CN107426181A - The hold-up interception method and device of malice web access request - Google Patents
The hold-up interception method and device of malice web access request Download PDFInfo
- Publication number
- CN107426181A CN107426181A CN201710470218.7A CN201710470218A CN107426181A CN 107426181 A CN107426181 A CN 107426181A CN 201710470218 A CN201710470218 A CN 201710470218A CN 107426181 A CN107426181 A CN 107426181A
- Authority
- CN
- China
- Prior art keywords
- browser
- finger print
- web access
- information
- access request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Abstract
The invention discloses the hold-up interception method and device of a kind of malice web access request.Methods described includes:Receive web access request;Judge whether carry Token access tokens in the web access request;If not carrying Token access tokens, browser finger print information is obtained, and finger print information code is generated according to the browser finger print information;The legitimacy of the finger print information code is verified;If the legitimacy verifies failure of the finger print information code, it is determined that the web access request is asked for malice web access, and is intercepted to web access request.It this method and device, can accurately and rapidly determine that unauthorized access is asked, and implement to intercept, effectively identify IP spoofing behavior, and will not cause to manslaughter.
Description
Technical field
The present invention relates to technical field of network security, the more particularly to a kind of hold-up interception method and dress of malice web access request
Put.
Background technology
In network safety filed, it is exactly IP spoofing to hide a kind of means of oneself, that is, the IP address by forging itself
Malicious requests are sent to goal systems, cause goal systems is under attack can not but confirm attack source, or obtain goal systems
Trust to obtain confidential information
Specifically, above-mentioned IP spoofing is mainly used in following two application scenarios:
Scene one:It is usually used in ddos attack (attack of distribution refusal), in the malicious attack request initiated to goal systems
In, large quantities of personation source IPs are generated at random, also can not analytical attack source to the malicious requests received if target defence is more weak
Authenticity, so as to reach the purpose that attacker hides itself.
Scene two:Script host A trusts host B, that is, host B can with unblocked obtain the data money of host A
Source.And the host C of malice is in order to equally getting the data of host A, it is necessary to disguise oneself as host B and host A implements communication.
So host C needs to do two pieces thing:Firstth, allow host B " mouth is blocked ", no longer send and ask to host A, for example, can lead to
Cross to host B and initiate DoS attack (Denial of Service attack), it can not be normally sent network bag so as to take the connection of host B;
Secondth, disguise oneself as the IP of host B and host A interacts, so as to obtain the trust of host A to obtain confidential information.
In the prior art, generally use server front end is isolated with fire wall, keeps out the attack of high concurrent;Rear end leads to
Cross and statistical counting is carried out to the IP address of access, prevention access is carried out after a certain IP address access times exceed limitation.This
Class technical scheme, it can prevent better simply hackers from accessing attack, once hacker is attacked using IP spoofing mode, then easily
Generation is manslaughtered or can not good security from attacks.
Below in the prior art, through frequently with two ways, be described below:
Mode one:Publication No. CN201010001277.8, entitled " hold-up interception method and system of a kind of malicious access "
Application for a patent for invention in, disclose the hold-up interception method and system of a kind of malicious access, main contents include:Analysis server root
According to user terminal after intercept information is determined in the access request analysis of the 1st time to N (N >=1) secondary initiation, in the webserver
When receiving the access request of the N+1 times initiation of user terminal, the intercept information determined according to Analysis server is to user
Whether terminal is that malicious access terminal is judged, active user's terminal is intercepted when result of determination is malicious access terminal and is initiated
Access request;Otherwise, business processing is carried out according to the access request.
Whether the technical scheme judges to access by simple counting statistics legal, if user employs IP spoofing
Mode conducts interviews, then can not be intercepted completely.Further, since counting statistics scheme is excessively simple, if a large number of users
Networked using shared outer net IP forms, it is likely that situation about manslaughtering can be produced.
Mode two:Publication No.:CN201510969145.7, it is entitled " determination methods of malicious access, hold-up interception method with
In the application for a patent for invention of device ", the determination methods and device of a kind of malicious access are disclosed, this method includes:When receiving
During the access request of one IP address, first time period is determined;Count access times of the IP address in each sub- period;
The access times weighted value being configured according to the IP address in the access times of each sub- period and each sub- period,
Calculate weighted average of the IP address in the access times of each sub- period;Compare the weighted average with it is default
First access times threshold value, when the weighted average is more than default first access times threshold value, judge the IP address
Belong to malicious access.This method can improve the accuracy for judging malicious access, limit the access of the IP address of malicious access, keep away
It is too high to exempt from server load, but is also to judge whether access is legal, IP spoofing can not be prevented to attack by simple counting statistics
Hit, while will also result in situation about manslaughtering and occur.
The content of the invention
The embodiment of the present invention provides a kind of hold-up interception method and device of malice web access request, can be quickly and accurately true
Determine unauthorized access request, and implement to intercept, effectively identify IP spoofing behavior, and will not cause to manslaughter.
On the one hand, the embodiment of the present invention provides a kind of hold-up interception method of malice web access request, including:
Receive web access request;
Judge whether carry Token access tokens in the web access request;
If not carrying Token access tokens, browser finger print information is obtained, and according to the browser finger print information
Generate finger print information code;
The legitimacy of the finger print information code is verified;
If the legitimacy verifies failure of the finger print information code, it is determined that the web access request is malice web access
Request, and web access request is intercepted.
Optionally, browser finger print information is obtained, and finger print information code, bag are generated according to the browser finger print information
Include:
The information name and the value of information of browser finger print information are obtained, the browser finger print information includes following at least two
:Browser version, screen resolution, color depth, computer system language, browser plug-in installation list, browser are supported
Message content types and time-zone information;
Information name, the value of information of the browser finger print information are spliced into character string;
Hash encryption is carried out to the character string, generates finger print information code.
Optionally, if the legitimacy verifies success of the finger print information code, methods described also include:
Obtain the blacklist being stored in preset buffer memory space;
Judge that the affiliated terminal of the browser whether there is in the blacklist;
If it is determined that the affiliated terminal of browser is present in the blacklist, it is determined that the affiliated terminal of browser
For malicious access terminal, and web access request is intercepted, the affiliated terminal of the browser, browser fingerprint are believed
Breath and IP address information, added to the blacklist, and return to error code.
Optionally, if it is determined that the affiliated terminal of the browser is not existed in the blacklist, methods described also includes:
Obtain the data item of the information metadata of the browser;
The data item of the information metadata of the browser is verified, verification content comprises at least one below:Close
Whether whether rationality verification, critical data item lack verification and are that virtual forge verifies;
According to check results, it is determined whether forge terminal request for malicious virtual;
Terminal request is forged if determined as malicious virtual, then web access request is intercepted, browser is referred to
Line information and IP address information are added to the blacklist, and return to error code.
Optionally, if it is determined that be not that malicious virtual forges terminal request, methods described also includes:
To the data item of the information metadata of the browser, Token access tokens are generated after carrying out multinomial data operation;
Obtain default Token verifications rule;
According to the default Token verifications rule, legitimacy verifies are carried out to the Token access tokens, it is described legal
Property verification comprise at least:The verification of Token time checks, the numeric data code of Token predeterminated positions and check code, Token information with
Caching record information Inspection;
If the Token access tokens verification is illegal, web access request is intercepted, by browser
Finger print information and IP address information are added to the blacklist, and return to error code.
Optionally, if Token access tokens verification is legal, methods described also includes:
The number of the web access request sent to terminal records;
Maximum access times threshold value and preset alarm frequency threshold value are obtained, the maximum access times threshold value is preset time
Terminal sends the higher limit of web access request number of times in section, and the preset alarm frequency threshold value is the Web in preset time period
Access request exceeds the boundary value of normal access times, and the preset alarm frequency threshold value is less than the maximum access times threshold
Value;
If the number for the web access request that terminal is sent is more than the maximum access times threshold value, it is determined that the Web
Access request is asked for malice web access, web access request is intercepted, and browser finger print information and IP address are believed
Breath is added to the blacklist, and returns to error code;
If the number for the web access request that the terminal is sent is less than or equal to the maximum access times threshold value, and
More than the preset alarm frequency threshold value, it is determined that the web access request number of times exceedes normal web access request number of times, and
Warning reminding information is sent, and records the access data message of browser finger print information and IP address information and web access request;
If the number for the web access request that the terminal is sent is less than the preset alarm frequency threshold value, it is determined that institute
Web access request is stated to ask for normal web access, what record browser finger print information and IP address information and web access were asked
Access data message.
On the other hand, the embodiment of the present invention provides a kind of blocking apparatus of malice web access request, including:
Receiving unit, for receiving web access request;
First judging unit, for judging whether carry Token access tokens in the web access request;
First acquisition unit, for the web access request in do not carry Token access tokens when, obtain browser
Finger print information;
First generation unit, for generating finger print information code according to the browser finger print information;
First verification unit, for being verified to the legitimacy of the finger print information code;
First determining unit, for the legitimacy verifies failure in the finger print information code, it is determined that the web access please
Ask and asked for malice web access;
Interception unit, for being intercepted to web access request.
Optionally, the first acquisition unit, including:
Acquisition module, for obtaining the information name and the value of information of browser finger print information, the browser finger print information bag
Include following at least two:Browser version, screen resolution, color depth, computer system language, browser plug-in installation list,
The message content types and time-zone information that browser is supported;
Concatenation module, for information name, the value of information of the browser finger print information to be spliced into character string;
Encrypting module, for carrying out hash encryption to the character string, generate finger print information code.
Optionally, described device also includes:
Second acquisition unit, for after the success of the legitimacy verifies of the finger print information code, acquisition to be stored in default slow
Deposit the blacklist in space;
Second judging unit, for judging that the affiliated terminal of the browser whether there is in the blacklist;
Second determining unit, for after judging that the affiliated terminal of the browser is present in the blacklist, determining institute
It is malicious access terminal to state the affiliated terminal of browser;
The interception unit, it is additionally operable to intercept web access request;
Adding device, for by the affiliated terminal of the browser, browser finger print information and IP address information, added to institute
State blacklist;
Returning unit, for returning to error code.
Optionally, described device also includes:
3rd acquiring unit, for after judging that the affiliated terminal of the browser is not existed in the blacklist, obtaining
The data item of the information metadata of the browser;
Second verification unit, the data item for the information metadata to the browser verify, wherein, in verification
Appearance comprises at least one below:Whether whether plausibility check, critical data item lack verification and are that virtual forge verifies;
3rd determining unit, for according to check results, it is determined whether forge terminal request for malicious virtual;
The interception unit, be additionally operable to be defined as malicious virtual forge terminal request after, the web access is asked into
Row intercepts;
The adding device, it is additionally operable to browser finger print information and IP address information being added to the blacklist;
The returning unit, it is additionally operable to return to error code.
Optionally, described device also includes:
Second generation unit, for it is determined that not being after malicious virtual forges terminal request, to the information of the browser
After the data item of metadata carries out multinomial data operation, Token access tokens are generated;
4th acquiring unit, for obtaining default Token verifications rule;
3rd verification unit, for verifying rule according to the default Token, the Token access tokens are closed
Method verifies, and the legitimacy verifies comprise at least:Token time checks, the numeric data code of Token predeterminated positions and check code
Verification, Token information and caching record information Inspection;
The interception unit, it is additionally operable to, when Token access tokens verification is illegal, ask the web access
Intercepted;
The adding device, it is additionally operable to browser finger print information and IP address information being added to the blacklist;
The returning unit, it is additionally operable to return to error code.
Optionally, described device also includes:
First recording unit, for after Token access tokens verification is legal, the web access sent to terminal please
The number asked is recorded;
5th acquiring unit, for obtaining maximum access times threshold value and preset alarm frequency threshold value, the maximum access
Frequency threshold value is the higher limit that terminal sends web access request number of times in preset time period, and the preset alarm frequency threshold value is
The web access request exceeds the boundary value of normal access times in preset time period, and the preset alarm frequency threshold value is less than
The maximum access times threshold value;
4th determining unit, the number of the web access request for being sent in terminal are more than the maximum access times threshold
During value, determine that the web access request is asked for malice web access;
The interception unit, it is additionally operable to intercept web access request;
The adding device, it is additionally operable to browser finger print information and IP address information being added to the blacklist;
The returning unit, it is additionally operable to return to error code;
5th determining unit, the number of the web access request for being sent in the terminal are less than or equal to the maximum
Access times threshold value, and when being more than the preset alarm frequency threshold value, determine that the web access request number of times exceedes normal Web
Access request number;
Alarm unit, for sending warning reminding information;
Second recording unit, for recording the access number of browser finger print information and IP address information and web access request
It is believed that breath;
6th determining unit, the number of the web access request for being sent in the terminal are less than the preset alarm
During number threshold value, determine that the web access request is asked for normal web access;
3rd recording unit, for recording the access number of browser finger print information and IP address information and web access request
It is believed that breath.
The hold-up interception method and device for the malice web access request that present patent application provides, are asked by receiving web access;
Judge whether carry Token access tokens in web access request;If not carrying Token access tokens, browser is obtained
Finger print information, and finger print information code is generated according to browser finger print information;The legitimacy of finger print information code is verified;If
The legitimacy verifies failure of finger print information code, it is determined that web access request is asked for malice web access, and is asked web access
Intercepted.It this method and device, can quickly and accurately determine that unauthorized access is asked, and implement to intercept, effectively identify that IP takes advantage of
Behavior is deceived, and will not cause to manslaughter.
Other features and advantages of the present invention will be illustrated in the following description, also, partly becomes from specification
Obtain it is clear that or being understood by implementing the present invention.The purpose of the present invention and other advantages can be by the explanations write
Specifically noted structure is realized and obtained in book, claims and accompanying drawing.
Below by drawings and examples, technical scheme is described in further detail.
Brief description of the drawings
Accompanying drawing is used for providing a further understanding of the present invention, and a part for constitution instruction, the reality with the present invention
Apply example to be used to explain the present invention together, be not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is a kind of flow chart of the hold-up interception method of malice web access request provided in an embodiment of the present invention;
Fig. 2 is a kind of schematic diagram of the blocking apparatus of malice web access request provided in an embodiment of the present invention.
Embodiment
The preferred embodiments of the present invention are illustrated below in conjunction with accompanying drawing, it will be appreciated that described herein preferred real
Apply example to be merely to illustrate and explain the present invention, be not intended to limit the present invention.
The noun and term that may relate to or use in present patent application are explained below as follows:
Token (temporary visit token):By word of the computer business background service system generation with certain encryption rule
Symbol string, is verified for whether the identity to user is legal, if verification is not by blocking the request of user.
Browser fingerprint:Browser fingerprint technique is the tracer technique proposed by EFF (electronics outpost foundation), is led to
The 8 independent characteristic attributes (4 base attributes and 4 detection attributes) crossed in extraction browser, are retouched using character string
State.Browser fingerprint technique anonymous can identify browser, and accuracy rate is up to 94%.
IP spoofing:IP spoofing refers to source IP address of the caused IP packets for forgery of taking action, to pretend to be other systems
Or the identity of sender.This is the attack form of hacker a kind of, and hacker uses a computer internet, and borrows an other machine
The IP address of device, so as to pretend to be an other machine to be communicated with server.
Ddos attack:Distributed denial of service (DDoS:Distributed Denial of Service) attack refer to by
In client/server technology, multiple computers are joined together as Attack Platform, mobilize DDoS to attack one or more targets
Hit, so as to exponentially improve the power of Denial of Service attack, the system resource of target of attack is directly consumed when serious so that the mesh
Mark system can not provide normal service.
One embodiment of present patent application, there is provided a kind of hold-up interception method of malice web access request, as shown in figure 1,
Comprise the following steps S101-S105:
Step S101:Receive web access request.
Wherein, Web (World Wide Web) is global wide area network, also referred to as WWW, and it is that one kind is based on hypertext
With HTTP, global, dynamic interaction, cross-platform distributed graphic information system.It is built upon on Internet
A kind of network service, search and browse on internet for viewer information provide it is patterned, easily accessed directly perceived
Information node on Internet is organized into a network structure associated each other by interface, document therein and hyperlink.
Step S102:Judge whether carry Token access tokens in web access request.
Step S103:If not carrying Token access tokens, browser finger print information is obtained, and refer to according to browser
Line information generates finger print information code.
Step S104:The legitimacy of finger print information code is verified.
Step S105:If the legitimacy verifies failure of finger print information code, it is determined that web access request is visited for malice Web
Request is asked, and web access request is intercepted.
In one embodiment, above-mentioned steps S103 obtains browser finger print information, and is given birth to according to browser finger print information
Into finger print information code, can include:
Step S1031:The information name and the value of information of browser finger print information are obtained, wherein, browser finger print information includes
At least two below:Browser version, screen resolution, color depth, computer system language, browser plug-in installation list, clear
The message content types and time-zone information that device of looking at is supported;
Step S1032:Information name, the value of information of browser finger print information are spliced into character string;
Step S1033:Hash encryption is carried out to character string, generates finger print information code.
In the present embodiment, character string can be encrypted using MD5 algorithms, wherein, Message Digest
Algorithm MD5 (Message Digest Algorithm 5) are a kind of hash function in computer safety field, are disappeared to provide
The integrity protection of breath.MD5 effect is to allow Large Copacity information before private key is signed with digital signature software by " compression "
Into a kind of form of secrecy (be exactly the byte serial of a random length is transformed into a fixed length hexadecimal number word string).
Specifically, MD5 algorithms have the characteristics that:
1st, compressibility:The data of random length, the MD5 values length calculated is all fixed.
2nd, easily calculate:MD5 values are calculated from former data to be easy to.
3rd, anti-modification:Former data are made any change, even only changing 1 byte, resulting MD5 values have very
Big difference.
4th, strong impact resistant:Known former data and its MD5 value, want that finding a data with identical MD5 values (forges number
According to) it is extremely difficult.
It should be noted that in the present embodiment, in addition to character string is encrypted using MD5, sha- can also be used
1st, character string is encrypted any cipher mode such as RIPEMD or Haval, and present patent application is not specifically limited.
In another embodiment, if the legitimacy verifies success of finger print information code, the above method also include:
Obtain the blacklist being stored in preset buffer memory space;
Judge that the affiliated terminal of browser whether there is in blacklist;
If it is determined that the affiliated terminal of browser is present in blacklist, it is determined that the affiliated terminal of browser is that malicious access is whole
End, and web access request is intercepted, the affiliated terminal of browser, browser finger print information and IP address information are added to
Blacklist, and return to error code.
In another embodiment, if it is determined that the affiliated terminal of browser is not existed in blacklist, the above method is also
It can include:
Obtain the data item of the information metadata of browser;
The data item of the information metadata of browser is verified, verification content comprises at least one below:Reasonability
Whether whether verification, critical data item lack verification and are that virtual forge verifies;
According to check results, it is determined whether forge terminal request for malicious virtual;
Terminal request is forged if determined as malicious virtual, then web access request is intercepted, browser fingerprint is believed
Breath and IP address information are added to blacklist, and return to error code.
In another embodiment, if it is determined that be not that malicious virtual forges terminal request, the above method can also wrap
Include:
To the data item of the information metadata of browser, Token access tokens are generated after carrying out multinomial data operation;
Obtain default Token verifications rule;
Rule is verified according to default Token, legitimacy verifies are carried out to Token access tokens, wherein, legitimacy verifies are extremely
Include less:The verification of Token time checks, the numeric data code of Token predeterminated positions and check code, Token information and caching record
Information Inspection;
If the verification of Token access tokens is illegal, web access request is intercepted, by browser finger print information
Blacklist is added to IP address information, and returns to error code.
In another embodiment, if the verification of Token access tokens is legal, the above method also includes:
The number of the web access request sent to terminal records;
Maximum access times threshold value and preset alarm frequency threshold value are obtained, wherein, when maximum access times threshold value is presets
Between in section terminal send the higher limit of web access request number of times, preset alarm frequency threshold value is that web access please in preset time period
The boundary value beyond normal access times is sought, preset alarm frequency threshold value is less than maximum access times threshold value;
If the number for the web access request that terminal is sent is more than maximum access times threshold value, it is determined that web access is asked
Ask, web access request is intercepted, and browser finger print information and IP address information are added to for malice web access
Blacklist, and return to error code;
If the number for the web access request that terminal is sent is less than or equal to maximum access times threshold value, and more than default
Alarm times threshold value, it is determined that web access request number of times exceedes normal web access request number of times, and sends warning reminding information,
And record the access data message of browser finger print information and IP address information and web access request;
If the number for the web access request that terminal is sent is less than preset alarm frequency threshold value, it is determined that web access is asked
Asked for normal web access, record the access data message of browser finger print information and IP address information and web access request.
Below in a specific embodiment, the application is further elaborated:
Step S301:User terminal initiates front-end access, can specifically use cookie technologies, read the terminal storage
Token token informations;
Step S302:Judge whether the terminal whether there is not out of date Token token informations, if any being then transferred to execution step
S310;
Step S303:Such as without not out of date Token token informations, then foreground is believed using JS scripts generation browser fingerprint
Breath:By inquiring about computer system user and browser correlation customizing messages:Such as browser version, screen resolution, color depth, computer
System language, browser plug-in installation list (are such as locally stored with the message content types supported, time-zone information and other functions
With session storage etc.), then these values integrate by hashing algorithm (information name+value of information form splicing character string, most
Encryption is hashed using MD5 modes afterwards) produce unique finger print information code;
Step S304:Front end script uses binary data stream form, and browser is submitted by simultaneous asynchronous data transmissions mode
Finger print information yardage is according to this and respective meta-data gives frontal chromatography server;
Step S305:Frontal chromatography server receives browser finger print information and IP address information, first by with a high speed
Blacklist list in buffer service is compared, and simple verification determines whether malicious access terminal;
Step S306:Access request is terminated if not verified by blacklist, and returns to corresponding error code;
Step S307:If by, for browser information metadata data item verified (plausibility check,
Whether critical data item lacks, if for virtual forgery etc.), determine whether malicious virtual and forge terminal request;
Step S308:Terminate access request if being judged as that malicious virtual forges terminal, by the browser finger print information and
IP address Data Enter blacklist, and return to corresponding error code;
Step S309:If it is determined that normal access, then Analysis server then initiates to ask to token server, token clothes
Device be engaged according to generating Token tokens after multinomial data operation, and by front end termination of the token information transfer to user;
Step S310:User terminal page program carries the rear end such as Token token informations, browser fingerprint code business clothes
Business device submits formal data interaction request;
Step S311:Service server calls token service, and the Token of submission is believed by presetting Token verifications rule
Breath is verified, and verification content comprises at least:Token time checks, 32 numeric data codes, rear 6 bit check code check before Token,
Token information and caching record information Inspection etc. judge to verify whether Token access tokens are legal;
Step S312:The verification of Token access tokens does not conform to rule and terminates user terminal access request, submits corresponding terminal
Fingerprint code and IP address information enter black list database, and return to corresponding error code;
Step S313:Token verification is legal, and Analysis server is matched somebody with somebody according to the default single terminal end period access times upper limit
Confidence ceases, and the terminal initiates the data-base recording of request, carries out statistical analysis to this request and calculates this access and be
It is no to belong to normal request numbers range;
Step S314:Result of calculation judges that the request number of times of the user terminal exceedes the upper limit of access times configuration, judges
For malicious requests terminal, entry deterrence operation flow, black list database information is updated, and return to corresponding error code;
Step S315:Result of calculation judges the not super upper limit of the request number of times of the user terminal, but exceedes the alarm set
Threshold value, then return to corresponding default warning message and eject warning window to user terminal, while enter regular traffic flow, analysis
Server record user terminal information (browser finger print information, user account and IP address information etc.) simultaneously updates terminal initiation
The data-base recording number of request;
Step S316:Result of calculation judges that the request number of times of the user terminal is normal, is determined as normal request, into normal
Business Process Analysis server record user terminal information (browser finger print information, user account and IP address information etc.) and more
The new terminal initiates the data-base recording number of request;
Step S317:Record each terminal request recording information data;
Step S318:Terminate front end and intercept flow, into regular traffic service;
Step S319:The service of bottom finger daemon is pressed cycle regular hour, and timing carries out data analysis, extracts blacklist
User terminal information (browser finger print information, user account and IP address information etc.), deposit into cache for related clothes
Business device uses.
It is first after user accesses WEB websites present patent application provides a kind of hold-up interception method of malice web access request
First front end obtains the browser finger print information of user terminal, and as browser finger print information is wrong, thinking user please to forge access
Ask directly to terminate and access.Then, the Token tokens unique mark user identity is generated according to browser finger print information, and
By Token alternative spaces to client, client, which initiates request, must carry Token token informations, if order
Board information is incorrect or expired, can must not be blocked and conduct interviews, so as to prevent hacker by technological means forge ask into
The operations such as row list submission.Wherein, the Token tokens can sometime carry out the reuse of limited number of time in end, specifically
Configured according to background management system for the actual conditions of specific business, when token access times or token request number of times surpass
User can be alerted by multistage stop mode or directly be shielded when crossing restriction number.
Present patent application embodiment, a business is also provided and verifies return value interface in itself, when specific business judges this time
Access for unauthorized access when, the interface can be directly invoked, by this access user add blacklist, in time shielding use family instead
Request again.
In addition, the background system and data handling system of configurationization are provided with, to carry out the individual cultivation of business, with
And user behavior data inquiry and blacklist unsealing operation.
The hold-up interception method for the malice web access request that present patent application provides, is asked by receiving web access;Judge Web
Whether Token access token is carried in access request;If not carrying Token access tokens, browser fingerprint letter is obtained
Breath, and finger print information code is generated according to browser finger print information;The legitimacy of finger print information code is verified;If fingerprint is believed
Cease the legitimacy verifies failure of code, it is determined that web access request is asked for malice web access, and web access request is blocked
Cut.It this method, can quickly and accurately determine that unauthorized access is asked, and implement to intercept, effectively identify IP spoofing behavior, and not
It can cause to manslaughter.
The another embodiment of present patent application provides a kind of blocking apparatus of malice web access request, such as Fig. 2 institutes
Show, including:
Receiving unit 201, for receiving web access request;
First judging unit 202, for judging whether carry Token access tokens in web access request;
First acquisition unit 203, during for not carrying Token access tokens in being asked in web access, obtaining browser and referring to
Line information;
First generation unit 204, for generating finger print information code according to browser finger print information;
First verification unit 205, for being verified to the legitimacy of finger print information code;
First determining unit 206, for finger print information code legitimacy verifies failure, it is determined that web access request be
Malice web access is asked;
Interception unit 207, for being intercepted to web access request.
Optionally, the first acquisition unit 203, including:
Acquisition module, for obtaining the information name and the value of information of browser finger print information, browser finger print information include with
Under at least two:Browser version, screen resolution, color depth, computer system language, browser plug-in are installed list, browsed
The message content types and time-zone information that device is supported;
Concatenation module, for information name, the value of information of browser finger print information to be spliced into character string;
Encrypting module, for carrying out hash encryption to character string, generate finger print information code.
Optionally, the blocking apparatus of above-mentioned malice web access request also includes:
Second acquisition unit, for after the success of the legitimacy verifies of finger print information code, acquisition to be stored in preset buffer memory sky
Between in blacklist;
Second judging unit, for judging that the affiliated terminal of browser whether there is in blacklist;
Second determining unit, for after judging that the affiliated terminal of browser is present in blacklist, determining belonging to browser
Terminal is malicious access terminal;
Interception unit, it is additionally operable to intercept web access request;
Adding device, for by the affiliated terminal of browser, browser finger print information and IP address information, added to black name
It is single;
Returning unit, for returning to error code.
Optionally, the blocking apparatus of above-mentioned malice web access request also includes:
3rd acquiring unit, for after judging that the affiliated terminal of browser is not existed in blacklist, obtaining browser
The data item of information metadata;
Second verification unit, the data item for the information metadata to browser verify, wherein, verification content is extremely
Include one below less:Whether whether plausibility check, critical data item lack verification and are that virtual forge verifies;
3rd determining unit, for according to check results, it is determined whether forge terminal request for malicious virtual;
Interception unit, it is additionally operable to after being defined as malicious virtual and forging terminal request, web access request is intercepted;
Adding device, it is additionally operable to browser finger print information and IP address information being added to blacklist;
Returning unit, it is additionally operable to return to error code.
Optionally, the blocking apparatus of above-mentioned malice web access request also includes:
Second generation unit, for it is determined that not being after malicious virtual forges terminal request, to the information word number of browser
According to data item carry out multinomial data operation after, generate Token access tokens;
4th acquiring unit, for obtaining default Token verifications rule;
3rd verification unit, for verifying rule according to default Token, legitimacy verifies are carried out to Token access tokens,
Legitimacy verifies comprise at least:The verification of Token time checks, the numeric data code of Token predeterminated positions and check code, Token letters
Breath and caching record information Inspection;
Interception unit, it is additionally operable to, when the verification of Token access tokens is illegal, intercept web access request;
Adding device, it is additionally operable to browser finger print information and IP address information being added to blacklist;
Returning unit, it is additionally operable to return to error code.
Optionally, the blocking apparatus of above-mentioned malice web access request also includes:
First recording unit, what the web access for after the verification of Token access tokens is legal, being sent to terminal was asked
Number is recorded;
5th acquiring unit, for obtaining maximum access times threshold value and preset alarm frequency threshold value, maximum access times
Threshold value is the higher limit that terminal sends web access request number of times in preset time period, and preset alarm frequency threshold value is preset time
Web access request exceeds the boundary value of normal access times in section, and preset alarm frequency threshold value is less than maximum access times threshold value;
4th determining unit, when the number of the web access request for being sent in terminal is more than maximum access times threshold value,
Determine that web access request is asked for malice web access;
Interception unit, it is additionally operable to intercept web access request;
Adding device, it is additionally operable to browser finger print information and IP address information being added to blacklist;
Returning unit, it is additionally operable to return to error code;
5th determining unit, the number of the web access request for being sent in terminal are less than or equal to maximum access times
Threshold value, and when being more than preset alarm frequency threshold value, determine that web access request number of times exceedes normal web access request number of times;
Alarm unit, for sending warning reminding information;
Second recording unit, for recording the access number of browser finger print information and IP address information and web access request
It is believed that breath;
6th determining unit, when the number of the web access request for being sent in terminal is less than preset alarm frequency threshold value,
Determine that web access request is asked for normal web access;
3rd recording unit, for recording the access number of browser finger print information and IP address information and web access request
It is believed that breath.
The blocking apparatus for the malice web access request that present patent application provides, is asked by receiving web access;Judge Web
Whether Token access token is carried in access request;If not carrying Token access tokens, browser fingerprint letter is obtained
Breath, and finger print information code is generated according to browser finger print information;The legitimacy of finger print information code is verified;If fingerprint is believed
Cease the legitimacy verifies failure of code, it is determined that web access request is asked for malice web access, and web access request is blocked
Cut.It the device, can quickly and accurately determine that unauthorized access is asked, and implement to intercept, effectively identify IP spoofing behavior, and not
It can cause to manslaughter.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or computer program
Product.Therefore, the present invention can use the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware
Apply the form of example.Moreover, the present invention can use the computer for wherein including computer usable program code in one or more
The shape for the computer program product that usable storage medium is implemented on (including but is not limited to magnetic disk storage and optical memory etc.)
Formula.
The present invention is the flow with reference to method according to embodiments of the present invention, equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that can be by every first-class in computer program instructions implementation process figure and/or block diagram
Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided
The processors of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce
A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real
The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which produces, to be included referring to
Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or
The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted
Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, so as in computer or
The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in individual square frame or multiple square frames.
Obviously, those skilled in the art can carry out the essence of various changes and modification without departing from the present invention to the present invention
God and scope.So, if these modifications and variations of the present invention belong to the scope of the claims in the present invention and its equivalent technologies
Within, then the present invention is also intended to comprising including these changes and modification.
Claims (10)
- A kind of 1. hold-up interception method of malice web access request, it is characterised in that including:Receive web access request;Judge whether carry Token access tokens in the web access request;If not carrying Token access tokens, browser finger print information is obtained, and generate according to the browser finger print information Finger print information code;The legitimacy of the finger print information code is verified;If the legitimacy verifies failure of the finger print information code, it is determined that the web access request please for malice web access Ask, and web access request is intercepted.
- 2. according to the method for claim 1, it is characterised in that browser finger print information is obtained, and according to the browser Finger print information generates finger print information code, including:The information name and the value of information of browser finger print information are obtained, the browser finger print information includes following at least two:It is clear Look at device version, screen resolution, color depth, computer system language, browser plug-in installation list, browser support message in Hold type and time-zone information;Information name, the value of information of the browser finger print information are spliced into character string;Hash encryption is carried out to the character string, generates finger print information code.
- 3. according to the method described in any one of claim 1 or 2, it is characterised in that if the legitimacy of the finger print information code Verify successfully, methods described also includes:Obtain the blacklist being stored in preset buffer memory space;Judge that the affiliated terminal of the browser whether there is in the blacklist;If it is determined that the affiliated terminal of browser is present in the blacklist, it is determined that the affiliated terminal of browser is evil Meaning access terminal, and to the web access request intercept, by the affiliated terminal of the browser, browser finger print information and IP address information, added to the blacklist, and return to error code.
- 4. according to the method for claim 3, it is characterised in that if it is determined that the affiliated terminal of the browser does not exist in institute State in blacklist, methods described also includes:Obtain the data item of the information metadata of the browser;The data item of the information metadata of the browser is verified, verification content comprises at least one below:Reasonability Whether whether verification, critical data item lack verification and are that virtual forge verifies;According to check results, it is determined whether forge terminal request for malicious virtual;Terminal request is forged if determined as malicious virtual, then web access request is intercepted, browser fingerprint is believed Breath and IP address information are added to the blacklist, and return to error code.
- 5. according to the method for claim 4, it is characterised in that if it is determined that not being that malicious virtual forges terminal request, institute Stating method also includes:To the data item of the information metadata of the browser, Token access tokens are generated after carrying out multinomial data operation;Obtain default Token verifications rule;According to the default Token verifications rule, legitimacy verifies, the legitimacy school are carried out to the Token access tokens Test and comprise at least:The verification of Token time checks, the numeric data code of Token predeterminated positions and check code, Token information and caching Record information Inspection;If the Token access tokens verification is illegal, web access request is intercepted, by browser fingerprint Information and IP address information are added to the blacklist, and return to error code.
- 6. according to the method for claim 5, it is characterised in that if the Token access tokens verify legal, the side Method also includes:The number of the web access request sent to terminal records;Maximum access times threshold value and preset alarm frequency threshold value are obtained, the maximum access times threshold value is in preset time period Terminal sends the higher limit of web access request number of times, and the preset alarm frequency threshold value is the web access in preset time period Request exceeds the boundary value of normal access times, and the preset alarm frequency threshold value is less than the maximum access times threshold value;If the number for the web access request that terminal is sent is more than the maximum access times threshold value, it is determined that the web access Ask to ask for malice web access, web access request is intercepted, and browser finger print information and IP address information are added The blacklist is added to, and returns to error code;If the number for the web access request that the terminal is sent is less than or equal to the maximum access times threshold value, and is more than The preset alarm frequency threshold value, it is determined that the web access request number of times exceedes normal web access request number of times, and sends Warning reminding information, and record the access data message of browser finger print information and IP address information and web access request;If the number for the web access request that the terminal is sent is less than the preset alarm frequency threshold value, it is determined that the Web Access request is asked for normal web access, records the access number of browser finger print information and IP address information and web access request It is believed that breath.
- A kind of 7. blocking apparatus of malice web access request, it is characterised in that including:Receiving unit, for receiving web access request;First judging unit, for judging whether carry Token access tokens in the web access request;First acquisition unit, for the web access request in do not carry Token access tokens when, obtain browser fingerprint Information;First generation unit, for generating finger print information code according to the browser finger print information;First verification unit, for being verified to the legitimacy of the finger print information code;First determining unit, for the legitimacy verifies failure in the finger print information code, it is determined that web access request is Malice web access is asked;Interception unit, for being intercepted to web access request.
- 8. device according to claim 7, it is characterised in that the first acquisition unit, including:Acquisition module, for obtaining the information name and the value of information of browser finger print information, the browser finger print information include with Under at least two:Browser version, screen resolution, color depth, computer system language, browser plug-in are installed list, browsed The message content types and time-zone information that device is supported;Concatenation module, for information name, the value of information of the browser finger print information to be spliced into character string;Encrypting module, for carrying out hash encryption to the character string, generate finger print information code.
- 9. according to the device described in any one of claim 7 or 8, it is characterised in that described device also includes:Second acquisition unit, for after the success of the legitimacy verifies of the finger print information code, acquisition to be stored in preset buffer memory sky Between in blacklist;Second judging unit, for judging that the affiliated terminal of the browser whether there is in the blacklist;Second determining unit, for after judging that the affiliated terminal of the browser is present in the blacklist, determining described clear The affiliated terminal of device of looking at is malicious access terminal;The interception unit, it is additionally operable to intercept web access request;Adding device, for by the affiliated terminal of the browser, browser finger print information and IP address information, added to described black List;Returning unit, for returning to error code.
- 10. device according to claim 9, it is characterised in that described device also includes:3rd acquiring unit, for after judging that the affiliated terminal of the browser is not existed in the blacklist, described in acquisition The data item of the information metadata of browser;Second verification unit, the data item for the information metadata to the browser verify, wherein, verification content is extremely Include one below less:Whether whether plausibility check, critical data item lack verification and are that virtual forge verifies;3rd determining unit, for according to check results, it is determined whether forge terminal request for malicious virtual;The interception unit, it is additionally operable to after being defined as malicious virtual and forging terminal request, web access request is blocked Cut;The adding device, it is additionally operable to browser finger print information and IP address information being added to the blacklist;The returning unit, it is additionally operable to return to error code.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710470218.7A CN107426181B (en) | 2017-06-20 | 2017-06-20 | The hold-up interception method and device of malice web access request |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710470218.7A CN107426181B (en) | 2017-06-20 | 2017-06-20 | The hold-up interception method and device of malice web access request |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107426181A true CN107426181A (en) | 2017-12-01 |
CN107426181B CN107426181B (en) | 2019-09-17 |
Family
ID=60427315
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710470218.7A Active CN107426181B (en) | 2017-06-20 | 2017-06-20 | The hold-up interception method and device of malice web access request |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107426181B (en) |
Cited By (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108200180A (en) * | 2018-01-08 | 2018-06-22 | 武汉斗鱼网络科技有限公司 | A kind of method, apparatus and computer equipment for being used to limit request frequency |
CN108521408A (en) * | 2018-03-22 | 2018-09-11 | 平安科技(深圳)有限公司 | Resist method of network attack, device, computer equipment and storage medium |
CN108786115A (en) * | 2018-05-03 | 2018-11-13 | 南京赛宁信息技术有限公司 | The method and system of CTF dynamics Flag are generated based on Transparent Proxy |
CN109005164A (en) * | 2018-07-20 | 2018-12-14 | 深圳市网心科技有限公司 | A kind of network system, equipment, network data exchange method and storage medium |
CN109067763A (en) * | 2018-08-29 | 2018-12-21 | 阿里巴巴集团控股有限公司 | Safety detection method, equipment and device |
CN109117609A (en) * | 2018-08-31 | 2019-01-01 | 中国农业银行股份有限公司 | A kind of request hold-up interception method and device |
CN109361685A (en) * | 2018-11-15 | 2019-02-19 | 北京农信互联科技集团有限公司 | Method and device for preventing malicious request |
CN109361779A (en) * | 2018-10-22 | 2019-02-19 | 江苏满运软件科技有限公司 | The management method of domain name and system, node server in distributed system |
CN109389298A (en) * | 2018-09-25 | 2019-02-26 | 阿里巴巴集团控股有限公司 | A kind of service request method of calibration and device |
CN110493225A (en) * | 2019-08-20 | 2019-11-22 | 杭州安恒信息技术股份有限公司 | A kind of request transmission method, device, equipment and readable storage medium storing program for executing |
WO2020056857A1 (en) * | 2018-09-19 | 2020-03-26 | 网宿科技股份有限公司 | Exception access behavior identification method and server |
CN111131303A (en) * | 2019-12-31 | 2020-05-08 | 苏宁云计算有限公司 | Request data verification system and method |
CN112165475A (en) * | 2020-09-22 | 2021-01-01 | 成都知道创宇信息技术有限公司 | Anti-crawler method, anti-crawler device, website server and readable storage medium |
CN112565226A (en) * | 2020-11-27 | 2021-03-26 | 深信服科技股份有限公司 | Request processing method, device, equipment and system and user portrait generation method |
CN112632447A (en) * | 2021-01-13 | 2021-04-09 | 西安博达软件股份有限公司 | Website dynamic application safety protection method |
CN112685682A (en) * | 2021-03-16 | 2021-04-20 | 连连(杭州)信息技术有限公司 | Method, device, equipment and medium for identifying forbidden object of attack event |
CN113098865A (en) * | 2021-03-31 | 2021-07-09 | 广州锦行网络科技有限公司 | Browser fingerprint acquisition method and device, electronic equipment and storage medium |
CN113114611A (en) * | 2020-01-13 | 2021-07-13 | 北京沃东天骏信息技术有限公司 | Method and device for managing blacklist |
CN113612777A (en) * | 2021-08-04 | 2021-11-05 | 百度在线网络技术(北京)有限公司 | Training method, traffic classification method, device, electronic device and storage medium |
CN114124441A (en) * | 2021-09-29 | 2022-03-01 | 上海欧冶金融信息服务股份有限公司 | JWT (just-before-wt) -based client authentication method and system |
CN114626058A (en) * | 2022-04-18 | 2022-06-14 | 北京创新乐知网络技术有限公司 | Method and system for identifying malicious community access behaviors |
CN114884671A (en) * | 2022-04-21 | 2022-08-09 | 微位(深圳)网络科技有限公司 | Intrusion prevention method, device, equipment and medium for server |
CN114928452A (en) * | 2022-05-17 | 2022-08-19 | 壹沓科技(上海)有限公司 | Access request verification method, device, storage medium and server |
CN114943024A (en) * | 2022-05-31 | 2022-08-26 | 北京永信至诚科技股份有限公司 | Fingerprint acquisition method and device based on browser |
CN115065537A (en) * | 2022-06-16 | 2022-09-16 | 公安部第三研究所 | Defense system and dynamic defense method for WEB application automation attack behavior |
CN115102744A (en) * | 2022-06-16 | 2022-09-23 | 京东科技信息技术有限公司 | Data access method and device |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113449167A (en) * | 2021-06-25 | 2021-09-28 | 北京悟空出行科技有限公司 | Data acquisition abnormity detection method and device, electronic equipment and readable storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102137059A (en) * | 2010-01-21 | 2011-07-27 | 阿里巴巴集团控股有限公司 | Method and system for blocking malicious accesses |
CN104092665A (en) * | 2014-06-19 | 2014-10-08 | 小米科技有限责任公司 | Access request filtering method, device and facility |
CN104378255A (en) * | 2014-10-29 | 2015-02-25 | 深信服网络科技(深圳)有限公司 | Method and device for detecting web malicious user |
CN104519018A (en) * | 2013-09-29 | 2015-04-15 | 阿里巴巴集团控股有限公司 | Method, device and system for preventing malicious requests for server |
CN105430011A (en) * | 2015-12-25 | 2016-03-23 | 杭州朗和科技有限公司 | Method and device for detecting distributed denial of service attack |
-
2017
- 2017-06-20 CN CN201710470218.7A patent/CN107426181B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102137059A (en) * | 2010-01-21 | 2011-07-27 | 阿里巴巴集团控股有限公司 | Method and system for blocking malicious accesses |
CN104519018A (en) * | 2013-09-29 | 2015-04-15 | 阿里巴巴集团控股有限公司 | Method, device and system for preventing malicious requests for server |
CN104092665A (en) * | 2014-06-19 | 2014-10-08 | 小米科技有限责任公司 | Access request filtering method, device and facility |
CN104378255A (en) * | 2014-10-29 | 2015-02-25 | 深信服网络科技(深圳)有限公司 | Method and device for detecting web malicious user |
CN105430011A (en) * | 2015-12-25 | 2016-03-23 | 杭州朗和科技有限公司 | Method and device for detecting distributed denial of service attack |
Cited By (39)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108200180A (en) * | 2018-01-08 | 2018-06-22 | 武汉斗鱼网络科技有限公司 | A kind of method, apparatus and computer equipment for being used to limit request frequency |
CN108200180B (en) * | 2018-01-08 | 2020-09-08 | 武汉斗鱼网络科技有限公司 | Method and device for limiting request frequency and computer equipment |
WO2019178966A1 (en) * | 2018-03-22 | 2019-09-26 | 平安科技(深圳)有限公司 | Network attack defense method and apparatus, and computer device and storage medium |
CN108521408A (en) * | 2018-03-22 | 2018-09-11 | 平安科技(深圳)有限公司 | Resist method of network attack, device, computer equipment and storage medium |
CN108521408B (en) * | 2018-03-22 | 2021-03-12 | 平安科技(深圳)有限公司 | Method and device for resisting network attack, computer equipment and storage medium |
CN108786115A (en) * | 2018-05-03 | 2018-11-13 | 南京赛宁信息技术有限公司 | The method and system of CTF dynamics Flag are generated based on Transparent Proxy |
CN109005164A (en) * | 2018-07-20 | 2018-12-14 | 深圳市网心科技有限公司 | A kind of network system, equipment, network data exchange method and storage medium |
CN109005164B (en) * | 2018-07-20 | 2021-05-18 | 深圳市网心科技有限公司 | Network system, equipment, network data interaction method and storage medium |
US11201886B2 (en) | 2018-08-29 | 2021-12-14 | Advanced New Technologies Co., Ltd. | Security detection method, device, and apparatus |
CN109067763A (en) * | 2018-08-29 | 2018-12-21 | 阿里巴巴集团控股有限公司 | Safety detection method, equipment and device |
CN109117609A (en) * | 2018-08-31 | 2019-01-01 | 中国农业银行股份有限公司 | A kind of request hold-up interception method and device |
WO2020056857A1 (en) * | 2018-09-19 | 2020-03-26 | 网宿科技股份有限公司 | Exception access behavior identification method and server |
CN109389298A (en) * | 2018-09-25 | 2019-02-26 | 阿里巴巴集团控股有限公司 | A kind of service request method of calibration and device |
CN109389298B (en) * | 2018-09-25 | 2022-04-29 | 创新先进技术有限公司 | Service request checking method and device |
CN109361779A (en) * | 2018-10-22 | 2019-02-19 | 江苏满运软件科技有限公司 | The management method of domain name and system, node server in distributed system |
CN109361685B (en) * | 2018-11-15 | 2021-04-20 | 北京农信互联科技集团有限公司 | Method for preventing malicious request |
CN109361685A (en) * | 2018-11-15 | 2019-02-19 | 北京农信互联科技集团有限公司 | Method and device for preventing malicious request |
CN110493225B (en) * | 2019-08-20 | 2021-12-03 | 杭州安恒信息技术股份有限公司 | Request transmission method, device, equipment and readable storage medium |
CN110493225A (en) * | 2019-08-20 | 2019-11-22 | 杭州安恒信息技术股份有限公司 | A kind of request transmission method, device, equipment and readable storage medium storing program for executing |
CN111131303A (en) * | 2019-12-31 | 2020-05-08 | 苏宁云计算有限公司 | Request data verification system and method |
CN113114611B (en) * | 2020-01-13 | 2024-02-06 | 北京沃东天骏信息技术有限公司 | Blacklist management method and device |
CN113114611A (en) * | 2020-01-13 | 2021-07-13 | 北京沃东天骏信息技术有限公司 | Method and device for managing blacklist |
CN112165475A (en) * | 2020-09-22 | 2021-01-01 | 成都知道创宇信息技术有限公司 | Anti-crawler method, anti-crawler device, website server and readable storage medium |
CN112565226A (en) * | 2020-11-27 | 2021-03-26 | 深信服科技股份有限公司 | Request processing method, device, equipment and system and user portrait generation method |
CN112632447A (en) * | 2021-01-13 | 2021-04-09 | 西安博达软件股份有限公司 | Website dynamic application safety protection method |
CN112685682B (en) * | 2021-03-16 | 2021-07-09 | 连连(杭州)信息技术有限公司 | Method, device, equipment and medium for identifying forbidden object of attack event |
CN112685682A (en) * | 2021-03-16 | 2021-04-20 | 连连(杭州)信息技术有限公司 | Method, device, equipment and medium for identifying forbidden object of attack event |
CN113098865A (en) * | 2021-03-31 | 2021-07-09 | 广州锦行网络科技有限公司 | Browser fingerprint acquisition method and device, electronic equipment and storage medium |
CN113612777A (en) * | 2021-08-04 | 2021-11-05 | 百度在线网络技术(北京)有限公司 | Training method, traffic classification method, device, electronic device and storage medium |
CN114124441B (en) * | 2021-09-29 | 2022-11-15 | 上海欧冶金融信息服务股份有限公司 | JWT (just in time wt) -based client authentication method and system |
CN114124441A (en) * | 2021-09-29 | 2022-03-01 | 上海欧冶金融信息服务股份有限公司 | JWT (just-before-wt) -based client authentication method and system |
CN114626058A (en) * | 2022-04-18 | 2022-06-14 | 北京创新乐知网络技术有限公司 | Method and system for identifying malicious community access behaviors |
CN114884671A (en) * | 2022-04-21 | 2022-08-09 | 微位(深圳)网络科技有限公司 | Intrusion prevention method, device, equipment and medium for server |
CN114928452A (en) * | 2022-05-17 | 2022-08-19 | 壹沓科技(上海)有限公司 | Access request verification method, device, storage medium and server |
CN114928452B (en) * | 2022-05-17 | 2024-02-13 | 壹沓科技(上海)有限公司 | Access request verification method, device, storage medium and server |
CN114943024A (en) * | 2022-05-31 | 2022-08-26 | 北京永信至诚科技股份有限公司 | Fingerprint acquisition method and device based on browser |
CN115065537A (en) * | 2022-06-16 | 2022-09-16 | 公安部第三研究所 | Defense system and dynamic defense method for WEB application automation attack behavior |
CN115102744A (en) * | 2022-06-16 | 2022-09-23 | 京东科技信息技术有限公司 | Data access method and device |
CN115065537B (en) * | 2022-06-16 | 2023-07-07 | 公安部第三研究所 | Defending system and dynamic defending method aiming at WEB application automatic attack behaviors |
Also Published As
Publication number | Publication date |
---|---|
CN107426181B (en) | 2019-09-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107426181B (en) | The hold-up interception method and device of malice web access request | |
US11258820B2 (en) | Request modification for web security challenge | |
US9832225B2 (en) | Identity theft countermeasures | |
Torroledo et al. | Hunting malicious TLS certificates with deep neural networks | |
Yue et al. | BogusBiter: A transparent protection against phishing attacks | |
US8381293B2 (en) | Identity theft countermeasures | |
KR101497742B1 (en) | System and method for authentication, data transfer, and protection against phising | |
US9106695B2 (en) | Method and system for user authentication using DNSSEC | |
AU2006200688B2 (en) | Internet security | |
Gelernter et al. | Cross-site search attacks | |
US10116693B1 (en) | Server using proof-of-work technique for hardening against denial of service attacks | |
EP3887981B1 (en) | Verifying user interactions on a content platform | |
US20190147451A1 (en) | Collaborate Fraud Prevention | |
US9661002B2 (en) | Method for user authentication using DNSSEC | |
CN112235306B (en) | E-commerce account verification method based on cloud security | |
CN113518064A (en) | Defense method and device for challenging black hole attack, computer equipment and storage medium | |
Mishra et al. | Intelligent phishing detection system using similarity matching algorithms | |
Aljawarneh et al. | A web client authentication system using smart card for e-systems: initial testing and evaluation | |
JP7189372B2 (en) | Device and application integrity verification | |
Hajiali et al. | Preventing phishing attacks using text and image watermarking | |
Altamimi et al. | PhishCatcher: Client-Side Defense Against Web Spoofing Attacks Using Machine Learning | |
CN112613000A (en) | Sensitive information protection method and device, electronic equipment and readable storage medium | |
AlShalaan et al. | Secure Storage System Using Cryptographic Techniques | |
CN110321702A (en) | The system and method for detecting the modification of Internet resources | |
EP4068125A1 (en) | Method of monitoring and protecting access to an online service |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |