en) | Attacking control method for protecting kernel system | |
| Daniel Mihai et al. | Analysis of some case studies on cyberattacks and proposed methods for preventing them | |
| Rafiq et al. | Increasing cyber threats to Pakistan | |
| CN103716289A (en) | Attack control method for protecting service system | |
| Maesschalck | Gentlemen, you can't fight in here. Or can you?: How cyberspace operations impact international security | |
| Kello | Private-Sector Cyberweapons: strategic and other consequences |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: CHENGDU ZHONGKE CHONGHUI TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: JIANGSU ZHONGKE HUICHUANG INFORMATION SAFETY TECHNOLOGY CO., LTD. Effective date: 20150120 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 215163 SUZHOU, JIANGSU PROVINCE TO: 610041 |
|
| TA01 | Transfer of patent application right |
Effective date of registration: 20150120 Address after: High tech Zone Gaopeng road in Chengdu city of Sichuan province 610041 No. 12 A602 Applicant after: CHENGDU CHINAFIRST TECHNOLOGY CO., LTD. Address before: 215163 micro system garden of Suzhou science and Technology City, Suzhou hi tech Zone, Jiangsu, M3-102 Applicant before: JIANGSU ZHONGKE HUICHUANG INFORMATION SAFETY TECHNOLOGY CO., LTD. |
|
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20140326 |
|
| WD01 | Invention patent application deemed withdrawn after publication |