CN102801741A - Method and device for stopping Trojan horse viruses - Google Patents
Method and device for stopping Trojan horse viruses Download PDFInfo
- Publication number
- CN102801741A CN102801741A CN2012103169671A CN201210316967A CN102801741A CN 102801741 A CN102801741 A CN 102801741A CN 2012103169671 A CN2012103169671 A CN 2012103169671A CN 201210316967 A CN201210316967 A CN 201210316967A CN 102801741 A CN102801741 A CN 102801741A
- Authority
- CN
- China
- Prior art keywords
- server
- resource
- quoting
- address
- compartment wall
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention discloses a method and a device for stopping Trojan horse viruses. The method for stopping the Trojan horse viruses comprises the following steps: a firewall acquires an address of a referenced resource, which is sent to a first server by a client; the firewall judges whether the referenced resource corresponding to the address is from a second server, wherein the name of the second server is in white lists set by a manager; and when the referenced resource corresponding to the address is from the second server, the firewall allows the first server to reference the referenced resource from the second server. By the method and the device for stopping the Trojan horse viruses, due to the adoption of the white lists set by the manager, the safe servers can be accurately judged and the attack of the Trojan horse viruses can be ensured to be prevented by referencing the referenced resources of the servers in the white lists so as to achieve an effect of accurately stopping the Trojan horse viruses.
Description
Technical field
The present invention relates to internet arena, in particular to a kind of prevention method and device of trojan horse.
Background technology
Along with the popularization that with high interactivity is Web 2.0 technology of main feature, a lot of Web websites allow user's upload file, and the thing followed is that Web server is hung the safety that horse (being mounted trojan horse) more and more threatens Web server and client browser.From the kind differentiation of Web server wooden horse two kinds of forms are arranged, a kind of is the server wooden horse, and a kind of is the client wooden horse.The server wooden horse normally one can be on Web server by malicious script or the malice executable program dynamically carried out.The client wooden horse is the browser program of malice normally, and it can be one section Javascript script, malice Java Applet small routine or malice browser plug-in.Web server is hung horse, and normally other leak is realized by some, for example the SQL injection loophole, stride the station leak, upload leak etc.
Anti-viral software is installed on server in the prior art,, is found malicious code through monitoring and scanning to file on the server.When the assailant uploads the malice file, find and response by antivirus software.
This technological shortcoming is that antivirus software is based on the known viruse sample, and unknown malicious code is lacked effective opposing means.Now the assailant can use the antivirus software of main flow to test when making rogue program usually, obscures means and accomplishes the free to kill of antivirus software through various.Like this, antivirus software effect in concordance file virus is limited.If the malicious code that the assailant uploads is not preserved into file, but utilize database to preserve (perhaps simply being stored in the internal memory), can't detect based on the antivirus software of file.And antivirus software seriously consumes server computational resource and performance, and is particularly all the more so to the very frequent Web server of IO read-write.Under a lot of situation; Extension horse to Web server; Only be on the page of victim server, to add a html tag (for example < link >, < iframe>or the like) that comprises hostile content, real Malware entity does not leave on the victim server.At this moment, the server antivirus software does not have the ability discovery hostile content.
Problem to can't accurately stoping trojan horse in the prior art does not propose effective solution at present as yet.
Summary of the invention
The invention provides a kind of prevention method and device of trojan horse, to solve the problem that can't accurately stop trojan horse in the prior art at least.
To achieve these goals, according to an aspect of the present invention, a kind of prevention method of trojan horse is provided.
Prevention method according to trojan horse of the present invention comprises: fire compartment wall obtains the resource addresses of quoting that first server sends to client; Fire compartment wall judge the address corresponding whether quote resource from second server, wherein, the title of second server is in the white list that the keeper is provided with; And when the address corresponding quote resource from second server the time, fire compartment wall allows first server to quote the resource of quoting from second server.
Further, fire compartment wall obtains the resource addresses of quoting that first server sends to client and comprises: fire compartment wall carries out syntactic analysis to obtain the label of quoting resource to quoting resource, wherein, comprises in the label and quotes resource addresses; And fire compartment wall obtains the resource addresses of quoting in the label.
Further; Fire compartment wall obtain first server send to client quote after the resource addresses with fire compartment wall judge the address corresponding quote resource whether from second server before, said method comprises: fire compartment wall judges whether the address is the address of first server inside; And when the address was the address of first server inside, fire compartment wall allowed first server to quote the resource of quoting from first server inside.
Further, fire compartment wall judge the address corresponding quote resource whether from second server after, said method also comprises: when quoting resource is not during from second server, fire compartment wall stops being connected between visitor and first server.
Further, fire compartment wall judge the address corresponding quote resource whether from second server after, said method also comprises: when quoting resource is not during from second server, and fire compartment wall obtains the address blacklist; Fire compartment wall is judged and to be quoted resource addresses whether in the blacklist of address; When quoting resource addresses in the blacklist of address the time, fire compartment wall stops being connected between visitor and first server; And when quoting resource addresses not in the blacklist of address the time, fire compartment wall allows first server to quote the resource of quoting from second server.
To achieve these goals, according to another aspect of the present invention, a kind of holdout device of trojan horse is provided, this device is used to carry out the prevention method of any one trojan horse provided by the invention.
A kind of holdout device of trojan horse is provided according to a further aspect in the invention.The holdout device of this trojan horse comprises: first acquiring unit is used to obtain the resource addresses of quoting that first server sends to client; First judging unit, be used to judge the address corresponding whether quote resource from second server, wherein, the title of second server is in the white list that the keeper is provided with; And the first permission unit, be used for when the address corresponding quote resource from second server the time, allow first server to quote the resource of quoting from second server.
Further, first acquiring unit comprises: first obtains subelement, is used for carrying out syntactic analysis to obtain the label of quoting resource to quoting resource, wherein, comprises in the label and quotes resource addresses; And
Second obtains subelement, is used for obtaining the resource addresses of quoting of label.
Further, said apparatus also comprises: second judging unit is used to judge whether the address is the inner address of first server; And the second permission unit, be used for when the address is the inner address of first server, allow first server quote from first server inner quote resource.
Further, said apparatus also comprises: the first termination unit, being used for when quoting resource is not during from second server, stops being connected between visitor and first server.
Further, said apparatus also comprises: second acquisition unit, and being used for when quoting resource is not during from second server, obtains the address blacklist; The 3rd judging unit is used for judging and quotes the whether blacklist in the address of resource addresses; The second termination unit is used for when quoting resource addresses in the address during blacklist, stops being connected between visitor and first server; And the 3rd permission unit, be used for during blacklist, not allowing first server to quote the resource of quoting from second server in the address when quoting resource addresses.
Through the present invention; Because the white list that has adopted the keeper to be provided with; Can judge accurately that which server is safe, quote the resource of server in these white lists, can guarantee to stop the attack of trojan horse; Therefore solved in the prior art and can't accurately stop the problem of trojan horse, and then reached the effect of accurate prevention trojan horse.
Description of drawings
The accompanying drawing that constitutes the application's a part is used to provide further understanding of the present invention, and illustrative examples of the present invention and explanation thereof are used to explain the present invention, do not constitute improper qualification of the present invention.In the accompanying drawings:
Fig. 1 is the structured flowchart according to the holdout device of the trojan horse of the embodiment of the invention;
Fig. 2 is the flow chart according to the prevention method of the trojan horse of the embodiment of the invention; And
Fig. 3 is the flow chart of the prevention method of trojan horse according to the preferred embodiment of the invention.
Embodiment
Need to prove that under the situation of not conflicting, embodiment and the characteristic among the embodiment among the application can make up each other.Below with reference to accompanying drawing and combine embodiment to specify the present invention.
The embodiment of the invention provides a kind of holdout device of trojan horse, below the holdout device of the trojan horse that the embodiment of the invention provided is introduced.
Fig. 1 is the structured flowchart according to the holdout device of the trojan horse of the embodiment of the invention.
As shown in Figure 1, the holdout device of this trojan horse comprises first acquiring unit 11, first judging unit 12 and the first permission unit 13.
First acquiring unit 11 is used to obtain the resource addresses of quoting that first server sends to client.
In the present embodiment, first server is exactly the server that the keeper needs protection, and first acquiring unit 11 can be quoted resource addresses through getting access to of syntactic analysis.Concrete, first acquiring unit 11 comprises that first obtains subelement and second and obtain subelement.
First obtains subelement is used for carrying out syntactic analysis to obtain the label of quoting resource to quoting resource, wherein, comprises in the label and quotes resource addresses.Second obtains the resource addresses of quoting that subelement is used for obtaining label.
Second server in the present embodiment is meant the server in the white list; First judging unit 12 can be compared the server in address that gets access to and the white list, whether judges in the server of white list that according to the address that gets access to the corresponding resource in address is the resource in the second server.
The first permission unit 13 be used for when the address corresponding quote resource from second server the time, allow first server to quote the resource of quoting from second server.
In the present embodiment; Because the white list that has adopted the keeper to be provided with; Can judge accurately that which server is safe, quote the resource of server in these white lists, can guarantee to stop the attack of trojan horse; Therefore solved in the prior art and can't accurately stop the problem of trojan horse, and then reached the effect of accurate prevention trojan horse.
For quoting the just situation in first server of resource addresses, present embodiment has carried out correspondingly being provided with, and preferably, said apparatus comprises second judging unit and the second permission unit.
Second judging unit is used to judge whether the address is the inner address of first server.
The second permission unit is used for when the address is the address of first server inside, allows first server to quote the resource of quoting from first server inside.
For the workload of the holdout device that reduces trojan horse,, can directly block not in the resource of quoting of second server for the address, preferably, said apparatus also comprises the first termination unit.
It is not during from second server that the first termination unit is used for when quoting resource, stops being connected between visitor and first server.
In order to ensure the accuracy that stops wooden horse, not in the resource of quoting of second server, can confirm further that for the address preferably, said apparatus also comprises second acquisition unit, the 3rd judging unit, the second termination unit and the 3rd permission unit.
It is not during from second server that second acquisition unit is used for when quoting resource, obtains the address blacklist;
The 3rd judging unit is used for judging quotes the whether blacklist in the address of resource addresses;
The second termination unit is used for when quoting resource addresses in the address during blacklist, stops being connected between visitor and first server; And
The 3rd permission unit is used for during blacklist, not allowing first server to quote the resource of quoting from second server in the address when quoting resource addresses.
The embodiment of the invention also provides a kind of prevention method of trojan horse, and this method can be carried out based on above-mentioned device.
Fig. 2 is the flow chart according to the prevention method of the trojan horse of the embodiment of the invention.
As shown in Figure 2, the prevention method of this trojan horse comprises that following step S202 is to step S204.
Step S202, fire compartment wall obtain the resource addresses of quoting that first server sends to client.
Can obtain through multiple technologies and to quote resource addresses, the most frequently used is the method through syntactic analysis.
Fire compartment wall carries out syntactic analysis to obtain the label of quoting resource to quoting resource, wherein, comprises in the label and quotes resource addresses.
When client is promptly browsed on first server, return to the page of client on Web server, both comprised html file (execution result that comprises dynamic page), also comprise the CSS file for server.Present embodiment carries out syntactic analysis to it: html file is analyzed through the HTML syntax analyzer, and the CSS file is analyzed through the CSS syntax analyzer, and is reduced into the syntax tree of HTML/CSS to analysis result.
Through using semantic analyzer, the label that can from the syntax tree of HTML/CSS, find existence externally to quote, for example < link >, < iframe >, < object >, < form >, < script >, < style>or the like.
At this moment, fire compartment wall can obtain the resource addresses of quoting in the label.Can be to obtain the URL that it quotes resource in the present embodiment.
Between step S202 in the present embodiment and the step S204, fire compartment wall can judge earlier whether the address is the inner address of first server.When the address was the address of first server inside, fire compartment wall allowed first server to quote the resource of quoting from first server inside.That is, if in the URL that obtains be to the quoting of book server internal resource, think that then this is quoted is legal.
Step S204, fire compartment wall judge the address corresponding whether quote resource from second server, wherein, the title of second server is in the white list that the keeper is provided with.
The keeper of Web server needs according to the page characteristic on the own Web server of being managed, and creates a external quoting resource and the external server white list trusty that allows.
For example, certain Admin Administration's website is www.aaa.com.On this website; Some pages are arranged; Can unified quote the file in the www.bbb.com/style/common.css; Promptly in the page code under the www.aaa.com, all can comprise following html tag: link href=" www.bbb.com/style/common.css " type=" text/css ".This moment, www.aaa.com externally quoted being set to of white list:
www.bbb.com/style/common.css
Perhaps also can be set to:
Www.bbb.com or www.bbb.com/style/
With there being many similarly to be provided with under a white list, in order to represent a plurality of legal externally quoting.
If, to www.aaa.com server establishment white list be:
www.bbb.com/style/
Client is browsed and is comprised following label in the http://www.aaa.com/test.asp id=1 page:
<link?href=http://www.bbb.com/style/common.css”type=”text/css”>
At this moment, externally Reference-links http://www.bbb.com/style/common.css file can hit white list, and it is legal externally quoting.Again for example, comprise following label among the http://www.aaa.com/test.asp id=1:
<link?href=http://www.bbb.com/style/sub/common.css”type=”text/css”>
Still can hit white list, it still is legal externally quoting.But following html tag can not hit white list:
Link href=http: //www.bbb.com/common.css " type=" text/css " because do not comprise www.bbb.com/common.css in the white list.
For not hitting externally quoting of white list, can handle according to following two kinds of strategy patterns:
First kind is radical prescription, in this strategy, do not hit white list, promptly is considered to malice, directly stops being connected and log between visitor and the server according to configuration.For example, can directly block the connection of the www.aaa.com/test.asp id=1 of active client visit.That is, not during when quoting resource from second server, fire compartment wall stops being connected between visitor and first server.
Second kind is conservative strategy, in this strategy, to not hitting the external link of white list; Submit to malice URL storehouse to mate; After only hitting malice URL storehouse, just can stop being connected and log between visitor and the server, let pass otherwise be regarded as legal externally quoting.That is, not during when quoting resource from second server, fire compartment wall obtains the address blacklist.Fire compartment wall is judged and to be quoted resource addresses whether in the blacklist of address.When quoting resource addresses in the blacklist of address the time, fire compartment wall stops being connected between visitor and first server.When quoting resource addresses not in the blacklist of address the time, fire compartment wall allows first server to quote the resource of quoting from second server.
Step S206, when the address corresponding quote resource from second server the time, fire compartment wall allows first server to quote the resource of quoting from second server.That is, if in the title of the URL corresponding server that obtains on white list, then fire compartment wall thinks that this quoting resource is legal externally quoting.
Fig. 3 is the flow chart of the prevention method of trojan horse according to the preferred embodiment of the invention, and is as shown in Figure 3, and this prevention method comprises following step S302 to step S318, and the executive agent of this method can be a fire compartment wall.
Step S302 obtains the label of quoting resource that first server sends to client.
Step S304 obtains the address in this label.
Whether step S306 judges this address from first server, if, execution in step S308; If not, execution in step S310.
Step S308 allows first server to quote the inner resource of quoting.
Whether step S310 judges this address from the second server in the white list, if, execution in step S312; If not, execution in step S314.
Step S312 allows first server to quote the resource of quoting from second server.
Step S314, whether the link of judging this address at blacklist, promptly in the malice URL storehouse, if, execution in step S316; If not, execution in step S318.
Step S316 stops being connected between visitor and first server.
Step S318 allows first server to quote the resource of quoting from second server.
From above description, can find out, can control external quoting resource on the one hand through present embodiment, can protect the user of website not receive interlinkage to hang the attack of horse on the other hand.
Need to prove; Can in computer system, carry out in the step shown in the flow chart of accompanying drawing such as a set of computer-executable instructions; And; Though logical order has been shown in flow chart, in some cases, can have carried out step shown or that describe with the order that is different from here.
Obviously, it is apparent to those skilled in the art that above-mentioned each module of the present invention or each step can realize with the general calculation device; They can concentrate on the single calculation element; Perhaps be distributed on the network that a plurality of calculation element forms, alternatively, they can be realized with the executable program code of calculation element; Thereby; Can they be stored in the storage device and carry out, perhaps they are made into each integrated circuit modules respectively, perhaps a plurality of modules in them or step are made into the single integrated circuit module and realize by calculation element.Like this, the present invention is not restricted to any specific hardware and software combination.
The above is merely the preferred embodiments of the present invention, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.All within spirit of the present invention and principle, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. the prevention method of a trojan horse is characterized in that, comprising:
Said fire compartment wall obtains the resource addresses of quoting that first server sends to client;
Said fire compartment wall judge said address corresponding whether quote resource from second server, wherein, the title of said second server is in the white list that the keeper is provided with; And
When said address corresponding quote resource from said second server the time, said fire compartment wall allows said first server to quote the resource of quoting from said second server.
2. the prevention method of trojan horse according to claim 1 is characterized in that, said fire compartment wall obtains the resource addresses of quoting that first server sends to client and comprises:
Said fire compartment wall carries out syntactic analysis to obtain the said label of quoting resource to the said resource of quoting, and wherein, comprises in the said label and quotes resource addresses; And
Said fire compartment wall obtains the resource addresses of quoting in the said label.
3. the prevention method of trojan horse according to claim 1; It is characterized in that; Said fire compartment wall obtain first server send to client quote after the resource addresses with said fire compartment wall judge said address corresponding quote resource whether from second server before, said method comprises:
Said fire compartment wall judges whether said address is the inner address of said first server; And
When said address was the address of said first server inside, said fire compartment wall allowed said first server to quote the resource of quoting from said first server inside.
4. the prevention method of trojan horse according to claim 1 is characterized in that, said fire compartment wall judge said address corresponding quote resource whether from said second server after, said method also comprises:
When the said resource of quoting is not during from said second server, said fire compartment wall stops being connected between visitor and said first server.
5. the prevention method of trojan horse according to claim 1 is characterized in that, said fire compartment wall judge said address corresponding quote resource whether from said second server after, said method also comprises:
When quoting resource is not during from said second server, and said fire compartment wall obtains the address blacklist;
Said fire compartment wall judges that the said resource addresses of quoting is whether in the blacklist of said address;
When the said resource addresses of quoting in the blacklist of said address the time, said fire compartment wall stops being connected between visitor and said first server; And
When the said resource addresses of quoting not in the blacklist of said address the time, said fire compartment wall allows said first server to quote the resource of quoting from said second server.
6. the holdout device of a trojan horse is characterized in that, comprising:
First acquiring unit is used to obtain the resource addresses of quoting that first server sends to client;
First judging unit, be used to judge said address corresponding whether quote resource from second server, wherein, the title of said second server is in the white list that the keeper is provided with; And
The first permission unit, be used for when said address corresponding quote resource from said second server the time, allow said first server to quote the resource of quoting from said second server.
7. the holdout device of trojan horse according to claim 6 is characterized in that, said first acquiring unit comprises:
First obtains subelement, is used for the said resource of quoting is carried out syntactic analysis to obtain the said label of quoting resource, wherein, comprises in the said label and quotes resource addresses; And
Second obtains subelement, is used for obtaining the resource addresses of quoting of said label.
8. the holdout device of trojan horse according to claim 6 is characterized in that, said device also comprises:
Second judging unit is used to judge whether said address is the inner address of said first server; And
The second permission unit is used for when said address is the address of said first server inside, allows said first server to quote the resource of quoting from said first server inside.
9. the holdout device of trojan horse according to claim 6 is characterized in that, said device also comprises:
The first termination unit, be used for when the said resource of quoting be not during from said second server, stop being connected between visitor and said first server.
10. the holdout device of trojan horse according to claim 6 is characterized in that, said device also comprises:
Second acquisition unit, being used for when quoting resource is not during from said second server, obtains the address blacklist;
The 3rd judging unit is used for judging the said whether blacklist in said address of resource addresses of quoting;
The second termination unit, be used for when the said resource addresses of quoting in said address during blacklist, stop being connected between visitor and said first server; And
The 3rd permission unit is used for during blacklist, not allowing said first server to quote the resource of quoting from said second server in said address when the said resource addresses of quoting.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012103169671A CN102801741A (en) | 2012-08-30 | 2012-08-30 | Method and device for stopping Trojan horse viruses |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012103169671A CN102801741A (en) | 2012-08-30 | 2012-08-30 | Method and device for stopping Trojan horse viruses |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102801741A true CN102801741A (en) | 2012-11-28 |
Family
ID=47200703
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012103169671A Pending CN102801741A (en) | 2012-08-30 | 2012-08-30 | Method and device for stopping Trojan horse viruses |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102801741A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103823679A (en) * | 2014-02-24 | 2014-05-28 | 联想(北京)有限公司 | Information processing method and device |
| CN115051845A (en) * | 2022-06-08 | 2022-09-13 | 北京启明星辰信息安全技术有限公司 | Suspicious traffic identification method, device, equipment and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1251669A (en) * | 1997-03-21 | 2000-04-26 | 思维媒体公司 | Method and apparatus for traking client interaction with network resource and creating client profiles and resource database |
| CN101136767A (en) * | 2006-09-01 | 2008-03-05 | 华为技术有限公司 | Assets safety management method, system and network element equipment of telecom network |
| CN101141244A (en) * | 2006-09-08 | 2008-03-12 | 飞塔信息科技(北京)有限公司 | Network encrypted data virus detection and elimination system, proxy server and method |
| CN101675639A (en) * | 2007-01-31 | 2010-03-17 | 索尼爱立信移动通讯股份有限公司 | Method, system and user equipment for providing secondary information to a user equipment |
| CN102147842A (en) * | 2010-07-23 | 2011-08-10 | 卡巴斯基实验室封闭式股份公司 | Defense of malware of network resource |
| CN102224505A (en) * | 2008-11-19 | 2011-10-19 | 安全工程有限公司 | System and method for run-time attack prevention |
| CN102413105A (en) * | 2010-09-25 | 2012-04-11 | 杭州华三通信技术有限公司 | Method and device for preventing attack of challenge collapsar (CC) |
-
2012
- 2012-08-30 CN CN2012103169671A patent/CN102801741A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1251669A (en) * | 1997-03-21 | 2000-04-26 | 思维媒体公司 | Method and apparatus for traking client interaction with network resource and creating client profiles and resource database |
| CN101136767A (en) * | 2006-09-01 | 2008-03-05 | 华为技术有限公司 | Assets safety management method, system and network element equipment of telecom network |
| CN101141244A (en) * | 2006-09-08 | 2008-03-12 | 飞塔信息科技(北京)有限公司 | Network encrypted data virus detection and elimination system, proxy server and method |
| CN101675639A (en) * | 2007-01-31 | 2010-03-17 | 索尼爱立信移动通讯股份有限公司 | Method, system and user equipment for providing secondary information to a user equipment |
| CN102224505A (en) * | 2008-11-19 | 2011-10-19 | 安全工程有限公司 | System and method for run-time attack prevention |
| CN102147842A (en) * | 2010-07-23 | 2011-08-10 | 卡巴斯基实验室封闭式股份公司 | Defense of malware of network resource |
| CN102413105A (en) * | 2010-09-25 | 2012-04-11 | 杭州华三通信技术有限公司 | Method and device for preventing attack of challenge collapsar (CC) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103823679A (en) * | 2014-02-24 | 2014-05-28 | 联想(北京)有限公司 | Information processing method and device |
| CN103823679B (en) * | 2014-02-24 | 2018-08-10 | 联想(北京)有限公司 | A kind of information processing method and device |
| CN115051845A (en) * | 2022-06-08 | 2022-09-13 | 北京启明星辰信息安全技术有限公司 | Suspicious traffic identification method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9544318B2 (en) | HTML security gateway | |
| CN103023712B (en) | Method and system for monitoring malicious property of webpage | |
| Xu et al. | Cross-layer detection of malicious websites | |
| US9344446B2 (en) | Systems and methods for malware detection and scanning | |
| US9489515B2 (en) | System and method for blocking the transmission of sensitive data using dynamic data tainting | |
| CN105512559B (en) | It is a kind of for providing the method and apparatus of accession page | |
| KR101724307B1 (en) | Method and system for detecting a malicious code | |
| CN103001817B (en) | A kind of method and apparatus of real-time detection of webpage cross-domain request | |
| CN109768992B (en) | Webpage malicious scanning processing method and device, terminal device and readable storage medium | |
| CN103384888A (en) | Systems and methods for malware detection and scanning | |
| CN105491053A (en) | Web malicious code detection method and system | |
| CN103685294A (en) | Method and device for identifying attack sources of denial of service attack | |
| CN104378255B (en) | The detection method and device of web malicious users | |
| CN113518077A (en) | Malicious web crawler detection method, device, equipment and storage medium | |
| CN104967628A (en) | Deceiving method of protecting web application safety | |
| CN105049440A (en) | Method and system for detecting cross-site scripting attack injection | |
| CN113810381B (en) | Crawler detection method, web application cloud firewall device and storage medium | |
| JP5752642B2 (en) | Monitoring device and monitoring method | |
| Gupta et al. | CSSXC: Context-sensitive sanitization framework for Web applications against XSS vulnerabilities in cloud environments | |
| CN113961930A (en) | SQL injection vulnerability detection method and device and electronic equipment | |
| Canfora et al. | A set of features to detect web security threats | |
| CN103561076B (en) | Webpage trojan-linking real-time protection method and system based on cloud | |
| CN117242446A (en) | Automatic extraction and classification of malicious indicators | |
| CN114006746A (en) | Attack detection method, device, equipment and storage medium | |
| KR101803225B1 (en) | System and Method for detecting malicious websites at high speed based multi-server, multi-docker |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20121128 |