CN104660604A - More perfect implementation method of website protection algorithm - Google Patents
More perfect implementation method of website protection algorithm Download PDFInfo
- Publication number
- CN104660604A CN104660604A CN201510086253.XA CN201510086253A CN104660604A CN 104660604 A CN104660604 A CN 104660604A CN 201510086253 A CN201510086253 A CN 201510086253A CN 104660604 A CN104660604 A CN 104660604A
- Authority
- CN
- China
- Prior art keywords
- user
- website
- data
- character conversion
- conversion
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
Abstract
The invention discloses a more perfect implementation method of a website protection algorithm. According to the method, user operating data are acquired and subjected to character conversion, and converted data are stored on a website server; when a user requests the website server to return the stored data, the stored data are converted into raw data through character conversion and are displayed to the user. Currently known and unknown Web application attack can be detected, and the attack flow can be more accurately blocked in the premise that normal business flow is not influenced. The method can be applied to a Web application firewall, a next generation firewall, an intrusion prevention system and follow-up numerous security products for application layer protection, and has a wide application prospect.
Description
Technical field
The present invention relates to a kind of website protection method, particularly a kind of method being realized website protection by the character conversion from client to server end, belongs to field of information security technology.
Background technology
When WEB applies more and more while horn of plenty, its application also also exists potential safety hazard, WEB server becomes primary challenge target gradually with its powerful computing capability, handling property and the higher-value that contains, and the security incidents such as SQL injection, webpage tamper, web page horse hanging, frequently occur.Meanwhile, (Web Application Firewall, is called for short: WAF) arise at the historic moment, because it is operated in application layer Web application guard system, to Web application protection, there is inborn technical advantage, therefore generally by as the together important defence line in efficient public security system.
The WAF of current main-stream protects mainly through means such as feature identification, algorithm identified and pattern matching.This mode is to known attack, and its protective capacities is limited, because the hacker that success is invaded, not all without restraint makes widely known, is not easily found, and such as to web page horse hanging, what be difficult to discover is which, None-identified to such an extent as to be difficult to carry out statistical work.Therefore, the WEB application for the unknown is attacked, and Web application guard system is felt simply helpless, and is difficult to take good defensive measure, thus causes great potential safety hazard to the application of WEB.
And same for the defensive measure with self-learning function, its protective capacities makes moderate progress, and its learning functionality mainly comprises two aspects: webpage self study and user behavior self study.For the autolearn feature of Web applying web page, due to the variation of website, different websites can not be the same, so the characteristic of website self page has no idea to define in advance, so need equipment to adopt pre-mode of learning automatically, thus sum up the feature of the page of this website.For user behavior self study, it is then application firewall learns Web service user behavior pattern by analyzing bidirectional traffics, establish some personal behavior model, once matching visitor is certain behavior, just go by this Mode behavior the behavior way weighing visitor, have " exceeding the bounds " to attempt to block immediately.No matter webpage self study and user behavior self study mode, still has the defect that himself cannot overcome.Because it is in pre-learning process on the one hand, is do not possess protective capacities.On the other hand, the precision of study then depends on the realization of algorithm, cannot quantize its precision.
As can be seen here, we need a kind of method that can solve current safety problem.
Summary of the invention
Goal of the invention: for the deficiency of website guard technology, the invention provides the implementation method of a kind of more perfect website protection algorithm.
Technical scheme: a kind of implementation method of more perfect website protection algorithm, obtain user operation data, and user operation data are carried out character conversion, data after conversion are stored on Website server, for convenience of description, data after this conversion are called storage data below, the user operation data before conversion are called former data; When user returns its storage data to Website server request, data will be stored by character conversion, and convert former data to, show user.
Further, described user operation and data transfer method thereof comprise: (1) user carries out POST operation on website, now, the field of POST and parameter are carried out character conversion; (2) user in website enterprising style of writing part upload operation, now, the file content uploaded is carried out character conversion.
Beneficial effect: compared with prior art, provided by the invention based on from client to the website protection method of server end character conversion, when user carries out POST operation on website, the field of POST and parameter can pass through character conversion, the critical field of user POST and the parameter of submission, after conversion, can exist on Website server in the mode changing rear spcial character.When user obtains these information again, the message that website returns can first become normal information to return to user through character conversion.And the attack means of hacker, as SQL injection attacks, after conversion, attack statement and cannot carry out injection inquiry attack in a database.
When user is in website during enterprising style of writing part upload operation, the file content uploaded can carry out character conversion, and the file after conversion is kept on Website server.When user obtains these files again, the file that Website server returns can first become after normal content through character conversion, shows user.And if hacker wants to upload wooden horse on server, although can upload successfully, execution cannot be resolved by serviced device, thus resist the Trojan attack of hacker.
Web application known and unknown at present can not only be detected by the present invention to attack, and can block more accurately attack traffic under the prerequisite not affecting regular traffic flow.The present invention can be applicable to Web application firewall, fire compartment wall of future generation, intrusion prevention system and follow-up many safety products for application layer protection, is with a wide range of applications.
Accompanying drawing explanation
Fig. 1 is the website protection sequential chart that user of the present invention carries out POST request;
Fig. 2 is the website protection sequential chart that user of the present invention carries out files passe.
Embodiment
Below in conjunction with specific embodiment, illustrate the present invention further, these embodiments should be understood only be not used in for illustration of the present invention and limit the scope of the invention, after having read the present invention, the amendment of those skilled in the art to the various equivalent form of value of the present invention has all fallen within the application's claims limited range.
As shown in Fig. 1, operate the POST of user, the critical field in being operated by POST and submission parameter are changed.Suppose that middle security equipment is WAF, describe flow process as follows:
Step 101, user carries out POST operation;
Step 102, the critical field in extraction POST and the parameter of submission, through character conversion, convert special character to and be kept on Website server;
Step 103, user asks relevant information again;
Step 104, request message is transmitted to Website server through WAF;
Step 105, Website server returns corresponding spcial character;
Step 106, the spcial character returned, through character conversion, converts normal information (raw information) to and shows user;
Step 107, when hacker carries out POST injection;
Step 108, POST injects character and change into spcial character after character conversion;
Step 109, the spcial character through conversion cannot perform, and returns failure.
As shown in Fig. 2, user is enterprising style of writing part upload operation in website, carries out character conversion to the content of upload file.
Safety means in the middle of supposing are WAF, describe flow process as follows:
Step 201, user carries out files passe operation;
Step 202, the content in file, through character conversion, converts spcial character to and is kept on Website server;
Step 203, user opens file again;
Step 204, request message is forwarded to Website server through WAF;
Step 205, Website server returns the file of converted content;
Step 206, converts normal file content (original content) by character conversion to the content of file (file content of spcial character) and shows user;
Step 207, when hacker uploads wooden horse file;
Step 208, wooden horse file, after character conversion, converts spcial character to and is kept on Website server;
Step 209, the wooden horse file (spcial character converted to) after being converted cannot be performed by Website server, Trojan attack failure.
In sum, the invention provides the ultimate solution of a kind of web portal security protection.All conglomeraties such as technique can be applied to finance, government, colleges and universities, electric business website, such as, electric firm industry, can apply the present invention in safety means, can guarantee that electric business website is all in a safe condition any time like this.Not only protect the interests of vast electric business website, more ensure that the legitimate rights and interests of users, therefore, this technology has very high promotional value.
Claims (2)
1. the implementation method of a more perfect website protection algorithm, it is characterized in that: obtain user operation data, and user operation data are carried out character conversion, data after conversion are stored on Website server, for convenience of description, data after this conversion are called storage data below, the user operation data before conversion are called former data; When user returns its storage data to Website server request, storage data are passed through character conversion, convert former data to, show user, described user operation and data transfer method thereof comprise: (1) user carries out POST operation on website, now, the field of POST and parameter are carried out character conversion; (2) user in website enterprising style of writing part upload operation, now, the file content uploaded is carried out character conversion.
2. the implementation method of algorithm is protected in a kind of more perfect website as claimed in claim 1, it is characterized in that: when user carries out POST operation on website, when user returns its storage data to Website server request, the field of POST and parameter are carried out character conversion, be reduced into original field and parameter, show user, user is in website during enterprising style of writing part upload operation, when user returns its storage data to Website server request, the file content uploaded is carried out character conversion, is reduced into original file content and shows user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510086253.XA CN104660604A (en) | 2015-02-25 | 2015-02-25 | More perfect implementation method of website protection algorithm |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510086253.XA CN104660604A (en) | 2015-02-25 | 2015-02-25 | More perfect implementation method of website protection algorithm |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104660604A true CN104660604A (en) | 2015-05-27 |
Family
ID=53251307
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510086253.XA Pending CN104660604A (en) | 2015-02-25 | 2015-02-25 | More perfect implementation method of website protection algorithm |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104660604A (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103595732A (en) * | 2013-11-29 | 2014-02-19 | 北京奇虎科技有限公司 | Method and device for obtaining evidence of network attack |
| CN104079583A (en) * | 2014-07-17 | 2014-10-01 | 南京铱迅信息技术有限公司 | Website protection method based on character conversion from server side to client side |
| CN104079572A (en) * | 2014-06-27 | 2014-10-01 | 南京铱迅信息技术有限公司 | Website protection method based on character conversion from client to server |
-
2015
- 2015-02-25 CN CN201510086253.XA patent/CN104660604A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103595732A (en) * | 2013-11-29 | 2014-02-19 | 北京奇虎科技有限公司 | Method and device for obtaining evidence of network attack |
| CN104079572A (en) * | 2014-06-27 | 2014-10-01 | 南京铱迅信息技术有限公司 | Website protection method based on character conversion from client to server |
| CN104079583A (en) * | 2014-07-17 | 2014-10-01 | 南京铱迅信息技术有限公司 | Website protection method based on character conversion from server side to client side |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10778704B2 (en) | Systems and methods for phishing and brand protection | |
| CN108924118B (en) | Method and system for detecting database collision behavior | |
| US11212313B2 (en) | Detection of domain name impersonation | |
| CN107612926B (en) | One-sentence speech WebShell interception method based on client recognition | |
| Wang et al. | New chaotic encryption algorithm based on chaotic sequence and plain text | |
| CN109543454A (en) | A kind of anti-crawler method and relevant device | |
| EP3703329A1 (en) | Webpage request identification | |
| CN104767747A (en) | Click jacking safety detection method and device | |
| CN108156270B (en) | Domain name request processing method and device | |
| CN104899499A (en) | Internet image search based Web verification code generation method | |
| CN103888480A (en) | Cloud monitoring based network information security identification method and cloud device | |
| WO2014153959A1 (en) | Method, related apparatus and system for preventing cross-site request forgery | |
| CN106203229A (en) | The terminal unit recognition Quick Response Code of different rights is with the method for the different information of display | |
| US20190268373A1 (en) | System, method, apparatus, and computer program product to detect page impersonation in phishing attacks | |
| CN113141331A (en) | XSS attack detection method, device, equipment and medium | |
| Sammour et al. | DNS tunneling: A review on features | |
| CN109818906B (en) | Equipment fingerprint information processing method and device and server | |
| Roopak et al. | A novel phishing page detection mechanism using html source code comparison and cosine similarity | |
| CN112668005A (en) | Webshell file detection method and device | |
| CN102932353A (en) | Method and device for preventing malicious attacks | |
| CN104079572B (en) | It is a kind of based on the website protection method changed from client to server end character | |
| CN103023869A (en) | Malicious attack prevention method and browser | |
| Rasheed et al. | Adversarial attacks on featureless deep learning malicious URLs detection | |
| CN104079583A (en) | Website protection method based on character conversion from server side to client side | |
| KR101526500B1 (en) | Suspected malignant website detecting method and system using information entropy |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150527 |
|
| WD01 | Invention patent application deemed withdrawn after publication |