The attack control method of protection account system
Technical field
The present invention is specifically related to protect the attack control method of account system, for controlling the controlled malicious act of assailant to account system core position, and the authority control system of protection operating system.
Background technology
Nowadays along with the extensive use of network technology, assault emerges in an endless stream, network security becomes the focus of current study hotspot and social concerns, and existing network safe practice lags behind various attack technologies conventionally with defense techniques such as fire compartment wall, antivirus protection technology, intruding detection system, authentication and digital signature technologies.
As the authority control system of operating system, account and Verification System are the safety-valves of whole operating system, need high Security Techniques.
Data Control technology is exactly one of existing Security Techniques.Take the method for " wide-in and strict-out ", can the data that flow out be monitored and be followed the trail of.
The unknown attack of the non-feature formula of current appearance to existing Prevention-Security System forming serious threat.Unknown attack is exactly unknown threat, refers to not yet foundly to have unknown characteristics and information system is existed the Activity Type of potential threat simultaneously.Unknown threat may be to be caused by unknown virus, wooden horse, hacker, or a kind of illegal abuse to resource.
Although Data Control technology is under the cooperation of the safety measures such as network firewall, intruding detection system, can make up the deficiency of original Prevention-Security, but still there is the shortcoming that some cannot overcome: for data, just played the effect of record, known and the unknown attack of None-identified, easily become springboard machine, then cause inner other real server to be attacked.
Summary of the invention
The present invention produces in order to solve the shortcoming of available data control technology just; its object is to provide the attack control method of protection account system; can control the controlled malicious act of assailant to account system core position; that behavior is controlled in the known attack of condition code formula or the unknown attack of potential threat control all has good protection effect, the authority control system of protection operating system.
For realizing above-mentioned technical purpose, the technical solution adopted in the present invention is:
The attack control method of protection account system of the present invention, the embodiment of the present invention provides a kind of attack control method of protecting account system, comprises the following steps:
(1) initiatively trapping system is set up in the defence in advance in cyber-defence system, trapping system is deployed with to attack in account system controls engine, to account data storehouse, account Verification System, account authoring system, account audit system, these aspects are resisted;
(2) attack control engine and will carry out automatic safe reinforcing to account system;
(3) stop control behavior to create, hide, clone account; Stop the use of its function; From account system, delete afterwards;
(4) attacking control engine stops control behavior password is cracked and report to the police;
(5) account is attacked and is controlled.
With said method, in account system, dispose to attack and control engine.Stop that control behavior creates, hides, clone's account with and the use of function, can also stop control behavior to crack password, and delete from account system, finally realize account and attack and control.
The present invention also provides the another kind of execution mode of attack control method of protection account system, comprising:
Interception carrys out the attack of automatic network; To coming the attack of automatic network to judge, whether be control behavior; If the determination result is YES, block the control behavior that enters kernel system; If the determination result is NO, let pass; Finally blocking-up enters the control behavior of account system.
The operations such as further, default password account invasion, the invasion of weak passwurd account, the invasion of keeper's account, other account password invasions.
Further; the controlled malicious act of engine control assailant to system core position controlled in described attack; according to the judged result of behavior danger classes, guarantee the not victim control of trapping system, protection trapping computer does not become attacks inner other real server.
With respect to existing technology, the attack control method of protection account system of the present invention, has following useful technique effect:
The invention has the beneficial effects as follows: at kernel system made, attack and control engine, can determine whether control behavior, by crossing, account data storehouse, account Verification System, account authoring system, these aspects of account audit system are resisted simultaneously, guaranteed the not victim control of account system.
Accompanying drawing explanation
Fig. 1 is the flow chart of an embodiment of the present invention;
Fig. 2 is the composition diagram of the embodiment of the present invention based on Fig. 1
Embodiment
The embodiment of the present invention provides the attack control method of protection account system, to solve existing traditional Data Control technology, only the data that enter honey pot system is recorded or is revised, and data itself are not had to recognition capability.The present invention is mainly used in defense system in advance, server, the active trapping system of network and carries out active, efficient, system-level Prevention-Security.
For making object of the present invention, technical scheme and advantage clearer, referring to the accompanying drawing embodiment that develops simultaneously, the present invention is described in more detail.
The present invention attacks engine by the control being deployed in account system, is deployed with to attack controls engine in kernel system, and to account data storehouse, account Verification System, account authoring system, account audit system, these aspects are resisted.Attack control engine and will carry out automatic safe reinforcing to account system; Stop that control behavior creates, hides, clone's account with and the use of function; From account system, delete afterwards; In addition, can also stop control behavior to crack password; Finally realize account and attack control.Some malicious acts of defending comprise: the invasion of default password account, the invasion of weak passwurd account, the invasion of keeper's account, other account password invasions etc.The controlled malicious act of engine control assailant to system core position controlled in described attack, according to the judged result of behavior danger classes, guarantees the not victim control of trapping system, and protection trapping computer does not become attacks inner other real server.
Flow chart in conjunction with Fig. 1 illustrates.
Step 101: initiatively trapping system is set up in the defence in advance in cyber-defence system, trapping system is deployed with to attack in account system controls engine, to account data storehouse, account Verification System, account authoring system, account audit system, these aspects are resisted;
Step 102: the attack control engine being deployed in kernel system obtains the information from step 101, proceeds to next step; Attack control engine and will carry out automatic safe reinforcing to account system;
Step 103: stop control behavior to create, hide, clone account; Stop the use of its function; From account system, delete afterwards;
Step 104: attack control engine and stop control behavior to crack password; And report to the police; 103 steps and 104 steps enter next step simultaneously;
Step 105: account is attacked and controlled.
Flow process by above embodiment is described, be deployed in that attack in account system controls that engine stops that control behavior creates, hides, clone's account with and the use of function, can also stop control behavior to crack password, and delete from account system, finally realize account and attack control.Stoping and unload not to be corrupted to system file, is before malicious act occurs, and this abnormal behavior detected, from having prevented that malicious code from creating anonymous account, hide account, cloning the illegal accounts such as account.
The present invention adopts and attacks the method for controlling, and provides the attack of protection account system to control engine.
Composition diagram in conjunction with Fig. 2 illustrates.
Step 101: interception carrys out the attack of automatic network;
Step 102: to coming the attack of automatic network to judge, whether be control behavior;
Step 103: if the determination result is YES, proceed to step 105, blocking-up enters the control behavior of kernel system;
Step 104: if the determination result is NO, let pass;
Step 105: blocking-up enters the control behavior of account system.
Attacking and controlling engine is an engine being deployed in account system, and it is according to the judged result of behavior danger classes, thus the controlled malicious act of control assailant to system core position.Attacking control technology is to guarantee the not victim control of trapping system, is that protection trapping computer does not become the important technology of attacking inner other real server.Control computer and can control target of attack by account system.
To the embodiment of the present invention, just for technical conceive of the present invention and feature being described, its objective is, be to allow one of ordinary skilled in the art can understand content of the present invention and implement according to this above, can not limit the scope of the invention with this.Every equivalent variation or modification that according to the present invention, the essence of content has been done, all should be encompassed in protection scope of the present invention.