CN105376210A - Account threat identification and defense method and system - Google Patents
Account threat identification and defense method and system Download PDFInfo
- Publication number
- CN105376210A CN105376210A CN201410738520.2A CN201410738520A CN105376210A CN 105376210 A CN105376210 A CN 105376210A CN 201410738520 A CN201410738520 A CN 201410738520A CN 105376210 A CN105376210 A CN 105376210A
- Authority
- CN
- China
- Prior art keywords
- server
- described packet
- network
- account
- account name
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 230000007123 defense Effects 0.000 title claims abstract description 6
- 235000012907 honey Nutrition 0.000 claims description 44
- 239000003795 chemical substances by application Substances 0.000 claims description 6
- 238000001914 filtration Methods 0.000 claims description 6
- 239000003550 marker Substances 0.000 claims description 6
- 238000012790 confirmation Methods 0.000 claims description 5
- FGUUSXIOTUKUDN-IBGZPJMESA-N C1(=CC=CC=C1)N1C2=C(NC([C@H](C1)NC=1OC(=NN=1)C1=CC=CC=C1)=O)C=CC=C2 Chemical compound C1(=CC=CC=C1)N1C2=C(NC([C@H](C1)NC=1OC(=NN=1)C1=CC=CC=C1)=O)C=CC=C2 FGUUSXIOTUKUDN-IBGZPJMESA-N 0.000 claims description 4
- 238000007599 discharging Methods 0.000 abstract 2
- 238000001514 detection method Methods 0.000 description 3
- 238000005070 sampling Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 230000001788 irregular Effects 0.000 description 1
- 230000010076 replication Effects 0.000 description 1
- 230000009897 systematic effect Effects 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides an account threat identification and defense method and a system. The method comprises the following steps of determining whether a data packet is a login request according to the received data packet; if the data packet is the login request, marking network connection and discharging the data packet; if the data packet is information fed back by a server, determining whether the data packet is correct login information; if the login is correct, discharging the data packet; otherwise, determining whether the data packet satisfies a malicious determination condition; if the data packet satisfies the malicious determination condition, singly disconnecting connection of a database and a client and establishing connection between the client and a honeypot server in an agent mode. By using the method in the invention, a behavior of maliciously logging in the server can be timely discovered and is oriented to the honeypot server in the agent mode. Under the condition that current connection is not broken, an attacker operates in a honeypot. A current server is protected and simultaneously an behavior of an attacker can be recorded.
Description
Technical field
The present invention relates to network safety filed, particularly a kind of account threat identification and defence method and system.
Background technology
In current network attack method, the attack based on systematic account is a kind of common attack means.Often there is multiple managerial problem in the operation system of user, as being configured with weak passwurd, arbitrarily expressly preserving or transmission password, public occasion oral account inform the problems such as password according to legend.The awareness of safety of developer is not enough, causes system to there is injection loophole, the potential safety hazard of the multiple systems self such as password stored in clear leak.Once assailant has grasped account and password, its login process has also belonged to theoretic normal behaviour, and the products such as fire compartment wall are also helpless.
In system level, password is unavoidable by repeatedly detecting, and is especially available anywhere on the net in present password dictionary, when user name can easily be guessed.Generally can only be settled in force by management means, but its cost is high, and the irregular attack and increase the difficulty of detection of hiding for a long time of assailant.
And application layer honey jar above from the side can attract the behavior of assailant and leave operation evidence, for the attack utilizing system vulnerability, very effective detectability can be reached.But account's Brute Force process of login process, for system, because it belongs to normal business conduct, so cannot be identified as by honey jar malicious act.
Summary of the invention
Based on the problems referred to above, the present invention proposes a kind of account threat identification and defence method and system, on application layer honey jar basis, network flow between a client and a server detects the validity of login process, once discovery attack, be transferred in honey pot system by flow, thus complete sampling and the evidence obtaining of attack behavior.
A kind of account threat identification and defence method, comprising: honey jar accounts information process of establishing and account threat identification process;
Described honey jar accounts information process of establishing comprises:
Obtain the accounts information of server to be protected, described accounts information comprises account name and corresponding password;
Revising password corresponding to described account name is weak passwurd, and is saved in honey jar; Weak passwurd can ensure that assailant is carrying out attempting on a small quantity meeting the needs logging in honey jar;
Described account threat identification process comprises:
Step a, receives the network packet of client, and determines whether to set up initial connection request, and if so, then described packet of letting pass to server, otherwise performs step b;
Step b, judges whether described packet is system login request, and if so, then described packet of letting pass is to server, and the network marking described packet connects, otherwise performs step c;
Step c, whether be the network that be labeled connect, if so, then continue to perform steps d, otherwise described packet of letting pass is to server if judging that the network of described packet connects;
Steps d, judges that whether described packet is the information that login that server returns is correct, if so, then and described packet of letting pass, and the mark that the network cancelling described packet connects, otherwise perform step e;
Step e, judges that the network of described packet connects whether to meet and maliciously logs in decision rule, if so, then perform step f, otherwise described packet of letting pass;
Step f, the connection of unidirectional turn-off data storehouse and client, and the information revising that server returns, and agency sets up client is connected with the network of honey jar server.Disconnect by sending fin or reset packet.
In described method, the corresponding password quantity of described account name is not less than 1.
In described method, described malice logs in decision rule and comprises:
Account name in system login request and the account name in server account list are all not identical, or similarity is lower than preset value; Or
Account name in system login request is identical with the account name in server credit, but password does not mate and exceedes preset times; Or
Same account name logs in and exceedes preset times in Preset Time.
In described method, the information that described amendment server returns comprises: the information logging in mistake returned by server is revised as and logs in correct information.
In described method, also comprise: the filtration of packet and forwarding between agent client and honey jar.
A kind of account threat identification and system of defense, comprising: honey jar server and account threat identification proxy module;
Described honey jar server is used for:
Obtain the accounts information of server to be protected, described accounts information comprises account name and corresponding password;
Revising password corresponding to described account name is weak passwurd, and is saved in honey jar;
Described account threat identification proxy module comprises:
Data receiver submodule, for receiving the network packet of client, and determines whether to set up initial connection request, and if so, then described packet of letting pass to server, otherwise enters and logs in judgement submodule;
Log in judgement submodule, for judging whether described packet is system login request, if so, then described packet of letting pass is to server, and the network marking described packet connects, otherwise enters marker for judgment submodule;
Whether marker for judgment submodule, being that the network be labeled connects for judging that the network of described packet connects, if so, then enter and log in confirmation submodule, otherwise described packet of letting pass being to server;
Log in confirmation submodule, for judging that whether described packet is the information that login that server returns is correct, if so, then described packet of letting pass, and the mark that the network cancelling described packet connects, otherwise enter malice and log in judgement submodule;
Malice logs in judgement submodule, maliciously logging in decision rule, if so, then entering connection handling submodule for judging that the network of described packet connects whether to meet, otherwise described packet of letting pass;
Connection handling submodule, for the connection of unidirectional turn-off data storehouse and client, and revises the information that server returns, and agency sets up client is connected with the network of honey jar server.
In described system, the corresponding password quantity of described account name is not less than 1.
In described system, described malice logs in decision rule and comprises:
Account name in system login request and the account name in server account list are all not identical, or similarity is lower than preset value; Or
Account name in system login request is identical with the account name in server credit, but password does not mate and exceedes preset times; Or
Same account name logs in and exceedes preset times in Preset Time.
In described system, the information that described amendment server returns comprises: the information logging in mistake returned by server is revised as and logs in correct information.
In described system, also comprise: the filtration of packet and forwarding between agent client and honey jar.
By method and system of the present invention, under the prerequisite not revising current business system server, account detection and the behavior of Brute Force account password of assailant can be detected; And by being redirected in honey pot system by malicious traffic stream, while can better protecting current business system server, from honey jar, record the behavior of assailant.
Accompanying drawing explanation
In order to be illustrated more clearly in the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, the accompanying drawing that the following describes is only some embodiments recorded in the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is account threat identification of the present invention and defence method honey jar process of establishing flow chart;
Fig. 2 is account threat identification of the present invention and defence method account threat identification process flow diagram;
Fig. 3 is account threat identification of the present invention and system of defense structural representation.
Embodiment
In order to make those skilled in the art person understand technical scheme in the embodiment of the present invention better, and enable above-mentioned purpose of the present invention, feature and advantage become apparent more, below in conjunction with accompanying drawing, technical scheme in the present invention is described in further detail.
Based on the problems referred to above, the present invention proposes a kind of account threat identification and defence method and system, on application layer honey jar basis, network flow between a client and a server detects the validity of login process, once discovery attack, be transferred in honey pot system by flow, thus complete sampling and the evidence obtaining of attack behavior.
A kind of account threat identification and defence method, comprising: honey jar accounts information process of establishing and account threat identification process;
Described honey jar accounts information process of establishing comprises as shown in Figure 1:
S101: the accounts information obtaining server to be protected, described accounts information comprises account name and corresponding password;
S102: revising password corresponding to described account name is weak passwurd, and is saved in honey jar; Weak passwurd can ensure that assailant is carrying out attempting on a small quantity meeting the needs logging in honey jar;
For example bright; the described accounts information obtaining band protection server can be, in honey jar accounts information process of establishing, need the accounts information checked in recognition system logon server process; wherein can comprise account place tables of data or attempt, and by its structure replication in honeypot data storehouse.
Described account threat identification process as shown in Figure 2, comprising:
S201, receives the network packet of client, and determines whether to set up initial connection request, and if so, then described packet of letting pass to server, otherwise performs S202;
S202, judges whether described packet is system login request, and if so, then described packet of letting pass is to server, and the network marking described packet connects, otherwise performs S203;
S203, whether be the network that be labeled connect, if so, then continue to perform S204, otherwise described packet of letting pass is to server if judging that the network of described packet connects;
S204, judge that whether described packet is the information that login that server returns is correct, if so, then described packet of letting pass is to server, and the mark that the network cancelling described packet connects, otherwise perform S205;
S205, judges that the network of described packet connects whether to meet and maliciously logs in decision rule, if so, then perform S206, otherwise described packet of letting pass is to server;
S206, the connection of unidirectional turn-off data storehouse and client, and the information revising that server returns, and agency sets up client is connected with the network of honey jar server.Disconnect by sending fin or reset packet.
In described method, the corresponding password quantity of described account name is not less than 1.
In described method, described malice logs in decision rule and comprises:
Account name in system login request and the account name in server account list are all not identical, or similarity is lower than preset value; Or
Account name in system login request is identical with the account name in server credit, but password does not mate and exceedes preset times; Or
Same account name logs in and exceedes preset times in Preset Time.
In described method, the information that described amendment server returns comprises: the information logging in mistake returned by server is revised as and logs in correct information.
In described method, also comprise: the filtration of packet and forwarding between agent client and honey jar.
A kind of account threat identification and system of defense, as shown in Figure 3, comprising: honey jar server 301 and account threat identification proxy module 302;
Described honey jar server is used for:
Obtain the accounts information of server to be protected, described accounts information comprises account name and corresponding password;
Revising password corresponding to described account name is weak passwurd, and is saved in honey jar;
Described account threat identification proxy module comprises:
Data receiver submodule 302-1, for receiving the network packet of client, and determines whether to set up initial connection request, and if so, then described packet of letting pass to server, otherwise enters and logs in judgement submodule;
Log in and judge submodule 302-2, for judging whether described packet is system login request, if so, then described packet of letting pass is to server, and the network marking described packet connects, otherwise enters marker for judgment submodule;
Whether marker for judgment submodule 302-3, being that the network be labeled connects for judging that the network of described packet connects, if so, then enter and log in confirmation submodule, otherwise described packet of letting pass being to server;
Log in and confirm submodule 302-4, for judging that whether described packet is the information that login that server returns is correct, if so, then described packet of letting pass, and the mark that the network cancelling described packet connects, otherwise enter malice and log in judgement submodule;
Malice logs in and judges submodule 302-5, maliciously logging in decision rule, if so, then entering connection handling submodule for judging that the network of described packet connects whether to meet, otherwise described packet of letting pass;
Connection handling submodule 302-6, for the connection of unidirectional turn-off data storehouse and client, and revises the information that server returns, and agency sets up client is connected with the network of honey jar server.
In described system, the corresponding password quantity of described account name is not less than 1.
In described system, described malice logs in decision rule and comprises:
Account name in system login request and the account name in server account list are all not identical, or similarity is lower than preset value; Or
Account name in system login request is identical with the account name in server credit, but password does not mate and exceedes preset times; Or
Same account name logs in and exceedes preset times in Preset Time.
In described system, the information that described amendment server returns comprises: the information logging in mistake returned by server is revised as and logs in correct information.
In described system, also comprise: the filtration of packet and forwarding between agent client and honey jar.
By method and system of the present invention, under the prerequisite not revising current business system server, account detection and the behavior of Brute Force account password of assailant can be detected; And by being redirected in honey pot system by malicious traffic stream, while can better protecting current business system server, from honey jar, record the behavior of assailant.
Each embodiment in this specification all adopts the mode of going forward one by one to describe, between each embodiment identical similar part mutually see, what each embodiment stressed is the difference with other embodiments.Especially, for system embodiment, because it is substantially similar to embodiment of the method, so description is fairly simple, relevant part illustrates see the part of embodiment of the method.
The present invention can describe in the general context of computer executable instructions, such as program module.Usually, program module comprises the routine, program, object, assembly, data structure etc. that perform particular task or realize particular abstract data type.Also can put into practice the present invention in a distributed computing environment, in these distributed computing environment (DCE), be executed the task by the remote processing devices be connected by communication network.In a distributed computing environment, program module can be arranged in the local and remote computer-readable storage medium comprising memory device.
Although depict the present invention by embodiment, those of ordinary skill in the art know, the present invention has many distortion and change and do not depart from spirit of the present invention, and the claim appended by wishing comprises these distortion and change and do not depart from spirit of the present invention.
Claims (10)
1. account threat identification and a defence method, is characterized in that, comprising: honey jar accounts information process of establishing and account threat identification process;
Described honey jar accounts information process of establishing comprises:
Obtain the accounts information of server to be protected, described accounts information comprises account name and corresponding password;
Revising password corresponding to described account name is weak passwurd, and is saved in honey jar;
Described account threat identification process comprises:
Step a, receives the network packet of client, and determines whether to set up initial connection request, and if so, then described packet of letting pass to server, otherwise performs step b;
Step b, judges whether described packet is system login request, and if so, then described packet of letting pass is to server, and the network marking described packet connects, otherwise performs step c;
Step c, whether be the network that be labeled connect, if so, then continue to perform steps d, otherwise described packet of letting pass is to server if judging that the network of described packet connects;
Steps d, judge that whether described packet is the information that login that server returns is correct, if so, then described packet of letting pass is to server, and the mark that the network cancelling described packet connects, otherwise perform step e;
Step e, judges that the network of described packet connects whether to meet and maliciously logs in decision rule, if so, then perform step f, otherwise described packet of letting pass is to server;
Step f, the connection of unidirectional turn-off data storehouse and client, and the information revising that server returns, and agency sets up client is connected with the network of honey jar server.
2. the method for claim 1, is characterized in that, the corresponding password quantity of described account name is not less than 1.
3. the method for claim 1, is characterized in that, described malice logs in decision rule and comprises:
Account name in system login request and the account name in server account list are all not identical, or similarity is lower than preset value; Or
Account name in system login request is identical with the account name in server credit, but password does not mate and exceedes preset times; Or
Same account name logs in and exceedes preset times in Preset Time.
4. the method for claim 1, is characterized in that, the information that described amendment server returns comprises: the information logging in mistake returned by server is revised as and logs in correct information.
5. the method for claim 1, is characterized in that, also comprises: the filtration of packet and forwarding between agent client and honey jar.
6. account threat identification and a system of defense, is characterized in that, comprising: honey jar server and account threat identification proxy module;
Described honey jar server is used for:
Obtain the accounts information of server to be protected, described accounts information comprises account name and corresponding password;
Revising password corresponding to described account name is weak passwurd, and is saved in honey jar;
Described account threat identification proxy module comprises:
Data receiver submodule, for receiving the network packet of client, and determines whether to set up initial connection request, and if so, then described packet of letting pass to server, otherwise enters and logs in judgement submodule;
Log in judgement submodule, for judging whether described packet is system login request, if so, then described packet of letting pass is to server, and the network marking described packet connects, otherwise enters marker for judgment submodule;
Whether marker for judgment submodule, being that the network be labeled connects for judging that the network of described packet connects, if so, then enter and log in confirmation submodule, otherwise described packet of letting pass being to server;
Log in confirmation submodule, for judging that whether described packet is the information that login that server returns is correct, if so, then described packet of letting pass is to server, and the mark that the network cancelling described packet connects, otherwise enters malice and log in judgement submodule;
Malice logs in judgement submodule, maliciously logging in decision rule, if so, then enter connection handling submodule, otherwise described packet of letting pass is to server for judging that the network of described packet connects whether to meet;
Connection handling submodule, for the connection of unidirectional turn-off data storehouse and client, and revises the information that server returns, and agency sets up client is connected with the network of honey jar server.
7. system as claimed in claim 6, is characterized in that, the corresponding password quantity of described account name is not less than 1.
8. system as claimed in claim 6, is characterized in that, described malice logs in decision rule and comprises:
Account name in system login request and the account name in server account list are all not identical, or similarity is lower than preset value; Or
Account name in system login request is identical with the account name in server credit, but password does not mate and exceedes preset times; Or
Same account name logs in and exceedes preset times in Preset Time.
9. system as claimed in claim 6, it is characterized in that, the information that described amendment server returns comprises: the information logging in mistake returned by server is revised as and logs in correct information.
10. system as claimed in claim 6, is characterized in that, also comprise: the filtration of packet and forwarding between agent client and honey jar.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410738520.2A CN105376210B (en) | 2014-12-08 | 2014-12-08 | A kind of account threat identification and defence method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410738520.2A CN105376210B (en) | 2014-12-08 | 2014-12-08 | A kind of account threat identification and defence method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105376210A true CN105376210A (en) | 2016-03-02 |
| CN105376210B CN105376210B (en) | 2018-09-07 |
Family
ID=55378020
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410738520.2A Active CN105376210B (en) | 2014-12-08 | 2014-12-08 | A kind of account threat identification and defence method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105376210B (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106657139A (en) * | 2017-01-18 | 2017-05-10 | 杭州迪普科技股份有限公司 | Login password processing method, apparatus and system |
| CN107330331A (en) * | 2016-04-29 | 2017-11-07 | 阿里巴巴集团控股有限公司 | There are the methods, devices and systems of the system of leak in identification |
| CN107707542A (en) * | 2017-09-28 | 2018-02-16 | 郑州云海信息技术有限公司 | A kind of method and system for preventing that ssh from cracking |
| CN108052543A (en) * | 2017-11-23 | 2018-05-18 | 北京工业大学 | A kind of similar account detection method of microblogging based on map analysis cluster |
| CN109067772A (en) * | 2018-09-10 | 2018-12-21 | 四川中电启明星信息技术有限公司 | A kind of component and safety protecting method for security protection |
| CN109587120A (en) * | 2018-11-15 | 2019-04-05 | 北京天融信网络安全技术有限公司 | It is impended the method, device and equipment of alarm by target apperception |
| CN109889486A (en) * | 2018-12-28 | 2019-06-14 | 武汉职业技术学院 | Mobile office secure accessing platform |
| CN110365637A (en) * | 2019-05-27 | 2019-10-22 | 平安银行股份有限公司 | Internetbank login detecting method, device, electronic equipment and storage medium |
| CN110502896A (en) * | 2019-08-28 | 2019-11-26 | 杭州安恒信息技术股份有限公司 | A kind of leakage monitoring method, system and the relevant apparatus of site information |
| CN106911665B (en) * | 2016-12-27 | 2020-08-18 | 深圳市安之天信息技术有限公司 | Method and system for identifying malicious code weak password intrusion behavior |
| CN111797384A (en) * | 2020-05-14 | 2020-10-20 | 广州锦行网络科技有限公司 | Honeypot weak password self-adaptive matching method and system based on attack behavior analysis |
| CN113691527A (en) * | 2021-08-23 | 2021-11-23 | 海尔数字科技(青岛)有限公司 | Security processing method, device, electronic device, and storage medium |
| CN114342319A (en) * | 2019-09-04 | 2022-04-12 | 甲骨文国际公司 | Honeypot for infrastructure as a service security |
| CN115022077A (en) * | 2022-06-30 | 2022-09-06 | 绿盟科技集团股份有限公司 | Network threat protection method, system and computer readable storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101087196A (en) * | 2006-12-27 | 2007-12-12 | 北京大学 | Multi-layer honey network data transmission method and system |
| US20080046989A1 (en) * | 2006-08-17 | 2008-02-21 | Mark Frederick Wahl | System and method for remote authentication security management |
| CN103685171A (en) * | 2012-09-10 | 2014-03-26 | 江苏中科慧创信息安全技术有限公司 | Attack control method for protecting account system |
| CN103701777A (en) * | 2013-12-11 | 2014-04-02 | 长春理工大学 | Remote network attack and defense virtual simulation system based on virtualization and cloud technology |
-
2014
- 2014-12-08 CN CN201410738520.2A patent/CN105376210B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080046989A1 (en) * | 2006-08-17 | 2008-02-21 | Mark Frederick Wahl | System and method for remote authentication security management |
| CN101087196A (en) * | 2006-12-27 | 2007-12-12 | 北京大学 | Multi-layer honey network data transmission method and system |
| CN103685171A (en) * | 2012-09-10 | 2014-03-26 | 江苏中科慧创信息安全技术有限公司 | Attack control method for protecting account system |
| CN103701777A (en) * | 2013-12-11 | 2014-04-02 | 长春理工大学 | Remote network attack and defense virtual simulation system based on virtualization and cloud technology |
Non-Patent Citations (2)
| Title |
|---|
| 段凯元等: "基于Kippo蜜罐的SSH暴力破解行为分析", 《信息安全与通信保密》 * |
| 赵军: "高伪装高交互蜜罐技术的研究与实现", 《计算机工程》 * |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107330331A (en) * | 2016-04-29 | 2017-11-07 | 阿里巴巴集团控股有限公司 | There are the methods, devices and systems of the system of leak in identification |
| CN107330331B (en) * | 2016-04-29 | 2020-11-13 | 阿里巴巴集团控股有限公司 | Method, device and system for identifying system with vulnerability |
| CN106911665B (en) * | 2016-12-27 | 2020-08-18 | 深圳市安之天信息技术有限公司 | Method and system for identifying malicious code weak password intrusion behavior |
| CN106657139A (en) * | 2017-01-18 | 2017-05-10 | 杭州迪普科技股份有限公司 | Login password processing method, apparatus and system |
| CN107707542A (en) * | 2017-09-28 | 2018-02-16 | 郑州云海信息技术有限公司 | A kind of method and system for preventing that ssh from cracking |
| CN108052543A (en) * | 2017-11-23 | 2018-05-18 | 北京工业大学 | A kind of similar account detection method of microblogging based on map analysis cluster |
| CN108052543B (en) * | 2017-11-23 | 2021-02-26 | 北京工业大学 | Microblog similar account detection method based on graph analysis clustering |
| CN109067772A (en) * | 2018-09-10 | 2018-12-21 | 四川中电启明星信息技术有限公司 | A kind of component and safety protecting method for security protection |
| CN109587120A (en) * | 2018-11-15 | 2019-04-05 | 北京天融信网络安全技术有限公司 | It is impended the method, device and equipment of alarm by target apperception |
| CN109889486A (en) * | 2018-12-28 | 2019-06-14 | 武汉职业技术学院 | Mobile office secure accessing platform |
| CN110365637A (en) * | 2019-05-27 | 2019-10-22 | 平安银行股份有限公司 | Internetbank login detecting method, device, electronic equipment and storage medium |
| CN110365637B (en) * | 2019-05-27 | 2022-07-19 | 平安银行股份有限公司 | Online banking login detection method and device, electronic equipment and storage medium |
| CN110502896A (en) * | 2019-08-28 | 2019-11-26 | 杭州安恒信息技术股份有限公司 | A kind of leakage monitoring method, system and the relevant apparatus of site information |
| CN110502896B (en) * | 2019-08-28 | 2021-07-27 | 杭州安恒信息技术股份有限公司 | Leakage monitoring method and system for website information and related device |
| CN114342319A (en) * | 2019-09-04 | 2022-04-12 | 甲骨文国际公司 | Honeypot for infrastructure as a service security |
| CN111797384A (en) * | 2020-05-14 | 2020-10-20 | 广州锦行网络科技有限公司 | Honeypot weak password self-adaptive matching method and system based on attack behavior analysis |
| CN111797384B (en) * | 2020-05-14 | 2021-04-16 | 广州锦行网络科技有限公司 | Honeypot weak password self-adaptive matching method and system based on attack behavior analysis |
| CN113691527A (en) * | 2021-08-23 | 2021-11-23 | 海尔数字科技(青岛)有限公司 | Security processing method, device, electronic device, and storage medium |
| CN115022077A (en) * | 2022-06-30 | 2022-09-06 | 绿盟科技集团股份有限公司 | Network threat protection method, system and computer readable storage medium |
| CN115022077B (en) * | 2022-06-30 | 2023-05-16 | 绿盟科技集团股份有限公司 | Network threat protection method, system and computer readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105376210B (en) | 2018-09-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105376210A (en) | Account threat identification and defense method and system | |
| US10873597B1 (en) | Cyber attack early warning system | |
| US10397277B2 (en) | Dynamic data socket descriptor mirroring mechanism and use for security analytics | |
| CN106713049B (en) | Monitoring alarm method and device | |
| US9729573B2 (en) | Phishing campaign ranker | |
| CN100448203C (en) | System and method for identifying and preventing malicious intrusions | |
| US8141132B2 (en) | Determining an invalid request | |
| CN111274583A (en) | Big data computer network safety protection device and control method thereof | |
| US10354070B2 (en) | Thread level access control to socket descriptors and end-to-end thread level policies for thread protection | |
| CN101626368A (en) | Device, method and system for preventing web page from being distorted | |
| US20160308878A1 (en) | Exception prompting method, apparatus, and system using the same | |
| CN105471835A (en) | Method and system for improving processing performance of firewall | |
| CN102523223A (en) | Trojan detection method and apparatus thereof | |
| US20170026399A1 (en) | Delaying Phishing Communication | |
| US20160134646A1 (en) | Method and apparatus for detecting malicious software using handshake information | |
| US20140344931A1 (en) | Systems and methods for extracting cryptographic keys from malware | |
| US10659493B2 (en) | Technique for detecting malicious electronic messages | |
| US9723484B2 (en) | Proactive intrusion protection system | |
| US9749359B2 (en) | Phishing campaign ranker | |
| CN104052720A (en) | Information authentication method and system thereof | |
| US9680835B1 (en) | Proactive intrusion protection system | |
| US10447722B2 (en) | Proactive intrusion protection system | |
| US10038738B2 (en) | Computing system and method for identifying files transmitted to an external network | |
| CN113206852B (en) | Safety protection method, device, equipment and storage medium | |
| US11049207B1 (en) | Early fraud detection system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 150010 Heilongjiang science and technology innovation city, Harbin new and high tech Industrial Development Zone, No. 7 building, innovation and entrepreneurship Plaza, 838 Patentee after: Harbin antiy Technology Group Limited by Share Ltd Address before: 150090 room 506, Hongqi Street, Nangang District, Harbin Development Zone, Heilongjiang, China, 162 Patentee before: Harbin Antiy Technology Co., Ltd. |
|
| CP03 | Change of name, title or address | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Account threat identification and defense method and system Effective date of registration: 20190718 Granted publication date: 20180907 Pledgee: Bank of Longjiang, Limited by Share Ltd, Harbin Limin branch Pledgor: Harbin antiy Technology Group Limited by Share Ltd Registration number: 2019230000007 |
|
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 150010 building 7, innovation and entrepreneurship Plaza, science and technology innovation city, Harbin high tech Industrial Development Zone, Heilongjiang, China (No. 838, world Kun Road) Patentee after: Antan Technology Group Co.,Ltd. Address before: 150010 Heilongjiang science and technology innovation city, Harbin new and high tech Industrial Development Zone, No. 7 building, innovation and entrepreneurship Plaza, 838 Patentee before: Harbin Antian Science and Technology Group Co.,Ltd. |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20211119 Granted publication date: 20180907 Pledgee: Bank of Longjiang Limited by Share Ltd. Harbin Limin branch Pledgor: Harbin Antian Science and Technology Group Co.,Ltd. Registration number: 2019230000007 |