CN108040039A - A kind of method, apparatus, equipment and system for identifying attack source information - Google Patents
A kind of method, apparatus, equipment and system for identifying attack source information Download PDFInfo
- Publication number
- CN108040039A CN108040039A CN201711216816.8A CN201711216816A CN108040039A CN 108040039 A CN108040039 A CN 108040039A CN 201711216816 A CN201711216816 A CN 201711216816A CN 108040039 A CN108040039 A CN 108040039A
- Authority
- CN
- China
- Prior art keywords
- black list
- list information
- information
- cloud platform
- attack source
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of method for identifying attack source information, including:Receive the black list information that destination server uploads;The black list information is the attack source information of destination server identification;The black list information is issued to the Servers-all perceived under cloud platform, so that Servers-all identifies the attack source information using the black list information.It can be seen that, in this programme, after attack source information generation black list information is recognized there are destination server, the black list information is uploaded to perception cloud platform, perceive the Servers-all that the black list information can be issued under the platform by cloud platform, so that other servers improve the ability of attack protection, a complete ecological chain is formed;The invention also discloses a kind of device, equipment, system and computer-readable recording medium for identifying attack source information, above-mentioned technique effect can be equally realized.
Description
Technical field
The present invention relates to Brute Force Intrusion Detection Technique field, and attack source information is identified more specifically to one kind
Method, apparatus, equipment, system and computer-readable recording medium.
Background technology
Brute Force refers in a service, and all possible situation is tested one by one in certain scope with the method for exhaustion
Card, until the whole circumstances verify.Interception of the existing scheme to Brute Force is carried out after identifying attack source by fire wall
Intercept, but this mode is only limited to the machine, and other servers also may proceed to be subject to violence due to the nonrecognition attack source
The attack cracked.
Therefore, how attack source is identified, is art technology so as to improve the anti-attack ability of Servers-all
Personnel's problem to be solved.
The content of the invention
Can it is an object of the invention to provide a kind of method, apparatus, equipment, system and computer for identifying attack source information
Storage medium is read, to realize identification of the Servers-all to attack source, improves the anti-attack ability of Servers-all.
To achieve the above object, an embodiment of the present invention provides following technical solution:
A kind of method for identifying attack source information, including:
Receive the black list information that destination server uploads;The black list information is attacked for destination server identification
Hit source information;
The black list information is issued to the Servers-all perceived under cloud platform, so that described in Servers-all utilization
Black list information identifies the attack source information.
Wherein, after the black list information for receiving destination server and uploading, further include:
Utilize black list information renewal blacklist rule.
Wherein, this programme further includes:
Receive the blacklist Rule instruction that server is sent;
Instructed using the blacklist Rule, the blacklist rule after renewal is issued to the server.
Wherein, the black list information for receiving destination server and uploading, including:Destination server is received to take by detecting
The black list information that business device uploads;
The Servers-all that the black list information is issued under perception cloud platform is included:By under the black list information
All detection service devices perceived under cloud platform are sent to, are issued to the black list information by all detection service devices all
Server.
A kind of device for identifying attack source information, including:
Information receiving module, for receiving the black list information of destination server upload;The black list information is described
The attack source information of destination server identification;
Information issues module, for the black list information to be issued to the Servers-all perceived under cloud platform, so that
Servers-all identifies the attack source information using the black list information.
Wherein, this programme further includes:
Update module, for utilizing black list information renewal blacklist rule.
Wherein, this programme further includes:
Command reception module, for receiving the blacklist Rule instruction of server transmission;
Rule issues module, and for being instructed using the blacklist Rule, the blacklist rule after renewal is issued
To the server.
Wherein, described information receiving module is specifically used for:Receive the black name that destination server is uploaded by detection service device
Single information;
Described information issues module and is specifically used for:The black list information is issued to all detections perceived under cloud platform
Server, Servers-all is issued to by all detection service devices by the black list information.
One kind identification attack source information equipment, including:Memory, for storing computer program;Processor, for performing
The step of method of above-mentioned identification attack source information is realized during the computer program.
A kind of computer-readable recording medium, is stored with computer program on the computer-readable recording medium, described
The step of method of above-mentioned identification attack source information is realized when computer program is executed by processor.
A kind of system for identifying attack source information, including:
Server, source information is attacked for identifying;If destination server detects attack source information, generate and detect
The corresponding black list information of attack source information, and be uploaded to perception cloud platform;
The perception cloud platform, for receiving the black list information of destination server upload;By under the black list information
The Servers-all perceived under cloud platform is sent to, so that Servers-all identifies the attack source letter using the black list information
Breath.
Wherein, the system comprises at least one detection service device being connected with the perception cloud platform, each detection clothes
Business device is connected with corresponding server;
Each detection service device is used for the black list information for sending the destination server being connected with this detection service device
Reach the perception cloud platform;
Each detection service device is additionally operable to the black list information that the perception cloud platform issues being issued to each detecting
The Servers-all that server is connected.
By above scheme, a kind of method for identifying attack source information provided in an embodiment of the present invention, including:Receive
The black list information that destination server uploads;The black list information is the attack source information of destination server identification;Will
The black list information is issued to the Servers-all perceived under cloud platform, so that Servers-all utilizes the black list information
Identify the attack source information.
As it can be seen that in the present solution, after attack source information generation black list information is recognized there are destination server, incite somebody to action
The black list information is uploaded to perception cloud platform, perceives all clothes that the black list information can be issued under the platform by cloud platform
Business device, so that other servers improve the ability of attack protection, forms a complete ecological chain;The invention also discloses one kind
Device, equipment, system and the computer-readable recording medium of identification attack source information, can equally realize above-mentioned technique effect.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
There is attached drawing needed in technology description to be briefly described, it should be apparent that, drawings in the following description are only this
Some embodiments of invention, for those of ordinary skill in the art, without creative efforts, can be with
Other attached drawings are obtained according to these attached drawings.
Fig. 1 is a kind of method flow schematic diagram for identifying attack source information disclosed by the embodiments of the present invention;
Fig. 2 is the method flow schematic diagram that source information is attacked in identification disclosed by the embodiments of the present invention;
Fig. 3 is identification attack source information system structure schematic diagram disclosed by the embodiments of the present invention;
Fig. 4 is a kind of apparatus structure schematic diagram for identifying attack source information disclosed by the embodiments of the present invention;
Fig. 5 is a kind of system structure diagram for identifying attack source information disclosed by the embodiments of the present invention.
Embodiment
Below in conjunction with the attached drawing in the embodiment of the present invention, the technical solution in the embodiment of the present invention is carried out clear, complete
Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, those of ordinary skill in the art are obtained every other without creative efforts
Embodiment, belongs to the scope of protection of the invention.
The attack method, apparatus of source information, equipment, system and computer-readable are identified the embodiment of the invention discloses a kind of
Storage medium, to realize identification of the Servers-all to attack source, improves the anti-attack ability of Servers-all.
Referring to Fig. 1, a kind of method for identifying attack source information provided in an embodiment of the present invention, including:
S101, receive the black list information that destination server uploads;The black list information is known for the destination server
Other attack source information;
In the present solution, each server needs to detect whether book server has the attack of attack source, if then generating
Black list information, and the black list information is uploaded to perception cloud platform;Also, the attack pattern in this programme can be more
Kind, in the present solution, this programme is described in detail so that attack pattern is Brute Force as an example.
If the attack pattern of attack source is Brute Force, then referring to Fig. 2, the destination server identification that this programme provides is attacked
The method for hitting source information specifically includes:
S201, the system log for reading book server;
Specifically, in the present solution, server can periodically read system log, whether there is violence to break to detect in daily record
Solve daily record.
S202, judge whether there is login daily record in system log;If it is not, S201 is then continued to execute, if so, then performing
S203;
In the present solution, determining whether that logging in type daily record specifically includes:Determine whether the ssh's of Linux system
22 port daily records, the 3389 port login daily records of the rdp of windows systems etc., daily record if not logged on, continues to obtain next
Bar system log.
What S203, judgement logged in daily record logs in whether result is login failure;If it is not, S201 is then continued to execute, if so, then
Perform S204;
S204, obtain login source IP, and counts login failure number;
If specifically, in the present solution, exist log in daily record, need to judge whether to be login failure, if logged on into
Work(, flushing errors cumulative calculation.Continue to obtain next system log.If logged on failure, then record logs in source address, and tires out
Add the login failure number of the login source IP;
It should be noted that Scattered Attack can be launched a offensive at the same time using multiple IP, make single IP login failures number
Reduce, so as to avoid part fire wall explosion attack strategies;Therefore in the present solution, if there is unit interval same behavior
Login source IP section, then the attack source for judging the login source IP section is Scattered Attack, also needs to record the login source IP section,
And the login source IP section logs in the number of failure.
S205, judge whether to log in the login source IP that the frequency of failure is more than predetermined threshold;If being not present, continue to hold
Row S201, if in the presence of performing S206;
S206, will log in login source IP that the frequency of failure is more than predetermined threshold as blacklist IP, block this IP blacklist
And be reported to perception cloud platform.
Specifically, in the present solution, predetermined threshold can be configured by multiple actual verification, to logging in daily record progress
During analysis, just find to log in the login source IP that the frequency of failure is more than predetermined threshold if do not analyzed, at this moment can continue to analyze
On the basis of, directly blocked and reported using the login source IP as blacklist IP.
It should be noted that only it is described in this programme by taking attack pattern is Brute Force attack as an example, at this moment
Black list information in this programme is blacklist IP, and if the attack pattern of other forms, black list information can be according to attack
The different of mode carry out adaptive change, but black list information is played the role of all being identical, is provided to other clothes
Business device can identify attack source according to the black list information, the effective anti-attack ability for improving Servers-all.
The black list information, is issued to the Servers-all perceived under cloud platform by S102, so that Servers-all is sharp
The attack source information is identified with the black list information.
Specifically, perceiving cloud platform refers to that communication network can perceive existing network environment, by local environment
Understand, adjust the strategy of communication network in real time, intelligently adapt to the change of professional environment.Meanwhile it is also equipped with from change middle school
The ability of habit, and they can be used in the decision-making in future.When all decision-makings are done, network will be end-to-end target
(end-to-end goals) takes into account.
Perception cloud platform in this programme is connected with server zone, and each server zone includes multiple servers, often
A server can realize the identification to attack source, and behind each server identification attack source, can all generate blacklist letter
Cease and send to cloud platform is perceived, black list information is issued to each servicing in each server zone by perceiving cloud platform
Device, that is to say, that identify an attack source simply by the presence of a server, then by perceiving issuing for cloud platform,
So that other Servers-alls identify the attack source, so as to avoid other servers from receiving the attack of the attack source again.
Based on the method for above-mentioned identification attack source information, in the present embodiment, perceive cloud platform and receive on destination server
After the black list information of biography, further include:Utilize black list information renewal blacklist rule.
Specifically, perceive and blacklist rule is stored in cloud platform, include all blacklists in the blacklist rule
Information, also, under normal circumstances, the regular blacklist rule with each server of blacklist perceived in cloud platform should be
Consistent, therefore, if presence server detects new blacklist rule, need to update blacklist by the black list information
Rule.
Further, in order to ensure the blacklist in each server rule with perceive cloud platform in blacklist rule one
Cause, at this moment, the blacklist Rule instruction of server transmission can be received by perceiving cloud platform;Obtained using the blacklist rule
Instruction fetch, the server is issued to by the blacklist rule after renewal, so as to fulfill each server blacklist rule with
The blacklist rule perceived in cloud platform is consistent;Of course, perceiving cloud platform can also realize actively to each server push
Blacklist rule is not specific herein to limit.
Based on the embodiment of the method for above-mentioned any identification attack source information, in the present embodiment, the reception destination service
The black list information that device uploads, including:Receive the black list information that destination server is uploaded by detection service device;
The Servers-all that the black list information is issued under perception cloud platform is included:By under the black list information
All detection service devices perceived under cloud platform are sent to, are issued to the black list information by all detection service devices all
Server.
Specifically, referring to Fig. 3, in the present solution, each server passes through with perceiving when cloud platform carries out the transmission of data
Detection service device realizes reporting and issuing for data as agency.Specifically, each server being connected with perceiving cloud platform
There may be at least one detection service device in group, each detection service device is connected to multiple servers, is used for realization connection
The black list information of server reporting and issuing.Pass through the introducing of detection service device, it is not necessary to perceive cloud platform and safeguard own
The connection relation of server, it is only necessary to safeguard the connection relation with detection service device, and perceive cloud platform to black name
When single information is issued, it is not required that sent to each server, it is only necessary to sent to each detection service device, so that
It greatly reducing and perceive cloud platform load.It should be noted that detection service device in this programme at least with two servers
It is connected, if the server of connection is very little, the effect of detection service device cannot be embodied.
The device of identification attack source information provided in an embodiment of the present invention is introduced below, identification described below is attacked
The device and the above-described method for identifying attack source information for hitting source information can be cross-referenced.
Referring to Fig. 4, a kind of device for identifying attack source information provided in an embodiment of the present invention, including:
Information receiving module 10, for receiving the black list information of destination server upload;The black list information is institute
State the attack source information of destination server identification;
Information issues module 20, for the black list information to be issued to the Servers-all perceived under cloud platform, with
Servers-all is set to identify the attack source information using the black list information.
Wherein, the present embodiment further includes:
Update module, for utilizing black list information renewal blacklist rule;
Command reception module, for receiving the blacklist Rule instruction of server transmission;
Rule issues module, and for being instructed using the blacklist Rule, the blacklist rule after renewal is issued
To the server.
Based on the device embodiment of above-mentioned identification attack source information, in the present embodiment, information receiving module is specifically used for:
Receive the black list information that destination server is uploaded by detection service device;
Information issues module and is specifically used for:The black list information is issued to all detection services perceived under cloud platform
Device, Servers-all is issued to by all detection service devices by the black list information.
A kind of identification attack source information equipment is also disclosed in the present embodiment, including:Memory, for storing computer
Program;The step of processor, for performing computer program when realizes the method for above-mentioned identification attack source information.
A kind of computer-readable recording medium is also disclosed in the present embodiment, is deposited on the computer-readable recording medium
Computer program is contained, the computer program realizes the step of the method for above-mentioned identification attack source information when being executed by processor
Suddenly.
Specifically, the storage medium can include:USB flash disk, mobile hard disk, read-only storage (Read-Only Memory,
ROM), random access memory (Random Access Memory, RAM), magnetic disc or CD etc. are various can be with storage program
The medium of code.
Referring to Fig. 5, a kind of system for identifying attack source information provided in an embodiment of the present invention, including:
Server 100, source information is attacked for identifying;If destination server detects attack source information, generation and inspection
The corresponding black list information of attack source information measured, and be uploaded to and perceive cloud platform 200;
Cloud platform 200 is perceived, for receiving the black list information of destination server upload;The black list information is issued
To the Servers-all perceived under cloud platform, so that Servers-all identifies the attack source letter using the black list information
Breath;
And at least one detection service device 300 being connected with the perception cloud platform 200, each detection service device 300
It is connected with corresponding server 100;
Each detection service device 300 is used for the black list information for sending the destination server being connected with this detection service device
It is uploaded to the perception cloud platform 200;
Each detection service device 300 be additionally operable to by the black list information that the perception cloud platform 200 issues be issued to often
The Servers-all that a detection service device is connected.
As it can be seen that in the present solution, the attack source that the server attacked is drawn after analysis, can be by perceiving cloud platform
Other servers are shared to, other servers is efficiently taken precautions against possible by attack, forms a complete ecological chain.
Each embodiment is described by the way of progressive in this specification, what each embodiment stressed be and other
The difference of embodiment, between each embodiment identical similar portion mutually referring to.
The foregoing description of the disclosed embodiments, enables professional and technical personnel in the field to realize or use the present invention.
A variety of modifications to these embodiments will be apparent for those skilled in the art, as defined herein
General Principle can be realized in other embodiments without departing from the spirit or scope of the present invention.Therefore, it is of the invention
The embodiments shown herein is not intended to be limited to, and is to fit to and the principles and novel features disclosed herein phase one
The most wide scope caused.
Claims (12)
- A kind of 1. method for identifying attack source information, it is characterised in that including:Receive the black list information that destination server uploads;The black list information is the attack source of destination server identification Information;The black list information is issued to the Servers-all perceived under cloud platform, so that Servers-all utilizes the black name Single information identifies the attack source information.
- 2. according to the method described in claim 1, it is characterized in that, it is described receive destination server upload black list information it Afterwards, further include:Utilize black list information renewal blacklist rule.
- 3. according to the method described in claim 2, it is characterized in that, further include:Receive the blacklist Rule instruction that server is sent;Instructed using the blacklist Rule, the blacklist rule after renewal is issued to the server.
- 4. method as claimed in any of claims 1 to 3, it is characterised in that the reception destination server uploads Black list information, including:Receive the black list information that destination server is uploaded by detection service device;The Servers-all that the black list information is issued under perception cloud platform is included:The black list information is issued to All detection service devices under cloud platform are perceived, the black list information is issued to all services by all detection service devices Device.
- A kind of 5. device for identifying attack source information, it is characterised in that including:Information receiving module, for receiving the black list information of destination server upload;The black list information is the target The attack source information of server identification;Information issues module, for the black list information to be issued to the Servers-all perceived under cloud platform, so that all Black list information described in server by utilizing identifies the attack source information.
- 6. device according to claim 5, it is characterised in that further include:Update module, for utilizing black list information renewal blacklist rule.
- 7. device according to claim 6, it is characterised in that further include:Command reception module, for receiving the blacklist Rule instruction of server transmission;Rule issues module, and for being instructed using the blacklist Rule, the blacklist rule after renewal is issued to institute State server.
- 8. the device according to any one in claim 5 to 7, it is characterised in that described information receiving module is specifically used In:Receive the black list information that destination server is uploaded by detection service device;Described information issues module and is specifically used for:The black list information is issued to all detection services perceived under cloud platform Device, Servers-all is issued to by all detection service devices by the black list information.
- 9. one kind identification attack source information equipment, it is characterised in that including:Memory, for storing computer program;Processor, realizes that source information is attacked in identification as described in any one of Claims 1-4 during for performing the computer program Method the step of.
- 10. a kind of computer-readable recording medium, it is characterised in that be stored with computer on the computer-readable recording medium Program, the identification attack source information as described in any one of Claims 1-4 is realized when the computer program is executed by processor The step of method.
- A kind of 11. system for identifying attack source information, it is characterised in that including:Server, source information is attacked for identifying;If destination server detects attack source information, what is generated and detect attacks The corresponding black list information of source information is hit, and is uploaded to perception cloud platform;The perception cloud platform, for receiving the black list information of destination server upload;The black list information is issued to The Servers-all under cloud platform is perceived, so that Servers-all identifies the attack source information using the black list information.
- 12. system according to claim 11, it is characterised in that the system comprises what is be connected with the perception cloud platform At least one detection service device, each detection service device are connected with corresponding server;Each detection service device is used to the black list information that the destination server being connected with this detection service device is sent being uploaded to The perception cloud platform;Each detection service device is additionally operable to the black list information that the perception cloud platform issues being issued to and each detection service The Servers-all that device is connected.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711216816.8A CN108040039A (en) | 2017-11-28 | 2017-11-28 | A kind of method, apparatus, equipment and system for identifying attack source information |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711216816.8A CN108040039A (en) | 2017-11-28 | 2017-11-28 | A kind of method, apparatus, equipment and system for identifying attack source information |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108040039A true CN108040039A (en) | 2018-05-15 |
Family
ID=62093462
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711216816.8A Pending CN108040039A (en) | 2017-11-28 | 2017-11-28 | A kind of method, apparatus, equipment and system for identifying attack source information |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108040039A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109005164A (en) * | 2018-07-20 | 2018-12-14 | 深圳市网心科技有限公司 | A kind of network system, equipment, network data exchange method and storage medium |
CN109379347A (en) * | 2018-09-29 | 2019-02-22 | 成都亚信网络安全产业技术研究院有限公司 | A kind of safety protecting method and equipment |
CN109862029A (en) * | 2019-03-01 | 2019-06-07 | 论客科技(广州)有限公司 | A kind of method and system of the reply Brute Force behavior using big data analysis |
CN109981647A (en) * | 2019-03-27 | 2019-07-05 | 北京百度网讯科技有限公司 | Method and apparatus for detecting Brute Force |
CN111181911A (en) * | 2019-08-23 | 2020-05-19 | 腾讯科技(深圳)有限公司 | Method, server, equipment and medium for protecting password blasting attack |
CN114024752A (en) * | 2021-11-08 | 2022-02-08 | 北京天融信网络安全技术有限公司 | Network security defense method, equipment and system based on whole network linkage |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102137111A (en) * | 2011-04-20 | 2011-07-27 | 北京蓝汛通信技术有限责任公司 | Method and device for preventing CC (Challenge Collapsar) attack and content delivery network server |
CN102694820A (en) * | 2012-06-13 | 2012-09-26 | 华为技术有限公司 | Processing method of signature rule, server and intrusion defending system |
CN102916959A (en) * | 2012-10-16 | 2013-02-06 | 百度在线网络技术(北京)有限公司 | Blacklist synchronization method and device in cloud environment |
US20140199975A1 (en) * | 2013-01-15 | 2014-07-17 | Apple Inc. | Management of unwanted calls and/or text messages |
CN105897674A (en) * | 2015-11-25 | 2016-08-24 | 乐视云计算有限公司 | DDoS attack protection method applied to CDN server group and system |
CN106161395A (en) * | 2015-04-20 | 2016-11-23 | 阿里巴巴集团控股有限公司 | A kind of prevent the method for Brute Force, Apparatus and system |
-
2017
- 2017-11-28 CN CN201711216816.8A patent/CN108040039A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102137111A (en) * | 2011-04-20 | 2011-07-27 | 北京蓝汛通信技术有限责任公司 | Method and device for preventing CC (Challenge Collapsar) attack and content delivery network server |
CN102694820A (en) * | 2012-06-13 | 2012-09-26 | 华为技术有限公司 | Processing method of signature rule, server and intrusion defending system |
CN102916959A (en) * | 2012-10-16 | 2013-02-06 | 百度在线网络技术(北京)有限公司 | Blacklist synchronization method and device in cloud environment |
US20140199975A1 (en) * | 2013-01-15 | 2014-07-17 | Apple Inc. | Management of unwanted calls and/or text messages |
CN106161395A (en) * | 2015-04-20 | 2016-11-23 | 阿里巴巴集团控股有限公司 | A kind of prevent the method for Brute Force, Apparatus and system |
CN105897674A (en) * | 2015-11-25 | 2016-08-24 | 乐视云计算有限公司 | DDoS attack protection method applied to CDN server group and system |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109005164A (en) * | 2018-07-20 | 2018-12-14 | 深圳市网心科技有限公司 | A kind of network system, equipment, network data exchange method and storage medium |
CN109379347A (en) * | 2018-09-29 | 2019-02-22 | 成都亚信网络安全产业技术研究院有限公司 | A kind of safety protecting method and equipment |
CN109379347B (en) * | 2018-09-29 | 2021-03-23 | 成都亚信网络安全产业技术研究院有限公司 | Safety protection method and equipment |
CN109862029A (en) * | 2019-03-01 | 2019-06-07 | 论客科技(广州)有限公司 | A kind of method and system of the reply Brute Force behavior using big data analysis |
CN109981647A (en) * | 2019-03-27 | 2019-07-05 | 北京百度网讯科技有限公司 | Method and apparatus for detecting Brute Force |
CN109981647B (en) * | 2019-03-27 | 2021-07-06 | 北京百度网讯科技有限公司 | Method and apparatus for detecting brute force cracking |
CN111181911A (en) * | 2019-08-23 | 2020-05-19 | 腾讯科技(深圳)有限公司 | Method, server, equipment and medium for protecting password blasting attack |
CN114024752A (en) * | 2021-11-08 | 2022-02-08 | 北京天融信网络安全技术有限公司 | Network security defense method, equipment and system based on whole network linkage |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108040039A (en) | A kind of method, apparatus, equipment and system for identifying attack source information | |
CN109660539B (en) | Method and device for identifying defect-losing equipment, electronic equipment and storage medium | |
US9813451B2 (en) | Apparatus and method for detecting cyber attacks from communication sources | |
CN101841533B (en) | Method and device for detecting distributed denial-of-service attack | |
US9160761B2 (en) | Selection of a countermeasure | |
KR101369727B1 (en) | Apparatus and method for controlling traffic based on captcha | |
CN112866185B (en) | Network traffic monitoring device and abnormal traffic detection method | |
US20160248788A1 (en) | Monitoring apparatus and method | |
CN108270722B (en) | Attack behavior detection method and device | |
CN108574668B (en) | DDoS attack flow peak value prediction method based on machine learning | |
EP4064097A1 (en) | Blockchain-based host security monitoring method and apparatus, medium and electronic device | |
Gupta et al. | Semi-Markov modeling of dependability of VoIP network in the presence of resource degradation and security attacks | |
CN113660224A (en) | Situation awareness defense method, device and system based on network vulnerability scanning | |
CN110880983A (en) | Penetration testing method and device based on scene, storage medium and electronic device | |
KR20130006750A (en) | Method for identifying a denial of service attack and apparatus for the same | |
CN112685682A (en) | Method, device, equipment and medium for identifying forbidden object of attack event | |
CN105812200A (en) | Abnormal behavior detection method and device | |
CN108712365B (en) | DDoS attack event detection method and system based on flow log | |
CN110381047B (en) | Network attack surface tracking method, server and system | |
CN109005181A (en) | A kind of detection method, system and the associated component of DNS amplification attack | |
RU2531878C1 (en) | Method of detection of computer attacks in information and telecommunication network | |
CN109729084B (en) | Network security event detection method based on block chain technology | |
US20210185069A1 (en) | Automatic detection of network strain using response time metrics | |
CN106850562A (en) | A kind of malice peripheral hardware detecting system and method | |
KR100772177B1 (en) | Method and apparatus for generating intrusion detection event to test security function |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180515 |
|
RJ01 | Rejection of invention patent application after publication |