CN103200171A - Method and system of network security register - Google Patents
Method and system of network security register Download PDFInfo
- Publication number
- CN103200171A CN103200171A CN2013100502272A CN201310050227A CN103200171A CN 103200171 A CN103200171 A CN 103200171A CN 2013100502272 A CN2013100502272 A CN 2013100502272A CN 201310050227 A CN201310050227 A CN 201310050227A CN 103200171 A CN103200171 A CN 103200171A
- Authority
- CN
- China
- Prior art keywords
- server
- login
- attack
- network
- website
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention provides a method and a system of network security register. The method includes the following steps: website information is obtained by a client side, and a register mechanism with the lowest attacking rate corresponding to a website from a server; and the client side generates a register request according to the register mechanism and sends the request to the server, wherein the server updates a network attack statistical table periodically according to detected network attack information and a first strategy.
Description
Technical field
The invention belongs to the network entry field, relate in particular to a kind of method and system of network security login.
Background technology
Along with development of internet technology, some service is specific to the individual, and for example E-mail address, online game, captive portal etc. have certain privacy and confidentiality.When using these network services, the user need carry out register, after associated server affirmation user's log-on message, just allows the user to enter the corresponding network page.At present, existing network entry method has only been considered the convenience of user's login, does not take into full account the problem of login secure context.
Summary of the invention
The invention provides a kind of method and system of network security login, to address the above problem.
The invention provides a kind of method of network security login.Said method may further comprise the steps: client is obtained website information, and obtains the minimum login mechanism of attack rate of described network address correspondence from server; Client generates logging request and logging request is sent to server according to login mechanism; Wherein, server is periodically according to detected network attack information and the first policy update network attack statistical form.
The present invention also provides a kind of system of network security login, comprises client and server.Client Connection Service device.Client is obtained website information, and obtains the minimum login mechanism of attack rate of described network address correspondence from server.Client generates logging request and logging request is sent to server according to login mechanism.Wherein, server is periodically according to detected network attack information and the first policy update network attack statistical form.
Compared to prior art, according to the method and system of network security login provided by the invention, client is obtained the minimum login mechanism of attack rate by server, and is sent to server according to described login mechanism generation logging request.So, guarantee the fail safe that the user logins.In addition, server is periodically according to detected network attack information and the first policy update network attack statistical form.So, upgrade the network attack statistical form by the network attack Information Statistics in cycle, not only realized the dynamic security maintenance, and, realize the period allocated of server system resource, thereby improved efficient.
Description of drawings
Accompanying drawing described herein is used to provide further understanding of the present invention, constitutes the application's a part, and illustrative examples of the present invention and explanation thereof are used for explaining the present invention, do not constitute improper restriction of the present invention.In the accompanying drawings:
Figure 1 shows that the flow chart of the method for the network security login that preferred embodiment according to the present invention provides;
Figure 2 shows that the schematic diagram of the system of the network security login that preferred embodiment according to the present invention provides.
Embodiment
Hereinafter will describe the present invention with reference to the accompanying drawings and in conjunction with the embodiments in detail.Need to prove that under the situation of not conflicting, embodiment and the feature among the embodiment among the application can make up mutually.
Figure 1 shows that the flow chart of the method for the network security login that preferred embodiment according to the present invention provides.As shown in Figure 1, the method for the network security login that provides of preferred embodiment of the present invention comprises step 101 ~ 102.
In step 101, client is obtained website information, and obtains the minimum login mechanism of attack rate of described network address correspondence from server.Particularly, when the user logined certain website by client, the user imported the website information of this website in client.After client is obtained website information, send query requests to server, after server receives query requests, attack the minimum login mechanism of attack rate that statistical form obtains described network address correspondence by requester network, and to the client feedback inquiry response.Wherein, the inquiry response of server feedback has carried the login mechanism that inquiry is obtained.In addition, the initial network attack statistical form of server configuration.Wherein, the network attack statistical form comprises attack rate and the timeslice distribution degree of web portal security rank, login mechanism, login mechanism correspondence.Login mechanism comprises user name and password login, fingerprint login, password authentification login etc.Yet the present invention does not limit this.
In this, be example with three website a ~ c, initial network attack statistical form example is as shown in table 1.In addition, each data in the initial network attack statistical form can pre-set according to actual conditions.The present invention does not limit this.In addition, if the initial network attack statistical form of server stores, and client is when obtaining login mechanism from server, because the attack rate initial configuration value of different login mechanism correspondences is 0%, at this moment, server can select corresponding login mechanism to be sent to client at random.
Table 1
In step 102, described client generates logging request and described logging request is sent to described server according to described login mechanism.
In this, be example with the login mechanism of user name and password login, client is obtained user name and password, the regeneration logging request, and logging request is sent to server.Wherein, logging request has been carried user name and encrypted message.After server received logging request, processes said request if the user logins normally, then fed back to client with corresponding Webpage, to be shown to the user.
In present embodiment, server is periodically according to detected network attack information and the first policy update network attack statistical form.Wherein, first strategy is: the web portal security rank of corresponding website is more high, and its time corresponding sheet distribution degree is more low.
In this, the information that network attack information is carried comprises the number of times of attack of the different login mechanism of the general offensive number of times of corresponding website in the cycle and corresponding website.Wherein, if server detect certain IP address user at short notice the number of times of repeat logon website surpass preset times, then server assert that this website is attacked once.Yet the present invention does not limit this.Other website attack patterns of the prior art all belong to the attack that present embodiment is mentioned.
In present embodiment, the server stores level of security table of comparisons, example is as shown in table 2.
Table 2
In table 2, period T can arrange according to actual needs.In addition, first preset times in the table 2 is greater than second preset times, and second preset times can arrange according to actual needs.For example, first preset times for example is 10000 times, and second preset times for example is 5000 times.In addition, the web portal security rank is followed successively by from high to low in the table 2: first rank, second level, the third level are other.Yet the present invention does not limit this.In practical application, two or more other web portal security ranks of level can be set as required.
In present embodiment, server obtains the network attack information in the period T, and according to the general offensive number of times of each website in the network attack information, and with reference to table 2, determine the web portal security rank of each website.In this, be that example describes with three website a, b, c and three kinds of login mechanism 1 ~ 3.Wherein, each website is all to there being three kinds of login mechanism 1 ~ 3.
For example, the general offensive number of times of website a in period T is 12000 times, the general offensive number of times of website b in period T is 6000 times, the general offensive number of times of website c in period T is 3000 times, thus with reference to table 1 as can be known, the web portal security rank of website a is that the third level is other, and the web portal security rank of website b is second level, and the web portal security rank of website c is first rank.Simultaneously, the number of times of attack of the different login mechanism of each website correspondence that server carries according to the network attack information in the period T obtained is determined the attack rate of the different login mechanism of each website correspondence, and determines timeslice distribution degree according to first strategy.Wherein, the attack rate of each login mechanism correspondence of each website is the ratio of the general offensive number of times of the number of times of attack of described login mechanism of this website and this website.In this, server is as shown in table 3 according to the network attack statistical form example of the renewal that the network attack information in the period T is obtained.
Table 3
In this, can be set at other numerical value ratios that satisfy first strategy according to actual needs at the timeslice distribution degree shown in the table 3.The present invention does not limit this.
In present embodiment, when described server upgrades described network attack statistical form in following one-period, according to the definite vacant timeslice total amount of time distribution degree and current system of described network attack statistical form that the last cycle obtains, determine the time sendout of different web sites in the described network attack statistical form of current described server update.
In this, attacking statistical form with the initial network of server setting is table 1, it is that table 3 is example that server upgrades the network attack statistical form that obtains in first period T, during the data of server website a, b, c correspondence in updating form 3, meeting determines that according to the vacant timeslice total amount of current system of initial time distribution degree and the server of website a, b, c in the table 1 current server upgrades the time sendout of website a, b, c.Be that A is example with the vacant timeslice total amount of the current system of server, according to table 1 as can be known, the current time sendout to website a, b, c of server is 0.3A.At this moment, server according to the time sendout of website a, b, c (namely, be 0.3A) respectively website a, b, c are upgraded, thus the latest data of the attack rate of the web portal security rank of website a, b, c, login mechanism, login mechanism correspondence in the acquisition table 3.Afterwards, server is determined the timeslice distribution degree (as shown in table 3) of each website again according to the latest data of each website of upgrading according to first strategy.In this, the timeslice distribution degree of website a, the b that server obtains in table 3, c can use when the data of next each website of period T server update.
In present embodiment, behind server update network attack statistical form, if client sends query requests to server again, then the network attack statistical form of server lookup renewal obtains the minimum login mechanism of attack rate of corresponding network address correspondence.
Figure 2 shows that the schematic diagram of the system of the network security login that preferred embodiment according to the present invention provides.As shown in Figure 2, the system of the network security login that provides of preferred embodiment of the present invention comprises client 10 and server 12.Client 10 Connection Service devices 12.
In present embodiment, client 10 is obtained website information, and obtains the minimum login mechanism of attack rate of described network address correspondence from server 12.Client 10 generates logging request and logging request is sent to server 12 according to login mechanism.Wherein, server 12 is periodically according to detected network attack information and the first policy update network attack statistical form.Specific operation process about said system is described with above-mentioned method, so repeat no more in this.
In sum, the method and system of the network security login that preferred embodiment provides according to the present invention, client is obtained the minimum login mechanism of attack rate by server, and is sent to server according to described login mechanism generation logging request.So, guarantee the fail safe that the user logins.In addition, server is periodically according to detected network attack information and the first policy update network attack statistical form.So, upgrade the network attack statistical form by the network attack Information Statistics in cycle, not only realized the dynamic security maintenance, and, realize the period allocated of server system resource, thereby improved efficient.
The above is the preferred embodiments of the present invention only, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.Within the spirit and principles in the present invention all, any modification of doing, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. the method for a network security login is characterized in that, may further comprise the steps:
Client is obtained website information, and obtains the minimum login mechanism of attack rate of described network address correspondence from server;
Described client generates logging request and described logging request is sent to described server according to described login mechanism;
Wherein, described server is periodically according to detected network attack information and the first policy update network attack statistical form.
2. method according to claim 1 is characterized in that, the initial network attack statistical form of described server configuration.
3. method according to claim 1 is characterized in that, described network attack statistical form comprises attack rate and the timeslice distribution degree of web portal security rank, login mechanism, login mechanism correspondence.
4. method according to claim 3 is characterized in that, described first strategy is: the web portal security rank of corresponding website is more high, and its time corresponding sheet distribution degree is more low.
5. method according to claim 3 is characterized in that, the attack rate of each login mechanism correspondence of each website is the ratio of the general offensive number of times of the number of times of attack of described login mechanism of this website and this website.
6. method according to claim 1, it is characterized in that described client is obtained website information, and send query requests to described server, after described server receives described query requests, attack the minimum login mechanism of attack rate that statistical form obtains described network address correspondence by requester network.
7. method according to claim 1 is characterized in that, described login mechanism comprises user name and password login, fingerprint login, password authentification login etc.
8. method according to claim 1, it is characterized in that, when described server upgrades described network attack statistical form in following one-period, according to the definite vacant timeslice total amount of time distribution degree and current system of described network attack statistical form that the last cycle obtains, determine the time sendout of different web sites in the described network attack statistical form of current described server update.
9. the system of a network security login is characterized in that comprise client and server, described client connects described server,
Described client is obtained website information, and obtains the minimum login mechanism of attack rate of described network address correspondence from described server,
Described client generates logging request and described logging request is sent to described server according to described login mechanism,
Wherein, described server is periodically according to detected network attack information and the first policy update network attack statistical form.
10. system according to claim 9 is characterized in that, described network attack statistical form comprises attack rate and the timeslice distribution degree of web portal security rank, login mechanism, login mechanism correspondence.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013100502272A CN103200171A (en) | 2013-02-07 | 2013-02-07 | Method and system of network security register |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013100502272A CN103200171A (en) | 2013-02-07 | 2013-02-07 | Method and system of network security register |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103200171A true CN103200171A (en) | 2013-07-10 |
Family
ID=48722529
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013100502272A Pending CN103200171A (en) | 2013-02-07 | 2013-02-07 | Method and system of network security register |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103200171A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104811449A (en) * | 2015-04-21 | 2015-07-29 | 深信服网络科技(深圳)有限公司 | Base collision attack detecting method and system |
| CN111083165A (en) * | 2019-12-31 | 2020-04-28 | 支付宝(杭州)信息技术有限公司 | Login interception method and system based on combined anti-collision library platform |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090153292A1 (en) * | 2005-11-23 | 2009-06-18 | Daniel Farb | Business and software security and storage methods, devices and applications |
| CN101764689A (en) * | 2008-11-27 | 2010-06-30 | 上海网环信息科技有限公司 | Method of system for controlling logging-in mode of user |
| CN102055768A (en) * | 2010-12-31 | 2011-05-11 | 奇智软件(北京)有限公司 | Network logon method and system |
| CN102082663A (en) * | 2009-11-27 | 2011-06-01 | 深圳市深信服电子科技有限公司 | Method for accessing application server based on VPN (virtual private network) security, network equipment and network system |
| CN102195971A (en) * | 2011-03-24 | 2011-09-21 | 北京思创银联科技股份有限公司 | Website access control method |
| CN102323928A (en) * | 2011-08-22 | 2012-01-18 | 苏州阔地网络科技有限公司 | Automatic component recommending method and device |
-
2013
- 2013-02-07 CN CN2013100502272A patent/CN103200171A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090153292A1 (en) * | 2005-11-23 | 2009-06-18 | Daniel Farb | Business and software security and storage methods, devices and applications |
| CN101764689A (en) * | 2008-11-27 | 2010-06-30 | 上海网环信息科技有限公司 | Method of system for controlling logging-in mode of user |
| CN102082663A (en) * | 2009-11-27 | 2011-06-01 | 深圳市深信服电子科技有限公司 | Method for accessing application server based on VPN (virtual private network) security, network equipment and network system |
| CN102055768A (en) * | 2010-12-31 | 2011-05-11 | 奇智软件(北京)有限公司 | Network logon method and system |
| CN102195971A (en) * | 2011-03-24 | 2011-09-21 | 北京思创银联科技股份有限公司 | Website access control method |
| CN102323928A (en) * | 2011-08-22 | 2012-01-18 | 苏州阔地网络科技有限公司 | Automatic component recommending method and device |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104811449A (en) * | 2015-04-21 | 2015-07-29 | 深信服网络科技(深圳)有限公司 | Base collision attack detecting method and system |
| CN104811449B (en) * | 2015-04-21 | 2017-09-19 | 深信服网络科技(深圳)有限公司 | Storehouse attack method and system are hit in detection |
| CN111083165A (en) * | 2019-12-31 | 2020-04-28 | 支付宝(杭州)信息技术有限公司 | Login interception method and system based on combined anti-collision library platform |
| CN111083165B (en) * | 2019-12-31 | 2022-03-29 | 支付宝(杭州)信息技术有限公司 | Login interception method and system based on combined anti-collision library platform |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101286845B (en) | Control system for access between domains based on roles | |
| CN108259502A (en) | For obtaining the identification method of interface access rights, server-side and storage medium | |
| CN101594232B (en) | Authentication method for dynamic password, system and corresponding authentication device | |
| CN101061454A (en) | Systems and methods for managing a network | |
| CN105915535B (en) | A kind of virtual resources access control method based on user identity | |
| CN106844111B (en) | Access method of cloud storage network file system | |
| CN111736853A (en) | Gray scale distribution method, device, equipment and storage medium | |
| CN105553920A (en) | Data interaction method, apparatus, and system | |
| CN104363245A (en) | Remote login system and method based on telnet protocol | |
| CN108512849B (en) | Handshake method and system for accessing server | |
| CN101540757A (en) | Method and system for identifying network and identification equipment | |
| US20150215314A1 (en) | Methods for facilitating improved user authentication using persistent data and devices thereof | |
| CN106789868A (en) | A kind of website user's Activity recognition and managing and control system | |
| CN101404575B (en) | Method and system for updating indorsement algorithm | |
| CN110826052A (en) | Method and device for protecting server password security | |
| CN103200171A (en) | Method and system of network security register | |
| CN113656101A (en) | Authorization management method, system, server and user side | |
| CN104009846B (en) | A kind of single-sign-on apparatus and method | |
| CN105391727A (en) | System login method based on mobile terminal | |
| CN103139213A (en) | Method for treating network logging and system | |
| CN103139214A (en) | Method and system controlling network logon | |
| CN103139215A (en) | Method and system for achieving network logon | |
| CN115348011B (en) | Key processing method and device, electronic equipment and readable storage medium | |
| CN106301901A (en) | A kind of strategy distribution for terminal unit performs and update method | |
| CN104041096A (en) | Ding Fu,S Sun |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20130710 |