CN102065147A - Method and device for obtaining user login information based on enterprise application system - Google Patents
Method and device for obtaining user login information based on enterprise application system Download PDFInfo
- Publication number
- CN102065147A CN102065147A CN 201110002603 CN201110002603A CN102065147A CN 102065147 A CN102065147 A CN 102065147A CN 201110002603 CN201110002603 CN 201110002603 CN 201110002603 A CN201110002603 A CN 201110002603A CN 102065147 A CN102065147 A CN 102065147A
- Authority
- CN
- China
- Prior art keywords
- login
- http
- user
- keyword
- application system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Information Transfer Between Computers (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a method and device for obtaining user login information based on an enterprise application system, relating to the technical field of networks. Because of adopting a bypass surveillance process, the method and the device for obtaining user login information based on the enterprise application system realize network behavior filter according to key a URL (Uniform Resource Locator) and a keyword to find and identify login action, collect user login information and carry out user login journal audition. The method and the device have the following advantages that: (1) bypass surveillance is a monitoring program of a network layer, can also restore the HTTP (Hyper Text Transport Protocol) request of an application layer, can analyze and identify the content of the HTTP request and judge a login result according to the content; and (2) a bypass surveillance method has no affect on the operation of the traditional system, does not change the traditional operation environment, and is simple and reliable to apply.
Description
Technical field
The present invention relates to networking technology area, in particular a kind of method and device that obtains user login information based on enterprise application system.
Background technology
Along with developing rapidly of business event, enterprise application system moves towards open from sealing, forward the Internet to by local area network (LAN), face the safety problem of internal-external network, the mode that enterprise's original dependence number of the account password carries out the resource information access control can not satisfy at present and following professional requirement.Authentication and empowerment management, the information resources of bringing after also can't avoiding number of the account stolen are destroyed or are divulged a secret.
Enterprise account is as employee's the sign of obtaining corporate resource or the pass, more and more outstanding its importance, the demand of account number safety supervision increases day by day, but the existing safety management means of number of the account can't solve the account number safety problem, the contradiction of this demand and present situation is increasingly sharpened, and need research and develop new safety management product or solution according to present situation, help the enterprise security manager personnel to employee's number of the account visit information system or information resources supervision, guarantee the reasonability of resource acquisition technically.
For this reason, the number of the account that has been born auditing system comes the number of the account operating position of monitoring information system.To the number of the account auditing system, the most important thing is the behavioural information of an application system of recording user login.These systems, information is read in the daily record from information system that has, the increase plug-in unit that has obtains user's log-on message, the employing SSO(single-sign-on that has) mode unify the daily record inlet of information system.Various way purposes all are for one, and the number of the account that gets access to user in the enterprise application system use is used data.
In the above-mentioned prior art, all need information system is transformed.Transform the risk that has just increased system, increased the difficulty of system implementation.
Read information from the daily record of information system, need to increase log collection and routine analyzer; The plug-in unit mode then needs information system all to transform, so that increase calling plug-in unit; The mode of SSO then needs all information systems are logined the transformation of action.Because the information system of enterprise, the third party provides often, so the difficulty that the transformation of any and changing all causes implementing, big increasing has a big risk.
Therefore, prior art has yet to be improved and developed.
Summary of the invention
The technical problem to be solved in the present invention is, at the above-mentioned defective of prior art, provide a kind of and obtain the method and the device of user login information based on enterprise application system, it can obtain user login information real-time and accurately, and need not change existing running environment, it is reliable to be easy to implement.
The technical scheme that technical solution problem of the present invention is adopted is as follows:
A kind ofly obtain the method for user login information, wherein, comprise step based on enterprise application system:
A, to each the application deployment keyword that will monitor or crucial URL, described keyword or crucial URL are used to select HTTP logging request and replying;
The network flow of B, analysis monitoring carries out the agreement resolving inversely, identifies HTTP stream;
C, from HTTP stream, judge and write down the object information that all users login success or not, login behavioural information and preserve to generate user as audit.
Describedly obtain the method for user login information based on enterprise application system, wherein, described steps A also comprises: by described keyword or crucial URL the HTTP byte stream of monitor bypass is filtered, to select the HTTP logging request and to reply.
Describedly obtain the method for user login information based on enterprise application system, wherein, described step B also comprises:
B1, the URL in the network flow that parses monitoring meet the crucial URL of configuration, then catch the HTTP request of login;
B2, from HTTP request, obtain user name, the password of login usefulness; And obtain basic log-on message.
Describedly obtain the method for user login information based on enterprise application system, wherein, the basic log-on message among the described step B2 comprises: source IP and Target IP.
Describedly obtain the method for user login information, wherein, from HTTP stream, judge and write down that the object information that all users login success or not specifically comprises among the described step C based on enterprise application system:
C1, when from HTTP stream, analyzing after the user asks login, when the page of following has comprised the prompting of replying the keyword of makeing mistakes or crucial URL, then be judged as login failure;
C2, when from HTTP stream, analyzing after the user asks login, when the page of following has comprised the prompting of the keyword of replying success or crucial URL, then be judged as and login successfully;
C3, after login, from HTTP stream, analyze the answer back code of 401 HTTP, then judge login failure.
Describedly obtain the method for user login information based on enterprise application system, wherein, the user among the described step C logins behavioural information and comprises: user's time is logined certain system on certain IP, the result is the information of logining successfully or failing.
A kind ofly obtain the device of user login information, wherein, comprising based on enterprise application system:
Obtain and configuration module, be used for the application deployment keyword or the crucial URL that will monitor each, described keyword or crucial URL are used to select the HTTP logging request and reply;
Analyze and parsing module, be used for the network flow of analysis monitoring, carry out the agreement resolving inversely, identify HTTP stream;
Judge and generation module, be used for flowing judgement and writing down the object information that all users login success or not, login behavioural information and preservation with the user who forms as audit from HTTP.
Describedly obtain the device of user login information based on enterprise application system, wherein, also comprise: filtering module is used for by described keyword or crucial URL the HTTP byte stream of monitor bypass being filtered, to select the HTTP logging request and to reply.
Describedly obtain the device of user login information based on enterprise application system, wherein, described analysis and parsing module further comprise:
Resolve and capturing unit, be used for meeting the crucial URL of configuration, then catch the HTTP request of login as the URL of the network flow that parses monitoring;
Acquiring unit is used for the request from HTTP, obtains user name, the password of login usefulness; And obtain basic log-on message.
Describedly obtain the device of user login information based on enterprise application system, wherein, described judgement and generation module further comprise:
First judging unit is used for when analyzing from HTTP stream after the user asks login, when the page of following has comprised the prompting of replying the keyword of makeing mistakes or crucial URL, then is judged as login failure;
Second judging unit is used for when analyzing from HTTP stream after the user asks login, when the page of following has comprised the prompting of the keyword of replying success or crucial URL, then is judged as and logins successfully;
The 3rd judging unit is used for after login, analyzes the answer back code of 401 HTTP from HTTP stream, then judges login failure;
Generation unit is used for the information according to above-mentioned judgement login success or not, and the user who generates as audit logins behavioural information and preservation.
Method and the device that obtains user login information based on enterprise application system provided by the present invention, owing to adopted the monitor bypass technology, carry out the network behavior filtration according to crucial URL and keyword, find and discern the login action, collect user login information, carry out the user and login daily record audit, and have following advantage:
(1) monitor bypass is not only the oracle listener of network layer, and, can reduce the HTTP request of application layer, can resolve and discern the content that HTTP asks, and the result is logined in judgement in view of the above.
(2) method of monitor bypass does not influence the operation of existing system, does not change existing running environment yet, and it is reliable to be easy to implement.
Description of drawings
Fig. 1 be the embodiment of the invention obtain the method flow diagram of user login information based on enterprise application system.
Fig. 2 is that the monitor bypass of the present invention's one specific embodiment is disposed schematic diagram.
Fig. 3 be the embodiment of the invention obtain the principle of device block diagram of user login information based on enterprise application system.
Fig. 4 be the embodiment of the invention obtain the device analysis of user login information and the inner theory diagram of parsing module based on enterprise application system.
Fig. 5 is that the device that obtains user login information based on enterprise application system of the embodiment of the invention is judged and the inner theory diagram of generation module.
Fig. 6 is the flow chart of analysis monitoring network flow of the present invention.
Embodiment
A kind of method and device that obtains user login information based on enterprise application system provided by the present invention, be used for the account number safety audit, for making purpose of the present invention, technical scheme and advantage clearer, clear and definite, below develop simultaneously with reference to accompanying drawing that the present invention is described in more detail for embodiment.Should be appreciated that specific embodiment described herein only in order to explanation the present invention, and be not used in qualification the present invention.
A kind of method of obtaining user login information based on enterprise application system that the embodiment of the invention provided, mainly adopted the monitor bypass technology, carry out the network behavior filtration according to crucial URL and keyword, find and discern login action, collect user login information, carry out the user and login the daily record audit.Because present application system substantially all is the WEB application system, to refer in particular to be monitoring to http protocol to monitor bypass among the present invention.
As shown in Figure 1, describedly obtain the method for user login information, mainly may further comprise the steps based on enterprise application system:
Step S100, obtain user's operational order to each the application deployment request that need monitor and keyword of replying or crucial URL, described request and the keyword or the crucial URL that reply are used for the HTTP byte stream of monitor bypass is filtered, so that select the HTTP logging request and reply
For example, at first, to each the application deployment keyword that will monitor or crucial URL.These keywords or crucial URL are used for the HTTP byte stream of monitor bypass is filtered, so that select the HTTP logging request and reply.Wherein, URL is that URL(uniform resource locator) (abbreviation of English Uniform/Universal Resource Locator) is also referred to as web page address, is the resource addresses (Address) of standard on the internet.
By described keyword or crucial URL the HTTP byte stream of monitor bypass is filtered, to select the HTTP logging request and to reply.For example as shown in the table is used to select HTTP logging request and the keyword or the crucial URL example of replying for disposing:
1 | Apply Names | |
2 | HOST | This fills out the content of HTTP message HOST field, as: www.sina.com.cn or IP address |
3 | Type of coding | UTF-8, GB2312, GBK, BIG5 |
4 | Logging request URL | This fills out the content between HTTP message first row POST head and the HTTP/1., as: login |
5 | Request keyword 1 title | If entry is a user name, can fill out " user name " herein, also can fill out other |
6 | Request keyword 1 | Http post message the inside, the filed of user name correspondence.As the post content is username=abc﹠amp; Password=def then fills in username herein |
7 | Request keyword 2 titles | If entry is a password, can fill out " password " herein, also can fill out other |
8 | Request keyword 2 | Http post message the inside, the filed of user name correspondence.As the post content is username=abc﹠amp; Password=def then fills in password herein |
9 | Request keyword N title | A plurality of request keywords can be arranged, see user's needs |
10 | Request keyword N | |
11 | Reply keyword 1 title | The title that corresponding keyword is stored in database.For example, the user thinks that certain website returns " congratulations, authentication success ", wishes that entry is " authentication success " in database, fills out " authentication success " herein |
12 | Reply keyword 1 | For top example, fill out herein and filter keyword " congratulations, authentication success " |
13 | Reply keyword 2 titles | The title that corresponding keyword is stored in database.For example, the user thinks that certain website returns " account or password mistake ", wishes that entry is " authentification failure " in database, fills out " authentification failure " herein |
14 | Reply keyword 2 | For top example, fill out herein and filter keyword " account or password mistake " |
Reply keyword 2 titles | The title that corresponding keyword is stored in database.For example, the user thinks that certain website is redirected to certain URL "/home/index.aspx ", wish that entry is " authentication success " in database, fill out " authentication success " herein | |
Reply keyword 2 | The URL that is redirected, for example "/home/index.aspx " | |
15 | Reply keyword N title | A plurality of keywords of replying can be arranged, see user's needs |
16 | Reply keyword N | |
17 | Default password | The default password of application system, ground the same encrypting storing with other passwords. |
The network flow of step S200, analysis monitoring carries out the agreement resolving inversely, identifies HTTP stream.
This step S200 also comprises: B1, the URL in the network flow that parses monitoring meet the crucial URL of configuration, then catch the HTTP request of login; B2, from HTTP request, obtain the user name of login usefulness, password; And obtain basic log-on message.Basic log-on message comprises: source IP and Target IP.
For example, the network requests that looks like of analyser, the network flow of the SERVER that the monitor bypass process analysis is monitored, carry out the agreement resolving inversely, HTTP stream is identified: if URL meets the crucial URL of configuration, then catch the HTTP request of login, from the HTTP request, can capture the user name of login usefulness, password.Simultaneously, also get access to basic log-on message such as source IP, Target IP.
Be illustrated in figure 6 as the flow chart of analysis monitoring network flow of the present invention:
Wherein, IE CLIENT is expressed as: client browser; WEB server network interface card is expressed as: WEB server network interface card; WEB APP is expressed as the WEB application program, the application system of indicating to monitor; The network flow that the monitoring module is used to monitor-by monitoring the oracle listener monitor bypass network flow of module; The MYSQL storage representation is MYSQL data Kukus;
The flow process of analysis monitoring network flow embodiment illustrated in fig. 6 may further comprise the steps:
Step 1, the user uses IE CLIENT(browser client), open login page, initiate logging request.
Step 2, logging request is transferred to server end, and the network interface card of server receives network requests (HTTP REQ).
Step 3,4, HTTP REQ(network requests) when being delivered to WEB application program (WEB APP), pass to oracle listener.
Step 5, WEB APP(WEB application program) the processing logging request.
Step 6,7,9, result (HTTP RES) is passed to the network interface card of server, passes to IE CLEINT then, simultaneously, also passes to monitoring program.Step 8, HTTP acknowledges requests result is delivered to the user.
Step 10, oracle listener is handled HTTP RES, and it is right to form request.
Step 11, oracle listener is saved in MYSQL DB storage to result (HTTP logging request and result).
Step S300, from HTTP stream, judge and write down the object information that all users login success or not, login behavioural information and preserve to generate user as audit.
Wherein, recording user login result information, also with regard to the recording user login result, successfully still failure.Divide following several determination methods:
C1, when from HTTP stream, analyzing after the user asks login, when the page of following has comprised the prompting of replying the keyword of makeing mistakes or crucial URL, then be judged as login failure.
If for example after request login, the page of following has comprised " number of the account or password mistake " (this character string user disposes) this prompting, then thinks login failure.
C2, when from HTTP stream, analyzing after the user asks login, when the page of following has comprised the prompting of the keyword of replying success or crucial URL, then be judged as and login successfully;
If for example can be filled into the such keyword of " welcoming you, authentication success " (this character string user disposes), then think and login successfully.
C3, after login, from HTTP stream, analyze the answer back code of 401 HTTP, then judge login failure.
If for example after the login, run into 401 HTTP answer back codes, then represent login failure.
Then, information according to above-mentioned judgement login success or not, generation is logined behavioural information and preservation as the user of audit, for example user's time is logined certain system on certain IP, the result is the information of logining successfully or failing, form a user and login the information of behavior: when logined what system on what IP, the result logins successfully or fails.
This has just formed the user and has logined the information of behavior, and this information preserves as audit information.
The operation that system continues just all preserves all users' login behavioural information get off, and forms effective audit information.
Below by a concrete Application Example method of obtaining user login information based on enterprise application system of the present invention is described in further detail:
As shown in Figure 2, in enterprise network, an audiomonitor is set, be used for monitoring on 1 or the N station server 1 or M login of serving, withdrawing from information by the monitor bypass technology.Application server 1 as shown in Figure 2, application server 2, application server 3 etc.Wherein, have a plurality of application on 1 application server, application system 1 as shown in Figure 2, application system 2, application system 3 based on WEB ... application system n.Advance following giving an example in specific implementation:
(1), the port of 192.168.0.5, mirror image give to be monitored module.
(2), module is monitored in configuration:
Specifying PORT is 8080, and the application of monitoring is OA, and login URL is defaut.aspx, and the username and password variable is respectively UsaName, UsaPwd.
If login successfully, can be redirected to a URL, login failure returns a page, content " user or password mistake ".
(3), user A logins successfully, then forms the record of " user A successfully logins OA in the XXX time with XX IP ".
User B login, the password mistake then forms the record of " user B login OA in the XXX time and fails ".
Therefore the embodiment of the invention provides a kind ofly obtains the method for user login information based on enterprise application system, and it can obtain user profile real-time and accurately, and need not change existing running environment, and it is reliable to be easy to implement.
Based on the foregoing description obtain the method for user login information based on enterprise application system, the embodiment of the invention also provides a kind of device that obtains user login information based on enterprise application system.
As shown in Figure 3, describedly obtain the device of user login information, comprising based on enterprise application system:
Obtain and configuration module 410, be used to obtain user's operational order to each the application deployment request that need monitor and keyword of replying or crucial URL, described request and the keyword or the crucial URL that reply are used for the HTTP byte stream of monitor bypass is filtered, so that select the HTTP logging request and reply.
Analyze and parsing module 430, be used for the network flow of analysis monitoring, carry out the agreement resolving inversely, identify HTTP stream;
Judge and generation module 440, be used for flowing judgement and writing down the object information that all users login success or not, login behavioural information and preservation with the user who forms as audit from HTTP.
Wherein, as shown in Figure 4, described analysis and parsing module 430 further comprise:
Resolve and capturing unit 431, be used for meeting the crucial URL of configuration, then catch the HTTP request of login as the URL of the network flow that parses monitoring;
Acquiring unit 432 is used for the request from HTTP, obtains the user name of login usefulness, password; And obtain basic log-on message.
As shown in Figure 5, described judgement and generation module 440 further comprise:
First judging unit 441 is used for when analyzing from HTTP stream after the user asks login, when the page of following has comprised the prompting of replying the keyword of makeing mistakes or crucial URL, then is judged as login failure;
The 3rd judging unit 443 is used for after login, analyzes the answer back code of 401 HTTP from HTTP stream, then judges login failure;
In sum, method and the device that obtains user login information based on enterprise application system provided by the present invention, owing to adopted the monitor bypass technology, carry out the network behavior filtration according to crucial URL and keyword, find and discern the login action, collect user login information, carry out the user and login daily record audit, and have following advantage:
(1) monitor bypass is not only the oracle listener of network layer, and, can reduce the HTTP request of application layer, can resolve and discern the content that HTTP asks, and the result is logined in judgement in view of the above.
(2) method of monitor bypass does not influence the operation of existing system, does not change existing running environment yet, and it is reliable to be easy to implement.
Should be understood that application of the present invention is not limited to above-mentioned giving an example, for those of ordinary skills, can be improved according to the above description or conversion that all these improvement and conversion all should belong to the protection range of claims of the present invention.
Claims (10)
1. one kind is obtained the method for user login information based on enterprise application system, it is characterized in that, comprises step:
A, to each the application deployment keyword that will monitor or crucial URL, described keyword or crucial URL are used to select HTTP logging request and replying;
The network flow of B, analysis monitoring carries out the agreement resolving inversely, identifies HTTP stream;
C, from HTTP stream, judge and write down the object information that all users login success or not, login behavioural information and preserve to generate user as audit.
2. according to the described method of obtaining user login information based on enterprise application system of claim 1, it is characterized in that, described steps A also comprises: by described keyword or crucial URL the HTTP byte stream of monitor bypass is filtered, to select the HTTP logging request and to reply.
3. obtain the method for user login information according to claim 1 is described based on enterprise application system, it is characterized in that described step B also comprises:
B1, the URL in the network flow that parses monitoring meet the crucial URL of configuration, then catch the HTTP request of login;
B2, from HTTP request, obtain user name, the password of login usefulness; And obtain basic log-on message.
4. obtain the method for user login information according to claim 1 is described based on enterprise application system, it is characterized in that the basic log-on message among the described step B2 comprises: source IP and Target IP.
5. obtain the method for user login information according to claim 1 is described based on enterprise application system, it is characterized in that, from HTTP stream, judge and write down that the object information that all users login success or not specifically comprises among the described step C:
C1, when from HTTP stream, analyzing after the user asks login, when the page of following has comprised the prompting of replying the keyword of makeing mistakes or crucial URL, then be judged as login failure;
C2, when from HTTP stream, analyzing after the user asks login, when the page of following has comprised the prompting of the keyword of replying success or crucial URL, then be judged as and login successfully;
C3, after login, from HTTP stream, analyze the answer back code of 401 HTTP, then judge login failure.
6. according to the described method of obtaining user login information based on enterprise application system of claim 5, it is characterized in that, user among the described step C logins behavioural information and comprises: user's time is logined certain system on certain IP, the result is the information of logining successfully or failing.
7. one kind is obtained the device of user login information based on enterprise application system, it is characterized in that, comprising:
Obtain and configuration module, be used for the application deployment keyword or the crucial URL that will monitor each, described keyword or crucial URL are used to select the HTTP logging request and reply;
Analyze and parsing module, be used for the network flow of analysis monitoring, carry out the agreement resolving inversely, identify HTTP stream;
Judge and generation module, be used for flowing judgement and writing down the object information that all users login success or not, login behavioural information and preservation with the user who forms as audit from HTTP.
8. according to the described device that obtains user login information based on enterprise application system of claim 7, it is characterized in that, also comprise: filtering module is used for by described keyword or crucial URL the HTTP byte stream of monitor bypass being filtered, to select the HTTP logging request and to reply.
9. obtain the device of user login information according to claim 7 is described based on enterprise application system, it is characterized in that described analysis and parsing module further comprise:
Resolve and capturing unit, be used for meeting the crucial URL of configuration, then catch the HTTP request of login as the URL of the network flow that parses monitoring;
Acquiring unit is used for the request from HTTP, obtains user name, the password of login usefulness; And obtain basic log-on message.
10. obtain the device of user login information according to claim 7 is described based on enterprise application system, it is characterized in that described judgement and generation module further comprise:
First judging unit is used for when analyzing from HTTP stream after the user asks login, when the page of following has comprised the prompting of replying the keyword of makeing mistakes or crucial URL, then is judged as login failure;
Second judging unit is used for when analyzing from HTTP stream after the user asks login, when the page of following has comprised the prompting of the keyword of replying success or crucial URL, then is judged as and logins successfully;
The 3rd judging unit is used for after login, analyzes the answer back code of 401 HTTP from HTTP stream, then judges login failure;
Generation unit is used for the information according to above-mentioned judgement login success or not, and the user who generates as audit logins behavioural information and preservation.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 201110002603 CN102065147A (en) | 2011-01-07 | 2011-01-07 | Method and device for obtaining user login information based on enterprise application system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 201110002603 CN102065147A (en) | 2011-01-07 | 2011-01-07 | Method and device for obtaining user login information based on enterprise application system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN102065147A true CN102065147A (en) | 2011-05-18 |
Family
ID=44000246
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN 201110002603 Pending CN102065147A (en) | 2011-01-07 | 2011-01-07 | Method and device for obtaining user login information based on enterprise application system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102065147A (en) |
Cited By (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102404349A (en) * | 2011-12-31 | 2012-04-04 | 山东中创软件工程股份有限公司 | Single sign-on method |
CN102726026A (en) * | 2011-12-30 | 2012-10-10 | 华为技术有限公司 | Method, equipment and system for acquiring user behavior |
CN103078912A (en) * | 2012-12-27 | 2013-05-01 | 北京思特奇信息技术股份有限公司 | Single-point logging method and system |
CN103368783A (en) * | 2012-03-27 | 2013-10-23 | 阿里巴巴集团控股有限公司 | Method, system and equipment for network communication process monitoring |
CN103634159A (en) * | 2012-08-24 | 2014-03-12 | 百度在线网络技术(北京)有限公司 | Registration simulation-based flow playback method and apparatus |
CN104094269A (en) * | 2012-02-01 | 2014-10-08 | 微软公司 | Efficiently throttling user authentication |
CN105847344A (en) * | 2016-03-21 | 2016-08-10 | 立德高科(北京)数码科技有限责任公司 | Two-dimension code capable of logging in WEB version APP system and method and system thereof |
CN106982147A (en) * | 2016-01-15 | 2017-07-25 | 阿里巴巴集团控股有限公司 | The communication monitoring method and device of a kind of Web communication applications |
CN107040535A (en) * | 2017-04-07 | 2017-08-11 | 网易(杭州)网络有限公司 | Mobile solution channel logs in monitoring method, device, system and storage medium |
CN107370719A (en) * | 2016-05-13 | 2017-11-21 | 阿里巴巴集团控股有限公司 | Abnormal login recognition methods, apparatus and system |
CN108776637A (en) * | 2018-05-04 | 2018-11-09 | 平安科技(深圳)有限公司 | Acquisition methods, device, computer equipment and the storage medium of user's operation information |
CN110830987A (en) * | 2019-11-27 | 2020-02-21 | 王培根 | Urban sewage treatment rate evaluation and calculation method, device and equipment |
CN111639936A (en) * | 2020-05-24 | 2020-09-08 | 中信银行股份有限公司 | Transaction information acquisition method and device, electronic equipment and readable storage medium |
CN111683157A (en) * | 2020-08-11 | 2020-09-18 | 杭州优云科技有限公司 | Network security protection method for Internet of things equipment |
CN112073258A (en) * | 2020-08-06 | 2020-12-11 | 深信服科技股份有限公司 | Method for identifying user, electronic equipment and storage medium |
CN113328862A (en) * | 2021-06-15 | 2021-08-31 | 支付宝(杭州)信息技术有限公司 | Enterprise personnel authentication method, device and system |
CN113591110A (en) * | 2021-07-26 | 2021-11-02 | 招商银行股份有限公司 | Method, system, device and computer program product for discriminating confidential requests |
CN113986956A (en) * | 2021-12-29 | 2022-01-28 | 深圳红途科技有限公司 | Data exception query analysis method and device, computer equipment and storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1360261A (en) * | 2001-11-29 | 2002-07-24 | 上海复旦光华信息科技股份有限公司 | By-pass intercepting and reducing method for database access |
CN101141259A (en) * | 2007-10-22 | 2008-03-12 | 杭州华三通信技术有限公司 | Method and device of access point equipment for preventing error access |
CN101350719A (en) * | 2007-07-18 | 2009-01-21 | 康佳集团股份有限公司 | Novel identification authentication method |
CN101442449A (en) * | 2008-12-18 | 2009-05-27 | 中国移动通信集团浙江有限公司 | Method for completely auditing user behaviors under centralization access mode |
CN101909079A (en) * | 2010-07-15 | 2010-12-08 | 北京迈朗世讯科技有限公司 | User online behavior data acquisition method in backbone link and system |
-
2011
- 2011-01-07 CN CN 201110002603 patent/CN102065147A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1360261A (en) * | 2001-11-29 | 2002-07-24 | 上海复旦光华信息科技股份有限公司 | By-pass intercepting and reducing method for database access |
CN101350719A (en) * | 2007-07-18 | 2009-01-21 | 康佳集团股份有限公司 | Novel identification authentication method |
CN101141259A (en) * | 2007-10-22 | 2008-03-12 | 杭州华三通信技术有限公司 | Method and device of access point equipment for preventing error access |
CN101442449A (en) * | 2008-12-18 | 2009-05-27 | 中国移动通信集团浙江有限公司 | Method for completely auditing user behaviors under centralization access mode |
CN101909079A (en) * | 2010-07-15 | 2010-12-08 | 北京迈朗世讯科技有限公司 | User online behavior data acquisition method in backbone link and system |
Cited By (30)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102726026B (en) * | 2011-12-30 | 2015-11-25 | 华为技术有限公司 | A kind of acquisition methods of user behavior, equipment and system |
CN102726026A (en) * | 2011-12-30 | 2012-10-10 | 华为技术有限公司 | Method, equipment and system for acquiring user behavior |
WO2013097201A1 (en) * | 2011-12-30 | 2013-07-04 | 华为技术有限公司 | Method, device and system for acquiring user behavior |
CN102404349A (en) * | 2011-12-31 | 2012-04-04 | 山东中创软件工程股份有限公司 | Single sign-on method |
CN102404349B (en) * | 2011-12-31 | 2014-05-21 | 山东中创软件工程股份有限公司 | Single sign-on method |
CN104094269A (en) * | 2012-02-01 | 2014-10-08 | 微软公司 | Efficiently throttling user authentication |
CN103368783A (en) * | 2012-03-27 | 2013-10-23 | 阿里巴巴集团控股有限公司 | Method, system and equipment for network communication process monitoring |
CN103368783B (en) * | 2012-03-27 | 2017-04-12 | 阿里巴巴集团控股有限公司 | Method, system and equipment for network communication process monitoring |
CN103634159B (en) * | 2012-08-24 | 2018-11-09 | 百度在线网络技术(北京)有限公司 | A kind of traffic playback method and device based on simulation login |
CN103634159A (en) * | 2012-08-24 | 2014-03-12 | 百度在线网络技术(北京)有限公司 | Registration simulation-based flow playback method and apparatus |
CN103078912A (en) * | 2012-12-27 | 2013-05-01 | 北京思特奇信息技术股份有限公司 | Single-point logging method and system |
CN106982147A (en) * | 2016-01-15 | 2017-07-25 | 阿里巴巴集团控股有限公司 | The communication monitoring method and device of a kind of Web communication applications |
CN105847344A (en) * | 2016-03-21 | 2016-08-10 | 立德高科(北京)数码科技有限责任公司 | Two-dimension code capable of logging in WEB version APP system and method and system thereof |
CN107370719B (en) * | 2016-05-13 | 2021-02-05 | 阿里巴巴集团控股有限公司 | Abnormal login identification method, device and system |
CN107370719A (en) * | 2016-05-13 | 2017-11-21 | 阿里巴巴集团控股有限公司 | Abnormal login recognition methods, apparatus and system |
CN107040535A (en) * | 2017-04-07 | 2017-08-11 | 网易(杭州)网络有限公司 | Mobile solution channel logs in monitoring method, device, system and storage medium |
CN107040535B (en) * | 2017-04-07 | 2020-07-10 | 网易(杭州)网络有限公司 | Method, device and system for monitoring login of mobile application channel and storage medium |
CN108776637A (en) * | 2018-05-04 | 2018-11-09 | 平安科技(深圳)有限公司 | Acquisition methods, device, computer equipment and the storage medium of user's operation information |
WO2019210577A1 (en) * | 2018-05-04 | 2019-11-07 | 平安科技(深圳)有限公司 | Method, device for acquiring user operation information, computer equipment and storage medium |
CN110830987A (en) * | 2019-11-27 | 2020-02-21 | 王培根 | Urban sewage treatment rate evaluation and calculation method, device and equipment |
CN110830987B (en) * | 2019-11-27 | 2023-11-24 | 王培根 | Urban sewage treatment rate evaluation and calculation method, device and equipment |
CN111639936A (en) * | 2020-05-24 | 2020-09-08 | 中信银行股份有限公司 | Transaction information acquisition method and device, electronic equipment and readable storage medium |
CN111639936B (en) * | 2020-05-24 | 2023-08-25 | 中信银行股份有限公司 | Transaction information acquisition method and device, electronic equipment and readable storage medium |
CN112073258A (en) * | 2020-08-06 | 2020-12-11 | 深信服科技股份有限公司 | Method for identifying user, electronic equipment and storage medium |
CN112073258B (en) * | 2020-08-06 | 2022-09-30 | 深信服科技股份有限公司 | Method for identifying user, electronic equipment and storage medium |
CN111683157B (en) * | 2020-08-11 | 2020-11-03 | 杭州优云科技有限公司 | Network security protection method for Internet of things equipment |
CN111683157A (en) * | 2020-08-11 | 2020-09-18 | 杭州优云科技有限公司 | Network security protection method for Internet of things equipment |
CN113328862A (en) * | 2021-06-15 | 2021-08-31 | 支付宝(杭州)信息技术有限公司 | Enterprise personnel authentication method, device and system |
CN113591110A (en) * | 2021-07-26 | 2021-11-02 | 招商银行股份有限公司 | Method, system, device and computer program product for discriminating confidential requests |
CN113986956A (en) * | 2021-12-29 | 2022-01-28 | 深圳红途科技有限公司 | Data exception query analysis method and device, computer equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102065147A (en) | Method and device for obtaining user login information based on enterprise application system | |
CN103888490B (en) | A kind of man-machine knowledge method for distinguishing of full automatic WEB client side | |
US6983379B1 (en) | Method and system for monitoring online behavior at a remote site and creating online behavior profiles | |
CN103023710B (en) | A kind of safety test system and method | |
US9307036B2 (en) | Web access using cross-domain cookies | |
US10447766B2 (en) | Information sharing method and system | |
US8321952B2 (en) | Method and system for monitoring online computer network behavior and creating online behavior profiles | |
US8909792B2 (en) | Method, system, and computer program product for identifying and tracking social identities | |
AlNoamany et al. | Who and what links to the Internet Archive | |
US9021085B1 (en) | Method and system for web filtering | |
CN108768921B (en) | Malicious webpage discovery method and system based on feature detection | |
CN102394885A (en) | Information classification protection automatic verification method based on data stream | |
US8407766B1 (en) | Method and apparatus for monitoring sensitive data on a computer network | |
EP3398311B1 (en) | Method and system for preserving privacy in an http communication between a client and a server | |
CN111404937B (en) | Method and device for detecting server vulnerability | |
WO2017077847A1 (en) | Analysis device, analysis method, and analysis program | |
Latib et al. | Analysing log files for web intrusion investigation using hadoop | |
David et al. | A two-stage model for social network investigations in digital forensics | |
Horsman | Web content management systems: An analysis of forensic investigatory challenges | |
Wang et al. | Towards comprehensive analysis of tor hidden service access behavior identification under obfs4 scenario | |
JP2010067037A (en) | Web access control device, web access control system and computer program | |
CN114417198A (en) | Phishing early warning method, phishing early warning device, phishing early warning system | |
KR20220158533A (en) | Malicious site detection method | |
Coronel et al. | A systematic literature review in cyber forensics: current trends from the client perspective | |
JP5061316B1 (en) | Communication packet analyzer |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C12 | Rejection of a patent application after its publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20110518 |