CN115001832A - Method and device for preventing password attack and electronic equipment - Google Patents

Method and device for preventing password attack and electronic equipment Download PDF

Info

Publication number
CN115001832A
CN115001832A CN202210655456.6A CN202210655456A CN115001832A CN 115001832 A CN115001832 A CN 115001832A CN 202210655456 A CN202210655456 A CN 202210655456A CN 115001832 A CN115001832 A CN 115001832A
Authority
CN
China
Prior art keywords
password
login
attack
requests
current
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210655456.6A
Other languages
Chinese (zh)
Other versions
CN115001832B (en
Inventor
欧阳志凡
蒋海滔
杨李贝
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba Cloud Computing Ltd
Original Assignee
Alibaba Cloud Computing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Cloud Computing Ltd filed Critical Alibaba Cloud Computing Ltd
Priority to CN202210655456.6A priority Critical patent/CN115001832B/en
Publication of CN115001832A publication Critical patent/CN115001832A/en
Application granted granted Critical
Publication of CN115001832B publication Critical patent/CN115001832B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks

Abstract

The application provides a method, a device and an electronic device for preventing password attack, wherein the method for preventing the password attack comprises the following steps: acquiring a login password adopted by a multiple login request from a first source address within a preset time period; evaluating the password leakage risk degree of the login password; determining at least one attack candidate password based on the password leakage risk degree of the login password, wherein the attack candidate password is the login password with the password leakage risk degree in a preset range; based on the number of login requests which adopt at least one attack candidate password in the multiple login requests, selecting and executing a corresponding password attack defense strategy from the multiple password attack defense strategies to prevent password attack from the first source address. According to the technical scheme, the account login efficiency and the user experience can be improved while the security defense capability is provided.

Description

Method and device for preventing password attack and electronic equipment
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method and an apparatus for preventing password attack, and an electronic device.
Background
The account and the password are an authentication mechanism, and for example, when various applications are used, a user is required to set the account and the corresponding password, and log in the applications through the account and the password to acquire required data or perform corresponding work. However, in some cases, the account of the user is easily obtained by an attacker, who may have a high probability of successfully logging in to the account with a limited number of attempts if the password of the account is a weak password, which may pose a threat to network security. For example, when an attacker makes account login attacks on multiple accounts using a set of common passwords, there is a high probability that a certain account is successfully logged in.
Disclosure of Invention
In view of this, embodiments of the present application provide a method and an apparatus for preventing password attack, and an electronic device, which can provide a security defense capability and avoid performing secondary authentication operation on each login, so that account login efficiency and user experience can be improved.
In a first aspect, an embodiment of the present application provides a method for preventing a cryptographic attack, including: acquiring a login password adopted by a multiple login request from a first source address within a preset time period; evaluating the password leakage risk degree of the login password; determining at least one attack candidate password based on the password leakage risk degree of the login password, wherein the attack candidate password is the login password with the password leakage risk degree in a preset range; based on the number of login requests which adopt at least one attack candidate password in the multiple login requests, selecting and executing a corresponding password attack defense strategy from the multiple password attack defense strategies to prevent password attack from the first source address.
In a second aspect, an embodiment of the present application provides an apparatus for preventing cryptographic attacks, including: the acquisition module is used for acquiring a login password adopted by a multiple login request from a first source address within a preset time period; the determining module is used for evaluating the password leakage risk degree of the login password and determining at least one attack candidate password based on the password leakage risk degree of the login password, wherein the attack candidate password is the login password with the password leakage risk degree in a preset range; and the execution module is used for selecting and executing a corresponding password attack defense strategy from a plurality of password attack defense strategies based on the number of login requests which adopt at least one attack candidate password in the plurality of login requests so as to prevent password attack from the first source address.
In a third aspect, an embodiment of the present application provides an electronic device, including: a processor; a memory for storing processor executable instructions, wherein the processor is adapted to perform the method of preventing cryptographic attacks as described in the first aspect above.
In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium, where a computer program is stored, and the computer program is configured to execute the method for preventing a password attack according to the first aspect.
In a fifth aspect, embodiments of the present application provide a computer program product, which includes instructions that, when executed by a processor of a computer device, enable the computer device to perform the method steps in the foregoing embodiments.
The embodiment of the application provides a method, a device and electronic equipment for preventing password attack, wherein attack candidate passwords are determined from login passwords adopted by multiple login requests based on password leakage risk degrees, and then corresponding password attack defense strategies are selected and executed according to the number of the login requests adopting the attack candidate passwords, so that the security of an account login process can be improved, malicious login behaviors are prevented, and certain security defense capability is achieved. In addition, the embodiment of the application can avoid improving the safety by providing a secondary authentication mode aiming at each login behavior, so that the account login efficiency and the user experience can be improved. Compared with a conventional account login method without secondary authentication, the method and the device have higher safety on the basis of keeping the same account login efficiency and user experience, can resist password attack, and prevent malicious login behaviors.
Drawings
Fig. 1 is a schematic architecture diagram of a system for preventing a password attack according to an exemplary embodiment of the present application.
Fig. 2 is a flowchart illustrating a method for preventing a password attack according to an exemplary embodiment of the present application.
Fig. 3 is a flowchart illustrating a method for preventing a password attack according to another exemplary embodiment of the present application.
Fig. 4 is a schematic structural diagram of an apparatus for preventing a password attack according to an exemplary embodiment of the present application.
Fig. 5 is a block diagram illustrating an electronic device for executing a method for preventing a password attack according to an exemplary embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
A compromised password dataset is a collection that results from collecting a password compromised in a security event. For each leaked password, the number of times of leakage thereof can be counted. The password with higher leakage times has higher possibility of being used by more people, so that the password is easier to be used as an attack candidate password by an attacker, namely, the attacker utilizes the attack candidate password to initiate account login attacks on a plurality of accounts. Moreover, the higher the number of leaks of the password, the higher the probability of success of the attack. For example, an attacker employs a set of common passwords (attack candidate passwords) to launch account login attacks on thousands of accounts, and such actions are referred to as password injection attack actions.
In an Employee Identity Access (EIAM) scenario of an Identity Service (Identity as a Service), all Employee account passwords in an enterprise are uniformly hosted in an IDaaS product, and account authentication policies and password policies set by different enterprise administrators are greatly different.
Generally, a password injection attack can be defended by setting a secondary authentication mode, wherein the secondary authentication mode can comprise a face recognition mode, a short message verification code mode and the like. For example, when a user logs in an application, the user is required to input a short message verification code in addition to an account number and a password so as to prevent malicious login; or when the user fails to log in continuously for many times, the user is required to input a short message authentication code to retrieve the password, so as to prevent malicious login.
From the perspective of the industry, some industries have high requirements, for example, the government affairs industry, the financial industry and the like, and secondary authentication is generally set to defend against the password injection attack. For most common industries, secondary authentication is not set, and the user can successfully log in as long as inputting an account number and a password. These general industries do not set secondary authentication, which may be due to various reasons, for example, the login mode for setting secondary authentication is complicated, the efficiency is low, and the user experience is poor.
If an IDaaS instance of an enterprise is not configured with a secondary authentication function for experience or other reasons, and at this time, as long as any employee account in the enterprise has a weak password (or a password is leaked), an attacker may acquire access rights of the account in the enterprise based on a password injection attack manner, and then perform corresponding horizontal penetration or right-lifting attack based on the account, which may cause great harm to the application security of the enterprise.
The common industry can generally adopt a password wind control strategy to defend against password injection attacks, but if the interval time between two password login behaviors (the password is wrong) of a single account is long, the password wind control strategy cannot identify the attacks, or the password login lock of the account is overdue before the next attack behavior is initiated.
Therefore, for the common industry without setting secondary authentication, if how to defend an employee account against an attack, how to judge whether the login is an attack behavior based on the login password is a technical problem which needs to be solved urgently.
In view of the above technical problems, embodiments of the present application provide a method for preventing password attack, which can provide certain security defense capability while ensuring user experience by determining the number of login requests that employ attack candidate passwords (high-risk passwords) in multiple login requests, selecting and executing a corresponding password attack defense policy.
Exemplary System
Fig. 1 is a schematic architecture diagram of a system 100 for preventing password attack according to an exemplary embodiment of the present application, which illustrates an application scenario for processing multiple login requests from a first source address. As shown in fig. 1, the system 100 includes: user terminal 110 and server 120. The user terminal 110 may be a computer, a tablet, or a mobile phone, and the server 120 may be an Employee Identity Access Management (EIAM) platform of an Identity as a Service (IDaaS).
The user terminal 110 may generate a login request for a certain account and transmit the login request to the server 120. For example, the user terminal 110 may generate a login request according to an account and a login password input by the user. If the login password is right, the login request can pass the authentication of the server, and if the login password is wrong, the login request can not pass the authentication of the server.
Multiple login requests for multiple accounts can be generated on the user terminal 110 within a certain time, and the server 120 detects the multiple login requests and performs different operations according to the detection result.
For example, when the detection result is that the authentication of the multiple login requests is not passed, and the number of login requests in which the login password adopts the high-risk password (attack candidate password) in the multiple login requests is greater than the first threshold, the server 120 blocks the IP address of the user terminal 110 because there is a high possibility that there is a password injection attack behavior on the IP address.
When the detection result is that the number of login requests in which the login password adopts the high-risk password (attack candidate password) in the multiple login requests is greater than the second threshold and less than or equal to the first threshold, and the verification of the current login request in the multiple login requests passes, the server 120 performs a blocking operation on the current login request to block the current login behavior, because the current login behavior has a high possibility of being a malicious login behavior.
When the detection result is that the number of login requests in which the login password adopts the high-risk password (attack candidate password) in the multiple login requests is greater than the third threshold and less than or equal to the second threshold, and the verification of the current login request in the multiple login requests passes, the server 120 performs the secondary authentication operation on the current login request, because the current login behavior may be a malicious login behavior. It should be understood that the system 100 may have a secondary authentication capability, because the system 100 may obtain information such as a mobile phone number or a facial image of the user when the user registers an account, and the information may be used to configure the secondary authentication function. In the actual application process, the enterprise may select whether to configure the secondary authentication function for the system 100 according to the requirement. For example, according to the embodiment of the application, the secondary authentication function is triggered when a certain condition is met, so that the login process can be simplified, and the user experience is improved.
When the detection result is that the number of login requests in which the login password adopts the high-risk password (attack candidate password) in the multiple login requests is smaller than or equal to the third threshold and the verification of the current login request in the multiple login requests passes, the server 120 processes the current login request so that the login of the current login behavior is successful.
For avoiding redundant descriptions, the specific process of the system 100 for processing multiple login requests can be referred to the following description of the method part.
The system for preventing password attack provided by the embodiment can execute different password attack defense strategies according to different quantities of login requests using high-risk passwords on a certain IP address within a certain time, so that the adverse effects of poor user experience and the like caused by misjudgment can be avoided while the network security is ensured.
It should be noted that the above application scenarios are only presented to facilitate understanding of the spirit and principles of the present application, and the embodiments of the present application are not limited thereto. Rather, embodiments of the present application may be applied to any scenario where it may be applicable.
Exemplary method
Fig. 2 is a flowchart illustrating a method for preventing a password attack according to an exemplary embodiment of the present application. The method of fig. 2 may be performed by a computing device (e.g., the server of fig. 1). As shown in fig. 2, the method for preventing password attack includes the following steps.
210: and acquiring a login password adopted by multiple login requests from a first source address in a preset time period.
The first source address may be an IP address or an egress IP gateway, for example, multiple login requests may be issued on the same IP address or multiple login requests may be issued by the same egress IP gateway within a certain time period.
220: and evaluating the password leakage risk degree of the login password.
The password leakage risk degree is used for evaluating the leakage degree of the login password adopted by the corresponding login request.
The login request corresponds to a login behavior of the user, for example, the user terminal may generate the login request according to an account and a login password input by the user. In a preset time period, the same login password can be used for logging in a plurality of account numbers to generate a plurality of login requests, or the login passwords can be used for logging in the same account number to generate a plurality of login requests, or the login passwords can be used for logging in each account number in the account numbers respectively to generate a plurality of login requests, or the login passwords can be divided into a plurality of groups, and the login passwords are used for logging in account numbers in different groups respectively to generate a plurality of login requests.
The server can receive multiple login requests and determine the password leakage risk degree corresponding to each login password adopted by the multiple login requests.
In an example, the password leakage risk degree of the login password may be determined according to a preset rule, for example, if the login password only includes a number, the corresponding password leakage risk degree is low, and if the login password includes a number and a letter, the corresponding password leakage risk degree is high. It should be understood that the preset rule may be a high risk level of password leakage corresponding to a login password with a high complexity, and here, the preset rule may be set according to an actual situation.
In another example, the risk level of password leakage may be expressed in terms of a number of password leaks that represent the number of times the login password has occurred during a historical password leakage event, e.g., the number of password leaks for the login password may be obtained via a password data set. The password data set may include a plurality of compromised passwords and a number of compromised passwords for each compromised password. Or the password data set comprises hash values corresponding to a plurality of leaked passwords and leakage times corresponding to each leaked password, and in this case, the hash values corresponding to the login passwords can be calculated; and acquiring the password leakage times from the password leakage data set based on the hash value. By using the hash value to represent the corresponding leaked password, the security of the password data set can be improved, and the difficulty of an attacker in obtaining the high-frequency leaked password is increased. Because the leaked passwords are expressed by using the plaintext, an attacker can easily identify the high-frequency leaked passwords in the password data set, and the password attack behavior implemented by adopting the high-frequency leaked passwords is easier to succeed.
It should be understood that the password disclosure data set can be obtained through a public channel application and dynamically updated, and therefore, the attack defense capability of the method for preventing password attack provided by the embodiment of the application can be continuously optimized and improved through the dynamically updated password disclosure data set.
In another example, the password leakage risk level may be obtained based on the number of password leakages, for example, evaluating the password leakage risk level of the login password, including: obtaining the password leakage times of the login password adopted by each login request in the multiple login requests; and acquiring the corresponding password leakage risk degree based on the password leakage times.
Specifically, the password leak risk degree may be represented by a password leak score. For example, a password leakage score corresponding to a certain password leakage frequency can be determined according to a preset function, wherein the higher the password leakage frequency, the higher the password leakage score corresponding to the login password. The range of intervals for the password leak score may be (0, 100), (0, 1) or (1, 10), and so on.
The password leak score may be determined, for example, by the following formula:
Figure BDA0003689297630000051
when the password leakage frequency is 0, the corresponding password leakage score is 0; when the password leakage frequency is 1, the corresponding password leakage score is 10; when the password leakage frequency exceeds 1 ten thousand, the corresponding password leakage score is larger than 90 and is positioned in the interval [90, 100 ].
For different leaked passwords, the distribution of the password leakage times corresponding to the leaked passwords is uneven, for example, the leaked passwords are arranged according to the password leakage times, and the obtained password leakage time curve is not smooth. By characterizing the number of password leaks by the password leak score, a smooth curve may be obtained. For example, a leaked password with a password leakage number of 1 ten thousand or more can be regarded as a high-risk password, under such a condition, the leaked passwords with the password leakage number of 1 ten thousand and 2 ten thousand are likely to be leaked to a similar extent, but on the password leakage number curve, the difference between the leaked passwords with the password leakage number of 1 ten thousand and 2 ten thousand is large (corresponding to a difference of 1 ten thousand). Therefore, the password leakage score can be used for representing the degree of easy leakage of the leaked password more closely through a smaller interval, and more functions can be expanded based on the password leakage score.
Of course, the password leakage score may also be determined according to the password leakage frequency through other functions or rules, such as a normalization function, as long as the password leakage score can represent the easiness of leakage of the login password used by the corresponding login request.
In other examples, the password leakage risk degree may also be represented by a light color or other manners that can distinguish the leakage degree, which is not limited by the embodiment of the present application.
230: determining at least one attack candidate password based on the password leakage risk degree of the login password, wherein the attack candidate password is the login password with the password leakage risk degree in a preset range.
The attack candidate password may indicate that the login password is a high-risk password, and an account logged in with the login password has a possibility of being logged in maliciously, that is, the possibility of being attacked by an attacker exists. In other words, the login request generated based on the login password is likely to be a malicious login request.
The higher the risk degree of password leakage, the higher the possibility that the corresponding login password is a high-risk password. The server can determine whether the login password is an attack candidate password according to the password leakage risk degree of the login password. For example, the password leakage risk degree is represented by a password leakage score, and if the password leakage score is greater than a set threshold, the corresponding login password is determined to be the attack candidate password. Specifically, a login password having a password leak score within a preset range may be determined as an attack candidate password. The login password corresponding to the login request for multiple times may not have one or more attack candidate passwords.
The preset range may be set as needed, for example, the upper limit of the preset range is the maximum value of the password disclosure score; or the upper limit of the preset range is 90%, 95% and the like of the maximum value of the password disclosure score, so that the situation that the acquired password disclosure score near the maximum value is possibly inaccurate can be avoided, and the accuracy of selecting the password attack defense strategy is further avoided being influenced. In one example, the maximum value of the password divulgence score may be 100, and the upper limit of the preset range may be 100, 90, or 95, etc.
240: based on the number of login requests which adopt at least one attack candidate password in the multiple login requests, selecting and executing a corresponding password attack defense strategy from the multiple password attack defense strategies to prevent password attack from the first source address.
When the attack candidate password exists in the login password corresponding to the multiple login requests, the password attack behavior on the first source address cannot be described, and the possibility of the password attack behavior needs to be further judged according to the number of login requests adopting the attack candidate password in the multiple login requests within the preset time period, namely the possibility of the password attack behavior needs to be judged according to the login frequency corresponding to the attack candidate password (the number of times of login adopting the attack candidate password in unit time).
Specifically, the greater the number of login requests that employ attack candidate passwords, the greater the likelihood of password attack behavior on the first source address. Different password attack defense strategies can be adopted according to different numbers of login requests adopting attack candidate passwords in the multiple login requests.
For example, the number of login requests using different attack candidate passwords may be separately counted, and for any attack candidate password, the server may execute the corresponding password attack defense policy as long as the number of corresponding login requests satisfies the trigger condition of any password attack defense policy. Or the number of login requests adopting different attack candidate passwords can be uniformly counted, the server can execute the corresponding password attack defense strategy when the number of login requests adopting the attack candidate passwords meets the triggering condition of any password attack defense strategy, so that the defense performance against password attack can be effectively improved, and the condition that an attacker tries to log in a plurality of accounts by adopting a large number of login passwords and is not defended in time is avoided.
Whether the number of login requests adopting different attack candidate passwords is separately counted or uniformly counted, the selection and the execution process of the corresponding password attack defense strategy are similar, and the selection and the execution process of the password attack defense strategy are described in detail below by taking the uniform counting of the number of login requests adopting different attack candidate passwords as an example.
In an example, if the number of login requests using the attack candidate password in the multiple login requests is greater than a first threshold, it may be considered that there is a high possibility of password attack behavior on the first source address, and the server may execute a corresponding password attack defense policy on the first source address, such as performing a blocking operation on the first source address, or sending notification information to a user of an account corresponding to the multiple login requests to verify whether the user logs in himself or herself, or the like.
In another example, if a certain account is not blasted (successfully bumped) by multiple login requests and the number of login requests adopting the attack candidate password in the multiple login requests is greater than a fifth threshold and less than or equal to a first threshold, it can be considered that password attack behavior is possible on the first source address, and the server can send notification information to a user of the account corresponding to the multiple login requests to verify whether the user logs in personally, for example, to perform a secondary authentication operation. Further, if the number of login requests adopting the attack candidate password in the multiple login requests continues to increase and is greater than the first threshold, it may be considered that the possibility of password attack behavior on the first source address is high, and the server may perform a blocking operation on the first source address. The first threshold value and the fifth threshold value may be set as needed.
According to the method for preventing the password attack, the attack candidate password is determined from the login passwords adopted by the multiple login requests based on the password leakage risk degree, and then the corresponding password attack defense strategy is selected and executed according to the number of the login requests adopting the attack candidate password, so that the security of the account login process can be improved, the malicious login behavior is prevented, and certain security defense capacity is achieved. In addition, according to the embodiment of the application, the security can be improved by providing a secondary authentication mode aiming at each login behavior, so that the account login efficiency and the user experience can be improved. Compared with the conventional account login method without setting secondary authentication, the method and the device have higher security on the basis of keeping the same account login efficiency and user experience, can resist password attack, and prevent malicious login behaviors.
According to an embodiment of the present application, selecting and executing a corresponding password attack defense strategy from a plurality of password attack defense strategies based on the number of login requests that employ at least one attack candidate password among a plurality of login requests, includes: determining the number of login requests for logging in one or more accounts based on at least one attack candidate password in the multiple login requests; and when the number is larger than the first threshold value, performing a blocking operation on the first source address.
Specifically, the number of login passwords corresponding to multiple login requests may be multiple, or the number of the multiple login passwords determined as the attack candidate password may be multiple. The number of login requests based on any attack candidate password in the multiple login requests from the first source address in the preset time period can be one or more, and the specific number can be set by an attacker or random. The login requests corresponding to any attack candidate password can be subjected to unified statistics, and the number of login requests adopting the attack candidate password in multiple login requests is further obtained.
For example, a plurality of login requests can be generated within a certain time by respectively attempting to login a plurality of accounts by using three login passwords. The number of the three login passwords determined as the attack candidate passwords is two, "123456" is the first attack candidate password, and "1234567" is the second attack candidate password. The number of login requests using "123456" as a login password in the login requests is a, the number of login requests using "1234567" as a login password in the login requests is B, and if a + B is greater than a first threshold, it is considered that there is a high possibility that there is a password attack behavior on the IP address or the IP gateway from which the login requests are issued, where the password attack behavior may be a password injection attack behavior.
In this embodiment, the first threshold may be set according to actual needs, and may be, for example, 100, 150, or 200. The server may not verify the multiple login requests, that is, the login password used in the multiple login requests is not matched with the account number, that is, the login password used in the multiple login requests does not successfully collide with the account number in limited login attempts. Or the server verifies that the current login request in the multiple login requests passes, namely the login password adopted by the current login request successfully collides with the current account. When the number of login requests adopting the attack candidate password in the multiple login requests is larger than a first threshold, the server may perform a blocking operation on the first source address, where the blocking operation may be temporary, such as performing blocking on the first source address for a certain period of time, or may verify the first source address, and after the verification passes, remove the blocking on the first source address.
In some scenes, employees of some enterprises can send account login requests based on the same IP gateway within a certain time, in order to avoid misjudging the condition as password injection attack behavior, the embodiment executes the blocking operation on the first source address by determining the attack candidate password and the number of the login requests adopting the attack candidate password and further when the number is greater than a first threshold value, so that misjudgment can be avoided, normal login behavior is prevented from being influenced, and the normal login behavior is ensured to be smoothly carried out.
According to an embodiment of the present application, selecting and executing a corresponding password attack defense policy from a plurality of password attack defense policies based on the number of login requests that adopt at least one attack candidate password among a plurality of login requests, further includes: and when the number is smaller than or equal to the first threshold and larger than the second threshold and the verification of the current login request aiming at the current account in the multiple login requests is successful, executing blocking operation on the current login request.
Specifically, if the number of login requests using the attack candidate password in the multiple login requests does not reach a certain order of magnitude, for example, the number of login requests using the attack candidate password is smaller than or equal to the first threshold, the possibility that a password attack behavior exists on the first source address is low, and at this time, it is not desirable to directly perform a blocking operation on the first source address, which easily affects the normal login behavior.
Therefore, when the number of login requests using the attack candidate password is less than or equal to the first threshold, further determination may be made on multiple login requests, for example, whether the current login request for the current account in the multiple login requests is successfully verified. If the verification of the current login request aiming at the current account number is successful, it may indicate that the login password adopted by the current login request successfully collides with the current account number in a limited number of login attempts, and at this time, there is still a possibility of password attack behavior on the first source address. To prevent password attacks, it may be further determined whether the number of login requests employing the attack candidate password is greater than a second threshold. The second threshold may be smaller than the first threshold, which may be set according to practical situations, and may be, for example, 10, 15, or 20.
If the number of the login requests adopting the attack candidate password is larger than the second threshold, blocking operation can be executed on the current login request, and an attacker is prevented from successfully logging in the current account and then executing hazardous operation such as transverse penetration, right-lifting attack and the like based on the current account.
In this embodiment, when the number of login requests using the attack candidate password is less than or equal to the first threshold, there is also a possibility that a password injection attack behavior exists on the first source address, and only if the number of login attempts by an attacker is less than or equal to the first threshold, the attacker successfully explodes the currently logged-in account number, so that the verification of the currently logged-in request passes, and at this time, a blocking operation may be directly performed on the current login request, so as to avoid that the attacker performs a hazardous operation based on the current account number, and at the same time, improve the security of the account number login process. In addition, in this embodiment, there may be no password injection attack behavior on the first source address, so that normal login behaviors of other users can be ensured to some extent by performing a blocking operation on the current login request.
Optionally, based on the number of login requests in which at least one attack candidate password is adopted in the multiple login requests, selecting and executing a corresponding password attack defense policy from the multiple password attack defense policies, further comprising: when the number is smaller than or equal to a first threshold value and the verification of the current login request aiming at the current account in the multiple login requests is successful, determining the number of times of using the login password adopted by the current login request in the multiple login requests; and when the times are greater than a fourth threshold value, performing blocking operation on the current login request.
Specifically, if the number of login requests using the attack candidate password is less than or equal to the first threshold, and the current login request for the current account in multiple login requests is successfully verified, it may indicate that the login password used in the current login request successfully collides with the current account in a limited number of login attempts, and at this time, there is still a possibility that there is a password attack behavior on the first source address. In order to prevent password attack, it may be further determined whether the number of times that the login password used by the current login request is used in multiple login requests is greater than a fourth threshold. The fourth threshold may be smaller than the first threshold, which may be set according to practical situations, and may be, for example, 5, 10, 15, or 20.
If the number of times of using the login password adopted by the current login request in multiple login requests is larger than the fourth threshold, blocking operation can be executed on the current login request, and an attacker is prevented from successfully logging in the current account and then executing hazard operation such as transverse penetration, right-lifting attack and the like based on the current account.
In this embodiment, when the number of login requests using the attack candidate password is less than or equal to the first threshold and the current login request for the current account in the multiple login requests is successfully verified, the possibility that a password injection attack behavior exists on the first source address may be determined according to the number of times that the login password used in the current login request is used in the multiple login requests and the size of the fourth threshold, so that the accuracy of the determination result may be improved, and the accuracy of executing the corresponding password attack defense strategy according to the determination result may be improved. For example, the blocking operation may be performed directly on the current login request to avoid an attacker performing a hazardous operation based on the current account. Or, the blocking operation is executed on the current login request and the blocking operation is executed on the first source address, so that an attacker can be prevented from executing the hazardous operation based on the current account number, and meanwhile, the attacker can be prevented from initiating other password attack behaviors based on the first source address, and the network security can be further ensured.
Further, the method for preventing password attack further comprises the following steps: reminding a user of the current account that the current account is possibly attacked; and/or sending a Uniform Resource Locator (URL) to the user of the current account so that the user of the current account can log in again through the URL.
Specifically, under the condition that the verification of the current login request for the current account in the multiple login requests is successful and the blocking operation is performed on the current login request, the user of the current account can be further reminded that the current account is possibly attacked. For example, the user may be alerted by a short message, telephone call, email, etc.
Optionally, a Universal Resource Locator (URL) may be sent to the user of the current account, so that the user of the current account logs in again through the URL. Therefore, a new login path can be provided for the user of the current account, the risk of blocking by mistake is reduced, and the influence on the normal login behavior of the user is avoided. Specifically, the URL may be sent to the user by mail, short message, or the like. For example, a URL may be attached to a reminder notification sent to the user so that the user can know that his account may be attacked, and can log in again based on the URL.
In this embodiment, when the blocking operation is performed on the current login request, the user of the current account is reminded that the current account may be attacked, so that the user can conveniently check and verify the current login request, and the password is changed in time after verification, so that the strength of the login password is improved, and the next successful attack is prevented. In addition, a new login path can be provided for the user of the current account by sending the URL to the user of the current account, and the situation that the normal login of the user is influenced due to the fact that the current login request is blocked by judgment errors is avoided, so that the safety of the login process can be improved, and meanwhile the normal login requirement of the user can be guaranteed.
According to an embodiment of the present application, selecting and executing a corresponding password attack defense policy from a plurality of password attack defense policies based on the number of login requests that adopt at least one attack candidate password among a plurality of login requests, further includes: and when the number is smaller than or equal to the second threshold and larger than a third threshold and the verification of the current login request for the current account in the multiple login requests is successful, performing secondary authentication operation on the current login request.
Specifically, if the number of login requests using the attack candidate password is less than or equal to the second threshold, and the current login request for the current account in multiple login requests is successfully verified, it may indicate that there is still a possibility that the login password used in the current login request successfully collides with the current account in a limited number of login attempts, and there is a password attack behavior on the first source address. To prevent password attacks, it may be further determined whether the number of login requests employing the attack candidate password is greater than a third threshold. The third threshold may be smaller than the second threshold, which may be set according to practical situations, and may be, for example, 0, 3, or 5.
If the number of login requests adopting the attack candidate password is larger than the third threshold, secondary authentication operation can be executed on the current login request. The secondary authentication operation can comprise operations of face recognition, sending a short message verification code and the like.
Further, if the number of login requests using the attack candidate password is less than or equal to a third threshold (in the case that the third threshold is not 0), and the current login request for the current account is successfully verified in multiple login requests, it may be considered that there is a high possibility that a password attack action does not exist on the first source address, and at this time, a successful login operation may be performed on the current login request, so that while the security of the account login process is ensured, a simple login operation is maintained, and user experience is ensured.
In this embodiment, when the number of login requests using the attack candidate password is greater than the third threshold and less than or equal to the second threshold, it indicates that the number of times that the attack candidate password is used in multiple login requests is at a low frequency, and in this case, performing the secondary authentication operation on the current login request can reduce the probability of success of the password injection attack, and at the same time, ensure that the current login process of the user is performed smoothly.
According to an embodiment of the present application, the plurality of cryptographic attack defense strategies include at least one of: executing blocking operation on the current login request in the multiple login requests; performing a block operation on the first source address; and executing secondary authentication operation on the current login request.
For avoiding repetition, reference may be made to the description in the foregoing embodiments for the execution process of any cryptographic attack defense policy, and details are not described here.
Fig. 3 is a schematic flowchart illustrating a method for preventing a password attack according to another exemplary embodiment of the present application, where the embodiment of fig. 3 is an example of the embodiment of fig. 2, and details of the same parts are not repeated to avoid repetition. The method for preventing a cryptographic attack shown in fig. 3 includes the following contents.
310: and acquiring a login password adopted by a plurality of login requests from a first source address in a preset time period.
320: and evaluating the password leakage score of the login password adopted by the multiple login requests.
The password leak score is used to evaluate the degree to which the login password employed for the corresponding login request is leaked.
330: and determining at least one attack candidate password based on the password leakage score of the login password adopted by the multiple login requests, wherein the attack candidate password is the login password with the password leakage score within a preset range.
For example, if the interval of the preset range is [90, 100 ], and the password leakage score is in the interval, it may be indicated that the number of times of password leakage corresponding to the login password exceeds a certain number of times (e.g., 1 ten thousand times), and the login password is easily used as the attack candidate password by an attacker.
340: determining the number of login requests of the multiple login requests for logging in one or more accounts based on at least one attack candidate password.
350: it is determined whether the number is greater than a first threshold.
If the number is greater than the first threshold, 360 is performed, otherwise 370 is performed.
360: a block operation is performed on the first source address.
For example, the first threshold may be 100, and if the number is greater than the first threshold, it indicates that the first source address has a high possibility of initiating a cryptographic injection attack, and at this time, a blocking operation may be performed on the first source address to defend against the cryptographic injection attack.
370: and judging whether the current login request successfully collides with the current account.
If the current login request successfully collides with the current account, 380 is executed, otherwise, any defense strategy can not be executed for the moment.
Specifically, if the number is less than or equal to the first threshold (e.g., 100), if there is a password injection attack behavior, the password injection attack behavior may be that a certain account is successfully collided with within 100 login attempts, so that the password attack defense strategy in step 360 is not triggered, the determination in step 380 may be performed, and then the corresponding password attack defense strategy may be selected.
If the current login request does not successfully collide with a certain account within 100 login attempts, the login state of each current account is stable, and any defense strategy can not be executed for the moment.
380: it is determined whether the number is greater than a second threshold.
If the number is greater than the second threshold, 390 is performed, otherwise 391 is performed.
390: and executing blocking operation on the current login request, reminding a user of the current account that the current account is possibly attacked, and sending a URL (uniform resource locator) to the user of the current account.
For example, the second threshold may be 10, and if the number is greater than the second threshold, it indicates that the first source address may initiate a password injection attack, and at this time, a blocking operation may be performed on the current login request, and a notification may be sent to the user of the current account to remind the user that the account of the user may be attacked, thereby providing a better feedback service to the user. In addition, for the situation of the possible false blocking, the user notification can be accompanied by a URL, and the user is informed that the user can log in again through the URL, so that the risk of false blocking can be reduced.
391: it is determined whether the number is greater than a third threshold.
If the number is greater than the third threshold, then 392 is performed, otherwise 393 is performed.
392: and executing secondary authentication operation on the current login request.
For example, the third threshold may be 5, and if the number is greater than the third threshold, it indicates that the first source address may initiate a password injection attack, and at this time, a secondary authentication operation may be performed on the current login request, so that the probability of success of the password injection attack may be reduced, and the smooth proceeding of the current login process of the user is ensured.
393: and executing the operation of successful login on the current login request.
According to the method for preventing password attack, the password leakage frequency detection capability is configured on the basis of the leaked password data set, the password leakage score is obtained on the basis of the password leakage frequency, whether password injection attack behavior exists on a certain Internet Protocol (IP) address/IP gateway or whether a certain account is attacked by the password injection attack behavior can be rapidly judged on the basis of the score, and therefore the IP address/IP gateway can be temporarily blocked or the corresponding account can be logged in and blocked, and the password injection attack behavior of an attacker can be prevented. According to the method for preventing the password attack, the password jet attack behavior is analyzed through the password leakage score, the setting of the login password strength is not depended on, and the strong password is not leaked, so that the security of a user during login cannot be guaranteed by adopting a strategy for setting the strong password. Furthermore, for the password injection attack behavior initiated by an attacker with an internal trusted network access right of an enterprise, generally, an access policy based on an IP address white list is difficult to identify and defend, and the embodiment of the application selects and executes a corresponding password attack defense policy based on the number of login requests adopting attack candidate passwords in multiple login requests, so that the possibility of successful attack of personnel in the enterprise can be reduced. In addition, the embodiment of the application can avoid secondary authentication in the account login process, and can select whether to trigger the secondary authentication based on a dynamic calculation process (a dynamic determination process of the number of login requests adopting the attack candidate password), so that the user experience can be improved.
Exemplary devices
Fig. 4 is a schematic structural diagram of an apparatus 400 for preventing a password attack according to an exemplary embodiment of the present application. As shown in fig. 4, the apparatus 400 for preventing a cryptographic attack includes: an acquisition module 410, a determination module 420, and an execution module 430.
The obtaining module 410 is configured to obtain a login password used by a multiple login request from a first source address within a preset time period; the determining module 420 is configured to evaluate a password leakage risk degree of the login password, and determine at least one attack candidate password based on the password leakage risk degree of the login password, where the attack candidate password is a login password whose password leakage risk degree is within a preset range; the execution module 430 is configured to select and execute a corresponding password attack defense policy from the plurality of password attack defense policies based on the number of login requests in the plurality of login requests that employ at least one attack candidate password, so as to prevent a password attack from the first source address.
According to the device for preventing the password attack, the attack candidate password is determined from the login passwords adopted by the multiple login requests based on the password leakage risk degree, and then the corresponding password attack defense strategy is selected and executed according to the number of the login requests adopting the attack candidate password, so that the security of the account login process can be improved, the malicious login behavior is prevented, and certain security defense capacity is achieved. In addition, the embodiment of the application can avoid improving the safety by providing a secondary authentication mode aiming at each login behavior, so that the account login efficiency and the user experience can be improved. Compared with the conventional account login method without setting secondary authentication, the method and the device have higher security on the basis of keeping the same account login efficiency and user experience, can resist password attack, and prevent malicious login behaviors.
According to an embodiment of the present application, the execution module 430 is configured to: determining the number of login requests for logging in one or more accounts based on at least one attack candidate password in the multiple login requests; and when the number is larger than the first threshold value, performing a blocking operation on the first source address.
According to an embodiment of the present application, the executing module 430 is further configured to: and when the number is less than or equal to the first threshold and greater than the second threshold and the verification of the current login request for the current account in the multiple login requests is successful, performing blocking operation on the current login request.
According to an embodiment of the present application, the apparatus 400 further includes a sending module 440 configured to: reminding a user of the current account that the current account is possibly attacked; and/or sending a Uniform Resource Locator (URL) to the user of the current account so that the user of the current account can log in again through the URL.
According to an embodiment of the present application, the execution module 430 is further configured to: when the number is smaller than or equal to a first threshold value and the verification of the current login request aiming at the current account in the multiple login requests is successful, determining the number of times of using the login password adopted by the current login request in the multiple login requests; and when the times are greater than a fourth threshold value, performing blocking operation on the current login request.
According to an embodiment of the present application, the apparatus 400 further includes a sending module 440 configured to: reminding a user of the current account that the current account is possibly attacked; and/or sending a Uniform Resource Locator (URL) to the user of the current account so that the user of the current account can log in again through the URL.
According to an embodiment of the present application, the executing module 430 is further configured to: and when the number is less than or equal to the second threshold and greater than a third threshold and the verification of the current login request for the current account in the multiple login requests is successful, performing secondary authentication operation on the current login request.
According to an embodiment of the application, the determining module 420 is configured to: obtaining the password leakage times of a login password adopted by each login request in multiple login requests, wherein the password leakage times are used for representing the times of the login password appearing in historical password leakage events; and acquiring the corresponding password leakage risk degree based on the password leakage times.
According to an embodiment of the present application, the determining module 420 is configured to: calculating a hash value corresponding to the login password; and acquiring the password leakage times from the password leakage data set based on the hash value.
According to an embodiment of the present application, the password reveal risk degree is a password reveal score.
According to an embodiment of the present application, the plurality of cryptographic attack defense strategies include at least one of: executing blocking operation on the current login request in the multiple login requests; performing a block operation on the first source address; and executing secondary authentication operation on the current login request.
According to an embodiment of the present application, the upper limit of the preset range is a maximum value of the password divulgence score.
It should be understood that, for the operations and functions of the obtaining module 410, the determining module 420, the executing module 430 and the sending module 440 in the foregoing embodiments, reference may be made to the description in the method for preventing a password attack provided in the foregoing embodiments of fig. 2 or fig. 3, and details are not repeated here to avoid repetition.
Fig. 5 is a block diagram illustrating an electronic device 500 for executing a method for preventing a password attack according to an exemplary embodiment of the present application.
Referring to fig. 5, electronic device 500 includes a processing component 510 that further includes one or more processors and memory resources, represented by memory 520, for storing instructions, such as applications, that are executable by processing component 510. The application programs stored in memory 520 may include one or more modules that each correspond to a set of instructions. Further, the processing component 510 is configured to execute instructions to perform the above-described method of preventing cryptographic attacks.
The electronic device 500 may also include a power supply component configured to perform power management of the electronic device 500, a wired or wireless network interface configured to connect the electronic device 500 to a network, and an input/output (I/O) interface. The electronic device 500 may be operated based on an operating system stored in the memory 520, such as Windows Server TM ,Mac OS X TM ,Unix TM ,Linux TM ,FreeBSD TM Or the like.
A non-transitory computer readable storage medium, wherein instructions of the storage medium, when executed by a processor of the electronic device 500, enable the electronic device 500 to perform a method of preventing cryptographic attacks.
All the above optional technical solutions may be combined arbitrarily to form optional embodiments of the present application, and are not described in detail herein.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program check codes, such as a U disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk.
It should be noted that, in the description of the present application, the terms "first", "second", "third", etc. are used for descriptive purposes only and are not to be construed as indicating or implying relative importance. In addition, in the description of the present application, "a plurality" means two or more unless otherwise specified.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modifications, equivalents and the like that are within the spirit and principle of the present application should be included in the scope of the present application.

Claims (14)

1. A method of preventing cryptographic attacks, comprising:
acquiring a login password adopted by a multiple login request from a first source address within a preset time period;
evaluating the password leakage risk degree of the login password;
determining at least one attack candidate password based on the password leakage risk degree of the login password, wherein the attack candidate password is the login password with the password leakage risk degree in a preset range;
and selecting and executing a corresponding password attack defense strategy from a plurality of password attack defense strategies based on the number of login requests adopting the at least one attack candidate password in the multiple login requests so as to prevent password attack from the first source address.
2. The method of claim 1, wherein selecting and executing a corresponding password attack defense policy from a plurality of password attack defense policies based on a number of login requests of the plurality of login requests that employ the at least one attack candidate password comprises:
determining the number of login requests for logging in one or more accounts based on the at least one attack candidate password in the multiple login requests;
performing a block operation on the first source address when the number is greater than a first threshold.
3. The method of claim 2, wherein selecting and executing a corresponding password attack defense policy from a plurality of password attack defense policies based on a number of login requests of the plurality of login requests that employ the at least one attack candidate password further comprises:
and when the number is smaller than or equal to the first threshold and larger than a second threshold and the verification of the current login request for the current account in the multiple login requests is successful, executing blocking operation on the current login request.
4. The method of claim 3, further comprising:
reminding a user of the current account that the current account is possibly attacked; and/or
And sending a Uniform Resource Locator (URL) to the user of the current account so that the user of the current account can log in again through the URL.
5. The method of claim 2, wherein selecting and executing a corresponding password attack defense policy from a plurality of password attack defense policies based on a number of login requests of the plurality of login requests that employ the at least one attack candidate password further comprises:
when the number is smaller than or equal to the first threshold value and the verification of the current login request of the current account in the multiple login requests is successful, determining the number of times of using the login password adopted by the current login request in the multiple login requests;
and when the times are larger than a fourth threshold value, executing blocking operation on the current login request.
6. The method of claim 5, further comprising:
reminding a user of the current account that the current account is possibly attacked; and/or
And sending a Uniform Resource Locator (URL) to the user of the current account so that the user of the current account can log in again through the URL.
7. The method of claim 3, wherein selecting and executing a corresponding password attack defense policy from a plurality of password attack defense policies based on a number of login requests of the plurality of login requests that employ the at least one attack candidate password further comprises:
and when the number is smaller than or equal to the second threshold and larger than a third threshold and the verification of the current login request for the current account in the multiple login requests is successful, performing secondary authentication operation on the current login request.
8. The method of claim 1, wherein the evaluating the risk level of password leakage of the login password comprises:
obtaining the password leakage times of the login password adopted by each login request in the multiple login requests, wherein the password leakage times are used for representing the times of the login password appearing in historical password leakage events;
and acquiring the corresponding password leakage risk degree based on the password leakage times.
9. The method of claim 8, wherein obtaining the number of password leaks of the login password used by each login request in the multiple login requests comprises:
calculating a hash value corresponding to the login password;
and acquiring the password leakage times from the password leakage data set based on the hash value.
10. The method of claim 1, wherein the degree of risk of password compromise is a password compromise score.
11. The method of claim 10, wherein the upper limit of the preset range is a maximum value of the password compromise score.
12. The method of any of claims 1 to 11, wherein the plurality of cryptographic attack defense policies include at least one of:
executing blocking operation on the current login request in the multiple login requests;
performing a block operation on the first source address;
and executing secondary authentication operation on the current login request.
13. An apparatus for preventing cryptographic attacks, comprising:
the acquisition module is used for acquiring a login password adopted by a multiple login request from a first source address within a preset time period;
the determining module is used for evaluating the password leakage risk degree of the login password and determining at least one attack candidate password based on the password leakage risk degree of the login password, wherein the attack candidate password is the login password with the password leakage risk degree within a preset range;
and the execution module is used for selecting and executing a corresponding password attack defense strategy from a plurality of password attack defense strategies based on the number of login requests adopting the at least one attack candidate password in the plurality of login requests so as to prevent password attack from the first source address.
14. An electronic device, comprising:
a processor;
a memory for storing the processor-executable instructions,
wherein the processor is configured to perform the method for preventing cryptographic attacks of any of the above claims 1 to 12.
CN202210655456.6A 2022-06-10 2022-06-10 Method and device for preventing password attack and electronic equipment Active CN115001832B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210655456.6A CN115001832B (en) 2022-06-10 2022-06-10 Method and device for preventing password attack and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210655456.6A CN115001832B (en) 2022-06-10 2022-06-10 Method and device for preventing password attack and electronic equipment

Publications (2)

Publication Number Publication Date
CN115001832A true CN115001832A (en) 2022-09-02
CN115001832B CN115001832B (en) 2024-02-20

Family

ID=83032189

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210655456.6A Active CN115001832B (en) 2022-06-10 2022-06-10 Method and device for preventing password attack and electronic equipment

Country Status (1)

Country Link
CN (1) CN115001832B (en)

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090013402A1 (en) * 2006-12-07 2009-01-08 Paul Plesman Method and system for providing a secure login solution using one-time passwords
CA2611549A1 (en) * 2007-11-27 2009-05-27 Paul Plesman Method and system for providing a secure login solution using one-time passwords
CN104468249A (en) * 2013-09-17 2015-03-25 深圳市腾讯计算机系统有限公司 Method and device for detecting abnormal account number
CN106357696A (en) * 2016-11-14 2017-01-25 北京神州绿盟信息安全科技股份有限公司 Detection method and detection system for SQL injection attack
CN106603580A (en) * 2017-02-20 2017-04-26 东信和平科技股份有限公司 Login method and login system
CA2913571A1 (en) * 2015-12-01 2017-06-01 Frederic Mailhot Multi-platform user authentication device with double and multilaterally blind on-the-fly key generation
CN110222499A (en) * 2019-05-22 2019-09-10 杭州安恒信息技术股份有限公司 Mysql database weak password detection method
CN112738006A (en) * 2019-10-28 2021-04-30 深信服科技股份有限公司 Identification method, device and storage medium
CN112738104A (en) * 2020-12-29 2021-04-30 杭州迪普科技股份有限公司 Scanning method and device of weak password equipment
CN112822147A (en) * 2019-11-18 2021-05-18 上海云盾信息技术有限公司 Method, system and equipment for analyzing attack chain
US20210288981A1 (en) * 2020-03-14 2021-09-16 Microsoft Technology Licensing, Llc Identity attack detection and blocking
CN114465816A (en) * 2022-03-17 2022-05-10 中国工商银行股份有限公司 Detection method and device for password spray attack, computer equipment and storage medium

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090013402A1 (en) * 2006-12-07 2009-01-08 Paul Plesman Method and system for providing a secure login solution using one-time passwords
CA2611549A1 (en) * 2007-11-27 2009-05-27 Paul Plesman Method and system for providing a secure login solution using one-time passwords
CN104468249A (en) * 2013-09-17 2015-03-25 深圳市腾讯计算机系统有限公司 Method and device for detecting abnormal account number
CA2913571A1 (en) * 2015-12-01 2017-06-01 Frederic Mailhot Multi-platform user authentication device with double and multilaterally blind on-the-fly key generation
CN106357696A (en) * 2016-11-14 2017-01-25 北京神州绿盟信息安全科技股份有限公司 Detection method and detection system for SQL injection attack
CN106603580A (en) * 2017-02-20 2017-04-26 东信和平科技股份有限公司 Login method and login system
CN110222499A (en) * 2019-05-22 2019-09-10 杭州安恒信息技术股份有限公司 Mysql database weak password detection method
CN112738006A (en) * 2019-10-28 2021-04-30 深信服科技股份有限公司 Identification method, device and storage medium
CN112822147A (en) * 2019-11-18 2021-05-18 上海云盾信息技术有限公司 Method, system and equipment for analyzing attack chain
US20210288981A1 (en) * 2020-03-14 2021-09-16 Microsoft Technology Licensing, Llc Identity attack detection and blocking
CN112738104A (en) * 2020-12-29 2021-04-30 杭州迪普科技股份有限公司 Scanning method and device of weak password equipment
CN114465816A (en) * 2022-03-17 2022-05-10 中国工商银行股份有限公司 Detection method and device for password spray attack, computer equipment and storage medium

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
九州云腾: "不温馨提示:您使用的密码已经泄露37359195次!", pages 1 - 4, Retrieved from the Internet <URL:https://baijiahao.baidu.com/s?id=1725611917887545692&wfr=spider&for=pc&searchword=密码泄露次数> *
李明;史国振;娄嘉鹏;: "基于密码服务平台的USB Key身份认证方案", 计算机应用与软件, no. 09, 12 September 2018 (2018-09-12) *
杨浩;: "弱密码的防御与检测", 计算机与网络, no. 11, 12 June 2018 (2018-06-12) *
陈蕾;程雨;张焕杰;: "中科大:邮件系统安全事件分析及应对", 中国教育网络, no. 06, 5 June 2020 (2020-06-05) *

Also Published As

Publication number Publication date
CN115001832B (en) 2024-02-20

Similar Documents

Publication Publication Date Title
US11888868B2 (en) Identifying security risks and fraud attacks using authentication from a network of websites
US10917430B2 (en) Cyberattack prevention system
US9386078B2 (en) Controlling application programming interface transactions based on content of earlier transactions
US9661013B2 (en) Manipulating API requests to indicate source computer application trustworthiness
US8819769B1 (en) Managing user access with mobile device posture
US7523499B2 (en) Security attack detection and defense
US9462011B2 (en) Determining trustworthiness of API requests based on source computer applications&#39; responses to attack messages
US11048792B2 (en) Risk based brute-force attack prevention
US20160330240A1 (en) Blocking via an unsolvable captcha
CN109660556B (en) User login method, device, equipment and storage medium based on information security
JP4555002B2 (en) User authentication system, login request determination apparatus and method
US8887279B2 (en) Distributed real-time network protection for authentication systems
EP2770690A1 (en) Protecting multi-factor authentication
CN110113351A (en) The means of defence and device, storage medium, computer equipment of CC attack
CN110858831A (en) Safety protection method and device and safety protection equipment
CN107770150B (en) Terminal protection method and device
CN112822176B (en) Remote APP identity authentication method
Jaiswal CYBERCRIME CATEGORIES AND PREVENTION
CN113553599A (en) Industrial control host software reinforcement method and system
KR101576993B1 (en) Method and System for preventing Login ID theft using captcha
CN115001832B (en) Method and device for preventing password attack and electronic equipment
CN115883170A (en) Network flow data monitoring and analyzing method and device, electronic equipment and storage medium
JP4685191B2 (en) User authentication system, login request determination apparatus and method
CN110011992B (en) System login method and electronic equipment
CN117692193A (en) Safe processing method, device, equipment and medium for video conference

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant