CN104468563A - Website bug protection method, device and system - Google Patents

Website bug protection method, device and system Download PDF

Info

Publication number
CN104468563A
CN104468563A CN201410728098.2A CN201410728098A CN104468563A CN 104468563 A CN104468563 A CN 104468563A CN 201410728098 A CN201410728098 A CN 201410728098A CN 104468563 A CN104468563 A CN 104468563A
Authority
CN
China
Prior art keywords
leak
protection
rule
patch
protection rule
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201410728098.2A
Other languages
Chinese (zh)
Inventor
李纪峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qianxin Technology Co Ltd
Original Assignee
Beijing Qihoo Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qihoo Technology Co Ltd filed Critical Beijing Qihoo Technology Co Ltd
Priority to CN201410728098.2A priority Critical patent/CN104468563A/en
Publication of CN104468563A publication Critical patent/CN104468563A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Abstract

The invention discloses a website bug protection method, device and system, and relates to the technical field of information safety. The main purpose is that a website bug can be protected from being attacked in time on the premise that a program source code is not changed. According to the main technical scheme, a bug protection server end acquires the bug to be protected; the using rule of the bug to be protected is analyzed to obtain a bug patch protection rule; the bug patch protection rule is added into a bug patch protection rule database; a bug protection client end acquires the bug patch protection rule, and the bug patch protection rule is a bug using rule; the bug patch protection rule takes effect at a firewall end; when an access special to certain bugs is received, whether the access behavior is a malicious behavior or not is determined according to the bug patch protection rule; if the access behavior is the malicious behavior, the access is stopped. The website bug protection method, device and system are mainly used in the process of website bug protection.

Description

Website vulnerability means of defence, Apparatus and system
Technical field
The present invention relates to a kind of field of information security technology, particularly relate to a kind of website vulnerability means of defence, Apparatus and system.
Background technology
Along with the development of information technology, the level of informatization of human society is more and more higher, and the degree of dependence of entire society to the network information is also more and more higher, thus the importance of network security is also more and more higher.Variously at present also get more and more to the attack that network security threatens, such as, leak is attacked.Leak is the defect existed in the specific implementation or System Security Policy of hardware, software, agreement, thus assailant can be enable to access or destruction system in undelegated situation.At present, a lot of administrative organization, enterprise web site all use third party to build a station system, and it is leaky that these third parties system of building a station often is found website.
In order to the fail safe of network can be ensured, at present after discovery website is leaky, need Website server keeper manually to obtain the service packs of leak, the service packs for this leak is installed.This kind of service packs is generally that the third party side of building a station provides or the self-service exploitation of Website server keeper, no matter which kind of mode, is all the source code needing amendment system, can affects the business run like this.And allow manual installation leak service packs in time, Website server keeper can not accomplish whether the system that real-time detection is using occurs new leak, once leak can not be timely repaired, it will exist by the risk of attacking.
Summary of the invention
In view of this, the invention provides a kind of website vulnerability means of defence, Apparatus and system, main purpose is under the prerequisite of not reprogramming source code, realizes protecting website vulnerability timely and is not attacked.
According to one aspect of the invention, provide a kind of website vulnerability means of defence, comprising:
Leak protection service end obtains to be waited to protect leak;
Wait that the service regeulations of protecting leak are analyzed to described, obtain leak patch protection rule;
Described leak patch protection rule is added in leak patch protection rule database, so that leak protection client obtains leak patch protection rule, and realizes the protection of corresponding leak according to described leak patch protection rule.
According to another aspect of the present invention, provide a kind of website vulnerability means of defence, comprising:
Leak protection client obtains leak patch protection rule, and described leak patch protection rule is leak service regeulations;
Described leak patch protection rule is come into force at fire compartment wall end;
When receiving the access for certain leak, determine whether this access behavior is malicious act according to leak patch protection rule;
If malicious act, then stop this access.
According to another aspect of the present invention, provide a kind of website vulnerability protection service end, comprising:
Acquiring unit, waits to protect leak for obtaining;
Analytic unit, for waiting that the service regeulations of protecting leak are analyzed to described, obtains leak patch protection rule;
Memory cell, for described leak patch protection rule being added in leak patch protection rule database, so that leak protection client obtains leak patch protection rule, and realizes the protection of corresponding leak according to described leak patch protection rule.
According to another aspect of the present invention, provide a kind of website vulnerability protection client, comprising:
Acquiring unit, for obtaining leak patch protection rule, described leak patch protection rule is leak service regeulations;
Validation unit, for coming into force described leak patch protection rule at fire compartment wall end;
According to leak patch protection rule, determining unit, for when receiving the access for certain leak, determines whether this access behavior is malicious act;
Operating unit, for when determining that the access for certain leak is malicious act, stops this access.
According to another aspect of the present invention, provide a kind of website vulnerability guard system, comprising:
Website vulnerability protection service end as above and website vulnerability protection client.
By technique scheme, technical scheme provided by the invention at least has following advantages:
Website vulnerability means of defence provided by the invention, Apparatus and system, leak to be protected for website is first carried out the analysis of service regeulations by website vulnerability protection service end, obtains corresponding leak patch protection rule, and this leak patch protection rule is stored.Network hole protection client is when carrying out leak protection, first obtain the patch protection rule of leak, and this rule is come into force at fire compartment wall place, when the access to this leak being detected, access behavior is protected rule with the leak patch of acquisition mate, if coupling, then determine that this orientation behavior is malicious act, by prevention this access, realize the protection to leak.Due in the process of protecting at whole leak, only be suitable for the rule that leak uses, and do not have generating code patch as prior art to upgrade source code, so the source code of system program remains unchanged under the embodiment of the present invention, the process of existing business can not be affected when protecting leak.In addition, the protection of the leak in the present invention is carried out based on fire compartment wall place effective leak patch protection rule, the work of fire compartment wall carries out in real time, the detection relying on people unlike prior art judges to perform, can protect the leak existed in system timely, ensure that leak is not attacked.
Above-mentioned explanation is only the general introduction of technical solution of the present invention, in order to technological means of the present invention can be better understood, and can be implemented according to the content of specification, and can become apparent, below especially exemplified by the specific embodiment of the present invention to allow above and other objects of the present invention, feature and advantage.
Accompanying drawing explanation
By reading hereafter detailed description of the preferred embodiment, various other advantage and benefit will become cheer and bright for those of ordinary skill in the art.Accompanying drawing only for illustrating the object of preferred implementation, and does not think limitation of the present invention.And in whole accompanying drawing, represent identical parts by identical reference symbol.In the accompanying drawings:
Fig. 1 shows the flow chart of a kind of website vulnerability protection service side website vulnerability means of defence that the embodiment of the present invention provides;
Fig. 2 shows the flow chart of a kind of website vulnerability protection client-side website vulnerability means of defence that the embodiment of the present invention provides;
Fig. 3 shows the composition frame chart of a kind of website vulnerability protection service end that the embodiment of the present invention provides;
Fig. 4 shows the composition frame chart of the another kind of website vulnerability protection service end that the embodiment of the present invention provides;
Fig. 5 shows the composition frame chart of the another kind of website vulnerability protection service end that the embodiment of the present invention provides;
Fig. 6 shows the composition frame chart of a kind of website vulnerability protection client that the embodiment of the present invention provides;
Fig. 7 shows the composition frame chart of the another kind of website vulnerability protection client that the embodiment of the present invention provides;
Fig. 8 shows the composition frame chart of the another kind of website vulnerability protection client that the embodiment of the present invention provides.
Embodiment
Below with reference to accompanying drawings exemplary embodiment of the present disclosure is described in more detail.Although show exemplary embodiment of the present disclosure in accompanying drawing, however should be appreciated that can realize the disclosure in a variety of manners and not should limit by the embodiment set forth here.On the contrary, provide these embodiments to be in order to more thoroughly the disclosure can be understood, and complete for the scope of the present disclosure can be conveyed to those skilled in the art.
The embodiment of the present invention provides a kind of website vulnerability means of defence, and the method is the method for website vulnerability protection service side, and as shown in Figure 1, the method comprises:
101, leak protection service end obtains and waits to protect leak.
When performing the embodiment of the present invention, first will determine and obtain leak to be protected, this leak is generally emerging leak, can certainly for having sent the leak repairing patch before, and the concrete embodiment of the present invention does not limit this.
At present, the published method of leak has a variety of, has plenty of system development side and issues with the form of official; Have plenty of various expert among the people find and issue; Certainly, also there are some tissues to better find and protecting leak, establish leak and collect and distribution platform, issue with this flat-bed format.No matter what published method, the embodiment of the present invention can be waited to protect leak from wherein obtaining, and specifically when implementing, can pass through but be not limited to following mode to realize, comprising: wait to protect leak described in obtaining from leak service platform; Or wait to protect leak described in obtaining from third-party platform.When obtaining and treating protection leak, wait that protecting the information of leak can be captured by some network gripping tool very first times, this ensure that the promptness that leak protects to a certain extent.
Above-mentioned vulnerability information, after obtaining, can unify to be kept at leak protection service end, so etc. pendingly wait that the service regeulations of protecting leak are analyzed to described.
102, wait that the service regeulations of protecting leak are analyzed to described, obtain leak patch protection rule.
Hacker is when attacking leak, the attack to correspondence system is realized often by the service regeulations of distorting leak, therefore, in order to not change source code, the attack means (i.e. service regeulations) that the embodiment of the present invention often uses hacker is analyzed, and obtains leak patch protection rule.Such as, this attack of SQL injection loophole, its attack means is generally: productbuy in checkout.asp file, data user being submitted to " proid " parameter are filtered before for SQL query, submit to malice SQL query as supplemental characteristic, original SQL logic can be changed, obtain sensitive information or operating database.Based on the analysis to its attack means, the leak patch protection rule of SQL injection loophole is that in productbuy checkout.asp file, data user being submitted to " proid " parameter are filtered before for SQL query.
Wherein, when analyzing the described service regeulations wait protecting leak, can be automatically performed by preset program, also manually can be carried out by human expert, the concrete embodiment of the present invention does not limit.
103, described leak patch protection rule is added in leak patch protection rule database, so that leak protection client obtains leak patch protection rule, and realize the protection of corresponding leak according to described leak patch protection rule.
Further, protect client to enable leak and obtain leak patch protection rule timely, the leak patch of generation protection rule, after adding in leak patch protection rule database by described leak patch protection rule, can also be pushed to described leak protection client by the embodiment of the present invention.Wherein, when the described leak patch generated protection rule being pushed to described leak protection client, can real time propelling movement, also can push in the cycle, the concrete embodiment of the present invention does not limit this, and in the specific implementation, user can be arranged according to the actual requirements.
Further, protect client to enable leak and obtain leak patch protection rule timely, except above-mentioned leak protection service end active push, leak protection client also active request can obtain leak patch protection rule, for the active request of leak protection client, embodiment of the present invention leak protection service end also provides following method, and the method comprises: the request receiving the acquisition leak patch protection rule that described leak protection client sends; Described leak is sent to protect client newly-generated leak patch protection rule according to described request.
The embodiment of the present invention also provides a kind of website vulnerability means of defence, and the method is the method for website vulnerability protection client-side, and as shown in Figure 2, the method comprises:
201, leak protection client obtains leak patch protection rule, and described leak patch protection rule is leak service regeulations.
Wherein, about the associated description of leak patch protection rule, can associated description in the corresponding embodiment of reference diagram 1, the embodiment of the present invention will repeat no more herein.
Leak protection client obtains leak patch protection rule can initiatively to the request of leak protection service end, also can the active push of passive reception leak protection service end, and the concrete embodiment of the present invention does not limit this.
When leak protection client is initiatively to leak protection service end request leak patch protection rule, the embodiment of the present invention provides following method to realize, and the method comprises: described leak protection client sends to described leak protection service end the request obtaining leak patch protection rule; And receive the leak patch protection rule of described leak protection service end transmission.Wherein, this active can be carried out to the request of leak protection service end in the cycle, and also can carry out in real time, the concrete embodiment of the present invention does not limit this.When the concrete enforcement embodiment of the present invention, user can select to arrange according to demand.
When the leak patch protection rule of leak protection client passive reception leak protection service end active push, the embodiment of the present invention provides following method to realize, and the method comprises: leak protection client receives the leak patch protection rule that described leak protection customer side pushes.
202, described leak patch protection rule is come into force at fire compartment wall end.
Described leak patch protection rule is come into force to be at fire compartment wall end and upgrades adding in regular for the described leak patch protection leak patch protection rule list in fire compartment wall storage, become the leak patch can inquired about by fire compartment wall and protect regular.
203, when receiving the access for certain leak, determine whether this access behavior is malicious act according to leak patch protection rule.
If 204 malicious acts, then stop this access.
When stoping this access, can by directly this access filtering being fallen, or the mode such as disable access is carried out, and the concrete embodiment of the present invention does not limit this.
Further, when receiving the access for certain leak, determine whether this access behavior is malicious act according to leak patch protection rule, can adopt but be not limited to following mode and realize, the method comprises:
Described access behavior is protected rule with described leak patch mate; If described access behavior and described leak patch protect rule match, then determine whether described access behavior is malicious act.Such as, leak patch protection rule is: the id parameter of transmission should numeric type, if not numeric type, then thinks that it is malicious act.If what access this input is character string, then will be prevented from access.
In the embodiment of the present invention, leak to be protected for website is first carried out the analysis of service regeulations by website vulnerability protection service end, obtains corresponding leak patch protection rule, and this leak patch protection rule is stored.Network hole protection client is when carrying out leak protection, first obtain the patch protection rule of leak, and this rule is come into force at fire compartment wall place, when the access to this leak being detected, access behavior is protected rule with the leak patch of acquisition mate, if coupling, then determine that this orientation behavior is malicious act, by prevention this access, realize the protection to leak.Due in the process of protecting at whole leak, only be suitable for the rule that leak uses, and do not have generating code patch as prior art to upgrade source code, so the source code of system program remains unchanged under the embodiment of the present invention, the process of existing business can not be affected when protecting leak.In addition, the protection of the leak in the present invention is carried out based on fire compartment wall place effective leak patch protection rule, the work of fire compartment wall carries out in real time, the detection relying on people unlike prior art judges to perform, can protect the leak existed in system timely, ensure that leak is not attacked.
Based on said method, the embodiment of the present invention provides a kind of website vulnerability to protect service end, and as shown in Figure 3, this website vulnerability protection service end comprises:
Acquiring unit 31, waits to protect leak for obtaining.Described acquiring unit 31 obtains in time protecting leak, specifically can pass through but be not limited to following mode to realize, comprise: wait to protect leak described in obtaining from leak service platform; Or wait to protect leak described in obtaining from third-party platform.
Analytic unit 32, for waiting that the service regeulations of protecting leak are analyzed to described, obtains leak patch protection rule.
Memory cell 33, for described leak patch protection rule being added in leak patch protection rule database, so that leak protection client obtains leak patch protection rule, and realizes the protection of corresponding leak according to described leak patch protection rule.
Further, protect client to enable leak and obtain leak patch protection rule timely, the leak patch of acquisition protection rule is initiatively pushed to leak protection client by described website vulnerability protection service end, and as shown in Figure 4, described website vulnerability protection service end also comprises:
Push unit 34, for after adding in leak patch protection rule database by described leak patch protection rule, is pushed to described leak protection client by the described leak patch protection rule generated.
Further, protect client to enable leak and obtain leak patch protection rule timely, except above-mentioned leak protection service end active push, leak protection client also can active request, for the active request of leak protection client, as shown in Figure 5, described website vulnerability protection service end, also comprises:
Receiving element 35, for receiving the request of the acquisition leak patch protection rule that described leak protection client sends.
Transmitting element 36, for sending to described leak to protect client newly-generated leak patch protection rule according to described request.
The embodiment of the present invention provides a kind of website vulnerability to protect client, and as shown in Figure 6, this website vulnerability protection client comprises:
Acquiring unit 41, for obtaining leak patch protection rule, described leak patch protection rule is leak service regeulations.
Validation unit 42, for coming into force described leak patch protection rule at fire compartment wall end.
According to leak patch protection rule, determining unit 43, for when receiving the access for certain leak, determines whether this access behavior is malicious act.
Operating unit 44, for when determining that the access for certain leak is malicious act, stops this access.
Further, leak protection client obtains leak patch protection rule can initiatively to the request of leak protection service end, also can the active push of passive reception leak protection service end, and the concrete embodiment of the present invention does not limit this.
When leak protection client is initiatively to leak protection service end request leak patch protection rule, as shown in Figure 7, described acquiring unit 41 comprises:
Sending module 411, for sending to described leak protection service end the request obtaining leak patch protection rule.
First receiver module 412, for receiving the leak patch protection rule that described leak protection service end sends.
Further, when leak protection client passive reception leak protection service end active push leak patch protection rule, as shown in Figure 7, described acquiring unit 41 comprises:
Second receiver module 413, for receiving the leak patch protection rule that described leak protection customer side pushes.
Further, as shown in Figure 8, described determining unit 43 comprises:
Matching module 431, mates for described access behavior is protected rule with described leak patch.
Determination module 432, for when rule match is protected in described access behavior and described leak patch, determines whether described access behavior is malicious act.
It should be noted that, other of each functional module related to described in the embodiment of the present invention describe, and the correspondence that please refer in corresponding method embodiment describes, and the embodiment of the present invention will repeat no more herein.
The embodiment of the present invention also provides a kind of website vulnerability guard system, and this website vulnerability guard system comprises:
Website vulnerability as above protection service end and as above as described in website vulnerability protect client.
It should be noted that, other of each functional module related to described in the embodiment of the present invention describe, and the correspondence that please refer in corresponding method and device embodiment describes, and the embodiment of the present invention will repeat no more herein.
In the embodiment of the present invention, leak to be protected for website is first carried out the analysis of service regeulations by website vulnerability protection service end, obtains corresponding leak patch protection rule, and this leak patch protection rule is stored.Network hole protection client is when carrying out leak protection, first obtain the patch protection rule of leak, and this rule is come into force at fire compartment wall place, when the access to this leak being detected, access behavior is protected rule with the leak patch of acquisition mate, if coupling, then determine that this orientation behavior is malicious act, by prevention this access, realize the protection to leak.Due in the process of protecting at whole leak, only be suitable for the rule that leak uses, and do not have generating code patch as prior art to upgrade source code, so the source code of system program remains unchanged under the embodiment of the present invention, the process of existing business can not be affected when protecting leak.In addition, the protection of the leak in the present invention is carried out based on fire compartment wall place effective leak patch protection rule, the work of fire compartment wall carries out in real time, the detection relying on people unlike prior art judges to perform, can protect the leak existed in system timely, ensure that leak is not attacked.
Embodiments of the invention disclose:
A1, a kind of website vulnerability means of defence, is characterized in that, comprising:
Leak protection service end obtains to be waited to protect leak;
Wait that the service regeulations of protecting leak are analyzed to described, obtain leak patch protection rule;
Described leak patch protection rule is added in leak patch protection rule database, so that leak protection client obtains leak patch protection rule, and realizes the protection of corresponding leak according to described leak patch protection rule.
A2, method according to claim A1, is characterized in that, described leak protection service end obtains treats that protection leak comprises:
Wait to protect leak described in obtaining from leak service platform;
Or wait to protect leak described in obtaining from third-party platform.
A3, method according to claim A2, is characterized in that, after adding in leak patch protection rule database by described leak patch protection rule, also comprises:
The described leak patch protection rule generated is pushed to described leak protection client.
A4, method according to claim A2, is characterized in that, also comprise:
Receive the request of the acquisition leak patch protection rule that described leak protection client sends;
Described leak is sent to protect client newly-generated leak patch protection rule according to described request.
B5, a kind of website vulnerability means of defence, is characterized in that, comprising:
Leak protection client obtains leak patch protection rule, and described leak patch protection rule is leak service regeulations;
Described leak patch protection rule is come into force at fire compartment wall end;
When receiving the access for certain leak, determine whether this access behavior is malicious act according to leak patch protection rule;
If malicious act, then stop this access.
B6, method according to claim B5, is characterized in that, described leak protection client obtains leak patch protection rule and comprises:
Described leak protection client sends to described leak protection service end the request obtaining leak patch protection rule;
Receive the leak patch protection rule that described leak protection service end sends.
B7, method according to claim B5, is characterized in that, described leak protection client obtains leak patch protection rule and comprises:
Receive the leak patch protection rule that described leak protection customer side pushes.
B8, method according to any one of claim B5-B7, is characterized in that, determines whether this access behavior is that malicious act comprises according to leak patch protection rule:
Described access behavior is protected rule with described leak patch mate;
If described access behavior and described leak patch protect rule match, then determine whether described access behavior is malicious act.
C9, a kind of website vulnerability protection service end, is characterized in that, comprising:
Acquiring unit, waits to protect leak for obtaining;
Analytic unit, for waiting that the service regeulations of protecting leak are analyzed to described, obtains leak patch protection rule;
Memory cell, for described leak patch protection rule being added in leak patch protection rule database, so that leak protection client obtains leak patch protection rule, and realizes the protection of corresponding leak according to described leak patch protection rule.
C10, according to claim C9 website vulnerability protection service end, it is characterized in that, described acquiring unit specifically for:
Wait to protect leak described in obtaining from leak service platform;
Or wait to protect leak described in obtaining from third-party platform.
C11, according to claim C10 website vulnerability protection service end, it is characterized in that, also comprise:
Push unit, for after adding in leak patch protection rule database by described leak patch protection rule, is pushed to described leak protection client by the described leak patch protection rule generated.
C12, according to claim C10 website vulnerability protection service end, it is characterized in that, also comprise:
Receiving element, for receiving the request of the acquisition leak patch protection rule that described leak protection client sends;
Transmitting element, for sending to described leak to protect client newly-generated leak patch protection rule according to described request.
D13, a kind of website vulnerability protection client, is characterized in that, comprising:
Acquiring unit, for obtaining leak patch protection rule, described leak patch protection rule is leak service regeulations;
Validation unit, for coming into force described leak patch protection rule at fire compartment wall end;
According to leak patch protection rule, determining unit, for when receiving the access for certain leak, determines whether this access behavior is malicious act;
Operating unit, for when determining that the access for certain leak is malicious act, stops this access.
D14, according to claim D13 website vulnerability protection client, it is characterized in that, described acquiring unit comprises:
Sending module, for sending to described leak protection service end the request obtaining leak patch protection rule;
First receiver module, for receiving the leak patch protection rule that described leak protection service end sends.
D15, according to claim D13 website vulnerability protection client, it is characterized in that, described acquiring unit comprises:
Second receiver module, for receiving the leak patch protection rule that described leak protection customer side pushes.
D16, according to any one of claim D13-D15 website vulnerability protection client, it is characterized in that, described determining unit comprises:
Matching module, mates for described access behavior is protected rule with described leak patch;
Determination module, for when rule match is protected in described access behavior and described leak patch, determines whether described access behavior is malicious act.
E17, a kind of website vulnerability guard system, is characterized in that, comprising:
Website vulnerability protection service end according to any one of claim C9-C12; With
Website vulnerability protection client according to any one of claim D13-D16.
In the above-described embodiments, the description of each embodiment is all emphasized particularly on different fields, in certain embodiment, there is no the part described in detail, can see the associated description of other embodiments.
Be understandable that, the correlated characteristic in said method and device can reference mutually.In addition, " first ", " second " in above-described embodiment etc. are for distinguishing each embodiment, and do not represent the quality of each embodiment.
Those skilled in the art can be well understood to, and for convenience and simplicity of description, the system of foregoing description, the specific works process of device and unit, with reference to the corresponding process in preceding method embodiment, can not repeat them here.
Intrinsic not relevant to any certain computer, virtual system or miscellaneous equipment with display at this algorithm provided.Various general-purpose system also can with use based on together with this teaching.According to description above, the structure constructed required by this type systematic is apparent.In addition, the present invention is not also for any certain programmed language.It should be understood that and various programming language can be utilized to realize content of the present invention described here, and the description done language-specific is above to disclose preferred forms of the present invention.
In specification provided herein, describe a large amount of detail.But can understand, embodiments of the invention can be put into practice when not having these details.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Similarly, be to be understood that, in order to simplify the disclosure and to help to understand in each inventive aspect one or more, in the description above to exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or the description to it sometimes.But, the method for the disclosure should be construed to the following intention of reflection: namely the present invention for required protection requires feature more more than the feature clearly recorded in each claim.Or rather, as claims below reflect, all features of disclosed single embodiment before inventive aspect is to be less than.Therefore, the claims following embodiment are incorporated to this embodiment thus clearly, and wherein each claim itself is as independent embodiment of the present invention.
Those skilled in the art are appreciated that and adaptively can change the module in the equipment in embodiment and they are arranged in one or more equipment different from this embodiment.Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and multiple submodule or subelement or sub-component can be put them in addition.Except at least some in such feature and/or process or unit be mutually repel except, any combination can be adopted to combine all processes of all features disclosed in this specification (comprising adjoint claim, summary and accompanying drawing) and so disclosed any method or equipment or unit.Unless expressly stated otherwise, each feature disclosed in this specification (comprising adjoint claim, summary and accompanying drawing) can by providing identical, alternative features that is equivalent or similar object replaces.
In addition, those skilled in the art can understand, although embodiments more described herein to comprise in other embodiment some included feature instead of further feature, the combination of the feature of different embodiment means and to be within scope of the present invention and to form different embodiments.Such as, in the following claims, the one of any of embodiment required for protection can use with arbitrary compound mode.
All parts embodiment of the present invention with hardware implementing, or can realize with the software module run on one or more processor, or realizes with their combination.It will be understood by those of skill in the art that the some or all functions that microprocessor or digital signal processor (DSP) can be used in practice to realize according to the some or all parts in the network security detection method of the embodiment of the present invention and device.The present invention can also be embodied as part or all equipment for performing method as described herein or device program (such as, computer program and computer program).Realizing program of the present invention and can store on a computer-readable medium like this, or the form of one or more signal can be had.Such signal can be downloaded from internet website and obtain, or provides on carrier signal, or provides with any other form.
The present invention will be described instead of limit the invention to it should be noted above-described embodiment, and those skilled in the art can design alternative embodiment when not departing from the scope of claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and does not arrange element in the claims or step.Word "a" or "an" before being positioned at element is not got rid of and be there is multiple such element.The present invention can by means of including the hardware of some different elements and realizing by means of the computer of suitably programming.In the unit claim listing some devices, several in these devices can be carry out imbody by same hardware branch.Word first, second and third-class use do not represent any order.Can be title by these word explanations.

Claims (10)

1. a website vulnerability means of defence, is characterized in that, comprising:
Leak protection service end obtains to be waited to protect leak;
Wait that the service regeulations of protecting leak are analyzed to described, obtain leak patch protection rule;
Described leak patch protection rule is added in leak patch protection rule database, so that leak protection client obtains leak patch protection rule, and realizes the protection of corresponding leak according to described leak patch protection rule.
2. method according to claim 1, is characterized in that, described leak protection service end obtains treats that protection leak comprises:
Wait to protect leak described in obtaining from leak service platform;
Or wait to protect leak described in obtaining from third-party platform.
3. method according to claim 2, is characterized in that, after adding in leak patch protection rule database by described leak patch protection rule, also comprises:
The described leak patch protection rule generated is pushed to described leak protection client.
4. method according to claim 2, is characterized in that, also comprises:
Receive the request of the acquisition leak patch protection rule that described leak protection client sends;
Described leak is sent to protect client newly-generated leak patch protection rule according to described request.
5. a website vulnerability means of defence, is characterized in that, comprising:
Leak protection client obtains leak patch protection rule, and described leak patch protection rule is leak service regeulations;
Described leak patch protection rule is come into force at fire compartment wall end;
When receiving the access for certain leak, determine whether this access behavior is malicious act according to leak patch protection rule;
If malicious act, then stop this access.
6. method according to claim 5, is characterized in that, described leak protection client obtains leak patch protection rule and comprises:
Described leak protection client sends to described leak protection service end the request obtaining leak patch protection rule;
Receive the leak patch protection rule that described leak protection service end sends.
7. method according to claim 5, is characterized in that, described leak protection client obtains leak patch protection rule and comprises:
Receive the leak patch protection rule that described leak protection customer side pushes.
8. a website vulnerability protection service end, is characterized in that, comprising:
Acquiring unit, waits to protect leak for obtaining;
Analytic unit, for waiting that the service regeulations of protecting leak are analyzed to described, obtains leak patch protection rule;
Memory cell, for described leak patch protection rule being added in leak patch protection rule database, so that leak protection client obtains leak patch protection rule, and realizes the protection of corresponding leak according to described leak patch protection rule.
9. a website vulnerability protection client, is characterized in that, comprising:
Acquiring unit, for obtaining leak patch protection rule, described leak patch protection rule is leak service regeulations;
Validation unit, for coming into force described leak patch protection rule at fire compartment wall end;
According to leak patch protection rule, determining unit, for when receiving the access for certain leak, determines whether this access behavior is malicious act;
Operating unit, for when determining that the access for certain leak is malicious act, stops this access.
10. a website vulnerability guard system, is characterized in that, comprising:
Website vulnerability protection service end as claimed in claim 8; With
Website vulnerability protection client as claimed in claim 9.
CN201410728098.2A 2014-12-03 2014-12-03 Website bug protection method, device and system Pending CN104468563A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410728098.2A CN104468563A (en) 2014-12-03 2014-12-03 Website bug protection method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410728098.2A CN104468563A (en) 2014-12-03 2014-12-03 Website bug protection method, device and system

Publications (1)

Publication Number Publication Date
CN104468563A true CN104468563A (en) 2015-03-25

Family

ID=52913935

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410728098.2A Pending CN104468563A (en) 2014-12-03 2014-12-03 Website bug protection method, device and system

Country Status (1)

Country Link
CN (1) CN104468563A (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104702620A (en) * 2015-03-26 2015-06-10 浪潮集团有限公司 Website protection method based on file mandatory access control
CN104915595A (en) * 2015-06-30 2015-09-16 北京奇虎科技有限公司 Virtualization bug fixing method and device through cloud platform
CN106293762A (en) * 2016-08-17 2017-01-04 杭州迪普科技有限公司 A kind of method and apparatus of real-time update virtual patch
CN106302515A (en) * 2016-09-08 2017-01-04 杭州迪普科技有限公司 A kind of method and apparatus of web portal security protection
CN106815229A (en) * 2015-11-30 2017-06-09 北京计算机技术及应用研究所 Database virtual patch means of defence
CN107395593A (en) * 2017-07-19 2017-11-24 深信服科技股份有限公司 A kind of leak automation means of defence, fire wall and storage medium
CN108023860A (en) * 2016-11-03 2018-05-11 中国电信股份有限公司 Means of defence, system and the Web application firewalls of Web applications
CN108965254A (en) * 2018-06-11 2018-12-07 武汉般若互动科技有限公司 One kind being used for government website security protection scheme
CN109711171A (en) * 2018-05-04 2019-05-03 360企业安全技术(珠海)有限公司 Localization method and device, system, storage medium, the electronic device of software vulnerability
CN109871683A (en) * 2019-01-24 2019-06-11 深圳昂楷科技有限公司 A kind of database protection system and method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020174167A1 (en) * 2001-05-16 2002-11-21 Fujitsu Limited Server machine, client machine, server program storage medium, client program storage medium, server-client system, and information processing method
US20040236962A1 (en) * 2003-05-19 2004-11-25 Wong Ping Wah Method and apparatus for secure browser-based information service
CN102710642A (en) * 2012-06-01 2012-10-03 北京神州绿盟信息安全科技股份有限公司 Method and device for scanning system bug
CN104038488A (en) * 2014-06-05 2014-09-10 深信服网络科技(深圳)有限公司 System network safety protection method and device
CN104065645A (en) * 2014-05-28 2014-09-24 北京知道创宇信息技术有限公司 Web vulnerability protection method and apparatus
CN104079528A (en) * 2013-03-26 2014-10-01 北大方正集团有限公司 Method and system of safety protection of Web application

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020174167A1 (en) * 2001-05-16 2002-11-21 Fujitsu Limited Server machine, client machine, server program storage medium, client program storage medium, server-client system, and information processing method
US20040236962A1 (en) * 2003-05-19 2004-11-25 Wong Ping Wah Method and apparatus for secure browser-based information service
CN102710642A (en) * 2012-06-01 2012-10-03 北京神州绿盟信息安全科技股份有限公司 Method and device for scanning system bug
CN104079528A (en) * 2013-03-26 2014-10-01 北大方正集团有限公司 Method and system of safety protection of Web application
CN104065645A (en) * 2014-05-28 2014-09-24 北京知道创宇信息技术有限公司 Web vulnerability protection method and apparatus
CN104038488A (en) * 2014-06-05 2014-09-10 深信服网络科技(深圳)有限公司 System network safety protection method and device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
赖维莹: "新型主动式漏洞检测及网络安全分析系统研究", 《中国优秀硕士学位论文全文数据库 信息科技辑(2008)》 *

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104702620A (en) * 2015-03-26 2015-06-10 浪潮集团有限公司 Website protection method based on file mandatory access control
CN104915595A (en) * 2015-06-30 2015-09-16 北京奇虎科技有限公司 Virtualization bug fixing method and device through cloud platform
CN104915595B (en) * 2015-06-30 2018-08-14 北京奇安信科技有限公司 Cloud platform virtualizes the method and device of loophole reparation
CN106815229A (en) * 2015-11-30 2017-06-09 北京计算机技术及应用研究所 Database virtual patch means of defence
CN106293762A (en) * 2016-08-17 2017-01-04 杭州迪普科技有限公司 A kind of method and apparatus of real-time update virtual patch
CN106302515A (en) * 2016-09-08 2017-01-04 杭州迪普科技有限公司 A kind of method and apparatus of web portal security protection
CN106302515B (en) * 2016-09-08 2019-09-06 杭州迪普科技股份有限公司 A kind of method and apparatus of web portal security protection
CN108023860A (en) * 2016-11-03 2018-05-11 中国电信股份有限公司 Means of defence, system and the Web application firewalls of Web applications
CN107395593A (en) * 2017-07-19 2017-11-24 深信服科技股份有限公司 A kind of leak automation means of defence, fire wall and storage medium
CN107395593B (en) * 2017-07-19 2020-12-04 深信服科技股份有限公司 Vulnerability automatic protection method, firewall and storage medium
CN109711171A (en) * 2018-05-04 2019-05-03 360企业安全技术(珠海)有限公司 Localization method and device, system, storage medium, the electronic device of software vulnerability
CN108965254A (en) * 2018-06-11 2018-12-07 武汉般若互动科技有限公司 One kind being used for government website security protection scheme
CN109871683A (en) * 2019-01-24 2019-06-11 深圳昂楷科技有限公司 A kind of database protection system and method
CN109871683B (en) * 2019-01-24 2021-04-27 深圳昂楷科技有限公司 Database protection system and method

Similar Documents

Publication Publication Date Title
CN104468563A (en) Website bug protection method, device and system
US9690933B1 (en) Framework for classifying an object as malicious with machine learning for deploying updated predictive models
US8959634B2 (en) Method and system for protection against information stealing software
US9892261B2 (en) Computer imposed countermeasures driven by malware lineage
JP5967107B2 (en) Method and apparatus for dealing with malware
US9130986B2 (en) Method and system for protection against information stealing software
US9015842B2 (en) Method and system for protection against information stealing software
US20130167236A1 (en) Method and system for automatically generating virus descriptions
US20140172495A1 (en) System and method for automated brand protection
CN104901975B (en) Web log file safety analytical method, device and gateway
EP3343867B1 (en) Methods and apparatus for processing threat metrics to determine a risk of loss due to the compromise of an organization asset
CN105099821A (en) Flow monitoring method and apparatus based on cloud virtual environment
CN104468632A (en) Loophole attack prevention method, device and system
US8959624B2 (en) Executable download tracking system
CN103999089A (en) System and method for scanning for computer vulnerabilities in a network environment
US10708292B2 (en) Vulnerability contextualization
US20100107247A1 (en) System and method for identification, prevention and management of web-sites defacement attacks
CN105430001A (en) Detecting method, terminal device, server and system of APT (Advanced Persistent Threat) attack
CN103473501A (en) Malware tracking method based on cloud safety
CN105550593A (en) Cloud disk file monitoring method and device based on local area network
CN104317672A (en) System file repairing method, device and system
KR101372906B1 (en) Method and system to prevent malware code
CN104537304A (en) File checking and killing method, device and system
CN104618176B (en) website security detection method and device
CN106407815A (en) Vulnerability detection method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20161230

Address after: 100015 Chaoyang District Road, Jiuxianqiao, No. 10, building No. 3, floor 15, floor 17, 1701-26,

Applicant after: BEIJING QI'ANXIN SCIENCE & TECHNOLOGY CO., LTD.

Address before: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park)

Applicant before: Beijing Qihoo Technology Co., Ltd.

C41 Transfer of patent application or patent right or utility model
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20150325