CN106485143A - Counter-scanning detection method based on the various change of URL and system - Google Patents

Counter-scanning detection method based on the various change of URL and system Download PDF

Info

Publication number
CN106485143A
CN106485143A CN201610839184.XA CN201610839184A CN106485143A CN 106485143 A CN106485143 A CN 106485143A CN 201610839184 A CN201610839184 A CN 201610839184A CN 106485143 A CN106485143 A CN 106485143A
Authority
CN
China
Prior art keywords
url
source code
access
url address
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610839184.XA
Other languages
Chinese (zh)
Inventor
权晓文
杨泽辉
陈四强
刘晓辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yuanjiang Shengbang (beijing) Network Security Polytron Technologies Inc
Original Assignee
Yuanjiang Shengbang (beijing) Network Security Polytron Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yuanjiang Shengbang (beijing) Network Security Polytron Technologies Inc filed Critical Yuanjiang Shengbang (beijing) Network Security Polytron Technologies Inc
Publication of CN106485143A publication Critical patent/CN106485143A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/556Detecting local intrusion or implementing counter-measures involving covert channels, i.e. data leakage between processes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)
  • Computer And Data Communications (AREA)

Abstract

The present invention proposes a kind of counter-scanning detection method based on the various change of URL and system, and the method includes:Obtain the source code that user is accessed by Web application request;When user's access source code for the first time is detected, according to default URL Obfuscating Algorithms, modified in the real URL address in source code and access theme;When second of user is detected or repeatedly accessing source code, continue default URL Obfuscating Algorithms and modified in the real URL address in source code and access theme, so that vulnerability scanners cannot obtain real URL address, and then webpage cannot be obtained;Wherein, all different to the modification result of real URL address and access theme every time according to default URL Obfuscating Algorithms.The present invention upsets the nucleus module reptile module of scanning device, hides the testing mechanism of vulnerability scanning, prevents scanning problem completely so that current scanline device lost efficacy, thus ensureing the safety of goal systems as far as possible.

Description

Counter-scanning detection method based on the various change of URL and system
Technical field
The present invention relates to field of information security technology, particularly to a kind of counter-scanning detection side based on the various change of URL Method and system.
Background technology
Vulnerability scanners are to find leak the product attacked by analog hacker attack meanses.Vulnerability scanning is also The first step of assault.From attack-defending angle, carry out the primary work that counter-scanning work is by protecting information safety.
Existing Web vulnerability scanning is that detection web application has one of main method of potential safety hazard, its core skill Art be unable to do without the research to crawler technology.Web crawlers ability directly determines the Hole Detection ability of Web application scanning.Network Reptile, in network Web vulnerability scanners, is important fundamental functional modules, and it obtains bibliographic structure and analysis HTML The efficiency of source code, by the accuracy of the system that directly affects and execution efficiency.
Crawlers in traditional scanning device, simply adopt slightly modified wide simply on the basis of general reptile Degree first traversal algorithm, the parsing to HTML then adopts train out report system.And because such crawlers are not examined Consider the feature of bibliographic structure and the regularity of distribution of dynamic interaction point in Web site so that crawlers captured a large amount of useless The page, the parsing to HTML is also inaccurate, thus reducing the performance of whole scanning device.
The function of form crawler program can be divided into three:One is that in station, new site is collected, using self-adapting window strategy; Another is that list is collected, using navigation link strategy;3rd:Html parser, using regular expression.Form crawler Workflow is:First from the beginning of the root URL of targeted sites, using self-adapting window decision search new site, preserved.Again In units of the new site preserving, using the effective URL in each website of navigation link decision search, preserved.Last according to The secondary URL taking out preservation, extracts form information using html parser.
Fig. 1 is the fundamental diagram of Web scanning device in prior art.Wherein, Web scanning device depends on web crawlers.Fig. 2 Fundamental diagram for web crawlers in prior art.As shown in Fig. 2 by obtaining a root node HTML, then adopting successively Differently, obtain the structure chart shown in Fig. 3.
The method commonly used at present:Breadth First and two kinds of schemes of depth-first.Under finding during search new site State rule:Often down search for along the page comprising more new site, may search for more new site.Therefore, root Rule designs adaptive window search strategy accordingly, so that crawlers are while taking into account page coverage, improves it Search efficiency, the substantially thinking of self-adapting window strategy is to arrange gate valve value to crawlers.If comprising new in some pages The quantity of website is less than this gate valve value, then stop it being searched for, to save search time, if being more than or equal to this gate valve value, Continue search for along these pages, as shown in Figure 4.
According to the principle of above-mentioned scanning device, existing counter-scanning method includes two kinds:
1) scanning device fingerprint identification method:If new using the method scanning device fingerprint of erasing, feature based anti- Scanning technique will lose efficacy.
2) rate of scanning statistical method:Adopted by large number quipments at present based on the counter-scanning method of rate of scanning statistics.Logical Cross the quantity of the wrong page, the frequency of the return of statistical fractals end, come whether decision-making is scanning behavior.The method of discrimination commonly used at present It is to differentiate the 404 wrong page quantity returning from server.But this method possesses certain limitation.On the one hand to target system System attack continues for some time and can could find later, and during this period, goal systems may be broken;On the other hand, attack The person of hitting has a mind to construct returned data bag, extends the attack cycle, hides statistical window, so that statistics lost efficacy.
Content of the invention
The purpose of the present invention is intended at least solve one of described technological deficiency.
For this reason, it is an object of the invention to proposing a kind of counter-scanning detection method based on the various change of URL and system, can With upset scanning device nucleus module-reptile module, hide the testing mechanism of vulnerability scanning, prevent scanning problem completely so that Current scanline device lost efficacy, thus ensureing the safety of goal systems as far as possible.
To achieve these goals, embodiments of the invention provide a kind of counter-scanning detection side based on the various change of URL Method, comprises the steps:
Step S1, obtains the source code that user is accessed by Web application request, wherein, described source code includes:Very Real URL address and access theme;
Step S2, when user is detected and first time accessing described source code, according to default URL Obfuscating Algorithms to described Real URL address in source code and access theme are modified, so that vulnerability scanners cannot obtain real URL ground Location, and then webpage cannot be obtained;
Step S3, when second of described user or the described source code of multiple access is detected, continues default URL and obscures Algorithm is modified to the real URL address in described source code and access theme, so that vulnerability scanners cannot obtain Real URL address, and then webpage cannot be obtained;
Wherein, in described step S2 and S3, according to default URL Obfuscating Algorithms every time to described real URL address and visit Ask that the modification result of theme is all different.
Further, described user passes through Wep App to App server initiation access request, by described App server App defense module implementation steps S1 to step S3 process.
Further, during described user initiates access request by Wep App to App server, adopt Action field specifies described source code, and wherein, the URL address of loading page next time is specified in described source code.
Further, for the source code of same access, true to each access according to described default URL Obfuscating Algorithms Real URL address and access theme are modified, and modification result generates at random.
The present invention also proposes a kind of counter-scanning detecting system based on the various change of URL, including:Web App application terminal With APP server, wherein, described Web App application terminal is communicated with described APP server, and described Web App application is eventually Hold the access request for receive user, and send to described APP server;Described App server is used for obtaining described access Source code in request, wherein, described source code includes:Real URL address and access theme, and described App service Device when user is detected and first time accessing described source code, according to default URL Obfuscating Algorithms in described source code Real URL address and access theme are modified, and when second of user or the described source code of multiple access is detected, continue Continuous default URL Obfuscating Algorithms are modified to the real URL address in described source code and access theme, so that leak is swept Retouch device and cannot obtain real URL address, and then webpage cannot be obtained, wherein, for each access of described user, according to default URL Obfuscating Algorithms are all different to the modification result of described real URL address and access theme every time.
Further, described source code is specified using action field in described Web App application terminal, and sends to described To App server, wherein, the URL address of loading page next time is specified in described source code.
Further, for the source code of same access, described App server is according to described default URL Obfuscating Algorithms Modified in each real URL address accessing and access theme, modification result generates at random.
Further, described Web App application terminal is mobile phone or panel computer, is provided with Web App application software thereon.
Counter-scanning detection method based on the various change of URL according to embodiments of the present invention and system, by visiting to request The original address asked repeatedly is obscured modification, so that vulnerability scanners cannot obtain real URL address, thus cannot obtain Take correct webpage.The present invention obscures URL address every time, and the existing scanning device making cannot obtain next link, thus cannot Obtain webpage, reach the purpose hiding Hole Detection.And the algorithm that URL geology is obscured can be repaiied with timestamp etc. Change, the modification content accessing every time is all different, so that scanning device is unpredictable and reviews, possess high reliability.
The aspect that the present invention adds and advantage will be set forth in part in the description, and partly will become from the following description Obtain substantially, or recognized by the practice of the present invention.
Brief description
The above-mentioned and/or additional aspect of the present invention and advantage will become from reference to the description to embodiment for the accompanying drawings below Substantially and easy to understand, wherein:
Fig. 1 is the fundamental diagram of Web scanning device in prior art;
Fig. 2 is the fundamental diagram of web crawlers in prior art;
Fig. 3 is the operation principle evolution diagram of web crawlers in prior art;
Fig. 4 is the fundamental diagram of self-adapting window strategy in prior art;
Fig. 5 is the flow chart of the counter-scanning detection method according to the embodiment of the present invention based on the various change of URL;
Fig. 6 is the structure chart of the counter-scanning detecting system according to the embodiment of the present invention based on the various change of URL;
Fig. 7 is according to data variation schematic diagram during the counter-scanning of the embodiment of the present invention.
Specific embodiment
Embodiments of the invention are described below in detail, the example of described embodiment is shown in the drawings, wherein from start to finish The element that same or similar label represents same or similar element or has same or like function.Below with reference to attached The embodiment of figure description is exemplary it is intended to be used for explaining the present invention, and is not considered as limiting the invention.
The present invention proposes a kind of scanning detection method and system based on the various change of URL, can solve security breaches Detect brought safety problem.
As shown in figure 5, the counter-scanning detection method based on the various change of URL of the embodiment of the present invention, comprise the steps:
Step S1, obtains the source code that user is accessed by Web application request.Wherein, source code includes:Truly URL address and access theme.
In one embodiment of the invention, user passes through Wep App to App server initiation access request.For example, exist User passes through Wep App to during App server initiation access request, specifies source code using action field, its In, the URL address of loading page next time is specified in source code.
For example:Source code is
<h5><li><a
Href=" http://www.cyberxingan.com/index.php?M=content&c=index&a= Lists&catid=42 " title=" safety management ">Safety management</a><li><h5>
Step S2, when user's access source code for the first time is detected, according to default URL Obfuscating Algorithms to source code In real URL address and access theme modify, so that vulnerability scanners cannot obtain real URL address, Jin Erwu Method obtains webpage.
Specifically, according to default URL Obfuscating Algorithms, real URL address in above-mentioned source code and access theme are repaiied Change, for example, be revised as
<h5><li><a
Href=" http://GLPSDDFDDFDIEEEdUIOND/bacdedf.basedcded.okp.adsfas”
Title=" msdfdfed ">msdfdfed</a><li><h5>
Step S3, when second of user or multiple access source code is detected, continues default URL Obfuscating Algorithms to former Real URL address in beginning code and access theme are modified, so that vulnerability scanners cannot obtain real URL address, And then webpage cannot be obtained.
<h5><li><a
Href=" http://889dffadsxsdaf3.sdfasfadf/ 3444bacdedf.basedcded.okp.adsfas”
Title=" opmould ">opmould</a><li><h5>
Wherein, in step S2 and S3, according to default URL Obfuscating Algorithms every time to real URL address and access theme Modification result is all different.
In one embodiment of the invention, for the source code of same access, according to default URL Obfuscating Algorithms pair The real URL address accessing every time and access theme are modified, and modification result generates at random.
In this way so that vulnerability scanners cannot obtain real URL address, obtain all obscure after Address, thus a jump link can not be obtained it is impossible to obtain webpage.
It should be noted that in the present invention, by App defense module implementation steps S1 in App server to step The process of S3.
As shown in fig. 6, the embodiment of the present invention also proposes a kind of counter-scanning detecting system based on the various change of URL, including: Web App application terminal 1 and APP server 2.Wherein, Web App application terminal 1 is communicated with APP server 2.
Specifically, with reference to Fig. 7, Web App application terminal 1 is used for the access request of receive user, and sends to APP service Device 2.
In one embodiment of the invention, Web App application terminal 1 adopts action field to specify source code, and Send to APP server 2, wherein, the URL address of loading page next time is specified in source code.
In yet another embodiment of the present invention, Web App application terminal 1 is mobile phone or panel computer, is provided with thereon Web App application software.
APP server 2 is used for obtaining the source code in access request.Wherein, source code includes:Real URL address With access theme.
APP server 2 when user is detected and for the first time accessing source code, according to default URL Obfuscating Algorithms to original Real URL address in code and access theme are modified, and second of user is being detected or repeatedly accessing source code When, continue default URL Obfuscating Algorithms and modified in the real URL address in source code and access theme, so that leak Scanning device cannot obtain real URL address, and then cannot obtain webpage.
For example:Source code is
<h5><li><a
Href=" http://www.cyberxingan.com/index.php?M=content&c=index&a= Lists&catid=42 " title=" safety management ">Safety management</a><li><h5>
When user accesses for the first time, code revision is by APP server 2
<h5><li><a
Href=" http://GLPSDDFDDFDIEEEdUIOND/bacdedf.basedcded.okp.adsfas”
Title=" msdfdfed ">msdfdfed</a><li><h5>
During user's back-call, code revision is by APP server 2
<h5><li><a
Href=" http://889dffadsxsdaf3.sdfasfadf/ 3444bacdedf.basedcded.okp.adsfas”
Title=" opmould ">opmould</a><li><h5>
As can be seen that for each access of user, according to default URL Obfuscating Algorithms every time to real URL address and visit Ask that the modification result of theme is all different.Wherein, for the source code of same access, App server is obscured according to default URL Algorithm is modified to each real URL address accessing and access theme, and modification result generates at random.
Modification result generates at random.In this way so that vulnerability scanners cannot obtain real URL address, obtain To be all address after obscuring, thus a jump link can not be obtained it is impossible to obtain webpage.
Counter-scanning detection method based on the various change of URL according to embodiments of the present invention and system, by visiting to request The original address asked repeatedly is obscured modification, so that vulnerability scanners cannot obtain real URL address, thus cannot obtain Take correct webpage.The present invention obscures URL address every time, and the existing scanning device making cannot obtain next link, thus cannot Obtain webpage, reach the purpose hiding Hole Detection.And the algorithm that URL geology is obscured can be repaiied with timestamp etc. Change, the modification content accessing every time is all different, so that scanning device is unpredictable and reviews, possess high reliability.
The present invention is entirely different with conventional counter-scanning method, has abandoned conventional tupe, multiple with fixed field Change, thus upsetting the nucleus module-reptile module of scanning device, hiding the testing mechanism of vulnerability scanning, preventing scanning completely and ask Topic was so that current scanline device lost efficacy, thus ensureing the safety of goal systems as far as possible.Specifically, the present invention can be accurate Prevent the scanning device product (product such as IBM AppScan, WVS, HP WebInspect) of current popular.
In the description of this specification, reference term " embodiment ", " some embodiments ", " example ", " specifically show The description of example " or " some examples " etc. means specific features, structure, material or the spy describing with reference to this embodiment or example Point is contained at least one embodiment or the example of the present invention.In this manual, to the schematic representation of above-mentioned term not Necessarily refer to identical embodiment or example.And, the specific features of description, structure, material or feature can be any One or more embodiments or example in combine in an appropriate manner.
Although embodiments of the invention have been shown and described above it is to be understood that above-described embodiment is example Property it is impossible to be interpreted as limitation of the present invention, those of ordinary skill in the art is in the principle without departing from the present invention and objective In the case of above-described embodiment can be changed within the scope of the invention, change, replace and modification.The scope of the present invention By claims and its equivalent limit.

Claims (8)

1. a kind of counter-scanning detection method based on the various change of URL is it is characterised in that comprise the steps:
Step S1, obtains the source code that user is accessed by Web application request, wherein, described source code includes:Truly URL address and access theme;
Step S2, when user is detected and first time accessing described source code, according to default URL Obfuscating Algorithms to described original Real URL address in code and access theme are modified, so that vulnerability scanners cannot obtain real URL address, enter And webpage cannot be obtained;
Step S3, when second of described user or the described source code of multiple access is detected, continues default URL Obfuscating Algorithms Modified in real URL address in described source code and access theme, so that vulnerability scanners cannot obtain truly URL address, and then webpage cannot be obtained;
Wherein, in described step S2 and S3, according to default URL Obfuscating Algorithms every time to described real URL address and access master The modification result of topic is all different.
2. the counter-scanning detection method based on the various change of URL as claimed in claim 1 is it is characterised in that described user is led to Cross Wep App and initiate access request to App server, by App defense module implementation steps S1 in described App server extremely The process of step S3.
3. the counter-scanning detection method based on the various change of URL stated as claim 2 is it is characterised in that lead in described user Cross Wep App to during App server initiation access request, described source code is specified using action field, wherein, The URL address of loading page next time is specified in described source code.
4. the counter-scanning detection method based on the various change of URL that such as claim 1 is stated is it is characterised in that be directed to same visit The source code asked, repaiies to each real URL address accessing and access theme according to described default URL Obfuscating Algorithms Change, modification result generates at random.
5. a kind of counter-scanning detecting system based on the various change of URL is it is characterised in that include:Web App application terminal and APP server, wherein, described Web App application terminal is communicated with described APP server,
Described Web App application terminal is used for the access request of receive user, and sends to described APP server;
Described App server is used for obtaining the source code in described access request, and wherein, described source code includes:Truly URL address and access theme, and described App server is when user is detected and first time accessing described source code, according to Default URL Obfuscating Algorithms are modified to the real URL address in described source code and access theme, and user is being detected Second or multiple when accessing described source code, continues default URL Obfuscating Algorithms to the real URL ground in described source code Location and access theme are modified, so that vulnerability scanners cannot obtain real URL address, and then cannot obtain webpage,
Wherein, for each access of described user, according to default URL Obfuscating Algorithms every time to described real URL address and visit Ask that the modification result of theme is all different.
6. the counter-scanning detecting system based on the various change of URL as claimed in claim 5 is it is characterised in that described Web App Described source code is specified using action field in application terminal, and sends to described to App server, wherein, described original The URL address of loading page next time specified by code.
7. the counter-scanning detecting system based on the various change of URL as claimed in claim 5 is it is characterised in that be directed to same The source code accessing, described App server according to described default URL Obfuscating Algorithms to each real URL address accessing and Access theme to modify, modification result generates at random.
8. the counter-scanning detecting system based on the various change of URL as described in any one of claim 5-7 is it is characterised in that institute Stating Web App application terminal is mobile phone or panel computer, is provided with Web App application software thereon.
CN201610839184.XA 2015-10-29 2016-09-21 Counter-scanning detection method based on the various change of URL and system Pending CN106485143A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510715049X 2015-10-29
CN201510715049 2015-10-29

Publications (1)

Publication Number Publication Date
CN106485143A true CN106485143A (en) 2017-03-08

Family

ID=58267554

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610839184.XA Pending CN106485143A (en) 2015-10-29 2016-09-21 Counter-scanning detection method based on the various change of URL and system

Country Status (1)

Country Link
CN (1) CN106485143A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107483464A (en) * 2017-08-21 2017-12-15 北京知道未来信息技术有限公司 It is a kind of to improve the method for Web vulnerability scanners URL recall rates based on being interacted between service
CN111400722A (en) * 2020-03-25 2020-07-10 深圳市腾讯网域计算机网络有限公司 Method, apparatus, computer device and storage medium for scanning small program
CN114827089A (en) * 2022-03-17 2022-07-29 杭州锘崴信息科技有限公司 Privacy protection method and system for confusing DPI detection

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101242336A (en) * 2008-03-13 2008-08-13 杭州华三通信技术有限公司 Method for remote access to intranet Web server and Web proxy server
US20110107077A1 (en) * 2009-11-05 2011-05-05 International Business Machines Corporation Obscuring form data through obfuscation
CN102868931A (en) * 2006-09-11 2013-01-09 Tivo有限公司 Personal content distribution network
CN104243475A (en) * 2014-09-18 2014-12-24 东软集团股份有限公司 Method and system for dynamic mixing based on WEB reverse proxy

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102868931A (en) * 2006-09-11 2013-01-09 Tivo有限公司 Personal content distribution network
CN101242336A (en) * 2008-03-13 2008-08-13 杭州华三通信技术有限公司 Method for remote access to intranet Web server and Web proxy server
US20110107077A1 (en) * 2009-11-05 2011-05-05 International Business Machines Corporation Obscuring form data through obfuscation
CN104243475A (en) * 2014-09-18 2014-12-24 东软集团股份有限公司 Method and system for dynamic mixing based on WEB reverse proxy

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107483464A (en) * 2017-08-21 2017-12-15 北京知道未来信息技术有限公司 It is a kind of to improve the method for Web vulnerability scanners URL recall rates based on being interacted between service
CN107483464B (en) * 2017-08-21 2020-10-16 北京知道未来信息技术有限公司 Method for improving URL (Uniform resource locator) detectable rate of Web vulnerability scanner based on interaction between services
CN111400722A (en) * 2020-03-25 2020-07-10 深圳市腾讯网域计算机网络有限公司 Method, apparatus, computer device and storage medium for scanning small program
CN111400722B (en) * 2020-03-25 2023-04-07 深圳市腾讯网域计算机网络有限公司 Method, apparatus, computer device and storage medium for scanning small program
CN114827089A (en) * 2022-03-17 2022-07-29 杭州锘崴信息科技有限公司 Privacy protection method and system for confusing DPI detection
CN114827089B (en) * 2022-03-17 2023-05-26 杭州锘崴信息科技有限公司 Privacy protection method and system for confusion DPI detection

Similar Documents

Publication Publication Date Title
CN104391979B (en) Network malice reptile recognition methods and device
CN103559235B (en) A kind of online social networks malicious web pages detection recognition methods
CN102567546B (en) Structured query language (SQL) injection detection method and SQL injection detection device
CN107659570A (en) Webshell detection methods and system based on machine learning and static and dynamic analysis
CN105930727A (en) Web-based crawler identification algorithm
CN107332848A (en) A kind of exception of network traffic real-time monitoring system based on big data
CN111401416A (en) Abnormal website identification method and device and abnormal countermeasure identification method
CN104301302A (en) Unauthorized attack detection method and device
CN104077396A (en) Method and device for detecting phishing website
CN101964026A (en) Method and system for detecting web page horse hanging
CN106202101B (en) Advertisement identification method and device
CN106779278A (en) The evaluation system of assets information and its treating method and apparatus of information
CN106230835B (en) Method based on Nginx log analysis and the IPTABLES anti-malicious access forwarded
CN108900496A (en) A kind of quick detection website is implanted the detection method and device of digging mine wooden horse
CN102724190A (en) Method and device for blocking and prompting malicious URL (uniform resource locator)
CN103279710A (en) Method and system for detecting malicious codes of Internet information system
CN106485143A (en) Counter-scanning detection method based on the various change of URL and system
CN110505202B (en) Attack organization discovery method and system
CN106685899A (en) Method and device for identifying malicious access
CN106776615A (en) Heating power drawing generating method and device
CN109922065A (en) Malicious websites method for quickly identifying
CN106878108A (en) Network flow playback method of testing and device
CN109104421A (en) A kind of web site contents altering detecting method, device, equipment and readable storage medium storing program for executing
CN107426136B (en) Network attack identification method and device
CN109413016A (en) A kind of rule-based message detecting method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170308