CN103166966B - Identify the method to the unauthorized access request of website and device - Google Patents
Identify the method to the unauthorized access request of website and device Download PDFInfo
- Publication number
- CN103166966B CN103166966B CN201310072219.8A CN201310072219A CN103166966B CN 103166966 B CN103166966 B CN 103166966B CN 201310072219 A CN201310072219 A CN 201310072219A CN 103166966 B CN103166966 B CN 103166966B
- Authority
- CN
- China
- Prior art keywords
- legal
- access request
- parameter
- request
- http
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a kind of identification to the method for the unauthorized access request of website and device, belong to technical field of network security.Described method comprises: the legal range obtaining the http access request parameters of website, and is loaded by the validity rule of described legal range as parameter; Intercept and capture user browser to the http access request of website; The http access request intercepted is mated with the validity rule of parameter, determines that whether the http access request intercepted is legal according to matching result.The present invention can obtain the legal range of required parameter accurately, easily, and the legal range be conducive to according to getting identifies accurately illegal request and tackles.
Description
Technical field
The present invention relates to network safety filed, particularly relate to a kind of identification to the method for the unauthorized access request of website and device.
Background technology
The safety problem of current web is day by day serious, website webmaster can adopt a lot of measure to prevent server from being attacked and to invade, the log recording wherein checking webpage (Web) server is in time the most direct, the most frequently used, and is that one compares effective method.By the monitoring to Web server journal file, suspicious movable sign can be found, obtain hacker attacks gimmick and associative operation, and the leak place of system, thus take precautions against.
But finding out the clues and traces attacking Web server in journal file is not very simple and clear something, because entry is various in journal file, this just needs keeper to have abundant knowledge and experience, and has enough carefulnesses and patience.
Similarly, existingly a kind ofly identify that the scheme of illegal http request is, according to known attack strategy (such as cross-site attack, sql injection attacks), formulate Corresponding matching strategy (judging the forbidden character in request and illegal keyword) and tackle illegal request.The approach realizing the program utilizes special hardware firewall to filter to load respective rule.
In prior art, no matter be identify illegal request according to journal file, or tackle illegal request according to predetermined matching strategy, it is all the method being similar to blacklist filtration, there is following shortcoming in it: can only identify or tackle known specific attack type, underaction; Can not identify that some are not present in the illegal request in blacklist; Cost is higher.
And existing scheme does not make full use of the abundant information comprised in journal file.
Summary of the invention
In view of this, the object of this invention is to provide species to the method for the unauthorized access request of website and device, can obtain the legal range of required parameter accurately, easily, the legal range be conducive to according to getting identifies accurately illegal request and tackles.
For achieving the above object, the invention provides technical scheme as follows:
Identify the method to the unauthorized access request of website, comprising:
Obtain the legal range of the http access request parameters of website, and the validity rule of described legal range as parameter is loaded;
Intercept and capture user browser to the http access request of website;
The http access request intercepted is mated with the validity rule of parameter, determines that whether the http access request intercepted is legal according to matching result.
Alternatively, the legal range of the http access request parameters of described acquisition website specifically comprises:
Obtain the http access log file of website;
From described journal file, filter out log recording corresponding to legal http request, obtain legal log recording set;
According to described legal log recording set, extract the legal range of access request parameters.
Alternatively, the legal range of access request parameters be following in one or more:
The parameter name allowed; The type of parameter; The maximum length of parameter value; The spcial character occurred is allowed in parameter value.
Alternatively, described according to described legal log recording set, extract the legal range of access request parameters, specifically comprise:
Requesting method corresponding to each http request and request resource is obtained from described log recording set;
For each request resource, obtain corresponding parameter name-parameter value list;
According to described parameter name-parameter value list legal range getparms.
Alternatively, described the http access request intercepted to be mated with the validity rule of parameter, determines that whether the http access request intercepted is legal according to matching result, specifically comprise:
Http access request is resolved, obtains the resource of request, the method for request and required parameter;
Mated with described validity rule by analysis result, the match is successful, then determine that http access request is legal, it fails to match, then determine that http access request is illegal.
Identify the device to the unauthorized access request of website, comprising:
Load-on module, for obtaining the legal range of the http access request parameters of website, and loads the validity rule of described legal range as parameter;
Interception module, for intercepting and capturing the http access request of user browser to website;
According to matching result, matching module, for the http intercepted access request being mated with the validity rule of parameter, determines that whether the http access request intercepted is legal.
Alternatively, described load-on module specifically for:
Obtain the http access log file of website;
From described journal file, filter out log recording corresponding to legal http request, obtain legal log recording set;
According to described legal log recording set, extract the legal range of access request parameters.
Alternatively, the legal range of access request parameters be following in one or more:
The parameter name allowed; The type of parameter; The maximum length of parameter value; The spcial character occurred is allowed in parameter value.
Alternatively, described according to described legal log recording set, extract the legal range of access request parameters, specifically comprise:
Requesting method corresponding to each http request and request resource is obtained from described log recording set;
For each request resource, obtain corresponding parameter name-parameter value list;
According to described parameter name-parameter value list legal range getparms.
Alternatively, described matching module specifically for:
Http access request is resolved, obtains the resource of request, the method for request and required parameter;
Mated with described validity rule by analysis result, the match is successful, then determine that http access request is legal, it fails to match, then determine that http access request is illegal.。
According to technique scheme of the present invention, do not need manual analysis, automatically the legal range of http request parameter can be obtained from web log file, obtain m odel validity rule (being similar to white list to filter), just can realize identifying accurately illegal request and tackling according to this m odel validity rule.
Accompanying drawing explanation
Fig. 1 is the method flow diagram of analyzing web site access request parameters legal range according to an embodiment of the invention;
Fig. 2 is the method flow diagram of the unauthorized access request identified according to an embodiment of the invention website;
Fig. 3 is the structure drawing of device of analyzing web site access request parameters legal range according to an embodiment of the invention;
Fig. 4 is the structure drawing of device of the unauthorized access request identified according to an embodiment of the invention website.
Embodiment
For ease of better understanding the present invention, first the access log file of website is simply introduced here.
IIS is the abbreviation of InternetInformationServer, is meant to Internet Information Services.The WEB daily record of IIS is exactly the log of website under IIS, and each visitor sends a http request to website, and no matter whether this access is successful, and journal file all can carry out record.
Daily record comprises following message: who have accessed website, and which content visitor has checked and checked the time etc. of information for the last time.Due to the relative recording recording all access Web services of IIS loyalty, therefore make full use of daily record, just can carry out intrusion detection, traffic statistics analysis, solve IIS server failure, and solve page fault.
IIS6.0 WEB journal file acquiescence deposit position be %systemroot% system32 LogFiles, acquiescence daily record every day.If do not protected journal file; invaded person can be easy to find and the vestige in daily record is removed; therefore the catalogue not using acquiescence is advised; change the path of a log; journal file access rights are set simultaneously, only allow keeper and SYSTEM (system) to be the authority controlled completely.
The name format of journal file is: the ex+ time last two digits+month+date, the WEB journal file as on August 10th, 2002 is ex020810.log.The journal file of IIS is all text, any editing machine can be used to open, such as organizer program, and suggestion uses UltraEdit editing machine to edit.
Journal format is fixing ASCII fromat, carries out record by World Wide Web Consortium (WorldWideWebConsortium, W3C) standard.
Journal file beginning four lines is descriptive information, as follows:
#Software generates software
#Version version
There is the date in #Date daily record
#Fields field, the form of display recorded information, can be self-defined by IIS.
The main body of daily record is solicited message one by one, and the form of solicited message is by Field Definition, and each interfield space separates.
Conventional field is explained as follows:
There is the date of request in data;
There is the time of request in time;
S-sitename meets the website example number of request;
S-ip generates the server ip address of journal entry;
Cs-method requesting method, namely client attempts the operation (such as GET or POST method) of execution;
The resource of cs-uri-stem access, such as Index.htm;
The subsidiary parameter of cs-uri-query reference address, if do not have parameter, represents by hyphen "-";
The port numbers that s-port client's side link arrives;
Cs-username access services device by the user's name of authentication, anonymous hyphen represents;
The client ip address of c-ip access services device;
Cs-version client protocol version;
The browser type that cs (User-Agent) client uses;
Cs (Referer) quotes website (website of user's last visit, this website provides and the linking of current site);
Sc-status responsive state code, common are 200 expression successes, 403 represent do not have authority, and 404 expressions can not find this page, and 500 representation programs are wrong;
The sub-state code of sc-substatus;
Sc-win32-statusWindows state code.
Enumerate the form (each journal file has following 4 row) that journal file is described below:
#Software:MicrosoftInternetInformationServices6.0
#Version:1.0
#Date:2008-03-3108:00:03
#Fields:datetimes-sitenames-ipcs-methodcs-uri-stemcs-uri-querys-portcs-usernamec-ip
cs(User-Agent)sc-statussc-substatussc-win32-status
2008-03-3108:02:34W3SVC72812902192.168.1.133GET/login.htm-80-192.168.1.127
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+(R1+1.5);+.NET+CLR+1.1.4322)20000
Each row has clearly write down Terminal Server Client respectively above:
Access time 2008-03-3108:02:34
The IP address 192.168.1.133 of institute's access services device
The operation GET/login.htm performed
Access port 80
Client ip address 192.168.1.127
Browser type Mozilla/4.0+
Http response conditional code 200
The present invention carrys out the legal range of analyzing web site access request parameters just according to the journal file of website, after obtaining the legal range of required parameter, this legal range is considered as the validity rule of parameter, according to the validity rule of parameter, just can identifies unauthorized access request.
Describe the present invention below in conjunction with accompanying drawing.
Fig. 1 is the method flow diagram of analyzing web site access request parameters legal range according to an embodiment of the invention.With reference to Fig. 1, described method can comprise the steps:
Step 101, obtains the http access log file of website;
Step 102, filters out log recording corresponding to legal http request from described journal file, obtains legal log recording set;
Responsive state code can be that the log recording of 200 is as log recording corresponding to legal http request by the corresponding log recording of each http request in journal file.
Step 103, extracts the legal range of access request parameters according to described legal log recording set.
Further, after the legal range extracting parameter, can also using the legal range of parameter as xml file output.The relative plain text format of xml form has the following advantages: be convenient to exchanges data; The clear relation shown between data; Logic is stronger, is convenient to program and reads.
Wherein, the legal range of parameter can be following in one or more:
The parameter name allowed; The type (such as, character type, numeric type etc.) of parameter; The maximum length of parameter value; Allow in parameter value occur spcial character (in the present invention, numeral and letter are considered as ordinary symbol, in addition be considered as spcial character, such as, underscore, dollar mark () etc. are all considered as spcial character).
Due to each bar log recording in legal log recording set corresponding be legal http request, therefore, wherein each kind of parameter is then legal parameters, can obtain the legal range of access request parameters, specifically can comprise the steps: according to these legal parameters
Step S1, obtains requesting method corresponding to each http request and request resource from described log recording set;
Requesting method can be get, post etc.In the present invention, each request resource in described log recording set can be identified as legal request resource, wherein, described request resource can identify with URL.
Step S2, for each request resource, obtains corresponding parameter name-parameter value list;
Due to corresponding many log recordings of each request resource possibility, therefore, the parameter name that this request resource is corresponding can be identified as legal parameters title (parameter name of permission).Further, for certain parameter name under this request resource, the corresponding multiple parameter values of possibility, so, these parameter values are just added up, just can obtain described parameter name-parameter value list.
Step S3, according to described parameter name-parameter value list legal range getparms.
Wherein, for the maximum length that parameter value allows, the maximum length that the maximum length can choosing the parameter value existed in described parameter name-parameter value list allows as the parameter value that relevant parameter title is corresponding.
For the spcial character that parameter value allows, for all parameter names, the spcial character occurred in parameter value and frequency can be added up, frequency of occurrences height and the spcial character of pre-determined threshold are thought the spcial character that can occur in corresponding parameter value.
Suppose to have filtered out following legal log recording set:
test.com/a.php?userid=10&product_name=good&price=123.4
test.com/a.php?userid=20&product_name=1234&price=100
test.com/a.php?userid=303&product_name=a-b&price=10
test.com/a.php?userid=40&product_name=a-c&price=1
test2.com/a.php?userid=10&product_name=_asd&price=123
Then for the maximum length that parameter value allows: the maximum length that the userid under a.php occurs is 3 (Article 3), the maximum length that product_name occurs is 4.Therefore the last rule generated out is: the parameter value maximum length that under a.php, userid parameter is corresponding is parameter value maximum length corresponding to 3, product_name parameter is 4.
Spcial character for allowing out in parameter value: according to above-mentioned daily record, can do following statistics, for product_name parameter:
Spcial character number of times
-(horizontal line) 2
_ (underscore) 1
If arrange if there is spcial character number of times be more than or equal to 2 times, just think that this spcial character can occur, then can think-(horizontal line) be allow appearance spcial character.
Further, following rule can also be generated: can occur in all product_name of website-(horizontal line), but not allow to occur _ (underscore).
In addition, for the maximum length that parameter value allows, the embodiment of the present invention also provides a kind of method of supervised learning, by a part of log recording in legal log recording set as training set, remaining part is as test set, by constantly adjusting the parameter of anticipation function, and verify the accuracy of function with test set, thus obtain best anticipation function.
Suppose the record having now 10 band parameters of accessing for specific url, can using front 5 as training set, rear 5 as test set, learning function infers by front 5 records the maximum length parameter value, then utilize rear 5 conduct tests, judge that whether this maximum length is reasonable.
For the spcial character allowing in parameter value to occur, the embodiment of the present invention also provides a kind of method of deduction, namely feature database is set up, store spcial character and occurrence frequency (adding up with file-name field) that in all study websites, field (parameter name) allows, and think that the special field that certain field occurrence frequency is high in feature database is the attribute that this field generally has, so, the spcial character that in feature database, certain field occurrence frequency is high is the spcial character that the same file-name field in website to be learned (allow the prerequisite of spcial character in this field under) allows.
Further, the embodiment of the present invention also provides a kind of incremental learning method to obtain the legal range of access parameter.Incremental learning is namely: on the basis of the rule of this website existing, by the access log file of this website, extract the information such as url, required parameter wherein, obtain the spcial character of specifying and may occur in the parameter length of url and parameter in conjunction with above-mentioned study thinking, these information to be recorded and stored in database.
For a simple example:
For www.test.com website, there are 2 rules, the number of the parameter that such as www.test.com/a.php allows is 2, the maximum length that parameter value allows is 5, present www.test.com has again new daily record, can supplement and improve existing rule according to daily record in conjunction with existing rule, the number improving out the parameter that a.php allows is 3, and the maximum length that parameter value allows is 10.
Said method can use software simulating, also can use hardware implementing.When implemented in software, under this program may operate in python environment, and be support with mysql, such as, operate in Linux system.
According to the technique scheme of the embodiment of the present invention, do not need manual analysis, automatically can obtain the legal range of http request parameter from web log file.
Further, after the legal range obtaining http request parameter, just can, using this legal range as m odel validity rule, just can realize identifying accurately illegal request and tackling according to this m odel validity rule.
Fig. 2 is the method flow diagram of the unauthorized access request identified according to an embodiment of the invention website.With reference to Fig. 2, described method can comprise the steps:
Step 201, obtains the legal range of the http access request parameters of website, and is carried out loading (or storage) by the validity rule of described legal range as parameter;
Step 202, intercepts and captures user browser to the http access request of website;
Step 203, mates the http access request intercepted with the validity rule of parameter, and determines that whether the http access request intercepted is legal according to matching result.
Can resolve http access request, obtain the resource of request, the method for request and various parameter, then, mated with described validity rule by analysis result, the match is successful, then determine that http access request is legal, otherwise, determine that http access request is illegal.
In step 203, matching process specifically can comprise:
Judge that whether the resource of asking is legal, in the legal range of the required parameter that conducts interviews is analyzed, legal the Resources list can be obtained, by judging whether the resource of asking can determine in legal the Resources list that the resource of asking whether could;
Judge that whether request type (get/post) is legal;
Whether the type (numeral/character string) of identification parameter, the length of parameter value is legal.
According to said method, for the request of a website, the m odel validity rule according to correspondence identifies, if effectively, can by request forward to actual site, otherwise directly tackle, record the relevant information of this request simultaneously, to improve corresponding rule afterwards.
Further, the relevant information of illegal request can also be recorded in journal file.
As a kind of implementation, the method for the above-mentioned identification illegal request of the embodiment of the present invention according to existing m odel validity rule, and can tackle illegal request in conjunction with ngnix program.Identify legal request according to valid parameter value, compare conventional method more intelligent, efficient.Meanwhile, utilize efficient nginx server to support filter request, can greatly reduce costs.
Below the device realizing above-mentioned acquisition methods and recognition methods is provided respectively.
Fig. 3 is the structure drawing of device of analyzing web site access request parameters legal range according to an embodiment of the invention.With reference to Fig. 3, described device can comprise acquisition module 31, screening module 32 and analysis module 33, wherein:
Acquisition module 31 is for obtaining the http access log file of website;
Screening module 32, for filtering out log recording corresponding to legal http request from described journal file, obtains legal log recording set;
Analysis module 33, for according to described legal log recording set, extracts the legal range of access request parameters.
The specific works principle of described device can be shown in Figure 1 method, repeat no more here.
Fig. 4 is the structure drawing of device of the unauthorized access request identified according to an embodiment of the invention website.With reference to Fig. 4, described device can comprise: load-on module 41, interception module 42 and matching module 43, wherein:
The validity rule of described legal range as parameter for obtaining the legal range of the http access request parameters of website, and loads by load-on module 41;
Interception module 42 is for intercepting and capturing the http access request of user browser to website;
According to matching result, matching module 43, for the http intercepted access request being mated with the validity rule of parameter, determines that whether the http access request intercepted is legal.
The specific works principle of described device can be shown in Figure 2 method, repeat no more here.
It should be noted that, can perform in the computer system being such as provided with one group of computer executable instructions in the step shown in the flow chart of accompanying drawing, and, although show logical order in flow charts, but in some cases, can be different from the step shown or described by order execution herein.In addition, those skilled in the art should be understood that, above-mentioned of the present invention each module or each step can realize with general calculation element, they can concentrate on single calculation element, or be distributed on network that multiple calculation element forms, alternatively, they can realize with the executable program code of calculation element, thus, they can be stored and be performed by calculation element in the storage device, or they are made into each integrated circuit modules respectively, or the multiple module in them or step are made into single integrated circuit module to realize.Like this, the present invention is not restricted to any specific hardware and software combination.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, within the spirit and principles in the present invention all, any amendment made, equivalent replacement, improvement etc., all should be included within the scope of protection of the invention.
Claims (6)
1. identify the method to the unauthorized access request of website, it is characterized in that, comprising:
Obtain the legal range of the http access request parameters of website, and the validity rule of described legal range as parameter is loaded;
Intercept and capture user browser to the http access request of website;
The http access request intercepted is mated with the validity rule of parameter, determines that whether the http access request intercepted is legal according to matching result;
The legal range of the http access request parameters of described acquisition website specifically comprises:
Obtain the http access log file of website;
From described journal file, filter out log recording corresponding to legal http request, obtain legal log recording set;
According to described legal log recording set, extract the legal range of access request parameters, specifically comprise:
Requesting method corresponding to each http request and request resource is obtained from described legal log recording set;
For each request resource, obtain corresponding parameter name-parameter value list;
According to described parameter name-parameter value list legal range getparms;
Wherein, for the maximum length that parameter value allows, using a part of log recording in described legal log recording set as training set, remaining part is as test set, by constantly adjusting the parameter of anticipation function, and verify the accuracy of function with test set, thus obtain best anticipation function.
2. the method for claim 1, is characterized in that, the legal range of access request parameters be following in one or more:
The parameter name allowed; The type of parameter; The maximum length of parameter value; The spcial character occurred is allowed in parameter value.
3. method as claimed in claim 1 or 2, is characterized in that, describedly the http access request intercepted is mated with the validity rule of parameter, determines that whether the http access request intercepted is legal, specifically comprise according to matching result:
Http access request is resolved, obtains the resource of request, the method for request and required parameter;
Mated with described validity rule by analysis result, the match is successful, then determine that http access request is legal, it fails to match, then determine that http access request is illegal.
4. identify the device to the unauthorized access request of website, it is characterized in that, comprising:
Load-on module, for obtaining the legal range of the http access request parameters of website, and loads the validity rule of described legal range as parameter;
Interception module, for intercepting and capturing the http access request of user browser to website;
According to matching result, matching module, for the http intercepted access request being mated with the validity rule of parameter, determines that whether the http access request intercepted is legal;
Described load-on module specifically for:
Obtain the http access log file of website;
From described journal file, filter out log recording corresponding to legal http request, obtain legal log recording set;
According to described legal log recording set, extract the legal range of access request parameters, specifically comprise:
Requesting method corresponding to each http request and request resource is obtained from described legal log recording set;
For each request resource, obtain corresponding parameter name-parameter value list;
According to described parameter name-parameter value list legal range getparms;
Wherein, for the maximum length that parameter value allows, using a part of log recording in described legal log recording set as training set, remaining part is as test set, by constantly adjusting the parameter of anticipation function, and verify the accuracy of function with test set, thus obtain best anticipation function.
5. device as claimed in claim 4, is characterized in that, the legal range of access request parameters be following in one or more:
The parameter name allowed; The type of parameter; The maximum length of parameter value; The spcial character occurred is allowed in parameter value.
6. the device as described in claim 4 or 5, is characterized in that, described matching module specifically for:
Http access request is resolved, obtains the resource of request, the method for request and required parameter;
Mated with described validity rule by analysis result, the match is successful, then determine that http access request is legal, it fails to match, then determine that http access request is illegal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310072219.8A CN103166966B (en) | 2013-03-07 | 2013-03-07 | Identify the method to the unauthorized access request of website and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310072219.8A CN103166966B (en) | 2013-03-07 | 2013-03-07 | Identify the method to the unauthorized access request of website and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103166966A CN103166966A (en) | 2013-06-19 |
| CN103166966B true CN103166966B (en) | 2015-12-09 |
Family
ID=48589705
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310072219.8A Active CN103166966B (en) | 2013-03-07 | 2013-03-07 | Identify the method to the unauthorized access request of website and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103166966B (en) |
Families Citing this family (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104023033A (en) * | 2014-06-24 | 2014-09-03 | 浪潮电子信息产业股份有限公司 | Safety production method for cloud services |
| CN105306465B (en) * | 2015-10-30 | 2019-01-18 | 新浪网技术(中国)有限公司 | Web portal security accesses implementation method and device |
| CN107395553B (en) * | 2016-05-17 | 2021-02-02 | 腾讯科技(深圳)有限公司 | Network attack detection method, device and storage medium |
| CN106326419B (en) * | 2016-08-24 | 2020-06-12 | 腾讯科技(深圳)有限公司 | Network automata processing method and device |
| CN107644166A (en) * | 2017-09-22 | 2018-01-30 | 成都知道创宇信息技术有限公司 | It is a kind of based on the WEB application safety protecting method learnt automatically |
| CN109801092B (en) * | 2017-11-16 | 2023-09-08 | 腾讯科技(武汉)有限公司 | Resource security management method, device, computer equipment and storage medium |
| CN109379404B (en) * | 2018-09-14 | 2022-04-01 | 厦门天锐科技股份有限公司 | Method for forwarding data based on TDI drive and effective proxy of proxy server |
| CN112751900B (en) * | 2019-10-31 | 2024-04-09 | 北京京东尚科信息技术有限公司 | Network request processing method and device |
| CN111107101A (en) * | 2019-12-30 | 2020-05-05 | 微梦创科网络科技(中国)有限公司 | Firewall system and method for multi-dimensional filtering request of nginx |
| CN114598687B (en) * | 2022-01-19 | 2024-02-23 | 深圳智游网安科技有限公司 | Grabbing method, system and terminal for HTTPS data packet |
| CN116132502A (en) * | 2022-08-01 | 2023-05-16 | 马上消费金融股份有限公司 | Webpage access processing method and device and electronic equipment |
| CN115622776A (en) * | 2022-10-08 | 2023-01-17 | 浙江网商银行股份有限公司 | Data access method and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101370008A (en) * | 2007-08-13 | 2009-02-18 | 杭州安恒信息技术有限公司 | System for real-time intrusion detection of SQL injection WEB attacks |
| CN102215222A (en) * | 2011-05-09 | 2011-10-12 | 北京艾普优计算机系统有限公司 | Website protection method and device |
| CN102664872A (en) * | 2012-03-05 | 2012-09-12 | 星云融创(北京)科技有限公司 | System used for detecting and preventing attack to server in computer network and method thereof |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7640235B2 (en) * | 2005-12-12 | 2009-12-29 | Imperva, Inc. | System and method for correlating between HTTP requests and SQL queries |
-
2013
- 2013-03-07 CN CN201310072219.8A patent/CN103166966B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101370008A (en) * | 2007-08-13 | 2009-02-18 | 杭州安恒信息技术有限公司 | System for real-time intrusion detection of SQL injection WEB attacks |
| CN102215222A (en) * | 2011-05-09 | 2011-10-12 | 北京艾普优计算机系统有限公司 | Website protection method and device |
| CN102664872A (en) * | 2012-03-05 | 2012-09-12 | 星云融创(北京)科技有限公司 | System used for detecting and preventing attack to server in computer network and method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103166966A (en) | 2013-06-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103166966B (en) | Identify the method to the unauthorized access request of website and device | |
| CN103118035B (en) | Method and the device of analyzing web site access request parameters legal range | |
| CN110881044B (en) | Computer firewall dynamic defense security platform | |
| US10057280B2 (en) | Methods and systems of detecting and analyzing correlated operations in a common storage | |
| US6996845B1 (en) | Internet security analysis system and process | |
| CN103888490B (en) | A kind of man-machine knowledge method for distinguishing of full automatic WEB client side | |
| CN103559235B (en) | A kind of online social networks malicious web pages detection recognition methods | |
| US7917759B2 (en) | Identifying an application user as a source of database activity | |
| CN109167754A (en) | A kind of network application layer security protection system | |
| CN103634317A (en) | Method and system of performing safety appraisal on malicious web site information on basis of cloud safety | |
| US20150256551A1 (en) | Log analysis system and log analysis method for security system | |
| CN104767757A (en) | Multiple-dimension security monitoring method and system based on WEB services | |
| CN107612924A (en) | Attacker's localization method and device based on wireless network invasion | |
| CN107800686A (en) | A kind of fishing website recognition methods and device | |
| CN107566401A (en) | The means of defence and device of virtualized environment | |
| CN103220277B (en) | The monitoring method of cross-site scripting attack, Apparatus and system | |
| RU2659482C1 (en) | Protection of web applications with intelligent network screen with automatic application modeling | |
| CN107509200A (en) | Equipment localization method and device based on wireless network invasion | |
| Mahapatra et al. | A survey of sq1 injection countermeasures | |
| CN113742631B (en) | CDN-based website picture anti-theft chain method | |
| Gawron et al. | Automatic detection of vulnerabilities for advanced security analytics | |
| Kao et al. | Hacking Tool Identification in Penetration Testing | |
| Nguyen et al. | An Improving Way For Website Security Assessment | |
| Balasundram et al. | Prevention of SQL Injection attacks by using service oriented authentication technique | |
| Liu et al. | CSRF Detection Based on Graph Data Mining |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20151110 Address after: 100080, room 10, building 1, 3 Haidian Avenue, Beijing,, Haidian District Applicant after: Xingyun Rongchuang (Beijing) Technology Co.,Ltd. Address before: 100080 Beijing City, Haidian District Haidian Street No. 3 electronic market office building A block 10 layer Applicant before: Xingyun Rongchuang (Beijing) Information Technology Co.,Ltd. |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100080 room 1001-029, 10 / F, building 1, 3 Haidian Street, Haidian District, Beijing Patentee after: Kunlun core (Beijing) Technology Co.,Ltd. Address before: 100080 room 1001-029, 10 / F, building 1, 3 Haidian Street, Haidian District, Beijing Patentee before: Xingyun Rongchuang (Beijing) Technology Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220329 Address after: 401331 2-98, No. 37-100, Jingyang Road, Huxi street, Shapingba District, Chongqing Patentee after: Chongqing Yunliu Future Technology Co.,Ltd. Address before: 100080 room 1001-029, 10 / F, building 1, 3 Haidian Street, Haidian District, Beijing Patentee before: Kunlun core (Beijing) Technology Co.,Ltd. |
|
| TR01 | Transfer of patent right |