CN106485143A - Counter-scanning detection method based on the various change of URL and system - Google Patents
Counter-scanning detection method based on the various change of URL and system Download PDFInfo
- Publication number
- CN106485143A CN106485143A CN201610839184.XA CN201610839184A CN106485143A CN 106485143 A CN106485143 A CN 106485143A CN 201610839184 A CN201610839184 A CN 201610839184A CN 106485143 A CN106485143 A CN 106485143A
- Authority
- CN
- China
- Prior art keywords
- url
- source code
- access
- url address
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/556—Detecting local intrusion or implementing counter-measures involving covert channels, i.e. data leakage between processes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention proposes a kind of counter-scanning detection method based on the various change of URL and system, and the method includes:Obtain the source code that user is accessed by Web application request;When user's access source code for the first time is detected, according to default URL Obfuscating Algorithms, modified in the real URL address in source code and access theme;When second of user is detected or repeatedly accessing source code, continue default URL Obfuscating Algorithms and modified in the real URL address in source code and access theme, so that vulnerability scanners cannot obtain real URL address, and then webpage cannot be obtained;Wherein, all different to the modification result of real URL address and access theme every time according to default URL Obfuscating Algorithms.The present invention upsets the nucleus module reptile module of scanning device, hides the testing mechanism of vulnerability scanning, prevents scanning problem completely so that current scanline device lost efficacy, thus ensureing the safety of goal systems as far as possible.
Description
Technical field
The present invention relates to field of information security technology, particularly to a kind of counter-scanning detection side based on the various change of URL
Method and system.
Background technology
Vulnerability scanners are to find leak the product attacked by analog hacker attack meanses.Vulnerability scanning is also
The first step of assault.From attack-defending angle, carry out the primary work that counter-scanning work is by protecting information safety.
Existing Web vulnerability scanning is that detection web application has one of main method of potential safety hazard, its core skill
Art be unable to do without the research to crawler technology.Web crawlers ability directly determines the Hole Detection ability of Web application scanning.Network
Reptile, in network Web vulnerability scanners, is important fundamental functional modules, and it obtains bibliographic structure and analysis HTML
The efficiency of source code, by the accuracy of the system that directly affects and execution efficiency.
Crawlers in traditional scanning device, simply adopt slightly modified wide simply on the basis of general reptile
Degree first traversal algorithm, the parsing to HTML then adopts train out report system.And because such crawlers are not examined
Consider the feature of bibliographic structure and the regularity of distribution of dynamic interaction point in Web site so that crawlers captured a large amount of useless
The page, the parsing to HTML is also inaccurate, thus reducing the performance of whole scanning device.
The function of form crawler program can be divided into three:One is that in station, new site is collected, using self-adapting window strategy;
Another is that list is collected, using navigation link strategy;3rd:Html parser, using regular expression.Form crawler
Workflow is:First from the beginning of the root URL of targeted sites, using self-adapting window decision search new site, preserved.Again
In units of the new site preserving, using the effective URL in each website of navigation link decision search, preserved.Last according to
The secondary URL taking out preservation, extracts form information using html parser.
Fig. 1 is the fundamental diagram of Web scanning device in prior art.Wherein, Web scanning device depends on web crawlers.Fig. 2
Fundamental diagram for web crawlers in prior art.As shown in Fig. 2 by obtaining a root node HTML, then adopting successively
Differently, obtain the structure chart shown in Fig. 3.
The method commonly used at present:Breadth First and two kinds of schemes of depth-first.Under finding during search new site
State rule:Often down search for along the page comprising more new site, may search for more new site.Therefore, root
Rule designs adaptive window search strategy accordingly, so that crawlers are while taking into account page coverage, improves it
Search efficiency, the substantially thinking of self-adapting window strategy is to arrange gate valve value to crawlers.If comprising new in some pages
The quantity of website is less than this gate valve value, then stop it being searched for, to save search time, if being more than or equal to this gate valve value,
Continue search for along these pages, as shown in Figure 4.
According to the principle of above-mentioned scanning device, existing counter-scanning method includes two kinds:
1) scanning device fingerprint identification method:If new using the method scanning device fingerprint of erasing, feature based anti-
Scanning technique will lose efficacy.
2) rate of scanning statistical method:Adopted by large number quipments at present based on the counter-scanning method of rate of scanning statistics.Logical
Cross the quantity of the wrong page, the frequency of the return of statistical fractals end, come whether decision-making is scanning behavior.The method of discrimination commonly used at present
It is to differentiate the 404 wrong page quantity returning from server.But this method possesses certain limitation.On the one hand to target system
System attack continues for some time and can could find later, and during this period, goal systems may be broken;On the other hand, attack
The person of hitting has a mind to construct returned data bag, extends the attack cycle, hides statistical window, so that statistics lost efficacy.
Content of the invention
The purpose of the present invention is intended at least solve one of described technological deficiency.
For this reason, it is an object of the invention to proposing a kind of counter-scanning detection method based on the various change of URL and system, can
With upset scanning device nucleus module-reptile module, hide the testing mechanism of vulnerability scanning, prevent scanning problem completely so that
Current scanline device lost efficacy, thus ensureing the safety of goal systems as far as possible.
To achieve these goals, embodiments of the invention provide a kind of counter-scanning detection side based on the various change of URL
Method, comprises the steps:
Step S1, obtains the source code that user is accessed by Web application request, wherein, described source code includes:Very
Real URL address and access theme;
Step S2, when user is detected and first time accessing described source code, according to default URL Obfuscating Algorithms to described
Real URL address in source code and access theme are modified, so that vulnerability scanners cannot obtain real URL ground
Location, and then webpage cannot be obtained;
Step S3, when second of described user or the described source code of multiple access is detected, continues default URL and obscures
Algorithm is modified to the real URL address in described source code and access theme, so that vulnerability scanners cannot obtain
Real URL address, and then webpage cannot be obtained;
Wherein, in described step S2 and S3, according to default URL Obfuscating Algorithms every time to described real URL address and visit
Ask that the modification result of theme is all different.
Further, described user passes through Wep App to App server initiation access request, by described App server
App defense module implementation steps S1 to step S3 process.
Further, during described user initiates access request by Wep App to App server, adopt
Action field specifies described source code, and wherein, the URL address of loading page next time is specified in described source code.
Further, for the source code of same access, true to each access according to described default URL Obfuscating Algorithms
Real URL address and access theme are modified, and modification result generates at random.
The present invention also proposes a kind of counter-scanning detecting system based on the various change of URL, including:Web App application terminal
With APP server, wherein, described Web App application terminal is communicated with described APP server, and described Web App application is eventually
Hold the access request for receive user, and send to described APP server;Described App server is used for obtaining described access
Source code in request, wherein, described source code includes:Real URL address and access theme, and described App service
Device when user is detected and first time accessing described source code, according to default URL Obfuscating Algorithms in described source code
Real URL address and access theme are modified, and when second of user or the described source code of multiple access is detected, continue
Continuous default URL Obfuscating Algorithms are modified to the real URL address in described source code and access theme, so that leak is swept
Retouch device and cannot obtain real URL address, and then webpage cannot be obtained, wherein, for each access of described user, according to default
URL Obfuscating Algorithms are all different to the modification result of described real URL address and access theme every time.
Further, described source code is specified using action field in described Web App application terminal, and sends to described
To App server, wherein, the URL address of loading page next time is specified in described source code.
Further, for the source code of same access, described App server is according to described default URL Obfuscating Algorithms
Modified in each real URL address accessing and access theme, modification result generates at random.
Further, described Web App application terminal is mobile phone or panel computer, is provided with Web App application software thereon.
Counter-scanning detection method based on the various change of URL according to embodiments of the present invention and system, by visiting to request
The original address asked repeatedly is obscured modification, so that vulnerability scanners cannot obtain real URL address, thus cannot obtain
Take correct webpage.The present invention obscures URL address every time, and the existing scanning device making cannot obtain next link, thus cannot
Obtain webpage, reach the purpose hiding Hole Detection.And the algorithm that URL geology is obscured can be repaiied with timestamp etc.
Change, the modification content accessing every time is all different, so that scanning device is unpredictable and reviews, possess high reliability.
The aspect that the present invention adds and advantage will be set forth in part in the description, and partly will become from the following description
Obtain substantially, or recognized by the practice of the present invention.
Brief description
The above-mentioned and/or additional aspect of the present invention and advantage will become from reference to the description to embodiment for the accompanying drawings below
Substantially and easy to understand, wherein:
Fig. 1 is the fundamental diagram of Web scanning device in prior art;
Fig. 2 is the fundamental diagram of web crawlers in prior art;
Fig. 3 is the operation principle evolution diagram of web crawlers in prior art;
Fig. 4 is the fundamental diagram of self-adapting window strategy in prior art;
Fig. 5 is the flow chart of the counter-scanning detection method according to the embodiment of the present invention based on the various change of URL;
Fig. 6 is the structure chart of the counter-scanning detecting system according to the embodiment of the present invention based on the various change of URL;
Fig. 7 is according to data variation schematic diagram during the counter-scanning of the embodiment of the present invention.
Specific embodiment
Embodiments of the invention are described below in detail, the example of described embodiment is shown in the drawings, wherein from start to finish
The element that same or similar label represents same or similar element or has same or like function.Below with reference to attached
The embodiment of figure description is exemplary it is intended to be used for explaining the present invention, and is not considered as limiting the invention.
The present invention proposes a kind of scanning detection method and system based on the various change of URL, can solve security breaches
Detect brought safety problem.
As shown in figure 5, the counter-scanning detection method based on the various change of URL of the embodiment of the present invention, comprise the steps:
Step S1, obtains the source code that user is accessed by Web application request.Wherein, source code includes:Truly
URL address and access theme.
In one embodiment of the invention, user passes through Wep App to App server initiation access request.For example, exist
User passes through Wep App to during App server initiation access request, specifies source code using action field, its
In, the URL address of loading page next time is specified in source code.
For example:Source code is
<h5><li><a
Href=" http://www.cyberxingan.com/index.php?M=content&c=index&a=
Lists&catid=42 " title=" safety management ">Safety management</a><li><h5>
Step S2, when user's access source code for the first time is detected, according to default URL Obfuscating Algorithms to source code
In real URL address and access theme modify, so that vulnerability scanners cannot obtain real URL address, Jin Erwu
Method obtains webpage.
Specifically, according to default URL Obfuscating Algorithms, real URL address in above-mentioned source code and access theme are repaiied
Change, for example, be revised as
<h5><li><a
Href=" http://GLPSDDFDDFDIEEEdUIOND/bacdedf.basedcded.okp.adsfas”
Title=" msdfdfed ">msdfdfed</a><li><h5>
Step S3, when second of user or multiple access source code is detected, continues default URL Obfuscating Algorithms to former
Real URL address in beginning code and access theme are modified, so that vulnerability scanners cannot obtain real URL address,
And then webpage cannot be obtained.
<h5><li><a
Href=" http://889dffadsxsdaf3.sdfasfadf/
3444bacdedf.basedcded.okp.adsfas”
Title=" opmould ">opmould</a><li><h5>
Wherein, in step S2 and S3, according to default URL Obfuscating Algorithms every time to real URL address and access theme
Modification result is all different.
In one embodiment of the invention, for the source code of same access, according to default URL Obfuscating Algorithms pair
The real URL address accessing every time and access theme are modified, and modification result generates at random.
In this way so that vulnerability scanners cannot obtain real URL address, obtain all obscure after
Address, thus a jump link can not be obtained it is impossible to obtain webpage.
It should be noted that in the present invention, by App defense module implementation steps S1 in App server to step
The process of S3.
As shown in fig. 6, the embodiment of the present invention also proposes a kind of counter-scanning detecting system based on the various change of URL, including:
Web App application terminal 1 and APP server 2.Wherein, Web App application terminal 1 is communicated with APP server 2.
Specifically, with reference to Fig. 7, Web App application terminal 1 is used for the access request of receive user, and sends to APP service
Device 2.
In one embodiment of the invention, Web App application terminal 1 adopts action field to specify source code, and
Send to APP server 2, wherein, the URL address of loading page next time is specified in source code.
In yet another embodiment of the present invention, Web App application terminal 1 is mobile phone or panel computer, is provided with thereon
Web App application software.
APP server 2 is used for obtaining the source code in access request.Wherein, source code includes:Real URL address
With access theme.
APP server 2 when user is detected and for the first time accessing source code, according to default URL Obfuscating Algorithms to original
Real URL address in code and access theme are modified, and second of user is being detected or repeatedly accessing source code
When, continue default URL Obfuscating Algorithms and modified in the real URL address in source code and access theme, so that leak
Scanning device cannot obtain real URL address, and then cannot obtain webpage.
For example:Source code is
<h5><li><a
Href=" http://www.cyberxingan.com/index.php?M=content&c=index&a=
Lists&catid=42 " title=" safety management ">Safety management</a><li><h5>
When user accesses for the first time, code revision is by APP server 2
<h5><li><a
Href=" http://GLPSDDFDDFDIEEEdUIOND/bacdedf.basedcded.okp.adsfas”
Title=" msdfdfed ">msdfdfed</a><li><h5>
During user's back-call, code revision is by APP server 2
<h5><li><a
Href=" http://889dffadsxsdaf3.sdfasfadf/
3444bacdedf.basedcded.okp.adsfas”
Title=" opmould ">opmould</a><li><h5>
As can be seen that for each access of user, according to default URL Obfuscating Algorithms every time to real URL address and visit
Ask that the modification result of theme is all different.Wherein, for the source code of same access, App server is obscured according to default URL
Algorithm is modified to each real URL address accessing and access theme, and modification result generates at random.
Modification result generates at random.In this way so that vulnerability scanners cannot obtain real URL address, obtain
To be all address after obscuring, thus a jump link can not be obtained it is impossible to obtain webpage.
Counter-scanning detection method based on the various change of URL according to embodiments of the present invention and system, by visiting to request
The original address asked repeatedly is obscured modification, so that vulnerability scanners cannot obtain real URL address, thus cannot obtain
Take correct webpage.The present invention obscures URL address every time, and the existing scanning device making cannot obtain next link, thus cannot
Obtain webpage, reach the purpose hiding Hole Detection.And the algorithm that URL geology is obscured can be repaiied with timestamp etc.
Change, the modification content accessing every time is all different, so that scanning device is unpredictable and reviews, possess high reliability.
The present invention is entirely different with conventional counter-scanning method, has abandoned conventional tupe, multiple with fixed field
Change, thus upsetting the nucleus module-reptile module of scanning device, hiding the testing mechanism of vulnerability scanning, preventing scanning completely and ask
Topic was so that current scanline device lost efficacy, thus ensureing the safety of goal systems as far as possible.Specifically, the present invention can be accurate
Prevent the scanning device product (product such as IBM AppScan, WVS, HP WebInspect) of current popular.
In the description of this specification, reference term " embodiment ", " some embodiments ", " example ", " specifically show
The description of example " or " some examples " etc. means specific features, structure, material or the spy describing with reference to this embodiment or example
Point is contained at least one embodiment or the example of the present invention.In this manual, to the schematic representation of above-mentioned term not
Necessarily refer to identical embodiment or example.And, the specific features of description, structure, material or feature can be any
One or more embodiments or example in combine in an appropriate manner.
Although embodiments of the invention have been shown and described above it is to be understood that above-described embodiment is example
Property it is impossible to be interpreted as limitation of the present invention, those of ordinary skill in the art is in the principle without departing from the present invention and objective
In the case of above-described embodiment can be changed within the scope of the invention, change, replace and modification.The scope of the present invention
By claims and its equivalent limit.
Claims (8)
1. a kind of counter-scanning detection method based on the various change of URL is it is characterised in that comprise the steps:
Step S1, obtains the source code that user is accessed by Web application request, wherein, described source code includes:Truly
URL address and access theme;
Step S2, when user is detected and first time accessing described source code, according to default URL Obfuscating Algorithms to described original
Real URL address in code and access theme are modified, so that vulnerability scanners cannot obtain real URL address, enter
And webpage cannot be obtained;
Step S3, when second of described user or the described source code of multiple access is detected, continues default URL Obfuscating Algorithms
Modified in real URL address in described source code and access theme, so that vulnerability scanners cannot obtain truly
URL address, and then webpage cannot be obtained;
Wherein, in described step S2 and S3, according to default URL Obfuscating Algorithms every time to described real URL address and access master
The modification result of topic is all different.
2. the counter-scanning detection method based on the various change of URL as claimed in claim 1 is it is characterised in that described user is led to
Cross Wep App and initiate access request to App server, by App defense module implementation steps S1 in described App server extremely
The process of step S3.
3. the counter-scanning detection method based on the various change of URL stated as claim 2 is it is characterised in that lead in described user
Cross Wep App to during App server initiation access request, described source code is specified using action field, wherein,
The URL address of loading page next time is specified in described source code.
4. the counter-scanning detection method based on the various change of URL that such as claim 1 is stated is it is characterised in that be directed to same visit
The source code asked, repaiies to each real URL address accessing and access theme according to described default URL Obfuscating Algorithms
Change, modification result generates at random.
5. a kind of counter-scanning detecting system based on the various change of URL is it is characterised in that include:Web App application terminal and
APP server, wherein, described Web App application terminal is communicated with described APP server,
Described Web App application terminal is used for the access request of receive user, and sends to described APP server;
Described App server is used for obtaining the source code in described access request, and wherein, described source code includes:Truly
URL address and access theme, and described App server is when user is detected and first time accessing described source code, according to
Default URL Obfuscating Algorithms are modified to the real URL address in described source code and access theme, and user is being detected
Second or multiple when accessing described source code, continues default URL Obfuscating Algorithms to the real URL ground in described source code
Location and access theme are modified, so that vulnerability scanners cannot obtain real URL address, and then cannot obtain webpage,
Wherein, for each access of described user, according to default URL Obfuscating Algorithms every time to described real URL address and visit
Ask that the modification result of theme is all different.
6. the counter-scanning detecting system based on the various change of URL as claimed in claim 5 is it is characterised in that described Web App
Described source code is specified using action field in application terminal, and sends to described to App server, wherein, described original
The URL address of loading page next time specified by code.
7. the counter-scanning detecting system based on the various change of URL as claimed in claim 5 is it is characterised in that be directed to same
The source code accessing, described App server according to described default URL Obfuscating Algorithms to each real URL address accessing and
Access theme to modify, modification result generates at random.
8. the counter-scanning detecting system based on the various change of URL as described in any one of claim 5-7 is it is characterised in that institute
Stating Web App application terminal is mobile phone or panel computer, is provided with Web App application software thereon.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510715049X | 2015-10-29 | ||
CN201510715049 | 2015-10-29 |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106485143A true CN106485143A (en) | 2017-03-08 |
Family
ID=58267554
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610839184.XA Pending CN106485143A (en) | 2015-10-29 | 2016-09-21 | Counter-scanning detection method based on the various change of URL and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106485143A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107483464A (en) * | 2017-08-21 | 2017-12-15 | 北京知道未来信息技术有限公司 | It is a kind of to improve the method for Web vulnerability scanners URL recall rates based on being interacted between service |
CN111400722A (en) * | 2020-03-25 | 2020-07-10 | 深圳市腾讯网域计算机网络有限公司 | Method, apparatus, computer device and storage medium for scanning small program |
CN114827089A (en) * | 2022-03-17 | 2022-07-29 | 杭州锘崴信息科技有限公司 | Privacy protection method and system for confusing DPI detection |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101242336A (en) * | 2008-03-13 | 2008-08-13 | 杭州华三通信技术有限公司 | Method for remote access to intranet Web server and Web proxy server |
US20110107077A1 (en) * | 2009-11-05 | 2011-05-05 | International Business Machines Corporation | Obscuring form data through obfuscation |
CN102868931A (en) * | 2006-09-11 | 2013-01-09 | Tivo有限公司 | Personal content distribution network |
CN104243475A (en) * | 2014-09-18 | 2014-12-24 | 东软集团股份有限公司 | Method and system for dynamic mixing based on WEB reverse proxy |
-
2016
- 2016-09-21 CN CN201610839184.XA patent/CN106485143A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102868931A (en) * | 2006-09-11 | 2013-01-09 | Tivo有限公司 | Personal content distribution network |
CN101242336A (en) * | 2008-03-13 | 2008-08-13 | 杭州华三通信技术有限公司 | Method for remote access to intranet Web server and Web proxy server |
US20110107077A1 (en) * | 2009-11-05 | 2011-05-05 | International Business Machines Corporation | Obscuring form data through obfuscation |
CN104243475A (en) * | 2014-09-18 | 2014-12-24 | 东软集团股份有限公司 | Method and system for dynamic mixing based on WEB reverse proxy |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107483464A (en) * | 2017-08-21 | 2017-12-15 | 北京知道未来信息技术有限公司 | It is a kind of to improve the method for Web vulnerability scanners URL recall rates based on being interacted between service |
CN107483464B (en) * | 2017-08-21 | 2020-10-16 | 北京知道未来信息技术有限公司 | Method for improving URL (Uniform resource locator) detectable rate of Web vulnerability scanner based on interaction between services |
CN111400722A (en) * | 2020-03-25 | 2020-07-10 | 深圳市腾讯网域计算机网络有限公司 | Method, apparatus, computer device and storage medium for scanning small program |
CN111400722B (en) * | 2020-03-25 | 2023-04-07 | 深圳市腾讯网域计算机网络有限公司 | Method, apparatus, computer device and storage medium for scanning small program |
CN114827089A (en) * | 2022-03-17 | 2022-07-29 | 杭州锘崴信息科技有限公司 | Privacy protection method and system for confusing DPI detection |
CN114827089B (en) * | 2022-03-17 | 2023-05-26 | 杭州锘崴信息科技有限公司 | Privacy protection method and system for confusion DPI detection |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104391979B (en) | Network malice reptile recognition methods and device | |
CN103559235B (en) | A kind of online social networks malicious web pages detection recognition methods | |
CN102567546B (en) | Structured query language (SQL) injection detection method and SQL injection detection device | |
CN107659570A (en) | Webshell detection methods and system based on machine learning and static and dynamic analysis | |
CN105930727A (en) | Web-based crawler identification algorithm | |
CN107332848A (en) | A kind of exception of network traffic real-time monitoring system based on big data | |
CN111401416A (en) | Abnormal website identification method and device and abnormal countermeasure identification method | |
CN104301302A (en) | Unauthorized attack detection method and device | |
CN104077396A (en) | Method and device for detecting phishing website | |
CN101964026A (en) | Method and system for detecting web page horse hanging | |
CN106202101B (en) | Advertisement identification method and device | |
CN106779278A (en) | The evaluation system of assets information and its treating method and apparatus of information | |
CN106230835B (en) | Method based on Nginx log analysis and the IPTABLES anti-malicious access forwarded | |
CN108900496A (en) | A kind of quick detection website is implanted the detection method and device of digging mine wooden horse | |
CN102724190A (en) | Method and device for blocking and prompting malicious URL (uniform resource locator) | |
CN103279710A (en) | Method and system for detecting malicious codes of Internet information system | |
CN106485143A (en) | Counter-scanning detection method based on the various change of URL and system | |
CN110505202B (en) | Attack organization discovery method and system | |
CN106685899A (en) | Method and device for identifying malicious access | |
CN106776615A (en) | Heating power drawing generating method and device | |
CN109922065A (en) | Malicious websites method for quickly identifying | |
CN106878108A (en) | Network flow playback method of testing and device | |
CN109104421A (en) | A kind of web site contents altering detecting method, device, equipment and readable storage medium storing program for executing | |
CN107426136B (en) | Network attack identification method and device | |
CN109413016A (en) | A kind of rule-based message detecting method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170308 |