CN103139138A - Application layer denial of service (DoS) protective method and system based on client detection - Google Patents
Application layer denial of service (DoS) protective method and system based on client detection Download PDFInfo
- Publication number
- CN103139138A CN103139138A CN2011103736117A CN201110373611A CN103139138A CN 103139138 A CN103139138 A CN 103139138A CN 2011103736117 A CN2011103736117 A CN 2011103736117A CN 201110373611 A CN201110373611 A CN 201110373611A CN 103139138 A CN103139138 A CN 103139138A
- Authority
- CN
- China
- Prior art keywords
- connection request
- client
- web client
- web
- authentication information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides an application layer DoS protective method and system based on client detection. The method includes step one, a protective device intercepts an initial connection request sent by a WEB client to a WEB server and sends a javascript verification code to the client; step two, the WEB client operates the javascript verification code, if the WEB client cannot operate the javascript verification code successfully, the initial connection request is discarded, if the WEB client can operate the javascript verification code successfully, the WEB client generates authority information and sends a reconnection request containing the authority information to the WEB server; and step three, the protective device intercepts reconnection request, verifies the authority information and allows the reconnection request to pass through if the verification is successful.
Description
Technical field
The present invention relates to the information science technology field, particularly relate to a kind of application layer denial of service means of defence and system that detects based on client.
Background technology
The Dos of Base on Web Server attacks at present more and more general, client can send a large amount of WEB requests to the WEB server by a simple attacker, each client sends a request, the WEB server all needs to complete a series of work, script is resolved, data base querying etc. if the request that client sends is too much, can causes the too much system resource of server consumption and then end client response.
Traditional detection application layer Denial of Service attack is all to analyze in network layer (TCP/UDP), judges attack according to empirical value in the past.Rule of thumb threshold value detects Denial of Service attack, and the product of the actual market of mediating a settlement theoretically reacts, and effect is unsatisfactory.Such detection method, the success rate of detection and accuracy rate are not very high, the situation of error detection often occurs.Such as, in following scene, the detection of mistake will appear in traditional detection method:
Certain shopping website begins a large amount of discounting activities in the specific time.Visit capacity can situation than usual go up much greatly, if also make the attack detecting of a benchmark of usual detection threshold, error detection just occurred, will access normally and be used as attack, thereby cause the business of this website all can't normally carry out.
Can find out from formation and job description to conventional art, traditional detection application layer Denial of Service attack has just utilized service to connect and has added up, and does not have certain connection of real participation.
The technology of traditional detection application layer Denial of Service attack has mainly comprised detection HTTP Proxy Flood, CC Proxy Flood, the attack detecting technology such as Connection Exhausted.The detection method that adopts is divided into two kinds: the first is that statistics is within certain unit interval, from the frequency of certain source address access main frame; The second is, statistics destination host accessed frequency within the unit interval.These two kinds of detection methods mainly comprise the three large steps such as machine statistics, artificial correction, flow matches.
In addition, also having a kind ofly typically take the testing mechanism of Web Server as the basis, is that each client is specified a reliability rating.Reliability rating is to be determined by the expense of Web Server cost on request is processed.The client that reliability rating is high just can be obtained Web request higher in the unit interval, and the Web request amount of the unit interval of the client of low reliability rating can be limited in lower scope and so on.
It is obvious that the shortcoming of this testing mechanism compares, and the Dos query-attack still can be received and process by Web Server.Although within the quantity of Dos query-attack and speed are limited in a very little scope, can not allow it reach the purpose that Dos attacks, Web Sever still can be this part Dos query-attack cost part resource.
Summary of the invention
The technical problem that the present invention solves is, a kind of application layer denial of service means of defence and system that detects based on client is provided, be used for distinguishing legal WEB request and unauthorized access, only connect processing for legal WEB request, and illegal access can be not processed.
Whether the present invention uses browser to conduct interviews for detecting client before client-requested arrival WEB server, browser access is considered as Lawful access, the non-browser access is considered as unauthorized access, uses attacker that the resource of WEB server is consumed to avoid client.
For addressing the above problem, the invention discloses a kind of application layer denial of service means of defence that detects based on client, be applied to comprise that in the system of WEB client, safeguard and WEB server end, the method comprises:
Step 1, this safeguard are tackled this WEB client and are sent to an initial connection request of this WEB server end and send a javascript Validation Code to this WEB client;
Step 2, this WEB client is moved this javascript Validation Code, if this WEB client can't this javascript Validation Code of successful operation, this initial connection request is dropped, if can move successfully this WEB client generates an authentication information, this WEB client send one again connection request to this WEB server end, this again connection request comprise this authentication information;
Step 3, this safeguard are tackled this connection request and this authentication information is verified again, if be verified, to this again connection request let pass.
This step 3 also comprises, this safeguard to verify unsanctioned this again connection request abandon.
This authentication information is random the generation.
This authentication information is included in the arbitrary fields of Cookie, HTTP Referer or HTTP stem.
In this step 2, after this javascript Validation Code moved successfully, this javascript Validation Code forced this WEB client to send this connection request again.
The invention also discloses a kind of application layer denial of service guard system that detects based on client, comprising: WEB client, safeguard and WEB server end;
Wherein, this safeguard is sent to an initial connection request of this WEB server end and sends a javascript Validation Code to this WEB client for this WEB client of interception;
This WEB client is moved this javascript Validation Code, if this WEB client can't this javascript Validation Code of successful operation, this safeguard abandons this initial connection request, this WEB client generates an authentication information if this WEB client can be moved successfully, this WEB client send one again connection request to this WEB server end, this again connection request comprise this authentication information;
This safeguard is tackled this connection request and this authentication information is verified again, if be verified, to this again connection request let pass.
This safeguard to verify unsanctioned this again connection request abandon.
This authentication information is random the generation.
This authentication information is included in the arbitrary fields of Cookie, HTTP Referer or HTTP stem.
After this javascript Validation Code moved successfully, this javascript Validation Code forced this WEB client to send this connection request again.
The present invention has really participated in service and has connected, and illegal WEB request is directly abandoned, and does not carry out subsequent treatment, has saved system resource, has improved the speed that system processes, and has avoided the waste of system resource.Subsequent treatment is carried out in legal WEB request, and accuracy is higher.Simultaneously, the verification method that the present invention adopts can not change the operation logic of business, and this verification method is transparent for the customer, the imperceptible existence that checking is arranged.
Moreover, the present invention has considered the various variant of Denial of Service attack and artificial reverse-examination survey attack option simultaneously.The detection of utilization to the authentication information of random generation, even can in the situation that this javascript Validation Code be cracked, also can't send the correct connection request with client certificate information, thereby realize surveying for artificial reverse-examination the strick precaution of attack option.
Description of drawings
Fig. 1 is the structural representation of a kind of application layer denial of service guard system that detects based on client of the present invention;
Figure 2 shows that the schematic flow sheet of a kind of application layer denial of service means of defence that detects based on client of the present invention.
Embodiment
In order to reach detection, to take precautions against Web application Denial of Service attack, the present invention adopts the mechanism of distinguishing legal Web request and Dos query-attack.The present invention utilizes a kind of client recognition technology take the Web requesting client as the basis, comes the particular type of Intelligent Recognition client.Thereby further, detect whether a Web request is legal, or illegal Dos attacks.
The attack technology of all WEB servers, the client of launching a offensive be all to use attacker to send at short notice a large amount of requests, thereby complete attack.If what client was used is browser, client can't be sent a large amount of requests so.As seen, there is corresponding relation in client type (use browser) with legal WEB request.Therefore, need a kind of means to differentiate the type of client, what namely distinguish the client use is browser, or a kind of program of giving out a contract for a project for attacking, if can judge accurately the type of client, so just can reach good attack-defending effect.
Want the type of identify customer end, the way that the present invention uses is to judge whether client has the ability of resolving the JavaScript script.
JavaScript is a kind of network script language, often be used for improving design, checking list, detect browser, create cookies by webpage, and more the application, all browsers all possess the explanation of javascript script and carry out function, but attacker does not possess the analytic ability of javascript script, and the present invention is used as judging that take this client is whether as the major criterion of browser.
Figure 1 shows that the structural representation of a kind of application layer denial of service guard system that detects based on client of the present invention.This system comprises WEB client 10, safeguard 20 and WEB server end 30.This safeguard 20 can be arranged on separately a server or be arranged in WEB server end 30.
Figure 2 shows that the schematic flow sheet of a kind of application layer denial of service means of defence that detects based on client of the present invention.
Step 201, WEB client 10 sends a connection request A1 to WEB server end 30.
This connection request A1 is for example a HTTP request.
Step 202, safeguard 20 this connection request of interception A1, safeguard 20 sends one section javascript Validation Code to the WEB client 10 that sends this connection request A1 simultaneously.
All browsers all possess the explanation of javascript script and carry out function, but attacker does not possess the analytic ability of javascript script, and the present invention is used as judging that take this client is whether as the major criterion of browser.That is to say, if WEB client 10 is based on real browser, operation javascript Validation Code that just can be correct is not if WEB client 10 is based on real browser, but be used for sending the Dos query-attack, can not correct operation javascript Validation Code.The present invention distinguishes legal WEB request and Dos with this and attacks.
Step 204, safeguard 20 abandon this connection request A1, and the method finishes.
If WEB client 10 can not this javascript Validation Code of successful operation, illustrate that this connection request A1 is not that legal WEB request but Dos attack, so, be identified as the connection request A1 that Dos attacks and be dropped.
In one embodiment, this safeguard 20 does not receive reply over the scheduled time, this reply is for example connection request A2 described in step 205, is considered as " WEB client 10 can not this javascript Validation Code of successful operation ", and safeguard 20 abandons this connection request A1.The mode of other judgements commonly used " WEB client 10 can not this javascript Validation Code of successful operation " is also in open scope of the present invention.
Step 205, this WEB client 10 generates an authentication information, and this WEB client 10 sends a connection request A2 to this WEB server end 30, and this connection request A2 comprises this authentication information.
If WEB client 10 these javascript Validation Codes of energy successful operation, illustrate that this connection request A1 is that legal WEB request rather than Dos attacks, this connection request A1 that is identified as legal WEB request is not dropped and is proceeded follow-up connection and processes.
In step 205, this javascript Validation Code that this WEB client 10 is moved forces this WEB client 10 to send this connection request A2.This authentication information is random the generation.This authentication information can be included in the arbitrary fields of Cookie, HTTP Referer or HTTP stem.
This connection request A1 and this connection request A2 have identical URL, are sent to same address, make the user not change the function logic of original connection procedure to method of the present invention, and be fully transparent to the user.
Step 206, this safeguard 20 is tackled this connection request A2 and also this authentication information is wherein verified, if be verified, execution in step 207, if do not pass through, execution in step 208.
Wherein in step 202, random this authentication information that produces of this safeguard 20 also is recorded in the internal memory of safeguard 20, simultaneously, and with this encrypted authentication information and be added in this javascript Validation Code.If this WEB client 10 can this javascript Validation Code of successful operation, can be correct this authentication information is deciphered and is generated this new connection request A2, this authentication information is comprised in this connection request A2.In step 206, when this connection request of safeguard 20 interception A2, can utilize the authentication information of storing in internal memory to compare with the authentication information in connection request A2, if compare successfully be considered as being verified continuation execution in step 207.
This connection request A2 is sent to WEB server end 30.
Owing to all producing at random this authentication information at every turn, even so cracked this javascript Validation Code, also can't send the correct connection request with client certificate information.Thereby guaranteed the authenticity of connection request.
In one embodiment, connection request A1 is
Http:// www.testdos.com
The connection request A2 that forces client 10 to resend after the javascript Validation Code is carried out is
Http:// www.testdos.com/? cookiesession8341=HLLUNNJJJJ34JJNNL
Wherein, cookiesession8341 is exactly authentication information.
This authentication information also can be included in Cookie, in the arbitrary fields of HTTP Referer or HTTP stem.
The present invention has adopted a kind of rational affirmation mechanism for fear of the drawback of traditional detection method.The present invention has really participated in service and has connected, and adopts verification technique.After client sends connection request, tackle immediately the connection request that this client sends, verify, if be judged as non-legal WEB request, directly abandon, do not carry out subsequent treatment, save system resource, improved the speed that system processes, avoided the waste of system resource.Just carry out subsequent treatment if be judged as legal WEB request.Simultaneously, the verification method that the present invention adopts can not change the operation logic of business, and this verification method is transparent for the customer, the imperceptible existence that checking is arranged, and accuracy is higher.
Moreover, the present invention has considered simultaneously, the various variant of Denial of Service attack and artificial reverse-examination survey attack option.The detection of utilization to the authentication information of random generation, even can in the situation that this javascript Validation Code be cracked, also can't send the correct connection request with client certificate information, thereby realize surveying for artificial reverse-examination the strick precaution of attack option.
Claims (10)
1. an application layer denial of service means of defence that detects based on client, be applied to comprise in the system of WEB client, safeguard and WEB server end, and it is characterized in that, the method comprises:
Step 1, this safeguard are tackled this WEB client and are sent to an initial connection request of this WEB server end and send a javascript Validation Code to this WEB client;
Step 2, this WEB client is moved this javascript Validation Code, if this WEB client can't this javascript Validation Code of successful operation, this initial connection request is dropped, if can move successfully this WEB client generates an authentication information, this WEB client send one again connection request to this WEB server end, this again connection request comprise this authentication information;
Step 3, this safeguard are tackled this connection request and this authentication information is verified again, if be verified, to this again connection request let pass.
2. the method for claim 1, is characterized in that, this step 3 further comprises, this safeguard to verify unsanctioned this again connection request abandon.
3. the method for claim 1, is characterized in that, this authentication information is random the generation.
4. the method for claim 1, is characterized in that, this authentication information is included in the arbitrary fields of Cookie, HTTP Referer or HTTP stem.
5. the method for claim 1, is characterized in that, in this step 2, after this javascript Validation Code moved successfully, this javascript Validation Code forced this WEB client to send this connection request again.
6. an application layer denial of service guard system that detects based on client, is characterized in that, comprising: WEB client, safeguard and WEB server end;
Wherein, this safeguard is sent to an initial connection request of this WEB server end and sends a javascript Validation Code to this WEB client for this WEB client of interception;
This WEB client is moved this javascript Validation Code, if this WEB client can't this javascript Validation Code of successful operation, this safeguard abandons this initial connection request, this WEB client generates an authentication information if this WEB client can be moved successfully, this WEB client send one again connection request to this WEB server end, this again connection request comprise this authentication information;
This safeguard is tackled this connection request and this authentication information is verified again, if be verified, to this again connection request let pass.
7. system as claimed in claim 6, is characterized in that, this safeguard to verify unsanctioned this again connection request abandon.
8. system as claimed in claim 6, is characterized in that, this authentication information is random the generation.
9. system as claimed in claim 6, is characterized in that, this authentication information is included in the arbitrary fields of Cookie, HTTP Referer or HTTP stem.
10. system as claimed in claim 6, is characterized in that, after this javascript Validation Code moved successfully, this javascript Validation Code forced this WEB client to send this connection request again.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110373611.7A CN103139138B (en) | 2011-11-22 | 2011-11-22 | A kind of application layer denial of service means of defence based on client detection and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110373611.7A CN103139138B (en) | 2011-11-22 | 2011-11-22 | A kind of application layer denial of service means of defence based on client detection and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103139138A true CN103139138A (en) | 2013-06-05 |
| CN103139138B CN103139138B (en) | 2016-02-03 |
Family
ID=48498453
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110373611.7A Active CN103139138B (en) | 2011-11-22 | 2011-11-22 | A kind of application layer denial of service means of defence based on client detection and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103139138B (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103997494A (en) * | 2014-05-22 | 2014-08-20 | 北京京东尚科信息技术有限公司 | Method and system for defending hacker attacks |
| CN104023024A (en) * | 2014-06-13 | 2014-09-03 | 中国民航信息网络股份有限公司 | Network defense method and device |
| CN105162793A (en) * | 2015-09-23 | 2015-12-16 | 上海云盾信息技术有限公司 | Method and apparatus for defending against network attacks |
| CN105430011A (en) * | 2015-12-25 | 2016-03-23 | 杭州朗和科技有限公司 | Method and device for detecting distributed denial of service attack |
| CN105592070A (en) * | 2015-11-16 | 2016-05-18 | 中国银联股份有限公司 | Application level DDoS defense method and system |
| CN105610856A (en) * | 2016-01-26 | 2016-05-25 | 深圳一卡易网络科技有限公司 | DDoS(Distributed Denial of Service)attack defensive system for application layer based on multiple feature recognition |
| CN105656912A (en) * | 2016-01-29 | 2016-06-08 | 广西咪付网络技术有限公司 | Mobile intelligent terminal APP request process control method |
| CN105897694A (en) * | 2016-03-25 | 2016-08-24 | 网宿科技股份有限公司 | Session identification method and system of client |
| CN107241306A (en) * | 2017-01-06 | 2017-10-10 | 深圳市九州安域科技有限公司 | A kind of man-machine recognition methods, service end, client and man-machine identifying system |
| WO2017206605A1 (en) * | 2016-05-31 | 2017-12-07 | 阿里巴巴集团控股有限公司 | Method and device for preventing server from being attacked |
| CN107786489A (en) * | 2016-08-24 | 2018-03-09 | 腾讯科技(深圳)有限公司 | Access request verification method and device |
| CN110554651A (en) * | 2019-09-19 | 2019-12-10 | 哈尔滨工业大学 | Private Internet of things system for measuring and controlling temperature of microfluidic chip |
| CN111478903A (en) * | 2020-04-07 | 2020-07-31 | 浙江同花顺智能科技有限公司 | Client-based verification method, server and storage medium |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106254347B (en) * | 2016-08-03 | 2019-08-02 | 浙江宇视科技有限公司 | A kind of WEB page access method and device |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1598807A (en) * | 2003-09-17 | 2005-03-23 | 深圳市格林耐特通信技术有限责任公司 | WEB identification method |
| CN1798024A (en) * | 2004-12-20 | 2006-07-05 | 上海贝尔阿尔卡特股份有限公司 | Method and device for implementing multicast authentication and fee charging |
| CN101247391A (en) * | 2007-12-28 | 2008-08-20 | 上海电力学院 | OPC safety proxy system and proxy method thereof |
| CN101436958A (en) * | 2007-11-16 | 2009-05-20 | 太极计算机股份有限公司 | Method for resisting abnegation service aggression |
| CN101901221A (en) * | 2009-05-27 | 2010-12-01 | 北京启明星辰信息技术股份有限公司 | Method and device for detecting cross site scripting |
| CN101951603A (en) * | 2010-10-14 | 2011-01-19 | 中国电子科技集团公司第三十研究所 | Access control method and system for wireless local area network |
| WO2011064081A1 (en) * | 2009-11-30 | 2011-06-03 | International Business Machines Corporation | Method and apparatus for security validation of input data |
-
2011
- 2011-11-22 CN CN201110373611.7A patent/CN103139138B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1598807A (en) * | 2003-09-17 | 2005-03-23 | 深圳市格林耐特通信技术有限责任公司 | WEB identification method |
| CN1798024A (en) * | 2004-12-20 | 2006-07-05 | 上海贝尔阿尔卡特股份有限公司 | Method and device for implementing multicast authentication and fee charging |
| CN101436958A (en) * | 2007-11-16 | 2009-05-20 | 太极计算机股份有限公司 | Method for resisting abnegation service aggression |
| CN101247391A (en) * | 2007-12-28 | 2008-08-20 | 上海电力学院 | OPC safety proxy system and proxy method thereof |
| CN101901221A (en) * | 2009-05-27 | 2010-12-01 | 北京启明星辰信息技术股份有限公司 | Method and device for detecting cross site scripting |
| WO2011064081A1 (en) * | 2009-11-30 | 2011-06-03 | International Business Machines Corporation | Method and apparatus for security validation of input data |
| CN101951603A (en) * | 2010-10-14 | 2011-01-19 | 中国电子科技集团公司第三十研究所 | Access control method and system for wireless local area network |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103997494B (en) * | 2014-05-22 | 2018-02-06 | 北京京东尚科信息技术有限公司 | A kind of method and system for resisting assault |
| CN103997494A (en) * | 2014-05-22 | 2014-08-20 | 北京京东尚科信息技术有限公司 | Method and system for defending hacker attacks |
| CN104023024A (en) * | 2014-06-13 | 2014-09-03 | 中国民航信息网络股份有限公司 | Network defense method and device |
| CN105162793A (en) * | 2015-09-23 | 2015-12-16 | 上海云盾信息技术有限公司 | Method and apparatus for defending against network attacks |
| CN105592070A (en) * | 2015-11-16 | 2016-05-18 | 中国银联股份有限公司 | Application level DDoS defense method and system |
| CN105592070B (en) * | 2015-11-16 | 2018-10-23 | 中国银联股份有限公司 | Application layer DDoS defence methods and system |
| CN105430011A (en) * | 2015-12-25 | 2016-03-23 | 杭州朗和科技有限公司 | Method and device for detecting distributed denial of service attack |
| CN105430011B (en) * | 2015-12-25 | 2019-02-26 | 杭州朗和科技有限公司 | A kind of method and apparatus detecting distributed denial of service attack |
| CN105610856A (en) * | 2016-01-26 | 2016-05-25 | 深圳一卡易网络科技有限公司 | DDoS(Distributed Denial of Service)attack defensive system for application layer based on multiple feature recognition |
| CN105656912A (en) * | 2016-01-29 | 2016-06-08 | 广西咪付网络技术有限公司 | Mobile intelligent terminal APP request process control method |
| CN105897694A (en) * | 2016-03-25 | 2016-08-24 | 网宿科技股份有限公司 | Session identification method and system of client |
| CN105897694B (en) * | 2016-03-25 | 2019-02-26 | 网宿科技股份有限公司 | A kind of client session recognition methods and system |
| WO2017206605A1 (en) * | 2016-05-31 | 2017-12-07 | 阿里巴巴集团控股有限公司 | Method and device for preventing server from being attacked |
| US10965689B2 (en) | 2016-05-31 | 2021-03-30 | Advanced New Technologies Co., Ltd. | Method and device for preventing server from being attacked |
| US10986101B2 (en) | 2016-05-31 | 2021-04-20 | Advanced New Technologies Co., Ltd. | Method and device for preventing server from being attacked |
| CN107786489A (en) * | 2016-08-24 | 2018-03-09 | 腾讯科技(深圳)有限公司 | Access request verification method and device |
| CN107241306A (en) * | 2017-01-06 | 2017-10-10 | 深圳市九州安域科技有限公司 | A kind of man-machine recognition methods, service end, client and man-machine identifying system |
| CN107241306B (en) * | 2017-01-06 | 2020-11-06 | 深圳市九州安域科技有限公司 | Man-machine identification method, server, client and man-machine identification system |
| CN110554651A (en) * | 2019-09-19 | 2019-12-10 | 哈尔滨工业大学 | Private Internet of things system for measuring and controlling temperature of microfluidic chip |
| CN110554651B (en) * | 2019-09-19 | 2021-07-30 | 哈尔滨工业大学 | Private Internet of things system for measuring and controlling temperature of microfluidic chip |
| CN111478903A (en) * | 2020-04-07 | 2020-07-31 | 浙江同花顺智能科技有限公司 | Client-based verification method, server and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103139138B (en) | 2016-02-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103139138B (en) | A kind of application layer denial of service means of defence based on client detection and system | |
| US10841324B2 (en) | Method and system for uniquely identifying a user computer in real time using a plurality of processing parameters and servers | |
| CN107426181B (en) | The hold-up interception method and device of malice web access request | |
| CN107770171B (en) | Verification method and system for anti-crawler of server | |
| CN104519018B (en) | A kind of methods, devices and systems preventing the malicious requests for server | |
| US9112828B2 (en) | Method for defending against session hijacking attacks and firewall | |
| CN107634967B (en) | CSRFtoken defense system and method for CSRF attack | |
| Bin et al. | A DNS based anti-phishing approach | |
| CN110417778B (en) | Access request processing method and device | |
| US20100154055A1 (en) | Prefix Domain Matching for Anti-Phishing Pattern Matching | |
| US20050108569A1 (en) | Internet site authentication service | |
| CN109495423A (en) | A kind of method and system preventing network attack | |
| KR101369743B1 (en) | Apparatus and method for verifying referer | |
| CN107612926B (en) | One-sentence speech WebShell interception method based on client recognition | |
| CN109361685B (en) | Method for preventing malicious request | |
| WO2018066000A1 (en) | System and method to detect and block bot traffic | |
| CN104348789A (en) | Web server and method for preventing cross-site scripting attack | |
| CN103152325B (en) | Prevent the method by sharing mode access the Internet and device | |
| CN106209907B (en) | Method and device for detecting malicious attack | |
| CN113572793B (en) | Access request capturing method and device, computer equipment and storage medium | |
| CN102510386B (en) | Distributed attack prevention method and device | |
| EP3938939A1 (en) | Verifying device and application integrity | |
| CN105592070B (en) | Application layer DDoS defence methods and system | |
| Oo et al. | Enhancement of preventing application layer based on DDoS attacks by using hidden semi-Markov model | |
| Singh | Detection of Phishing e-mail |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |