CN113765859B - Network security filtering method and device - Google Patents
Network security filtering method and device Download PDFInfo
- Publication number
- CN113765859B CN113765859B CN202010504508.0A CN202010504508A CN113765859B CN 113765859 B CN113765859 B CN 113765859B CN 202010504508 A CN202010504508 A CN 202010504508A CN 113765859 B CN113765859 B CN 113765859B
- Authority
- CN
- China
- Prior art keywords
- jar file
- network attack
- network
- processing
- filtering
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000001914 filtration Methods 0.000 title claims abstract description 104
- 238000000034 method Methods 0.000 title claims abstract description 53
- 238000012545 processing Methods 0.000 claims abstract description 120
- 230000002452 interceptive effect Effects 0.000 claims abstract description 22
- 230000006399 behavior Effects 0.000 claims abstract description 10
- 230000003993 interaction Effects 0.000 claims description 28
- 238000005242 forging Methods 0.000 description 4
- 230000007123 defense Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000000903 blocking effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 235000014510 cooky Nutrition 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 230000001939 inductive effect Effects 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses a network security filtering method and device, the method firstly obtains a JAR file for network security filtering, the JAR file comprises at least one processing packet, and each processing packet corresponds to a network attack type; when the interactive data between the client and the server are intercepted, a universal interface provided by the JAR file is called to run at least one processing packet in the JAR file, and the interactive data are subjected to network security filtering by sequentially running at least one processing packet. The method is applied to different Web applications, can filter various types of network attack behaviors at the same time, and can prevent most types of network attacks at one time.
Description
Technical Field
The present disclosure relates to the field of network security technologies, and in particular, to a network security filtering method and device.
Background
With the construction and perfection of own portal (and/or Web application) of each service system, the portal (and/or Web application) becomes the front-end application for information presentation and service management access which is most common at present, and attack of the portal (and/or Web application) becomes a familiar means for attacking the service system.
The common network attack event comprises the steps of firstly searching security holes of the system, selecting a mode to invade, acquiring a certain level of authority of the system and modifying the authority to the highest authority, then installing a back door of the system, removing an invasion script, and finally acquiring information through the back door of the system or achieving other attack purposes.
Common security defenses include developing complete modules in projects, however, security modules do not have versatility from project to project due to the different security requirements of the different projects. For projects that are already online, the cost of developing a security module on the basis of the original project is high.
Disclosure of Invention
The application provides a network security filtering method and device, which are used for solving the problem that a security module does not have universality among different projects due to different security requirements of the different projects.
In a first aspect, the present application provides a network security filtering method, the method comprising:
acquiring a JAR file for network security filtering, wherein the JAR file comprises at least one processing packet, and each processing packet corresponds to a network attack type;
when interaction data between a client and a server are intercepted, a general interface provided by the JAR file is called to run at least one processing packet in the JAR file;
and carrying out network security filtering on the interactive data by sequentially operating the at least one processing packet.
Further, the JAR file also includes an extension package; the method further comprises the steps of:
calling an expansion interface provided by the JAR file to run the expansion package;
loading a target extension class by running the extension packet, wherein the target extension class is used for realizing an extension filtering method;
and carrying out network security filtering on the interactive data by using the expansion filtering method.
Further, before invoking the universal interface provided by the JAR file when the interactive data between the client and the server is intercepted, the method further includes:
generating configuration information for configuring the JAR file according to target filtering requirements, wherein the configuration information comprises attribute values corresponding to each processing packet, and the attribute values are first values or second values;
when the JAR file is operated, the processing packages with the attribute values of the first value are operated in sequence, and the processing packages with the attribute values of the second value are not operated.
Further, the performing network security filtering on the interaction data by sequentially running the at least one processing packet includes:
reading the attribute value of each processing packet in the configuration information;
and sequentially running the processing packets with the attribute values as the first values so as to safely filter the interaction data.
Further, the JAR file is pre-generated according to the following steps:
acquiring a network attack event data set, wherein the network attack event data set comprises at least one network attack event data;
acquiring at least one network attack type according to the network attack event data, and acquiring a filtering processing strategy corresponding to each network attack type;
generating a processing packet corresponding to the network attack type according to a filtering processing strategy corresponding to the network attack type;
and generating a JAR file containing the processing packets corresponding to all the network attack types, and configuring a universal interface for the JAR file.
In a second aspect, the present application further provides a network security filtering apparatus, the apparatus comprising:
the JAR acquisition module is used for acquiring a JAR file for network security filtering, wherein the JAR file comprises at least one processing packet, and each processing packet corresponds to one network attack type;
the data interception module is used for calling a general interface provided by the JAR file when intercepting interactive data between the client and the server so as to run at least one processing packet in the JAR file;
and the safety filtering module is used for carrying out network safety filtering on the interactive data by sequentially operating the at least one processing packet.
Further, the JAR file also includes an extension package; the device also comprises an expansion module; the expansion module is used for:
calling an expansion interface provided by the JAR file to run the expansion package;
loading a target extension class by running the extension packet, wherein the target extension class is used for realizing an extension filtering method;
and carrying out network security filtering on the interactive data by using the expansion filtering method.
Further, the apparatus also includes a JAR configuration module configured to:
generating configuration information for configuring the JAR file according to target filtering requirements, wherein the configuration information comprises attribute values corresponding to each processing packet, and the attribute values are first values or second values;
when the JAR file is operated, the processing packages with the attribute values of the first value are operated in sequence, and the processing packages with the attribute values of the second value are not operated.
Further, the safety filtration module is specifically configured to:
reading the attribute value of each processing packet in the configuration information;
and sequentially running the processing packets with the attribute values as the first values so as to safely filter the interaction data.
Further, the JAR file is pre-generated according to the following steps:
acquiring a network attack event data set, wherein the network attack event data set comprises at least one network attack event data;
acquiring at least one network attack type according to the network attack event data, and acquiring a filtering processing strategy corresponding to each network attack type;
generating a processing packet corresponding to the network attack type according to a filtering processing strategy corresponding to the network attack type;
and generating a JAR file containing the processing packets corresponding to all the network attack types, and configuring a universal interface for the JAR file.
As can be seen from the above technical solutions, the embodiments of the present application provide a network security filtering method and apparatus, where the method first obtains a JAR file for network security filtering, where the JAR file includes at least one processing packet, and each processing packet corresponds to a network attack type; when the interactive data between the client and the server are intercepted, a universal interface provided by the JAR file is called to run at least one processing packet in the JAR file, and the interactive data are subjected to network security filtering by sequentially running at least one processing packet. The method can be flexibly applied to different Web applications, is convenient for each Web application to directly call, has strong universality, can filter various types of network attack behaviors at the same time, and can prevent most types of network attacks at one time.
Drawings
In order to more clearly illustrate the technical solutions of the present application, the drawings that are needed in the embodiments will be briefly described below, and it will be obvious to those skilled in the art that other drawings can be obtained from these drawings without inventive effort.
FIG. 1 is a flow chart of a network security filtering method according to an exemplary embodiment of the present application;
FIG. 2 is a flowchart of a method of generating a JAR file according to an exemplary embodiment of the present application;
fig. 3 is a block diagram of a network security filter device according to an exemplary embodiment of the present application.
Detailed Description
In order to better understand the technical solutions in the present application, the following description will clearly and completely describe the technical solutions in the embodiments of the present application with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, shall fall within the scope of the present application.
Common security defenses include developing complete modules in projects, however, security modules do not have versatility from project to project due to the different security requirements of the different projects. For projects that are already online, the cost of developing a security module on the basis of the original project is high.
Another common security defense arrangement is to provide a firewall, but the firewall is not enough to detect and block malicious attacks hidden behind the request when blocking WEB application attacks. While the security filtering is performed on the container level, the defensive power is strong, but only partial problems can be dealt with.
The network security filtering method can solve most of network security problems, has universality for different security requirements of different projects, and is simple in operation of adding or changing configuration when the requirements are added, and easy to realize.
Fig. 1 is a flowchart of a network security filtering method according to an exemplary embodiment of the present application, and as shown in fig. 1, the method may include:
step 110, obtaining a JAR file for network security filtering, where the JAR file includes at least one processing packet, and each processing packet corresponds to a network attack type.
And 120, when the interactive data between the client and the server is intercepted, calling a universal interface provided by the JAR file to run at least one processing packet in the JAR file.
And 130, performing network security filtering on the interaction data by sequentially running the at least one processing packet.
In order to prevent most types of network attacks at one time, a JAR file (Java Archive) for network security filtering is introduced into a project, and can comprise a plurality of processing packets, wherein one processing packet corresponds to one type of network attack, and the processing packets are used for processing intercepted interaction data and realizing the filtering of network attack behaviors of corresponding types through processing; and sequentially running a plurality of processing packets in the JAR file according to a certain sequence, so that the processing packets sequentially process the interactive data, and the filtering of various network attack behaviors is realized.
And the JAR file externally provides a unique universal interface, any Web application can introduce the JAR file based on the universal interface provided by the JAR file, and the JAR file is operated by calling the universal interface, so that the JAR file has universality for different Web application projects. When the JAR file is run, at least one processing package in the JAR file is run.
In addition, in the application, the JAR file is not required to be added into Web application data, only an interceptor is required to be arranged in Web xml, interaction data between a Web application client and a server is intercepted through the interceptor, when the interaction data is intercepted, the interceptor calls a universal interface provided by the JAR file, the JAR file can be operated, and further, at least one processing packet in the JAR file is operated in sequence, the intercepted interaction data is filtered safely, and the interaction data is released or error information is returned to the client and/or the server according to a filtering result.
In some embodiments, a portion of the filtering functionality provided by the JAR file may be turned on or off by configuring it. Specifically, the Web application may generate configuration information for configuring the JAR file according to the target filtering requirement, where the configuration information includes an attribute value corresponding to each processing packet, where the attribute value is a first value or a second value, and when the JAR file is run, the processing packets with the attribute value being the first value are sequentially run, and the processing packets with the attribute value being the second value are not run.
In the above embodiment, the target filtering requirement of the Web application refers to what types of network attacks the Web application needs to filter. By configuration, the attribute value of the processing packet corresponding to the network attack type needing to be filtered is set as a first value, and the attribute value of the processing packet corresponding to the network attack type not needing to be filtered is set as a second value, and further, when the Web application calls the JAR file to carry out security filtering on the interaction data, only the processing packet with the attribute value of the first value is called to run, and the processing packet with the attribute value of the second value is not called.
For example, the first value may be "True", and the second value may be "False".
In some embodiments, JAR files for network security filtering may be pre-generated by the steps shown in fig. 2:
step 210, a network attack event data set is obtained, said network attack event data set comprising at least one network attack event data.
For example, log data of network attack events may be obtained in a network, project or enterprise knowledge base to form a network attack event data set.
Step 220, at least one network attack type is obtained according to the network attack event data, and a filtering processing strategy corresponding to each network attack type is obtained.
In some embodiments, the network attack event data set includes a plurality of network attack event data belonging to different network attack types, and the network attack event data in the data set is classified to obtain a plurality of network attack types.
The network attack method commonly used in the network attack event comprises the following steps: acquiring a password intrusion system through a network monitoring or brute force cracking mode; the system is invaded by utilizing the security vulnerability of the system, such as XSS cross-site script attack; disguising as a tool program or game or the like enticing the user to open or download and then causing the user to activate inadvertently, resulting in the system back door being installed (trojan horse program); inducing the user to access the seal-changed webpage (WWW deception); an email attack; acquiring sensitive information transmitted in the clear text through network monitoring so as to achieve other attack purposes; after an attacker controls a host, other nodes are attacked through IP spoofing or host trust relationship to conceal the intrusion path and erase attack evidence; denial of service attacks and distributed denial of service attacks, and the like.
In some embodiments, the network attack event may be classified in multiple layers and multiple dimensions, so as to obtain multiple network attack types with different layers and/or dimensions, so that processing packets corresponding to more network attack types are integrated in the JAR file, so that the JAR file may prevent more types of network attacks, and solve most of network security problems at one time.
Illustratively, on a first level, the network attack types of the network attack event are classified into an active attack type and a passive attack type, wherein the active attack type refers to an attack type with direct destructiveness, which can cause real-time and direct influence on ongoing interactions and services, such as XSS cross-site scripting attack, CSRF cross-site request forging, and the like; the passive attack type is to monitor the effective data sent from the original station (such as the client) to the destination station (such as the server) without affecting the normal data communication, so as to cause the leakage of data information, thereby generating potential network security problems and indirectly affecting the system security.
On the second level, the active attack type may further include a plurality of more specific network attack types, such as XSS cross-site scripting attack, CSRF cross-site request forging, and the like, where XSS cross-site scripting attack refers to a shortcoming that an attacker uses a website to not perform escape processing or insufficient filtering on user submitted data, and embeds some malicious codes into a web page, so that when other users access the web page, the embedded malicious codes will be automatically executed; the CSRF cross-site request forging refers to clicking on a CSRF link sent by other users without closing a related web page, and directly sending a request to a server by using a cookie of a client. The passive attack types may further include a plurality of more specific network attack types, such as sniffing attack, i.e. data in network transmission is obtained by arranging sniffing tools, and the data information is transparent through reading and analysis, and can be used for implementing replay attack.
In step 220, after determining the network attack type, a filtering processing policy corresponding to the network attack type is obtained for the generated processing packet corresponding to the network attack type.
For example, for the XSS cross-site scripting attack type, the filtering processing policy may be to preset sensitive characters or character strings in the configuration information, perform character or character string filtering on the intercepted interaction data, and if the intercepted interaction data includes the preset sensitive characters, determine that a malicious attack occurs, at this time, return error information, and prevent the program from running.
For another example, for CSRF cross-site request forging, the filtering policy may be to preset a request white list in the configuration information, match the request with the preset request white list after intercepting the request, and allow access if the intercepted request is a request in the white list, otherwise return an error message to prevent the request from continuing to access.
For another example, for sniffing attack, the filtering policy may be to encrypt the interaction data, so that the encrypted data can be effectively kept secret in the transmission process.
Step 230, generating a processing packet corresponding to the network attack type according to the filtering processing policy corresponding to the network attack type.
In the application, the processing package is used for processing the intercepted interaction data, and filtering the network attack behaviors of the corresponding types is realized through the processing; and sequentially running a plurality of processing packets in the JAR file according to a certain sequence, so that the processing packets sequentially process the interactive data, and the filtering of various network attack behaviors is realized.
Step 240, generating a JAR file containing processing packets corresponding to all network attack types, and configuring a general interface for the JAR file.
Based on the universal interface, any Web application can introduce and call the JAR file, so that the JAR file has universality for different Web application projects.
According to the embodiment, the multi-level and multi-dimensional network attack types are sorted by classifying various network attack event data, corresponding processing packets are generated for each network attack type and are integrated in the JAR file, so that the JAR file can simultaneously solve the network security problems of a plurality of Web application items and various types, is convenient to maintain (only needs to update the JAR file), and is simple and clear in configuration and convenient to use. In addition, for Web application projects, a security module does not need to be independently developed to deal with network security problems, so that project development cost is saved.
In addition, to meet the personalized security filtering requirements of some Web applications, in some embodiments, the JAR file also includes an extension package and provides an extension interface for invoking the extension package. The extension package comprises a custom class loader com, xx, serurcityClassLoader, and when the extension package is called, the custom class loader is operated to automatically load a target extension class corresponding to the personalized safe filtering requirement, so that the personalized safe filtering requirement of the Web application can be met without configuring the target extension class in Web xml.
Based on this, the security filtering method provided in the present application further includes: calling an expansion interface provided by the JAR file to run an expansion package; loading a target extension class by running an extension packet, wherein the target extension class is used for realizing an extension filtering method; and performing network security filtering on the interactive data by using the expansion filtering method. Furthermore, personalized safe filtering of the interaction data is realized.
Based on the above embodiments, an exemplary JAR file structure is as follows:
from the above exemplary JAR file structure, the JAR file also includes a toolkit containing the tool classes required in the development process.
As can be seen from the above embodiments, the present application provides a network security filtering method, which includes first obtaining a JAR file for network security filtering, where the JAR file includes at least one processing packet, and each processing packet corresponds to a network attack type; when the interactive data between the client and the server are intercepted, a universal interface provided by the JAR file is called to run at least one processing packet in the JAR file, and the interactive data are subjected to network security filtering by sequentially running at least one processing packet. The method is applied to different Web applications, can filter various types of network attack behaviors at the same time, and can prevent most types of network attacks at one time.
According to the above embodiment, the method of the present application further provides a network security filtering device, fig. 3 is a block diagram of the network security filtering device according to an exemplary embodiment of the present application, and as shown in fig. 3, the device may include:
a JAR acquisition module 310, configured to acquire a JAR file for network security filtering, where the JAR file includes at least one processing packet, and each processing packet corresponds to a network attack type; the data interception module 320 is configured to invoke a generic interface provided by the JAR file to run at least one of the processing packages in the JAR file when intercepting the interactive data between the client and the server; and the security filtering module 330 is configured to perform network security filtering on the interaction data by sequentially running the at least one processing packet.
In some embodiments, the JAR file further comprises an extension package; the device also comprises an expansion module; the expansion module is used for: calling an expansion interface provided by the JAR file to run the expansion package; loading a target extension class by running the extension packet, wherein the target extension class is used for realizing an extension filtering method; and carrying out network security filtering on the interactive data by using the expansion filtering method.
In some embodiments, the apparatus further comprises a JAR configuration module to: generating configuration information for configuring the JAR file according to target filtering requirements, wherein the configuration information comprises attribute values corresponding to each processing packet, and the attribute values are first values or second values; when the JAR file is operated, the processing packages with the attribute values of the first value are operated in sequence, and the processing packages with the attribute values of the second value are not operated.
In some embodiments, the security filter module is specifically configured to: reading the attribute value of each processing packet in the configuration information; and sequentially running the processing packets with the attribute values as the first values so as to safely filter the interaction data.
In some embodiments, the JAR file is pre-generated according to the following steps:
acquiring a network attack event data set, wherein the network attack event data set comprises at least one network attack event data; acquiring at least one network attack type according to the network attack event data, and acquiring a filtering processing strategy corresponding to each network attack type; generating a processing packet corresponding to the network attack type according to a filtering processing strategy corresponding to the network attack type; and generating a JAR file containing the processing packets corresponding to all the network attack types, and configuring a universal interface for the JAR file.
According to the technical scheme, the network security filtering device is provided, and a JAR file for network security filtering is obtained through a JAR obtaining module, wherein the JAR file comprises at least one processing packet, and each processing packet corresponds to a network attack type; the method comprises the steps of intercepting interaction data between a client and a server through a data interception module, calling a universal interface provided by a JAR file when the interaction data between the client and the server are intercepted, operating at least one processing packet in the JAR file, sequentially operating at least one processing packet through a security filtering module, and performing network security filtering on the interaction data. The method is applied to different Web applications, can filter various types of network attack behaviors at the same time, and can prevent most types of network attacks at one time.
In a specific implementation, the present invention further provides a computer storage medium, where the computer storage medium may store a program, where the program may include some or all of the steps in each embodiment of the network security filtering method provided by the present invention when executed. The storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), a random-access memory (random access memory, RAM), or the like.
It will be apparent to those skilled in the art that the techniques of embodiments of the present invention may be implemented in software plus a necessary general purpose hardware platform. Based on such understanding, the technical solutions in the embodiments of the present invention may be embodied in essence or what contributes to the prior art in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the embodiments or some parts of the embodiments of the present invention.
The same or similar parts between the various embodiments in this specification are referred to each other. In particular, for the device embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, as far as reference is made to the description in the method embodiments.
The embodiments of the present invention described above do not limit the scope of the present invention.
Claims (8)
1. A method of network security filtering, the method comprising:
obtaining a JAR file for network security filtering, wherein the JAR file comprises at least one processing packet, each processing packet corresponds to a network attack type, the network attack type is obtained by carrying out multi-level and multi-dimensional classification on network attack events and comprises a plurality of attack types with different levels and/or dimensions, and the JAR file comprises processing packets corresponding to all the network attack types;
when interaction data between a client and a server are intercepted, a general interface provided by the JAR file is called to run at least one processing packet in the JAR file;
the at least one processing packet is operated in sequence, and meanwhile, the interaction data is filtered by multiple types of network attack behaviors, so that multiple types of network attacks are prevented at one time;
the JAR file is pre-generated according to the following steps:
acquiring a network attack event data set, wherein the network attack event data set comprises at least one network attack event data;
acquiring at least one network attack type according to the network attack event data, and acquiring a filtering processing strategy corresponding to each network attack type;
generating a processing packet corresponding to the network attack type according to a filtering processing strategy corresponding to the network attack type; and generating a JAR file containing processing packets corresponding to all network attack types, and configuring an external unique universal interface for the JAR file.
2. The network security filtering method of claim 1, wherein the JAR file further comprises an extension package; the method further comprises the steps of:
calling an expansion interface provided by the JAR file to run the expansion package;
loading a target extension class by running the extension packet, wherein the target extension class is used for realizing an extension filtering method;
and carrying out network security filtering on the interactive data by using the expansion filtering method.
3. The network security filtering method according to claim 1, wherein before invoking the universal interface provided by the JAR file when intercepting the interactive data between the client and the server, the method further comprises:
generating configuration information for configuring the JAR file according to target filtering requirements, wherein the configuration information comprises attribute values corresponding to each processing packet, and the attribute values are first values or second values;
when the JAR file is operated, the processing packages with the attribute values of the first value are operated in sequence, and the processing packages with the attribute values of the second value are not operated.
4. A method of network security filtering according to claim 3, wherein said network security filtering of said interaction data by sequentially running said at least one of said processing packets comprises:
reading the attribute value of each processing packet in the configuration information;
and sequentially running the processing packets with the attribute values as the first values so as to safely filter the interaction data.
5. A network security filter device, the device comprising:
the JAR acquisition module is used for acquiring a JAR file for network security filtering, wherein the JAR file comprises at least one processing packet, each processing packet corresponds to one network attack type, the network attack type is obtained by carrying out multi-level and multi-dimensional classification on network attack events and comprises a plurality of attack types with different levels and/or dimensions, and the JAR file comprises processing packets corresponding to all the network attack types;
the data interception module is used for calling a general interface provided by the JAR file when intercepting interactive data between the client and the server so as to run at least one processing packet in the JAR file;
the security filtering module is used for filtering the interaction data in various types of network attack behaviors by sequentially running the at least one processing packet and preventing various types of network attacks at one time;
the JAR file is pre-generated according to the following steps:
acquiring a network attack event data set, wherein the network attack event data set comprises at least one network attack event data;
acquiring at least one network attack type according to the network attack event data, and acquiring a filtering processing strategy corresponding to each network attack type;
generating a processing packet corresponding to the network attack type according to a filtering processing strategy corresponding to the network attack type; and generating a JAR file containing processing packets corresponding to all network attack types, and configuring an external unique universal interface for the JAR file.
6. The apparatus of claim 5, wherein the JAR file further comprises an extension package; the device also comprises an expansion module; the expansion module is used for:
calling an expansion interface provided by the JAR file to run the expansion package;
loading a target extension class by running the extension packet, wherein the target extension class is used for realizing an extension filtering method;
and carrying out network security filtering on the interactive data by using the expansion filtering method.
7. The apparatus of claim 5, further comprising a JAR configuration module to:
generating configuration information for configuring the JAR file according to target filtering requirements, wherein the configuration information comprises attribute values corresponding to each processing packet, and the attribute values are first values or second values;
when the JAR file is operated, the processing packages with the attribute values of the first value are operated in sequence, and the processing packages with the attribute values of the second value are not operated.
8. The apparatus of claim 7, wherein the security filter module is specifically configured to:
reading the attribute value of each processing packet in the configuration information;
and sequentially running the processing packets with the attribute values as the first values so as to safely filter the interaction data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010504508.0A CN113765859B (en) | 2020-06-05 | 2020-06-05 | Network security filtering method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010504508.0A CN113765859B (en) | 2020-06-05 | 2020-06-05 | Network security filtering method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113765859A CN113765859A (en) | 2021-12-07 |
| CN113765859B true CN113765859B (en) | 2023-12-26 |
Family
ID=78783945
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010504508.0A Active CN113765859B (en) | 2020-06-05 | 2020-06-05 | Network security filtering method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113765859B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104363236A (en) * | 2014-11-21 | 2015-02-18 | 西安邮电大学 | Automatic vulnerability validation method |
| CN107483458A (en) * | 2017-08-29 | 2017-12-15 | 杭州迪普科技股份有限公司 | The recognition methods of network attack and device, computer-readable recording medium |
| CN108683687A (en) * | 2018-06-29 | 2018-10-19 | 北京奇虎科技有限公司 | A kind of network attack identification method and system |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101350745B (en) * | 2008-08-15 | 2011-08-03 | 北京启明星辰信息技术股份有限公司 | Intrude detection method and device |
| US8719802B2 (en) * | 2010-09-30 | 2014-05-06 | Nec Laboratories America, Inc. | Interprocedural exception method |
| CN106778270B (en) * | 2016-12-12 | 2020-07-21 | Tcl科技集团股份有限公司 | Malicious application detection method and system |
| CN106778260B (en) * | 2016-12-31 | 2020-03-17 | 阿里巴巴(中国)有限公司 | Attack detection method and device |
| EP3349137A1 (en) * | 2017-01-11 | 2018-07-18 | Sap Se | Client-side attack detection in web applications |
| CN107579842A (en) * | 2017-07-28 | 2018-01-12 | 江西山水光电科技股份有限公司 | A kind of method of webmaster north orientation product component |
| CN107483510B (en) * | 2017-10-09 | 2020-11-24 | 杭州安恒信息技术股份有限公司 | Method and device for improving attack detection accuracy of Web application layer |
| CN108322458B (en) * | 2018-01-30 | 2020-05-19 | 深圳壹账通智能科技有限公司 | Web application intrusion detection method, system, computer equipment and storage medium |
-
2020
- 2020-06-05 CN CN202010504508.0A patent/CN113765859B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104363236A (en) * | 2014-11-21 | 2015-02-18 | 西安邮电大学 | Automatic vulnerability validation method |
| CN107483458A (en) * | 2017-08-29 | 2017-12-15 | 杭州迪普科技股份有限公司 | The recognition methods of network attack and device, computer-readable recording medium |
| CN108683687A (en) * | 2018-06-29 | 2018-10-19 | 北京奇虎科技有限公司 | A kind of network attack identification method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113765859A (en) | 2021-12-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Alwan et al. | Detection and prevention of SQL injection attack: a survey | |
| US10542006B2 (en) | Network security based on redirection of questionable network access | |
| CN107872456A (en) | Network intrusion prevention method, apparatus, system and computer-readable recording medium | |
| Singh | Analysis of SQL injection detection techniques | |
| US20100037317A1 (en) | Mehtod and system for security monitoring of the interface between a browser and an external browser module | |
| US10839052B2 (en) | Method and system of hardening applications against security attacks | |
| Setiawan et al. | Web vulnerability analysis and implementation | |
| Patel | A survey on vulnerability assessment & penetration testing for secure communication | |
| Chaudhary et al. | A novel framework to alleviate dissemination of XSS worms in online social network (OSN) using view segregation. | |
| CN114745202A (en) | Method for actively defending web attack and web security gateway based on active defense | |
| Tanakas et al. | A novel system for detecting and preventing SQL injection and cross-site-script | |
| Fredj | Spheres: an efficient server-side web application protection system | |
| CN111756707A (en) | Back door safety protection device and method applied to global wide area network | |
| CN113765859B (en) | Network security filtering method and device | |
| Kamruzzaman et al. | A comprehensive review of endpoint security: Threats and defenses | |
| Bhimireddy et al. | Web Security and Web Application Security: Attacks and Prevention | |
| Joshi et al. | A Detailed Evaluation of SQL Injection Attacks, Detection and Prevention Techniques | |
| US11729176B2 (en) | Monitoring and preventing outbound network connections in runtime applications | |
| US20220060502A1 (en) | Network Environment Control Scanning Engine | |
| Khamdamov et al. | Method of developing a web-application firewall | |
| Yan et al. | Anti‐virus in‐the‐cloud service: are we ready for the security evolution? | |
| Nguyen et al. | Preventing the attempts of abusing cheap-hosting Web-servers for monetization attacks | |
| Omeiza et al. | Web security investigation through penetration tests: A case study of an educational institution portal | |
| Madhusudhan | Cross channel scripting (XCS) attacks in web applications: detection and mitigation approaches | |
| Bruschi et al. | AngeL: A tool to disarm computer systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |