CN108040039A - A kind of method, apparatus, equipment and system for identifying attack source information - Google Patents

A kind of method, apparatus, equipment and system for identifying attack source information Download PDF

Info

Publication number
CN108040039A
CN108040039A CN201711216816.8A CN201711216816A CN108040039A CN 108040039 A CN108040039 A CN 108040039A CN 201711216816 A CN201711216816 A CN 201711216816A CN 108040039 A CN108040039 A CN 108040039A
Authority
CN
China
Prior art keywords
black list
list information
information
cloud platform
attack source
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711216816.8A
Other languages
Chinese (zh)
Inventor
麦贤亮
邹荣新
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sangfor Technologies Co Ltd
Original Assignee
Sangfor Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sangfor Technologies Co Ltd filed Critical Sangfor Technologies Co Ltd
Priority to CN201711216816.8A priority Critical patent/CN108040039A/en
Publication of CN108040039A publication Critical patent/CN108040039A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of method for identifying attack source information, including:Receive the black list information that destination server uploads;The black list information is the attack source information of destination server identification;The black list information is issued to the Servers-all perceived under cloud platform, so that Servers-all identifies the attack source information using the black list information.It can be seen that, in this programme, after attack source information generation black list information is recognized there are destination server, the black list information is uploaded to perception cloud platform, perceive the Servers-all that the black list information can be issued under the platform by cloud platform, so that other servers improve the ability of attack protection, a complete ecological chain is formed;The invention also discloses a kind of device, equipment, system and computer-readable recording medium for identifying attack source information, above-mentioned technique effect can be equally realized.

Description

A kind of method, apparatus, equipment and system for identifying attack source information
Technical field
The present invention relates to Brute Force Intrusion Detection Technique field, and attack source information is identified more specifically to one kind Method, apparatus, equipment, system and computer-readable recording medium.
Background technology
Brute Force refers in a service, and all possible situation is tested one by one in certain scope with the method for exhaustion Card, until the whole circumstances verify.Interception of the existing scheme to Brute Force is carried out after identifying attack source by fire wall Intercept, but this mode is only limited to the machine, and other servers also may proceed to be subject to violence due to the nonrecognition attack source The attack cracked.
Therefore, how attack source is identified, is art technology so as to improve the anti-attack ability of Servers-all Personnel's problem to be solved.
The content of the invention
Can it is an object of the invention to provide a kind of method, apparatus, equipment, system and computer for identifying attack source information Storage medium is read, to realize identification of the Servers-all to attack source, improves the anti-attack ability of Servers-all.
To achieve the above object, an embodiment of the present invention provides following technical solution:
A kind of method for identifying attack source information, including:
Receive the black list information that destination server uploads;The black list information is attacked for destination server identification Hit source information;
The black list information is issued to the Servers-all perceived under cloud platform, so that described in Servers-all utilization Black list information identifies the attack source information.
Wherein, after the black list information for receiving destination server and uploading, further include:
Utilize black list information renewal blacklist rule.
Wherein, this programme further includes:
Receive the blacklist Rule instruction that server is sent;
Instructed using the blacklist Rule, the blacklist rule after renewal is issued to the server.
Wherein, the black list information for receiving destination server and uploading, including:Destination server is received to take by detecting The black list information that business device uploads;
The Servers-all that the black list information is issued under perception cloud platform is included:By under the black list information All detection service devices perceived under cloud platform are sent to, are issued to the black list information by all detection service devices all Server.
A kind of device for identifying attack source information, including:
Information receiving module, for receiving the black list information of destination server upload;The black list information is described The attack source information of destination server identification;
Information issues module, for the black list information to be issued to the Servers-all perceived under cloud platform, so that Servers-all identifies the attack source information using the black list information.
Wherein, this programme further includes:
Update module, for utilizing black list information renewal blacklist rule.
Wherein, this programme further includes:
Command reception module, for receiving the blacklist Rule instruction of server transmission;
Rule issues module, and for being instructed using the blacklist Rule, the blacklist rule after renewal is issued To the server.
Wherein, described information receiving module is specifically used for:Receive the black name that destination server is uploaded by detection service device Single information;
Described information issues module and is specifically used for:The black list information is issued to all detections perceived under cloud platform Server, Servers-all is issued to by all detection service devices by the black list information.
One kind identification attack source information equipment, including:Memory, for storing computer program;Processor, for performing The step of method of above-mentioned identification attack source information is realized during the computer program.
A kind of computer-readable recording medium, is stored with computer program on the computer-readable recording medium, described The step of method of above-mentioned identification attack source information is realized when computer program is executed by processor.
A kind of system for identifying attack source information, including:
Server, source information is attacked for identifying;If destination server detects attack source information, generate and detect The corresponding black list information of attack source information, and be uploaded to perception cloud platform;
The perception cloud platform, for receiving the black list information of destination server upload;By under the black list information The Servers-all perceived under cloud platform is sent to, so that Servers-all identifies the attack source letter using the black list information Breath.
Wherein, the system comprises at least one detection service device being connected with the perception cloud platform, each detection clothes Business device is connected with corresponding server;
Each detection service device is used for the black list information for sending the destination server being connected with this detection service device Reach the perception cloud platform;
Each detection service device is additionally operable to the black list information that the perception cloud platform issues being issued to each detecting The Servers-all that server is connected.
By above scheme, a kind of method for identifying attack source information provided in an embodiment of the present invention, including:Receive The black list information that destination server uploads;The black list information is the attack source information of destination server identification;Will The black list information is issued to the Servers-all perceived under cloud platform, so that Servers-all utilizes the black list information Identify the attack source information.
As it can be seen that in the present solution, after attack source information generation black list information is recognized there are destination server, incite somebody to action The black list information is uploaded to perception cloud platform, perceives all clothes that the black list information can be issued under the platform by cloud platform Business device, so that other servers improve the ability of attack protection, forms a complete ecological chain;The invention also discloses one kind Device, equipment, system and the computer-readable recording medium of identification attack source information, can equally realize above-mentioned technique effect.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing There is attached drawing needed in technology description to be briefly described, it should be apparent that, drawings in the following description are only this Some embodiments of invention, for those of ordinary skill in the art, without creative efforts, can be with Other attached drawings are obtained according to these attached drawings.
Fig. 1 is a kind of method flow schematic diagram for identifying attack source information disclosed by the embodiments of the present invention;
Fig. 2 is the method flow schematic diagram that source information is attacked in identification disclosed by the embodiments of the present invention;
Fig. 3 is identification attack source information system structure schematic diagram disclosed by the embodiments of the present invention;
Fig. 4 is a kind of apparatus structure schematic diagram for identifying attack source information disclosed by the embodiments of the present invention;
Fig. 5 is a kind of system structure diagram for identifying attack source information disclosed by the embodiments of the present invention.
Embodiment
Below in conjunction with the attached drawing in the embodiment of the present invention, the technical solution in the embodiment of the present invention is carried out clear, complete Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, those of ordinary skill in the art are obtained every other without creative efforts Embodiment, belongs to the scope of protection of the invention.
The attack method, apparatus of source information, equipment, system and computer-readable are identified the embodiment of the invention discloses a kind of Storage medium, to realize identification of the Servers-all to attack source, improves the anti-attack ability of Servers-all.
Referring to Fig. 1, a kind of method for identifying attack source information provided in an embodiment of the present invention, including:
S101, receive the black list information that destination server uploads;The black list information is known for the destination server Other attack source information;
In the present solution, each server needs to detect whether book server has the attack of attack source, if then generating Black list information, and the black list information is uploaded to perception cloud platform;Also, the attack pattern in this programme can be more Kind, in the present solution, this programme is described in detail so that attack pattern is Brute Force as an example.
If the attack pattern of attack source is Brute Force, then referring to Fig. 2, the destination server identification that this programme provides is attacked The method for hitting source information specifically includes:
S201, the system log for reading book server;
Specifically, in the present solution, server can periodically read system log, whether there is violence to break to detect in daily record Solve daily record.
S202, judge whether there is login daily record in system log;If it is not, S201 is then continued to execute, if so, then performing S203;
In the present solution, determining whether that logging in type daily record specifically includes:Determine whether the ssh's of Linux system 22 port daily records, the 3389 port login daily records of the rdp of windows systems etc., daily record if not logged on, continues to obtain next Bar system log.
What S203, judgement logged in daily record logs in whether result is login failure;If it is not, S201 is then continued to execute, if so, then Perform S204;
S204, obtain login source IP, and counts login failure number;
If specifically, in the present solution, exist log in daily record, need to judge whether to be login failure, if logged on into Work(, flushing errors cumulative calculation.Continue to obtain next system log.If logged on failure, then record logs in source address, and tires out Add the login failure number of the login source IP;
It should be noted that Scattered Attack can be launched a offensive at the same time using multiple IP, make single IP login failures number Reduce, so as to avoid part fire wall explosion attack strategies;Therefore in the present solution, if there is unit interval same behavior Login source IP section, then the attack source for judging the login source IP section is Scattered Attack, also needs to record the login source IP section, And the login source IP section logs in the number of failure.
S205, judge whether to log in the login source IP that the frequency of failure is more than predetermined threshold;If being not present, continue to hold Row S201, if in the presence of performing S206;
S206, will log in login source IP that the frequency of failure is more than predetermined threshold as blacklist IP, block this IP blacklist And be reported to perception cloud platform.
Specifically, in the present solution, predetermined threshold can be configured by multiple actual verification, to logging in daily record progress During analysis, just find to log in the login source IP that the frequency of failure is more than predetermined threshold if do not analyzed, at this moment can continue to analyze On the basis of, directly blocked and reported using the login source IP as blacklist IP.
It should be noted that only it is described in this programme by taking attack pattern is Brute Force attack as an example, at this moment Black list information in this programme is blacklist IP, and if the attack pattern of other forms, black list information can be according to attack The different of mode carry out adaptive change, but black list information is played the role of all being identical, is provided to other clothes Business device can identify attack source according to the black list information, the effective anti-attack ability for improving Servers-all.
The black list information, is issued to the Servers-all perceived under cloud platform by S102, so that Servers-all is sharp The attack source information is identified with the black list information.
Specifically, perceiving cloud platform refers to that communication network can perceive existing network environment, by local environment Understand, adjust the strategy of communication network in real time, intelligently adapt to the change of professional environment.Meanwhile it is also equipped with from change middle school The ability of habit, and they can be used in the decision-making in future.When all decision-makings are done, network will be end-to-end target (end-to-end goals) takes into account.
Perception cloud platform in this programme is connected with server zone, and each server zone includes multiple servers, often A server can realize the identification to attack source, and behind each server identification attack source, can all generate blacklist letter Cease and send to cloud platform is perceived, black list information is issued to each servicing in each server zone by perceiving cloud platform Device, that is to say, that identify an attack source simply by the presence of a server, then by perceiving issuing for cloud platform, So that other Servers-alls identify the attack source, so as to avoid other servers from receiving the attack of the attack source again.
Based on the method for above-mentioned identification attack source information, in the present embodiment, perceive cloud platform and receive on destination server After the black list information of biography, further include:Utilize black list information renewal blacklist rule.
Specifically, perceive and blacklist rule is stored in cloud platform, include all blacklists in the blacklist rule Information, also, under normal circumstances, the regular blacklist rule with each server of blacklist perceived in cloud platform should be Consistent, therefore, if presence server detects new blacklist rule, need to update blacklist by the black list information Rule.
Further, in order to ensure the blacklist in each server rule with perceive cloud platform in blacklist rule one Cause, at this moment, the blacklist Rule instruction of server transmission can be received by perceiving cloud platform;Obtained using the blacklist rule Instruction fetch, the server is issued to by the blacklist rule after renewal, so as to fulfill each server blacklist rule with The blacklist rule perceived in cloud platform is consistent;Of course, perceiving cloud platform can also realize actively to each server push Blacklist rule is not specific herein to limit.
Based on the embodiment of the method for above-mentioned any identification attack source information, in the present embodiment, the reception destination service The black list information that device uploads, including:Receive the black list information that destination server is uploaded by detection service device;
The Servers-all that the black list information is issued under perception cloud platform is included:By under the black list information All detection service devices perceived under cloud platform are sent to, are issued to the black list information by all detection service devices all Server.
Specifically, referring to Fig. 3, in the present solution, each server passes through with perceiving when cloud platform carries out the transmission of data Detection service device realizes reporting and issuing for data as agency.Specifically, each server being connected with perceiving cloud platform There may be at least one detection service device in group, each detection service device is connected to multiple servers, is used for realization connection The black list information of server reporting and issuing.Pass through the introducing of detection service device, it is not necessary to perceive cloud platform and safeguard own The connection relation of server, it is only necessary to safeguard the connection relation with detection service device, and perceive cloud platform to black name When single information is issued, it is not required that sent to each server, it is only necessary to sent to each detection service device, so that It greatly reducing and perceive cloud platform load.It should be noted that detection service device in this programme at least with two servers It is connected, if the server of connection is very little, the effect of detection service device cannot be embodied.
The device of identification attack source information provided in an embodiment of the present invention is introduced below, identification described below is attacked The device and the above-described method for identifying attack source information for hitting source information can be cross-referenced.
Referring to Fig. 4, a kind of device for identifying attack source information provided in an embodiment of the present invention, including:
Information receiving module 10, for receiving the black list information of destination server upload;The black list information is institute State the attack source information of destination server identification;
Information issues module 20, for the black list information to be issued to the Servers-all perceived under cloud platform, with Servers-all is set to identify the attack source information using the black list information.
Wherein, the present embodiment further includes:
Update module, for utilizing black list information renewal blacklist rule;
Command reception module, for receiving the blacklist Rule instruction of server transmission;
Rule issues module, and for being instructed using the blacklist Rule, the blacklist rule after renewal is issued To the server.
Based on the device embodiment of above-mentioned identification attack source information, in the present embodiment, information receiving module is specifically used for: Receive the black list information that destination server is uploaded by detection service device;
Information issues module and is specifically used for:The black list information is issued to all detection services perceived under cloud platform Device, Servers-all is issued to by all detection service devices by the black list information.
A kind of identification attack source information equipment is also disclosed in the present embodiment, including:Memory, for storing computer Program;The step of processor, for performing computer program when realizes the method for above-mentioned identification attack source information.
A kind of computer-readable recording medium is also disclosed in the present embodiment, is deposited on the computer-readable recording medium Computer program is contained, the computer program realizes the step of the method for above-mentioned identification attack source information when being executed by processor Suddenly.
Specifically, the storage medium can include:USB flash disk, mobile hard disk, read-only storage (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disc or CD etc. are various can be with storage program The medium of code.
Referring to Fig. 5, a kind of system for identifying attack source information provided in an embodiment of the present invention, including:
Server 100, source information is attacked for identifying;If destination server detects attack source information, generation and inspection The corresponding black list information of attack source information measured, and be uploaded to and perceive cloud platform 200;
Cloud platform 200 is perceived, for receiving the black list information of destination server upload;The black list information is issued To the Servers-all perceived under cloud platform, so that Servers-all identifies the attack source letter using the black list information Breath;
And at least one detection service device 300 being connected with the perception cloud platform 200, each detection service device 300 It is connected with corresponding server 100;
Each detection service device 300 is used for the black list information for sending the destination server being connected with this detection service device It is uploaded to the perception cloud platform 200;
Each detection service device 300 be additionally operable to by the black list information that the perception cloud platform 200 issues be issued to often The Servers-all that a detection service device is connected.
As it can be seen that in the present solution, the attack source that the server attacked is drawn after analysis, can be by perceiving cloud platform Other servers are shared to, other servers is efficiently taken precautions against possible by attack, forms a complete ecological chain.
Each embodiment is described by the way of progressive in this specification, what each embodiment stressed be and other The difference of embodiment, between each embodiment identical similar portion mutually referring to.
The foregoing description of the disclosed embodiments, enables professional and technical personnel in the field to realize or use the present invention. A variety of modifications to these embodiments will be apparent for those skilled in the art, as defined herein General Principle can be realized in other embodiments without departing from the spirit or scope of the present invention.Therefore, it is of the invention The embodiments shown herein is not intended to be limited to, and is to fit to and the principles and novel features disclosed herein phase one The most wide scope caused.

Claims (12)

  1. A kind of 1. method for identifying attack source information, it is characterised in that including:
    Receive the black list information that destination server uploads;The black list information is the attack source of destination server identification Information;
    The black list information is issued to the Servers-all perceived under cloud platform, so that Servers-all utilizes the black name Single information identifies the attack source information.
  2. 2. according to the method described in claim 1, it is characterized in that, it is described receive destination server upload black list information it Afterwards, further include:
    Utilize black list information renewal blacklist rule.
  3. 3. according to the method described in claim 2, it is characterized in that, further include:
    Receive the blacklist Rule instruction that server is sent;
    Instructed using the blacklist Rule, the blacklist rule after renewal is issued to the server.
  4. 4. method as claimed in any of claims 1 to 3, it is characterised in that the reception destination server uploads Black list information, including:Receive the black list information that destination server is uploaded by detection service device;
    The Servers-all that the black list information is issued under perception cloud platform is included:The black list information is issued to All detection service devices under cloud platform are perceived, the black list information is issued to all services by all detection service devices Device.
  5. A kind of 5. device for identifying attack source information, it is characterised in that including:
    Information receiving module, for receiving the black list information of destination server upload;The black list information is the target The attack source information of server identification;
    Information issues module, for the black list information to be issued to the Servers-all perceived under cloud platform, so that all Black list information described in server by utilizing identifies the attack source information.
  6. 6. device according to claim 5, it is characterised in that further include:
    Update module, for utilizing black list information renewal blacklist rule.
  7. 7. device according to claim 6, it is characterised in that further include:
    Command reception module, for receiving the blacklist Rule instruction of server transmission;
    Rule issues module, and for being instructed using the blacklist Rule, the blacklist rule after renewal is issued to institute State server.
  8. 8. the device according to any one in claim 5 to 7, it is characterised in that described information receiving module is specifically used In:Receive the black list information that destination server is uploaded by detection service device;
    Described information issues module and is specifically used for:The black list information is issued to all detection services perceived under cloud platform Device, Servers-all is issued to by all detection service devices by the black list information.
  9. 9. one kind identification attack source information equipment, it is characterised in that including:
    Memory, for storing computer program;
    Processor, realizes that source information is attacked in identification as described in any one of Claims 1-4 during for performing the computer program Method the step of.
  10. 10. a kind of computer-readable recording medium, it is characterised in that be stored with computer on the computer-readable recording medium Program, the identification attack source information as described in any one of Claims 1-4 is realized when the computer program is executed by processor The step of method.
  11. A kind of 11. system for identifying attack source information, it is characterised in that including:
    Server, source information is attacked for identifying;If destination server detects attack source information, what is generated and detect attacks The corresponding black list information of source information is hit, and is uploaded to perception cloud platform;
    The perception cloud platform, for receiving the black list information of destination server upload;The black list information is issued to The Servers-all under cloud platform is perceived, so that Servers-all identifies the attack source information using the black list information.
  12. 12. system according to claim 11, it is characterised in that the system comprises what is be connected with the perception cloud platform At least one detection service device, each detection service device are connected with corresponding server;
    Each detection service device is used to the black list information that the destination server being connected with this detection service device is sent being uploaded to The perception cloud platform;
    Each detection service device is additionally operable to the black list information that the perception cloud platform issues being issued to and each detection service The Servers-all that device is connected.
CN201711216816.8A 2017-11-28 2017-11-28 A kind of method, apparatus, equipment and system for identifying attack source information Pending CN108040039A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711216816.8A CN108040039A (en) 2017-11-28 2017-11-28 A kind of method, apparatus, equipment and system for identifying attack source information

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711216816.8A CN108040039A (en) 2017-11-28 2017-11-28 A kind of method, apparatus, equipment and system for identifying attack source information

Publications (1)

Publication Number Publication Date
CN108040039A true CN108040039A (en) 2018-05-15

Family

ID=62093462

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711216816.8A Pending CN108040039A (en) 2017-11-28 2017-11-28 A kind of method, apparatus, equipment and system for identifying attack source information

Country Status (1)

Country Link
CN (1) CN108040039A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109005164A (en) * 2018-07-20 2018-12-14 深圳市网心科技有限公司 A kind of network system, equipment, network data exchange method and storage medium
CN109379347A (en) * 2018-09-29 2019-02-22 成都亚信网络安全产业技术研究院有限公司 A kind of safety protecting method and equipment
CN109862029A (en) * 2019-03-01 2019-06-07 论客科技(广州)有限公司 A kind of method and system of the reply Brute Force behavior using big data analysis
CN109981647A (en) * 2019-03-27 2019-07-05 北京百度网讯科技有限公司 Method and apparatus for detecting Brute Force
CN111181911A (en) * 2019-08-23 2020-05-19 腾讯科技(深圳)有限公司 Method, server, equipment and medium for protecting password blasting attack
CN114024752A (en) * 2021-11-08 2022-02-08 北京天融信网络安全技术有限公司 Network security defense method, equipment and system based on whole network linkage

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102137111A (en) * 2011-04-20 2011-07-27 北京蓝汛通信技术有限责任公司 Method and device for preventing CC (Challenge Collapsar) attack and content delivery network server
CN102694820A (en) * 2012-06-13 2012-09-26 华为技术有限公司 Processing method of signature rule, server and intrusion defending system
CN102916959A (en) * 2012-10-16 2013-02-06 百度在线网络技术(北京)有限公司 Blacklist synchronization method and device in cloud environment
US20140199975A1 (en) * 2013-01-15 2014-07-17 Apple Inc. Management of unwanted calls and/or text messages
CN105897674A (en) * 2015-11-25 2016-08-24 乐视云计算有限公司 DDoS attack protection method applied to CDN server group and system
CN106161395A (en) * 2015-04-20 2016-11-23 阿里巴巴集团控股有限公司 A kind of prevent the method for Brute Force, Apparatus and system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102137111A (en) * 2011-04-20 2011-07-27 北京蓝汛通信技术有限责任公司 Method and device for preventing CC (Challenge Collapsar) attack and content delivery network server
CN102694820A (en) * 2012-06-13 2012-09-26 华为技术有限公司 Processing method of signature rule, server and intrusion defending system
CN102916959A (en) * 2012-10-16 2013-02-06 百度在线网络技术(北京)有限公司 Blacklist synchronization method and device in cloud environment
US20140199975A1 (en) * 2013-01-15 2014-07-17 Apple Inc. Management of unwanted calls and/or text messages
CN106161395A (en) * 2015-04-20 2016-11-23 阿里巴巴集团控股有限公司 A kind of prevent the method for Brute Force, Apparatus and system
CN105897674A (en) * 2015-11-25 2016-08-24 乐视云计算有限公司 DDoS attack protection method applied to CDN server group and system

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109005164A (en) * 2018-07-20 2018-12-14 深圳市网心科技有限公司 A kind of network system, equipment, network data exchange method and storage medium
CN109379347A (en) * 2018-09-29 2019-02-22 成都亚信网络安全产业技术研究院有限公司 A kind of safety protecting method and equipment
CN109379347B (en) * 2018-09-29 2021-03-23 成都亚信网络安全产业技术研究院有限公司 Safety protection method and equipment
CN109862029A (en) * 2019-03-01 2019-06-07 论客科技(广州)有限公司 A kind of method and system of the reply Brute Force behavior using big data analysis
CN109981647A (en) * 2019-03-27 2019-07-05 北京百度网讯科技有限公司 Method and apparatus for detecting Brute Force
CN109981647B (en) * 2019-03-27 2021-07-06 北京百度网讯科技有限公司 Method and apparatus for detecting brute force cracking
CN111181911A (en) * 2019-08-23 2020-05-19 腾讯科技(深圳)有限公司 Method, server, equipment and medium for protecting password blasting attack
CN114024752A (en) * 2021-11-08 2022-02-08 北京天融信网络安全技术有限公司 Network security defense method, equipment and system based on whole network linkage

Similar Documents

Publication Publication Date Title
CN108040039A (en) A kind of method, apparatus, equipment and system for identifying attack source information
CN109660539B (en) Method and device for identifying defect-losing equipment, electronic equipment and storage medium
US9813451B2 (en) Apparatus and method for detecting cyber attacks from communication sources
CN101841533B (en) Method and device for detecting distributed denial-of-service attack
US9160761B2 (en) Selection of a countermeasure
KR101369727B1 (en) Apparatus and method for controlling traffic based on captcha
CN112866185B (en) Network traffic monitoring device and abnormal traffic detection method
US20160248788A1 (en) Monitoring apparatus and method
CN108270722B (en) Attack behavior detection method and device
CN108574668B (en) DDoS attack flow peak value prediction method based on machine learning
EP4064097A1 (en) Blockchain-based host security monitoring method and apparatus, medium and electronic device
Gupta et al. Semi-Markov modeling of dependability of VoIP network in the presence of resource degradation and security attacks
CN113660224A (en) Situation awareness defense method, device and system based on network vulnerability scanning
CN110880983A (en) Penetration testing method and device based on scene, storage medium and electronic device
KR20130006750A (en) Method for identifying a denial of service attack and apparatus for the same
CN112685682A (en) Method, device, equipment and medium for identifying forbidden object of attack event
CN105812200A (en) Abnormal behavior detection method and device
CN108712365B (en) DDoS attack event detection method and system based on flow log
CN110381047B (en) Network attack surface tracking method, server and system
CN109005181A (en) A kind of detection method, system and the associated component of DNS amplification attack
RU2531878C1 (en) Method of detection of computer attacks in information and telecommunication network
CN109729084B (en) Network security event detection method based on block chain technology
US20210185069A1 (en) Automatic detection of network strain using response time metrics
CN106850562A (en) A kind of malice peripheral hardware detecting system and method
KR100772177B1 (en) Method and apparatus for generating intrusion detection event to test security function

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180515

RJ01 Rejection of invention patent application after publication