CN101217537B - A network attacking prevention method - Google Patents

A network attacking prevention method Download PDF

Info

Publication number
CN101217537B
CN101217537B CN2007103068330A CN200710306833A CN101217537B CN 101217537 B CN101217537 B CN 101217537B CN 2007103068330 A CN2007103068330 A CN 2007103068330A CN 200710306833 A CN200710306833 A CN 200710306833A CN 101217537 B CN101217537 B CN 101217537B
Authority
CN
China
Prior art keywords
request
characters
character
website service
website server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN2007103068330A
Other languages
Chinese (zh)
Other versions
CN101217537A (en
Inventor
董韶瑜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
HANGZHOU HEZHONG DATA TECHNOLOGY CO., LTD.
Original Assignee
董韶瑜
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 董韶瑜 filed Critical 董韶瑜
Priority to CN2007103068330A priority Critical patent/CN101217537B/en
Publication of CN101217537A publication Critical patent/CN101217537A/en
Application granted granted Critical
Publication of CN101217537B publication Critical patent/CN101217537B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The invention relates to a prevention method of network attacks, which comprises the following steps: (1) any of the clients sends a request to the website server; (2) the website server receives the request; (3) the website server transforms the characters with grammatical meaning in the request into the corresponding characters centralized by multi-byte characters; (4) the website server returns a web page to the client after analyzing and executing the request of the transformed characters. The invention has the beneficial effect that the method provided by the invention can effectively defeat the implant attacks of executable components. Meanwhile, the impact to business logic is far less than blocking suspicious characters.

Description

A kind of prevention method of network attack
Technical field
The present invention relates to WEB and use the intrusion detection field, relate in particular to a kind of prevention method of network attack.
Background technology
Submit to the attack of content to be based on a kind of attack that often is subjected to of the operation system of B/S framework to professional website use, but the feature of this attack is to add execution character when utilizing by B/S interface submission data, when the serviced device of these contents is resolved and is handled, because the leak of business software, these should be only carried out in its environment as the part of executable statement as the content of factual data character, thereby cause operation system to carry out external command, the consequence of this attack comprises illegally obtains data of database, destroy the integrality of database, even reach the purpose of carrying out any order.
At present, the main risk prevention instruments that prevents this attack has two classes: based on the examination of service logic and general examination.Examination based on service logic mainly realizes in operation system, implication according to service logic and each input domain, check the reasonability of input, but filter execution character and have the character of grammatical meaning with other, but the shortcoming of this method is: must realize in each different business systems, very high for existing operation system improvement cost, sometimes or even impossible.General examination generally can realize with the method for independent of service, but its shortcoming is, because do not have and the operation system hook, Screening is difficult to determine whether some tagged words are to attack character, the character that much has grammatical meaning often is considered to the reasonable character that normal data is submitted to, and be easy to take place flase drop, will cause the operation system can't operate as normal.
Summary of the invention
The objective of the invention is to: a kind of prevention method of network attack is provided, guarantees semantic constant to data that regular traffic is submitted to, avoid guarding network attack under the condition of the influence of operation system.
For achieving the above object, the prevention method of network security provided by the invention comprises:
(1) sends a request by arbitrary client to the website service end;
(2) the website service termination is received this request;
(3) the website service end is corresponding character with the character that has structuralized query sql like language grammatical meaning in this request according to " Chinese Character Set Code for Informati: baseset " GB2312 code conversion;
Through this conversion, when application software is put into statement to the content after conversion, this symbol has not had grammatical meaning, thereby, only can be taken as business tine and enter statement, thereby can not play the effect that statement is cut apart, thereby just can not play the effect of attack, simultaneously, this conversion can not destroy the service logic of application software.Content before content and the unconverted in application software after conversion has identical semanteme.
(4) the prompting page of the common system mistake of tackling after the request analysis of website service end with hand over word is the wrong page of HTTP error code 500 to 599 scopes and is converted into a general wrong display page and returns client.
In the composition the carried out injection attacks of reality, often adopt the method for trial/mistake for the analysis of system, in other words, utilize system that effective attack method is found out in the error message of attempting attacking content.For fear of finding out system vulnerability, this method adopts the intercepting system miscue page, and replaces with a general wrong display page.Like this, the assailant just is difficult to find the details of system vulnerability.
Attacked client for fear of the operation system error message and intercepted and captured, can after interception, be carried out necessary analysis, can be carried out the information of the target that composition will attack to determine whether to contain in the error message database or other.The wrong page of website is all represented with the 5xx (500 to 599) of return code among the HTTP usually, these information usually contain some tagged words, the error message of database server often contains some key messages, this method will contain the page obstruction of these key messages, replace with general wrong display page.
Beneficial effect: the method that the present invention proposes can be defeated effectively and can carry out the composition injection attacks.Simultaneously, but much smaller to the influence of service logic more than stopping suspicious character.
Embodiment
With web portal security crime prevention system of method construct of the present invention.The request of client arrives the website service end by gateway, and the website service end filters the content of being transmitted, and finds out the word and the symbol that wherein have the sql like language grammatical meaning, SELECT for example, and UPDATE, DELETE, TRANCATE, '; ', '--' (two minus sign), ' ' ' (single quotation marks) etc.These characters are corresponding Chinese symbol according to the GB2312 code conversion, as shown in the table:
Symbol ASCII character The GB2312 sign indicating number
SELECT 53 45 4C 45 43 54 A3D3 A3C5 A3CC A3C5 A3D4 A3D5
UPDATE 55 50 44 41 54 45 A3D5 A3C5 A3CC A3C1 A3D4 A3C5
DELETE 44 45 4C 45 54 45 A3C4 A3C5 A3CC A3C5 A3D4 A3C5
TRANCATE 54 52 41 4E 43 41 A3D4 A3D2 A3C1 A3CE A3C3 A3C1
54 45 A3D4 A3C5
3B A3BB
-- 2D 2D A3AD A3AD
27 A3A7
For at this extraneous character, do not do conversion.To pass to website service through the input of character string after the above-mentioned conversion.
With this transformation in 1.1 described SQL examples.That is, establishing the SQL template is
SELECT?username,phone,idnumber?FROM?user?WHERE?id=′%s′
The user is input as
a′;DELETE?from?user;--′
Then, user's input is converted into
a′;D?E?L?E?T?E?from?user;——
Above-mentioned SQL statement template is put in this input once conversion, obtained
SELECT?username,phone,idnumber?FROM?user?WHERE?id=′a′;
D?E?L?E?T?E?from?user;——′
Because above-mentioned quotation marks, branch, keyword DELETE is converted into multibyte character, they have not had the effect of SQL grammer, and it is by name that the program of being attacked can attempt to seek the user
a′;D?E?L?E?T?E?from?user;——
The user.Certainly can not find.But different with the SQL statement of unconverted, it can delete database table user.
Except that this conversion, service is also done following conversion to the wrong page from website service:
Gateway changes with the following page the page of HTTP return code in 500 to 599 scopes:
" input error: '<input content〉'.Please re-enter.”
Under the situation of the input of character string in above-mentioned example, the user it will be appreciated that following error message:
Input error: ' a '; D E L E T E from user;---'.Please re-enter.Attack not success.

Claims (1)

1. the prevention method of a network attack is characterized in that, comprises the following steps:
(1) sends a request by arbitrary client to the website service end;
(2) the website service termination is received this request;
(3) the website service end is corresponding character with the character that has structuralized query sql like language grammatical meaning in this request according to " Chinese Character Set Code for Informati: baseset " GB2312 code conversion;
(4) after the request analysis of website service end with hand over word, tackle the wrong page that common system mistake prompts for HTTP error code 500 to 599 scopes, be converted into a general wrong display page and return client.
CN2007103068330A 2007-12-28 2007-12-28 A network attacking prevention method Active CN101217537B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2007103068330A CN101217537B (en) 2007-12-28 2007-12-28 A network attacking prevention method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2007103068330A CN101217537B (en) 2007-12-28 2007-12-28 A network attacking prevention method

Publications (2)

Publication Number Publication Date
CN101217537A CN101217537A (en) 2008-07-09
CN101217537B true CN101217537B (en) 2011-04-20

Family

ID=39623900

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2007103068330A Active CN101217537B (en) 2007-12-28 2007-12-28 A network attacking prevention method

Country Status (1)

Country Link
CN (1) CN101217537B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102999723B (en) * 2012-11-20 2015-11-18 焦点科技股份有限公司 The data defence component generation method that Initiative Defense XSS attacks and device thereof
CN103577188B (en) * 2013-10-24 2016-11-16 北京奇虎科技有限公司 The method and device of defence cross-site scripting attack
CN109255253A (en) * 2018-08-13 2019-01-22 苏州科达科技股份有限公司 The anti-method for implanting of SQL and device
CN112351009B (en) * 2020-10-27 2022-07-22 杭州安恒信息技术股份有限公司 Network security protection method and device, electronic equipment and readable storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1352428A (en) * 2001-11-29 2002-06-05 上海复旦光华信息科技股份有限公司 Bypass access control system based on SQL statement
CN1845528A (en) * 2006-01-12 2006-10-11 华为技术有限公司 Method, system for carrying out anti-attack filtration on data stream and its re-positioning device

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1352428A (en) * 2001-11-29 2002-06-05 上海复旦光华信息科技股份有限公司 Bypass access control system based on SQL statement
CN1845528A (en) * 2006-01-12 2006-10-11 华为技术有限公司 Method, system for carrying out anti-attack filtration on data stream and its re-positioning device

Also Published As

Publication number Publication date
CN101217537A (en) 2008-07-09

Similar Documents

Publication Publication Date Title
CN105376210B (en) A kind of account threat identification and defence method and system
US9710868B2 (en) System and methods for identifying compromised personally identifiable information on the internet
JP6736657B2 (en) A computerized system that securely delivers and exchanges cyber threat information in a standardized format
CA2840992C (en) Syntactical fingerprinting
CN103430504B (en) For protecting the system and method specifying data combination
CN104767757B (en) Various dimensions safety monitoring method and system based on WEB service
US8051484B2 (en) Method and security system for indentifying and blocking web attacks by enforcing read-only parameters
CN105376245A (en) Rule-based detection method of ATP attack behavior
AU2018358228A1 (en) Analysis and reporting of suspicious email
US9871826B1 (en) Sensor based rules for responding to malicious activity
CN114021040B (en) Method and system for alarming and protecting malicious event based on service access
CN101217537B (en) A network attacking prevention method
CN103428183A (en) Method and device for identifying malicious website
CN101895516A (en) Method and device for positioning cross-site scripting attack source
CN105959290A (en) Detection method and device of attack message
CN106549980A (en) A kind of malice C&C server determines method and device
CN103731429A (en) Method and device for web application vulnerability detection
CN102546641A (en) Method and system for carrying out accurate risk detection in application security system
CN108933781B (en) Method, apparatus and computer-readable storage medium for processing character string
CN109995720A (en) Heterogeneous device manages method, apparatus, system, equipment and medium concentratedly
CN106663176A (en) Detection device, detection method, and detection program
Calo et al. Is Tricking a Robot Hacking?
CN113987508A (en) Vulnerability processing method, device, equipment and medium
US20230025446A1 (en) System, device and method for detecting social engineering attacks in digital communications
KR102513460B1 (en) Method and system for transmitting safty file by remote browser

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract

Assignee: Hangzhou Unimas Information Engineering Co., Ltd.

Assignor: Dong Shaoyu

Contract record no.: 2011330000809

Denomination of invention: A network attacking prevention method

Granted publication date: 20110420

License type: Exclusive License

Open date: 20080709

Record date: 20110624

ASS Succession or assignment of patent right

Owner name: HANGZHOU UNIMAS INFORMATION ENGINEERING CO., LTD.

Free format text: FORMER OWNER: DONG SHAOYU

Effective date: 20110921

C41 Transfer of patent application or patent right or utility model
COR Change of bibliographic data

Free format text: CORRECT: ADDRESS; FROM: 310014 HANGZHOU, ZHEJIANG PROVINCE TO: 310052 HANGZHOU, ZHEJIANG PROVINCE

TR01 Transfer of patent right

Effective date of registration: 20110921

Address after: Hangzhou City, Zhejiang province 310052 Binjiang District Huaye Building No. 1180 high-tech Waterfront Road, building 3 2-3

Patentee after: Hangzhou Unimas Information Engineering Co., Ltd.

Address before: 310014 room 11, liming garden, Xiacheng District, Xiacheng District, Zhejiang, Hangzhou, 404

Patentee before: Dong Shaoyu

C56 Change in the name or address of the patentee

Owner name: HANGZHOU UNIMAS INFORMATION TECHNOLOGY CO., LTD.

Free format text: FORMER NAME: HANGZHOU UNIMAS INFORMATION ENGINEERING CO., LTD.

CP03 Change of name, title or address

Address after: Hangzhou City, Zhejiang province 310052 Binjiang District Huaye Building No. 1180 high-tech Waterfront Road, building 3 1-3

Patentee after: Hangzhou Unimas Information Engineering Co., Ltd.

Address before: Hangzhou City, Zhejiang province 310052 Binjiang District Huaye Building No. 1180 high-tech Waterfront Road, building 3 2-3

Patentee before: Hangzhou Unimas Information Engineering Co., Ltd.

C56 Change in the name or address of the patentee

Owner name: HANGZHOU UNIMASSYSTEM DATA TECHNOLOGY CO., LTD.

Free format text: FORMER NAME: HANGZHOU UNIMAS INFORMATION TECHNOLOGY CO., LTD.

CP03 Change of name, title or address

Address after: Hangzhou City, Zhejiang province Binjiang District 310052 shore road 1180 building 3 layer 1-3

Patentee after: HANGZHOU HEZHONG DATA TECHNOLOGY CO., LTD.

Address before: Hangzhou City, Zhejiang province 310052 Binjiang District Huaye Building No. 1180 high-tech Waterfront Road, building 3 1-3

Patentee before: Hangzhou Unimas Information Engineering Co., Ltd.

CP02 Change in the address of a patent holder

Address after: 310052 floors 5-8, building 3, No. 399, Danfeng Road, Xixing street, Binjiang District, Hangzhou City, Zhejiang Province (self declaration)

Patentee after: HANGZHOU HEZHONG DATA TECHNOLOGY Co.,Ltd.

Address before: 310052 1-3 / F, building 3, 1180 Bin'an Road, Binjiang District, Hangzhou City, Zhejiang Province

Patentee before: HANGZHOU HEZHONG DATA TECHNOLOGY Co.,Ltd.

CP02 Change in the address of a patent holder