CN104079557A - CC attack protection method and device - Google Patents
CC attack protection method and device Download PDFInfo
- Publication number
- CN104079557A CN104079557A CN201410219880.1A CN201410219880A CN104079557A CN 104079557 A CN104079557 A CN 104079557A CN 201410219880 A CN201410219880 A CN 201410219880A CN 104079557 A CN104079557 A CN 104079557A
- Authority
- CN
- China
- Prior art keywords
- client
- access
- authentication
- described client
- attacks
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention provides a CC attack protection method and device. The method comprises the first step of transmitting a verification cookie to a client side, verifying whether a correct verification cookie is returned by the client side, if yes, allowing continuous access by the client side, and if not, refusing continuous access by the client side, the second step of monitoring whether the number of access times of the client side in unit time exceeds a preset threshold value, if yes, going to the next step, and if not, allowing continuous access by the client side, and the third step of transmitting an authentication request to the client side, verifying whether authentication information input by the client side is correct, allowing continuous access by the client side if the authentication information input by the client side is correct, and refusing continuous access by the client side if the authentication information input by the client side is not correct. The CC attack protection method and device have the advantages that safety is improved, a CC attack object can be quickly detected, and a normal access request of a user can be prevented from being shielded. By the adoption of the CC attack protection method and device, the safety of a server can be improved, the CC attack object can be quickly detected, and the normal access request of the user can be prevented from being shielded.
Description
Technical field
The present invention relates to network security technology, especially relate to a kind of CC (Challenge Collapsar) attack guarding method and device of WEB server.
Background technology
CC attack be a kind of take consume the distributed denial of service attack that server resource is object, false IP is not used in this attack, conventionally by a large amount of proxy servers, carry out connection server, by the normal URL to some consumption server resources of server request, ask, make server CPU computational resource utilization rate reach rapidly the highest, cannot carry out other and normally connect.This attack is mainly for the WEB application program of certain domain name.CDN network-node server cannot be processed dynamic state server script page cache.CC attacks and holds while sending the request of the dynamic state server script page to node, and node can be directly to source point server Forward-reques.Now, the nodal cache server of CDN need to be safeguarded and attack end and node, and node is connected with two TCP between source point server.Source point server needs Maintenance Point to be connected with the TCP between source point.Like this, a CC attacks to connect and need to expend three TCP connections of system.Along with the increase of challenging dose, CDN systematic function will be greatly affected until collapse.
The common method that is applied at present the antagonism CC attack of CDN network service is to judge attack according to server access flow threshold values size.This method easily masks user's normal access request, if assailant sets suitable attack speed, guard system is difficult to effectively detect CC attack, thereby affects the access of domain name.
For addressing the above problem, a kind of follow-on CC attack guarding method is proposed in prior art, be specially: whether by resolving HTTP header, whether judge in access request legal with described safety label and described safety label, and then determine whether to allow its access WEB server.
Although said method can reduce number of times of attack to a certain extent, there is the possibility that user's normal access request error masking is fallen.For example, in client-requested being carried out to the method for verifying with the script of cookie, assailant can develop special attack script for this verification method, automatically completes checking and the attack to server.Visible, the CC attack guarding method after above-mentioned improvement cannot guarantee that server exempts from automatic attack and the machine of delaying equally.
Summary of the invention
The object of this invention is to provide means of defence and device that a kind of CC attacks, make when improving server security, fast detecting to go out CC object of attack, can avoid user's normal access request to mask simultaneously.
For achieving the above object, embodiments of the present invention propose the means of defence that a kind of CC attacks, and comprise the steps: to send verification cookie to client, and whether checking client returns to correct verification cookie, if allow to continue access, otherwise denied access; Whether the access times of monitoring client within the unit interval surpass predetermined threshold, if enter next step, otherwise allow to continue access; To client, send authentication requirement, whether the authentication information of checking client input is correct, if correctly allow, continues access, otherwise denied access.
According to an aspect of the present invention, described to client transmission verification cookie, the step whether checking client returns to correct verification cookie comprises: receive the target pages access request that client is submitted to first; To described client, send the verification page with cookie check information; Receive the access request that client is returned; Judge in the access request that described client returns and whether comprise described cookie check information.
According to a further aspect in the invention, described judge in the access request that described client returns, whether comprise described cookie check information after, comprise: if so, to described client, return to target pages, list the source IP address of described client in white list simultaneously; Otherwise refusal returns to target pages to described client, and described target pages request is recorded as to the once attack of described client source IP address.
According to another aspect of the invention, whether the access times of described monitoring client within the unit interval surpass predetermined threshold, if enter next step, otherwise allow to continue access, comprising: whether the number of times of the access request of monitoring client within the unit interval surpasses predetermined threshold; If so, to described client, return to target pages; Otherwise the source IP address of described client is removed from white list, and entered described next step.
According to another aspect of the invention, described to the requirement of client transmission authentication, whether the authentication information of checking client input is correct, continue access, otherwise denied access comprises if correctly allow: to the requirement of client transmission authentication; Receive the authentication information that described client is returned; Judge that whether the authentication information that authentication information that client is returned prestores with fire compartment wall is consistent; If consistent, allow described client to continue access services device; If inconsistent, refuse described client-access server.
According to another aspect of the invention, described to the requirement of client transmission authentication, whether the authentication information of checking client input is correct, if correctly allow to continue access, otherwise denied access, comprising: generate at random an identifying code, described identifying code comprises origin authentication information; To described client, send the checking page that carries described identifying code; Receive the authorization information that described client is returned; Judge that whether described authorization information is consistent with the authorization information prestoring; If consistent, allow described client to continue access services device; If inconsistent, refuse described client-access server.
According to another aspect of the invention, described identifying code is static identifying code or dynamic verification code.
According to another aspect of the invention, described permission continues access and is specially: to described client, return to target pages.
According to another aspect of the invention, described to the requirement of described client transmission authentication, comprising: by TCP proxy module, to described client, send authentication requirement.
Another object of embodiment of the present invention is to provide the protector that a kind of CC attacks, comprise: the first authentication module, for sending verification cookie to client, whether checking client returns to correct verification cookie, if allow to continue access, otherwise denied access; Whether monitoring modular, surpass predetermined threshold for monitoring the access times of client within the unit interval, if enter next step, otherwise allows to continue access; The second authentication module, for sending authentication requirement to client, whether the authentication information of checking client input is correct, if correctly allow, continues access, otherwise denied access.
Means of defence and the device according to CC provided by the invention, attacked, before entering phase III checking, having passed through the access request of first stage checking and second stage checking two-wheeled filters, make fire compartment wall can accurately identify CC attack and CC attack source IP address, when having improved server security, also can avoid user's normal access request to mask.And the access request of verifying by the first stage, when access request quantity is not before surpassing predetermined threshold, can continue access services device, client directly and server interaction, is saved the internal memory of fire compartment wall, and then has been improved the data-handling capacity of fire compartment wall.
Accompanying drawing explanation
Fig. 1 is the structural representation of a kind of implementation environment involved in the present invention;
Fig. 2 shows the method flow diagram of the means of defence that the CC of the preferred embodiment of the present invention attacks;
Fig. 3 shows the method flow diagram of first stage verification step S100 in the preferred embodiment of the present invention;
Fig. 4 shows the method flow diagram of second stage verification step S200 in the preferred embodiment of the present invention;
Fig. 5 shows the method flow diagram of phase III verification step S300 in the preferred embodiment of the present invention;
Fig. 6 shows the other method flow chart of phase III verification step S300 in the preferred embodiment of the present invention;
Fig. 7 shows the checking page schematic diagram that carries verification code information showing in client;
Fig. 8 shows the schematic diagram of pictorial identifying code input page;
Fig. 9 has gone out the structural representation of the protector that the CC of another embodiment of the present invention attacks.
Embodiment
For making the object, technical solutions and advantages of the present invention more cheer and bright, below in conjunction with embodiment and with reference to accompanying drawing, the present invention is described in more detail.Should be appreciated that, these descriptions are exemplary, and do not really want to limit the scope of the invention.In addition, in the following description, omitted the description to known configurations and technology, to avoid unnecessarily obscuring concept of the present invention.
Fig. 1 shows the structural representation of technical solution of the present invention implementation environment.
Referring to Fig. 1, the method that CC of the present invention attacks and the fence operation of device for implementing to attack for CC in network system, described network system mainly comprises terminal 120, server 140 and fire compartment wall 160.
Terminal 120 can be the electronic equipment that possesses data-handling capacity, as mobile phone, panel computer, E-book reader, MP3 player (Moving Picture Experts Group Audio Layer III, dynamic image expert compression standard audio frequency aspect 3), MP4 (Moving Picture Experts Group Audio Layer IV, dynamic image expert compression standard audio frequency aspect 3) player, pocket computer on knee and desktop computer etc.
In terminal 120, to have client, this client can be the client that possesses page browsing function in operation, as browser, read application, news client etc.
Server 140 can be a station server, or the server cluster being comprised of some station servers, or a cloud computing service center.Server is for providing alternately content of pages with terminal 120.Server 140 is set up by content supplier conventionally, as web server.
Fire compartment wall 160 connects terminal 120 and server 140, and it connects network used can be wireless network or cable network.Fire compartment wall 160 may be one or more exclusive hardware, or is a set of software on common machines.
Fig. 2 shows the method flow diagram of the means of defence that the CC of the preferred embodiment of the present invention attacks.
Referring to Fig. 2, the means of defence that the CC of the preferred embodiments of the present invention attacks comprises the verification step of following three phases:
First stage verification step S100, sends verification cookie to client, and whether checking client returns to correct verification cookie, if allow to continue access, otherwise denied access;
Second stage verification step S200, whether the access times of monitoring client within the unit interval surpass predetermined threshold, if enter next step, otherwise allow to continue access;
Phase III verification step S300, sends authentication requirement to client, and whether the authentication information of checking client input is correct, if correctly allow, continues access, otherwise denied access.
In the present embodiment, the executive agent of above step is preferably fire compartment wall 160, can be also server 140.The step that described permission continues access is specially the target pages that returns to institute's request access to described client.The described step that sends authentication requirement to described client, the TCP proxy module being specially by fire compartment wall 160 sends authentication requirement to described client.
In sum, the means of defence that the CC that the embodiment of the present invention provides attacks, before entering phase III checking, having passed through the access request of first stage checking and second stage checking two-wheeled filters, make fire compartment wall can accurately identify CC attack and CC attack source IP address, when having improved server security, also can avoid user's normal access request to mask.And the access request of verifying by the first stage, when access request quantity is not before surpassing predetermined threshold, can continue access services device, client directly and server interaction, is saved the internal memory of fire compartment wall, and then has been improved the data-handling capacity of fire compartment wall.
Fig. 3 shows the method flow diagram of first stage verification step S100 in the preferred embodiments of the present invention.
Referring to Fig. 3, in the preferred embodiments of the present invention, the first stage, verification step S100 specifically comprised the steps:
Step S101, receives the target pages access request that client is submitted to first.
Wherein, as shown in Figure 7, described target pages 800 finally wants for user the page obtaining.Take client as browser be example, described target pages is the corresponding actual pages of URL of user's input, as when user browser address bar input network address "
www.baidu.com" time, user finally want the page obtaining be above-mentioned network address "
www.baidu.com" the corresponding page.
Step S102, sends the verification page with cookie check information to described client.
Step S103, receives the access request that client is returned.
Step S104, judges in the access request that described client returns whether comprise described cookie check information.
Step S105, if the access request that described client is returned comprises described cookie check information, returns to target pages to described client, lists the source IP address of described client in white list simultaneously.
Step S106, if the access request that described client is returned does not comprise described cookie check information, refuses to return to target pages to described client, and described target pages request is recorded as to the once attack of described client source IP address.
Fig. 4 shows the method flow diagram of second stage verification step S200 in the preferred embodiments of the present invention.
Referring to Fig. 4, in the preferred embodiments of the present invention, second stage verification step S200 specifically comprises the steps:
Step S201, whether the number of times of the access request of monitoring client within the unit interval surpasses predetermined threshold.
Step S202, if the number of times of the access request of client within the unit interval do not surpass predetermined threshold, returns to target pages to described client.
Step S203 if the number of times of the access request of client within the unit interval surpasses predetermined threshold, removes the source IP address of described client, and forwards phase III verification step S300 to from white list, to described client, sends authentication request.
Fig. 5 shows the method flow diagram of phase III verification step S300 in the preferred embodiment of the present invention.
Referring to Fig. 5, in the preferred embodiment of the present invention, verification step S300 specifically comprises the steps: the phase III
S301, sends authentication requirement to client.
S302, receives the authentication information that described client is returned.
S303, judges that whether the authentication information that authentication information that client is returned prestores with fire compartment wall is consistent.
S304, if consistent, allows described client to continue access services device.
S305, if inconsistent, refuses described client-access server.
Fig. 6 shows the other method flow chart of phase III verification step S300 in the preferred embodiments of the present invention.
In embodiments of the invention, authentication information preferably adopts identifying code, and described phase III verification step S300 specifically comprises the following steps:
S311, generates an identifying code at random, and described identifying code comprises origin authentication information.
Wherein, described identifying code is the difficult picture of identifying of human eye, word, numeral, video etc., and conventional identifying code has static identifying code and dynamic verification code.
S312, sends the checking page that carries described identifying code to described client.
Fig. 7 shows the checking page schematic diagram that carries verification code information showing in client.
As shown in Figure 7, the checking page 800 is the pages that carry verification code information that show in client, and user is manual input validation information in the described checking page 800 only, and could continue the access destination page after being verified.
Fig. 8 shows the schematic diagram of pictorial identifying code input page.
As shown in Figure 8, on the identifying code page 900, be also provided with for general icons such as the input frame of user input validation code information and " confirmations " and " cancellation ".
Because identifying code is difficult to automatically be identified by machine.Therefore, the above-mentioned method that completes checking by identifying code can effectively be protected server and attacked by automation.
S313, receives the authorization information that described client is returned.
S314, judges that whether described authorization information is consistent with the authorization information prestoring;
S315, if consistent, allows described client to continue access services device.
Further, list the source IP address of described client in white list.
S316, if inconsistent, refuses described client-access server.
Further, described target pages request is recorded as to the once attack of described client source IP address.
In sum, the means of defence that the CC that the embodiment of the present invention provides attacks, when described target pages access request surpasses predetermined threshold value within the unit interval, in described client, will show a checking page, user could continue the access destination page after the described checking page is inputted correct authorization information.Further, described authorization information can not accurately be identified by machine, so can effectively protect server and be attacked by Hacker Program automations such as wooden horses.Once the source IP address of described client has been listed white list in, there is the client of described source IP follow-up during with server mutual, can be through the TCP proxy module of fire compartment wall and with server direct interaction, thereby improve the communication data disposal ability of firewall box, and follow-up this source IP can guarantee to continue access services device.
Fig. 9 has gone out the structural representation of the protector that the CC of another embodiment of the present invention attacks.
As shown in Figure 9, the protector 100 that the CC of another preferred embodiment of the present invention attacks comprises the following steps:
The first authentication module 10, for sending verification cookie to client, whether checking client returns to correct verification cookie, if allow to continue access, otherwise denied access;
Whether monitoring modular 20, surpass predetermined threshold for monitoring the access times of client within the unit interval, if enter next step, otherwise allows to continue access;
The second authentication module 30, for sending authentication requirement to client, whether the authentication information of checking client input is correct, if correctly allow, continues access, otherwise denied access.
Optionally, the first authentication module 10 comprises:
Access request receiver module 11, the target pages access request of submitting to first for receiving client;
Cookie sending module 12, for sending the verification page with cookie check information to described client;
Cookie receiver module 13, the access request of returning for receiving client;
Cookie correction verification module 14, for judging whether the access request that described client is returned comprises described cookie check information.
The first object page returns to module 15, when the access request of returning when described client comprises described cookie check information, to described client, returns to target pages, lists the source IP address of described client in white list simultaneously;
Access reject module 16, the access request of returning when described client does not comprise described cookie check information, or during the cookie check information mistake comprising, refusal returns to target pages to described client, and described target pages request is recorded as to the once attack of described client source IP address.
Optionally, monitoring modular 20 comprises:
Access number detection module 21, whether the number of times for the access request of monitoring client within the unit interval surpasses predetermined threshold.
The second target pages returns to module 22, when the access request of the described client number of times within the unit interval does not surpass predetermined threshold, to described client, returns to target pages.
White list is removed module 23, when the access request of the described client number of times within the unit interval surpasses predetermined threshold, the source IP address of described client is removed from white list.
Optionally, the second authentication module 30 comprises:
Authentication requires sending module 31, for sending authentication requirement to client.
Authentication information receiver module 32, the authentication information returning for receiving described client.
Authentication information authentication module 33, whether consistent for judging the authentication information that authentication information that client is returned prestores with fire compartment wall.
Allow access modules 34, when authentication information that the authentication information returning when described client prestores with fire compartment wall is consistent, allow described client continuation access services device.
Denied access module 35, when authentication information that the authentication information returning when described client and fire compartment wall prestore is inconsistent, refuses described client-access server.
Optionally, the second authentication module 30 also comprises:
Identifying code generation module 36, for the random identifying code that generates, described identifying code comprises origin authentication information.
As mentioned above, the protector that the CC that another embodiment of the present invention provides attacks, before entering phase III checking, having passed through the access request of first stage checking and second stage checking two-wheeled filters, make fire compartment wall can accurately identify CC attack and CC attack source IP address, when having improved server security, also can avoid user's normal access request to mask.And the access request of verifying by the first stage, when access request quantity is not before surpassing predetermined threshold, can continue access services device, client directly and server interaction, is saved the internal memory of fire compartment wall, and then has been improved the data-handling capacity of fire compartment wall.
Should be understood that, above-mentioned embodiment of the present invention is only for exemplary illustration or explain principle of the present invention, and is not construed as limiting the invention.Therefore any modification of, making, be equal to replacement, improvement etc., within protection scope of the present invention all should be included in without departing from the spirit and scope of the present invention in the situation that.In addition, claims of the present invention are intended to contain whole variations and the modification in the equivalents that falls into claims scope and border or this scope and border.
Claims (10)
1. the means of defence that CC attacks, comprises the steps:
To client, send verification cookie, whether checking client returns to correct verification cookie, if allow to continue access, otherwise denied access;
Whether the access times of monitoring client within the unit interval surpass predetermined threshold, if enter next step, otherwise allow to continue access;
To client, send authentication requirement, whether the authentication information of checking client input is correct, if correctly allow, continues access, otherwise denied access.
2. the means of defence that CC according to claim 1 attacks, is characterized in that, described to client transmission verification cookie, the step whether checking client returns to correct verification cookie comprises:
Receive the target pages access request that client is submitted to first;
To described client, send the verification page with cookie check information;
Receive the access request that client is returned;
Judge in the access request that described client returns and whether comprise described cookie check information.
3. the means of defence that CC according to claim 2 attacks, is characterized in that, described judge in the access request that described client returns, whether comprise described cookie check information after, comprising:
If so, to described client, return to target pages, list the source IP address of described client in white list simultaneously;
Otherwise refusal returns to target pages to described client, and described target pages request is recorded as to the once attack of described client source IP address.
4. the means of defence that CC according to claim 1 attacks, is characterized in that, whether the access times of described monitoring client within the unit interval surpass predetermined threshold, if enter next step, otherwise allows to continue access, comprising:
Whether the number of times of the access request of monitoring client within the unit interval surpasses predetermined threshold;
If so, to described client, return to target pages;
Otherwise the source IP address of described client is removed from white list, and entered described next step.
5. the means of defence that CC according to claim 1 attacks, is characterized in that, described to the requirement of client transmission authentication, whether the authentication information of checking client input is correct, continue access, otherwise denied access comprises if correctly allow:
To client, send authentication requirement;
Receive the authentication information that described client is returned;
Judge that whether the authentication information that authentication information that client is returned prestores with fire compartment wall is consistent;
If consistent, allow described client to continue access services device;
If inconsistent, refuse described client-access server.
6. the means of defence that CC according to claim 1 attacks, is characterized in that, described to the requirement of client transmission authentication, whether the authentication information of checking client input is correct, continue access, otherwise denied access comprises if correctly allow:
The random identifying code that generates, described identifying code comprises origin authentication information;
To described client, send the checking page that carries described identifying code;
Receive the authorization information that described client is returned;
Judge that whether described authorization information is consistent with the authorization information prestoring;
If consistent, allow described client to continue access services device;
If inconsistent, refuse described client-access server.
7. the means of defence that CC according to claim 6 attacks, is characterized in that, described identifying code is static identifying code or dynamic verification code.
8. the means of defence that CC according to claim 1 attacks, is characterized in that, described permission continues access and is specially: to described client, return to target pages.
9. the means of defence that CC according to claim 1 attacks, is characterized in that, described to the requirement of described client transmission authentication, comprising: by TCP proxy module, to described client, send authentication requirement.
10. a protector of attacking according to the CC of the CC attack guarding method of claim 1-9 any one, comprising:
The first authentication module, for sending verification cookie to client, whether checking client returns to correct verification cookie, if allow to continue access, otherwise denied access;
Whether monitoring modular, surpass predetermined threshold for monitoring the access times of client within the unit interval, if enter next step, otherwise allows to continue access;
The second authentication module, for sending authentication requirement to client, whether the authentication information of checking client input is correct, if correctly allow, continues access, otherwise denied access.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410219880.1A CN104079557A (en) | 2014-05-22 | 2014-05-22 | CC attack protection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410219880.1A CN104079557A (en) | 2014-05-22 | 2014-05-22 | CC attack protection method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104079557A true CN104079557A (en) | 2014-10-01 |
Family
ID=51600601
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410219880.1A Pending CN104079557A (en) | 2014-05-22 | 2014-05-22 | CC attack protection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104079557A (en) |
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104618404A (en) * | 2015-03-10 | 2015-05-13 | 网神信息技术(北京)股份有限公司 | Processing method, device and system for preventing network attack to Web server |
| CN105262760A (en) * | 2015-10-30 | 2016-01-20 | 北京奇虎科技有限公司 | Method and device for preventing action of maliciously visiting login/register interface |
| CN105306465A (en) * | 2015-10-30 | 2016-02-03 | 新浪网技术(中国)有限公司 | Website secure access realization method and apparatus |
| CN106101071A (en) * | 2016-05-27 | 2016-11-09 | 杭州安恒信息技术有限公司 | The method that defence link drain type CC that a kind of Behavior-based control triggers is attacked |
| CN106598881A (en) * | 2016-12-20 | 2017-04-26 | 北京小米移动软件有限公司 | Page processing method and device |
| CN107294931A (en) * | 2016-04-11 | 2017-10-24 | 北京京东尚科信息技术有限公司 | The method and apparatus of adjustment limitation access frequency |
| CN107395553A (en) * | 2016-05-17 | 2017-11-24 | 腾讯科技(深圳)有限公司 | A kind of detection method and device of network attack |
| CN107743118A (en) * | 2017-09-25 | 2018-02-27 | 北京奇安信科技有限公司 | A kind of stagewise network safety protection method and device |
| CN107800723A (en) * | 2017-12-06 | 2018-03-13 | 中盈优创资讯科技有限公司 | CC attack guarding methods and equipment |
| CN108011805A (en) * | 2016-12-29 | 2018-05-08 | 北京车和家信息技术有限责任公司 | Method, apparatus, intermediate server and the car networking system of message screening |
| CN108111501A (en) * | 2017-12-15 | 2018-06-01 | 百度在线网络技术(北京)有限公司 | Control method, device and the computer equipment of cheating flow |
| CN108206814A (en) * | 2016-12-20 | 2018-06-26 | 腾讯科技(深圳)有限公司 | A kind of method, apparatus and system for defending DNS attacks |
| CN108234415A (en) * | 2016-12-21 | 2018-06-29 | 百度在线网络技术(北京)有限公司 | For verifying the method and apparatus of user |
| CN108400955A (en) * | 2017-02-06 | 2018-08-14 | 腾讯科技(深圳)有限公司 | A kind of means of defence and system of network attack |
| CN108833410A (en) * | 2018-06-19 | 2018-11-16 | 网宿科技股份有限公司 | A kind of means of defence and system for HTTP Flood attack |
| CN108874948A (en) * | 2018-06-05 | 2018-11-23 | 中国农业银行股份有限公司 | A kind of site resource access method and device |
| CN109391600A (en) * | 2017-08-10 | 2019-02-26 | 东软集团股份有限公司 | Distributed denial of service attack means of defence, device, system, medium and equipment |
| CN109743303A (en) * | 2018-12-25 | 2019-05-10 | 中国移动通信集团江苏有限公司 | Using guard method, device, system and storage medium |
| CN110557371A (en) * | 2019-07-31 | 2019-12-10 | 中至数据集团股份有限公司 | Access limiting method, system, readable storage medium and game server |
| CN110855717A (en) * | 2019-12-05 | 2020-02-28 | 浙江军盾信息科技有限公司 | Method, device and system for protecting equipment of Internet of things |
| CN111327615A (en) * | 2020-02-21 | 2020-06-23 | 浙江德迅网络安全技术有限公司 | CC attack protection method and system |
| CN113037716A (en) * | 2021-02-07 | 2021-06-25 | 杭州又拍云科技有限公司 | Attack defense method based on content distribution network |
| CN114357014A (en) * | 2022-01-17 | 2022-04-15 | 分享印科技(广州)有限公司 | Cutting die establishing system based on big data |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101282209A (en) * | 2008-05-13 | 2008-10-08 | 杭州华三通信技术有限公司 | Method and apparatus for preventing DNS request message from flooding attack |
| CN101388078A (en) * | 2008-09-27 | 2009-03-18 | 腾讯科技(深圳)有限公司 | Text identification method and device based on verification |
| US20090328186A1 (en) * | 2002-04-25 | 2009-12-31 | Dennis Vance Pollutro | Computer security system |
| CN101694683A (en) * | 2009-10-13 | 2010-04-14 | 中国软件与技术服务股份有限公司 | Method for preventing Trojans ferrying via movable memories to steal files |
| CN103347016A (en) * | 2013-06-28 | 2013-10-09 | 天津汉柏汉安信息技术有限公司 | Attack defense method |
| CN103442018A (en) * | 2013-09-17 | 2013-12-11 | 网宿科技股份有限公司 | Dynamic defense method and system for CC (Challenge Collapsar) attack |
-
2014
- 2014-05-22 CN CN201410219880.1A patent/CN104079557A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090328186A1 (en) * | 2002-04-25 | 2009-12-31 | Dennis Vance Pollutro | Computer security system |
| CN101282209A (en) * | 2008-05-13 | 2008-10-08 | 杭州华三通信技术有限公司 | Method and apparatus for preventing DNS request message from flooding attack |
| CN101388078A (en) * | 2008-09-27 | 2009-03-18 | 腾讯科技(深圳)有限公司 | Text identification method and device based on verification |
| CN101694683A (en) * | 2009-10-13 | 2010-04-14 | 中国软件与技术服务股份有限公司 | Method for preventing Trojans ferrying via movable memories to steal files |
| CN103347016A (en) * | 2013-06-28 | 2013-10-09 | 天津汉柏汉安信息技术有限公司 | Attack defense method |
| CN103442018A (en) * | 2013-09-17 | 2013-12-11 | 网宿科技股份有限公司 | Dynamic defense method and system for CC (Challenge Collapsar) attack |
Cited By (37)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104618404A (en) * | 2015-03-10 | 2015-05-13 | 网神信息技术(北京)股份有限公司 | Processing method, device and system for preventing network attack to Web server |
| CN105262760A (en) * | 2015-10-30 | 2016-01-20 | 北京奇虎科技有限公司 | Method and device for preventing action of maliciously visiting login/register interface |
| CN105306465A (en) * | 2015-10-30 | 2016-02-03 | 新浪网技术(中国)有限公司 | Website secure access realization method and apparatus |
| WO2017071551A1 (en) * | 2015-10-30 | 2017-05-04 | 北京奇虎科技有限公司 | Method and device for preventing malicious access to login/registration interface |
| CN107294931B (en) * | 2016-04-11 | 2020-06-05 | 北京京东尚科信息技术有限公司 | Method and apparatus for adjusting restricted access frequency |
| CN107294931A (en) * | 2016-04-11 | 2017-10-24 | 北京京东尚科信息技术有限公司 | The method and apparatus of adjustment limitation access frequency |
| CN107395553A (en) * | 2016-05-17 | 2017-11-24 | 腾讯科技(深圳)有限公司 | A kind of detection method and device of network attack |
| CN106101071A (en) * | 2016-05-27 | 2016-11-09 | 杭州安恒信息技术有限公司 | The method that defence link drain type CC that a kind of Behavior-based control triggers is attacked |
| CN106101071B (en) * | 2016-05-27 | 2019-04-05 | 杭州安恒信息技术股份有限公司 | A kind of method of the defence link drain type CC attack of Behavior-based control triggering |
| US11057404B2 (en) | 2016-12-20 | 2021-07-06 | Tencent Technology (Shenzhen) Company Limited | Method and apparatus for defending against DNS attack, and storage medium |
| CN108206814B (en) * | 2016-12-20 | 2021-03-16 | 腾讯科技(深圳)有限公司 | Method, device and system for defending DNS attack |
| CN108206814A (en) * | 2016-12-20 | 2018-06-26 | 腾讯科技(深圳)有限公司 | A kind of method, apparatus and system for defending DNS attacks |
| CN106598881B (en) * | 2016-12-20 | 2020-10-09 | 北京小米移动软件有限公司 | Page processing method and device |
| CN106598881A (en) * | 2016-12-20 | 2017-04-26 | 北京小米移动软件有限公司 | Page processing method and device |
| CN108234415A (en) * | 2016-12-21 | 2018-06-29 | 百度在线网络技术(北京)有限公司 | For verifying the method and apparatus of user |
| CN108011805A (en) * | 2016-12-29 | 2018-05-08 | 北京车和家信息技术有限责任公司 | Method, apparatus, intermediate server and the car networking system of message screening |
| CN108400955B (en) * | 2017-02-06 | 2020-12-22 | 腾讯科技(深圳)有限公司 | Network attack protection method and system |
| CN108400955A (en) * | 2017-02-06 | 2018-08-14 | 腾讯科技(深圳)有限公司 | A kind of means of defence and system of network attack |
| CN109391600A (en) * | 2017-08-10 | 2019-02-26 | 东软集团股份有限公司 | Distributed denial of service attack means of defence, device, system, medium and equipment |
| CN107743118A (en) * | 2017-09-25 | 2018-02-27 | 北京奇安信科技有限公司 | A kind of stagewise network safety protection method and device |
| CN107800723A (en) * | 2017-12-06 | 2018-03-13 | 中盈优创资讯科技有限公司 | CC attack guarding methods and equipment |
| CN108111501B (en) * | 2017-12-15 | 2021-08-20 | 百度在线网络技术(北京)有限公司 | Control method and device for cheating flow and computer equipment |
| CN108111501A (en) * | 2017-12-15 | 2018-06-01 | 百度在线网络技术(北京)有限公司 | Control method, device and the computer equipment of cheating flow |
| CN108874948A (en) * | 2018-06-05 | 2018-11-23 | 中国农业银行股份有限公司 | A kind of site resource access method and device |
| CN108874948B (en) * | 2018-06-05 | 2021-04-02 | 中国农业银行股份有限公司 | Website resource access method and device |
| EP3618396A4 (en) * | 2018-06-19 | 2020-05-20 | Wangsu Science & Technology Co., Ltd. | Protection method and system for http flood attack |
| CN108833410A (en) * | 2018-06-19 | 2018-11-16 | 网宿科技股份有限公司 | A kind of means of defence and system for HTTP Flood attack |
| US11159562B2 (en) | 2018-06-19 | 2021-10-26 | Wangsu Science & Technology Co., Ltd. | Method and system for defending an HTTP flood attack |
| WO2019242053A1 (en) * | 2018-06-19 | 2019-12-26 | 网宿科技股份有限公司 | Protection method and system for http flood attack |
| CN109743303A (en) * | 2018-12-25 | 2019-05-10 | 中国移动通信集团江苏有限公司 | Using guard method, device, system and storage medium |
| CN110557371A (en) * | 2019-07-31 | 2019-12-10 | 中至数据集团股份有限公司 | Access limiting method, system, readable storage medium and game server |
| CN110855717A (en) * | 2019-12-05 | 2020-02-28 | 浙江军盾信息科技有限公司 | Method, device and system for protecting equipment of Internet of things |
| CN110855717B (en) * | 2019-12-05 | 2022-03-04 | 杭州安恒信息安全技术有限公司 | Method, device and system for protecting equipment of Internet of things |
| CN111327615A (en) * | 2020-02-21 | 2020-06-23 | 浙江德迅网络安全技术有限公司 | CC attack protection method and system |
| CN113037716A (en) * | 2021-02-07 | 2021-06-25 | 杭州又拍云科技有限公司 | Attack defense method based on content distribution network |
| CN113037716B (en) * | 2021-02-07 | 2021-12-21 | 杭州又拍云科技有限公司 | Attack defense method based on content distribution network |
| CN114357014A (en) * | 2022-01-17 | 2022-04-15 | 分享印科技(广州)有限公司 | Cutting die establishing system based on big data |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104079557A (en) | CC attack protection method and device | |
| CN107612895B (en) | Internet anti-attack method and authentication server | |
| US11886619B2 (en) | Apparatus and method for securing web application server source code | |
| JP5970041B2 (en) | Cyber attack detection device and method based on event analysis | |
| EP2408166B1 (en) | Filtering method, system and network device therefor | |
| CN105577608B (en) | Network attack behavior detection method and device | |
| US20120023377A1 (en) | Apparatus and Methods for Preventing Cross-Site Request Forgery | |
| CN110113366B (en) | CSRF vulnerability detection method and device, computing device and storage medium | |
| JP2013242869A (en) | Malicious code blocking system | |
| CN106899549B (en) | Network security detection method and device | |
| US20170085567A1 (en) | System and method for processing task resources | |
| CN103973635B (en) | Page access control method and relevant apparatus and system | |
| CN107743118A (en) | A kind of stagewise network safety protection method and device | |
| CN111478910A (en) | User identity authentication method and device, electronic equipment and storage medium | |
| CN102110200A (en) | Authentication method capable of being executed by computer | |
| CN103139138A (en) | Application layer denial of service (DoS) protective method and system based on client detection | |
| CN105429953A (en) | Method, device and system used for accessing websites | |
| CN114422139B (en) | API gateway request security verification method, device, electronic equipment and computer readable medium | |
| JP6666441B2 (en) | IP address obtaining method and apparatus | |
| CN113518064A (en) | Defense method and device for challenging black hole attack, computer equipment and storage medium | |
| Chorghe et al. | A survey on anti-phishing techniques in mobile phones | |
| JP2011154413A (en) | Information processing device and method | |
| CN108282443B (en) | Crawler behavior identification method and device | |
| CN102510386A (en) | Distributed attack prevention method and device | |
| CN105429975A (en) | Data safety defense system and method based on cloud terminal, and cloud terminal safety system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20141001 |
|
| RJ01 | Rejection of invention patent application after publication |