CN112839049B - Web application firewall protection method and device, storage medium and electronic equipment - Google Patents

Web application firewall protection method and device, storage medium and electronic equipment Download PDF

Info

Publication number
CN112839049B
CN112839049B CN202110061926.1A CN202110061926A CN112839049B CN 112839049 B CN112839049 B CN 112839049B CN 202110061926 A CN202110061926 A CN 202110061926A CN 112839049 B CN112839049 B CN 112839049B
Authority
CN
China
Prior art keywords
protection
safety protection
web application
modules
execution sequence
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110061926.1A
Other languages
Chinese (zh)
Other versions
CN112839049A (en
Inventor
刘金钊
李飞
姚战伟
吴小庆
殷杰
张运鹏
韩飞
徐佳慧
张嘉欢
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Changting Future Technology Co ltd
Original Assignee
Beijing Changting Future Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Changting Future Technology Co ltd filed Critical Beijing Changting Future Technology Co ltd
Priority to CN202110061926.1A priority Critical patent/CN112839049B/en
Publication of CN112839049A publication Critical patent/CN112839049A/en
Application granted granted Critical
Publication of CN112839049B publication Critical patent/CN112839049B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The method, the device, the storage medium and the electronic equipment for protecting the Web application firewall can dynamically define the execution sequence of the safety protection modules forming the Web application firewall, dynamically configure the specific protection policy content of each safety protection module, dynamically integrate the Web application firewall with different protection functions according to different safety protection requirements, and realize targeted protection.

Description

Web application firewall protection method and device, storage medium and electronic equipment
Technical Field
The embodiment of the invention relates to the field of Web application firewalls, in particular to a Web application firewall protection method, a Web application firewall protection device, a storage medium and electronic equipment.
Background
Although the protection capability and protection range of the existing Web application firewall are gradually enlarged, and more accurate detection protection capability can be achieved under the condition of continuously introducing new technologies, for all the existing Web application firewalls, the running sequences of a plurality of different protection modules forming the existing Web application firewall are established, dynamic adjustment cannot be carried out according to different protection requirements, and therefore targeted protection cannot be carried out according to different protection safety requirements.
Disclosure of Invention
The present invention aims to overcome or at least partially solve or alleviate the above-mentioned problems.
According to the protection method designed by the technical scheme provided by the invention, the execution sequence of the safety protection modules is dynamically adjusted, the specific safety strategy of each safety protection module is configured, and different Web application firewalls are integrated to realize targeted protection.
In a first aspect, the present invention provides a method for protecting a Web application firewall, where the Web application firewall includes a plurality of security protection modules, and the method includes:
identifying a plurality of safety protection modules;
according to different safety protection requirements, arranging the execution sequence of a plurality of safety protection modules;
configuring protection strategies of a plurality of safety protection modules according to different safety protection requirements;
and integrating a plurality of safety protection modules subjected to execution sequence arrangement and protection strategy configuration into a Web application protection wall, so as to meet the different safety protection requirements.
Preferably, each security protection module is identified according to a proprietary name of each security protection module.
Preferably, the arranging the execution sequence of the plurality of safety protection modules according to different safety protection requirements includes:
forming a configuration file for the execution sequence of each safety protection module by using byte codes, and defining the execution sequence of each safety protection module by using the configuration file;
and changing the arrangement of the execution sequence of each safety protection module by changing the configuration file.
Preferably, the configuring the protection policy of the plurality of the security protection modules according to different security protection requirements includes:
determining the functions of each safety protection module according to different safety protection requirements;
determining specific protection strategy content aiming at the functions of the safety protection modules;
and configuring the specific protection strategy content to each safety protection module.
Preferably, the specific protection policy content includes:
matching hit strategies based on regular expressions;
and/or, counting frequency limitation policies based on source and destination traffic;
and/or, a penetration protection policy based on security logic.
Preferably, the security protection modules for arranging and configuring the execution sequences are integrated into a Web application protection wall through a security engine platform, so as to meet different security protection requirements.
Compared with the prior art, the flexible protection method for the Web application firewall provided by the embodiment of the invention can dynamically define the execution sequence of the safety protection modules forming the Web application firewall, dynamically configure the specific protection policy content of each safety protection module, dynamically integrate the Web application firewall with different protection functions according to different safety protection requirements, and realize targeted protection.
In a second aspect, the present invention further provides a flexible protection device for a Web application firewall, including:
the identification unit is used for identifying a plurality of safety protection modules according to an identification rule;
the arrangement unit is used for arranging the execution sequence of the safety protection modules according to different safety protection requirements;
the configuration unit is used for configuring protection strategies of a plurality of safety protection modules according to different safety protection requirements;
and the integration unit is used for integrating the plurality of safety protection modules which are arranged and configured to be Web reference firewalls, so as to meet the different safety protection requirements.
Compared with the prior art, the beneficial effects of the Web application firewall protection device provided by the invention are the same as those of the Web application firewall protection method provided by any one of the technical schemes, and the beneficial effects are not repeated here.
In a third aspect, an embodiment of the present invention provides a computer readable storage medium having stored thereon a computer program, wherein the program when executed by a processor implements a Web application firewall protection method as in the first aspect or any implementation of the first aspect.
Compared with the prior art, the beneficial effects of the computer readable storage medium provided by the invention are the same as those of the Web application firewall protection method provided by any one of the technical schemes, and are not repeated here.
In a fourth aspect, the present invention also provides an electronic device, including,
a plurality of memories for storing computer programs, respectively;
and the processors are used for respectively executing the computer programs so as to realize the functions and the operations of the service module in any one of the technical schemes.
Compared with the prior art, the beneficial effects of the electronic equipment provided by the invention are the same as those of the Web application firewall protection method provided by any one of the technical schemes, and are not repeated here.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute an undue limitation to the application. Some specific embodiments of the present application will be described in detail hereinafter by way of example and not by way of limitation with reference to the accompanying drawings. The same reference numbers in the drawings denote the same or similar parts or portions, and it will be understood by those skilled in the art that the drawings are not necessarily drawn to scale, in which:
FIG. 1 is a schematic flow diagram of a method for protecting a Web application firewall according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a firewall protection device for a Web application according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the present application solution better understood by those skilled in the art, the following description will be made in detail and with reference to the accompanying drawings in the embodiments of the present application, it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, shall fall within the scope of the present application.
The applicant discovers that the Web application firewall needs to dynamically define the protection function of the Web application firewall according to different security protection requirements so as to meet the scene that the service requirements of the safe operation of the enterprise Web application are continuously changed. At present, although the protection capability and the protection range of the Web application firewall are gradually enlarged, and under the condition of continuously introducing new technology, the detection protection capability can be more accurate, the operation sequence of a plurality of different protection modules forming the Web application firewall is established for all the current Web application firewalls, and the operation sequence cannot be dynamically adjusted according to different protection requirements, so that the Web application firewall cannot be subjected to targeted protection according to the different protection safety requirements.
In order to solve the technical problems, the method comprises the steps of marking a plurality of safety protection modules, arranging the execution sequence of the safety protection modules according to different safety protection requirements, configuring the protection strategies of the safety protection modules according to different safety protection requirements, integrating the safety protection modules subjected to the execution sequence arrangement and the protection strategy configuration into a Web application protection wall, and meeting the different safety protection requirements.
In a first aspect, as shown in fig. 1, the present invention provides a flexible protection method for a Web application firewall, including the following steps:
and step S01, marking a plurality of safety protection modules.
It should be noted that, according to the naming rule, the plurality of security protection modules forming the Web application firewall have proprietary names, in the Web application firewall, the security protection module can be uniquely identified by the proprietary names of the security protection modules, and the call of the Web application firewall system to the proprietary names is the call of the security protection module.
And step S02, arranging the execution sequence of the safety protection modules according to different safety protection requirements.
It should be noted that, in the embodiment of the present invention, a configuration file is formed by byte codes for the execution sequence of each security protection module, and the execution sequence of each security protection module is defined by the configuration file; and changing the arrangement of the execution sequence of each safety protection module by changing the configuration file.
Specifically, a configuration file is described by a 32-bit byte code, the execution sequence of a plurality of safety protection modules forming a Web application firewall is defined by the configuration file, and according to different safety protection requirements, the change of the arrangement of the execution sequence of the plurality of safety protection modules is realized by changing the configuration file of the 32-bit byte code, so that the definition of the execution sequence of the plurality of safety protection modules is realized.
And S03, configuring protection strategies of a plurality of safety protection modules according to different safety protection requirements.
It should be noted that, in the embodiment of the present invention, the functions of each safety protection module are determined according to different safety protection requirements; determining specific protection strategy content aiming at the functions of the safety protection modules; and configuring the specific protection strategy content to each safety protection module.
According to different safety protection requirements, specific detection content provided by different safety protection modules is determined, different safety protection strategies are configured for a plurality of safety protection modules, and the specific protection strategy content comprises a matching hit strategy based on a regular expression, and/or a frequency limiting strategy based on source and destination flow statistics, and/or a penetration protection strategy based on safety logic.
According to different security protection requirements, a matching hit strategy based on regular expressions is configured for a plurality of different security protection modules, and a traditional WEB application firewall can only identify and defend against the security of a data stream, so that the traditional WEB application firewall has certain limitation.
And configuring a frequency limiting strategy based on source and destination traffic statistics for a plurality of different safety protection modules according to different safety protection requirements. Based on the network flow collection and IP statistics technology, the access condition of the Web application can be known more accurately through analysis of the collected data, so that monitoring of the network flow and alarm of abnormal conditions are realized. In the embodiment of the invention, according to different network hardware devices, a packet analysis mode based on interception network data packets, an SNMP mode based on gateway equipment MIB of a flow system, an IP flow data capturing mode based on a network probe and a data flow capturing mode based on a network data flow technology are adopted to collect network flow. Based on the collected network flow, flow data statistics based on a source IP address and a destination IP address is carried out, an output result comprises a data packet from the source host to the destination host and a corresponding byte number, the transmission time of the data packet is given, and the data information is matched with a preset threshold value of the flow statistics of the source IP address and the destination IP address, so that abnormality is found and an alarm is given.
And according to different safety protection requirements, configuring penetration protection strategies based on safety logic for a plurality of different safety protection modules. According to the embodiment of the invention, by utilizing the business flow and HTTP/HTTPS request tampering, after the key points are found, attack Web application loopholes can be completed without constructing malicious requests, wherein protection strategies are configured for a plurality of different security protection modules mainly aiming at three Web application loophole scenes of password recovery, transaction tampering and override defects.
Step S04, integrating a plurality of safety protection modules subjected to execution sequence arrangement and protection policy configuration into a Web application protection wall, so as to meet different safety protection requirements.
It should be noted that, the security engine platform integrates the security protection modules configured by the execution sequence arrangement and the protection policy into a Web application protection wall, so as to meet different security protection requirements.
Compared with the prior art, the Web application firewall protection method provided by the invention has the advantages that the matching hit strategy based on the regular expression and/or the frequency limiting strategy based on source and destination traffic statistics and/or the penetration protection strategy based on the safety logic are configured for each safety protection module according to the safety protection requirements, and the execution sequence of the safety modules defined by the 32-bit byte code configuration file is used for forming the Web application firewall according to different safety protection requirements, so that the on-demand targeted protection of Web application services according to the safety protection requirements is realized.
In a second aspect, as shown in fig. 2, the present invention further provides a firewall protection device for a WEB application, including:
an identification unit 01, configured to identify a plurality of the security protection modules according to an identification rule;
an arrangement unit 02, configured to arrange execution sequences of a plurality of the security modules according to different security requirements;
a configuration unit 03, configured to configure protection policies of a plurality of the security protection modules according to different security protection requirements;
and the integration unit 04 is used for integrating the arranged and configured safety protection modules into a Web reference firewall so as to meet the different safety protection requirements.
The execution flow of the apparatus shown in fig. 2 is the same as that of fig. 1, and will not be described again here.
Compared with the prior art, the beneficial effects of the Web application firewall protection device provided by the invention are the same as those of the Web application firewall protection method provided by any one of the technical schemes, and the beneficial effects are not repeated here.
In a third aspect, as shown in fig. 3, the present invention also provides an electronic device, including,
a plurality of memories for storing computer software, respectively;
and the processors respectively execute computer software to realize the functions and the operations of the service module according to any one of the technical schemes.
In particular, the electronic device may include a processing means (e.g., a central processing unit, a graphics processor, etc.) 31 that may perform various suitable actions and processes in accordance with programs stored in a Read Only Memory (ROM) 32 or loaded from a storage means 38 into a Random Access Memory (RAM) 33. In the RAM 33, various programs and data required for the operation of the electronic device are also stored. The processing device 31, the ROM32 and the RAM 33 are connected to each other via a bus 34. An input/output (I/O) interface 35 is also connected to bus 34.
In general, the following devices may be connected to the I/O interface 35: input devices 36 including, for example, a touch screen, touchpad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, etc.; an output device 37 including, for example, a liquid crystal display (LCD, liquid Crystal Display), a speaker, a vibrator, and the like; storage devices 38 including, for example, magnetic tape, hard disk, etc.; and a communication device 39. The communication means 39 may allow the electronic device to communicate with other devices wirelessly or by wire to exchange data. While fig. 3 shows an electronic device having various means, it is to be understood that not all of the illustrated means are required to be implemented or provided. More or fewer devices may be implemented or provided instead. Each block shown in fig. 3 may represent one device or a plurality of devices as needed. .
Compared with the prior art, the beneficial effects of the electronic equipment provided by the invention are the same as those of the Web application firewall protection method provided by any one of the technical schemes, and are not repeated here.
In a fourth aspect, an embodiment of the present invention further provides a computer readable storage medium, where a computer program is stored, where the program when executed by a processor implements the Web application firewall protection method according to the first aspect.
Compared with the prior art, the beneficial effects of the storage medium provided by the invention are the same as those of the Web application firewall protection method provided by the technical scheme of the first aspect, and are not repeated here.
In an embodiment of the invention, the various modules or systems may be processors formed by computer program instructions, which may be an integrated circuit chip having signal processing capabilities. The processor may be a general purpose processor, a digital signal processor (Digital Signal Processor, DSP for short), an application specific integrated circuit (Application Specific Integrated Circuit, ASIC for short), a field programmable gate array (FieldProgrammable Gate Array, FPGA for short), or other programmable logic device, discrete gate or transistor logic device, discrete hardware components.
The disclosed methods, steps, and logic blocks in the embodiments of the present invention may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present invention may be embodied directly in the execution of a hardware decoding processor, or in the execution of a combination of hardware and software modules in a decoding processor. The software modules may be located in a random access memory, flash memory, read only memory, programmable read only memory, or electrically erasable programmable memory, registers, etc. as well known in the art. The processor reads the information in the storage medium and, in combination with its hardware, performs the steps of the above method.
The storage medium may be memory, for example, may be volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory.
The nonvolatile Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an electrically Erasable ROM (Electrically EPROM, EEPROM), or a flash Memory.
The volatile memory may be a random access memory (Random Access Memory, RAM for short) which acts as an external cache. By way of example, and not limitation, many forms of RAM are available, such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (Double Data RateSDRAM), enhanced SDRAM (ESDRAM), synchronous DRAM (SLDRAM), and direct memory bus RAM (directracram, DRRAM).
The storage media described in embodiments of the present invention are intended to comprise, without being limited to, these and any other suitable types of memory.
Those skilled in the art will appreciate that in one or more of the examples described above, the functions described in the present invention may be implemented in a combination of hardware and software. When the software is applied, the corresponding functions may be stored in a computer-readable medium or transmitted as one or more instructions or code on the computer-readable medium. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a general purpose or special purpose computer.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the invention.

Claims (7)

1. A Web application firewall protection method, the Web application firewall including a plurality of security protection modules, the method comprising:
identifying a plurality of safety protection modules according to the proprietary names of the safety protection modules;
according to different safety protection requirements, arranging the execution sequence of a plurality of safety protection modules; it comprises the following steps: forming a configuration file for the execution sequence of each safety protection module by using byte codes, and defining the execution sequence of each safety protection module by using the configuration file; changing the arrangement of the execution sequence of each safety protection module by changing the configuration file;
configuring protection strategies of a plurality of safety protection modules according to different safety protection requirements;
integrating a plurality of safety protection modules subjected to execution sequence arrangement and protection strategy configuration into a Web application protection wall, so as to meet different safety protection requirements;
specific protection policy content includes: counting a frequency limiting strategy based on source and destination traffic;
according to different network hardware devices, adopting a packet analysis mode based on interception network data packets, an SNMP mode based on gateway equipment MIB of a flow system, an IP flow data capturing mode based on a network probe and a data stream capturing mode based on a network data stream technology to acquire network flow;
based on the collected network flow, flow data statistics based on a source IP address and a destination IP address is carried out, an output result comprises a data packet from the source host to the destination host and a corresponding byte number, the transmission time of the data packet is given, and the data information is matched with a preset threshold value of the flow statistics of the source IP address and the destination IP address, so that abnormality is found and an alarm is given.
2. The method of claim 1, wherein the configuring the protection policy of the plurality of security protection modules according to different security protection requirements comprises:
determining the functions of each safety protection module according to different safety protection requirements;
determining specific protection strategy content aiming at the functions of the safety protection modules;
and configuring the specific protection strategy content to each safety protection module.
3. The Web application firewall protection method according to claim 2, wherein the specific protection policy content comprises:
matching hit strategies based on regular expressions;
and/or, a penetration protection policy based on security logic.
4. The method of claim 1, wherein the security modules configured by the execution sequence arrangement and protection policy are integrated into a Web application protection wall by a security engine platform to meet different security requirements.
5. A Web application firewall protection device, comprising:
the identification unit is used for identifying a plurality of safety protection modules according to an identification rule and the special names of the safety protection modules;
the arrangement unit is used for arranging the execution sequence of the safety protection modules according to different safety protection requirements; it comprises the following steps: forming a configuration file for the execution sequence of each safety protection module by using byte codes, and defining the execution sequence of each safety protection module by using the configuration file; changing the arrangement of the execution sequence of each safety protection module by changing the configuration file;
the configuration unit is used for configuring protection strategies of a plurality of safety protection modules according to different safety protection requirements;
the integration unit is used for integrating the plurality of safety protection modules which are arranged and configured to be Web reference firewalls, so as to meet the different safety protection requirements;
specific protection policy content includes: counting a frequency limiting strategy based on source and destination traffic;
according to different network hardware devices, adopting a packet analysis mode based on interception network data packets, an SNMP mode based on gateway equipment MIB of a flow system, an IP flow data capturing mode based on a network probe and a data stream capturing mode based on a network data stream technology to acquire network flow;
based on the collected network flow, flow data statistics based on a source IP address and a destination IP address is carried out, an output result comprises a data packet from the source host to the destination host and a corresponding byte number, the transmission time of the data packet is given, and the data information is matched with a preset threshold value of the flow statistics of the source IP address and the destination IP address, so that abnormality is found and an alarm is given.
6. A computer readable storage medium having stored thereon a computer program, wherein the program when executed by a processor implements the Web application firewall protection method of any one of claims 1-4.
7. An electronic device, comprising,
a plurality of memories for storing computer programs, respectively;
a plurality of processors each executing a computer program to implement the Web application firewall protection method of any one of claims 1-4.
CN202110061926.1A 2021-01-18 2021-01-18 Web application firewall protection method and device, storage medium and electronic equipment Active CN112839049B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110061926.1A CN112839049B (en) 2021-01-18 2021-01-18 Web application firewall protection method and device, storage medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110061926.1A CN112839049B (en) 2021-01-18 2021-01-18 Web application firewall protection method and device, storage medium and electronic equipment

Publications (2)

Publication Number Publication Date
CN112839049A CN112839049A (en) 2021-05-25
CN112839049B true CN112839049B (en) 2023-07-11

Family

ID=75928570

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110061926.1A Active CN112839049B (en) 2021-01-18 2021-01-18 Web application firewall protection method and device, storage medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN112839049B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113810383B (en) * 2021-08-25 2022-12-20 杭州安恒信息技术股份有限公司 WEB application firewall, congestion control method, medium and electronic device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108965289A (en) * 2018-07-10 2018-12-07 北京明朝万达科技股份有限公司 A kind of network security collaboration means of defence and system
WO2019055830A1 (en) * 2017-09-15 2019-03-21 Palo Alto Networks, Inc. Fine-grained firewall policy enforcement using session app id and endpoint process id correlation
CN111641601A (en) * 2020-05-12 2020-09-08 中信银行股份有限公司 Firewall management method, device, equipment and storage medium

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9438560B2 (en) * 2014-12-31 2016-09-06 Symantec Corporation Systems and methods for automatically applying firewall policies within data center applications
US10462104B2 (en) * 2016-02-29 2019-10-29 Level 3 Communications, Llc Systems and methods for dynamic firewall policy configuration
CN108040055A (en) * 2017-12-14 2018-05-15 广东天网安全信息科技有限公司 A kind of fire wall combined strategy and safety of cloud service protection
CN109802960A (en) * 2019-01-08 2019-05-24 深圳中兴网信科技有限公司 Firewall policy processing method and processing device, computer equipment and storage medium

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019055830A1 (en) * 2017-09-15 2019-03-21 Palo Alto Networks, Inc. Fine-grained firewall policy enforcement using session app id and endpoint process id correlation
CN108965289A (en) * 2018-07-10 2018-12-07 北京明朝万达科技股份有限公司 A kind of network security collaboration means of defence and system
CN111641601A (en) * 2020-05-12 2020-09-08 中信银行股份有限公司 Firewall management method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN112839049A (en) 2021-05-25

Similar Documents

Publication Publication Date Title
US10855700B1 (en) Post-intrusion detection of cyber-attacks during lateral movement within networks
US10601848B1 (en) Cyber-security system and method for weak indicator detection and correlation to generate strong indicators
CN109829297B (en) Monitoring device, method and computer storage medium thereof
US9954873B2 (en) Mobile device-based intrusion prevention system
US8955091B2 (en) Systems and methods for integrating cloud services with information management systems
CN112468520B (en) Data detection method, device and equipment and readable storage medium
CN111010409B (en) Encryption attack network flow detection method
US9444830B2 (en) Web server/web application server security management apparatus and method
CN111193728A (en) Network security evaluation method, device, equipment and storage medium
CN112995162B (en) Network traffic processing method and device, electronic equipment and storage medium
CN108183921B (en) System and method for information security threat interruption via border gateway
US8677469B2 (en) Firewall device
CN114650187B (en) Abnormal access detection method and device, electronic equipment and storage medium
CN112839049B (en) Web application firewall protection method and device, storage medium and electronic equipment
CN111865996A (en) Data detection method and device and electronic equipment
CN115955347A (en) Intrusion prevention rule processing method, device, equipment and medium
KR101598187B1 (en) Method and apparatus for blocking distributed denial of service
KR101494329B1 (en) System and Method for detecting malignant process
CN115603985A (en) Intrusion detection method, electronic device and storage medium
CN115102781A (en) Network attack processing method, device, electronic equipment and medium
CN114726579A (en) Method, apparatus, device, storage medium and program product for defending against network attacks
US20200389435A1 (en) Auditing smart bits
CA3122328A1 (en) A system for, and a method of creating cybersecurity situational awareness, threat detection and risk detection within the internet-of-things space
CN112640392A (en) Trojan horse detection method, device and equipment
CN117319089B (en) Self-defense method and device of Internet of things based on semantic perception strategy self-generation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB03 Change of inventor or designer information

Inventor after: Liu Jinzhao

Inventor after: Li Fei

Inventor after: Yao Zhanwei

Inventor after: Wu Xiaoqing

Inventor after: Yin Jie

Inventor after: Zhang Yunpeng

Inventor after: Han Fei

Inventor after: Xu Jiahui

Inventor after: Zhang Jiahuan

Inventor before: Liu Jinzhao

Inventor before: Li Fei

Inventor before: Yao Zhanwei

Inventor before: Wu Xiaoqing

Inventor before: Yin Jie

Inventor before: Zhang Yunpeng

Inventor before: Han Fei

Inventor before: Xu Jiahui

Inventor before: Zhang Jiahuan

CB03 Change of inventor or designer information
GR01 Patent grant
GR01 Patent grant