A kind of website attack protection verifying system and method
The present invention relates to technical field of network security, are specifically related to a kind of website attack protection verifying system and method.
Background technique
Net cast website needs to save various sensitive informations, such as user in daily execution various businesses at present
People's identity information, Credit Card Payments data and website business information, therefore easily become the target of attack of illegal user.In order to protect
The interests for protecting user and website need the client to request connection to be verified the various illegal requests to defend illegal user
Perhaps network attack client refers generally to browser or app application.But internet site, especially net cast website
User it is numerous, amount of access is huge, how not only to have guaranteed legitimate user to the access of website and had maintained the normal operation of website, but also energy
The safety for enough ensuring legitimate user and website, has become urgent problem.
Summary of the invention
In view of the deficiencies in the prior art, the main purpose of the present invention is to provide a kind of verifyings of website attack protection is
System, another object of the present invention is to provide a kind of website attack protection verification methods can by the way of verifying authentication password
Enough guarantee that the request of secured user is unaffected, also can effectively intercept the connection request of insecure user, takes precautions against to website
Illegal request and network attack, it is ensured that web portal security operation.
The present invention provides a kind of website attack protection verifying system, comprising:
Level-one detection module, for the use of authentication password detection user whether being secured user that system was assert;
Secondary detection module, uniform resource locator URL, user's access time and use for being requested access to by user
Family IP judges whether the user behavior of the insecure user of level-one detection module identification is network attack.
Based on the above technical solution, the authentication password includes the first authentication password and authenticates with described first
Second authentication password of password pairing;The system also includes secret generation module, the secret generation module is used for described
The user that the user behavior of secondary detection module identification belongs to network attack sends identifying code, and verifying code encryption is generated the first mirror
Password is weighed, and judges whether the identifying code of user input is correct, after identifying code is correct, is generated and the pairing of the first authentication password
Second authentication password, and the correct user browser of input is sent by first authentication password and the second authentication password
In cookie, and in the cookie for the user browser for sending input error for first authentication password, and will verifying
Code error message is sent to the user of input error.
Based on the above technical solution, second authentication password includes the identifying code and key.
Based on the above technical solution, the secret generation module is added identifying code using HMACMD5 Encryption Algorithm
It is dense to generate second authentication password at first authentication password, and by identifying code and key encryption.
Based on the above technical solution, the system also includes memory modules, and the memory module is for saving institute
Identifying code, key, authentication password and monitoring table are stated, the monitoring table records the URL that need to be monitored, needs storage and monitoring time segment and need
Monitor User IP.
Based on the above technical solution, the period for needing each URL of monitoring period segment record that need to monitor.
Based on the above technical solution, the URL that secondary detection module monitors the need obtained by big data analysis
It is stored in the monitoring table with User IP need to be monitored.
The present invention also provides a kind of website attack protection verification methods, comprising the following steps:
S1. whether level-one detection module is secured user that system was assert, the mirror using authentication password detection user
Power password includes the first authentication password and the second authentication password with first authentication password pairing, if so, into S6;If
It is no, into S2;
S2. uniform resource locator URL, user's access time and the user that secondary detection module is requested access to by user
IP judges whether the user behavior of the insecure user of level-one detection module identification is network attack;If it is not, into S6;If so,
Into S3;
S3. secret generation module is sent to the user that the user behavior of the secondary detection module identification belongs to network attack
Verifying code encryption is generated the first authentication password by identifying code, and judges whether the identifying code of user input is correct, if it is not, into
Enter S4;If so, into S5;
S4., first authentication password and identifying code error message are sent to the user of input error, terminated;
S5. the second authentication password with first authentication password pairing is generated, by first authentication password and second
Authentication password is sent in the cookie for inputting correct user browser;
S6. it shows the content of user's request, terminates.
Based on the above technical solution, step S1 is specifically included:
Level-one detection module receives the request that user sends, and whether detect has authentication close in the cookie of user browser
Whether code and authentication password match, if having authentication password and pairing in the cookie of user browser, judge that the user is
The secured user that system was assert.
Based on the above technical solution, step S2 is specifically included:
Secondary detection module successively detects whether URL, user's access time and the User IP that user requests access to are to need to supervise
The URL of control, it needs storage and monitoring time segment and User IP need to be monitored, if the testing result of secondary detection module is to be, judge the use
Family behavior is network attack.
Compared with prior art, advantages of the present invention is as follows:
(1) present invention includes level-one detection module and secondary detection module, and level-one detection module is used to use authentication password
Whether detection user is secured user that system was assert, and secondary detection module is used for the unified resource requested access to by user
Locator URL, user's access time and User IP judge the insecure user of level-one detection module identification user behavior whether
For network attack.Therefore, it can either guarantee that the request of secured user is unaffected, also can effectively intercept the company of insecure user
Request is connect, illegal request and network attack to website are taken precautions against, it is ensured that web portal security operation.
(2) present invention includes secret generation module, and secret generation module is used for user's row to secondary detection module identification
Identifying code is sent to belong to the user of network attack, verifying code encryption is generated into the first authentication password, and judge that the user inputs
Identifying code it is whether correct, after identifying code is correct, generate with the first authentication password pairing the second authentication password, and by first mirror
Power password and the second authentication password are sent in the cookie for inputting correct user browser, and secured user is recognized in completion
It is fixed.And it sends the first authentication password in the cookie of user browser of input error, and identifying code mistake is believed
Breath is sent to the user of input error, intercepts to the connection request of network attack user.
(3) secret generation module in the present invention will verify code encryption using HMACMD5 Encryption Algorithm and generate authentication password,
Authentication password includes the first authentication password and the second authentication password with the pairing of the first authentication password, wherein the first authentication password
Including identifying code, the second authentication password includes identifying code and key.Therefore, authentication password is highly-safe, it can be ensured that website
Safe operation.
(4) the secondary detection module in the present invention deposits the URL and User IP that the need obtained by big data analysis monitor
Enter in monitoring table.Monitoring table records the URL that need to be monitored, needs storage and monitoring time segment and need to monitor User IP, needs monitoring period segment record
Therefore the period that each URL need to be monitored can take flexible counter-measure, it is ensured that what need to be monitored according to the actual situation
URL, the reasonable control for needing storage and monitoring time segment and User IP.
Detailed description of the invention
Fig. 1 is website of embodiment of the present invention attack protection verifying system block diagram;
Fig. 2 is website of embodiment of the present invention attack protection verification method flow chart.
Appended drawing reference:
Level-one detection module 1, secondary detection module 2, secret generation module 3, memory module 4.
Specific embodiment
Term explanation:
Lua is the scripting language for being embedded in server.
Nginx is Web server, Reverse Proxy and Email (IMAP/POP3) agency of a lightweight
Server.
Identifying code is that user identifies that picture carries out behavior verifying.
TCP (Transmission Control Protocol transmission control protocol).
MD5 (Message Digest Algorithm Message Digest Algorithm 5) is that computer safety field makes extensively
A kind of hash function, to provide the integrity protection of message.
HMAC (Hash-based Message Authentication Code) is the relevant Hash operation message of key
Authentication code, HMAC operation utilize hash algorithm, are input with a key and a message, generate an eap-message digest as defeated
Out.
HMACMD5 is a kind of keying hash algorithm constructed from MD5 hash function, is used as the information authentication based on Hash
Code.This HMAC process mixes key with message data, Hash calculation is carried out to mixing resultant using hash function, by gained
Cryptographic Hash is mixed with the key, then applies hash function again.The cryptographic Hash length of output is 128.
With reference to the accompanying drawing and specific embodiment the present invention is described in further detail.
Shown in Figure 1, the embodiment of the present invention provides a kind of website attack protection verifying system, including level-one detection module 1,
Secondary detection module 2, secret generation module 3 and memory module 4.The system is stored in server end, in which:
Level-one detection module 1, for the use of authentication password detection user whether being secured user that system was assert;
Secondary detection module 2, uniform resource locator URL, user's access time for being requested access to by user and
User IP judges whether the user behavior for the insecure user that level-one detection module 1 is assert is network attack.
The present invention includes level-one detection module 1 and secondary detection module 2, and level-one detection module 1 is used to use authentication password
Whether detection user is secured user that system was assert, and what secondary detection module 2 was used to request access to by user unified provides
Source locator URL, user's access time and User IP judge that the user behavior of the insecure user of level-one detection module identification is
No is network attack.Therefore, it can either guarantee that the request of secured user is unaffected, also can effectively intercept insecure user
Connection request takes precautions against illegal request and network attack to website, it is ensured that web portal security operation.
Authentication password includes the first authentication password and the second authentication password with the pairing of the first authentication password.Password generates
Module 3 is used to belong to the user behavior that secondary detection module 2 is assert user's transmission identifying code of network attack, by identifying code plus
It is dense at the first authentication password, and judge the user input identifying code it is whether correct, after identifying code is correct, generate second authentication
Password, and send the first authentication password and the second authentication password in the cookie for inputting correct user browser, and
It sends the first authentication password in the cookie for inputting correct user browser, and identifying code error message is sent to
The user of input error.
In the request of high concurrent amount, if the authentication password for being used to verify user is stored in server end for the big of generation
TCP connection is measured, in order to avoid the decline of server end performance, therefore the authentication password for being used to verify user is stored in use by the present invention
In the cookie of family browser.
Secret generation module 3 in the present invention authenticates close by the first authentication password and with the second of the pairing of the first authentication password
Code is sent in the cookie for input correct user browser, identification of the completion to secured user, and by the first authentication password
It is sent in the cookie of the user browser of input error, and identifying code error message is sent to the use of input error
Family intercepts the connection request of network attack user.
Second authentication password includes identifying code and key.
Secret generation module 3 will verify code encryption using HMACMD5 Encryption Algorithm and generate the first authentication password, and will verifying
Code and key encryption generate the second authentication password.
Secret generation module 3 in the present invention will verify code encryption using HMACMD5 Encryption Algorithm and generate authentication password, mirror
Power password includes the first authentication password and the second authentication password with the pairing of the first authentication password, wherein the first authentication password packet
Identifying code is included, the second authentication password includes identifying code and key.Therefore, authentication password is highly-safe, it can be ensured that the peace of website
Row for the national games.
Memory module 4 need to be monitored for saving identifying code, key, authentication password and monitoring table, monitoring table record
URL, it needs storage and monitoring time segment and User IP need to be monitored.
The period for needing each URL of monitoring period segment record that need to monitor.
Secondary detection module 2 is by the URL that the need obtained by big data analysis monitor and need to monitor User IP deposit monitoring
In table.
URL and the User IP deposit that secondary detection module 2 in the present invention monitors the need obtained by big data analysis
It monitors in table.Monitoring table records the URL that need to be monitored, needs storage and monitoring time segment and need to monitor User IP, needs monitoring period segment record every
Therefore the period that a URL need to be monitored can take flexible counter-measure according to the actual situation, it is ensured that the URL that need to be monitored,
Need the reasonable control of storage and monitoring time segment and User IP.
Level-one detection module 1, secondary detection module 2 and secret generation module 3 can be used lua scripting language and be based on
Above-mentioned function is realized on the server end of Nginx server.
Shown in Figure 2, the embodiment of the present invention also provides a kind of website attack protection verification method, comprising the following steps:
S1. whether level-one detection module is secured user that system was assert using authentication password detection user, is authenticated close
Code includes the first authentication password and the second authentication password with the pairing of the first authentication password, if so, into S6;If it is not, into
S2。
Step S1 is specifically included:
Level-one detection module receives the request that user sends, and whether detect has authentication close in the cookie of user browser
Whether code and authentication password match, if having authentication password and pairing in the cookie of user browser, judge that the user is
The secured user that system was assert.
S2. uniform resource locator URL, user's access time and the user that secondary detection module is requested access to by user
IP judges whether the user behavior of the insecure user of level-one detection module identification is network attack;If it is not, into S6;If so,
Into S3.
Step S2 is specifically included:
Secondary detection module 2 successively detects whether URL, user's access time and the User IP that user requests access to are to need to supervise
The URL of control, it needs storage and monitoring time segment and User IP need to be monitored, if the testing result of secondary detection module 2 is to be, judge the use
Family behavior is network attack.
S3. secret generation module 3 sends to the user that the user behavior that secondary detection module 2 is assert belongs to network attack and tests
Code is demonstrate,proved, verifying code encryption is generated into the first authentication password, and judges whether the identifying code of user input is correct, if it is not, into
S4;If so, into S5.
S4., first authentication password and identifying code error message are sent to the user of input error, terminated.
S5. the second authentication password with the pairing of the first authentication password is generated, by the first authentication password and the second authentication password
It is sent in the cookie for inputting correct user browser.
S6. it shows the content of user's request, terminates.
The present invention is not limited to the above-described embodiments, for those skilled in the art, is not departing from
Under the premise of the principle of the invention, several improvements and modifications can also be made, these improvements and modifications are also considered as protection of the invention
Within the scope of.The content being not described in detail in this specification belongs to the prior art well known to professional and technical personnel in the field.