CN108011863B - Method and device for identifying brute force cracking - Google Patents

Method and device for identifying brute force cracking Download PDF

Info

Publication number
CN108011863B
CN108011863B CN201710728889.9A CN201710728889A CN108011863B CN 108011863 B CN108011863 B CN 108011863B CN 201710728889 A CN201710728889 A CN 201710728889A CN 108011863 B CN108011863 B CN 108011863B
Authority
CN
China
Prior art keywords
password
terminal
verification
user name
brute force
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710728889.9A
Other languages
Chinese (zh)
Other versions
CN108011863A (en
Inventor
马东辉
周文来
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing CHJ Automobile Technology Co Ltd
Beijing Co Wheels Technology Co Ltd
Original Assignee
Beijing CHJ Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing CHJ Information Technology Co Ltd filed Critical Beijing CHJ Information Technology Co Ltd
Priority to CN201710728889.9A priority Critical patent/CN108011863B/en
Publication of CN108011863A publication Critical patent/CN108011863A/en
Application granted granted Critical
Publication of CN108011863B publication Critical patent/CN108011863B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a method and a device for identifying brute force cracking, relates to the technical field of data security, and can solve the problem of low efficiency in identifying brute force cracking in the prior art. The method of the invention comprises the following steps: acquiring a user name and a password for logging in a current system, wherein the password meeting the preset password intensity range and a corresponding user name are registered in the current system in advance; according to the preset password intensity range, performing password intensity verification on the acquired password; if the obtained password fails to pass the password intensity verification, judging whether the continuous times which do not pass the password intensity verification reach a preset time threshold value or not in the process that the terminal requesting to log in the current system logs in the current system by using the obtained user name; and if the preset times threshold value is reached, determining that the terminal is a brute force cracking terminal. The method and the device are mainly suitable for the scene of account login.

Description

Method and device for identifying brute force cracking
Technical Field
The invention relates to the technical field of data security, in particular to a method and a device for identifying brute force cracking.
Background
The existing application programs are registered and logged in a user name and password mode, for example, if a user wants to use a mailbox, the user name and the password need to be registered first, and after the user passes the registration, the user can input the previously registered user name and password into a mailbox home page on a login interface.
Although the password can ensure the security of the account to a certain extent, a hacker can easily and successfully crack the password by means of brute force cracking (namely, an exhaustion method). In order to identify a brute force cracking terminal and prevent the brute force cracking terminal from continuously cracking other account numbers, the existing identification mode is that a server matches a user name and a password sent by the terminal with a user name and a password which are registered in a database in advance, if matching fails, login failure is recorded for 1 time, and the terminal is determined to be the brute force cracking terminal when matching fails for N times continuously in the process that the terminal uses the same user name to log in, wherein N is a positive integer. However, in the process of identifying the brute-force-cracking terminal, since a large amount of time is required to match the user name and the password with the database with a large amount of data each time the identity of the user is verified, the efficiency of identifying brute-force cracking is greatly reduced.
Disclosure of Invention
In view of this, the present invention provides a method and an apparatus for identifying brute force cracking, which can solve the problem of low efficiency in identifying brute force cracking in the prior art.
In a first aspect, the present invention provides a method for identifying brute force, the method comprising:
acquiring a user name and a password for logging in a current system, wherein the password meeting the preset password intensity range and a corresponding user name are registered in the current system in advance;
according to the preset password intensity range, performing password intensity verification on the acquired password;
if the obtained password fails to pass the password intensity verification, judging whether the continuous times which do not pass the password intensity verification reach a preset time threshold value or not in the process that the terminal requesting to log in the current system logs in the current system by using the obtained user name;
and if the preset times threshold value is reached, determining that the terminal is a brute force cracking terminal.
In a second aspect, the present invention provides an apparatus for identifying brute force, the apparatus comprising:
the system comprises an acquisition unit, a storage unit and a processing unit, wherein the acquisition unit is used for acquiring a user name and a password for logging in a current system, and the password meeting the preset password intensity range and a corresponding user name are pre-registered in the current system;
the verification unit is used for verifying the password intensity of the password acquired by the acquisition unit according to the preset password intensity range;
the judging unit is used for judging whether the continuous times of failing to pass the password intensity verification reach a preset time threshold value or not in the process that the terminal requesting to log in the current system logs in the current system by using the acquired user name when the acquired password fails the password intensity verification;
and the determining unit is used for determining that the terminal is a brute force cracking terminal when the preset frequency threshold is reached.
In a third aspect, the present invention provides a storage medium storing a plurality of instructions adapted to be loaded by a processor and to perform the method of identifying brute force attacks according to the first aspect.
In a fourth aspect, the present invention provides a server comprising a storage medium and a processor;
the processor is suitable for realizing instructions;
the storage medium adapted to store a plurality of instructions;
the instructions are adapted to be loaded by the processor and to perform the method of identifying brute force as described in the first aspect.
By the technical scheme, the method and the device for identifying brute force cracking can enable the user to register the password meeting the preset password strength range and the corresponding user name, in the process of logging in the current system by a subsequent user, after the server of the current system acquires the password and the user name for logging in the current system, instead of directly identifying a brute force cracking terminal by matching the user name and password with a pre-registered user name and password having a large data volume, but identifies the brute force cracking terminal by checking the password intensity of the acquired password, the terminal is determined as the brute force cracking terminal as long as the number of times of continuous passing of password intensity verification reaches the preset number threshold value in the process that the terminal logs in the current system by using the same user name, and therefore the efficiency of recognizing brute force cracking is improved.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 is a flowchart illustrating a method for identifying brute force in accordance with an embodiment of the present invention;
FIG. 2 is a flow chart illustrating another method for identifying brute force in accordance with an embodiment of the present invention;
fig. 3 shows an interaction diagram of a terminal and a server in an account registration process according to an embodiment of the present invention;
fig. 4 shows an interaction diagram of a terminal and a server in an account login process according to an embodiment of the present invention;
FIG. 5 is a block diagram illustrating an apparatus for identifying brute force attacks provided by an embodiment of the present invention;
fig. 6 is a block diagram illustrating another apparatus for identifying brute force according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
In order to improve efficiency of identifying brute force cracking, an embodiment of the present invention provides a method for identifying brute force cracking, where as shown in fig. 1, the method includes:
101. a username and password for logging into the current system are obtained.
The current system is pre-registered with a password and a corresponding user name which meet a preset password strength range, that is, only the password whose password strength meets the preset password strength range can be successfully registered. The preset password strength range may be "greater than or equal to the preset strength threshold value" because the stronger the password strength, the less likely it is to be broken by others.
102. And carrying out password intensity verification on the acquired password according to the preset password intensity range.
When the preset password strength range is greater than or equal to the preset strength threshold, the specific implementation manner of performing password strength verification on the password may be: judging whether the acquired password is greater than or equal to a preset intensity threshold value; if the acquired password is greater than or equal to the preset intensity threshold value, determining that the acquired password passes password verification; and if the acquired password is smaller than the preset intensity threshold value, determining that the acquired password does not pass the password intensity verification.
It is necessary to supplement that, in order to further reduce the risk of brute force cracking, verification of the verification code may also be added. When the verification of the verification code exists, the sequence of the step of verifying the verification code and the step of verifying the password strength of the password is not limited. The verification code can be verified firstly, and when the verification code passes the verification, the password strength of the password is verified; or the password intensity of the password is verified firstly, and the verification code is verified when the password intensity is verified; or both may be checked simultaneously.
103. If the obtained password does not pass the password intensity verification, judging whether the continuous times of failing the password intensity verification reach a preset time threshold value or not in the process that the terminal requesting to log in the current system logs in the current system by using the obtained user name.
In the process of cracking the password by a hacker writing a brute force cracking program, the hacker usually tries the password with weak password strength first, and if the password fails to be cracked for many times, the hacker tries the password with gradually strengthened password strength. Therefore, if a password with weak password strength is continuously used for multiple times to request to log in the current system, the terminal requesting to log in may be a brute force cracking terminal, so in order to identify the brute force cracking terminal, after it is determined that the password obtained this time does not pass the password strength verification, it can be determined that, until now, in the process that the terminal requesting to log in the current system logs in the current system using the user name obtained this time, whether the number of times that the password strength verification does not pass the password strength verification reaches a preset number threshold value or not is determined, if the number of times reaches the preset number threshold value, step 104 is executed, that is, the terminal is determined to be the brute force cracking terminal, and if the number of times does not reach the preset number threshold value. The preset frequency threshold is obtained by counting according to brute force cracking behaviors of the whole network brute force cracking terminal.
When the acquired password fails to pass the password strength verification, the password is not possible to be the password registered by the user in advance, so that the failure of login can be determined. In order to make the user know the login failure, a prompt message of login failure can be returned to the terminal.
104. And if the preset times threshold value is reached, determining that the terminal is a brute force cracking terminal.
And after the terminal is determined to be a brute force cracking terminal, if the terminal requests to log in the current system again, the password intensity is not required to be checked, and login failure prompt information is directly returned. That is, after receiving an account login request sent by a terminal, it may be determined whether the terminal is a brute force cracking terminal, and if the terminal is a brute force cracking terminal, login failure prompt information is directly returned to the terminal without performing any verification.
The method for identifying brute force cracking provided by the embodiment of the invention can enable a user to register a password and a corresponding user name which meet the preset password intensity range, and in the process that a subsequent user logs in the current system, after the server of the current system acquires the password and the user name for logging in the current system, the brute force cracking terminal is identified not by directly matching the user name and the password with a pre-registered user name and a pre-registered user name with large data volume, but by verifying the password intensity of the acquired password, namely, as long as the terminal logs in the current system by using the same user name, the number of times which do not pass the password intensity verification continuously reaches the preset number threshold value, the terminal is determined as the brute force cracking terminal, so that the efficiency of identifying brute force cracking is improved. In addition, the password which is not allowed to be registered in the current system is quickly identified through password strength verification, and the efficiency of identity authentication can be improved.
Further, according to the method shown in fig. 1, another embodiment of the present invention further provides a method for identifying brute force, as shown in fig. 2, the method includes:
201. an account registration request is received.
The account registration request carries a user name and a password which are requested to be registered. When a user uses the current system for the first time, a user name and a password to be registered need to be input at a client side of the current system, after the user clicks registration, the client side generates an account registration request carrying the user name and the password, and sends the account registration request to a server of the current system, so that the server performs account registration operation according to the account registration request.
202. According to a preset password intensity range, carrying out password intensity verification on the password in the account registration request; if the verification is passed, go to step 203; if the verification fails, step 204 is performed.
In order to prevent an illegal user from successfully and violently cracking the password of the user account by using the password with weak password strength, the password with strong password strength can be forcibly registered when the user registers the account. In order to implement the function, after an account registration request sent by a terminal is received, the password strength of a password in the account registration request can be verified. Specifically, whether the password intensity of the password in the account registration request is greater than or equal to a preset intensity threshold value or not can be judged; if the password intensity of the password is greater than or equal to a preset intensity threshold value, determining that the password passes the password intensity verification; and if the password intensity of the password is smaller than a preset intensity threshold value, determining that the password does not pass the password intensity verification.
203. Carrying out uniqueness check and format check on the user name in the account registration request; if the verification is passed, go to step 205; if the verification fails, step 204 is performed.
In order to enable the user names to correspond to the account numbers one by one, when the user requests to register the account numbers, uniqueness verification needs to be carried out on the user names requested to be registered by the user, namely whether the user names requested to be registered are the same as pre-registered user names is judged, if the user names requested to be registered are different from the pre-registered user names, the user names requested to be registered are determined to pass the uniqueness verification, and if the user names requested to be registered are the same, the user names requested to be registered are determined. In addition, in order to quickly identify the user name, the format of the user name is often limited, for example, the user name needs to be a combination of english letters and numbers, and therefore, format verification needs to be performed on the user name, that is, whether the user name requesting for registration meets a preset format is judged, if so, it is determined that the user name requesting for registration passes the format verification, and if not, it is determined that the user name requesting for registration does not pass the format verification.
It should be noted that, the embodiment of the present invention is described by taking the step 202 and the step 203 as examples, and in practical applications, the execution sequence of the two steps may not be limited. That is, step 203 may be executed first, and then step 202 may be executed, or both may be executed simultaneously. And as long as the judgment result of one of the steps is that the check is not passed, the step 204 is executed.
204. And returning registration failure prompt information to the terminal.
The registration failure prompt message can be used for prompting the user of the registration failure and prompting the user of the reason of the registration failure, so that the user can quickly change the registration message according to the reason.
205. And correspondingly storing the password and the user name in the account registration request, and returning registration success prompt information to the terminal.
When the verification results of the above steps 202 and 203 are both passed, it may be determined that both the user name and the password applied for registration by the user meet the requirements, at this time, the user name and the password may be correspondingly stored, and a registration success prompt message may be returned to the terminal, so that the user may directly log in the current system using the user name and the password, and in the process of logging in the current system, the verification of the login information may be as in the following step 206 and 214.
206. And receiving an account login request.
The account login request carries a password and a user name for logging in the current system.
207. And acquiring a user name and a password from the account login request.
In practical application, account numbers of some important persons or account numbers with more secrets are at a higher risk of brute force cracking, so in order to further improve the security of the account numbers, the terminal requesting login can be further verified.
Specifically, after a user name and a password are obtained, the risk level of the obtained user name can be determined; if the risk level meets a first level range, sending other verification questions corresponding to the risk level and used for verifying the identity of the user to the terminal so as to carry out correctness verification on the verification answers after receiving the verification answers sent by the terminal; and if the risk level meets a second level range, sending prompt information for improving the password intensity to the terminal, so that the terminal modifies the original password to improve the password intensity after receiving the prompt information for improving the password intensity.
The risk levels are divided according to the times of brute force cracking of the passwords corresponding to the user names, namely the more times of brute force cracking, the higher the risk level. The first level range may be (first level threshold, second level threshold) or [ first level threshold, second level threshold ], and the second level range may be (second level threshold, + ∞) or [ second level threshold, + ∞ ], wherein the second level threshold is greater than the first level threshold, and the second level range does not contain the second level threshold when the first level range contains the second level threshold, and the second level range contains the second level threshold when the first level range does not contain the second level threshold. That is, when the risk level of the username is not very high (i.e., in the first range of levels), some authentication issues may be added to further authenticate the user identity; and when the risk level of the user name is high (namely in the second level range), the user can be directly forced to modify the password so as to improve the password strength.
Other verification problems for verifying the identity of the user may include inputting a verification code according to a page text prompt, inputting a verification code through a short message, screening a designated picture from a plurality of pictures, sorting a plurality of pictures according to a designated sorting requirement, and the like. And the verification problems with different difficulties can be set according to different risk levels, for example, the higher the risk level is, the harder the set verification problem is, or the higher the risk level is, the more verification problems are added.
It should be noted that, when the risk level of the user name is within the first level range, the execution sequence of the two is not limited to the correctness check of the verification answer and the check of the password strength. Both can be performed simultaneously; the correctness of the verification answer can be verified at first, and the password strength of the password is verified after the verification is passed; the password intensity of the password can be verified at first, and when the password intensity is verified, the correctness of the verification answer is verified. When the risk level of the username is in the second level range, the password strength check of the password previously entered by the user is not required, as the user needs to be forced to modify the password.
208. According to the preset password intensity range, performing password intensity verification on the acquired password; if the obtained password does not pass the password strength verification, step 209 is executed, and if the obtained password passes the password strength verification, step 212 is executed.
The specific implementation manner of this step is consistent with that of step 102, and is not described herein again.
209. Returning login failure prompt information to the terminal; and judging whether the number of times of continuous passing of password intensity verification reaches a preset number threshold value or not in the process of using the acquired user name to log in the current system by the terminal requesting to log in the current system. If the preset number threshold is reached, executing step 210; if the preset number threshold is not reached, step 211 is executed.
After determining that the password obtained this time does not pass the password strength verification, adding 1 to the pre-recorded number of times of continuous failing of the password strength verification, that is, updating the number of times of continuous failing of the password strength verification, so as to perform a judgment operation on the number of times in the following.
210. And determining that the terminal is a brute force cracking terminal.
When a legal user forgets a password, the same terminal may not successfully log in the current system when using the same user name to request to log in the current system for N consecutive times. In order to prevent the misjudgment phenomenon, before the terminal is determined to be a brute force cracking terminal, a user identity authentication problem which is preset and used for modifying a password can be sent to the terminal; then receiving a verification answer sent by the terminal; then, carrying out correctness check on the verification answer; if the verification answer is wrong, determining that the terminal is a brute force cracking terminal; and if the verification answer is correct, determining that the terminal is not a brute force cracking terminal.
The preset user authentication problem for modifying the password may be set by the user or may be set by the system. For example, the verification question set by the user may be "which day my birthday is", "who is my primary school chinese teacher", etc.; the verification problem set by the system can be 'please input the mobile phone number to obtain the short message verification code'.
211. Determining that the terminal is not a brute force terminal.
212. Matching the acquired user name and the acquired password with a pre-registered user name and a pre-registered password; if the matching is successful, go to step 213; if the match fails, step 214 is performed.
When the obtained password is confirmed to pass the password strength verification, the password can be confirmed to be possibly the correct password, in order to further confirm whether the password is correct, the user name and the password can be respectively matched with the user name and the password which are registered in advance in the database, when the user name and the password are successfully matched, the user name and the password can be confirmed to be capable of successfully logging in the current system, and the first page information under the account corresponding to the user name and the password is returned to the terminal, and when the user name or the password is unsuccessfully matched, the user name and the password can be confirmed to be incapable of successfully logging in the current system, and login failure prompt information is returned to the terminal.
213. And determining that the current user can successfully log in the current system, and returning home page information corresponding to the user name to the terminal.
214. Returning login failure prompt information to the terminal; and judging whether the number of times of continuous matching failure reaches a preset number threshold value or not in the process that the terminal requesting to log in the current system logs in the current system by using the acquired user name. If the preset number threshold is reached, executing step 210; if the preset number threshold is not reached, step 211 is executed.
In practical applications, a hacker may know in some way that the current system forces the user to register the account with a password having a strong password strength, and therefore it is highly likely that the password that is initially attempted can be verified by the password strength. In this case, when the password strength is checked a plurality of times in succession but the used password is incorrect, the terminal requesting login may be a brute force terminal. In order to further identify the brute force cracking terminal, when the password matching fails, whether the continuous matching failure times reach a preset time threshold value or not in the process that the terminal uses the acquired user name to log in the current system can be judged; if the preset times threshold is reached, the terminal can be determined to be a brute force cracking terminal; if the preset number threshold is not reached, the terminal can be determined not to be a brute force cracking terminal.
For example, when a user registers an account, the interaction between the terminal and the server may be as shown in fig. 3; when a user logs in an account, the interaction between the terminal and the server, for example, a user name, a password and an authentication code need to be input in a login interface, can be as shown in fig. 4.
301. The terminal receives a user name and a password input by a user based on a registration page;
302. the terminal generates an account registration request according to the received user name and the password;
303. the terminal sends an account registration request to the server;
304. the server receives an account registration request;
305. the server checks the password intensity of the password in the account registration request according to the preset password intensity range; carrying out uniqueness check and format check on the user name in the account registration request; if the two pass the verification, executing step 306; if there is a non-pass check, go to step 308;
306. the server sends a registration success prompt message to the terminal;
307. the terminal receives the prompt message of successful registration;
308. the server sends registration failure prompt information to the terminal;
309. and the terminal receives the registration failure prompt message.
310. The terminal receives a user name, a password and an authentication code which are input by a user based on a login page;
311. the terminal generates an account login request according to the received user name, password and verification code;
312. the terminal sends an account login request to the server;
313. the server receives an account login request;
314. the server checks the verification code in the account login request; if the verification passes, go to step 320; if the verification fails, then steps 315 and 318 are performed;
315. the server judges whether the continuous times which do not pass verification of the verification code reach a preset time threshold value or not in the process that the terminal logs in the current system by using the user name; if the preset number threshold is reached, go to step 316; if the preset number threshold is not reached, go to step 317;
316. the server determines that the terminal is a brute force cracking terminal;
317. the server determines that the terminal is not a brute force cracking terminal;
318. the server sends login failure prompt information to the terminal;
319. the terminal receives login failure prompt information;
320. the server verifies the password intensity of the password in the account login request; if the check is passed, go to step 323; if the verification fails, go to step 321 and step 322;
321. the server sends a login failure prompt message to the terminal so that the terminal can execute step 319;
322. the server judges whether the continuous times which do not pass the password intensity verification reach a preset time threshold value or not in the process that the terminal logs in the current system by using the user name; if the preset number threshold is reached, go to step 316; if the preset number threshold is not reached, go to step 317;
323. the server matches the user name and the password in the account login request with the user name and the password which are registered in advance in the database; if the matching is successful; then step 326 is performed; if the matching fails, go to step 324 and step 325;
324. the server sends a login failure prompt message to the terminal so that the terminal can execute step 319;
325. the server judges whether the number of times of continuous matching failure reaches a preset number threshold value or not in the process that the terminal logs in the current system by using the user name; if the preset number threshold is reached, go to step 316; if the preset number threshold is not reached, go to step 317;
326. the server sends the first page information of the account requesting for login to the terminal;
327. the terminal receives the home page information.
It should be added that, when the brute force cracking terminal is identified according to the preset number threshold, the number of times of continuous failed verification of the verification code, the number of times of continuous failed verification of the password strength, or the number of times of continuous matching failure may be used as a judgment basis, and the number of times of continuous login failure may also be used as a judgment basis. The login failure comprises the following steps: failing to pass verification code verification, failing to pass password strength verification and failing to match. For example, if a terminal does not pass the verification code verification when requesting to log in account 1 for the first time, it records the continuous login failure 1 time, if the terminal does not pass the password strength verification when requesting to log in account 1 for the second time, it records the continuous login failure 2 times, and if the terminal fails in matching when requesting to log in account 1 for the third time, it records the continuous login failure 3 times.
Further, according to the above method embodiment, another embodiment of the present invention further provides an apparatus for identifying brute force, as shown in fig. 5, the apparatus mainly includes: an acquisition unit 41, a verification unit 42, a judgment unit 43, and a determination unit 44. Wherein,
an obtaining unit 41, configured to obtain a user name and a password for logging in a current system, where a password and a corresponding user name that meet a preset password intensity range are pre-registered in the current system;
the verification unit 42 is configured to perform password intensity verification on the password acquired by the acquisition unit 31 according to the preset password intensity range;
a determining unit 43, configured to determine, when the obtained password fails to pass the password strength verification, whether a number of times that the terminal requesting to log in the current system logs in the current system using the obtained user name continuously fails the password strength verification reaches a preset number threshold;
and the determining unit 44 is configured to determine that the terminal is a brute force cracking terminal when the preset number threshold is reached.
Further, the determining unit 44 is further configured to, after acquiring a user name and a password for logging in the current system, determine a risk level of the acquired user name, where the risk level is divided according to the number of times that the password corresponding to the user name is violently cracked;
as shown in fig. 6, the apparatus further includes:
a first sending unit 45, configured to send, to the terminal, another verification question for verifying the identity of the user, where the verification question corresponds to the risk level, when the risk level meets a first level range, so as to perform correctness check on the verification answer after receiving the verification answer sent by the terminal;
the first sending unit 45 is further configured to send a prompt message for increasing password intensity to the terminal when the risk level meets the second level range, so that the terminal modifies the original password to increase the password intensity after receiving the prompt message for increasing password intensity.
Further, as shown in fig. 6, the apparatus further includes:
a second sending unit 46, configured to send a user authentication problem, which is set in advance and used when a password is modified, to the terminal before the terminal is determined to be a brute force cracking terminal;
a first receiving unit 47, configured to receive an authentication answer sent by the terminal;
the determining unit 44 is configured to determine that the terminal is a brute force cracking terminal when the verification answer is wrong.
Further, as shown in fig. 6, the apparatus further includes:
a first storing unit 48, configured to store the terminal identifier of the terminal in a brute-force database after determining that the terminal is a brute-force terminal.
Further, as shown in fig. 6, the apparatus further includes:
and a third sending unit 49, configured to return login failure prompt information to the terminal when the obtained password fails to pass the password strength verification.
A calculating unit 410, configured to add 1 to the number of times that the password strength check is not passed continuously.
Further, the determining unit 44 is further configured to determine whether the current user can successfully log in the current system by matching the obtained user name and the obtained password with a pre-registered user name and password when the obtained password passes the password strength check.
Further, as shown in fig. 6, the apparatus further includes:
a second receiving unit 411, configured to receive an account registration request;
the verification unit 42 is further configured to perform password intensity verification on the password in the account registration request according to the preset password intensity range; carrying out uniqueness check and format check on the user name in the account registration request;
a second saving unit 412, configured to correspondingly save the password and the user name in the account registration request when the password in the account registration request passes through password strength verification and the user name in the account registration request passes through uniqueness verification and format verification;
the fourth sending unit 413 is further configured to return registration success prompting information to the terminal.
The device for identifying brute force cracking provided by the embodiment of the invention can enable a user to register a password and a corresponding user name which meet the preset password intensity range, and in the process that a subsequent user logs in the current system, after the server of the current system acquires the password and the user name for logging in the current system, the brute force cracking terminal is identified not by directly matching the user name and the password with a pre-registered user name and a pre-registered user name with large data volume, but by verifying the password intensity of the acquired password, namely, as long as the terminal logs in the current system by using the same user name, the number of times which do not pass the password intensity verification continuously reaches the preset number threshold value, the terminal is determined as the brute force cracking terminal, so that the efficiency of identifying brute force cracking is improved. In addition, the password which is not allowed to be registered in the current system is quickly identified through password strength verification, and the efficiency of identity authentication can be improved.
Further, according to the above method embodiment, another embodiment of the present invention also provides a storage medium storing a plurality of instructions, the instructions being adapted to be loaded by a processor and to execute the method for identifying brute force, as described above.
The instruction stored in the storage medium for identifying brute force cracking provided by the embodiment of the invention can enable a user to register a password and a corresponding user name which meet the preset password intensity range, in the process of logging in the current system by a subsequent user, after the server of the current system acquires the password and the user name for logging in the current system, instead of directly identifying a brute force cracking terminal by matching the user name and password with a pre-registered user name and password having a large data volume, but identifies the brute force cracking terminal by checking the password intensity of the acquired password, the terminal is determined as the brute force cracking terminal as long as the number of times of continuous passing of password intensity verification reaches the preset number threshold value in the process that the terminal logs in the current system by using the same user name, and therefore the efficiency of recognizing brute force cracking is improved. In addition, the password which is not allowed to be registered in the current system is quickly identified through password strength verification, and the efficiency of identity authentication can be improved.
Further, according to the above method embodiment, another embodiment of the present invention also provides a server, which includes a storage medium and a processor;
the processor is suitable for realizing instructions;
the storage medium adapted to store a plurality of instructions;
the instructions are adapted to be loaded by the processor and to perform a method of identifying brute force as described above.
The server for identifying brute force cracking provided by the embodiment of the invention can enable a user to register a password and a corresponding user name which meet the preset password intensity range, and in the process that a subsequent user logs in the current system, after the server of the current system acquires the password and the user name for logging in the current system, the brute force cracking terminal is identified not by directly matching the user name and the password with a pre-registered user name and a pre-registered user name with large data volume, but by verifying the password intensity of the acquired password, namely, as long as the terminal logs in the current system by using the same user name, the number of times which do not pass the password intensity verification continuously reaches the preset number threshold value, the terminal is determined as the brute force cracking terminal, so that the efficiency of identifying brute force cracking is improved. In addition, the password which is not allowed to be registered in the current system is quickly identified through password strength verification, and the efficiency of identity authentication can be improved.
In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
It will be appreciated that the relevant features of the method, apparatus and system described above are referred to one another. In addition, "first", "second", and the like in the above embodiments are for distinguishing the embodiments, and do not represent merits of the embodiments.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The algorithms and displays presented herein are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system will be apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
The various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functions of some or all of the components of the method and apparatus for identifying brute force according to embodiments of the present invention. The present invention may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.

Claims (10)

1. A method of identifying brute force, the method comprising:
acquiring a user name and a password for logging in a current system, wherein the password meeting the preset password intensity range and a corresponding user name are registered in the current system in advance;
according to the preset password intensity range, performing password intensity verification on the acquired password;
if the obtained password fails to pass the password intensity verification, judging whether the continuous times which do not pass the password intensity verification reach a preset time threshold value or not in the process that the terminal requesting to log in the current system logs in the current system by using the obtained user name;
and if the preset times threshold value is reached, determining that the terminal is a brute force cracking terminal.
2. The method of claim 1, wherein after obtaining a username and password for logging into a current system, the method further comprises:
determining the risk level of the acquired user name, wherein the risk level is divided according to the number of times that a password corresponding to the user name is violently cracked;
if the risk level meets a first level range, sending other verification questions corresponding to the risk level and used for verifying the identity of the user to the terminal so as to carry out correctness verification on the verification answers after receiving the verification answers sent by the terminal;
and if the risk level meets a second level range, sending prompt information for improving the password intensity to the terminal, so that the terminal modifies the original password to improve the password intensity after receiving the prompt information for improving the password intensity.
3. The method of claim 1 or 2, wherein prior to determining that the terminal is a brute force terminal, the method further comprises:
sending a user identity authentication problem which is preset and used for modifying the password to the terminal;
receiving a verification answer sent by the terminal;
the determining that the terminal is a brute force cracking terminal comprises:
and if the verification answer is wrong, determining that the terminal is a brute force cracking terminal.
4. The method of claim 3, wherein after determining that the terminal is a brute force terminal, the method further comprises:
and storing the terminal identification of the terminal into a brute force cracking database.
5. The method of claim 1, wherein if the obtained password fails the password strength check, the method further comprises:
returning login failure prompt information to the terminal;
and/or adding 1 to the number of times of failing to pass the password strength check continuously.
6. The method of claim 1, further comprising:
and if the acquired password passes the password intensity verification, determining whether the current user can successfully log in the current system or not by matching the acquired user name, the acquired password and a pre-registered user name and password.
7. The method of any of claims 1-2, 4-6, further comprising:
receiving an account registration request;
according to the preset password intensity range, carrying out password intensity verification on the password in the account registration request; carrying out uniqueness check and format check on the user name in the account registration request;
and if the password in the account registration request passes the password intensity verification and the user name in the account registration request passes the uniqueness verification and the format verification, correspondingly storing the password and the user name in the account registration request, and returning a prompt message of successful registration to the terminal.
8. An apparatus for identifying brute force, the apparatus comprising:
the system comprises an acquisition unit, a storage unit and a processing unit, wherein the acquisition unit is used for acquiring a user name and a password for logging in a current system, and the password meeting the preset password intensity range and a corresponding user name are pre-registered in the current system;
the verification unit is used for verifying the password intensity of the password acquired by the acquisition unit according to the preset password intensity range;
the judging unit is used for judging whether the continuous times of failing to pass the password intensity verification reach a preset time threshold value or not in the process that the terminal requesting to log in the current system logs in the current system by using the acquired user name when the acquired password fails the password intensity verification;
and the determining unit is used for determining that the terminal is a brute force cracking terminal when the preset frequency threshold is reached.
9. A computer-readable storage medium storing a plurality of instructions adapted to be loaded by a processor and to perform the method of identifying brute force attacks according to any one of claims 1 to 7.
10. A server, comprising a storage medium and a processor;
the processor is suitable for realizing instructions;
the storage medium adapted to store a plurality of instructions;
the instructions are adapted to be loaded by the processor and to perform a method of identifying brute force attacks according to any one of claims 1 to 7.
CN201710728889.9A 2017-08-23 2017-08-23 Method and device for identifying brute force cracking Active CN108011863B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710728889.9A CN108011863B (en) 2017-08-23 2017-08-23 Method and device for identifying brute force cracking

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710728889.9A CN108011863B (en) 2017-08-23 2017-08-23 Method and device for identifying brute force cracking

Publications (2)

Publication Number Publication Date
CN108011863A CN108011863A (en) 2018-05-08
CN108011863B true CN108011863B (en) 2020-12-15

Family

ID=62051404

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710728889.9A Active CN108011863B (en) 2017-08-23 2017-08-23 Method and device for identifying brute force cracking

Country Status (1)

Country Link
CN (1) CN108011863B (en)

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110581827B (en) * 2018-06-07 2022-04-29 深信服科技股份有限公司 Detection method and device for brute force cracking
CN109660556B (en) * 2019-01-11 2022-11-29 平安科技(深圳)有限公司 User login method, device, equipment and storage medium based on information security
CN109933973B (en) * 2019-01-24 2024-01-19 平安科技(深圳)有限公司 Password verification method, password verification device, computer equipment and storage medium
US11108818B2 (en) 2019-02-17 2021-08-31 Microsoft Technology Licensing, Llc Credential spray attack detection
CN112738006B (en) * 2019-10-28 2023-11-07 深信服科技股份有限公司 Identification method, equipment and storage medium
CN110995738B (en) * 2019-12-13 2022-04-01 北京天融信网络安全技术有限公司 Violent cracking behavior identification method and device, electronic equipment and readable storage medium
US11936664B2 (en) 2020-03-14 2024-03-19 Microsoft Technology Licensing, Llc Identity attack detection and blocking
CN111641658A (en) * 2020-06-09 2020-09-08 杭州安恒信息技术股份有限公司 Request intercepting method, device, equipment and readable storage medium
CN112583789B (en) * 2020-11-04 2023-03-14 杭州数梦工场科技有限公司 Method, device and equipment for determining illegally logged-in login interface
CN112738084A (en) * 2020-12-28 2021-04-30 放宠(无锡)网络科技有限公司 User login system and method
CN112910905A (en) * 2021-02-07 2021-06-04 中国工商银行股份有限公司 Security verification method and device
CN113852630A (en) * 2021-09-24 2021-12-28 广东睿住智能科技有限公司 Data transmission method, data transmission device, server and storage medium
CN114626055A (en) * 2022-03-31 2022-06-14 杭州玳数科技有限公司 Interactive method and system for lightweight password strength verification
CN114978758A (en) * 2022-06-23 2022-08-30 广东瑞普科技股份有限公司 Network and information security encryption method
CN116992433B (en) * 2023-09-28 2023-12-01 江苏友谱信息科技有限公司 Password cracking attack detection method and assembly based on WEB application system

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101131760A (en) * 2006-08-25 2008-02-27 阿里巴巴公司 Method and system for checking account security
CN102750486A (en) * 2012-06-29 2012-10-24 奇智软件(北京)有限公司 Method and device for updating login information by login control
CN104011727A (en) * 2011-10-24 2014-08-27 施耐德电器工业公司 System and method for managing industrial processes
CN104301286A (en) * 2013-07-15 2015-01-21 中国移动通信集团黑龙江有限公司 User login authentication method and device
CN104883351A (en) * 2015-03-13 2015-09-02 小米科技有限责任公司 Multiple-factor authentication method and device
CN105553982A (en) * 2015-12-17 2016-05-04 上海斐讯数据通信技术有限公司 Security detection method and system for router and router
CN105844140A (en) * 2016-03-21 2016-08-10 国家电网公司 Website login brute force crack method and system capable of identifying verification code
WO2017106669A1 (en) * 2015-12-17 2017-06-22 Massachusetts Institute Of Technology Systems and methods evaluating password complexity and strength

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101131760A (en) * 2006-08-25 2008-02-27 阿里巴巴公司 Method and system for checking account security
CN104011727A (en) * 2011-10-24 2014-08-27 施耐德电器工业公司 System and method for managing industrial processes
CN102750486A (en) * 2012-06-29 2012-10-24 奇智软件(北京)有限公司 Method and device for updating login information by login control
CN104301286A (en) * 2013-07-15 2015-01-21 中国移动通信集团黑龙江有限公司 User login authentication method and device
CN104883351A (en) * 2015-03-13 2015-09-02 小米科技有限责任公司 Multiple-factor authentication method and device
CN105553982A (en) * 2015-12-17 2016-05-04 上海斐讯数据通信技术有限公司 Security detection method and system for router and router
WO2017106669A1 (en) * 2015-12-17 2017-06-22 Massachusetts Institute Of Technology Systems and methods evaluating password complexity and strength
CN105844140A (en) * 2016-03-21 2016-08-10 国家电网公司 Website login brute force crack method and system capable of identifying verification code

Also Published As

Publication number Publication date
CN108011863A (en) 2018-05-08

Similar Documents

Publication Publication Date Title
CN108011863B (en) Method and device for identifying brute force cracking
US11068575B2 (en) Authentication system
CN108369615B (en) Dynamically updating CAPTCHA challenges
US11281762B2 (en) Method and apparatus for facilitating the login of an account
US9246897B2 (en) Method and system of login authentication
CN105847245B (en) Electronic mailbox login authentication method and device
CN103139172B (en) A kind of service implementation method and device
US20160057157A1 (en) Verification method, apparatus, server and system
CN106469261B (en) Identity verification method and device
CN105099707B (en) A kind of offline authentication method, server and system
US10284565B2 (en) Security verification method, apparatus, server and terminal device
CN105141427B (en) A kind of login authentication method, apparatus and system based on Application on Voiceprint Recognition
CN105162604A (en) Feature image identification based verification method and system, and verification server
CN104917722A (en) Identity verifying method, apparatus and system
CN105992204A (en) Access authentication method of applications of mobile intelligent terminal and device
CN105337739B (en) Safe login method, device, server and terminal
CN110113346B (en) Network verification method, user terminal and server
CN104009850B (en) A kind of method for authenticating user identity and system
CN106657096B (en) WEB vulnerability detection method, device and system
CN111259368A (en) Method and equipment for logging in system
CN111385272A (en) Weak password detection method and device
CN106921626B (en) User registration method and device
CN111949952B (en) Method for processing verification code request and computer-readable storage medium
CN108965335B (en) Method for preventing malicious access to login interface, electronic device and computer medium
CN104283691B (en) A kind of Bidirectional identity authentication method and system based on dynamic password

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder

Address after: 100102 Beijing Chaoyang District, Hongtai East Street Wangjing Green Space Center, Block A, District D, 9 floors

Patentee after: BEIJING CHJ AUTOMOTIVE TECHNOLOGY Co.,Ltd.

Address before: 100102 Beijing Chaoyang District, Hongtai East Street Wangjing Green Space Center, Block A, District D, 9 floors

Patentee before: Beijing Chehejia Information Technology Co.,Ltd.

CP01 Change in the name or title of a patent holder
TR01 Transfer of patent right

Effective date of registration: 20211123

Address after: Room 103, building 1, yard 4, Hengxing Road, Gaoliying Town, Shunyi District, Beijing

Patentee after: Beijing Rockwell Technology Co.,Ltd.

Address before: 100102 Beijing Chaoyang District, Hongtai East Street Wangjing Green Space Center, Block A, District D, 9 floors

Patentee before: BEIJING CHJ AUTOMOTIVE TECHNOLOGY Co.,Ltd.

TR01 Transfer of patent right