CN107426181A - The hold-up interception method and device of malice web access request - Google Patents

The hold-up interception method and device of malice web access request Download PDF

Info

Publication number
CN107426181A
CN107426181A CN201710470218.7A CN201710470218A CN107426181A CN 107426181 A CN107426181 A CN 107426181A CN 201710470218 A CN201710470218 A CN 201710470218A CN 107426181 A CN107426181 A CN 107426181A
Authority
CN
China
Prior art keywords
browser
finger print
web access
information
access request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710470218.7A
Other languages
Chinese (zh)
Other versions
CN107426181B (en
Inventor
王罗斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
World (beijing) Network Technology Co Ltd
Original Assignee
World (beijing) Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by World (beijing) Network Technology Co Ltd filed Critical World (beijing) Network Technology Co Ltd
Priority to CN201710470218.7A priority Critical patent/CN107426181B/en
Publication of CN107426181A publication Critical patent/CN107426181A/en
Application granted granted Critical
Publication of CN107426181B publication Critical patent/CN107426181B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Abstract

The invention discloses the hold-up interception method and device of a kind of malice web access request.Methods described includes:Receive web access request;Judge whether carry Token access tokens in the web access request;If not carrying Token access tokens, browser finger print information is obtained, and finger print information code is generated according to the browser finger print information;The legitimacy of the finger print information code is verified;If the legitimacy verifies failure of the finger print information code, it is determined that the web access request is asked for malice web access, and is intercepted to web access request.It this method and device, can accurately and rapidly determine that unauthorized access is asked, and implement to intercept, effectively identify IP spoofing behavior, and will not cause to manslaughter.

Description

The hold-up interception method and device of malice web access request
Technical field
The present invention relates to technical field of network security, the more particularly to a kind of hold-up interception method and dress of malice web access request Put.
Background technology
In network safety filed, it is exactly IP spoofing to hide a kind of means of oneself, that is, the IP address by forging itself Malicious requests are sent to goal systems, cause goal systems is under attack can not but confirm attack source, or obtain goal systems Trust to obtain confidential information
Specifically, above-mentioned IP spoofing is mainly used in following two application scenarios:
Scene one:It is usually used in ddos attack (attack of distribution refusal), in the malicious attack request initiated to goal systems In, large quantities of personation source IPs are generated at random, also can not analytical attack source to the malicious requests received if target defence is more weak Authenticity, so as to reach the purpose that attacker hides itself.
Scene two:Script host A trusts host B, that is, host B can with unblocked obtain the data money of host A Source.And the host C of malice is in order to equally getting the data of host A, it is necessary to disguise oneself as host B and host A implements communication. So host C needs to do two pieces thing:Firstth, allow host B " mouth is blocked ", no longer send and ask to host A, for example, can lead to Cross to host B and initiate DoS attack (Denial of Service attack), it can not be normally sent network bag so as to take the connection of host B; Secondth, disguise oneself as the IP of host B and host A interacts, so as to obtain the trust of host A to obtain confidential information.
In the prior art, generally use server front end is isolated with fire wall, keeps out the attack of high concurrent;Rear end leads to Cross and statistical counting is carried out to the IP address of access, prevention access is carried out after a certain IP address access times exceed limitation.This Class technical scheme, it can prevent better simply hackers from accessing attack, once hacker is attacked using IP spoofing mode, then easily Generation is manslaughtered or can not good security from attacks.
Below in the prior art, through frequently with two ways, be described below:
Mode one:Publication No. CN201010001277.8, entitled " hold-up interception method and system of a kind of malicious access " Application for a patent for invention in, disclose the hold-up interception method and system of a kind of malicious access, main contents include:Analysis server root According to user terminal after intercept information is determined in the access request analysis of the 1st time to N (N >=1) secondary initiation, in the webserver When receiving the access request of the N+1 times initiation of user terminal, the intercept information determined according to Analysis server is to user Whether terminal is that malicious access terminal is judged, active user's terminal is intercepted when result of determination is malicious access terminal and is initiated Access request;Otherwise, business processing is carried out according to the access request.
Whether the technical scheme judges to access by simple counting statistics legal, if user employs IP spoofing Mode conducts interviews, then can not be intercepted completely.Further, since counting statistics scheme is excessively simple, if a large number of users Networked using shared outer net IP forms, it is likely that situation about manslaughtering can be produced.
Mode two:Publication No.:CN201510969145.7, it is entitled " determination methods of malicious access, hold-up interception method with In the application for a patent for invention of device ", the determination methods and device of a kind of malicious access are disclosed, this method includes:When receiving During the access request of one IP address, first time period is determined;Count access times of the IP address in each sub- period; The access times weighted value being configured according to the IP address in the access times of each sub- period and each sub- period, Calculate weighted average of the IP address in the access times of each sub- period;Compare the weighted average with it is default First access times threshold value, when the weighted average is more than default first access times threshold value, judge the IP address Belong to malicious access.This method can improve the accuracy for judging malicious access, limit the access of the IP address of malicious access, keep away It is too high to exempt from server load, but is also to judge whether access is legal, IP spoofing can not be prevented to attack by simple counting statistics Hit, while will also result in situation about manslaughtering and occur.
The content of the invention
The embodiment of the present invention provides a kind of hold-up interception method and device of malice web access request, can be quickly and accurately true Determine unauthorized access request, and implement to intercept, effectively identify IP spoofing behavior, and will not cause to manslaughter.
On the one hand, the embodiment of the present invention provides a kind of hold-up interception method of malice web access request, including:
Receive web access request;
Judge whether carry Token access tokens in the web access request;
If not carrying Token access tokens, browser finger print information is obtained, and according to the browser finger print information Generate finger print information code;
The legitimacy of the finger print information code is verified;
If the legitimacy verifies failure of the finger print information code, it is determined that the web access request is malice web access Request, and web access request is intercepted.
Optionally, browser finger print information is obtained, and finger print information code, bag are generated according to the browser finger print information Include:
The information name and the value of information of browser finger print information are obtained, the browser finger print information includes following at least two :Browser version, screen resolution, color depth, computer system language, browser plug-in installation list, browser are supported Message content types and time-zone information;
Information name, the value of information of the browser finger print information are spliced into character string;
Hash encryption is carried out to the character string, generates finger print information code.
Optionally, if the legitimacy verifies success of the finger print information code, methods described also include:
Obtain the blacklist being stored in preset buffer memory space;
Judge that the affiliated terminal of the browser whether there is in the blacklist;
If it is determined that the affiliated terminal of browser is present in the blacklist, it is determined that the affiliated terminal of browser For malicious access terminal, and web access request is intercepted, the affiliated terminal of the browser, browser fingerprint are believed Breath and IP address information, added to the blacklist, and return to error code.
Optionally, if it is determined that the affiliated terminal of the browser is not existed in the blacklist, methods described also includes:
Obtain the data item of the information metadata of the browser;
The data item of the information metadata of the browser is verified, verification content comprises at least one below:Close Whether whether rationality verification, critical data item lack verification and are that virtual forge verifies;
According to check results, it is determined whether forge terminal request for malicious virtual;
Terminal request is forged if determined as malicious virtual, then web access request is intercepted, browser is referred to Line information and IP address information are added to the blacklist, and return to error code.
Optionally, if it is determined that be not that malicious virtual forges terminal request, methods described also includes:
To the data item of the information metadata of the browser, Token access tokens are generated after carrying out multinomial data operation;
Obtain default Token verifications rule;
According to the default Token verifications rule, legitimacy verifies are carried out to the Token access tokens, it is described legal Property verification comprise at least:The verification of Token time checks, the numeric data code of Token predeterminated positions and check code, Token information with Caching record information Inspection;
If the Token access tokens verification is illegal, web access request is intercepted, by browser Finger print information and IP address information are added to the blacklist, and return to error code.
Optionally, if Token access tokens verification is legal, methods described also includes:
The number of the web access request sent to terminal records;
Maximum access times threshold value and preset alarm frequency threshold value are obtained, the maximum access times threshold value is preset time Terminal sends the higher limit of web access request number of times in section, and the preset alarm frequency threshold value is the Web in preset time period Access request exceeds the boundary value of normal access times, and the preset alarm frequency threshold value is less than the maximum access times threshold Value;
If the number for the web access request that terminal is sent is more than the maximum access times threshold value, it is determined that the Web Access request is asked for malice web access, web access request is intercepted, and browser finger print information and IP address are believed Breath is added to the blacklist, and returns to error code;
If the number for the web access request that the terminal is sent is less than or equal to the maximum access times threshold value, and More than the preset alarm frequency threshold value, it is determined that the web access request number of times exceedes normal web access request number of times, and Warning reminding information is sent, and records the access data message of browser finger print information and IP address information and web access request;
If the number for the web access request that the terminal is sent is less than the preset alarm frequency threshold value, it is determined that institute Web access request is stated to ask for normal web access, what record browser finger print information and IP address information and web access were asked Access data message.
On the other hand, the embodiment of the present invention provides a kind of blocking apparatus of malice web access request, including:
Receiving unit, for receiving web access request;
First judging unit, for judging whether carry Token access tokens in the web access request;
First acquisition unit, for the web access request in do not carry Token access tokens when, obtain browser Finger print information;
First generation unit, for generating finger print information code according to the browser finger print information;
First verification unit, for being verified to the legitimacy of the finger print information code;
First determining unit, for the legitimacy verifies failure in the finger print information code, it is determined that the web access please Ask and asked for malice web access;
Interception unit, for being intercepted to web access request.
Optionally, the first acquisition unit, including:
Acquisition module, for obtaining the information name and the value of information of browser finger print information, the browser finger print information bag Include following at least two:Browser version, screen resolution, color depth, computer system language, browser plug-in installation list, The message content types and time-zone information that browser is supported;
Concatenation module, for information name, the value of information of the browser finger print information to be spliced into character string;
Encrypting module, for carrying out hash encryption to the character string, generate finger print information code.
Optionally, described device also includes:
Second acquisition unit, for after the success of the legitimacy verifies of the finger print information code, acquisition to be stored in default slow Deposit the blacklist in space;
Second judging unit, for judging that the affiliated terminal of the browser whether there is in the blacklist;
Second determining unit, for after judging that the affiliated terminal of the browser is present in the blacklist, determining institute It is malicious access terminal to state the affiliated terminal of browser;
The interception unit, it is additionally operable to intercept web access request;
Adding device, for by the affiliated terminal of the browser, browser finger print information and IP address information, added to institute State blacklist;
Returning unit, for returning to error code.
Optionally, described device also includes:
3rd acquiring unit, for after judging that the affiliated terminal of the browser is not existed in the blacklist, obtaining The data item of the information metadata of the browser;
Second verification unit, the data item for the information metadata to the browser verify, wherein, in verification Appearance comprises at least one below:Whether whether plausibility check, critical data item lack verification and are that virtual forge verifies;
3rd determining unit, for according to check results, it is determined whether forge terminal request for malicious virtual;
The interception unit, be additionally operable to be defined as malicious virtual forge terminal request after, the web access is asked into Row intercepts;
The adding device, it is additionally operable to browser finger print information and IP address information being added to the blacklist;
The returning unit, it is additionally operable to return to error code.
Optionally, described device also includes:
Second generation unit, for it is determined that not being after malicious virtual forges terminal request, to the information of the browser After the data item of metadata carries out multinomial data operation, Token access tokens are generated;
4th acquiring unit, for obtaining default Token verifications rule;
3rd verification unit, for verifying rule according to the default Token, the Token access tokens are closed Method verifies, and the legitimacy verifies comprise at least:Token time checks, the numeric data code of Token predeterminated positions and check code Verification, Token information and caching record information Inspection;
The interception unit, it is additionally operable to, when Token access tokens verification is illegal, ask the web access Intercepted;
The adding device, it is additionally operable to browser finger print information and IP address information being added to the blacklist;
The returning unit, it is additionally operable to return to error code.
Optionally, described device also includes:
First recording unit, for after Token access tokens verification is legal, the web access sent to terminal please The number asked is recorded;
5th acquiring unit, for obtaining maximum access times threshold value and preset alarm frequency threshold value, the maximum access Frequency threshold value is the higher limit that terminal sends web access request number of times in preset time period, and the preset alarm frequency threshold value is The web access request exceeds the boundary value of normal access times in preset time period, and the preset alarm frequency threshold value is less than The maximum access times threshold value;
4th determining unit, the number of the web access request for being sent in terminal are more than the maximum access times threshold During value, determine that the web access request is asked for malice web access;
The interception unit, it is additionally operable to intercept web access request;
The adding device, it is additionally operable to browser finger print information and IP address information being added to the blacklist;
The returning unit, it is additionally operable to return to error code;
5th determining unit, the number of the web access request for being sent in the terminal are less than or equal to the maximum Access times threshold value, and when being more than the preset alarm frequency threshold value, determine that the web access request number of times exceedes normal Web Access request number;
Alarm unit, for sending warning reminding information;
Second recording unit, for recording the access number of browser finger print information and IP address information and web access request It is believed that breath;
6th determining unit, the number of the web access request for being sent in the terminal are less than the preset alarm During number threshold value, determine that the web access request is asked for normal web access;
3rd recording unit, for recording the access number of browser finger print information and IP address information and web access request It is believed that breath.
The hold-up interception method and device for the malice web access request that present patent application provides, are asked by receiving web access; Judge whether carry Token access tokens in web access request;If not carrying Token access tokens, browser is obtained Finger print information, and finger print information code is generated according to browser finger print information;The legitimacy of finger print information code is verified;If The legitimacy verifies failure of finger print information code, it is determined that web access request is asked for malice web access, and is asked web access Intercepted.It this method and device, can quickly and accurately determine that unauthorized access is asked, and implement to intercept, effectively identify that IP takes advantage of Behavior is deceived, and will not cause to manslaughter.
Other features and advantages of the present invention will be illustrated in the following description, also, partly becomes from specification Obtain it is clear that or being understood by implementing the present invention.The purpose of the present invention and other advantages can be by the explanations write Specifically noted structure is realized and obtained in book, claims and accompanying drawing.
Below by drawings and examples, technical scheme is described in further detail.
Brief description of the drawings
Accompanying drawing is used for providing a further understanding of the present invention, and a part for constitution instruction, the reality with the present invention Apply example to be used to explain the present invention together, be not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is a kind of flow chart of the hold-up interception method of malice web access request provided in an embodiment of the present invention;
Fig. 2 is a kind of schematic diagram of the blocking apparatus of malice web access request provided in an embodiment of the present invention.
Embodiment
The preferred embodiments of the present invention are illustrated below in conjunction with accompanying drawing, it will be appreciated that described herein preferred real Apply example to be merely to illustrate and explain the present invention, be not intended to limit the present invention.
The noun and term that may relate to or use in present patent application are explained below as follows:
Token (temporary visit token):By word of the computer business background service system generation with certain encryption rule Symbol string, is verified for whether the identity to user is legal, if verification is not by blocking the request of user.
Browser fingerprint:Browser fingerprint technique is the tracer technique proposed by EFF (electronics outpost foundation), is led to The 8 independent characteristic attributes (4 base attributes and 4 detection attributes) crossed in extraction browser, are retouched using character string State.Browser fingerprint technique anonymous can identify browser, and accuracy rate is up to 94%.
IP spoofing:IP spoofing refers to source IP address of the caused IP packets for forgery of taking action, to pretend to be other systems Or the identity of sender.This is the attack form of hacker a kind of, and hacker uses a computer internet, and borrows an other machine The IP address of device, so as to pretend to be an other machine to be communicated with server.
Ddos attack:Distributed denial of service (DDoS:Distributed Denial of Service) attack refer to by In client/server technology, multiple computers are joined together as Attack Platform, mobilize DDoS to attack one or more targets Hit, so as to exponentially improve the power of Denial of Service attack, the system resource of target of attack is directly consumed when serious so that the mesh Mark system can not provide normal service.
One embodiment of present patent application, there is provided a kind of hold-up interception method of malice web access request, as shown in figure 1, Comprise the following steps S101-S105:
Step S101:Receive web access request.
Wherein, Web (World Wide Web) is global wide area network, also referred to as WWW, and it is that one kind is based on hypertext With HTTP, global, dynamic interaction, cross-platform distributed graphic information system.It is built upon on Internet A kind of network service, search and browse on internet for viewer information provide it is patterned, easily accessed directly perceived Information node on Internet is organized into a network structure associated each other by interface, document therein and hyperlink.
Step S102:Judge whether carry Token access tokens in web access request.
Step S103:If not carrying Token access tokens, browser finger print information is obtained, and refer to according to browser Line information generates finger print information code.
Step S104:The legitimacy of finger print information code is verified.
Step S105:If the legitimacy verifies failure of finger print information code, it is determined that web access request is visited for malice Web Request is asked, and web access request is intercepted.
In one embodiment, above-mentioned steps S103 obtains browser finger print information, and is given birth to according to browser finger print information Into finger print information code, can include:
Step S1031:The information name and the value of information of browser finger print information are obtained, wherein, browser finger print information includes At least two below:Browser version, screen resolution, color depth, computer system language, browser plug-in installation list, clear The message content types and time-zone information that device of looking at is supported;
Step S1032:Information name, the value of information of browser finger print information are spliced into character string;
Step S1033:Hash encryption is carried out to character string, generates finger print information code.
In the present embodiment, character string can be encrypted using MD5 algorithms, wherein, Message Digest Algorithm MD5 (Message Digest Algorithm 5) are a kind of hash function in computer safety field, are disappeared to provide The integrity protection of breath.MD5 effect is to allow Large Copacity information before private key is signed with digital signature software by " compression " Into a kind of form of secrecy (be exactly the byte serial of a random length is transformed into a fixed length hexadecimal number word string).
Specifically, MD5 algorithms have the characteristics that:
1st, compressibility:The data of random length, the MD5 values length calculated is all fixed.
2nd, easily calculate:MD5 values are calculated from former data to be easy to.
3rd, anti-modification:Former data are made any change, even only changing 1 byte, resulting MD5 values have very Big difference.
4th, strong impact resistant:Known former data and its MD5 value, want that finding a data with identical MD5 values (forges number According to) it is extremely difficult.
It should be noted that in the present embodiment, in addition to character string is encrypted using MD5, sha- can also be used 1st, character string is encrypted any cipher mode such as RIPEMD or Haval, and present patent application is not specifically limited.
In another embodiment, if the legitimacy verifies success of finger print information code, the above method also include:
Obtain the blacklist being stored in preset buffer memory space;
Judge that the affiliated terminal of browser whether there is in blacklist;
If it is determined that the affiliated terminal of browser is present in blacklist, it is determined that the affiliated terminal of browser is that malicious access is whole End, and web access request is intercepted, the affiliated terminal of browser, browser finger print information and IP address information are added to Blacklist, and return to error code.
In another embodiment, if it is determined that the affiliated terminal of browser is not existed in blacklist, the above method is also It can include:
Obtain the data item of the information metadata of browser;
The data item of the information metadata of browser is verified, verification content comprises at least one below:Reasonability Whether whether verification, critical data item lack verification and are that virtual forge verifies;
According to check results, it is determined whether forge terminal request for malicious virtual;
Terminal request is forged if determined as malicious virtual, then web access request is intercepted, browser fingerprint is believed Breath and IP address information are added to blacklist, and return to error code.
In another embodiment, if it is determined that be not that malicious virtual forges terminal request, the above method can also wrap Include:
To the data item of the information metadata of browser, Token access tokens are generated after carrying out multinomial data operation;
Obtain default Token verifications rule;
Rule is verified according to default Token, legitimacy verifies are carried out to Token access tokens, wherein, legitimacy verifies are extremely Include less:The verification of Token time checks, the numeric data code of Token predeterminated positions and check code, Token information and caching record Information Inspection;
If the verification of Token access tokens is illegal, web access request is intercepted, by browser finger print information Blacklist is added to IP address information, and returns to error code.
In another embodiment, if the verification of Token access tokens is legal, the above method also includes:
The number of the web access request sent to terminal records;
Maximum access times threshold value and preset alarm frequency threshold value are obtained, wherein, when maximum access times threshold value is presets Between in section terminal send the higher limit of web access request number of times, preset alarm frequency threshold value is that web access please in preset time period The boundary value beyond normal access times is sought, preset alarm frequency threshold value is less than maximum access times threshold value;
If the number for the web access request that terminal is sent is more than maximum access times threshold value, it is determined that web access is asked Ask, web access request is intercepted, and browser finger print information and IP address information are added to for malice web access Blacklist, and return to error code;
If the number for the web access request that terminal is sent is less than or equal to maximum access times threshold value, and more than default Alarm times threshold value, it is determined that web access request number of times exceedes normal web access request number of times, and sends warning reminding information, And record the access data message of browser finger print information and IP address information and web access request;
If the number for the web access request that terminal is sent is less than preset alarm frequency threshold value, it is determined that web access is asked Asked for normal web access, record the access data message of browser finger print information and IP address information and web access request.
Below in a specific embodiment, the application is further elaborated:
Step S301:User terminal initiates front-end access, can specifically use cookie technologies, read the terminal storage Token token informations;
Step S302:Judge whether the terminal whether there is not out of date Token token informations, if any being then transferred to execution step S310;
Step S303:Such as without not out of date Token token informations, then foreground is believed using JS scripts generation browser fingerprint Breath:By inquiring about computer system user and browser correlation customizing messages:Such as browser version, screen resolution, color depth, computer System language, browser plug-in installation list (are such as locally stored with the message content types supported, time-zone information and other functions With session storage etc.), then these values integrate by hashing algorithm (information name+value of information form splicing character string, most Encryption is hashed using MD5 modes afterwards) produce unique finger print information code;
Step S304:Front end script uses binary data stream form, and browser is submitted by simultaneous asynchronous data transmissions mode Finger print information yardage is according to this and respective meta-data gives frontal chromatography server;
Step S305:Frontal chromatography server receives browser finger print information and IP address information, first by with a high speed Blacklist list in buffer service is compared, and simple verification determines whether malicious access terminal;
Step S306:Access request is terminated if not verified by blacklist, and returns to corresponding error code;
Step S307:If by, for browser information metadata data item verified (plausibility check, Whether critical data item lacks, if for virtual forgery etc.), determine whether malicious virtual and forge terminal request;
Step S308:Terminate access request if being judged as that malicious virtual forges terminal, by the browser finger print information and IP address Data Enter blacklist, and return to corresponding error code;
Step S309:If it is determined that normal access, then Analysis server then initiates to ask to token server, token clothes Device be engaged according to generating Token tokens after multinomial data operation, and by front end termination of the token information transfer to user;
Step S310:User terminal page program carries the rear end such as Token token informations, browser fingerprint code business clothes Business device submits formal data interaction request;
Step S311:Service server calls token service, and the Token of submission is believed by presetting Token verifications rule Breath is verified, and verification content comprises at least:Token time checks, 32 numeric data codes, rear 6 bit check code check before Token, Token information and caching record information Inspection etc. judge to verify whether Token access tokens are legal;
Step S312:The verification of Token access tokens does not conform to rule and terminates user terminal access request, submits corresponding terminal Fingerprint code and IP address information enter black list database, and return to corresponding error code;
Step S313:Token verification is legal, and Analysis server is matched somebody with somebody according to the default single terminal end period access times upper limit Confidence ceases, and the terminal initiates the data-base recording of request, carries out statistical analysis to this request and calculates this access and be It is no to belong to normal request numbers range;
Step S314:Result of calculation judges that the request number of times of the user terminal exceedes the upper limit of access times configuration, judges For malicious requests terminal, entry deterrence operation flow, black list database information is updated, and return to corresponding error code;
Step S315:Result of calculation judges the not super upper limit of the request number of times of the user terminal, but exceedes the alarm set Threshold value, then return to corresponding default warning message and eject warning window to user terminal, while enter regular traffic flow, analysis Server record user terminal information (browser finger print information, user account and IP address information etc.) simultaneously updates terminal initiation The data-base recording number of request;
Step S316:Result of calculation judges that the request number of times of the user terminal is normal, is determined as normal request, into normal Business Process Analysis server record user terminal information (browser finger print information, user account and IP address information etc.) and more The new terminal initiates the data-base recording number of request;
Step S317:Record each terminal request recording information data;
Step S318:Terminate front end and intercept flow, into regular traffic service;
Step S319:The service of bottom finger daemon is pressed cycle regular hour, and timing carries out data analysis, extracts blacklist User terminal information (browser finger print information, user account and IP address information etc.), deposit into cache for related clothes Business device uses.
It is first after user accesses WEB websites present patent application provides a kind of hold-up interception method of malice web access request First front end obtains the browser finger print information of user terminal, and as browser finger print information is wrong, thinking user please to forge access Ask directly to terminate and access.Then, the Token tokens unique mark user identity is generated according to browser finger print information, and By Token alternative spaces to client, client, which initiates request, must carry Token token informations, if order Board information is incorrect or expired, can must not be blocked and conduct interviews, so as to prevent hacker by technological means forge ask into The operations such as row list submission.Wherein, the Token tokens can sometime carry out the reuse of limited number of time in end, specifically Configured according to background management system for the actual conditions of specific business, when token access times or token request number of times surpass User can be alerted by multistage stop mode or directly be shielded when crossing restriction number.
Present patent application embodiment, a business is also provided and verifies return value interface in itself, when specific business judges this time Access for unauthorized access when, the interface can be directly invoked, by this access user add blacklist, in time shielding use family instead Request again.
In addition, the background system and data handling system of configurationization are provided with, to carry out the individual cultivation of business, with And user behavior data inquiry and blacklist unsealing operation.
The hold-up interception method for the malice web access request that present patent application provides, is asked by receiving web access;Judge Web Whether Token access token is carried in access request;If not carrying Token access tokens, browser fingerprint letter is obtained Breath, and finger print information code is generated according to browser finger print information;The legitimacy of finger print information code is verified;If fingerprint is believed Cease the legitimacy verifies failure of code, it is determined that web access request is asked for malice web access, and web access request is blocked Cut.It this method, can quickly and accurately determine that unauthorized access is asked, and implement to intercept, effectively identify IP spoofing behavior, and not It can cause to manslaughter.
The another embodiment of present patent application provides a kind of blocking apparatus of malice web access request, such as Fig. 2 institutes Show, including:
Receiving unit 201, for receiving web access request;
First judging unit 202, for judging whether carry Token access tokens in web access request;
First acquisition unit 203, during for not carrying Token access tokens in being asked in web access, obtaining browser and referring to Line information;
First generation unit 204, for generating finger print information code according to browser finger print information;
First verification unit 205, for being verified to the legitimacy of finger print information code;
First determining unit 206, for finger print information code legitimacy verifies failure, it is determined that web access request be Malice web access is asked;
Interception unit 207, for being intercepted to web access request.
Optionally, the first acquisition unit 203, including:
Acquisition module, for obtaining the information name and the value of information of browser finger print information, browser finger print information include with Under at least two:Browser version, screen resolution, color depth, computer system language, browser plug-in are installed list, browsed The message content types and time-zone information that device is supported;
Concatenation module, for information name, the value of information of browser finger print information to be spliced into character string;
Encrypting module, for carrying out hash encryption to character string, generate finger print information code.
Optionally, the blocking apparatus of above-mentioned malice web access request also includes:
Second acquisition unit, for after the success of the legitimacy verifies of finger print information code, acquisition to be stored in preset buffer memory sky Between in blacklist;
Second judging unit, for judging that the affiliated terminal of browser whether there is in blacklist;
Second determining unit, for after judging that the affiliated terminal of browser is present in blacklist, determining belonging to browser Terminal is malicious access terminal;
Interception unit, it is additionally operable to intercept web access request;
Adding device, for by the affiliated terminal of browser, browser finger print information and IP address information, added to black name It is single;
Returning unit, for returning to error code.
Optionally, the blocking apparatus of above-mentioned malice web access request also includes:
3rd acquiring unit, for after judging that the affiliated terminal of browser is not existed in blacklist, obtaining browser The data item of information metadata;
Second verification unit, the data item for the information metadata to browser verify, wherein, verification content is extremely Include one below less:Whether whether plausibility check, critical data item lack verification and are that virtual forge verifies;
3rd determining unit, for according to check results, it is determined whether forge terminal request for malicious virtual;
Interception unit, it is additionally operable to after being defined as malicious virtual and forging terminal request, web access request is intercepted;
Adding device, it is additionally operable to browser finger print information and IP address information being added to blacklist;
Returning unit, it is additionally operable to return to error code.
Optionally, the blocking apparatus of above-mentioned malice web access request also includes:
Second generation unit, for it is determined that not being after malicious virtual forges terminal request, to the information word number of browser According to data item carry out multinomial data operation after, generate Token access tokens;
4th acquiring unit, for obtaining default Token verifications rule;
3rd verification unit, for verifying rule according to default Token, legitimacy verifies are carried out to Token access tokens, Legitimacy verifies comprise at least:The verification of Token time checks, the numeric data code of Token predeterminated positions and check code, Token letters Breath and caching record information Inspection;
Interception unit, it is additionally operable to, when the verification of Token access tokens is illegal, intercept web access request;
Adding device, it is additionally operable to browser finger print information and IP address information being added to blacklist;
Returning unit, it is additionally operable to return to error code.
Optionally, the blocking apparatus of above-mentioned malice web access request also includes:
First recording unit, what the web access for after the verification of Token access tokens is legal, being sent to terminal was asked Number is recorded;
5th acquiring unit, for obtaining maximum access times threshold value and preset alarm frequency threshold value, maximum access times Threshold value is the higher limit that terminal sends web access request number of times in preset time period, and preset alarm frequency threshold value is preset time Web access request exceeds the boundary value of normal access times in section, and preset alarm frequency threshold value is less than maximum access times threshold value;
4th determining unit, when the number of the web access request for being sent in terminal is more than maximum access times threshold value, Determine that web access request is asked for malice web access;
Interception unit, it is additionally operable to intercept web access request;
Adding device, it is additionally operable to browser finger print information and IP address information being added to blacklist;
Returning unit, it is additionally operable to return to error code;
5th determining unit, the number of the web access request for being sent in terminal are less than or equal to maximum access times Threshold value, and when being more than preset alarm frequency threshold value, determine that web access request number of times exceedes normal web access request number of times;
Alarm unit, for sending warning reminding information;
Second recording unit, for recording the access number of browser finger print information and IP address information and web access request It is believed that breath;
6th determining unit, when the number of the web access request for being sent in terminal is less than preset alarm frequency threshold value, Determine that web access request is asked for normal web access;
3rd recording unit, for recording the access number of browser finger print information and IP address information and web access request It is believed that breath.
The blocking apparatus for the malice web access request that present patent application provides, is asked by receiving web access;Judge Web Whether Token access token is carried in access request;If not carrying Token access tokens, browser fingerprint letter is obtained Breath, and finger print information code is generated according to browser finger print information;The legitimacy of finger print information code is verified;If fingerprint is believed Cease the legitimacy verifies failure of code, it is determined that web access request is asked for malice web access, and web access request is blocked Cut.It the device, can quickly and accurately determine that unauthorized access is asked, and implement to intercept, effectively identify IP spoofing behavior, and not It can cause to manslaughter.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or computer program Product.Therefore, the present invention can use the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware Apply the form of example.Moreover, the present invention can use the computer for wherein including computer usable program code in one or more The shape for the computer program product that usable storage medium is implemented on (including but is not limited to magnetic disk storage and optical memory etc.) Formula.
The present invention is the flow with reference to method according to embodiments of the present invention, equipment (system) and computer program product Figure and/or block diagram describe.It should be understood that can be by every first-class in computer program instructions implementation process figure and/or block diagram Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided The processors of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which produces, to be included referring to Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, so as in computer or The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one The step of function of being specified in individual square frame or multiple square frames.
Obviously, those skilled in the art can carry out the essence of various changes and modification without departing from the present invention to the present invention God and scope.So, if these modifications and variations of the present invention belong to the scope of the claims in the present invention and its equivalent technologies Within, then the present invention is also intended to comprising including these changes and modification.

Claims (10)

  1. A kind of 1. hold-up interception method of malice web access request, it is characterised in that including:
    Receive web access request;
    Judge whether carry Token access tokens in the web access request;
    If not carrying Token access tokens, browser finger print information is obtained, and generate according to the browser finger print information Finger print information code;
    The legitimacy of the finger print information code is verified;
    If the legitimacy verifies failure of the finger print information code, it is determined that the web access request please for malice web access Ask, and web access request is intercepted.
  2. 2. according to the method for claim 1, it is characterised in that browser finger print information is obtained, and according to the browser Finger print information generates finger print information code, including:
    The information name and the value of information of browser finger print information are obtained, the browser finger print information includes following at least two:It is clear Look at device version, screen resolution, color depth, computer system language, browser plug-in installation list, browser support message in Hold type and time-zone information;
    Information name, the value of information of the browser finger print information are spliced into character string;
    Hash encryption is carried out to the character string, generates finger print information code.
  3. 3. according to the method described in any one of claim 1 or 2, it is characterised in that if the legitimacy of the finger print information code Verify successfully, methods described also includes:
    Obtain the blacklist being stored in preset buffer memory space;
    Judge that the affiliated terminal of the browser whether there is in the blacklist;
    If it is determined that the affiliated terminal of browser is present in the blacklist, it is determined that the affiliated terminal of browser is evil Meaning access terminal, and to the web access request intercept, by the affiliated terminal of the browser, browser finger print information and IP address information, added to the blacklist, and return to error code.
  4. 4. according to the method for claim 3, it is characterised in that if it is determined that the affiliated terminal of the browser does not exist in institute State in blacklist, methods described also includes:
    Obtain the data item of the information metadata of the browser;
    The data item of the information metadata of the browser is verified, verification content comprises at least one below:Reasonability Whether whether verification, critical data item lack verification and are that virtual forge verifies;
    According to check results, it is determined whether forge terminal request for malicious virtual;
    Terminal request is forged if determined as malicious virtual, then web access request is intercepted, browser fingerprint is believed Breath and IP address information are added to the blacklist, and return to error code.
  5. 5. according to the method for claim 4, it is characterised in that if it is determined that not being that malicious virtual forges terminal request, institute Stating method also includes:
    To the data item of the information metadata of the browser, Token access tokens are generated after carrying out multinomial data operation;
    Obtain default Token verifications rule;
    According to the default Token verifications rule, legitimacy verifies, the legitimacy school are carried out to the Token access tokens Test and comprise at least:The verification of Token time checks, the numeric data code of Token predeterminated positions and check code, Token information and caching Record information Inspection;
    If the Token access tokens verification is illegal, web access request is intercepted, by browser fingerprint Information and IP address information are added to the blacklist, and return to error code.
  6. 6. according to the method for claim 5, it is characterised in that if the Token access tokens verify legal, the side Method also includes:
    The number of the web access request sent to terminal records;
    Maximum access times threshold value and preset alarm frequency threshold value are obtained, the maximum access times threshold value is in preset time period Terminal sends the higher limit of web access request number of times, and the preset alarm frequency threshold value is the web access in preset time period Request exceeds the boundary value of normal access times, and the preset alarm frequency threshold value is less than the maximum access times threshold value;
    If the number for the web access request that terminal is sent is more than the maximum access times threshold value, it is determined that the web access Ask to ask for malice web access, web access request is intercepted, and browser finger print information and IP address information are added The blacklist is added to, and returns to error code;
    If the number for the web access request that the terminal is sent is less than or equal to the maximum access times threshold value, and is more than The preset alarm frequency threshold value, it is determined that the web access request number of times exceedes normal web access request number of times, and sends Warning reminding information, and record the access data message of browser finger print information and IP address information and web access request;
    If the number for the web access request that the terminal is sent is less than the preset alarm frequency threshold value, it is determined that the Web Access request is asked for normal web access, records the access number of browser finger print information and IP address information and web access request It is believed that breath.
  7. A kind of 7. blocking apparatus of malice web access request, it is characterised in that including:
    Receiving unit, for receiving web access request;
    First judging unit, for judging whether carry Token access tokens in the web access request;
    First acquisition unit, for the web access request in do not carry Token access tokens when, obtain browser fingerprint Information;
    First generation unit, for generating finger print information code according to the browser finger print information;
    First verification unit, for being verified to the legitimacy of the finger print information code;
    First determining unit, for the legitimacy verifies failure in the finger print information code, it is determined that web access request is Malice web access is asked;
    Interception unit, for being intercepted to web access request.
  8. 8. device according to claim 7, it is characterised in that the first acquisition unit, including:
    Acquisition module, for obtaining the information name and the value of information of browser finger print information, the browser finger print information include with Under at least two:Browser version, screen resolution, color depth, computer system language, browser plug-in are installed list, browsed The message content types and time-zone information that device is supported;
    Concatenation module, for information name, the value of information of the browser finger print information to be spliced into character string;
    Encrypting module, for carrying out hash encryption to the character string, generate finger print information code.
  9. 9. according to the device described in any one of claim 7 or 8, it is characterised in that described device also includes:
    Second acquisition unit, for after the success of the legitimacy verifies of the finger print information code, acquisition to be stored in preset buffer memory sky Between in blacklist;
    Second judging unit, for judging that the affiliated terminal of the browser whether there is in the blacklist;
    Second determining unit, for after judging that the affiliated terminal of the browser is present in the blacklist, determining described clear The affiliated terminal of device of looking at is malicious access terminal;
    The interception unit, it is additionally operable to intercept web access request;
    Adding device, for by the affiliated terminal of the browser, browser finger print information and IP address information, added to described black List;
    Returning unit, for returning to error code.
  10. 10. device according to claim 9, it is characterised in that described device also includes:
    3rd acquiring unit, for after judging that the affiliated terminal of the browser is not existed in the blacklist, described in acquisition The data item of the information metadata of browser;
    Second verification unit, the data item for the information metadata to the browser verify, wherein, verification content is extremely Include one below less:Whether whether plausibility check, critical data item lack verification and are that virtual forge verifies;
    3rd determining unit, for according to check results, it is determined whether forge terminal request for malicious virtual;
    The interception unit, it is additionally operable to after being defined as malicious virtual and forging terminal request, web access request is blocked Cut;
    The adding device, it is additionally operable to browser finger print information and IP address information being added to the blacklist;
    The returning unit, it is additionally operable to return to error code.
CN201710470218.7A 2017-06-20 2017-06-20 The hold-up interception method and device of malice web access request Active CN107426181B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710470218.7A CN107426181B (en) 2017-06-20 2017-06-20 The hold-up interception method and device of malice web access request

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710470218.7A CN107426181B (en) 2017-06-20 2017-06-20 The hold-up interception method and device of malice web access request

Publications (2)

Publication Number Publication Date
CN107426181A true CN107426181A (en) 2017-12-01
CN107426181B CN107426181B (en) 2019-09-17

Family

ID=60427315

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710470218.7A Active CN107426181B (en) 2017-06-20 2017-06-20 The hold-up interception method and device of malice web access request

Country Status (1)

Country Link
CN (1) CN107426181B (en)

Cited By (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108200180A (en) * 2018-01-08 2018-06-22 武汉斗鱼网络科技有限公司 A kind of method, apparatus and computer equipment for being used to limit request frequency
CN108521408A (en) * 2018-03-22 2018-09-11 平安科技(深圳)有限公司 Resist method of network attack, device, computer equipment and storage medium
CN108786115A (en) * 2018-05-03 2018-11-13 南京赛宁信息技术有限公司 The method and system of CTF dynamics Flag are generated based on Transparent Proxy
CN109005164A (en) * 2018-07-20 2018-12-14 深圳市网心科技有限公司 A kind of network system, equipment, network data exchange method and storage medium
CN109067763A (en) * 2018-08-29 2018-12-21 阿里巴巴集团控股有限公司 Safety detection method, equipment and device
CN109117609A (en) * 2018-08-31 2019-01-01 中国农业银行股份有限公司 A kind of request hold-up interception method and device
CN109361685A (en) * 2018-11-15 2019-02-19 北京农信互联科技集团有限公司 Method and device for preventing malicious request
CN109361779A (en) * 2018-10-22 2019-02-19 江苏满运软件科技有限公司 The management method of domain name and system, node server in distributed system
CN109389298A (en) * 2018-09-25 2019-02-26 阿里巴巴集团控股有限公司 A kind of service request method of calibration and device
CN110493225A (en) * 2019-08-20 2019-11-22 杭州安恒信息技术股份有限公司 A kind of request transmission method, device, equipment and readable storage medium storing program for executing
WO2020056857A1 (en) * 2018-09-19 2020-03-26 网宿科技股份有限公司 Exception access behavior identification method and server
CN111131303A (en) * 2019-12-31 2020-05-08 苏宁云计算有限公司 Request data verification system and method
CN112165475A (en) * 2020-09-22 2021-01-01 成都知道创宇信息技术有限公司 Anti-crawler method, anti-crawler device, website server and readable storage medium
CN112565226A (en) * 2020-11-27 2021-03-26 深信服科技股份有限公司 Request processing method, device, equipment and system and user portrait generation method
CN112632447A (en) * 2021-01-13 2021-04-09 西安博达软件股份有限公司 Website dynamic application safety protection method
CN112685682A (en) * 2021-03-16 2021-04-20 连连(杭州)信息技术有限公司 Method, device, equipment and medium for identifying forbidden object of attack event
CN113098865A (en) * 2021-03-31 2021-07-09 广州锦行网络科技有限公司 Browser fingerprint acquisition method and device, electronic equipment and storage medium
CN113114611A (en) * 2020-01-13 2021-07-13 北京沃东天骏信息技术有限公司 Method and device for managing blacklist
CN113612777A (en) * 2021-08-04 2021-11-05 百度在线网络技术(北京)有限公司 Training method, traffic classification method, device, electronic device and storage medium
CN114124441A (en) * 2021-09-29 2022-03-01 上海欧冶金融信息服务股份有限公司 JWT (just-before-wt) -based client authentication method and system
CN114626058A (en) * 2022-04-18 2022-06-14 北京创新乐知网络技术有限公司 Method and system for identifying malicious community access behaviors
CN114884671A (en) * 2022-04-21 2022-08-09 微位(深圳)网络科技有限公司 Intrusion prevention method, device, equipment and medium for server
CN114928452A (en) * 2022-05-17 2022-08-19 壹沓科技(上海)有限公司 Access request verification method, device, storage medium and server
CN114943024A (en) * 2022-05-31 2022-08-26 北京永信至诚科技股份有限公司 Fingerprint acquisition method and device based on browser
CN115065537A (en) * 2022-06-16 2022-09-16 公安部第三研究所 Defense system and dynamic defense method for WEB application automation attack behavior
CN115102744A (en) * 2022-06-16 2022-09-23 京东科技信息技术有限公司 Data access method and device

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113449167A (en) * 2021-06-25 2021-09-28 北京悟空出行科技有限公司 Data acquisition abnormity detection method and device, electronic equipment and readable storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102137059A (en) * 2010-01-21 2011-07-27 阿里巴巴集团控股有限公司 Method and system for blocking malicious accesses
CN104092665A (en) * 2014-06-19 2014-10-08 小米科技有限责任公司 Access request filtering method, device and facility
CN104378255A (en) * 2014-10-29 2015-02-25 深信服网络科技(深圳)有限公司 Method and device for detecting web malicious user
CN104519018A (en) * 2013-09-29 2015-04-15 阿里巴巴集团控股有限公司 Method, device and system for preventing malicious requests for server
CN105430011A (en) * 2015-12-25 2016-03-23 杭州朗和科技有限公司 Method and device for detecting distributed denial of service attack

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102137059A (en) * 2010-01-21 2011-07-27 阿里巴巴集团控股有限公司 Method and system for blocking malicious accesses
CN104519018A (en) * 2013-09-29 2015-04-15 阿里巴巴集团控股有限公司 Method, device and system for preventing malicious requests for server
CN104092665A (en) * 2014-06-19 2014-10-08 小米科技有限责任公司 Access request filtering method, device and facility
CN104378255A (en) * 2014-10-29 2015-02-25 深信服网络科技(深圳)有限公司 Method and device for detecting web malicious user
CN105430011A (en) * 2015-12-25 2016-03-23 杭州朗和科技有限公司 Method and device for detecting distributed denial of service attack

Cited By (39)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108200180A (en) * 2018-01-08 2018-06-22 武汉斗鱼网络科技有限公司 A kind of method, apparatus and computer equipment for being used to limit request frequency
CN108200180B (en) * 2018-01-08 2020-09-08 武汉斗鱼网络科技有限公司 Method and device for limiting request frequency and computer equipment
WO2019178966A1 (en) * 2018-03-22 2019-09-26 平安科技(深圳)有限公司 Network attack defense method and apparatus, and computer device and storage medium
CN108521408A (en) * 2018-03-22 2018-09-11 平安科技(深圳)有限公司 Resist method of network attack, device, computer equipment and storage medium
CN108521408B (en) * 2018-03-22 2021-03-12 平安科技(深圳)有限公司 Method and device for resisting network attack, computer equipment and storage medium
CN108786115A (en) * 2018-05-03 2018-11-13 南京赛宁信息技术有限公司 The method and system of CTF dynamics Flag are generated based on Transparent Proxy
CN109005164A (en) * 2018-07-20 2018-12-14 深圳市网心科技有限公司 A kind of network system, equipment, network data exchange method and storage medium
CN109005164B (en) * 2018-07-20 2021-05-18 深圳市网心科技有限公司 Network system, equipment, network data interaction method and storage medium
US11201886B2 (en) 2018-08-29 2021-12-14 Advanced New Technologies Co., Ltd. Security detection method, device, and apparatus
CN109067763A (en) * 2018-08-29 2018-12-21 阿里巴巴集团控股有限公司 Safety detection method, equipment and device
CN109117609A (en) * 2018-08-31 2019-01-01 中国农业银行股份有限公司 A kind of request hold-up interception method and device
WO2020056857A1 (en) * 2018-09-19 2020-03-26 网宿科技股份有限公司 Exception access behavior identification method and server
CN109389298A (en) * 2018-09-25 2019-02-26 阿里巴巴集团控股有限公司 A kind of service request method of calibration and device
CN109389298B (en) * 2018-09-25 2022-04-29 创新先进技术有限公司 Service request checking method and device
CN109361779A (en) * 2018-10-22 2019-02-19 江苏满运软件科技有限公司 The management method of domain name and system, node server in distributed system
CN109361685B (en) * 2018-11-15 2021-04-20 北京农信互联科技集团有限公司 Method for preventing malicious request
CN109361685A (en) * 2018-11-15 2019-02-19 北京农信互联科技集团有限公司 Method and device for preventing malicious request
CN110493225B (en) * 2019-08-20 2021-12-03 杭州安恒信息技术股份有限公司 Request transmission method, device, equipment and readable storage medium
CN110493225A (en) * 2019-08-20 2019-11-22 杭州安恒信息技术股份有限公司 A kind of request transmission method, device, equipment and readable storage medium storing program for executing
CN111131303A (en) * 2019-12-31 2020-05-08 苏宁云计算有限公司 Request data verification system and method
CN113114611B (en) * 2020-01-13 2024-02-06 北京沃东天骏信息技术有限公司 Blacklist management method and device
CN113114611A (en) * 2020-01-13 2021-07-13 北京沃东天骏信息技术有限公司 Method and device for managing blacklist
CN112165475A (en) * 2020-09-22 2021-01-01 成都知道创宇信息技术有限公司 Anti-crawler method, anti-crawler device, website server and readable storage medium
CN112565226A (en) * 2020-11-27 2021-03-26 深信服科技股份有限公司 Request processing method, device, equipment and system and user portrait generation method
CN112632447A (en) * 2021-01-13 2021-04-09 西安博达软件股份有限公司 Website dynamic application safety protection method
CN112685682B (en) * 2021-03-16 2021-07-09 连连(杭州)信息技术有限公司 Method, device, equipment and medium for identifying forbidden object of attack event
CN112685682A (en) * 2021-03-16 2021-04-20 连连(杭州)信息技术有限公司 Method, device, equipment and medium for identifying forbidden object of attack event
CN113098865A (en) * 2021-03-31 2021-07-09 广州锦行网络科技有限公司 Browser fingerprint acquisition method and device, electronic equipment and storage medium
CN113612777A (en) * 2021-08-04 2021-11-05 百度在线网络技术(北京)有限公司 Training method, traffic classification method, device, electronic device and storage medium
CN114124441B (en) * 2021-09-29 2022-11-15 上海欧冶金融信息服务股份有限公司 JWT (just in time wt) -based client authentication method and system
CN114124441A (en) * 2021-09-29 2022-03-01 上海欧冶金融信息服务股份有限公司 JWT (just-before-wt) -based client authentication method and system
CN114626058A (en) * 2022-04-18 2022-06-14 北京创新乐知网络技术有限公司 Method and system for identifying malicious community access behaviors
CN114884671A (en) * 2022-04-21 2022-08-09 微位(深圳)网络科技有限公司 Intrusion prevention method, device, equipment and medium for server
CN114928452A (en) * 2022-05-17 2022-08-19 壹沓科技(上海)有限公司 Access request verification method, device, storage medium and server
CN114928452B (en) * 2022-05-17 2024-02-13 壹沓科技(上海)有限公司 Access request verification method, device, storage medium and server
CN114943024A (en) * 2022-05-31 2022-08-26 北京永信至诚科技股份有限公司 Fingerprint acquisition method and device based on browser
CN115065537A (en) * 2022-06-16 2022-09-16 公安部第三研究所 Defense system and dynamic defense method for WEB application automation attack behavior
CN115102744A (en) * 2022-06-16 2022-09-23 京东科技信息技术有限公司 Data access method and device
CN115065537B (en) * 2022-06-16 2023-07-07 公安部第三研究所 Defending system and dynamic defending method aiming at WEB application automatic attack behaviors

Also Published As

Publication number Publication date
CN107426181B (en) 2019-09-17

Similar Documents

Publication Publication Date Title
CN107426181B (en) The hold-up interception method and device of malice web access request
US11258820B2 (en) Request modification for web security challenge
US9832225B2 (en) Identity theft countermeasures
Torroledo et al. Hunting malicious TLS certificates with deep neural networks
Yue et al. BogusBiter: A transparent protection against phishing attacks
US8381293B2 (en) Identity theft countermeasures
KR101497742B1 (en) System and method for authentication, data transfer, and protection against phising
US9106695B2 (en) Method and system for user authentication using DNSSEC
AU2006200688B2 (en) Internet security
Gelernter et al. Cross-site search attacks
US10116693B1 (en) Server using proof-of-work technique for hardening against denial of service attacks
EP3887981B1 (en) Verifying user interactions on a content platform
US20190147451A1 (en) Collaborate Fraud Prevention
US9661002B2 (en) Method for user authentication using DNSSEC
CN112235306B (en) E-commerce account verification method based on cloud security
CN113518064A (en) Defense method and device for challenging black hole attack, computer equipment and storage medium
Mishra et al. Intelligent phishing detection system using similarity matching algorithms
Aljawarneh et al. A web client authentication system using smart card for e-systems: initial testing and evaluation
JP7189372B2 (en) Device and application integrity verification
Hajiali et al. Preventing phishing attacks using text and image watermarking
Altamimi et al. PhishCatcher: Client-Side Defense Against Web Spoofing Attacks Using Machine Learning
CN112613000A (en) Sensitive information protection method and device, electronic equipment and readable storage medium
AlShalaan et al. Secure Storage System Using Cryptographic Techniques
CN110321702A (en) The system and method for detecting the modification of Internet resources
EP4068125A1 (en) Method of monitoring and protecting access to an online service

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant