CN106453397A - Method of automatically identifying network ticket-robbing and intrusion through big data analysis - Google Patents

Method of automatically identifying network ticket-robbing and intrusion through big data analysis Download PDF

Info

Publication number
CN106453397A
CN106453397A CN201611027645.XA CN201611027645A CN106453397A CN 106453397 A CN106453397 A CN 106453397A CN 201611027645 A CN201611027645 A CN 201611027645A CN 106453397 A CN106453397 A CN 106453397A
Authority
CN
China
Prior art keywords
server
data
blacklist
nginx
analysis
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611027645.XA
Other languages
Chinese (zh)
Inventor
曹杰
冯雨晖
宿晓坤
苏建辉
李苏
曹永�
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING HONGMA MEDIA CULTURE DEVELOPMENT CO LTD
Original Assignee
BEIJING HONGMA MEDIA CULTURE DEVELOPMENT CO LTD
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING HONGMA MEDIA CULTURE DEVELOPMENT CO LTD filed Critical BEIJING HONGMA MEDIA CULTURE DEVELOPMENT CO LTD
Priority to CN201611027645.XA priority Critical patent/CN106453397A/en
Publication of CN106453397A publication Critical patent/CN106453397A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/568Storing data temporarily at an intermediate stage, e.g. caching

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides a method of automatically identifying network ticket-robbing and intrusion through big data analysis. The method comprises the steps: an external server initiates an Nginx server access request through a firewall, and the Nginx server dispatches the request to an application server; and the application server when performing service operation calls a behavior defense server for behavior defense. According to the method of automatically identifying network ticket-robbing and intrusion through big data analysis, malicious users and malicious attacks are prevented efficiently by analyzing access logs of the front-end Web server and processing logs of an application layer behavior defense system, comprehensively generating a blacklist of IPs, users and other dimensionalities and pushing the blacklist to the front-end Web server and even network entrances at different layers such as a WAF and a firewall.

Description

A kind of method that ticket and invasion are robbed by analysis big data automatic identification network
Technical field
The present invention relates to Deviant Behavior technology of identification field, more particularly, to one kind is by analyzing big data automatic identification network The method robbing ticket and invasion.
Background technology
At present, preventing malicious attack system is broadly divided into two kinds:
1st, direct IP defence, for directly configuring malice IP on protection machine, is typically used for fire wall and WAF etc. and sets Standby.
2nd, behavior defence, pre-sets rule, the behavior according to user during operation determines whether malicious user, thus Intercepted.This system of defense is typically understood fit applications system and is used, and buries a little in the key position of application system, carries out risk Judge.
Inventor finds in the course of the study, and the technical scheme of direct IP defence is although simple, however it is necessary that people Work safeguards blacklist, needs to put into more operation maintenance personnel monitor in real time, and blacklist is in hysteretic state all the time, can only take The situation of Passive Defence.Specifying of dependent Rule is compared in behavior defence, needs to safeguard the rule base of bulky complex, and behavior is prevented Imperial system must use cooperatively with application system, has certain invasion for application system.And due to preventing of behavior system of defense Imperial feature, so that it must take defensive measure in application layer, can make application to larger pressure, undertake a lot of malice and use The access at family and attack.
Content of the invention
In order to solve above-mentioned technical problem, the invention provides a kind of by analysis big data automatic identification network rob ticket and The method of invasion, can be directed to the access log of Web server, daily record is defendd in behavior, other risk data source is analyzed, produce Raw blacklist, and blacklist is pushed to each layer preventer such as Web server, fire wall.
For reaching above-mentioned purpose, the invention provides a kind of rob ticket and invasion by analyzing big data automatic identification network Method, including:
External server initiates to access Nginx server request by fire wall, and request is dispatched to by Nginx server should Use server;
Application server, when executing business operation, calls behavior defence server, carries out behavior defence.
Further, request is dispatched to application server by described Nginx server, including:
External server is sent to number by the access log that fire wall initiates to access Nginx server request by Nginx According to Analysis server, behavior defence daily record is sent to ES server, is finally transferred to data analytics server by application server, Analysis server is analyzed to the data in the risk data source in the daily record receiving, and according to the result of data analysiss, generates black List.
Further, described Analysis server is analyzed to the data in the risk data source in the daily record receiving, according to The result of data analysiss, generates blacklist, including:
For the real-time streaming analysis of data, off-line analysiss and it is predicted formula using machine learning principle for data Analysis.
Further, also include, the blacklist of generation is pushed to different preventers in the form of broadcasting.
Further, described application server, when executing business operation, calls behavior defence server, carries out behavior and prevent Imperial, including:
The blacklist of generation is pushed to Nginx server and SOCKS server so as to according to black by application server List is on the defensive.
The present invention passes through external server and initiates to access Nginx server request by fire wall, and Nginx server will be asked Ask and be dispatched to application server;Application server, when executing business operation, calls behavior defence server, carries out behavior and prevent Imperial, by analyzing the access log of front-end Web server and the process daily record of application layer behavior system of defense, comprehensive generation The blacklist of IP, user and other dimension, is pushed to the network of the different levels such as front-end Web server or even WAF, fire wall Entrance, malicious user and malicious attack are effectively protected.
Brief description
A kind of enforcement of method robbing ticket and invasion by analysis big data automatic identification network that Fig. 1 provides for the present invention The flow chart of example one;
Specific embodiment
In order that those skilled in the art more fully understand the present invention program, below in conjunction with the embodiment of the present invention Accompanying drawing, is clearly and completely described to the technical scheme in the embodiment of the present invention it is clear that described embodiment is only The embodiment of a present invention part, rather than whole embodiments.Based on the embodiment in the present invention, ordinary skill people The every other embodiment that member is obtained under the premise of not making creative work, all should belong to the model of present invention protection Enclose.
It should be noted that term " first " in description and claims of this specification and above-mentioned accompanying drawing, " Two " it is etc. for distinguishing similar object, without for describing specific order or precedence.It should be appreciated that such use Data can exchange in the appropriate case so that embodiments of the invention described herein can with except here diagram or Order beyond those of description is implemented.Additionally, term " comprising " and " having " and their any deformation are it is intended that cover Cover non-exclusive comprising, for example, contain series of steps or process, method, system, product or the equipment of unit are not necessarily limited to Those steps clearly listed or unit, but may include clearly not listing or for these processes, method, product Or the intrinsic other steps of equipment or unit.
Embodiment one
The embodiment of the present invention one provides a kind of method robbing ticket and invasion by analysis big data automatic identification network, such as Shown in Fig. 1, including:Step S110 and S120.
In step s 110, external server initiates to access Nginx server request, Nginx server by fire wall Request is dispatched to application server.
In the step s 120, application server, when executing business operation, calls behavior defence server, carries out behavior and prevent Imperial.
Further, request is dispatched to application server by described Nginx server, including:
External server is sent to number by the access log that fire wall initiates to access Nginx server request by Nginx According to Analysis server, behavior defence daily record is sent to ES server, is finally transferred to data analytics server by application server, Analysis server is analyzed to the data in the risk data source in the daily record receiving, and according to the result of data analysiss, generates black List.
Further, described Analysis server is analyzed to the data in the risk data source in the daily record receiving, according to The result of data analysiss, generates blacklist, including:
For the real-time streaming analysis of data, off-line analysiss and it is predicted formula using machine learning principle for data Analysis.
Further, also include, the blacklist of generation is pushed to different preventers in the form of broadcasting.Can external its The data in its risk data source carries out comprehensive analysis, according to the result of data analysiss, generates blacklist, and blacklist is pushed to Nginx server and SOCKS server are so as to can be on the defensive according to blacklist.Wherein in data analytics server, Deploy data analysis module, including for data real-time streaming analysis, off-line analysiss and utilize machine learning principle pin Data is predicted with formula analysis.
Specifically include:Daily record, other risk data source is defendd to carry out in real time for the access log of Web server, behavior Analysis, produces blacklist.
Defend daily record, other risk data source to carry out off-line analysiss for the access log of Web server, behavior, produce Blacklist.
Defend daily record, other risk data source to be predicted formula analysis for the access log of Web server, behavior, produce Raw blacklist.
Blacklist is pushed to each layer preventer such as Web server, fire wall.
Further, described application server, when executing business operation, calls behavior defence server, carries out behavior and prevent Imperial, including:
The blacklist of generation is pushed to Nginx server and SOCKS server so as to according to black by application server List is on the defensive.
The present invention has advantages below:
Analyzed in real time using access log, Dynamic Maintenance blacklist;Using the machine learning function of big data, to visit Ask that user is predicted formula analysis, carry out Initiative Defense;For behavior defend daily record analysis, Dynamic Maintenance blacklist, fully Protection experience using the accumulation of external behavior system of defense;The blacklist producing is pushed to different protection in the form of broadcasting and sets For so that the preventer of different stage obtains protection reinforcement simultaneously;Using the data of continuous accumulation, constantly adjust data analysiss Method is so that system possesses ability of self-teaching.
Traditional defense system is direct IP defence+behavior defence, when robbing ticket, can pour in substantial amounts of visit at short notice Ask request, direct IP defence cannot timely and effectively adjust defence policies;And although behavior defence can play certain effect, can It is to allow application server in the face of most of pressure of defence is so that regular traffic receives impact.
And the defence method based on the present invention, system can be allowed according to the result of accessing characteristic and behavior defence offer, The quick strategy adjusting direct IP defence, the flexible adaptability to changes substantially increasing system alleviates the negative of application server simultaneously Load is it is ensured that the operating of regular traffic.
The present invention passes through external server and initiates to access Nginx server request by fire wall, and Nginx server will be asked Ask and be dispatched to application server;Application server, when executing business operation, calls behavior defence server, carries out behavior defence Technical scheme, analyzed in real time using access log, Dynamic Maintenance blacklist, using the machine learning function of big data, To access user be predicted formula analysis, carry out Initiative Defense, for behavior defend daily record analysis, Dynamic Maintenance blacklist, Make full use of the protection experience of external behavior system of defense accumulation, the blacklist of generation is pushed to different protection in the form of broadcasting Equipment so that the preventer of different stage obtains protection reinforcement simultaneously, using the data of continuous accumulation, divide by continuous adjustment data Analysis method is so that system possesses ability of self-teaching.
The embodiments of the present invention are for illustration only, do not represent the quality of embodiment.
It should be noted that for aforesaid each method embodiment, in order to be briefly described, therefore it is all expressed as a series of Combination of actions, but those skilled in the art should know, the present invention is not limited by described sequence of movement because According to the present invention, some steps can be carried out using other orders or simultaneously.Secondly, those skilled in the art also should know Know, embodiment described in this description belongs to preferred embodiment, involved action and the module not necessarily present invention Necessary.
In the above-described embodiments, the description to each embodiment all emphasizes particularly on different fields, and does not have the portion described in detail in certain embodiment Point, may refer to the associated description of other embodiment.
It should be understood that disclosed device in several embodiments provided herein, can be by another way Realize.For example, device embodiment described above is only the schematically division of for example described unit, is only one kind Division of logic function, actual can have other dividing mode when realizing, for example multiple units or assembly can in conjunction with or can To be integrated into another system, or some features can be ignored, or does not execute.Another, shown or discussed each other Coupling or direct-coupling or communication connection can be by some interfaces, the INDIRECT COUPLING of device or unit or communication connection, It can be electrical or other form.
The described unit illustrating as separating component can be or may not be physically separate, show as unit The part showing can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple On NE.The mesh to realize this embodiment scheme for some or all of unit therein can be selected according to the actual needs 's.
In addition, can be integrated in a processing unit in each functional unit in each embodiment of the present invention it is also possible to It is that unit is individually physically present it is also possible to two or more units are integrated in a unit.Above-mentioned integrated list Unit both can be to be realized in the form of hardware, it would however also be possible to employ the form of SFU software functional unit is realized.
It may be noted that according to the needs implemented, each step/part described in this application can be split as more multistep The part operation of two or more step/parts or step/part also can be combined into new step/part by suddenly/part, To realize the purpose of the present invention.
Above-mentioned the method according to the invention can be realized in hardware, firmware, or is implemented as being storable in recording medium Software in (such as CD ROM, RAM, floppy disk, hard disk or magneto-optic disk) or computer code, or it is implemented through network download Original storage and the meter in local recording medium will be stored in long-range recording medium or nonvolatile machine readable media Calculation machine code, thus method described here can be stored in using general purpose computer, application specific processor or programmable or special With the such software processes in the recording medium of hardware (such as ASIC or FPGA).It is appreciated that it is computer, processor, micro- Processor controller or programmable hardware include can storing or receive software or computer code storage assembly (for example, RAM, ROM, flash memory etc.), when described software or computer code are by computer, processor or hardware access and when executing, realize here The processing method of description.Additionally, when general purpose computer accesses the code of the process being shown in which for realization, the execution of code General purpose computer is converted to the special-purpose computer for executing the process being shown in which.
The above, the only specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, and any Those familiar with the art the invention discloses technical scope in, change or replacement can be readily occurred in, all should contain Cover within protection scope of the present invention.Therefore, protection scope of the present invention should be defined by described scope of the claims.

Claims (5)

1. a kind of rob the method for ticket and invasion it is characterised in that including by analyzing big data automatic identification network:
External server initiates to access Nginx server request by fire wall, and request is dispatched to application clothes by Nginx server Business device;
Application server, when executing business operation, calls behavior defence server, carries out behavior defence.
2. the method for claim 1 is it is characterised in that request is dispatched to application server by described Nginx server, Including:
External server is sent to data by the access log that access Nginx server request initiated by fire wall and divides by Nginx Analysis server, behavior defence daily record is sent to ES server by application server, is finally transferred to data analytics server, analysis Server is analyzed to the data in the risk data source in the daily record receiving, and according to the result of data analysiss, generates blacklist.
3. method as claimed in claim 2 is it is characterised in that described Analysis server is to the risk data in the daily record receiving The data in source is analyzed, and according to the result of data analysiss, generates blacklist, including:
For the real-time streaming analysis of data, off-line analysiss and be predicted formula using machine learning principle for data and divide Analysis.
4. it is characterised in that also including, the blacklist of generation is pushed in the form of broadcasting method as claimed in claim 2 Different preventers.
5. the method as described in one of claim 1-4 it is characterised in that described application server execute business operation when, Call behavior defence server, carry out behavior defence, including:
The blacklist of generation is pushed to Nginx server and SOCKS server so as to according to blacklist by application server It is on the defensive.
CN201611027645.XA 2016-11-18 2016-11-18 Method of automatically identifying network ticket-robbing and intrusion through big data analysis Pending CN106453397A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611027645.XA CN106453397A (en) 2016-11-18 2016-11-18 Method of automatically identifying network ticket-robbing and intrusion through big data analysis

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611027645.XA CN106453397A (en) 2016-11-18 2016-11-18 Method of automatically identifying network ticket-robbing and intrusion through big data analysis

Publications (1)

Publication Number Publication Date
CN106453397A true CN106453397A (en) 2017-02-22

Family

ID=58220884

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611027645.XA Pending CN106453397A (en) 2016-11-18 2016-11-18 Method of automatically identifying network ticket-robbing and intrusion through big data analysis

Country Status (1)

Country Link
CN (1) CN106453397A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108965348A (en) * 2018-10-12 2018-12-07 深圳前海微众银行股份有限公司 Network safety protection method, equipment and computer readable storage medium
CN109391693A (en) * 2018-10-24 2019-02-26 国云科技股份有限公司 A kind of method that fort machine supports audit web application
CN109905410A (en) * 2019-04-17 2019-06-18 北京搜狐新媒体信息技术有限公司 Web application safety protecting method and Web application firewall system
CN111181911A (en) * 2019-08-23 2020-05-19 腾讯科技(深圳)有限公司 Method, server, equipment and medium for protecting password blasting attack
CN114826755A (en) * 2022-05-05 2022-07-29 烽火通信科技股份有限公司 Method and device for defending network malicious attack
CN115208601A (en) * 2021-09-18 2022-10-18 上海漫道科技有限公司 Method and system for actively defending malicious scanning

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100031093A1 (en) * 2008-01-29 2010-02-04 Inventec Corporation Internal tracing method for network attack detection
CN102413013A (en) * 2011-11-21 2012-04-11 北京神州绿盟信息安全科技股份有限公司 Method and device for detecting abnormal network behavior
CN102868746A (en) * 2012-09-14 2013-01-09 北京红日逸信科技有限公司 Method for realizing mobile informationization
CN103475637A (en) * 2013-04-24 2013-12-25 携程计算机技术(上海)有限公司 Network access control method and system based on IP access behaviors
CN203554507U (en) * 2013-10-22 2014-04-16 上海忆通广达信息技术有限公司 Invasion defense communications network system with risk identification
CN104239197A (en) * 2014-10-10 2014-12-24 浪潮电子信息产业股份有限公司 Method for discovering abnormal behaviors of management user based on big data log analysis
CN105069626A (en) * 2015-07-23 2015-11-18 北京京东尚科信息技术有限公司 Detection method and detection system for shopping abnormity
CN105897676A (en) * 2015-12-01 2016-08-24 乐视网信息技术(北京)股份有限公司 User resource access behavior processing method and device

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100031093A1 (en) * 2008-01-29 2010-02-04 Inventec Corporation Internal tracing method for network attack detection
CN102413013A (en) * 2011-11-21 2012-04-11 北京神州绿盟信息安全科技股份有限公司 Method and device for detecting abnormal network behavior
CN102868746A (en) * 2012-09-14 2013-01-09 北京红日逸信科技有限公司 Method for realizing mobile informationization
CN103475637A (en) * 2013-04-24 2013-12-25 携程计算机技术(上海)有限公司 Network access control method and system based on IP access behaviors
CN203554507U (en) * 2013-10-22 2014-04-16 上海忆通广达信息技术有限公司 Invasion defense communications network system with risk identification
CN104239197A (en) * 2014-10-10 2014-12-24 浪潮电子信息产业股份有限公司 Method for discovering abnormal behaviors of management user based on big data log analysis
CN105069626A (en) * 2015-07-23 2015-11-18 北京京东尚科信息技术有限公司 Detection method and detection system for shopping abnormity
CN105897676A (en) * 2015-12-01 2016-08-24 乐视网信息技术(北京)股份有限公司 User resource access behavior processing method and device

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108965348A (en) * 2018-10-12 2018-12-07 深圳前海微众银行股份有限公司 Network safety protection method, equipment and computer readable storage medium
CN108965348B (en) * 2018-10-12 2021-02-19 深圳前海微众银行股份有限公司 Network security protection method, equipment and computer readable storage medium
CN109391693A (en) * 2018-10-24 2019-02-26 国云科技股份有限公司 A kind of method that fort machine supports audit web application
CN109905410A (en) * 2019-04-17 2019-06-18 北京搜狐新媒体信息技术有限公司 Web application safety protecting method and Web application firewall system
CN111181911A (en) * 2019-08-23 2020-05-19 腾讯科技(深圳)有限公司 Method, server, equipment and medium for protecting password blasting attack
CN115208601A (en) * 2021-09-18 2022-10-18 上海漫道科技有限公司 Method and system for actively defending malicious scanning
CN115208601B (en) * 2021-09-18 2024-02-06 上海漫道科技有限公司 Method and system for actively defending malicious scanning
CN114826755A (en) * 2022-05-05 2022-07-29 烽火通信科技股份有限公司 Method and device for defending network malicious attack
CN114826755B (en) * 2022-05-05 2023-12-01 烽火通信科技股份有限公司 Method and device for defending network malicious attack

Similar Documents

Publication Publication Date Title
CN106453397A (en) Method of automatically identifying network ticket-robbing and intrusion through big data analysis
JP7265797B2 (en) Method and apparatus for managing security in computer networks
US20240022595A1 (en) Method for sharing cybersecurity threat analysis and defensive measures amongst a community
EP3343867B1 (en) Methods and apparatus for processing threat metrics to determine a risk of loss due to the compromise of an organization asset
CN112769825B (en) Network security guarantee method, system and computer storage medium
US10063587B2 (en) Management of security actions based on computing asset classification
US11790080B1 (en) Threat detection system with machine models for accounts within an organization unit
CN102999716B (en) virtual machine monitoring system and method
WO2015126410A1 (en) Scoring for threat observables
Hamad et al. Managing intrusion detection as a service in cloud networks
WO2014120181A1 (en) Targeted security alerts
CN101540761B (en) Method and equipment for monitoring distributed denial of service attack
US20180139142A1 (en) Network traffic pattern based machine readable instruction identification
CN107463839A (en) A kind of system and method for managing application program
CN109361692B (en) Web protection method based on asset type identification and self-discovery vulnerability
CN112039865A (en) Network attack detection and response method driven by threat
CN111614639A (en) Network security analysis method based on boundary theory
Reddy et al. A hybrid neural network architecture for early detection of DDOS attacks using deep learning models
Britto Dennis et al. Deep belief network and support vector machine fusion for distributed denial of service and economical denial of service attack detection in cloud
Ran A model of collaborative intrusion detection system based on multi-agents
CN205510080U (en) A safety control platform for catenet
CN116599765A (en) Honeypot deployment method
TWI744545B (en) Decentralized network flow analysis approach and system for malicious behavior detection
Cheng et al. Integrated situational awareness for cyber attack detection, analysis, and mitigation
CN110213301A (en) A kind of method, server and system shifting network attack face

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170222

RJ01 Rejection of invention patent application after publication