CN109167754A - A kind of network application layer security protection system - Google Patents
A kind of network application layer security protection system Download PDFInfo
- Publication number
- CN109167754A CN109167754A CN201810832633.7A CN201810832633A CN109167754A CN 109167754 A CN109167754 A CN 109167754A CN 201810832633 A CN201810832633 A CN 201810832633A CN 109167754 A CN109167754 A CN 109167754A
- Authority
- CN
- China
- Prior art keywords
- module
- message
- detection module
- application layer
- characteristic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a kind of network application layer security protection systems, wherein, it include: packet parsing module for message to be judged and parsed, including SSL decryption, the information extraction of encoding and decoding standard normalized and message field (MFLD), the message characteristic extracted is then sent to detection module and carries out attack detecting;Detection module includes filter, black and white lists detection module and characteristic matching module;Behavioural analysis module is used to carry out the message characteristic data by detection module DDos attack verifying, and exports the message by verifying to Web server;Log audit module, for carrying out the behavior in Web protection process and abnormal audit, in feature analysis and matching process, Web mail is uploaded, SMTP and FTP data unofficial biography behavior send log audit module to and recorded and analyzed, during security protection, the access for violating strategy and rule is recorded.
Description
Technical field
The invention belongs to technical field of network security, especially a kind of network application layer security protection system.
Background technique
With the fast development of network, Web service makes big measuring mechanism with its distinctive high efficiency, ease for use and timeliness
Business is gone into Web application layer, e-commerce, E-Government, Web bank and social category website all use Web application mode into
Row access, Web are applied to indispensable a part in for people's lives.However as the fast development of Web application, safe shape
Gesture but allows of no optimist, and the security risk from Web level is higher and higher.According to statistics, 75% network attack all occurs to answer in Web
With layer, more seriously traditional safety prevention measure (network firewall, IDS/IPS and antivirus software) cannot effective ground resistance
The only attack of Web application layer, and Web application layer preventive means becomes the best weapon of protection Web application layer attack.
Summary of the invention
The purpose of the present invention is to provide a kind of network application layer security protection systems, for solving the above-mentioned prior art
Problem.
A kind of network application layer security protection system of the present invention, wherein include: log audit module, detection module, behavior
Analysis module and packet parsing module;Packet parsing module is used to that message to be judged and be parsed, including SSL decryption, volume
The information extraction of decoding standard normalized and message field (MFLD), then by the message characteristic extracted be sent to detection module into
Row attack detecting;Detection module includes filter, black and white lists detection module and characteristic matching module;Filter passes through matching
The character of malice, is such as matched to, then gives up message, and message characteristic is otherwise sent to black and white lists detection module;Black and white name
Single detection module is filtered and is limited with the IP address then to incoming message feature, will pass through black and white lists detection module
The message characteristic of IP address is sent to characteristic matching module;Characteristic matching module is used for the spy in data packet and intrusion feature database
Matching is compared in sign, judges attack, if it is determined that attack, by corresponding packet loss;Behavioural analysis module is used
It is verified in carrying out DDos attack to the message characteristic data by detection module, and the message by verifying is exported and is taken to Web
Business device;Log audit module, for carrying out the behavior in Web protection process and abnormal audit, in feature analysis and matching process
In, Web mail is uploaded, SMTP and FTP data unofficial biography behavior send log audit module to and recorded and analyzed, in safety
In protection process, the access for violating strategy and rule is recorded.
One embodiment of the network according to the invention application layer security guard system, wherein behavioural analysis module is to application
Main body, object and the time attribute of access carry out behavioural analysis, and the frequency of single IP access Web service is counted in conjunction with session management
Rate, to identify and prevent ddos attack.
One embodiment of the network according to the invention application layer security guard system, wherein packet parsing module includes SSL
Decryption/encryption module, coding standardization module and extraction message field (MFLD) module;SSL encryption/deciphering module is handled from client
The HTTP message transmitted, the purpose Web server of message forwarding is determined according to the domain HOST, and calls corresponding SSL certificate and close
Key carries out message decryption, carries out encryption forwarding issuing coding standardization module in plain text, and web server response message
To client;Coding standardization module carries out unified standard to message data, is responsible for processing HTTP message, first to each
Kind coding and character set are normalized and standardize;Message field (MFLD) module is extracted to be used for coding standardization standardization
The request of HTTP afterwards and response message content extract, and extract the master in the HOST field and POST request in request header
Body also extracts SetCookie field therein, and be sent to detection module for response message.
One embodiment of the network according to the invention application layer security guard system, wherein behavioural analysis module includes row
For analysis module and session management module;Behavioural analysis module is normally answered based on the study to application access, by learning records
With the attribute of access, behavioural characteristic library is established, behavioural analysis is carried out to application access according to behavioural characteristic library, to identify
The access behavior of abnormal attribute;Session management module carries out IP certification using Session, counts the access number of single IP, exceeds
Threshold value is blocked in time, to prevent the ddos attack of application layer.
One embodiment of the network according to the invention application layer security guard system, wherein the attribute of normal use access
It include: body attribute, object attribute, time attribute, parameter attribute and statistical attribute.
One embodiment of the network according to the invention application layer security guard system, wherein characteristic matching module is for dividing
The each content characteristic for analysing message, parses every feature, is indicated with the attribute grammar of regular expression, will be to
Feature string in the feature and intrusion feature database of detection messages carries out characteristic matching, if successful match, can determine whether for
Attack, by corresponding packet loss.
One embodiment of the network according to the invention application layer security guard system, wherein in black and white lists detection module,
If corresponding IP address is present in blacklist the message for selecting directly rejection IP address;If corresponding IP address is present in
In white list, then message is sent to abnormality detection module, abnormality detection module distorts http protocol specification for detecting malice
With the attack of input parameter.
The present invention attacks problem for network application layer polymorphic type, proposes a kind of network application layer security protection system, leads to
Packet parsing and the pretreatment of application layer are crossed, different application layer protocol feature is extracted, special word is carried out by detection module
Symbol filtering and characteristic matching, and the dynamic style of writing analysis for carrying out message finally infuses SQL to filter out malicious attack message
Enter, the networks malicious attack such as XSS, ddos attack carries out effectively security protection.
Detailed description of the invention
Fig. 1 show the schematic diagram of network application layer security protection system;
Fig. 2 show the workflow schematic diagram of packet parsing module;
Fig. 3 show a complete HTTP request packet check and security protection flow chart;
Specific embodiment
To keep the purpose of the present invention, content and advantage clearer, with reference to the accompanying drawings and examples, to of the invention
Specific embodiment is described in further detail.
Fig. 1 show the schematic diagram of network application layer security protection system, as shown in Figure 1, network application layer security protection
System includes: log audit module 2, detection module 4, behavioural analysis module 3 and packet parsing module 1.
As shown in Figure 1, application layer security guard system is by packet parsing module 1, detection module 4,3 and of behavioural analysis module
Log audit module 2 forms.
Fig. 2 show the workflow schematic diagram of packet parsing module, as shown in Figure 1 and Figure 2, packet parsing module 1
Including SSL decryption/encryption module 11, coding standardization module 12 and extract message field (MFLD) module 13.Packet parsing module 1
Operation object when output is exactly the rule match filtering of detection module 4, the effect of parsing directly affect application layer web firewall
Protection effect.The major function of packet parsing module 1 be analyze application layer different agreement message, including HTTP/HTTPS,
SMTP, FTP etc. obtain field to be detected, submit to characteristic matching engine and carry out web attack detecting.Due to more and more
High security web application mainly uses HTTPS agreement, all attacks are done effective detection must to SSL encryption flow into
Row decoding.
As shown in Figure 1 and Figure 2, SSL (Secure Socket Layer, secure socket layer protocol layer) is located at TCP/IP
Between agreement and various application layer protocols, safe support is provided for data communication.SSL encryption/deciphering module 11 is handled from client
Hold the HTTP message that transmits, the purpose Web server of message forwarding determined according to the domain HOST, and call corresponding SSL certificate and
Key carries out message decryption, issuing coding standardization module 12 in plain text, while web server response message being responsible for carry out
Encryption is transmitted to client.
As shown in Figure 1 and Figure 2, due to the particularity of web application, various character set and a variety of codings are supported in web application
Standard.These may become the main method that attacker bypasses existing defensive measure, right using coding standardization module 12
Input data carries out unified standard, effectively prevents various attacks from doing technique preparation for detection module 4.Coding standardization module
12 be responsible for processing HTTP messages, first to various coding such as URL encode, Unicode encode and various character set such as UTF-8,
GB2312 etc. is normalized and standardizes, and effectively identifies all kinds of codings and it is restored, prevent due to using different coding side
The deformation attack of formula or different character set bypasses defensive measure.
As shown in Figure 1 and Figure 2, after extraction message field (MFLD) module 13 is used for 12 standardization of coding standardization
The request of HTTP and response message content extract, and extract the main body in the HOST field and POST request in request header.It is right
In response message, the contents such as SetCookie field therein are also extracted.Extract the message characteristic that message field (MFLD) module 13 is extracted
(character), and it is sent to detection module 4.
As shown in Figure 1 and Figure 2, detection module 4 is mainly by filter 41, black and white lists detection module 42, characteristic matching
Module 43 forms.
Fig. 3 show a complete HTTP request packet check and security protection flow chart, as shown in figure 3, filter
41 pass through the character of matching malice, are matched to, then give up message, message characteristic is otherwise sent to black and white lists detection module
42.Its main design idea is the generation of any effective SQL injection attack, is all since malice input becomes data base querying
Or a part of order, so the input of malice needs leading portion or the subsequent code of truncation in closed routine, there are also the data of insertion
Library operation will efficiently use various blank characters.So blank character, the annotation of the various closures of filtering, truncation and database language
The spcial characters such as symbol can be effectively prevented injection loophole.
As shown in figure 3, black and white lists detection module 42 is to be filtered to the IP address of incoming message feature and effectively limit
System.Other than common rule set, can customized specific rule according to their needs, using white list module come specification user
Input, black list module prevents some malice from inputting and access sensitive information, such as database file and configuration file.If
Corresponding IP address is present in blacklist or white list, then abnormality detection module is directly refused or is sent in selection.Abnormal inspection
Module is surveyed to detect malice and distort the attack such as http protocol specification and input parameter, to do the security protection into one layer to realize depth
Degree defence.If IP address has passed through abnormality detection module in white list module, then behavioural analysis module 3 is directly forwarded.
As shown in figure 3, characteristic matching module 43 is responsible for data packet matching is compared with the feature in intrusion feature database,
Judge attack.Feature analysis module reads message, analyzes each content characteristic of message, solves to every feature
Analysis, is indicated with the attribute grammar of regular expression.Characteristic matching module is by the feature and intrusion feature database of message to be detected
In feature string carry out characteristic matching, if successful match, can determine whether as attack, by corresponding packet loss.
As shown in figure 3, behavioural analysis module 3 is mainly made of behavioural analysis 31 and session management module, it is defence DDos
The effective means of attack.
As shown in figure 3, behavioural analysis 31 is to be accessed based on the study to application access by learning records normal use
Attribute.These attributes include: body attribute, object attribute, time attribute, parameter attribute and the multiple dimensions of statistical attribute.Pass through
Behavioural characteristic library is established in study, behavioural analysis is carried out to application access according to behavioural characteristic library, to identify abnormal attribute
Access behavior.If having found the attack for Web server by behavioural analysis.
As shown in figure 3, session management module 32 can effectively security application layer ddos attack.Dialogue-based session pipe
Reason module 32 can effectively make up the session management loophole that Web applies itself, and dialogue-based proof rule can also be effectively
Security application layer ddos attack.IP certification is carried out using Session, the access number of single IP is counted, is carried out in time beyond threshold value
It blocks.One " Refresh " variable of insertion can prevent the refreshing of malice, and the page that can effectively limit time-consuming in this way is visited
It asks, normal access is had little effect, the ddos attack of application layer is effectively prevented.
As shown in Figure 1 to Figure 3, log audit module 2 carries out behavior and abnormal audit in Web protection process.Characteristic solution
In analysis and matching process, Web mail can be uploaded, the behaviors such as SMTP and FTP data unofficial biography send to log audit module into
Row record and analysis.Simultaneously during security protection, the access for violating strategy and rule can be recorded, convenient for uniting in the future
Meter analysis and evidence obtaining.
As shown in Figure 1 to Figure 3, the principle of inventive network application layer security guard system is illustrated, wherein include:
Packet parsing work.After client initiates application access request to Web server, packet parsing module 1 is right first
Message is judged and is parsed, and is decrypted including SSL, the information extraction of encoding and decoding standard normalized and message field (MFLD), then
The message characteristic information extracted is sent to subsequent detection module 4 and carries out attack detecting.
After detection module 4 receives the characteristic information of message, the spcial character that can cause malicious attack is filtered out first, so
Characteristic information is screened by black and white lists afterwards, prevent have attack signature message information, finally by characteristic information with
Intrusion feature database carries out matching comparison, to judge attack traffic.By attack detecting, SQL injection, XSS can be effectively prevented
Etc. high-incidence Web attack.
Behavioural analysis module 3 is by the normal of screening and filtering by the flow of packet parsing module 1 and detection module 4
Flowing of access.Behavioural analysis is carried out to attributes such as the main body of application access, object, times at this time, counts single in conjunction with session management
The frequency of a IP access Web service, to effectively identify and prevent ddos attack.
Log audit module 2 will record the exception information in application layer security protection process, including violate strategy and rule
Access record.Meanwhile it auditing to behaviors such as Web mail upload, SMTP and FTP data unofficial biography.Convenient for statistical in the future
Analysis.
The present invention attacks problem for network application layer polymorphic type, proposes a kind of network application layer security protection system, leads to
Packet parsing and the pretreatment of application layer are crossed, different application layer protocol feature is extracted, special word is carried out by detection module
Symbol filtering and characteristic matching, and the dynamic style of writing analysis for carrying out message finally infuses SQL to filter out malicious attack message
Enter, the networks malicious attack such as XSS, ddos attack carries out effectively security protection.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, without departing from the technical principles of the invention, several improvement and deformations can also be made, these improvement and deformations
Also it should be regarded as protection scope of the present invention.
Claims (7)
1. a kind of network application layer security protection system characterized by comprising log audit module, detection module, behavior point
Analyse module and packet parsing module;
Packet parsing module is used to that message to be judged and be parsed, including SSL decryption, encoding and decoding standard normalized and report
The message characteristic extracted is then sent to detection module and carries out attack detecting by the information extraction of text section;
Detection module includes filter, black and white lists detection module and characteristic matching module;
Filter is such as matched to by the character of matching malice, then gives up message, message characteristic is otherwise sent to black and white name
Single detection module;
Black and white lists detection module is filtered and is limited with the IP address then to incoming message feature, will pass through black and white lists
The message characteristic of the IP address of detection module is sent to characteristic matching module;
Characteristic matching module is used to data packet matching is compared with the feature in intrusion feature database, judges attack, such as
Fruit is judged as attack, by corresponding packet loss;
Behavioural analysis module is verified for carrying out DDos attack verifying to the message characteristic data by detection module to passing through
Message export to Web server;
Log audit module, for carrying out the behavior in Web protection process and abnormal audit, in feature analysis and matching process
In, Web mail is uploaded, SMTP and FTP data unofficial biography behavior send log audit module to and recorded and analyzed, in safety
In protection process, the access for violating strategy and rule is recorded.
2. network application layer security protection system as described in claim 1, which is characterized in that behavioural analysis module visits application
Main body, object and the time attribute asked carry out behavioural analysis, and the frequency of single IP access Web service is counted in conjunction with session management
Rate, to identify and prevent ddos attack.
3. network application layer security protection system as described in claim 1, which is characterized in that packet parsing module includes SSL
Decryption/encryption module, coding standardization module and extraction message field (MFLD) module;
The HTTP message that SSL encryption/deciphering module processing is transmitted from client, the purpose of message forwarding is determined according to the domain HOST
Web server, and corresponding SSL certificate and key is called to carry out message decryption, issuing coding standardization module in plain text, with
And web server response message is carried out encryption and is transmitted to client;
Coding standardization module carries out unified standard to message data, is responsible for processing HTTP message, first to various codings
It is normalized and standardizes with character set;
Message field (MFLD) module is extracted for the request and response message content to the HTTP after coding standardization standardization
It extracts, the main body extracted in HOST field and POST request in request header also extracts therein response message
SetCookie field, and it is sent to detection module.
4. network application layer security protection system as described in claim 1, which is characterized in that behavioural analysis module includes behavior
Analysis module and session management module;
For behavioural analysis module based on the study to application access, the attribute accessed by learning records normal use establishes behavior
Feature database carries out behavioural analysis to application access according to behavioural characteristic library, to identify the access behavior of abnormal attribute;
Session management module carries out IP certification using Session, counts the access number of single IP, is hindered in time beyond threshold value
It is disconnected, to prevent the ddos attack of application layer.
5. network application layer security protection system as claimed in claim 4, which is characterized in that the attribute packet of normal use access
It includes: body attribute, object attribute, time attribute, parameter attribute and statistical attribute.
6. network application layer security protection system as described in claim 1, which is characterized in that characteristic matching module is for analyzing
Each content characteristic of message, parses every feature, is indicated with the attribute grammar of regular expression, will be to be checked
The feature string progress characteristic matching observed and predicted in the feature and intrusion feature database of text can determine whether if successful match to attack
Behavior is hit, by corresponding packet loss.
7. network application layer security protection system as described in claim 1, which is characterized in that in black and white lists detection module,
If corresponding IP address is present in blacklist the message for selecting directly rejection IP address;If corresponding IP address is present in
In white list, then message is sent to abnormality detection module, abnormality detection module distorts http protocol specification for detecting malice
With the attack of input parameter.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810832633.7A CN109167754B (en) | 2018-07-26 | 2018-07-26 | Network application layer safety protection system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810832633.7A CN109167754B (en) | 2018-07-26 | 2018-07-26 | Network application layer safety protection system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109167754A true CN109167754A (en) | 2019-01-08 |
CN109167754B CN109167754B (en) | 2021-03-02 |
Family
ID=64898252
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810832633.7A Active CN109167754B (en) | 2018-07-26 | 2018-07-26 | Network application layer safety protection system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109167754B (en) |
Cited By (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109698840A (en) * | 2019-02-27 | 2019-04-30 | 新华三大数据技术有限公司 | Detect DHCP malicious event method and device |
CN110177113A (en) * | 2019-06-06 | 2019-08-27 | 北京奇艺世纪科技有限公司 | Internet guard system and access request processing method |
CN110545259A (en) * | 2019-07-27 | 2019-12-06 | 苏州哈度软件有限公司 | application layer attack protection method based on message replacement and protection system thereof |
CN110933069A (en) * | 2019-11-27 | 2020-03-27 | 上海明耿网络科技有限公司 | Network protection method, device and storage medium |
US20200258004A1 (en) * | 2017-01-20 | 2020-08-13 | Cybraics, Inc. | Methods and systems for analyzing cybersecurity threats |
CN111641589A (en) * | 2020-04-30 | 2020-09-08 | 中国移动通信集团有限公司 | Advanced sustainable threat detection method, system, computer and storage medium |
CN111683102A (en) * | 2020-06-17 | 2020-09-18 | 绿盟科技集团股份有限公司 | FTP behavior data processing method, and method and device for identifying abnormal FTP behavior |
CN111953668A (en) * | 2020-07-30 | 2020-11-17 | 中国工商银行股份有限公司 | Network security information processing method and device |
CN112001533A (en) * | 2020-08-06 | 2020-11-27 | 众安信息技术服务有限公司 | Parameter detection method and device and computer system |
CN112272186A (en) * | 2020-10-30 | 2021-01-26 | 深信服科技股份有限公司 | Network flow detection framework, method, electronic equipment and storage medium |
CN112751839A (en) * | 2020-12-25 | 2021-05-04 | 江苏省未来网络创新研究院 | Anti-virus gateway processing acceleration strategy based on user traffic characteristics |
CN113114609A (en) * | 2020-01-13 | 2021-07-13 | 国际关系学院 | Webshell detection evidence obtaining method and system |
CN113141331A (en) * | 2020-01-17 | 2021-07-20 | 深信服科技股份有限公司 | XSS attack detection method, device, equipment and medium |
CN113297577A (en) * | 2021-06-16 | 2021-08-24 | 深信服科技股份有限公司 | Request processing method and device, electronic equipment and readable storage medium |
CN113612800A (en) * | 2021-09-08 | 2021-11-05 | 中国工商银行股份有限公司 | Network attack processing method, device, system, device, medium and program product |
CN113645224A (en) * | 2021-08-09 | 2021-11-12 | 杭州安恒信息技术股份有限公司 | Network attack detection method, device, equipment and storage medium |
CN113676473A (en) * | 2021-08-19 | 2021-11-19 | 中国电信股份有限公司 | Network service safety protection device, method and storage medium |
CN113992423A (en) * | 2021-11-05 | 2022-01-28 | 枣庄科技职业学院 | Computer network firewall with high safety and use method thereof |
CN115412359A (en) * | 2022-09-02 | 2022-11-29 | 中国电信股份有限公司 | Web application security protection method and device, electronic equipment and storage medium |
CN115801459A (en) * | 2023-02-03 | 2023-03-14 | 北京六方云信息技术有限公司 | Message detection method, device, system and storage medium |
CN116107912A (en) * | 2023-04-07 | 2023-05-12 | 石家庄学院 | Security detection method and system based on application software |
CN116633594A (en) * | 2023-04-18 | 2023-08-22 | 上海亿阁科技有限公司 | Flamingo gateway security system |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100107229A1 (en) * | 2008-10-29 | 2010-04-29 | Maryam Najafi | Method and Apparatus for Mobile Time-Based UI for VIP |
CN104917776A (en) * | 2015-06-23 | 2015-09-16 | 北京威努特技术有限公司 | Industrial control network safety protection equipment and industrial control network safety protection method |
CN105049437A (en) * | 2015-08-04 | 2015-11-11 | 浪潮电子信息产业股份有限公司 | Method for filtering network application layer data |
CN105391703A (en) * | 2015-10-28 | 2016-03-09 | 南方电网科学研究院有限责任公司 | Cloud-based WEB application firewall system and security protection method thereof |
CN107872456A (en) * | 2017-11-09 | 2018-04-03 | 深圳市利谱信息技术有限公司 | Network intrusion prevention method, apparatus, system and computer-readable recording medium |
-
2018
- 2018-07-26 CN CN201810832633.7A patent/CN109167754B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100107229A1 (en) * | 2008-10-29 | 2010-04-29 | Maryam Najafi | Method and Apparatus for Mobile Time-Based UI for VIP |
CN104917776A (en) * | 2015-06-23 | 2015-09-16 | 北京威努特技术有限公司 | Industrial control network safety protection equipment and industrial control network safety protection method |
CN105049437A (en) * | 2015-08-04 | 2015-11-11 | 浪潮电子信息产业股份有限公司 | Method for filtering network application layer data |
CN105391703A (en) * | 2015-10-28 | 2016-03-09 | 南方电网科学研究院有限责任公司 | Cloud-based WEB application firewall system and security protection method thereof |
CN107872456A (en) * | 2017-11-09 | 2018-04-03 | 深圳市利谱信息技术有限公司 | Network intrusion prevention method, apparatus, system and computer-readable recording medium |
Cited By (32)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20200258004A1 (en) * | 2017-01-20 | 2020-08-13 | Cybraics, Inc. | Methods and systems for analyzing cybersecurity threats |
CN109698840A (en) * | 2019-02-27 | 2019-04-30 | 新华三大数据技术有限公司 | Detect DHCP malicious event method and device |
CN110177113A (en) * | 2019-06-06 | 2019-08-27 | 北京奇艺世纪科技有限公司 | Internet guard system and access request processing method |
CN110177113B (en) * | 2019-06-06 | 2021-08-31 | 北京奇艺世纪科技有限公司 | Internet protection system and access request processing method |
CN110545259A (en) * | 2019-07-27 | 2019-12-06 | 苏州哈度软件有限公司 | application layer attack protection method based on message replacement and protection system thereof |
CN110933069A (en) * | 2019-11-27 | 2020-03-27 | 上海明耿网络科技有限公司 | Network protection method, device and storage medium |
CN113114609A (en) * | 2020-01-13 | 2021-07-13 | 国际关系学院 | Webshell detection evidence obtaining method and system |
CN113141331A (en) * | 2020-01-17 | 2021-07-20 | 深信服科技股份有限公司 | XSS attack detection method, device, equipment and medium |
CN111641589A (en) * | 2020-04-30 | 2020-09-08 | 中国移动通信集团有限公司 | Advanced sustainable threat detection method, system, computer and storage medium |
CN111683102B (en) * | 2020-06-17 | 2022-12-06 | 绿盟科技集团股份有限公司 | FTP behavior data processing method, and method and device for identifying abnormal FTP behavior |
CN111683102A (en) * | 2020-06-17 | 2020-09-18 | 绿盟科技集团股份有限公司 | FTP behavior data processing method, and method and device for identifying abnormal FTP behavior |
CN111953668A (en) * | 2020-07-30 | 2020-11-17 | 中国工商银行股份有限公司 | Network security information processing method and device |
CN112001533A (en) * | 2020-08-06 | 2020-11-27 | 众安信息技术服务有限公司 | Parameter detection method and device and computer system |
CN112272186A (en) * | 2020-10-30 | 2021-01-26 | 深信服科技股份有限公司 | Network flow detection framework, method, electronic equipment and storage medium |
CN112751839A (en) * | 2020-12-25 | 2021-05-04 | 江苏省未来网络创新研究院 | Anti-virus gateway processing acceleration strategy based on user traffic characteristics |
CN113297577A (en) * | 2021-06-16 | 2021-08-24 | 深信服科技股份有限公司 | Request processing method and device, electronic equipment and readable storage medium |
CN113297577B (en) * | 2021-06-16 | 2024-05-28 | 深信服科技股份有限公司 | Request processing method and device, electronic equipment and readable storage medium |
CN113645224A (en) * | 2021-08-09 | 2021-11-12 | 杭州安恒信息技术股份有限公司 | Network attack detection method, device, equipment and storage medium |
CN113645224B (en) * | 2021-08-09 | 2022-12-09 | 杭州安恒信息技术股份有限公司 | Network attack detection method, device, equipment and storage medium |
CN113676473A (en) * | 2021-08-19 | 2021-11-19 | 中国电信股份有限公司 | Network service safety protection device, method and storage medium |
CN113676473B (en) * | 2021-08-19 | 2023-05-02 | 中国电信股份有限公司 | Network service safety protection device, method and storage medium |
CN113612800B (en) * | 2021-09-08 | 2023-02-24 | 中国工商银行股份有限公司 | Network attack processing method, device, system, device, medium and program product |
CN113612800A (en) * | 2021-09-08 | 2021-11-05 | 中国工商银行股份有限公司 | Network attack processing method, device, system, device, medium and program product |
CN113992423B (en) * | 2021-11-05 | 2023-01-17 | 枣庄科技职业学院 | Use method of computer network firewall |
CN113992423A (en) * | 2021-11-05 | 2022-01-28 | 枣庄科技职业学院 | Computer network firewall with high safety and use method thereof |
CN115412359B (en) * | 2022-09-02 | 2024-03-19 | 中国电信股份有限公司 | Web application security protection method and device, electronic equipment and storage medium |
CN115412359A (en) * | 2022-09-02 | 2022-11-29 | 中国电信股份有限公司 | Web application security protection method and device, electronic equipment and storage medium |
CN115801459A (en) * | 2023-02-03 | 2023-03-14 | 北京六方云信息技术有限公司 | Message detection method, device, system and storage medium |
CN116107912B (en) * | 2023-04-07 | 2023-07-04 | 石家庄学院 | Security detection method and system based on application software |
CN116107912A (en) * | 2023-04-07 | 2023-05-12 | 石家庄学院 | Security detection method and system based on application software |
CN116633594A (en) * | 2023-04-18 | 2023-08-22 | 上海亿阁科技有限公司 | Flamingo gateway security system |
CN116633594B (en) * | 2023-04-18 | 2024-02-27 | 上海亿阁科技有限公司 | Flamingo gateway security system |
Also Published As
Publication number | Publication date |
---|---|
CN109167754B (en) | 2021-03-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109167754A (en) | A kind of network application layer security protection system | |
CN109951500B (en) | Network attack detection method and device | |
US10721245B2 (en) | Method and device for automatically verifying security event | |
EP2633646B1 (en) | Methods and systems for detecting suspected data leakage using traffic samples | |
WO2014129587A1 (en) | Network monitoring device, network monitoring method, and network monitoring program | |
CN112468520B (en) | Data detection method, device and equipment and readable storage medium | |
US20030083847A1 (en) | User interface for presenting data for an intrusion protection system | |
Sun et al. | Detection and classification of malicious patterns in network traffic using Benford's law | |
Kiani et al. | Evaluation of anomaly based character distribution models in the detection of SQL injection attacks | |
CN106161453A (en) | A kind of SSLstrip defence method based on historical information | |
CN107209834A (en) | Malicious communication pattern extraction apparatus, malicious communication schema extraction system, malicious communication schema extraction method and malicious communication schema extraction program | |
CN108390857B (en) | Method and device for exporting file from high-sensitivity network to low-sensitivity network | |
Baykara et al. | A novel hybrid approach for detection of web-based attacks in intrusion detection systems | |
WO2022001577A1 (en) | White list-based content lock firewall method and system | |
La et al. | Network monitoring using mmt: An application based on the user-agent field in http headers | |
JP2002041468A (en) | Illegal access preventing service system | |
KR101468798B1 (en) | Apparatus for tracking and preventing pharming or phishing, method using the same | |
Tanakas et al. | A novel system for detecting and preventing SQL injection and cross-site-script | |
CN114157504A (en) | Safety protection method based on Servlet interceptor | |
Choi et al. | Detection of Insider Attacks to the Web Server. | |
EP3989519B1 (en) | Method for tracing malicious endpoints in direct communication with an application back end using tls fingerprinting technique | |
Moure-Garrido et al. | Real time detection of malicious DoH traffic using statistical analysis | |
TW201818289A (en) | Method of detecting internet information security and its implemented system | |
Erlacher | Efficient intrusion detection in high-speed networks. | |
Bortolameotti | Detection and evaluation of data exfiltration |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |