CN108566394A - A kind of information processing method and device - Google Patents

A kind of information processing method and device Download PDF

Info

Publication number
CN108566394A
CN108566394A CN201810337962.4A CN201810337962A CN108566394A CN 108566394 A CN108566394 A CN 108566394A CN 201810337962 A CN201810337962 A CN 201810337962A CN 108566394 A CN108566394 A CN 108566394A
Authority
CN
China
Prior art keywords
message
log
sent
login
address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810337962.4A
Other languages
Chinese (zh)
Other versions
CN108566394B (en
Inventor
张惊申
任方英
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Security Technologies Co Ltd
Original Assignee
New H3C Security Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Security Technologies Co Ltd filed Critical New H3C Security Technologies Co Ltd
Priority to CN201810337962.4A priority Critical patent/CN108566394B/en
Publication of CN108566394A publication Critical patent/CN108566394A/en
Application granted granted Critical
Publication of CN108566394B publication Critical patent/CN108566394B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1491Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment

Abstract

The embodiment of the present application provides a kind of information processing method and device.The method includes:After the determining login message satisfaction from the first source address is preset and hits library rule, when receiving each login message from the first source address, the authentication failed information for each login message is sent to the first source address;Obtain the log-on message in each login message;Log-on message to be verified is received, judges in the log-on message obtained whether to include log-on message to be verified, and send a warning message when comprising log-on message to be verified;And/or, the log-on message of acquisition is sent to each preset address, so that the corresponding equipment of verifying of each preset address determines that the first log-on message is to have revealed log-on message when in verifying log-on message including the first log-on message of itself storage, it includes the log-on message for logging in first server to log in message.Using scheme provided by the embodiments of the present application, information security can be improved.

Description

A kind of information processing method and device
Technical field
This application involves fields of communication technology, more particularly to a kind of information processing method and device.
Background technology
With popularizing for computer and network, information technology is changing, is affecting the life style of the mankind.Various nets Network application emerges one after another, and security threat and net abuse are also growing day by day, and new demand is proposed to website webmaster.User name and These log-on messages of password are as the key for logging in each Website server, even more by strict protection, once leakage consequence is not It may imagine.
Attacker is by collecting the username and password revealed in internet, batch Website login server, to obtain To a series of username and passwords that can log in the Website server.Many users use identical user name in different web sites And password, therefore attacker can be by obtaining user in the username and password of the websites A so that logon attempt B network address, this is just It is to hit library attack.
The network equipment can detect (Deep Packet Inspection, DPI) technology to sending by deep layer data packet Login message to Website server carries out hitting library rule match, and then detects to hit library attack.For example, can be according to unit when Whether the quantity of the login message of interior reception or the login failure number in the unit interval are more than threshold value, to determine whether in the presence of Hit library attack.
It is generally only to block this attack, and attacker is prevented to continue to attack website service when detecting that hitting library attacks Device.Processing can prevent attack of the attacker to the Website server in this way.But the log-on message revealed still may be used It is utilized again by attacker, to log in other network servers, therefore information security is not high.
Invention content
The embodiment of the present application has been designed to provide a kind of information processing method and device, to improve information security.
In order to achieve the above object, the embodiment of the present application provides a kind of information processing method, is applied to the network equipment, should Method includes:
Determine login message from the first source address meet it is default hit library rule after, receiving from described the When each login message of one source address, sent to first source address for each authentication failed information for logging in message; Wherein, the message that logs in includes the log-on message for logging in first server;
Obtain the log-on message in each login message;
Log-on message to be verified is received, judges in the log-on message obtained whether to include the log-on message to be verified, and It sends a warning message when comprising the log-on message to be verified;And/or the log-on message of acquisition is sent to each default Location, so that the corresponding verification equipment of each preset address first login letter comprising itself storage in verifying the log-on message Determine that first log-on message is to have revealed log-on message when breath.
The embodiment of the present application provides another information processing method, is applied to second server, and this method includes:
Receive the log-on message that each network equipment is sent;Wherein, the log-on message is:The network equipment comes from determination The login message of first source address meet it is default hit library rule after, from from each login message of first source address It acquires;
The log-on message that each network equipment of reception is sent, is sent to each preset address so that it is each defaultly The corresponding verification equipment in location determines described first in the first log-on message comprising itself storage in verifying the log-on message Log-on message is to have revealed log-on message.
The embodiment of the present application provides a kind of information processing unit, is applied to the network equipment, which includes:
First sending module, after presetting in the determining login message satisfaction from the first source address and hitting library rule, When receiving each login message from first source address, sends to first source address and reported for each log in The authentication failed information of text;Wherein, the message that logs in includes the log-on message for logging in first server;
Acquisition module, for obtaining the log-on message in each login message;
Authentication module is additionally operable to receive log-on message to be verified, judges whether waited for comprising described in the log-on message obtained Log-on message is verified, and is sent a warning message when comprising the log-on message to be verified;And/or by the log-on message of acquisition It is sent to each preset address, so that the corresponding verification equipment of each preset address includes itself in verifying the log-on message Determine that first log-on message is to have revealed log-on message when the first log-on message of storage.
The embodiment of the present application provides another information processing unit, is applied to second server, which includes:
Second receiving module, the log-on message sent for receiving each network equipment;Wherein, the log-on message is: The network equipment is after the determining login message satisfaction from the first source address is preset and hits library rule, from from first source It is acquired in each login message of location;
Second sending module, for will receive each network equipment transmission log-on message, be sent to it is each defaultly Location, so that the corresponding verification equipment of each preset address first login letter comprising itself storage in verifying the log-on message Determine that first log-on message is to have revealed log-on message when breath.
The embodiment of the present application provides a kind of network equipment, which includes:Processor and machine readable storage are situated between Matter, the machine readable storage medium are stored with the machine-executable instruction that can be executed by the processor, the processor Promoted by the machine-executable instruction:Realize information processing method provided by the embodiments of the present application.This method includes:
Determine login message from the first source address meet it is default hit library rule after, receiving from described the When each login message of one source address, sent to first source address for each authentication failed information for logging in message; Wherein, the message that logs in includes the log-on message for logging in first server;
Obtain the log-on message in each login message;
Log-on message to be verified is received, judges in the log-on message obtained whether to include the log-on message to be verified, and It sends a warning message when comprising the log-on message to be verified;And/or the log-on message of acquisition is sent to each default Location, so that the corresponding verification equipment of each preset address first login letter comprising itself storage in verifying the log-on message Determine that first log-on message is to have revealed log-on message when breath.
The embodiment of the present application provides a kind of server, which includes:Processor and machine readable storage medium, institute It states machine readable storage medium and is stored with the machine-executable instruction that can be executed by the processor, the processor is described Machine-executable instruction promotes:Realize another information processing method provided by the embodiments of the present application.This method includes:
Receive the log-on message that each network equipment is sent;Wherein, the log-on message is:The network equipment comes from determination The login message of first source address meet it is default hit library rule after, from from each login message of first source address It acquires;
The log-on message that each network equipment of reception is sent, is sent to each preset address so that it is each defaultly The corresponding verification equipment in location determines described first in the first log-on message comprising itself storage in verifying the log-on message Log-on message is to have revealed log-on message.
The embodiment of the present application provides a kind of computer readable storage medium, is stored in the computer readable storage medium Computer program, computer program information processing method provided by the embodiments of the present application when being executed by processor.This method Including:
Determine login message from the first source address meet it is default hit library rule after, receiving from described the When each login message of one source address, sent to first source address for each authentication failed information for logging in message; Wherein, the message that logs in includes the log-on message for logging in first server;
Obtain the log-on message in each login message;
Log-on message to be verified is received, judges in the log-on message obtained whether to include the log-on message to be verified, and It sends a warning message when comprising the log-on message to be verified;And/or the log-on message of acquisition is sent to each default Location, so that the corresponding verification equipment of each preset address first login letter comprising itself storage in verifying the log-on message Determine that first log-on message is to have revealed log-on message when breath.
The embodiment of the present application provides a kind of computer readable storage medium, is stored in the computer readable storage medium Computer program, the computer program realize information processing method provided by the embodiments of the present application when being executed by processor.It should Method includes:
Receive the log-on message that each network equipment is sent;Wherein, the log-on message is:The network equipment comes from determination The login message of first source address meet it is default hit library rule after, from from each login message of first source address It acquires;
The log-on message that each network equipment of reception is sent, is sent to each preset address so that it is each defaultly The corresponding verification equipment in location determines described first in the first log-on message comprising itself storage in verifying the log-on message Log-on message is to have revealed log-on message.
Information processing method and device provided by the embodiments of the present application can detect the first source address to first service After what device was initiated hits library attack, each login message from first source address is continued to, and send out to the first source address Authentication failed information is sent, continues to send log-on message to trap attacker, collects more log-on messages that attacker grasps.Network Equipment sends a warning message when can include log-on message to be verified in log-on message.In this way, sending log-on message to be verified Equipment leak data can be handled according to warning information.And/or the network equipment can be by the log-on message of acquisition It is sent to each preset address, the corresponding verification equipment of each preset address can determine that itself is stored according to above-mentioned log-on message The first log-on message whether be to have revealed log-on message.In this way, each verification equipment can be determining the first log-on message When having revealed log-on message, corresponding defensive measure is executed to own system.Therefore the embodiment of the present application can improve information peace Quan Xing.Certainly, any product or method for implementing the application do not necessarily require achieving all the advantages described above at the same time.
Description of the drawings
In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, to embodiment or will show below There is attached drawing needed in technology description to be briefly described.It should be evident that the accompanying drawings in the following description is only this Some embodiments of application for those of ordinary skill in the art without creative efforts, can be with Obtain other attached drawings according to these attached drawings.
Fig. 1 is a kind of flow diagram of information processing method provided by the embodiments of the present application;
Fig. 2 is the flow diagram of another information processing method provided by the embodiments of the present application;
Fig. 3 is a kind of application scenarios schematic diagram provided by the embodiments of the present application;
Fig. 4 is a kind of structural schematic diagram of information processing unit provided by the embodiments of the present application;
Fig. 5 is the structural schematic diagram of another information processing unit provided by the embodiments of the present application;
Fig. 6 is a kind of structural schematic diagram of the network equipment provided by the embodiments of the present application;
Fig. 7 is a kind of structural schematic diagram of server provided by the embodiments of the present application.
Specific implementation mode
Below in conjunction with the attached drawing in the embodiment of the present application, technical solutions in the embodiments of the present application carries out clear, complete Whole description.Obviously, described embodiment is only a part of the embodiment of the application, instead of all the embodiments.Base Embodiment in the application, those of ordinary skill in the art are obtained all without making creative work Other embodiment shall fall in the protection scope of this application.
In order to improve information security, the embodiment of the present application provides a kind of information processing method and device.Below by The application is described in detail in specific embodiment.
Fig. 1 is a kind of flow diagram of information processing method provided by the embodiments of the present application, is applied to the network equipment, should The network equipment can be router or interchanger etc..The present embodiment includes the following steps S101~step S103.
Step S101:After the determining login message satisfaction from the first source address is preset and hits library rule, receiving When each login message from the first source address, sent to the first source address for each authentication failed letter for logging in message Breath.
Wherein, above-mentioned login message includes the log-on message for logging in first server, and first server can be one It is a or multiple.First server can be understood as Website server.First source address can be Internet protocol (Internet Protocol, IP) address.
It is default to hit library rule and may include:The taking for logging in first from the first source address received in preset duration The quantity of the login message of business device is more than preset quantity threshold value;And/or received in preset duration from the first source address The login failure number logged in message for logging in first server is more than preset times threshold value.
For example, 200 login messages from address 1.1.1.1 are received in 10 minutes, if preset quantity threshold value It is 50, it may be considered that the login message from address 1.1.1.1, which meets to preset, hits library rule;If this 200 login messages In have 180 login message login failures, i.e., login failure number be 180, when preset times threshold value be 50 when, then it is believed that come Meet to preset from the login message of address 1.1.1.1 and hits library rule.
It is above-mentioned default to hit library rule and be obtained from associated cloud server in advance.Above-mentioned preset duration, present count It measures threshold value and preset times threshold value all can be previously according to empirical value determination.
In the present embodiment, the message for carrying specific characteristic can be determined as by the network equipment after receiving each message Log in message.For example, specific characteristic may include login, userid, password etc..
After the determining login message satisfaction from the first source address is preset and hits library rule, it is believed that detected equipment profit Library is hit with the first source address to first server initiation to attack.After detecting that hitting library attacks, the present embodiment is not blocked and is attacked The person's of hitting hits library attack, but continues to each login message from the first source address, and is sent to the first source address For each authentication failed information for logging in message.Attacker also will continue to after receiving authentication failed information to the first clothes Business device, which is sent, logs in message.Attacker can be traped in this way to continue to send login message, attacked to which the network equipment can be collected into The more information that the person of hitting grasps.
Wherein, authentication failed page when authentication failed information can be authentication failed page info, i.e. network address login failure Face information.Authentication failed information can be obtained from the response message that first server is sent for login message in advance.
In the present embodiment, after the determining login message satisfaction from the first source address is preset and hits library rule, if network Equipment receives each login message from the first source address, and each login message is no longer forwarded to the first clothes by the network equipment Business device.
Step S102:Obtain the log-on message in each login message.
When getting the log-on message that each login message carries, each log-on message can be stored.Wherein, letter is logged in Breath includes username and password.The log-on message of acquisition is a plurality of.
Step S103:Log-on message to be verified is received, judges whether believe comprising login to be verified in the log-on message obtained Breath, and send a warning message when comprising log-on message to be verified;And/or the log-on message of acquisition is sent to each default Address, so that the corresponding verification equipment of each preset address includes the first log-on message of itself storage in verifying log-on message When determine the first log-on message be revealed log-on message.
Above-mentioned log-on message to be verified can be that user equipment is sent, and can also be what network server was sent.
When sending a warning message, send a warning message to the equipment for sending log-on message to be verified.The warning information can For indicating that log-on message to be verified is to have revealed log-on message.
Above-mentioned preset address can be:Mail address, client address, host address etc..Host address can for IP Location and/or the address media access control (Media Access Control, MAC) etc..
One preset address can correspond to a verification equipment.Verification equipment can be understood as the equipment in network, this is tested It can be Website server itself to demonstrate,prove equipment, or belong to the other equipment in same Intranet with Website server.It is each The enterprise or tissue for verifying equipment belonging network can be the member of anti-leak alliance organization.
Above-mentioned each verification equipment may include the corresponding verification equipment of first server.
It, can be according to mail protocol corresponding with mail address, by the login of acquisition when preset address is mail address Information through mail protocol massages are sent to each default mail address.For example, when mail protocol is smtp protocol, Ke Yigen According to message format as defined in the smtp protocol, the mail protocol message for carrying log-on message is generated, which is sent out It send to default mail address.
When preset address is client address, can will be obtained according to client protocol corresponding with client address Log-on message each default client address is sent to by client protocol message.
The corresponding equipment of verifying of each preset address can be verified when receiving the log-on message of network equipment transmission It states in log-on message and whether includes the first log-on message of itself storage, if it is present determining that the first log-on message is to have let out Reveal log-on message.Wherein, the first log-on message of verification equipment itself storage can be obtained from corresponding network server.
For example, verification equipment itself is stored with 1000 the first log-on messages, verification equipment receives log-on message and includes 5000, then can be directed to the first log-on message of each, by first log-on message respectively with 5000 log-on messages into Row matching, if successful match, is determined as the first log-on message of this to have revealed log-on message.
As shown in the above, the present embodiment can be sent out using the first source address to first server detecting attacker After that rises hits library attack, each login message from first source address is continued to, and test to the transmission of the first source address Failure information is demonstrate,proved, continues to send log-on message to trap attacker, collects more log-on messages that attacker grasps.The network equipment It sends a warning message when can include log-on message to be verified in log-on message.In this way, sending setting for log-on message to be verified It is standby leak data to be handled according to warning information.And/or the network equipment can send the log-on message of acquisition To each preset address, the corresponding verification equipment of each preset address can determine the of itself storage according to above-mentioned log-on message Whether one log-on message is to have revealed log-on message.In this way, each verification equipment can determine that the first log-on message is to have let out When revealing log-on message, corresponding defensive measure is executed to own system.Therefore the present embodiment can improve information security.
In another embodiment of the application, it is based on embodiment illustrated in fig. 1, in step S103, by the log-on message of acquisition When being sent to each preset address, may include:
The log-on message of acquisition is sent to second server, so that second server sends out each network equipment of reception The log-on message sent is sent to each preset address.
Wherein, second server can be the server being associated in advance with the above-mentioned network equipment.Second server can Think cloud server.Second server can be associated with multiple network equipments, and can receive each network equipment The log-on message of transmission.
Optionally, the log-on message that second server can send each network equipment received within a preset period of time It is sent to each preset address.
Above-mentioned preset time period can be using the period of current time as start time or finish time, and current time is At the time of when receiving the log-on message that the above-mentioned network equipment is sent.The time span of preset time period can be fixed duration or Variable duration.
Second server is sent to the log-on message of each preset address, it can be understood as what is received in preset time period is each The summary information for the log-on message that a network equipment is sent.Second server can be stepped on to what each network equipment of reception was sent It records information and carries out deduplication operation, the log-on message after duplicate removal is sent to each preset address, verification equipment can be improved in this way Processing speed.Wherein, deduplication operation can be understood as the operation that removal repeats.
Since the log-on message quantity determined in the above-mentioned network equipment is still than relatively limited, in order to make verification equipment obtain more More log-on messages, and then more leak datas are identified, the scheme of the present embodiment can be executed.
When the log-on message of acquisition is sent to second server, if there are the password of plaintext in log-on message, The clear-text passwords can also be converted to ciphertext password, transformed log-on message is sent to second server.In this way can The privacy of user data is improved as far as possible.It, can be by the Kazakhstan of clear-text passwords when the clear-text passwords is converted to ciphertext password Uncommon (hash) value is as ciphertext password corresponding with the clear-text passwords.
To sum up, log-on message can be sent to second server by the present embodiment, and second server is by each net of reception The log-on message that network equipment is sent is sent to each preset address, is sent to the corresponding verification equipment of each preset address in this way Log-on message is summarizing for the log-on message of each network equipment, log-on message it is more, information is more rich, therefore can be with So that verification equipment more accurately determines whether log-on message is to have revealed log-on message.
In another embodiment of the application, the network equipment by log-on message after being sent to each preset address, also The verification result from the first preset address can be received, which includes the second log-on message.First preset address can Think one in each preset address.
When verification result indicates that above-mentioned second log-on message is to have revealed log-on message, the network equipment presets ground to other Location sends notice message.
Wherein, other preset address are the preset address in addition to the first preset address in each preset address.It is above-mentioned logical Know that message carrying is used to indicate cancellation and verifies whether above-mentioned second log-on message is the instruction for having revealed log-on message.
In the present embodiment, when one, which is verified equipment, has verified that above-mentioned second log-on message is to have revealed log-on message, Notice message is sent to other preset address, other verification equipment no longer need to verify above-mentioned second log-on message in this way, The calculation amount of verification equipment is reduced as far as possible.
In another embodiment of the application, it is based on embodiment illustrated in fig. 1, the network equipment can also believe the login of acquisition Breath is sent to verification platform, when so that verification platform including log-on message input by user in above-mentioned log-on message, determines and uses The log-on message of family input is to have revealed log-on message.
Wherein, verification platform can be understood as server.Verification platform can receive log-on message input by user, and will Log-on message input by user is matched with above-mentioned log-on message, if successful match, can determine input by user step on Record information is to have revealed log-on message.Verification platform can export prompt message to user, to prompt user's Modify password etc..
Can include stepping on for user name and ciphertext password when the log-on message of acquisition is sent to verification platform by the network equipment Record information is sent to verification platform.The privacy of user data can be improved as far as possible in this way.
Password input by user can be converted to ciphertext password, after conversion by verification platform when matching log-on message Ciphertext password and user name matched with above-mentioned log-on message.
After successful match, verification platform can also be labeled the log-on message of successful match.Receiving other When log-on message input by user, the log-on message of other users input is verified from unlabelled log-on message.In this way can Improve the computational efficiency of verification platform.
The present embodiment can provide a user verification platform, can when verification being obtained the log-on message of user being leaked To prompt user's Modify password, the influence of leak data can be reduced in this way, improves the safety of information.
In another embodiment of the application, above-mentioned authentication failed information includes the login failure page for first server Face information.The present embodiment may be used following manner and obtain authentication failed page info:
Any log-on message is generated, any log-on message of generation, which is sent to first server, to be verified, and receives the The login failure page info that one server is sent when to any of the above-described log-on message authentication failed.
The authentication failed page info of first server can be more accurately obtained in this way.By the authentication failed page info When being sent to the first source address, the corresponding equipment of the first source address is not easy to detect that network equipment side has determined the equipment For attacker, concealment is more preferable.
In the present embodiment, when generating any log-on message, can within the scope of preset characters range and/or preset number with Machine selects preset quantity element as username and password.
When any log-on message is proved to be successful in first server, any log-on message can be regenerated, is continued Any log-on message of generation is sent to first server to verify, until authentication failed, receives the authentication failed page Information.
Fig. 2 is the flow diagram of another information processing method provided by the embodiments of the present application.This method embodiment is answered For second server.The method of the present embodiment includes step S201~step S202.
Step S201:Receive the log-on message that each network equipment is sent.
Wherein, above-mentioned log-on message is:The network equipment meets default hit in the determining login message from the first source address After the rule of library, acquired from from each login message of first source address.
Wherein, second server can be the server being associated in advance with the above-mentioned network equipment.Second server can Think cloud server.Second server can be associated with multiple network equipments, and can receive each network equipment The log-on message of transmission.
Step S202:The log-on message that each network equipment of reception is sent, is sent to each preset address, so that respectively The corresponding equipment of verifying of a preset address is determined in the first log-on message comprising itself storage in verifying above-mentioned log-on message First log-on message is to have revealed log-on message.
This step is specifically as follows, and the log-on message that each network equipment received in preset time period is sent is sent To each preset address.
Wherein, each verification equipment includes the corresponding verification equipment of first server.
Above-mentioned preset time period can be using the period of current time as start time or finish time, and current time is At the time of when receiving the log-on message that the above-mentioned network equipment is sent.The time span of preset time period can be fixed duration or Variable duration.
To sum up, the present embodiment can receive the log-on message that each network equipment is sent, and log-on message is sent to each Preset address, the corresponding equipment of verifying of each preset address can determine that the first of itself storage logs according to above-mentioned log-on message Whether information is to have revealed log-on message.In this way, each verification equipment can determine that the first log-on message is to have revealed login When information, corresponding defensive measure is executed to own system, therefore the present embodiment can improve information security.Meanwhile this reality It applies in example since the log-on message of each network equipment is sent to preset address, the comprehensive of log-on message can be improved in this way Property, it detects more fully to have revealed information.
In another embodiment of the application, it is based on embodiment illustrated in fig. 2, step S202 sets each network of reception The log-on message that preparation is sent when being sent to each preset address, may include:The login that each network equipment of reception is sent Information carries out deduplication operation, and the log-on message after duplicate removal is sent to each preset address.
In the present embodiment, removal duplicate data can improve the processing speed of verification equipment.
In another embodiment of the application, it is based on embodiment illustrated in fig. 2, second server may also receive from first The verification result of preset address.The verification result includes the second log-on message.First preset address can be each preset address In one.
When verification result indicates that above-mentioned second log-on message is to have revealed log-on message, second server can be to other Preset address sends notice message.
Wherein, other preset address are the preset address in addition to the first preset address in each preset address.Notice report Text, which carries, is used to indicate whether cancellation the second log-on message of verification is the instruction for having revealed log-on message.
In the present embodiment, when one, which is verified equipment, has verified that above-mentioned log-on message is to have revealed log-on message, Xiang Qi He sends notice message by preset address, other verification equipment no longer need to verify above-mentioned log-on message in this way, subtract as far as possible The calculation amount of equipment is verified less.
In another embodiment of the application, second server can also be by the login of each network equipment of acquisition transmission Information is sent to verification platform, is used so that verification platform determines when in above-mentioned log-on message including log-on message input by user The log-on message of family input is to have revealed log-on message.The log-on message that the present embodiment can obtain user in verification has been let out When dew, user's Modify password is prompted, the influence of leak data can be reduced in this way, improve the safety of information.
Second server can also count each and log in letter when receiving the log-on message that each network equipment is sent The occurrence number of breath.When the log-on message that verification obtains user is to have revealed log-on message, can also be prompted according to the number To user, such as the log-on message safety of user can be prompted very low etc. when the number is more than preset value, so that user Modify password as early as possible improves the safety of user information.
Fig. 1 and embodiment illustrated in fig. 2 are the embodiments obtained based on same inventive concept, and description can mutually join According to.
It elaborates again to the application with reference to specific example.
Fig. 3 is a kind of concrete application scene schematic diagram provided by the embodiments of the present application.Fig. 3 includes first in network 1 Server A and network equipment A, the first server B in network 2 and network equipment B.It network equipment A and network equipment B and tests Card platform is connect with second server.User equipment can access verification platform.Network equipment A, network equipment B and the second clothes Business device is the equipment of manufacturer M.Manufacturer M sets up anti-leak alliance organization, and the enterprise or tissue in network can select to be added and be somebody's turn to do Anti-leak alliance organization becomes the member of the anti-leak alliance organization.First server A, second server B and third server C is respectively the network server of network 1, network 2 and network 3.
Member in anti-leak alliance organization can be the company for the network equipment for buying manufacturer M, can also be not purchase Buy the company of the network equipment of manufacturer M.Having purchased the company of the network equipment of manufacturer M can both select that anti-leak alliance group is added It knits, can not also be added.
For example, network 1 and network 2 use the network equipment of manufacturer M, network 3 that the network of manufacturer M is not used to set It is standby;Network 2 and network 3 are the members in anti-leak alliance organization, and network 1 is not the member in anti-leak alliance organization.
Network equipment A can obtain log-on message dataA, and network equipment B can obtain log-on message dataB.Network is set DataA and dataB can be sent to second server by standby A and network equipment B.
DataA and dataB is carried out duplicate removal by second server, obtains log-on message DATA, and log-on message DATA is equal The verification equipment being sent in anti-leak alliance organization is sent to 3 middle pipe of the mail address of administrator B and network in network 2 The mail address of reason person C.Since network 1 is not the member in anti-leak alliance organization, second server is not to network 1 Middle administrator A sends log-on message DATA.The host of administrator B can verify DATA after receiving log-on message DATA In whether the log-on message dataxx of present networks comprising itself storage determines the log-on message of present networks when it is present Dataxx is to have revealed log-on message.
Second server, can be to the postal of administrator C when receiving the verification result of the mail address from administrator B Part address sends notice message, to notify administrator C cancels to verify whether above-mentioned dataxx is to have revealed log-on message.
DATA can also be sent to verification platform by second server.Verification platform can receive stepping on for user equipment transmission Information is recorded, which is matched with DATA, if successful match, then it is assumed that the log-on message that the user equipment is sent To have revealed log-on message.Verification platform can send the prompt of Modify password to user equipment.
Fig. 4 is a kind of structural schematic diagram of information processing unit provided by the embodiments of the present application.The device is applied to network Equipment, the network equipment can be router or interchanger etc..The device embodiment is corresponding with embodiment of the method shown in Fig. 1, Described device includes:
First sending module 401 hits library rule for meeting to preset in the determining login message from the first source address Afterwards, it when receiving each login message from first source address, sends to be directed to first source address and each step on Record the authentication failed information of message;Wherein, the message that logs in includes the log-on message for logging in first server;
Acquisition module 402, for obtaining the log-on message in each login message;
Whether authentication module 403 is additionally operable to receive log-on message to be verified, judge in the log-on message obtained comprising described Log-on message to be verified, and send a warning message when comprising the log-on message to be verified;And/or the login of acquisition is believed Breath is sent to each preset address, so that the corresponding verification equipment of each preset address includes certainly in verifying the log-on message Determine that first log-on message is to have revealed log-on message when the first log-on message of body storage.
In another embodiment of the application, the first sending module 401 in Fig. 4 embodiments is specifically used for:
The log-on message of acquisition is sent to second server, so that the second server will be in preset time period The log-on message that each network equipment of interior reception is sent is sent to each preset address.
In another embodiment of the application, the device in Fig. 4 embodiments further includes:
First receiving module (not shown), for receiving the verification result from the first preset address, the verification As a result include the second log-on message;
First sending module (not shown) is additionally operable to indicate that second log-on message is when the verification result When revealing log-on message, notice message is sent to other preset address;
Wherein, other described preset address be each preset address in addition to first preset address defaultly Location, the notice message carrying are used to indicate whether cancellation the second log-on message of verification is the instruction for having revealed log-on message.
In another embodiment of the application, the authentication module 403 in Fig. 4 embodiments is additionally operable to:
The log-on message of acquisition is sent to verification platform, so that the verification platform includes use in the log-on message When the log-on message of family input, determine that log-on message input by user is to have revealed log-on message.
In another embodiment of the application, in Fig. 4 embodiments, the authentication failed information includes to be directed to the server Login failure page info;The acquisition module 402 is additionally operable to obtain the login failure page letter using following operation Breath:
Any log-on message is generated, any log-on message of generation, which is sent to the first server, to be tested Card;
Receive the login failure page letter that the first server is sent when to any log-on message authentication failed Breath.
Since above-mentioned apparatus embodiment is obtained based on embodiment of the method, and this method technique effect having the same, Therefore details are not described herein for the technique effect of device embodiment.For device embodiments, since it is substantially similar to method Embodiment, so describing fairly simple, the relevent part can refer to the partial explaination of embodiments of method.
Fig. 5 is a kind of structural schematic diagram of information processing unit provided by the embodiments of the present application.The device embodiment application In second server.The device embodiment is corresponding with embodiment of the method shown in Fig. 2.The device includes:
Second receiving module 501, the log-on message sent for receiving each network equipment;Wherein, the log-on message For:The network equipment is after the determining login message satisfaction from the first source address is preset and hits library rule, from from described first It is acquired in each login message of source address;
Second sending module 502, the log-on message that each network equipment for that will receive is sent are sent to each default Address, so that first login comprising itself storage in verifying the log-on message of the corresponding verification equipment of each preset address Determine that first log-on message is to have revealed log-on message when information.
In another embodiment of the application, the second sending module 502 in Fig. 5 embodiments is specifically used for:
The log-on message that each network equipment of reception is sent carries out deduplication operation, and the log-on message after duplicate removal is sent To each preset address.
In another embodiment of the application, the second receiving module 501 in Fig. 5 embodiments is additionally operable to receive from the The verification result of one preset address, the verification result include the second log-on message;
Second sending module 502 is additionally operable to indicate that the second log-on message is to have revealed log-on message when the verification result When, send notice message to other preset address;
Wherein, other described preset address be each preset address in addition to first preset address defaultly Location, the notice message carrying are used to indicate whether cancellation the second log-on message of verification is the instruction for having revealed log-on message.
Fig. 6 is a kind of structural schematic diagram of the network equipment provided by the embodiments of the present application.The device includes:Processor 601 With machine readable storage medium 602, machine readable storage medium 602, which is stored with, can be held by the machine that processor 601 executes Row instruction, processor 601 are promoted by machine-executable instruction:Realize a kind of information processing method of the embodiment of the present application.The party Method includes:
Determine login message from the first source address meet it is default hit library rule after, receiving from described the When each login message of one source address, sent to first source address for each authentication failed information for logging in message; Wherein, the message that logs in includes the log-on message for logging in first server;
Obtain the log-on message in each login message;
Log-on message to be verified is received, judges in the log-on message obtained whether to include the log-on message to be verified, and It sends a warning message when comprising the log-on message to be verified;And/or the log-on message of acquisition is sent to each default Location, so that the corresponding verification equipment of each preset address first login letter comprising itself storage in verifying the log-on message Determine that first log-on message is to have revealed log-on message when breath.
To sum up, the present embodiment can be attacked detecting attacker using the library of hitting that the first source address is initiated to first server After hitting, each login message from first source address is continued to, and authentication failed information is sent to the first source address, Continue to send log-on message to trap attacker, collects more log-on messages that attacker grasps.The network equipment can log in It sends a warning message when in information including log-on message to be verified.In this way, the equipment for sending log-on message to be verified can basis Warning information handles leak data.And/or the log-on message of acquisition can be sent to each preset by the network equipment Address, the corresponding equipment of verifying of each preset address can determine the first log-on message of itself storage according to above-mentioned log-on message Whether it is to have revealed log-on message.In this way, each verification equipment can determine that the first log-on message is to have revealed log-on message When, corresponding defensive measure is executed to own system.Therefore the present embodiment can improve information security.
Fig. 7 is a kind of structural schematic diagram of server provided by the embodiments of the present application.The server includes:Processor 701 With machine readable storage medium 702, machine readable storage medium 702 is stored with the machine that can be executed by the processor 701 Executable instruction, processor 701 are promoted by machine-executable instruction:Realize another information processing side of the embodiment of the present application Method.This method includes:
Receive the log-on message that each network equipment is sent;Wherein, the log-on message is:The network equipment comes from determination The login message of first source address meet it is default hit library rule after, from from each login message of first source address It acquires;
The log-on message that each network equipment of reception is sent, is sent to each preset address so that it is each defaultly The corresponding verification equipment in location determines described first in the first log-on message comprising itself storage in verifying the log-on message Log-on message is to have revealed log-on message.
To sum up, the present embodiment can receive the log-on message that each network equipment is sent, and log-on message is sent to each Preset address, the corresponding equipment of verifying of each preset address can determine that the first of itself storage logs according to above-mentioned log-on message Whether information is to have revealed log-on message.In this way, each verification equipment can determine that the first log-on message is to have revealed login When information, corresponding defensive measure is executed to own system, therefore the present embodiment can improve information security.Meanwhile this reality It applies in example since the log-on message of each network equipment is sent to preset address, the comprehensive of log-on message can be improved in this way Property, it detects more fully to have revealed information.
The embodiment of the present application provides a kind of computer readable storage medium, is stored in the computer readable storage medium Computer program, the computer program realize a kind of information processing method of the embodiment of the present application when being executed by processor.It should Method includes:
Determine login message from the first source address meet it is default hit library rule after, receiving from described the When each login message of one source address, sent to first source address for each authentication failed information for logging in message; Wherein, the message that logs in includes the log-on message for logging in first server;
Obtain the log-on message in each login message;
Log-on message to be verified is received, judges in the log-on message obtained whether to include the log-on message to be verified, and It sends a warning message when comprising the log-on message to be verified;And/or the log-on message of acquisition is sent to each default Location, so that the corresponding verification equipment of each preset address first login letter comprising itself storage in verifying the log-on message Determine that first log-on message is to have revealed log-on message when breath.
To sum up, the present embodiment can be attacked detecting attacker using the library of hitting that the first source address is initiated to first server After hitting, each login message from first source address is continued to, and authentication failed information is sent to the first source address, Continue to send log-on message to trap attacker, collects more log-on messages that attacker grasps.The network equipment can log in It sends a warning message when in information including log-on message to be verified.In this way, the equipment for sending log-on message to be verified can basis Warning information handles leak data.And/or the log-on message of acquisition can be sent to each preset by the network equipment Address, the corresponding equipment of verifying of each preset address can determine the first log-on message of itself storage according to above-mentioned log-on message Whether it is to have revealed log-on message.In this way, each verification equipment can determine that the first log-on message is to have revealed log-on message When, corresponding defensive measure is executed to own system.Therefore the present embodiment can improve information security.
The embodiment of the present application provides a kind of computer readable storage medium, is stored in the computer readable storage medium Computer program realizes another information processing method of the embodiment of the present application when computer program is executed by processor.The party Method includes:
Receive the log-on message that each network equipment is sent;Wherein, the log-on message is:The network equipment comes from determination The login message of first source address meet it is default hit library rule after, from from each login message of first source address It acquires;
The log-on message that each network equipment of reception is sent, is sent to each preset address so that it is each defaultly The corresponding verification equipment in location determines the first login in the first log-on message comprising itself storage in verifying the log-on message Information is to have revealed log-on message.
To sum up, the present embodiment can receive the log-on message that each network equipment is sent, and log-on message is sent to each Preset address, the corresponding equipment of verifying of each preset address can determine that the first of itself storage logs according to above-mentioned log-on message Whether information is to have revealed log-on message.In this way, each verification equipment can determine that the first log-on message is to have revealed login When information, corresponding defensive measure is executed to own system, therefore the present embodiment can improve information security.Meanwhile this reality It applies in example since the log-on message of each network equipment is sent to preset address, the comprehensive of log-on message can be improved in this way Property, it detects more fully to have revealed information.
It should be noted that herein, relational terms such as first and second and the like are used merely to a reality Body or operation are distinguished with another entity or operation, are deposited without necessarily requiring or implying between these entities or operation In any actual relationship or order or sequence.Moreover, the terms "include", "comprise" or any other variant be intended to it is non- It is exclusive to include, so that the process, method, article or equipment including a series of elements includes not only those elements, But also include other elements that are not explicitly listed, or further include solid by this process, method, article or equipment Some elements.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including There is also other identical elements in the process, method, article or equipment of the element.
Each embodiment in this specification is all made of relevant mode and describes, identical similar portion between each embodiment Point just to refer each other, and each embodiment focuses on the differences from other embodiments.
The foregoing is merely the preferred embodiments of the application, are not intended to limit the protection domain of the application.It is all Any modification, equivalent substitution, improvement and etc. done within spirit herein and principle are all contained in the protection domain of the application It is interior.

Claims (15)

1. a kind of information processing method, which is characterized in that it is applied to the network equipment, the method includes:
After the determining login message satisfaction from the first source address is preset and hits library rule, first source is come from receiving When each login message of address, sent to first source address for each authentication failed information for logging in message;Wherein, The message that logs in includes the log-on message for logging in first server;
Obtain the log-on message in each login message;
Log-on message to be verified is received, judges in the log-on message obtained whether to include the log-on message to be verified, and wrapping It sends a warning message when containing the log-on message to be verified;And/or the log-on message of acquisition is sent to each preset address, So that corresponding the first log-on message verified equipment and include itself storage in verifying the log-on message of each preset address When determine first log-on message be revealed log-on message.
2. according to the method described in claim 1, it is characterized in that, it is described the log-on message of acquisition is sent to it is each default The step of location, including:
The log-on message of acquisition is sent to second server, so that the second server sets each network of reception The log-on message that preparation is sent is sent to each preset address.
3. according to the method described in claim 1, it is characterized in that, the method further includes:
The verification result from the first preset address is received, the verification result includes the second log-on message;
When the verification result indicates that second log-on message is to have revealed log-on message, sent to other preset address logical Know message;
Wherein, other described preset address are the preset address in addition to first preset address, institute in each preset address It states notice message carrying and is used to indicate whether cancellation verification second log-on message is the instruction for having revealed log-on message.
4. according to the method described in claim 1, it is characterized in that, the method further includes:
The log-on message of acquisition is sent to verification platform, so that the verification platform is defeated comprising user in the log-on message When the log-on message entered, determine that log-on message input by user is to have revealed log-on message.
5. according to the method described in claim 1, it is characterized in that, the authentication failed information includes to be directed to the first service The login failure page info of device;The login failure page info is then obtained in the following ways:
Any log-on message is generated, any log-on message of generation, which is sent to the first server, to be verified;
Receive the login failure page info that the first server is sent when to any log-on message authentication failed.
6. a kind of information processing method, which is characterized in that it is applied to second server, the method includes:
Receive the log-on message that each network equipment is sent;Wherein, the log-on message is:The network equipment is being determined from first The login message of source address meet it is default hit library rule after, obtained from from each login message of first source address It obtains;
The log-on message that each network equipment of reception is sent, is sent to each preset address, so that each preset address pair The verification equipment answered determines that described first logs in the first log-on message comprising itself storage in verifying the log-on message Information is to have revealed log-on message.
7. according to the method described in claim 6, it is characterized in that, the login that each network equipment by reception is sent is believed The step of ceasing, being sent to each preset address, including:
The log-on message that each network equipment of reception is sent carries out deduplication operation, and the log-on message after duplicate removal is sent to respectively A preset address.
8. according to the method described in claim 6, it is characterized in that, the method further includes:
The verification result from the first preset address is received, the verification result includes the second log-on message;
When the verification result indicates that second log-on message is to have revealed log-on message, sent to other preset address logical Know message;
Wherein, other described preset address are the preset address in addition to first preset address, institute in each preset address It states notice message carrying and is used to indicate whether cancellation verification second log-on message is the instruction for having revealed log-on message.
9. a kind of information processing unit, which is characterized in that be applied to the network equipment, described device includes:
First sending module is connecing after presetting in the determining login message satisfaction from the first source address and hitting library rule When receiving each login message from first source address, sent to first source address for each login message Authentication failed information;Wherein, the message that logs in includes the log-on message for logging in first server;
Acquisition module, for obtaining the log-on message in each login message;
Authentication module judges in the log-on message obtained whether to be verified to be stepped on comprising described for receiving log-on message to be verified Information is recorded, and is sent a warning message when comprising the log-on message to be verified;And/or the log-on message of acquisition is sent to Each preset address, so that the corresponding verification equipment of each preset address includes itself storage in verifying the log-on message Determine that first log-on message is to have revealed log-on message when the first log-on message.
10. device according to claim 9, which is characterized in that first sending module is specifically used for:
The log-on message of acquisition is sent to second server, so that the second server will connect within a preset period of time The log-on message that each network equipment received is sent is sent to each preset address.
11. device according to claim 9, which is characterized in that described device further includes:
First receiving module, for receiving the verification result from the first preset address, the verification result includes the second login Information;
First sending module is additionally operable to when the verification result indicates that second log-on message is to have revealed log-on message, Notice message is sent to other preset address;
Wherein, other described preset address are the preset address in addition to first preset address, institute in each preset address It states notice message carrying and is used to indicate whether cancellation verification second log-on message is the instruction for having revealed log-on message.
12. device according to claim 9, which is characterized in that the authentication module is additionally operable to:
The log-on message of acquisition is sent to verification platform, so that the verification platform is defeated comprising user in the log-on message When the log-on message entered, determine that log-on message input by user is to have revealed log-on message.
13. a kind of information processing unit, which is characterized in that be applied to second server, described device includes:
Second receiving module, the log-on message sent for receiving each network equipment;Wherein, the log-on message is:Network Equipment is after the determining login message satisfaction from the first source address is preset and hits library rule, from from first source address It is acquired in each login message;
Second sending module, the log-on message that each network equipment for that will receive is sent, is sent to each preset address, with Make the corresponding verification equipment of each preset address in the first log-on message comprising itself storage in verifying the log-on message Determine that first log-on message is to have revealed log-on message.
14. a kind of network equipment, which is characterized in that including:Processor and machine readable storage medium, the machine readable storage Media storage has the machine-executable instruction that can be executed by the processor, and the processor is by the machine-executable instruction Promote:Realize any method and steps of claim 1-5.
15. a kind of server, which is characterized in that including:Processor and machine readable storage medium, the machine readable storage are situated between Matter is stored with the machine-executable instruction that can be executed by the processor, and the processor is promoted by the machine-executable instruction Make:Realize any method and steps of claim 6-8.
CN201810337962.4A 2018-04-16 2018-04-16 Information processing method and device Active CN108566394B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810337962.4A CN108566394B (en) 2018-04-16 2018-04-16 Information processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810337962.4A CN108566394B (en) 2018-04-16 2018-04-16 Information processing method and device

Publications (2)

Publication Number Publication Date
CN108566394A true CN108566394A (en) 2018-09-21
CN108566394B CN108566394B (en) 2020-10-02

Family

ID=63535144

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810337962.4A Active CN108566394B (en) 2018-04-16 2018-04-16 Information processing method and device

Country Status (1)

Country Link
CN (1) CN108566394B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109446789A (en) * 2018-10-22 2019-03-08 武汉极意网络科技有限公司 Anticollision library method, equipment, storage medium and device based on artificial intelligence
CN109815689A (en) * 2018-12-28 2019-05-28 北京奇安信科技有限公司 A kind of website cipher safety guard method and device
CN112153052A (en) * 2020-09-25 2020-12-29 北京微步在线科技有限公司 Method and system for monitoring database collision attack

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102006271A (en) * 2008-09-02 2011-04-06 F2威尔股份有限公司 IP address secure multi-channel authentication for online transactions
US20140298038A1 (en) * 2013-03-26 2014-10-02 Tata Consultancy Services Limited Generation of randomized messages for cryptographic hash functions
CN104811449A (en) * 2015-04-21 2015-07-29 深信服网络科技(深圳)有限公司 Base collision attack detecting method and system
CN105577670A (en) * 2015-12-29 2016-05-11 南威软件股份有限公司 Warning system of database-hit attack
CN105939326A (en) * 2016-01-18 2016-09-14 杭州迪普科技有限公司 Message processing method and device
CN106209907A (en) * 2016-08-30 2016-12-07 杭州华三通信技术有限公司 A kind of method and device detecting malicious attack
CN107770112A (en) * 2016-08-15 2018-03-06 娄奥林 A kind of method for preventing that account is stolen and server

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102006271A (en) * 2008-09-02 2011-04-06 F2威尔股份有限公司 IP address secure multi-channel authentication for online transactions
US20140298038A1 (en) * 2013-03-26 2014-10-02 Tata Consultancy Services Limited Generation of randomized messages for cryptographic hash functions
CN104811449A (en) * 2015-04-21 2015-07-29 深信服网络科技(深圳)有限公司 Base collision attack detecting method and system
CN105577670A (en) * 2015-12-29 2016-05-11 南威软件股份有限公司 Warning system of database-hit attack
CN105939326A (en) * 2016-01-18 2016-09-14 杭州迪普科技有限公司 Message processing method and device
CN107770112A (en) * 2016-08-15 2018-03-06 娄奥林 A kind of method for preventing that account is stolen and server
CN106209907A (en) * 2016-08-30 2016-12-07 杭州华三通信技术有限公司 A kind of method and device detecting malicious attack

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109446789A (en) * 2018-10-22 2019-03-08 武汉极意网络科技有限公司 Anticollision library method, equipment, storage medium and device based on artificial intelligence
CN109815689A (en) * 2018-12-28 2019-05-28 北京奇安信科技有限公司 A kind of website cipher safety guard method and device
CN112153052A (en) * 2020-09-25 2020-12-29 北京微步在线科技有限公司 Method and system for monitoring database collision attack

Also Published As

Publication number Publication date
CN108566394B (en) 2020-10-02

Similar Documents

Publication Publication Date Title
Thomas et al. Protecting accounts from credential stuffing with password breach alerting
Hu et al. {End-to-End} measurements of email spoofing attacks
Cui et al. A quantitative analysis of the insecurity of embedded network devices: results of a wide-area scan
CN105897782B (en) A kind of processing method and processing device of the call request for interface
Brugger et al. An assessment of the DARPA IDS Evaluation Dataset using Snort
CN104184713B (en) Terminal identification method, machine identifier register method and corresponding system, equipment
CN103067385B (en) The method of defence Hijack Attack and fire compartment wall
CN105939326A (en) Message processing method and device
Palmieri et al. Automatic security assessment for next generation wireless mobile networks
CN108566394A (en) A kind of information processing method and device
CN104363240A (en) Unknown threat comprehensive detection method based on information flow behavior validity detection
Fraunholz et al. Defending web servers with feints, distraction and obfuscation
CN106209907B (en) Method and device for detecting malicious attack
Dai et al. The hijackers guide to the galaxy:{Off-Path} taking over internet resources
CN106790073B (en) Blocking method and device for malicious attack of Web server and firewall
Harsha et al. Bicycle attacks considered harmful: Quantifying the damage of widespread password length leakage
Vykopal et al. Network-based dictionary attack detection
Vetterl Honeypots in the age of universal attacks and the Internet of Things
Gavazzi et al. A Study of {Multi-Factor} and {Risk-Based} Authentication Availability
CN110502896B (en) Leakage monitoring method and system for website information and related device
CN104252598B (en) A kind of method and device detected using loophole
WO2014059159A2 (en) Systems and methods for testing and managing defensive network devices
Brindtha et al. Identification and detecting of attacker in a purchase portal using honeywords
Vo et al. Protecting web 2.0 services from botnet exploitations
CN108600209A (en) A kind of information processing method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant